feat(harness): web::fetch worker with SSRF-hardened HTTP client

[andersonleal]

Summary

Adds a standalone harness worker exposing web::fetch so the agent can fetch URLs through a structured, server-guarded envelope instead of reaching for shell::exec + curl. Scoped entirely to harness/src/web/ + harness/tests/web/ — no changes to existing workers.

What it does

web::fetch takes { url, method?, headers?, body?, json?, timeout_ms?, max_bytes?, follow_redirects?, response_format? } and returns { ok, status, headers, body, … } (or { ok:false, error, message }), with size/timeout caps and SSRF protection enforced server-side.

Security model (ssrf.ts + fetch.ts)

• Resolve-once / validate-all / pin-to-IP: DNS is resolved once; every resolved address is checked against the blocklist; the request is then dialed against the validated IP (pinned lookup + TLS servername) so there's no DNS-rebinding window between check and connect.
• Blocklist: private (RFC1918), link-local, loopback (allowed by default for dev, configurable), and cloud-metadata ranges — including ::ffff:-mapped IPv4 in both dotted and hex forms.
• Redirects: each hop is re-validated against the blocklist; Authorization/Cookie are stripped on cross-host redirects and on any https → http downgrade.
• Bounded: byte-capped response reader (bytes_truncated flag) and per-request timeout.

Shape

• schemas.ts — zod ingress + zodToJsonSchema export; case-insensitive method; json payload auto-stringify + content-type; text / base64 / json response formats.
• main.ts + iii.worker.yaml + register.ts — standalone deployable worker registering web::fetch.

Test plan

• tsc -b clean
• vitest run tests/web/ — 62/62 pass: ssrf unit (mapped-IPv4 hex/dotted, all ranges), fetch guard + helper surface (stripCrossOriginAuth, readIncomingCapped), handler, and a real http.createServer loopback integration suite (IP pinning, per-hop re-validation, byte cap, timeout, POST/JSON round-trip)
• biome check (2.4.10) clean
• Manual: live https:// smoke (servername/cert-identity path is correct-by-construction + integration-tested over plaintext loopback; a trusted-cert HTTPS server isn't feasible in unit tests)

Notes

• Not yet wired into the combined harness/src/index.ts — it's a standalone worker (own main.ts + manifest), runnable via node dist/web/main.js. Wiring it into the bundled harness can be a follow-up if desired.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
workers	Ready	Preview, Comment	May 29, 2026 1:01pm

[coderabbitai]

Warning

Review limit reached

@andersonleal, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 53 minutes and 33 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7c8a3aba-0200-464c-a027-fc697c8368cb

📥 Commits

Reviewing files that changed from the base of the PR and between 187a56a and 1885aaf.

📒 Files selected for processing (13)

• harness/src/web/config.ts
• harness/src/web/fetch.ts
• harness/src/web/handlers/fetch.ts
• harness/src/web/iii.worker.yaml
• harness/src/web/main.ts
• harness/src/web/register.ts
• harness/src/web/schemas.ts
• harness/src/web/skills/index.md
• harness/src/web/ssrf.ts
• harness/tests/web/fetch.integration.test.ts
• harness/tests/web/fetch.test.ts
• harness/tests/web/handler.test.ts
• harness/tests/web/ssrf.test.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/harness-web-fetch-worker

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

skill-check — worker

0 verified, 13 skipped (no docs/).

Layer	Result
structure	✓
vale	✓
ai	✓
render	✗

Note

17 stale rendered artifact(s) detected on main, unrelated to this PR. This PR is fine; the drift was already there. A maintainer should open a chore PR to re-render these.

• shell/README.md
• shell/skill.md
• shell/skills/chmod.md
• shell/skills/exec.md
• shell/skills/exec_bg.md
• shell/skills/grep.md
• shell/skills/kill.md
• shell/skills/list.md
• shell/skills/ls.md
• shell/skills/mkdir.md
• shell/skills/mv.md
• shell/skills/read.md
• …and 5 more (see the workflow logs)