feat: add FirewallConfig and integrate with SandboxNetwork and ProxyC…

[Joffref]

Fixes ENG-3079

• Introduced FirewallConfig model to specify network lockdown rulesets.
• Updated SandboxNetwork to include firewall configuration and subnet attributes.
• Enhanced ProxyConfig to support allowed and forbidden domains.
• Added tests for FirewallConfig and its integration with SandboxNetwork and ProxyConfig.

This change improves the network configuration capabilities for sandbox environments.

---

Note

Adds FirewallConfig model for network lockdown rulesets, extends SandboxNetwork with firewall and subnet fields, and adds allowed_domains/forbidden_domains to ProxyConfig. Includes unit tests for round-trip serialization.

^{Written by Mendral for commit 0e7b2fe.}

[mendral-app]

🧪 Testing Guide

What this PR addresses

Introduces a new FirewallConfig model for specifying network lockdown rulesets (e.g., "default", "proxy", "dedicated-ip") and integrates it into SandboxNetwork. Also adds allowed_domains and forbidden_domains fields to ProxyConfig (deprecating the top-level equivalents on SandboxNetwork), and adds a subnet attribute to SandboxNetwork. Includes unit and integration tests for the new behavior.

Steps to reproduce / exercise the new behavior

1. Unit tests — Run the new model round-trip tests:

   pytest tests/core/test_sandbox_network.py -v

   This validates FirewallConfig, ProxyConfig (with new domain fields), and SandboxNetwork serialization/deserialization.

2. Integration tests (requires sandbox infrastructure access):

   pytest tests/integration/core/sandbox/proxy/test_firewall.py -v

   The new TestFirewallNoProxyBypass class creates a sandbox with firewall: {rulesets: ["proxy"]} and verifies that even when proxy env vars are unset, network egress is still blocked (proving firewall enforcement at the network level).

3. Manual model verification — In a Python REPL or script:

   from blaxel.core.client.models import FirewallConfig, ProxyConfig, SandboxNetwork
   
   # FirewallConfig round-trip
   fw = FirewallConfig(rulesets=["proxy"])
   assert fw.to_dict() == {"rulesets": ["proxy"]}
   assert FirewallConfig.from_dict({"rulesets": ["proxy"]}).rulesets == ["proxy"]
   
   # ProxyConfig with new domain fields
   proxy = ProxyConfig(allowed_domains=["api.stripe.com"], forbidden_domains=["*.evil.com"])
   d = proxy.to_dict()
   assert d["allowedDomains"] == ["api.stripe.com"]
   assert d["forbiddenDomains"] == ["*.evil.com"]
   
   # SandboxNetwork with firewall + subnet
   net = SandboxNetwork.from_dict({"firewall": {"rulesets": ["proxy"]}, "subnet": "sn-1"})
   assert net.firewall.rulesets == ["proxy"]
   assert net.subnet == "sn-1"

What to verify (expected behavior)

• FirewallConfig correctly serializes/deserializes rulesets; empty dict returns None from from_dict.
• ProxyConfig now supports allowed_domains and forbidden_domains with camelCase serialization keys (allowedDomains, forbiddenDomains) and accepts both snake_case and camelCase on deserialization.
• SandboxNetwork includes new firewall and subnet fields; existing allowed_domains/forbidden_domains fields are preserved (marked deprecated in docstrings).
• All existing tests continue to pass — no regressions in the existing network/proxy model behavior.
• The integration test confirms the "proxy" firewall ruleset blocks direct egress even when proxy environment variables are stripped (exit code ≠ 0 with timeout).

Note

Posted by PR Testing Guide · Tag @mendral-app with feedback.

[mendral-app]

🔍 PR Interaction Diagram

Here's a sequence diagram showing how the new FirewallConfig integrates with SandboxNetwork and ProxyConfig:

sequenceDiagram
    participant Client
    participant SandboxNetwork
    participant FirewallConfig
    participant ProxyConfig

    Note over SandboxNetwork: Configuration Phase (from_dict)
    Client->>SandboxNetwork: from_dict(raw_config)
    SandboxNetwork->>FirewallConfig: from_dict(firewall_data)
    FirewallConfig-->>SandboxNetwork: FirewallConfig(rulesets=["proxy"])
    SandboxNetwork->>ProxyConfig: from_dict(proxy_data)
    Note over ProxyConfig: Now includes allowed_domains & forbidden_domains
    ProxyConfig-->>SandboxNetwork: ProxyConfig(allowed_domains, forbidden_domains, ...)
    SandboxNetwork-->>Client: SandboxNetwork(firewall, proxy, subnet)

    Note over SandboxNetwork: Serialization Phase (to_dict)
    Client->>SandboxNetwork: to_dict()
    SandboxNetwork->>FirewallConfig: to_dict()
    FirewallConfig-->>SandboxNetwork: {"rulesets": [...]}
    SandboxNetwork->>ProxyConfig: to_dict()
    ProxyConfig-->>SandboxNetwork: {"allowedDomains": [...], "forbiddenDomains": [...], ...}
    SandboxNetwork-->>Client: Full config dict (camelCase for API)

    Note over FirewallConfig,ProxyConfig: Runtime Enforcement
    Client->>SandboxNetwork: Apply network config to sandbox
    SandboxNetwork->>FirewallConfig: Enforce ruleset ("proxy")
    Note over FirewallConfig: Network-level egress lockdown<br/>(cannot be bypassed by unsetting env vars)
    SandboxNetwork->>ProxyConfig: Apply domain filtering
    Note over ProxyConfig: allowed_domains takes precedence<br/>over forbidden_domains

Loading

Summary of Flow

Component	Role
FirewallConfig (new)	Defines network-level rulesets (default, proxy, dedicated-ip) that enforce egress restrictions at the infrastructure layer
ProxyConfig (enhanced)	Now supports allowed_domains / forbidden_domains for application-level domain filtering with wildcard support
SandboxNetwork (extended)	Orchestrates firewall + proxy + new subnet field; deprecates top-level domain fields in favor of proxy.*

Key design point: The "proxy" firewall ruleset enforces egress at the network level, preventing bypass even when proxy environment variables are unset — as validated by the new integration test.

Note

Posted by PR Sequence Diagram · Tag @mendral-app with feedback.

[mendral-app]

📋 Created Linear issue ENG-3079 — status: In Progress

• Assignee: Mathis Joffre
• Labels: Feature, SDK
• Estimate: M (6 files, 283 additions)
• PR linked: ✅ Issue will auto-close when this PR merges

Auto-created because no Linear reference was found in the PR title, description, or branch name.

Note

Posted by Linear Issue Enforcer · Tag @mendral-app with feedback.

[mendral-app]

LGTM

Code follows existing patterns consistently. The from_dict nested-pop pattern for camelCase/snake_case fallback is correct (eager evaluation ensures both keys are cleaned from additional_properties). No correctness or security issues found.

CI Failures: All 8 failing jobs hit SandboxAPIError: You don't have access to workspace... during sandbox creation — a known transient API permissions issue (insight), not caused by this PR. Safe to re-run.

_{Tag @mendral-app with feedback or questions. View session}