Creor/Docs
Dashboard

Network & Proxy

Creor needs internet access to reach LLM providers and the Creor API. If you are behind a corporate proxy or firewall, you may need to configure network settings for Creor to work correctly.

Required Endpoints

Creor needs to reach the following endpoints for core functionality. If your network restricts outbound traffic, ensure these are allowed.

EndpointPortPurpose
api.creor.ai443Creor API (auth, credits, settings, cloud agents)
gateway.creor.ai443Creor Gateway (LLM inference proxy)
api.anthropic.com443Anthropic API (BYOK direct access)
api.openai.com443OpenAI API (BYOK direct access)
generativelanguage.googleapis.com443Google AI API (BYOK direct access)
*.supabase.co443Creor backend services
api.voyageai.com443Voyage AI embeddings (codebase search)
api-atlas.nomic.ai443Nomic embeddings (codebase search)
api.jina.ai443Jina reranker (codebase search)

Note

You only need to allow the LLM provider endpoints you actually use. If you use the Creor Gateway exclusively, only api.creor.ai and gateway.creor.ai are required for LLM inference.

Optional Endpoints

EndpointPortPurpose
*.github.com443GitHub OAuth sign-in, cloud agent repo cloning
*.googleapis.com443Google OAuth sign-in
marketplace.visualstudio.com443VS Code extension marketplace
update.code.visualstudio.com443Editor update checks
status.creor.ai443Service status page

Proxy Configuration

Creor respects standard proxy environment variables. If your corporate network requires a proxy for HTTPS traffic, configure it using one of these methods.

Method 1: Environment Variables

Set proxy environment variables before launching Creor. These are the most widely supported method.

1
2
3
4
5
6
7
# Set in your shell profile (.bashrc, .zshrc, or .profile)
export HTTP_PROXY="http://proxy.company.com:8080"
export HTTPS_PROXY="http://proxy.company.com:8080"
export NO_PROXY="localhost,127.0.0.1,.company.com"
 
# If the proxy requires authentication
export HTTPS_PROXY="http://username:password@proxy.company.com:8080"

Method 2: Creor Settings

Configure the proxy in Creor's settings, which takes precedence over environment variables.

1
2
3
4
5
6
// In Creor settings (Cmd/Ctrl + ,)
// Search for "proxy"
 
"http.proxy": "http://proxy.company.com:8080",
"http.proxyAuthorization": null,
"http.proxyStrictSSL": true

Method 3: System Proxy (macOS)

On macOS, Creor can use the system proxy settings configured in System Settings > Network > Wi-Fi > Proxies. This is automatic -- no additional configuration needed.

Proxy with Authentication

If your proxy requires authentication, include credentials in the proxy URL or use the proxyAuthorization setting for header-based auth.

1
2
3
4
5
6
// URL-based authentication
"http.proxy": "http://user:pass@proxy.company.com:8080"
 
// Header-based authentication (Basic auth)
"http.proxy": "http://proxy.company.com:8080",
"http.proxyAuthorization": "Basic dXNlcjpwYXNz"

Warning

Proxy credentials in environment variables or settings may be visible to extensions. If this is a concern, use a PAC file or system-level proxy that handles auth transparently.

Firewall Rules

If you manage a corporate firewall, here are the rules needed for Creor to function.

Minimum Required Rules

RuleDirectionProtocolDestinationPort
Creor APIOutboundHTTPSapi.creor.ai443
Creor GatewayOutboundHTTPSgateway.creor.ai443
OAuth (GitHub)OutboundHTTPSgithub.com443
OAuth (Google)OutboundHTTPSaccounts.google.com443

Full Feature Set

For all features including BYOK providers, codebase search, and extensions, add the endpoints from the Required Endpoints section above.

WebSocket Support

Creor uses WebSocket connections (wss://) for real-time communication between the editor and the engine, and for SSE streams from the Creor API. Ensure your firewall and proxy allow WebSocket upgrades on port 443.

Note

Some corporate proxies block WebSocket connections by default. If real-time features (streaming responses, live terminal output) do not work but basic requests succeed, check your proxy's WebSocket policy.

SSL Certificates

Corporate networks often use SSL inspection (MITM proxies) that replace server certificates with their own. This can cause certificate verification errors in Creor.

Symptoms

  • "UNABLE_TO_VERIFY_LEAF_SIGNATURE" or "SELF_SIGNED_CERT_IN_CHAIN" errors.
  • "certificate has expired" when the certificate is actually valid.
  • HTTPS requests fail but HTTP requests (if any) succeed.

Solution: Add Your Corporate CA Certificate

  • Get your corporate CA certificate from your IT department (usually a .pem or .crt file).
  • Set the NODE_EXTRA_CA_CERTS environment variable to point to the certificate file.
1
2
3
4
5
6
# Add to your shell profile
export NODE_EXTRA_CA_CERTS="/path/to/corporate-ca.pem"
 
# On macOS, you can also add it to the system keychain
sudo security add-trusted-cert -d -r trustRoot \
-k /Library/Keychains/System.keychain /path/to/corporate-ca.pem

Disabling SSL Verification (Not Recommended)

As a last resort, you can disable SSL verification. This makes your connection vulnerable to MITM attacks and should only be used for debugging.

1
2
3
4
5
# Disable SSL verification for Node.js (affects Creor engine)
export NODE_TLS_REJECT_UNAUTHORIZED=0
 
# Or in Creor settings
"http.proxyStrictSSL": false

Warning

Disabling SSL verification means Creor will accept any certificate, including malicious ones. Only use this for temporary debugging on trusted networks. Add the proper CA certificate instead.

Sandbox Network Policies

The agent's bash tool can access the network by default (it inherits your system's network configuration). You can restrict or allow specific network access in the sandbox configuration.

Restricting Network Access

To prevent the agent from making network requests via bash commands (e.g., curl, wget), configure the sandbox network policy.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"tools": {
"bash": {
"network": {
"policy": "deny",
"allow": [
"localhost:*",
"127.0.0.1:*",
"registry.npmjs.org:443"
]
}
}
}
}

The policy field sets the default (allow or deny). The allow and deny lists override the default for specific hosts. Host patterns support wildcards and port specifications.

Common Configurations

Use CasePolicyAllow List
Maximum securitydenylocalhost:* only
Allow package registriesdenyregistry.npmjs.org:443, registry.yarnpkg.com:443
Allow internal servicesdeny*.company.internal:*, localhost:*
No restrictions (default)allowNone needed

Diagnosing Network Issues

Use these steps to diagnose network connectivity problems.

Step 1: Test Basic Connectivity

1
2
3
4
5
6
7
8
9
# Test Creor API
curl -I https://api.creor.ai/global/health
 
# Test Creor Gateway
curl -I https://gateway.creor.ai/health
 
# Test DNS resolution
nslookup api.creor.ai
nslookup gateway.creor.ai

Step 2: Test Through Proxy

1
2
3
4
5
6
7
# Test with explicit proxy
curl -I --proxy http://proxy.company.com:8080 https://api.creor.ai/global/health
 
# Check proxy environment variables
echo $HTTP_PROXY
echo $HTTPS_PROXY
echo $NO_PROXY

Step 3: Check Creor Logs

  • Open the Output panel: View > Output.
  • Select "Creor Engine" from the dropdown.
  • Look for network error messages, timeout errors, or certificate errors.
  • If you see "ECONNREFUSED", the endpoint is not reachable from your network.
  • If you see "ETIMEDOUT", the request is blocked by a firewall or the server is unreachable.
  • If you see certificate errors, see the SSL Certificates section above.

Step 4: Verify Proxy Configuration

1
2
3
4
5
# Check what proxy Creor is using
# Open Creor Developer Tools (Help > Toggle Developer Tools)
# In the Console tab, run:
process.env.HTTP_PROXY
process.env.HTTPS_PROXY

Tip

If you can reach the Creor API from a browser but not from Creor itself, the issue is almost always proxy-related. The browser uses system proxy settings automatically, but Creor needs them configured explicitly via environment variables or settings.
PreviousTerminal & ShellTroubleshootingNextOverviewAPI Overview