feat(desktop): add per-provider TLS verification bypass (#355)

## Summary

- Adds an opt-in `tlsRejectUnauthorized` boolean on `ProviderEntry` so
users can connect to internal LLM gateways whose self-signed /
private-CA certificates Node 22's built-in fetch (undici) rejects —
`NODE_TLS_REJECT_UNAUTHORIZED` is intentionally ignored by undici, so a
runtime dispatcher swap is the only working bypass.
- Implements a ref-counted `withTlsBypass(enabled, fn)` helper in
`apps/desktop/src/main/tls-override.ts` that swaps the global undici
dispatcher for one with `rejectUnauthorized: false` around the wrapped
call, and restores the original in `finally`.
- Wires the bypass through every outbound HTTPS path: connection-test
(`test-active` / `test-provider` / `config:v1:test-endpoint`), models
discovery (`models:v1:list-for-provider`), and generation
(`codesign:v1:generate` + `codesign:v1:generate-title`).
- Surfaces the toggle in `AddCustomProviderModal` for non-built-in
providers only, gated behind a confirm prompt on first enable, and
renders a yellow "TLS verify off" badge on the affected provider row in
Settings.
- Built-in providers (anthropic, openai, openrouter, ollama)
force-ignore the flag at every call site so a tampered config cannot
weaken trusted endpoints.

Closes #229.

## Hard-constraints check (PRINCIPLES §5b)

- ✅ Compatibility — optional field, no schema version bump, existing
configs parse unchanged
- ✅ Upgradeability — flag is namespaced and per-entry; safe to extend
(e.g. per-CA pinning later)
- ✅ No bloat — `undici` was already a transitive dep via pi-ai; now
promoted to a direct dep so resolution is explicit. Helper is ~90 lines;
UI delta is a single checkbox + badge
- ✅ Elegance — single high-order wrapper, exception-safe via
`try/finally`, ref-count handles nested / concurrent acquires

## Design notes

Full design spec lives at
`docs/superpowers/specs/2026-05-23-tls-bypass-design.md` (gitignored per
project convention, local-only). The known concurrency window (parallel
non-bypass requests during a bypass interval inherit the loose
dispatcher) is documented in `tls-override.ts` and accepted as a
trade-off — eliminating it would require monkey-patching
`globalThis.fetch`, which touches every outbound call in the main
process and was deemed disproportionate. See spec §9 for rationale.

## Test plan

- [x] `pnpm typecheck` — clean across all 10 workspaces
- [x] `pnpm test` — 1354/1354 desktop, 228/228 shared, 208/208
providers, etc.
- [x] `pnpm lint` — only existing-on-main biome version-mismatch info;
no errors
- [x] New `apps/desktop/src/main/tls-override.test.ts` — 6 tests
covering: enabled=false noop, single acquire/release, nested acquire
(ref-count), throw-in-fn release, log emission, parallel acquire
- [x] Extended `apps/desktop/src/main/connection-ipc.test.ts` — 7 new
TLS bypass routing tests (built-in force-disable, non-built-in enable,
undefined/false → disable, payload flag enable, non-boolean reject)
- [x] Extended `packages/shared/src/config.test.ts` — schema
accepts/rejects/round-trips the new field
- [ ] Manual verification with an actual self-signed gateway is
recommended before merge (cannot be done in CI without spinning up a
fake CA)

## Known out-of-scope items

- `codesign:apply-comment` IPC also calls `runGenerate` against the
active provider; left unwrapped to stay in scope per spec. Recommend a
tiny follow-up to apply the same wrapper there for inline-comment edits
against bypass-enabled providers.

Author: hqhq1025

.changeset/feat-tls-verify-toggle.md

@@ -0,0 +1,6 @@
+---
+"@open-codesign/desktop": minor
+"@open-codesign/shared": minor
+---
+
+feat(desktop): add per-provider "Disable TLS verification" toggle for custom and imported providers. Unblocks connections to corporate gateways with self-signed or private-CA certificates that Node 22's built-in fetch cannot otherwise accept. Built-in providers (Anthropic, OpenAI, OpenRouter, Ollama) remain unaffected. (#229)

apps/desktop/package.json

@@ -22,7 +22,8 @@
   "dependencies": {
     "jszip": "^3.10.1",
     "ms": "2.1.3",
-    "puppeteer-core": "^24.42.0"
+    "puppeteer-core": "^24.42.0",
+    "undici": "^7.25.0"
   },
   "devDependencies": {
     "@mariozechner/pi-agent-core": "^0.72.1",

apps/desktop/src/main/connection-ipc.test.ts

@@ -5,6 +5,14 @@ vi.mock('./electron-runtime', () => ({
   ipcMain: { handle: vi.fn() },
 }));
 
+// Mock the TLS-bypass wrapper so tests can assert the enabled flag passed to
+// it without actually swapping the global undici dispatcher mid-test. The
+// pass-through impl preserves the existing fetch path so all other suites in
+// this file (which rely on installFakeFetch) keep working unchanged.
+vi.mock('./tls-override', () => ({
+  withTlsBypass: vi.fn(async (_enabled: boolean, fn: () => Promise<unknown>) => fn()),
+}));
+
 import { createHash } from 'node:crypto';
 import {
   _clearModelsCache,
@@ -23,6 +31,7 @@ import {
   normalizeOllamaBaseUrl,
   runProviderTest,
 } from './connection-ipc';
+import { withTlsBypass } from './tls-override';
 
