From 1b27a4297de5d646000ac4e9dcc5180b0e4ac919 Mon Sep 17 00:00:00 2001 From: 35C4n0r Date: Mon, 22 Jun 2026 11:53:46 +0000 Subject: [PATCH 1/3] docs(registry/coder/modules/agent-firewall): add Codex MCP TLS workaround note --- .../coder/modules/agent-firewall/README.md | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/registry/coder/modules/agent-firewall/README.md b/registry/coder/modules/agent-firewall/README.md index 42cd2b820..5d547584b 100644 --- a/registry/coder/modules/agent-firewall/README.md +++ b/registry/coder/modules/agent-firewall/README.md @@ -82,6 +82,45 @@ resource "coder_app" "claude_with_agent_firewall" { } ``` +### With Codex + +Use agent-firewall alongside the `codex` module the same way as other AI modules. + +> [!WARNING] +> **MCP subprocesses and TLS verification** +> +> Codex clears the subprocess environment when spawning MCP stdio servers, stripping +> the CA cert and proxy vars that agent-firewall injects into the Codex process. +> This causes MCP subprocesses to fail TLS verification against agent-firewall's +> intercepting proxy. This is a known upstream issue: +> [openai/codex#29124](https://github.com/openai/codex/issues/29124). +> +> **Workaround:** pass the required vars through explicitly via `env_vars` in each +> `[mcp_servers.*]` block in `~/.codex/config.toml`: +> +> ```toml +> [mcp_servers.memory] +> command = "npx" +> args = ["-y", "@modelcontextprotocol/server-memory"] +> env_vars = ["NODE_EXTRA_CA_CERTS", "HTTPS_PROXY"] +> ``` +> +> This must be repeated for every MCP server. There is no global default in Codex. +> +> **All vars agent-firewall injects** (from [`landjail/child.go`](https://github.com/coder/boundary/blob/main/landjail/child.go)): +> +> | Variable | Description | +> | ---------------------------- | ---------------------------------------- | +> | `NODE_EXTRA_CA_CERTS` | CA cert for Node.js TLS verification | +> | `SSL_CERT_FILE` | CA cert for OpenSSL/LibreSSL-based tools | +> | `SSL_CERT_DIR` | CA cert directory for OpenSSL | +> | `CURL_CA_BUNDLE` | CA cert for curl | +> | `GIT_SSL_CAINFO` | CA cert for Git | +> | `REQUESTS_CA_BUNDLE` | CA cert for Python requests | +> | `HTTPS_PROXY` / `HTTP_PROXY` | Proxy address for HTTPS/HTTP traffic | +> | `https_proxy` / `http_proxy` | Lowercase aliases for the above | +> | `NO_PROXY` / `no_proxy` | Cleared to prevent bypassing the proxy | + ## Configuration The module ships with a comprehensive default config based on the From ae2e54d066b72c72bb1178906f6d148fa2b25dbe Mon Sep 17 00:00:00 2001 From: 35C4n0r Date: Mon, 22 Jun 2026 13:20:46 +0000 Subject: [PATCH 2/3] chore(registry/coder/modules/agent-firewall): bump version to 0.0.2 --- registry/coder/modules/agent-firewall/README.md | 10 +++++----- registry/coder/modules/agent-firewall/main.tf | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/registry/coder/modules/agent-firewall/README.md b/registry/coder/modules/agent-firewall/README.md index 5d547584b..b7ed4d698 100644 --- a/registry/coder/modules/agent-firewall/README.md +++ b/registry/coder/modules/agent-firewall/README.md @@ -21,7 +21,7 @@ This module: ```tf module "agent-firewall" { source = "registry.coder.com/coder/agent-firewall/coder" - version = "0.0.1" + version = "0.0.2" agent_id = coder_agent.main.id } ``` @@ -40,7 +40,7 @@ network-isolated environment. ```tf module "agent-firewall" { source = "registry.coder.com/coder/agent-firewall/coder" - version = "0.0.1" + version = "0.0.2" agent_id = coder_agent.main.id } @@ -65,7 +65,7 @@ resource "coder_script" "claude_with_agent_firewall" { ```tf module "agent-firewall" { source = "registry.coder.com/coder/agent-firewall/coder" - version = "0.0.1" + version = "0.0.2" agent_id = coder_agent.main.id } @@ -143,7 +143,7 @@ Pass the full YAML content directly: ```tf module "agent-firewall" { source = "registry.coder.com/coder/agent-firewall/coder" - version = "0.0.1" + version = "0.0.2" agent_id = coder_agent.main.id agent_firewall_config = <<-YAML @@ -167,7 +167,7 @@ your path. The file must exist on disk before agent-firewall starts. ```tf module "agent-firewall" { source = "registry.coder.com/coder/agent-firewall/coder" - version = "0.0.1" + version = "0.0.2" agent_id = coder_agent.main.id agent_firewall_config_path = "/workspace/my-agent-firewall-config.yaml" diff --git a/registry/coder/modules/agent-firewall/main.tf b/registry/coder/modules/agent-firewall/main.tf index 8e795007a..359d60d65 100644 --- a/registry/coder/modules/agent-firewall/main.tf +++ b/registry/coder/modules/agent-firewall/main.tf @@ -103,7 +103,7 @@ locals { module "coder_utils" { source = "registry.coder.com/coder/coder-utils/coder" - version = "0.0.1" + version = "0.0.2" agent_id = var.agent_id display_name_prefix = "Agent Firewall" module_directory = var.module_directory From 85a3c782bd898eb1fad88a7bcf8c65a6b669b076 Mon Sep 17 00:00:00 2001 From: 35C4n0r Date: Mon, 22 Jun 2026 13:24:39 +0000 Subject: [PATCH 3/3] fix(registry/coder/modules/agent-firewall): revert coder-utils dependency version bump --- registry/coder/modules/agent-firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/registry/coder/modules/agent-firewall/main.tf b/registry/coder/modules/agent-firewall/main.tf index 359d60d65..8e795007a 100644 --- a/registry/coder/modules/agent-firewall/main.tf +++ b/registry/coder/modules/agent-firewall/main.tf @@ -103,7 +103,7 @@ locals { module "coder_utils" { source = "registry.coder.com/coder/coder-utils/coder" - version = "0.0.2" + version = "0.0.1" agent_id = var.agent_id display_name_prefix = "Agent Firewall" module_directory = var.module_directory