@workglow/tasks 0.2.2 → 0.2.3

package/dist/task/FetchUrlTask.d.ts

@@ -123,7 +123,20 @@ export declare class FetchUrlTask<Input extends FetchUrlTaskInput = FetchUrlTask
     static title: string;
     static description: string;
     static hasDynamicSchemas: boolean;
+    static hasDynamicEntitlements: boolean;
     static entitlements(): TaskEntitlements;
+    /**
+     * Dynamic entitlement check: when the configured URL targets a private or
+     * loopback host the task additionally requires `network:private`, scoped
+     * via the URL's origin so grants can be resource-limited (e.g. a dev-mode
+     * grant for `http://localhost:*`). The graph runner evaluates this before
+     * `execute()` runs, so a denied private URL never issues a network call.
+     *
+     * Root-task input may not yet be applied when entitlements are evaluated.
+     * If the URL is not available at this point, fail closed and require the
+     * private-network entitlement rather than under-declaring it.
+     */
+    entitlements(): TaskEntitlements;
     static configSchema(): DataPortSchema;
     static inputSchema(): {
         readonly type: "object";

package/dist/task/FetchUrlTask.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"FetchUrlTask.d.ts","sourceRoot":"","sources":["../../src/task/FetchUrlTask.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAEL,kBAAkB,EAClB,GAAG,EAGJ,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EACV,eAAe,EAEf,UAAU,EACV,gBAAgB,EACjB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,cAAc,EAKd,IAAI,EAKL,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAkDnE,QAAA,MAAM,WAAW;mBACT,QAAQ;;;qBAGV,IAAI,EAAE,QAAQ;qBACd,KAAK,EAAE,KAAK;qBACZ,WAAW,EAAE,uBAAuB;qBACpC,MAAM,EAAE,KAAK;;;qBAGb,IAAI;qBACJ,KAAK,EAAE,QAAQ;qBACf,WAAW,EAAE,wBAAwB;qBACrC,OAAO,EAAE,KAAK;;;qBAGd,IAAI,EAAE,QAAQ;qBACd,oBAAoB;yBAClB,IAAI,EAAE,QAAQ;;qBAEhB,KAAK,EAAE,SAAS;qBAChB,WAAW,EAAE,sCAAsC;;;qBAGnD,IAAI,EAAE,QAAQ;qBACd,KAAK,EAAE,MAAM;qBACb,WAAW,EAAE,yBAAyB;;;;+BAGtB,MAAM;;;;4BACf,eAAe;kCAEpB,6GAA6G;;;;qBAI/G,IAAI,EAAE,QAAQ;qBACd,KAAK,EAAE,SAAS;qBAChB,WAAW,EAAE,iCAAiC;;;qBAG9C,IAAI,EAAE,QAAQ;qBACd,MAAM,EAAE,YAAY;qBACpB,KAAK,EAAE,gBAAgB;qBACvB,WAAW,EACT,mHAAmH;qBACrH,aAAa;;;;;CAKgB,CAAC;AAEpC,QAAA,MAAM,YAAY;mBACV,QAAQ;;iBAEZ,IAAI;qBACF,KAAK,EAAE,MAAM;qBACb,WAAW,EAAE,mBAAmB;;iBAElC,IAAI;qBACF,IAAI,EAAE,QAAQ;qBACd,KAAK,EAAE,MAAM;qBACb,WAAW,EAAE,mBAAmB;;iBAElC,IAAI;qBACF,KAAK,EAAE,MAAM;qBACb,WAAW,EAAE,mBAAmB;;iBAElC,WAAW;qBACT,KAAK,EAAE,aAAa;qBACpB,WAAW,EAAE,0BAA0B;;iBAEzC,QAAQ;qBACN,IAAI,EAAE,QAAQ;qBACd,UAAU;yBACR,WAAW;6BAAI,IAAI,EAAE,QAAQ;;yBAC7B,OAAO;6BAAI,IAAI,EAAE,QAAQ;6BAAE,oBAAoB;iCAAI,IAAI,EAAE,QAAQ;;;;qBAEnE,oBAAoB;qBACpB,KAAK,EAAE,mBAAmB;qBAC1B,WAAW,EAAE,2DAA2D;;;;CAI3C,CAAC;AAEpC,MAAM,MAAM,iBAAiB,GAAG,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC;AAC/D,MAAM,MAAM,kBAAkB,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;AA+DjE;;;GAGG;AACH,qBAAa,WAAW,CACtB,KAAK,SAAS,iBAAiB,GAAG,iBAAiB,EACnD,MAAM,GAAG,kBAAkB,CAC3B,SAAQ,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC;IAC1B,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAiB;IAC7C;;OAEG;IACY,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CA6FjF;CACF;AAkBD,MAAM,MAAM,kBAAkB,GAAG,UAAU,GAAG;IAC5C,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CAC1B,CAAC;AAEF,qBAAa,YAAY,CACvB,KAAK,SAAS,iBAAiB,GAAG,iBAAiB,EACnD,MAAM,SAAS,kBAAkB,GAAG,kBAAkB,EACtD,MAAM,SAAS,kBAAkB,GAAG,kBAAkB,CACtD,SAAQ,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;IACnC,OAAuB,IAAI,SAAkB;IAC7C,OAAuB,QAAQ,SAAW;IAC1C,OAAuB,KAAK,SAAW;IACvC,OAAuB,WAAW,SAC8C;IAChF,OAAuB,iBAAiB,EAAE,OAAO,CAAQ;IAEzD,OAAuB,YAAY,IAAI,gBAAgB,CAWtD;IAED,OAAuB,YAAY,IAAI,cAAc,CAEpD;IAED,OAAuB,WAAW;uBAnT5B,QAAQ;;;yBAGV,IAAI,EAAE,QAAQ;yBACd,KAAK,EAAE,KAAK;yBACZ,WAAW,EAAE,uBAAuB;yBACpC,MAAM,EAAE,KAAK;;;yBAGb,IAAI;yBACJ,KAAK,EAAE,QAAQ;yBACf,WAAW,EAAE,wBAAwB;yBACrC,OAAO,EAAE,KAAK;;;yBAGd,IAAI,EAAE,QAAQ;yBACd,oBAAoB;6BAClB,IAAI,EAAE,QAAQ;;yBAEhB,KAAK,EAAE,SAAS;yBAChB,WAAW,EAAE,sCAAsC;;;yBAGnD,IAAI,EAAE,QAAQ;yBACd,KAAK,EAAE,MAAM;yBACb,WAAW,EAAE,yBAAyB;;;;mCAGtB,MAAM;;;;gCACf,eAAe;sCAEpB,6GAA6G;;;;yBAI/G,IAAI,EAAE,QAAQ;yBACd,KAAK,EAAE,SAAS;yBAChB,WAAW,EAAE,iCAAiC;;;yBAG9C,IAAI,EAAE,QAAQ;yBACd,MAAM,EAAE,YAAY;yBACpB,KAAK,EAAE,gBAAgB;yBACvB,WAAW,EACT,mHAAmH;yBACrH,aAAa;;;;;MAwQhB;IAED,OAAuB,YAAY;uBAlQ7B,QAAQ;;qBAEZ,IAAI;yBACF,KAAK,EAAE,MAAM;yBACb,WAAW,EAAE,mBAAmB;;qBAElC,IAAI;yBACF,IAAI,EAAE,QAAQ;yBACd,KAAK,EAAE,MAAM;yBACb,WAAW,EAAE,mBAAmB;;qBAElC,IAAI;yBACF,KAAK,EAAE,MAAM;yBACb,WAAW,EAAE,mBAAmB;;qBAElC,WAAW;yBACT,KAAK,EAAE,aAAa;yBACpB,WAAW,EAAE,0BAA0B;;qBAEzC,QAAQ;yBACN,IAAI,EAAE,QAAQ;yBACd,UAAU;6BACR,WAAW;iCAAI,IAAI,EAAE,QAAQ;;6BAC7B,OAAO;iCAAI,IAAI,EAAE,QAAQ;iCAAE,oBAAoB;qCAAI,IAAI,EAAE,QAAQ;;;;yBAEnE,oBAAoB;yBACpB,KAAK,EAAE,mBAAmB;yBAC1B,WAAW,EAAE,2DAA2D;;;;MAyO3E;IAED;;;;OAIG;IACa,YAAY,IAAI,cAAc,CA+C7C;IAED;;;;OAIG;IACY,OAAO,CACpB,KAAK,EAAE,iBAAiB,EACxB,cAAc,EAAE,eAAe,GAC9B,OAAO,CAAC,MAAM,CAAC,CAiFjB;YAEa,oBAAoB;IAuClC;;;OAGG;IACa,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CA0BpD;YAEa,mBAAmB;CAgBlC;AAED,eAAO,MAAM,QAAQ,UACZ,iBAAiB,WAChB,kBAAkB,KACzB,OAAO,CAAC,kBAAkB,CAG5B,CAAC;AAEF,OAAO,QAAQ,sBAAsB,CAAC,CAAC;IACrC,UAAU,QAAQ;QAChB,KAAK,EAAE,cAAc,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC;KAClF;CACF"}
+{"version":3,"file":"FetchUrlTask.d.ts","sourceRoot":"","sources":["../../src/task/FetchUrlTask.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAEL,kBAAkB,EAClB,GAAG,EAGJ,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EACV,eAAe,EAEf,UAAU,EACV,gBAAgB,EACjB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,cAAc,EAMd,IAAI,EAKL,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAInE,QAAA,MAAM,WAAW;mBACT,QAAQ;;;qBAGV,IAAI,EAAE,QAAQ;qBACd,KAAK,EAAE,KAAK;qBACZ,WAAW,EAAE,uBAAuB;qBACpC,MAAM,EAAE,KAAK;;;qBAGb,IAAI;qBACJ,KAAK,EAAE,QAAQ;qBACf,WAAW,EAAE,wBAAwB;qBACrC,OAAO,EAAE,KAAK;;;qBAGd,IAAI,EAAE,QAAQ;qBACd,oBAAoB;yBAClB,IAAI,EAAE,QAAQ;;qBAEhB,KAAK,EAAE,SAAS;qBAChB,WAAW,EAAE,sCAAsC;;;qBAGnD,IAAI,EAAE,QAAQ;qBACd,KAAK,EAAE,MAAM;qBACb,WAAW,EAAE,yBAAyB;;;;+BAGtB,MAAM;;;;4BACf,eAAe;kCAEpB,6GAA6G;;;;qBAI/G,IAAI,EAAE,QAAQ;qBACd,KAAK,EAAE,SAAS;qBAChB,WAAW,EAAE,iCAAiC;;;qBAG9C,IAAI,EAAE,QAAQ;qBACd,MAAM,EAAE,YAAY;qBACpB,KAAK,EAAE,gBAAgB;qBACvB,WAAW,EACT,mHAAmH;qBACrH,aAAa;;;;;CAKgB,CAAC;AAEpC,QAAA,MAAM,YAAY;mBACV,QAAQ;;iBAEZ,IAAI;qBACF,KAAK,EAAE,MAAM;qBACb,WAAW,EAAE,mBAAmB;;iBAElC,IAAI;qBACF,IAAI,EAAE,QAAQ;qBACd,KAAK,EAAE,MAAM;qBACb,WAAW,EAAE,mBAAmB;;iBAElC,IAAI;qBACF,KAAK,EAAE,MAAM;qBACb,WAAW,EAAE,mBAAmB;;iBAElC,WAAW;qBACT,KAAK,EAAE,aAAa;qBACpB,WAAW,EAAE,0BAA0B;;iBAEzC,QAAQ;qBACN,IAAI,EAAE,QAAQ;qBACd,UAAU;yBACR,WAAW;6BAAI,IAAI,EAAE,QAAQ;;yBAC7B,OAAO;6BAAI,IAAI,EAAE,QAAQ;6BAAE,oBAAoB;iCAAI,IAAI,EAAE,QAAQ;;;;qBAEnE,oBAAoB;qBACpB,KAAK,EAAE,mBAAmB;qBAC1B,WAAW,EAAE,2DAA2D;;;;CAI3C,CAAC;AAEpC,MAAM,MAAM,iBAAiB,GAAG,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC;AAC/D,MAAM,MAAM,kBAAkB,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;AA+DjE;;;GAGG;AACH,qBAAa,WAAW,CACtB,KAAK,SAAS,iBAAiB,GAAG,iBAAiB,EACnD,MAAM,GAAG,kBAAkB,CAC3B,SAAQ,