fix: harden openai-compatible provider, approval replay, and embeddings defaults

[ilblackdragon]

Summary

Continuation of #112 by @panosAthDBX.

Hardens the OpenAI-compatible chat provider, adds multi-tool approval replay with deferred tool calls, wires Ollama embeddings, and fixes several robustness issues across LLM providers.

Changes included (from original PR)

• Deferred tool call replay: When a multi-tool LLM response requires approval for one tool, remaining tools are queued and replayed after approval (dispatcher.rs, thread_ops.rs, session.rs)
• Tool message sanitization (sanitize_tool_messages): Rewrites orphaned tool_result messages as user messages to prevent HTTP 400 from Anthropic/others. Applied consistently across all providers
• Ollama embeddings: New OllamaEmbeddings provider with configurable model/dimension
• Flexible embedding dimensions: PostgreSQL migration V9 removes fixed 1536-dim constraint
• Approval aliases: /approve, /always, /deny, a, n etc. in submission parser
• NearAI chat provider: Configurable tool-message flattening toggle, smarter URL construction
• Config additions: OPENAI_BASE_URL, ANTHROPIC_BASE_URL for proxy support; OLLAMA_BASE_URL for embeddings
• Sandbox default: Changed default image from ghcr.io/nearai/sandbox:latest to ironclaw-worker:latest
• Web gateway: thread_id on ApprovalNeeded SSE events for thread-scoped filtering
• REPL: Forward /quit as message so agent loop exits when other channels are active
• Gateway: Wire with_llm_provider for OpenAI-compatible API proxy

Composable RetryProvider & LLM module hardening

• RetryProvider decorator (retry.rs): Composable wrapper for any LlmProvider with exponential backoff + jitter. Respects RateLimited { retry_after } hints. Wired into main.rs composition chain so each provider retries independently before failover.
• Removed openai_compatible_chat.rs: Replaced by rig adapter + RetryProvider. The rig-based adapter now handles all OpenAI-compatible endpoints (including custom base URLs) with tool name normalization moved to rig_adapter.rs.
• Removed internal retry loops: Both nearai.rs and nearai_chat.rs no longer have internal retry loops — retries are handled by the external RetryProvider wrapper, eliminating double-retry (was up to 16 attempts, now correctly 4).
• Error classification reconciled: is_retryable() (retry/failover) and is_transient() (circuit breaker) now have clear, documented semantics. ModelNotAvailable is no longer retryable; Json no longer trips the circuit breaker.
• Fixed Duration subtraction panic in circuit_breaker.rs — uses checked_sub to avoid panic on TOCTOU race.
• Failover uses shared is_retryable() from retry.rs instead of duplicating classification logic.

Changes from original

• Merged with latest main (resolved 4 conflicts: CHANGELOG.md, config.rs→config/, agent_loop.rs→dispatcher+thread_ops, llm/mod.rs)
• Ported deferred tool call logic from monolithic agent_loop.rs to new split module architecture (dispatcher.rs + thread_ops.rs)
• Ported config changes from deleted src/config.rs to new modular config/ directory (llm.rs, embeddings.rs, sandbox.rs)
• Fixed ChatCompletionResponse.id to Option<String> (reviewer feedback: some providers omit this field)
• Fixed unwrap_or_else(|_| Client::new()) to properly propagate errors (reviewer feedback: silently dropped timeout config)
• Added EMBEDDING_DIMENSION env var with smart per-model defaults instead of hardcoding 768/1536
• Full /review-crate @src/llm/ audit — fixed all Medium findings

Original PR

#112 - fix: harden openai-compatible provider, approval replay, and embeddings defaults

Review comments addressed

• ChatCompletionResponse.id changed from String to Option<String> with #[serde(default)]
• Ollama embedding dimension no longer hardcoded; uses EMBEDDING_DIMENSION env var or infers from model name
• unwrap_or_else(|_| Client::new()) replaced with proper error propagation
• libSQL F32_BLOB(1536) schema noted as known limitation

