docs/examples/proxy-script.md

# Example Proxy Script

The following is an example of a proxy script that can be used with the `GEMINI_SANDBOX_PROXY_COMMAND` environment variable. This script only allows `HTTPS` connections to `example.com:443` and declines all other requests.

```javascript
#!/usr/bin/env node

/**
 * @license
 * Copyright 2025 Google LLC
 * SPDX-License-Identifier: Apache-2.0
 */

// Example proxy server that listens on :::8877 and only allows HTTPS connections to example.com.
// Set `GEMINI_SANDBOX_PROXY_COMMAND=scripts/example-proxy.js` to run proxy alongside sandbox
// Test via `curl https://example.com` inside sandbox (in shell mode or via shell tool)

import http from 'node:http';
import net from 'node:net';
import { URL } from 'node:url';
import console from 'node:console';

const PROXY_PORT = 8877;
const ALLOWED_DOMAINS = ['example.com', 'googleapis.com'];
const ALLOWED_PORT = '443';

const server = http.createServer((req, res) => {
  // Deny all requests other than CONNECT for HTTPS
  console.log(
    `[PROXY] Denying non-CONNECT request for: ${req.method} ${req.url}`,
  );
  res.writeHead(405, { 'Content-Type': 'text/plain' });
  res.end('Method Not Allowed');
});

server.on('connect', (req, clientSocket, head) => {
  // req.url will be in the format "hostname:port" for a CONNECT request.
  const { port, hostname } = new URL(`http://${req.url}`);

  console.log(`[PROXY] Intercepted CONNECT request for: ${hostname}:${port}`);

  if (
    ALLOWED_DOMAINS.some(
      (domain) => hostname == domain || hostname.endsWith(`.${domain}`),
    ) &&
    port === ALLOWED_PORT
  ) {
    console.log(`[PROXY] Allowing connection to ${hostname}:${port}`);

    // Establish a TCP connection to the original destination.
    const serverSocket = net.connect(port, hostname, () => {
      clientSocket.write('HTTP/1.1 200 Connection Established\r\n\r\n');
      // Create a tunnel by piping data between the client and the destination server.
      serverSocket.write(head);
      serverSocket.pipe(clientSocket);
      clientSocket.pipe(serverSocket);
    });

    serverSocket.on('error', (err) => {
      console.error(`[PROXY] Error connecting to destination: ${err.message}`);
      clientSocket.end(`HTTP/1.1 502 Bad Gateway\r\n\r\n`);
    });
  } else {
    console.log(`[PROXY] Denying connection to ${hostname}:${port}`);
    clientSocket.end('HTTP/1.1 403 Forbidden\r\n\r\n');
  }

  clientSocket.on('error', (err) => {
    // This can happen if the client hangs up.
    console.error(`[PROXY] Client socket error: ${err.message}`);
  });
});

server.listen(PROXY_PORT, () => {
  const address = server.address();
  console.log(`[PROXY] Proxy listening on ${address.address}:${address.port}`);
  console.log(
    `[PROXY] Allowing HTTPS connections to domains: ${ALLOWED_DOMAINS.join(', ')}`,
  );
});
```
Release and Packaging: Clean up (#3489) 2025-07-07 16:36:51 -07:00			`# Example Proxy Script`

			The following is an example of a proxy script that can be used with the `GEMINI_SANDBOX_PROXY_COMMAND` environment variable. This script only allows `HTTPS` connections to `example.com:443` and declines all other requests.

			```javascript
restricted networking for all sandboxing methods, new seatbelt profiles, updated docs, fixes to sandbox build, debugging through sandbox (#891) 2025-06-10 08:58:37 -07:00			`#!/usr/bin/env node`

			`/**`
			`* @license`
			`* Copyright 2025 Google LLC`
			`* SPDX-License-Identifier: Apache-2.0`
			`*/`

fixes to proxy on macos: prevent curl from hanging during wait-for-proxy by adding ipv6 support and timeout (#947) 2025-06-11 11:31:38 -07:00			`// Example proxy server that listens on :::8877 and only allows HTTPS connections to example.com.`
restricted networking for all sandboxing methods, new seatbelt profiles, updated docs, fixes to sandbox build, debugging through sandbox (#891) 2025-06-10 08:58:37 -07:00			// Set `GEMINI_SANDBOX_PROXY_COMMAND=scripts/example-proxy.js` to run proxy alongside sandbox
			// Test via `curl https://example.com` inside sandbox (in shell mode or via shell tool)

chore: consistently import node modules with prefix (#3013) Co-authored-by: N. Taylor Mullen <ntaylormullen@google.com> 2025-08-25 22:11:27 +02:00			`import http from 'node:http';`
			`import net from 'node:net';`
			`import { URL } from 'node:url';`
			`import console from 'node:console';`
restricted networking for all sandboxing methods, new seatbelt profiles, updated docs, fixes to sandbox build, debugging through sandbox (#891) 2025-06-10 08:58:37 -07:00
			`const PROXY_PORT = 8877;`
			`const ALLOWED_DOMAINS = ['example.com', 'googleapis.com'];`
			`const ALLOWED_PORT = '443';`

			`const server = http.createServer((req, res) => {`
			`// Deny all requests other than CONNECT for HTTPS`
			`console.log(`
			`[PROXY] Denying non-CONNECT request for: ${req.method} ${req.url}`,
			`);`
			`res.writeHead(405, { 'Content-Type': 'text/plain' });`
			`res.end('Method Not Allowed');`
			`});`

			`server.on('connect', (req, clientSocket, head) => {`
			`// req.url will be in the format "hostname:port" for a CONNECT request.`
			const { port, hostname } = new URL(`http://${req.url}`);

			console.log(`[PROXY] Intercepted CONNECT request for: ${hostname}:${port}`);

			`if (`
			`ALLOWED_DOMAINS.some(`
			(domain) => hostname == domain \|\| hostname.endsWith(`.${domain}`),
			`) &&`
			`port === ALLOWED_PORT`
			`) {`
			console.log(`[PROXY] Allowing connection to ${hostname}:${port}`);

			`// Establish a TCP connection to the original destination.`
			`const serverSocket = net.connect(port, hostname, () => {`
			`clientSocket.write('HTTP/1.1 200 Connection Established\r\n\r\n');`
			`// Create a tunnel by piping data between the client and the destination server.`
			`serverSocket.write(head);`
			`serverSocket.pipe(clientSocket);`
			`clientSocket.pipe(serverSocket);`
			`});`

			`serverSocket.on('error', (err) => {`
			console.error(`[PROXY] Error connecting to destination: ${err.message}`);
			clientSocket.end(`HTTP/1.1 502 Bad Gateway\r\n\r\n`);
			`});`
			`} else {`
			console.log(`[PROXY] Denying connection to ${hostname}:${port}`);
			`clientSocket.end('HTTP/1.1 403 Forbidden\r\n\r\n');`
			`}`

			`clientSocket.on('error', (err) => {`
			`// This can happen if the client hangs up.`
			console.error(`[PROXY] Client socket error: ${err.message}`);
			`});`
			`});`

fixes to proxy on macos: prevent curl from hanging during wait-for-proxy by adding ipv6 support and timeout (#947) 2025-06-11 11:31:38 -07:00			`server.listen(PROXY_PORT, () => {`
			`const address = server.address();`
			console.log(`[PROXY] Proxy listening on ${address.address}:${address.port}`);
restricted networking for all sandboxing methods, new seatbelt profiles, updated docs, fixes to sandbox build, debugging through sandbox (#891) 2025-06-10 08:58:37 -07:00			`console.log(`
			`[PROXY] Allowing HTTPS connections to domains: ${ALLOWED_DOMAINS.join(', ')}`,
			`);`
			`});`
Release and Packaging: Clean up (#3489) 2025-07-07 16:36:51 -07:00			```