agentscope-ai
diff --git a/‎agentscope-core/src/main/java/io/agentscope/core/model/transport/HttpTransportConfig.java‎
Lines changed: 25 additions & 0 deletions b/‎agentscope-core/src/main/java/io/agentscope/core/model/transport/HttpTransportConfig.java‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎agentscope-core/src/main/java/io/agentscope/core/model/transport/JdkHttpTransport.java‎
Lines changed: 75 additions & 3 deletions b/‎agentscope-core/src/main/java/io/agentscope/core/model/transport/JdkHttpTransport.java‎
Lines changed: 75 additions & 3 deletions
diff --git a/‎agentscope-core/src/main/java/io/agentscope/core/model/transport/OkHttpTransport.java‎
Lines changed: 69 additions & 3 deletions b/‎agentscope-core/src/main/java/io/agentscope/core/model/transport/OkHttpTransport.java‎
Lines changed: 69 additions & 3 deletions
@@ -40,6 +40,7 @@ public class HttpTransportConfig {
     private final int maxIdleConnections;
     private final Duration keepAliveDuration;
     private final boolean ignoreSsl;
+    private final ProxyConfig proxyConfig;
 
     private HttpTransportConfig(Builder builder) {
         this.connectTimeout = builder.connectTimeout;
@@ -48,6 +49,7 @@ private HttpTransportConfig(Builder builder) {
         this.maxIdleConnections = builder.maxIdleConnections;
         this.keepAliveDuration = builder.keepAliveDuration;
         this.ignoreSsl = builder.ignoreSsl;
+        this.proxyConfig = builder.proxyConfig;
     }
 
     /**
@@ -108,6 +110,15 @@ public boolean isIgnoreSsl() {
         return ignoreSsl;
     }
 
+    /**
+     * Get the proxy configuration.
+     *
+     * @return the proxy configuration, or null if no proxy is configured
+     */
+    public ProxyConfig getProxyConfig() {
+        return proxyConfig;
+    }
+
     /**
      * Create a new builder for HttpTransportConfig.
      *
@@ -136,6 +147,7 @@ public static class Builder {
         private int maxIdleConnections = 5;
         private Duration keepAliveDuration = Duration.ofMinutes(5);
         private boolean ignoreSsl = false;
+        private ProxyConfig proxyConfig = null;
 
         /**
          * Set the connect timeout.
@@ -207,6 +219,19 @@ public Builder ignoreSsl(boolean ignoreSsl) {
             return this;
         }
 
+        /**
+         * Set the proxy configuration.
+         *
+         * <p>Supports HTTP and SOCKS proxies. See {@link ProxyConfig} for details.
+         *
+         * @param proxyConfig the proxy configuration
+         * @return this builder
+         */
+        public Builder proxy(ProxyConfig proxyConfig) {
+            this.proxyConfig = proxyConfig;
+            return this;
+        }
+
         /**
          * Build the HttpTransportConfig.
          *
 
@@ -19,6 +19,11 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.net.InetSocketAddress;
+import java.net.PasswordAuthentication;
+import java.net.Proxy;
+import java.net.ProxySelector;
+import java.net.SocketAddress;
 import java.net.URI;
 import java.net.http.HttpClient;
 import java.net.http.HttpClient.Redirect;
@@ -29,6 +34,8 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.CompletableFuture;
@@ -114,14 +121,50 @@ private static HttpClient buildClient(HttpTransportConfig config) {
                 sslContext.init(
                         null, new TrustManager[] {new TrustAllManager()}, new SecureRandom());
                 builder.sslContext(sslContext);
-                log.warn(
-                        "SSL certificate verification is disabled. "
-                                + "This should only be used for testing.");
+                log.error(
+                        "SSL certificate verification has been disabled for this WebSocket client."
+                            + " This configuration must only be used for local development or"
+                            + " testing with self-signed certificates. Do not disable SSL"
+                            + " verification in production environments, as it exposes connections"
+                            + " to man-in-the-middle attacks.");
             } catch (NoSuchAlgorithmException | KeyManagementException e) {
                 throw new HttpTransportException("Failed to create insecure SSL context", e);
             }
         }
 
+        // Configure proxy
+        if (config.getProxyConfig() != null) {
+            ProxyConfig proxyConfig = config.getProxyConfig();
+
+            if (proxyConfig.getNonProxyHosts() != null
+                    && !proxyConfig.getNonProxyHosts().isEmpty()) {
+                builder.proxy(new NonProxyHostsSelector(proxyConfig));
+            } else {
+                builder.proxy(
+                        ProxySelector.of(
+                                new InetSocketAddress(
+                                        proxyConfig.getHost(), proxyConfig.getPort())));
+            }
+
+            // Note: JDK HttpClient does not support SOCKS5 authentication directly.
+            // For HTTP proxy authentication, use Authenticator.
+            if (proxyConfig.hasAuthentication() && proxyConfig.getType() == ProxyType.HTTP) {
+                final String username = proxyConfig.getUsername();
+                final String password = proxyConfig.getPassword();
+                builder.authenticator(
+                        new java.net.Authenticator() {
+                            @Override
+                            protected PasswordAuthentication getPasswordAuthentication() {
+                                if (getRequestorType() == RequestorType.PROXY) {
+                                    return new PasswordAuthentication(
+                                            username, password.toCharArray());
+                                }
+                                return null;
+                            }
+                        });
+            }
+        }
+
         return builder.build();
     }
 
