From 1e0f3ae6e8f1b28e7d38027ee1b4481c616454ca Mon Sep 17 00:00:00 2001 From: "Jiaxiao (mossaka) Zhou" Date: Wed, 4 Feb 2026 17:52:57 +0000 Subject: [PATCH] Add 172.30.0.1 to CodexDefaultDomains for AWF gateway access The convert_gateway_config_codex.sh script resolves host.docker.internal to 172.30.0.1 for Rust DNS compatibility, but this IP was not in the allowed domains list for AWF firewall, causing all MCP requests to be blocked with 403 Forbidden errors. This fix adds 172.30.0.1 to CodexDefaultDomains so Codex can access the MCP gateway through AWF's network firewall. Co-Authored-By: Claude Opus 4.5 --- .github/workflows/smoke-codex.lock.yml | 6 +++--- pkg/workflow/domains.go | 1 + pkg/workflow/domains_test.go | 17 +++++++++-------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 2b4ea333e0..61f900eb7d 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -38,7 +38,7 @@ name: "Smoke Codex" types: - labeled schedule: - - cron: "16 */12 * * *" + - cron: "31 */12 * * *" workflow_dispatch: null permissions: {} @@ -1500,7 +1500,7 @@ jobs: run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" - sudo -E awf --enable-chroot --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains '*.githubusercontent.com,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,go.dev,golang.org,goproxy.io,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,mcp.tavily.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pkg.go.dev,playwright.download.prss.microsoft.com,ppa.launchpad.net,proxy.golang.org,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,sum.golang.org,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.13.4 --agent-image act \ + sudo -E awf --enable-chroot --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains '*.githubusercontent.com,172.30.0.1,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,go.dev,golang.org,goproxy.io,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,mcp.tavily.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pkg.go.dev,playwright.download.prss.microsoft.com,ppa.launchpad.net,proxy.golang.org,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,sum.golang.org,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.13.4 --agent-image act \ -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH" && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' \ 2>&1 | tee /tmp/gh-aw/agent-stdio.log env: @@ -1552,7 +1552,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} - GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" + GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,172.30.0.1,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" GITHUB_SERVER_URL: ${{ github.server_url }} GITHUB_API_URL: ${{ github.api_url }} with: diff --git a/pkg/workflow/domains.go b/pkg/workflow/domains.go index 12d5e1009c..0d942d6284 100644 --- a/pkg/workflow/domains.go +++ b/pkg/workflow/domains.go @@ -34,6 +34,7 @@ var CopilotDefaultDomains = []string{ // CodexDefaultDomains are the minimal default domains required for Codex CLI operation var CodexDefaultDomains = []string{ + "172.30.0.1", // AWF gateway IP - Codex resolves host.docker.internal to this IP for Rust DNS compatibility "api.openai.com", "host.docker.internal", "openai.com", diff --git a/pkg/workflow/domains_test.go b/pkg/workflow/domains_test.go index e8f6b31927..b55a99d450 100644 --- a/pkg/workflow/domains_test.go +++ b/pkg/workflow/domains_test.go @@ -259,6 +259,7 @@ func TestCopilotDefaultDomains(t *testing.T) { func TestCodexDefaultDomains(t *testing.T) { // Verify that expected Codex domains are present expectedDomains := []string{ + "172.30.0.1", // AWF gateway IP - Codex resolves host.docker.internal to this IP "api.openai.com", "host.docker.internal", "openai.com", @@ -286,8 +287,8 @@ func TestGetCodexAllowedDomains(t *testing.T) { t.Run("nil network permissions returns only defaults", func(t *testing.T) { result := GetCodexAllowedDomains(nil) // Should contain default Codex domains, sorted - if result != "api.openai.com,host.docker.internal,openai.com" { - t.Errorf("Expected 'api.openai.com,host.docker.internal,openai.com', got %q", result) + if result != "172.30.0.1,api.openai.com,host.docker.internal,openai.com" { + t.Errorf("Expected '172.30.0.1,api.openai.com,host.docker.internal,openai.com', got %q", result) } }) @@ -297,8 +298,8 @@ func TestGetCodexAllowedDomains(t *testing.T) { } result := GetCodexAllowedDomains(network) // Should contain both default Codex domains and user-specified domain - if result != "api.openai.com,example.com,host.docker.internal,openai.com" { - t.Errorf("Expected 'api.openai.com,example.com,host.docker.internal,openai.com', got %q", result) + if result != "172.30.0.1,api.openai.com,example.com,host.docker.internal,openai.com" { + t.Errorf("Expected '172.30.0.1,api.openai.com,example.com,host.docker.internal,openai.com', got %q", result) } }) @@ -308,8 +309,8 @@ func TestGetCodexAllowedDomains(t *testing.T) { } result := GetCodexAllowedDomains(network) // api.openai.com should not appear twice - if result != "api.openai.com,example.com,host.docker.internal,openai.com" { - t.Errorf("Expected 'api.openai.com,example.com,host.docker.internal,openai.com', got %q", result) + if result != "172.30.0.1,api.openai.com,example.com,host.docker.internal,openai.com" { + t.Errorf("Expected '172.30.0.1,api.openai.com,example.com,host.docker.internal,openai.com', got %q", result) } }) @@ -319,8 +320,8 @@ func TestGetCodexAllowedDomains(t *testing.T) { } result := GetCodexAllowedDomains(network) // Empty allowed list should still return Codex defaults - if result != "api.openai.com,host.docker.internal,openai.com" { - t.Errorf("Expected 'api.openai.com,host.docker.internal,openai.com', got %q", result) + if result != "172.30.0.1,api.openai.com,host.docker.internal,openai.com" { + t.Errorf("Expected '172.30.0.1,api.openai.com,host.docker.internal,openai.com', got %q", result) } }) }