feat: http.request v0.1.0 — generic HTTP client
First release. Pure-WASM HTTP client built on waki 0.5 for F∆I flow steps that need to call REST APIs. Capability: http.request@0.1.0 Inputs: method (GET/POST/PUT/PATCH/DELETE/HEAD/OPTIONS), url, headers (JSON object string), body (UTF-8). Outputs: status (decimal text), headers (JSON object), body (UTF-8 lossy). Permissions: net: *. The wildcard is deliberate — operators clamp to specific hosts via their operator-policy ceiling. 6 unit tests on the headers-input parser (empty / strings / numbers coerced / non-object rejected / nested rejected / malformed JSON rejected). Bundle: target/wasm32-wasip2/release/http_request.wasm (~120 KiB stripped). v0.2.0 candidates: http.request-bytes for binary payloads, per-request timeout / retry inputs, cookie-jar. Signed-off-by: flemming-it <sf@flemming.it>
This commit is contained in:
commit
4681d0bb2c
8 changed files with 1194 additions and 0 deletions
51
module.yaml
Normal file
51
module.yaml
Normal file
|
|
@ -0,0 +1,51 @@
|
|||
schema_version: 1
|
||||
name: http-request
|
||||
version: 0.1.0
|
||||
|
||||
# Capability provided by this module.
|
||||
provides:
|
||||
- capability: http.request
|
||||
version: 0.1.0
|
||||
|
||||
# Inputs the invoke function accepts.
|
||||
inputs:
|
||||
# HTTP method as uppercase string. Supported: GET, POST,
|
||||
# PUT, PATCH, DELETE, HEAD, OPTIONS.
|
||||
method: text
|
||||
# Full URL including scheme. Must be https:// for production
|
||||
# use; http:// is permitted so loopback and air-gapped
|
||||
# internal services work, but operator policy can clamp it.
|
||||
url: text
|
||||
# Optional headers as JSON object string, e.g.
|
||||
# '{"Accept":"application/json","X-Tenant":"acme"}'. Empty
|
||||
# string means no extra headers (Content-Type is auto-set
|
||||
# when `body` is non-empty and the input is not already a
|
||||
# JSON-shaped string).
|
||||
headers: text
|
||||
# Optional request body. Treated as UTF-8 text — binary
|
||||
# payloads should use a future `http.request-bytes` variant.
|
||||
body: text
|
||||
|
||||
# Outputs produced.
|
||||
outputs:
|
||||
# HTTP status code as decimal text (e.g. "200", "404").
|
||||
# Text rather than number so the audit-log entry stays
|
||||
# operator-readable without JSON re-parsing.
|
||||
status: text
|
||||
# Response headers serialised as a JSON object (same shape
|
||||
# as the input format) so downstream flow steps can pluck
|
||||
# values like Content-Type or rate-limit headers.
|
||||
headers: text
|
||||
# Response body as UTF-8 text. Non-UTF-8 responses come
|
||||
# through with replacement characters; that's acceptable
|
||||
# for v0.1.0 since the bytes-shaped variant covers binary.
|
||||
body: text
|
||||
|
||||
# Permissions required.
|
||||
#
|
||||
# v0.1.0 declares the broadest net: permission needed to call
|
||||
# arbitrary URLs. Operators clamp this per-host via their
|
||||
# operator-policy ceiling — installing http.request against a
|
||||
# policy that disallows wildcards fails fast at install time.
|
||||
permissions:
|
||||
- "net: *"
|
||||
Loading…
Add table
Add a link
Reference in a new issue