didericis
8e261563dc
Survey of TLS-MITM tools (mitmproxy, Squid+ssl_bump, Go libraries) and five candidate topologies for adding TLS termination to the egress path so pipelock's DLP, subdomain-entropy, and MCP scanners can fire on plaintext bodies. Recommends mitmproxy in front of pipelock for v1 with a per-bottle ephemeral CA. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
