Remote/cloud sandbox: GitHub credential-injection proxy returns 502, blocking all git/GitHub access
Open 💬 0 comments Opened Jul 2, 2026 by 0bnoxide
A background agent running with isolation: "remote" (cloud sandbox) could not reach GitHub at all:
git cloneof an authorized private repo failed with403from the session's local git-credential proxy (127.0.0.1:41729).git cloneof an unrelated public repo (octocat/Hello-World) failed with the same403— ruling out repo/org permissions as the cause.- Direct HTTPS calls to
api.github.comthrough the documentedHTTPS_PROXYreturnedHTTP 502 Bad Gateway, body indicatingbuiltin injection failed— the proxy's own credential-injection step is erroring, not cleanly denying. ghCLI was not installed in the affected container, so there was no fallback path.- Per the proxy's own
/root/.ccr/README.md, 403s are meant to represent org-policy denials to report rather than retry — but the 502 here points to an infra failure in the proxy itself, not a policy decision.
Impact: any remote-isolation agent task needing GitHub access is fully blocked, with no workaround available inside the sandbox.
(No session ID/timestamp available for this occurrence.)