feature: reuse skill-scoped managed network proxies for skill scripts

[celia-oai]

Summary

This follows up the managed-network override work for skills by wiring those overrides into shell execution. Before this change, skill scripts still reused the session-level managed network proxy, so per-skill allow/deny domain overrides were not applied through a dedicated proxy.

• add NetworkProxySpec helpers to apply managed_network_override settings and derive a normalized cache key so equivalent specs reuse the same proxy
• introduce a shared SkillNetworkProxyCache in session services and thread it through session and subagent construction
• update unix escalation to resolve the owning skill for a script, start or reuse the matching shared proxy, and fall back to the session proxy when no skill override applies
• add unit coverage for partial override replacement and normalized cache-key reuse

Related:

• Follow-up to feat: support skill-scoped managed network domain overrides in skill config #14522

Testing

tested with a skill that executes fetch_example.sh which fetches from www.example.com.

case 1

with the following skill permission:

permissions:
  network:
    enabled: true

result:

"aggregatedOutput": "\nHTTP_STATUS:000\ncurl: (56) CONNECT tunnel failed, response 403\n",

That's because the program uses the allowed_domain of the default network proxy and www.example.com is not in the allowed_domain.

case 2

with the following permission:

permissions:
  network:
    enabled: true
    allowed_domains:
      - "www.example.com"

result:

<       "aggregatedOutput": "pyenv: cannot rehash: /Users/celia/.pyenv/shims isn't writable\n<!doctype html><html lang=\"en\"><head><title>Example Domain</title><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"><style>body{background:#eee;width:60vw;margin:15vh auto;font-family:system-ui,sans-serif}h1{font-size:1.5em}div{opacity:0.8}a:link,a:visited{color:#348}</style></head><body><div><h1>Example Domain</h1><p>This domain is for use in documentation examples without needing permission. Avoid use in operations.</p><p><a href=\"https://iana.org/domains/example\">Learn more</a></p></div></body></html>\n\nHTTP_STATUS:200\n",

fetched the website correctly.

[bolinfest]

This is why we really need this to be a map rather than a list.

[bolinfest]

Why not just use a regular struct for this and rely on #[derive(Eq, Hash)]? Though you will need a constructor like shared_skill_proxy_key() that ensures the fields are sorted when this is constructed.

Or if you want to distill it down to a single value, why not use sha2::Digest instead of an arbitrarily long String?

[bolinfest]

When is this None?

[bolinfest]

If it's only None in tests, then ideally we would use a dummy Session or something so the business logic doesn't have to deal with the None case.

[bolinfest]

I think you can collapse these ifs such that Ok(self.network.clone()) only appears once?

[bolinfest]

Why shouldn't this be available on Windows? I thought what we have is cross-platform?

[celia-oai]

this is not not available on windows, it's not called because only unix_escalation path hits it

[bolinfest]

Can we find a way to represent this so that we do not have to await while holding the mutex for proxies?

[github-actions]

Closing this pull request because it has had no updates for more than 14 days. If you plan to continue working on it, feel free to reopen or open a new PR.