Skip to content

Launch managed network proxies on remote executors#33906

Merged
copyberry[bot] merged 1 commit into
mainfrom
copyberry/codex-internal-to-codex-oss/c984f54e3e600aa9ebcbf8cf4574046e2c199d11
Jul 17, 2026
Merged

Launch managed network proxies on remote executors#33906
copyberry[bot] merged 1 commit into
mainfrom
copyberry/codex-internal-to-codex-oss/c984f54e3e600aa9ebcbf8cf4574046e2c199d11

Conversation

@copyberry

@copyberry copyberry Bot commented Jul 17, 2026

Copy link
Copy Markdown

Launch managed network proxies on remote executors

Why

Remote executions need managed-network proxy listeners in the executor so their
loopback proxy addresses are reachable by the launched process.

What changed

  • Add a capability-gated exec-server protocol field for executor-local proxy
    launch configuration, including network policy, audit metadata, and execution
    attribution.
  • Start the proxy while preparing a remote process, replace inherited proxy
    environment variables with its local addresses, and derive the sandbox
    context from its listeners.
  • Keep the proxy alive until inherited output streams close, then shut it down.
  • Reject unsupported remote settings such as MITM and credential injection.

Testing

  • Cover configuration round trips and rejection of unsupported settings.
  • Verify executor-local startup, blocked-domain enforcement, protocol
    compatibility, and proxy lifetime through process closure.

## Why

Remote executions need managed-network proxy listeners in the executor so their
loopback proxy addresses are reachable by the launched process.

## What changed

- Add a capability-gated exec-server protocol field for executor-local proxy
  launch configuration, including network policy, audit metadata, and execution
  attribution.
- Start the proxy while preparing a remote process, replace inherited proxy
  environment variables with its local addresses, and derive the sandbox
  context from its listeners.
- Keep the proxy alive until inherited output streams close, then shut it down.
- Reject unsupported remote settings such as MITM and credential injection.

## Testing

- Cover configuration round trips and rejection of unsupported settings.
- Verify executor-local startup, blocked-domain enforcement, protocol
  compatibility, and proxy lifetime through process closure.

GitOrigin-RevId: c984f54e3e600aa9ebcbf8cf4574046e2c199d11
@copyberry
copyberry Bot force-pushed the copyberry/codex-internal-to-codex-oss/c984f54e3e600aa9ebcbf8cf4574046e2c199d11 branch from c54b0c8 to 9f6c29e Compare July 17, 2026 21:20
@copyberry
copyberry Bot merged commit 9f6c29e into main Jul 17, 2026
14 of 32 checks passed
@copyberry
copyberry Bot deleted the copyberry/codex-internal-to-codex-oss/c984f54e3e600aa9ebcbf8cf4574046e2c199d11 branch July 17, 2026 21:22
@github-actions github-actions Bot locked and limited conversation to collaborators Jul 17, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant