fix(security): harden tlon Urbit requests against SSRF

2026-04-27 00:52:05 +00:00 · 2026-02-14 18:41:23 +01:00
parent 5a313c83b7
commit bfa7d21e99
18 changed files with 735 additions and 191 deletions
--- a/src/plugin-sdk/index.ts
+++ b/src/plugin-sdk/index.ts
@@ -146,6 +146,10 @@ export {
  readRequestBodyWithLimit,
  requestBodyErrorToText,
 } from "../infra/http-body.js";
+
+export { fetchWithSsrFGuard } from "../infra/net/fetch-guard.js";
+export { SsrFBlockedError, isBlockedHostname, isPrivateIpAddress } from "../infra/net/ssrf.js";
+export type { LookupFn, SsrFPolicy } from "../infra/net/ssrf.js";
 export { isWSLSync, isWSL2Sync, isWSLEnv } from "../infra/wsl.js";
 export { isTruthyEnvValue } from "../infra/env.js";
 export { resolveToolsBySender } from "../config/group-policy.js";