archive.apache.org in the network allowlist (#435)

potiuk Tue, 02 Jun 2026 05:20:55 -0700

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-steward.git



The following commit(s) were added to refs/heads/main by this push:
     new 656c378  feat(sandbox): allow dist/downloads/archive.apache.org in the 
network allowlist (#435)
656c378 is described below

commit 656c3786cbdf0fe83594ebb28a6b3e43ed1beaa5
Author: Jarek Potiuk <[email protected]>
AuthorDate: Tue Jun 2 14:20:42 2026 +0200

    feat(sandbox): allow dist/downloads/archive.apache.org in the network 
allowlist (#435)
    
    Adds the three Apache distribution hosts to the sandbox network
    allowlist so skills (release verification, advisory/artifact checks)
    can reach them:
    
    - .claude/settings.json — the framework's own dogfood config
    - docs/setup/secure-agent-setup.md — the adopter-facing allowlist
      block adopters copy when setting up the secure agent config, so new
      adopters get these hosts configured too
    - tools/sandbox-lint/expected.json — the CI baseline (M.29) kept in
      sync with the live config
    
    Grouped with lists.apache.org so the apache.org infra hosts stay together.
    
    Generated-by: Claude Code (Opus 4.8)
---
 .claude/settings.json            | 3 +++
 docs/setup/secure-agent-setup.md | 3 ++-
 tools/sandbox-lint/expected.json | 3 +++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.claude/settings.json b/.claude/settings.json
index 8edbf55..a4793de 100644
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -34,6 +34,9 @@
         "pypi.org",
         "files.pythonhosted.org",
         "lists.apache.org",
+        "dist.apache.org",
+        "downloads.apache.org",
+        "archive.apache.org",
         "cveprocess.apache.org",
         "cve.org",
         "www.cve.org",
diff --git a/docs/setup/secure-agent-setup.md b/docs/setup/secure-agent-setup.md
index 5ebd7ef..5b0be13 100644
--- a/docs/setup/secure-agent-setup.md
+++ b/docs/setup/secure-agent-setup.md
@@ -374,7 +374,8 @@ below, annotated.
         "github.com", "api.github.com", "raw.githubusercontent.com",
         "objects.githubusercontent.com", "codeload.github.com", 
"uploads.github.com",
         "pypi.org", "files.pythonhosted.org",
-        "lists.apache.org", "cveprocess.apache.org", "cve.org", "www.cve.org",
+        "lists.apache.org", "dist.apache.org", "downloads.apache.org", 
"archive.apache.org",
+        "cveprocess.apache.org", "cve.org", "www.cve.org",
         "oauth2.googleapis.com", "gmail.googleapis.com"
       ]
     }
diff --git a/tools/sandbox-lint/expected.json b/tools/sandbox-lint/expected.json
index 8edbf55..a4793de 100644
--- a/tools/sandbox-lint/expected.json
+++ b/tools/sandbox-lint/expected.json
@@ -34,6 +34,9 @@
         "pypi.org",
         "files.pythonhosted.org",
         "lists.apache.org",
+        "dist.apache.org",
+        "downloads.apache.org",
+        "archive.apache.org",
         "cveprocess.apache.org",
         "cve.org",
         "www.cve.org",

(airflow-steward) branch main updated: feat(sandbox): allow dist/downloads/archive.apache.org in the network allowlist (#435)

Reply via email to