Marco Allegretti 1b93f1c825 feat: weft-file-portal -- sandboxed file access broker ...

New crate. Per-session file proxy that gates filesystem access to an
explicit allowlist of paths passed at startup.

Usage: weft-file-portal <socket_path> [--allow <path>]...

Listens on a Unix domain socket. Each connection receives newline-
delimited JSON requests and returns newline-delimited JSON responses.
File content is base64-encoded. Operations: read, write, list.
Empty allowlist rejects all requests; paths checked with starts_with.

7 unit tests covering access control, read/write roundtrip, and list.

2026-03-11 15:52:33 +01:00

0 lines

Text

Raw Blame History