First release. Pure-WASM HTTP client built on waki 0.5 for F∆I flow steps that need to call REST APIs. Capability: http.request@0.1.0 Inputs: method (GET/POST/PUT/PATCH/DELETE/HEAD/OPTIONS), url, headers (JSON object string), body (UTF-8). Outputs: status (decimal text), headers (JSON object), body (UTF-8 lossy). Permissions: net: *. The wildcard is deliberate — operators clamp to specific hosts via their operator-policy ceiling. 6 unit tests on the headers-input parser (empty / strings / numbers coerced / non-object rejected / nested rejected / malformed JSON rejected). Bundle: target/wasm32-wasip2/release/http_request.wasm (~120 KiB stripped). v0.2.0 candidates: http.request-bytes for binary payloads, per-request timeout / retry inputs, cookie-jar. Signed-off-by: flemming-it <sf@flemming.it>
51 lines
1.8 KiB
YAML
51 lines
1.8 KiB
YAML
schema_version: 1
|
|
name: http-request
|
|
version: 0.1.0
|
|
|
|
# Capability provided by this module.
|
|
provides:
|
|
- capability: http.request
|
|
version: 0.1.0
|
|
|
|
# Inputs the invoke function accepts.
|
|
inputs:
|
|
# HTTP method as uppercase string. Supported: GET, POST,
|
|
# PUT, PATCH, DELETE, HEAD, OPTIONS.
|
|
method: text
|
|
# Full URL including scheme. Must be https:// for production
|
|
# use; http:// is permitted so loopback and air-gapped
|
|
# internal services work, but operator policy can clamp it.
|
|
url: text
|
|
# Optional headers as JSON object string, e.g.
|
|
# '{"Accept":"application/json","X-Tenant":"acme"}'. Empty
|
|
# string means no extra headers (Content-Type is auto-set
|
|
# when `body` is non-empty and the input is not already a
|
|
# JSON-shaped string).
|
|
headers: text
|
|
# Optional request body. Treated as UTF-8 text — binary
|
|
# payloads should use a future `http.request-bytes` variant.
|
|
body: text
|
|
|
|
# Outputs produced.
|
|
outputs:
|
|
# HTTP status code as decimal text (e.g. "200", "404").
|
|
# Text rather than number so the audit-log entry stays
|
|
# operator-readable without JSON re-parsing.
|
|
status: text
|
|
# Response headers serialised as a JSON object (same shape
|
|
# as the input format) so downstream flow steps can pluck
|
|
# values like Content-Type or rate-limit headers.
|
|
headers: text
|
|
# Response body as UTF-8 text. Non-UTF-8 responses come
|
|
# through with replacement characters; that's acceptable
|
|
# for v0.1.0 since the bytes-shaped variant covers binary.
|
|
body: text
|
|
|
|
# Permissions required.
|
|
#
|
|
# v0.1.0 declares the broadest net: permission needed to call
|
|
# arbitrary URLs. Operators clamp this per-host via their
|
|
# operator-policy ceiling — installing http.request against a
|
|
# policy that disallows wildcards fails fast at install time.
|
|
permissions:
|
|
- "net: *"
|