feat(sandbox): expose per-sandbox proxy_config in py + js clients#2742
Merged
Bagatur (baskaryan) merged 1 commit intomainfrom Apr 20, 2026
Merged
feat(sandbox): expose per-sandbox proxy_config in py + js clients#2742Bagatur (baskaryan) merged 1 commit intomainfrom
Bagatur (baskaryan) merged 1 commit intomainfrom
Conversation
The server's CreateClaimPayload already accepts a proxy_config block (rules, no_proxy, access_control.allow_list/deny_list) enforced by the sandbox proxy sidecar, but neither SDK exposed it. Callers that want to restrict a sandbox's outbound traffic to a hostname allowlist had no way to do so short of crafting the raw HTTP request. Python: add proxy_config: Optional[dict[str, Any]] to create_sandbox and the sandbox() context-manager wrapper on both SandboxClient and AsyncSandboxClient. Forwarded to the server as-is under the proxy_config key; omitted from the payload when None. JS: add proxyConfig?: SandboxProxyConfig to CreateSandboxOptions, with SandboxProxyConfig / SandboxAccessControl interfaces exported from the sandbox module. Snake-case on the wire to match the server; forwarded as-is when provided. Unit tests cover both "forwarded verbatim" and "omitted when unset" for all four client surfaces. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
Ramon Nogueira (ramon-langchain)
approved these changes
Apr 20, 2026
Bagatur (baskaryan)
added a commit
that referenced
this pull request
Apr 20, 2026
Bump Python SDK to 0.7.33 and JS SDK to 0.5.21. Releases the `proxy_config` kwarg on `create_sandbox` (py + js) added in #2742 so downstream callers (issues-board agent / `smith-issues-agent`) can pin against it. Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The server's CreateClaimPayload already accepts a proxy_config block (rules, no_proxy, access_control.allow_list/deny_list) enforced by the sandbox proxy sidecar, but neither SDK exposed it. Callers that want to restrict a sandbox's outbound traffic to a hostname allowlist had no way to do so short of crafting the raw HTTP request.
Python: add proxy_config: Optional[dict[str, Any]] to create_sandbox and the sandbox() context-manager wrapper on both SandboxClient and AsyncSandboxClient. Forwarded to the server as-is under the proxy_config key; omitted from the payload when None.
JS: add proxyConfig?: SandboxProxyConfig to CreateSandboxOptions, with SandboxProxyConfig / SandboxAccessControl interfaces exported from the sandbox module. Snake-case on the wire to match the server; forwarded as-is when provided.
Unit tests cover both "forwarded verbatim" and "omitted when unset" for all four client surfaces.