fix: prevent learning mode from collapsing read paths to $HOME

Files directly under ~ (e.g., ~/.gitignore, ~/.npmrc) were collapsed to the home directory, defeating sandboxing. Now keeps exact file paths when the parent directory would be $HOME.
docs: add Linux deny-by-default lessons to experience.md
2026-02-13 11:38:51 -06:00 · 2026-02-12 20:16:37 -06:00 · 2026-02-12 20:15:40 -06:00
20 changed files with 135 additions and 1645 deletions
--- a/.gitea/workflows/benchmark.yml
+++ b/.gitea/workflows/benchmark.yml
@@ -1,101 +0,0 @@
 name: Benchmarks
 on:
  workflow_dispatch:
    inputs:
      min_runs:
        description: "Minimum benchmark runs"
        required: false
        default: "30"
      quick:
        description: "Quick mode (fewer runs)"
        required: false
        default: "false"
        type: boolean
 jobs:
  benchmark-linux:
    name: Benchmark (Linux)
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod
          cache: true
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Set up Node
        uses: actions/setup-node@v4
        with:
          node-version: "20"
      - name: Download dependencies
        run: go mod download
      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y \
            bubblewrap \
            socat \
            uidmap \
            curl \
            netcat-openbsd \
            ripgrep \
            hyperfine \
            jq \
            bc
          # Configure subuid/subgid
          echo "$(whoami):100000:65536" | sudo tee -a /etc/subuid
          echo "$(whoami):100000:65536" | sudo tee -a /etc/subgid
          sudo chmod u+s $(which bwrap)
      - name: Install benchstat
        run: go install golang.org/x/perf/cmd/benchstat@latest
      - name: Build greywall
        run: make build-ci
      - name: Run Go microbenchmarks
        run: |
          mkdir -p benchmarks
          go test -run=^$ -bench=. -benchmem -count=10 ./internal/sandbox/... | tee benchmarks/go-bench-linux.txt
      - name: Run CLI benchmarks
        run: |
          MIN_RUNS="${{ github.event.inputs.min_runs || '30' }}"
          QUICK="${{ github.event.inputs.quick || 'false' }}"
          if [[ "$QUICK" == "true" ]]; then
            ./scripts/benchmark.sh -q -o benchmarks
          else
            ./scripts/benchmark.sh -n "$MIN_RUNS" -o benchmarks
          fi
      - name: Upload benchmark results
        uses: actions/upload-artifact@v4
        with:
          name: benchmark-results-linux
          path: benchmarks/
          retention-days: 30
      - name: Display results
        run: |
          echo "=== Linux Benchmark Results ==="
          echo ""
          for f in benchmarks/*.md; do
            [[ -f "$f" ]] && cat "$f"
          done
          echo ""
          echo "=== Go Microbenchmarks ==="
          grep -E '^Benchmark|^ok|^PASS' benchmarks/go-bench-linux.txt | head -50 || true
--- a/.gitea/workflows/main.yml
+++ b/.gitea/workflows/main.yml
@@ -1,115 +0,0 @@
 name: Build and test
 on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
 jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod
          cache: true
      - name: Download dependencies
        run: go mod download
      - name: Build
        run: make build-ci
  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod
          cache: true
      - name: Download dependencies
        run: go mod download
      - name: Lint
        uses: golangci/golangci-lint-action@v6
        with:
          install-mode: goinstall
          version: v1.64.8
  test-linux:
    name: Test (Linux)
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod
          cache: true
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Set up Node
        uses: actions/setup-node@v4
        with:
          node-version: "20"
      - name: Download dependencies
        run: go mod download
      - name: Install Linux sandbox dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y \
            bubblewrap \
            socat \
            uidmap \
            curl \
            netcat-openbsd \
            ripgrep
          # Configure subuid/subgid for the runner user (required for unprivileged user namespaces)
          echo "$(whoami):100000:65536" | sudo tee -a /etc/subuid
          echo "$(whoami):100000:65536" | sudo tee -a /etc/subgid
          # Make bwrap setuid so it can create namespaces as non-root user
          sudo chmod u+s $(which bwrap)
      - name: Verify sandbox dependencies
        run: |
          echo "=== Checking sandbox dependencies ==="
          bwrap --version
          socat -V | head -1
          echo "User namespaces enabled: $(cat /proc/sys/kernel/unprivileged_userns_clone 2>/dev/null || echo 'check not available')"
          echo "Kernel version: $(uname -r)"
          echo "uidmap installed: $(which newuidmap 2>/dev/null && echo yes || echo no)"
          echo "subuid configured: $(grep $(whoami) /etc/subuid 2>/dev/null || echo 'not configured')"
          echo "bwrap setuid: $(ls -la $(which bwrap) | grep -q '^-rws' && echo yes || echo no)"
          echo "=== Testing bwrap basic functionality ==="
          bwrap --ro-bind / / -- /bin/echo "bwrap works!"
          echo "=== Testing bwrap with user namespace ==="
          bwrap --ro-bind / / --unshare-user --uid 0 --gid 0 -- /bin/echo "bwrap user namespace works!"
