fix(comfy): allow private service hostnames#99065
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed July 2, 2026, 8:05 AM ET / 12:05 UTC. Summary PR surface: Source +26, Tests +169. Total +195 across 2 files. Reproducibility: yes. at source level: current main sets local Comfy private-network intent but drops non-private-looking hostnames before building the SSRF policy, so the shared guard blocks private DNS answers. I did not run the Docker Compose or live ComfyUI scenario in this read-only review. Review metrics: 1 noteworthy metric.
Stored data model Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land a scoped Comfy plugin SSRF fix only after redacted real Comfy/Docker service-host proof and maintainer/security acceptance; link the PR to #77922 if it is intended to close that broader DNS-hostname bug. Do we have a high-confidence way to reproduce the issue? Yes at source level: current main sets local Comfy private-network intent but drops non-private-looking hostnames before building the SSRF policy, so the shared guard blocks private DNS answers. I did not run the Docker Compose or live ComfyUI scenario in this read-only review. Is this the best way to solve the issue? Yes as a bounded PR direction, with a remaining maintainer decision: the patch is more conservative than the older closed PR by exact-trusting local single-label hostnames and requiring explicit opt-in for public-looking FQDNs. It should not merge until live proof and the intended relationship to #77922 are clear. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 4f933ccf7b62. Label changesLabel justifications:
Evidence reviewedPR surface: Source +26, Tests +169. Total +195 across 2 files. View PR surface stats
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
Summary
http://comfyui:8188because the provider only built its private-network SSRF policy when the hostname already looked private before DNS.allowPrivateNetwork: trueis explicit.resolveComfyNetworkPolicy().Linked context
No GitHub issue found in the handoff.
Related local handoff: OpenClaw ComfyUI SSRF guard fix summary.
Requested by a maintainer/user through the handoff for the myagents Comfy provider setup.
Real behavior proof (required for external PRs)
node scripts/run-vitest.mjs extensions/comfy/image-generation-provider.test.tsnode scripts/run-vitest.mjs extensions/comfyenv OPENCLAW_CHECK_CHANGED_REMOTE_CHILD=1 OPENCLAW_CHANGED_LANES_RAW_SYNC=1 node scripts/check-changed.mjs --base upstream/main --head HEAD --timed.agents/skills/autoreview/scripts/autoreview --mode local --base origin/maingit diff --checkextensionsandextensionTests; final autoreview againstupstream/mainreported no accepted/actionable findings.http://comfyui:8188in local mode receives exact-host trust without the dangerous private-network flag, local public-looking FQDNs stay strict by default, cloud mode stays strict unless explicitly opted in, explicit cloud opt-in receivesallowPrivateNetwork: true, and cloud output redirects do not inherit the Comfy private-network policy.blacksmithCLI is unavailable; Azure Crabbox fallback also could not run because Azure CLI/login is unavailable. The local changed gate was run with an explicit upstream base instead.Blocked: resolves to private/internal/special-use IP addressfortargetOrigin=http://comfyui:8188.Tests and validation
Commands run:
git diff --checknode scripts/run-vitest.mjs extensions/comfy/image-generation-provider.test.tsnode scripts/run-vitest.mjs extensions/comfynode scripts/run-oxlint.mjs extensions/comfy/workflow-runtime.ts extensions/comfy/image-generation-provider.test.tsenv OPENCLAW_CHECK_CHANGED_REMOTE_CHILD=1 OPENCLAW_CHANGED_LANES_RAW_SYNC=1 node scripts/check-changed.mjs --base upstream/main --head HEAD --timed.agents/skills/autoreview/scripts/autoreview --mode local --base origin/mainRegression coverage added:
allowPrivateNetwork: true.Known failure before this fix:
http://comfyui:8188did not get an SSRF policy becausecomfyuiis not an IP literal orlocalhost, so the shared fetch guard blocked it after DNS resolved it to the Compose private network.Risk checklist
Did user-visible behavior change?
YesDid config, environment, or migration behavior change?
NoDid security, auth, secrets, network, or tool execution behavior change?
YesHighest-risk area: SSRF policy construction for Comfy provider network calls.
Risk mitigation: implicit service-discovery hostnames use exact-host trust so the shared SSRF guard still blocks link-local/metadata DNS answers; the dangerous private-network flag is reserved for private/loopback literals or explicit operator opt-in; public-looking FQDNs require explicit
allowPrivateNetwork: true; cloud redirect downloads do not inherit the Comfy private-network policy.Current review state
Next action: maintainer review and CI.
Still waiting on: PR CI and optional live Docker Compose/ComfyUI proof if reviewers want product-level confirmation.
Bot/reviewer comments addressed: local autoreview initially flagged an overly broad trust change; the patch was tightened and autoreview reran clean.