fix(gateway): ensure undici env proxy dispatcher after startup

[bowenluo718]

Summary

Describe the problem and fix in 2–5 bullets:

If this PR fixes a plugin beta-release blocker, title it fix(<plugin-id>): beta blocker - <summary> and link the matching Beta blocker: <plugin-name> - <summary> issue labeled beta-blocker. Contributors cannot label PRs, so the title is the PR-side signal for maintainers and automation.

• Problem:
• Why it matters:
• What changed:
• What did NOT change (scope boundary):

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes #
• Related #
• This PR fixes a bug or regression

Root Cause (if applicable)

For bug fixes or regressions, explain why this happened, not just what changed. Otherwise write N/A. If the cause is unclear, write Unknown.

• Root cause:
• Missing detection / guardrail:
• Contributing context (if known):

Regression Test Plan (if applicable)

For bug fixes or regressions, name the smallest reliable test coverage that should catch this. Otherwise write N/A.

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file:
• Scenario the test should lock in:
• Why this is the smallest reliable guardrail:
• Existing test that already covers this (if any):
• If no new test is added, why not:

User-visible / Behavior Changes

List user-visible changes (including defaults/config).
If none, write None.

Diagram (if applicable)

For UI changes or non-trivial logic flows, include a small ASCII diagram reviewers can scan quickly. Otherwise write N/A.

Before:
[user action] -> [old state]

After:
[user action] -> [new state] -> [result]

Security Impact (required)

• New permissions/capabilities? (Yes/No)
• Secrets/tokens handling changed? (Yes/No)
• New/changed network calls? (Yes/No)
• Command/tool execution surface changed? (Yes/No)
• Data access scope changed? (Yes/No)
• If any Yes, explain risk + mitigation:

Repro + Verification

Environment

• OS:
• Runtime/container:
• Model/provider:
• Integration/channel (if any):
• Relevant config (redacted):

Steps

Expected

Actual

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:
• Edge cases checked:
• What you did not verify:

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.

Compatibility / Migration

• Backward compatible? (Yes/No)
• Config/env changes? (Yes/No)
• Migration needed? (Yes/No)
• If yes, exact upgrade steps:

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed. If none, write None.

• Risk:
  • Mitigation:

[greptile-apps]

Greptile Summary

This PR adds a call to ensureGlobalUndiciEnvProxyDispatcher() during gateway startup in startGatewayServer, ensuring the undici global dispatcher is switched to EnvHttpProxyAgent early in the process when an env proxy is configured. Previously, this bootstrapping only happened lazily, per caller (e.g., in provider-openai-codex-oauth.ts, minimax-vlm.ts, and per-attempt in attempt.ts), meaning gateway-level HTTP traffic prior to the first agent run could bypass the configured proxy. The placement after the async startup maintenance steps is intentional.

Confidence Score: 5/5

Safe to merge; the change is minimal, idempotent, and well-tested by existing coverage.

Only finding is a P2 suggestion to pair the call with ensureGlobalUndiciStreamTimeouts for timeout consistency during the startup-to-first-run window. This does not block merge — the agent-run path already applies timeouts correctly, and the window without timeouts is narrow and likely idle.

No files require special attention.

Vulnerabilities

No security concerns identified. The change routes outbound undici traffic through the env-configured proxy at gateway startup rather than only per-caller; this is a consistency improvement, not a new attack surface.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: src/gateway/server.impl.ts
Line: 597-598

