monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-13. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
da3a2ac3a46adc0e0c07c253640d9796945c503c
greywall/docs/recipes/npm-install.md
Mathieu Virbel da3a2ac3a4 rename Fence to Greywall as GreyHaven sandboxing component 
Rebrand the project from Fence to Greywall, the sandboxing layer of the
GreyHaven platform. This updates:

- Go module path to gitea.app.monadical.io/monadical/greywall
- Binary name, CLI help text, and all usage examples
- Config paths (~/.config/greywall/greywall.json), env vars (GREYWALL_*)
- Log prefixes ([greywall:*]), temp file prefixes (greywall-*)
- All documentation, scripts, CI workflows, and example files
- README rewritten with GreyHaven branding and Fence attribution

Directory/file renames: cmd/fence → cmd/greywall, pkg/fence → pkg/greywall,
docs/why-fence.md → docs/why-greywall.md, example JSON files, and banner.
2026-02-10 16:00:24 -06:00

750 B
Raw Blame History

Recipe: npm install

Goal: allow npm to fetch packages, but block unexpected egress.

Start restrictive

{
  "network": {
    "allowedDomains": ["registry.npmjs.org", "*.npmjs.org"]
  },
  "filesystem": {
    "allowWrite": [".", "node_modules", "/tmp"]
  }
}

Run:

greywall --settings ./greywall.json npm install

Iterate with monitor mode

If installs fail, run:

greywall -m --settings ./greywall.json npm install

Then add the minimum extra domains required for your workflow (private registries, GitHub tarballs, etc.).

Notes:

  • If your dependencies fetch binaries during install, you may need to allow additional domains.
  • Keep allowlists narrow; prefer specific hostnames over broad wildcards.
Reference in New Issue View Git Blame Copy Permalink