Public Access for uAgents Endpoints

[cmaliwal]

Prerequisites

• I checked the documentation and made sure this feature does not already exist
• I checked the existing issues to make sure this feature has not already been requested

Feature

Currently, uAgents restrict REST API access to localhost, which limits usability in scenarios where public access is needed (e.g., testing with ngrok or Cloudflare). I suggest introducing a configurable option to allow public access for agent endpoints.

Additional Information (Optional)

No response

[Archento]

Hi @cmaliwal, thanks for raising this issue.

I've checked the codebase and can confirm that an agent that exposes a REST endpoint will only be reachable from the same machine, i.e. "localhost".

The intention was that these REST endpoints would primarily be used to trigger certain behaviour inside the agent or provide access to ephemeral information like cached variables etc.
In cases where you'll want to trigger agent behaviour from an outside network it is still possible to set up a frontend / server on the same machine as the agent and expose that via a browser. This use-case is what we were encountering the most during events and hackathons: An agent running in the background and a frontend for humans to interact with.
For autonomous communication between machines where no human is involved we would still recommend to use agent to agent communication.

If this answers your question feel free to close the issue, otherwise please explain your use-case in more detail so that we can design potential new features around that.
Thanks!

[devjsc]

I'm not sure I agree with this decision - agents will need to stand on their own in the world and sometimes they'll need to be restful - I think we should allow incoming messages from any host, or at least give the dev the ability to specify 👍

[Dacksus]

For traceability: We're investigating implementing a whitelisting approach for the agent's REST endpoints to make this configurable, but require that a developer is knowing what they're doing, because it definitely is not the intention of the uagents framework and contradicting some of the key design elements for the uagents framework to open it up completely

[Archento]

Since #612 has been merged this issue can be closed.
Instead of whitelisting specific addresses we allow access to all REST API endpoints from all sources. Excluded are endpoints that are reserved for the inspector or framework internal purposes.