Add MITM hook config model

codex-rs/network-proxy/src/config.rs

@@ -13,6 +13,8 @@ use std::path::Path;
 use tracing::warn;
 use url::Url;
 
+use crate::mitm_hook::MitmHookConfig;
+
 #[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
 pub struct NetworkProxyConfig {
     #[serde(default)]
@@ -139,6 +141,8 @@ pub struct NetworkProxySettings {
     pub allow_local_binding: bool,
     #[serde(default)]
     pub mitm: bool,
+    #[serde(default)]
+    pub mitm_hooks: Vec<MitmHookConfig>,
 }
 
 impl Default for NetworkProxySettings {
@@ -157,6 +161,7 @@ impl Default for NetworkProxySettings {
             unix_sockets: None,
             allow_local_binding: false,
             mitm: false,
+            mitm_hooks: Vec::new(),
         }
     }
 }
@@ -273,8 +278,8 @@ pub enum NetworkMode {
     /// blocked unless MITM is enabled so the proxy can enforce method policy on inner requests.
     /// SOCKS5 remains blocked in limited mode.
     Limited,
-    /// Full network access: all HTTP methods are allowed, and HTTPS CONNECTs are tunneled without
-    /// MITM interception.
+    /// Full network access: all HTTP methods are allowed. HTTPS CONNECTs are tunneled directly
+    /// unless MITM is needed for host-specific inner-request hooks.
     #[default]
     Full,
 }
@@ -588,6 +593,7 @@ mod tests {
                 unix_sockets: None,
                 allow_local_binding: false,
                 mitm: false,
+                mitm_hooks: Vec::new(),
             }
         );
     }
@@ -652,6 +658,7 @@ mod tests {
                     "unix_sockets": null,
                     "allow_local_binding": false,
                     "mitm": false,
+                    "mitm_hooks": [],
                 }
             })
         );

codex-rs/network-proxy/src/lib.rs

@@ -5,6 +5,7 @@ mod config;
 mod connect_policy;
 mod http_proxy;
 mod mitm;
+mod mitm_hook;
 mod network_policy;
 mod policy;
 mod proxy;
@@ -23,6 +24,11 @@ pub use config::NetworkProxyConfig;
 pub use config::NetworkUnixSocketPermission;
 pub use config::NetworkUnixSocketPermissions;
 pub use config::host_and_port_from_network_addr;
+pub use mitm_hook::InjectedHeaderConfig;
+pub use mitm_hook::MitmHookActionsConfig;
+pub use mitm_hook::MitmHookBodyConfig;
+pub use mitm_hook::MitmHookConfig;
+pub use mitm_hook::MitmHookMatchConfig;
 pub use network_policy::NetworkDecision;
 pub use network_policy::NetworkDecisionSource;
 pub use network_policy::NetworkPolicyDecider;

codex-rs/network-proxy/src/state.rs

@@ -4,6 +4,8 @@ use crate::config::NetworkProxyConfig;
 use crate::config::NetworkUnixSocketPermissions;
 use crate::mitm::MitmState;
 use crate::mitm::MitmUpstreamConfig;
+use crate::mitm_hook::MitmHookConfig;
+use crate::mitm_hook::validate_mitm_hook_config;
 use crate::policy::DomainPattern;
 use crate::policy::compile_allowlist_globset;
 use crate::policy::compile_denylist_globset;
@@ -53,6 +55,9 @@ pub struct PartialNetworkConfig {
     #[serde(default)]
     pub unix_sockets: Option<NetworkUnixSocketPermissions>,
     pub allow_local_binding: Option<bool>,
+    pub mitm: Option<bool>,
+    #[serde(default)]
+    pub mitm_hooks: Option<Vec<MitmHookConfig>>,
 }
 
 pub fn build_config_state(
@@ -116,6 +121,7 @@ pub fn validate_policy_against_constraints(
         .map(|entry| entry.to_ascii_lowercase())
         .collect();
     let config_allow_unix_sockets = config.network.allow_unix_sockets();
+    validate_mitm_hook_config(config).map_err(invalid_mitm_hook_configuration)?;
     validate_non_global_wildcard_domain_patterns("network.denied_domains", &config_denied_domains)?;
     if let Some(max_enabled) = constraints.enabled {
         validate(enabled, move |candidate| {
@@ -376,6 +382,14 @@ pub fn validate_policy_against_constraints(
     Ok(())
 }
 
+fn invalid_mitm_hook_configuration(err: anyhow::Error) -> NetworkProxyConstraintError {
+    NetworkProxyConstraintError::InvalidValue {
+        field_name: "network.mitm_hooks",
+        candidate: err.to_string(),
+        allowed: "valid MITM hook configuration".to_string(),
+    }
+}
+
 fn validate_non_global_wildcard_domain_patterns(
     field_name: &'static str,
     patterns: &[String],