chore: update progress for US-110

Author: NathanFlurry

scripts/ralph/prd.json

@@ -1992,7 +1992,7 @@
         "Tests pass"
       ],
       "priority": 118,
-      "passes": false,
+      "passes": true,
       "notes": "Audit H6 — HIGH. permissions.ts:228-234, node/driver.ts:241-278. Permission checks validate the original URL but fetch follows redirects by default. A URL that 302-redirects to http://169.254.169.254/ passes the check."
     },
     {

scripts/ralph/progress.txt

@@ -106,6 +106,7 @@ PRD: ralph/kernel-hardening (46 stories)
 - NodeExecutionDriver split into 5 modules in src/node/: isolate-bootstrap.ts (types+utilities), module-resolver.ts, esm-compiler.ts, bridge-setup.ts, execution-lifecycle.ts; facade is execution-driver.ts (<300 lines)
 - Source policy tests (isolate-runtime-injection-policy, bridge-registry-policy) read specific source files by path — update them when moving code between files
 - esmModuleCache has a sibling esmModuleReverseCache (Map<ivm.Module, string>) for O(1) module→path lookup — both must be updated together and cleared together in execution.ts
+- Network adapter SSRF: isPrivateIp() + assertNotPrivateHost() in driver.ts; fetch uses redirect:'manual' with per-hop re-validation; httpRequest has pre-flight check only (no auto-redirect); data:/blob: URLs skip SSRF check
 
 ---
 
@@ -1497,3 +1498,19 @@ PRD: ralph/kernel-hardening (46 stories)
   - Mock command executor pattern (createCapturingExecutor) captures spawn args/env without needing real child processes — useful for bridge-level security tests
   - filterEnv in permissions.ts is permission-based filtering; dangerous env var stripping is a separate concern applied at the bridge boundary
 ---
+
+## 2026-03-18 - US-110
+- What was implemented: SSRF protection for network adapter — blocks requests to private/reserved IP ranges and re-validates redirect targets
+- Files changed:
+  - packages/secure-exec-node/src/driver.ts — added isPrivateIp(), assertNotPrivateHost(), MAX_REDIRECTS; modified fetch() to use redirect:'manual' with re-validation; modified httpRequest() with pre-flight IP check
+  - packages/secure-exec-node/src/index.ts — exported isPrivateIp
+  - packages/secure-exec/src/node/driver.ts — re-exported isPrivateIp
+  - packages/secure-exec/tests/runtime-driver/node/ssrf-protection.test.ts — new test file with 37 tests
+- **Learnings for future iterations:**
+  - isPrivateIp must handle IPv4-mapped IPv6 (::ffff:a.b.c.d) by stripping the prefix before checking
+  - assertNotPrivateHost must skip non-network URL schemes (data:, blob:) — existing test suite uses data: URLs
+  - fetch redirect following uses redirect:'manual' and manually follows up to 20 hops, re-validating each target URL against the private IP blocklist
+  - httpRequest (node http module) doesn't follow redirects by default, so only pre-flight check needed
+  - DNS rebinding is documented as a known limitation — would require pinning resolved IPs to the connection, not possible with native fetch
+  - 5 pre-existing test failures in index.test.ts (http.Agent, upgrade, server termination) are NOT caused by SSRF changes — they fail identically on the pre-SSRF commit
+---