update to jail naming

Author: f0ssel

.gitignore

@@ -4,8 +4,8 @@
 *.dll
 *.so
 *.dylib
-boundary
-boundary.exe
+jail
+jail.exe
 
 # Test binary, built with `go test -c`
 *.test

README.md

@@ -1,8 +1,8 @@
-# boundary
+# jail
 
 **Network isolation tool for monitoring and restricting HTTP/HTTPS requests from processes**
 
-boundary creates an isolated network environment for target processes, intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces user-defined allow rules.
+jail creates an isolated network environment for target processes, intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces user-defined allow rules.
 
 ## Features
 
@@ -18,24 +18,24 @@ boundary creates an isolated network environment for target processes, intercept
 
 ```bash
 # Build the tool
-go build -o boundary .
+go build -o jail .
 
 # Allow only requests to github.com
-./boundary --allow "github.com" -- curl https://github.com
+./jail --allow "github.com" -- curl https://github.com
 
 # Allow full access to GitHub issues API, but only GET/HEAD elsewhere on GitHub
-./boundary \
+./jail \
   --allow "github.com/api/issues/*" \
   --allow "GET,HEAD github.com" \
   -- npm install
 
 # Default deny-all: everything is blocked unless explicitly allowed
-./boundary -- curl https://example.com
+./jail -- curl https://example.com
 ```
 
 ## Allow Rules
 
-boundary uses simple wildcard patterns for URL matching.
+jail uses simple wildcard patterns for URL matching.
 
 ### Rule Format
 
@@ -52,14 +52,14 @@ boundary uses simple wildcard patterns for URL matching.
 
 ```bash
 # Basic patterns
-boundary --allow "github.com" -- git pull
+jail --allow "github.com" -- git pull
 
 # Wildcard patterns
-boundary --allow "*.github.com" -- npm install    # GitHub subdomains
-boundary --allow "api.*" -- ./app                 # Any API domain
+jail --allow "*.github.com" -- npm install    # GitHub subdomains
+jail --allow "api.*" -- ./app                 # Any API domain
 
 # Method-specific rules
-boundary --allow "GET,HEAD api.github.com" -- curl https://api.github.com
+jail --allow "GET,HEAD api.github.com" -- curl https://api.github.com
 ```
 
 **Default Policy:** All traffic is denied unless explicitly allowed.
@@ -68,13 +68,13 @@ boundary --allow "GET,HEAD api.github.com" -- curl https://api.github.com
 
 ```bash
 # Monitor all requests with info logging
-boundary --log-level info --allow "*" -- npm install
+jail --log-level info --allow "*" -- npm install
 
 # Debug logging for troubleshooting
-boundary --log-level debug --allow "github.com" -- git pull
+jail --log-level debug --allow "github.com" -- git pull
 
 # Error-only logging
-boundary --log-level error --allow "*" -- ./app
+jail --log-level error --allow "*" -- ./app
 ```
 
 **Log Levels:**
@@ -85,20 +85,20 @@ boundary --log-level error --allow "*" -- ./app
 
 ## Blocked Request Messages
 
-When a request is blocked, boundary provides helpful guidance:
+When a request is blocked, jail provides helpful guidance:
 
 ```
-🚫 Request Blocked by Boundary
+🚫 Request Blocked by Jail
 
 Request: GET /
 Host: google.com
 Reason: No matching allow rules (default deny-all policy)
 
-To allow this request, restart boundary with:
+To allow this request, restart jail with:
   --allow "google.com"                    # Allow all methods to this host
   --allow "GET google.com"          # Allow only GET requests to this host
 
-For more help: https://github.com/coder/boundary
+For more help: https://github.com/coder/jail
 ```
 
 ## Platform Support
@@ -128,30 +128,30 @@ For more help: https://github.com/coder/boundary
 ### Build from Source
 
 ```bash
-git clone https://github.com/coder/boundary
-cd boundary
-go build -o boundary .
+git clone https://github.com/coder/jail
+cd jail
+go build -o jail .
 ```
 
 ## TLS Interception
 
-boundary automatically generates a Certificate Authority (CA) to intercept HTTPS traffic:
+jail automatically generates a Certificate Authority (CA) to intercept HTTPS traffic:
 