 // ---------------------------------------------------------------------------
 // Thin test-only handler that exercises the same fetch/parse/cache path
@@ -1386,3 +1395,156 @@ describe('config:v1:test-endpoint response parsing', () => {
     }
   });
 });
+
+// ---------------------------------------------------------------------------
+// TLS bypass plumbing — every outbound HTTP entrypoint must (a) consult
+// withTlsBypass exactly once and (b) gate the `enabled` arg by the
+// `builtin !== true && tlsRejectUnauthorized === true` rule so a tampered
+// config can never weaken TLS for built-in providers.
+// ---------------------------------------------------------------------------
+
+describe('TLS bypass routing', () => {
+  beforeEach(() => {
+    vi.useRealTimers();
+    vi.mocked(withTlsBypass).mockClear();
+  });
+
+  function lastBypassEnabled(): boolean | undefined {
+    const calls = vi.mocked(withTlsBypass).mock.calls;
+    const last = calls.at(-1);
+    return last?.[0];
+  }
+
+  it('runProviderTest: built-in provider with tlsRejectUnauthorized=true is forced to enabled=false', async () => {
+    const { restore } = installFakeFetch(() => ({ status: 200, body: { data: [] } }));
+    try {
+      const res = await runProviderTest({
+        provider: 'anthropic',
+        wire: 'anthropic',
+        apiKey: 'sk-ant-test',
+        baseUrl: 'https://api.anthropic.com',
+        builtin: true,
+        tlsRejectUnauthorized: true,
+      });
+      expect(res.ok).toBe(true);
+      expect(vi.mocked(withTlsBypass)).toHaveBeenCalledTimes(1);
+      expect(lastBypassEnabled()).toBe(false);
+    } finally {
+      restore();
+    }
+  });
+
+  it('runProviderTest: non-built-in provider with tlsRejectUnauthorized=true → enabled=true', async () => {
+    const { restore } = installFakeFetch(() => ({ status: 200, body: { data: [] } }));
+    try {
+      const res = await runProviderTest({
+        provider: 'internal-gateway',
+        wire: 'openai-chat',
+        apiKey: 'sk-test',
+        baseUrl: 'https://internal.example.corp/v1',
+        builtin: false,
+        tlsRejectUnauthorized: true,
+      });
+      expect(res.ok).toBe(true);
+      expect(vi.mocked(withTlsBypass)).toHaveBeenCalledTimes(1);
+      expect(lastBypassEnabled()).toBe(true);
+    } finally {
+      restore();
+    }
+  });
+
+  it('runProviderTest: non-built-in with tlsRejectUnauthorized=false → enabled=false', async () => {
+    const { restore } = installFakeFetch(() => ({ status: 200, body: { data: [] } }));
+    try {
+      const res = await runProviderTest({
+        provider: 'internal-gateway',
+        wire: 'openai-chat',
+        apiKey: 'sk-test',
+        baseUrl: 'https://internal.example.corp/v1',
+        builtin: false,
+        tlsRejectUnauthorized: false,
+      });
+      expect(res.ok).toBe(true);
+      expect(lastBypassEnabled()).toBe(false);
+    } finally {
+      restore();
+    }
+  });
+
+  it('runProviderTest: non-built-in with tlsRejectUnauthorized=undefined → enabled=false', async () => {
+    const { restore } = installFakeFetch(() => ({ status: 200, body: { data: [] } }));
+    try {
+      const res = await runProviderTest({
+        provider: 'internal-gateway',
+        wire: 'openai-chat',
+        apiKey: 'sk-test',
+        baseUrl: 'https://internal.example.corp/v1',
+        builtin: false,
+      });
+      expect(res.ok).toBe(true);
+      expect(lastBypassEnabled()).toBe(false);
+    } finally {
+      restore();
+    }
+  });
+
+  it('handleConfigV1TestEndpoint: payload with tlsRejectUnauthorized=true → enabled=true', async () => {
+    const { restore } = installFakeFetch(() => ({
+      status: 200,
+      body: { data: [{ id: 'gpt-x' }] },
+    }));
+    try {
+      const res = await handleConfigV1TestEndpoint({
+        wire: 'openai-chat',
+        baseUrl: 'https://internal.example.corp/v1',
+        apiKey: 'sk-test',
+        tlsRejectUnauthorized: true,
+      });
+      expect(res).toEqual({ ok: true, modelCount: 1, models: ['gpt-x'] });
+      expect(vi.mocked(withTlsBypass)).toHaveBeenCalledTimes(1);
+      expect(lastBypassEnabled()).toBe(true);
+    } finally {
+      restore();
+    }
+  });
+
+  it('handleConfigV1TestEndpoint: missing tlsRejectUnauthorized → enabled=false', async () => {
+    const { restore } = installFakeFetch(() => ({
+      status: 200,
+      body: { data: [{ id: 'gpt-x' }] },
+    }));
+    try {
+      await handleConfigV1TestEndpoint({
+        wire: 'openai-chat',
+        baseUrl: 'https://internal.example.corp/v1',
+        apiKey: 'sk-test',
+      });
+      expect(lastBypassEnabled()).toBe(false);
+    } finally {
+      restore();
+    }
+  });
+
+  it('handleConfigV1TestEndpoint: rejects non-boolean tlsRejectUnauthorized before fetch', async () => {
+    const { restore } = installFakeFetch(() => {
+      throw new Error('fetch should not be called');
+    });
+    try {
+      await expect(
+        handleConfigV1TestEndpoint({
+          wire: 'openai-chat',
+          baseUrl: 'https://provider.example/v1',
+          apiKey: 'sk-test',
+          tlsRejectUnauthorized: 'yes',
+        }),
+      ).resolves.toEqual({
+        ok: false,
+        error: 'bad-input',
+        message: 'tlsRejectUnauthorized must be a boolean',
+      });
+      expect(vi.mocked(withTlsBypass)).not.toHaveBeenCalled();
+    } finally {
+      restore();
+    }
+  });
+});