revert: remove Squid intercept mode and all cascading fixes#541
Merged
Conversation
Reverts the following PRs which introduced unnecessary complexity: - #520: fix: enable Squid intercept mode for NAT-redirected traffic - v0.13.5 release: chore(release): bump version to 0.13.5 - #524: fix: remove HTTP_PROXY/HTTPS_PROXY env vars from agent container - #526: chore: recompile workflow lock files for AWF v0.13.5 - #527: fix: recompile lock files with release action mode - #522: fix: mount /etc/hosts in chroot and fix HTTP blocking test - #530: fix: restore HTTPS_PROXY, fix chroot hosts/permissions, fix Bun crash - v0.13.6 release: chore(release): bump version to 0.13.6 The intercept mode (#520) was introduced to fix Codex failing with HTTP_PROXY, but the simpler fix is to just not set HTTP_PROXY for Codex. The intercept mode introduced a cascade of breakage: - HTTPS can't be transparently intercepted (needs CONNECT method) - Image version bumps required lock file recompilation - host.docker.internal traffic crashed Squid under load - Multiple PRs needed to fix each regression This reverts to the pre-#520 explicit proxy mode (HTTP_PROXY/HTTPS_PROXY pointing to Squid port 3128) which worked for all engines. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
Contributor
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
Contributor
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
Contributor
|
| Metric | Base | PR | Delta |
|---|---|---|---|
| Lines | 82.12% | 82.08% | 📉 -0.04% |
| Statements | 82.16% | 82.12% | 📉 -0.04% |
| Functions | 81.95% | 81.95% | ➡️ +0.00% |
| Branches | 75.48% | 75.41% | 📉 -0.07% |
📁 Per-file Coverage Changes (2 files)
| File | Lines (Before → After) | Statements (Before → After) |
|---|---|---|
src/docker-manager.ts |
83.0% → 82.9% (-0.09%) | 82.3% → 82.2% (-0.09%) |
src/squid-config.ts |
95.2% → 95.1% (-0.06%) | 95.2% → 95.2% (-0.05%) |
Coverage comparison generated by scripts/ci/compare-coverage.ts
Contributor
|
Smoke Test Results 🧪 @Mossaka — All tests passed ✅ Last 2 merged PRs:
Test Results:
Status: PASS
|
Contributor
Go Build Test Results
Overall: PASS ✅
|
Contributor
Build Test: Node.js - Results
Overall: PASS ✅ All Node.js projects built and tested successfully.
|
Contributor
Build Test: Deno - Results
Overall: ✅ PASS All Deno tests completed successfully.
|
Contributor
Smoke Test Results: PASSLast 2 Merged PRs:
Test Results:
Status: All tests passed
|
Contributor
C++ Build Test Results
Overall: PASS All C++ projects built successfully.
|
Contributor
Rust Build Test Results
Overall: PASS All Rust projects built successfully and all tests passed.
|
Contributor
Build Test: Bun - FAILED ❌Installation Status
Test Results
Overall: FAIL Error Details
Root CauseBun v1.3.8 is incompatible with this GitHub Actions runner environment (Ubuntu 24.04). The runtime crashes with segmentation faults on both Environment Info
RecommendationThis failure is due to a Bun runtime compatibility issue, not the test repositories. Consider:
|
Contributor
❌ Java Build Test FailedEnvironment ErrorUnable to execute Java or Maven in the test environment. All attempts to run Java binaries result in bash version output instead of Java execution. Error Details:
Test Results:
Overall: FAILED (Environment Issue) This appears to be a Docker/AWF container configuration problem where ELF executables cannot run properly. The environment requires debugging before Java build tests can proceed.
|
Contributor
Smoke Test ResultsLast 2 merged PRs:
Test Results:
Status: PASS 🎉 cc
|
This was referenced Feb 6, 2026
2 tasks
Mossaka
added a commit
that referenced
this pull request
Feb 6, 2026
The intercept mode revert (#541) missed 3 references to SQUID_INTERCEPT_PORT in docker-manager.ts: the constant definition, the port mapping on the Squid container, and the env var passed to the agent container. Squid no longer listens on port 3129, so these are dead code. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 tasks
Mossaka
added a commit
that referenced
this pull request
Feb 6, 2026
* fix: ensure .copilot directory permissions before Copilot CLI install The Copilot CLI verification step tries to create /home/runner/.copilot/pkg/ which fails with EACCES if the directory was previously created with root ownership (e.g., by sudo -E awf during chroot version tests). Add a step to create .copilot with correct runner ownership before the Copilot CLI install in both the .md source and lock file. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: remove leftover SQUID_INTERCEPT_PORT references from revert The intercept mode revert (#541) missed 3 references to SQUID_INTERCEPT_PORT in docker-manager.ts: the constant definition, the port mapping on the Squid container, and the env var passed to the agent container. Squid no longer listens on port 3129, so these are dead code. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reverts 8 commits that introduced Squid intercept mode and the cascade of fixes that followed.
What's being reverted
Why
The intercept mode was introduced to fix Codex (Rust/reqwest) failing with
HTTP_PROXY. But the simpler fix is to just removeHTTP_PROXYfor Codex — no need for a whole new proxy mode. The intercept mode caused a cascade of breakage:host.docker.internaltraffic crashed Squid under heavy MCP loadWhat we return to
The pre-#520 explicit proxy mode:
HTTP_PROXY+HTTPS_PROXY→ Squid port 3128Test plan
🤖 Generated with Claude Code