[BUG] Cowork scheduled task: domain api.asaas.com blocked by egress proxy (was working previously)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
A Cowork scheduled task that calls the Asaas payment API (api.asaas.com) is being blocked by the network egress proxy with 403 blocked-by-allowlist. This task was working correctly as recently as yesterday (2026-03-22) but started failing today (2026-03-23) without any configuration changes.
Environment:
- Plan: Max (individual)
- Platform: Claude Desktop (Cowork mode)
- OS: Windows
- Blocked domain:
api.asaas.com
All connection methods fail (HTTP proxy port 3128, SOCKS5 proxy port 1080, Python requests, Node.js https). Chrome browser within the Cowork session CAN navigate to api.asaas.com (gets 401 from API), confirming the domain is reachable — but the VM network proxy blocks it.
No visible option to configure a network egress allowlist in Settings > Capabilities or Settings > Cowork on the Max plan. Related to #30112, #30861, and #19087.
What Should Happen?
The domain api.asaas.com should be accessible from Cowork scheduled tasks, as it was working on 2026-03-22. Asaas is a legitimate Brazilian payment platform API.
Please either:
- Add
api.asaas.comto the default allowlist - Expose a domain allowlist configuration in Cowork settings for Max plan users
Error Messages/Logs
$ curl -sv --proxy http://localhost:3128 "https://api.asaas.com/v3/payments?status=OVERDUE"
> CONNECT api.asaas.com:443 HTTP/1.1
< HTTP/1.1 403 Forbidden
< X-Proxy-Error: blocked-by-allowlist
$ curl -sv --socks5-hostname localhost:1080 "https://api.asaas.com/v3/payments"
* SOCKS5 connect to api.asaas.com:443
* Can't complete SOCKS5 connection to api.asaas.com. (2)
# Python requests
requests.exceptions.ProxyError: Tunnel connection failed: 403 Forbidden
# Node.js https (bypassing proxy)
Error: getaddrinfo EAI_AGAIN api.asaas.com
Steps to Reproduce
- Create a Cowork scheduled task that makes HTTP requests to
https://api.asaas.com/v3/payments - Run the scheduled task (or wait for automatic execution)
- Observe that all network calls to
api.asaas.comfail with 403 blocked-by-allowlist from the proxy - Verify that Chrome browser in the same session CAN reach the domain (gets 401, not proxy error)
Claude Model
Opus
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
Cowork (Claude Desktop) - latest version as of 2026-03-23
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
Non-interactive/CI environment
Additional Information
This task was working correctly on 2026-03-22 without any changes to configuration. The scheduled task queries the Asaas API to generate a financial report of overdue payments for a law firm. The sudden blocking without configuration changes suggests either a regression or a change in the default allowlist.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