Releases: moolen/bbox
Releases · moolen/bbox
v0.2.6
v0.2.5
Changelog
- b9e5460 fix: restore PATH-derived bin mounts
- b110bcc Merge pull request #2 from moolen/feature/opencode-ci-smoke
- 186bca6 ci: skip unsupported proxy loopback setup
- 9b76e5a ci: run opencode smoke suite
- d453fc8 fix: keep buffered stdin runs non-interactive
- 5f025e4 feat: add opencode smoke runner
- c714100 test: cover opencode smoke runner
- 7a05246 docs: add opencode ci smoke plan
- f044239 docs: add opencode ci smoke design
- be977fd test: skip proxy loopback setup failures in ci
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
Changelog
- d5dad8e Merge branch 'feature/structured-mounts'
- 9a4fe14 feat: add policy to config
- 91eb4e3 feat: finalize structured mount rollout
- 6ce430f feat: add structured bbox cli mounts
- ea23309 feat: add typed mounts and linux empty dirs
- deebe3b fix: stabilize transparent seccomp managed fd ranges
- 22e968e docs: add structured mounts design spec
- 3fa4f1b feat: add bbox config flag
- f822a61 feat: detect additional opaque tcp protocols
- dde37c2 feat: add protocol observability for transparent tcp and grpc
- d423a92 fix: omit empty protocol metadata in access log JSON
- 6512cf8 feat: add protocol metadata to access logs
- a1ff295 docs: add protocol observability plan
- d50ebaa docs: add protocol observability spec
- 7cc6d58 fix: drain darwin command pipes before wait
- fc9197b fix: decouple sandbox validation from builder tooling
- aef7029 fix: restore ci coverage on master
- 8360c30 fix: make architecture checks portable in ci
- 5e256b9 fix: avoid seccomp launcher sendmsg fd collision
- 4d284be refactor: isolate helper and docker build internals
- 26c94e5 refactor: trim sandboxroot compatibility facade
- f9aeabd refactor: extract sandbox root staging
- 2eead89 test: cover cli changed flag overrides
- 0be3acf refactor: delegate cli command execution flow
- 168be34 test: cover effective cli config normalization
- 9890da2 refactor: normalize cli config flow
- 1b6e65a test: tighten task-1 env-shaping and helper naming
- ba236f9 test: tighten characterization task-1 coverage
- 1efe070 test: add architecture characterization coverage
- a81201f fix: scope transparent dns and vendored build fixtures
- 889b04e feat: support rootless docker build sandboxes
- 5c5f2b8 feat: generate docker build java and maven proxy config
- f9f0c4c fix: inject java and maven env only once per stage
- 0e53b48 fix: decouple java and maven trust injection
- 72c9814 fix: derive trust injection from staged assets
- 035f743 fix: use injected java truststore path in maven settings
- 1b4927d feat: stage java truststore for docker builds
- 9ac4af4 test: relax java proxy flag ordering
- c272c4e test: tighten task 1 red assertions
- bed24a6 test: tighten red trust/proxy fixtures
- 7b7f1bb test: cover docker build java maven trust inputs
- c7b9624 docs: add java maven docker build trust design
- d5fecbc test: cover lowercase docker build proxy env stripping
- 9d97d70 fix: preserve proxy env for docker build runtime
- c376ab0 docs: add docker build proxy-mode design
- 682e09a Merge branch 'feature/docker-build-shim'
- aa7a03f feat: add rootless docker build sandbox
- c26c954 Stabilize DNS integration tests
- 09280fd Add Docker socket policy proxy controls
- 090a684 feat: proxy docker socket requests through manager policy
- f15777e test: harden docker build policy parsing
- 03d3f21 feat: add docker build policy checks
- 422e9ee test: harden docker socket request normalization
- 2b0b9ba feat: map docker socket requests to operations
- 0b8a445 test: tighten docker socket policy validation coverage
- 235a318 feat: add docker socket policy types
- f209a77 docs: add docker socket policy design
- 72fbca7 fix: preserve piped stdin and harden PATH mounts
- 0b67946 feat: add macos backend and config-driven policy flow
- bd1d0a9 test/docs: remove redundant mitm test and clarify precedence
- 1e28ebd feat: add bbox yaml config support
- 7662146 fix: honor clear-env overrides and remove dead cli policy code
- e1d6760 fix: honor cobra changed-state for bbox config precedence
- 7ba3ec4 feat: load bbox cli policy from config file
- a1bb81c test: relax unknown-key decode assertion
- b73e0a8 fix: preserve explicit config overrides in merge semantics
- 9ba793e fix: align bbox yaml task1 schema and fixtures
- 2773b0c feat: add bbox cli config loading
- 7a47090 docs: add bbox config file design
- 747ad47 Stabilize launcher verification in CI
- e80da5f Add audit mode and access reporting
- 6d13cb9 docs: add audit mode design
- ab4d317 fix: drop removed helper dns flag
- b898b3e feat: ship bbox as the only runtime binary
- 7064564 feat: launch transparent payloads from embedded memfd launcher
- 19a9013 fix: embed launcher payloads for both supported arches
- fac5bb3 build: embed seccomp launcher payloads
- 5a6bc8b refactor: remove helper resolver compatibility aliases
- 546b923 fix: build launcher in runtime fallback
- 460e586 refactor: stage bbox as the sandbox entrypoint
- 7461d84 refactor: extract bbox internal helper entrypoint
- b82ba4d docs: add single-binary bbox implementation plan
- b490925 Merge branch 'remove-transparent-dns-listener'
- 9032268 test: remove stale dns server coverage
- 2b50193 test: drop removed dns config from runtime test
- d16eb36 refactor: remove transparent dns listener plumbing
- 0629c7f refactor: require dns round trip for transparent dns
- bcff078 test: drop ignored dns-addr from runtime helpers
- 6dad6db test: tighten transparent runtime dns-addr coverage
- 2ad0e32 test: remove obsolete transparent dns runtime coverage
- b770e98 refactor: remove transparent dns listener startup
- ab00168 test: accept tcp-only transparent readiness
- 5506e7a docs: add single-binary bbox design
- 1dc5ed7 docs: add transparent dns listener removal design
- 82d4a23 docs: rewrite README
- 0e2cd4d build: pin local goreleaser smoke version
- a607501 ci: pin workflow actions to node24 releases
v0.1.0
Changelog
- 96b5f0b build: stabilize multi-arch release env setup
- 5a238ca ci: install gperf for cross libseccomp builds
- 67618dc ci: exclude privileged integration suite on hosted runners
- 8304c27 build: add multi-arch release pipeline
- c81b720 feat: finish seccomp transparent http and dns runtime
- 5998600 feat: supervise transparent payload execs
- fea2c7b feat: add seccomp notify supervisor
- eb3fb6c feat: add host dns forwarding and ip policy rules
- ad86c4a feat: add dns bridge protocol support
- fc6c698 feat: bundle seccomp launcher for transparent mode
- 7a4f943 docs: add seccomp transparent http dns plan
- 51f6de3 docs: add seccomp unotify transparent http dns design
- 20290a1 docs: update Docker bwrap guidance
- 410890b Merge branch 'refactor/internal-architecture'
- 65177bb refactor: finish internal architecture cleanup
- 0e8fd3a refactor: extract host bridge client collaborators
- 4c98b47 refactor: extract manager traffic services
- bc6ce1a refactor: extract manager registry and helper resolution
- 6df9f76 build: add agent container workflow
- 29476b6 refactor: extract helper runtime ingress and exec
- 1a2aafa refactor: narrow helper runtime bridge api
- ddc83fb refactor: extract helper runtime bridge coordination
- 7dcfbd0 fix: harden helper runtime dns tcp framing
- cfcba99 refactor: extract helper runtime leaf packages
- c5cfdb1 test: tighten seam assertions for mismatch and idempotency
- aa62683 test: lock runtime manager and client seams
- a0cb946 docs: add internal architecture refactor plan
- 119a0e6 docs: add internal architecture refactor design
- 7a03117 feat: add bbox cli and sandbox hardening
- 0c99cf3 docs: add sandbox architecture article
- 8789ed5 Merge remote-tracking branch 'origin/main'
- 731aaf3 test: make icmp restriction probes optional
- 943addb test: complete hermetic network restriction coverage
