feat: add global HTTP/HTTPS proxy for agent child processes

[0xtresser]

Summary

Adds a per-host Network → Agent proxy setting. The daemon injects HTTPS_PROXY / HTTP_PROXY / ALL_PROXY / NO_PROXY (and lower-case variants) into every spawned agent process (Claude, Codex, OpenCode, ACP), so users behind a proxy can reach provider APIs without editing config.json for each provider.

Closes #253

Motivation

Agents like Claude Code / Codex call provider APIs over HTTPS. Users in regions where those APIs are hard to reach directly (e.g. mainland China) need a proxy. Today the only way to set one is manually editing agents.providers.<id>.env in config.json per provider — no UI, easy to forget, easy to get wrong. #253 asks for proper proxy support. This PR adds it as a first-class setting.

How it works

• MutableDaemonConfigSchema gains an optional network.proxy field (enabled, httpUrl?, httpsUrl?, noProxy?).
• applyProviderEnv now merges a process-wide globalAgentEnv layer between baseEnv and runtimeSettings.env. Precedence stays: process.env < global proxy config < per-provider env override, so users who already set per-provider env keep winning.
• bootstrap seeds globalAgentEnv from the persisted config on startup and re-applies on network.proxy changes via daemonConfigStore.onFieldChange. No daemon restart needed — new agents pick up the change immediately. (Already-running agents keep the env they were spawned with — this is an intentional no-surprise choice.)
• UI: a new Network section on the Host settings page with a Agent proxy card (on/off toggle + HTTPS / HTTP / NoProxy fields + Save). Only renders when the daemon is connected. Uses the existing `useDaemonConfig` / `patchConfig` hook, so no new WS round trips or transport work needed.

Backward compatibility

All new schema fields are `.optional()` with `.passthrough()`, following the project's "does a 6-month-old client still parse this?" rule:

• Old client ↔ new daemon: old clients ignore the new `network` field.
• New client ↔ old daemon: new UI just doesn't see any proxy config; the Save patch against an old daemon is rejected cleanly (old schema has no `network`) — an edge case since paired clients/daemons typically upgrade together.

Scope — what this PR does not do

• Does not affect the daemon's own outbound traffic (relay, update check). Only agent child processes. Happy to extend if maintainers want — the `globalAgentEnv` singleton makes that a one-liner.
• Does not add a CLI override for proxy (users configure via the UI or directly in `config.json`). Easy follow-up.

Testing

• Unit: `packages/server/src/server/agent/provider-launch-config.test.ts` — 10 new cases for `buildProxyEnv` + `applyProviderEnv` precedence. All 23 tests in that file pass.
• Format + app typecheck clean.
• Built and installed the produced `.app` locally on macOS arm64. Configured proxy via the UI, created a Claude Code agent, verified traffic going through the proxy. Toggling off and back on takes effect immediately for new agents.

Test plan

• Open Settings → select a host → scroll to Network, toggle Agent proxy on, set HTTPS URL (e.g. `http://127.0.0.1:7890\`), Save.
• Spawn a new Claude / Codex / OpenCode agent, run a task that hits the provider API, verify the proxy sees the traffic.
• Set a per-provider `env.HTTPS_PROXY` in `config.json` and confirm it wins over the global setting (precedence).
• Toggle off; new agents no longer route via proxy.

🤖 Generated with Claude Code