HTTP Client
Requires http.enabled: true and URL patterns in http.allowlist in the manifest.
GET request
- AssemblyScript
- Go
- Rust
import { httpGet } from "@luminarys/sdk-as";
const resp = httpGet("https://api.example.com/data");
// resp.status: i32
// resp.headers: HttpHeader[] (name, value)
// resp.cookies: HttpCookie[] (name, value, domain, path, expires, secure, httponly)
// resp.body: Uint8Array
// resp.truncated: bool
const text = String.UTF8.decode(resp.body.buffer);
resp, err := sdk.HttpGet("https://api.example.com/data", 0, 0)
if err != nil {
return "", err
}
fmt.Printf("Status: %d, Body: %s\n", resp.Status, string(resp.Body))
let resp = http_get("https://api.example.com/data", 0, 0)?;
println!("Status: {}, Body: {}", resp.status, String::from_utf8_lossy(&resp.body));
Parameters:
| Field | Type | Default | Description |
|---|---|---|---|
url | string | required | Request URL (must match allowlist) |
timeout_ms | int | 0 (30s) | Request timeout in milliseconds |
max_bytes | int | 0 (1 MB) | Max response body size. Body is truncated (not rejected) if exceeded |
POST request
- AssemblyScript
- Go
- Rust
import { httpPost } from "@luminarys/sdk-as";
const body = Uint8Array.wrap(String.UTF8.encode('{"name": "Alice"}'));
const resp = httpPost("https://api.example.com/users", body, "application/json");
// resp.status, resp.headers, resp.cookies, resp.body, resp.truncated
body := []byte(`{"name": "Alice"}`)
resp, err := sdk.HttpPost(
"https://api.example.com/users",
body,
"application/json",
0, // timeout
0, // maxBytes
)
let body = br#"{"name": "Alice"}"#.to_vec();
let resp = http_post(
"https://api.example.com/users",
body,
"application/json",
0, // timeout
0, // maxBytes
)?;
Custom request
Full control over method, headers, and body.
- AssemblyScript
- Go
- Rust
import { httpRequest, HttpHeader } from "@luminarys/sdk-as";
const hdrs: HttpHeader[] = [];
const h1 = new HttpHeader(); h1.name = "Authorization"; h1.value = "Bearer token123";
const h2 = new HttpHeader(); h2.name = "Content-Type"; h2.value = "application/json";
hdrs.push(h1); hdrs.push(h2);
const body = Uint8Array.wrap(String.UTF8.encode('{"name": "Bob"}'));
const resp = httpRequest("PUT", "https://api.example.com/users/123", body, hdrs);
resp, err := sdk.HttpRequest(sdk.HttpRequestOptions{
Method: "PUT",
URL: "https://api.example.com/users/123",
Headers: []sdk.Header{
{Name: "Authorization", Value: "Bearer token123"},
{Name: "Content-Type", Value: "application/json"},
},
Body: []byte(`{"name": "Bob"}`),
FollowRedirects: true,
TimeoutMs: 10000,
})
let resp = http_request(HttpRequestOptions {
method: "PUT".into(),
url: "https://api.example.com/users/123".into(),
headers: vec![
Header { name: "Authorization".into(), value: "Bearer token123".into() },
Header { name: "Content-Type".into(), value: "application/json".into() },
],
body: br#"{"name": "Bob"}"#.to_vec(),
follow_redirects: true,
timeout_ms: 10000,
..Default::default()
})?;
HttpRequestOptions:
| Field | Type | Default | Description |
|---|---|---|---|
method | string | "GET" | HTTP method (GET, POST, PUT, DELETE, PATCH, HEAD) |
url | string | required | Request URL (must match allowlist) |
headers | Header[] | [] | Request headers applied in order |
cookies | Cookie[] | [] | Request cookies (merged with jar if use_jar is true) |
body | bytes | empty | Request body |
timeout_ms | int | 0 (30s) | Request timeout in milliseconds |
max_bytes | int | 0 (1 MB) | Max response body size. Body is truncated if exceeded |
follow_redirects | bool | false | Automatically follow HTTP 3xx redirects |
use_jar | bool | false | Enable persistent cookie jar for this skill |
Cookie jar
Enable use_jar to persist cookies across requests. Cookies are stored per-skill and survive across invocations. Server-sent Max-Age=0 deletes the cookie from the jar.
