Skip to content

feat: include [experimental_network] in <environment_context>#11044

Merged
bolinfest merged 1 commit intomainfrom
pr11044
Feb 8, 2026
Merged

feat: include [experimental_network] in <environment_context>#11044
bolinfest merged 1 commit intomainfrom
pr11044

Conversation

@bolinfest
Copy link
Collaborator

@bolinfest bolinfest commented Feb 7, 2026

If NetworkConstraints is set, then include the relevant settings on <environment_context>. Example:

<environment_context>
  <cwd>/repo</cwd>
  <shell>bash</shell>
  <network enabled="true">
    <allowed>api.example.com</allowed>
    <allowed>*.openai.com</allowed>
    <denied>blocked.example.com</denied>
  </network>
</environment_context>

@bolinfest bolinfest force-pushed the pr11044 branch 6 times, most recently from 081dc2a to fa577c0 Compare February 8, 2026 22:30
Copy link
Collaborator

@viyatb-oai viyatb-oai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should add the proxy enable flag through the env context as an escape hatch (not a good idea if the model uses it every time though). everything else looks good.

@bolinfest bolinfest marked this pull request as ready for review February 8, 2026 22:58
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 51292e7415

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +105 to +108
match self.network {
Some(ref network) => {
lines.push(" <network enabled=\"true\">".to_string());
for allowed in &network.allowed_domains {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Respect disabled network constraints in environment_context

NetworkConstraints includes an enabled flag (e.g., enabled = false in requirements), but the new XML always emits <network enabled="true"> whenever any network constraints are present. That means a configuration that explicitly disables network access will still be reported as enabled to the model, which can mislead behavior or safety gating. Consider propagating the actual enabled value (or omitting the <network> block when enabled == false) instead of hardcoding true here.

Useful? React with 👍 / 👎.

@bolinfest bolinfest merged commit 181b721 into main Feb 8, 2026
32 checks passed
@bolinfest bolinfest deleted the pr11044 branch February 8, 2026 23:16
@github-actions github-actions bot locked and limited conversation to collaborators Feb 8, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants