Skip to content

feat(network-proxy): add embedded OTEL policy audit logging#12046

Merged
mcgrew-oai merged 37 commits intomainfrom
mcgrew/new-network-proxy-logs
Feb 25, 2026
Merged

feat(network-proxy): add embedded OTEL policy audit logging#12046
mcgrew-oai merged 37 commits intomainfrom
mcgrew/new-network-proxy-logs

Conversation

@mcgrew-oai
Copy link
Contributor

@mcgrew-oai mcgrew-oai commented Feb 17, 2026

PR Summary

This PR adds embedded-only OTEL policy audit logging for codex-network-proxy and threads audit metadata from codex-core into managed proxy startup.

What changed

  • Added structured audit event emission in network_policy.rs with target codex_otel.network_proxy.
  • Emitted:
    • codex.network_proxy.domain_policy_decision once per domain-policy evaluation.
    • codex.network_proxy.block_decision for non-domain denies.
  • Added required policy/network fields, RFC3339 UTC millisecond event.timestamp, and fallback defaults (http.request.method="none", client.address="unknown").
  • Added non-domain deny audit emission in HTTP/SOCKS handlers for mode-guard and proxy-state denies, including unix-socket deny paths.
  • Added REASON_UNIX_SOCKET_UNSUPPORTED and used it for unsupported unix-socket auditing.
  • Added NetworkProxyAuditMetadata to runtime/state, re-exported from lib.rs and state.rs.
  • Added start_proxy_with_audit_metadata(...) in core config, with start_proxy() delegating to default metadata.
  • Wired metadata construction in codex.rs from session/auth context, including originator sanitization for OTEL-safe tagging.
  • Updated network-proxy/README.md with embedded-mode audit schema and behavior notes.
  • Refactored HTTP block-audit emission to a small local helper to reduce duplication.
  • Preserved existing unix-socket proxy-disabled host/path behavior for responses and blocked history while using an audit-only endpoint override (server.address="unix-socket", server.port=0).

Explicit exclusions

  • No standalone proxy OTEL startup work.
  • No main.rs binary wiring.
  • No standalone_otel.rs.
  • No standalone docs/tests.

Tests

  • Extended network_policy.rs tests for event mapping, metadata propagation, fallbacks, timestamp format, and target prefix.
  • Extended HTTP tests to assert unix-socket deny block audit events.
  • Extended SOCKS tests to cover deny emission from handler deny branches.
  • Added/updated core tests to verify audit metadata threading into managed proxy state.

Validation run

  • just fmt
  • cargo test -p codex-network-proxy
  • cargo test -p codex-core ran with one unrelated flaky timeout (shell_snapshot::tests::snapshot_shell_does_not_inherit_stdin), and the test passed when rerun directly ✅

@mcgrew-oai
feat(network-proxy): add embedded OTEL policy audit logging
3f99eec 
feat(network-proxy): add embedded OTEL policy audit logging
@mcgrew-oai mcgrew-oai added the oai PRs contributed by OpenAI employees label Feb 17, 2026
mcgrew-oai and others added 7 commits February 17, 2026 17:19
@mcgrew-oai
Merge branch 'main' into mcgrew/new-network-proxy-logs
fac7fb0
@mcgrew-oai
refactor(network-proxy): reduce HTTP audit helper args to satisfy clippy
f3c4a1a 
refactor(network-proxy): reduce HTTP audit helper args to satisfy clippy

- change `emit_http_block_decision_audit_event` in
  `network-proxy/src/http_proxy.rs` to accept a single
  `BlockDecisionAuditEventArgs` parameter instead of 8 scalar arguments
- update all HTTP deny-path callsites (CONNECT limited mode, unix-socket
  method/guard/unsupported/not-allowed, proxy-disabled, and method-policy
  denies) to construct and pass `BlockDecisionAuditEventArgs`
- preserve existing audit behavior and fields while removing repeated argument
  plumbing and clippy `too_many_arguments` violations
@viyatb-oai
refactor(network-proxy): simplify audit metadata wiring
ee5368f
@viyatb-oai
refactor(network-proxy): clean up audit metadata imports
14af73e
@viyatb-oai
refactor(network-proxy): minimize codex session wiring diff
ab4e0cd
@mcgrew-oai
network-proxy: unify OTel policy events under policy_decision
9330f98 
network-proxy: unify OTel policy events under policy_decision
@mcgrew-oai
Update http_proxy.rs
4f7b791
@mcgrew-oai
Copy link
Contributor Author

mcgrew-oai commented Feb 18, 2026
edited
Loading 

### Network-proxy OTel event matrix

All policy telemetry now emits:

- `event.name = codex.network_proxy.policy_decision`

Use the tuple `(scope, decision, source, reason)` to distinguish scenarios.