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC;IAC1B,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAiB;IAC7C;;OAEG;IACY,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CA0GjF;CACF;AAkBD,MAAM,MAAM,kBAAkB,GAAG,UAAU,GAAG;IAC5C,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CAC1B,CAAC;AAEF,qBAAa,YAAY,CACvB,KAAK,SAAS,iBAAiB,GAAG,iBAAiB,EACnD,MAAM,SAAS,kBAAkB,GAAG,kBAAkB,EACtD,MAAM,SAAS,kBAAkB,GAAG,kBAAkB,CACtD,SAAQ,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;IACnC,OAAuB,IAAI,SAAkB;IAC7C,OAAuB,QAAQ,SAAW;IAC1C,OAAuB,KAAK,SAAW;IACvC,OAAuB,WAAW,SAC8C;IAChF,OAAuB,iBAAiB,EAAE,OAAO,CAAQ;IACzD,OAAuB,sBAAsB,EAAE,OAAO,CAAQ;IAE9D,OAAuB,YAAY,IAAI,gBAAgB,CAWtD;IAED;;;;;;;;;;OAUG;IACa,YAAY,IAAI,gBAAgB,CA2B/C;IAED,OAAuB,YAAY,IAAI,cAAc,CAEpD;IAED,OAAuB,WAAW;uBAzW5B,QAAQ;;;yBAGV,IAAI,EAAE,QAAQ;yBACd,KAAK,EAAE,KAAK;yBACZ,WAAW,EAAE,uBAAuB;yBACpC,MAAM,EAAE,KAAK;;;yBAGb,IAAI;yBACJ,KAAK,EAAE,QAAQ;yBACf,WAAW,EAAE,wBAAwB;yBACrC,OAAO,EAAE,KAAK;;;yBAGd,IAAI,EAAE,QAAQ;yBACd,oBAAoB;6BAClB,IAAI,EAAE,QAAQ;;yBAEhB,KAAK,EAAE,SAAS;yBAChB,WAAW,EAAE,sCAAsC;;;yBAGnD,IAAI,EAAE,QAAQ;yBACd,KAAK,EAAE,MAAM;yBACb,WAAW,EAAE,yBAAyB;;;;mCAGtB,MAAM;;;;gCACf,eAAe;sCAEpB,6GAA6G;;;;yBAI/G,IAAI,EAAE,QAAQ;yBACd,KAAK,EAAE,SAAS;yBAChB,WAAW,EAAE,iCAAiC;;;yBAG9C,IAAI,EAAE,QAAQ;yBACd,MAAM,EAAE,YAAY;yBACpB,KAAK,EAAE,gBAAgB;yBACvB,WAAW,EACT,mHAAmH;yBACrH,aAAa;;;;;MA8ThB;IAED,OAAuB,YAAY;uBAxT7B,QAAQ;;qBAEZ,IAAI;yBACF,KAAK,EAAE,MAAM;yBACb,WAAW,EAAE,mBAAmB;;qBAElC,IAAI;yBACF,IAAI,EAAE,QAAQ;yBACd,KAAK,EAAE,MAAM;yBACb,WAAW,EAAE,mBAAmB;;qBAElC,IAAI;yBACF,KAAK,EAAE,MAAM;yBACb,WAAW,EAAE,mBAAmB;;qBAElC,WAAW;yBACT,KAAK,EAAE,aAAa;yBACpB,WAAW,EAAE,0BAA0B;;qBAEzC,QAAQ;yBACN,IAAI,EAAE,QAAQ;yBACd,UAAU;6BACR,WAAW;iCAAI,IAAI,EAAE,QAAQ;;6BAC7B,OAAO;iCAAI,IAAI,EAAE,QAAQ;iCAAE,oBAAoB;qCAAI,IAAI,EAAE,QAAQ;;;;yBAEnE,oBAAoB;yBACpB,KAAK,EAAE,mBAAmB;yBAC1B,WAAW,EAAE,2DAA2D;;;;MA+R3E;IAED;;;;OAIG;IACa,YAAY,IAAI,cAAc,CA+C7C;IAED;;;;OAIG;IACY,OAAO,CACpB,KAAK,EAAE,iBAAiB,EACxB,cAAc,EAAE,eAAe,GAC9B,OAAO,CAAC,MAAM,CAAC,CAiFjB;YAEa,oBAAoB;IAuClC;;;OAGG;IACa,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CA0BpD;YAEa,mBAAmB;CAgBlC;AAED,eAAO,MAAM,QAAQ,UACZ,iBAAiB,WAChB,kBAAkB,KACzB,OAAO,CAAC,kBAAkB,CAG5B,CAAC;AAEF,OAAO,QAAQ,sBAAsB,CAAC,CAAC;IACrC,UAAU,QAAQ;QAChB,KAAK,EAAE,cAAc,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC,CAAC;KAClF;CACF"}

package/dist/task/image/imageCodecLimits.d.ts

@@ -0,0 +1,80 @@
+/**
+ * @license
+ * Copyright 2026 Steven Roussey <sroussey@gmail.com>
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/**
+ * Maximum number of decoded pixels (width * height) accepted by the image raster codec.
+ *
+ * Caps worst-case RGBA allocation at ~400 MiB (100 MP * 4 bytes/pixel). Legitimate
+ * photographic content rarely exceeds ~50 MP; synthetic pipelines that need more
+ * should bypass the codec and operate on ImageBinary directly.
+ *
+ * Defends against header-declared pixel bombs where a small compressed payload
+ * claims billions of pixels to force a downstream OOM.
+ */
+export declare const MAX_DECODED_PIXELS = 100000000;
+/**
+ * Maximum raw (base64-decoded) byte size of an incoming data URI on the Node codec.
+ *
+ * This is a coarse pre-filter before format-specific decoding. The Node codec
+ * additionally enforces {@link MAX_DECODED_PIXELS} via sharp's header-level
+ * `limitInputPixels`, so 64 MiB is a comfortable ceiling on the server side.
+ */
+export declare const MAX_INPUT_BYTES_NODE: number;
+/**
+ * Maximum raw byte size of an incoming data URI on the browser codec.
+ *
+ * The browser codec uses a stricter ceiling than {@link MAX_INPUT_BYTES_NODE}
+ * because `createImageBitmap` eagerly decompresses before we can observe the
+ * bitmap's dimensions. Bounding the compressed input is the primary defense;
+ * the post-bitmap `assertWithinPixelBudget` check only avoids the subsequent
+ * canvas + ImageData allocations.
+ */
+export declare const MAX_INPUT_BYTES_BROWSER: number;
+/**
+ * Mime types rejected at decode time because rasterization would silently lose
+ * information (vector data, animation frames). Callers that need these formats
+ * must convert to PNG/JPEG/WebP externally before invoking the codec.
+ *
+ * Known limitations:
+ * - APNG declared as `image/png` cannot be distinguished by mime type alone;
+ *   sharp will decode only the first frame. True APNG rejection requires
+ *   post-decode metadata inspection (`pages > 1`).
+ * - Animated WebP declared as `image/webp` has the same limitation.
+ */
+export declare const REJECTED_DECODE_MIME_TYPES: ReadonlySet<string>;
+/** Output formats the codec is willing to produce. Everything else throws at encode. */
+export declare const SUPPORTED_OUTPUT_MIME_TYPES: readonly ["image/jpeg", "image/png", "image/webp"];
+export type SupportedOutputMimeType = (typeof SUPPORTED_OUTPUT_MIME_TYPES)[number];
+/**
+ * Throws if the decoded image would exceed {@link MAX_DECODED_PIXELS}, or if
+ * the dimensions are non-finite or non-positive.
+ */
+export declare function assertWithinPixelBudget(width: number, height: number): void;
+/** Throws if `byteLength` exceeds `limit`. */
+export declare function assertWithinByteBudget(byteLength: number, limit: number): void;
+/**
+ * Throws unless `value` is a string that starts with `data:`. Defense in depth
+ * at the codec boundary — prevents the browser codec's `fetch(value)` from ever
+ * reaching the network (`http:`, `file:`, etc.) even if an upstream validator
+ * is removed or bypassed.
+ */
+export declare function assertIsDataUri(value: string): void;
+/**
+ * Extracts the mime type from a data URI for pre-decode validation. Returns
+ * the lowercased mime type, or `undefined` if not parseable.
+ *
+ * Intentionally looser than `parseDataUri` in `@workglow/util/media`: this lets
+ * us report "unsupported svg+xml" before failing on an otherwise-malformed data
+ * URI, so the caller gets the most actionable error.
+ */
+export declare function extractDataUriMimeType(dataUri: string): string | undefined;
+/**
+ * Normalizes and validates an output mime type. Throws for unsupported or
+ * lossy types (e.g. `image/svg+xml`, `image/gif`) instead of silently falling
+ * through to PNG. Replaces the per-file `normalizeMimeType` helpers that used
+ * to mask format mismatches.
+ */
+export declare function normalizeOutputMimeType(mimeType: string): SupportedOutputMimeType;
+//# sourceMappingURL=imageCodecLimits.d.ts.map