Test plan

• All 1265 tests pass (1211 lib + 54 integration/doc)
• cargo clippy --all --all-features clean (zero warnings)
• cargo fmt clean
• New tests: RetryProvider (6 tests), approval aliases, tool name normalization, URL construction, usage parsing, tool message sanitization, error classification

---

Co-Authored-By: panosAthDBX panosAthDBX@users.noreply.github.com

Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello @ilblackdragon, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the robustness and flexibility of the LLM integration by hardening the OpenAI-compatible chat provider, introducing a sophisticated multi-tool approval replay mechanism, and expanding embedding capabilities to include Ollama and flexible dimensions. These changes improve compatibility with various LLM services, streamline complex agentic workflows, and provide greater control over embedding configurations, ultimately leading to a more reliable and adaptable system.

Highlights

• Enhanced OpenAI-Compatible Provider: Introduced a new OpenAiCompatibleChatProvider with robust retry logic, tool-call name normalization, and improved usage parsing, allowing for flexible base URL configurations for OpenAI and Anthropic.
• Multi-Tool Approval Replay: Implemented deferred tool call logic, enabling the system to queue and replay subsequent tool calls after a preceding tool call requires and receives approval, ensuring all tool_use IDs get matching tool_result messages.
• Flexible Embeddings and Ollama Support: Added support for Ollama embeddings with configurable models and dimensions, and introduced a database migration to allow flexible embedding vector dimensions in PostgreSQL, removing the fixed 1536-dim constraint.
• Improved Tool Message Sanitization: Implemented a sanitize_tool_messages function across all LLM providers to rewrite orphaned tool_result messages as user messages, preventing HTTP 400 errors from providers like Anthropic.
• Expanded Approval Aliases: Added more intuitive aliases for approval responses (e.g., /approve, /always, /deny) in the submission parser for a smoother user experience.

