refactor(net): unify proxy env checks and guarded fetch modes

2026-05-10 03:32:43 +00:00 · 2026-03-02 16:24:20 +00:00
parent a229ae6c3e
commit c973b053a5
12 changed files with 129 additions and 117 deletions
--- a/src/agents/tools/web-guarded-fetch.test.ts
+++ b/src/agents/tools/web-guarded-fetch.test.ts
@@ -1,10 +1,25 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { fetchWithSsrFGuard } from "../../infra/net/fetch-guard.js";
+import { fetchWithSsrFGuard, GUARDED_FETCH_MODE } from "../../infra/net/fetch-guard.js";
 import { withStrictWebToolsEndpoint, withTrustedWebToolsEndpoint } from "./web-guarded-fetch.js";

-vi.mock("../../infra/net/fetch-guard.js", () => ({
-  fetchWithSsrFGuard: vi.fn(),
-}));
+vi.mock("../../infra/net/fetch-guard.js", () => {
+  const GUARDED_FETCH_MODE = {
+    STRICT: "strict",
+    TRUSTED_ENV_PROXY: "trusted_env_proxy",
+  } as const;
+  return {
+    GUARDED_FETCH_MODE,
+    fetchWithSsrFGuard: vi.fn(),
+    withStrictGuardedFetchMode: (params: Record<string, unknown>) => ({
+      ...params,
+      mode: GUARDED_FETCH_MODE.STRICT,
+    }),
+    withTrustedEnvProxyGuardedFetchMode: (params: Record<string, unknown>) => ({
+      ...params,
+      mode: GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY,
+    }),
+  };
+});

 describe("web-guarded-fetch", () => {
  afterEach(() => {
@@ -27,8 +42,7 @@ describe("web-guarded-fetch", () => {
          dangerouslyAllowPrivateNetwork: true,
          allowRfc2544BenchmarkRange: true,
        }),
-        proxy: "env",
-        dangerouslyAllowEnvProxyWithoutPinnedDns: true,
+        mode: GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY,
      }),
    );
  });
@@ -49,7 +63,6 @@ describe("web-guarded-fetch", () => {
    );
    const call = vi.mocked(fetchWithSsrFGuard).mock.calls[0]?.[0];
    expect(call?.policy).toBeUndefined();
-    expect(call?.proxy).toBeUndefined();
-    expect(call?.dangerouslyAllowEnvProxyWithoutPinnedDns).toBeUndefined();
+    expect(call?.mode).toBe(GUARDED_FETCH_MODE.STRICT);
  });
 });
--- a/src/agents/tools/web-guarded-fetch.ts
+++ b/src/agents/tools/web-guarded-fetch.ts
@@ -2,6 +2,8 @@ import {
  fetchWithSsrFGuard,
  type GuardedFetchOptions,
  type GuardedFetchResult,
+  withStrictGuardedFetchMode,
+  withTrustedEnvProxyGuardedFetchMode,
 } from "../../infra/net/fetch-guard.js";
 import type { SsrFPolicy } from "../../infra/net/ssrf.js";

@@ -12,7 +14,7 @@ const WEB_TOOLS_TRUSTED_NETWORK_SSRF_POLICY: SsrFPolicy = {

 type WebToolGuardedFetchOptions = Omit<
  GuardedFetchOptions,
-  "proxy" | "dangerouslyAllowEnvProxyWithoutPinnedDns"
+  "mode" | "proxy" | "dangerouslyAllowEnvProxyWithoutPinnedDns"
 > & {
  timeoutSeconds?: number;
  useEnvProxy?: boolean;
@@ -36,16 +38,15 @@ export async function fetchWithWebToolsNetworkGuard(
  params: WebToolGuardedFetchOptions,
 ): Promise<GuardedFetchResult> {
  const { timeoutSeconds, useEnvProxy, ...rest } = params;
-  return fetchWithSsrFGuard({
+  const resolved = {
    ...rest,
    timeoutMs: resolveTimeoutMs({ timeoutMs: rest.timeoutMs, timeoutSeconds }),
-    ...(useEnvProxy
-      ? {
-          proxy: "env",
-          dangerouslyAllowEnvProxyWithoutPinnedDns: true,
-        }
-      : {}),
-  });
+  };
+  return fetchWithSsrFGuard(
+    useEnvProxy
+      ? withTrustedEnvProxyGuardedFetchMode(resolved)
+      : withStrictGuardedFetchMode(resolved),
+  );
 }

 async function withWebToolsNetworkGuard<T>(