monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-13. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
5145016c4e1672fe0c0501565a9b18a87185d508
greywall/docs/templates.md
Mathieu Virbel da3a2ac3a4 rename Fence to Greywall as GreyHaven sandboxing component 
Rebrand the project from Fence to Greywall, the sandboxing layer of the
GreyHaven platform. This updates:

- Go module path to gitea.app.monadical.io/monadical/greywall
- Binary name, CLI help text, and all usage examples
- Config paths (~/.config/greywall/greywall.json), env vars (GREYWALL_*)
- Log prefixes ([greywall:*]), temp file prefixes (greywall-*)
- All documentation, scripts, CI workflows, and example files
- README rewritten with GreyHaven branding and Fence attribution

Directory/file renames: cmd/fence → cmd/greywall, pkg/fence → pkg/greywall,
docs/why-fence.md → docs/why-greywall.md, example JSON files, and banner.
2026-02-10 16:00:24 -06:00

2.5 KiB
Raw Blame History

Config Templates

Greywall includes built-in config templates for common use cases. Templates are embedded in the binary, so you can use them directly without copying files.

Using templates

Use the -t / --template flag to apply a template:

# Use a built-in template
greywall -t npm-install npm install

# Wraps Claude Code
greywall -t code -- claude

# List available templates
greywall --list-templates

You can also copy and customize templates from internal/templates/.

Extending templates

Instead of copying and modifying templates, you can extend them in your config file using the extends field:

{
  "extends": "code",
  "network": {
    "allowedDomains": ["private-registry.company.com"]
  }
}

This inherits all settings from the code template and adds your private registry. Settings are merged:

  • Slice fields (domains, paths, commands): Appended and deduplicated
  • Boolean fields: OR logic (true if either enables it)
  • Integer fields (ports): Override wins (0 keeps base value)

Extending files

You can also extend other config files using file paths:

{
  "extends": "./shared/base-config.json",
  "network": {
    "allowedDomains": ["extra-domain.com"]
  }
}

The extends value is treated as a file path if it contains / or \, or starts with .. Relative paths are resolved relative to the config file's directory. The extended file is validated before merging.

Chains are supported: a file can extend a template, and another file can extend that file. Circular extends are detected and rejected.

Example: Company-specific AI agent config

{
  "extends": "code",
  "network": {
    "allowedDomains": [
      "internal-npm.company.com",
      "artifactory.company.com"
    ],
    "deniedDomains": ["competitor-analytics.com"]
  },
  "filesystem": {
    "denyRead": ["~/.company-secrets/**"]
  }
}

This config:

  • Extends the battle-tested code template
  • Adds company-specific package registries
  • Adds additional telemetry/analytics to deny list
  • Protects company-specific secret directories

Available Templates

Template Description
code Production-ready config for AI coding agents (Claude Code, Codex, Copilot, etc.)
code-relaxed Like code but allows direct network for apps that ignore HTTP_PROXY
git-readonly Blocks destructive commands like git push, rm -rf, etc.
local-dev-server Allow binding and localhost outbound; allow writes to workspace/tmp
Reference in New Issue View Git Blame Copy Permalink