diff --git a/components/agents.tsx b/components/agents.tsx index 556415f..ee9a4e8 100644 --- a/components/agents.tsx +++ b/components/agents.tsx @@ -28,7 +28,7 @@ export function Agents() { Works with every agent.

- All agents work perfectly inside their sandbox — but can't impact anything outside + All agents work perfectly inside their sandbox but can't impact anything outside it. No agent-specific configuration needed.

diff --git a/components/control.tsx b/components/control.tsx index 255a432..c3f3b2a 100644 --- a/components/control.tsx +++ b/components/control.tsx @@ -10,7 +10,6 @@ const tree = [ { path: ' node_modules/', access: 'r', color: 'yellow' }, { path: '~/shared-lib/', access: 'r', color: 'yellow' }, { path: '~/.ssh/', access: 'deny', color: 'red' }, - { path: '~/.aws/', access: 'deny', color: 'red' }, { path: '~/.env', access: 'deny', color: 'red' }, { path: '~/other-repos/', access: 'deny', color: 'red' }, { path: '~/Documents/', access: 'deny', color: 'red' }, @@ -52,7 +51,7 @@ export function Control() { Default deny. Explicit allow.

- Agents inherit your full permissions. Greywall flips this — nothing is accessible + Agents inherit your full permissions. Greywall flips this: nothing is accessible unless explicitly granted. Filesystem, network, and commands all start closed.

@@ -80,7 +79,7 @@ export function Control() {

SSH keys, git hooks, shell configs, and .env files - are always protected — even inside allowed directories. + are always protected, even inside allowed directories.

@@ -121,7 +120,7 @@ export function Control() {

- Full network namespace isolation — the process can't see the host network. + Full network namespace isolation. The process can't see the host network. Every packet hits the TUN device and routes through GreyProxy, including binaries that ignore proxy env vars.

@@ -163,7 +162,7 @@ export function Control() {

All outbound traffic is blocked at the kernel. Only the proxy address is - reachable — GreyProxy then applies domain-level allow/deny rules. + reachable. GreyProxy then applies domain-level allow/deny rules.

)} diff --git a/components/hero.tsx b/components/hero.tsx index 2f857ca..825b29c 100644 --- a/components/hero.tsx +++ b/components/hero.tsx @@ -1,7 +1,7 @@ 'use client' import { useState } from 'react' -import { Copy, Check, Terminal } from 'lucide-react' +import { Copy, Check } from 'lucide-react' export function Hero() { const [copied, setCopied] = useState(false) diff --git a/components/layers.tsx b/components/layers.tsx index 8b113d5..b5177dd 100644 --- a/components/layers.tsx +++ b/components/layers.tsx @@ -15,28 +15,28 @@ const linuxLayers = [ icon: Lock, name: 'Landlock', tag: 'Filesystem', - desc: 'Kernel-level filesystem access control. Enforces granular read/write permissions below userspace — processes cannot escalate their own access.', + desc: 'Kernel-level filesystem access control. Enforces granular read/write permissions below userspace. Processes cannot escalate their own access.', detail: 'Linux 5.13+', }, { icon: ShieldCheck, name: 'Seccomp BPF', tag: 'Syscalls', - desc: 'Blocks 27 dangerous system calls at the kernel boundary — ptrace, mount, kexec, module loading, and BPF manipulation are all denied.', + desc: 'Blocks 27+ dangerous system calls at the kernel boundary. ptrace, mount, kexec, module loading, and BPF manipulation are all denied.', detail: 'Linux 3.5+', }, { icon: Eye, name: 'eBPF Monitoring', tag: 'Visibility', - desc: 'Traces syscall exits in real time across all layers. Every permission denial is captured instantly with full context — process, path, and reason.', + desc: 'Traces syscall exits in real time across all layers. Every permission denial is captured instantly with full context: process, path, and reason.', detail: 'Linux 4.15+', }, { icon: Wifi, name: 'TUN + SOCKS5 Proxy', tag: 'Network', - desc: 'Transparent network capture at the kernel level via TUN device. All TCP/UDP traffic is routed through the proxy — even binaries that ignore env vars.', + desc: 'Transparent network capture at the kernel level via TUN device. All TCP/UDP traffic is routed through the proxy, even binaries that ignore env vars.', detail: 'Any kernel', }, ] @@ -99,7 +99,7 @@ export function Layers() {