@@ -424,4 +467,33 @@ public X509Certificate[] getAcceptedIssuers() {
             return new X509Certificate[0];
         }
     }
+
+    /**
+     * ProxySelector that respects non-proxy hosts configuration.
+     */
+    private static class NonProxyHostsSelector extends ProxySelector {
+        private final ProxyConfig proxyConfig;
+        private final List<Proxy> proxyList;
+
+        NonProxyHostsSelector(ProxyConfig proxyConfig) {
+            this.proxyConfig = proxyConfig;
+            this.proxyList = Collections.singletonList(proxyConfig.toJavaProxy());
+        }
+
+        @Override
+        public List<Proxy> select(URI uri) {
+            if (uri == null || uri.getHost() == null) {
+                return proxyList;
+            }
+            if (proxyConfig.shouldBypass(uri.getHost())) {
+                return Collections.singletonList(Proxy.NO_PROXY);
+            }
+            return proxyList;
+        }
+
+        @Override
+        public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
+            log.warn("Proxy connection failed: uri={}, address={}", uri, sa, ioe);
+        }
+    }
 }
@@ -18,17 +18,24 @@
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.net.Proxy;
+import java.net.ProxySelector;
+import java.net.SocketAddress;
+import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 import okhttp3.ConnectionPool;
+import okhttp3.Credentials;
 import okhttp3.MediaType;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
@@ -108,15 +115,45 @@ private OkHttpClient buildClient(HttpTransportConfig config) {
 
         // Configure SSL (optionally ignore certificate verification)
         if (config.isIgnoreSsl()) {
-            log.warn(
-                    "SSL certificate verification is disabled. This is not recommended for"
-                            + " production.");
+            log.error(
+                    "SSL certificate verification has been disabled for this WebSocket client. This"
+                        + " configuration must only be used for local development or testing with"
+                        + " self-signed certificates. Do not disable SSL verification in production"
+                        + " environments, as it exposes connections to man-in-the-middle attacks.");
             builder =
                     builder.sslSocketFactory(
                                     createTrustAllSslSocketFactory(), createTrustAllTrustManager())
                             .hostnameVerifier((hostname, session) -> true);
         }
 
+        // Configure proxy
+        if (config.getProxyConfig() != null) {
+            ProxyConfig proxyConfig = config.getProxyConfig();
+
+            if (proxyConfig.getNonProxyHosts() != null
+                    && !proxyConfig.getNonProxyHosts().isEmpty()) {
+                builder.proxySelector(new NonProxyHostsSelector(proxyConfig));
+            } else {
+                builder.proxy(proxyConfig.toJavaProxy());
+            }
+
+            if (proxyConfig.hasAuthentication()) {
+                final String username = proxyConfig.getUsername();
+                final String password = proxyConfig.getPassword();
+                builder.proxyAuthenticator(
+                        (route, response) -> {
+                            if (response.request().header("Proxy-Authorization") != null) {
+                                return null; // Avoid infinite retry
+                            }
+                            String credential = Credentials.basic(username, password);
+                            return response.request()
+                                    .newBuilder()
+                                    .header("Proxy-Authorization", credential)
+                                    .build();
+                        });
+            }
+        }
+
         return builder.build();
     }
 
@@ -425,4 +462,33 @@ public OkHttpTransport build() {
             return new OkHttpTransport(config);
         }
     }
+
+    /**
+     * ProxySelector that respects non-proxy hosts configuration.
+     */
+    private static class NonProxyHostsSelector extends ProxySelector {
+        private final ProxyConfig proxyConfig;
+        private final List<Proxy> proxyList;
+
+        NonProxyHostsSelector(ProxyConfig proxyConfig) {
+            this.proxyConfig = proxyConfig;
+            this.proxyList = Collections.singletonList(proxyConfig.toJavaProxy());
+        }
+
+        @Override
+        public List<Proxy> select(URI uri) {
+            if (uri == null || uri.getHost() == null) {
+                return proxyList;
+            }
+            if (proxyConfig.shouldBypass(uri.getHost())) {
+                return Collections.singletonList(Proxy.NO_PROXY);
+            }
+            return proxyList;
+        }
+
+        @Override
+        public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
+            log.warn("Proxy connection failed: uri={}, address={}", uri, sa, ioe);
+        }
+    }
 }