monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
58 Commits 4 Branches 0 Tags
9db1ae8b5410e1f854d86f128954e050ec24ca7f
Commit Graph

36 Commits

Author SHA1 Message Date
JY Tan
7cc9fb3427 Add gh CLI commands to code template 2026-02-02 12:06:55 -08:00
JY Tan
8630789c39 Add TODO comment 2026-02-02 11:53:40 -08:00
JY Tan
37b154bc94 fix(linux): remove expensive glob expansion for mandatory deny patterns 
The glob expansion using **/pattern patterns caused full filesystem walks
of the current directory for each pattern (~15 patterns = ~15 walks).
This caused hangs in directories with many files (e.g., node_modules).

The concrete paths from getMandatoryDenyPaths() are sufficient for bwrap's
--ro-bind protections. Landlock (applied via wrapper) provides additional
recursive protection.

Fixes #27
 2026-02-02 10:22:13 -08:00
JY Tan
c8621e8f6c feat: use OS-preferred config directory (#26) 2026-02-01 16:17:33 -08:00
JY Tan
7679fecf06 feat: add defaultDenyRead mode for strict filesystem isolation (#24) 2026-02-01 15:11:40 -08:00
JY Tan
cef3576076 chore: update code template for Droid (Factory CLI) 2026-02-01 12:16:31 -08:00
JY Tan
20b7718ce8 fix: handle macOS /tmp symlink in sandbox allowWrite paths (#23) 2026-01-26 14:30:54 -08:00
priuatus
27dfd1da93 test: add denyRead integration tests for files and directories (#15) 2026-01-23 10:22:17 -08:00
JY Tan
9bb11a2f40 chore: update code template for OpenCode and Gemini CLI (#20) 2026-01-22 15:41:30 -08:00
JY Tan
5b57527a83 fix: filter directory-only Landlock rights for non-directory paths (#17) 2026-01-21 12:35:35 -08:00
JY Tan
5d01a01883 fix: handle files and symlinks correctly in denyRead paths (#14) 2026-01-21 02:26:51 -08:00
priuatus
06c2cc9a34 fix: network namespace detection false negative (#12) 
Co-authored-by: netixen <netixen@spaceship>
 2026-01-20 11:30:18 -08:00
JY Tan
20fa647ccc feat: support ssh commands (#10) 2026-01-17 15:36:51 -08:00
JY Tan
71c211c9ab fix: improve skip logic for Landlock tests in integration_linux_test.go 2026-01-17 13:15:23 -08:00
JY Tan
f3ac2d72f4 feat: ability to import claude code settings as configs (#7) 2026-01-15 14:55:44 -08:00
JY Tan
800a50b457 Add support for config inheritance 2026-01-05 17:23:14 -08:00
JY Tan
83fa7a76ee Update templates 2025-12-29 14:45:51 -08:00
JY Tan
90cd0a0a4b Add code-relaxed template, handle wildcard network allow 2025-12-29 01:39:41 -08:00
JY Tan
d8e55d9515 Introduce built-in templates for enhanced configuration options, support JSONC format 2025-12-28 22:16:50 -08:00
JY Tan
8317bb96bc perf: add benchmarks (#5) 2025-12-28 00:38:01 -08:00
JY Tan
6c21e008c3 Handle library usage and missing network namespace gracefully 2025-12-26 16:19:07 -08:00
JY Tan
6fdd1af057 test: add integration and smoke tests (#4) 2025-12-26 14:56:20 -08:00
JY Tan
f86d9a2c82 Add environment sanitization 2025-12-25 20:47:11 -08:00
JY Tan
47de3e431c Add ability to block commands 2025-12-25 19:03:01 -08:00
JY Tan
6159bdd38a Lint linux files 2025-12-25 18:23:57 -08:00
JY Tan
08ed28f88f Enhance Linux sandbox security features with Landlock, seccomp, and eBPF monitoring 2025-12-25 17:33:55 -08:00
JY Tan
b98b640f5a Add support for local outbound connections in sandbox configuration 2025-12-22 15:55:01 -08:00
JY Tan
b16f76e7b7 Enhance filesystem protection in Linux sandbox 2025-12-19 12:27:17 -08:00
JY Tan
b220c42614 Refine log monitoring predicate to filter for specific session violations 2025-12-19 12:24:01 -08:00
JY Tan
299adcae33 Lint tests 2025-12-18 17:58:26 -08:00
JY Tan
549c504585 Add unit tests 2025-12-18 17:50:04 -08:00
JY Tan
cc031fe176 Minor changes 2025-12-18 17:14:19 -08:00
JY Tan
14a737a36b Lint project 2025-12-18 17:02:09 -08:00
JY Tan
55230dd774 Add GoReleaser configuration, CI workflows, and contributing guidelines; update .gitignore and Makefile 2025-12-18 16:45:12 -08:00
JY Tan
35d1f1ea22 Enhance violation monitoring 2025-12-18 15:49:05 -08:00
JY Tan
c02c91f051 Initial commit 2025-12-18 13:14:41 -08:00