      - name: Run unit and integration tests
        run: make test-ci
      - name: Build binary for smoke tests
        run: make build-ci
      - name: Run smoke tests
        run: GREYWALL_TEST_NETWORK=1 ./scripts/smoke_test.sh ./greywall
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -1,62 +0,0 @@
 name: Release
 on:
  push:
    tags:
      - "v*"
 run-name: "Release ${{ github.ref_name }}"
 jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod
          cache: true
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          distribution: goreleaser
          version: "~> v2"
          args: release --clean
        env:
          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
          GORELEASER_FORCE_TOKEN: gitea
  publish-version:
    needs: [goreleaser]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout gh-pages
        uses: actions/checkout@v4
        with:
          ref: gh-pages
      - name: Update latest version
        run: |
          echo "${{ github.ref_name }}" > latest.txt
          cat > latest.json << EOF
          {
            "version": "${{ github.ref_name }}",
            "published_at": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
            "url": "https://gitea.app.monadical.io/monadical/greywall/releases/tag/${{ github.ref_name }}"
          }
          EOF
      - name: Commit and push to gh-pages
        run: |
          git config user.name "gitea-actions[bot]"
          git config user.email "gitea-actions[bot]@noreply.gitea.app.monadical.io"
          git add latest.txt latest.json
          git commit -m "Update latest version to ${{ github.ref_name }}" || echo "No changes to commit"
          git push origin gh-pages
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,36 +1,8 @@
 version: "2"
 run:
  timeout: 5m
  modules-download-mode: readonly
-linters:
+
-  default: none
+linters-settings:
  enable:
    - errcheck
    - gocritic
    - gosec
    - govet
    - ineffassign
    - misspell
    - revive
    - staticcheck
    - unused
  settings:
    gocritic:
      disabled-checks:
        - singleCaseSwitch
    revive:
      rules:
        - name: exported
          disabled: true
  exclusions:
    generated: lax
    paths:
      - third_party$
      - builtin$
      - examples$
 formatters:
  enable:
    - gofumpt
  settings:
  gci:
    sections:
      - standard
@@ -39,11 +11,30 @@ formatters:
  gofmt:
    simplify: true
  goimports:
-      local-prefixes:
+    local-prefixes: gitea.app.monadical.io/monadical/greywall
-        - gitea.app.monadical.io/monadical/greywall
+  gocritic:
-  exclusions:
+    disabled-checks:
-    generated: lax
+      - singleCaseSwitch
-    paths:
+  revive:
-      - third_party$
+    rules:
-      - builtin$
+      - name: exported
-      - examples$
+        disabled: true
 linters:
  enable-all: false
  disable-all: true
  enable:
    - staticcheck
    - errcheck
    - gosimple
    - govet
    - unused
    - ineffassign
    - gosec
    - gocritic
    - revive
    - gofumpt
    - misspell
 issues:
  exclude-use-default: false
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,10 +1,5 @@
 version: 2
 gitea_urls:
  api: https://gitea.app.monadical.io/api/v1
  download: https://gitea.app.monadical.io
  skip_tls_verify: false
 before:
  hooks:
    - go mod tidy
@@ -47,7 +42,7 @@ checksum:
 changelog:
  sort: asc
-  use: gitea
+  use: github
  format: "{{ .SHA }}: {{ .Message }}{{ with .AuthorUsername }} (@{{ . }}){{ end }}"
  filters:
    exclude:
@@ -81,7 +76,7 @@ changelog:
      order: 9999
 release:
-  gitea:
+  github:
    owner: monadical
    name: greywall
  draft: false
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -54,7 +54,7 @@ scripts/               Smoke tests, benchmarks, release
 - **Language:** Go 1.25+
 - **Formatter:** `gofumpt` (enforced in CI)
- **Linter:** `golangci-lint` v2 (config in `.golangci.yml`)
+- **Linter:** `golangci-lint` v1.64.8 (config in `.golangci.yml`)
 - **Import order:** stdlib, third-party, local (`gitea.app.monadical.io/monadical/greywall`)
 - **Platform code:** build tags (`//go:build linux`, `//go:build darwin`) with `*_stub.go` for unsupported platforms
 - **Error handling:** custom error types (e.g., `CommandBlockedError`)
--- a/2
+++ b/2
@@ -70,7 +70,7 @@ build-darwin:
 install-lint-tools:
 	@echo "Installing linting tools..."
