[Fixed] Test (Codex) fails behind Clash/local proxy on macOS + Podman

[yangwenmai]

Summary

Test (Codex) fails in a local network environment that depends on a local proxy (Clash on macOS), even though Codex OAuth is already configured correctly.

The root cause appears to be that the sandbox container does not automatically inherit a usable proxy configuration. As a result, the Codex process inside the container cannot reach OpenAI endpoints and eventually times out.

Environment

• Wallfacer: current local source build
• Host OS: macOS
• Container runtime: Podman
• Network setup: local proxy via Clash
• Proxy on host: 127.0.0.1:7897
• Sandbox: codex
• Auth mode: ChatGPT OAuth / Codex local auth already configured

Steps to Reproduce

1. Run Wallfacer on macOS with Podman.
2. Use a network environment where OpenAI access requires a local proxy (for example Clash).
3. Ensure Codex auth is already configured and recognized.
4. In Wallfacer UI, click Test (Codex).

Expected Behavior

The Codex sandbox smoke test should complete successfully and return pass.

Actual Behavior

The test task times out or fails with request/send errors from inside the container.

UI show Testing...

Observed Errors

UI / task output:

{"type":"turn.failed","error":{"message":"stream disconnected before completion: error sending request for url (https://chatgpt.com/backend-api/codex/responses)"}}

API response:

{
  "task_id": "c972cbd8-f875-48ad-8664-95bd22d3c414",
  "sandbox": "codex",
  "status": "failed",
  "result": "container terminated: context deadline exceeded"
}

Server logs:

00:12:01.074  WRN  runner    oversight.go:793  oversight: agent container failed  │  task=27bed544  agent=oversight-test  sandbox=codex  model=""  error="container terminated: context deadline exceeded"
00:12:01.075  WRN  runner    oversight.go:136  test oversight: agent failed  │  task=27bed544  error="container terminated: context deadline exceeded"

11:36:26.206  DBG  runner    container.go:581  exec  │  cmd=/opt/homebrew/bin/podman  name=wallfacer-you-are-a-smoke-check-for-sand-c972cbd8  sandbox=codex  workdir=/workspace/national-simulator-v4  volumes=6
11:36:26.291  DBG  runner    worker.go:68  worker create  │  container=wallfacer-worker-c972cbd8  volumes=6
11:36:26.572  DBG  runner    worker.go:107  worker exec  │  container=wallfacer-worker-c972cbd8  workdir=/workspace/national-simulator-v4
11:39:26.120  ERR  runner    execute.go:445  container error  │  task=c972cbd8  error="container terminated: context deadline exceeded"
11:39:26.172  INF  handler   server.go:992  POST /api/env/test  │  status=200  dur=3m0.415s

Diagnosis

In this environment:

• host access to OpenAI requires a local proxy
• the proxy is available on the host as 127.0.0.1:7897
• but the sandbox container cannot use host loopback directly
• so the Codex process inside the container cannot reach OpenAI unless proxy env vars are explicitly configured for container use

For Podman on macOS, the proxy had to be configured as:

• http://host.containers.internal:7897

not:

• http://127.0.0.1:7897

Workaround

Adding the following to ~/.wallfacer/.env fixed the issue:

HTTP_PROXY=http://host.containers.internal:7897
HTTPS_PROXY=http://host.containers.internal:7897
ALL_PROXY=http://host.containers.internal:7897
NO_PROXY=127.0.0.1,localhost,host.containers.internal

After that, Test (Codex) succeeded:

{"task_id":"46388631-6f38-4ead-98c3-504938e7dafb","sandbox":"codex","status":"done","last_test_result":"pass"}

Suggested Improvement

At minimum, it would help if Wallfacer documented this case explicitly:

• local/system proxy on macOS
• Podman sandbox networking
• container must use host.containers.internal, not 127.0.0.1

Optionally, Wallfacer could also improve diagnostics by surfacing a hint when Codex sandbox requests fail in a way consistent with missing proxy configuration.

[changkun]

This is likely not needed anymore. In the latest tip I will add a host run mode and get rid of the sandbox complexity.