David Wolf · Project Use Case
AI SECURITY · PRODUCT SECURITY · CONFIDENTIAL AI AUTOMATION PLATFORM
Confidential AI Automation Platform
Tauri Rust MITM Sidecar & Schema Normalization Engine
A macOS-first Rust/Tauri sidecar with MITM proxying, 164 schema normalizers/adapters, streaming WSS processing, and LLM chat interception pipelines.
Designed and implemented a Rust-based Tauri desktop sidecar with MITM proxy capabilities, request/response interception, streaming WebSocket processing, LLM chat interception, and 164 schema normalizers/adapters to convert...
Client
Confidential / Internal AI Automation Platform
Engagement Type
Consulting / Internal Buildout
Period
2025–2026
Role
Rust/Tauri Architect / AI Automation Engineer / AI Product Security Engineer
Focus Areas
Rust/Tauri Sidecar, MITM Proxy Architecture, Request/Response Interception, WebSocket Stream Processing
The Research Narrative
Strategic Problem
MITM proxying and LLM chat interception are powerful and sensitive. The challenge was building a sidecar that could process complex traffic and streaming events while preserving explicit trust boundaries,...
What David Did
David designed a Rust/Tauri sidecar with MITM-style request/response capture, WebSocket stream processing, LLM chat interception support, and 164 schema normalizers/adapters. Raw traffic...
What Became Clearer
The result was a local-first AI automation sidecar that bridges desktop, browser, network, streaming, and LLM-chat workflows. It demonstrates deep Rust/Tauri engineering, schema...
Consulting Proof
This is evidence of turning messy security telemetry into explainable dashboards, alert-quality improvements, and executive-ready operating views.
The Context
A browser extension can observe and automate many workflows, but it cannot own the full desktop and network-adjacent AI automation problem. The sidecar extended the architecture into a local Rust/Tauri runtime for authorized interception, streaming processing, and normalization.
The Challenge
MITM proxying and LLM chat interception are powerful and sensitive. The challenge was building a sidecar that could process complex traffic and streaming events while preserving explicit trust boundaries, local control, and a maintainable normalization model.
What I Did
David designed a Rust/Tauri sidecar with MITM-style request/response capture, WebSocket stream processing, LLM chat interception support, and 164 schema normalizers/adapters. Raw traffic was separated from normalized events so downstream agents and analytics could consume stable records.
- •Designed a macOS-first Tauri sidecar architecture using Rust for native performance, local control, and secure desktop integration
- •Implemented MITM proxy capabilities for authorized request/response observation and processing
- •Built request and response interception pipelines capable of capturing structured API traffic and forwarding it into normalization workflows
- •Implemented WebSocket stream processing patterns for live traffic, streaming responses, and real-time event capture
- •Designed the sidecar specifically to support LLM chat interception and streaming analysis use cases
- •Built or defined 164 schema normalizers/adapters to translate heterogeneous service payloads into stable internal records
- •Created a normalization model that separated raw capture, adapter selection, schema transformation, event emission, and downstream processing
- •Designed event envelopes suitable for WSS streaming, storage, sync, and AI enrichment
The Outcome
The result was a local-first AI automation sidecar that bridges desktop, browser, network, streaming, and LLM-chat workflows. It demonstrates deep Rust/Tauri engineering, schema normalization, streaming architecture, and AI product-security awareness.
Research Outcomes
Signal Quality
Improved the trustworthiness of operational security signals
Operational Clarity
Translated complex security data into clearer operating views
Stakeholder Visibility
Made technical risk and status easier to explain
Operational Impact
Turned raw telemetry into actionable security intelligence
Capabilities Demonstrated
Security Analytics
Signal investigation and event analysis
Telemetry Normalization
Consistent and trusted data
Operational Reporting
Actionable views for security operations
IAM / Access Control
Identity telemetry and access insights
SIEM Alert Debugging
Noise reduction and signal validation
Dashboard Development
Operational and executive views
Executive Reporting
Security data translated for leadership
Public-Safe Evidence
Shareable insights without sensitive data
Key Deliverables
- •Rust/Tauri desktop sidecar architecture
- •MITM proxy pipeline
- •Request interception workflow
- •Response interception workflow
- •WebSocket streaming listener and processing model
- •LLM chat interception and streaming-processing design
- •164 schema normalizers/adapters
- •Raw capture to normalized event pipeline
Tools & Technologies
Consulting Translation
The reusable pattern is not Disney-specific: normalize fragmented security telemetry, debug low-signal alert behavior, build trusted operating views, and give leadership evidence they can act on without exposing sensitive systems.