 	go install mvdan.cc/gofumpt@latest
-	go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 	@echo "Linting tools installed"
 setup: deps install-lint-tools
--- a/README.md
+++ b/README.md
@@ -2,20 +2,20 @@
 **The sandboxing layer of the GreyHaven platform.**
-Greywall wraps commands in a sandbox that blocks network access by default and restricts filesystem operations. On Linux, it uses tun2socks for truly transparent proxying: all TCP/UDP traffic is captured at the kernel level via a TUN device and forwarded through an external SOCKS5 proxy. No application awareness needed.
+Greywall wraps commands in a sandbox that blocks network access by default and restricts filesystem operations. It is the core sandboxing component of the GreyHaven platform, providing defense-in-depth for running untrusted code.
 ```bash
-# Block all network access (default — no proxy running = no connectivity)
+# Block all network access (default)
-greywall -- curl https://example.com
+greywall curl https://example.com  # → 403 Forbidden
-# Route traffic through an external SOCKS5 proxy
+# Allow specific domains
-greywall --proxy socks5://localhost:1080 -- curl https://example.com
+greywall -t code npm install  # → uses 'code' template with npm/pypi/etc allowed
 # Block dangerous commands
 greywall -c "rm -rf /"  # → blocked by command deny rules
 ```
-Greywall also works as a permission manager for CLI agents. See [agents.md](./docs/agents.md) for integration with Claude Code, Codex, Gemini CLI, OpenCode, and others.
+Greywall also works as a permission manager for CLI agents. **Greywall works with popular coding agents like Claude Code, Codex, Gemini CLI, Cursor Agent, OpenCode, Factory (Droid) CLI, etc.** See [agents.md](./docs/agents.md) for more details.
 ## Install
@@ -39,123 +39,83 @@ go install gitea.app.monadical.io/monadical/greywall/cmd/greywall@latest
 ```bash
 git clone https://gitea.app.monadical.io/monadical/greywall
 cd greywall
-make setup && make build
+go build -o greywall ./cmd/greywall
 ```
 </details>
-**Linux dependencies:**
+**Additional requirements for Linux:**
- `bubblewrap` — container-free sandboxing (required)
+- `bubblewrap` (for sandboxing)
- `socat` — network bridging (required)
+- `socat` (for network bridging)
-
+- `bpftrace` (optional, for filesystem violation visibility when monitoring with `-m`)
 Check dependency status with `greywall --version`.
 ## Usage
-### Basic commands
+### Basic
 ```bash
-# Run with all network blocked (default)
+# Run command with all network blocked (no domains allowed by default)
-greywall -- curl https://example.com
+greywall curl https://example.com
 # Run with shell expansion
 greywall -c "echo hello && ls"
 # Route through a SOCKS5 proxy
 greywall --proxy socks5://localhost:1080 -- npm install
 # Expose a port for inbound connections (e.g., dev servers)
 greywall -p 3000 -c "npm run dev"
 # Enable debug logging
-greywall -d -- curl https://example.com
+greywall -d curl https://example.com
-# Monitor sandbox violations
+# Use a template
-greywall -m -- npm install
+greywall -t code -- claude  # Runs Claude Code using `code` template config
-# Show available Linux security features
+# Monitor mode (shows violations)
-greywall --linux-features
+greywall -m npm install
-# Show version and dependency status
+# Show all commands and options
-greywall --version
+greywall --help
 ```
 ### Learning mode
 Greywall can trace a command's filesystem access and generate a config template automatically:
 ```bash
 # Run in learning mode — traces file access via strace
 greywall --learning -- opencode
 # List generated templates
 greywall templates list
 # Show a template's content
 greywall templates show opencode
 # Next run auto-loads the learned template
 greywall -- opencode
 ```
 ### Configuration
 Greywall reads from `~/.config/greywall/greywall.json` by default (or `~/Library/Application Support/greywall/greywall.json` on macOS).
-```jsonc
+```json
 {
-  // Route traffic through an external SOCKS5 proxy
+  "extends": "code",
-  "network": {
+  "network": { "allowedDomains": ["private.company.com"] },
-    "proxyUrl": "socks5://localhost:1080",
+  "filesystem": { "allowWrite": ["."] },
-    "dnsAddr": "localhost:5353"
+  "command": { "deny": ["git push", "npm publish"] }
  },
  // Control filesystem access
  "filesystem": {
    "defaultDenyRead": true,
    "allowRead": ["~/.config/myapp"],
    "allowWrite": ["."],
    "denyWrite": ["~/.ssh/**"],
    "denyRead": ["~/.ssh/id_*", ".env"]
  },
  // Block dangerous commands
  "command": {
    "deny": ["git push", "npm publish"]
  }
 }
 ```
-Use `greywall --settings ./custom.json` to specify a different config file.
