feat(certificate): Support for certificate env vars, hook to add support for certificates if vars configured.

[Murike]

User description

(TS SDK Parity Effort) Missing - Proper support custom SSL/CA certificates

[sc-53845] - https://app.shortcut.com/galileo/story/53845/ts-sdk-parity-effort-missing-proper-support-custom-ssl-ca-certificates

Description

• Registering CertManagementHook for SDK initialization, to support certificates;
• Added support for env vars below in GalileoConfig:
  • GALILEO_CA_CERT_PATH: Path to CA certificate file (Galileo-specific)
  • NODE_EXTRA_CA_CERTS: Path to CA certificate file (Node.js standard)
  • SSL_CERT_FILE: Path to CA certificate file (cross-platform standard)
  • GALILEO_CA_CERT_CONTENT: Direct certificate content
  • GALILEO_CLIENT_CERT_PATH: Client certificate path
  • GALILEO_CLIENT_KEY_PATH: Client key path
  • GALILEO_REJECT_UNAUTHORIZED: Boolean to allow/reject self-signed certs (Galileo-specific)
  • NODE_TLS_REJECT_UNAUTHORIZED: Boolean to allow/reject self-signed certs (Node.js standard)
  • GALILEO_CA_CERT_HEADER: Custom header name for CA cert content
• Added undici dependency to support changes
• Added tests to support changes

---

Generated description

Below is a concise technical summary of the changes proposed in this PR:

graph LR
initHooks_("initHooks"):::modified
CertManagementHook_("CertManagementHook"):::added
CertManagementHook_sdkInit_("CertManagementHook.sdkInit"):::added
GalileoConfig_("GalileoConfig"):::modified
getCertConfig_("getCertConfig"):::added
UNDICI_("UNDICI"):::added
FILE_SYSTEM_("FILE_SYSTEM"):::added
NODE_RUNTIME_("NODE_RUNTIME"):::added
initHooks_ -- "Registers CertManagementHook to enable TLS certificate management." --> CertManagementHook_
CertManagementHook_sdkInit_ -- "Uses GalileoConfig.get() to read resolved config including certs." --> GalileoConfig_
CertManagementHook_sdkInit_ -- "Retrieves CA/client certs and rejectUnauthorized flag." --> getCertConfig_
CertManagementHook_sdkInit_ -- "Creates undici.Agent dispatcher with TLS connect options." --> UNDICI_
CertManagementHook_sdkInit_ -- "Reads certificate and key files from filesystem for TLS." --> FILE_SYSTEM_
CertManagementHook_sdkInit_ -- "Checks Node.js version for Request.dispatcher compatibility warnings." --> NODE_RUNTIME_
classDef added stroke:#15AA7A
classDef removed stroke:#CD5270
classDef modified stroke:#EDAC4C
linkStyle default stroke:#CBD5E1,font-size:13px

Loading

Implements custom SSL/CA certificate support by introducing a CertManagementHook that configures an undici dispatcher for the SDK's HTTPClient. Enhances the GalileoConfig component to resolve certificate paths, content, and validation settings from environment variables to achieve parity with the TS SDK.

Latest Contributors(2)

User	Commit	Date
github-actions[bot]	chore-main-release-gal...	February 24, 2026
Murike	fix-overlay-Added-over...	February 10, 2026

This pull request is reviewed by Baz. Review like a pro on (Baz).