Optional VM egress MITM proxy with mock-secret header rewriting#134
Optional VM egress MITM proxy with mock-secret header rewriting#134sjmiller609 wants to merge 26 commits intomainfrom
Conversation
Add a new host-side egress proxy module that supports HTTP/HTTPS interception and per-instance header secret substitution from mock values to real host environment secrets. Wire proxy lifecycle into instance create/start/restore/stop/standby/delete flows, inject guest proxy settings via config disk, and install proxy CA material in guest init. Add Linux egress enforcement rules to require proxy path for outbound 80/443 traffic, document behavior in lib/egressproxy/README.md, and add an integration test validating HTTPS header rewrite end to end.
✱ Stainless preview buildsThis PR will update the Edit this comment to update it. It will appear in the SDK's changelogs. ✅ hypeman-openapi studio · code · diff
✅ hypeman-typescript studio · code · diff
✅ hypeman-go studio · code · diff
This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push. |
…n test Switch the new egress proxy integration test away from curlimages/curl:8.12.1 so it works with CI strict prewarm registry mirror. Use docker.io/library/nginx:alpine (already mirrored in CI) while keeping HTTPS header rewrite validation via curl.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Automated risk triage result: High risk.
Why this is high risk (from code diff evidence):
- Introduces a new host-side HTTP/HTTPS MITM subsystem (
lib/egressproxy/*) including dynamic cert signing, CONNECT interception, and header rewriting logic. - Adds Linux egress enforcement via host
iptablesFORWARD rules (lib/egressproxy/enforce_linux.go), which affects networking behavior and operational safety. - Wires proxy/enforcement into core VM lifecycle flows (
create,start,restore,stop,standby,delete) acrosslib/instances/*. - Expands external API surface (
openapi.yaml,lib/oapi/oapi.go, API request mapping) and guest init trust/bootstrap behavior (lib/system/init/*,lib/vmconfig/config.go).
Decision:
- Code review is required.
- No auto-approval (high-risk PRs are not approved by automation).
Reviewer assignment:
- PR already has 2 reviewers requested, so no additional reviewers were added.
sjmiller609
changed the title
sjmiller609
changed the title
…roxy-secret-rewrite # Conflicts: # lib/instances/create.go # lib/instances/fork.go # lib/instances/types.go # lib/oapi/oapi.go # openapi.yaml
…roxy-secret-rewrite # Conflicts: # lib/instances/create.go # lib/instances/manager.go # lib/oapi/oapi.go
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
rgarcia
left a comment
rgarcia
left a comment
There was a problem hiding this comment.
still seems like there's no hard api/control-plane error when mitm ca cert setup fails in the guest... seems not ideal to have to inspect guest logs to find that this failure. fine merging as is to keep things moving though
I'll take a look. I still need to review the changes it decided to do since the previous review, and I'll see if I can handle that too. thanks for the careful reviews. |
2 participants
Summary
This PR adds an optional, default-off egress MITM proxy mode for Hypeman VMs so workloads can run with mock secrets in-VM while real secrets stay on the host.
When enabled per instance, Hypeman now:
HTTP_PROXY/HTTPS_PROXY, lower-case variants).Why
This enables safer execution of untrusted or lower-trust workloads in VMs without placing real secrets inside guest env/config, while still allowing authenticated outbound API traffic.
API / Config changes
CreateInstanceRequestnow supports top-levelegress_proxy:enabled: boolmock_to_real_env_var: map[string]string(mock literal -> host env var name)EgressProxyConfig.Implementation details
lib/egressproxy/Tests
Added integration test:
TestEgressProxyRewritesHTTPSHeadersAuthorizationheader.Validation run
Executed on
deft-kernel-devas root:sudo -n /usr/local/go/bin/go test ./cmd/api/api -run TestDoesNotExist -count=1sudo -n /usr/local/go/bin/go test ./lib/instances -run TestEgressProxyRewritesHTTPSHeaders -count=1 -vsudo -n /usr/local/go/bin/go test ./... -run TestDoesNotExist -count=1All passed for this change set.
Notes
Note
High Risk
Introduces a host-side MITM proxy and Linux
iptablesenforcement that alters VM outbound networking and handles real secret material, so misconfiguration or bugs could impact security and connectivity.Overview
Adds an optional, default-off egress MITM proxy mode for instances, including new API fields
network.egress(with enforcement mode) andcredentialsto keep real secrets host-side while the guest receivesmock-*placeholders.Wires the feature through instance lifecycle (
create/start/restoreand cleanup onstop/standby/delete): registers per-instance proxy + enforcement, regenerates config disks to inject proxy settings and mock env vars, and persists new metadata (NetworkEgress,Credentials).Introduces
lib/egressproxy(CA generation + per-host cert signing, CONNECT MITM, HTTPS-only header rewriting with domain allowlists, and Linuxiptablesegress blocking) plus guest-init support to install the proxy CA, expands test coverage (unit + VM integration), and updates prewarm/e2e scripts and tests to support registry mirroring and new OpenAPI fields.Written by Cursor Bugbot for commit a25a59b. This will update automatically on new commits. Configure here.