web.fetch - HASP

web.fetch fetches readable text content from a specific URL. It returns the extracted page text, title, content hash, and metadata. Use it when the model needs the full content of a known page rather than a ranked search snippet.

PHI enforcement

The URL and any query context are scanned before the fetch executes. The retrieval-specific behavior is controlled by your org’s phi_retrieval_behavior setting: redact (default) strips PHI before the fetch proceeds; block rejects the tool call entirely if PHI is detected. External providers never receive PHI under any circumstance.

Billing

2 AI Credits flat surcharge per call, debited on provider success.
Normal input-token cost applies to the injected extractedText content.

The surcharge is only charged when the provider returns a successful response. No charge is applied for failed fetches, timeouts, or PHI-blocked calls.

Limits

Constraint	Value
Timeout	10 seconds
Max response size	2 MB
JavaScript rendering	Not supported (V1)
`robots.txt`	Honored — disallowed URLs return `FETCH_DISALLOWED`

Pages that exceed the 2 MB limit are truncated to fit. The contentHash field reflects the hash of the full fetched content before truncation.

Input parameters

Parameter	Type	Required	Description
`url`	string	Yes	The URL to fetch. Must be an absolute `https://` URL.
`conversationId`	string	No	Correlation context. Passed automatically by HASP in chat sessions.

Output fields

Field	Type	Description
`finalUrl`	string	URL after any redirects.
`statusCode`	integer	HTTP status code returned by the origin.
`pageTitle`	string \| null	Extracted page title; `null` if not present.
`extractedText`	string	Readable text content extracted from the page.
`contentHash`	string	SHA-256 hex digest of the full fetched content (pre-truncation).
`retrievedTimestamp`	string	ISO 8601 timestamp of retrieval.

Example

Tool call emitted by the model:

{
  "type": "tool_use",
  "name": "web.fetch",
  "input": {
    "url": "https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html"
  }
}

Result injected into context:

{
  "type": "tool_result",
  "name": "web.fetch",
  "result": {
    "finalUrl": "https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html",
    "statusCode": 200,
    "pageTitle": "Breach Notification Rule | HHS.gov",
    "extractedText": "The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Covered entities must provide notification without unreasonable delay and in no case later than 60 days following discovery of a breach...",
    "contentHash": "a3f2c1d9e4b87654321abcdef0123456789abcdef0123456789abcdef01234567",
    "retrievedTimestamp": "2026-05-16T14:23:44Z"
  }
}

Error codes

Code	Description
`RETRIEVAL_DISABLED`	Web retrieval is not enabled for this org.
`RETRIEVAL_PHI_BLOCKED`	PHI was detected in the URL or context and `phi_retrieval_behavior=block` is set.
`FETCH_DISALLOWED`	The URL is disallowed by the origin’s `robots.txt`.
`FETCH_TIMEOUT`	The origin did not respond within the 10-second timeout.

See Errors for the full error envelope shape.

​PHI enforcement

​Billing

​Limits

​Input parameters

​Output fields

​Example

​Error codes