feat(proxy/blockheaders): emit X-Pipelock-Block-Reason on every block path

[luckyPipewrench]

Summary

Wires the X-Pipelock-Block-Reason header set onto every pipelock block path. Stacks on PR #467 (the schema and emit package); merges back to main only after that PR lands.

Done-state criterion 3 of the v2.4 release spec: schema specified AND implemented across forward, intercept, fetch, reverse, MCP HTTP, and WebSocket. No transport split.

Coverage by transport

• Forward proxy: 9 block sites. Envelope verify, scanner unavailable, missing host, header DLP, scanner result with hint, escalated scanner result, session-airlock detail, escalation level, budget admission.
• Intercept (TLS-MITM): 14 block sites. Envelope verify, kill switch, authority mismatch, airlock, scanner result with hint, escalated scanner result, A2A header DLP, body-scan blocks (general DLP and A2A flavors), header secret, CEE block, escalation level, envelope-injection failure.
• Reverse proxy: 7 block sites. writeReverseProxyBlock signature gains a blockreason.Info parameter so every caller is forced to supply a reason.
• MCP HTTP: method-not-allowed and compressed-response blocks both emit.
• WebSocket: 13 pre-upgrade http.Error sites use writeBlockedError; seven post-upgrade plwsutil.WriteCloseFrame sites carry the JSON document via Info.CloseFramePayload(), giving WebSocket transport parity through close frames instead of headers (per docs/specs/block-reason-header.md transport-coverage table).
• Fetch handler: 13 writeJSON-based block sites use the new writeBlockedJSON helper.

Helper layer

• internal/proxy/blockheaders.go adds reasonFromScanner (maps scanner.Scanner* labels to blockreason.Reason), severityFromReason and retryFromReason classifiers (canonical per spec), blockInfo and blockInfoFor constructors, plus writeBlockedError (drop-in for http.Error) and writeBlockedJSON (drop-in for the fetch handler's writeJSON).
• All public helpers are 100 percent covered.

Compatibility

• Existing 403 status codes and JSON response bodies are unchanged. The header set is purely additive.
• Free-text WebSocket close-frame messages get replaced with the structured CloseFramePayload JSON; that is a wire-format change but it stays inside RFC 6455's 123-byte close-frame ceiling.

Anti-scope-creep

• No agent-side libraries or SDKs that consume the header. Separate ecosystem deliverable.
• No header-driven retry orchestration on the pipelock side. Pipelock emits, agent decides.
• MCP stdio still has no HTTP layer to attach headers to. Block-reason taxonomy in JSON-RPC errors is tracked separately.

Stacked on

• PR feat(blockreason): X-Pipelock-Block-Reason header schema and emit package #467 (the schema and emit package). This branch is rebased onto feat/block-reason-header; merging this PR before feat(blockreason): X-Pipelock-Block-Reason header schema and emit package #467 would leave main unable to compile.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e79212e9-57ce-4d57-bd14-1ce6302e744f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/block-reason-impl

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}