* [PM-31696] Add reverse proxy emulator for load balancer cookie testing
Adds a local dev/QA tool that emulates AWS ELB authentication without
real AWS infrastructure. It gates all traffic behind a
BitwardenLoadBalancerCookie and serves a simple auth page to issue it,
enabling testing of the load balancer cookie bootstrap flow (PM-27124).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* [PM-31696] Replace http-proxy with Node.js built-ins
http-proxy has not been published in 6 years and uses the deprecated
util._extend API. Replace it with https.request + piping for HTTP and
tls.connect + socket piping for WebSocket, removing the dependency and
the --no-deprecation workaround entirely.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* [PM-31696] Fix TLS verification for public backends
Extend the default CA bundle with the self-signed cert instead of
replacing it, so both localhost dev servers and public backends
(e.g. vault.bitwarden.com) are trusted without --insecure.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* [PM-31696] Add cookie rotation via R keypress
Press R while the proxy is running to increment the cookie generation,
immediately invalidating all existing session cookies and forcing
clients to re-authenticate on their next request.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: tweak docs
* feat: improve error messages
* docs: update readme
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
