Building a Rust HTTPS Proxy for AI Agents

Building a Rust HTTPS Proxy for AI Agents OneCLI's core is an HTTPS man-in-the-middle proxy written in Rust. It intercepts agent HTTP requests, decrypts credentials from an encrypted vault, injects them into request headers, and forwards the request to the target API. All of this happens transparently - the agent doesn't know it's happening. Building a reliable, performant HTTPS MITM proxy is a surprisingly deep engineering challenge. This post covers the technical decisions we made and the problems we ran into along the way. Why Rust The proxy sits in the critical path of every API call an agent makes. Latency matters. Memory safety matters (we're handling decrypted secrets in memory). And we needed strong async I/O to handle many concurrent agent connections without burning through resources. We considered Go, which would have been fine for the proxy logic, but Rust gave us three things we cared about: Predictable latency : No garbage collector pauses. When you're adding a hop to eve