feat(security): support operator-managed network proxy routing (#70044)

* feat: support operator-managed proxy routing * docs: add network proxy changelog entry * fix(proxy): restrict gateway bypass to loopback IPs * fix(cli): harden container proxy URL checks * docs(proxy): clarify gateway bypass scope * docs: remove proxy changelog entry * fix(proxy): clear startup CI guard failures * fix(proxy): harden gateway proxy policy parsing * fix(proxy): honor update shorthand proxy policy * fix(cli): redact proxy URL suffixes * test(proxy): keep gateway help off proxy startup * fix(proxy): keep overlapping lifecycle active * docs: add proxy changelog entry --------- Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-05-08 15:40:50 +00:00 · 2026-04-28 15:20:47 +10:00
parent 025081dbc5
commit 2633b14914
36 changed files with 2737 additions and 96 deletions
--- a/src/types/global-agent.d.ts
+++ b/src/types/global-agent.d.ts
@@ -0,0 +1,28 @@
+/**
+ * Local type declaration for global-agent.
+ *
+ * The package ships TypeScript types in dist/index.d.ts but omits the
+ * "types" field in package.json, so TypeScript cannot resolve them
+ * automatically. This shim re-exports the types that OpenClaw uses.
+ */
+declare module "global-agent" {
+  /**
+   * Bootstraps global-agent by monkey-patching node:http and node:https.
+   * Must be called once before any HTTP requests are made.
+   * Reads proxy URL from global.GLOBAL_AGENT.HTTP_PROXY / HTTPS_PROXY at runtime.
+   */
+  export function bootstrap(): void;
+
+  /**
+   * Creates a standalone proxy agent instance without setting global.GLOBAL_AGENT.
+   */
+  export function createGlobalProxyAgent(config?: {
+    environmentVariableNamespace?: string;
+    forceGlobalAgent?: boolean;
+    socketConnectionTimeout?: number;
+  }): {
+    HTTP_PROXY: string | null;
+    HTTPS_PROXY: string | null;
+    NO_PROXY: string | null;
+  };
+}