fix: proxy direct APNs HTTP2 sessions

[jesse-merhi]

Summary

• route direct APNs HTTP/2 sessions through the active OpenClaw managed proxy using an explicit CONNECT tunnel
• keep the existing APNs send API; replace only the low-level http2.connect() seam
• add APNs authority allowlisting, proxy auth handling, credential redaction, bounded CONNECT response parsing, TLS secureConnect/ALPN validation, and regression tests
• add local lint + OpenGrep guardrails so new production HTTP/2 code uses the wrapper instead of raw http2.connect()
• track one active managed proxy URL with handle-count lifecycle safety and reject conflicting proxy URL activation

Test Plan

• OPENCLAW_LOCAL_CHECK=0 pnpm test src/infra/net/http-connect-tunnel.test.ts src/infra/push-apns-http2.test.ts src/infra/push-apns.test.ts src/infra/net/proxy/proxy-lifecycle.test.ts src/infra/net/proxy/proxy-validation.test.ts src/cli/proxy-cli.runtime.test.ts src/cli/proxy-cli.test.ts test/scripts/run-additional-boundary-checks.test.ts
• pnpm lint:tmp:no-raw-http2-imports
• scripts/run-opengrep.sh --error -- src/infra/net/http-connect-tunnel.ts src/infra/push-apns-http2.ts src/infra/push-apns.ts
• pnpm exec oxfmt --check --threads=1 src/infra/net/http-connect-tunnel.ts src/infra/net/http-connect-tunnel.test.ts src/infra/push-apns.test.ts src/infra/net/proxy/active-proxy-state.ts docs/network.md CHANGELOG.md scripts/run-additional-boundary-checks.mjs test/scripts/run-additional-boundary-checks.test.ts
• pnpm check:no-conflict-markers && git diff --check origin/main...HEAD && git merge-tree origin/main HEAD
• OPENCLAW_LOCAL_CHECK=0 pnpm check:changed
• Manual smoke with openclaw-proxy-lab: CONNECT to api.sandbox.push.apple.com:443, TLS ALPN h2, Node HTTP/2 session connected through proxy

Notes

• Draft because this intentionally focuses on APNs HTTP/2 and the immediate managed-proxy lifecycle guardrails. Follow-ups for broader raw-socket policy remain separate.
• APNs now follows active OpenClaw managed proxy state, not ambient HTTPS_PROXY/HTTP_PROXY discovery.
• The custom tunnel supports http:// and https:// proxy endpoints and waits for the target TLS socket to negotiate h2 before handing it to HTTP/2.

[clawsweeper]

Codex review: passed.

Summary
This PR routes direct APNs HTTP/2 sends through an APNs allowlisted managed-proxy CONNECT wrapper, adds APNs proxy validation/docs/guardrails, and expands regression and live-test coverage.

Reproducibility: yes. source-reproducible: current main sendApnsRequest() still uses raw http2.connect(authority) while managed proxy activation only covers HTTP/global-agent/Undici hooks. I did not run a live APNs reproduction in this read-only review.

Next step before merge
No repair job is needed; this automerge PR has no actionable review finding, so exact-head checks and merge gates are the remaining path.

Security
Cleared: Cleared: the diff narrows direct APNs egress through allowlisted CONNECT/TLS h2 handling, redacts proxy diagnostics, and I found no concrete supply-chain or workflow regression.

Review details

Best possible solution:

Land the exact reviewed head after required checks and automerge gates pass, while keeping broader raw socket classification in #77126.

Do we have a high-confidence way to reproduce the issue?

Yes, source-reproducible: current main sendApnsRequest() still uses raw http2.connect(authority) while managed proxy activation only covers HTTP/global-agent/Undici hooks. I did not run a live APNs reproduction in this read-only review.

Is this the best way to solve the issue?

Yes. The reviewed head is a narrow maintainable fix for APNs HTTP/2: keep the existing send API, isolate raw HTTP/2 in one allowlisted wrapper, and leave broader raw socket policy to #77126.

What I checked:

• Current main APNs bypass: Current main still creates direct APNs sessions with raw http2.connect(authority) inside sendApnsRequest(), so active managed proxy hooks do not cover this path. (src/infra/push-apns.ts:662, 5efbb3078a15)
• Current main proxy scope: Current main proxy activation injects proxy environment/global HTTP hooks, but it has no APNs-specific active-proxy URL seam for direct HTTP/2 sessions. (src/infra/net/proxy/proxy-lifecycle.ts:421, 5efbb3078a15)
• PR APNs wrapper: The PR head validates APNs authorities, reads active managed-proxy state, and opens a CONNECT/TLS tunnel only when a managed proxy is active. (src/infra/push-apns-http2.ts:79, dab7c86a7595)
• Tunnel hardening: The CONNECT tunnel caps response headers, redacts proxy URL details in failures, waits for target TLS secureConnect, and rejects non-h2 ALPN. (src/infra/net/http-connect-tunnel.ts:72, dab7c86a7595)
• Send path replacement: The PR head changes sendApnsRequest() to obtain its client from connectApnsHttp2Session() while preserving the existing APNs request construction and response handling. (src/infra/push-apns.ts:661, dab7c86a7595)
• APNs validation proof: The PR requires either a real APNs apns-id header or a 403 InvalidProviderToken APNs body before treating APNs reachability as proven. (src/infra/net/proxy/proxy-validation.ts:229, dab7c86a7595)

Likely related people:

• jesse-merhi: GitHub path history shows Jesse Merhi introduced the managed network proxy, added proxy validation, and recently maintained proxy lifecycle/TLS-hostname behavior; this PR also continues that same proxy surface beyond merely being authored by him. (role: proxy feature owner and recent maintainer; confidence: high; commits: 2633b1491413, 4ea0556f6428, 84a30e213e31; files: src/infra/net/proxy/proxy-lifecycle.ts, src/infra/net/proxy/proxy-validation.ts, docs/security/network-proxy.md)
• steipete: GitHub path history shows Peter Steinberger repeatedly maintained push-apns.ts, proxy lifecycle, proxy validation, and network-proxy docs around the affected APNs and managed-proxy surfaces. (role: recent APNs/proxy maintainer and refactor owner; confidence: high; commits: 638437b7588d, 177654f526b2, bdcd543ed78a; files: src/infra/push-apns.ts, src/infra/net/proxy/proxy-lifecycle.ts, src/infra/net/proxy/proxy-validation.ts)
• Mariano: GitHub path history shows the direct APNs wake/send surface in push-apns.ts traces back to the iOS/Gateway APNs wake work. (role: APNs wake feature introducer; confidence: medium; commits: e67da1538cfa; files: src/infra/push-apns.ts)
• Nimrod Gutman: GitHub path history shows adjacent iOS APNs relay and approval notification work in the same APNs push file after the original wake surface landed. (role: adjacent iOS/APNs maintainer; confidence: medium; commits: b77b7485e0e1, 28955a36e7b0, 6f566585d84f; files: src/infra/push-apns.ts)

Remaining risk / open question:

• The exact head still needs required CI/automerge gates because this read-only review did not execute tests and the diff touches security-sensitive proxy, workflow, and guardrail surfaces.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 5efbb3078a15.

[Copilot]

Pull request overview

Routes direct APNs HTTP/2 delivery through OpenClaw’s managed proxy lifecycle by replacing the low-level APNs http2.connect() seam with a proxy-aware connection helper, and adds guardrails/tests to prevent future raw HTTP/2 usage that would bypass managed egress controls.

Changes:

• Introduce connectApnsHttp2Session() to connect APNs HTTP/2 either directly or via a managed-proxy CONNECT tunnel (with APNs authority allowlisting).
• Track active managed proxy URL/handle lifecycles centrally and enforce same-URL overlap semantics.
• Add regression tests plus lint/OpenGrep rules to prevent new production raw node:http2 imports / http2.connect() usage.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
src/infra/push-apns.ts	Switches APNs direct send path to use the new proxy-aware HTTP/2 session connector and shared cancel code constant.
src/infra/push-apns.test.ts	Adds an end-to-end test that verifies direct APNs HTTP/2 traffic is routed through the active managed proxy using CONNECT.
src/infra/push-apns-http2.ts	Adds the APNs HTTP/2 connection wrapper with authority allowlisting and managed-proxy integration.
src/infra/push-apns-http2.test.ts	Unit tests for direct-vs-proxied session establishment, env proxy ignore behavior, and authority rejection.
src/infra/net/proxy/proxy-lifecycle.ts	Integrates managed-proxy lifecycle with shared “active proxy state” tracking and overlap URL enforcement.
src/infra/net/proxy/proxy-lifecycle.test.ts	Adds coverage for exposed active proxy URL, same-URL overlapping handles, and rejection of conflicting URL overlap.
src/infra/net/proxy/active-proxy-state.ts	New module to track the single active managed proxy URL with handle-count lifecycle safety.
src/infra/net/http-connect-tunnel.ts	New CONNECT + TLS tunnel helper used to route APNs sessions through the managed proxy.
src/infra/net/http-connect-tunnel.test.ts	Unit tests for CONNECT request formatting, HTTPS proxy support, auth header behavior, and timeout handling.
security/opengrep/rules/openclaw-policy/no-raw-http2-connect.yml	Adds a policy rule flagging raw http2.connect() usage outside the approved wrapper.
security/opengrep/precise.yml	Updates compiled OpenGrep ruleset to include the new policy rule.
scripts/check-no-raw-http2-imports.mjs	Adds a local lint script preventing production node:http2 imports outside the wrapper file.
package.json	Wires in the new tmp lint check and includes it in the scripts lint pipeline.
docs/network.md	Documents the policy to use connectApnsHttp2Session() for APNs HTTP/2 so managed proxy routing applies.
CHANGELOG.md	Notes the behavior change: direct APNs HTTP/2 now honors managed proxy egress controls.