Codec: harden _fetch_manifest against non-dict JSON payloads

Address the remaining open bot comment on this PR (the four others
are covered by 2758102 — async dispatch + cached registry +
hardened varint + struct unpack).

If a manifest URL returns a JSON list, scalar, or null, the existing
`if required not in parsed` check raises TypeError with an unhelpful
message. Reject non-dict shapes up front with a clear ValueError that
names the URL and actual type.

Also document why `_fetch_manifest` stays synchronous: it's only
called from `ToolRegistry.from_env`, which the engine wraps in
`asyncio.to_thread`, so the blocking urlopen never runs on the
request event loop.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: William Dunn <wdunn001@gmail.com>

Author: wdunn001

vllm/entrypoints/codec_dispatcher.py

@@ -175,11 +175,23 @@ def from_env(cls, active_tokenizer_hash: str) -> "ToolRegistry":
 
 def _fetch_manifest(url: str) -> dict:
     """Fetch a tool manifest JSON from the URL. Stdlib-only to keep the
-    engine startup path free of heavy HTTP deps."""
+    engine startup path free of heavy HTTP deps.
+
+    Synchronous on purpose — only called from `ToolRegistry.from_env`,
+    which the engine wraps in `asyncio.to_thread` so this never runs on
+    the request event loop. See `dispatch_call_async` for the runtime-
+    request equivalent.
+    """
     import urllib.request
     with urllib.request.urlopen(url, timeout=30) as resp:
         body = resp.read()
     parsed = json.loads(body)
+    if not isinstance(parsed, dict):
+        # Defend against the URL returning a JSON list/scalar — the
+        # field-presence loop below would TypeError on a non-dict.
+        raise ValueError(
+            f"manifest at {url!r} must be a JSON object, got {type(parsed).__name__}"
+        )
     # Minimum required fields per @codecai/tool-kit's manifest.json shape.
     for required in ("name", "endpoint", "tokenizerHash"):
         if required not in parsed: