fix: make grant additive + surface real enclave errors#4
Merged
Conversation
Two operational gotchas that cost real diagnosis time, fixed: #2 grant no longer clobbers the egress allowlist. T3 replaces allowedHosts on every agent-auth update, so grantEgress now unions new hosts with the previously-granted set (cached per tenant in .blindfold/egress-hosts.json) and sends the full list. `grant` prints the complete authorized set; `--replace` forces a reset. Verified: granting one new host keeps all prior hosts. #3 the proxy no longer hides enclave errors behind "internal proxy error". It now returns the real T3 failure as JSON — status, code, detail, request_id, and an actionable hint (egress_denied -> exact grant command; fuel_per_minute -> retry; secrets-ACL -> blindfold init; JSON-payload -> query-string params). Verified live against an ungranted host; granted-host happy path unchanged.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Fixes #2 and #3 from my improvement list — two operational gotchas that cost real diagnosis time this week (both hit firsthand).
#2 —
grantno longer clobbers the egress allowlistT3 replaces
allowedHostson every agent-auth update, so granting hosts one at a time silently dropped earlier ones (they'd start returningegress_deniedmid-session).grantEgressnow unions new hosts with the previously-granted set (cached per tenant in.blindfold/egress-hosts.json) and sends the full list.grantprints the complete authorized set;grant --replaceforces a reset.Verified: after seeding, granting
api.twilio.comalone →#3 — the proxy surfaces the real enclave error
Forward failures were swallowed as
internal proxy error(a generic 500), hiding the actual cause. The proxy now returns the real T3 error as JSON with an actionable hint.Verified (hitting an ungranted host):
{ "error": "blindfold_forward_failed", "status": 400, "code": "bad_request", "detail": "http::call: host/http.egress_denied: host 'api.anthropic.com' is not in the authorised_hosts allowlist", "request_id": "4d5fb1df-…", "hint": "Egress is not authorized for 'api.anthropic.com'. Run: blindfold grant --host api.anthropic.com …" }Hints cover egress_denied,
fuel_per_minute(rate limit), secrets-ACL, and JSON-payload. Granted-host happy path unchanged (github → 200).Notes
.blindfold/egress-hosts.jsonis gitignored. No secrets committed.Summary by cubic
Makes egress grants additive and surfaces real enclave errors with clear, actionable hints. Prevents dropped hosts during grants and replaces generic 500s with accurate statuses.
grantnow unions new hosts with the cached set per tenant (.blindfold/egress-hosts.json) and sends the full allowlist; prints the complete authorized set;--replaceresets.code,detail,request_id, and ahint; maps egress_denied (suggests exactgrant),fuel_per_minute(429/retry), secrets ACL (suggestsblindfold init), and JSON-payload issues (use query params).Written for commit f2db86d. Summary will update on new commits.