pub async fn handle_connection(
client: TcpStream,
pdp: Arc<dyn PolicyDecisionPoint>,
fail_mode: FailMode,
) -> Result<()>Expand description
Handle one proxied connection: read the HTTP CONNECT request, ask the PDP,
and either tunnel to the upstream (Decision::Allow) or refuse with 403
without ever contacting the upstream (Deny/Escalate → 0 bytes leave —
PRODUCT.md B.5 step 4 / Part D row 1). Fail-closed on any error (W0).