From 85e6b12ab908cea17abd2456bccf08b4cebcf52e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Chindri=C8=99=20Mihai=20-=20Alexandru?= Date: Mon, 25 May 2026 05:47:13 +0300 Subject: [PATCH] feat(desktop): pass through ADAL_APP_URL to sidecar for token compression When ADAL_APP_URL is set in the user's environment, the Desktop app now passes it through to the sidecar process. This allows transparent token compression proxies to intercept LLM requests. Security: Only localhost/loopback URLs are accepted (http://localhost, http://127.0.0.1, http://[::1]). Non-local URLs are rejected with a warning log. Uses var_os for robustness with non-UTF8 edge cases. No behavioral change when ADAL_APP_URL is unset. Co-Authored-By: AdaL --- packages/desktop/src-tauri/src/cli.rs | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/packages/desktop/src-tauri/src/cli.rs b/packages/desktop/src-tauri/src/cli.rs index 97fdba144f4c..c5e3f716fc62 100644 --- a/packages/desktop/src-tauri/src/cli.rs +++ b/packages/desktop/src-tauri/src/cli.rs @@ -388,6 +388,28 @@ pub fn spawn_command( state_dir.to_string_lossy().to_string(), ), ]; + + // Pass through token compression proxy URL to the sidecar process. + // When ADAL_APP_URL is set, the sidecar routes LLM requests through + // the specified proxy for transparent compression or middleware. + // Only localhost/loopback URLs are accepted to prevent unintended + // traffic routing to external endpoints. + if let Some(app_url) = std::env::var_os("ADAL_APP_URL") { + if let Some(url_str) = app_url.to_str() { + if url_str.starts_with("http://localhost") + || url_str.starts_with("http://127.0.0.1") + || url_str.starts_with("http://[::1]") + { + envs.push(("ADAL_APP_URL".to_string(), url_str.to_string())); + } else { + tracing::warn!( + url = %url_str, + "Ignoring ADAL_APP_URL: only localhost URLs are permitted" + ); + } + } + } + envs.extend( extra_env .iter()