Changelog

• CHANGELOG.md
  • Added OpenAiCompatibleChatProvider and wired OpenAI-compatible chat completion routing for custom base URL usage.
  • Added Ollama embeddings provider support (EMBEDDING_PROVIDER=ollama, OLLAMA_BASE_URL) in workspace embeddings.
  • Added migration V9__flexible_embedding_dimension.sql for flexible embedding vector dimensions.
  • Changed default sandbox image to ironclaw-worker:latest in config/settings/sandbox defaults.
  • Improved tool-message sanitization and provider compatibility handling across NEAR AI, rig adapter, and shared LLM provider code.
  • Fixed approval-input aliases (a, /approve, /always, /deny, etc.) in submission parsing.
  • Fixed multi-tool approval resume flow by preserving and replaying deferred tool calls so all prior tool_use IDs receive matching tool_result messages.
  • Fixed REPL quit/exit handling to route shutdown through the agent loop for graceful termination.
• migrations/V9__flexible_embedding_dimension.sql
  • Added a new migration to allow embedding vectors of any dimension by altering the memory_chunks.embedding column type to vector and recreating dependent views.
• src/agent/dispatcher.rs
  • Modified the tool call execution loop to store and process deferred tool calls when approval is needed for a multi-tool response.
• src/agent/session.rs
  • Extended the PendingApproval struct to include deferred_tool_calls for replaying queued tool actions.
• src/agent/submission.rs
  • Expanded the set of recognized aliases for approval responses, including slash commands like /approve and /deny.
• src/agent/thread_ops.rs
  • Implemented logic to handle and replay deferred tool calls after an approval response, including re-checking approval for each deferred call.
• src/channels/repl.rs
  • Updated the /quit and /exit commands to forward a shutdown message to the agent loop, ensuring graceful termination.
• src/channels/web/mod.rs
  • Added thread_id to ApprovalNeeded Server-Sent Events (SSE) to enable thread-scoped filtering in the web gateway.
• src/channels/web/static/app.js
  • Added a check to filter approval_needed events based on the current thread ID, preventing irrelevant approval prompts.
• src/channels/web/types.rs
  • Added an optional thread_id field to the SseEvent::ApprovalNeeded enum for better event context.
• src/config/embeddings.rs
  • Added ollama_base_url and dimension fields to EmbeddingsConfig and implemented a default_dimension_for_model function to infer embedding dimensions.
  • Updated the configuration resolution logic to support OLLAMA_BASE_URL and EMBEDDING_DIMENSION environment variables.
• src/config/llm.rs
  • Added an optional base_url field to OpenAiDirectConfig and AnthropicDirectConfig to support custom proxy endpoints.
  • Updated the LLM configuration resolution to read OPENAI_BASE_URL and ANTHROPIC_BASE_URL.
• src/config/sandbox.rs
  • Updated the default sandbox image to ironclaw-worker:latest.
• src/llm/mod.rs
  • Added and exported the openai_compatible_chat module and OpenAiCompatibleChatProvider.
  • Modified create_openai_provider to use the new OpenAiCompatibleChatProvider when a custom OPENAI_BASE_URL is specified.
  • Updated create_anthropic_provider to utilize the configured base_url for Anthropic clients.
  • Refactored create_openai_compatible_provider to instantiate the new OpenAiCompatibleChatProvider.
• src/llm/nearai.rs
  • Applied sanitize_tool_messages to incoming messages before processing them in the NearAiProvider.
• src/llm/nearai_chat.rs
  • Added flatten_tool_messages configuration and a new_with_flatten constructor to control tool message handling.
  • Improved the api_url construction logic for better compatibility with various NEAR AI endpoints.
  • Applied sanitize_tool_messages to incoming messages and conditionally flattened tool messages based on configuration.
  • Added unit tests for api_url construction scenarios.
• src/llm/openai_compatible_chat.rs
  • Added a new module implementing OpenAiCompatibleChatProvider for robust interaction with OpenAI-compatible chat completion endpoints, including retry logic, usage parsing, and tool-call name normalization.
• src/llm/provider.rs
  • Added a sanitize_tool_messages utility function to convert orphaned tool_result messages into user messages, preventing API errors.
  • Added unit tests for the sanitize_tool_messages function.
• src/llm/rig_adapter.rs
  • Applied sanitize_tool_messages to messages before converting them for the RigAdapter.
• src/main.rs
  • Imported OllamaEmbeddings and updated the main application logic to initialize Ollama as an embedding provider.
  • Modified embedding provider initialization to use the newly introduced flexible embedding dimensions.
  • Wired the GatewayChannel with the LLM provider for enhanced functionality.
• src/sandbox/config.rs
  • Updated the default sandbox image to ironclaw-worker:latest.
• src/settings.rs
  • Updated the default sandbox image setting to ironclaw-worker:latest.
• src/workspace/embeddings.rs
  • Added the OllamaEmbeddings struct and its implementation as an EmbeddingProvider, supporting Ollama's local embedding API.
  • Included methods for creating OllamaEmbeddings instances with specific models and dimensions.
• src/workspace/mod.rs
  • Exported OllamaEmbeddings from the workspace module.