package/dist/task/image/imageCodecLimits.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"imageCodecLimits.d.ts","sourceRoot":"","sources":["../../../src/task/image/imageCodecLimits.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,YAAc,CAAC;AAE9C;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,QAAmB,CAAC;AAErD;;;;;;;;GAQG;AACH,eAAO,MAAM,uBAAuB,QAAkB,CAAC;AAEvD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,EAAE,WAAW,CAAC,MAAM,CAKzD,CAAC;AAEH,wFAAwF;AACxF,eAAO,MAAM,2BAA2B,YAAI,YAAY,EAAE,WAAW,EAAE,YAAY,CAAU,CAAC;AAC9F,MAAM,MAAM,uBAAuB,GAAG,CAAC,OAAO,2BAA2B,CAAC,CAAC,MAAM,CAAC,CAAC;AAEnF;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAW3E;AAED,8CAA8C;AAC9C,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAI9E;AA2BD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAKnD;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAG1E;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,uBAAuB,CAejF"}

package/dist/task/image/imageRasterCodecBrowser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"imageRasterCodecBrowser.d.ts","sourceRoot":"","sources":["../../../src/task/image/imageRasterCodecBrowser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAiHnE,wBAAgB,6BAA6B,IAAI,gBAAgB,CAEhE"}
+{"version":3,"file":"imageRasterCodecBrowser.d.ts","sourceRoot":"","sources":["../../../src/task/image/imageRasterCodecBrowser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAaH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAiInE,wBAAgB,6BAA6B,IAAI,gBAAgB,CAEhE"}

package/dist/task/image/imageRasterCodecNode.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"imageRasterCodecNode.d.ts","sourceRoot":"","sources":["../../../src/task/image/imageRasterCodecNode.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAuFnE,wBAAgB,0BAA0B,IAAI,gBAAgB,CAE7D"}
+{"version":3,"file":"imageRasterCodecNode.d.ts","sourceRoot":"","sources":["../../../src/task/image/imageRasterCodecNode.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAeH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAqHnE,wBAAgB,0BAA0B,IAAI,gBAAgB,CAE7D"}