+Use `greywall --settings ./custom.json` to specify a different config.
-By default (when connected to GreyHaven), traffic routes through the GreyHaven SOCKS5 proxy at `localhost:42052` with DNS via `localhost:42053`.
+### Import from Claude Code
 ```bash
 greywall import --claude --save
 ```
 ## Features
- **Transparent proxy** — All TCP/UDP traffic captured at the kernel level via tun2socks and routed through an external SOCKS5 proxy (Linux)
+- **Network isolation** - All outbound blocked by default; allowlist domains via config
- **Network isolation** — All outbound blocked by default; traffic only flows when a proxy is available
+- **Filesystem restrictions** - Control read/write access paths
- **Filesystem restrictions** — Deny-by-default read mode, controlled write paths, sensitive file protection
+- **Command blocking** - Deny dangerous commands like `rm -rf /`, `git push`
- **Learning mode** — Trace filesystem access with strace and auto-generate config templates
+- **SSH Command Filtering** - Control which hosts and commands are allowed over SSH
- **Command blocking** — Deny dangerous commands (`rm -rf /`, `git push`, `shutdown`, etc.)
+- **Built-in templates** - Pre-configured rulesets for common workflows
- **SSH filtering** — Control which hosts and commands are allowed over SSH
+- **Violation monitoring** - Real-time logging of blocked requests (`-m`)
- **Environment hardening** — Strips dangerous env vars (`LD_PRELOAD`, `DYLD_*`, etc.)
+- **Cross-platform** - macOS (sandbox-exec) + Linux (bubblewrap)
 - **Violation monitoring** — Real-time logging of sandbox violations (`-m`)
 - **Shell completions** — `greywall completion bash|zsh|fish|powershell`
 - **Cross-platform** — Linux (bubblewrap + seccomp + Landlock + eBPF) and macOS (sandbox-exec)
-Greywall can also be used as a [Go package](docs/library.md).
+Greywall can be used as a Go package or CLI tool.
 ## Documentation
- [Documentation Index](docs/README.md)
+- [Index](/docs/README.md)
 - [Quickstart Guide](docs/quickstart.md)
 - [Why Greywall](docs/why-greywall.md)
 - [Configuration Reference](docs/configuration.md)
 - [Security Model](docs/security-model.md)
 - [Architecture](ARCHITECTURE.md)
 - [Linux Security Features](docs/linux-security-features.md)
 - [AI Agent Integration](docs/agents.md)
 - [Library Usage (Go)](docs/library.md)
- [Troubleshooting](docs/troubleshooting.md)
+- [Examples](examples/)
 ## Attribution
--- a/analysis.md
+++ b/analysis.md
--- a/cmd/greywall/main.go
+++ b/cmd/greywall/main.go
@@ -203,20 +203,19 @@ func runCommand(cmd *cobra.Command, args []string) error {
 		if templatePath != "" {
 			learnedCfg, loadErr := config.Load(templatePath)
-			switch {
+			if loadErr != nil {
 			case loadErr != nil:
 				if debug {
 					fmt.Fprintf(os.Stderr, "[greywall] Warning: failed to load learned template: %v\n", loadErr)
 				}
-			case learnedCfg != nil:
+			} else if learnedCfg != nil {
 				cfg = config.Merge(cfg, learnedCfg)
 				if debug {
 					fmt.Fprintf(os.Stderr, "[greywall] Auto-loaded learned template for %q\n", templateLabel)
 				}
-			case templateName != "":
+			} else if templateName != "" {
 				// Explicit --template but file doesn't exist
 				return fmt.Errorf("learned template %q not found at %s\nRun: greywall templates list", templateName, templatePath)
-			case cmdName != "":
+			} else if cmdName != "" {
 				// No template found for this command - suggest creating one
 				fmt.Fprintf(os.Stderr, "[greywall] No learned template for %q. Run with --learning to create one.\n", cmdName)
 			}
@@ -504,7 +503,7 @@ Examples:
 		RunE: func(cmd *cobra.Command, args []string) error {
 			name := args[0]
 			templatePath := sandbox.LearnedTemplatePath(name)
-			data, err := os.ReadFile(templatePath) //nolint:gosec // user-specified template path - intentional
+			data, err := os.ReadFile(templatePath)
 			if err != nil {
 				if os.IsNotExist(err) {
 					return fmt.Errorf("template %q not found\nRun: greywall templates list", name)
--- a/internal/sandbox/learning.go
+++ b/internal/sandbox/learning.go
@@ -166,11 +166,11 @@ func GenerateLearnedTemplate(straceLogPath, cmdName string, debug bool) (string,
 	// Save template
 	templatePath := LearnedTemplatePath(cmdName)
-	if err := os.MkdirAll(filepath.Dir(templatePath), 0o750); err != nil {
+	if err := os.MkdirAll(filepath.Dir(templatePath), 0o755); err != nil {
 		return "", fmt.Errorf("failed to create template directory: %w", err)
 	}
-	if err := os.WriteFile(templatePath, []byte(template), 0o600); err != nil {
+	if err := os.WriteFile(templatePath, []byte(template), 0o644); err != nil {
 		return "", fmt.Errorf("failed to write template: %w", err)
 	}
@@ -305,7 +305,11 @@ func isSensitivePath(path, home string) bool {
 	// Check GPG
 	gnupgDir := filepath.Join(home, ".gnupg")
-	return strings.HasPrefix(path, gnupgDir+"/")
+	if strings.HasPrefix(path, gnupgDir+"/") {
 		return true
 	}
 	return false
 }
 // getDangerousFilePatterns returns denyWrite entries for DangerousFiles.
