package tools import ( "context" "fmt" "io" "net/http" "net/url" "strings" "time" "github.com/enmanuel/agents/internal/config" ) // NewHTTPGet creates an http_get tool that performs GET requests. // Validates URLs against cfg.AllowedDomains when non-empty. func NewHTTPGet(cfg config.HTTPToolCfg) Tool { timeout := cfg.Timeout if timeout == 0 { timeout = 30 * time.Second } client := &http.Client{Timeout: timeout} return Tool{ Def: Def{ Name: "http_get", Description: "Perform an HTTP GET request to a URL and return the response body.", Parameters: []Param{ {Name: "url", Type: "string", Description: "The URL to request", Required: true}, }, }, Exec: func(ctx context.Context, args map[string]any) Result { rawURL := getString(args, "url") if rawURL == "" { return Result{Err: fmt.Errorf("http_get: url is required")} } if err := validateDomain(rawURL, cfg.AllowedDomains); err != nil { return Result{Err: err} } req, err := http.NewRequestWithContext(ctx, http.MethodGet, rawURL, nil) if err != nil { return Result{Err: fmt.Errorf("http_get: %w", err)} } resp, err := client.Do(req) if err != nil { return Result{Err: fmt.Errorf("http_get: %w", err)} } defer resp.Body.Close() body, err := io.ReadAll(io.LimitReader(resp.Body, 64*1024)) // 64 KB limit if err != nil { return Result{Err: fmt.Errorf("http_get read body: %w", err)} } return Result{Output: fmt.Sprintf("HTTP %d\n%s", resp.StatusCode, body)} }, } } // NewHTTPPost creates an http_post tool that performs POST requests with a JSON body. // Validates URLs against cfg.AllowedDomains when non-empty. func NewHTTPPost(cfg config.HTTPToolCfg) Tool { timeout := cfg.Timeout if timeout == 0 { timeout = 30 * time.Second } client := &http.Client{Timeout: timeout} return Tool{ Def: Def{ Name: "http_post", Description: "Perform an HTTP POST request with a JSON body and return the response.", Parameters: []Param{ {Name: "url", Type: "string", Description: "The URL to request", Required: true}, {Name: "body", Type: "string", Description: "The JSON body to send", Required: true}, }, }, Exec: func(ctx context.Context, args map[string]any) Result { rawURL := getString(args, "url") if rawURL == "" { return Result{Err: fmt.Errorf("http_post: url is required")} } bodyStr := getString(args, "body") if bodyStr == "" { return Result{Err: fmt.Errorf("http_post: body is required")} } if err := validateDomain(rawURL, cfg.AllowedDomains); err != nil { return Result{Err: err} } req, err := http.NewRequestWithContext(ctx, http.MethodPost, rawURL, strings.NewReader(bodyStr)) if err != nil { return Result{Err: fmt.Errorf("http_post: %w", err)} } req.Header.Set("Content-Type", "application/json") resp, err := client.Do(req) if err != nil { return Result{Err: fmt.Errorf("http_post: %w", err)} } defer resp.Body.Close() body, err := io.ReadAll(io.LimitReader(resp.Body, 64*1024)) if err != nil { return Result{Err: fmt.Errorf("http_post read body: %w", err)} } return Result{Output: fmt.Sprintf("HTTP %d\n%s", resp.StatusCode, body)} }, } } // validateDomain checks that the URL's host is in the allowed list. // If allowedDomains is empty, all domains are allowed. func validateDomain(rawURL string, allowedDomains []string) error { if len(allowedDomains) == 0 { return nil } u, err := url.Parse(rawURL) if err != nil { return fmt.Errorf("invalid url: %w", err) } host := u.Hostname() for _, d := range allowedDomains { if host == d { return nil } } return fmt.Errorf("domain %q not in allowed list", host) }