-- CA stored in `~/.config/boundary/` (or `$XDG_CONFIG_HOME/boundary/`)
-- CA certificate provided via `BOUNDARY_CA_CERT` environment variable
+- CA stored in `~/.config/jail/` (or `$XDG_CONFIG_HOME/jail/`)
+- CA certificate provided via `JAIL_CA_CERT` environment variable
 - Certificates generated on-demand for intercepted domains
 - CA expires after 1 year
 
 ### Disable TLS Interception
 
 ```bash
-boundary --no-tls-intercept --allow "*" -- ./app
+jail --no-tls-intercept --allow "*" -- ./app
 ```
 
 ## Command-Line Options
 
 ```text
-boundary [flags] -- command [args...]
+jail [flags] -- command [args...]
 
 OPTIONS:
     --allow <SPEC>             Allow rule (repeatable)
@@ -165,14 +165,14 @@ OPTIONS:
 
 ```bash
 # Build
-go build -o boundary .
+go build -o jail .
 
 # Test
 go test ./...
 
 # Cross-compile
-GOOS=linux GOARCH=amd64 go build -o boundary-linux .
-GOOS=darwin GOARCH=amd64 go build -o boundary-macos .
+GOOS=linux GOARCH=amd64 go build -o jail-linux .
+GOOS=darwin GOARCH=amd64 go build -o jail-macos .
 ```
 
 ## License

go.mod

@@ -1,16 +1,11 @@
-module boundary
+module github.com/coder/jail
 
-go 1.21.4
+go 1.25
 
-toolchain go1.23.8
+require github.com/coder/serpent v0.10.0
 
 require (
 	cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6 // indirect
-	github.com/coder/serpent v0.10.0
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-)
-
-require (
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -32,4 +27,5 @@ require (
 	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/term v0.17.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

main.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	cryptotls "crypto/tls"
 	"fmt"
 	"log/slog"
 	"os"
@@ -10,72 +11,70 @@ import (
 	"strings"
 	"syscall"
 	"time"
-	cryptotls "crypto/tls"
-
-	"boundary/netjail"
-	"boundary/proxy"
-	"boundary/rules"
-	"boundary/tls"
 
+	"github.com/coder/jail/netjail"
+	"github.com/coder/jail/proxy"
+	"github.com/coder/jail/rules"
+	"github.com/coder/jail/tls"
 	"github.com/coder/serpent"
 )
 
 var (
-	allowStrings    []string
-	noTLSIntercept  bool
-	logLevel        string
-	noJailCleanup   bool
+	allowStrings   []string
+	noTLSIntercept bool
+	logLevel       string
+	noJailCleanup  bool
 )
 
 func main() {
 	cmd := &serpent.Command{
-		Use:   "boundary [flags] -- command [args...]",
+		Use:   "jail [flags] -- command [args...]",
 		Short: "Monitor and restrict HTTP/HTTPS requests from processes",
-		Long: `boundary creates an isolated network environment for the target process,
+		Long: `jail creates an isolated network environment for the target process,
 intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces
 user-defined rules.
 
 Examples:
   # Allow only requests to github.com
-  boundary --allow "github.com" -- curl https://github.com
+  jail --allow "github.com" -- curl https://github.com
 
   # Monitor all requests to specific domains (allow only those)
-  boundary --allow "github.com/api/issues/*" --allow "GET,HEAD github.com" -- npm install
+  jail --allow "github.com/api/issues/*" --allow "GET,HEAD github.com" -- npm install
 
   # Block everything by default (implicit)`,
 		Options: serpent.OptionSet{
 			{
 				Name:        "allow",
 				Flag:        "allow",
-				Env:         "BOUNDARY_ALLOW",
+				Env:         "JAIL_ALLOW",
 				Description: "Allow rule (can be specified multiple times). Format: 'pattern' or 'METHOD[,METHOD] pattern'.",
 				Value:       serpent.StringArrayOf(&allowStrings),
 			},
 			{
 				Name:        "no-tls-intercept",
 				Flag:        "no-tls-intercept",
-				Env:         "BOUNDARY_NO_TLS_INTERCEPT",
+				Env:         "JAIL_NO_TLS_INTERCEPT",
 				Description: "Disable HTTPS interception.",
 				Value:       serpent.BoolOf(&noTLSIntercept),