--- a/internal/sandbox/learning_linux.go
+++ b/internal/sandbox/learning_linux.go
@@ -41,7 +41,7 @@ func ParseStraceLog(logPath string, debug bool) (*StraceResult, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to open strace log: %w", err)
 	}
-	defer func() { _ = f.Close() }()
+	defer f.Close()
 	home, _ := os.UserHomeDir()
 	seenWrite := make(map[string]bool)
--- a/internal/sandbox/learning_linux_test.go
+++ b/internal/sandbox/learning_linux_test.go
@@ -127,7 +127,7 @@ func TestParseStraceLog(t *testing.T) {
 	}, "\n")
 	logFile := filepath.Join(t.TempDir(), "strace.log")
-	if err := os.WriteFile(logFile, []byte(logContent), 0o600); err != nil {
+	if err := os.WriteFile(logFile, []byte(logContent), 0o644); err != nil {
 		t.Fatal(err)
 	}
--- a/internal/sandbox/learning_test.go
+++ b/internal/sandbox/learning_test.go
@@ -70,7 +70,9 @@ func TestFindApplicationDirectory(t *testing.T) {
 func TestCollapsePaths(t *testing.T) {
 	// Temporarily override home for testing
-	t.Setenv("HOME", "/home/testuser")
+	origHome := os.Getenv("HOME")
 	os.Setenv("HOME", "/home/testuser")
 	defer os.Setenv("HOME", origHome)
 	tests := []struct {
 		name        string
@@ -317,7 +319,9 @@ func TestToTildePath(t *testing.T) {
 func TestListLearnedTemplates(t *testing.T) {
 	// Use a temp dir to isolate from real user config
 	tmpDir := t.TempDir()
-	t.Setenv("XDG_CONFIG_HOME", tmpDir)
+	origConfigDir := os.Getenv("XDG_CONFIG_HOME")
 	os.Setenv("XDG_CONFIG_HOME", tmpDir)
 	defer os.Setenv("XDG_CONFIG_HOME", origConfigDir)
 	// Initially empty
 	templates, err := ListLearnedTemplates()
@@ -330,18 +334,10 @@ func TestListLearnedTemplates(t *testing.T) {
 	// Create some templates
 	dir := LearnedTemplateDir()
-	if err := os.MkdirAll(dir, 0o750); err != nil {
+	os.MkdirAll(dir, 0o755)
-		t.Fatal(err)
+	os.WriteFile(filepath.Join(dir, "opencode.json"), []byte("{}"), 0o644)
-	}
+	os.WriteFile(filepath.Join(dir, "myapp.json"), []byte("{}"), 0o644)
-	if err := os.WriteFile(filepath.Join(dir, "opencode.json"), []byte("{}"), 0o600); err != nil {
+	os.WriteFile(filepath.Join(dir, "notjson.txt"), []byte(""), 0o644) // should be ignored
 		t.Fatal(err)
 	}
 	if err := os.WriteFile(filepath.Join(dir, "myapp.json"), []byte("{}"), 0o600); err != nil {
 		t.Fatal(err)
 	}
 	if err := os.WriteFile(filepath.Join(dir, "notjson.txt"), []byte(""), 0o600); err != nil {
 		t.Fatal(err)
 	}
 	templates, err = ListLearnedTemplates()
 	if err != nil {
@@ -419,7 +415,9 @@ func TestBuildTemplateNoAllowRead(t *testing.T) {
 func TestGenerateLearnedTemplate(t *testing.T) {
 	// Create a temp dir for templates
 	tmpDir := t.TempDir()
-	t.Setenv("XDG_CONFIG_HOME", tmpDir)
+	origConfigDir := os.Getenv("XDG_CONFIG_HOME")
 	os.Setenv("XDG_CONFIG_HOME", tmpDir)
 	defer os.Setenv("XDG_CONFIG_HOME", origConfigDir)
 	// Create a fake strace log
 	home, _ := os.UserHomeDir()
