feat(core): add network http/socks port config fields

This commit is contained in:
viyatb-oai
2026-01-29 09:51:14 -08:00
parent a3598fa93b
commit f928764ac6
3 changed files with 30 additions and 0 deletions

View File

@@ -475,6 +475,12 @@
"description": "Enable proxy configuration for sandboxed tool execution.",
"type": "boolean"
},
"http_port": {
"description": "HTTP proxy listener port (loopback).",
"format": "uint16",
"minimum": 0.0,
"type": "integer"
},
"mode": {
"allOf": [
{
@@ -491,6 +497,12 @@
],
"default": null,
"description": "Policy configuration."
},
"socks_port": {
"description": "SOCKS5 proxy listener port (loopback).",
"format": "uint16",
"minimum": 0.0,
"type": "integer"
}
},
"type": "object"

View File

@@ -1267,6 +1267,12 @@ fn resolve_network_config(entries: &[NetworkConfigToml]) -> std::io::Result<Netw
if let Some(value) = entry.dangerously_allow_non_loopback_admin {
resolved.dangerously_allow_non_loopback_admin = value;
}
if let Some(http_port) = entry.http_port {
resolved.http_port = Some(http_port);
}
if let Some(socks_port) = entry.socks_port {
resolved.socks_port = Some(socks_port);
}
if let Some(policy) = entry.policy.as_ref() {
if let Some(allowed_domains) = policy.allowed_domains.as_ref() {
resolved.policy.allowed_domains = allowed_domains.clone();
@@ -1912,6 +1918,7 @@ persistence = "none"
[[network]]
enabled = false
allow_upstream_proxy = false
http_port = 8080
[network.policy]
allowed_domains = ["example.com"]
allow_local_binding = false
@@ -1920,6 +1927,7 @@ allow_local_binding = false
enabled = true
mode = "limited"
allow_upstream_proxy = true
socks_port = 1080
[network.policy]
denied_domains = ["internal.local"]
allow_unix_sockets = ["/var/run/docker.sock"]
@@ -1937,6 +1945,8 @@ allow_unix_sockets = ["/var/run/docker.sock"]
allow_upstream_proxy: true,
dangerously_allow_non_loopback_proxy: false,
dangerously_allow_non_loopback_admin: false,
http_port: Some(8080),
socks_port: Some(1080),
policy: crate::config::types::NetworkPolicy {
allowed_domains: vec!["example.com".to_string()],
denied_domains: vec!["internal.local".to_string()],

View File

@@ -577,6 +577,12 @@ pub struct NetworkConfigToml {
/// Allow non-loopback binding for admin listener (dangerous).
pub dangerously_allow_non_loopback_admin: Option<bool>,
/// HTTP proxy listener port (loopback).
pub http_port: Option<u16>,
/// SOCKS5 proxy listener port (loopback).
pub socks_port: Option<u16>,
/// Policy configuration.
#[serde(default)]
pub policy: Option<NetworkPolicyToml>,
@@ -591,6 +597,8 @@ pub struct NetworkConfig {
pub allow_upstream_proxy: bool,
pub dangerously_allow_non_loopback_proxy: bool,
pub dangerously_allow_non_loopback_admin: bool,
pub http_port: Option<u16>,
pub socks_port: Option<u16>,
pub policy: NetworkPolicy,
}