> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codezero.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Any tool (generic)

> Route any application through cordon using environment variables.

Cordon ships dedicated integrations for Claude Code, Codex, and Hermes. For anything else — a Next.js app, a Python service, a Go binary, a shell script — you route traffic through cordon by setting a handful of environment variables. This guide documents that contract.

## The env-var contract

Cordon terminates TLS locally, which requires the calling process to:

1. Send HTTP(S) traffic through `http://127.0.0.1:<cordon-port>`, and
2. Trust the cordon CA so the terminated TLS handshakes validate.

The env vars below express both. They are the same vars every cordon integration sets under the hood — there is nothing special about "generic" mode.

| Variable                     | Value                              | Why                                                                                                                                                                             |
| ---------------------------- | ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `HTTPS_PROXY` / `HTTP_PROXY` | `http://127.0.0.1:<port>`          | Most HTTP clients honor these. `<port>` comes from `listen` in `cordon.toml`.                                                                                                   |
| `https_proxy` / `http_proxy` | same                               | lowercase variants — required by a handful of tools (curl on some distros, wget, some Python libs).                                                                             |
| `NODE_EXTRA_CA_CERTS`        | absolute path to `ca-cert.pem`     | Node.js-specific. Node expects a raw cert, **not** a bundle.                                                                                                                    |
| `SSL_CERT_FILE`              | absolute path to `combined-ca.pem` | Used by OpenSSL, curl, Go. These vars *replace* the default trust store, so they need a bundle (system CAs + cordon CA) — a raw cert alone would lose every other trust anchor. |
| `REQUESTS_CA_BUNDLE`         | same combined bundle               | Python `requests` library.                                                                                                                                                      |
| `CURL_CA_BUNDLE`             | same combined bundle               | curl.                                                                                                                                                                           |

The combined bundle (`combined-ca.pem`) is generated at setup time by concatenating your system CA trust store with the cordon CA. Runtime-specific exceptions are covered in [SDK Compatibility](/guides/sdk-compatibility#runtime-ca-and-proxy-notes).

## Getting the values

You don't derive these by hand. `cordon env` prints them for the current scope's `cordon.toml`:

```bash theme={null}
cordon env
```

Output (shell format, default):

```sh theme={null}
export HTTPS_PROXY='http://127.0.0.1:6790'
export HTTP_PROXY='http://127.0.0.1:6790'
export https_proxy='http://127.0.0.1:6790'
export http_proxy='http://127.0.0.1:6790'
export NODE_EXTRA_CA_CERTS='/Users/you/.config/cordon/projects/myapp-a1b2c3d4/certs/ca-cert.pem'
export SSL_CERT_FILE='/Users/you/.config/cordon/projects/myapp-a1b2c3d4/certs/combined-ca.pem'
export REQUESTS_CA_BUNDLE='/Users/you/.config/cordon/projects/myapp-a1b2c3d4/certs/combined-ca.pem'
export CURL_CA_BUNDLE='/Users/you/.config/cordon/projects/myapp-a1b2c3d4/certs/combined-ca.pem'
```

See [`cordon env`](/cli/env) for the full command reference (fish, dotenv, and json formats, and the `--scope` flag).

## Applying them

Pick whichever fits your workflow.

### Current shell (bash / zsh)

```bash theme={null}
eval "$(cordon env)"
```

### fish

```fish theme={null}
cordon env --format fish | source
```

### direnv (`.envrc`)

```bash theme={null}
eval "$(cordon env)"
```

Reload with `direnv allow` after adding. Traffic from commands run in that directory flows through cordon.

### mise (`.mise.toml`)

```bash theme={null}
cordon env --format dotenv > .mise.cordon.env
```

Then reference `_.file = ".mise.cordon.env"` in your `.mise.toml`.

### dotenv (`.env`)

```bash theme={null}
cordon env --format dotenv >> .env
```

### Programmatic / CI

```bash theme={null}
cordon env --format json
```

Pipe into `jq` or parse with your language's JSON library.

## Verifying it works

With the env vars exported and cordon running (`cordon start`), make a request to a host you've configured a route for:

```bash theme={null}
curl -v https://api.stripe.com/v1/charges
```

Expect a response from the real API with cordon injecting the Authorization header on its way out. If TLS verification fails, see [TLS troubleshooting](/configuration/tls#troubleshooting-certificate-errors).

Run [`cordon doctor`](/cli/doctor) if anything feels off.

## When to use which scope

* `cordon env` (default, `--scope project`) reads `./cordon.toml`. Use this when you have a per-project setup.
* `cordon env --scope user` reads `~/.config/cordon/cordon.toml`. Use this for a user-wide cordon instance shared across projects.

Scopes map to separate daemons with separate ports — see [Scopes](/configuration/overview#scopes) for the reference.