Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| "dirs", | ||
| "polymarket-client-sdk", | ||
| "predicates", | ||
| "reqwest 0.13.2", |
There was a problem hiding this comment.
Cargo.lock missing tokio-socks, SOCKS feature not compiled
High Severity
Cargo.toml declares reqwest with features = ["socks"], which requires the tokio-socks optional dependency. However, tokio-socks is completely absent from Cargo.lock — searching for "socks" yields zero results. The lock file appears to have been manually edited (only adding the "reqwest 0.13.2" line) rather than regenerated by cargo. This means the socks feature isn't actually compiled in, so SOCKS5 proxy support silently doesn't work.
Additional Locations (1)
…ARKET_PROXY env > config file)
Address review feedback: - Move from #[tokio::main] to sync fn main() so set_var runs before any worker threads are spawned (eliminates UB on Rust 2024 edition) - Add NO_PROXY=polygon.drpc.org,drpc.org to exclude Polygon RPC from SOCKS5 proxying — alloy depends on reqwest 0.12 which lacks socks support and would fail if HTTP(S)_PROXY points to a socks5:// URL - Build tokio runtime manually with Builder::new_multi_thread() Tested: CLOB calls route through SOCKS5, approve check (alloy RPC) bypasses proxy and queries Polygon directly.
|
all valid points! The third commit (
Verified on server:
|
Address cursor bot review: - save_wallet now reads existing proxy from config before overwriting, preventing silent loss of user-configured proxy URL - resolve_key treats empty string from config as None, so callers get the helpful "No wallet configured" message instead of a confusing "Invalid private key" error when private_key is absent from config
| unsafe { | ||
| std::env::set_var("HTTPS_PROXY", url); | ||
| std::env::set_var("HTTP_PROXY", url); | ||
| std::env::set_var("NO_PROXY", "polygon.drpc.org,drpc.org"); |
There was a problem hiding this comment.
NO_PROXY overwrites existing user environment variable values
Medium Severity
Setting NO_PROXY to a hardcoded value unconditionally replaces any existing NO_PROXY entries the user already has in their environment. Since this feature specifically targets corporate/VPN users — who commonly have NO_PROXY configured for internal services — this overwrites those entries within the CLI process. The existing entries need to be preserved by reading the current NO_PROXY value and appending polygon.drpc.org,drpc.org to it rather than replacing it.
| /// Priority: CLI flag > env var > config file. | ||
| pub fn resolve_proxy(cli_flag: Option<&str>) -> Option<String> { | ||
| if let Some(url) = cli_flag { | ||
| return Some(url.to_string()); |
There was a problem hiding this comment.
Empty proxy string not filtered from CLI flag
Low Severity
resolve_proxy filters empty strings for the POLYMARKET_PROXY env var path (via !url.is_empty()) but does not apply the same check to the CLI flag path or the config file path. An empty --proxy "" value or an empty proxy string in the config file would result in setting HTTPS_PROXY and HTTP_PROXY to empty strings, likely causing confusing request failures.
…pport) wallet show/create/import now use the configured signature_type to derive the correct trading wallet address: - "proxy" → EIP-1167 minimal proxy (Magic/email wallets) - "gnosis-safe" → Gnosis Safe 1-of-1 (browser/MetaMask wallets) - "eoa" → no derived wallet, use EOA directly Previously all wallet commands hardcoded derive_proxy_wallet(), ignoring the signature_type setting entirely. This caused the CLI to show the wrong deposit address when using gnosis-safe mode (which is what polymarket.com creates for browser wallet users). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
croll83
force-pushed
the
feat/socks-proxy-support
branch
from
586b4ba to
489d83e
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| tabled = "0.17" | ||
| rust_decimal = "1" | ||
| anyhow = "1" | ||
| reqwest = { version = "0.13", features = ["socks"] } |
There was a problem hiding this comment.
Cargo.lock missing tokio-socks breaks SOCKS5 proxy support
High Severity
The Cargo.toml adds reqwest with features = ["socks"], but the committed Cargo.lock does not contain tokio-socks anywhere — the required transitive dependency for SOCKS5 support. The reqwest 0.13.2 entry in the lockfile lists no socks-related dependencies. This means builds using cargo install --locked or CI with --locked will compile reqwest without actual SOCKS5 support, silently making the PR's core feature non-functional at runtime.
Additional Locations (1)
1 participant
Summary
--proxyglobal CLI flag for SOCKS5/HTTP proxy (e.g.,--proxy socks5://127.0.0.1:1080)POLYMARKET_PROXYenv var as fallback when flag is not providedreqwestsocksfeature for SOCKS5 protocol supportMotivation
The Polymarket CLOB geoblocks certain regions. Users behind VPNs or corporate proxies need a way to route CLI traffic through a SOCKS5 or HTTP proxy. Currently
reqwestis compiled withoutsockssupport, so standard proxy env vars (ALL_PROXY,HTTPS_PROXY) don't work with SOCKS5 URLs.Changes
reqwestwithsocksfeature (Cargo unifies features across dependency tree)--proxyglobal flag +POLYMARKET_PROXYenv var resolution, setsHTTPS_PROXY/HTTP_PROXYbefore client initializationUsage
Note
Medium Risk
Changes process-wide proxy environment handling and early startup/runtime initialization, which can affect all outbound networking behavior if misconfigured; scope is otherwise contained to CLI/config plumbing and output renames.
Overview
Adds SOCKS5/HTTP proxy support via a new global
--proxyflag plusPOLYMARKET_PROXY/config-file fallback, and enablesreqwest’ssocksfeature to make SOCKS URLs work.Moves proxy resolution to happen before the Tokio runtime starts and sets
HTTP_PROXY/HTTPS_PROXY(withNO_PROXYexclusions for Polygon RPC) so only API traffic is proxied; also extends config schema to persist an optionalproxyvalue and avoids treating an empty storedprivate_keyas configured.Separately, wallet/setup output is generalized from “proxy wallet” to “trading wallet” by deriving the address based on signature type (proxy vs gnosis-safe vs EOA) and renaming JSON fields accordingly.
Written by Cursor Bugbot for commit 489d83e. This will update automatically on new commits. Configure here.