Add pysocks dependency for HTTP proxy support

[ConorDSherman]

Summary

• Add pysocks>=1.7.1 as a dependency to enable httplib2 proxy support
• Add --no-sync flag to Dockerfile CMD to prevent runtime PyPI access in network-isolated containers
• Regenerate uv.lock

Problem

When running google-workspace-mcp behind an HTTP proxy (e.g., in a container with network isolation via ToolHive), all googleapiclient API calls fail with:

[Errno 101] Network is unreachable

The OAuth token exchange succeeds, but the subsequent userinfo fetch and all Google API calls fail silently.

Root Cause

google-api-python-client uses httplib2 for HTTP requests. httplib2 has built-in proxy support, but it requires the PySocks package as an optional dependency. Without PySocks installed, httplib2 silently falls back to direct connections, completely ignoring HTTPS_PROXY / HTTP_PROXY environment variables.

This is particularly insidious because:

1. The OAuth token exchange uses google-auth-oauthlib → requests (which does respect proxy env vars) → succeeds ✅
2. The userinfo fetch and all API calls use googleapiclient → httplib2 (which ignores proxy env vars without PySocks) → fails ❌
3. httplib2 does not warn or error when PySocks is missing — it just silently bypasses the proxy

This means the server appears to partially work (OAuth completes) but then fails on every actual API call.

Who This Affects

Anyone running google-workspace-mcp in an environment with HTTP proxy requirements:

• Container isolation tools (ToolHive, Docker with network policies)
• Corporate/enterprise proxy environments
• Kubernetes deployments with egress controls
• Any environment where HTTPS_PROXY is set and direct internet access is blocked

Changes

pyproject.toml

Added pysocks>=1.7.1 to dependencies. This enables httplib2's built-in proxy detection via proxy_info_from_environment().

Dockerfile

Changed uv run main.py → uv run --no-sync main.py. Without --no-sync, uv run attempts dependency resolution at startup, which fails in network-isolated containers where PyPI is unreachable. All dependencies are already installed at build time via uv sync --frozen.

Test Plan

• Verify httplib2 detects proxy: python -c "import httplib2; print(httplib2.socks)" should show a module, not None
• Deploy behind an HTTP proxy with HTTPS_PROXY set — confirm OAuth flow completes AND API calls succeed
• Deploy without proxy — confirm no regression (PySocks is a no-op when no proxy is configured)
• Build Docker image and verify startup with --no-sync flag

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated container runtime command execution with modified flags for improved environment handling.
  • Added required runtime dependency to support application functionality.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2669f096-5066-46fc-b1af-3f3de91516b6

📥 Commits

Reviewing files that changed from the base of the PR and between 8b21589 and 9e5c256.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• Dockerfile
• pyproject.toml

---

📝 Walkthrough

Walkthrough

The Dockerfile's entrypoint command now includes the --no-sync flag when invoking uv run, and a new runtime dependency pysocks>=1.7.1 was added to the project's Python dependencies.

Changes

Cohort / File(s)	Summary
Docker Runtime Configuration Dockerfile	Added --no-sync flag to the uv run command in the container's default command.
Python Dependencies pyproject.toml	Added pysocks>=1.7.1 as a new required runtime dependency.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A flag unfurled, --no-sync takes flight,
And socks of Python join the night,
Two tiny tweaks, both small and bright,
The container hops with pure delight! 🧦✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add pysocks dependency for HTTP proxy support' directly and clearly identifies the main change in the changeset—adding the pysocks dependency for proxy support.
Description check	✅ Passed	The PR description provides comprehensive context including problem statement, root cause analysis, solution details, and a test plan, though it does not strictly follow the repository's template format with sections like 'Type of Change' and 'Checklist'.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}