Skip to main content
The Vane sidecar is a local HTTP proxy that runs alongside any AI agent process. It intercepts outbound HTTP/HTTPS calls, attaches the agent’s Vane passport, and attests every call — all without changing a line of agent code.

How it works

For HTTPS, the sidecar performs transparent MITM using a locally-generated ECDSA P-256 root CA. The agent process must trust this CA certificate.

Configuration

All configuration is via environment variables. None have defaults except SIDECAR_PORT and SIDECAR_CA_CERT_FILE.

Starting the sidecar

On startup, the sidecar:
  1. Fetches an agent passport from Vane (using POST /v1/agents/{agentId}/passport)
  2. Generates a MITM CA certificate and writes it to SIDECAR_CA_CERT_FILE
  3. Starts listening on 127.0.0.1:SIDECAR_PORT
  4. Prints configuration instructions
Output:

Using the sidecar — outbound (forward proxy)

Configure your agent process to use the sidecar as its HTTP proxy. Every outbound call will automatically get the agent’s Vane-Passport header injected.

HTTP

HTTPS (Node.js agent)

Install the MITM CA cert, then set the proxy:

HTTPS (Python agent with requests)

What happens on each outbound call

  1. The sidecar intercepts the request.
  2. It fetches the cached passport (refreshed automatically when < 5 minutes remain before expiry).
  3. It injects Vane-Passport: <token> into the request headers.
  4. If no Authorization header is already set, it also injects Authorization: Bearer <passport>.
  5. It forwards the request to the real destination.
  6. It sends an attestation record to Vane (fire-and-forget: actionType: "outbound-http", payload: { method, url, host, path }).

Using the sidecar — inbound (reverse proxy)

Set SIDECAR_AGENT_TARGET to your agent’s local address. The sidecar will verify incoming Vane-Passport (or Authorization: Bearer <cap-jwt>) headers before forwarding to your agent.
Callers hit http://127.0.0.1:8080/... — the sidecar verifies the passport locally (no Vane server call) and forwards to http://localhost:3001/.... Requests without a valid passport receive:
or:

Downloading the MITM CA certificate

The CA cert is always available at:
No authentication required. This endpoint exists so agents can bootstrap trust at startup without needing the cert pre-baked into their environment.

Passport caching and refresh

The sidecar caches the agent passport and automatically refreshes it when fewer than 5 minutes remain before expiry. A new passport is fetched from POST /v1/agents/{agentId}/passport with scopes: ["tool:*", "attest:write"] and a 3600-second TTL. If the Vane server is unavailable when a refresh is needed, the sidecar returns 502 on the proxied request.

Notes

  • The sidecar always binds to 127.0.0.1 — it is not accessible from other machines.
  • The MITM CA uses ECDSA P-256 (not Ed25519) because the @peculiar/x509 library used to issue certificates uses WebCrypto for CA operations.
  • Leaf certificates per hostname are cached for 1 hour; the CA cert is valid for 1 year.
  • Only HTTP/1.1 is supported for HTTPS MITM. HTTP/2 upstream connections are not implemented.