Commit e659b09
authored
fix(proxy): passthrough /rate_limit for CLI proxy liveness probe (#7187)
The gh CLI liveness probe calls `GET /rate_limit` to verify
connectivity. The DIFC proxy was blocking this as an unrecognized
endpoint (HTTP 403), causing the cli-proxy sidecar to fail fast and
prevent agent startup.
**Root cause:** `/rate_limit` is a GET request that enters the "read
operation" path, but `MatchRoute()` returns nil for it, triggering the
fail-closed "access denied: unrecognized endpoint" response.
**Fix:** Add `/rate_limit` to the passthrough list alongside `/meta` —
both are safe read-only metadata endpoints used by `gh` CLI for
initialization.
**Affected:** Any workflow using `features.cli-proxy: true` or
`features.difc-proxy: true` with mcpg >= v0.3.23.
Reported via:
https://github.com/github/gh-aw/actions/runs/27112965256/job/80016366723?pr=377082 files changed
Lines changed: 27 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
59 | 59 | | |
60 | 60 | | |
61 | 61 | | |
62 | | - | |
63 | | - | |
64 | | - | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
65 | 65 | | |
66 | 66 | | |
67 | 67 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
118 | 118 | | |
119 | 119 | | |
120 | 120 | | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
121 | 145 | | |
122 | 146 | | |
123 | 147 | | |
| |||
0 commit comments