Introduce built-in templates for enhanced configuration options, support JSONC format

2025-12-28 22:16:50 -08:00
parent 8317bb96bc
commit d8e55d9515
22 changed files with 655 additions and 83 deletions
--- a/docs/README.md
+++ b/docs/README.md
@@ -13,7 +13,7 @@ Fence is a sandboxing tool that restricts network and filesystem access for arbi
 - [Troubleshooting](troubleshooting.md) - Common failure modes and fixes
 - [Using Fence with AI agents](agents.md) - Defense-in-depth and policy standardization
 - [Recipes](recipes/README.md) - Common workflows (npm/pip/git/CI)
- [Config Templates](templates/) - Copy/paste templates you can start from
+- [Templates](./templates.md) - Copy/paste templates you can start from

 ## Reference

--- a/docs/agents.md
+++ b/docs/agents.md
@@ -1,6 +1,6 @@
 # Using Fence with AI Agents

-Many popular coding agents already include sandboxing. Fence can still be useful when you want a **tool-agnostic** policy layer that works the same way across:
+Many popular coding agents already include sandboxing. Fence can still be useful when you want a tool-agnostic policy layer that works the same way across:

 - local developer machines
 - CI jobs
@@ -11,11 +11,11 @@ Many popular coding agents already include sandboxing. Fence can still be useful

 Treat an agent as "semi-trusted automation":

- **Restrict writes** to the workspace (and maybe `/tmp`)
- **Allowlist only the network destinations** you actually need
+- Restrict writes to the workspace (and maybe `/tmp`)
+- Allowlist only the network destinations you actually need
 - Use `-m` (monitor mode) to audit blocked attempts and tighten policy

-Fence can also reduce the risk of running agents with fewer interactive permission prompts (e.g. "skip permissions"), **as long as your Fence config tightly scopes writes and outbound destinations**. It's defense-in-depth, not a substitute for the agent's own safeguards.
+Fence can also reduce the risk of running agents with fewer interactive permission prompts (e.g. "skip permissions"), as long as your Fence config tightly scopes writes and outbound destinations. It's defense-in-depth, not a substitute for the agent's own safeguards.

 ## Example: API-only agent

@@ -36,6 +36,18 @@ Run:
 fence --settings ./fence.json <agent-command>
 ```

+## Real-world usage
+
+Currently, we provide the `code.json` template. You can use it by running `fence -t code -- claude`.
+
+However, not all coding agent CLIs work with Fence yet. We're actively investigating these issues.
+
+| Agent | Works? | Notes |
+|-------|--------| ----- |
+| Claude Code | ✅ | Fully working with `code` template |
+| Codex | ❌ | Missing unidentified sandbox permission for interactive mode |
+| OpenCode | ❌ | Ignores proxy env vars; makes direct network connections |
+
 ## Protecting your environment

 Fence includes additional "dangerous file protection (writes blocked regardless of config) to reduce persistence and environment-tampering vectors like:
@@ -44,4 +56,4 @@ Fence includes additional "dangerous file protection (writes blocked regardless
 - shell startup files (`.zshrc`, `.bashrc`, etc.)
 - some editor/tool config directories

-See `ARCHITECTURE.md` for the full list and rationale.
+See [`ARCHITECTURE.md`](/ARCHITECTURE.md) for the full list and rationale.
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1,6 +1,6 @@
 # Configuration

-Fence reads settings from `~/.fence.json` by default (or pass `--settings ./fence.json`).
+Fence reads settings from `~/.fence.json` by default (or pass `--settings ./fence.json`). Config files support JSONC.

 Example config:

--- a/docs/templates.md
+++ b/docs/templates.md
@@ -0,0 +1,28 @@
+# Config Templates
+
+Fence includes built-in config templates for common use cases. Templates are embedded in the binary, so you can use them directly without copying files.
+
+## Using templates
+
+Use the `-t` / `--template` flag to apply a template:
+
+```bash
+# Use a built-in template
+fence -t npm-install npm install
+
+# Wraps Claude Code
+fence -t code -- claude
+
+# List available templates
+fence --list-templates
+```
+
+You can also copy and customize templates from [`internal/templates/`](/internal/templates/).
+
+## Available Templates
+
+| Template | Description |
+|----------|-------------|
+| `code` | Production-ready config for AI coding agents (Claude Code, Codex, Copilot, etc.) |
+| `git-readonly` | Blocks destructive commands like `git push`, `rm -rf`, etc. |
+| `local-dev-server` | Allow binding and localhost outbound; allow writes to workspace/tmp |
--- a/docs/templates/README.md
+++ b/docs/templates/README.md
@@ -1,19 +0,0 @@
-# Config Templates
-
-This directory contains Fence config templates. They are small and meant to be copied and customized.
-
-## Templates
-
- `default-deny.json`: no network allowlist; no write access (most restrictive)
- `workspace-write.json`: allow writes in the current directory
- `npm-install.json`: allow npm registry; allow writes to workspace/node_modules/tmp
- `pip-install.json`: allow PyPI; allow writes to workspace/tmp
- `local-dev-server.json`: allow binding and localhost outbound; allow writes to workspace/tmp
- `agent-api-only.json`: allow common LLM API domains; allow writes to workspace
- `git-readonly.json`: blocks destructive commands like `git push`, `rm -rf`, etc.
-
-## Using a template
-
-```bash
-fence --settings ./docs/templates/npm-install.json npm install
-```
--- a/docs/templates/agent-api-only.json
+++ b/docs/templates/agent-api-only.json
@@ -1,8 +0,0 @@
-{
-  "network": {
-    "allowedDomains": ["api.openai.com", "api.anthropic.com"]
-  },
-  "filesystem": {
-    "allowWrite": ["."]
-  }
-}
--- a/docs/templates/default-deny.json
+++ b/docs/templates/default-deny.json
@@ -1,8 +0,0 @@
-{
-  "network": {
-    "allowedDomains": []
-  },
-  "filesystem": {
-    "allowWrite": []
-  }
-}
--- a/docs/templates/git-readonly.json
+++ b/docs/templates/git-readonly.json
@@ -1,19 +0,0 @@
-{
-  "network": {
-    "allowedDomains": []
-  },
-  "filesystem": {
-    "allowWrite": ["."],
-    "denyWrite": [".git"]
-  },
-  "command": {
-    "deny": [
-      "git push",
-      "git reset",
-      "git clean",
-      "git checkout --",
-      "git rebase",
-      "git merge"
-    ]
-  }
-}
--- a/docs/templates/local-dev-server.json
+++ b/docs/templates/local-dev-server.json
@@ -1,9 +0,0 @@
-{
-  "network": {
-    "allowLocalBinding": true,
-    "allowLocalOutbound": true
-  },
-  "filesystem": {
-    "allowWrite": [".", "/tmp"]
-  }
-}
--- a/docs/templates/npm-install.json
+++ b/docs/templates/npm-install.json
@@ -1,8 +0,0 @@
-{
-  "network": {
-    "allowedDomains": ["registry.npmjs.org", "*.npmjs.org"]
-  },
-  "filesystem": {
-    "allowWrite": [".", "node_modules", "/tmp"]
-  }
-}
--- a/docs/templates/pip-install.json
+++ b/docs/templates/pip-install.json
@@ -1,8 +0,0 @@
-{
-  "network": {
-    "allowedDomains": ["pypi.org", "files.pythonhosted.org"]
-  },
-  "filesystem": {
-    "allowWrite": [".", "/tmp"]
-  }
-}
--- a/docs/templates/workspace-write.json
+++ b/docs/templates/workspace-write.json
@@ -1,5 +0,0 @@
-{
-  "filesystem": {
-    "allowWrite": ["."]
-  }
-}