- AssemblyScript
- Go
- Rust
import { httpRequest, HttpHeader } from "@luminarys/sdk-as";
// Login — cookies saved
const body = Uint8Array.wrap(String.UTF8.encode('{"user":"admin","pass":"secret"}'));
const ct = new HttpHeader(); ct.name = "Content-Type"; ct.value = "application/json";
httpRequest("POST", "https://example.com/login", body, [ct], [], 0, 0, false, true);
// Next request — cookies sent automatically
const resp = httpRequest("GET", "https://example.com/profile",
new Uint8Array(0), [], [], 0, 0, false, true);
// Login — cookies saved
resp1, _ := sdk.HttpRequest(sdk.HttpRequestOptions{
Method: "POST",
URL: "https://example.com/login",
Body: []byte(`{"user":"admin","pass":"secret"}`),
Headers: []sdk.Header{
{Name: "Content-Type", Value: "application/json"},
},
UseJar: true,
})
// Next request — cookies sent automatically
resp2, _ := sdk.HttpRequest(sdk.HttpRequestOptions{
Method: "GET",
URL: "https://example.com/profile",
UseJar: true,
})
// Login — cookies saved
let resp1 = http_request(HttpRequestOptions {
method: "POST".into(),
url: "https://example.com/login".into(),
body: br#"{"user":"admin","pass":"secret"}"#.to_vec(),
headers: vec![
Header { name: "Content-Type".into(), value: "application/json".into() },
],
use_jar: true,
..Default::default()
})?;
// Next request — cookies sent automatically
let resp2 = http_request(HttpRequestOptions {
method: "GET".into(),
url: "https://example.com/profile".into(),
use_jar: true,
..Default::default()
})?;
Response
HttpResponse:
| Field | Type | Description |
|---|---|---|
status | int | HTTP status code |
headers | Header[] | Response headers (name/value pairs) |
cookies | Cookie[] | Cookies from Set-Cookie headers |
body | bytes | Response body (may be truncated) |
truncated | bool | true if body was truncated due to max_bytes limit |
Header:
| Field | Type | Description |
|---|---|---|
name | string | Header name |
value | string | Header value |
Cookie:
| Field | Type | Description |
|---|---|---|
name | string | Cookie name |
value | string | Cookie value |
domain | string | Cookie domain |
path | string | Cookie path |
expires | int | Expiry as Unix timestamp (0 = session) |
secure | bool | Secure flag (HTTPS only) |
httponly | bool | HttpOnly flag (not accessible to JavaScript) |
Parsing headers from JSON
All SDKs provide headersFromJSON / HeadersFromJSON / headers_from_json to convert a JSON object string into an ordered Header array. This is useful when headers come from user input or LLM-generated code.
Key property: insertion order from the JSON string is preserved.
- AssemblyScript
- Go
- Rust
import { headersFromJSON, httpRequest } from "@luminarys/sdk-as";
const hdrs = headersFromJSON('{"Authorization":"Bearer tok","Accept":"application/json"}');
const resp = httpRequest("GET", "https://api.example.com/data", new Uint8Array(0), hdrs);
hdrs := sdk.HeadersFromJSON(`{"Authorization":"Bearer tok","Accept":"application/json"}`)
resp, err := sdk.HttpRequest(sdk.HttpRequestOptions{
URL: "https://api.example.com/data",
Headers: hdrs,
})
let hdrs = headers_from_json(r#"{"Authorization":"Bearer tok","Accept":"application/json"}"#);
let resp = http_request(HttpRequestOptions {
url: "https://api.example.com/data".into(),
headers: hdrs,
..Default::default()
})?;
Allowlist patterns
http:
enabled: true
allowlist:
- "https://api.example.com/**"
- "https://*.internal.company.com/**"
- "**" # everything (development only)