Activity

• The pull request author, ilblackdragon, continued work from a previous PR (fix: harden openai-compatible provider, approval replay, and embeddings defaults #112) by panosAthDBX.
• The changes were merged with the latest main branch, resolving 4 conflicts in CHANGELOG.md, config.rs, agent_loop.rs, and llm/mod.rs.
• Deferred tool call logic was ported from a monolithic agent_loop.rs to the new dispatcher.rs and thread_ops.rs modules.
• Configuration changes were moved from src/config.rs to the new modular config/ directory (llm.rs, embeddings.rs, sandbox.rs).
• Reviewer feedback was addressed, including changing ChatCompletionResponse.id to Option<String> and fixing error propagation in unwrap_or_else calls.
• The EMBEDDING_DIMENSION environment variable was introduced with smart per-model defaults, addressing feedback about hardcoded Ollama dimensions.
• Test compilation issues were fixed by creating a test_nearai_config() helper for new NearAiConfig fields.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a substantial set of features and robustness improvements across the LLM provider landscape, including the addition of the OpenAiCompatibleChatProvider, support for Ollama embeddings, flexible embedding dimensions, and deferred tool call replay for multi-tool approvals. However, a high-severity security vulnerability was identified in the web UI's HTML sanitization logic. The custom regular expression-based sanitization is bypassable, which could lead to Cross-Site Scripting (XSS) and the theft of sensitive authentication tokens. It is strongly recommended to use a dedicated sanitization library like DOMPurify to mitigate this risk. Additionally, there are suggestions to improve maintainability by refactoring duplicated code and to enhance error handling for more robust provider interactions.

[gemini-code-assist]

There is significant code duplication between this block for handling deferred tool calls and the main tool execution loop in dispatcher.rs. Both sections handle iterating through tool calls, checking for approvals, executing tools, and processing results.

This duplication can make maintenance difficult, as changes in one place might need to be manually synchronized in the other. Consider refactoring this shared logic into a helper function that can be called from both dispatcher.rs and here. This would centralize the tool execution flow, improving maintainability and reducing the risk of inconsistencies.

[ilblackdragon]

The deferred tool call duplication is a valid observation. However, refactoring this into a shared helper is a larger architectural change that touches the core agent loop — it warrants its own PR. Filed as a follow-up.

[gemini-code-assist]

The use of unwrap_or_default() here can hide potential errors when reading the response body. If response.text().await fails, this will proceed with an empty string, leading to a potentially misleading "JSON parse error" later on. It would be more robust to handle the Result from .text() and return a more specific error, which would aid in debugging issues with the response stream from the provider.

            let response_text = match response.text().await {
                Ok(text) => text,
                Err(e) => {
                    return Err(LlmError::RequestFailed {
                        provider: "openai_compatible_chat".to_string(),
                        reason: format!("Failed to read response body: {}", e),
                    });
                }
            };

References

1. Ensuring robust error handling when reading API response bodies helps prevent client-side parsing failures, aligning with the principle that API endpoints should provide valid and consistent responses.

[ilblackdragon]

This file (openai_compatible_chat.rs) was deleted in e285759 — replaced by the rig adapter + RetryProvider. The same unwrap_or_default() pattern existed in nearai.rs and nearai_chat.rs; fixed in all 4 call sites in 0c42321 with proper error propagation.

[Copilot]

Pull request overview

This PR hardens LLM provider robustness and embeddings flexibility while adding support for OpenAI-compatible endpoints and Ollama embeddings. It's a continuation of #112 that addresses reviewer feedback and merges with the latest main branch architecture changes.

Changes:

• Adds OpenAI-compatible chat provider with retry logic, tool-call normalization, and robust usage parsing
• Implements multi-tool approval replay with deferred tool calls to prevent orphaned tool_result protocol errors
• Adds Ollama embeddings provider with configurable dimensions and removes fixed 1536-dim PostgreSQL constraint
• Improves provider configuration with base URL overrides for proxies (OpenAI, Anthropic)
• Adds tool message sanitization across all LLM providers to prevent HTTP 400 errors
• Adds approval command aliases (/approve, /always, /deny, a, n) for better UX
• Changes default sandbox image from ghcr.io/nearai/sandbox:latest to ironclaw-worker:latest
• Adds thread_id to approval SSE events for better web gateway filtering
• Fixes REPL quit forwarding to gracefully exit the agent loop

