feat: add proxy pool for per-account proxy routing

Add proxy pool system allowing different accounts to route through
different upstream proxies for IP diversity and risk isolation.

Backend:
- ProxyPool manager with CRUD, assignment, round-robin, health checks
- TlsTransport interface accepts per-request proxyUrl parameter
- Both curl-cli and libcurl-ffi transports support per-request proxy
- CodexApi forwards proxy through the request chain
- REST API at /api/proxies for proxy + assignment management
- Periodic health checks (default 5min) via api.ipify.org

Frontend:
- ProxyPool management section in dashboard
- Per-account proxy selector dropdown in AccountCard
- Four assignment modes: Global/Direct/Auto(Round-Robin)/Specific

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

CHANGELOG.md

@@ -8,6 +8,16 @@
 
 ### Added
 
+- 代理池功能：支持为不同账号配置不同的上游代理，实现 IP 多样化和风险隔离
+  - 代理 CRUD：添加、删除、启用、禁用代理（HTTP/HTTPS/SOCKS5）
+  - 四种分配模式：Global Default（全局代理）、Direct（直连）、Auto（Round-Robin 轮转）、指定代理
+  - 健康检查：定时（默认 5 分钟）+ 手动，通过 ipify API 获取出口 IP 和延迟
+  - 不可达代理自动标记为 unreachable，不参与自动轮转
+  - Dashboard 代理池管理面板：添加/删除/检查/启用/禁用代理
+  - AccountCard 代理选择器：每个账号可选择代理或模式
+  - 全套 REST API：`/api/proxies` CRUD + `/api/proxies/assign` 分配管理
+  - 持久化：`data/proxies.json`（原子写入，与 cookies.json 同模式）
+  - Transport 层支持 per-request 代理：`TlsTransport` 接口新增可选 `proxyUrl` 参数
 - Dashboard GitHub Star 徽章：Header 新增醒目的 ⭐ Star 按钮（amber 药丸样式），点击跳转 GitHub 仓库页面，方便用户收藏和获取更新
 - Dashboard 检查更新功能：Footer 显示 Proxy 版本+commit 和 Codex Desktop 指纹版本，提供"检查更新"按钮同时检查两种更新
   - Proxy 自更新（CLI 模式）：通过 `git fetch` 检查新提交，自动执行 `git pull + npm install + npm run build`，完成后提示重启

shared/hooks/use-proxies.ts

@@ -0,0 +1,168 @@
+import { useState, useEffect, useCallback } from "preact/hooks";
+import type { ProxyEntry, ProxyAssignment } from "../types";
+
+export interface ProxiesState {
+  proxies: ProxyEntry[];
+  assignments: ProxyAssignment[];
+  healthCheckIntervalMinutes: number;
+  loading: boolean;
+  refresh: () => Promise<void>;
+  addProxy: (name: string, url: string) => Promise<string | null>;
+  removeProxy: (id: string) => Promise<string | null>;
+  checkProxy: (id: string) => Promise<void>;
+  checkAll: () => Promise<void>;
+  enableProxy: (id: string) => Promise<void>;
+  disableProxy: (id: string) => Promise<void>;
+  assignProxy: (accountId: string, proxyId: string) => Promise<void>;
+  unassignProxy: (accountId: string) => Promise<void>;
+  setInterval: (minutes: number) => Promise<void>;
+}
+
+export function useProxies(): ProxiesState {
+  const [proxies, setProxies] = useState<ProxyEntry[]>([]);
+  const [assignments, setAssignments] = useState<ProxyAssignment[]>([]);
+  const [healthCheckIntervalMinutes, setHealthInterval] = useState(5);
+  const [loading, setLoading] = useState(true);
+
+  const refresh = useCallback(async () => {
+    try {
+      const resp = await fetch("/api/proxies");
+      const data = await resp.json();
+      setProxies(data.proxies || []);
+      setAssignments(data.assignments || []);
+      setHealthInterval(data.healthCheckIntervalMinutes || 5);
+    } catch {
+      // ignore
+    } finally {
+      setLoading(false);
+    }
+  }, []);
+
+  useEffect(() => {
+    refresh();
+  }, [refresh]);
+
+  const addProxy = useCallback(
+    async (name: string, url: string): Promise<string | null> => {
+      try {
+        const resp = await fetch("/api/proxies", {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ name, url }),
+        });
+        const data = await resp.json();
+        if (!resp.ok) return data.error || "Failed to add proxy";
+        await refresh();
+        return null;
+      } catch (err) {
+        return err instanceof Error ? err.message : "Network error";
+      }
+    },
+    [refresh],
+  );
+
+  const removeProxy = useCallback(
+    async (id: string): Promise<string | null> => {
+      try {
+        const resp = await fetch(`/api/proxies/${encodeURIComponent(id)}`, {
+          method: "DELETE",
+        });
+        if (!resp.ok) {
+          const data = await resp.json();
+          return data.error || "Failed to remove proxy";
+        }
+        await refresh();
+        return null;
+      } catch (err) {
+        return err instanceof Error ? err.message : "Network error";
+      }
+    },
+    [refresh],
+  );
+
+  const checkProxy = useCallback(
+    async (id: string) => {
+      await fetch(`/api/proxies/${encodeURIComponent(id)}/check`, {
+        method: "POST",
+      });
+      await refresh();
+    },
+    [refresh],
+  );
+
+  const checkAll = useCallback(async () => {
+    await fetch("/api/proxies/check-all", { method: "POST" });
+    await refresh();
+  }, [refresh]);
+
+  const enableProxy = useCallback(
+    async (id: string) => {
+      await fetch(`/api/proxies/${encodeURIComponent(id)}/enable`, {
+        method: "POST",
+      });
+      await refresh();
+    },
+    [refresh],
+  );
+
+  const disableProxy = useCallback(
+    async (id: string) => {
+      await fetch(`/api/proxies/${encodeURIComponent(id)}/disable`, {
+        method: "POST",
+      });
+      await refresh();
+    },
+    [refresh],
+  );
+
+  const assignProxy = useCallback(
+    async (accountId: string, proxyId: string) => {
+      await fetch("/api/proxies/assign", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ accountId, proxyId }),
+      });
+      await refresh();
+    },
+    [refresh],
+  );
+
+  const unassignProxy = useCallback(
+    async (accountId: string) => {
+      await fetch(`/api/proxies/assign/${encodeURIComponent(accountId)}`, {
+        method: "DELETE",
+      });
+      await refresh();
+    },
+    [refresh],
+  );
+
+  const setIntervalMinutes = useCallback(
+    async (minutes: number) => {
+      await fetch("/api/proxies/settings", {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ healthCheckIntervalMinutes: minutes }),
+      });
+      await refresh();
+    },
+    [refresh],
+  );
+
+  return {
+    proxies,
+    assignments,
+    healthCheckIntervalMinutes,
+    loading,
+    refresh,
+    addProxy,
+    removeProxy,
+    checkProxy,
+    checkAll,
+    enableProxy,
+    disableProxy,
+    assignProxy,
+    unassignProxy,
+    setInterval: setIntervalMinutes,
+  };
+}

shared/i18n/translations.ts

@@ -72,6 +72,29 @@ export const translations = {
     lastChecked: "Last checked",
     never: "never",
     commits: "commits",
+    proxyPool: "Proxy Pool",
+    proxyPoolDesc: "Manage upstream proxies for different accounts.",
+    addProxy: "Add Proxy",
+    proxyName: "Name",
+    proxyUrl: "Proxy URL",
+    noProxies: "No proxies configured. Add one to route accounts through different IPs.",
+    proxyActive: "Active",
+    proxyUnreachable: "Unreachable",
+    proxyDisabled: "Disabled",
+    exitIp: "Exit IP",
+    latency: "Latency",
+    checkHealth: "Check",
+    checkAllHealth: "Check All",
+    enableProxy: "Enable",
+    disableProxy: "Disable",
+    deleteProxy: "Delete proxy",
+    removeProxyConfirm: "Remove this proxy?",
+    proxyAssignment: "Proxy",
+    globalDefault: "Global Default",
+    directNoProxy: "Direct (No Proxy)",
+    autoRoundRobin: "Auto (Round-Robin)",
+    healthInterval: "Health check interval",
+    minutes: "min",
   },
   zh: {
     serverOnline: "\u670d\u52a1\u8fd0\u884c\u4e2d",
@@ -149,6 +172,29 @@ export const translations = {
     lastChecked: "\u4e0a\u6b21\u68c0\u67e5",
     never: "\u4ece\u672a",
     commits: "\u4e2a\u63d0\u4ea4",
+    proxyPool: "\u4ee3\u7406\u6c60",
+    proxyPoolDesc: "\u7ba1\u7406\u4e0d\u540c\u8d26\u53f7\u7684\u4e0a\u6e38\u4ee3\u7406\u3002",
+    addProxy: "\u6dfb\u52a0\u4ee3\u7406",
+    proxyName: "\u540d\u79f0",
+    proxyUrl: "\u4ee3\u7406 URL",
+    noProxies: "\u672a\u914d\u7f6e\u4ee3\u7406\u3002\u6dfb\u52a0\u4e00\u4e2a\u4ee5\u901a\u8fc7\u4e0d\u540c IP \u8def\u7531\u8d26\u53f7\u3002",
+    proxyActive: "\u6d3b\u8dc3",
+    proxyUnreachable: "\u4e0d\u53ef\u8fbe",
+    proxyDisabled: "\u5df2\u7981\u7528",
+    exitIp: "\u51fa\u53e3 IP",
+    latency: "\u5ef6\u8fdf",
+    checkHealth: "\u68c0\u67e5",
+    checkAllHealth: "\u68c0\u67e5\u5168\u90e8",
+    enableProxy: "\u542f\u7528",
+    disableProxy: "\u7981\u7528",
+    deleteProxy: "\u5220\u9664\u4ee3\u7406",
+    removeProxyConfirm: "\u786e\u5b9a\u8981\u79fb\u9664\u6b64\u4ee3\u7406\u5417\uff1f",
+    proxyAssignment: "\u4ee3\u7406",
+    globalDefault: "\u5168\u5c40\u9ed8\u8ba4",
+    directNoProxy: "\u76f4\u8fde\uff08\u65e0\u4ee3\u7406\uff09",
+    autoRoundRobin: "\u81ea\u52a8\u8f6e\u8f6c",
+    healthInterval: "\u5065\u5eb7\u68c0\u67e5\u95f4\u9694",
+    minutes: "\u5206\u949f",
   },
 } as const;
 

shared/types.ts

@@ -21,4 +21,27 @@ export interface Account {
     window_output_tokens?: number;
   };
   quota?: AccountQuota;
+  proxyId?: string;
+  proxyName?: string;
+}
+
+export interface ProxyHealthInfo {
+  exitIp: string | null;
+  latencyMs: number;
+  lastChecked: string;
+  error: string | null;
+}
+
+export interface ProxyEntry {
+  id: string;
+  name: string;
+  url: string;
+  status: "active" | "unreachable" | "disabled";
+  health: ProxyHealthInfo | null;
+  addedAt: string;
+}
+
+export interface ProxyAssignment {
+  accountId: string;
+  proxyId: string;
 }

src/index.ts

@@ -15,6 +15,8 @@ import { createGeminiRoutes } from "./routes/gemini.js";
 import { createModelRoutes } from "./routes/models.js";
 import { createWebRoutes } from "./routes/web.js";
 import { CookieJar } from "./proxy/cookie-jar.js";
+import { ProxyPool } from "./proxy/proxy-pool.js";
+import { createProxyRoutes } from "./routes/proxies.js";
 import { startUpdateChecker, stopUpdateChecker } from "./update-checker.js";
 import { initProxy } from "./tls/curl-binary.js";
 import { initTransport } from "./tls/transport.js";
@@ -54,6 +56,7 @@ export async function startServer(options?: StartOptions): Promise<ServerHandle>
   const accountPool = new AccountPool();
   const refreshScheduler = new RefreshScheduler(accountPool);
   const cookieJar = new CookieJar();
+  const proxyPool = new ProxyPool();
 
   // Create Hono app
   const app = new Hono();
@@ -65,10 +68,11 @@ export async function startServer(options?: StartOptions): Promise<ServerHandle>
 
   // Mount routes
   const authRoutes = createAuthRoutes(accountPool, refreshScheduler);
-  const accountRoutes = createAccountRoutes(accountPool, refreshScheduler, cookieJar);
-  const chatRoutes = createChatRoutes(accountPool, cookieJar);
-  const messagesRoutes = createMessagesRoutes(accountPool, cookieJar);
-  const geminiRoutes = createGeminiRoutes(accountPool, cookieJar);
+  const accountRoutes = createAccountRoutes(accountPool, refreshScheduler, cookieJar, proxyPool);
+  const chatRoutes = createChatRoutes(accountPool, cookieJar, proxyPool);
+  const messagesRoutes = createMessagesRoutes(accountPool, cookieJar, proxyPool);
+  const geminiRoutes = createGeminiRoutes(accountPool, cookieJar, proxyPool);
+  const proxyRoutes = createProxyRoutes(proxyPool);
   const webRoutes = createWebRoutes(accountPool);
 
   app.route("/", authRoutes);
@@ -76,6 +80,7 @@ export async function startServer(options?: StartOptions): Promise<ServerHandle>
   app.route("/", chatRoutes);
   app.route("/", messagesRoutes);
   app.route("/", geminiRoutes);
+  app.route("/", proxyRoutes);
   app.route("/", createModelRoutes());
   app.route("/", webRoutes);
 
@@ -111,7 +116,10 @@ export async function startServer(options?: StartOptions): Promise<ServerHandle>
   startUpdateChecker();
 
   // Start background model refresh (requires auth to be ready)
-  startModelRefresh(accountPool, cookieJar);
+  startModelRefresh(accountPool, cookieJar, proxyPool);
+
+  // Start proxy health check timer (if proxies exist)
+  proxyPool.startHealthCheckTimer();
 
   const server = serve({
     fetch: app.fetch,
@@ -125,6 +133,7 @@ export async function startServer(options?: StartOptions): Promise<ServerHandle>
         stopUpdateChecker();
         stopModelRefresh();
         refreshScheduler.destroy();
+        proxyPool.destroy();
         cookieJar.destroy();
         accountPool.destroy();
         resolve();

src/models/model-fetcher.ts

@@ -10,6 +10,7 @@ import { CodexApi } from "../proxy/codex-api.js";
 import { applyBackendModels, type BackendModelEntry } from "./model-store.js";
 import type { AccountPool } from "../auth/account-pool.js";
 import type { CookieJar } from "../proxy/cookie-jar.js";
+import type { ProxyPool } from "../proxy/proxy-pool.js";
 import { jitter } from "../utils/jitter.js";
 
 const REFRESH_INTERVAL_HOURS = 1;
@@ -18,6 +19,7 @@ const INITIAL_DELAY_MS = 5_000; // 5s after startup
 let _refreshTimer: ReturnType<typeof setTimeout> | null = null;
 let _accountPool: AccountPool | null = null;
 let _cookieJar: CookieJar | null = null;
+let _proxyPool: ProxyPool | null = null;
 
 /**
  * Fetch models from the Codex backend using an available account.
@@ -25,6 +27,7 @@ let _cookieJar: CookieJar | null = null;
 async function fetchModelsFromBackend(
   accountPool: AccountPool,
   cookieJar: CookieJar,
+  proxyPool: ProxyPool | null,
 ): Promise<void> {
   if (!accountPool.isAuthenticated()) return; // silently skip when no accounts
 
@@ -35,11 +38,13 @@ async function fetchModelsFromBackend(
   }
 
   try {
+    const proxyUrl = proxyPool?.resolveProxyUrl(acquired.entryId);
     const api = new CodexApi(
       acquired.token,
       acquired.accountId,
       cookieJar,
       acquired.entryId,
+      proxyUrl,
     );
 
     const models = await api.getModels();
@@ -65,14 +70,16 @@ async function fetchModelsFromBackend(
 export function startModelRefresh(
   accountPool: AccountPool,
   cookieJar: CookieJar,
+  proxyPool?: ProxyPool,
 ): void {
   _accountPool = accountPool;
   _cookieJar = cookieJar;
+  _proxyPool = proxyPool ?? null;
 
   // Initial fetch after short delay
   _refreshTimer = setTimeout(async () => {
     try {
-      await fetchModelsFromBackend(accountPool, cookieJar);
+      await fetchModelsFromBackend(accountPool, cookieJar, _proxyPool);
     } finally {
       scheduleNext(accountPool, cookieJar);
     }
@@ -88,7 +95,7 @@ function scheduleNext(
   const intervalMs = jitter(REFRESH_INTERVAL_HOURS * 3600 * 1000, 0.15);
   _refreshTimer = setTimeout(async () => {
     try {
-      await fetchModelsFromBackend(accountPool, cookieJar);
+      await fetchModelsFromBackend(accountPool, cookieJar, _proxyPool);
     } finally {
       scheduleNext(accountPool, cookieJar);
     }
@@ -101,7 +108,7 @@ function scheduleNext(
  */
 export function triggerImmediateRefresh(): void {
   if (_accountPool && _cookieJar) {
-    fetchModelsFromBackend(_accountPool, _cookieJar).catch((err) => {
+    fetchModelsFromBackend(_accountPool, _cookieJar, _proxyPool).catch((err) => {
       const msg = err instanceof Error ? err.message : String(err);
       console.warn(`[ModelFetcher] Immediate refresh failed: ${msg}`);
     });

src/proxy/codex-api.ts

@@ -57,17 +57,20 @@ export class CodexApi {
   private accountId: string | null;
   private cookieJar: CookieJar | null;
   private entryId: string | null;
+  private proxyUrl: string | null | undefined;
 
   constructor(
     token: string,
     accountId: string | null,
     cookieJar?: CookieJar | null,
     entryId?: string | null,
+    proxyUrl?: string | null,
   ) {
     this.token = token;
     this.accountId = accountId;
     this.cookieJar = cookieJar ?? null;
     this.entryId = entryId ?? null;
+    this.proxyUrl = proxyUrl;
   }
 
   setToken(token: string): void {
@@ -111,7 +114,7 @@ export class CodexApi {
 
     let body: string;
     try {
-      const result = await transport.get(url, headers, 15);
+      const result = await transport.get(url, headers, 15, this.proxyUrl);
       body = result.body;
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
@@ -157,7 +160,7 @@ export class CodexApi {
 
     for (const url of endpoints) {
       try {
-        const result = await transport.get(url, headers, 15);
+        const result = await transport.get(url, headers, 15, this.proxyUrl);
         const parsed = JSON.parse(result.body) as Record<string, unknown>;
 
         // sentinel/chat-requirements returns { chat_models: { models: [...], ... } }
@@ -219,7 +222,7 @@ export class CodexApi {
     }
 
     try {
-      const result = await transport.get(url, headers, 15);
+      const result = await transport.get(url, headers, 15, this.proxyUrl);
       return JSON.parse(result.body) as Record<string, unknown>;
     } catch {
       return null;
@@ -248,7 +251,7 @@ export class CodexApi {
 
     let transportRes;
     try {
-      transportRes = await transport.post(url, headers, JSON.stringify(request), signal, timeout);
+      transportRes = await transport.post(url, headers, JSON.stringify(request), signal, timeout, this.proxyUrl);
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
       throw new CodexApiError(0, msg);

src/proxy/proxy-pool.ts

@@ -0,0 +1,447 @@
+/**
+ * ProxyPool — per-account proxy management with health checks.
+ *
+ * Stores proxy entries and account→proxy assignments.
+ * Supports manual assignment, "auto" round-robin, "direct" (no proxy),
+ * and "global" (use the globally detected proxy).
+ *
+ * Persistence: data/proxies.json (atomic write via tmp + rename).
+ * Health checks: periodic + on-demand, using api.ipify.org for exit IP.
+ */
+
+import {
+  readFileSync,
+  writeFileSync,
+  renameSync,
+  existsSync,
+  mkdirSync,
+} from "fs";
+import { resolve, dirname } from "path";
+import { getDataDir } from "../paths.js";
+import { getTransport } from "../tls/transport.js";
+
+function getProxiesFile(): string {
+  return resolve(getDataDir(), "proxies.json");
+}
+
+// ── Types ─────────────────────────────────────────────────────────────
+
+export interface ProxyHealthInfo {
+  exitIp: string | null;
+  latencyMs: number;
+  lastChecked: string;
+  error: string | null;
+}
+
+export type ProxyStatus = "active" | "unreachable" | "disabled";
+
+export interface ProxyEntry {
+  id: string;
+  name: string;
+  url: string;
+  status: ProxyStatus;
+  health: ProxyHealthInfo | null;
+  addedAt: string;
+}
+
+/** Special assignment values (not a proxy ID). */
+export type SpecialAssignment = "global" | "direct" | "auto";
+
+export interface ProxyAssignment {
+  accountId: string;
+  proxyId: string; // ProxyEntry.id | SpecialAssignment
+}
+
+interface ProxiesFile {
+  proxies: ProxyEntry[];
+  assignments: ProxyAssignment[];
+  healthCheckIntervalMinutes: number;
+}
+
+const HEALTH_CHECK_URL = "https://api.ipify.org?format=json";
+const DEFAULT_HEALTH_INTERVAL_MIN = 5;
+
+// ── ProxyPool ─────────────────────────────────────────────────────────
+
+export class ProxyPool {
+  private proxies: Map<string, ProxyEntry> = new Map();
+  private assignments: Map<string, string> = new Map(); // accountId → proxyId
+  private healthIntervalMin = DEFAULT_HEALTH_INTERVAL_MIN;
+  private persistTimer: ReturnType<typeof setTimeout> | null = null;
+  private healthTimer: ReturnType<typeof setInterval> | null = null;
+  private _roundRobinIndex = 0;
+
+  constructor() {
+    this.load();
+  }
+
+  // ── CRUD ──────────────────────────────────────────────────────────
+
+  add(name: string, url: string): string {
+    const id = randomHex(8);
+    const entry: ProxyEntry = {
+      id,
+      name: name.trim(),
+      url: url.trim(),
+      status: "active",
+      health: null,
+      addedAt: new Date().toISOString(),
+    };
+    this.proxies.set(id, entry);
+    this.persistNow();
+    return id;
+  }
+
+  remove(id: string): boolean {
+    if (!this.proxies.delete(id)) return false;
+    // Clean up assignments pointing to this proxy
+    for (const [accountId, proxyId] of this.assignments) {
+      if (proxyId === id) {
+        this.assignments.delete(accountId);
+      }
+    }
+    this.persistNow();
+    return true;
+  }
+
+  update(id: string, fields: { name?: string; url?: string }): boolean {
+    const entry = this.proxies.get(id);
+    if (!entry) return false;
+    if (fields.name !== undefined) entry.name = fields.name.trim();
+    if (fields.url !== undefined) {
+      entry.url = fields.url.trim();
+      entry.health = null; // reset health on URL change
+      entry.status = "active";
+    }
+    this.schedulePersist();
+    return true;
+  }
+
+  getAll(): ProxyEntry[] {
+    return Array.from(this.proxies.values());
+  }
+
+  getById(id: string): ProxyEntry | undefined {
+    return this.proxies.get(id);
+  }
+
+  enable(id: string): boolean {
+    const entry = this.proxies.get(id);
+    if (!entry) return false;
+    entry.status = "active";
+    this.schedulePersist();
+    return true;
+  }
+
+  disable(id: string): boolean {
+    const entry = this.proxies.get(id);
+    if (!entry) return false;
+    entry.status = "disabled";
+    this.schedulePersist();
+    return true;
+  }
+
+  // ── Assignment ────────────────────────────────────────────────────
+
+  assign(accountId: string, proxyId: string): void {
+    this.assignments.set(accountId, proxyId);
+    this.persistNow();
+  }
+
+  unassign(accountId: string): void {
+    if (this.assignments.delete(accountId)) {
+      this.persistNow();
+    }
+  }
+
+  getAssignment(accountId: string): string {
+    return this.assignments.get(accountId) ?? "global";
+  }
+
+  getAllAssignments(): ProxyAssignment[] {
+    const result: ProxyAssignment[] = [];
+    for (const [accountId, proxyId] of this.assignments) {
+      result.push({ accountId, proxyId });
+    }
+    return result;
+  }
+
+  /**
+   * Get display name for an assignment.
+   */
+  getAssignmentDisplayName(accountId: string): string {
+    const assignment = this.getAssignment(accountId);
+    if (assignment === "global") return "Global Default";
+    if (assignment === "direct") return "Direct (No Proxy)";
+    if (assignment === "auto") return "Auto (Round-Robin)";
+    const proxy = this.proxies.get(assignment);
+    return proxy ? proxy.name : "Unknown Proxy";
+  }
+
+  // ── Resolution ────────────────────────────────────────────────────
+
+  /**
+   * Resolve the proxy URL for an account.
+   * Returns:
+   *   undefined — use global proxy (default behavior)
+   *   null     — direct connection (no proxy)
+   *   string   — specific proxy URL
+   */
+  resolveProxyUrl(accountId: string): string | null | undefined {
+    const assignment = this.getAssignment(accountId);
+
+    if (assignment === "global") return undefined;
+    if (assignment === "direct") return null;
+
+    if (assignment === "auto") {
+      return this.pickRoundRobin();
+    }
+
+    // Specific proxy ID
+    const proxy = this.proxies.get(assignment);
+    if (!proxy || proxy.status !== "active") {
+      // Proxy deleted or unreachable/disabled — fall back to global
+      return undefined;
+    }
+    return proxy.url;
+  }
+
+  /**
+   * Round-robin pick from active proxies.
+   * Returns undefined (global) if no active proxies exist.
+   */
+  private pickRoundRobin(): string | undefined {
+    const active = Array.from(this.proxies.values()).filter(
+      (p) => p.status === "active",
+    );
+    if (active.length === 0) return undefined;
+
+    this._roundRobinIndex = this._roundRobinIndex % active.length;
+    const picked = active[this._roundRobinIndex];
+    this._roundRobinIndex = (this._roundRobinIndex + 1) % active.length;
+    return picked.url;
+  }
+
+  // ── Health Check ──────────────────────────────────────────────────
+
+  async healthCheck(id: string): Promise<ProxyHealthInfo> {
+    const proxy = this.proxies.get(id);
+    if (!proxy) {
+      throw new Error(`Proxy ${id} not found`);
+    }
+
+    const transport = getTransport();
+    const start = Date.now();
+
+    try {
+      const result = await transport.get(
+        HEALTH_CHECK_URL,
+        { Accept: "application/json" },
+        10,
+        proxy.url,
+      );
+      const latencyMs = Date.now() - start;
+
+      let exitIp: string | null = null;
+      try {
+        const parsed = JSON.parse(result.body) as { ip?: string };
+        exitIp = parsed.ip ?? null;
+      } catch {
+        // Could not parse IP
+      }
+
+      const info: ProxyHealthInfo = {
+        exitIp,
+        latencyMs,
+        lastChecked: new Date().toISOString(),
+        error: null,
+      };
+
+      proxy.health = info;
+      // Only change status if not manually disabled
+      if (proxy.status !== "disabled") {
+        proxy.status = "active";
+      }
+      this.schedulePersist();
+      return info;
+    } catch (err) {
+      const latencyMs = Date.now() - start;
+      const error = err instanceof Error ? err.message : String(err);
+
+      const info: ProxyHealthInfo = {
+        exitIp: null,
+        latencyMs,
+        lastChecked: new Date().toISOString(),
+        error,
+      };
+
+      proxy.health = info;
+      if (proxy.status !== "disabled") {
+        proxy.status = "unreachable";
+      }
+      this.schedulePersist();
+      return info;
+    }
+  }
+
+  async healthCheckAll(): Promise<void> {
+    const ids = Array.from(this.proxies.keys());
+    if (ids.length === 0) return;
+
+    console.log(`[ProxyPool] Health checking ${ids.length} proxies...`);
+    await Promise.allSettled(ids.map((id) => this.healthCheck(id)));
+
+    const active = Array.from(this.proxies.values()).filter(
+      (p) => p.status === "active",
+    ).length;
+    console.log(
+      `[ProxyPool] Health check complete: ${active}/${ids.length} active`,
+    );
+  }
+
+  startHealthCheckTimer(): void {
+    this.stopHealthCheckTimer();
+    if (this.proxies.size === 0) return;
+
+    const intervalMs = this.healthIntervalMin * 60 * 1000;
+    this.healthTimer = setInterval(() => {
+      this.healthCheckAll().catch((err) => {
+        const msg = err instanceof Error ? err.message : String(err);
+        console.warn(`[ProxyPool] Periodic health check error: ${msg}`);
+      });
+    }, intervalMs);
+    if (this.healthTimer.unref) this.healthTimer.unref();
+
+    console.log(
+      `[ProxyPool] Health check timer started (every ${this.healthIntervalMin}min)`,
+    );
+  }
+
+  stopHealthCheckTimer(): void {
+    if (this.healthTimer) {
+      clearInterval(this.healthTimer);
+      this.healthTimer = null;
+    }
+  }
+
+  getHealthIntervalMinutes(): number {
+    return this.healthIntervalMin;
+  }
+
+  setHealthIntervalMinutes(minutes: number): void {
+    this.healthIntervalMin = Math.max(1, minutes);
+    this.schedulePersist();
+    // Restart timer with new interval
+    if (this.healthTimer) {
+      this.startHealthCheckTimer();
+    }
+  }
+
+  // ── Persistence ───────────────────────────────────────────────────
+
+  private schedulePersist(): void {
+    if (this.persistTimer) return;
+    this.persistTimer = setTimeout(() => {
+      this.persistTimer = null;
+      this.persistNow();
+    }, 1000);
+  }
+
+  persistNow(): void {
+    if (this.persistTimer) {
+      clearTimeout(this.persistTimer);
+      this.persistTimer = null;
+    }
+    try {
+      const filePath = getProxiesFile();
+      const dir = dirname(filePath);
+      if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+
+      const data: ProxiesFile = {
+        proxies: Array.from(this.proxies.values()),
+        assignments: this.getAllAssignments(),
+        healthCheckIntervalMinutes: this.healthIntervalMin,
+      };
+
+      const tmpFile = filePath + ".tmp";
+      writeFileSync(tmpFile, JSON.stringify(data, null, 2), "utf-8");
+      renameSync(tmpFile, filePath);
+    } catch (err) {
+      console.warn(
+        "[ProxyPool] Failed to persist:",
+        err instanceof Error ? err.message : err,
+      );
+    }
+  }
+
+  private load(): void {
+    try {
+      const filePath = getProxiesFile();
+      if (!existsSync(filePath)) return;
+
+      const raw = readFileSync(filePath, "utf-8");
+      const data = JSON.parse(raw) as Partial<ProxiesFile>;
+
+      if (Array.isArray(data.proxies)) {
+        for (const p of data.proxies) {
+          if (p && typeof p.id === "string" && typeof p.url === "string") {
+            this.proxies.set(p.id, {
+              id: p.id,
+              name: p.name ?? "",
+              url: p.url,
+              status: p.status ?? "active",
+              health: p.health ?? null,
+              addedAt: p.addedAt ?? new Date().toISOString(),
+            });
+          }
+        }
+      }
+
+      if (Array.isArray(data.assignments)) {
+        for (const a of data.assignments) {
+          if (
+            a &&
+            typeof a.accountId === "string" &&
+            typeof a.proxyId === "string"
+          ) {
+            this.assignments.set(a.accountId, a.proxyId);
+          }
+        }
+      }
+
+      if (typeof data.healthCheckIntervalMinutes === "number") {
+        this.healthIntervalMin = Math.max(1, data.healthCheckIntervalMinutes);
+      }
+
+      if (this.proxies.size > 0) {
+        console.log(
+          `[ProxyPool] Loaded ${this.proxies.size} proxies, ${this.assignments.size} assignments`,
+        );
+      }
+    } catch (err) {
+      console.warn(
+        "[ProxyPool] Failed to load:",
+        err instanceof Error ? err.message : err,
+      );
+    }
+  }
+
+  destroy(): void {
+    this.stopHealthCheckTimer();
+    if (this.persistTimer) {
+      clearTimeout(this.persistTimer);
+      this.persistTimer = null;
+    }
+    this.persistNow();
+  }
+}
+
+// ── Helpers ─────────────────────────────────────────────────────────
+
+function randomHex(bytes: number): string {
+  const arr = new Uint8Array(bytes);
+  crypto.getRandomValues(arr);
+  return Array.from(arr)
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+}

src/routes/accounts.ts

@@ -23,6 +23,7 @@ import { CodexApi } from "../proxy/codex-api.js";
 import type { CodexUsageResponse } from "../proxy/codex-api.js";
 import type { CodexQuota, AccountInfo } from "../auth/types.js";
 import type { CookieJar } from "../proxy/cookie-jar.js";
+import type { ProxyPool } from "../proxy/proxy-pool.js";
 
 function toQuota(usage: CodexUsageResponse): CodexQuota {
   return {
@@ -51,12 +52,14 @@ export function createAccountRoutes(
   pool: AccountPool,
   scheduler: RefreshScheduler,
   cookieJar?: CookieJar,
+  proxyPool?: ProxyPool,
 ): Hono {
   const app = new Hono();
 
-  /** Helper: build a CodexApi with cookie support. */
+  /** Helper: build a CodexApi with cookie + proxy support. */
   function makeApi(entryId: string, token: string, accountId: string | null): CodexApi {
-    return new CodexApi(token, accountId, cookieJar, entryId);
+    const proxyUrl = proxyPool?.resolveProxyUrl(entryId);
+    return new CodexApi(token, accountId, cookieJar, entryId, proxyUrl);
   }
 
   // Start OAuth flow to add a new account — 302 redirect to Auth0
@@ -73,7 +76,12 @@ export function createAccountRoutes(
     const wantQuota = c.req.query("quota") === "true";
 
     if (!wantQuota) {
-      return c.json({ accounts });
+      const enrichedBasic = accounts.map((acct) => ({
+        ...acct,
+        proxyId: proxyPool?.getAssignment(acct.id) ?? "global",
+        proxyName: proxyPool?.getAssignmentDisplayName(acct.id) ?? "Global Default",
+      }));
+      return c.json({ accounts: enrichedBasic });
     }
 
     // Fetch quota for every active account in parallel
@@ -93,9 +101,18 @@ export function createAccountRoutes(
           pool.syncRateLimitWindow(acct.id, resetAt, windowSec);
           // Re-read usage after potential reset
           const freshAcct = pool.getAccounts().find((a) => a.id === acct.id) ?? acct;
-          return { ...freshAcct, quota: toQuota(usage) };
+          return {
+            ...freshAcct,
+            quota: toQuota(usage),
+            proxyId: proxyPool?.getAssignment(acct.id) ?? "global",
+            proxyName: proxyPool?.getAssignmentDisplayName(acct.id) ?? "Global Default",
+          };
         } catch {
-          return acct; // skip on error — no quota field
+          return {
+            ...acct,
+            proxyId: proxyPool?.getAssignment(acct.id) ?? "global",
+            proxyName: proxyPool?.getAssignmentDisplayName(acct.id) ?? "Global Default",
+          };
         }
       }),
     );

src/routes/chat.ts

@@ -2,6 +2,7 @@ import { Hono } from "hono";
 import { ChatCompletionRequestSchema } from "../types/openai.js";
 import type { AccountPool } from "../auth/account-pool.js";
 import type { CookieJar } from "../proxy/cookie-jar.js";
+import type { ProxyPool } from "../proxy/proxy-pool.js";
 import { translateToCodexRequest } from "../translation/openai-to-codex.js";
 import {
   streamCodexToOpenAI,
@@ -52,6 +53,7 @@ function makeOpenAIFormat(wantReasoning: boolean): FormatAdapter {
 export function createChatRoutes(
   accountPool: AccountPool,
   cookieJar?: CookieJar,
+  proxyPool?: ProxyPool,
 ): Hono {
   const app = new Hono();
 
@@ -132,6 +134,7 @@ export function createChatRoutes(
         isStreaming: req.stream,
       },
       makeOpenAIFormat(wantReasoning),
+      proxyPool,
     );
   });
 

src/routes/gemini.ts

@@ -11,6 +11,7 @@ import { GEMINI_STATUS_MAP } from "../types/gemini.js";
 import { GeminiGenerateContentRequestSchema } from "../types/gemini.js";
 import type { AccountPool } from "../auth/account-pool.js";
 import type { CookieJar } from "../proxy/cookie-jar.js";
+import type { ProxyPool } from "../proxy/proxy-pool.js";
 import {
   translateGeminiToCodexRequest,
 } from "../translation/gemini-to-codex.js";
@@ -73,6 +74,7 @@ const GEMINI_FORMAT: FormatAdapter = {
 export function createGeminiRoutes(
   accountPool: AccountPool,
   cookieJar?: CookieJar,
+  proxyPool?: ProxyPool,
 ): Hono {
   const app = new Hono();
 
@@ -159,6 +161,7 @@ export function createGeminiRoutes(
         isStreaming,
       },
       GEMINI_FORMAT,
+      proxyPool,
     );
   });
 

src/routes/messages.ts

@@ -9,6 +9,7 @@ import { AnthropicMessagesRequestSchema } from "../types/anthropic.js";
 import type { AnthropicErrorBody, AnthropicErrorType } from "../types/anthropic.js";
 import type { AccountPool } from "../auth/account-pool.js";
 import type { CookieJar } from "../proxy/cookie-jar.js";
+import type { ProxyPool } from "../proxy/proxy-pool.js";
 import { translateAnthropicToCodexRequest } from "../translation/anthropic-to-codex.js";
 import {
   streamCodexToAnthropic,
@@ -48,6 +49,7 @@ function makeAnthropicFormat(wantThinking: boolean): FormatAdapter {
 export function createMessagesRoutes(
   accountPool: AccountPool,
   cookieJar?: CookieJar,
+  proxyPool?: ProxyPool,
 ): Hono {
   const app = new Hono();
 
@@ -106,6 +108,7 @@ export function createMessagesRoutes(
         isStreaming: req.stream,
       },
       makeAnthropicFormat(wantThinking),
+      proxyPool,
     );
   });
 

src/routes/proxies.ts

@@ -0,0 +1,171 @@
+/**
+ * Proxy pool management API routes.
+ *
+ * GET    /api/proxies              — list all proxies + assignments
+ * POST   /api/proxies              — add proxy { name, url }
+ * PUT    /api/proxies/:id          — update proxy { name?, url? }
+ * DELETE /api/proxies/:id          — remove proxy
+ * POST   /api/proxies/:id/check    — health check single proxy
+ * POST   /api/proxies/:id/enable   — enable proxy
+ * POST   /api/proxies/:id/disable  — disable proxy
+ * POST   /api/proxies/check-all    — health check all proxies
+ * POST   /api/proxies/assign       — assign proxy to account { accountId, proxyId }
+ * DELETE /api/proxies/assign/:accountId — unassign proxy from account
+ * PUT    /api/proxies/settings     — update settings { healthCheckIntervalMinutes }
+ */
+
+import { Hono } from "hono";
+import type { ProxyPool } from "../proxy/proxy-pool.js";
+
+export function createProxyRoutes(proxyPool: ProxyPool): Hono {
+  const app = new Hono();
+
+  // List all proxies + assignments
+  app.get("/api/proxies", (c) => {
+    return c.json({
+      proxies: proxyPool.getAll(),
+      assignments: proxyPool.getAllAssignments(),
+      healthCheckIntervalMinutes: proxyPool.getHealthIntervalMinutes(),
+    });
+  });
+
+  // Add proxy
+  app.post("/api/proxies", async (c) => {
+    const body = await c.req.json<{ name?: string; url?: string }>();
+    const url = body.url?.trim();
+
+    if (!url) {
+      c.status(400);
+      return c.json({ error: "url is required" });
+    }
+
+    // Basic URL validation
+    try {
+      new URL(url);
+    } catch {
+      c.status(400);
+      return c.json({ error: "Invalid proxy URL format" });
+    }
+
+    const name = body.name?.trim() || url;
+    const id = proxyPool.add(name, url);
+    const proxy = proxyPool.getById(id);
+
+    // Restart health check timer if this is the first proxy
+    proxyPool.startHealthCheckTimer();
+
+    return c.json({ success: true, proxy });
+  });
+
+  // Update proxy
+  app.put("/api/proxies/:id", async (c) => {
+    const id = c.req.param("id");
+    const body = await c.req.json<{ name?: string; url?: string }>();
+
+    if (!proxyPool.update(id, body)) {
+      c.status(404);
+      return c.json({ error: "Proxy not found" });
+    }
+
+    return c.json({ success: true, proxy: proxyPool.getById(id) });
+  });
+
+  // Remove proxy
+  app.delete("/api/proxies/:id", (c) => {
+    const id = c.req.param("id");
+    if (!proxyPool.remove(id)) {
+      c.status(404);
+      return c.json({ error: "Proxy not found" });
+    }
+    return c.json({ success: true });
+  });
+
+  // Health check single proxy
+  app.post("/api/proxies/:id/check", async (c) => {
+    const id = c.req.param("id");
+    try {
+      const health = await proxyPool.healthCheck(id);
+      const proxy = proxyPool.getById(id);
+      return c.json({ success: true, proxy, health });
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      c.status(404);
+      return c.json({ error: msg });
+    }
+  });
+
+  // Enable proxy
+  app.post("/api/proxies/:id/enable", (c) => {
+    const id = c.req.param("id");
+    if (!proxyPool.enable(id)) {
+      c.status(404);
+      return c.json({ error: "Proxy not found" });
+    }
+    return c.json({ success: true, proxy: proxyPool.getById(id) });
+  });
+
+  // Disable proxy
+  app.post("/api/proxies/:id/disable", (c) => {
+    const id = c.req.param("id");
+    if (!proxyPool.disable(id)) {
+      c.status(404);
+      return c.json({ error: "Proxy not found" });
+    }
+    return c.json({ success: true, proxy: proxyPool.getById(id) });
+  });
+
+  // Health check all — must be before /:id routes
+  app.post("/api/proxies/check-all", async (c) => {
+    await proxyPool.healthCheckAll();
+    return c.json({
+      success: true,
+      proxies: proxyPool.getAll(),
+    });
+  });
+
+  // Assign proxy to account
+  app.post("/api/proxies/assign", async (c) => {
+    const body = await c.req.json<{ accountId?: string; proxyId?: string }>();
+    const { accountId, proxyId } = body;
+
+    if (!accountId || !proxyId) {
+      c.status(400);
+      return c.json({ error: "accountId and proxyId are required" });
+    }
+
+    // Validate proxyId is a known value
+    const validSpecial = ["global", "direct", "auto"];
+    if (!validSpecial.includes(proxyId) && !proxyPool.getById(proxyId)) {
+      c.status(400);
+      return c.json({ error: "Invalid proxyId. Use 'global', 'direct', 'auto', or a valid proxy ID." });
+    }
+
+    proxyPool.assign(accountId, proxyId);
+    return c.json({
+      success: true,
+      assignment: { accountId, proxyId },
+      displayName: proxyPool.getAssignmentDisplayName(accountId),
+    });
+  });
+
+  // Unassign proxy from account
+  app.delete("/api/proxies/assign/:accountId", (c) => {
+    const accountId = c.req.param("accountId");
+    proxyPool.unassign(accountId);
+    return c.json({ success: true });
+  });
+
+  // Update settings
+  app.put("/api/proxies/settings", async (c) => {
+    const body = await c.req.json<{ healthCheckIntervalMinutes?: number }>();
+    if (typeof body.healthCheckIntervalMinutes === "number") {
+      proxyPool.setHealthIntervalMinutes(body.healthCheckIntervalMinutes);
+    }
+    return c.json({
+      success: true,
+      healthCheckIntervalMinutes: proxyPool.getHealthIntervalMinutes(),
+    });
+  });
+
+  return app;
+}

src/routes/shared/proxy-handler.ts

@@ -14,6 +14,7 @@ import type { CodexResponsesRequest } from "../../proxy/codex-api.js";
 import { EmptyResponseError } from "../../translation/codex-event-extractor.js";
 import type { AccountPool } from "../../auth/account-pool.js";
 import type { CookieJar } from "../../proxy/cookie-jar.js";
+import type { ProxyPool } from "../../proxy/proxy-pool.js";
 import { withRetry } from "../../utils/retry.js";
 
 /** Data prepared by each route after parsing and translating the request. */
@@ -59,6 +60,7 @@ export async function handleProxyRequest(
   cookieJar: CookieJar | undefined,
   req: ProxyRequest,
   fmt: FormatAdapter,
+  proxyPool?: ProxyPool,
 ): Promise<Response> {
   // 1. Acquire account
   const acquired = accountPool.acquire();
@@ -68,7 +70,8 @@ export async function handleProxyRequest(
   }
 
   const { entryId, token, accountId } = acquired;
-  const codexApi = new CodexApi(token, accountId, cookieJar, entryId);
+  const proxyUrl = proxyPool?.resolveProxyUrl(entryId);
+  const codexApi = new CodexApi(token, accountId, cookieJar, entryId, proxyUrl);
   // Tracks which account the outer catch should release (updated by retry loop)
   let activeEntryId = entryId;
 
@@ -158,7 +161,8 @@ export async function handleProxyRequest(
 
             currentEntryId = newAcquired.entryId;
             activeEntryId = currentEntryId;
-            currentCodexApi = new CodexApi(newAcquired.token, newAcquired.accountId, cookieJar, newAcquired.entryId);
+            const retryProxyUrl = proxyPool?.resolveProxyUrl(newAcquired.entryId);
+            currentCodexApi = new CodexApi(newAcquired.token, newAcquired.accountId, cookieJar, newAcquired.entryId, retryProxyUrl);
             try {
               currentRawResponse = await withRetry(
                 () => currentCodexApi.createResponse(req.codexRequest, abortController.signal),

src/tls/curl-cli-transport.ts

@@ -25,11 +25,12 @@ export class CurlCliTransport implements TlsTransport {
     body: string,
     signal?: AbortSignal,
     timeoutSec?: number,
+    proxyUrl?: string | null,
   ): Promise<TlsTransportResponse> {
     return new Promise((resolve, reject) => {
       const args = [
         ...getChromeTlsArgs(),
-        ...getProxyArgs(),
+        ...resolveProxyArgs(proxyUrl),
         "-s", "-S",
         "--compressed",
         "-N",            // no output buffering (SSE)
@@ -159,10 +160,11 @@ export class CurlCliTransport implements TlsTransport {
     url: string,
     headers: Record<string, string>,
     timeoutSec = 30,
+    proxyUrl?: string | null,
   ): Promise<{ status: number; body: string }> {
     const args = [
       ...getChromeTlsArgs(),
-      ...getProxyArgs(),
+      ...resolveProxyArgs(proxyUrl),
       "-s", "-S",
       "--compressed",
       "--max-time", String(timeoutSec),
@@ -187,10 +189,11 @@ export class CurlCliTransport implements TlsTransport {
     headers: Record<string, string>,
     body: string,
     timeoutSec = 30,
+    proxyUrl?: string | null,
   ): Promise<{ status: number; body: string }> {
     const args = [
       ...getChromeTlsArgs(),
-      ...getProxyArgs(),
+      ...resolveProxyArgs(proxyUrl),
       "-s", "-S",
       "--compressed",
       "--max-time", String(timeoutSec),
@@ -241,6 +244,16 @@ function execCurl(args: string[]): Promise<{ status: number; body: string }> {
   });
 }
 
+/**
+ * Resolve proxy args for curl CLI.
+ * undefined → global default | null → no proxy | string → specific proxy
+ */
+function resolveProxyArgs(proxyUrl: string | null | undefined): string[] {
+  if (proxyUrl === null) return [];
+  if (proxyUrl !== undefined) return ["-x", proxyUrl];
+  return getProxyArgs();
+}
+
 /** Parse HTTP response header block from curl -i output. */
 function parseHeaderDump(headerBlock: string): {
   status: number;

src/tls/libcurl-ffi-transport.ts

@@ -215,6 +215,7 @@ export class LibcurlFfiTransport implements TlsTransport {
     body: string,
     signal?: AbortSignal,
     timeoutSec?: number,
+    proxyUrl?: string | null,
   ): Promise<TlsTransportResponse> {
     return new Promise((resolve, reject) => {
       if (signal?.aborted) {
@@ -226,6 +227,7 @@ export class LibcurlFfiTransport implements TlsTransport {
         method: "POST",
         body,
         timeoutSec,
+        proxyUrl,
       });
 
       const b = this.b;
@@ -372,8 +374,9 @@ export class LibcurlFfiTransport implements TlsTransport {
     url: string,
     headers: Record<string, string>,
     timeoutSec = 30,
+    proxyUrl?: string | null,
   ): Promise<{ status: number; body: string }> {
-    return this.simpleRequest(url, headers, undefined, timeoutSec);
+    return this.simpleRequest(url, headers, undefined, timeoutSec, proxyUrl);
   }
 
   async simplePost(
@@ -381,8 +384,9 @@ export class LibcurlFfiTransport implements TlsTransport {
     headers: Record<string, string>,
     body: string,
     timeoutSec = 30,
+    proxyUrl?: string | null,
   ): Promise<{ status: number; body: string }> {
-    return this.simpleRequest(url, headers, body, timeoutSec);
+    return this.simpleRequest(url, headers, body, timeoutSec, proxyUrl);
   }
 
   isImpersonate(): boolean {
@@ -394,12 +398,14 @@ export class LibcurlFfiTransport implements TlsTransport {
     headers: Record<string, string>,
     body: string | undefined,
     timeoutSec: number,
+    proxyUrl?: string | null,
   ): Promise<{ status: number; body: string }> {
     const b = this.b;
     const { easy, slist } = this.setupEasyHandle(url, headers, {
       method: body !== undefined ? "POST" : "GET",
       body,
       timeoutSec,
+      proxyUrl,
     });
 
     const chunks: Buffer[] = [];
@@ -444,6 +450,7 @@ export class LibcurlFfiTransport implements TlsTransport {
       method?: "GET" | "POST";
       body?: string;
       timeoutSec?: number;
+      proxyUrl?: string | null;
     } = {},
   ): { easy: CurlHandle; slist: SlistHandle } {
     const b = this.b;
@@ -469,10 +476,11 @@ export class LibcurlFfiTransport implements TlsTransport {
       b.curl_easy_setopt_long(easy, CURLOPT_TIMEOUT, opts.timeoutSec);
     }
 
-    // Proxy
-    const proxyUrl = getProxyUrl();
-    if (proxyUrl) {
-      b.curl_easy_setopt_str(easy, CURLOPT_PROXY, proxyUrl);
+    // Proxy: per-request override > global default
+    // null = direct (no proxy), undefined = use global, string = specific proxy
+    const effectiveProxy = opts.proxyUrl === null ? null : (opts.proxyUrl ?? getProxyUrl());
+    if (effectiveProxy) {
+      b.curl_easy_setopt_str(easy, CURLOPT_PROXY, effectiveProxy);
     }
 
     // Headers — build slist

src/tls/transport.ts

@@ -17,28 +17,40 @@ export interface TlsTransportResponse {
 }
 
 export interface TlsTransport {
-  /** Streaming POST (for SSE). Returns headers + streaming body. */
+  /**
+   * Streaming POST (for SSE). Returns headers + streaming body.
+   * @param proxyUrl  undefined = global default, null = direct (no proxy), string = specific proxy
+   */
   post(
     url: string,
     headers: Record<string, string>,
     body: string,
     signal?: AbortSignal,
     timeoutSec?: number,
+    proxyUrl?: string | null,
   ): Promise<TlsTransportResponse>;
 
-  /** Simple GET — returns full body as string. */
+  /**
+   * Simple GET — returns full body as string.
+   * @param proxyUrl  undefined = global default, null = direct (no proxy), string = specific proxy
+   */
   get(
     url: string,
     headers: Record<string, string>,
     timeoutSec?: number,
+    proxyUrl?: string | null,
   ): Promise<{ status: number; body: string }>;
 
-  /** Simple (non-streaming) POST — returns full body as string. */
+  /**
+   * Simple (non-streaming) POST — returns full body as string.
+   * @param proxyUrl  undefined = global default, null = direct (no proxy), string = specific proxy
+   */
   simplePost(
     url: string,
     headers: Record<string, string>,
     body: string,
     timeoutSec?: number,
+    proxyUrl?: string | null,
   ): Promise<{ status: number; body: string }>;
 
   /** Whether this transport provides a Chrome TLS fingerprint. */

web/src/App.tsx

@@ -3,11 +3,13 @@ import { ThemeProvider } from "../../shared/theme/context";
 import { Header } from "./components/Header";
 import { AccountList } from "./components/AccountList";
 import { AddAccount } from "./components/AddAccount";
+import { ProxyPool } from "./components/ProxyPool";
 import { ApiConfig } from "./components/ApiConfig";
 import { AnthropicSetup } from "./components/AnthropicSetup";
 import { CodeExamples } from "./components/CodeExamples";
 import { Footer } from "./components/Footer";
 import { useAccounts } from "../../shared/hooks/use-accounts";
+import { useProxies } from "../../shared/hooks/use-proxies";
 import { useStatus } from "../../shared/hooks/use-status";
 import { useUpdateStatus } from "../../shared/hooks/use-update-status";
 import { useI18n } from "../../shared/i18n/context";
@@ -52,9 +54,15 @@ function useUpdateMessage() {
 
 function Dashboard() {
   const accounts = useAccounts();
+  const proxies = useProxies();
   const status = useStatus(accounts.list.length);
   const update = useUpdateMessage();
 
+  const handleProxyChange = async (accountId: string, proxyId: string) => {
+    await proxies.assignProxy(accountId, proxyId);
+    accounts.refresh();
+  };
+
   return (
     <>
       <Header
@@ -79,7 +87,10 @@ function Dashboard() {
             onRefresh={accounts.refresh}
             refreshing={accounts.refreshing}
             lastUpdated={accounts.lastUpdated}
+            proxies={proxies.proxies}
+            onProxyChange={handleProxyChange}
           />
+          <ProxyPool proxies={proxies} />
           <ApiConfig
             baseUrl={status.baseUrl}
             apiKey={status.apiKey}

web/src/components/AccountCard.tsx

@@ -2,7 +2,7 @@ import { useCallback } from "preact/hooks";
 import { useT, useI18n } from "../../../shared/i18n/context";
 import type { TranslationKey } from "../../../shared/i18n/translations";
 import { formatNumber, formatResetTime, formatWindowDuration } from "../../../shared/utils/format";
-import type { Account } from "../../../shared/types";
+import type { Account, ProxyEntry } from "../../../shared/types";
 
 const avatarColors = [
   ["bg-purple-100 dark:bg-[#2a1a3f]", "text-purple-600 dark:text-purple-400"],
@@ -39,9 +39,11 @@ interface AccountCardProps {
   account: Account;
   index: number;
   onDelete: (id: string) => Promise<string | null>;
+  proxies?: ProxyEntry[];
+  onProxyChange?: (accountId: string, proxyId: string) => void;
 }
 
-export function AccountCard({ account, index, onDelete }: AccountCardProps) {
+export function AccountCard({ account, index, onDelete, proxies, onProxyChange }: AccountCardProps) {
   const t = useT();
   const { lang } = useI18n();
   const email = account.email || "Unknown";
@@ -132,6 +134,30 @@ export function AccountCard({ account, index, onDelete }: AccountCardProps) {
         </div>
       </div>
 
+      {/* Proxy selector */}
+      {proxies && onProxyChange && (
+        <div class="flex items-center justify-between text-[0.78rem] mt-2 pt-2 border-t border-slate-100 dark:border-border-dark">
+          <span class="text-slate-500 dark:text-text-dim">{t("proxyAssignment")}</span>
+          <select
+            value={account.proxyId || "global"}
+            onChange={(e) =>
+              onProxyChange(account.id, (e.target as HTMLSelectElement).value)
+            }
+            class="text-xs px-2 py-1 rounded-md border border-gray-200 dark:border-border-dark bg-transparent focus:outline-none focus:ring-1 focus:ring-primary cursor-pointer"
+          >
+            <option value="global">{t("globalDefault")}</option>
+            <option value="direct">{t("directNoProxy")}</option>
+            <option value="auto">{t("autoRoundRobin")}</option>
+            {proxies.map((p) => (
+              <option key={p.id} value={p.id}>
+                {p.name}
+                {p.health?.exitIp ? ` (${p.health.exitIp})` : ""}
+              </option>
+            ))}
+          </select>
+        </div>
+      )}
+
       {/* Quota bar */}
       {rl && (
         <div class="pt-3 mt-3 border-t border-slate-100 dark:border-border-dark">

web/src/components/AccountList.tsx

@@ -1,6 +1,6 @@
 import { useI18n, useT } from "../../../shared/i18n/context";
 import { AccountCard } from "./AccountCard";
-import type { Account } from "../../../shared/types";
+import type { Account, ProxyEntry } from "../../../shared/types";
 
 interface AccountListProps {
   accounts: Account[];
@@ -9,9 +9,11 @@ interface AccountListProps {
   onRefresh: () => void;
   refreshing: boolean;
   lastUpdated: Date | null;
+  proxies?: ProxyEntry[];
+  onProxyChange?: (accountId: string, proxyId: string) => void;
 }
 
-export function AccountList({ accounts, loading, onDelete, onRefresh, refreshing, lastUpdated }: AccountListProps) {
+export function AccountList({ accounts, loading, onDelete, onRefresh, refreshing, lastUpdated, proxies, onProxyChange }: AccountListProps) {
   const t = useT();
   const { lang } = useI18n();
 
@@ -61,7 +63,7 @@ export function AccountList({ accounts, loading, onDelete, onRefresh, refreshing
           </div>
         ) : (
           accounts.map((acct, i) => (
-            <AccountCard key={acct.id} account={acct} index={i} onDelete={onDelete} />
+            <AccountCard key={acct.id} account={acct} index={i} onDelete={onDelete} proxies={proxies} onProxyChange={onProxyChange} />
           ))
         )}
       </div>

web/src/components/ProxyPool.tsx

@@ -0,0 +1,267 @@
+import { useState, useCallback } from "preact/hooks";
+import { useT } from "../../../shared/i18n/context";
+import type { TranslationKey } from "../../../shared/i18n/translations";
+import type { ProxiesState } from "../../../shared/hooks/use-proxies";
+
+const statusStyles: Record<string, [string, TranslationKey]> = {
+  active: [
+    "bg-green-100 text-green-700 border-green-200 dark:bg-[#11281d] dark:text-primary dark:border-[#1a442e]",
+    "proxyActive",
+  ],
+  unreachable: [
+    "bg-red-100 text-red-600 border-red-200 dark:bg-red-900/20 dark:text-red-400 dark:border-red-800/30",
+    "proxyUnreachable",
+  ],
+  disabled: [
+    "bg-slate-100 text-slate-500 border-slate-200 dark:bg-slate-800/30 dark:text-slate-400 dark:border-slate-700/30",
+    "proxyDisabled",
+  ],
+};
+
+function maskUrl(url: string): string {
+  try {
+    const u = new URL(url);
+    if (u.password) {
+      u.password = "***";
+    }
+    return u.toString();
+  } catch {
+    return url;
+  }
+}
+
+interface ProxyPoolProps {
+  proxies: ProxiesState;
+}
+
+export function ProxyPool({ proxies }: ProxyPoolProps) {
+  const t = useT();
+  const [showAdd, setShowAdd] = useState(false);
+  const [newName, setNewName] = useState("");
+  const [newUrl, setNewUrl] = useState("");
+  const [addError, setAddError] = useState("");
+  const [checking, setChecking] = useState<string | null>(null);
+  const [checkingAll, setCheckingAll] = useState(false);
+
+  const handleAdd = useCallback(async () => {
+    setAddError("");
+    if (!newUrl.trim()) {
+      setAddError("URL is required");
+      return;
+    }
+    const err = await proxies.addProxy(newName || newUrl, newUrl);
+    if (err) {
+      setAddError(err);
+    } else {
+      setNewName("");
+      setNewUrl("");
+      setShowAdd(false);
+    }
+  }, [newName, newUrl, proxies]);
+
+  const handleCheck = useCallback(
+    async (id: string) => {
+      setChecking(id);
+      await proxies.checkProxy(id);
+      setChecking(null);
+    },
+    [proxies],
+  );
+
+  const handleCheckAll = useCallback(async () => {
+    setCheckingAll(true);
+    await proxies.checkAll();
+    setCheckingAll(false);
+  }, [proxies]);
+
+  const handleDelete = useCallback(
+    async (id: string) => {
+      if (!confirm(t("removeProxyConfirm"))) return;
+      await proxies.removeProxy(id);
+    },
+    [proxies, t],
+  );
+
+  return (
+    <section>
+      {/* Header */}
+      <div class="flex items-center justify-between mb-2">
+        <div>
+          <h2 class="text-lg font-semibold">{t("proxyPool")}</h2>
+          <p class="text-xs text-slate-500 dark:text-text-dim mt-0.5">
+            {t("proxyPoolDesc")}
+          </p>
+        </div>
+        <div class="flex items-center gap-2">
+          {proxies.proxies.length > 0 && (
+            <button
+              onClick={handleCheckAll}
+              disabled={checkingAll}
+              class="px-3 py-1.5 text-xs font-medium rounded-lg border border-gray-200 dark:border-border-dark hover:bg-slate-50 dark:hover:bg-border-dark transition-colors disabled:opacity-50"
+            >
+              {checkingAll ? "..." : t("checkAllHealth")}
+            </button>
+          )}
+          <button
+            onClick={() => setShowAdd(!showAdd)}
+            class="px-3 py-1.5 text-xs font-medium rounded-lg bg-primary text-white hover:bg-primary/90 transition-colors"
+          >
+            {t("addProxy")}
+          </button>
+        </div>
+      </div>
+
+      {/* Add form */}
+      {showAdd && (
+        <div class="bg-white dark:bg-card-dark border border-gray-200 dark:border-border-dark rounded-xl p-4 mb-4">
+          <div class="flex flex-col sm:flex-row gap-3">
+            <input
+              type="text"
+              placeholder={t("proxyName")}
+              value={newName}
+              onInput={(e) => setNewName((e.target as HTMLInputElement).value)}
+              class="flex-1 px-3 py-2 text-sm border border-gray-200 dark:border-border-dark rounded-lg bg-transparent focus:outline-none focus:ring-1 focus:ring-primary"
+            />
+            <input
+              type="text"
+              placeholder="http://host:port or socks5://host:port"
+              value={newUrl}
+              onInput={(e) => setNewUrl((e.target as HTMLInputElement).value)}
+              class="flex-[2] px-3 py-2 text-sm border border-gray-200 dark:border-border-dark rounded-lg bg-transparent focus:outline-none focus:ring-1 focus:ring-primary font-mono"
+            />
+            <button
+              onClick={handleAdd}
+              class="px-4 py-2 text-sm font-medium rounded-lg bg-primary text-white hover:bg-primary/90 transition-colors whitespace-nowrap"
+            >
+              {t("addProxy")}
+            </button>
+          </div>
+          {addError && (
+            <p class="text-xs text-red-500 mt-2">{addError}</p>
+          )}
+        </div>
+      )}
+
+      {/* Empty state */}
+      {proxies.proxies.length === 0 && !showAdd && (
+        <div class="bg-white dark:bg-card-dark border border-gray-200 dark:border-border-dark rounded-xl p-6 text-center text-sm text-slate-500 dark:text-text-dim">
+          {t("noProxies")}
+        </div>
+      )}
+
+      {/* Proxy list */}
+      {proxies.proxies.length > 0 && (
+        <div class="space-y-2">
+          {proxies.proxies.map((proxy) => {
+            const [statusCls, statusKey] =
+              statusStyles[proxy.status] || statusStyles.disabled;
+            const isChecking = checking === proxy.id;
+
+            return (
+              <div
+                key={proxy.id}
+                class="bg-white dark:bg-card-dark border border-gray-200 dark:border-border-dark rounded-xl p-3 hover:shadow-sm transition-all"
+              >
+                <div class="flex items-center justify-between">
+                  {/* Left: name + url + status */}
+                  <div class="flex items-center gap-3 min-w-0 flex-1">
+                    <div class="min-w-0">
+                      <div class="flex items-center gap-2">
+                        <span class="font-medium text-sm truncate">
+                          {proxy.name}
+                        </span>
+                        <span
+                          class={`px-2 py-0.5 rounded-full text-[0.65rem] font-medium border ${statusCls}`}
+                        >
+                          {t(statusKey)}
+                        </span>
+                      </div>
+                      <p class="text-xs text-slate-400 dark:text-text-dim font-mono truncate mt-0.5">
+                        {maskUrl(proxy.url)}
+                      </p>
+                    </div>
+                  </div>
+
+                  {/* Center: health info */}
+                  {proxy.health && (
+                    <div class="hidden sm:flex items-center gap-4 px-4 text-xs text-slate-500 dark:text-text-dim">
+                      {proxy.health.exitIp && (
+                        <span>
+                          {t("exitIp")}: <span class="font-mono font-medium text-slate-700 dark:text-text-main">{proxy.health.exitIp}</span>
+                        </span>
+                      )}
+                      <span>
+                        {proxy.health.latencyMs}ms
+                      </span>
+                      {proxy.health.error && (
+                        <span class="text-red-500 truncate max-w-[200px]" title={proxy.health.error}>
+                          {proxy.health.error}
+                        </span>
+                      )}
+                    </div>
+                  )}
+
+                  {/* Right: actions */}
+                  <div class="flex items-center gap-1 ml-2">
+                    <button
+                      onClick={() => handleCheck(proxy.id)}
+                      disabled={isChecking}
+                      class="px-2 py-1 text-xs rounded-md hover:bg-slate-100 dark:hover:bg-border-dark transition-colors disabled:opacity-50"
+                      title={t("checkHealth")}
+                    >
+                      {isChecking ? "..." : t("checkHealth")}
+                    </button>
+                    {proxy.status === "disabled" ? (
+                      <button
+                        onClick={() => proxies.enableProxy(proxy.id)}
+                        class="px-2 py-1 text-xs rounded-md hover:bg-green-50 dark:hover:bg-green-900/20 text-green-600 transition-colors"
+                      >
+                        {t("enableProxy")}
+                      </button>
+                    ) : (
+                      <button
+                        onClick={() => proxies.disableProxy(proxy.id)}
+                        class="px-2 py-1 text-xs rounded-md hover:bg-slate-100 dark:hover:bg-border-dark text-slate-500 transition-colors"
+                      >
+                        {t("disableProxy")}
+                      </button>
+                    )}
+                    <button
+                      onClick={() => handleDelete(proxy.id)}
+                      class="p-1 text-slate-400 dark:text-text-dim hover:text-red-500 transition-colors rounded-md hover:bg-red-50 dark:hover:bg-red-900/20"
+                      title={t("deleteProxy")}
+                    >
+                      <svg
+                        class="size-4"
+                        viewBox="0 0 24 24"
+                        fill="none"
+                        stroke="currentColor"
+                        stroke-width="1.5"
+                      >
+                        <path
+                          stroke-linecap="round"
+                          stroke-linejoin="round"
+                          d="M6 18L18 6M6 6l12 12"
+                        />
+                      </svg>
+                    </button>
+                  </div>
+                </div>
+
+                {/* Mobile health info */}
+                {proxy.health && (
+                  <div class="sm:hidden flex items-center gap-3 mt-2 text-xs text-slate-500 dark:text-text-dim">
+                    {proxy.health.exitIp && (
+                      <span>IP: <span class="font-mono">{proxy.health.exitIp}</span></span>
+                    )}
+                    <span>{proxy.health.latencyMs}ms</span>
+                  </div>
+                )}
+              </div>
+            );
+          })}
+        </div>
+      )}
+    </section>
+  );
+}