Skip to content

Fix smoke-codex-firewall test to expect OpenAI access blocked #7010

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 3 commits into from
Dec 19, 2025
Merged

Fix smoke-codex-firewall test to expect OpenAI access blocked #7010

pelikhan merged 3 commits into from
Dec 19, 2025

Conversation

Copy link
Contributor

Copilot AI commented Dec 19, 2025
edited
Loading

The smoke-codex-firewall test incorrectly expected curl access to OpenAI domains to succeed, claiming they are "in the default allowed domains." This is wrong:

  • OpenAI domains are in CodexDefaultDomains, not the defaults network ecosystem
  • GetCodexAllowedDomains() only adds OpenAI domains when the Codex CLI itself runs
  • Raw curl commands execute outside the Codex engine context, so they don't have access to Codex's default domains

Changes

  • Updated test instruction rejig docs #1 to expect OpenAI access via curl to be blocked (correct firewall behavior)
  • Clarified that Codex CLI can still access OpenAI (it adds domains automatically), but raw curl should fail
Original prompt

Please investigate this run failure and fix it:
https://github.com/githubnext/gh-aw/actions/runs/20382871878
OpenAI access ❌ blocked

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@Mossaka
Fix smoke-codex-firewall test to expect OpenAI access blocked
e6363c1 
The test incorrectly expected OpenAI domain access via curl to succeed.
However, OpenAI domains are NOT in the `defaults` or `github` network
ecosystems - they are only added by the Codex CLI engine itself.

This fix updates the test to correctly expect curl access to OpenAI
domains to be BLOCKED, validating the firewall is working correctly.

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copilot AI changed the title [WIP] Investigate and fix run failure in CI pipeline Fix smoke-codex-firewall test to expect OpenAI access blocked Dec 19, 2025
Copilot AI requested a review from Mossaka December 19, 2025 21:51
@Mossaka Mossaka marked this pull request as ready for review December 19, 2025 21:56
@pelikhan pelikhan merged commit ee0bee4 into main Dec 19, 2025
41 of 42 checks passed
@pelikhan pelikhan deleted the copilot/investigate-run-failure branch December 19, 2025 22:01
This was referenced Dec 19, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Mossaka Mossaka Mossaka approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Mossaka Mossaka

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Mossaka @pelikhan