Reviewed changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/llm/openai_compatible_chat.rs	New OpenAI-compatible chat provider with retry, tool normalization, and robust usage parsing
src/llm/provider.rs	Added sanitize_tool_messages function with comprehensive tests to prevent orphaned tool_result errors
src/llm/nearai_chat.rs	Added configurable tool-message flattening and improved URL construction
src/llm/nearai.rs	Integrated sanitize_tool_messages for robustness
src/llm/rig_adapter.rs	Integrated sanitize_tool_messages before sending to Rig adapters
src/llm/mod.rs	Wired OpenAI-compatible provider and added base URL support for OpenAI/Anthropic
src/workspace/embeddings.rs	Added OllamaEmbeddings provider with configurable model and dimension
src/workspace/mod.rs	Exported OllamaEmbeddings
src/config/embeddings.rs	Added dimension inference from model names with EMBEDDING_DIMENSION override
src/config/llm.rs	Added optional base_url to OpenAI and Anthropic configs for proxy support
src/config/sandbox.rs	Changed default sandbox image to ironclaw-worker:latest
src/sandbox/config.rs	Changed default sandbox image to ironclaw-worker:latest
src/settings.rs	Changed default sandbox image to ironclaw-worker:latest
src/agent/dispatcher.rs	Collects deferred tool calls when approval is needed for multi-tool responses
src/agent/thread_ops.rs	Replays deferred tool calls after approval with proper approval re-checking
src/agent/session.rs	Added deferred_tool_calls field to PendingApproval
src/agent/submission.rs	Added approval aliases for better UX
src/channels/web/types.rs	Added thread_id to ApprovalNeeded SSE event
src/channels/web/mod.rs	Wired thread_id in approval events and added with_llm_provider
src/channels/web/static/app.js	Added thread filtering for approval events
src/channels/repl.rs	Forwards /quit command through agent loop for graceful shutdown
src/main.rs	Updated embeddings setup with dimension config and Ollama support
migrations/V9__flexible_embedding_dimension.sql	Removes fixed dimension constraint and HNSW index for flexible embeddings
CHANGELOG.md	Documents all changes

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The Ollama embeddings implementation doesn't validate that the returned embedding dimensions match the configured dimension. If the model returns embeddings with a different dimension than expected, this could cause silent failures when storing to the database or performing vector operations. Consider adding validation after receiving the response to ensure each embedding has the expected dimension.

Suggested change

	// Validate that all returned embeddings match the configured dimension.
	let expected_dim = self.dimension;
	if let Some((index, actual_dim)) = result
	.embeddings
	.iter()
	.enumerate()
	.find_map(|(i, emb)| {
	let len = emb.len();
	if len != expected_dim {
	Some((i, len))
	} else {
	None
	}
	})
	{
	return Err(EmbeddingError::InvalidResponse(format!(
	"Ollama returned embedding with incorrect dimension at index {}: expected {}, got {}",
	index, expected_dim, actual_dim
	)));
	}

[ilblackdragon]

Good catch. Added dimension validation in OllamaEmbeddings::embed_batch() — returns EmbeddingError::InvalidResponse if any returned embedding doesn't match the configured dimension. Fixed in 0c42321.

[Copilot]

The libSQL migrations still use F32_BLOB(1536) with a fixed dimension, meaning libSQL deployments cannot use embedding models with different dimensions (e.g., Ollama's 768-dim models or OpenAI's 3072-dim models). While the PR description notes this as a "known limitation," users who configure non-1536-dim models with libSQL will experience silent failures or dimension mismatches when storing embeddings. Consider adding runtime validation that checks if the configured embedding dimension matches the database schema dimension, and emitting a clear error or warning when there's a mismatch for libSQL deployments.

[ilblackdragon]

Added a runtime tracing::warn! at startup when libSQL backend is configured with a non-1536 embedding dimension, explaining the F32_BLOB(1536) schema limitation and suggesting PostgreSQL or EMBEDDING_DIMENSION=1536. Fixed in 0c42321.

