passepartout: v0.4.3 Shell Sandboxing & Safety Classification

- bwrap sandbox: detect bwrap binary, wrap shell commands through Linux namespace isolation with --unshare-net --unshare-ipc when available, fall back to timeout bash -c otherwise - Severity classification: extend shell-blocked patterns with :catastrophic/:dangerous/:moderate/:harmless severity tiers, dispatcher-severity-max for tier comparison - dispatcher-check-shell-safety: returns (:matched <names> :severity <tier>) - Version: 0.4.2 -> 0.4.3 across handshake, ASDF, README badge
2026-05-07 17:52:32 -04:00
parent 791a0f9c3b
commit eeb1234086
10 changed files with 313 additions and 64 deletions
--- a/passepartout.asd
+++ b/passepartout.asd
@@ -1,7 +1,7 @@
 (defsystem :passepartout
  :name "Passepartout"
  :author "Amr Gharbeia"
-  :version "0.4.2"
+  :version "0.4.3"
  :license "AGPLv3"
  :description "The Probabilistic-Deterministic Lisp Machine"
  :depends-on (:usocket :bordeaux-threads :dexador :uiop :cl-dotenv :cl-ppcre :hunchentoot :ironclad :str :cl-json :uuid)