usebruno · pooja-bruno · Apr 15, 2026 · coderabbitai · Apr 15, 2026
@@ -148,7 +148,7 @@ const getCertsAndProxyConfig = async ({
       } else if (globalProxySource === 'inherit') {
         proxyMode = 'system';
         const systemProxyConfig = await getCachedSystemProxy();
-        proxyConfig = systemProxyConfig || { http_proxy: null, https_proxy: null, no_proxy: null, source: 'cache-miss' };
+        proxyConfig = systemProxyConfig || { http_proxy: null, https_proxy: null, no_proxy: null, pac_url: null, source: 'cache-miss' };
       } else {
         // source === 'manual'
         proxyConfig = globalProxyConfigData;

@@ -12,6 +12,7 @@ const loadSystemProxy = async () => {
       http_proxy: null,
       https_proxy: null,
       no_proxy: null,
+      pac_url: null,
       source: 'error'
     };
   }

@@ -104,6 +104,35 @@ class PatchedHttpsProxyAgent extends HttpsProxyAgent {
   }
 }
 
+async function resolveAgentsFromPac({ pacSource, requestUrl, requestConfig, tlsOptions, httpsAgentRequestFields, timeline, disableCache, hostname }) {
+  const resolver = await getPacResolver({ pacSource, httpsAgentRequestFields });
+  const directives = await resolver.resolve(requestUrl);
+
+  if (!directives || !directives.length) {
+    return null;
+  }
+
+  const first = directives[0];
+
+  if (/^(PROXY|HTTPS?)\s+/i.test(first)) {
+    const parts = first.split(/\s+/);
+    const keyword = parts[0].toUpperCase();
+    const hostPort = parts[1];
+    const scheme = keyword === 'HTTPS' ? 'https' : 'http';
+    const proxyUri = `${scheme}://${hostPort}`;
+    requestConfig.httpAgent = getOrCreateHttpAgent({ AgentClass: HttpProxyAgent, options: { keepAlive: true }, proxyUri, timeline, disableCache, hostname });
+    requestConfig.httpsAgent = getOrCreateHttpsAgent({ AgentClass: PatchedHttpsProxyAgent, options: tlsOptions, proxyUri, timeline, disableCache, hostname });
+  } else if (/^SOCKS/i.test(first)) {
+    const hostPort = first.split(/\s+/)[1];
+    const proto = /^SOCKS4\s/i.test(first) ? 'socks4' : 'socks5';
+    const proxyUri = `${proto}://${hostPort}`;
+    requestConfig.httpAgent = getOrCreateHttpAgent({ AgentClass: SocksProxyAgent, options: { keepAlive: true }, proxyUri, timeline, disableCache, hostname });
+    requestConfig.httpsAgent = getOrCreateHttpsAgent({ AgentClass: SocksProxyAgent, options: tlsOptions, proxyUri, timeline, disableCache, hostname });
+  }
+
+  return directives;
+}
+
 async function setupProxyAgents({
   requestConfig,
   proxyMode = 'off',
@@ -184,67 +213,66 @@ async function setupProxyAgents({
       }
     }
   } else if (proxyMode === 'system') {
-    const { http_proxy, https_proxy, no_proxy } = proxyConfig || {};
-    const shouldUseSystemProxy = shouldUseProxy(requestConfig.url, no_proxy || '');
-    if (shouldUseSystemProxy) {
+    const { http_proxy, https_proxy, no_proxy, pac_url } = proxyConfig || {};
+
+    // If the OS is configured with a PAC URL, resolve it using the existing PAC infrastructure
+    if (pac_url) {
+      if (timeline) timeline.push({ timestamp: new Date(), type: 'info', message: `Resolving system PAC: ${pac_url}` });
       try {
-        if (http_proxy?.length && !isHttpsRequest) {
-          const parsedHttpProxy = new URL(http_proxy);
-          const isHttpsSystemProxy = parsedHttpProxy.protocol === 'https:';
-          const systemHttpProxyAgentOptions = isHttpsSystemProxy ? { keepAlive: true, ...tlsOptions } : { keepAlive: true };
-          if (timeline) {
-            timeline.push({
-              timestamp: new Date(),
-              type: 'info',
-              message: `Using system proxy: ${http_proxy}`
-            });
-          }
-          requestConfig.httpAgent = getOrCreateHttpAgent({ AgentClass: HttpProxyAgent, options: systemHttpProxyAgentOptions, proxyUri: http_proxy, timeline, disableCache, hostname });
+        const directives = await resolveAgentsFromPac({ pacSource: pac_url, requestUrl: requestConfig.url, requestConfig, tlsOptions, httpsAgentRequestFields, timeline, disableCache, hostname });
+        if (directives) {
+          if (timeline) { timeline.push({ timestamp: new Date(), type: 'info', message: `PAC directives: ${directives.join('; ')}` }); }
+        } else {
+          if (timeline) { timeline.push({ timestamp: new Date(), type: 'info', message: 'System PAC resolved: DIRECT (no proxy)' }); }
         }
-      } catch (error) {
-        throw new Error(`Invalid system http_proxy "${http_proxy}": ${error.message}`);
+      } catch (err) {
+        if (timeline) { timeline.push({ timestamp: new Date(), type: 'error', message: `System PAC resolution failed: ${err.message}` }); }
       }
-      try {
-        if (https_proxy?.length && isHttpsRequest) {
-          new URL(https_proxy);
-          if (timeline) {
-            timeline.push({
-              timestamp: new Date(),
-              type: 'info',
-              message: `Using system proxy: ${https_proxy}`
-            });
+    } else {
+      const shouldUseSystemProxy = shouldUseProxy(requestConfig.url, no_proxy || '');
+      if (shouldUseSystemProxy) {
+        try {
+          if (http_proxy?.length && !isHttpsRequest) {
+            const parsedHttpProxy = new URL(http_proxy);
+            const isHttpsSystemProxy = parsedHttpProxy.protocol === 'https:';
+            const systemHttpProxyAgentOptions = isHttpsSystemProxy ? { keepAlive: true, ...tlsOptions } : { keepAlive: true };
+            if (timeline) {
+              timeline.push({
+                timestamp: new Date(),
+                type: 'info',
+                message: `Using system proxy: ${http_proxy}`
+              });
+            }
+            requestConfig.httpAgent = getOrCreateHttpAgent({ AgentClass: HttpProxyAgent, options: systemHttpProxyAgentOptions, proxyUri: http_proxy, timeline, disableCache, hostname });
+          }
+        } catch (error) {
+          throw new Error(`Invalid system http_proxy "${http_proxy}": ${error.message}`);
+        }
+        try {
+          if (https_proxy?.length && isHttpsRequest) {
+            new URL(https_proxy);
+            if (timeline) {
+              timeline.push({
+                timestamp: new Date(),
+                type: 'info',
+                message: `Using system proxy: ${https_proxy}`
+              });
+            }
+            requestConfig.httpsAgent = getOrCreateHttpsAgent({ AgentClass: PatchedHttpsProxyAgent, options: tlsOptions, proxyUri: https_proxy, timeline, disableCache, hostname });
           }
-          requestConfig.httpsAgent = getOrCreateHttpsAgent({ AgentClass: PatchedHttpsProxyAgent, options: tlsOptions, proxyUri: https_proxy, timeline, disableCache, hostname });
+        } catch (error) {
+          throw new Error(`Invalid system https_proxy "${https_proxy}": ${error.message}`);
         }
-      } catch (error) {
-        throw new Error(`Invalid system https_proxy "${https_proxy}": ${error.message}`);
       }
     }
   } else if (proxyMode === 'pac') {
     const pacSource = get(proxyConfig, 'pac.source');
     if (pacSource) {
       if (timeline) timeline.push({ timestamp: new Date(), type: 'info', message: `Resolving PAC: ${pacSource}` });
       try {
-        const resolver = await getPacResolver({ pacSource, httpsAgentRequestFields });
-        const directives = await resolver.resolve(requestConfig.url);
-        if (directives && directives.length) {
-          const first = directives[0];
+        const directives = await resolveAgentsFromPac({ pacSource, requestUrl: requestConfig.url, requestConfig, tlsOptions, httpsAgentRequestFields, timeline, disableCache, hostname });
+        if (directives) {
           if (timeline) timeline.push({ timestamp: new Date(), type: 'info', message: `PAC directives: ${directives.join('; ')}` });
-          if (/^(PROXY|HTTPS?)\s+/i.test(first)) {
-            const parts = first.split(/\s+/);
-            const keyword = parts[0].toUpperCase();
-            const hostPort = parts[1];
-            const scheme = keyword === 'HTTPS' ? 'https' : 'http';
-            const proxyUri = `${scheme}://${hostPort}`;
-            requestConfig.httpAgent = getOrCreateHttpAgent({ AgentClass: HttpProxyAgent, options: { keepAlive: true }, proxyUri, timeline, disableCache, hostname });
-            requestConfig.httpsAgent = getOrCreateHttpsAgent({ AgentClass: PatchedHttpsProxyAgent, options: tlsOptions, proxyUri, timeline, disableCache, hostname });
-          } else if (/^SOCKS/i.test(first)) {
-            const hostPort = first.split(/\s+/)[1];
-            const proto = /^SOCKS4\s/i.test(first) ? 'socks4' : 'socks5';
-            const proxyUri = `${proto}://${hostPort}`;
-            requestConfig.httpAgent = getOrCreateHttpAgent({ AgentClass: SocksProxyAgent, options: { keepAlive: true }, proxyUri, timeline, disableCache, hostname });
-            requestConfig.httpsAgent = getOrCreateHttpsAgent({ AgentClass: SocksProxyAgent, options: tlsOptions, proxyUri, timeline, disableCache, hostname });
-          }
         } else {
           if (timeline) timeline.push({ timestamp: new Date(), type: 'info', message: 'PAC resolved: DIRECT (no proxy)' });
         }

@@ -181,6 +181,7 @@ describe('SystemProxyResolver Integration', () => {
         http_proxy: 'http://env-proxy.usebruno.com:9090',
         https_proxy: 'https://system-proxy.usebruno.com:8443',
         no_proxy: 'localhost',
+        pac_url: null,
         source: 'windows-system + environment'
       });
     });
@@ -209,6 +210,7 @@ describe('SystemProxyResolver Integration', () => {
         http_proxy: 'http://system-proxy.usebruno.com:8080',
         https_proxy: 'https://system-proxy.usebruno.com:8443',
         no_proxy: 'localhost',
+        pac_url: null,
         source: 'macos-system'
       });
     });
@@ -263,6 +265,7 @@ describe('SystemProxyResolver Integration', () => {
         http_proxy: null,
         https_proxy: null,
         no_proxy: null,
+        pac_url: null,
         source: 'macos-system'
       });
     });

@@ -95,6 +95,7 @@ export async function getSystemProxy(): Promise<ProxyConfiguration> {
       http_proxy: proxyEnvironmentVariables?.http_proxy || systemProxyEnvironmentVariables?.http_proxy,
       https_proxy: proxyEnvironmentVariables?.https_proxy || systemProxyEnvironmentVariables?.https_proxy,
       no_proxy: proxyEnvironmentVariables?.no_proxy || systemProxyEnvironmentVariables?.no_proxy,
+      pac_url: systemProxyEnvironmentVariables?.pac_url || null,
       source: hasEnvironmentProxy ? `${systemProxyEnvironmentVariables?.source} + environment` : systemProxyEnvironmentVariables?.source
     };
   } catch (error) {

@@ -2,6 +2,7 @@ export interface ProxyConfiguration {
   http_proxy?: string | null;
   https_proxy?: string | null;
   no_proxy?: string | null;
+  pac_url?: string | null;
   source: string;
 };
 

@@ -49,6 +49,23 @@ export class LinuxProxyResolver implements ProxyResolver {
   private async getGSettingsProxy(execOpts: ExecFileOptions): Promise<ProxyConfiguration | null> {
     try {
       const mode = await safeExec('gsettings', ['get', 'org.gnome.system.proxy', 'mode'], execOpts);
+
+      // Handle PAC (auto) mode
+      if (mode === '\'auto\'') {
+        const autoConfigUrl = await safeExec('gsettings', ['get', 'org.gnome.system.proxy', 'autoconfig-url'], execOpts);
+        const cleanUrl = (autoConfigUrl || '').replace(/'/g, '').trim();
+        if (cleanUrl) {
+          return {
+            http_proxy: null,
+            https_proxy: null,
+            no_proxy: null,
+            pac_url: cleanUrl,
+            source: 'linux-system'
+          };
+        }
+        return null;
+      }
+
       if (mode !== '\'manual\'') {
         return null;
       }
@@ -93,8 +110,22 @@ export class LinuxProxyResolver implements ProxyResolver {
       // 3 = Automatic proxy detection
       // 4 = Use system proxy configuration (environment variables)
 
+      if (proxyType === '2') {
+        const pacUrl = await safeExec('kreadconfig5', ['--group', 'Proxy Settings', '--key', 'Proxy Config Script'], execOpts);
+        const cleanPacUrl = (pacUrl || '').trim();
+        if (cleanPacUrl) {
+          return {
+            http_proxy: null,
+            https_proxy: null,
+            no_proxy: null,
+            pac_url: cleanPacUrl,
+            source: 'linux-system'
+          };
+        }
+        return null;
+      }
+
       if (proxyType !== '1') {
-        // Only handle manual proxy configuration for now
         return null;
       }
 

@@ -45,6 +45,7 @@ describe('MacOSProxyResolver', () => {
         http_proxy: 'http://proxy.usebruno.com:8080',
         https_proxy: 'http://secure-proxy.usebruno.com:8443',
         no_proxy: 'localhost,127.0.0.1,<local>',
+        pac_url: null,
         source: 'macos-system'
       });
     });
@@ -65,6 +66,7 @@ describe('MacOSProxyResolver', () => {
         http_proxy: null,
         https_proxy: null,
         no_proxy: null,
+        pac_url: null,
         source: 'macos-system'
       });
     });
@@ -102,6 +104,7 @@ describe('MacOSProxyResolver', () => {
         http_proxy: 'http://proxy.usebruno.com:8080',
         https_proxy: null,
         no_proxy: null,
+        pac_url: null,
         source: 'macos-system'
       });
     });
@@ -123,6 +126,7 @@ describe('MacOSProxyResolver', () => {
         http_proxy: null,
         https_proxy: 'http://secure-proxy.usebruno.com:8443',
         no_proxy: null,
+        pac_url: null,
         source: 'macos-system'
       });
     });
@@ -148,6 +152,7 @@ describe('MacOSProxyResolver', () => {
         http_proxy: 'http://proxy.usebruno.com:8080',
         https_proxy: 'http://proxy.usebruno.com:8080',
         no_proxy: null,
+        pac_url: null,
         source: 'macos-system'
       });
     });
@@ -171,6 +176,7 @@ describe('MacOSProxyResolver', () => {
         http_proxy: 'http://proxy.usebruno.com:8080',
         https_proxy: 'http://proxy.usebruno.com:8080',
         no_proxy: '<local>',
+        pac_url: null,
         source: 'macos-system'
       });
     });
@@ -200,6 +206,7 @@ describe('MacOSProxyResolver', () => {
         http_proxy: 'http://proxy.usebruno.com:8080',
         https_proxy: 'http://proxy.usebruno.com:8080',
         no_proxy: 'localhost,127.0.0.1,*.local,192.168.1.0/24,<local>',
+        pac_url: null,
         source: 'macos-system'
       });
     });
@@ -222,6 +229,7 @@ describe('MacOSProxyResolver', () => {
         http_proxy: 'http://proxy.usebruno.com:8080',
         https_proxy: null,
         no_proxy: null,
+        pac_url: null,
         source: 'macos-system'
       });
     });

@@ -82,6 +82,12 @@ export class MacOSProxyResolver implements ProxyResolver {
     let http_proxy: string | null = null;
     let https_proxy: string | null = null;
     let no_proxy: string | null = null;
+    let pac_url: string | null = null;
+
+    // Check PAC (Proxy Auto-Configuration)
+    if (config.ProxyAutoConfigEnable === 1 && config.ProxyAutoConfigURLString) {
+      pac_url = config.ProxyAutoConfigURLString;
+    }
 
     // Check HTTP proxy
     if (config.HTTPEnable === 1 && config.HTTPProxy) {
@@ -109,6 +115,7 @@ export class MacOSProxyResolver implements ProxyResolver {
       http_proxy,
       https_proxy,
       no_proxy: normalizeNoProxy(no_proxy),
+      pac_url,
       source: 'macos-system'
     };
   }

@@ -46,6 +46,7 @@ export class WindowsProxyResolver implements ProxyResolver {
     let proxyEnabled = false;
     let proxyServer: string | null = null;
     let proxyOverride: string | null = null;
+    let autoConfigURL: string | null = null;
 
     for (const line of lines) {
       const trimmedLine = line.trim();
@@ -68,6 +69,19 @@ export class WindowsProxyResolver implements ProxyResolver {
         const match = trimmedLine.match(/ProxyOverride\s+REG_SZ\s+(.+)/);
         if (match) proxyOverride = match[1].trim();
       }
+
+      if (trimmedLine.includes('AutoConfigURL') && trimmedLine.includes('REG_SZ')) {
+        const match = trimmedLine.match(/AutoConfigURL\s+REG_SZ\s+(.+)/);
+        if (match) autoConfigURL = match[1].trim();
+      }
+    }
+
+    // PAC URL takes precedence — return it even without a manual proxy
+    if (autoConfigURL) {
+      const config = proxyEnabled && proxyServer
+        ? this.parseProxyString(proxyServer, proxyOverride)
+        : { http_proxy: null, https_proxy: null, no_proxy: null, source: 'windows-system' };
+      return { ...config, pac_url: autoConfigURL };
     }
 
     if (proxyEnabled && proxyServer) {