package/dist/util/SafeFetch.d.ts

@@ -0,0 +1,51 @@
+/**
+ * @license
+ * Copyright 2025 Steven Roussey <sroussey@gmail.com>
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * SSRF-aware fetch wrapper.
+ *
+ * The browser default performs a static URL classification only and delegates
+ * to `globalThis.fetch`. The Node/Bun entrypoints register a server-side
+ * implementation (see `SafeFetch.server.ts`) that additionally resolves DNS,
+ * classifies every resolved address, and pins the connection to a specific
+ * IP via an undici Agent — this closes the DNS-rebinding gap.
+ *
+ * Callers pass `allowPrivate` to opt into private/loopback targets. The task
+ * layer sets this flag based on whether the task has been granted the
+ * `network:private` entitlement (via its dynamic `entitlements()`).
+ */
+export interface SafeFetchOptions extends RequestInit {
+    /**
+     * When true, requests to private/loopback/link-local/metadata hosts are
+     * permitted. When false (default), such requests throw PermanentJobError
+     * both at URL-classification time and (in the server impl) at DNS-resolution
+     * time — defeating DNS rebinding.
+     */
+    readonly allowPrivate?: boolean;
+}
+export type SafeFetchFn = (url: string, options: SafeFetchOptions) => Promise<Response>;
+/**
+ * Register a platform-specific SafeFetch implementation. The Node/Bun
+ * entrypoints call this at module load time to install the DNS-resolving,
+ * connection-pinning implementation from `SafeFetch.server.ts`.
+ *
+ * Returns the previously registered implementation so callers can safely
+ * restore it after a temporary override.
+ */
+export declare function registerSafeFetch(fn: SafeFetchFn): SafeFetchFn;
+/**
+ * Returns the currently registered SafeFetch implementation.
+ */
+export declare function getSafeFetchImpl(): SafeFetchFn;
+/**
+ * Restores the default browser-safe implementation.
+ */
+export declare function resetSafeFetch(): void;
+/**
+ * SSRF-aware fetch. See {@link SafeFetchOptions} for the `allowPrivate` flag.
+ * Throws `PermanentJobError` if the URL targets a private host without
+ * permission, or (server impl) if DNS resolves to a private IP.
+ */
+export declare function safeFetch(url: string, options?: SafeFetchOptions): Promise<Response>;
+//# sourceMappingURL=SafeFetch.d.ts.map

package/dist/util/SafeFetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SafeFetch.d.ts","sourceRoot":"","sources":["../../src/util/SafeFetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AASH,MAAM,WAAW,gBAAiB,SAAQ,WAAW;IACnD;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;CACjC;AAED,MAAM,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAgFxF;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,EAAE,EAAE,WAAW,GAAG,WAAW,CAI9D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAE9C;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,IAAI,CAErC;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,GAAE,gBAAqB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAExF"}

package/dist/util/SafeFetch.server.d.ts

@@ -0,0 +1,22 @@
+/**
+ * @license
+ * Copyright 2025 Steven Roussey <sroussey@gmail.com>
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Server-side SafeFetch implementation.
+ *
+ * Combines:
+ *   1. Static URL classification (shared with the browser impl).
+ *   2. DNS pre-resolution of every A/AAAA record for the hostname.
+ *   3. Rejection if any resolved address is private/link-local/metadata
+ *      (unless `allowPrivate` is set).
+ *   4. Connection pinning via an undici Agent whose `connect.lookup` hook
+ *      returns the pre-resolved IP — this prevents a second DNS lookup at
+ *      connect time and defeats DNS rebinding (TOCTOU).
+ *
+ * Registered at module load from `packages/tasks/src/node.ts` and
+ * `packages/tasks/src/bun.ts` via `registerSafeFetch`.
+ */
+import { type SafeFetchFn } from "./SafeFetch";
+export declare const serverSafeFetch: SafeFetchFn;
+//# sourceMappingURL=SafeFetch.server.d.ts.map

package/dist/util/SafeFetch.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SafeFetch.server.d.ts","sourceRoot":"","sources":["../../src/util/SafeFetch.server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAMH,OAAO,EAAqB,KAAK,WAAW,EAAyB,MAAM,aAAa,CAAC;AAgHzF,eAAO,MAAM,eAAe,EAAE,WA+D7B,CAAC"}

