/**
 * @license
 * Copyright 2026 Steven Roussey <sroussey@gmail.com>
 * SPDX-License-Identifier: Apache-2.0
 */
/**
 * fetch() restricted to STRICTLY-LOOPBACK hosts on EVERY hop. These AI server
 * clients only ever talk to a backend on the same host, so a broad "local"
 * allow-list (which includes RFC 1918 and the `169.254.169.254` cloud-metadata
 * address) is wider than needed and is itself an SSRF vector. This wrapper
 * therefore enforces loopback-only on:
 *   - the initial `input` URL, validated defensively BEFORE any network call
 *     (a bad initial URL throws with zero fetches issued); and
 *   - every redirect `Location`, resolved against the current URL and
 *     re-validated, closing the redirect-based SSRF bypass left by
 *     base-URL-only validation.
 *
 * Only standard redirect codes (301/302/303/307/308) are followed; other 3xx
 * responses are returned unchanged. The final Response is returned untouched
 * so streaming consumers are unaffected.
 */
export declare function localOnlyFetch(input: string, init?: RequestInit, label?: string): Promise<Response>;
//# sourceMappingURL=localOnlyFetch.d.ts.map