Remove support for disabling TLS interception

README.md

@@ -200,16 +200,9 @@ How it works:
 
 Notes and limits:
 
-- Tools that ignore the above env vars will fail TLS verification when intercepted. For those, either add tool‑specific flags to point at `ca-cert.pem` or run with `--no-tls-intercept`.
+- Tools that ignore the above env vars will fail TLS verification when intercepted. For those, add tool‑specific flags to point at `ca-cert.pem`.
 - Long‑lived connections are supported: timeouts are applied only to protocol detection, CONNECT header reads, and TLS handshakes — not to proxied streams (e.g., gRPC/WebSocket).
 
-### Disable TLS Interception
-
-```bash
-# Only monitor/block HTTP traffic
-httpjail --no-tls-intercept --allow ".*" -- ./app
-```
-
 ## License
 
 This project is released into the public domain under the CC0 1.0 Universal license. See [LICENSE](LICENSE) for details.

src/jail/mod.rs

@@ -52,10 +52,6 @@ pub struct JailConfig {
     /// Port for HTTPS proxy
     pub https_proxy_port: u16,
 
-    /// Whether to use TLS interception
-    #[allow(dead_code)]
-    pub tls_intercept: bool,
-
     /// Unique identifier for this jail instance
     pub jail_id: String,
 
@@ -79,7 +75,6 @@ impl JailConfig {
         Self {
             http_proxy_port: 8040,
             https_proxy_port: 8043,
-            tls_intercept: true,
             jail_id,
             enable_heartbeat: true,
             heartbeat_interval_secs: 1,

src/main.rs

@@ -36,10 +36,6 @@ struct Args {
     #[arg(long = "log-only")]
     log_only: bool,
 
-    /// Disable HTTPS interception
-    #[arg(long = "no-tls-intercept")]
-    no_tls_intercept: bool,
-
     /// Interactive approval mode
     #[arg(long = "interactive")]
     interactive: bool,
@@ -349,7 +345,6 @@ async fn main() -> Result<()> {
     let mut jail_config = JailConfig::new();
     jail_config.http_proxy_port = actual_http_port;
     jail_config.https_proxy_port = actual_https_port;
-    jail_config.tls_intercept = !args.no_tls_intercept;
 
     // Create and setup jail
     let mut jail = create_jail(jail_config.clone(), args.weak)?;
@@ -386,21 +381,19 @@ async fn main() -> Result<()> {
     // Set up CA certificate environment variables for common tools
     let mut extra_env = Vec::new();
 
-    if !args.no_tls_intercept {
-        match httpjail::tls::CertificateManager::get_ca_env_vars() {
-            Ok(ca_env_vars) => {
-                debug!(
-                    "Setting {} CA certificate environment variables",
-                    ca_env_vars.len()
-                );
-                extra_env = ca_env_vars;
-            }
-            Err(e) => {
-                warn!(
-                    "Failed to set up CA certificate environment variables: {}",
-                    e
-                );
-            }
+    match httpjail::tls::CertificateManager::get_ca_env_vars() {
+        Ok(ca_env_vars) => {
+            debug!(
+                "Setting {} CA certificate environment variables",
+                ca_env_vars.len()
+            );
+            extra_env = ca_env_vars;
+        }
+        Err(e) => {
+            warn!(
+                "Failed to set up CA certificate environment variables: {}",
+                e
+            );
         }
     }
 
@@ -532,7 +525,6 @@ mod tests {
             config: Some(file.path().to_str().unwrap().to_string()),
             dry_run: false,
             log_only: false,
-            no_tls_intercept: false,
             interactive: false,
             weak: false,
             verbose: 0,