Fix recurse private-address handling in authorized fetch mode

Ensure -p/--allow-private-address is applied consistently in lookup mode,
including authorized-fetch paths.

In recurse mode, explicit root lookups now use the regular lookup/context
loaders (respecting command/config allowPrivateAddress), while recursive
follow-up fetches continue to use strict loaders that disallow private
addresses.

Also consume redirect response bodies in image download redirect handling to
avoid keeping redirect bodies alive across manual redirect hops.

Add regression tests for redirect-body cancellation in imagerenderer tests.

#608 (comment)
#608 (comment)
#608 (comment)

Co-Authored-By: Codex <codex@openai.com>

Author: dahlia

packages/cli/src/imagerenderer.test.ts

@@ -94,3 +94,58 @@ test("downloadImage - follows validated redirects", async () => {
     }
   }
 });
+
+test("downloadImage - cancels redirect response body before following", async () => {
+  let cancelled = 0;
+  const originalFetch = globalThis.fetch;
+  globalThis.fetch = ((input: URL | RequestInfo) => {
+    const target = typeof input === "string" ? input : input.toString();
+    if (target === "https://example.com/image.png") {
+      const body = new ReadableStream<Uint8Array>({
+        cancel() {
+          cancelled++;
+        },
+      });
+      return Promise.resolve(
+        new Response(body, {
+          status: 302,
+          headers: { location: "https://cdn.example.com/final.png" },
+        }),
+      );
+    }
+    return Promise.resolve(new Response(new Uint8Array([1, 2, 3])));
+  }) as typeof fetch;
+
+  let result: string | null = null;
+  try {
+    result = await downloadImage("https://example.com/image.png");
+    assert.notEqual(result, null);
+    assert.equal(cancelled, 1);
+  } finally {
+    globalThis.fetch = originalFetch;
+    if (result != null) {
+      await rm(path.dirname(result), { recursive: true, force: true });
+    }
+  }
+});
+
+test("downloadImage - cancels redirect body when location is missing", async () => {
+  let cancelled = 0;
+  const originalFetch = globalThis.fetch;
+  globalThis.fetch = ((_input: URL | RequestInfo) => {
+    const body = new ReadableStream<Uint8Array>({
+      cancel() {
+        cancelled++;
+      },
+    });
+    return Promise.resolve(new Response(body, { status: 302 }));
+  }) as typeof fetch;
+
+  try {
+    const result = await downloadImage("https://example.com/image.png");
+    assert.equal(result, null);
+    assert.equal(cancelled, 1);
+  } finally {
+    globalThis.fetch = originalFetch;
+  }
+});

packages/cli/src/imagerenderer.ts

@@ -115,7 +115,11 @@ export async function downloadImage(url: string): Promise<string | null> {
         response.status === 308
       ) {
         const location = response.headers.get("location");
-        if (location == null) return null;
+        if (location == null) {
+          await response.body?.cancel();
+          return null;
+        }
+        await response.body?.cancel();
         targetUrl = new URL(location, targetUrl).href;
         continue;
       }

packages/cli/src/lookup.ts

@@ -597,6 +597,9 @@ export async function runLookup(
   );
 
   let authLoader: DocumentLoader | undefined = undefined;
+  let authIdentity:
+    | { keyId: URL; privateKey: CryptoKey }
+    | undefined = undefined;
   let outputStream: WriteStream | undefined;
   let outputStreamError: Error | undefined;
   const getOutputStream = (): WriteStream | undefined => {
@@ -671,12 +674,15 @@ export async function runLookup(
         { contextLoader },
       );
     }, { service: command.tunnelService });
+    authIdentity = {
+      keyId: new URL("#main-key", server.url),
+      privateKey: key.privateKey,
+    };
     const baseAuthLoader = getAuthenticatedDocumentLoader(
+      authIdentity,
       {
-        keyId: new URL("#main-key", server.url),
-        privateKey: key.privateKey,
-      },
-      {
+        allowPrivateAddress: command.allowPrivateAddress,
+        userAgent: command.userAgent,
         specDeterminer: {
           determineSpec() {
             return command.firstKnock;
@@ -719,7 +725,29 @@ export async function runLookup(
       recursiveBaseContextLoader,
       command.timeout,
     );
-    const recursiveLookupDocumentLoader: DocumentLoader = authLoader ??
+    const recursiveAuthLoader = command.authorizedFetch &&
+        authIdentity != null
+      ? wrapDocumentLoaderWithTimeout(
+        getAuthenticatedDocumentLoader(
+          authIdentity,
+          {
+            allowPrivateAddress: false,
+            userAgent: command.userAgent,
+            specDeterminer: {
+              determineSpec() {
+                return command.firstKnock;
+              },
+              rememberSpec() {
+              },
+            },
+          },
+        ),
+        command.timeout,
+      )
+      : undefined;
+    const initialLookupDocumentLoader: DocumentLoader = authLoader ??
+      documentLoader;
+    const recursiveLookupDocumentLoader: DocumentLoader = recursiveAuthLoader ??
       recursiveDocumentLoader;
     let totalObjects = 0;
     const recurseDepth = command.recurseDepth!;
@@ -735,8 +763,8 @@ export async function runLookup(
       let current: APObject | null = null;
       try {
         current = await lookupObject(url, {
-          documentLoader: recursiveLookupDocumentLoader,
-          contextLoader: recursiveContextLoader,
+          documentLoader: initialLookupDocumentLoader,
+          contextLoader,
           userAgent: command.userAgent,
         });
       } catch (error) {
@@ -772,7 +800,7 @@ export async function runLookup(
           current,
           command.output,
           command.format,
-          recursiveContextLoader,
+          contextLoader,
           getOutputStream(),
         );
       } catch (error) {