James dcdca016db feat: add MITM proxy mode with LLM policy evaluation (C-017) ... - New package clavis/clavis-vault/proxy/ - HTTPS MITM proxy via HTTP CONNECT tunnel - Dynamic per-host TLS cert generation (signed by local CA) - CA cert auto-generated at DataDir/proxy/ca.crt (1-year validity) - Per-cert cache with 24h TTL - Credential injection hook (stub — DB wiring next) - LLM policy evaluation hook (stub — OpenAI-compatible API) - L2 (identity/card) fields are never injectable by design - cmd/clavitor/main.go: new flags --proxy Enable proxy mode (default: off) --proxy-addr Listen addr (default: 127.0.0.1:19840) --proxy-llm Enable LLM policy evaluation --proxy-llm-url LLM base URL (OpenAI-compat) --proxy-llm-key LLM API key --proxy-llm-model LLM model name Usage: clavitor --proxy export HTTP_PROXY=http://127.0.0.1:19840 HTTPS_PROXY=http://127.0.0.1:19840 # Install DataDir/proxy/ca.crt in OS trust store for HTTPS MITM		2026-03-29 08:54:51 -04:00
..
clavitor	feat: add MITM proxy mode with LLM policy evaluation (C-017)	2026-03-29 08:54:51 -04:00
._.DS_Store	chore: auto-commit uncommitted changes	2026-03-26 00:01:24 -04:00