1. **Host-policy allow (HTTP/CONNECT/SOCKS)**
- `network.policy.scope = domain`
- `network.policy.decision = allow`
- `network.policy.source = baseline_policy` or `decider`
- `network.policy.reason = allow` or `not_allowed` (override case)
- Protocol can be `http`, `https_connect`, `socks5_tcp`, `socks5_udp`

2. **Host-policy deny**
- `network.policy.scope = domain`
- `network.policy.decision = deny`
- `network.policy.source = baseline_policy` or `decider`
- `network.policy.reason` commonly one of:
  - `denied`
  - `not_allowed`
  - `not_allowed_local`
  - `policy_denied`

3. **Host-policy ask (decider)**
- `network.policy.scope = domain`
- `network.policy.decision = ask`
- `network.policy.source = decider`
- `network.policy.reason` commonly `not_allowed`

4. **Limited-mode method deny (HTTP/CONNECT)**
- `network.policy.scope = non_domain`
- `network.policy.decision = deny`
- `network.policy.source = mode_guard`
- `network.policy.reason = method_not_allowed`

5. **Limited-mode method deny (SOCKS)**
- `network.policy.scope = non_domain`
- `network.policy.decision = deny`
- `network.policy.source = mode_guard`
- `network.policy.reason = method_not_allowed`

6. **Proxy disabled (any path)**
- `network.policy.scope = non_domain`
- `network.policy.decision = deny`
- `network.policy.source = proxy_state`
- `network.policy.reason = proxy_disabled`

7. **Unix socket unsupported platform**
- `network.policy.scope = non_domain`
- `network.policy.decision = deny`
- `network.policy.source = proxy_state`
- `network.policy.reason = unix_socket_unsupported`
- Sentinel endpoint fields:
  - `server.address = unix-socket`
  - `server.port = 0`

8. **Unix socket not allowlisted**
- `network.policy.scope = non_domain`
- `network.policy.decision = deny`
- `network.policy.source = proxy_state`
- `network.policy.reason = not_allowed`
- Sentinel endpoint fields:
  - `server.address = unix-socket`
  - `server.port = 0`

9. **Unix socket allowlisted (new in this PR)**
- `network.policy.scope = non_domain`
- `network.policy.decision = allow`
- `network.policy.source = proxy_state`
- `network.policy.reason = allow`
- Sentinel endpoint fields:
  - `server.address = unix-socket`
  - `server.port = 0`

Note: one request can emit multiple events in sequence (for example `domain/allow` followed by `non_domain/deny` in limited mode).

@mcgrew-oai
Copy link
Contributor Author

mcgrew-oai commented Feb 18, 2026

@codex review

@chatgpt-codex-connector
Copy link
Contributor

chatgpt-codex-connector bot commented Feb 18, 2026

Codex Review: Didn't find any major issues. Chef's kiss.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

mcgrew-oai and others added 12 commits February 24, 2026 12:09
@mcgrew-oai
Investigate network proxy policy log
08bdce9
@mcgrew-oai
Fix http proxy unix socket test
0b9ef22
@mcgrew-oai
Merge branch 'main' into mcgrew/new-network-proxy-logs
b5fccc6
@mcgrew-oai
Merge branch 'main' into mcgrew/new-network-proxy-logs
1b92ce3
@mcgrew-oai
feat(network-proxy): add embedded OTEL policy audit logging
b64fed3 
feat(network-proxy): add embedded OTEL policy audit logging
@mcgrew-oai
refactor(network-proxy): reduce HTTP audit helper args to satisfy clippy
6161c5f 
refactor(network-proxy): reduce HTTP audit helper args to satisfy clippy

- change `emit_http_block_decision_audit_event` in
  `network-proxy/src/http_proxy.rs` to accept a single
  `BlockDecisionAuditEventArgs` parameter instead of 8 scalar arguments
- update all HTTP deny-path callsites (CONNECT limited mode, unix-socket
  method/guard/unsupported/not-allowed, proxy-disabled, and method-policy
  denies) to construct and pass `BlockDecisionAuditEventArgs`
- preserve existing audit behavior and fields while removing repeated argument
  plumbing and clippy `too_many_arguments` violations
@viyatb-oai @mcgrew-oai
refactor(network-proxy): simplify audit metadata wiring
b63727d
@viyatb-oai @mcgrew-oai
refactor(network-proxy): clean up audit metadata imports
53a7f03
@viyatb-oai @mcgrew-oai
refactor(network-proxy): minimize codex session wiring diff
0f87510
@mcgrew-oai
network-proxy: unify OTel policy events under policy_decision
5240b8a 
network-proxy: unify OTel policy events under policy_decision
@mcgrew-oai
Update http_proxy.rs
a46c755
@mcgrew-oai
remove attempt_id
19736f5 
remove attempt_id
mcgrew-oai and others added 13 commits February 25, 2026 09:37
@mcgrew-oai mcgrew-oai merged commit 9a393c9 into main Feb 25, 2026
53 of 55 checks passed
@mcgrew-oai mcgrew-oai deleted the mcgrew/new-network-proxy-logs branch February 25, 2026 16:46
@github-actions github-actions bot locked and limited conversation to collaborators Feb 25, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@viyatb-oai viyatb-oai viyatb-oai approved these changes

@fouad-openai fouad-openai Awaiting requested review from fouad-openai

Assignees

No one assigned

Labels

oai PRs contributed by OpenAI employees

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mcgrew-oai @viyatb-oai