Web Substrate
forge-web makes web access a runtime capability instead of an ad hoc external
tool. The goal is to give every Forge installation the same baseline web
behavior, security posture, and tool registration shape.
Current readiness
| Operation | Status | Notes |
|---|---|---|
| Fetch | Ready | HTTP GET/POST with SSRF protection, redirect limits, and size caps. |
| Tools | Ready | Web operations are registered as Forge tools. |
| Parse | Deferred | Blocked on the html-parser feature. |
| Extract | Deferred | CSS selector, XPath, and JSONPath extraction are not production-ready. |
| Markdown | Deferred | HTML-to-Markdown conversion waits on parser support. |
| Crawl | Deferred | Link extraction depends on parser support. |
| Inspect | Deferred | Site-map discovery depends on parser support. |
| Compact | Deferred | Multi-page compaction depends on crawl and parser support. |
Only Fetch and tool registration should be treated as production-ready today. Deferred operations should return explicit errors rather than silently producing partial data.
Security defaults
The fetch layer is designed to be safe by default:
- private, loopback, and link-local IP ranges are blocked
- HTTPS-to-HTTP redirect downgrades are denied
- redirect count is capped
- content size is capped
- tool calls remain subject to normal Forge tool-tier approval
Tool loop usage
Web tools are registered with normal Forge tool definitions and JSON schemas. That means agents can call them through the same approval, ACT, telemetry, and observer surfaces used for other tools.
use forge_web::prelude::*;
let config = WebSubstrateConfig::default();
let response = web_fetch(&config, &WebFetchRequest::get("https://example.com")?).await?;
println!("status={}", response.status);
Use Tools, Capabilities, and Telemetry with web operations exactly as you would with any other runtime tool.