refactor: remove redundant SSRF regex patterns from hardcoded_filters

validate_web_fetch_url() already provides strictly superior SSRF
protection via DNS resolution and IP checking. The regex patterns
in hardcoded_filters.rs were a subset of that coverage, added as
duplication during the PR #32 revert.

Author: yiwang

crates/core/src/agent/hardcoded_filters.rs

@@ -22,27 +22,6 @@ pub const BASH_DENY_PATTERNS: &[&str] = &[
     r"curl\s.*\|\s*python",
 ];
 
-/// Web fetch deny substrings — case-insensitive substring match.
-pub const WEB_FETCH_DENY_SUBSTRINGS: &[&str] = &[
-    "file://",
-    "localhost",
-    "0.0.0.0",
-    "169.254.169.254",
-    "[::1]",
-];
-
-/// Web fetch deny patterns — regex patterns for private/internal IP ranges.
-pub const WEB_FETCH_DENY_PATTERNS: &[&str] = &[
-    // 10.x.x.x
-    r"https?://10\.\d{1,3}\.\d{1,3}\.\d{1,3}",
-    // 172.16-31.x.x
-    r"https?://172\.(1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3}",
-    // 192.168.x.x
-    r"https?://192\.168\.\d{1,3}\.\d{1,3}",
-    // 127.x.x.x
-    r"https?://127\.\d{1,3}\.\d{1,3}\.\d{1,3}",
-];
-
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -55,23 +34,11 @@ mod tests {
         }
     }
 
-    #[test]
-    fn all_web_fetch_deny_patterns_compile() {
-        for p in WEB_FETCH_DENY_PATTERNS {
-            assert!(Regex::new(p).is_ok(), "Failed to compile: {}", p);
-        }
-    }
-
     #[test]
     fn bash_deny_substrings_not_empty() {
         assert!(!BASH_DENY_SUBSTRINGS.is_empty());
     }
 
-    #[test]
-    fn web_fetch_deny_substrings_not_empty() {
-        assert!(!WEB_FETCH_DENY_SUBSTRINGS.is_empty());
-    }
-
     #[test]
     fn sudo_pattern_matches() {
         let re = Regex::new(BASH_DENY_PATTERNS[0]).unwrap();
@@ -87,23 +54,4 @@ mod tests {
         assert!(!re.is_match("curl https://example.com -o file.txt"));
     }
 
-    #[test]
-    fn private_ip_patterns_match() {
-        let re10 = Regex::new(WEB_FETCH_DENY_PATTERNS[0]).unwrap();
-        assert!(re10.is_match("http://10.0.0.1/api"));
-        assert!(!re10.is_match("http://100.0.0.1/api"));
-
-        let re172 = Regex::new(WEB_FETCH_DENY_PATTERNS[1]).unwrap();
-        assert!(re172.is_match("http://172.16.0.1/api"));
-        assert!(re172.is_match("http://172.31.255.255"));
-        assert!(!re172.is_match("http://172.32.0.1/api"));
-
-        let re192 = Regex::new(WEB_FETCH_DENY_PATTERNS[2]).unwrap();
-        assert!(re192.is_match("http://192.168.1.1"));
-        assert!(!re192.is_match("http://192.169.1.1"));
-
-        let re127 = Regex::new(WEB_FETCH_DENY_PATTERNS[3]).unwrap();
-        assert!(re127.is_match("http://127.0.0.1/api"));
-        assert!(!re127.is_match("http://128.0.0.1/api"));
-    }
 }

crates/core/src/agent/tools/mod.rs

@@ -52,17 +52,14 @@ pub fn create_safe_tools(
         Box::new(MemorySearchTool::new(workspace.clone()))
     };
 
-    // Compile web_fetch filter with SSRF deny patterns
+    // Compile web_fetch filter from user config (SSRF protection is handled
+    // by validate_web_fetch_url() which does DNS-resolution-based IP checking)
     let web_fetch_filter = config
         .tools
         .filters
         .get("web_fetch")
         .map(CompiledToolFilter::compile)
-        .unwrap_or_else(|| Ok(CompiledToolFilter::permissive()))?
-        .merge_hardcoded(
-            hardcoded_filters::WEB_FETCH_DENY_SUBSTRINGS,
-            hardcoded_filters::WEB_FETCH_DENY_PATTERNS,
-        )?;
+        .unwrap_or_else(|| Ok(CompiledToolFilter::permissive()))?;
 
     let mut tools: Vec<Box<dyn Tool>> = vec![
         memory_search_tool,