fix: honor HTTP_PROXY / HTTPS_PROXY / NO_PROXY env vars (#35)#51
Merged
Conversation
Node's built-in fetch (undici) ignores proxy environment variables, so bl always connected directly and failed with ECONNRESET behind a VPN or corporate proxy. Install an EnvHttpProxyAgent as the global dispatcher at startup, but only when a proxy variable is actually set — behavior is unchanged otherwise. Lowercase variables take precedence over uppercase (curl convention) and NO_PROXY is honored. Values are trimmed and passed explicitly to work around undici reading env vars with ??, where an empty lowercase variable (https_proxy="") masks a configured uppercase one. Invalid proxy URLs fail with a clear usage error instead of a stack trace, and the ECONNRESET hint now suggests exporting HTTPS_PROXY. Tests are fully offline and need no credentials: unit tests cover env parsing, and the e2e test runs a minimal probe (setupProxyFromEnv + a bare fetch) against a .invalid host through a local CONNECT proxy to verify traffic routes through the proxy, NO_PROXY is honored, no dispatcher is installed when unset, and invalid values error clearly.
Switch the seed-image prompt from a cat sketch to a green leaf for a simpler, more reliably-generated reference frame.
It's a machine-local runtime lock file that shouldn't be in the repo; remove it and add it to .gitignore.
Bump bailian-cli / bailian-cli-core to 1.3.1, sync skill version, and document the HTTP_PROXY / HTTPS_PROXY / NO_PROXY fix (#35) in CHANGELOG.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #35 — running
blbehind a VPN / corporate proxy failed withECONNRESET: Client network socket disconnected before secure TLS connection was established.Root cause: Node's built-in
fetch(undici) does not read proxy environment variables, so the CLI always connected directly, bypassing the local proxy and getting blocked.Fix: at startup, install an
EnvHttpProxyAgentas the global undici dispatcher — but only whenHTTP_PROXY/HTTPS_PROXYis actually set. When no proxy variable is configured, the global dispatcher is untouched and behavior is exactly as before.Changes
packages/cli/src/proxy.ts(new):readProxyEnv()+setupProxyFromEnv(). Lowercase variables take precedence over uppercase (curl convention);NO_PROXYis supported.??, where an empty lowercase variable (https_proxy="") masks a configured uppercase one.Invalid proxy configuration: …error (plus hint) instead of a raw stack trace.packages/cli/src/main.ts: callsetupProxyFromEnv()at module top level, before any fetch is issued (including update-checker / telemetry).packages/cli/src/error-handler.ts: theECONNRESEThint now suggestsexport HTTPS_PROXY=…for VPN / corporate-proxy users.undiciadded as an explicit dependency (catalog^8.4.1).Tests (fully offline, no credentials required)
tests/proxy.test.ts:readProxyEnvparsing — unset/blank handling, lowercase precedence, empty-string-masking regression,NO_PROXY.tests/e2e/proxy.e2e.test.ts: runs a minimal probe script (setupProxyFromEnv()+ a barefetch()) against a.invalidhost through a local CONNECT proxy. It does not drive any CLI command, so it needs no api key / access token — consistent with the existing e2e design. Verifies:HTTPS_PROXYset, the bare fetch tunnels through the proxy (CONNECT to the target host);https_proxydoes not maskHTTPS_PROXY;NO_PROXYmatch keeps the request direct;All proxy tests pass under a simulated CI environment (empty HOME, no credentials).
Note
Supersedes #50, which had a tangled commit history. This branch is rebuilt cleanly on top of
main. The version bump / CHANGELOG for the release are intentionally left out and will go in a separate PR.Also includes two small unrelated cleanups as separate commits: a video-ref r2v e2e prompt tweak, and removing the machine-local
.claude/scheduled_tasks.lockfrom version control.