feat(dgw,agent): add HTTP/SOCKS proxy configuration support

Adds configurable HTTP/HTTPS/SOCKS4/SOCKS5 proxy support for outbound
requests in both Gateway and Agent. Proxy settings can be configured
manually or auto-detected from system settings (WinHTTP on Windows,
environment variables on Unix).

This replaces reqwest's system-proxy feature with the proxy_cfg crate
for better system integration and per-URL proxy selection, improving
support for PAC files and complex enterprise proxy environments.

Author: CBenoit

Cargo.lock

@@ -230,6 +230,41 @@ Stable options are:
     * **StaticRootPath** (_FilePath_): Path to the static files for the standalone web application.
         This is an advanced option which should typically not be changed.
 
+- **Proxy** (_Object_): HTTP/SOCKS proxy configuration for outbound requests.
+    Supports three modes: Off (never use proxy), System (auto-detect), Manual (explicit configuration).
+
+    * **Mode** (_String_): Proxy mode (default is `System`).
+        - `Off`: Never use a proxy, ignore environment variables
+        - `System`: Auto-detect proxy from environment variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY)
+            or system settings (per-user and machine-wide settings with WinHTTP fallback on Windows,
+            `/etc/sysconfig/proxy` on RHEL/SUSE systems, SCDynamicStoreCopyProxies() on macOS)
+        - `Manual`: Use explicitly configured proxy URLs
+
+    * **Http** (_URL_): HTTP proxy URL for `http://` requests (e.g., `http://proxy.corp:8080`).
+        Only used when Mode is `Manual`.
+
+    * **Https** (_URL_): HTTPS proxy URL for `https://` requests (e.g., `http://proxy.corp:8080`).
+        Only used when Mode is `Manual`.
+
+    * **All** (_URL_): Fallback proxy URL for all protocols (e.g., `socks5://proxy.corp:1080`).
+        Only used when Mode is `Manual`.
+        The URL scheme determines the proxy type:
+        - `http://proxy.corp:8080` - HTTP CONNECT proxy
+        - `socks5://proxy.corp:1080` - SOCKS5 proxy
+        - `socks4://proxy.corp:1080` - SOCKS4 proxy
+
+    * **Exclude** (_Array of Strings_): Bypass list with NO_PROXY semantics (only used when Mode is `Manual`).
+        Supports:
+        - Wildcard: `*` (bypass proxy for all targets)
+        - Exact hostname: `localhost`, `example.com`
+        - Domain suffix: `.corp.local` (matches `foo.corp.local`)
+        - IP address: `127.0.0.1`
+        - CIDR range: `10.0.0.0/8`, `192.168.0.0/16`
+
+    Authentication can be included in proxy URLs: `http://username:password@proxy.corp:8080`
+
+    See the [Cookbook](./docs/COOKBOOK.md) for configuration examples.
+
 - **VerbosityProfile** (_String_): Logging verbosity profile (pre-defined tracing directives).
 
     Possible values:

README.md

@@ -96,6 +96,10 @@
       "$ref": "#/definitions/AiGatewayConf",
       "description": "JSON object describing the AI gateway configuration (experimental, requires enable_unstable)."
     },
+    "Proxy": {
+      "$ref": "#/definitions/ProxyConf",
+      "description": "HTTP/SOCKS proxy configuration for outbound requests."
+    },
     "LogFile": {
       "type": "string",
       "description": "Path to the log file."
@@ -630,6 +634,38 @@
       },
       "additionalProperties": false
     },
+    "ProxyConf": {
+      "type": "object",
+      "description": "HTTP/SOCKS proxy configuration for outbound requests. Supports three modes: Off (never use proxy), System (auto-detect from environment/system settings), Manual (use explicitly configured URLs).",
+      "properties": {
+        "Mode": {
+          "type": "string",
+          "enum": ["Off", "System", "Manual"],
+          "default": "System",
+          "description": "Proxy mode: Off (never use proxy), System (auto-detect from environment variables or WinHTTP), Manual (use configured URLs)"
+        },
+        "Http": {
+          "type": "string",
+          "description": "HTTP proxy URL for http:// requests (e.g., http://proxy.corp:8080). Only used when Mode is Manual."
+        },
+        "Https": {
+          "type": "string",
+          "description": "HTTPS proxy URL for https:// requests (e.g., http://proxy.corp:8080). Only used when Mode is Manual."
+        },
+        "All": {
+          "type": "string",
+          "description": "Fallback proxy URL for all protocols (e.g., socks5://proxy.corp:1080). Only used when Mode is Manual."
+        },
+        "Exclude": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description": "Bypass list with NO_PROXY semantics. Supports: wildcard '*', exact hostname 'example.com', domain suffix '.corp.local', IP address '127.0.0.1', CIDR range '10.0.0.0/8'. Only used when Mode is Manual."
+        }
+      },
+      "additionalProperties": false
+    },
     "DebugConf": {
       "type": "object",
       "properties": {

config_schema.json

@@ -0,0 +1,21 @@
+[package]
+name = "http-client-proxy"
+version = "0.0.0"
+edition = "2024"
+authors = ["Devolutions Inc. <infos@devolutions.net>"]
+publish = false
+
+[lints]
+workspace = true
+
+[dependencies]
+proxy_cfg = "0.4"
+reqwest = { version = "0.12", default-features = false }
+anyhow = "1.0"
+url = "2.5"
+tracing = "0.1"
+ipnet = "2.10"
+parking_lot = "0.12"
+
+[dev-dependencies]
+rstest = "0.25"