chore(ci): bump actions/checkout from 4 to 6#1
Closed
dependabot[bot] wants to merge 21 commits intomainfrom
Closed
chore(ci): bump actions/checkout from 4 to 6#1dependabot[bot] wants to merge 21 commits intomainfrom
dependabot[bot] wants to merge 21 commits intomainfrom
Conversation
Single-file bash tool that evaluates SSH commands via LLM function calling before execution. Three policy modes (readonly, paranoid, safe), output redaction, risk scoring, audit logging, and .env file resolution.
pre-commit: infisical secret scanning on staged files pre-push: commit message validation, cargo fmt/clippy/test, shellcheck
- Full Rust rewrite: clap CLI with -v/-vv/-vvv/-vvvv verbosity, --mode flag, --dry-run, tracing-based logging - Improved output redaction: catches high-entropy hex/base64 values in arbitrary env vars (e.g. X_CT0=9c52ab...), standalone base64 blobs, plus all previous patterns - CI: GitHub Actions for test/lint (fmt, clippy, test) and multi-arch release builds (linux x86_64/arm64, macOS x86_64/arm64) - Release pipeline: tag-triggered builds with stripped binaries, version-locked install.sh in release assets - install.sh: curl-pipe installer with platform detection - INSTALL.md: detailed installation and provider setup guide - Updated README to reference INSTALL.md for detailed instructions
- Add curl/wget/fetch/httpie to approved commands in readonly and safe policy prompts. The LLM evaluates intent rather than blanket-blocking HTTP tools. - Refine pipe evaluation: pipes are assessed as a full pipeline (data flow) rather than each command in isolation, preventing false denials like "curl ... | head". - Tighten "remote code execution" deny rule to only match piping to shell interpreters (bash/sh/eval), not all curl usage. - Switch redacted output from full buffering (.output()) to line-by-line streaming via BufReader, so callers see output in real time. - README markdown table formatting fixes.
Implements ssh-guard server mode where unprivileged agents can execute privileged SSH commands through a trusted guard daemon. The server listens on UNIX socket and/or TCP port, validates auth tokens, enforces policy rules, and executes commands on behalf of clients. Key features: - UNIX socket listener with group-based access control - TCP socket listener for remote agent access - Auth token validation for TCP connections - UID allowlist for socket access control - Policy engine with default-deny semantics - Client config persistence in ~/.config/ssh-guard/client.yaml - Simplified CLI: ssh-guard <host> <command> - User inference from $USER environment variable
Previously, command output was printed to the server's stdout instead of being captured and returned to the client through the ExecuteResponse. Changes: - Add stdout/stderr fields to ExecuteResult and ExecuteResponse structs - Use tokio::process::Command::output() to capture output synchronously - Return captured stdout/stderr in ExecuteResponse - Client prints stdout/stderr from response before exiting - Simplify local command execution to use output() instead of spawned tasks - Proper redaction handling for captured output This enables the ssh-guard client to display command output from the server.
- Fix pattern_matches to require space boundary for prefix matching: 'git' now correctly does NOT match 'github' (different command) 'ssh' still matches 'ssh user@host' (command with args) - Fix group priority sorting to descending order: Higher priority groups are now checked first, as intended Restrictive groups with priority 100 now take precedence over permissive groups with priority 1 Note: test_glob_star_suffix has a pre-existing hang bug in the glob matching algorithm, and test_pass_backend_integration fails due to pass version not supporting --multifile flag.
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
…support - Rewrite evaluate.rs prompts to prefer ALLOW with clear DENY cases - Add -V short flag for version - Fix argument parsing for ssh-guard host cmd style - Add identity_key support in server client for per-request key selection
- Add src/lib.rs to expose modules for integration testing - Add tests/policy_tests.rs with policy engine tests - Add [lib] and [[bin]] sections to Cargo.toml - Tests verify safe commands are allowed and dangerous ones denied
- Allow sudo for safe commands (sudo id, sudo systemctl status, etc.) - Only block sudo that leads to root shell (sudo su, sudo -i, sudo -s) - Block sudo -u root <cmd> but not sudo <safe-cmd> - Add examples showing sudo systemctl restart is OK - Fix message about privilege escalation being about shells, not sudo itself
Replace prescriptive allow/deny lists with general evaluation framework: - Focus on WHAT/WHERE/HOW/WHO analysis - Deny only clear risks: destruction, compromise, RCE, fork bombs - Allow routine admin: reads, monitoring, service management - Remove specific command examples - trust the model to evaluate
Better guidance on privilege escalation: - Get root SHELL (sudo su, sudo -i) = DENY - Run sudo for legitimate tasks (sudo apt, sudo systemctl) = ALLOW - Flush security controls (iptables -F) = DENY - Flushing iptables was incorrectly allowed before
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/actions/checkout-6
branch
from
2f5ff96 to
80f4796
Compare
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/checkout from 4 to 6.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)