Skip to content

L7 policy validation rejects valid intra-label host wildcards #1303

Open
Bug
#1304
Open
L7 policy validation rejects valid intra-label host wildcards#1303
Bug
#1304
Labels
state:triage-neededOpened without agent diagnostics and needs triage
@benoitf

Description

@benoitf
benoitf
opened on May 11, 2026

Agent Diagnostic

Skills loaded: generate-sandbox-policy, openshell-cli

Investigation:

  • Traced the error to crates/openshell-sandbox/src/l7/mod.rs:418-421
  • The validate_l7_policies() function rejects any wildcard host not starting
    with "*." or "**."
  • The pattern "-aiplatform.googleapis.com" starts with "-", triggering the error
  • Checked the OPA runtime matching at sandbox-policy.rego:103-112 — it uses
    glob.match(pattern, ["."], host) which correctly handles intra-label wildcards
    ("*" matches any characters within a single DNS label boundary)
  • Confirmed no existing tests cover intra-label wildcard patterns
  • Root cause: validation is stricter than the runtime engine — it blocks patterns
    the OPA policy engine would evaluate correctly
  • Agent cannot resolve this — it requires a code change to relax the validator

Description

The L7 policy host wildcard validator rejects *-aiplatform.googleapis.com with:

L7 policy validation failed:
gemini.endpoints[1]: host wildcard must start with '.' or '**.' (e.g., '.example.com'), got '*-aiplatform.googleapis.com'

This pattern is used by the community Gemini sandbox policy to match regional Google AI Platform endpoints like us-central1-aiplatform.googleapis.com,
europe-west1-aiplatform.googleapis.com, etc.

The OPA runtime engine (glob.match with ["."] delimiter) handles these intra-label wildcards correctly — * matches any characters within a single DNS label. The validator at crates/openshell-sandbox/src/l7/mod.rs:418 is simply too
strict, blocking a valid and useful pattern before it reaches the runtime.

Expected behavior: *-aiplatform.googleapis.com should pass validation and work at runtime, matching hosts like us-central1-aiplatform.googleapis.com.

Actual behavior: Validation fails, sandbox cannot start.

Suggested Fix

Relax the wildcard validation in crates/openshell-sandbox/src/l7/mod.rs:413-434 to allow intra-label wildcards (where * is combined with other characters in the first DNS label). Keep rejecting: bare */**, TLD wildcards (*.com), and wildcards in non-first labels (foo.*.com).

Workaround

Replace the wildcard with explicit regional hosts in the policy:

# Instead of:
- host: "*-aiplatform.googleapis.com"

# Use explicit regions:
- host: "us-central1-aiplatform.googleapis.com"
- host: "europe-west1-aiplatform.googleapis.com"
- host: "asia-southeast1-aiplatform.googleapis.com"

Reproduction Steps

  1. Use the Gemini sandbox policy from OpenShell-Community
  2. Start a sandbox: openshell sandbox create --policy gemini/policy.yaml
  3. Observe the L7 policy validation error

Environment

  • macOS 26
  • openshell 0.0.37

Logs

Error:   × L7 policy validation failed:
    │ gemini.endpoints[1]: host wildcard must start with '*.' or '**.' (e.g.,
    │ '*.example.com'), got '*-aiplatform.googleapis.com'

Agent-First Checklist

  • I pointed my agent at the repo and had it investigate this issue
  • I loaded relevant skills (e.g., debug-openshell-cluster, debug-inference, openshell-cli)
  • My agent could not resolve this — the diagnostic above explains why

Metadata

Metadata

Assignees

No one assigned

    Labels

    state:triage-neededOpened without agent diagnostics and needs triage

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions