Skip to content

fix(buzz-acp): inject Codex network allowlist for relay hostname at spawn time#1287

Merged
wpfleger96 merged 4 commits into
mainfrom
duncan/codex-network-allowlist
Jun 25, 2026
Merged

fix(buzz-acp): inject Codex network allowlist for relay hostname at spawn time#1287
wpfleger96 merged 4 commits into
mainfrom
duncan/codex-network-allowlist

Conversation

@wpfleger96

@wpfleger96 wpfleger96 commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

Problem

Codex sandboxes MCP subprocesses (including buzz-cli) behind a local proxy (127.0.0.1:3128) with a domain allowlist. When buzz-acp spawns codex-acp, buzz-cli requests to the relay are blocked before they reach WARP or any other outbound path — because the relay hostname isn't in Codex's allowlist.

{"error":"network_error","message":"network error: error sending request for url (https://sprout-oss.stage.blox.sqprod.co/query)"}

Fix

When buzz-acp spawns a Codex agent, parse the relay hostname from BUZZ_RELAY_URL and prepend -c flag pairs to the agent args that configure Codex's network proxy to allow that hostname:

-c network_proxy.mode="full"
-c network_proxy.domains."<host>"="allow"

These keys map to NetworkProxyConfigToml in codex-acp's config schema — mode="full" enables the managed proxy for all outbound traffic, and domains is the per-hostname allowlist map.

Implementation

crates/buzz-acp/src/config.rs

  • Add codex_network_args(agent_command, relay_url) -> Vec<String> — uses url::Url::parse() to extract the hostname (handles ws://, wss://, http://, https://; port stripped automatically). On parse failure, logs a warning and returns empty rather than panicking. Logs tracing::debug! at injection time for version-coupling diagnosability.
  • In Config::from_cli(), prepend the result to agent_args after normalize_agent_args(). Single injection point — all spawn paths (initial, respawn, refill) pick up the flags automatically with no changes to lib.rs.
  • No new dependencies — url crate was already a workspace dep in buzz-acp/Cargo.toml.

Tests

9 unit tests covering:

  • wss:// relay URL (production case — the failing scenario)
  • ws:// with port (local dev default)
  • https:// with path
  • http:// with port and path
  • Bare codex command (not just codex-acp)
  • Full path command (/usr/local/bin/codex-acp)
  • Non-Codex agents return empty (goose, claude-agent-acp, buzz-agent)
  • Empty relay URL returns empty (parse failure → graceful skip)
  • Schemeless string returns empty (parse failure → graceful skip)

Note on spike confirmation

The network_proxy key format was confirmed via binary analysis of codex-acp v0.15.0 by Thufir — NetworkProxyConfigToml struct fields are visible in the binary. A live end-to-end session confirmation (relay request succeeds through the sandbox) has not been run. If that is a hard gate before merge, flag it.

npub1mn7jgtj4w2pd0g0zeuhxsa6jy6p0rewxz4kujt98my82ahfmp72sxjexk7 and others added 4 commits June 25, 2026 13:29
…pawn time

Codex sandboxes MCP subprocesses behind a local proxy with a domain
allowlist. When buzz-acp spawns codex-acp, buzz-cli (the MCP server)
can't reach the relay because the relay hostname isn't in Codex's
allowlist — requests are blocked before they reach WARP or any other
outbound network path.

Add codex_network_args() which parses the relay hostname from
BUZZ_RELAY_URL and returns the -c flag pairs that enable Codex's
network sandbox and allowlist that hostname. The flags are prepended
to agent_args in Config::from_cli() so every spawn path (initial,
respawn, refill) picks them up automatically without touching lib.rs.

Handles ws://, wss://, http://, and https:// relay URL schemes. Port
is stripped since Codex's domain allowlist matches on hostname only.
No-op for non-Codex agents — goose, claude-agent-acp, buzz-agent, etc.
are unaffected.

Co-authored-by: Will Pfleger <pfleger.will@gmail.com>
Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
Switch codex_network_args() from manual string splitting to
url::Url::parse() for hostname extraction — handles ws://, wss://,
http://, https:// correctly via the url crate, which is already a
workspace dep. On parse failure, log a warning and return empty rather
than panicking.

Add tracing::debug! at injection time so version-coupling issues
(e.g. a Codex update renaming the config key) are diagnosable without
a full debug session.

Update tests: schemeless strings and empty URLs now return empty
(Url::parse rejects them) rather than extracting the raw string as host.

Co-authored-by: Will Pfleger <pfleger.will@gmail.com>
Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
The previous keys (network.enabled, network.allowed_domains) were
validation error message strings from the permissions-profile network
table, not top-level config keys. They would be silently ignored by
Codex, leaving the relay request blocked.

The correct keys map to NetworkProxyConfigToml in codex-acp's schema:
- network_proxy.mode="full" enables the managed proxy for all traffic
- network_proxy.domains."<host>"="allow" allowlists the relay host

Update the function body, doc comment, and all 9 test assertions.

Co-authored-by: Will Pfleger <pfleger.will@gmail.com>
Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
Co-authored-by: Will Pfleger <pfleger.will@gmail.com>
Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
@wpfleger96 wpfleger96 merged commit 0379247 into main Jun 25, 2026
28 checks passed
@wpfleger96 wpfleger96 deleted the duncan/codex-network-allowlist branch June 25, 2026 17:59
tellaho pushed a commit that referenced this pull request Jun 25, 2026
…ebar

* origin/main:
  fix(sidebar): non-selectable channel names + copy/leave context menu actions (#1260)
  fix(runtime): sweep node wrapper processes hosting managed agent shims (#1296)
  fix(buzz-agent): follow symlinks when discovering skill directories (#1295)
  chore: add grab-emoji.sh to register Slack emoji in Buzz (#1292)
  Fix cross-pod membership notification fanout (#1291)
  fix(buzz-acp): strengthen agent communication rules in base prompt (#1293)
  chore(release): release Buzz Desktop version 0.3.34 (#1289)
  feat(desktop): refresh Agents tab live on inbound relay sync (#1256)
  fix(buzz-acp): inject Codex network allowlist for relay hostname at spawn time (#1287)

Co-authored-by: Taylor Ho <taylorkmho@gmail.com>
Signed-off-by: Taylor Ho <taylorkmho@gmail.com>

# Conflicts:
#	desktop/src-tauri/src/commands/agent_models.rs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant