Nous.Tools.UrlGuard (nous v0.16.2)

View Source

SSRF protection for outbound HTTP from tools and providers.

Prevents prompt-injected agents from reaching cloud-metadata (169.254.169.254), internal services on private networks, loopback, and link-local ranges. By default only http:// and https:// schemes are accepted; other schemes (file://, gopher://, ftp://, etc.) are rejected.

Usage

case Nous.Tools.UrlGuard.validate("https://example.com/foo") do
  {:ok, uri} -> proceed_with(uri)
  {:error, reason} -> {:error, reason}  # human-readable
end

Opt-in: allowing private hosts

For local dev / Docker dev-loop you can pass allow_private_hosts: true:

Nous.Tools.UrlGuard.validate(url, allow_private_hosts: true)

Do NOT enable this in production. It re-opens the SSRF channel.

Summary

Functions

validate(url, opts \\ [])

Validate a URL string. Returns {:ok, %URI{}} or {:error, reason}.

Functions

validate(url, opts \\ [])

@spec validate(
  String.t(),
  keyword()
) :: {:ok, URI.t()} | {:error, String.t()}

Validate a URL string. Returns {:ok, %URI{}} or {:error, reason}.

Options

  • :allow_private_hosts — when true, skips the private/loopback blocklist. Defaults to false.