fix(core): honor http_proxy env vars via aiohttp trust_env=True#1896
Open
hao-cyber wants to merge 1 commit intoMoonshotAI:mainfrom
Open
fix(core): honor http_proxy env vars via aiohttp trust_env=True#1896hao-cyber wants to merge 1 commit intoMoonshotAI:mainfrom
hao-cyber wants to merge 1 commit intoMoonshotAI:mainfrom
Conversation
new_client_session() constructed aiohttp.ClientSession without trust_env=True, so http_proxy / https_proxy / NO_PROXY were ignored and all outbound requests went direct. On setups where direct network access is unavailable — e.g. a local HTTP proxy whose DNS only resolves for traffic routed through it — /login fails with "Cannot connect to host auth.kimi.com:443 [nodename nor servname provided]" even though curl through the same proxy works. Setting trust_env=True makes aiohttp call urllib.request.getproxies() on each request and honor the standard proxy env vars (both lower- and upper-case on Unix). No new dependencies; no behavior change for users without proxy env vars set. Note: brew-packaged kimi-cli 1.24.0 shipped with this fix already applied locally, so this is a regression fix.
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
new_client_session()constructsaiohttp.ClientSessionwithouttrust_env=True, so the standardhttp_proxy/https_proxy/NO_PROXYenvironment variables are ignored and every outbound request goes direct.On setups where direct network access isn't available — e.g. a local HTTP proxy whose DNS only resolves for traffic routed through it —
/loginfails with:curl -x $http_proxy https://auth.kimi.com/through the same proxy works fine, which confirms the issue is aiohttp-side, not a network / DNS / firewall problem.Fix
One-line change in
src/kimi_cli/utils/aiohttp.py: passtrust_env=Truetoaiohttp.ClientSession. With this, aiohttp callsurllib.request.getproxies()on each request and honors the standard env vars (both lower- and upper-case on Unix). No new dependencies, no behavior change for users without proxy env vars set.Repro (before the fix)
127.0.0.1:7890whose DNS only answers for traffic routed through it.export http_proxy=http://127.0.0.1:7890 https_proxy=http://127.0.0.1:7890.curl -I https://auth.kimi.com/→ succeeds (network path is fine).kimi→/login→ select any platform → DNS/connect failure as above.After the fix, step 4 succeeds.
Notes
kimi-cli 1.24.0formula shipped withtrust_env=Truealready applied (as a local patch downstream), so this looks like a regression onmain.test_session_trusts_proxy_envintests/utils/test_aiohttp_timeout.pyassertingsession.trust_env is True. Existing timeout tests untouched.Unreleasedentry under Core.