fix: set NO_PROXY for host gateway to bypass Squid for MCP (#554)

Mossaka · claude · web-flow · commit 2bd65cc7a906 · 2026-02-06T01:11:05.000-08:00
The iptables NAT bypass from v0.13.10 prevents DNAT redirection,
but HTTP_PROXY env var still causes HTTP clients (like Codex's
reqwest) to send MCP traffic through Squid as a forward proxy.
Concurrent SSE connections through Squid crash it (comm.cc:1583).

Set NO_PROXY with host.docker.internal and the network gateway IP
when --enable-host-access is enabled, so MCP gateway traffic
bypasses both DNAT and the forward proxy.

Co-authored-by: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/docker-manager.ts b/src/docker-manager.ts
@@ -332,6 +332,18 @@ export function generateDockerCompose(
     PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
   };
 
+  // When host access is enabled, bypass the proxy for the host gateway IPs.
+  // MCP Streamable HTTP (SSE) traffic through Squid crashes it (comm.cc:1583),
+  // so MCP gateway traffic must go directly to the host, not through Squid.
+  if (config.enableHostAccess) {
+    // Compute the network gateway IP (first usable IP in the subnet)
+    const subnetBase = networkConfig.subnet.split('/')[0]; // e.g. "172.30.0.0"
+    const parts = subnetBase.split('.');
+    const networkGatewayIp = `${parts[0]}.${parts[1]}.${parts[2]}.1`;
+    environment.NO_PROXY = `localhost,127.0.0.1,${networkConfig.squidIp},host.docker.internal,${networkGatewayIp}`;
+    environment.no_proxy = environment.NO_PROXY;
+  }
+
   // For chroot mode, pass the host's actual PATH and tool directories so the entrypoint can use them
   // This ensures toolcache paths (Python, Node, Go, Rust, Java) are correctly resolved
   if (config.enableChroot) {
