feat(core): add network http/socks port config fields

2026-04-24 22:54:54 +00:00 · 2026-01-29 09:51:14 -08:00
parent a3598fa93b
commit f928764ac6
3 changed files with 30 additions and 0 deletions
--- a/codex-rs/core/config.schema.json
+++ b/codex-rs/core/config.schema.json
@@ -475,6 +475,12 @@
          "description": "Enable proxy configuration for sandboxed tool execution.",
          "type": "boolean"
        },
+        "http_port": {
+          "description": "HTTP proxy listener port (loopback).",
+          "format": "uint16",
+          "minimum": 0.0,
+          "type": "integer"
+        },
        "mode": {
          "allOf": [
            {
@@ -491,6 +497,12 @@
          ],
          "default": null,
          "description": "Policy configuration."
+        },
+        "socks_port": {
+          "description": "SOCKS5 proxy listener port (loopback).",
+          "format": "uint16",
+          "minimum": 0.0,
+          "type": "integer"
        }
      },
      "type": "object"
--- a/codex-rs/core/src/config/mod.rs
+++ b/codex-rs/core/src/config/mod.rs
@@ -1267,6 +1267,12 @@ fn resolve_network_config(entries: &[NetworkConfigToml]) -> std::io::Result<Netw
        if let Some(value) = entry.dangerously_allow_non_loopback_admin {
            resolved.dangerously_allow_non_loopback_admin = value;
        }
+        if let Some(http_port) = entry.http_port {
+            resolved.http_port = Some(http_port);
+        }
+        if let Some(socks_port) = entry.socks_port {
+            resolved.socks_port = Some(socks_port);
+        }
        if let Some(policy) = entry.policy.as_ref() {
            if let Some(allowed_domains) = policy.allowed_domains.as_ref() {
                resolved.policy.allowed_domains = allowed_domains.clone();
@@ -1912,6 +1918,7 @@ persistence = "none"
 [[network]]
 enabled = false
 allow_upstream_proxy = false
+http_port = 8080
 [network.policy]
 allowed_domains = ["example.com"]
 allow_local_binding = false
@@ -1920,6 +1927,7 @@ allow_local_binding = false
 enabled = true
 mode = "limited"
 allow_upstream_proxy = true
+socks_port = 1080
 [network.policy]
 denied_domains = ["internal.local"]
 allow_unix_sockets = ["/var/run/docker.sock"]
@@ -1937,6 +1945,8 @@ allow_unix_sockets = ["/var/run/docker.sock"]
                allow_upstream_proxy: true,
                dangerously_allow_non_loopback_proxy: false,
                dangerously_allow_non_loopback_admin: false,
+                http_port: Some(8080),
+                socks_port: Some(1080),
                policy: crate::config::types::NetworkPolicy {
                    allowed_domains: vec!["example.com".to_string()],
                    denied_domains: vec!["internal.local".to_string()],
--- a/codex-rs/core/src/config/types.rs
+++ b/codex-rs/core/src/config/types.rs
@@ -577,6 +577,12 @@ pub struct NetworkConfigToml {
    /// Allow non-loopback binding for admin listener (dangerous).
    pub dangerously_allow_non_loopback_admin: Option<bool>,

+    /// HTTP proxy listener port (loopback).
+    pub http_port: Option<u16>,
+
+    /// SOCKS5 proxy listener port (loopback).
+    pub socks_port: Option<u16>,
+
    /// Policy configuration.
    #[serde(default)]
    pub policy: Option<NetworkPolicyToml>,
@@ -591,6 +597,8 @@ pub struct NetworkConfig {
    pub allow_upstream_proxy: bool,
    pub dangerously_allow_non_loopback_proxy: bool,
    pub dangerously_allow_non_loopback_admin: bool,
+    pub http_port: Option<u16>,
+    pub socks_port: Option<u16>,
    pub policy: NetworkPolicy,
 }