feat(egress): extend outbound DLP scan to headers, query params, path, and hostname (PRD 0053)

bot_bottle/egress_addon.py

@@ -16,6 +16,7 @@ from mitmproxy import http  # type: ignore[import-not-found]
 
 from egress_addon_core import (  # type: ignore[import-not-found]
     Route,
+    build_outbound_scan_text,
     decide,
     is_git_push_request,
     load_routes,
@@ -98,14 +99,18 @@ class EgressAddon:
             return
 
         # DLP outbound scan BEFORE stripping auth — catches tokens the
-        # agent tried to smuggle in the Authorization header.
+        # agent tried to smuggle in any header, path, query param, or body.
+        # Hostname is included to catch DNS-tunnelling exfiltration attempts.
         route = match_route(self.routes, flow.request.pretty_host)
         if route is not None:
             body = flow.request.get_text(strict=False) or ""
-            auth_header = flow.request.headers.get("authorization", "")
-            scan_text = body
-            if auth_header:
-                scan_text = auth_header + "\n" + body
+            scan_text = build_outbound_scan_text(
+                flow.request.pretty_host,
+                request_path,
+                query,
+                dict(flow.request.headers),
+                body,
+            )
             dlp_result = scan_outbound(route, scan_text, os.environ)
             if dlp_result is not None and dlp_result.severity == "block":
                 self._block(flow, f"egress DLP: {dlp_result.reason}")