Use named MITM permissions config#18240

evawong-oai · 2026-04-17T00:24:16Z

Stack

Parent PR: Add MITM hook config model #18868 adds MITM hook config and model only.
Parent PR: Wire MITM hooks into runtime enforcement #20659 wires hook enforcement into the proxy request path.
This PR changes the user facing PermissionProfile TOML shape.

Why

The broader goal is to make MITM clamping usable from the same permission profile that already controls network behavior.
This PR is the config UX layer for the stack. It moves MITM policy into [permissions.<profile>.network.mitm] instead of exposing the flat runtime shape to users.
The named hook and action tables belong here because users need reusable policy blocks that are easy to review, while the proxy runtime only needs a flat hook list.
This PR validates action refs during config parsing so mistakes in the user facing policy fail before a proxy session starts.
Keeping the lowering here lets the proxy keep its simpler runtime model and lets PermissionProfile remain the single source of network permission policy.

Summary

Keep MITM policy inside [permissions.<profile>.network.mitm] so the selected PermissionProfile owns network proxy policy.
Use named MITM hooks under [permissions.<profile>.network.mitm.hooks.<name>].
Put host, methods, path prefixes, query, headers, body, and action refs on the hook table.
Define reusable action blocks under [permissions.<profile>.network.mitm.actions.<name>].
Represent action blocks with NetworkMitmActionToml, then lower them into the proxy runtime action config.
Reject unknown refs, empty refs, and empty action blocks during config parsing.
Keep the runtime hook model unchanged by lowering config into the existing proxy hook list.
Preserve the Wire MITM hooks into runtime enforcement #20659 activation fix for nested MITM policy.

Example

[permissions.workspace.network.mitm]
enabled = true

[permissions.workspace.network.mitm.hooks.github_write]
host = "api.github.com"
methods = ["POST", "PUT"]
path_prefixes = ["/repos/openai/"]
action = ["strip_auth"]

[permissions.workspace.network.mitm.actions.strip_auth]
strip_request_headers = ["authorization"]

Validation

Regenerated the config schema.
Ran the core MITM config parsing and validation tests.
Ran the core PermissionProfile MITM proxy activation tests.
Ran the core config schema fixture test.
Ran the network proxy MITM policy tests.
Ran the scoped Clippy fixer for the network proxy crate.
Ran the scoped Clippy fixer for the core crate.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b7da762df6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

winston-openai

3 things:

Codex configs are layered (e.g. system config vs user config). It'd be helpful to allow higher level configs to override the named hook actions. Right now validation is just scoped to the config itself, so an override in a higher level config of just the named action would be thrown away.
mitm.enabled seems like it's an implementation detail rather than something we should expose at the config level. I only see 2 cases when we'd want it enabled: hooks exist or mode=limited. The fact someone can disable it during those times feels broken and I can't think of when you'd want to enable it outside of those two settings, so let's just make it conditional and hide it from the user-facing config.
More of a nit, but you'd made a previous change to the README based on your older config; we should update that to match this new config

evawong-oai · 2026-05-14T13:02:58Z

Done.

Named actions are now merged across config layers before hooks are lowered. A higher layer action with the same name now wins.
I removed the visible mitm.enabled field. MITM is now on when final mode is limited or final hooks exist.
The README now uses the named mitm.hooks and mitm.actions tables.

I also kept the external env ordering change out of this stack.

github-actions · 2026-05-16T08:35:02Z

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

winston-openai · 2026-05-16T08:48:22Z

I have read the CLA Document and I hereby sign the CLA

winston-openai · 2026-05-16T08:48:37Z

recheck

## Stack 1. This PR adds MITM hook config and model only. 2. Runtime follow up: #20659 wires hook enforcement into the proxy request path. 3. User facing config follow up: #18240 moves MITM policy into the PermissionProfile network tree. ## Why 1. Viyat asked for the original parent PR to be split so reviewers can inspect the policy model before request behavior changes. 2. This PR gives the proxy a typed MITM hook model, validation, matcher compilation, permissions TOML plumbing, schema support, and config tests. 3. This PR deliberately does not change CONNECT or MITM request handling. 4. Keeping runtime behavior out of this PR makes the review boundary simple: does the policy model parse, validate, compile, and lower correctly. ## Summary 1. Add the MITM hook config model and matcher compilation. 2. Validate hosts, methods, paths, query matchers, header matchers, secret sources, and reserved body matching. 3. Add wildcard matcher support for path, query value, and header value matching. 4. Add permissions TOML and schema support for flat runtime hook config. 5. Add config loader tests for MITM hook overlay behavior. ## Validation 1. Regenerated the config schema. 2. Ran the network proxy MITM hook unit tests. 3. Ran the core permission profile MITM hook parsing tests. 4. Ran the core config schema fixture test. 5. Ran the scoped Clippy fixer for the network proxy crate. 6. Ran the scoped Clippy fixer for the core crate. ## Notes 1. Runtime enforcement moved to #20659. 2. User facing PermissionProfile TOML shape remains in #18240.

## Stack 1. Parent PR: #18868 adds MITM hook config and model only. 2. This PR wires runtime enforcement. 3. User facing config follow up: #18240 moves MITM policy into the PermissionProfile network tree. ## Why 1. After the hook model exists, the proxy needs a separate behavior change that can be tested at the request path. 2. This PR makes hooked HTTPS hosts require MITM, evaluates inner requests after CONNECT, mutates headers for matching hooks, and blocks hooked hosts when no hook matches. 3. It also fixes the activation path so a permission profile with MITM hook policy starts the managed proxy. 4. Keeping this separate from #18868 lets reviewers focus on runtime effects, telemetry, and request mutation. ## Summary 1. Store compiled MITM hooks in network proxy state. 2. Require MITM for hooked hosts even when network mode is full. 3. Evaluate inner HTTPS requests against host specific hooks. 4. Apply hook actions by replacing request headers before forwarding. 5. Block hooked hosts when no hook matches and record block telemetry. 6. Treat profile MITM hook policy as managed proxy policy so the proxy starts when needed. 7. Keep the duplicate authorization header replacement and query preserving request rebuild in this runtime PR. 8. Add runtime tests and README guidance for hook enforcement. ## Validation 1. Ran the network proxy MITM policy tests. 2. Ran the hooked host CONNECT test. 3. Ran the authorization header replacement test. 4. Ran the core permission profile proxy activation test for MITM hooks. 5. Ran the scoped Clippy fixer for the network proxy crate. 6. Ran the scoped Clippy fixer for the core crate.

evawong-oai force-pushed the codex/mitm-proxy-landing branch from 90964e9 to fe1b53e Compare April 20, 2026 16:23

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from ddf1703 to 45afcb8 Compare April 20, 2026 16:23

evawong-oai changed the title ~~Add MITM feature gate~~ Add MITM managed requirements gate Apr 20, 2026

evawong-oai changed the title ~~Add MITM managed requirements gate~~ Use nested MITM permissions config Apr 20, 2026

evawong-oai changed the title ~~Use nested MITM permissions config~~ Use named MITM hook config Apr 20, 2026

evawong-oai changed the title ~~Use named MITM hook config~~ Simplify named MITM hook config Apr 20, 2026

evawong-oai marked this pull request as ready for review April 20, 2026 23:50

evawong-oai requested a review from a team as a code owner April 20, 2026 23:50

evawong-oai changed the title ~~Simplify named MITM hook config~~ Introduce domain specific clamping in MITM hook config Apr 21, 2026

chatgpt-codex-connector Bot reviewed Apr 21, 2026

View reviewed changes

Comment thread codex-rs/config/src/permissions_toml.rs Outdated

evawong-oai requested a review from viyatb-oai April 21, 2026 00:29

evawong-oai mentioned this pull request Apr 21, 2026

Add MITM hook config model #18868

Merged

evawong-oai force-pushed the codex/mitm-proxy-landing branch from 2f3ea9b to fe69321 Compare May 1, 2026 18:25

evawong-oai mentioned this pull request May 1, 2026

Wire MITM hooks into runtime enforcement #20659

Merged

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from 2cf89ee to ad3615b Compare May 1, 2026 18:25

evawong-oai changed the base branch from codex/mitm-proxy-landing to codex/mitm-runtime-enforcement May 1, 2026 18:26

evawong-oai changed the title ~~Introduce domain specific clamping in MITM hook config~~ Use named MITM permissions config May 1, 2026

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from ec08b07 to 6edf86c Compare May 6, 2026 01:10

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from ac139fc to d37498d Compare May 6, 2026 01:10

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from 6edf86c to 03765b9 Compare May 6, 2026 16:10

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from d37498d to ac760a4 Compare May 6, 2026 16:10

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from 03765b9 to 1c1ed25 Compare May 6, 2026 17:46

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from ac760a4 to e0bf393 Compare May 6, 2026 17:46

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from 1c1ed25 to a5db4d3 Compare May 6, 2026 17:47

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from e0bf393 to 494cf09 Compare May 6, 2026 17:48

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from a5db4d3 to c4188b4 Compare May 6, 2026 18:00

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from 494cf09 to f52732a Compare May 6, 2026 18:00

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from c4188b4 to 912d8e7 Compare May 6, 2026 18:45

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from f52732a to 0ea4b1e Compare May 6, 2026 18:46

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from 912d8e7 to 16c939f Compare May 6, 2026 19:39

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from e342e00 to 599ba13 Compare May 7, 2026 19:32

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from ec95472 to 06bab42 Compare May 7, 2026 19:33

winston-openai reviewed May 14, 2026

View reviewed changes

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from 599ba13 to 5c28c96 Compare May 14, 2026 13:01

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from 06bab42 to 7a319d2 Compare May 14, 2026 13:01

winston-openai mentioned this pull request May 14, 2026

Wire managed MITM CA trust into child env #22668

Merged

winston-openai force-pushed the codex/mitm-feature-gate-landing branch from 7a319d2 to 60c5973 Compare May 15, 2026 12:33

winston-openai force-pushed the codex/mitm-runtime-enforcement branch from 5c28c96 to 2c9ccbe Compare May 15, 2026 12:33

github-actions Bot added a commit that referenced this pull request May 16, 2026

@winston-openai has signed the CLA in #18240

5f21351

winston-openai approved these changes May 16, 2026

View reviewed changes

winston-openai force-pushed the codex/mitm-feature-gate-landing branch from f749514 to 60c5973 Compare May 16, 2026 09:03

winston-openai mentioned this pull request May 16, 2026

Preserve trusted MITM hook constraints #22989

Closed

pakrym-oai approved these changes May 20, 2026

View reviewed changes

evawong-oai force-pushed the codex/mitm-runtime-enforcement branch from 74ac468 to e226b36 Compare May 20, 2026 19:54

Base automatically changed from codex/mitm-runtime-enforcement to main May 20, 2026 21:08

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from fb26f1f to 09024fe Compare May 20, 2026 23:32

evawong-oai and others added 4 commits May 20, 2026 16:34

Use named MITM permissions config

fdf036f

Preserve MITM hook order

06c2a78

Fix MITM feature gate CI

36f38e4

Fix MITM permissions config catchup

b4ceb64

evawong-oai force-pushed the codex/mitm-feature-gate-landing branch from 09024fe to b4ceb64 Compare May 20, 2026 23:42

evawong-oai merged commit 3cae840 into main May 21, 2026
31 checks passed

evawong-oai deleted the codex/mitm-feature-gate-landing branch May 21, 2026 00:10

github-actions Bot locked and limited conversation to collaborators May 21, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use named MITM permissions config#18240