Skip to content

fix(core): implement network boundary security for agent endpoints#874

Open
RinZ27 wants to merge 1 commit into
fetchai:mainfrom
RinZ27:fix/ssrf-protection-almanac
Open

fix(core): implement network boundary security for agent endpoints#874
RinZ27 wants to merge 1 commit into
fetchai:mainfrom
RinZ27:fix/ssrf-protection-almanac

Conversation

@RinZ27
Copy link
Copy Markdown

@RinZ27 RinZ27 commented Apr 16, 2026

Proposed Changes

This PR implements a first-line defense against SSRF by introducing an IP denylist in the AlmanacResolver. It ensures that agent endpoints resolved via the Almanac API do not point to private, loopback, link-local, or cloud metadata IP addresses (RFC 1918).

Key changes:

  • Added is_safe_url helper in resolver.py using Python's standard ipaddress library.
  • Integrated the safety check into lookup_endpoint_for_agent to filter out unsafe endpoints.
  • Added warning logs for filtered endpoints to assist debugging in development environments.

Linked Issues

Fixes #854

Types of changes

  • Bug fix (non-breaking change that fixes an issue).

Checklist

  • I have read the CONTRIBUTING guide
  • Checks and tests pass locally

Further comments

While there are ongoing discussions regarding a more comprehensive security middleware and trust gate architectures (e.g., #865), this IP denylisting provides immediate protection against common SSRF vectors. It blocks access to internal resources like 169.254.169.254 and local admin interfaces by default.

Verified the logic with test cases covering:

  • RFC 1918 private ranges (10.x, 172.16.x, 192.168.x)
  • Loopback (127.0.0.1, localhost)
  • Link-local/Cloud Metadata (169.254.169.254)
  • Public URLs (agentverse.ai, google.com)

@RinZ27 RinZ27 mentioned this pull request Apr 16, 2026
Open
@RinZ27 RinZ27 changed the title fix: implement network boundary security for agent endpoints (SSRF protection) fix(core): implement network boundary security for agent endpoints Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrriehl jrriehl Awaiting requested review from jrriehl jrriehl is a code owner

@Archento Archento Awaiting requested review from Archento Archento is a code owner

@lrahmani lrahmani Awaiting requested review from lrahmani lrahmani is a code owner

@qati qati Awaiting requested review from qati qati is a code owner

@Alejandro-Morales Alejandro-Morales Awaiting requested review from Alejandro-Morales Alejandro-Morales is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Suggestion: Implement Network Boundary Security for Agent Endpoints

1 participant

@RinZ27