Commit f0b0d23
fix: always emit CLI_PROXY_POLICY env var for CLI proxy (#25419)
* Initial plan
* fix: always emit CLI_PROXY_POLICY env var with default when no guard policy configured
The DIFC proxy requires a --policy flag to forward requests. Without it,
all API calls return HTTP 503 with body "proxy enforcement not configured".
When no guard policy is explicitly configured in the workflow frontmatter,
the CLI proxy step now emits a default permissive policy:
{"allow-only":{"repos":"all","min-integrity":"none"}}
This ensures the CLI proxy always has a policy to forward requests,
matching the behavior expected by the DIFC proxy (mcpg in proxy mode).
Fixes #25373
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/2a1ff7ff-3323-425d-beb4-ab745e5fe0d1
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>1 parent 4d8360a commit f0b0d23
2 files changed
Lines changed: 82 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
357 | 357 | | |
358 | 358 | | |
359 | 359 | | |
| 360 | + | |
| 361 | + | |
| 362 | + | |
| 363 | + | |
| 364 | + | |
| 365 | + | |
| 366 | + | |
| 367 | + | |
360 | 368 | | |
361 | 369 | | |
362 | 370 | | |
| |||
368 | 376 | | |
369 | 377 | | |
370 | 378 | | |
371 | | - | |
| 379 | + | |
| 380 | + | |
| 381 | + | |
| 382 | + | |
372 | 383 | | |
373 | | - | |
374 | | - | |
| 384 | + | |
| 385 | + | |
| 386 | + | |
| 387 | + | |
375 | 388 | | |
376 | 389 | | |
377 | 390 | | |
| |||
389 | 402 | | |
390 | 403 | | |
391 | 404 | | |
392 | | - | |
393 | | - | |
394 | | - | |
| 405 | + | |
395 | 406 | | |
396 | 407 | | |
397 | 408 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
693 | 693 | | |
694 | 694 | | |
695 | 695 | | |
| 696 | + | |
| 697 | + | |
| 698 | + | |
| 699 | + | |
| 700 | + | |
| 701 | + | |
| 702 | + | |
| 703 | + | |
| 704 | + | |
| 705 | + | |
| 706 | + | |
| 707 | + | |
| 708 | + | |
| 709 | + | |
| 710 | + | |
| 711 | + | |
| 712 | + | |
| 713 | + | |
| 714 | + | |
| 715 | + | |
| 716 | + | |
| 717 | + | |
| 718 | + | |
| 719 | + | |
| 720 | + | |
| 721 | + | |
| 722 | + | |
| 723 | + | |
| 724 | + | |
| 725 | + | |
| 726 | + | |
| 727 | + | |
| 728 | + | |
| 729 | + | |
| 730 | + | |
| 731 | + | |
| 732 | + | |
| 733 | + | |
| 734 | + | |
| 735 | + | |
| 736 | + | |
| 737 | + | |
| 738 | + | |
| 739 | + | |
| 740 | + | |
| 741 | + | |
| 742 | + | |
| 743 | + | |
| 744 | + | |
| 745 | + | |
| 746 | + | |
| 747 | + | |
| 748 | + | |
| 749 | + | |
| 750 | + | |
| 751 | + | |
| 752 | + | |
| 753 | + | |
| 754 | + | |
| 755 | + | |
| 756 | + | |
| 757 | + | |
| 758 | + | |
| 759 | + | |
| 760 | + | |
0 commit comments