fix(buzz-acp): inject Codex network allowlist for relay hostname at spawn time#1287
Merged
Conversation
…pawn time Codex sandboxes MCP subprocesses behind a local proxy with a domain allowlist. When buzz-acp spawns codex-acp, buzz-cli (the MCP server) can't reach the relay because the relay hostname isn't in Codex's allowlist — requests are blocked before they reach WARP or any other outbound network path. Add codex_network_args() which parses the relay hostname from BUZZ_RELAY_URL and returns the -c flag pairs that enable Codex's network sandbox and allowlist that hostname. The flags are prepended to agent_args in Config::from_cli() so every spawn path (initial, respawn, refill) picks them up automatically without touching lib.rs. Handles ws://, wss://, http://, and https:// relay URL schemes. Port is stripped since Codex's domain allowlist matches on hostname only. No-op for non-Codex agents — goose, claude-agent-acp, buzz-agent, etc. are unaffected. Co-authored-by: Will Pfleger <pfleger.will@gmail.com> Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
Switch codex_network_args() from manual string splitting to url::Url::parse() for hostname extraction — handles ws://, wss://, http://, https:// correctly via the url crate, which is already a workspace dep. On parse failure, log a warning and return empty rather than panicking. Add tracing::debug! at injection time so version-coupling issues (e.g. a Codex update renaming the config key) are diagnosable without a full debug session. Update tests: schemeless strings and empty URLs now return empty (Url::parse rejects them) rather than extracting the raw string as host. Co-authored-by: Will Pfleger <pfleger.will@gmail.com> Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
The previous keys (network.enabled, network.allowed_domains) were validation error message strings from the permissions-profile network table, not top-level config keys. They would be silently ignored by Codex, leaving the relay request blocked. The correct keys map to NetworkProxyConfigToml in codex-acp's schema: - network_proxy.mode="full" enables the managed proxy for all traffic - network_proxy.domains."<host>"="allow" allowlists the relay host Update the function body, doc comment, and all 9 test assertions. Co-authored-by: Will Pfleger <pfleger.will@gmail.com> Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
Co-authored-by: Will Pfleger <pfleger.will@gmail.com> Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
tellaho
pushed a commit
that referenced
this pull request
Jun 25, 2026
…ebar * origin/main: fix(sidebar): non-selectable channel names + copy/leave context menu actions (#1260) fix(runtime): sweep node wrapper processes hosting managed agent shims (#1296) fix(buzz-agent): follow symlinks when discovering skill directories (#1295) chore: add grab-emoji.sh to register Slack emoji in Buzz (#1292) Fix cross-pod membership notification fanout (#1291) fix(buzz-acp): strengthen agent communication rules in base prompt (#1293) chore(release): release Buzz Desktop version 0.3.34 (#1289) feat(desktop): refresh Agents tab live on inbound relay sync (#1256) fix(buzz-acp): inject Codex network allowlist for relay hostname at spawn time (#1287) Co-authored-by: Taylor Ho <taylorkmho@gmail.com> Signed-off-by: Taylor Ho <taylorkmho@gmail.com> # Conflicts: # desktop/src-tauri/src/commands/agent_models.rs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Codex sandboxes MCP subprocesses (including
buzz-cli) behind a local proxy (127.0.0.1:3128) with a domain allowlist. Whenbuzz-acpspawnscodex-acp,buzz-clirequests to the relay are blocked before they reach WARP or any other outbound path — because the relay hostname isn't in Codex's allowlist.Fix
When
buzz-acpspawns a Codex agent, parse the relay hostname fromBUZZ_RELAY_URLand prepend-cflag pairs to the agent args that configure Codex's network proxy to allow that hostname:These keys map to
NetworkProxyConfigTomlin codex-acp's config schema —mode="full"enables the managed proxy for all outbound traffic, anddomainsis the per-hostname allowlist map.Implementation
crates/buzz-acp/src/config.rscodex_network_args(agent_command, relay_url) -> Vec<String>— usesurl::Url::parse()to extract the hostname (handlesws://,wss://,http://,https://; port stripped automatically). On parse failure, logs a warning and returns empty rather than panicking. Logstracing::debug!at injection time for version-coupling diagnosability.Config::from_cli(), prepend the result toagent_argsafternormalize_agent_args(). Single injection point — all spawn paths (initial, respawn, refill) pick up the flags automatically with no changes tolib.rs.urlcrate was already a workspace dep inbuzz-acp/Cargo.toml.Tests
9 unit tests covering:
wss://relay URL (production case — the failing scenario)ws://with port (local dev default)https://with pathhttp://with port and pathcodexcommand (not justcodex-acp)/usr/local/bin/codex-acp)Note on spike confirmation
The
network_proxykey format was confirmed via binary analysis ofcodex-acpv0.15.0 by Thufir —NetworkProxyConfigTomlstruct fields are visible in the binary. A live end-to-end session confirmation (relay request succeeds through the sandbox) has not been run. If that is a hard gate before merge, flag it.