@@ -432,7 +430,7 @@ func TestGenerateLearnedTemplate(t *testing.T) {
 	}, "\n")
 	logFile := filepath.Join(tmpDir, "strace.log")
-	if err := os.WriteFile(logFile, []byte(logContent), 0o600); err != nil {
+	if err := os.WriteFile(logFile, []byte(logContent), 0o644); err != nil {
 		t.Fatal(err)
 	}
@@ -446,7 +444,7 @@ func TestGenerateLearnedTemplate(t *testing.T) {
 	}
 	// Read and verify template
-	data, err := os.ReadFile(templatePath) //nolint:gosec // reading test-generated template file
+	data, err := os.ReadFile(templatePath)
 	if err != nil {
 		t.Fatalf("failed to read template: %v", err)
 	}
--- a/internal/sandbox/linux.go
+++ b/internal/sandbox/linux.go
@@ -519,14 +519,8 @@ func buildDenyByDefaultMounts(cfg *config.Config, cwd string, debug bool) []stri
 			if fileExists(p) && canMountOver(p) &&
 				!strings.HasPrefix(p, "/dev/") && !strings.HasPrefix(p, "/proc/") && !boundPaths[p] {
 				boundPaths[p] = true
-				// Create intermediary dirs if needed.
+				// Create intermediary dirs if needed
-				// For files, only create dirs up to the parent to avoid
+				for _, dir := range intermediaryDirs("/", p) {
 				// creating a directory at the file's path.
 				dirTarget := p
 				if !isDirectory(p) {
 					dirTarget = filepath.Dir(p)
 				}
 				for _, dir := range intermediaryDirs("/", dirTarget) {
 					if !isSystemMountPoint(dir) {
 						args = append(args, "--dir", dir)
 					}
@@ -539,11 +533,7 @@ func buildDenyByDefaultMounts(cfg *config.Config, cwd string, debug bool) []stri
 			if !ContainsGlobChars(normalized) && fileExists(normalized) && canMountOver(normalized) &&
 				!strings.HasPrefix(normalized, "/dev/") && !strings.HasPrefix(normalized, "/proc/") && !boundPaths[normalized] {
 				boundPaths[normalized] = true
-				dirTarget := normalized
+				for _, dir := range intermediaryDirs("/", normalized) {
 				if !isDirectory(normalized) {
 					dirTarget = filepath.Dir(normalized)
 				}
 				for _, dir := range intermediaryDirs("/", dirTarget) {
 					if !isSystemMountPoint(dir) {
 						args = append(args, "--dir", dir)
 					}
@@ -564,7 +554,7 @@ func buildDenyByDefaultMounts(cfg *config.Config, cwd string, debug bool) []stri
 				if emptyFile == "" {
 					emptyFile = filepath.Join(os.TempDir(), "greywall", "empty")
 					_ = os.MkdirAll(filepath.Dir(emptyFile), 0o750)
-					_ = os.WriteFile(emptyFile, nil, 0o444) //nolint:gosec // intentionally world-readable empty file for bind-mount masking
+					_ = os.WriteFile(emptyFile, nil, 0o444)
 				}
 				args = append(args, "--ro-bind", emptyFile, p)
 				if debug {
@@ -681,28 +671,19 @@ func WrapCommandLinuxWithOptions(cfg *config.Config, command string, proxyBridge
 			bwrapArgs = append(bwrapArgs, "--bind", cwd, cwd)
 		}
 		// Make XDG_RUNTIME_DIR writable so dconf and other runtime services
 		// (Wayland, PulseAudio, D-Bus) work inside the sandbox.
 		// Writes to /run/ are already filtered out by the learning parser.
 		xdgRuntime := os.Getenv("XDG_RUNTIME_DIR")
 		if xdgRuntime != "" && fileExists(xdgRuntime) {
 			bwrapArgs = append(bwrapArgs, "--bind", xdgRuntime, xdgRuntime)
 		}
 	}
 	defaultDenyRead := cfg != nil && cfg.Filesystem.IsDefaultDenyRead()
-	switch {
+	if opts.Learning {
 	case opts.Learning:
 		// Skip defaultDenyRead logic in learning mode (already set up above)
-	case defaultDenyRead:
+	} else if defaultDenyRead {
 		// Deny-by-default mode: start with empty root, then whitelist system paths + CWD
 		if opts.Debug {
 			fmt.Fprintf(os.Stderr, "[greywall:linux] DefaultDenyRead mode enabled - tmpfs root with selective mounts\n")
 		}
 		bwrapArgs = append(bwrapArgs, buildDenyByDefaultMounts(cfg, cwd, opts.Debug)...)
-	default:
+	} else {
 		// Legacy mode: bind entire root filesystem read-only
 		bwrapArgs = append(bwrapArgs, "--ro-bind", "/", "/")
 	}
@@ -938,7 +919,7 @@ func WrapCommandLinuxWithOptions(cfg *config.Config, command string, proxyBridge
 					// Supported by glibc, Go 1.21+, c-ares, and most DNS resolver libraries.
 					_, _ = tmpResolv.WriteString("nameserver 1.1.1.1\nnameserver 8.8.8.8\noptions use-vc\n")
 				}
-				_ = tmpResolv.Close()
+				tmpResolv.Close()
 				dnsRelayResolvConf = tmpResolv.Name()
 				bwrapArgs = append(bwrapArgs, "--ro-bind", dnsRelayResolvConf, "/etc/resolv.conf")
 				if opts.Debug {
@@ -976,14 +957,6 @@ func WrapCommandLinuxWithOptions(cfg *config.Config, command string, proxyBridge
 		fmt.Fprintf(os.Stderr, "[greywall:linux] Skipping Landlock wrapper (running as library, not greywall CLI)\n")
 	}
 	// Bind-mount the greywall binary into the sandbox so the Landlock wrapper
 	// can re-execute it. Without this, running greywall from a directory that
 	// isn't the CWD (e.g., ~/bin/greywall from /home/user/project) would fail
 	// because the binary path doesn't exist inside the sandbox.
 	if useLandlockWrapper && greywallExePath != "" {
 		bwrapArgs = append(bwrapArgs, "--ro-bind", greywallExePath, greywallExePath)
 	}
 	bwrapArgs = append(bwrapArgs, "--", shellPath, "-c")
 	// Build the inner command that sets up tun2socks and runs the user command
@@ -1094,8 +1067,7 @@ sleep 0.3
 	// after the main command exits; the user can Ctrl+C to stop it.
 	// A SIGCHLD trap kills strace once its direct child exits, handling
 	// the common case of background daemons (LSP servers, watchers).
-	switch {
+	if opts.Learning && opts.StraceLogPath != "" {
 	case opts.Learning && opts.StraceLogPath != "":
 		innerScript.WriteString(fmt.Sprintf(`# Learning mode: trace filesystem access (foreground for terminal access)
 strace -f -qq -I2 -e trace=openat,open,creat,mkdir,mkdirat,unlinkat,renameat,renameat2,symlinkat,linkat -o %s -- %s
 GREYWALL_STRACE_EXIT=$?
@@ -1107,7 +1079,7 @@ exit $GREYWALL_STRACE_EXIT
 `,
 			ShellQuoteSingle(opts.StraceLogPath), command,
 		))
-	case useLandlockWrapper:
+	} else if useLandlockWrapper {
 		// Use Landlock wrapper if available
 		// Pass config via environment variable (serialized as JSON)
 		// This ensures allowWrite/denyWrite rules are properly applied
@@ -1128,7 +1100,7 @@ exit $GREYWALL_STRACE_EXIT
 		// Use exec to replace bash with the wrapper (which will exec the command)
 		innerScript.WriteString(fmt.Sprintf("exec %s\n", ShellQuote(wrapperArgs)))
-	default:
+	} else {
 		innerScript.WriteString(command)
 		innerScript.WriteString("\n")
 	}
--- a/internal/sandbox/linux_features.go
+++ b/internal/sandbox/linux_features.go
@@ -370,7 +370,7 @@ func suggestInstallCmd(features *LinuxFeatures) string {
 }
 func readSysctl(name string) string {
-	data, err := os.ReadFile("/proc/sys/" + name) //nolint:gosec // reading sysctl values - trusted kernel path
+	data, err := os.ReadFile("/proc/sys/" + name)
 	if err != nil {
 		return ""
 	}
--- a/internal/sandbox/linux_landlock.go
+++ b/internal/sandbox/linux_landlock.go
@@ -201,7 +201,7 @@ type LandlockRuleset struct {
 func NewLandlockRuleset(debug bool) (*LandlockRuleset, error) {
 	features := DetectLinuxFeatures()
 	if !features.CanUseLandlock() {
-		return nil, fmt.Errorf("landlock not available (kernel %d.%d, need 5.13+)",
+		return nil, fmt.Errorf("Landlock not available (kernel %d.%d, need 5.13+)",
 			features.KernelMajor, features.KernelMinor)
 	}
@@ -438,7 +438,7 @@ func (l *LandlockRuleset) addPathRule(path string, access uint64) error {
 // Apply applies the Landlock ruleset to the current process.
