PyPI - codex-api-proxy - Versions diffs - 0.1.3__tar.gz → 0.1.4__tar.gz - Mend

codex-api-proxy 0.1.3tar.gz → 0.1.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

{codex_api_proxy-0.1.3 → codex_api_proxy-0.1.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codex-api-proxy
-Version: 0.1.3
+Version: 0.1.4
 Summary: Local OpenAI-compatible HTTP proxy backed by Codex/OpenAI credentials
 Author: codex-api-proxy contributors
 License-Expression: MIT
@@ -102,6 +102,20 @@ You can also set the upstream proxy explicitly at startup:
 codex-api-proxy start --proxy=http://127.0.0.1:8118
 ```
+If the upstream connection passes through a corporate TLS proxy or another endpoint
+using a private/self-signed certificate chain, point the proxy at a CA bundle that
+trusts that chain:
+- `CODEX_API_PROXY_CA_BUNDLE`
+- `REQUESTS_CA_BUNDLE`
+- `SSL_CERT_FILE`
+For example:
+```bash
+CODEX_API_PROXY_CA_BUNDLE=/path/to/internal-ca-bundle.pem codex-api-proxy start
+```
 ## Run
 Start in the background:
@@ -164,6 +178,7 @@ Environment variables for the local server:
 - `CODEX_PROXY_PORT`
 - `CODEX_PROXY_API_KEY`
 - `CODEX_API_PROXY_HTTPS_PROXY`
+- `CODEX_API_PROXY_CA_BUNDLE`
 - `CODEX_PROXY_LOG_LEVEL`
 Token refresh compatibility variables:

{codex_api_proxy-0.1.3 → codex_api_proxy-0.1.4}/README.md RENAMED Viewed

@@ -78,6 +78,20 @@ You can also set the upstream proxy explicitly at startup:
 codex-api-proxy start --proxy=http://127.0.0.1:8118
 ```
+If the upstream connection passes through a corporate TLS proxy or another endpoint
+using a private/self-signed certificate chain, point the proxy at a CA bundle that
+trusts that chain:
+- `CODEX_API_PROXY_CA_BUNDLE`
+- `REQUESTS_CA_BUNDLE`
+- `SSL_CERT_FILE`
+For example:
+```bash
+CODEX_API_PROXY_CA_BUNDLE=/path/to/internal-ca-bundle.pem codex-api-proxy start
+```
 ## Run
 Start in the background:
@@ -140,6 +154,7 @@ Environment variables for the local server:
 - `CODEX_PROXY_PORT`
 - `CODEX_PROXY_API_KEY`
 - `CODEX_API_PROXY_HTTPS_PROXY`
+- `CODEX_API_PROXY_CA_BUNDLE`
 - `CODEX_PROXY_LOG_LEVEL`
 Token refresh compatibility variables:

{codex_api_proxy-0.1.3 → codex_api_proxy-0.1.4}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "codex-api-proxy"
-version = "0.1.3"
+version = "0.1.4"
 description = "Local OpenAI-compatible HTTP proxy backed by Codex/OpenAI credentials"
 readme = "README.md"
 requires-python = ">=3.11"

{codex_api_proxy-0.1.3 → codex_api_proxy-0.1.4}/src/codex_api_proxy/__init__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """OpenAI-compatible HTTP proxy backed by Codex/OpenAI credentials."""
-__version__ = "0.1.3"
+__version__ = "0.1.4"

{codex_api_proxy-0.1.3 → codex_api_proxy-0.1.4}/src/codex_api_proxy/config.py RENAMED Viewed

@@ -76,6 +76,14 @@ def upstream_https_proxy(explicit_proxy: str | None = None) -> str | None:
     return DEFAULT_HTTPS_PROXY
+def upstream_ssl_verify() -> bool | str:
+    for key in ("CODEX_API_PROXY_CA_BUNDLE", "REQUESTS_CA_BUNDLE", "SSL_CERT_FILE"):
+        value = os.environ.get(key, "").strip()
+        if value:
+            return value
+    return True
 def upstream_originator() -> str:
     override = os.environ.get("CODEX_INTERNAL_ORIGINATOR_OVERRIDE", "").strip()
     return override or DEFAULT_ORIGINATOR
@@ -95,6 +103,7 @@ def upstream_client(explicit_proxy: str | None = None) -> httpx.AsyncClient:
     return httpx.AsyncClient(
         timeout=DEFAULT_TIMEOUT,
         proxy=upstream_https_proxy(explicit_proxy),
+        verify=upstream_ssl_verify(),
         trust_env=False,
     )