- e1f2f64 test: add proxy mode network restriction coverage
- 14b0f3a test: harden network integration helpers
- 1da27da test: add strict network integration helpers
- 541a696 docs: add network restriction suite plan
- 0fa36d1 docs: add network restriction suite design
- f049fff Merge branch 'feature/transparent-traffic-mode'
- e95adba test: stabilize https integration trust setup
- 9767975 feat: finish transparent traffic mode support
- c549274 feat: add transparent https mitm ingress
- 347be43 fix: separate proxy and transparent http ingress
- 4c61e27 feat: add transparent http ingress
- 1b40739 feat: add transparent dns responder
- 7be5780 feat: add helper traffic mode startup
- e7599a0 fix: stage NSS module dependencies
- d43ae5e fix: broaden NSS staging candidates
- 3ec8409 fix: stage transparent dns and accept traffic mode
- 79183d1 feat: stage transparent sandbox configuration
- 98c55d5 fix: tighten traffic mode handling
- e12cac7 feat: add sandbox traffic mode selection
- f971227 docs: add transparent traffic mode plan
- 3779458 docs: add transparent traffic mode design
- 5efe433 Merge branch 'access-audit-logging'
- f92388a feat: add access audit logging
- 7b03f18 fix: inherit authority port for MITM events
- 4542b43 fix: attribute MITM events to request host
- 6c89d54 feat: emit audit events for proxy requests
- e34f47a fix: normalize audit hosts and filter sandbox events
- 54f4473 fix: guard access audit state
- 179ed2a feat: add per-sandbox access audit state
- cb00793 fix: handle typed-nil access logger
- 98f0027 docs: clarify accessed domains stub
- 8b060b9 fix: share default access logger
- a461c2a feat: add access audit public api
- a3d6942 docs: add access audit logging implementation plan
- 7aa8796 docs: add access audit logging design spec
- 9d0fc47 Merge branch 'phase3-mitm'
- e41e5ce feat: add end-to-end mitm integration coverage
- 36108c9 feat: add helper http2 mitm interception
- 40d1b0a feat: add helper http1 mitm interception
- 0d56189 feat: handle decrypted mitm requests on manager
- 7322605 feat: extend helper protocol for mitm
- 849592d feat: add mitm request policy checks
- 7ef7318 feat: inject mitm ca into sandbox roots
- 73b2273 feat: add ephemeral mitm ca
- eff1e89 feat: add mitm manager options
- 2777f43 docs: add mitm implementation plan
- e04ea3a docs: add mitm design spec
- a34cf10 docs: add end-to-end sandbox example
- 0d639e9 docs: add package examples
- 22157ec docs: add public API godoc
- b178500 feat: expose sandbox proxy address
- c5c95b4 feat: configure sandbox proxy listen address
- ac600b4 test: cover connect tunnels across sandboxes
- 20636e5 feat: add host connect tunnel relay
- 2b1d20c feat: add helper runtime connect handling
- 432a3c7 feat: add connect tunnel bridge messages
- fdf0760 feat: add connect port policy rules
- ab9fdc1 docs: add phase2 connect tunnels plan
- e7a7c00 docs: add phase2 connect tunnels design
- 0a22059 Merge branch 'phase1-sandbox-library'
- 2d716fd feat: finish phase1 sandbox library
- 5a1a0ed fix: tighten sandbox cleanup and exec errors
- bab444e feat: add persistent sandbox lifecycle and run api
- ed42e96 fix: normalize helper handshake
- 8a834c7 feat: add helper protocol and helper binary
- 0d67005 fix: tighten mount validation and staging cleanup
- d8ab42b fix: stage absolute sandbox paths under root safely
- 5b2ee7e feat: add sandbox staging and mount validation
- 1e4a83e fix: reject malformed colon hosts in policy normalization
- bba3f25 fix: normalize host:port policy checks and add manager registry tests
- a7634f7 test: align Task 2 policy semantics and coverage
- 46a2a62 feat: add shared proxy manager and policy engine
- 4ae7634 fix: reject unsupported task1 policy options
- aa737b9 fix: validate proxy policy in manager constructor
- 1ae8850 refactor: turn module root into bbox library package
- 68bd4b7 chore: baseline bbox poc
- f26589a Initial commit