fix(claude-auth): support HTTP proxy for OAuth refresh

[abix5]

Summary

• Add a dedicated proxy dialer for Claude auth that supports http, https, socks5, and socks5h proxy schemes.
• Implement HTTP CONNECT tunneling (including proxy auth header support) so proxy-url: http://... works in the uTLS refresh path.
• Wire newUtlsRoundTripper to use the new dialer and improve proxy dialer error logging context.
• Add focused tests for proxy dialer behavior and HTTP CONNECT tunnel success/failure cases.

Testing

• go test -race -count=1 ./internal/auth/claude/
• go test ./...

Context

• Related to Anthropic OAuth 🚫 #2070 (Anthropic OAuth/auth refresh failures with proxy configuration).

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses and resolves issues related to Anthropic OAuth/authentication refresh failures when a proxy configuration is in use. It introduces robust proxy handling capabilities, ensuring that authentication requests can be successfully routed through various proxy types, thereby improving the reliability of Claude API interactions in proxied environments.

Highlights

• Proxy Dialer: Added a dedicated proxy dialer for Claude authentication that supports http, https, socks5, and socks5h proxy schemes.
• HTTP CONNECT Tunneling: Implemented HTTP CONNECT tunneling, including proxy authentication header support, to enable http://... proxy URLs in the uTLS refresh path.
• Integration and Logging: Wired the newUtlsRoundTripper to use the new dialer and enhanced proxy dialer error logging context.
• Testing: Added focused tests to validate proxy dialer behavior and HTTP CONNECT tunnel success/failure cases.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• internal/auth/claude/proxy_dialer.go
  • Added a new file that provides a dedicated proxy dialer for Claude authentication, supporting SOCKS5 and HTTP(S) CONNECT proxies, including proxy authentication.
• internal/auth/claude/proxy_dialer_test.go
  • Added comprehensive unit tests for the new proxy dialer functionality, covering various proxy types, error conditions, and HTTP CONNECT tunneling.
• internal/auth/claude/utls_transport.go
  • Removed the direct import of "net/url" as the new proxy dialer handles URL parsing.
  • Updated the newUtlsRoundTripper function to utilize the newly introduced buildProxyDialer for proxy configuration and improved error logging.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces support for HTTP proxies for Claude authentication, including http, https, and socks5 schemes. The implementation correctly handles HTTP CONNECT tunneling for http/https proxies, which was a limitation in the previous approach. The new functionality is well-tested with a new suite of focused unit and integration tests. The changes are clean and effectively address the issue of proxy support for OAuth refresh.

My review includes a few suggestions to improve error handling in the proxy dialer and to make the test mocks more robust by using standard library functions for parsing HTTP requests instead of manual parsing. These changes will improve the maintainability and correctness of the code and its tests.

[abix5]

Addressed Gemini review suggestions in follow-up commits.

• Added explicit handling for response body read failures on non-200 CONNECT responses in internal/auth/claude/proxy_dialer.go.
• Refactored CONNECT test helpers to use net/http request parsing instead of manual line parsing in internal/auth/claude/proxy_dialer_test.go.

Validation completed:

• go vet ./internal/auth/claude/
• go test -race -count=1 ./internal/auth/claude/
• go test ./...