mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
b16d2858f5
## Summary Stacked on #26708. Adds the macOS implementation of the shared system-proxy contract. This allows Codex-owned auth clients to use the route macOS selects for each auth URL through SystemConfiguration and CFNetwork, including PAC and WPAD results. The `respect_system_proxy` feature is disabled by default, so existing client behavior remains unchanged unless explicitly enabled. ## Implementation - Adds the macOS-only `system-configuration` dependency to `codex-client`. - Dispatches system-proxy resolution to `outbound_proxy/macos.rs` on macOS. - Reads system proxy settings from `SCDynamicStore` and resolves the target URL with `CFNetworkCopyProxiesForURL`. - Executes PAC URLs and inline PAC JavaScript through a bounded run loop with a five-second timeout. - Handles `DIRECT`, HTTP proxies, and CFNetwork HTTPS entries using HTTP CONNECT; unsupported SOCKS entries map to `UnsupportedProxyScheme`. - Builds concrete proxy URLs from host and port entries, including IPv6 host bracketing. - Maps results into the shared `SystemProxyDecision::{Direct, Proxy, Unavailable}` contract. - Hashes URL-specific cache keys so PAC decisions remain distinct without retaining raw request URLs or query strings. ## End-user behavior - Disabled/default: existing client behavior is unchanged. - Enabled with `[features.respect_system_proxy]`: - macOS auth clients honor system proxy configuration, PAC, and WPAD; - valid OS/PAC `DIRECT` decisions use a direct connection; - unavailable system resolution falls back to explicit environment proxy variables, then `DIRECT`, through the shared contract from #26707. - Unsupported proxy schemes are not silently translated into another route. - Custom CA handling remains separate from proxy selection. - Known limitation: only the first supported system/PAC candidate is used. Subsequent proxy or `DIRECT` candidates are not attempted after a connection failure. This matches the current Windows behavior and leaves room for future ordered-fallback support. ## Tests - `just test -p codex-client` — 34 tests passed. - `just clippy -p codex-client` - `just fmt` - `just bazel-lock-check`
52 lines
1.5 KiB
TOML
52 lines
1.5 KiB
TOML
[package]
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
name = "codex-client"
|
|
version.workspace = true
|
|
|
|
[dependencies]
|
|
bytes = { workspace = true }
|
|
eventsource-stream = { workspace = true }
|
|
futures = { workspace = true }
|
|
http = { workspace = true }
|
|
opentelemetry = { workspace = true }
|
|
rand = { workspace = true }
|
|
reqwest = { workspace = true, features = ["json", "rustls-tls-native-roots", "stream"] }
|
|
rustls = { workspace = true }
|
|
rustls-native-certs = { workspace = true }
|
|
rustls-pki-types = { workspace = true }
|
|
serde = { workspace = true, features = ["derive"] }
|
|
serde_json = { workspace = true }
|
|
thiserror = { workspace = true }
|
|
tokio = { workspace = true, features = ["macros", "rt", "time", "sync"] }
|
|
tracing = { workspace = true }
|
|
tracing-opentelemetry = { workspace = true }
|
|
codex-utils-rustls-provider = { workspace = true }
|
|
zstd = { workspace = true }
|
|
|
|
[target.'cfg(any(target_os = "windows", target_os = "macos"))'.dependencies]
|
|
sha2 = { workspace = true }
|
|
|
|
[target.'cfg(target_os = "macos")'.dependencies]
|
|
system-configuration = { workspace = true }
|
|
|
|
[target.'cfg(target_os = "windows")'.dependencies]
|
|
windows-sys = { version = "0.52", features = [
|
|
"Win32_Foundation",
|
|
"Win32_Networking_WinHttp",
|
|
] }
|
|
|
|
[lints]
|
|
workspace = true
|
|
|
|
[dev-dependencies]
|
|
codex-utils-cargo-bin = { workspace = true }
|
|
opentelemetry_sdk = { workspace = true }
|
|
pretty_assertions = { workspace = true }
|
|
rcgen = { workspace = true }
|
|
tempfile = { workspace = true }
|
|
tracing-subscriber = { workspace = true }
|
|
|
|
[lib]
|
|
doctest = false
|