monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

Commit Graph

  • b1ad4b9803 chore(ci): update golangci-lint and fix script paths fix-install.sh juanarias8 2026-03-10 20:35:56 -05:00
  • 9a3d863696 test(install): add script to test install logic juanarias8 2026-03-10 14:26:18 -05:00
  • 8565916178 feat(install): improve version tag validation and update download URL juanarias8 2026-03-10 14:25:52 -05:00
  • 473f1620d5 feat: adopt kardianos/service for daemon lifecycle management mathieu/macos-gap-fixes Mathieu Virbel 2026-03-04 14:48:01 -06:00
  • 58626c64e5 feat: add --http-proxy flag for configurable HTTP CONNECT proxy Mathieu Virbel 2026-03-04 12:47:57 -06:00
  • f05b4a6b4c fix: include user/password in HTTP_PROXY URL for macOS daemon mode Mathieu Virbel 2026-03-04 12:43:10 -06:00
  • 0e3dc23639 fix: set HTTP_PROXY for macOS daemon mode alongside ALL_PROXY Mathieu Virbel 2026-03-04 12:40:27 -06:00
  • f4a5c98328 feat: add greywall check and greywall setup commands main Mathieu Virbel 2026-03-04 08:37:49 -06:00
  • 5145016c4e fix: default proxy/DNS to GreyProxy ports (43052/43053) Mathieu Virbel 2026-03-04 07:32:39 -06:00
  • 20ee23c1c3 fix: use socks5h:// for macOS daemon DNS resolution through proxy Mathieu Virbel 2026-03-02 12:04:36 -06:00
  • 796c22f736 fix: don't inject SOCKS5 proxy env vars in macOS daemon mode Mathieu Virbel 2026-02-26 17:46:21 -06:00
  • 562f9bb65e fix: preserve terminal env vars through sudo in macOS daemon mode Mathieu Virbel 2026-02-26 17:39:33 -06:00
  • 9d5d852860 feat: switch macOS learning mode from fs_usage to eslogger Mathieu Virbel 2026-02-26 17:23:43 -06:00
  • e05b54ec1b chore: ignore tun2socks source directory in gitignore Mathieu Virbel 2026-02-26 09:49:20 -06:00
  • cb474b2d99 feat: add macOS daemon support with group-based pf routing Mathieu Virbel 2026-02-26 09:46:33 -06:00
  • cfe29d2c0b feat: switch macOS daemon from user-based to group-based pf routing Mathieu Virbel 2026-02-25 19:20:01 -06:00
  • 4ea4592d75 docs: add macOS learning mode analysis with fs_usage approach Mathieu Virbel 2026-02-22 19:07:30 -06:00
  • 62bf37d481 fix: bind-mount greywall binary for Landlock wrapper re-execution Mathieu Virbel 2026-02-22 16:56:45 -06:00
  • ed6517cc24 fix: make xdg_runtime_dir writable for desktop application Mathieu Virbel 2026-02-22 12:04:01 -06:00
  • 2061dfe63b docs: rewrite README to reflect current architecture Mathieu Virbel 2026-02-17 07:15:02 -06:00
  • 5aeb9c86c0 fix: resolve all golangci-lint v2 warnings (29 issues) Mathieu Virbel 2026-02-13 19:20:40 -06:00
  • 626eaa1895 fix: upgrade golangci Mathieu Virbel 2026-02-13 19:13:37 -06:00
  • 18c18ec3a8 fix: avoid creating directory at file path in allowRead bwrap mounts Mathieu Virbel 2026-02-13 13:53:19 -06:00
  • f4c9422f77 feat: migrate CI and releases from GitHub Actions to Gitea Actions Mathieu Virbel 2026-02-13 12:20:32 -06:00
  • c19370f8b3 feat: deny-by-default filesystem isolation Mathieu Virbel 2026-02-13 11:39:18 -06:00
  • a04f5feee2 fix: prevent learning mode from collapsing read paths to $HOME feat-isolation Mathieu Virbel 2026-02-13 11:38:51 -06:00
  • c95fca830b docs: add Linux deny-by-default lessons to experience.md Mathieu Virbel 2026-02-12 20:16:37 -06:00
  • 5affaf77a5 feat: deny-by-default filesystem isolation Mathieu Virbel 2026-02-12 20:15:40 -06:00
  • b55b3364af feat: add dependency status to --version and document AppArmor userns fix Mathieu Virbel 2026-02-11 19:31:24 -06:00
  • 70d0685c97 fix: use UDP instead of TCP for DNS bridge to host DNS server Mathieu Virbel 2026-02-11 19:30:56 -06:00
  • a470f86ee4 fix: resolve ENXIO error and skip template on failed learning runs Mathieu Virbel 2026-02-11 18:38:26 -06:00
  • 7e85083c38 feat: default to GreyHaven proxy and DNS infrastructure Mathieu Virbel 2026-02-11 18:16:35 -06:00
  • 267c82f4bd feat: default DNS to localhost:5353 when proxy is configured Mathieu Virbel 2026-02-11 18:07:58 -06:00
  • 3dd772d35a feat: add --learning mode, --template flag, and fix DNS relay Mathieu Virbel 2026-02-11 08:22:53 -06:00
  • 631db40665 remove banner image and assets directory Mathieu Virbel 2026-02-10 16:23:19 -06:00
  • 5bb42db57a fix: add GreyHaven copyright and update security contact Mathieu Virbel 2026-02-10 16:10:12 -06:00
  • dc5487c965 Add CLAUDE.md with project conventions and quick reference Mathieu Virbel 2026-02-10 16:06:22 -06:00
  • da3a2ac3a4 rename Fence to Greywall as GreyHaven sandboxing component Mathieu Virbel 2026-02-10 16:00:24 -06:00
  • 481616455a fix: add SOCKS5 auth, DNS bridge, and TUN capability support Mathieu Virbel 2026-02-10 14:57:56 -06:00
  • 9cb65151ee Replace built-in proxies with tun2socks transparent proxying Mathieu Virbel 2026-02-09 20:41:12 -06:00
  • da5f61e390 fix: handle cross-mount resolv.conf symlinks in sandbox (#32) JY Tan 2026-02-08 15:22:31 -08:00
  • b8b12ebe31 fix: resolve /etc/resolv.conf symlinks for DNS in sandbox (#31) JY Tan 2026-02-08 13:15:16 -08:00
  • 9db1ae8b54 fix: preserve argument boundaries when passing commands via -- JY Tan 2026-02-05 16:55:55 -08:00
  • 7cc9fb3427 Add gh CLI commands to code template JY Tan 2026-02-02 12:06:55 -08:00
  • 8630789c39 Add TODO comment JY Tan 2026-02-02 11:53:40 -08:00
  • 37b154bc94 fix(linux): remove expensive glob expansion for mandatory deny patterns JY Tan 2026-02-02 10:22:13 -08:00
  • b14f70782d Update README.md JY Tan 2026-02-01 17:25:12 -08:00
  • c8621e8f6c feat: use OS-preferred config directory (#26) JY Tan 2026-02-01 16:17:33 -08:00
  • 7679fecf06 feat: add defaultDenyRead mode for strict filesystem isolation (#24) JY Tan 2026-02-01 15:11:40 -08:00
  • cef3576076 chore: update code template for Droid (Factory CLI) JY Tan 2026-02-01 12:16:31 -08:00
  • 20b7718ce8 fix: handle macOS /tmp symlink in sandbox allowWrite paths (#23) JY Tan 2026-01-26 14:30:54 -08:00
  • 006d3b0cc6 Update README.md JY Tan 2026-01-25 16:57:37 -08:00
  • 0abc268968 Add CODEOWNERS file JY Tan 2026-01-25 11:49:28 -08:00
  • 93243e75e1 feat: shell completion script generation (#22) JY Tan 2026-01-25 10:57:22 -08:00
  • 27dfd1da93 test: add denyRead integration tests for files and directories (#15) priuatus 2026-01-23 20:22:17 +02:00
  • 9bb11a2f40 chore: update code template for OpenCode and Gemini CLI (#20) JY Tan 2026-01-22 15:41:30 -08:00
  • 5b57527a83 fix: filter directory-only Landlock rights for non-directory paths (#17) JY Tan 2026-01-21 12:35:35 -08:00
  • 5d01a01883 fix: handle files and symlinks correctly in denyRead paths (#14) JY Tan 2026-01-21 02:26:51 -08:00
  • 06c2cc9a34 fix: network namespace detection false negative (#12) priuatus 2026-01-20 21:30:18 +02:00
  • 89301f8c8a Update README.md JY Tan 2026-01-19 20:45:43 -08:00
  • 5ef2ce5719 Improve docs organization JY Tan 2026-01-17 16:11:48 -08:00
  • 20fa647ccc feat: support ssh commands (#10) JY Tan 2026-01-17 15:36:51 -08:00
  • 3c3f28b32c docs: add more information about nested sandboxing and integration test skip behavior JY Tan 2026-01-17 13:39:03 -08:00
  • 71c211c9ab fix: improve skip logic for Landlock tests in integration_linux_test.go JY Tan 2026-01-17 13:15:23 -08:00
  • d53d123fb6 Update README.md JY Tan 2026-01-15 15:18:35 -08:00
  • 9496f7f0f0 Update README.md JY Tan 2026-01-15 15:13:12 -08:00
  • f3ac2d72f4 feat: ability to import claude code settings as configs (#7) JY Tan 2026-01-15 14:55:44 -08:00
  • 800a50b457 Add support for config inheritance JY Tan 2026-01-05 17:23:14 -08:00
  • 83fa7a76ee Update templates JY Tan 2025-12-29 14:45:51 -08:00
  • 90cd0a0a4b Add code-relaxed template, handle wildcard network allow JY Tan 2025-12-29 01:39:41 -08:00
  • d8e55d9515 Introduce built-in templates for enhanced configuration options, support JSONC format JY Tan 2025-12-28 22:16:50 -08:00
  • 8317bb96bc perf: add benchmarks (#5) JY Tan 2025-12-28 00:38:01 -08:00
  • 6c21e008c3 Handle library usage and missing network namespace gracefully JY Tan 2025-12-26 16:19:07 -08:00
  • 6fdd1af057 test: add integration and smoke tests (#4) JY Tan 2025-12-26 14:56:20 -08:00
  • f86d9a2c82 Add environment sanitization JY Tan 2025-12-25 20:47:11 -08:00
  • 32d785c703 Remove unnecessary file JY Tan 2025-12-25 19:20:58 -08:00
  • 47de3e431c Add ability to block commands JY Tan 2025-12-25 19:03:01 -08:00
  • 6159bdd38a Lint linux files JY Tan 2025-12-25 18:23:57 -08:00
  • 08ed28f88f Enhance Linux sandbox security features with Landlock, seccomp, and eBPF monitoring JY Tan 2025-12-25 17:33:55 -08:00
  • a8158a39b3 Update docs JY Tan 2025-12-23 20:51:01 -08:00
  • a65c7ce308 Add install script JY Tan 2025-12-23 20:31:23 -08:00
  • dcdfff1fde Update README.md JY Tan 2025-12-23 18:54:01 -08:00
  • 8db245f56e Refactor and improve documentation, add examples JY Tan 2025-12-23 18:43:07 -08:00
  • b98b640f5a Add support for local outbound connections in sandbox configuration JY Tan 2025-12-22 15:55:01 -08:00
  • 10c571e7d9 Update docs JY Tan 2025-12-19 21:07:55 -08:00
  • b16f76e7b7 Enhance filesystem protection in Linux sandbox JY Tan 2025-12-19 12:27:17 -08:00
  • b220c42614 Refine log monitoring predicate to filter for specific session violations JY Tan 2025-12-19 12:24:01 -08:00
  • 34d6e51c4b Add versioning support JY Tan 2025-12-19 12:22:51 -08:00
  • 299adcae33 Lint tests JY Tan 2025-12-18 17:58:26 -08:00
  • 2abda47b0a Update README.md JY Tan 2025-12-18 17:51:04 -08:00
  • 549c504585 Add unit tests JY Tan 2025-12-18 17:50:04 -08:00
  • a3a926b970 Update README.md JY Tan 2025-12-18 17:24:32 -08:00
  • 938c47071d Update README.md JY Tan 2025-12-18 17:21:00 -08:00
  • cc031fe176 Minor changes JY Tan 2025-12-18 17:14:19 -08:00
  • 1a1eaae237 Add SECURITY.md JY Tan 2025-12-18 17:02:20 -08:00
  • 14a737a36b Lint project JY Tan 2025-12-18 17:02:09 -08:00
  • 55230dd774 Add GoReleaser configuration, CI workflows, and contributing guidelines; update .gitignore and Makefile JY Tan 2025-12-18 16:45:12 -08:00
  • accce04769 Add license JY Tan 2025-12-18 15:52:08 -08:00
  • 35d1f1ea22 Enhance violation monitoring JY Tan 2025-12-18 15:49:05 -08:00
  • c02c91f051 Initial commit JY Tan 2025-12-18 13:14:07 -08:00