@clipboard-health/clearance 1.0.2 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
# @clipboard-health/clearance
|
|
2
2
|
|
|
3
|
-
HTTP/HTTPS
|
|
3
|
+
A local HTTP/HTTPS forward proxy that gates network egress against a
|
|
4
|
+
hostname allowlist. Built for deny-by-default sandboxes — coding agents,
|
|
5
|
+
CI workers, isolated build steps — where you want one choke point the
|
|
6
|
+
sandbox can permit, with every other route to the network closed.
|
|
4
7
|
|
|
5
8
|
The proxy ships with **zero compiled-in opinions** about which hosts to allow.
|
|
6
9
|
Bring your own list — either inline via env or by pointing at one or more
|
|
@@ -100,8 +103,9 @@ kill "$(cat "${XDG_CACHE_HOME:-$HOME/.cache}/clearance/clearance.pid")"
|
|
|
100
103
|
|
|
101
104
|
## Safehouse integration (macOS)
|
|
102
105
|
|
|
103
|
-
Safehouse uses macOS sandbox profiles, so
|
|
104
|
-
only. Safehouse allows network access by
|
|
106
|
+
[Safehouse](https://agent-safehouse.dev/) uses macOS sandbox profiles, so
|
|
107
|
+
this section is for macOS hosts only. Safehouse allows network access by
|
|
108
|
+
default for agent compatibility.
|
|
105
109
|
To force a wrapped agent through this proxy, run the proxy outside
|
|
106
110
|
Safehouse, then append a Safehouse profile that denies direct remote
|
|
107
111
|
egress while leaving `localhost` open for `http://127.0.0.1:19999`.
|
package/package.json
CHANGED