Problem Description
The audit tool reports malformed domain names in firewall_analysis.blocked_domains when analyzing Codex runs. Domains appear with leading or trailing double-quote characters:
"*.githubusercontent.com (leading ")chatgpt.com" (trailing ")
Command/Tool
- Tool:
audit
- Affected function:
extractFirewallFromAgentLog in pkg/cli/firewall_log.go
Steps to Reproduce
- Run a Codex workflow where the agent is blocked by the firewall with multiple domains
- The Codex CLI emits a warning in agent-stdio.log like:
[WARN] To fix domain issues: --allow-domains "*.githubusercontent.com,...,chatgpt.com"
- Audit the run: the
firewall_analysis.blocked_domains list will contain "*.githubusercontent.com and chatgpt.com" with spurious quote characters
Confirmed in run: §23934694474
Root Cause
In extractFirewallFromAgentLog (around line 470 of pkg/cli/firewall_log.go), the regex --allow-domains\s+([^\s]+) matches the entire token after --allow-domains, including surrounding double quotes when the argument is quoted.
For the log line:
--allow-domains "*.githubusercontent.com,...,chatgpt.com"
The capture group matches[1] = "*.githubusercontent.com,...,chatgpt.com" (including outer quotes).
When split by comma:
- First element:
"*.githubusercontent.com ← has leading "
- Last element:
chatgpt.com" ← has trailing "
The fix is to strip surrounding double quotes from matches[1] before splitting:
// Strip surrounding quotes if present (e.g., --allow-domains "dom1,dom2")
allowDomains := strings.Trim(matches[1], "\"")
for domain := range strings.SplitSeq(allowDomains, ",") {
if d := strings.TrimSpace(domain); d != "" {
blockedDomainsSet[d] = true
}
}Expected Behavior
blocked_domains should contain clean domain names without surrounding quote characters:
*.githubusercontent.comchatgpt.com
Actual Behavior
blocked_domains contains:
"*.githubusercontent.com (leading ")chatgpt.com" (trailing ")
Impact
- Severity: Medium
- Frequency: Always when a Codex workflow has multiple blocked domains and the agent emits the comma-separated
--allow-domains warning with quotes
- Workaround: None; the malformed domain names appear in audit reports and the MCP audit output
Additional Context
The audit recommendation for adding blocked domains to the workflow network.allowed list also includes these malformed entries, which would produce invalid YAML if copy-pasted:
network:
allowed:
- '"*.githubusercontent.com' # ← invalid
- 'chatgpt.com"' # ← invalidReferences: §23934694474
Generated by Daily CLI Tools Exploratory Tester · ● 2.1M · ◷
Problem Description
The
audittool reports malformed domain names infirewall_analysis.blocked_domainswhen analyzing Codex runs. Domains appear with leading or trailing double-quote characters:"*.githubusercontent.com(leading")chatgpt.com"(trailing")Command/Tool
auditextractFirewallFromAgentLoginpkg/cli/firewall_log.goSteps to Reproduce
firewall_analysis.blocked_domainslist will contain"*.githubusercontent.comandchatgpt.com"with spurious quote charactersConfirmed in run: §23934694474
Root Cause
In
extractFirewallFromAgentLog(around line 470 ofpkg/cli/firewall_log.go), the regex--allow-domains\s+([^\s]+)matches the entire token after--allow-domains, including surrounding double quotes when the argument is quoted.For the log line:
The capture group
matches[1]="*.githubusercontent.com,...,chatgpt.com"(including outer quotes).When split by comma:
"*.githubusercontent.com← has leading"chatgpt.com"← has trailing"The fix is to strip surrounding double quotes from
matches[1]before splitting:Expected Behavior
blocked_domainsshould contain clean domain names without surrounding quote characters:*.githubusercontent.comchatgpt.comActual Behavior
blocked_domainscontains:"*.githubusercontent.com(leading")chatgpt.com"(trailing")Impact
--allow-domainswarning with quotesAdditional Context
The audit recommendation for adding blocked domains to the workflow
network.allowedlist also includes these malformed entries, which would produce invalid YAML if copy-pasted:References: §23934694474