fix: add node ecosystem to smoke-codex network allow-list

[Mossaka]

Summary

• Add node to network.allowed in smoke-codex.md so npm ci && npm run build (step 8) can reach registry.npmjs.org
• Without this, all npm requests are blocked by the firewall, causing the agent to fail before calling add_comment

Root cause identified from run 23810579935: firewall logs showed 8 denied requests to registry.npmjs.org.

Test plan

• Smoke Codex workflow passes with safe outputs validated

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Updates the Smoke Codex workflow network allow-list to include Node/NPM access and adds defense-in-depth validation to prevent Squid config injection when interpolating domains/patterns/URL patterns into squid.conf.

Changes:

• Add node to network.allowed for Smoke Codex so npm registry access is permitted.
• Add Squid config interpolation guards (rejecting whitespace/null bytes) and strengthen domain/pattern validation against injection characters.
• Regenerate the compiled smoke-codex.lock.yml workflow (includes broader workflow/version/config changes beyond the allow-list tweak).

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/squid-config.ts	Adds assertSafeForSquidConfig and applies it to interpolated ACL values.
src/squid-config.test.ts	Adds tests ensuring injected whitespace/newlines are rejected in generated Squid config.
src/domain-patterns.ts	Hardens validateDomainOrPattern to reject injection-relevant characters.
src/domain-patterns.test.ts	Adds test coverage for rejecting injection characters in domains/patterns.
src/cli.ts	Adds CLI-side validation rejecting whitespace/null bytes in --allow-urls patterns.
.github/workflows/smoke-codex.md	Adds node to the workflow network allow-list.
.github/workflows/smoke-codex.lock.yml	Regenerated compiled workflow, including the updated allow-list and other workflow/config/version changes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

validateDomainOrPattern says it rejects “control characters”, but DANGEROUS_CHARS only matches whitespace (\s) and \0 (plus a few punctuation chars). Other ASCII control characters like \u0001/\u007f would currently pass validation, which undermines the injection-defense intent and makes the error message misleading. Consider expanding the regex to cover the full control-character range (e.g., \x00-\x1F\x7F) or adjust the wording to match what’s actually rejected.

Suggested change

	// null bytes, and comment/quote characters are dangerous.
	// This prevents Squid config injection via --allow-domains.
	const DANGEROUS_CHARS = /[\s\0"'`;#\\]/;
	// null bytes, all ASCII control characters, and comment/quote characters are dangerous.
	// This prevents Squid config injection via --allow-domains.
	const DANGEROUS_CHARS = /[\x00-\x1F\x7F\s"'`;#\\]/;

[Copilot]

This PR’s title/description only calls out adding the node network allow-list entry, but the compiled workflow lock includes additional behavioral changes (e.g., AWF version bump and other regenerated metadata/config). If the intent is only to extend the allow-list, consider regenerating the lock with the same compiler/settings as main (or splitting these changes into a separate PR) so the review surface matches the stated scope.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.67%	82.77%	📈 +0.10%
Statements	82.34%	82.43%	📈 +0.09%
Functions	81.22%	81.22%	➡️ +0.00%
Branches	75.94%	76.00%	📈 +0.06%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	85.8% → 86.2% (+0.41%)	85.3% → 85.7% (+0.40%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Smoke test results (run 23833495697)

• ✅ GitHub MCP: fix: disable IPv6 in agent container to prevent squid proxy bypass #1544 fix: disable IPv6 in agent container to prevent squid proxy bypass · [WIP] Fix permissions for gh-aw config files in self-hosted runners #1520 [WIP] Fix permissions for gh-aw config files in self-hosted runners
• ✅ Playwright: github.com title contains "GitHub"
• ✅ File write: smoke-test-claude-23833495697.txt created
• ✅ Bash: file content verified

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude for issue #1533

[github-actions]

Smoke Test Results — @Mossaka

Test	Result
GitHub MCP: PR #1544 "fix: disable IPv6 in agent container to prevent squid proxy bypass" (@lpcox)	✅
GitHub MCP: PR #1539 "feat: add token usage tracking to api-proxy sidecar" (@lpcox)	✅
Playwright: github.com title contains "GitHub"	✅
File write + read	✅

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot for issue #1533

[github-actions]

Smoke Test: GitHub Actions Services Connectivity ✅

All checks passed:

Service	Check	Result
Redis (host.docker.internal:6379)	PING	✅ PONG
PostgreSQL (host.docker.internal:5432)	pg_isready	✅ accepting connections
PostgreSQL smoketest DB	SELECT 1	✅ returned 1

Note: redis-cli was not available in the environment; Redis was verified via a raw TCP socket PING.

🔌 Service connectivity validated by Smoke Services

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #1533 · ◷

[github-actions]

Smoke test summary for workflow run 23849149884
PR titles:

• fix: disable IPv6 in agent container to prevent squid proxy bypass
• feat: add token usage tracking to api-proxy sidecar

1. GitHub MCP merged PR review: ✅
2. safeinputs-gh PR query: ❌
3. Playwright title contains GitHub: ✅
4. Tavily search returned results: ❌
5. File write + 6) bash cat verify: ✅
6. Discussion comment via github-discussion-query: ❌
7. npm ci && npm run build: ✅
   Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex