Gitpulse
Merged
Size
S
Change Breakdown
Bug Fix100%
#59007fix(net): skip DNS pinning before trusted env proxy dispatch

DNS pinning reordered to fix proxy-only sandbox failures

CL
cluster2600
·Apr 8, 2026

Proxy-only sandboxes can now reach the trusted HTTP CONNECT proxy without first attempting local DNS resolution. Previously, requests failed with EAI_AGAIN before ever reaching the proxy.

In proxy-only sandbox environments where local DNS is unavailable, web tools like web_search and web_fetch were failing with DNS lookup errors. The root cause was an ordering problem in the fetch guard: DNS pinning happened before the trusted env-proxy branch was evaluated, so requests would fail on local DNS before the trusted proxy ever had a chance to intercept them.

This fix reorders the logic in fetchWithSsrFGuard() so that trusted env-proxy mode is checked first. When the trusted proxy path is active, the function skips DNS pinning entirely and hands the request directly to the EnvHttpProxyAgent, which resolves hostnames through the proxy instead of local DNS.

The change is surgical: four lines moved from before the proxy check into the else branch. For users in proxy-only deployments, web tools now work as expected — the trusted proxy handles all DNS resolution transparently.

View Original GitHub Description

Summary

Fixes fetchWithSsrFGuard() so trusted env-proxy mode can actually reach EnvHttpProxyAgent before any local DNS lookup is attempted.

This fixes the remaining proxy-only sandbox failure tracked in #59005. It is the same production gap described in #58034, but rebased cleanly on current main and with the fallback test tightened so host ALL_PROXY / all_proxy values cannot accidentally satisfy the proxy branch.

What changed

  • move DNS pinning and pinned-dispatcher creation into the non-proxy branch
  • keep trusted env-proxy dispatch as an early branch
  • clear all six proxy env keys in the tests before setting expectations
  • add an explicit regression test for trusted mode with no proxy env vars present

Why

#50650 fixed the strict-mode env-proxy path, but both main and v2026.3.31 still resolve DNS before entering the trusted env-proxy branch:

const pinned = await resolvePinnedHostnameWithPolicy(...);
const canUseTrustedEnvProxy =
  mode === GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY && hasProxyEnvConfigured();
if (canUseTrustedEnvProxy) {
  dispatcher = new EnvHttpProxyAgent();
}

In proxy-only sandboxes, that ordering means the request fails on local DNS and never reaches the trusted proxy.

Testing

  • pnpm exec vitest run --config vitest.unit.config.ts src/infra/net/fetch-guard.ssrf.test.ts
  • pnpm check

Notes

  • Fixes #59005
  • Supersedes #58034
© 2026 · via Gitpulse