fix: remove HTTP_PROXY/HTTPS_PROXY env vars from agent container (#524)

Intercept mode (iptables DNAT 80/443 → squid:3129) handles all routing
transparently. Port 3128 is unreachable from the agent container, causing
Codex (Rust/reqwest) to fail with "Connection refused" when it honors
the HTTP_PROXY env var.

- Remove HTTP_PROXY/HTTPS_PROXY from the agent container environment
- Add proxy vars (upper and lowercase) to EXCLUDED_ENV_VARS to prevent
  host proxy settings from leaking via --env-all
- Update entrypoint.sh logging to reflect intercept mode
- Users can still override via --env HTTP_PROXY=... if needed

Fixes #523

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Mossaka

containers/agent/entrypoint.sh

@@ -115,9 +115,13 @@ fi
 /usr/local/bin/setup-iptables.sh
 
 # Print proxy environment
-echo "[entrypoint] Proxy configuration:"
-echo "[entrypoint]   HTTP_PROXY=$HTTP_PROXY"
-echo "[entrypoint]   HTTPS_PROXY=$HTTPS_PROXY"
+echo "[entrypoint] Proxy configuration: intercept mode (iptables DNAT 80/443 -> squid:${SQUID_INTERCEPT_PORT})"
+if [ -n "$HTTP_PROXY" ]; then
+  echo "[entrypoint]   HTTP_PROXY=$HTTP_PROXY (user-provided)"
+fi
+if [ -n "$HTTPS_PROXY" ]; then
+  echo "[entrypoint]   HTTPS_PROXY=$HTTPS_PROXY (user-provided)"
+fi
 
 # Print network information
 echo "[entrypoint] Network information:"

src/docker-manager.test.ts

@@ -479,10 +479,12 @@ describe('docker-manager', () => {
       const agent = result.services.agent;
       const env = agent.environment as Record<string, string>;
 
-      expect(env.HTTP_PROXY).toBe('http://172.30.0.10:3128');
-      expect(env.HTTPS_PROXY).toBe('http://172.30.0.10:3128');
+      // HTTP_PROXY/HTTPS_PROXY are NOT set; intercept mode (iptables DNAT) handles routing
+      expect(env.HTTP_PROXY).toBeUndefined();
+      expect(env.HTTPS_PROXY).toBeUndefined();
       expect(env.SQUID_PROXY_HOST).toBe('squid-proxy');
       expect(env.SQUID_PROXY_PORT).toBe('3128');
+      expect(env.SQUID_INTERCEPT_PORT).toBe('3129');
     });
 
     it('should mount required volumes in agent container (default behavior)', () => {
@@ -925,6 +927,51 @@ describe('docker-manager', () => {
       }
     });
 
+    it('should exclude proxy env vars when envAll is enabled', () => {
+      const originalHttpProxy = process.env.HTTP_PROXY;
+      const originalHttpsProxy = process.env.HTTPS_PROXY;
+      const originalHttpProxyLower = process.env.http_proxy;
+      const originalHttpsProxyLower = process.env.https_proxy;
+
+      process.env.HTTP_PROXY = 'http://host-proxy:8080';
+      process.env.HTTPS_PROXY = 'http://host-proxy:8080';
+      process.env.http_proxy = 'http://host-proxy:8080';
+      process.env.https_proxy = 'http://host-proxy:8080';
+
+      try {
+        const configWithEnvAll = { ...mockConfig, envAll: true };
+        const result = generateDockerCompose(configWithEnvAll, mockNetworkConfig);
+        const env = result.services.agent.environment as Record<string, string>;
+
+        // Proxy vars must NOT leak from host (intercept mode handles routing)
+        expect(env.HTTP_PROXY).toBeUndefined();
+        expect(env.HTTPS_PROXY).toBeUndefined();
+        expect(env.http_proxy).toBeUndefined();
+        expect(env.https_proxy).toBeUndefined();
+      } finally {
+        if (originalHttpProxy !== undefined) {
+          process.env.HTTP_PROXY = originalHttpProxy;
+        } else {
+          delete process.env.HTTP_PROXY;
+        }
+        if (originalHttpsProxy !== undefined) {
+          process.env.HTTPS_PROXY = originalHttpsProxy;
+        } else {
+          delete process.env.HTTPS_PROXY;
+        }
+        if (originalHttpProxyLower !== undefined) {
+          process.env.http_proxy = originalHttpProxyLower;
+        } else {
+          delete process.env.http_proxy;
+        }
+        if (originalHttpsProxyLower !== undefined) {
+          process.env.https_proxy = originalHttpsProxyLower;
+        } else {
+          delete process.env.https_proxy;
+        }
+      }
+    });
+
     it('should configure DNS to use Google DNS', () => {
       const result = generateDockerCompose(mockConfig, mockNetworkConfig);
       const agent = result.services.agent;

src/docker-manager.ts

@@ -319,14 +319,16 @@ export function generateDockerCompose(
     'SUDO_USER',      // Sudo metadata
     'SUDO_UID',       // Sudo metadata
     'SUDO_GID',       // Sudo metadata
+    'HTTP_PROXY',     // Intercept mode handles routing; explicit proxy is unreachable
+    'HTTPS_PROXY',    // Intercept mode handles routing; explicit proxy is unreachable
+    'http_proxy',     // Lowercase variant
+    'https_proxy',    // Lowercase variant
   ]);
 
   // Start with required/overridden environment variables
   // For chroot mode, use the real user's home (not /root when running with sudo)
   const homeDir = config.enableChroot ? getRealUserHome() : (process.env.HOME || '/root');
   const environment: Record<string, string> = {
-    HTTP_PROXY: `http://${networkConfig.squidIp}:${SQUID_PORT}`,
-    HTTPS_PROXY: `http://${networkConfig.squidIp}:${SQUID_PORT}`,
     SQUID_PROXY_HOST: 'squid-proxy',
     SQUID_PROXY_PORT: SQUID_PORT.toString(),
     SQUID_INTERCEPT_PORT: SQUID_INTERCEPT_PORT.toString(),