Skip to content

fix(sandbox): rewrite messaging credential placeholders #1286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
johntmyers merged 24 commits into from
May 12, 2026
Merged

fix(sandbox): rewrite messaging credential placeholders #1286

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
71bd516
fix(sandbox): rewrite credential placeholders in websocket text frames
ericksoa May 9, 2026
726efa3
fix(sandbox): harden websocket credential rewrite
ericksoa May 9, 2026
6fd6d4e
feat(sandbox): add websocket l7 inspection and compression
ericksoa May 9, 2026
bac23a1
fix(sandbox): harden websocket upgrade validation
ericksoa May 9, 2026
9a6f696
test(sandbox): cover route-selected websocket upgrades
ericksoa May 9, 2026
143237f
fix(sandbox): harden websocket negotiation parsing
ericksoa May 9, 2026
7bff1c4
test(sandbox): add websocket conformance relay matrix
ericksoa May 9, 2026
2f97ff3
test(e2e): add websocket conformance lane
ericksoa May 9, 2026
a670178
fix(policy): support websocket incremental rules
ericksoa May 9, 2026
e55f1ee
Merge remote-tracking branch 'origin/main' into fix/872-websocket-cre…
ericksoa May 9, 2026
4009a4a
feat(policy): enable websocket credential rewrite updates
ericksoa May 9, 2026
1562b70
fix(cli): make websocket rewrite endpoint-local
ericksoa May 9, 2026
55f52e7
feat(sandbox): support graphql websocket policy
ericksoa May 9, 2026
b849a0c
Merge remote-tracking branch 'origin/main' into fix/872-websocket-cre…
ericksoa May 10, 2026
eab184f
fix(policy): allow private IPs for websocket endpoints
ericksoa May 10, 2026
ecad571
feat(sandbox): rewrite REST credential placeholders
ericksoa May 11, 2026
e59ab4d
refactor(sandbox): generalize credential aliases
ericksoa May 11, 2026
59a5160
fix(sandbox): rewrite encoded form credentials
ericksoa May 11, 2026
1706553
fix(sandbox): close websocket policy and provider alias gaps
ericksoa May 11, 2026
ca9abd2
Merge remote-tracking branch 'origin/main' into pr-1286-updated
ericksoa May 11, 2026
d391cfc
fix(e2e): route websocket probe through host gateway
johntmyers May 12, 2026
d242f91
fix(e2e): stabilize websocket probe handshake
johntmyers May 12, 2026
0775448
fix(e2e): exercise websocket probe through proxy
johntmyers May 12, 2026
4e68970
ci: remove websocket conformance workflow
johntmyers May 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 7 additions & 3 deletions architecture/security-policy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,13 @@ with the sandbox's ephemeral CA and inspect method/path or protocol-specific
metadata before forwarding. The proxy also supports credential injection on
terminated HTTP streams when policy allows the endpoint.

Raw streams, HTTP upgrades, and long-lived response bodies are connection
scoped. Policy reloads affect the next connection or the next parsed HTTP
request; they do not rewrite bytes already being relayed.
Raw streams and long-lived response bodies are connection scoped. Policy
reloads affect the next connection or the next parsed HTTP request; they do not
rewrite bytes already being relayed. HTTP upgrades switch to raw relay by
default. A `protocol: rest` endpoint can opt in to
`websocket_credential_rewrite` for client-to-server WebSocket text messages
after an allowed `101` upgrade; server-to-client traffic and all other upgraded
protocols remain raw passthrough.

## Live Updates

Expand Down
7 changes: 4 additions & 3 deletions crates/openshell-cli/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -287,6 +287,7 @@ const POLICY_EXAMPLES: &str = "\x1b[1mALIAS\x1b[0m
$ openshell policy get my-sandbox
$ openshell policy set my-sandbox --policy policy.yaml
$ openshell policy update my-sandbox --add-endpoint api.github.com:443:read-only:rest:enforce
$ openshell policy update my-sandbox --add-endpoint realtime.example.com:443:read-write:websocket:enforce:websocket-credential-rewrite,allowed-ip=10.0.0.0/8
$ openshell policy update my-sandbox --add-allow 'api.github.com:443:GET:/repos/**'
$ openshell policy set --global --policy policy.yaml
$ openshell policy delete --global
Expand Down Expand Up @@ -1404,19 +1405,19 @@ enum PolicyCommands {
#[arg(add = ArgValueCompleter::new(completers::complete_sandbox_names))]
name: Option<String>,

/// Add or merge an endpoint: host:port[:access[:protocol[:enforcement]]].
/// Add or merge an endpoint: host:port[:access[:protocol[:enforcement[:options]]]].
#[arg(long = "add-endpoint")]
add_endpoints: Vec<String>,

/// Remove an endpoint: host:port.
#[arg(long = "remove-endpoint")]
remove_endpoints: Vec<String>,

/// Add a REST allow rule: `host:port:METHOD:path_glob`.
/// Add a REST or WebSocket method/path allow rule: `host:port:METHOD:path_glob`.
#[arg(long = "add-allow")]
add_allow: Vec<String>,

/// Add a REST deny rule: `host:port:METHOD:path_glob`.
/// Add a REST or WebSocket method/path deny rule: `host:port:METHOD:path_glob`.
#[arg(long = "add-deny")]
add_deny: Vec<String>,

Expand Down
Loading
Loading