MCP Network Allowlist Still Blocking External

The Co-Work sandbox keeps silently blocking external APIs, even when plugins explicitly list whitelisted domains in the .cowork manifest. This gap - seen in the recent #28067 incident - exposes a stubborn disconnect: the host network allowlist ignores MCP server domains declared in plugins. Here’s what’s really happening:

• The core flaw: The VM’s network filter isn’t updating to include domains pulled from MCP servers, meaning external APIs stay locked out regardless of manifest claims.
• Why it matters: This isn’t just a technical quirk - it chokes real-world workflows. Co-Work users relying on AI tools like Claude Code for automation can’t connect to external services, breaking integrations and slowing productivity.

Psychologically, this mismatch feeds frustration and distrust in automation systems - users expect transparency, but the VM’s firewall insists on opacity. The real hidden issue? Many MCP servers use dynamic or non-standard domains, and manual allowlist edits rarely sync across environments.

For safety: Never disable or modify VM firewall rules without understanding consequences. Interim fixes exist: manually inspect .cowork manifests for missing domain entries, and temporarily whitelist domains in browser or VM network settings as a stopgap. But the real solution demands better sync between plugin manifests and VM network policies.

The bottom line: Until the network allowlist dynamically merges MCP domains from plugins into its allowlist, external API integrations remain unreliable. Do you trust automation when the firewall betrays your setup? How do you safeguard your workflow when tech breaks just when you need it?