Update docs

ARCHITECTURE.md

@@ -53,6 +53,7 @@ Handles loading and validating sandbox configuration:
 type Config struct {
     Network    NetworkConfig    // Domain allow/deny lists
     Filesystem FilesystemConfig // Read/write restrictions
+    AllowPty   bool             // Allow pseudo-terminal allocation
 }
 ```
 
@@ -287,7 +288,7 @@ Linux uses network namespace isolation (`--unshare-net`), which prevents connect
 With `-m` on Linux, you only see proxy-level denials:
 
 ```text
-[fence:http] 14:30:01 ✗ CONNECT 403 evil.com (blocked by proxy)
+[fence:http] 14:30:01 ✗ CONNECT 403 evil.com https://evil.com:443 (0s)
 [fence:socks] 14:30:02 ✗ CONNECT evil.com:22 BLOCKED
 ```
 
@@ -326,11 +327,17 @@ Access control follows a deny-by-default model for writes:
 
 Certain paths are always protected from writes regardless of config to prevent common attack vectors:
 
-- Shell configs: `.bashrc`, `.zshrc`, `.profile`, `.bash_profile`
+**Protected files:**
+
+- Shell configs: `.bashrc`, `.bash_profile`, `.zshrc`, `.zprofile`, `.profile`
+- Git config: `.gitconfig`, `.gitmodules`, `.git/config` (can define aliases that run code)
 - Git hooks: `.git/hooks/*` (can execute arbitrary code on git operations)
-- Git config: `.gitconfig`, `.git/config` (can define aliases that run code)
-- SSH config: `.ssh/config`, `.ssh/authorized_keys`
-- Editor configs that can execute code: `.vimrc`, `.emacs`
+- Tool configs: `.ripgreprc`, `.mcp.json`
+
+**Protected directories:**
+
+- IDE/editor settings: `.vscode`, `.idea`
+- Claude agent configs: `.claude/commands`, `.claude/agents`
 
 #### Process Isolation
 

CONTRIBUTING.md

@@ -123,14 +123,20 @@ Releases are automated using [GoReleaser](https://goreleaser.com/) via GitHub Ac
 
 #### Creating a release
 
-1. Tag the commit with a semantic version:
+Use the release script to create and push a new version tag:
 
 ```bash
-   git tag v1.0.0
-   git push origin v1.0.0
+# Patch release (v1.0.0 → v1.0.1)
+./scripts/release.sh patch
+
+# Minor release (v1.0.0 → v1.1.0)
+./scripts/release.sh minor
 ```
 
-2. GitHub Actions will automatically:
+The script runs preflight checks, calculates the next version, and prompts for confirmation before tagging.
+
+Once the tag is pushed, GitHub Actions will automatically:
+
 - Build binaries for all supported platforms
 - Create archives with README, LICENSE, and ARCHITECTURE.md
 - Generate checksums

README.md

@@ -71,6 +71,8 @@ Create `~/.fence.json` to configure allowed domains and filesystem access:
 | `allowUnixSockets` | List of allowed Unix socket paths (macOS) |
 | `allowAllUnixSockets` | Allow all Unix sockets |
 | `allowLocalBinding` | Allow binding to local ports |
+| `httpProxyPort` | Fixed port for HTTP proxy (default: random available port) |
+| `socksProxyPort` | Fixed port for SOCKS5 proxy (default: random available port) |
 
 ### Filesystem Configuration
 
@@ -81,10 +83,16 @@ Create `~/.fence.json` to configure allowed domains and filesystem access:
 | `denyWrite` | Paths to deny writing (takes precedence) |
 | `allowGitConfig` | Allow writes to `.git/config` files |
 
+### Other Options
+
+| Field | Description |
+|-------|-------------|
+| `allowPty` | Allow pseudo-terminal (PTY) allocation in the sandbox (for MacOS) |
+
 ## CLI Usage
 
 ```text
-fence [flags] [command...]
+fence [flags] -- [command...]
 
 Flags:
   -c string        Run command string directly (like sh -c)
@@ -92,6 +100,7 @@ Flags:
   -m, --monitor    Monitor mode (shows blocked requests and violations only)
   -p, --port       Expose port for inbound connections (can be repeated)
   -s, --settings   Path to settings file (default: ~/.fence.json)
+  -v, --version    Show version information
   -h, --help       Help for fence
 ```