Skip to content

feat(egress): host-side guarded-egress proxy (policy + forward proxy)#2

Merged
CMGS merged 1 commit into
mainfrom
feat/m6-6-guarded-egress
Jul 9, 2026
Merged

feat(egress): host-side guarded-egress proxy (policy + forward proxy)#2
CMGS merged 1 commit into
mainfrom
feat/m6-6-guarded-egress

Conversation

@CMGS

@CMGS CMGS commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

M6-6 / M7-A guarded egress — first slice

Introduces a self-contained sandboxd/egress package: the foundation for turning egress into an allow-listed, audited resource enforced host-side, so a sandbox gets the effect of a credential and never the credential itself.

What lands here

  • Policy (policy.go): the config schema (Policy, Rule, Decision) and a pure evaluator — host matching (exact / *.suffix wildcard that excludes the apex / *), method filtering, Validate, Eval.
  • Forward proxy (proxy.go): a host-side http.Handler handling CONNECT tunnels (host allow/deny + splice) and absolute-form HTTP (allow/deny + method check + node-side secret injection that overwrites any guest-supplied value + response relay), with typed 403 denials and pluggable DialFunc/Secrets/Audit seams.
  • Table-driven policy tests plus real end-to-end proxy tests (httptest upstream for allow+inject+guest-header-overwrite, typed 403 on deny, raw CONNECT tunnel echo, audit-event assertions).

Scope

Stdlib-only, touches no existing file, and is not wired into the claim/refill hot path — so it cannot affect the running data plane. Deliberately out of this slice (follow-ups): config wiring, per-sandbox listeners, the silkd egress_dial verb, TLS interception CA, and nftables enforcement. The full design is in cocoon-specs/sandbox/sandbox-m6-6-guarded-egress.md.

Gates

go build ./... && go test ./egress/... green; golangci-lint 0 issues on linux and darwin.

First slice of M6-6 guarded egress: a self-contained egress package
with the allow-list policy schema + evaluator and a host-side forward
proxy — CONNECT tunnelling (host allow/deny) plus absolute-form HTTP
with node-side credential injection and typed 403 denials. Stdlib-only
and not yet wired into the claim path; config, per-sandbox listeners,
the silkd egress_dial verb, and nftables enforcement land in follow-up
slices.
@CMGS CMGS merged commit e3c78ba into main Jul 9, 2026
1 check passed
@CMGS CMGS deleted the feat/m6-6-guarded-egress branch July 9, 2026 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant