Summary
The Python binding applies builder.hardened() and then immediately overwrites same_host_redirects_only with the function argument default (false).
Impact
FetchKitTool(hardened=True) is weaker than the Rust/CLI hardened profile unless callers also remember to pass same_host_redirects_only=True. That kind of cross-interface hardening skew is easy to miss in shared agent environments.
Affected code
crates/fetchkit-python/src/lib.rs:214-220
Why this matters
The hardening guide and Rust builder behavior imply that the hardened profile includes same-host redirect enforcement. The Python binding silently drops that protection for the default constructor call shape.
Expected fix
Preserve the hardened redirect setting unless the caller explicitly overrides it.
Summary
The Python binding applies
builder.hardened()and then immediately overwritessame_host_redirects_onlywith the function argument default (false).Impact
FetchKitTool(hardened=True)is weaker than the Rust/CLI hardened profile unless callers also remember to passsame_host_redirects_only=True. That kind of cross-interface hardening skew is easy to miss in shared agent environments.Affected code
crates/fetchkit-python/src/lib.rs:214-220Why this matters
The hardening guide and Rust builder behavior imply that the hardened profile includes same-host redirect enforcement. The Python binding silently drops that protection for the default constructor call shape.
Expected fix
Preserve the hardened redirect setting unless the caller explicitly overrides it.