Crate kz_proxy

Expand description

kz-proxy: run a subprocess with masked secrets and an HTTP proxy that rewrites tokens.

The main type is Sandbox: build it from a SandboxConfig (with optional SecretMappings, StringMappings, and connection allow/deny rules), then call Sandbox::run to execute a shell command with masked env vars and proxied HTTP that rewrites tokens to real secrets.

The proxy is implemented with the hyper stack so that HTTP parsing, Content-Length, chunked encoding, and CONNECT tunneling follow RFC 7230/9110.

Structs§

ConnectionPolicy: Allow or deny outbound connections to a host (or hosts matching a regex). Policies are evaluated in order; the first matching policy wins. If no policy matches and rules exist, the connection is denied (allowlist behavior).
Sandbox: Sandbox for running a subprocess with masked secrets and an HTTP proxy that rewrites tokens.
SandboxConfig: Configuration for the sandbox: secrets, string mappings, connection allow/deny, and proxy options.
SecretMapping: Mapping from environment variable name to the real secret value. The sandbox will inject a masked token into the subprocess env and the proxy will replace that token with this value in outgoing HTTP requests. Real values must not contain CR, LF, or NUL (validated at run time).
StringMapping: Mapping from a unique string identifier (token) to the actual value. The proxy will replace occurrences of the token with the value in URIs, headers, and body. Used when the process already uses placeholders; no env injection. Values must not contain CR, LF, or NUL.

ESSENTIAL_VARS: Essential OS vars to preserve from the parent environment in blind mode.