tiennm99/goclaw
1
0
Fork 0
mirror of https://github.com/tiennm99/goclaw.git synced 2026-06-10 08:11:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4e9f155a4c8ca9400a50cd4fedc90dfd896f4e54
goclaw/internal/sandbox
T
History
Goon 75c570e951 feat(security): credentialed exec + HTTP RBAC + API key cache (#197) 
- Secure CLI credential injection via AES-256-GCM encrypted env vars
- API key management with fine-grained RBAC scopes
- resolveAuth/requireAuth middleware across all 25+ HTTP handlers
- In-memory API key cache with TTL, negative caching, pubsub invalidation
- Sandbox-first execution (fails if unavailable, no silent fallback)
- Credential scrubbing, constant-time token comparison, Admin-only CLI creds
- SQL migration 000020: secure_cli_binaries + api_keys tables
- 14 unit tests for cache and RBAC with race detector

Closes #197
2026-03-15 20:13:18 +07:00
..
docker_test.go
feat: Introduce Docker-based sandboxing with container lifecycle management, execution, pruning, and core sandbox interfaces.
2026-02-26 16:45:45 +07:00
docker.go
feat(security): credentialed exec + HTTP RBAC + API key cache (#197)
2026-03-15 20:13:18 +07:00
fsbridge.go
feat: enhance filesystem security with symlink/hardlink protection, implement typing indicators, and improve scheduler queue management for stale requests.
2026-02-26 22:47:59 +07:00
sandbox.go
feat(security): credentialed exec + HTTP RBAC + API key cache (#197)
2026-03-15 20:13:18 +07:00