Remote/cloud sandbox: GitHub credential-injection proxy returns 502, blocking all git/GitHub access

Open 💬 0 comments Opened Jul 2, 2026 by 0bnoxide

A background agent running with isolation: "remote" (cloud sandbox) could not reach GitHub at all:

  • git clone of an authorized private repo failed with 403 from the session's local git-credential proxy (127.0.0.1:41729).
  • git clone of an unrelated public repo (octocat/Hello-World) failed with the same 403 — ruling out repo/org permissions as the cause.
  • Direct HTTPS calls to api.github.com through the documented HTTPS_PROXY returned HTTP 502 Bad Gateway, body indicating builtin injection failed — the proxy's own credential-injection step is erroring, not cleanly denying.
  • gh CLI was not installed in the affected container, so there was no fallback path.
  • Per the proxy's own /root/.ccr/README.md, 403s are meant to represent org-policy denials to report rather than retry — but the 502 here points to an infra failure in the proxy itself, not a policy decision.

Impact: any remote-isolation agent task needing GitHub access is fully blocked, with no workaround available inside the sandbox.

(No session ID/timestamp available for this occurrence.)

View original on GitHub ↗