agents_and_robots/tools/http.go

package tools

import (
	"context"
	"fmt"
	"io"
	"net/http"
	"net/url"
	"strings"
	"time"

	"github.com/enmanuel/agents/internal/config"
)

// NewHTTPGet creates an http_get tool that performs GET requests.
// Validates URLs against cfg.AllowedDomains when non-empty.
func NewHTTPGet(cfg config.HTTPToolCfg) Tool {
	timeout := cfg.Timeout
	if timeout == 0 {
		timeout = 30 * time.Second
	}
	client := &http.Client{Timeout: timeout}

	return Tool{
		Def: Def{
			Name:        "http_get",
			Description: "Perform an HTTP GET request to a URL and return the response body.",
			Parameters: []Param{
				{Name: "url", Type: "string", Description: "The URL to request", Required: true},
			},
		},
		Exec: func(ctx context.Context, args map[string]any) Result {
			rawURL := getString(args, "url")
			if rawURL == "" {
				return Result{Err: fmt.Errorf("http_get: url is required")}
			}
			if err := validateDomain(rawURL, cfg.AllowedDomains); err != nil {
				return Result{Err: err}
			}

			req, err := http.NewRequestWithContext(ctx, http.MethodGet, rawURL, nil)
			if err != nil {
				return Result{Err: fmt.Errorf("http_get: %w", err)}
			}

			resp, err := client.Do(req)
			if err != nil {
				return Result{Err: fmt.Errorf("http_get: %w", err)}
			}
			defer resp.Body.Close()

			body, err := io.ReadAll(io.LimitReader(resp.Body, 64*1024)) // 64 KB limit
			if err != nil {
				return Result{Err: fmt.Errorf("http_get read body: %w", err)}
			}

			return Result{Output: fmt.Sprintf("HTTP %d\n%s", resp.StatusCode, body)}
		},
	}
}

// NewHTTPPost creates an http_post tool that performs POST requests with a JSON body.
// Validates URLs against cfg.AllowedDomains when non-empty.
func NewHTTPPost(cfg config.HTTPToolCfg) Tool {
	timeout := cfg.Timeout
	if timeout == 0 {
		timeout = 30 * time.Second
	}
	client := &http.Client{Timeout: timeout}

	return Tool{
		Def: Def{
			Name:        "http_post",
			Description: "Perform an HTTP POST request with a JSON body and return the response.",
			Parameters: []Param{
				{Name: "url", Type: "string", Description: "The URL to request", Required: true},
				{Name: "body", Type: "string", Description: "The JSON body to send", Required: true},
			},
		},
		Exec: func(ctx context.Context, args map[string]any) Result {
			rawURL := getString(args, "url")
			if rawURL == "" {
				return Result{Err: fmt.Errorf("http_post: url is required")}
			}
			bodyStr := getString(args, "body")
			if bodyStr == "" {
				return Result{Err: fmt.Errorf("http_post: body is required")}
			}
			if err := validateDomain(rawURL, cfg.AllowedDomains); err != nil {
				return Result{Err: err}
			}

			req, err := http.NewRequestWithContext(ctx, http.MethodPost, rawURL, strings.NewReader(bodyStr))
			if err != nil {
				return Result{Err: fmt.Errorf("http_post: %w", err)}
			}
			req.Header.Set("Content-Type", "application/json")

			resp, err := client.Do(req)
			if err != nil {
				return Result{Err: fmt.Errorf("http_post: %w", err)}
			}
			defer resp.Body.Close()

			body, err := io.ReadAll(io.LimitReader(resp.Body, 64*1024))
			if err != nil {
				return Result{Err: fmt.Errorf("http_post read body: %w", err)}
			}

			return Result{Output: fmt.Sprintf("HTTP %d\n%s", resp.StatusCode, body)}
		},
	}
}

// validateDomain checks that the URL's host is in the allowed list.
// If allowedDomains is empty, all domains are allowed.
func validateDomain(rawURL string, allowedDomains []string) error {
	if len(allowedDomains) == 0 {
		return nil
	}
	u, err := url.Parse(rawURL)
	if err != nil {
		return fmt.Errorf("invalid url: %w", err)
	}
	host := u.Hostname()
	for _, d := range allowedDomains {
		if host == d {
			return nil
		}
	}
	return fmt.Errorf("domain %q not in allowed list", host)
}