feat(pyth-lazer-agent): add HTTP proxy support for WebSocket connections #3142
+185
−14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add proxy_url configuration option to support connecting through HTTP/HTTPS proxies. Implements manual HTTP CONNECT handshake with Basic authentication support and TLS upgrade for secure WebSocket connections. - Add proxy_url: Option<Url> to Config struct - Implement connect_through_proxy function with HTTP CONNECT method - Support Basic authentication via proxy URL credentials - Add tokio-native-tls dependency for TLS support - Update README with proxy configuration examples - Bump version from 0.6.1 to 0.7.0 Co-Authored-By: Mike Rolish <[email protected]>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
- Use inline format args for cleaner string formatting - Replace slice indexing with safe .get() method - All clippy checks now pass Co-Authored-By: Mike Rolish <[email protected]>
Co-Authored-By: Mike Rolish <[email protected]>
merolish
reviewed
Oct 17, 2025
| stream | ||
| .write_all(connect_request.as_bytes()) | ||
| .await | ||
| .context("Failed to send CONNECT request to proxy")?; |
There was a problem hiding this comment.
Could you note the proxy url here?
| let n = stream | ||
| .read(&mut response) | ||
| .await | ||
| .context("Failed to read CONNECT response from proxy")?; |
There was a problem hiding this comment.
Could you note the proxy url here?
| ); | ||
| } | ||
|
|
||
| tracing::info!("Successfully connected through proxy"); |
There was a problem hiding this comment.
Could you note the proxy url here?
| .context("Failed to complete WebSocket handshake")?; | ||
|
|
||
| tracing::info!( | ||
| "WebSocket connection established to relayer at {}", |
There was a problem hiding this comment.
Could you note that this is through a proxy and the url?
…ging - Add proxy URL to error messages when sending/reading CONNECT requests - Add proxy URL to success log after proxy connection - Add proxy URL to final WebSocket success log for better traceability Co-Authored-By: Mike Rolish <[email protected]>
…evin/1760715371-pyth-lazer-agent-proxy-support # Conflicts: # Cargo.lock # apps/pyth-lazer-agent/Cargo.toml
merolish
approved these changes
Oct 21, 2025
- Replace manual string construction with proper HTTP request building - Add robust HTTP response parsing with status code extraction - Read response headers until complete (detect \r\n\r\n terminator) - Provide detailed error messages with status codes and descriptions - Add Proxy-Connection: Keep-Alive header for better compatibility - Fix clippy warnings for inline format args and safe slice access - Improve error handling for edge cases (empty response, invalid status) Co-Authored-By: Mike Rolish <[email protected]>
bplatak
approved these changes
Oct 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Added HTTP/HTTPS proxy support to pyth-lazer-agent to enable WebSocket connections through corporate proxies. The implementation includes a manual HTTP CONNECT handshake with proper request building and response parsing, Basic authentication support, and enhanced logging for debugging.
Link to Devin run: https://app.devin.ai/sessions/9950b0a51eae4b2a87edd70073d61223
Requested by: Mike Rolish ([email protected]), @merolish
Rationale
A customer requires proxy support to use pyth-lazer-agent in their corporate environment. The
tokio-tungstenitelibrary doesn't support proxies directly, requiring manual implementation of the HTTP CONNECT protocol (RFC 2817).Changes
Core Implementation
proxy_url: Option<Url>configuration field toConfigstructconnect_through_proxy()function with:http://user:pass@proxy:port)\r\n\r\nterminator detectedwss://connections through proxy tunneltokio-native-tlsdependency for TLS supportResponse Parsing Improvements
The refactored implementation provides:
How has this been tested?
This implementation is UNTESTED with an actual proxy server. The customer hasn't provided proxy details yet. Key areas requiring careful review:
1. Security - Credential Logging (HIGH PRIORITY)
Lines 80-81, 88-90, 102, 131-135 in
relayer_session.rs:http://user:pass@proxy:port)2. Response Parsing Robustness (MEDIUM PRIORITY)
Lines 88-136:
\r\n\r\ndetected, but no timeout - could hang indefinitelyfrom_utf8_lossy) - could mask binary issues3. Error Handling Gaps (MEDIUM PRIORITY)
Lines 125-134:
4. Authentication Limitations (LOW PRIORITY)
Lines 67-73:
5. TLS Through Proxy (LOW PRIORITY)
Lines 144-166:
Testing Recommendations
Before merging, this should be tested with:
Note on Diff Size
apps/pyth-lazer-agent/only.