ticket: approve plugin https host api

.yoi/tickets/00001KVFDX9AF/item.md

@@ -2,7 +2,7 @@
 title: 'Plugin: implement https host API for Tool runtime'
 state: 'inprogress'
 created_at: '2026-06-19T07:53:13Z'
-updated_at: '2026-06-19T15:29:45Z'
+updated_at: '2026-06-19T15:32:15Z'
 assignee: null
 readiness: 'implementation_ready'
 risk_flags: ['plugin', 'https', 'host-api', 'network', 'sandbox', 'secrets', 'permission-grants']

.yoi/tickets/00001KVFDX9AF/thread.md

@@ -538,3 +538,54 @@ Conclusion:
 - Implementation satisfies the recorded Ticket acceptance criteria and is ready for merge/validation in the Orchestrator worktree.
 
 ---
+
+<!-- event: review author: yoi-reviewer-00001KVFDX9AF-r2 at: 2026-06-19T15:32:15Z status: approve -->
+
+## Review: approve
+
+Review result: approve
+
+対象:
+- Ticket: `00001KVFDX9AF`
+- branch: `impl/00001KVFDX9AF-plugin-https-host-api`
+- commits:
+  - `7377527f` — `plugin: implement https host api`
+  - `85683f17` — `plugin: harden https target validation`
+
+No remaining blockers found.
+
+Evidence reviewed:
+- IPv4-mapped / compatible IPv6 bypass is closed.
+  - Host canonicalization strips IPv6 brackets before IP parsing via `normalize_host_literal` / `canonical_host`.
+  - `validate_static_https_target` parses canonical hosts as `IpAddr` and applies `validate_public_ip`.
+  - `is_forbidden_ipv6` delegates mapped/compatible embedded IPv4 addresses through `ipv6_embedded_ipv4`, then applies existing IPv4 private/loopback/link-local/broadcast/special checks.
+  - `ipv4_mapped_ipv6_targets_deny_before_network` covers `::ffff:127.0.0.1`, `::ffff:10.0.0.1`, `::ffff:169.254.169.254`, and compatible `::10.0.0.1`, with mock network call count asserted as zero.
+- DNS validation is bound to the reqwest connection path.
+  - `ReqwestPluginHttpsClient::execute` calls `resolve_https_target_for_client` before building the client.
+  - Hostname URLs resolve to `SocketAddr`s, reject empty/private/local answers, and return those exact validated addresses.
+  - reqwest builder pins each validated domain using `resolve_to_addrs(domain, &pinned_resolution.addrs)`, with no remaining separate unvalidated DNS lookup path visible in this implementation.
+  - IP-literal URLs skip DNS pinning only after static IP validation.
+- DNS tests are deterministic and meaningful at the unit boundary.
+  - `FakeHttpsResolver` avoids live DNS/network.
+  - `dns_resolution_is_pinned_to_validated_public_socket_addresses` verifies resolver input, returned pinned domains/addrs, and reqwest builder acceptance of `resolve_to_addrs`.
+  - `dns_resolution_rejects_private_addresses_before_client_build` verifies private DNS answers fail before client build/network dispatch.
+- Prior positives remain preserved.
+  - Grant checks happen before request validation/client dispatch in `execute_plugin_https_request`.
+  - WASM import validation checks `yoi:https` authorization before allowing the import.
+  - HTTPS-only, embedded-credential rejection, host/method/path allowlist, request/header/body bounds, response truncation, timeout, no redirects, `no_proxy()`, sensitive-header rejection/redaction, and ordinary Tool result flow remain present.
+  - Existing tests cover missing grant before network, disallowed host/method/scheme/private targets before network, timeout/redaction, response truncation, no network without HTTPS import, and ordinary Tool result path.
+
+Reviewer validation:
+- Static diff/code review and worktree status inspection.
+- Orchestrator-reported successful runs were reviewed:
+  - `cargo fmt --check`
+  - `cargo check -p pod -p manifest -p yoi`
+  - focused pod/manifest/yoi plugin tests
+  - `git diff --check`
+  - `nix build .#yoi --no-link`
+
+Conclusion:
+- Previous request_changes blockers are resolved.
+- Implementation satisfies the recorded Ticket acceptance criteria and is ready for merge/validation in the Orchestrator worktree.
+
+---