This would solve...

Support custom proxy auth schemes, such as Kerberos/Negotiate.

The implementation should look like...

Some ability to supply a callback or interceptor or anything really that can handle custom authentication schemes to a proxy. Such as Negotiate/Kerberos

I have also considered...

Currently trying to figure out how to do it by myself, but undici is quite complicated to figure out how to do so.

Basically, we need to catch a 407 from the proxy and if the Proxy-Authenticate header includes the scheme we want to handle, then we need to retry the request with a dynamic authorization header, e.g. using the kerberos package, possibly multiple times for a correct implementation.

Additional context

Kind of like what Microsoft hacked together for the stock http/https module here: https://github.com/microsoft/vscode/blob/9c2b9327e5cdce9583ef6cfe5072102b150cf7cb/src/vs/workbench/api/node/proxyResolver.ts#L131-L165 and via @vscode/proxy-agent.