Respect HTTPS_PROXY / HTTP_PROXY env vars for backend outbound fetches

[aitrace-dev]

Context

Users on corporate networks need outbound LLM API calls to go through an HTTP(S) proxy. Node's native fetch does not honor HTTPS_PROXY by default — it needs to be wired up explicitly.

The cleanest approach is undici.setGlobalDispatcher(new ProxyAgent(...)) at backend startup when the env var is set.

Acceptance criteria

• At backend startup, if HTTPS_PROXY / HTTP_PROXY / ALL_PROXY is set, configure undici with a ProxyAgent
• Respect NO_PROXY for excluded hosts
• Log a single line at startup: Outbound proxy enabled: <sanitized-url> — redact any auth credentials from the URL before logging
• Vitest using a tiny in-process HTTP proxy (e.g. proxy-chain or a minimal http.createServer) verifies outbound fetch flows through it
• CONTRIBUTING.md or a new docs/proxy.md documents the env vars

Pointers

• packages/backend/src/index.ts (startup)
• New packages/backend/src/proxy.ts + test

Difficulty

~2–3 hours.

[snakefood3232]

Node's fetch not honoring HTTPS_PROXY is a common pain point in corporate environments. I'd handle this by implementing an undici.ProxyAgent at backend startup, respecting NO_PROXY and sanitizing logs. Can have a PR with tests and documentation up in a few hours—I've integrated proxy support in several production Next.js backends.

[snakefood3232]

Node's fetch not respecting HTTPS_PROXY is a common corporate network blocker. I'd handle this by adding a startup check in index.ts to conditionally set a global ProxyAgent from undici, respecting NO_PROXY and logging a sanitized URL. I can include tests with a minimal proxy server and update the docs. I've implemented this pattern in production backends before. Can have a PR up in a few hours.