feat(http): centralize HTTP client with proxy and custom-CA support

[fengmk2]

Summary

Track B of voidzero-dev/setup-vp#73 — makes vp's HTTP client compatible with Socket Firewall Free (sfw) and other TLS-intercepting proxies.

Today vp uses bare reqwest::get(url) calls with no shared Client, no proxy honored, no CA injection. As a result, setup-vp's new sfw input had to fall back to plain vp install with a warning on macOS/Windows.

This PR:

• Adds vite_shared::shared_http_client() — a process-wide reqwest::Client built once via OnceLock.
  • Honors HTTPS_PROXY / HTTP_PROXY / NO_PROXY (built-in to reqwest 0.13 — no Cargo-feature change needed).
  • Loads PEM bundles from SSL_CERT_FILE and NODE_EXTRA_CA_CERTS via Certificate::from_pem_bundle + add_root_certificate. Parse / read failures log a tracing::warn! and fall through.
  • VP_INSECURE_TLS (any value) flips danger_accept_invalid_certs(true) and emits a loud stderr warning at startup. Diagnostic only — never recommended for production.
• Replaces every direct reqwest::get / reqwest::Client::new in vite_install (1 site) and vite_js_runtime (3 sites) with the shared client.
• New CI job install-e2e-test-sfw (Ubuntu / macOS / Windows) downloads the upstream sfw binary, then runs sfw vp i -g pnpm@9.15.0 and sfw vp install against vitejs/vite. Gated on test: sfw label for PRs, unconditional on push-to-main. Carries VP_INSECURE_TLS=1 until sfw upstream ships the EKU fix (SocketDev/sfw-free#30, #43); removing that flag in a follow-up converts it into a full CA-injection test.

Explicitly out of scope: switching macOS/Linux from the baked Mozilla bundle to rustls-native-certs (Track B step 5 in the upstream issue — separate PR).

Test plan

• cargo check --all-targets clean
• cargo clippy --all-targets -- -D warnings clean
• cargo fmt --check clean
• cargo test -p vite_shared -p vite_install -p vite_js_runtime — all 647 tests pass (no behavior change for plain HTTPS)
• Add test: sfw label on this PR to exercise the new CI job across all three OSes
• Manual smoke test with mitmproxy:

  HTTPS_PROXY=http://127.0.0.1:8080 \
  SSL_CERT_FILE=~/.mitmproxy/mitmproxy-ca-cert.pem \
  vp i -g pnpm@9.15.0

• Manual smoke test of the insecure escape hatch (expect loud warn: line):

  VP_INSECURE_TLS=1 vp i -g pnpm@9.15.0

Follow-ups

• Once SocketDev/sfw-free#30 / #43 ship, drop VP_INSECURE_TLS=1 from the new CI job to validate the CA-injection path end-to-end.
• Separate phase-2 PR: switch to rustls-native-certs on macOS/Linux so OS-installed CAs work without any env var.

Refs voidzero-dev/setup-vp#73

[netlify]

✅ Deploy Preview for viteplus-preview canceled.

Name	Link
🔨 Latest commit	533a865
🔍 Latest deploy log	https://app.netlify.com/projects/viteplus-preview/deploys/6a15a4b959ff810008f47570

[pkg-pr-new]

Open in StackBlitz

vite-plus

npm i https://pkg.pr.new/voidzero-dev/vite-plus@1686

@voidzero-dev/vite-plus-core

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-core@1686

@voidzero-dev/vite-plus-prompts

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-prompts@1686

@voidzero-dev/vite-plus-test

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-test@1686

@voidzero-dev/vite-plus-cli-darwin-arm64

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-cli-darwin-arm64@1686

@voidzero-dev/vite-plus-cli-darwin-x64

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-cli-darwin-x64@1686

@voidzero-dev/vite-plus-cli-linux-arm64-gnu

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-cli-linux-arm64-gnu@1686

@voidzero-dev/vite-plus-cli-linux-arm64-musl

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-cli-linux-arm64-musl@1686

@voidzero-dev/vite-plus-cli-linux-x64-gnu

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-cli-linux-x64-gnu@1686

@voidzero-dev/vite-plus-cli-linux-x64-musl

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-cli-linux-x64-musl@1686

@voidzero-dev/vite-plus-cli-win32-arm64-msvc

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-cli-win32-arm64-msvc@1686

@voidzero-dev/vite-plus-cli-win32-x64-msvc

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-cli-win32-x64-msvc@1686

@voidzero-dev/vite-plus-darwin-arm64

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-darwin-arm64@1686

@voidzero-dev/vite-plus-darwin-x64

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-darwin-x64@1686

@voidzero-dev/vite-plus-linux-arm64-gnu

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-linux-arm64-gnu@1686

@voidzero-dev/vite-plus-linux-arm64-musl

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-linux-arm64-musl@1686

@voidzero-dev/vite-plus-linux-x64-gnu

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-linux-x64-gnu@1686

@voidzero-dev/vite-plus-linux-x64-musl

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-linux-x64-musl@1686

@voidzero-dev/vite-plus-win32-arm64-msvc

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-win32-arm64-msvc@1686

@voidzero-dev/vite-plus-win32-x64-msvc

npm i https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-win32-x64-msvc@1686

commit: 533a865