Archived

This repository has been archived on 2026-03-13. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Files

Mathieu Virbel da3a2ac3a4 rename Fence to Greywall as GreyHaven sandboxing component

Rebrand the project from Fence to Greywall, the sandboxing layer of the
GreyHaven platform. This updates:

- Go module path to gitea.app.monadical.io/monadical/greywall
- Binary name, CLI help text, and all usage examples
- Config paths (~/.config/greywall/greywall.json), env vars (GREYWALL_*)
- Log prefixes ([greywall:*]), temp file prefixes (greywall-*)
- All documentation, scripts, CI workflows, and example files
- README rewritten with GreyHaven branding and Fence attribution

Directory/file renames: cmd/fence → cmd/greywall, pkg/fence → pkg/greywall,
docs/why-fence.md → docs/why-greywall.md, example JSON files, and banner.

2026-02-10 16:00:24 -06:00

596 B

Raw Blame History

Recipe: CI jobs

Goal: make CI steps safer by default: minimal egress and controlled writes.

Suggested baseline

{
  "network": {
    "allowedDomains": []
  },
  "filesystem": {
    "allowWrite": [".", "/tmp"]
  }
}

Run:

greywall --settings ./greywall.json -c "make test"

Add only what you need

Use monitor mode to discover what a job tries to reach:

greywall -m --settings ./greywall.json -c "make test"

Then allowlist only:

your artifact/cache endpoints
the minimum package registries required
any internal services the job must access

596 B Raw Blame History

Recipe: CI jobs

Suggested baseline

Add only what you need

596 B

Raw Blame History