{platform === 'linux' - ? 'Each layer operates independently. A bug in one is caught by another. No single point of failure — every constraint is enforced at the kernel level.' + ? 'Each layer operates independently. A bug in one is caught by another. No single point of failure. Every constraint is enforced at the kernel level.' : 'macOS Seatbelt enforces deny-by-default policies before any syscall completes. The sandbox profile is generated per-session with rules tailored to your project.'}

@@ -152,7 +152,7 @@ export function Layers() { ) : ( <> No dependencies.{' '} - macOS sandboxing uses only built-in OS capabilities — no packages to install. + macOS sandboxing uses only built-in OS capabilities. No packages to install. Run{' '} greywall check diff --git a/components/observability.tsx b/components/observability.tsx index ea34d57..39b5fe8 100644 --- a/components/observability.tsx +++ b/components/observability.tsx @@ -1,4 +1,4 @@ -import { Eye, Activity, ShieldQuestion, Zap } from 'lucide-react' +import { Eye } from 'lucide-react' export function Observability() { return ( @@ -12,107 +12,33 @@ export function Observability() {

- Watch it reach. Then decide. + See every network connection.

- You can't predict what your agent will access. Greywall makes every filesystem - operation and network connection visible in real time — so you make informed decisions - instead of guessing policies upfront. + You can't predict which domains your agent will reach for. GreyProxy captures + every outbound connection and lets you allow or deny them in real time, without + restarting the session.

-
- {/* Monitor mode */} -
-
-
- -
-

Real-time violation monitor

-
-
-
- Live violation stream -
-
-
- $ - greywall -m -- claude -
-
- [14:23:01] DENY{' '} - read{' '} - ~/.ssh/id_ed25519 -
-
- [14:23:01] DENY{' '} - read{' '} - ~/.aws/credentials -
-
- [14:23:02] DENY{' '} - write{' '} - ~/.bashrc -
-
- [14:23:03] ALLOW{' '} - read{' '} - ./src/index.ts -
-
- [14:23:03] ALLOW{' '} - write{' '} - ./src/utils.ts -
-
+
+
+
+
+

GreyProxy dashboard

- - {/* GreyProxy screenshot */} -
-
-
- -
-

GreyProxy dashboard

-
-
- GreyProxy dashboard showing pending network requests with Allow and Deny controls -
-
-
- - {/* Value props */} -
-
- -

Answer hard questions

-

- What did the agent see? What did it access? What was denied? Greywall makes these - questions answerable for any session, at any time, after the fact. -

-
-
- -

Move faster, safely

-

- Once you can see what agents do and control it without breaking flow, you stop - hesitating. Longer autonomous runs, more sub-agents, faster iteration on sensitive - workloads. -

-
-
- -

Operate, don't hope

-

- Observability is the difference between operating AI and hoping AI operates. - Security becomes an enabler of velocity, not a constraint on it. -

+
+ GreyProxy dashboard showing pending network requests with Allow and Deny controls
+

+ Every outbound request is visible. Allow trusted domains, block unknown ones, + and adjust policies live as your agent works. +

diff --git a/components/problem.tsx b/components/problem.tsx index 52a3765..8426287 100644 --- a/components/problem.tsx +++ b/components/problem.tsx @@ -1,4 +1,4 @@ -import { AlertTriangle, KeyRound, Globe, FolderOpen, FileCode } from 'lucide-react' +import { AlertTriangle, KeyRound, FolderOpen, FileCode } from 'lucide-react' const exposures = [ { @@ -7,12 +7,6 @@ const exposures = [ label: 'SSH keys', desc: 'Private keys, known hosts, agent configs', }, - { - icon: Globe, - path: '~/.aws/', - label: 'Cloud credentials', - desc: 'AWS tokens, GCP configs, Azure secrets', - }, { icon: FileCode, path: '.env', @@ -43,12 +37,12 @@ export function Problem() {

AI coding agents run as your user. They see your SSH keys, cloud tokens, env files, and - entire home directory. The model decides what to access at runtime — guided by weights + entire home directory. The model decides what to access at runtime, guided by weights you didn't train, at machine speed. One wrong inference is all it takes.

-
+
{exposures.map((item) => (

- Most setups rely on promises — + Most setups rely on promises:{' '} trust the model provider's policies, trust the application code, trust that the agent respects boundaries. Greywall replaces trust with enforcement. Constraints are applied at the kernel level, below anything the agent or model can circumvent.