Skip to main content

Module net

Module net 

Source
Expand description

Shared host-pattern matcher for outbound-network allow/deny checks.

This is the single source of truth for host-pattern matching used by every layer that gates outbound requests: the agent runtime’s egress proxy (mur-agent-runtime::sandbox::reqwest_guard) and the research gateway’s SSRF guard (mur-research-gateway::net_guard). A security boundary must not have two copies of this logic that can silently drift apart.

IP-range predicates (loopback/private/link-local/unspecified) are deliberately NOT shared here — different callers apply different IP policies (e.g. the runtime allows loopback/RFC1918 for local LLMs while the research gateway forbids them). Only the host-pattern string matcher is common.

Functions§

host_allowed
True if host matches any allowlist pattern. An empty allowlist denies all (fail-closed). Reuses the same matcher the agent’s reqwest guard uses, so per-MCP-server egress allowlisting behaves identically to agent-level hosts.
host_matches_pattern
Match a host against an allowlist pattern.