Show HN: Agent-fetch – Sandboxed HTTP client with SSRF protection for AI agents (github.com)

A new tool called agent-fetch has been introduced, providing a sandboxed HTTP client specifically designed to enhance the security of AI agents while they make network requests. This innovative client addresses critical vulnerabilities associated with unrestricted HTTP access, such as server-side request forgery (SSRF) attacks and DNS rebinding, by enforcing a robust security policy on each request. Available as both a Rust crate and an npm package with native Node.js bindings, agent-fetch allows AI agents to safely call APIs and scrape data without the risk of reaching internal networks or exposing sensitive information. The significance of agent-fetch lies in its comprehensive security mechanisms, which include DNS resolution via its own resolver (Hickory DNS), validated IP connection, and rigorous re-validation for redirects. By normalizing IP encoding tricks and maintaining allowlists and blocklists for domains, this tool ensures that all requests adhere to stringent resource controls while preventing unauthorized access. With features such as rate limiting and body size restrictions, agent-fetch offers developers a secure and efficient way to integrate network capabilities into AI applications, making it an essential resource for the growing AI/ML community focused on safe and responsible software development.