net_allow_hosts implies net_connect: [80, 443]

Signed-off-by: Cong Wang <cwang@multikernel.io>

Author: congwang-mk

examples/mcp_agent.py

@@ -158,8 +158,7 @@ async def run_agent(user_prompt: str, workspace: str):
         "web_fetch", web_fetch,
         description="Fetch a URL and return the response body. Only httpbin.org is allowed.",
         capabilities={
-            "net_connect": [443],
-            "net_allow_hosts": ["httpbin.org"],  # DNS restricted to this host
+            "net_allow_hosts": ["httpbin.org"],  # implies net_connect: [80, 443]
         },
         input_schema={
             "type": "object",

src/sandlock/mcp/_policy.py

@@ -62,6 +62,10 @@ def policy_for_tool(
             if key in _POLICY_FIELDS:
                 kwargs[key] = value
 
+        # net_allow_hosts implies net_connect: [80, 443] unless explicit
+        if "net_allow_hosts" in capabilities and "net_connect" not in capabilities:
+            kwargs["net_connect"] = [80, 443]
+
     return Policy(**kwargs)
 
 

tests/test_mcp.py

@@ -69,6 +69,25 @@ def test_multiple(self):
         assert 8080 in policy.net_connect
         assert policy.max_memory == "256M"
 
+    def test_net_allow_hosts_implies_net_connect(self):
+        policy = policy_for_tool(
+            workspace="/tmp/ws",
+            capabilities={"net_allow_hosts": ["example.com"]},
+        )
+        assert "example.com" in policy.net_allow_hosts
+        assert 80 in policy.net_connect
+        assert 443 in policy.net_connect
+
+    def test_net_allow_hosts_with_explicit_net_connect(self):
+        policy = policy_for_tool(
+            workspace="/tmp/ws",
+            capabilities={
+                "net_allow_hosts": ["example.com"],
+                "net_connect": [8443],
+            },
+        )
+        assert policy.net_connect == [8443]  # explicit wins
+
     def test_unknown_field_ignored(self):
         policy = policy_for_tool(
             workspace="/tmp/ws",