Hosted Shell container cannot clone from github.com even though github.com is allowlisted in network_policy

Alexander_Popov · March 26, 2026, 9:55am

I’m running into an issue with the OpenAI hosted Shell tool in a reusable container.

I create a container with a network allowlist that includes github.com, then reuse that container via the Shell tool and ask the agent to clone a GitHub repository into /mnt/data. This used to work, but recently it started failing.

What’s confusing is that the failure is not an auth error from GitHub. It fails before reaching GitHub, with an error about connecting to a proxy on port 8080.

I’m trying to understand:

Why outbound traffic is being routed through a proxy on port 8080
Whether this is expected behavior for hosted containers
Whether there is any supported way to avoid that proxy routing or make git clone work again for an allowlisted domain like github.com

Container configuration

{
  "expires_after": {
    "anchor": "last_active_at",
    "minutes": 20
  },
  "network_policy": {
    "type": "allowlist",
    "allowed_domains": ["github.com"]
  }
}

Shell tool configuration

{
  "type": "shell",
  "environment": {
    "type": "container_reference",
    "container_id": "cntr_xxx"
  }
}

Command the agent executed

This is the shell command the agent produced. I’ve scrubbed the repo path and token details, but left the structure intact:

set -euo pipefail
cd /mnt/data
TOKEN_FILE=$(find /mnt/data -maxdepth 1 -type f | awk -F/ '$NF ~ /(^|.*-)github_token\.txt$/ {print $0; exit}')
if [ -z "${TOKEN_FILE:-}" ]; then echo 'TOKEN_FILE_NOT_FOUND'; exit 2; fi
DEST=/mnt/data/repo
if [ -e "$DEST" ]; then
  if [ -d "$DEST/.git" ]; then
    URL=$(git -C "$DEST" remote get-url origin 2>/dev/null || true)
    TOP=$(git -C "$DEST" rev-parse --show-toplevel 2>/dev/null || true)
    if [ "$TOP" = "$DEST" ] && printf '%s' "$URL" | grep -q 'github.com[:/]<org>/<repo>\.git'; then
      echo 'EXISTS_OK'
      git -C "$DEST" rev-parse --is-inside-work-tree
      exit 0
    else
      echo 'DEST_EXISTS_BUT_NOT_EXPECTED_REPO'
      exit 3
    fi
  else
    echo 'DEST_EXISTS_NOT_GIT_REPO'
    exit 4
  fi
fi
TOKEN=$(cat "$TOKEN_FILE")
set +e
git -c http.sslVerify=false clone "https://x-access-token:${TOKEN}@github.com/<org>/<repo>.git" "$DEST" 2>&1 | sed -E 's#x-access-token:[^@]+@#x-access-token:***@#g'
status=${PIPESTATUS[0]}
set -e
unset TOKEN
exit $status

Result

Cloning into '/mnt/data/repo'...
fatal: unable to access 'https://github.com/<org>/<repo>.git/': Failed to connect to proxy port 8080 after 3054 ms: Could not connect to server

Question

Is this proxy routing through port 8080 expected for hosted Shell containers, and if so, is there any supported way to make git clone against an allowlisted github.com domain work reliably again?

danoandco · April 11, 2026, 12:39am

Yep, same here. Hosted Shell is setting HTTP_PROXY/HTTPS_PROXY to http://proxy:8080, and both curl and git fail with Failed to connect to proxy port 8080 even when api.github.com, github.com, and codeload.github.com are allowlisted. Looks like a Hosted Shell proxy/runtime issue rather than a GitHub or allowlist issue.

Topic		Replies	Views
Responses API Outage: Hosted shell tool w internet access producing errors Bugs bug , responses-api , shell-tool	8	298	March 18, 2026
Codex internet access not working Codex codex	3	1791	September 2, 2025
Testcontainers Cloud cannot connect from Codex Cloud (“ssh client creation: all endpoints failed”) Codex codex	0	116	November 4, 2025
Codex with ‘unrestricted internet access’ are still hard-blocked by an internal allowlist — please fix this! Codex CLI codex , chatgpt , plugin-development , api	0	331	October 17, 2025
403 CONNECT tunnel error on repository sync Codex	3	236	February 26, 2026

Hosted Shell container cannot clone from github.com even though github.com is allowlisted in network_policy

Related topics