Add MITM hook config model

[evawong-oai]

Stack

1. This PR adds MITM hook config and model only.
2. Runtime follow up: Wire MITM hooks into runtime enforcement #20659 wires hook enforcement into the proxy request path.
3. User facing config follow up: Use named MITM permissions config #18240 moves MITM policy into the PermissionProfile network tree.

Why

1. Viyat asked for the original parent PR to be split so reviewers can inspect the policy model before request behavior changes.
2. This PR gives the proxy a typed MITM hook model, validation, matcher compilation, permissions TOML plumbing, schema support, and config tests.
3. This PR deliberately does not change CONNECT or MITM request handling.
4. Keeping runtime behavior out of this PR makes the review boundary simple: does the policy model parse, validate, compile, and lower correctly.

Summary

1. Add the MITM hook config model and matcher compilation.
2. Validate hosts, methods, paths, query matchers, header matchers, secret sources, and reserved body matching.
3. Add wildcard matcher support for path, query value, and header value matching.
4. Add permissions TOML and schema support for flat runtime hook config.
5. Add config loader tests for MITM hook overlay behavior.

Validation

1. Regenerated the config schema.
2. Ran the network proxy MITM hook unit tests.
3. Ran the core permission profile MITM hook parsing tests.
4. Ran the core config schema fixture test.
5. Ran the scoped Clippy fixer for the network proxy crate.
6. Ran the scoped Clippy fixer for the core crate.

Notes

1. Runtime enforcement moved to Wire MITM hooks into runtime enforcement #20659.
2. User facing PermissionProfile TOML shape remains in Use named MITM permissions config #18240.

[chatgpt-codex-connector]

💡 Codex Review

codex/codex-rs/core/src/network_proxy_loader.rs

Lines 135 to 171 in c0521ac

	fn apply_network_constraints(network: NetworkToml, constraints: &mut NetworkProxyConstraints) {
	if let Some(enabled) = network.enabled {
	constraints.enabled = Some(enabled);
	}
	if let Some(mode) = network.mode {
	constraints.mode = Some(mode);
	}
	if let Some(allow_upstream_proxy) = network.allow_upstream_proxy {
	constraints.allow_upstream_proxy = Some(allow_upstream_proxy);
	}
	if let Some(dangerously_allow_non_loopback_proxy) = network.dangerously_allow_non_loopback_proxy
	{
	constraints.dangerously_allow_non_loopback_proxy =
	Some(dangerously_allow_non_loopback_proxy);
	}
	if let Some(dangerously_allow_all_unix_sockets) = network.dangerously_allow_all_unix_sockets {
	constraints.dangerously_allow_all_unix_sockets = Some(dangerously_allow_all_unix_sockets);
	}
	if let Some(domains) = network.domains.as_ref() {
	let mut config = NetworkProxyConfig::default();
	if let Some(allowed_domains) = constraints.allowed_domains.take() {
	config.network.set_allowed_domains(allowed_domains);
	}
	if let Some(denied_domains) = constraints.denied_domains.take() {
	config.network.set_denied_domains(denied_domains);
	}
	overlay_network_domain_permissions(&mut config, domains);
	constraints.allowed_domains = config.network.allowed_domains();
	constraints.denied_domains = config.network.denied_domains();
	}
	if let Some(unix_sockets) = network.unix_sockets.as_ref() {
	let allow_unix_sockets = unix_sockets.allow_unix_sockets();
	constraints.allow_unix_sockets = Some(allow_unix_sockets);
	}
	if let Some(allow_local_binding) = network.allow_local_binding {
	constraints.allow_local_binding = Some(allow_local_binding);
	}

Enforce managed constraints for new MITM hook fields

network.mitm and network.mitm_hooks were added, but trusted-layer constraint derivation does not track them. As a result, higher-precedence user/project config can disable or replace managed MITM hooks without constraint rejection, weakening centrally enforced HTTPS policy.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[evawong-oai]

Codex review item about managed constraints for MITM hook fields: this is valid, and it is tracked in Linear as AGE 248.

Why it is not in this PR: PR 18868 is now only the typed MITM hook config model. Enforcing trusted constraints for network.mitm and network.mitm_hooks depends on the final protected destination policy shape and the PermissionProfile trusted layer rules. Putting that here would mix model parsing, precedence, and central policy enforcement in one review.

This remains blocked before dogfood or feature gate rollout. Trusted config must prevent user or project config from disabling or replacing managed MITM hooks before protected destinations are enabled.

The separate method policy ordering concern is tracked in Linear as AGE 247.

[evawong-oai]

Thanks. This is intentional for this PR.

The MITM feature is still being built. PR 18868 only lands the typed config model. It does not turn on enforcement.

Enforcement will come in later PRs after the user flow, logging, feature gate, and protected destination policy are ready. That avoids surprising users while the rollout pieces are still being developed.

The follow up work is tracked in Linear:

1. AGE 247 for method policy ordering.
2. AGE 248 for managed config constraints.

Those tasks are required before dogfood or feature gate rollout.

[winston-openai]

LGTM, though you may still want to consider splitting this PR up into smaller, more reviewable chunks

[winston-openai]

it may also be worth keeping the config shape internal rather than exposing it in the PermissionProfile given it's all getting redone in #18240

[evawong-oai]

Done.

#18868 now keeps the config shape internal. The public PermissionProfile config is in #18240, where the new named hook and action shape lives.