monadical/greywall
Archived
14
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
JY Tan
2025-12-23 20:51:01 -08:00
parent a65c7ce308
commit a8158a39b3
5 changed files with 22 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/why-fence.md
View File

@@ -6,10 +6,10 @@ Common situations:
- Running `npm install`, `pip install`, or `cargo build` in an unfamiliar repo
- Executing build scripts or test runners that can read/write broadly and make network calls
- Running CI jobs where you want **default-deny egress** and **tightly scoped writes**
- Running CI jobs where you want default-deny egress and tightly scoped writes
- Auditing what a command *tries* to do before you let it do it
Fence is intentionally simple: it focuses on **network allowlisting** (by domain) and **filesystem write restrictions** (by path), wrapped in a pragmatic OS sandbox (macOS `sandbox-exec`, Linux `bubblewrap`).
Fence is intentionally simple: it focuses on network allowlisting (by domain) and filesystem write restrictions (by path), wrapped in a pragmatic OS sandbox (macOS `sandbox-exec`, Linux `bubblewrap`).
## What problem does it solve?