{codex_api_proxy-0.1.3 → codex_api_proxy-0.1.4}/src/codex_api_proxy.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codex-api-proxy
-Version: 0.1.3
+Version: 0.1.4
 Summary: Local OpenAI-compatible HTTP proxy backed by Codex/OpenAI credentials
 Author: codex-api-proxy contributors
 License-Expression: MIT
@@ -102,6 +102,20 @@ You can also set the upstream proxy explicitly at startup:
 codex-api-proxy start --proxy=http://127.0.0.1:8118
 ```
+If the upstream connection passes through a corporate TLS proxy or another endpoint
+using a private/self-signed certificate chain, point the proxy at a CA bundle that
+trusts that chain:
+- `CODEX_API_PROXY_CA_BUNDLE`
+- `REQUESTS_CA_BUNDLE`
+- `SSL_CERT_FILE`
+For example:
+```bash
+CODEX_API_PROXY_CA_BUNDLE=/path/to/internal-ca-bundle.pem codex-api-proxy start
+```
 ## Run
 Start in the background:
@@ -164,6 +178,7 @@ Environment variables for the local server:
 - `CODEX_PROXY_PORT`
 - `CODEX_PROXY_API_KEY`
 - `CODEX_API_PROXY_HTTPS_PROXY`
+- `CODEX_API_PROXY_CA_BUNDLE`
 - `CODEX_PROXY_LOG_LEVEL`
 Token refresh compatibility variables:

{codex_api_proxy-0.1.3 → codex_api_proxy-0.1.4}/tests/test_config.py RENAMED Viewed

@@ -1,5 +1,6 @@
 from codex_api_proxy.config import DEFAULT_HTTPS_PROXY
 from codex_api_proxy.config import Settings
+from codex_api_proxy.config import upstream_client
 from codex_api_proxy.config import upstream_https_proxy
@@ -64,3 +65,52 @@ def test_upstream_https_proxy_defaults_to_privoxy(monkeypatch) -> None:
 def test_upstream_https_proxy_env_override(monkeypatch) -> None:
     monkeypatch.setenv("CODEX_API_PROXY_HTTPS_PROXY", "http://127.0.0.1:9999")
     assert upstream_https_proxy() == "http://127.0.0.1:9999"
+def test_upstream_client_defaults_to_system_tls_trust(monkeypatch) -> None:
+    for key in ("CODEX_API_PROXY_CA_BUNDLE", "SSL_CERT_FILE", "REQUESTS_CA_BUNDLE"):
+        monkeypatch.delenv(key, raising=False)
+    captured = {}
+    def fake_async_client(**kwargs):
+        captured.update(kwargs)
+        return object()
+    monkeypatch.setattr("codex_api_proxy.config.httpx.AsyncClient", fake_async_client)
+    upstream_client()
+    assert captured["verify"] is True
+def test_upstream_client_uses_proxy_ca_bundle(monkeypatch) -> None:
+    monkeypatch.setenv("CODEX_API_PROXY_CA_BUNDLE", "/etc/ssl/certs/internal-ca.pem")
+    monkeypatch.setenv("SSL_CERT_FILE", "/etc/ssl/certs/ignored.pem")
+    captured = {}
+    def fake_async_client(**kwargs):
+        captured.update(kwargs)
+        return object()
+    monkeypatch.setattr("codex_api_proxy.config.httpx.AsyncClient", fake_async_client)
+    upstream_client()
+    assert captured["verify"] == "/etc/ssl/certs/internal-ca.pem"
+def test_upstream_client_uses_common_ca_bundle_env(monkeypatch) -> None:
+    monkeypatch.delenv("CODEX_API_PROXY_CA_BUNDLE", raising=False)
+    monkeypatch.setenv("REQUESTS_CA_BUNDLE", "/etc/ssl/certs/requests-ca.pem")
+    monkeypatch.setenv("SSL_CERT_FILE", "/etc/ssl/certs/ssl-ca.pem")
+    captured = {}
+    def fake_async_client(**kwargs):
+        captured.update(kwargs)
+        return object()
+    monkeypatch.setattr("codex_api_proxy.config.httpx.AsyncClient", fake_async_client)
+    upstream_client()
+    assert captured["verify"] == "/etc/ssl/certs/requests-ca.pem"