From f75c48323ce65f651381c74ae75a1795e7cc5c45 Mon Sep 17 00:00:00 2001
From: Olcan <olcans@gmail.com>
Date: Wed, 11 Jun 2025 11:31:38 -0700
Subject: fixes to proxy on macos: prevent curl from hanging during
 wait-for-proxy by adding ipv6 support and timeout (#947)

---
 packages/cli/src/utils/sandbox-macos-permissive-proxied.sb  | 2 +-
 packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb | 2 +-
 packages/cli/src/utils/sandbox.ts                           | 6 ++++--
 3 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'packages/cli/src')

diff --git a/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb b/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb
index 861e503d..842fb6a4 100644
--- a/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb
+++ b/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb
@@ -24,7 +24,7 @@
 
 ;; deny all outbound network traffic EXCEPT through proxy on localhost:8877
 ;; set `GEMINI_SANDBOX_PROXY_COMMAND=<command>` to run proxy alongside sandbox
-;; proxy must listen on 0.0.0.0:8877 (see scripts/example-proxy.js)
+;; proxy must listen on :::8877 (see scripts/example-proxy.js)
 (deny network-outbound)
 (allow network-outbound (remote tcp "localhost:8877"))
 
diff --git a/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb b/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb
index cc4c1e5e..826055e5 100644
--- a/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb
+++ b/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb
@@ -88,5 +88,5 @@
 
 ;; allow outbound network traffic through proxy on localhost:8877
 ;; set `GEMINI_SANDBOX_PROXY_COMMAND=<command>` to run proxy alongside sandbox
-;; proxy must listen on 0.0.0.0:8877 (see scripts/example-proxy.js)
+;; proxy must listen on :::8877 (see scripts/example-proxy.js)
 (allow network-outbound (remote tcp "localhost:8877"))
diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts
index d47c44b5..0cb1eb54 100644
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@@ -339,7 +339,7 @@ export async function start_sandbox(sandbox: string) {
       });
       console.log('waiting for proxy to start ...');
       await execAsync(
-        `until curl -s http://localhost:8877; do sleep 0.25; done`,
+        `until timeout 0.25 curl -s http://localhost:8877; do sleep 0.25; done`,
       );
     }
     // spawn child and let it inherit stdio
@@ -661,7 +661,9 @@ export async function start_sandbox(sandbox: string) {
       process.exit(1);
     });
     console.log('waiting for proxy to start ...');
-    await execAsync(`until curl -s http://localhost:8877; do sleep 0.25; done`);
+    await execAsync(
+      `until timeout 0.25 curl -s http://localhost:8877; do sleep 0.25; done`,
+    );
     // connect proxy container to sandbox network
     // (workaround for older versions of docker that don't support multiple --network args)
     await execAsync(
-- 
cgit v1.2.3