chore(deps): bump the rust-dependencies group across 1 directory with 3 updates#5
Closed
dependabot[bot] wants to merge 23 commits intomainfrom
Closed
chore(deps): bump the rust-dependencies group across 1 directory with 3 updates#5dependabot[bot] wants to merge 23 commits intomainfrom
dependabot[bot] wants to merge 23 commits intomainfrom
Conversation
Single-file bash tool that evaluates SSH commands via LLM function calling before execution. Three policy modes (readonly, paranoid, safe), output redaction, risk scoring, audit logging, and .env file resolution.
pre-commit: infisical secret scanning on staged files pre-push: commit message validation, cargo fmt/clippy/test, shellcheck
- Full Rust rewrite: clap CLI with -v/-vv/-vvv/-vvvv verbosity, --mode flag, --dry-run, tracing-based logging - Improved output redaction: catches high-entropy hex/base64 values in arbitrary env vars (e.g. X_CT0=9c52ab...), standalone base64 blobs, plus all previous patterns - CI: GitHub Actions for test/lint (fmt, clippy, test) and multi-arch release builds (linux x86_64/arm64, macOS x86_64/arm64) - Release pipeline: tag-triggered builds with stripped binaries, version-locked install.sh in release assets - install.sh: curl-pipe installer with platform detection - INSTALL.md: detailed installation and provider setup guide - Updated README to reference INSTALL.md for detailed instructions
- Add curl/wget/fetch/httpie to approved commands in readonly and safe policy prompts. The LLM evaluates intent rather than blanket-blocking HTTP tools. - Refine pipe evaluation: pipes are assessed as a full pipeline (data flow) rather than each command in isolation, preventing false denials like "curl ... | head". - Tighten "remote code execution" deny rule to only match piping to shell interpreters (bash/sh/eval), not all curl usage. - Switch redacted output from full buffering (.output()) to line-by-line streaming via BufReader, so callers see output in real time. - README markdown table formatting fixes.
Implements ssh-guard server mode where unprivileged agents can execute privileged SSH commands through a trusted guard daemon. The server listens on UNIX socket and/or TCP port, validates auth tokens, enforces policy rules, and executes commands on behalf of clients. Key features: - UNIX socket listener with group-based access control - TCP socket listener for remote agent access - Auth token validation for TCP connections - UID allowlist for socket access control - Policy engine with default-deny semantics - Client config persistence in ~/.config/ssh-guard/client.yaml - Simplified CLI: ssh-guard <host> <command> - User inference from $USER environment variable
Previously, command output was printed to the server's stdout instead of being captured and returned to the client through the ExecuteResponse. Changes: - Add stdout/stderr fields to ExecuteResult and ExecuteResponse structs - Use tokio::process::Command::output() to capture output synchronously - Return captured stdout/stderr in ExecuteResponse - Client prints stdout/stderr from response before exiting - Simplify local command execution to use output() instead of spawned tasks - Proper redaction handling for captured output This enables the ssh-guard client to display command output from the server.
- Fix pattern_matches to require space boundary for prefix matching: 'git' now correctly does NOT match 'github' (different command) 'ssh' still matches 'ssh user@host' (command with args) - Fix group priority sorting to descending order: Higher priority groups are now checked first, as intended Restrictive groups with priority 100 now take precedence over permissive groups with priority 1 Note: test_glob_star_suffix has a pre-existing hang bug in the glob matching algorithm, and test_pass_backend_integration fails due to pass version not supporting --multifile flag.
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
bot
changed the title
dependabot
bot
force-pushed
the
dependabot/cargo/rust-dependencies-545898c81d
branch
from
fc28164 to
04d3688
Compare
…support - Rewrite evaluate.rs prompts to prefer ALLOW with clear DENY cases - Add -V short flag for version - Fix argument parsing for ssh-guard host cmd style - Add identity_key support in server client for per-request key selection
- Add src/lib.rs to expose modules for integration testing - Add tests/policy_tests.rs with policy engine tests - Add [lib] and [[bin]] sections to Cargo.toml - Tests verify safe commands are allowed and dangerous ones denied
- Allow sudo for safe commands (sudo id, sudo systemctl status, etc.) - Only block sudo that leads to root shell (sudo su, sudo -i, sudo -s) - Block sudo -u root <cmd> but not sudo <safe-cmd> - Add examples showing sudo systemctl restart is OK - Fix message about privilege escalation being about shells, not sudo itself
Replace prescriptive allow/deny lists with general evaluation framework: - Focus on WHAT/WHERE/HOW/WHO analysis - Deny only clear risks: destruction, compromise, RCE, fork bombs - Allow routine admin: reads, monitoring, service management - Remove specific command examples - trust the model to evaluate
Better guidance on privilege escalation: - Get root SHELL (sudo su, sudo -i) = DENY - Run sudo for legitimate tasks (sudo apt, sudo systemctl) = ALLOW - Flush security controls (iptables -F) = DENY - Flushing iptables was incorrectly allowed before
dependabot
bot
force-pushed
the
dependabot/cargo/rust-dependencies-545898c81d
branch
from
04d3688 to
51ae53e
Compare
Bumps the rust-dependencies group with 3 updates: [clap](https://github.com/clap-rs/clap), [reqwest](https://github.com/seanmonstar/reqwest) and [dirs](https://github.com/soc/dirs-rs). Updates `clap` from 4.5.60 to 4.6.0 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](clap-rs/clap@clap_complete-v4.5.60...clap_complete-v4.6.0) Updates `reqwest` from 0.11.27 to 0.12.28 - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](seanmonstar/reqwest@v0.11.27...v0.12.28) Updates `dirs` from 5.0.1 to 6.0.0 - [Commits](https://github.com/soc/dirs-rs/commits) --- updated-dependencies: - dependency-name: clap dependency-version: 4.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: rust-dependencies - dependency-name: reqwest dependency-version: 0.12.28 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: rust-dependencies - dependency-name: dirs dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: rust-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/cargo/rust-dependencies-545898c81d
branch
from
51ae53e to
9d350c6
Compare
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
bot
deleted the
dependabot/cargo/rust-dependencies-545898c81d
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the rust-dependencies group with 3 updates in the / directory: clap, reqwest and dirs.
Updates
clapfrom 4.5.60 to 4.6.0Changelog
Sourced from clap's changelog.
Commits
9ab6deechore: Release374a30ddocs: Update changelogd0c8aabMerge pull request #6306 from epage/update686ce2fchore: Upgrade compatible8203238Merge pull request #6305 from epage/msrvc774a89docs: Reduce main's in doctests73534f6chore: Upgrade to 2025 editiondfe05a9chore: Bump MSRV to 1.858b41d0bchore: Release518220fdocs: Update changelogUpdates
reqwestfrom 0.11.27 to 0.12.28Release notes
Sourced from reqwest's releases.
... (truncated)
Changelog
Sourced from reqwest's changelog.
... (truncated)
Commits
d978599v0.12.28ef2768afix: correctly import TokioIo on Windows (#2896)1bf6441v0.12.274967b1bfeat: add windows_named_pipe() option to client builder (#2789)ef5b239chore: Use http_body_util::BodyDataStream (#2892)a810004chore: Disable unused tokio-util codec feature (#2893)01f03a4v0.12.26e908f57fix(http3): correct compression defaults (#2890)509c904fix: disable default compression from tower-http if not enabled in reqwest (#...896aaeadeps: update cookie_store to 0.22 (#2886)Updates
dirsfrom 5.0.1 to 6.0.0Commits