Skip to main content
On restricted or corporate networks, Synti may need to reach model providers and sources through an outbound proxy. Synti supports HTTP and HTTPS proxies, per-host bypass rules, and custom CA certificates for networks that inspect TLS. Settings apply across the app and are passed down to the agent’s subprocesses automatically.

Configure a proxy

Open Settings → Network and fill in: Changes take effect immediately — no restart required. They persist under the networkProxy key in the config file.
config.json

Authentication

If your proxy requires credentials, put them in the URL:
Credentials embedded in a proxy URL are stored in plain text in config.json. Prefer supplying them through environment configuration so they aren’t written to disk in the clear.

Bypass rules

The No Proxy list supports several forms:
localhost and 127.0.0.1 are not bypassed automatically. Add them to the No Proxy list if local services should skip the proxy.

TLS-inspecting proxies

Some corporate firewalls terminate and re-sign TLS. For Synti to trust the re-signed certificates, point NODE_EXTRA_CA_CERTS at your organization’s CA bundle before launching the app.
Set it for GUI apps with launchctl, then relaunch Synti:
When connecting the terminal client to a server with a self-signed certificate, use SYNTI_TLS_CA or the --tls-ca flag instead — see Environment Variables and the CLI reference.

How traffic is routed

Synti applies proxy settings at every layer that makes outbound requests:
  • App runtime — outbound HTTPS is tunneled through the proxy via CONNECT.
  • App windows — the Electron layer routes browser traffic through the same proxy.
  • Subprocesses — the agent’s child processes inherit HTTP_PROXY, HTTPS_PROXY, and NO_PROXY from the configured settings.

Environment Variables

CA and TLS variables for clients and servers.

Headless Server

TLS options when exposing a server.

Config File

Where proxy settings are persisted.

Credentials

Keeping secrets off disk in the clear.