From 6f92a21926f04f2235d5ecd06aa4ae38a327ccbc Mon Sep 17 00:00:00 2001
From: McClean <3732589+McClean@users.noreply.github.com>
Date: Tue, 12 May 2026 17:12:42 -0700
Subject: [PATCH] fix(web): add Bearer auth header for Tavily /crawl endpoint

Tavily's /crawl endpoint requires Authorization: Bearer <key> in the header,
unlike /search and /extract which accept api_key in the JSON body.
Without the header, crawl returns 401 Unauthorized.
---
 tools/web_tools.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/web_tools.py b/tools/web_tools.py
index 401a34a5736..b9df0cd3be1 100644
--- a/tools/web_tools.py
+++ b/tools/web_tools.py
@@ -429,7 +429,9 @@ def _tavily_request(endpoint: str, payload: dict) -> dict:
     payload["api_key"] = api_key
     url = f"{_TAVILY_BASE_URL}/{endpoint.lstrip('/')}"
     logger.info("Tavily %s request to %s", endpoint, url)
-    response = httpx.post(url, json=payload, timeout=60)
+    # Tavily /crawl requires Bearer auth in header (body-only auth returns 401)
+    headers = {"Authorization": f"Bearer {api_key}"} if endpoint.strip("/") == "crawl" else {}
+    response = httpx.post(url, json=payload, headers=headers, timeout=60)
     response.raise_for_status()
     return response.json()