InkdownInkdown
Start writing

Claude-Code

62 files·4 subfolders

Shared Workspace

Claude-Code
codex

18-upstreamproxy

Shared from "Claude-Code" on Inkdown

CCR Container Networking (upstreamproxy)

How Claude Code Remote (CCR) containers handle outbound network traffic securely.

Overview

When Claude Code runs inside a CCR (Claude Code Remote) container, all outbound network traffic must be proxied through the CCR server for security and monitoring. The upstreamproxy system handles this.

Architecture

Plain text
┌─────────────────────────────────────────────────────┐
│              CCR Container                          │
│                                                      │
│  ┌──────────┐    ┌──────────────┐    ┌───────────┐  │
│  │  curl/   │───▶│  MITM Proxy  │───▶│  Relay    │  │
│  │  gh/     │    │  (localhost) │    │  (WS)     │  │
│  │  kubectl │    │              │    │           │  │
│  └──────────┘    └──────────────┘    └─────┬─────┘  │
│                                            │        │
│  HTTPS_PROXY=localhost:port                │        │
│  SSL_CERT_FILE=/run/ccr/ca.crt             │        │
└────────────────────────────────────────────┼────────┘
                                             │
                                    WebSocket tunnel
                                             │
                                    ┌────────▼────────┐
                                    │   CCR Server    │
                                    │   (outbound)    │
                                    └─────────────────┘
0000_start_here_index_and_recommended_reading_order.md
0100_project_overview_tech_stack_runtime_modes_and_folder_map.md
0200_startup_flow_entry_points_and_cold_start_sequence.md
0300_codebase_modules_layers_state_models_and_schemas.md
0400_system_architecture_and_design_rationale.md
0500_interactive_repl_request_flow_end_to_end.md
0600_headless_sdk_and_print_mode_request_flow_end_to_end.md
0700_mcp_integration_connection_and_tool_call_flow.md
0800_external_services_sdks_storage_and_local_dependencies.md
0900_environment_variables_settings_feature_flags_and_failure_modes.md
1000_non_obvious_patterns_gotchas_and_debugging_traps.md
1100_full_codebase_file_inventory_grouped_by_directory.md
kimi
00-overview.md
01-entrypoints.md
02-state-management.md
03-query-system.md
04-tools-system.md
05-tasks-system.md
06-ui-components.md
07-bridge-remote.md
08-services.md
09-skills-plugins.md
10-commands.md
11-testing-architecture.md
12-permission-system.md
13-build-system.md
14-ink-internals.md
15-git-internals.md
16-context-compaction.md
17-vim-mode.md
18-mailbox-notifications.md
19-session-persistence.md
20-hooks-system.md
21-error-recovery.md
README.md
qwen
00-overview.md
01-entry-points.md
02-query-engine.md
03-tools-and-tasks.md
04-commands-and-skills.md
05-state-management.md
06-ink-rendering.md
07-bridge-remote.md
08-mcp-services.md
09-services-overview.md
10-multi-agent.md
11-system-prompt-constants.md
12-tool-interface.md
13-memory-system.md
14-buddy-companion.md
15-keybindings.md
16-stop-hooks.md
17-vim-mode.md
18-upstreamproxy.md
19-cost-tracking-history.md
20-contexts-styles-onboarding.md
21-hooks.md
22-screens.md
tweets-explain
claude-code-memory-analysis.md
compact
memory-system
agentic-architecture

MITM Proxy (upstreamproxy.ts)

Initialization Sequence
Plain text
1. Read session token from /run/ccr/session_token
    │
    ▼
2. Set prctl(PR_SET_DUMPABLE, 0)
   — Blocks ptrace attacks (security hardening)
    │
    ▼
3. Download CA certificate from CCR server
    │
    ▼
4. Start the relay (CONNECT-over-WebSocket)
    │
    ▼
5. Unlink the token file (one-time use)
    │
    ▼
6. Export environment variables:
   HTTPS_PROXY=localhost:<port>
   SSL_CERT_FILE=/run/ccr/ca.crt
    │
    ▼
7. All subprocesses now route through the proxy
Security Measures
MeasurePurpose
prctl(PR_SET_DUMPABLE, 0)Prevents ptrace-based attacks
One-time tokenSession token deleted after use
Localhost-onlyProxy only listens on 127.0.0.1
Custom CAMITM proxy uses CCR-signed certs

Relay (relay.ts)

A CONNECT-over-WebSocket relay that tunnels HTTP/HTTPS traffic:

Protocol
Plain text
Client (curl)                    Relay                    CCR Server
    │                              │                          │
    │  CONNECT host:443            │                          │
    │─────────────────────────────▶│                          │
    │                              │  WS: UpstreamProxyChunk   │
    │                              │─────────────────────────▶│
    │                              │                          │
    │                              │  WS: UpstreamProxyChunk   │
    │                              │◀─────────────────────────│
    │  HTTP/1.1 200 Connection     │                          │
    │◀─────────────────────────────│                          │
    │                              │                          │
    │  TLS traffic (tunneled)      │                          │
    │◀────────────────────────────▶│◀────────────────────────▶│
Wire Format

Uses hand-encoded protobuf (UpstreamProxyChunk):

Protobuf
message UpstreamProxyChunk {
  bytes data = 1;
  bool is_connect = 2;
  string host = 3;
  int32 port = 4;
}
Runtime Support

Works with both Bun and Node:

TypeScript
// Bun
Bun.listen({ socket, data, ... })

// Node
net.createServer((socket) => { ... })

Environment Variables

After proxy initialization, these env vars are set:

Bash
HTTPS_PROXY=http://localhost:<port>
HTTP_PROXY=http://localhost:<port>
SSL_CERT_FILE=/run/ccr/ca.crt
NODE_EXTRA_CA_CERTS=/run/ccr/ca.crt
REQUESTS_CA_BUNDLE=/run/ccr/ca.crt

This ensures all tools (curl, gh, kubectl, npm, pip, etc.) route through the proxy.

Files

FilePurpose
src/upstreamproxy/upstreamproxy.tsMITM proxy initialization
src/upstreamproxy/relay.tsWebSocket relay