Most pen-test platforms treat scope as a setup-time policy. We treat it as a runtime concern, enforced at three layers:
policy_check(action, context, scopes, rate_limiter)in the agent loop.- An HTTP forward-proxy (scope-proxy) that drops out-of-scope traffic at the network layer with a 451.
- An append-only audit log of every blocked attempt for incident response.
Defense in depth: even if an agent imports its own httpx and forgets the policy check, the proxy still drops the request.