[Copilot]

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The OllamaEmbeddings provider doesn't validate that the returned embedding dimension matches the configured dimension. If the Ollama model returns embeddings of a different dimension than what was configured (e.g., due to model misconfiguration), this mismatch will only be caught later when storing to the database, leading to a confusing error. Consider adding validation after line 456 to check that each embedding in result.embeddings has length equal to self.dimension, and return an EmbeddingError::InvalidResponse if the dimension doesn't match.

Suggested change

	Ok(result.embeddings)
	let embeddings = result.embeddings;
	for (i, emb) in embeddings.iter().enumerate() {
	if emb.len() != self.dimension {
	return Err(EmbeddingError::InvalidResponse(format!(
	"Ollama returned embedding of dimension {}, expected {} at index {}",
	emb.len(),
	self.dimension,
	i
	)));
	}
	}
	Ok(embeddings)

[ilblackdragon]

Duplicate of the Copilot comment above — fixed in 0c42321 with dimension validation in embed_batch().

[Copilot]

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Switching to a manual while idx < tool_calls.len() loop requires ensuring idx is advanced on every control-flow path. There are continue branches later in this loop body (e.g. hook rejection / policy error) that will now skip idx += 1 and can cause an infinite loop on the same tool call.

[Copilot]

This test introduces a 1.5s wall-clock sleep to wait for retry backoff, which will noticeably slow the suite and can be flaky under load. Consider making backoff delays configurable for tests, using an error with retry_after=Duration::ZERO, or using Tokio time control to advance time without real sleeps.

Suggested change

	// Wait for at least 1 retry attempt (backoff is ~1s, so 1.5s should be enough)
	tokio::time::sleep(Duration::from_millis(1500)).await;
	// Wait briefly before flipping; this should allow at least one failure before retry
	tokio::time::sleep(Duration::from_millis(10)).await;

[Copilot]

EMBEDDING_DIMENSION is parsed as usize, but the code (and error message) implies it must be a positive integer. As written, 0 is accepted and will propagate into embedding providers / DB writes where a zero-dimension vector is invalid. Add an explicit > 0 validation and return ConfigError::InvalidValue when the parsed dimension is 0.

Suggested change

	let dimension = optional_env("EMBEDDING_DIMENSION")?
	.map(|s| s.parse::<usize>())
	.transpose()
	.map_err(|e| ConfigError::InvalidValue {
	key: "EMBEDDING_DIMENSION".to_string(),
	message: format!("must be a positive integer: {e}"),
	})?
	.unwrap_or_else(|| default_dimension_for_model(&model));
	let dimension_opt = optional_env("EMBEDDING_DIMENSION")?
	.map(|s| s.parse::<usize>())
	.transpose()
	.map_err(|e| ConfigError::InvalidValue {
	key: "EMBEDDING_DIMENSION".to_string(),
	message: format!("must be a positive integer: {e}"),
	})?;
	if let Some(0) = dimension_opt {
	return Err(ConfigError::InvalidValue {
	key: "EMBEDDING_DIMENSION".to_string(),
	message: "must be a positive integer greater than zero".to_string(),
	});
	}
	let dimension = dimension_opt.unwrap_or_else(|| default_dimension_for_model(&model));

[Copilot]

New env vars (OLLAMA_BASE_URL, EMBEDDING_DIMENSION) were added for embeddings resolution. The env-mutating tests in this module should also clear these vars in the clear_embedding_env() helper to avoid flakiness when they are set in the surrounding test environment.

[Copilot]

OllamaEmbeddings builds the endpoint with format!("{}/api/embed", self.base_url). If base_url is configured with a trailing slash, this produces a //api/embed path which can 404 (depending on server path normalization / redirect behavior). Consider normalizing base_url (e.g., trimming trailing /) before formatting the endpoint URL.

Suggested change

	let url = format!("{}/api/embed", self.base_url);
	let base_url = self.base_url.trim_end_matches('/');
	let url = format!("{}/api/embed", base_url);