[fix]: authenticate user pass proxies when using a local browser

[natewong1313]

why

Using proxies that need a username and password doesn't work on local mode

what changed

If a username and password is included in the local options then we authenticate the proxy using fetch domain events

test plan

---

Summary by cubic

Fixes proxy authentication in local browser mode by supplying username/password credentials via the CDP Fetch domain. Authenticated proxies now work without manual setup.

• Bug Fixes
  • Detects lbo.proxy username/password and enables Fetch with handleAuthRequests.
  • Responds to Fetch.authRequired with provided credentials and resumes paused requests.
  • Tracks per-page listeners and cleans them up on teardown to prevent leaks.

^{Written for commit 434eca9. Summary will update automatically on new commits.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 434eca9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cubic-dev-ai]

No issues found across 1 file

[greptile-apps]

Greptile Summary

Enables proxy authentication for local browser mode by implementing CDP Fetch domain event handlers that intercept authentication challenges and automatically provide credentials.

• Added Protocol import from devtools-protocol for type safety
• Implemented proxy authentication in _applyPostConnectLocalOptions() using Fetch.enable with auth request handling
• Registered event handlers for Fetch.authRequired and Fetch.requestPaused events
• Added cleanup logic in close() to properly remove event listeners and prevent memory leaks
• Stored cleanup handlers in a Map keyed by page target ID

Issues found:

• Missing error handling on session.send() calls in event handlers could cause unhandled promise rejections
• Potential duplicate listener accumulation if function is called multiple times for same page
• Type mismatch: proxyAuthHandlers declared as Map but assigned null in cleanup

Confidence Score: 3/5

• Safe to merge with addressing error handling issues to prevent runtime failures
• The implementation correctly uses CDP Fetch domain for proxy authentication, but has three issues that should be fixed: missing error handling on async CDP calls, potential duplicate listener registration, and a type inconsistency that could cause TypeScript errors
• The main file packages/core/lib/v3/v3.ts needs attention to address error handling and type issues

Important Files Changed

Filename	Overview
packages/core/lib/v3/v3.ts	Added proxy authentication using CDP Fetch domain. Minor issues with error handling in event handlers and potential duplicate listener registration.

Sequence Diagram

sequenceDiagram
    participant V3
    participant Browser
    participant Page
    participant Session
    participant ProxyServer

    V3->>V3: init()
    V3->>V3: _applyPostConnectLocalOptions(lbo)
    
    alt proxy with username and password
        V3->>Browser: awaitActivePage()
        Browser-->>V3: page
        V3->>Page: getSessionForFrame(mainFrameId())
        Page-->>V3: session
        V3->>Session: send("Fetch.enable", {handleAuthRequests: true})
        Note over Session: Pauses all requests<br/>until auth is complete
        
        V3->>Session: on("Fetch.authRequired", authHandler)
        V3->>Session: on("Fetch.requestPaused", requestPausedHandler)
        V3->>V3: Store cleanup function in proxyAuthHandlers Map
        
        Note over Session,ProxyServer: When proxy requires authentication
        ProxyServer->>Session: Auth challenge
        Session->>V3: Fetch.authRequired event
        V3->>Session: send("Fetch.continueWithAuth", credentials)
        Session->>ProxyServer: Provide credentials
        
        Note over Session: When requests are paused
        Session->>V3: Fetch.requestPaused event
        V3->>Session: send("Fetch.continueRequest")
        Session->>ProxyServer: Continue request
    end
    
    Note over V3: On cleanup
    V3->>V3: close()
    loop for each cleanup handler
        V3->>Session: off("Fetch.authRequired")
        V3->>Session: off("Fetch.requestPaused")
    end
    V3->>V3: proxyAuthHandlers.clear()

Loading

[greptile-apps]

Additional Comments (3)

1. packages/core/lib/v3/v3.ts, line 988-1001 (link)

   logic: error handling missing on CDP send calls - both session.send() calls should have .catch(() => {}) chained to prevent unhandled promise rejections if the session is closed or the request fails

2. packages/core/lib/v3/v3.ts, line 1008-1011 (link)

   logic: if _applyPostConnectLocalOptions is called multiple times for the same page, duplicate listeners will accumulate (the Map only stores the latest cleanup function). Check if handlers already exist and clean them up first:

3. packages/core/lib/v3/v3.ts, line 198 (link)

   syntax: type should be Map<string, () => void> | null since it's set to null on line 1449

_{1 file reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}