refactor(reach): drop redundant proxy env forwarding to coana

coana resolves HTTPS_PROXY/HTTP_PROXY itself (getProxyUrl in
utils/dashboard-api/axios-aux.ts) and we already pass the full parent env to the
coana subprocess, so copying HTTPS_PROXY into SOCKET_CLI_API_PROXY was a no-op.

Remove the forwarding and the now-unused 'proxy' parameter. SOCKET_CLI_VERSION and
SOCKET_CALLER_USER_AGENT are unaffected. SOCKET_CLI_API_PROXY (coana's highest-
precedence proxy override) is left to be wired from a future explicit --proxy flag.

Author: mtorp

pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.4.1"
+version = "2.4.2"
 requires-python = ">= 3.11"
 license = {"file" = "LICENSE"}
 dependencies = [

socketsecurity/__init__.py

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.4.1'
+__version__ = '2.4.2'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

socketsecurity/core/tools/reachability.py

@@ -126,7 +126,6 @@ def run_reachability_analysis(
         continue_on_no_source_files: bool = False,
         reach_debug: bool = False,
         disable_external_tool_checks: bool = False,
-        proxy: Optional[str] = None,
     ) -> Dict[str, Any]:
         """
         Run reachability analysis.
@@ -251,11 +250,10 @@ def run_reachability_analysis(
         env["SOCKET_CLI_VERSION"] = __version__
         env["SOCKET_CALLER_USER_AGENT"] = _build_caller_user_agent()
 
-        # Forward an HTTP(S) proxy to coana if one is configured. Prefer an explicit value,
-        # otherwise fall back to the standard proxy environment variables.
-        proxy_url = proxy or os.environ.get("HTTPS_PROXY") or os.environ.get("HTTP_PROXY")
-        if proxy_url:
-            env["SOCKET_CLI_API_PROXY"] = proxy_url
+        # NOTE: no proxy env is set here. coana already reads HTTPS_PROXY/HTTP_PROXY itself, and
+        # we pass the full parent env above, so it inherits them. A SOCKET_CLI_API_PROXY override
+        # should only be set from an explicit --proxy flag (not yet implemented), since seeding it
+        # from HTTPS_PROXY would be a no-op (it's the same value coana already resolves).
 
         # Optional environment variables.
         # NOTE: repo/branch are intentionally omitted by the caller (passed as None) when they

tests/unit/test_reachability.py

@@ -83,18 +83,14 @@ def test_env_identifies_python_cli(analyzer, mocker):
     assert env["SOCKET_CLI_API_TOKEN"] == "test-api-token"
 
 
-def test_proxy_env_from_explicit_value(analyzer, mocker):
-    """G5: explicit proxy -> SOCKET_CLI_API_PROXY."""
-    _, env = _run(analyzer, mocker, proxy="http://proxy.example:8080")
-    assert env["SOCKET_CLI_API_PROXY"] == "http://proxy.example:8080"
-
-
-def test_proxy_env_from_https_proxy_fallback(analyzer, mocker, monkeypatch):
-    """G5: HTTPS_PROXY is forwarded when no explicit proxy is given."""
+def test_no_proxy_env_set_by_default(analyzer, mocker, monkeypatch):
+    """coana inherits HTTPS_PROXY/HTTP_PROXY from the passed env; we don't set
+    SOCKET_CLI_API_PROXY ourselves (that's reserved for a future explicit --proxy flag)."""
+    monkeypatch.delenv("SOCKET_CLI_API_PROXY", raising=False)
     monkeypatch.setenv("HTTPS_PROXY", "http://envproxy:3128")
-    monkeypatch.delenv("HTTP_PROXY", raising=False)
     _, env = _run(analyzer, mocker)
-    assert env["SOCKET_CLI_API_PROXY"] == "http://envproxy:3128"
+    # Even with HTTPS_PROXY set, we don't copy it into SOCKET_CLI_API_PROXY (coana reads it itself).
+    assert "SOCKET_CLI_API_PROXY" not in env
 
 
 def test_repo_branch_env_present_when_supplied(analyzer, mocker):