From a83b302236ec4d86f666fe3ebbf58487cfe0c82e Mon Sep 17 00:00:00 2001
From: Olmo Maldonado <olmo@braintrust.dev>
Date: Wed, 3 Jun 2026 14:19:39 -0700
Subject: [PATCH] add url security env vars

---
 braintrust/templates/api-configmap.yaml  | 15 ++++++++
 braintrust/tests/api-configmap_test.yaml | 44 ++++++++++++++++++++++++
 braintrust/values.yaml                   | 14 ++++++++
 3 files changed, 73 insertions(+)

diff --git a/braintrust/templates/api-configmap.yaml b/braintrust/templates/api-configmap.yaml
index 25c91d1..3c62174 100644
--- a/braintrust/templates/api-configmap.yaml
+++ b/braintrust/templates/api-configmap.yaml
@@ -1,3 +1,9 @@
+{{- $unsafeUrlRequestMode := .Values.api.unsafeUrlRequestMode | default "" | toString | trim -}}
+{{- if not (has $unsafeUrlRequestMode (list "" "off" "warn" "reject")) -}}
+{{- fail "api.unsafeUrlRequestMode must be empty or one of: off, warn, reject." -}}
+{{- end -}}
+{{- $urlSecurityDnsServers := .Values.api.urlSecurityDnsServers | default "" | toString | trim -}}
+{{- $urlSecurityAllowCidrs := .Values.api.urlSecurityAllowCidrs | default "" | toString | trim -}}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -55,6 +61,15 @@ data:
   INSERT_LOGS2: "true"
   ALLOW_INVALID_BASE64: {{ .Values.api.allowInvalidBase64 | default "false" | quote }}
   NODE_MEMORY_PERCENT: {{ .Values.api.nodeMemoryPercent | default "80" | quote }}
+  {{- with $unsafeUrlRequestMode }}
+  BRAINTRUST_UNSAFE_URL_REQUEST_MODE: {{ . | quote }}
+  {{- end }}
+  {{- with $urlSecurityDnsServers }}
+  BRAINTRUST_URL_SECURITY_DNS_SERVERS: {{ . | quote }}
+  {{- end }}
+  {{- with $urlSecurityAllowCidrs }}
+  BRAINTRUST_URL_SECURITY_ALLOW_CIDRS: {{ . | quote }}
+  {{- end }}
   {{- if .Values.brainstoreWalFooterVersion }}
   BRAINSTORE_WAL_FOOTER_VERSION: {{ .Values.brainstoreWalFooterVersion | quote }}
   {{- end }}
diff --git a/braintrust/tests/api-configmap_test.yaml b/braintrust/tests/api-configmap_test.yaml
index 4c156a1..088c31b 100644
--- a/braintrust/tests/api-configmap_test.yaml
+++ b/braintrust/tests/api-configmap_test.yaml
@@ -23,6 +23,50 @@ tests:
           path: data.BRAINSTORE_DEFAULT
           value: "force"
 
+  - it: should omit URL security env vars when unset
+    values:
+      - __fixtures__/base-values.yaml
+    release:
+      namespace: "braintrust"
+    asserts:
+      - isNull:
+          path: data.BRAINTRUST_UNSAFE_URL_REQUEST_MODE
+      - isNull:
+          path: data.BRAINTRUST_URL_SECURITY_DNS_SERVERS
+      - isNull:
+          path: data.BRAINTRUST_URL_SECURITY_ALLOW_CIDRS
+
+  - it: should include URL security env vars when configured
+    values:
+      - __fixtures__/base-values.yaml
+    set:
+      api.unsafeUrlRequestMode: " reject "
+      api.urlSecurityDnsServers: " 1.1.1.1,8.8.8.8 "
+      api.urlSecurityAllowCidrs: " 10.0.0.0/8,192.168.0.0/16 "
+    release:
+      namespace: "braintrust"
+    asserts:
+      - equal:
+          path: data.BRAINTRUST_UNSAFE_URL_REQUEST_MODE
+          value: "reject"
+      - equal:
+          path: data.BRAINTRUST_URL_SECURITY_DNS_SERVERS
+          value: "1.1.1.1,8.8.8.8"
+      - equal:
+          path: data.BRAINTRUST_URL_SECURITY_ALLOW_CIDRS
+          value: "10.0.0.0/8,192.168.0.0/16"
+
+  - it: should reject invalid URL request mode
+    values:
+      - __fixtures__/base-values.yaml
+    set:
+      api.unsafeUrlRequestMode: "block"
+    release:
+      namespace: "braintrust"
+    asserts:
+      - failedTemplate:
+          errorMessage: "api.unsafeUrlRequestMode must be empty or one of: off, warn, reject."
+
   - it: should use correct namespace from helper when createNamespace is false
     values:
       - __fixtures__/base-values.yaml
diff --git a/braintrust/values.yaml b/braintrust/values.yaml
index 0e22064..853cb24 100644
--- a/braintrust/values.yaml
+++ b/braintrust/values.yaml
@@ -126,6 +126,20 @@ api:
   backfillDisableNonhistorical: false
   allowInvalidBase64: false  # By default, we will error on invalid base64 strings. Setting this to true will allow invalid base64 strings to be processed.
   nodeMemoryPercent: "80"
+  # Controls how Braintrust backends handle outbound requests to user-supplied URLs
+  # that fail URL-security checks, such as URLs resolving to private or reserved IP
+  # ranges. Use "off" to allow, "warn" to allow with warnings, or "reject" to block.
+  # Leave empty to use the application default of "warn".
+  unsafeUrlRequestMode: ""
+  # Comma-separated DNS resolver IP addresses Braintrust backends should query when
+  # checking user-supplied URLs. Set this to force URL-security validation through
+  # trusted resolvers, such as VNet or corporate DNS, before falling back to the host
+  # resolver. Leave empty to use the application default resolver behavior.
+  urlSecurityDnsServers: ""
+  # Optional comma-separated CIDR ranges that Braintrust backend URL-security
+  # validation may allow even if private or reserved. Hard-blocked metadata,
+  # link-local, multicast, unspecified, and future-use ranges remain blocked.
+  urlSecurityAllowCidrs: ""
   extraEnvVars:
     # Example:
     # - name: MY_ENV_VAR