Summary
Split from #3. The write_file and read_file validator parity is done (see crates/agent-guard-validators/src/path.rs and crates/agent-guard-core/src/file_paths.rs), but HTTP validation depth remains shallow: there is no dedicated http.rs validator module today, and policy matching is primarily URL-centric.
Scope
- introduce a dedicated
http_request validator module that extracts method semantics before policy/runtime execution
- allow policy rules to match on method, body content type, and (optionally) body presence beyond URL prefix/regex
- tests for method-sensitive policy paths and obvious URL-encoding bypass cases
Out of Scope
- new policy DSL features beyond what existing rule types need
- ingress/inbound HTTP gating (this issue is outbound-mutation only)
Success Criteria
crates/agent-guard-validators/src/http.rs exists and is wired into the runtime path- README can honestly say HTTP policy is method-aware, not just URL-centric
- tests cover method-sensitive policy decisions and obvious bypass attempts
Summary
Split from #3. The
write_fileandread_filevalidator parity is done (seecrates/agent-guard-validators/src/path.rsandcrates/agent-guard-core/src/file_paths.rs), but HTTP validation depth remains shallow: there is no dedicatedhttp.rsvalidator module today, and policy matching is primarily URL-centric.Scope
http_requestvalidator module that extracts method semantics before policy/runtime executionOut of Scope
Success Criteria
crates/agent-guard-validators/src/http.rsexists and is wired into the runtime path