 func (l *LandlockRuleset) Apply() error {
 	if !l.initialized {
-		return fmt.Errorf("landlock ruleset not initialized")
+		return fmt.Errorf("Landlock ruleset not initialized")
 	}
 	// Set NO_NEW_PRIVS first (required for Landlock)
--- a/internal/sandbox/manager.go
+++ b/internal/sandbox/manager.go
@@ -78,7 +78,7 @@ func (m *Manager) Initialize() error {
 			bridge, err := NewProxyBridge(m.config.Network.ProxyURL, m.debug)
 			if err != nil {
 				if m.tun2socksPath != "" {
-					_ = os.Remove(m.tun2socksPath)
+					os.Remove(m.tun2socksPath)
 				}
 				return fmt.Errorf("failed to initialize proxy bridge: %w", err)
 			}
@@ -90,7 +90,7 @@ func (m *Manager) Initialize() error {
 				if err != nil {
 					m.proxyBridge.Cleanup()
 					if m.tun2socksPath != "" {
-						_ = os.Remove(m.tun2socksPath)
+						os.Remove(m.tun2socksPath)
 					}
 					return fmt.Errorf("failed to initialize DNS bridge: %w", err)
 				}
@@ -108,7 +108,7 @@ func (m *Manager) Initialize() error {
 					m.proxyBridge.Cleanup()
 				}
 				if m.tun2socksPath != "" {
-					_ = os.Remove(m.tun2socksPath)
+					os.Remove(m.tun2socksPath)
 				}
 				return fmt.Errorf("failed to initialize reverse bridge: %w", err)
 			}
@@ -166,7 +166,7 @@ func (m *Manager) wrapCommandLearning(command string) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to create strace log file: %w", err)
 	}
-	_ = tmpFile.Close()
+	tmpFile.Close()
 	m.straceLogPath = tmpFile.Name()
 	m.logDebug("Strace log file: %s", m.straceLogPath)
@@ -193,7 +193,7 @@ func (m *Manager) GenerateLearnedTemplate(cmdName string) (string, error) {
 	}
 	// Clean up strace log since we've processed it
-	_ = os.Remove(m.straceLogPath)
+	os.Remove(m.straceLogPath)
 	m.straceLogPath = ""
 	return templatePath, nil
@@ -211,10 +211,10 @@ func (m *Manager) Cleanup() {
 		m.proxyBridge.Cleanup()
 	}
 	if m.tun2socksPath != "" {
-		_ = os.Remove(m.tun2socksPath)
+		os.Remove(m.tun2socksPath)
 	}
 	if m.straceLogPath != "" {
-		_ = os.Remove(m.straceLogPath)
+		os.Remove(m.straceLogPath)
 		m.straceLogPath = ""
 	}
 	m.logDebug("Sandbox manager cleaned up")
--- a/internal/sandbox/tun2socks_embed.go
+++ b/internal/sandbox/tun2socks_embed.go
@@ -38,14 +38,14 @@ func extractTun2Socks() (string, error) {
 	}
 	if _, err := tmpFile.Write(data); err != nil {
-		_ = tmpFile.Close()
+		tmpFile.Close()
-		_ = os.Remove(tmpFile.Name())
+		os.Remove(tmpFile.Name())
 		return "", fmt.Errorf("tun2socks: failed to write binary: %w", err)
 	}
-	_ = tmpFile.Close()
+	tmpFile.Close()
-	if err := os.Chmod(tmpFile.Name(), 0o755); err != nil { //nolint:gosec // executable binary needs execute permission
+	if err := os.Chmod(tmpFile.Name(), 0o755); err != nil {
-		_ = os.Remove(tmpFile.Name())
+		os.Remove(tmpFile.Name())
 		return "", fmt.Errorf("tun2socks: failed to make executable: %w", err)
 	}
--- a/scripts/release.sh
+++ b/scripts/release.sh
@@ -149,5 +149,5 @@ git push origin "$NEW_VERSION"
 echo ""
 info "✓ Released $NEW_VERSION"
-info "Gitea Actions will now build and publish the release."
+info "GitHub Actions will now build and publish the release."
 info "Watch progress at: https://gitea.app.monadical.io/monadical/greywall/actions"