Make bun install work in the GitHub Copilot Agent sandbox

[Copilot]

The sandbox MITM proxy (padawan-fw) corrupts Brotli-encoded npm registry responses — truncating compressed bodies at ~4KB/50KB boundaries while preserving Content-Encoding: br, causing bun to fail with HTTPError downloading package manifest, Unterminated string literal, and segfaults.

Changes

• scripts/sandbox-npm-proxy.py — threaded local HTTP proxy on 127.0.0.1:4873 that re-fetches npm packages with Accept-Encoding: gzip, deflate (no Brotli), decompresses, and returns plain responses to bun. Bypasses the MITM proxy's Brotli corruption entirely.

• AGENTS.md — documents the full sandbox workflow:

  python3 scripts/sandbox-npm-proxy.py >> /tmp/proxy.log 2>&1 &
  BUN_CONFIG_REGISTRY="http://127.0.0.1:4873" bun install --frozen-lockfile

  --frozen-lockfile is required so bun resolves catalog: version references from the existing bun.lock rather than re-resolving from the registry (which would fail immediately).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• http://registry.npmjs.org:80/is-string
  • Triggering command: /home/REDACTED/.bun/bin/bun bun install (http block)
• registry.npmmirror.com
  • Triggering command: /home/REDACTED/.bun/bin/bun bun install --registry REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 929dde8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR