feat(test): add Node.js proxy integration test with HTTPS support#3
Merged
Conversation
Adds an integration test that verifies phantom captures HTTP traces from an existing Node.js app without modifying its code — the same philosophy as LD_PRELOAD, but for Node.js. Changes: - tests/apps/node-app/client.js: proxy-unaware Node.js app (BACKEND_*_URL only) - tests/apps/node-app/proxy-preload.js: --require shim that monkey-patches http/https to route through HTTP_PROXY (CONNECT tunnel for HTTPS) - tests/proxy_node_integration.rs: Rust integration test with in-process HTTP (std::net) and HTTPS (rustls) mock backends; verifies 4 traces (2 HTTP + 2 HTTPS MITM) including headers, bodies, trace/span IDs - crates/phantom-capture: add --insecure mode (NoCertVerifier via rustls dangerous API + custom hyper-rustls client) for self-signed backend certs - src/main.rs: expose --insecure CLI flag - Cargo.toml: add rustls/rcgen/rustls-pki-types dev-deps Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…p.js) Embed proxy-preload.js in the phantom binary via include_str! so that `phantom -- node app.js` transparently injects HTTPS interception into any Node.js app without code changes. Key additions to src/main.rs: - NODE_PROXY_PRELOAD const: preload script embedded at compile time - TempScript RAII guard: writes preload to /tmp, deletes on drop - is_node_command(): detects node/nodejs executables - spawn_proxy_child(): sets HTTP_PROXY; for node prepends --require <tmp> - wait_for_proxy(): async poll until proxy port is ready - run_proxy() updated to call spawn_proxy_child when -- CMD is given Integration test updated to use `phantom -- node client.js` instead of manually managing the preload script and proxy env vars. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add long_about with full backend/output-mode explanations and complete JSONL field schema so an AI agent can understand the tool from --help alone. Add after_long_help Examples section covering all common usage patterns. Improve per-flag descriptions to be precise and actionable. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add `test_proxy_captures_alternative_http_clients` test verifying that axios, undici, and globalThis.fetch are all transparently captured by the phantom proxy (6 traces: HTTP + HTTPS × 3 clients) - Update proxy-preload.js to patch undici's global dispatcher via ProxyAgent so undici.request() goes through phantom - Fix axios double-proxy: detect absolute-URI path already targeting the proxy and skip re-wrapping in http.request patch - Fix fetch() HTTP via CONNECT: patch globalThis.fetch for http:// URLs to route through http.request (already proxy-patched), bypassing undici ProxyAgent's CONNECT tunnelling which phantom treats as HTTPS - Add undici as npm dependency for explicit npm package usage - Add client-alts.js: zero-config test app exercising all three clients Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…d new tests - Document Node.js transparent proxy injection (proxy-preload.js auto-inject) - Add HTTP client support matrix (axios/undici/fetch HTTP+HTTPS) - Explain double-proxy guard and fetch CONNECT workaround - Add JSONL output schema section - Add --insecure and --output flags to CLI options table - Update project layout and key files to include test infrastructure - Document proxy_node_integration.rs tests and how to run them - Update data flow section with Node.js auto-injection path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Adds comprehensive integration test for non-invasive proxy traffic capture with Node.js applications:
New Features
--insecureflag: Skip TLS certificate verification for backend connections (testing only)NoCertVerifierimplementingServerCertVerifierfor testing against self-signed certificates--require proxy-preload.js(like LD_PRELOAD for Node.js)client.js: Plain Node.js app making HTTP and HTTPS requestsproxy-preload.js: Monkey-patcheshttp/httpsmodules to route through proxy without code changesproxy_node_integration.rs):Dependencies Added
rustls,rustls-pki-types: TLS certificate verificationhyper-rustls,hyper-util: HTTPS client supportrcgen,tempfile: Test utilitiesrustls-native-certs: Native certificate supportCode Updates
ProxyCaptureBackend::new(): Addedinsecureparametermain.rs: New--insecureCLI flag passed to backendproxy.rs: Conditional client builder based on insecure mode