[BUG] Cowork VM network egress allowlist ignores Admin Capabilities settings

Resolved 💬 3 comments Opened Feb 6, 2026 by rikgoedhart Closed Feb 10, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Hi,
I'm using Claude Cowork mode (research preview) on a Team/Pro plan and have encountered an issue with the network egress allowlist.
The problem:
I've added gateway.pixazo.ai to the allowed domains in Admin Settings → Capabilities → Network Access, but the Cowork VM proxy still blocks traffic to this domain with 403 Forbidden and header X-Proxy-Error: blocked-by-allowlist. The Admin settings appear to have no effect on the actual proxy running inside the VM.

Context:
I have a custom Pixazo image generation skill that calls gateway.pixazo.ai. The skill works correctly but all API calls fail because the VM proxy blocks the domain — despite it being listed in my Admin allowlist. Testing confirms only hardcoded domains (api.anthropic.com, pypi.org, github.com, npmjs.org) pass through.

What Should Happen?

Expected behavior:
Domains added to the network egress allowlist in Admin Capabilities should be allowed by the Cowork VM proxy.

Error Messages/Logs

403 Forbidden and header X-Proxy-Error: blocked-by-allowlist.

Steps to Reproduce

teps to reproduce:

Add gateway.pixazo.ai to the network egress allowlist in Admin → Capabilities
Start a Cowork session
Run: curl -v https://gateway.pixazo.ai
Result: proxy returns 403 blocked-by-allowlist

Claude Model

Opus

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

1.1.2156

Platform

Other

Operating System

macOS

Terminal/Shell

Other

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