Skip to content

Harden macOS system-proxy service resolution to prevent apiInvoke toggle failures#617

Draft
Copilot wants to merge 3 commits intomasterfrom
copilot/fix-system-proxy-error-macos
Draft

Harden macOS system-proxy service resolution to prevent apiInvoke toggle failures#617
Copilot wants to merge 3 commits intomasterfrom
copilot/fix-system-proxy-error-macos

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 25, 2026
edited
Loading

On macOS, toggling 系统代理 could throw a generic Api invoke error and leave system proxy unchanged. Root cause was fragile network-service detection logic that failed on some networksetup/route output shapes.

  • What changed

    • Replaced brittle one-liner shell parsing with explicit, staged resolution in set-system-proxy:
      1. Parse default route interface from route -n get 0.0.0.0
      2. Map interface → service via networksetup -listnetworkserviceorder
      3. Fallback to networksetup -listallnetworkservices with preference order (Wi-Fi / WiFi / Ethernet)
    • Added a clear failure path when no usable macOS network service can be resolved, instead of silently mis-targeting proxy commands.

  • Code structure improvements

    • Introduced focused helper functions for parsing:
      • parseMacRouteDevice(...)
      • parseMacNetworkServiceByDevice(...)
      • pickMacNetworkService(...)
    • Exported helpers from the module to enable targeted unit coverage without changing external API usage.

  • Focused coverage added

    • New tests validate:
      • interface extraction from route output
      • service lookup from network-service-order output
      • fallback behavior when preferred services are absent
      • handling of disabled (*) services and empty/null inputs
async function getMacNetworkService(exec) {
  const routeOutput = await exec('route -n get 0.0.0.0')
  const device = parseMacRouteDevice(routeOutput)
  if (device) {
    const order = await exec('networksetup -listnetworkserviceorder')
    const service = parseMacNetworkServiceByDevice(order, device)
    if (service) return service
  }
  const all = await exec('networksetup -listallnetworkservices | tail -n +2')
  const fallback = pickMacNetworkService(all)
  if (fallback) return fallback
  throw new Error('未找到可用的 macOS 网络服务,无法设置系统代理')
}

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • 0ms.dev
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • 1.1.1.1
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (packet block)
    • Triggering command: REDACTED, pid is -1 (packet block)
  • 185.222.222.222
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (packet block)
  • 1dot1dot1dot1.cloudflare-dns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • 223.5.5.5
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (packet block)
    • Triggering command: REDACTED, pid is -1 (packet block)
  • 223.6.6.6
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (packet block)
  • 45.11.45.11
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (packet block)
  • 8.8.8.8
    • Triggering command: REDACTED, pid is -1 (packet block)
  • 9.9.9.9
    • Triggering command: REDACTED, pid is -1 (packet block)
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (packet block)
  • adult-filter-dns.cleanbrowsing.org
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • aip.baidubce.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • antivirus.bebasid.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • cloudflare-dns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns-family.adguard.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns-unfiltered.adguard.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.adguard-dns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.adguard.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.alidns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.bebasid.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.cfiec.net
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.cloudflare.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.de.futuredns.eu.org
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.decloudus.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.dnswarden.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.google
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.opendns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.oszx.co
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.quad9.net
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.switch.ch
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dns.us.futuredns.eu.org
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dnsovertls.sinodun.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dnsovertls1.sinodun.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • doh.360.cn
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • doh.applied-privacy.net
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • doh.ffmuc.net
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • doh.la.ahadns.net
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • doh.libredns.gr
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • doh.nl.ahadns.net
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • doh.opendns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • doh.tiarap.org
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dot.360.cn
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • dot.sb
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • family-adblock.bebasid.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • family-filter-dns.cleanbrowsing.org
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • family.adguard-dns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • family.cloudflare-dns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • familyshield.opendns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • getdnsapi.net
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • hagezi.dns.bebasid.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • https://baidu.com/docmirror/dev-sidecar/refs/heads/master/packages/core/src/config/remote_config.json5
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/packages/core/node_modules/.bin/../mocha/bin/mocha (http block)
  • i.233py.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • internetsehat.bebasid.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • jp.tiarap.org
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • kaitain.restena.lu
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • max.rethinkdns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • oisd.dns.bebasid.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • one.one.one.one
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • p0.freedns.controld.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • p1.freedns.controld.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • p2.freedns.controld.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • p3.freedns.controld.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • private.canadianshield.cira.ca
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • rubyfish.cn
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • sandbox.opendns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • security-filter-dns.cleanbrowsing.org
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • security.cloudflare-dns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • sky.rethinkdns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • unfiltered.adguard-dns.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • unfiltered.dns.bebasid.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • unicast.censurfridns.dk
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • wikimedia-dns.org
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.bin/../mocha/bin/mocha (dns block)
  • www.electronjs.org
    • Triggering command: /usr/local/bin/node /usr/local/bin/node /home/REDACTED/work/dev-sidecar/dev-sidecar/node_modules/.pnpm/@electron+rebuild@3.6.1/node_modules/@electron/rebuild/lib/module-type/node-gyp/worker.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue Apr 25, 2026 that may be closed by this pull request
macOS 下无法打开系统代理 #616
Open
1 task
Copilot AI changed the title [WIP] Fix system proxy opening issue on macOS Harden macOS system-proxy service resolution to prevent apiInvoke toggle failures Apr 25, 2026
Copilot AI requested a review from cute-omega April 25, 2026 17:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cute-omega cute-omega Awaiting requested review from cute-omega

Assignees

@cute-omega cute-omega

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

macOS 下无法打开系统代理

2 participants

@cute-omega