monadical/greywall
Archived
14
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

Introduce built-in templates for enhanced configuration options, support JSONC format

Browse Source
This commit is contained in:
JY Tan
2025-12-28 22:16:50 -08:00
parent 8317bb96bc
commit d8e55d9515
22 changed files with 655 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/agents.md
View File

@@ -1,6 +1,6 @@
# Using Fence with AI Agents
Many popular coding agents already include sandboxing. Fence can still be useful when you want a **tool-agnostic** policy layer that works the same way across:
Many popular coding agents already include sandboxing. Fence can still be useful when you want a tool-agnostic policy layer that works the same way across:
- local developer machines
- CI jobs
@@ -11,11 +11,11 @@ Many popular coding agents already include sandboxing. Fence can still be useful
Treat an agent as "semi-trusted automation":
- **Restrict writes** to the workspace (and maybe `/tmp`)
- **Allowlist only the network destinations** you actually need
- Restrict writes to the workspace (and maybe `/tmp`)
- Allowlist only the network destinations you actually need
- Use `-m` (monitor mode) to audit blocked attempts and tighten policy
Fence can also reduce the risk of running agents with fewer interactive permission prompts (e.g. "skip permissions"), **as long as your Fence config tightly scopes writes and outbound destinations**. It's defense-in-depth, not a substitute for the agent's own safeguards.
Fence can also reduce the risk of running agents with fewer interactive permission prompts (e.g. "skip permissions"), as long as your Fence config tightly scopes writes and outbound destinations. It's defense-in-depth, not a substitute for the agent's own safeguards.
## Example: API-only agent
@@ -36,6 +36,18 @@ Run:
fence --settings ./fence.json <agent-command>
```
## Real-world usage
Currently, we provide the `code.json` template. You can use it by running `fence -t code -- claude`.
However, not all coding agent CLIs work with Fence yet. We're actively investigating these issues.
| Agent | Works? | Notes |
|-------|--------| ----- |
| Claude Code | ✅ | Fully working with `code` template |
| Codex | ❌ | Missing unidentified sandbox permission for interactive mode |
| OpenCode | ❌ | Ignores proxy env vars; makes direct network connections |
## Protecting your environment
Fence includes additional "dangerous file protection (writes blocked regardless of config) to reduce persistence and environment-tampering vectors like:
@@ -44,4 +56,4 @@ Fence includes additional "dangerous file protection (writes blocked regardless
- shell startup files (`.zshrc`, `.bashrc`, etc.)
- some editor/tool config directories
See `ARCHITECTURE.md` for the full list and rationale.
See [`ARCHITECTURE.md`](/ARCHITECTURE.md) for the full list and rationale.