You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added per-account proxy support so each account can use its own proxy configuration independently of the global runtime proxy settings.
Added persistent account proxy settings storage, including migration, storage APIs, service/RPC handlers, Tauri commands, frontend API bindings, and account list normalization.
Added proxy health checks with account-level status, latency, error details, IP/geo metadata, ASN/ISP metadata, timezone metadata, and flag image / emoji fields.
Updated gateway, usage, subscription, and token-refresh paths so account-scoped proxy settings are applied consistently where account-specific network requests are made.
Added frontend account proxy UI and localization updates for English, Korean, and Russian.
Updated and stabilized affected frontend/runtime/e2e tests so the available frontend test commands pass with the new account proxy UI and account data shape.
Scope
Frontend
Desktop / Tauri
Service
Gateway / Protocol Adapter
Docs / Governance
Workflow / Release
Tests and Verification
pnpm -C apps run test:runtime
pnpm -C apps run test:e2e
pnpm -C apps run test:navigation
pnpm -C apps run build
pnpm -C apps run build:desktop
cargo test --workspace
Actually executed verification:
pnpm -C apps run test:runtime
pnpm -C apps run test:e2e
pnpm -C apps run test:navigation
pnpm -C apps run build
pnpm -C apps run build:desktop
cargo test --workspace
cargo build -p codexmanager-service --release
cargo build -p codexmanager-web --release --features embedded-ui
cargo build -p codexmanager-start --release
All frontend tests were executed successfully after updating the affected tests by 1c7503b52f commit.
The account network path now has two possible proxy sources: explicit per-account proxy settings and the existing global/runtime proxy configuration. Regressions are possible if fallback order or cache invalidation behaves incorrectly.
Invalid enabled account proxy settings intentionally fail closed for account-scoped requests instead of silently falling back to the global proxy path.
Proxy health checks now persist additional account-level state, including IP, geo, ASN/ISP, timezone, and flag metadata. Existing account data should remain compatible through the new migration and default handling.
Account proxy settings are cached for gateway clients, so proxy updates and clears must invalidate the account proxy cache correctly.
Usage, subscription, and token-refresh flows now support explicit account proxy routing; failures in these paths may affect account availability/balance refresh results.
The affected runtime/e2e/navigation tests were updated to match the current app settings/account payload shape and account proxy additions. This reduces false failures, but these test changes should still be reviewed carefully to ensure they preserve the intended coverage.
Proxy protocols such as VLESS, Trojan, SS (Shadowsocks), and Hysteria2 are rejected with guidance to use a local HTTP/SOCKS endpoint instead, for example a sing-box mixed inbound like http://127.0.0.1:7891.
Proxy health checks use ipwho.is as the default geo provider. The public API is available without an API key or account and allows up to 2,000 requests per day, so the implementation keeps cached flag image lookup by country code when possible to avoid unnecessary repeated fetches.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
Summary
Scope
Tests and Verification
pnpm -C apps run test:runtimepnpm -C apps run test:e2epnpm -C apps run test:navigationpnpm -C apps run buildpnpm -C apps run build:desktopcargo test --workspaceActually executed verification:
All frontend tests were executed successfully after updating the affected tests by 1c7503b52f commit.
Main Files
crates/core/migrations/069_account_proxy_settings.sqlcrates/core/src/storage/account_proxy_settings.rscrates/core/src/storage/accounts.rscrates/core/src/storage/mod.rscrates/core/src/rpc/types.rscrates/service/src/account/account_proxy.rscrates/service/src/account/account_proxy_health.rscrates/service/src/rpc_dispatch/account.rsapps/src-tauri/src/commands/account/remote.rsapps/src-tauri/src/commands/registry.rscrates/service/src/gateway/core/runtime_config.rscrates/service/src/gateway/upstream/attempt_flow/transport.rscrates/service/src/gateway/upstream/attempt_flow/postprocess.rscrates/service/src/gateway/auth/openai_fallback.rscrates/service/src/gateway/auth/token_exchange.rscrates/service/src/usage/usage_http.rscrates/service/src/usage/refresh/mod.rscrates/service/src/usage/usage_token_refresh.rsapps/src/components/accounts/account-proxy-cell.tsxapps/src/components/accounts/account-proxy-status-grid.tsxapps/src/lib/api/account-proxy-settings.tsapps/src/lib/api/account-proxy-normalize.tsapps/src/lib/utils/proxy-geo.tsapps/src/lib/api/account-client.tsapps/src/lib/api/normalize.tsapps/src/hooks/useAccounts.tsapps/src/app/accounts/accounts-page-view.tsxapps/src/app/accounts/accounts-page-helpers.tsxapps/src/app/accounts/page.tsxapps/src/types/account.tsapps/src/lib/i18n/messages/en.tsapps/src/lib/i18n/messages/ko.tsapps/src/lib/i18n/messages/ru.tsapps/src/lib/i18n/messages/sections/en-accounts.tsapps/src/lib/i18n/messages/sections/ko-accounts.tsapps/src/lib/i18n/messages/sections/ru-accounts.tsapps/tests/account-proxy-geo.test.mjsapps/tests/account-list-cache.test.mjsapps/tests/accounts-toolbar.spec.tsapps/tests/accounts-usage-auto-refresh.spec.tsapps/tests/api-keys-model-prefix.spec.tsapps/tests/ccswitch.test.mjsapps/tests/models-management.spec.tsapps/tests/transport-web-commands.test.mjscrates/core/tests/storage.rscrates/core/tests/storage/migration_tests.rscrates/service/src/gateway/core/tests/runtime_config_tests.rscrates/service/src/usage/tests/usage_http_tests.rsRisks and Impact
Notes
http://,https://,socks4://,socks4a://,socks5://,socks5h://.VLESS,Trojan,SS(Shadowsocks), andHysteria2are rejected with guidance to use a local HTTP/SOCKS endpoint instead, for example a sing-box mixed inbound likehttp://127.0.0.1:7891.Screencast
Codex-Manager-account-proxy.mp4