fix(ai): OAuth login/refresh now respects HTTP proxy env vars

Extracted HTTP proxy setup to shared module and imported it from both
stream.ts and oauth/index.ts. This ensures fetch() calls during OAuth
flows (token exchange, refresh, project discovery) go through the proxy.

fixes #1132

packages/ai/src/utils/http-proxy.ts

@@ -0,0 +1,13 @@
+/**
+ * Set up HTTP proxy according to env variables for `fetch` based SDKs in Node.js.
+ * Bun has builtin support for this.
+ *
+ * This module should be imported early by any code that needs proxy support for fetch().
+ * ES modules are cached, so importing multiple times is safe - setup only runs once.
+ */
+if (typeof process !== "undefined" && process.versions?.node) {
+	import("undici").then((m) => {
+		const { EnvHttpProxyAgent, setGlobalDispatcher } = m;
+		setGlobalDispatcher(new EnvHttpProxyAgent());
+	});
+}

packages/ai/src/utils/oauth/index.ts

@@ -9,6 +9,9 @@
  * - Antigravity (Gemini 3, Claude, GPT-OSS via Google Cloud)
  */
 
+// Set up HTTP proxy for fetch() calls (respects HTTP_PROXY, HTTPS_PROXY env vars)
+import "../http-proxy.js";
+
 // Anthropic
 export { anthropicOAuthProvider, loginAnthropic, refreshAnthropicToken } from "./anthropic.js";
 // GitHub Copilot