fix(agent): respect HTTP_PROXY/HTTPS_PROXY when using custom httpx transport#12657
Merged
Conversation
…ansport When creating httpx.Client with a custom transport for TCP keepalive, proxy environment variables (HTTP_PROXY, HTTPS_PROXY) were ignored because httpx only auto-reads them when transport=None. Add _get_proxy_from_env() to explicitly read proxy settings and pass them to httpx.Client, ensuring providers like kimi-coding-cn work correctly when behind a proxy. Fixes connection errors when HTTP_PROXY/HTTPS_PROXY are set.
Adds a regression guard for the #11277 → proxy-bypass regression fixed in 42b394c. With HTTPS_PROXY / HTTP_PROXY / ALL_PROXY set, the custom httpx transport used for TCP keepalives must still route requests through an HTTPProxy pool; without proxy env, no HTTPProxy mount should exist. Also maps zrc <zhurongcheng@rcrai.com> → heykb in scripts/release.py AUTHOR_MAP so the salvage PR passes the author-attribution CI check.
This was referenced Apr 19, 2026
This was referenced Apr 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Proxy env vars (
HTTPS_PROXY/HTTP_PROXY/ALL_PROXY) are honored again for the primary chat client, unblocking the Codex/Cloudflarecf-mitigated: challenge403 reported by @lulu on WSL2 + Clash TUN.Root cause: #11277 re-landed TCP keepalives by passing a custom
transport=httpx.HTTPTransport(...)tohttpx.Client. httpx only auto-reads proxy env vars whentransport is None(Client.__init__:allow_env_proxies = trust_env and transport is None). Requests silently bypassed the local proxy → raw WSL interface → Cloudflare flagged as bot and 403'd.Changes
run_agent.py:_create_openai_clientreads proxy from env and forwards it tohttpx.Client(proxy=...)alongside the keepalive transport. New helper_get_proxy_from_env()centralizes the lookup order.tests/run_agent/test_create_openai_client_proxy_env.py: pins that anHTTPProxypool is mounted whenHTTPS_PROXYis set, that the keepalive transport is still installed on both paths, and that no proxy mount appears without env.scripts/release.py: AUTHOR_MAP entry forzhurongcheng@rcrai.com→heykb.Salvage notes
Cherry-picked the proxy commit (42b394c) from @heykb's PR #12540 preserving original authorship. The kimi-k2.5 temperature changes in that PR were intentionally left out — separate behavioral contract change, will be triaged on its own.
Three other open PRs targeted the same regression:
HTTPTransportinstead ofClient), no tests.All three will be closed with credit pointing here.
Validation
Closes the regression reported in hermes-agent community report from @lulu.