diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md index 740a445..8500df6 100644 --- a/ARCHITECTURE.md +++ b/ARCHITECTURE.md @@ -53,6 +53,7 @@ Handles loading and validating sandbox configuration: type Config struct { Network NetworkConfig // Domain allow/deny lists Filesystem FilesystemConfig // Read/write restrictions + AllowPty bool // Allow pseudo-terminal allocation } ``` @@ -287,7 +288,7 @@ Linux uses network namespace isolation (`--unshare-net`), which prevents connect With `-m` on Linux, you only see proxy-level denials: ```text -[fence:http] 14:30:01 ✗ CONNECT 403 evil.com (blocked by proxy) +[fence:http] 14:30:01 ✗ CONNECT 403 evil.com https://evil.com:443 (0s) [fence:socks] 14:30:02 ✗ CONNECT evil.com:22 BLOCKED ``` @@ -326,11 +327,17 @@ Access control follows a deny-by-default model for writes: Certain paths are always protected from writes regardless of config to prevent common attack vectors: -- Shell configs: `.bashrc`, `.zshrc`, `.profile`, `.bash_profile` +**Protected files:** + +- Shell configs: `.bashrc`, `.bash_profile`, `.zshrc`, `.zprofile`, `.profile` +- Git config: `.gitconfig`, `.gitmodules`, `.git/config` (can define aliases that run code) - Git hooks: `.git/hooks/*` (can execute arbitrary code on git operations) -- Git config: `.gitconfig`, `.git/config` (can define aliases that run code) -- SSH config: `.ssh/config`, `.ssh/authorized_keys` -- Editor configs that can execute code: `.vimrc`, `.emacs` +- Tool configs: `.ripgreprc`, `.mcp.json` + +**Protected directories:** + +- IDE/editor settings: `.vscode`, `.idea` +- Claude agent configs: `.claude/commands`, `.claude/agents` #### Process Isolation diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 12ecb5a..b8bf0f3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -123,19 +123,25 @@ Releases are automated using [GoReleaser](https://goreleaser.com/) via GitHub Ac #### Creating a release -1. Tag the commit with a semantic version: +Use the release script to create and push a new version tag: - ```bash - git tag v1.0.0 - git push origin v1.0.0 - ``` +```bash +# Patch release (v1.0.0 → v1.0.1) +./scripts/release.sh patch -2. GitHub Actions will automatically: - - Build binaries for all supported platforms - - Create archives with README, LICENSE, and ARCHITECTURE.md - - Generate checksums - - Create a GitHub release with changelog - - Upload all artifacts +# Minor release (v1.0.0 → v1.1.0) +./scripts/release.sh minor +``` + +The script runs preflight checks, calculates the next version, and prompts for confirmation before tagging. + +Once the tag is pushed, GitHub Actions will automatically: + +- Build binaries for all supported platforms +- Create archives with README, LICENSE, and ARCHITECTURE.md +- Generate checksums +- Create a GitHub release with changelog +- Upload all artifacts #### Supported platforms diff --git a/README.md b/README.md index 9c2ff87..3f0a66a 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,8 @@ Create `~/.fence.json` to configure allowed domains and filesystem access: | `allowUnixSockets` | List of allowed Unix socket paths (macOS) | | `allowAllUnixSockets` | Allow all Unix sockets | | `allowLocalBinding` | Allow binding to local ports | +| `httpProxyPort` | Fixed port for HTTP proxy (default: random available port) | +| `socksProxyPort` | Fixed port for SOCKS5 proxy (default: random available port) | ### Filesystem Configuration @@ -81,10 +83,16 @@ Create `~/.fence.json` to configure allowed domains and filesystem access: | `denyWrite` | Paths to deny writing (takes precedence) | | `allowGitConfig` | Allow writes to `.git/config` files | +### Other Options + +| Field | Description | +|-------|-------------| +| `allowPty` | Allow pseudo-terminal (PTY) allocation in the sandbox (for MacOS) | + ## CLI Usage ```text -fence [flags] [command...] +fence [flags] -- [command...] Flags: -c string Run command string directly (like sh -c) @@ -92,6 +100,7 @@ Flags: -m, --monitor Monitor mode (shows blocked requests and violations only) -p, --port Expose port for inbound connections (can be repeated) -s, --settings Path to settings file (default: ~/.fence.json) + -v, --version Show version information -h, --help Help for fence ```