This commit is contained in:
Evgeny Boger 2026-06-24 13:36:47 +00:00 committed by GitHub
commit 9301a904ae
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 25 additions and 1 deletions

View file

@ -749,6 +749,30 @@ pub async fn launch(agent: Agent, args: Args) -> Result<i32> {
);
}
// Surface the host HTTP proxy when one is set. Host-side image pulls
// already honour it (reqwest auto-detects the env), and guest egress now
// tunnels through it via HTTP CONNECT — the microsandbox network stack
// reads the same `HTTPS_PROXY`/`HTTP_PROXY`/`ALL_PROXY`/`NO_PROXY` at boot.
// Be loud about it so the operator knows all traffic is routed there.
if let Some(proxy) = microsandbox::microsandbox_network::http_proxy::ProxyConfig::from_env() {
match (proxy.https_display(), proxy.http_display()) {
(Some(s), Some(h)) if s == h => {
eprintln!("==> Proxy: routing guest egress + image pulls through {s} (HTTP CONNECT)");
}
(https, http) => {
if let Some(s) = https {
eprintln!("==> Proxy: HTTPS/TLS egress + image pulls via {s} (HTTP CONNECT)");
}
if let Some(h) = http {
eprintln!("==> Proxy: plain-HTTP egress via {h} (HTTP CONNECT)");
}
}
}
if let Some(no_proxy) = proxy.no_proxy_display() {
eprintln!("==> Proxy: bypassing (no_proxy) {no_proxy}");
}
}
// For each provider with a host credential file, register a
// SecretValue::File secret keyed on the placeholder string the
// guest will send, then register the OAuth refresh endpoint as a

2
vendor/microsandbox vendored

@ -1 +1 @@
Subproject commit a5c830d2f46509dffdfdb8cc38571b7fcbc94ed5
Subproject commit a05c6b702db6b70011fd5e22ad52186e76225eff