Puck.Proxy.Sandbox (Puck v0.2.8)

View Source

A sandbox-aware HTTP proxy with domain allowlisting and credential injection.

This is a simple proxy that validates requests against an allowlist and injects credentials before forwarding with Req.

Architecture

This proxy runs OUTSIDE the sandbox VM. The sandbox VM:

  1. Has network restricted to only reach this proxy (via iptables)
  2. Makes requests to http://proxy:4000/{target_url}
  3. Never sees credentials - they're injected here

Usage

# Start with Bandit
Bandit.start_link(
  plug: {Puck.Proxy.Sandbox, [
    allowed_domains: ["api.anthropic.com", "api.github.com"],
    credentials: %{
      "api.anthropic.com" => [
        {"x-api-key", System.get_env("ANTHROPIC_API_KEY")},
        {"anthropic-version", "2023-06-01"}
      ]
    }
  ]},
  port: 4000
)

Request Format

The sandbox sends requests with the target URL in the path:

POST http://proxy:4000/https://api.anthropic.com/v1/messages
Content-Type: application/json

{"model": "claude-3", "messages": [...]}

The proxy:

  1. Extracts target URL from path
  2. Validates domain against allowlist
  3. Injects credentials for that domain
  4. Forwards request with Req
  5. Streams response back