Struct ProxyConfig 

pub struct ProxyConfig {
    pub bind_addr: IpAddr,
    pub bind_port: u16,
    pub allowed_hosts: Vec<String>,
    pub routes: Vec<RouteConfig>,
    pub external_proxy: Option<ExternalProxyConfig>,
    pub direct_connect_ports: Vec<u16>,
    pub max_connections: usize,
    pub intercept_ca_dir: Option<PathBuf>,
    pub intercept_parent_ca_pems: Option<Vec<u8>>,
    pub preloaded_ca: Option<PreloadedCa>,
    pub ca_validity: Option<Duration>,
}

Configuration for the proxy server.

Fields

bind_addr: IpAddr

Bind address (default: 127.0.0.1)

bind_port: u16

Bind port (0 = OS-assigned ephemeral port)

allowed_hosts: Vec<String>

Allowed hosts for CONNECT mode (exact match + wildcards). Empty = allow all hosts (except deny list).

routes: Vec<RouteConfig>

Reverse proxy credential routes.

external_proxy: Option<ExternalProxyConfig>

External (enterprise) proxy URL for passthrough mode. When set, CONNECT requests are chained to this proxy.

direct_connect_ports: Vec<u16>

Outbound TCP ports that the sandbox allows direct connections on (via Landlock ConnectTcp). Hosts whose resolved port is NOT in this set must go through the proxy and should NOT appear in NO_PROXY.

max_connections: usize

Maximum concurrent connections (0 = unlimited).

intercept_ca_dir: Option<PathBuf>

Directory the proxy will write the TLS-intercept trust bundle into.

When set together with at least one route requiring L7 visibility (endpoint_rules, credential_key, or oauth2), the proxy generates an ephemeral session CA and writes a PEM bundle (system roots + optional parent SSL_CERT_FILE + ephemeral CA) into this directory at startup. The path is exposed via ProxyHandle::intercept_ca_path() so the CLI can grant the sandboxed child a Landlock/Seatbelt read capability for it.

The directory must exist and be owner-only readable (mode 0o700) before start() is called. The CLI conventionally points this at ~/.nono/sessions/<session_id>/.

None disables TLS interception entirely; CONNECT requests behave as before (transparent tunnel for non-route hosts; 403 for routes without L7 requirements).

intercept_parent_ca_pems: Option<Vec<u8>>

Optional contents of the parent process’s SSL_CERT_FILE, merged into the trust bundle so any corporate CA configured on the host remains trusted by the sandboxed child.

The CLI reads this from std::env::var("SSL_CERT_FILE") and std::fs::read(...) before calling start(). Skipped during (de)serialisation: it’s not part of any user-authored config file.

preloaded_ca: Option<PreloadedCa>

Pre-generated CA material for cross-session reuse (--trust-proxy-ca).

When Some, the proxy uses this CA instead of generating a fresh ephemeral one. The private key was loaded from macOS Keychain by the CLI supervisor; the cert is already trusted in the user’s trust store.

ca_validity: Option<Duration>

Optional CA validity override for TLS interception. Default (None) uses CA_VALIDITY_DEFAULT (24h). Set by CLI --proxy-ca-validity flag.

Trait Implementations

impl Clone for ProxyConfig

fn clone(&self) -> ProxyConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ProxyConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for ProxyConfig

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for ProxyConfig

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for ProxyConfig

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.