Expand description
HTTP client operations for Seq
These functions are exported with C ABI for LLVM codegen to call.
§API
# GET request
"https://api.example.com/users" http.get
# Stack: ( Map ) where Map = { "status": 200, "body": "...", "ok": true }
# POST request
"https://api.example.com/users" "{\"name\":\"Alice\"}" "application/json" http.post
# Stack: ( Map ) where Map = { "status": 201, "body": "...", "ok": true }
# Check response
dup "ok" map.get if
"body" map.get json.decode # Process JSON body
else
"error" map.get io.write-line # Handle error
then§Response Map
All HTTP operations return a Map with:
"status"(Int): HTTP status code (200, 404, 500, etc.) or 0 on connection error"body"(String): Response body as text"ok"(Bool): true if status is 2xx, false otherwise"error"(String): Error message (only present on failure)
§Security: SSRF Protection
This HTTP client includes built-in protection against Server-Side Request Forgery (SSRF) attacks. The following are automatically blocked:
- Localhost:
localhost,*.localhost,127.x.x.x - Private networks:
10.x.x.x,172.16-31.x.x,192.168.x.x - Link-local/Cloud metadata:
169.254.x.x(blocks AWS/GCP/Azure metadata endpoints) - IPv6 private: loopback (
::1), link-local (fe80::/10), unique local (fc00::/7) - Non-HTTP schemes:
file://,ftp://,gopher://, etc.
Blocked requests return an error response with ok=false and an explanatory message.
Additional recommendations for defense in depth:
- Use domain allowlists for sensitive applications
- Apply network-level egress filtering
§Resource Limits
- Timeout: 30 seconds per request (prevents indefinite hangs)
- Max body size: 10 MB (prevents memory exhaustion)
- TLS: Enabled by default via rustls (no OpenSSL dependency)
- Connection pooling: Enabled via shared agent instance
Functions§
- patch_
seq_ ⚠http_ delete - Perform HTTP DELETE request
- patch_
seq_ ⚠http_ get - Perform HTTP GET request
- patch_
seq_ ⚠http_ post - Perform HTTP POST request
- patch_
seq_ ⚠http_ put - Perform HTTP PUT request