package/dist/util/UrlClassifier.d.ts

@@ -0,0 +1,64 @@
+/**
+ * @license
+ * Copyright 2025 Steven Roussey <sroussey@gmail.com>
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * URL classifier used by {@link safeFetch} and {@link FetchUrlTask} to decide
+ * whether a URL targets a private/internal network host.
+ *
+ * The classifier is browser-safe (no Node built-ins) and performs only static
+ * analysis of the URL string — it does NOT perform DNS resolution. DNS-aware
+ * checking + connection pinning happens in `SafeFetch.server.ts` on Node/Bun.
+ */
+export type UrlClassificationKind = "public" | "private" | "invalid";
+export interface UrlClassification {
+    readonly kind: UrlClassificationKind;
+    /** Human-readable reason, present when kind is "private" or "invalid". */
+    readonly reason?: string;
+    /** Normalized hostname (lowercase, trailing dots stripped, IPv6 brackets stripped). */
+    readonly host?: string;
+    /** Canonical dotted-quad IPv4 / RFC5952 IPv6 if the host is a literal IP. */
+    readonly literalIp?: string;
+}
+/**
+ * Accepts an IPv4 literal in any of the legacy forms accepted by inet_aton
+ * (decimal, hex `0x..`, octal `0..`, and 1/2/3/4-part notation) and returns
+ * its canonical dotted-quad form. Returns undefined if the host is not a
+ * valid IPv4 literal in any supported form.
+ *
+ * Examples:
+ *   "127.0.0.1"       → "127.0.0.1"
+ *   "2130706433"      → "127.0.0.1"
+ *   "0x7f000001"      → "127.0.0.1"
+ *   "0177.0.0.1"      → "127.0.0.1"
+ *   "0x7f.1"          → "127.0.0.1"
+ */
+export declare function tryNormalizeIPv4(host: string): string | undefined;
+/**
+ * Classifies a literal IP address (v4 or v6) as public or private.
+ * Returns undefined if the address is not a valid IP literal.
+ */
+export declare function classifyIpLiteral(host: string): {
+    kind: "public" | "private";
+    reason?: string;
+    canonical: string;
+} | undefined;
+/**
+ * Statically classify a URL as public, private, or invalid.
+ *
+ * This is a pure string-level check — it does NOT perform DNS resolution.
+ * For DNS-aware protection against rebinding, use {@link safeFetch}.
+ */
+export declare function classifyUrl(urlStr: string): UrlClassification;
+/**
+ * Returns the entitlement resource pattern for a URL, used when declaring
+ * a scoped `network:private` entitlement. The pattern covers any path/query
+ * under the same protocol+host(+port).
+ *
+ * Examples:
+ *   http://localhost:3000/api    → "http://localhost:3000/*"
+ *   https://192.168.1.1/admin    → "https://192.168.1.1/*"
+ *   http://[::1]:8080/           → "http://[::1]:8080/*"
+ */
+export declare function urlResourcePattern(urlStr: string): string;
+//# sourceMappingURL=UrlClassifier.d.ts.map

package/dist/util/UrlClassifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UrlClassifier.d.ts","sourceRoot":"","sources":["../../src/util/UrlClassifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAQH,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAErE,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,qBAAqB,CAAC;IACrC,0EAA0E;IAC1E,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,uFAAuF;IACvF,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,6EAA6E;IAC7E,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAwED;;;;;;;;;;;;GAYG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAqDjE;AAMD;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,GACX;IAAE,IAAI,EAAE,QAAQ,GAAG,SAAS,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CA2ChF;AAoCD;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,iBAAiB,CA4C7D;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAYzD"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@workglow/tasks",
   "type": "module",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "repository": {
     "type": "git",
     "url": "https://github.com/workglow-dev/workglow.git",
@@ -50,12 +50,16 @@
   "publishConfig": {
     "access": "public"
   },
+  "dependencies": {
+    "ipaddr.js": "^2.2.0",
+    "undici": "^7.0.0"
+  },
   "peerDependencies": {
     "@modelcontextprotocol/sdk": "^1.29.0",
-    "@workglow/task-graph": "0.2.2",
-    "@workglow/util": "0.2.2",
-    "@workglow/job-queue": "0.2.2",
-    "@workglow/storage": "0.2.2"
+    "@workglow/task-graph": "0.2.3",
+    "@workglow/util": "0.2.3",
+    "@workglow/job-queue": "0.2.3",
+    "@workglow/storage": "0.2.3"
   },
   "peerDependenciesMeta": {
     "@modelcontextprotocol/sdk": {
@@ -77,10 +81,12 @@
   "devDependencies": {
     "@modelcontextprotocol/sdk": "^1.29.0",
     "@types/papaparse": "^5.5.2",
-    "@workglow/job-queue": "0.2.2",
-    "@workglow/storage": "0.2.2",
-    "@workglow/task-graph": "0.2.2",
-    "@workglow/util": "0.2.2"
+    "@workglow/job-queue": "0.2.3",
+    "@workglow/storage": "0.2.3",
+    "@workglow/task-graph": "0.2.3",
+    "@workglow/util": "0.2.3",
+    "ipaddr.js": "^2.2.0",
+    "undici": "^7.0.0"
   },
   "optionalDependencies": {
     "papaparse": "^5.5.3",