 			},
 			{
 				Name:        "log-level",
 				Flag:        "log-level",
-				Env:         "BOUNDARY_LOG_LEVEL",
+				Env:         "JAIL_LOG_LEVEL",
 				Description: "Set log level (error, warn, info, debug).",
 				Default:     "warn",
 				Value:       serpent.StringOf(&logLevel),
 			},
 			{
 				Name:        "no-jail-cleanup",
 				Flag:        "no-jail-cleanup",
-				Env:         "BOUNDARY_NO_JAIL_CLEANUP",
+				Env:         "JAIL_NO_JAIL_CLEANUP",
 				Description: "Skip jail cleanup (hidden flag for testing).",
 				Value:       serpent.BoolOf(&noJailCleanup),
 				Hidden:      true,
 			},
 		},
-		Handler: runBoundary,
+		Handler: runJail,
 	}
 
 	err := cmd.Invoke().WithOS().Run()
@@ -108,7 +107,7 @@ func setupLogging(logLevel string) *slog.Logger {
 	return slog.New(handler)
 }
 
-func runBoundary(inv *serpent.Invocation) error {
+func runJail(inv *serpent.Invocation) error {
 	logger := setupLogging(logLevel)
 
 	// Get command arguments
@@ -172,21 +171,21 @@ func runBoundary(inv *serpent.Invocation) error {
 
 		// Set standard CA certificate environment variables for common tools
 		// This makes tools like curl, git, etc. trust our dynamically generated CA
-		extraEnv["SSL_CERT_FILE"] = caCertPath        // OpenSSL/LibreSSL-based tools
-		extraEnv["SSL_CERT_DIR"] = configDir          // OpenSSL certificate directory
-		extraEnv["CURL_CA_BUNDLE"] = caCertPath       // curl
-		extraEnv["GIT_SSL_CAINFO"] = caCertPath       // Git
-		extraEnv["REQUESTS_CA_BUNDLE"] = caCertPath   // Python requests
-		extraEnv["NODE_EXTRA_CA_CERTS"] = caCertPath  // Node.js
-		extraEnv["BOUNDARY_CA_CERT"] = string(caCertPEM) // Keep for backward compatibility
+		extraEnv["SSL_CERT_FILE"] = caCertPath       // OpenSSL/LibreSSL-based tools
+		extraEnv["SSL_CERT_DIR"] = configDir         // OpenSSL certificate directory
+		extraEnv["CURL_CA_BUNDLE"] = caCertPath      // curl
+		extraEnv["GIT_SSL_CAINFO"] = caCertPath      // Git
+		extraEnv["REQUESTS_CA_BUNDLE"] = caCertPath  // Python requests
+		extraEnv["NODE_EXTRA_CA_CERTS"] = caCertPath // Node.js
+		extraEnv["JAIL_CA_CERT"] = string(caCertPEM) // Keep for backward compatibility
 	}
 
 	// Create network jail configuration
 	netjailConfig := netjail.Config{
-		HTTPPort:     8040,
-		HTTPSPort:    8043,
-		NetJailName:  "boundary",
-		SkipCleanup:  noJailCleanup,
+		HTTPPort:    8040,
+		HTTPSPort:   8043,
+		NetJailName: "jail",
+		SkipCleanup: noJailCleanup,
 	}
 
 	// Create network jail
@@ -274,4 +273,4 @@ func runBoundary(inv *serpent.Invocation) error {
 	}
 
 	return nil
-}
+}

proxy/proxy.go

@@ -10,7 +10,7 @@ import (
 	"net/url"
 	"time"
 
-	"boundary/rules"
+	"github.com/coder/jail/rules"
 )
 
 // ProxyServer handles HTTP and HTTPS requests with rule-based filtering
@@ -249,24 +249,24 @@ func (p *ProxyServer) forwardHTTPSRequest(w http.ResponseWriter, r *http.Request
 func (p *ProxyServer) writeBlockedResponse(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "text/plain")
 	w.WriteHeader(http.StatusForbidden)
-	
+
 	// Extract host from URL for cleaner display
 	host := r.URL.Host
 	if host == "" {
 		host = r.Host
 	}
-	
-	fmt.Fprintf(w, `🚫 Request Blocked by Boundary
+
+	fmt.Fprintf(w, `🚫 Request Blocked by Jail
 
 Request: %s %s
 Host: %s
 Reason: No matching allow rules (default deny-all policy)
 
-To allow this request, restart boundary with:
+To allow this request, restart jail with:
   --allow "%s"                    # Allow all methods to this host
   --allow "%s %s"          # Allow only %s requests to this host
 
-For more help: https://github.com/coder/boundary
-`, 
+For more help: https://github.com/coder/jail
+`,
 		r.Method, r.URL.Path, host, host, r.Method, host, r.Method)
-}
+}