core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/network-proxy/src
History
viyatb-oai 28c0089060
fix(network-proxy): add unix socket allow-all and update seatbelt rules (#11368) 
## Summary
Adds support for a Unix socket escape hatch so we can bypass socket
allowlisting when explicitly enabled.

## Description
* added a new flag, `network.dangerously_allow_all_unix_sockets` as an
explicit escape hatch
* In codex-network-proxy, enabling that flag now allows any absolute
Unix socket path from x-unix-socket instead of requiring each path to be
explicitly allowlisted. Relative paths are still rejected.
* updated the macOS seatbelt path in core so it enforces the same Unix
socket behavior:
  * allowlisted sockets generate explicit network* subpath rules
  * allow-all generates a broad network* (subpath "/") rule

---------

Co-authored-by: Codex <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
2026-02-20 10:56:57 -08:00
..
admin.rs feat(network-proxy): structured policy signaling and attempt correlation to core (#11662) 2026-02-13 09:01:11 +00:00
config.rs fix(network-proxy): add unix socket allow-all and update seatbelt rules (#11368) 2026-02-20 10:56:57 -08:00
http_proxy.rs fix(network-proxy): add unix socket allow-all and update seatbelt rules (#11368) 2026-02-20 10:56:57 -08:00
lib.rs Refactor network approvals to host/protocol/port scope (#12140) 2026-02-20 10:39:55 -08:00
network_policy.rs Refactor network approvals to host/protocol/port scope (#12140) 2026-02-20 10:39:55 -08:00
policy.rs feat: introducing a network sandbox proxy (#8442) 2026-01-23 17:47:09 -08:00
proxy.rs fix(network-proxy): add unix socket allow-all and update seatbelt rules (#11368) 2026-02-20 10:56:57 -08:00
reasons.rs feat: introducing a network sandbox proxy (#8442) 2026-01-23 17:47:09 -08:00
responses.rs feat(network-proxy): structured policy signaling and attempt correlation to core (#11662) 2026-02-13 09:01:11 +00:00
runtime.rs fix(network-proxy): add unix socket allow-all and update seatbelt rules (#11368) 2026-02-20 10:56:57 -08:00
socks5.rs Refactor network approvals to host/protocol/port scope (#12140) 2026-02-20 10:39:55 -08:00
state.rs fix(network-proxy): add unix socket allow-all and update seatbelt rules (#11368) 2026-02-20 10:56:57 -08:00
upstream.rs feat: enable premessage-deflate for websockets (#10966) 2026-02-07 17:59:34 -08:00