Add opt-in container proxy configuration (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY, NO_PROXY)#3
Draft
Add opt-in container proxy configuration (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY, NO_PROXY)#3
Conversation
…tion Add support for HTTP_PROXY, HTTPS_PROXY, ALL_PROXY, and NO_PROXY environment variables in the .env file. These are passed through to sandbox containers via --env-file, allowing users behind a local proxy (e.g. Clash on macOS with Podman) to configure container networking. The feature is fully opt-in: all proxy fields default to empty, and most users who don't use a proxy are unaffected. Changes: - envconfig: add proxy fields to Config, Updates, knownKeys, Parse, Update - handler/env: expose proxy fields in GET/PUT /api/env - ui: add Container Proxy section in Settings > Sandbox tab - tests: add backend and frontend tests for proxy parsing and updates - docs: document proxy configuration in configuration.md and CLAUDE.md Agent-Logs-Url: https://github.com/changkun/wallfacer/sessions/9519024a-d840-4a0a-afd1-7114637b283e Co-authored-by: changkun <5498964+changkun@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix Codex test failure behind Clash local proxy on macOS
Add opt-in container proxy configuration (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY, NO_PROXY)
Apr 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sandbox containers behind a local proxy (e.g. Clash on macOS + Podman) can't reach external APIs because they don't inherit host proxy settings. The container's loopback (
127.0.0.1) isn't the host's loopback, so users must explicitly configurehost.containers.internalas the proxy host.This adds first-class support for
HTTP_PROXY,HTTPS_PROXY,ALL_PROXY, andNO_PROXYin~/.wallfacer/.env. These flow into containers via the existing--env-filemechanism — no container launch changes needed. All fields default to empty; users without a proxy are unaffected.Backend
internal/envconfig: add proxy fields toConfig,Updates,knownKeys,Parse(),Update()internal/handler/env.go: expose proxy fields inGET /PUT /api/envresponse/request structsFrontend
Docs
docs/guide/configuration.md: new "Container Proxy" reference section with env var tableAGENTS.md: list proxy vars in the optional env vars sectionTests
envconfig_test.go: parse, parse-absent, and update+clear round-trip for all proxy fieldsenvconfig-coverage.test.js:buildSaveEnvPayloadwith proxy fields set and emptyWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
api.anthropic.com/tmp/go-build3333224444/b277/handler.test /tmp/go-build3333224444/b277/handler.test -test.testlogfile=/tmp/go-build3333224444/b277/testlog.txt -test.paniconexit0 -test.timeout=10m0s -l -git_directory_rtest@example.com t Codex708121876/002/podman 2034949/b192/vetgit-receive-pack t iptables Codex708121876/002/podman -c ote649968917/002 /home/REDACTED/go/pkg/mod/golang.o-ifaceassert /home/REDACTED/go/pkg/mod/golang.o-nilfunc -bool t cal/bin/sh /home/REDACTED/go/rev-parse(dns block)api.openai.com/tmp/go-build3333224444/b277/handler.test /tmp/go-build3333224444/b277/handler.test -test.testlogfile=/tmp/go-build3333224444/b277/testlog.txt -test.paniconexit0 -test.timeout=10m0s -l -git_directory_rtest@example.com t Codex708121876/002/podman 2034949/b192/vetgit-receive-pack t iptables Codex708121876/002/podman -c ote649968917/002 /home/REDACTED/go/pkg/mod/golang.o-ifaceassert /home/REDACTED/go/pkg/mod/golang.o-nilfunc -bool t cal/bin/sh /home/REDACTED/go/rev-parse(dns block)https://api.github.com/repos/latere-ai/images/releases/latest/usr/bin/curl curl -sf REDACTED ux-amd64/pkg/tool/linux_amd64/compile ortc�� g_.a 0.1-go1.25.7.linux-amd64/src/cry--64 ux-amd64/pkg/tool/linux_amd64/vet(http block)/tmp/go-build3333224444/b266/cli.test /tmp/go-build3333224444/b266/cli.test -test.testlogfile=/tmp/go-build3333224444/b266/testlog.txt -test.paniconexit0 -test.timeout=10m0s m/_n�� /tmp/go-build2382034949/b176/vet.cfg l/linux_amd64/vet /home/REDACTED/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.7.linux-amd64/pkg/tool/linux_amd64/vecat /proc/cpuinfo | grep "core id" | sort | uniq | wc -l ux-amd64/src/os/bash main l/linux_amd64/ve--noprofile /home/REDACTED/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.7.linux-amd64/pkg/tool/linux_amd64/vet /tmp��(http block)/tmp/go-build3333224444/b266/cli.test /tmp/go-build3333224444/b266/cli.test -test.run=TestRunExec_Helper -test.count=1 uniq 4912�� 1 0.1-go1.25.7.lin--reporter=verbose 0.1-go1.25.7.linux-amd64/pkg/tool/linux_amd64/vet rg/toolchain@v0.git ux-amd64/src/net-C 0.1-go1.25.7.lin/tmp/TestClearConflictedPathssingle_conflicted_file_is_cleared2444401491/001 0.1-go1.25.7.lincheckout /pro�� 01 0.1-go1.25.7.linux-amd64/pkg/too-ifaceassert 1/x64/bin/node pkg/mod/golang.ogit 0.1-go1.25.7.lin-C 0.1-go1.25.7.lin/tmp/TestRecoverRebaseStateaborts_stale_merge_state439321349/001 1/x64/bin/node(http block)If you need me to access, download, or install something from one of these locations, you can either: