passepartout: v0.4.3 Shell Sandboxing & Safety Classification

- bwrap sandbox: detect bwrap binary, wrap shell commands through Linux namespace isolation with --unshare-net --unshare-ipc when available, fall back to timeout bash -c otherwise - Severity classification: extend shell-blocked patterns with :catastrophic/:dangerous/:moderate/:harmless severity tiers, dispatcher-severity-max for tier comparison - dispatcher-check-shell-safety: returns (:matched <names> :severity <tier>) - Version: 0.4.2 -> 0.4.3 across handshake, ASDF, README badge
2026-05-07 17:52:32 -04:00
parent 791a0f9c3b
commit eeb1234086
10 changed files with 313 additions and 64 deletions
--- a/org/core-communication.org
+++ b/org/core-communication.org
@@ -151,7 +151,7 @@ The daemon sends a handshake message on connection, then enters a read loop, inj
  (let ((stream (usocket:socket-stream socket)))
    (handler-case
        (progn
-          (format stream "~a" (frame-message (make-hello-message "0.4.2")))
+          (format stream "~a" (frame-message (make-hello-message "0.4.3")))
          (finish-output stream)
          (loop
            (let ((msg (read-framed-message stream)))