Skip to content

Transparent proxy blocks WebSocket and inconsistently returns 403 for policy-allowed domains #728

Open
Bug
Open
Transparent proxy blocks WebSocket and inconsistently returns 403 for policy-allowed domains#728
Bug
@shuq-rgb

Description

@shuq-rgb
shuq-rgb
opened on Apr 2, 2026

Agent Diagnostic

  • Added policy.yaml rules for slack.com and *.slack.com with protocol: rest, access: all
  • Ran curl POST to slack.com API through the proxy → got 403 initially
  • After policy update, some REST calls work, some still get 403
  • Tested WebSocket connection to wss://wss-primary.slack.com → fails (proxy doesn't support WS upgrade)
  • Tested globalThis.fetch from Node.js inside sandbox → inconsistent results depending on which fetch implementation is used (fetch-guard vs native)
  • Concluded: transparent proxy does not support WebSocket and has inconsistent behavior for allowed REST endpoints

Description

The transparent proxy at 10.200.0.1:3128 has two issues:

  1. No WebSocket support. Slack Socket Mode and other real-time services require WebSocket (wss://) connections. The proxy does not support HTTP CONNECT/Upgrade, so these connections fail even when the domain is allowed in policy.yaml.

  2. Inconsistent 403 for allowed domains. REST calls to domains listed in policy.yaml with access: all sometimes succeed and sometimes return 403. The behavior varies depending on whether the request goes through Node.js fetch-guard (EnvHttpProxyAgent) vs native fetch vs curl.

This makes it impractical to support any real-time communication channel (Slack, Telegram) inside the sandbox without a custom host-side relay.

Reproduction Steps

  1. Add to policy.yaml:
    slack_web_api:
    endpoints:
    - {host: slack.com, port: 443, protocol: rest, access: all}
    - {host: "*.slack.com", port: 443, protocol: rest, access: all}
  2. Inside sandbox: curl -X POST https://slack.com/api/auth.test → 403
  3. Inside sandbox: attempt WebSocket to wss://wss-primary.slack.com → fails

Environment

  • OS: macOS 15.x (Apple Silicon)
  • Docker: Docker Desktop 4.x
  • OpenShell: latest

Logs



Agent-First Checklist


    

  •  I pointed my agent at the repo and had it investigate this issue
    • 

  •  I loaded relevant skills (e.g., debug-openshell-cluster, debug-inference, openshell-cli)
    • 

  •  My agent could not resolve this — the diagnostic above explains why
    • 

Metadata
Metadata
Assignees
No one assigned
    Labels
    No labels
    No labels
    Type
    Bug
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions