fix(fetch): keep no_proxy suffix matches on domain boundaries

[devYRPauli]

NO_PROXY=.example.com was matching unrelated hostnames like badexample.com because the suffix matcher stripped the leading dot before calling endsWith. The same issue affected configured requestOptions.noProxy patterns and port-qualified suffixes.

This keeps the existing behavior where .example.com matches both example.com and subdomains, but requires subdomain matches to end with .example.com so lookalike sibling domains do not bypass the proxy.

Proof:

• RED: npm test -- src/util.test.ts failed 5 new boundary assertions on badexample.com, contest.com, and notinternal.net:8443.
• GREEN: npm test -- src/util.test.ts passed, 31/31.
• Full package validation: npm test passed, 97/97.
• Build: npm run build passed for @continuedev/fetch after building the linked local @continuedev/config-types package.

---

Summary by cubic

Fixes NO_PROXY suffix matching to enforce domain boundaries in @continuedev/fetch. .example.com now matches example.com and subdomains only, not lookalikes like badexample.com (with or without ports).

• Bug Fixes
  • Made leading-dot patterns boundary-aware: exact match to the suffix or endsWith(".suffix"); keeps subdomain matching.
  • Applies to both NO_PROXY and requestOptions.noProxy, including port-qualified entries.
  • Added boundary tests; all tests pass (97/97) and package build succeeds.

^{Written for commit 1fff91b. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 2 files

_{Re-trigger cubic}

[chatgpt-codex-connector]

💡 Codex Review

continue/packages/config-yaml/src/registryClient.ts

Line 27 in 1fff91b

throw new Error("Slug-based package resolution is not supported");

Restore slug resolution for CLI config loading

When the CLI is not logged in, loadAssistantSlug still falls back to unrollAssistantWithConfig with a uriType: "slug" package identifier, and injected blocks can also be slug identifiers. This new unconditional throw makes --config owner/package and slug-based block injection fail before public registry content can be fetched, instead of preserving the previous unauthenticated/public assistant flow.

---

continue/core/core.ts

Line 1136 in 1fff91b

on("models/fetch", async (msg) => {

Keep the enterprise license handler registered

This new handler replaces the old on("mdm/setLicenseKey") registration, but existing entry points still invoke that message (continue.enterEnterpriseLicenseKey in VS Code and AddLicenseKey in IntelliJ). In those environments, entering a license key now has no core handler to validate or persist it, so the enterprise license flow breaks; please keep the MDM handler in addition to adding models/fetch.

---

https://github.com/continuedev/continue/blob/1fff91ba962456d71198dbba66b0a76cb34bfe03/docs-site/app/[[...slug]]/page.tsx#L69-L71
Resolve docs redirects without re-adding /docs

Internal docs links elsewhere go through resolveHref, which strips /docs because this standalone docs app serves cli/quickstart at /cli/quickstart. Redirect sources from docs/docs.json such as /cli/overview -> /cli/quickstart now navigate to /docs/cli/quickstart, a path that is not generated by this catch-all route/static export, so redirected pages land on 404s.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".