Skip to content

feat(pyth-lazer-agent): add HTTP proxy support for WebSocket connections #3142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat(pyth-lazer-agent): add HTTP proxy support for WebSocket connections #3142

wants to merge 4 commits into from

Conversation

devin-ai-integration[bot]
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot commented Oct 17, 2025
edited
Loading

Summary

Added HTTP/HTTPS proxy support to pyth-lazer-agent to enable WebSocket connections through corporate proxies. The implementation includes:

  • Manual HTTP CONNECT handshake with proxy servers
  • Basic authentication support via URL credentials (e.g., http://user:pass@proxy:port)
  • TLS upgrade for secure WebSocket connections through the proxy tunnel
  • Enhanced logging with proxy URL information for debugging

Link to Devin run: https://app.devin.ai/sessions/9950b0a51eae4b2a87edd70073d61223

Requested by: Mike Rolish ([email protected]), @merolish

Rationale

A customer requires proxy support to use pyth-lazer-agent in their corporate environment. The tokio-tungstenite library doesn't support proxies directly, requiring manual implementation of the HTTP CONNECT protocol (RFC 2817).

Changes

  • Added proxy_url: Option<Url> configuration field
  • Implemented connect_through_proxy() function with HTTP CONNECT handshake
  • Added tokio-native-tls dependency for TLS support through proxy tunnel
  • Updated README with proxy configuration examples and documentation
  • Enhanced error messages and logs to include proxy URL for debugging
  • Bumped version from 0.6.1 to 0.7.0

How has this been tested?

  • Current tests cover my changes - All existing unit tests pass with the new proxy_url field
  • Added new tests - No integration test with actual proxy server
  • Manually tested the code - Not tested with a real proxy server

⚠️ Review Focus Areas

This implementation is untested with an actual proxy server. Key areas requiring careful review:

  1. HTTP CONNECT implementation (lines 27-137 in relayer_session.rs):

    • Is the CONNECT request format compatible with standard proxies?
    • Response parsing only checks for "HTTP/1.x 200" prefix - is this robust enough?
    • 1024-byte response buffer - could this be insufficient for some proxies?
    • Error handling for proxy failures (401 auth errors, 407, etc.) is minimal

  2. TLS upgrade logic (lines 109-125):

    • Will domain validation work correctly through the proxy tunnel?
    • Is the tokio-native-tls stream wrapping appropriate for this use case?

  3. Security - Credential logging (lines 80-81, 88-90, 102, 131-135):

    • Proxy URLs with embedded credentials (http://user:pass@proxy:port) will be logged in plaintext
    • This was added for debugging purposes but should be noted for security review

  4. Basic authentication (lines 67-73):

    • Base64 encoding implementation
    • Edge cases: empty passwords, special characters in credentials

  5. Missing validation:

    • No check that proxy_url scheme is http/https only
    • No validation of proxy URL format before use

@devin-ai-integration @merolish
feat(pyth-lazer-agent): add HTTP proxy support for WebSocket connections
6ffb5fb 
Add proxy_url configuration option to support connecting through HTTP/HTTPS
proxies. Implements manual HTTP CONNECT handshake with Basic authentication
support and TLS upgrade for secure WebSocket connections.

- Add proxy_url: Option<Url> to Config struct
- Implement connect_through_proxy function with HTTP CONNECT method
- Support Basic authentication via proxy URL credentials
- Add tokio-native-tls dependency for TLS support
- Update README with proxy configuration examples
- Bump version from 0.6.1 to 0.7.0

Co-Authored-By: Mike Rolish <[email protected]>
@devin-ai-integration Devin.ai Integration
Copy link
Contributor Author

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@vercel Vercel
Copy link

vercel bot commented Oct 17, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
api-reference Ready Ready Preview Comment Oct 17, 2025 7:55pm
component-library Ready Ready Preview Comment Oct 17, 2025 7:55pm
developer-hub Ready Ready Preview Comment Oct 17, 2025 7:55pm
entropy-explorer Ready Ready Preview Comment Oct 17, 2025 7:55pm
insights Ready Ready Preview Comment Oct 17, 2025 7:55pm
proposals Ready Ready Preview Comment Oct 17, 2025 7:55pm
staking Ready Ready Preview Comment Oct 17, 2025 7:55pm

💡 Enable Vercel Agent with $100 free credit for automated AI reviews

devin-ai-integration bot and others added 2 commits October 17, 2025 15:41
@devin-ai-integration @merolish
fix: address clippy warnings in proxy implementation
7c4415c 
- Use inline format args for cleaner string formatting
- Replace slice indexing with safe .get() method
- All clippy checks now pass

Co-Authored-By: Mike Rolish <[email protected]>
@devin-ai-integration @merolish
fix: apply rustfmt formatting
90cdadf 
Co-Authored-By: Mike Rolish <[email protected]>
merolish
merolish reviewed Oct 17, 2025
View reviewed changes
apps/pyth-lazer-agent/src/relayer_session.rs Outdated
stream
.write_all(connect_request.as_bytes())
.await
.context("Failed to send CONNECT request to proxy")?;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you note the proxy url here?

apps/pyth-lazer-agent/src/relayer_session.rs Outdated
let n = stream
.read(&mut response)
.await
.context("Failed to read CONNECT response from proxy")?;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you note the proxy url here?

apps/pyth-lazer-agent/src/relayer_session.rs Outdated
);
}

tracing::info!("Successfully connected through proxy");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you note the proxy url here?

apps/pyth-lazer-agent/src/relayer_session.rs Outdated
.context("Failed to complete WebSocket handshake")?;

tracing::info!(
"WebSocket connection established to relayer at {}",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you note that this is through a proxy and the url?

@devin-ai-integration @merolish
feat(pyth-lazer-agent): add proxy URL to logging statements for debug…
6cb8111 
…ging

- Add proxy URL to error messages when sending/reading CONNECT requests
- Add proxy URL to success log after proxy connection
- Add proxy URL to final WebSocket success log for better traceability

Co-Authored-By: Mike Rolish <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@merolish merolish merolish left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@merolish