[codex] Structure preview asset URL failures

[juliusmarminge]

Summary

• replace malformed preview asset URL defects with BrowserPreviewAssetUrlInvalidError
• preserve the exact URL parser cause for the full failure chain
• attach safe environment, thread, file, URL-length, and expiry diagnostics; do not store the signed relative URL or raw base URL as direct structured attributes
• cover cause identity and absence of direct raw URL attributes with a focused regression test

Scope

• this PR changes only apps/web/src/browser/openFileInPreview.ts and its focused test
• browser preview precondition error cleanup and ChatMarkdown reporting are intentionally deferred until [codex] Preview workspace image files #3259 and [codex] Report markdown interaction failures #3355 are integrated

Stack dependency

• codex/stack-pr-3259 mirrors the exact fork head of draft [codex] Preview workspace image files #3259 because GitHub cannot directly target a fork branch as this PR base
• do not merge this PR into the mirror branch; after [codex] Preview workspace image files #3259 merges, rebase this branch onto main and retarget the PR to main

Validation

• pnpm vp test apps/web/src/browser/openFileInPreview.test.ts
• pnpm vp check
• pnpm vp run typecheck

---

Note

Low Risk
Localized change to browser preview URL resolution and error typing; improves observability without altering happy-path preview behavior.

Overview
openFileInPreview no longer treats a bad preview asset URL as an unstructured defect. When new URL(relativeUrl, httpBaseUrl) throws, the flow returns BrowserPreviewAssetUrlInvalidError via Cause.fail, with environment/thread/file context, URL length and expiry metadata, and the original parser error as cause—without putting the raw base URL or signed relative path on the error object.

The return type and a Schema.is guard are added for this error. A new unit test asserts cause identity, safe fields, and that serialized errors do not leak signed URL tokens; preview is not opened on failure.

^{Reviewed by Cursor Bugbot for commit 087f4d1. Bugbot is set up for automated code reviews on this repo. Configure here.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 74deb801-26bc-4432-b93d-3afc689a845e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/web-preview-error-context

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Approvability

Verdict: Approved

Straightforward error handling improvement that converts an unstructured panic into a structured error class. The new error intentionally captures URL lengths rather than actual values to prevent leaking sensitive tokens, and includes comprehensive test coverage.

No code changes detected at 087f4d1. Prior analysis still applies.

^{You can customize Macroscope's approvability policy. Learn more.}

Dismissing prior approval to re-evaluate 199dc14

Dismissing prior approval to re-evaluate c048ffe