fix(sandbox): Route forwarded provider egress#369
Merged
Conversation
Use Vercel Sandbox forwarded request headers as the credential egress boundary instead of routing provider traffic through a path-carried sandbox id. The proxy now verifies the sandbox OIDC token, uses its sandbox_id for the command-scoped egress session, and reconstructs upstream requests from forwarded host metadata plus the original path. Update the egress tests and specs to match the forwarded-request contract. Fixes #366 Co-authored-by: GPT-5 Codex <codex@openai.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Drop the unused helper that described the old route-bound egress check. The proxy now uses the verified Vercel Sandbox OIDC sandbox_id as the active egress session key, so keeping the old helper made the security model look split across two paths. Refs GH-366 Co-Authored-By: GPT-5 Codex <codex@openai.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Route sandbox provider egress through Junior’s forwarded-request handler instead of a path-specific internal route. Vercel Sandbox preserves the upstream path, so provider API calls now reach the proxy before normal app routes and use the signed sandbox OIDC claim to find the command-scoped credential session.
Forwarded Request Handling
The sandbox network policy forwards declared provider domains to the app root. The egress handler verifies Vercel OIDC, derives the session from
sandbox_id, reconstructs the upstream URL from forwarded metadata and the original path, and applies existing provider header transforms.Contracts
Update sandbox egress tests and credential policy docs to remove the route-carried sandbox id assumption.
Fixes #366