The Compliance Proxy is an explicit forward proxy that intercepts outbound HTTPS to AI provider and AI consumer surfaces, applies the compliance pipeline to the decrypted traffic, and emits an audit record. This doc is the service front door — the request lifecycle at a glance and an index into the per-concern docs.
client CONNECT
→ access gate (source-IP / domain allowlist, private-IP check)
→ tunnel established (200 Connection Established)
→ forward gate: kill-switch? pinning-exempt? hook-exempt? → bump or passthrough
→ TLS bump (leaf cert from the per-target issuer/cache)
→ normalize the request → compliance hooks → rewrite if modified → forward upstream
→ normalize the response → response hooks → return to client
→ emit audit event
| Concern | Doc |
|---|---|
| CONNECT entry, access control, connection lifecycle, forward gate | compliance-proxy-connect-forward-architecture.md |
| TLS interception: leaf cert issuance, cache, KMS envelope, pinning | compliance-proxy-tls-cert-architecture.md |
| Normalize stage + adding a Tier-1 traffic adapter / Tier-2 detector | compliance-pipeline-architecture.md |
| Runtime admin API, token auth, break-glass, kill-switch state, exemptions, config | compliance-proxy-runtime-api-architecture.md |
| Domain matching + device predicate | domain-device-predicate-architecture.md |
Cross-cutting concerns the proxy participates in are owned elsewhere: the shared
TLS bump (packages/shared/transport/tlsbump, also driven by the Agent) in
agent-forwarder-architecture.md; the
audit MQ pipeline in
audit-pipeline-architecture.md;
SIEM forwarding in
siem-bridge-architecture.md;
kill-switch propagation in
kill-switch-architecture.md.
audit.MQBatchWriter (packages/compliance-proxy/internal/audit) batches audit
events to the MQ producer, falls back to an NDJSON disk spool when MQ is
unavailable, and tees to the SIEM bridge. WithThingIdentity stamps the proxy's
thing_id / thing_name onto every event; WithNormalizer attaches the
normalize function that populates the *_normalized sidecar. The proxy never
writes traffic_event directly — the Hub db-writer is the sole writer of that
table; the proxy only produces events. The MQ pipeline and Hub-side consumer are
in audit-pipeline-architecture.md.
packages/compliance-proxy/cmd/compliance-proxy/— service entry point and wiringpackages/compliance-proxy/internal/proxy/— CONNECT, access, forward pathpackages/compliance-proxy/internal/tls/— certificate issuance and cachingpackages/compliance-proxy/internal/runtime/— runtime admin APIpackages/compliance-proxy/internal/audit/— MQ batch writer + NDJSON fallbackpackages/shared/transport/tlsbump/— shared MITM bump