I’m running Claude Code inside a Sprite and want to set up a secret-injecting proxy (like Fly’s Tokenizer project) so sandboxed code can make authenticated API calls without ever seeing the credentials.
The natural place to run the proxy is as a Fly Machine, but from inside a Sprite the network looks isolated:
# ip addr show (inside sprite)
inet 10.0.0.1/24 scope global spr0
inet6 fdf::1/64 scope global
# cat /etc/resolv.conf
nameserver 10.0.0.2
The IPv6 prefix is fdf::, not Fly’s 6PN fdaa::, and DNS doesn’t resolve .internal names.
Core question: Is there a supported way for Sprites to call internal Fly services (6PN / Flycast / .internal), or are Sprites intentionally isolated to *.sprites.app + public egress only?
If Sprites can’t reach 6PN, is Sprite-to-Sprite communication via .sprites.app URLs a reasonable workaround for running a proxy?
Context: Simon Willison’s recent post about Deno Sandbox describes this “secret-injecting proxy” pattern, and he noted Fly’s Tokenizer project implements the same idea. I can share links in a follow-up if helpful.