[BUG] Agent proxy returns 502 "builtin injection failed" for all github.com hosts; other HTTPS works

Resolved 💬 0 comments Opened Jun 24, 2026 by ashlynfram Closed Jun 30, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

In a managed remote execution environment, every request to GitHub-hosted endpoints fails with HTTP 502 and the body builtin injection failed. This occurs after the proxy CONNECT tunnel is established and TLS negotiation succeeds, which makes a basic DNS, TCP connectivity, or local certificate trust problem unlikely. The failure appears GitHub-specific: github.com, api.github.com, and codeload.github.com all return 502, while other HTTPS hosts tested return 200. This breaks git clone, GitHub zipball downloads via the REST API, and other GitHub-dependent operations.

The environment is configured/reported as having full network access, and the proxy does not appear to classify these as policy or relay denials. In particular, the expected deny signals are absent: no 403/407-style policy denial response and recentRelayFailures is empty. This points to a GitHub-specific failure in the managed proxy/gateway/injection layer rather than a repository permission issue, GitHub authentication issue, DNS issue, certificate issue, or ordinary outbound-network restriction.

What Should Happen?

Requests to GitHub hosts should complete normally. For example, git clone https://github.com/<org>/<repo>.git should produce normal git output, and GET https://api.github.com/... should return the expected GitHub API response, such as HTTP 200 for valid unauthenticated endpoints.

With full network access enabled, GitHub HTTPS requests should not fail differently from other allowed HTTPS hosts such as pypi.org, httpbin.org, and example.com, which already return successfully through the same proxy.

If GitHub access is intentionally restricted, the environment should return a clear policy or permission error rather than HTTP 502 builtin injection failed.

Error Messages/Logs

# Raw response body from GitHub through the proxy:
$ curl -sS https://github.com
builtin injection failed

# Status codes — GitHub hosts:
GET https://github.com          -> HTTP 502   body: "builtin injection failed"
GET https://api.github.com      -> HTTP 502   body: "builtin injection failed"
GET https://codeload.github.com -> HTTP 502   body: "builtin injection failed"

# Control hosts through the same proxy:
GET https://pypi.org        -> HTTP 200
GET https://httpbin.org/get -> HTTP 200
GET https://example.com     -> HTTP 200

# git clone failure:
fatal: unable to access 'https://github.com/<org>/<repo>.git/':
  The requested URL returned error: 403

# curl -v to github.com, trimmed:
# Shows failure occurs after CONNECT + TLS:
* Establish HTTP proxy tunnel to github.com:443
< HTTP/1.1 200 Connection Established
* CONNECT tunnel established, response 200
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* issuer: <Anthropic proxy CA>
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: github.com
< HTTP/1.1 502 Bad Gateway
< Content-Length: 24
builtin injection failed

# Proxy status, with proxy URL omitted:
enabled: true
gitConfigInjection: true
gitSshRewrite: true
recentRelayFailures: []

Steps to Reproduce

  1. Start a Claude Code session in a managed remote execution environment with full network access enabled/reported, launched from the Claude Desktop app.
  1. Confirm general HTTPS access works through the proxy:

curl -sS -o /dev/null -w "%{http_code}\n" https://pypi.org
# expected/observed: 200

curl -sS -o /dev/null -w "%{http_code}\n" https://example.com
# expected/observed: 200

  1. Test a GitHub host:

curl -sS -o /dev/null -w "%{http_code}\n" https://github.com
# observed: 502

  1. View the response body:

curl -sS https://github.com
# observed: builtin injection failed

  1. Confirm the issue affects real git operations:

git clone --depth 1 https://github.com/<any-org>/<any-repo>.git /tmp/x
# observed: fatal: unable to access ... The requested URL returned error: 403

  1. Optional diagnostic: confirm CONNECT and TLS succeed, and the failure occurs on the HTTP GET:

curl -v https://github.com 2>&1 | grep -E "CONNECT tunnel|HTTP/1.1|issuer|verify"

  1. Repeat against another unauthenticated GitHub endpoint:

curl -sS -o /dev/null -w "%{http_code}\n" https://api.github.com
# observed: 502

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.190

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Non-interactive/CI environment

Additional Information

The issue was originally noticed while cloning a private repository using a PAT, but it also reproduces with unauthenticated requests to public GitHub endpoints such as https://github.com and https://api.github.com. That suggests the failure is not caused by the token, private repository permissions, or GitHub org access.

The behavior also differs between curl and git: direct HTTPS requests to GitHub hosts return HTTP 502 with builtin injection failed, while git clone returns HTTP 403. Both only occur for GitHub-hosted endpoints in the same remote environment.

View original on GitHub ↗