HackerNews中文版

这有点奇怪，因为一开始这是一个提问，现在变成了一个混合的展示/提问。我的问题是，我该如何利用Codex的代理网络？我希望Codex能够访问其保护环境外部运行的本地服务（而不是MCP服务器）。默认的config.toml文件包含以下内容： ``` [permissions.network] # enabled = true # proxy_url = "http://127.0.0.1:43128" # admin_url = "http://127.0.0.1:43129" # enable_socks5 = false # socks_url = "http://127.0.0.1:43130" # enable_socks5_udp = false # allow_upstream_proxy = false # dangerously_allow_non_loopback_proxy = false # dangerously_allow_non_loopback_admin = false # dangerously_allow_all_unix_sockets = false # mode = "limited" # limited | full # allowed_domains = ["api.openai.com"] # denied_domains = ["example.com"] # allow_unix_sockets = ["/var/run/docker.sock"] # allow_local_binding = false ``` 我无法让它正常工作，所以我下载了Codex的源代码并指向它，但经过几个小时后情况没有好转。我在这里提问是因为其他地方对AI的关注度远不如这里，但对于这样一个简单的问题，我决定同时尝试构建自己的网络容器……这真是让人头疼。首先，我代理了本地流量，忘记了Codex需要openai.com/chatgpt.com才能工作。然后我遇到了systemd-resolved绑定:53 SO_BINDTODEVICE的问题，这可能是我认为自己知道最好的一种症状，因此我无法重定向DNS。还有很多其他的小问题，但一周后，我认为这是一次非常有趣的Linux网络深度探索。总之，我在这里的成果[1]虽然是一次性的，但也是构建网络命名空间容器的一个非常有用的指南。希望它能为其他人提供有用的路线图。 1. https://gist.github.com/orbisvicis/347fb8439b658fd6161486f3de1e1ea0

查看原文

This is a bit odd, because it was going to start off as an Ask, and now its a hybrid Show/Ask.<p>The ask being, how in the world do I make use of Codex's proxy networking? I wanted Codex to have access to local services (not MCP servers) running outside its bubblewrap. The default config.toml file ships with this:<p><pre><code> [permissions.network] # enabled = true # proxy_url = "http://127.0.0.1:43128" # admin_url = "http://127.0.0.1:43129" # enable_socks5 = false # socks_url = "http://127.0.0.1:43130" # enable_socks5_udp = false # allow_upstream_proxy = false # dangerously_allow_non_loopback_proxy = false # dangerously_allow_non_loopback_admin = false # dangerously_allow_all_unix_sockets = false # mode = "limited" # limited | full # allowed_domains = ["api.openai.com"] # denied_domains = ["example.com"] # allow_unix_sockets = ["/var/run/docker.sock"] # allow_local_binding = false </code></pre> I couldn't get it to work, so I downloaded Codex's source code and pointed Codex at it, but after a few hours it hadn't fared any better. I was thinking about asking here because nowhere else is 1000% all-in on AI, but for such a simple question I decided to concurrently try building my own network container... Which was a pain in the butt. First I proxied local traffic, forgetting that codex needs openai.com/chatgpt.com to work. Then I ran into systemd-resolved binding :53 SO_BINDTODEVICE, likely a symptom of I-think-I-know-best-itis, so I couldn't redirect DNS. There were lots of other paper-cuts, but a week later I consider this a really interesting deep-dive into Linux networking.<p>Anyway what I have here [1] is somewhat of a one-off, but also a really useful guide to building a network namespace container. Hopefully it'll be a useful roadmap for others.<p>1. https://gist.github.com/orbisvicis/347fb8439b658fd6161486f3de1e1ea0

包含的编码网络