Struct Fetch 

pub struct Fetch { /* private fields */ }

HTTP GET a URL with an atomic SSRF guard.

v0.3.1 closes the v0.2/v0.3 two-phase TOCTOU by installing a custom ureq::Resolver (crate::ssrf::SsrfResolver) on the underlying agent. ureq calls the resolver exactly once per connection, uses the exact addresses it returns, and never performs a second DNS lookup. That removes the DNS-rebinding window a short-TTL authority could previously use to flip a public check-time IP to a private request-time IP.

Each Fetch instance lazily builds its own ureq::Agent on first call, so a per-instance allow_hosts allowlist composes cleanly. Redirects are disabled (redirects(0)) so a 302 Location: hop cannot bypass the resolver.

URL-shape validation (scheme allowlist, parsing) still happens up-front in Fetch::call because the resolver only sees the host:port netloc, not the scheme.

Implementations

impl Fetch

pub fn new() -> Self

pub fn with_allow_hosts(self, hosts: Vec<String>) -> Self

Restrict fetches to an explicit host allowlist. Case-insensitive.

The allowlist is enforced inside the custom resolver before any DNS query is issued, so a rejected host never triggers a lookup.

pub fn with_max_bytes(self, n: usize) -> Self

Set the maximum number of response bytes to read. Defaults to 64KB.

Trait Implementations

impl Default for Fetch

fn default() -> Self

Returns the “default value” for a type.

impl Tool for Fetch

fn name(&self) -> &str

The tool’s name — used by the model to invoke it and for dispatch.

fn description(&self) -> &str

Human-readable description sent to the model as part of the tool list. This is the primary steering mechanism for tool selection.

fn schema(&self) -> Value

JSON Schema describing the tool’s arguments.

fn call(&self, args: Value) -> Result<String, String>

Execute the tool synchronously. Return a string result or an error message. Callers must enforce result-byte caps and envelope framing before persisting or feeding back to the model.