Skip to content

Allow models.dev in sandbox proxy for model catalog resolution #3041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgageot merged 2 commits into from
Jun 10, 2026
+34 −8
Merged

Allow models.dev in sandbox proxy for model catalog resolution #3041

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
397bc99
Allow models.dev in sandbox proxy for catalog metadata resolution
dgageot Jun 9, 2026
6d7fd02
refactor: derive ModelsDevAPIURL from APIHost to prevent drift
dgageot Jun 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 20 additions & 7 deletions cmd/root/sandbox.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"github.com/docker/docker-agent/pkg/config"
latestcfg "github.com/docker/docker-agent/pkg/config/latest"
"github.com/docker/docker-agent/pkg/environment"
"github.com/docker/docker-agent/pkg/modelsdev"
"github.com/docker/docker-agent/pkg/paths"
"github.com/docker/docker-agent/pkg/sandbox"
"github.com/docker/docker-agent/pkg/sandbox/kit"
Expand Down Expand Up @@ -175,6 +176,7 @@ func runInSandbox(ctx context.Context, cmd *cobra.Command, args []string, runCon
userHosts := userSandboxAllowlist(ctx)

printModelsGateway(cmd.OutOrStdout(), runConfig.ModelsGateway)
printModelsDevAllowance(cmd.OutOrStdout())
printToolInstallAllowance(cmd.OutOrStdout(), kitResult)
printAgentNetworkAllowlist(cmd.OutOrStdout(), agentHosts)
printUserSandboxAllowlist(cmd.OutOrStdout(), userHosts)
Expand Down Expand Up @@ -272,15 +274,18 @@ func dockerAgentArgs(cmd *cobra.Command, args []string, configDir string) []stri
}

// allowSandboxHosts adds per-sandbox allow-network rules for every
// host the in-sandbox runtime is known to need: the configured
// models gateway (when set), the package hosts the auto-installer
// reaches for (when the kit build identified at least one
// auto-installable toolset), and any extra hosts the agent author
// declared in runtime.network_allowlist. The default sandbox proxy
// denies all of them; without this, the inner agent's first request
// returns a misleading "403 Blocked by network policy".
// host the in-sandbox runtime is known to need: the models.dev
// catalog API (always), the configured models gateway (when set), the
// package hosts the auto-installer reaches for (when the kit build
// identified at least one auto-installable toolset), and any extra
// hosts the agent author declared in runtime.network_allowlist. The
// default sandbox proxy denies all of them; without this, the inner
// agent's first request returns a misleading "403 Blocked by network
// policy".
//
// Holes are punched only when the corresponding feature is in play:
// - models.dev is always opened — every run resolves model
// metadata (limits, pricing, capabilities) against the catalog;
// - the gateway host is added only when gatewayURL is non-empty;
// - the per-agent install hosts come from the kit build, which
// looks each toolset up against the aqua registry and contributes
Expand All @@ -300,6 +305,7 @@ func dockerAgentArgs(cmd *cobra.Command, args []string, configDir string) []stri
// inner and we surface that diagnostic verbatim.
func allowSandboxHosts(ctx context.Context, backend *sandbox.Backend, name, gatewayURL string, toolInstallHosts, agentHosts, userHosts []string) {
var hosts []string
hosts = append(hosts, modelsdev.APIHost)
hosts = append(hosts, toolInstallHosts...)
hosts = append(hosts, agentHosts...)
hosts = append(hosts, userHosts...)
Expand Down Expand Up @@ -480,6 +486,13 @@ func printModelsGateway(w io.Writer, gateway string) {
fmt.Fprintf(w, "Models gateway: %s (allowlisting %s in the sandbox proxy)\n", display, host)
}

// printModelsDevAllowance prints that the models.dev catalog host is
// always allowlisted in the sandbox proxy, since every run resolves
// model metadata against it.
func printModelsDevAllowance(w io.Writer) {
fmt.Fprintf(w, "Models catalog: allowlisting %s in the sandbox proxy\n", modelsdev.APIHost)
}

// printToolInstallAllowance prints a multi-line description of the
// package-host allowlist opened for this sandbox: a one-liner
// summary followed by every host on its own indented line so the
Expand Down
8 changes: 8 additions & 0 deletions cmd/root/sandbox_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,14 @@ func TestPrintModelsGateway(t *testing.T) {
}
}

func TestPrintModelsDevAllowance(t *testing.T) {
t.Parallel()

var buf strings.Builder
printModelsDevAllowance(&buf)
assert.Equal(t, "Models catalog: allowlisting models.dev in the sandbox proxy\n", buf.String())
}

func TestPrintToolInstallAllowance(t *testing.T) {
t.Parallel()

Expand Down
7 changes: 6 additions & 1 deletion pkg/modelsdev/store.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,12 @@ import (
)

const (
ModelsDevAPIURL = "https://models.dev/api.json"
// APIHost is the models.dev catalog host. Sandbox callers allowlist
// it so the in-sandbox agent can reach the catalog through the
// default-deny network proxy.
APIHost = "models.dev"
// ModelsDevAPIURL is derived from APIHost so the two can't drift.
ModelsDevAPIURL = "https://" + APIHost + "/api.json"
CacheFileName = "models_dev.json"
refreshInterval = 24 * time.Hour
)
Expand Down
Loading