Skip to content

bug: agents cannot run ruff/uv — astral.sh blocked by gh-aw firewall #183

New issue
New issue
Closed
#186
Closed
bug: agents cannot run ruff/uv — astral.sh blocked by gh-aw firewall#183
#186
Labels
bugSomething isn't working
@microsasa

Description

@microsasa
microsasa
opened on Mar 20, 2026

Problem

The review-responder agent is instructed to run CI checks before pushing code (step 5: uv sync && uv run ruff check --fix . && ...), but astral.sh — the domain where uv and ruff binaries are hosted — is blocked by the gh-aw sandbox firewall.

This means the agent cannot run lint checks before pushing. When the agent writes code that violates ruff rules (e.g., E741 ambiguous variable name l), it pushes broken code and CI fails on the PR.

What happened

  • Run 23351459250 (PR fix: populate active_* fields for pure active sessions (#154) #177, 2026-03-20 16:06 UTC): The responder successfully addressed 4 review comments using our new pre-fetch pattern, but pushed code containing next(l for l in lines ...) which violates ruff E741.
  • The agent tried to run /usr/bin/python3 --version and got "Permission denied" — it could not execute any Python tooling inside the sandbox.
  • The PR body even warns: ⚠️ Firewall blocked 1 domain: astral.sh
  • CI (uv run ruff check .) failed with 2 E741 errors.

Why it was not caught before

Previous responder runs either:

  1. Failed to find review comments at all (MCP bug — see bug: responder agent cannot read PR review threads — MCP returns empty, curl not attempted #180) and pushed no code
  2. Pushed code that happened to pass ruff by luck (run 23332736595 on PR fix: render_live_sessions shows active fields for resumed sessions (#139) #172 — 87-line patch, clean code)

This is the first time the responder pushed code that actually violated a ruff rule, exposing the gap.

Root cause

The network.allowed config in review-responder.md had defaults and python but NOT astral.sh:

network:
  allowed:
    - defaults
    - python

The python preset covers PyPI (pypi.org, files.pythonhosted.org), but astral.sh is a separate domain used by the Astral toolchain (uv, ruff).

Fix

Already implemented on branch fix/responder-prefetch-comments:

network:
  allowed:
    - defaults
    - python
    - "astral.sh"

This will be included in the pre-fetch PR (not yet created).

Affected workflows

  • review-responder.mdfixed on branch
  • ci-fixer.md — has python but NOT astral.sh — needs fix
  • issue-implementer.md — has python but NOT astral.sh — needs fix
  • code-health.mddefaults only — may need fix if it runs lint
  • quality-gate.mddefaults only — may need fix if it runs lint
  • test-analysis.mddefaults only — may need fix if it runs lint

See audit issue for full investigation.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions