Proxyline Documentation

Process-global proxy routing for Node.js. Proxyline patches the network surfaces a Node process can reach without owning a private transport stack, so a single policy applies to node:http, node:https, undici/fetch, WebSocket clients that accept agents, and explicit HTTP CONNECT helpers.

#Contents

• Getting Started — install, first proxy, shutdown.
• Modes — managed vs ambient safety postures.
• Surfaces — which network APIs Proxyline covers and how.
• API Reference — every exported type, function, and field.
• Environment Variables — how HTTP_PROXY, HTTPS_PROXY, ALL_PROXY, and NO_PROXY are interpreted.
• Proxy TLS — scoping CA trust to the proxy endpoint.
• Observability — events, explain(), credential redaction.
• Security — threat model, limits, what Proxyline does not do.
• Troubleshooting — common failure modes and fixes.
• Testing — the in-process proxy lab.

#Product coverage

• http.request / http.get: covered by global method patching and global agent replacement.
• https.request / https.get: covered by global method patching and global agent replacement.
• globalThis.fetch: covered by the fetch patch, including explicit dispatcher options and later Undici global dispatcher replacement in managed mode.
• Undici global dispatcher: installed for Undici APIs that read the current process dispatcher.
• WebSocket clients accepting a Node agent: covered with proxy.createWebSocketAgent().
• WebSocket clients without an agent option: partially covered when the upgrade path reuses patched http.request.
• Explicit HTTP CONNECT sockets: covered with openProxyConnectTunnel().
• Caller-built http.Agent / https.Agent: overridden per request in managed and active ambient mode.
• Raw net.connect / tls.connect: out of scope; see Security.
• Native or third-party transport stacks: out of scope; see Security.