fix(core): make proxy debug locality configurable

Keep LAN proxy diagnostics available by default while allowing users to opt into loopback-only debug endpoints with proxy.debug_local_only.

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: joo

core/internal/buildinfo/buildinfo.go

@@ -4,7 +4,7 @@ import "strings"
 
 // Set at link time via -ldflags (see .goreleaser.yaml).
 var (
-	Version = "dev0.1.45"
+	Version = "dev0.1.46"
 	Commit  = "none"
 	Date    = "unknown"
 )

core/internal/desktop/profiles.go

@@ -10,6 +10,10 @@ import (
 	"github.com/clovapi/switcher/internal/profile"
 )
 
+func boolPtr(v bool) *bool {
+	return &v
+}
+
 type UIModel struct {
 	ID       string `json:"id"`
 	Label    string `json:"label"`
@@ -33,9 +37,10 @@ type UIVendor struct {
 }
 
 type UIProxyConfig struct {
-	Enabled bool   `json:"enabled"`
-	Host    string `json:"host"`
-	Port    int    `json:"port"`
+	Enabled        bool   `json:"enabled"`
+	Host           string `json:"host"`
+	Port           int    `json:"port"`
+	DebugLocalOnly *bool  `json:"debugLocalOnly,omitempty"`
 }
 
 type LoadResult struct {
@@ -145,9 +150,10 @@ func storeToUI(s *profile.Store) LoadResult {
 		Version: s.Version,
 		Active:  active,
 		Proxy: UIProxyConfig{
-			Enabled: s.Proxy.Enabled,
-			Host:    s.Proxy.Host,
-			Port:    s.Proxy.Port,
+			Enabled:        s.Proxy.Enabled,
+			Host:           s.Proxy.Host,
+			Port:           s.Proxy.Port,
+			DebugLocalOnly: boolPtr(s.Proxy.DebugLocalOnly),
 		},
 		Profiles: profiles,
 	}
@@ -197,9 +203,13 @@ func SaveProfiles(input SaveInput) SaveResult {
 		}
 		if input.Proxy != nil {
 			current.Proxy = profile.ProxyConfig{
-				Enabled: input.Proxy.Enabled,
-				Host:    strings.TrimSpace(input.Proxy.Host),
-				Port:    input.Proxy.Port,
+				Enabled:        input.Proxy.Enabled,
+				Host:           strings.TrimSpace(input.Proxy.Host),
+				Port:           input.Proxy.Port,
+				DebugLocalOnly: current.Proxy.DebugLocalOnly,
+			}
+			if input.Proxy.DebugLocalOnly != nil {
+				current.Proxy.DebugLocalOnly = *input.Proxy.DebugLocalOnly
 			}
 		}
 		return true, nil
@@ -229,9 +239,10 @@ func proxyConfigFromStore(s *profile.Store) UIProxyConfig {
 		return UIProxyConfig{}
 	}
 	return UIProxyConfig{
-		Enabled: s.Proxy.Enabled,
-		Host:    s.Proxy.Host,
-		Port:    s.Proxy.Port,
+		Enabled:        s.Proxy.Enabled,
+		Host:           s.Proxy.Host,
+		Port:           s.Proxy.Port,
+		DebugLocalOnly: boolPtr(s.Proxy.DebugLocalOnly),
 	}
 }
 
@@ -248,9 +259,13 @@ func LoadProxyConfig() ProxyConfigResult {
 func SaveProxyConfig(input UIProxyConfig) ProxyConfigResult {
 	saved, err := profile.WithLockedDesktopStore(func(current *profile.Store) (bool, error) {
 		current.Proxy = profile.ProxyConfig{
-			Enabled: input.Enabled,
-			Host:    strings.TrimSpace(input.Host),
-			Port:    input.Port,
+			Enabled:        input.Enabled,
+			Host:           strings.TrimSpace(input.Host),
+			Port:           input.Port,
+			DebugLocalOnly: current.Proxy.DebugLocalOnly,
+		}
+		if input.DebugLocalOnly != nil {
+			current.Proxy.DebugLocalOnly = *input.DebugLocalOnly
 		}
 		return true, nil
 	})

core/internal/profile/types.go

@@ -46,9 +46,10 @@ type Model struct {
 
 // ProxyConfig describes the built-in local proxy/daemon endpoint.
 type ProxyConfig struct {
-	Enabled bool   `json:"enabled"`
-	Host    string `json:"host"`
-	Port    int    `json:"port"`
+	Enabled        bool   `json:"enabled"`
+	Host           string `json:"host"`
+	Port           int    `json:"port"`
+	DebugLocalOnly bool   `json:"debug_local_only,omitempty"`
 }
 
 // ActiveSelection is the persisted provider/model selected for one local agent.

core/internal/proxy/server.go

@@ -85,7 +85,7 @@ func NewServer(cfg profile.ProxyConfig) *Server {
 
 func (s *Server) localOnly(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if !isLocalRequest(r) {
+		if s.Config.DebugLocalOnly && !isLocalRequest(r) {
 			writeJSON(w, http.StatusForbidden, map[string]string{"error": "debug endpoints are only available from loopback clients"})
 			return
 		}

core/internal/proxy/server_test.go

@@ -122,8 +122,22 @@ func TestDebugCallLogPaginatesDefaultLimit(t *testing.T) {
 	}
 }
 
-func TestDebugRoutesRejectNonLoopbackClients(t *testing.T) {
+func TestDebugRoutesAllowNonLoopbackClientsByDefault(t *testing.T) {
 	s := NewServer(profile.ProxyConfig{Host: "0.0.0.0", Port: 27483})
+	s.CallLogs = newCallLogStoreAt(t.TempDir())
+	req := httptest.NewRequest(http.MethodGet, "http://example.com/__debug/call-log", nil)
+	req.RemoteAddr = "203.0.113.10:45678"
+	rec := httptest.NewRecorder()
+
+	s.Server.Handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status = %d, want %d", rec.Code, http.StatusOK)
+	}
+}
+
+func TestDebugRoutesRejectNonLoopbackClientsWhenLocalOnly(t *testing.T) {
+	s := NewServer(profile.ProxyConfig{Host: "0.0.0.0", Port: 27483, DebugLocalOnly: true})
 	req := httptest.NewRequest(http.MethodGet, "http://example.com/__debug/call-log", nil)
 	req.RemoteAddr = "203.0.113.10:45678"
 	rec := httptest.NewRecorder()
@@ -135,8 +149,8 @@ func TestDebugRoutesRejectNonLoopbackClients(t *testing.T) {
 	}
 }
 
-func TestDebugRoutesAllowLoopbackClients(t *testing.T) {
-	s := NewServer(profile.ProxyConfig{Host: "0.0.0.0", Port: 27483})
+func TestDebugRoutesAllowLoopbackClientsWhenLocalOnly(t *testing.T) {
+	s := NewServer(profile.ProxyConfig{Host: "0.0.0.0", Port: 27483, DebugLocalOnly: true})
 	s.CallLogs = newCallLogStoreAt(t.TempDir())
 	req := httptest.NewRequest(http.MethodGet, "http://example.com/__debug/call-log", nil)
 	req.RemoteAddr = "127.0.0.1:45678"

electron/ui/src/global.d.ts

@@ -96,6 +96,7 @@ type ProxyConfig = {
   enabled?: boolean;
   host?: string;
   port?: number;
+  debugLocalOnly?: boolean;
 };
 
 type ProxyStatusResult = {