Comment:
**Missing `ensureGlobalUndiciStreamTimeouts` companion call**

The `EnvHttpProxyAgent` installed here has no timeout options set (`bodyTimeout`, `headersTimeout`). In `attempt.ts`, both functions are always called together — `ensureGlobalUndiciEnvProxyDispatcher()` then `ensureGlobalUndiciStreamTimeouts()` — so the agent-run path is fine. However, any gateway-level undici traffic that occurs between startup and the first agent run will go through a proxy dispatcher with no explicit stream timeouts. If that window is expected to be idle, this is acceptable; otherwise, consider pairing the calls here the same way `attempt.ts` does.

```suggestion
  // Ensure the env-based proxy dispatcher runs after startup so outbound traffic uses a consistent network profile.
  ensureGlobalUndiciEnvProxyDispatcher();
  ensureGlobalUndiciStreamTimeouts();
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "fix(gateway): ensure undici env proxy di..." | Re-trigger Greptile}

[greptile-apps]

Missing ensureGlobalUndiciStreamTimeouts companion call

The EnvHttpProxyAgent installed here has no timeout options set (bodyTimeout, headersTimeout). In attempt.ts, both functions are always called together — ensureGlobalUndiciEnvProxyDispatcher() then ensureGlobalUndiciStreamTimeouts() — so the agent-run path is fine. However, any gateway-level undici traffic that occurs between startup and the first agent run will go through a proxy dispatcher with no explicit stream timeouts. If that window is expected to be idle, this is acceptable; otherwise, consider pairing the calls here the same way attempt.ts does.

Suggested change

	// Ensure the env-based proxy dispatcher runs after startup so outbound traffic uses a consistent network profile.
	ensureGlobalUndiciEnvProxyDispatcher();
	// Ensure the env-based proxy dispatcher runs after startup so outbound traffic uses a consistent network profile.
	ensureGlobalUndiciEnvProxyDispatcher();
	ensureGlobalUndiciStreamTimeouts();

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/gateway/server.impl.ts
Line: 597-598

Comment:
**Missing `ensureGlobalUndiciStreamTimeouts` companion call**

The `EnvHttpProxyAgent` installed here has no timeout options set (`bodyTimeout`, `headersTimeout`). In `attempt.ts`, both functions are always called together — `ensureGlobalUndiciEnvProxyDispatcher()` then `ensureGlobalUndiciStreamTimeouts()` — so the agent-run path is fine. However, any gateway-level undici traffic that occurs between startup and the first agent run will go through a proxy dispatcher with no explicit stream timeouts. If that window is expected to be idle, this is acceptable; otherwise, consider pairing the calls here the same way `attempt.ts` does.

```suggestion
  // Ensure the env-based proxy dispatcher runs after startup so outbound traffic uses a consistent network profile.
  ensureGlobalUndiciEnvProxyDispatcher();
  ensureGlobalUndiciStreamTimeouts();
```

How can I resolve this? If you propose a fix, please make it concise.

[bowenluo718]

It has been revised according to the feedback.

[clawsweeper]

Closing this as implemented after Codex automated review.

Current main already implements PR #63490's central gateway env-proxy bootstrap. startGatewayServer now calls a gateway network bootstrap helper at startup, the helper installs the Undici env proxy dispatcher, regression tests cover direct gateway startup with HTTPS_PROXY, and the changelog records the fix under #71833. The account-id hunk from #63490 is also already present on main.

Best possible solution:

Close #63490 as implemented on current main. Keep the maintained gateway startup bootstrap in src/gateway/server-network-runtime.ts/src/gateway/server.impl.ts; any separate decision to apply global Undici stream timeouts at gateway startup should be tracked as a distinct issue because current main keeps timeout tuning on the embedded-attempt path.

What I checked:

• Gateway startup now bootstraps network runtime: startGatewayServer calls bootstrapGatewayNetworkRuntime() immediately at function entry, before config/plugin startup work, covering the gateway-owned startup path that fix(gateway): ensure undici env proxy dispatcher after startup #63490 tried to patch later in server.impl.ts. (src/gateway/server.impl.ts:245, d54d2d6b9b8a)
• Bootstrap helper installs the env proxy dispatcher: bootstrapGatewayNetworkRuntime() delegates to ensureGlobalUndiciEnvProxyDispatcher(), giving direct gateway startup the same env-proxy dispatcher behavior requested by the PR. (src/gateway/server-network-runtime.ts:1, d54d2d6b9b8a)
• Dispatcher helper is guarded and idempotent: ensureGlobalUndiciEnvProxyDispatcher() no-ops when no env proxy is configured, preserves an existing env-proxy dispatcher, and otherwise installs new EnvHttpProxyAgent() best-effort. (src/infra/net/undici-global-dispatcher.ts:91, d54d2d6b9b8a)
• Regression coverage exercises direct gateway startup: The gateway network runtime e2e test clears proxy env, sets HTTPS_PROXY, starts a minimal gateway, and asserts the global dispatcher is an EnvHttpProxyAgent. (src/gateway/server-network-runtime.e2e.test.ts:60, d54d2d6b9b8a)
• Changelog records the maintained fix: The unreleased changelog says direct Gateway startup now bootstraps env proxy dispatching so provider and plugin network requests honor HTTPS_PROXY/HTTP_PROXY before the first embedded agent attempt, referencing fix(gateway): bootstrap env proxy dispatcher at startup #71833. (CHANGELOG.md:185, d54d2d6b9b8a)
• PR's secondary account-id hunk is already present: src/plugin-sdk/account-id.ts already re-exports from ../routing/account-id.js, matching fix(gateway): ensure undici env proxy dispatcher after startup #63490's secondary change. (src/plugin-sdk/account-id.ts:1, d54d2d6b9b8a)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Codex Review notes: model gpt-5.5, reasoning high; reviewed against d54d2d6b9b8a; fix evidence: commit d54d2d6b9b8a.