Agent Diagnostic
- Added policy.yaml rules for slack.com and *.slack.com with protocol: rest, access: all
- Ran curl POST to slack.com API through the proxy → got 403 initially
- After policy update, some REST calls work, some still get 403
- Tested WebSocket connection to wss://wss-primary.slack.com → fails (proxy doesn't support WS upgrade)
- Tested globalThis.fetch from Node.js inside sandbox → inconsistent results depending on which fetch implementation is used (fetch-guard vs native)
- Concluded: transparent proxy does not support WebSocket and has inconsistent behavior for allowed REST endpoints
Description
The transparent proxy at 10.200.0.1:3128 has two issues:
-
No WebSocket support. Slack Socket Mode and other real-time services require WebSocket (wss://) connections. The proxy does not support HTTP CONNECT/Upgrade, so these connections fail even when the domain is allowed in policy.yaml.
-
Inconsistent 403 for allowed domains. REST calls to domains listed in policy.yaml with access: all sometimes succeed and sometimes return 403. The behavior varies depending on whether the request goes through Node.js fetch-guard (EnvHttpProxyAgent) vs native fetch vs curl.
This makes it impractical to support any real-time communication channel (Slack, Telegram) inside the sandbox without a custom host-side relay.
Reproduction Steps
- Add to policy.yaml:
slack_web_api:
endpoints:
- {host: slack.com, port: 443, protocol: rest, access: all}
- {host: "*.slack.com", port: 443, protocol: rest, access: all}
- Inside sandbox:
curl -X POST https://slack.com/api/auth.test → 403
- Inside sandbox: attempt WebSocket to
wss://wss-primary.slack.com → fails
Environment
- OS: macOS 15.x (Apple Silicon)
- Docker: Docker Desktop 4.x
- OpenShell: latest
Logs
Agent-First Checklist
Agent Diagnostic
Description
The transparent proxy at
10.200.0.1:3128has two issues:No WebSocket support. Slack Socket Mode and other real-time services require WebSocket (
wss://) connections. The proxy does not support HTTP CONNECT/Upgrade, so these connections fail even when the domain is allowed inpolicy.yaml.Inconsistent 403 for allowed domains. REST calls to domains listed in
policy.yamlwithaccess: allsometimes succeed and sometimes return 403. The behavior varies depending on whether the request goes through Node.js fetch-guard (EnvHttpProxyAgent) vs native fetch vs curl.This makes it impractical to support any real-time communication channel (Slack, Telegram) inside the sandbox without a custom host-side relay.
Reproduction Steps
slack_web_api:
endpoints:
- {host: slack.com, port: 443, protocol: rest, access: all}
- {host: "*.slack.com", port: 443, protocol: rest, access: all}
curl -X POST https://slack.com/api/auth.test→ 403wss://wss-primary.slack.com→ failsEnvironment
Logs
Agent-First Checklist
debug-openshell-cluster,debug-inference,openshell-cli)