From 44912b8e9a5fe66eff9e3ea09262fdab9dadb1f2 Mon Sep 17 00:00:00 2001
From: "blink-so[bot]" <211532188+blink-so[bot]@users.noreply.github.com>
Date: Wed, 10 Sep 2025 00:39:39 +0000
Subject: [PATCH 1/2] update README to reflect new build tools and release
 automation

Updated README.md to be accurate with recent changes:

## Installation Section
- Added GitHub Releases as primary installation method
- Provided download examples for all 4 supported platforms
- Updated Go version requirement from 1.21+ to 1.25+
- Reorganized with releases first, build from source second

## Quick Start Section
- Added installation options (releases vs build from source)
- Updated examples to use 'jail' instead of './jail' (assumes installed)
- Mentioned Makefile as build option

## Development Section
- Updated to use Makefile targets as primary approach
- Added all available make targets (build, build-all, test, etc.)
- Kept manual Go commands as secondary option
- Added reference to build script for cross-platform builds

## Accuracy Improvements
- Corrected Go version requirement to match CI workflows
- Added proper installation instructions for all platforms
- Made Makefile the recommended development approach
- Maintained backward compatibility with direct Go commands

The README now accurately reflects the current state of the project
with automated releases, Makefile tooling, and proper installation options.

Co-authored-by: f0ssel <19379394+f0ssel@users.noreply.github.com>
---
 README.md | 100 +++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 88 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 88c32a4..8dfc6ac 100644
--- a/README.md
+++ b/README.md
@@ -16,21 +16,38 @@ jail creates an isolated network environment for target processes, intercepting
 
 ## Quick Start
 
+### Installation
+
+**From GitHub Releases (Recommended):**
 ```bash
-# Build the tool
-go build -o jail .
+# Download the latest release for your platform
+wget https://github.com/coder/jail/releases/latest/download/jail-linux-amd64.tar.gz
+tar -xzf jail-linux-amd64.tar.gz
+chmod +x jail
+sudo mv jail /usr/local/bin/
+```
+
+**Build from Source:**
+```bash
+git clone https://github.com/coder/jail
+cd jail
+make build  # or: go build -o jail .
+```
 
+### Usage
+
+```bash
 # Allow only requests to github.com
-./jail --allow "github.com" -- curl https://github.com
+jail --allow "github.com" -- curl https://github.com
 
 # Allow full access to GitHub issues API, but only GET/HEAD elsewhere on GitHub
-./jail \
+jail \
   --allow "github.com/api/issues/*" \
   --allow "GET,HEAD github.com" \
   -- npm install
 
 # Default deny-all: everything is blocked unless explicitly allowed
-./jail -- curl https://example.com
+jail -- curl https://example.com
 ```
 
 ## Allow Rules
@@ -111,25 +128,56 @@ For more help: https://github.com/coder/jail
 
 ## Installation
 
-### Prerequisites
+### From GitHub Releases (Recommended)
+
+Download pre-built binaries from [GitHub Releases](https://github.com/coder/jail/releases):
+
+```bash
+# Linux x64
+wget https://github.com/coder/jail/releases/latest/download/jail-linux-amd64.tar.gz
+tar -xzf jail-linux-amd64.tar.gz
+chmod +x jail
+sudo mv jail /usr/local/bin/
+
+# macOS (Intel)
+wget https://github.com/coder/jail/releases/latest/download/jail-darwin-amd64.tar.gz
+tar -xzf jail-darwin-amd64.tar.gz
+chmod +x jail
+sudo mv jail /usr/local/bin/
+
+# macOS (Apple Silicon)
+wget https://github.com/coder/jail/releases/latest/download/jail-darwin-arm64.tar.gz
+tar -xzf jail-darwin-arm64.tar.gz
+chmod +x jail
+sudo mv jail /usr/local/bin/
+```
+
+### Build from Source
+
+#### Prerequisites
 
 **Linux:**
 - Linux kernel 3.8+ (network namespace support)
 - iptables
-- Go 1.21+ (for building)
+- Go 1.25+ (for building)
 - sudo access
 
 **macOS:**
 - macOS 10.15+ (Catalina or later)
 - pfctl (included)
-- Go 1.21+ (for building)
+- Go 1.25+ (for building)
 - sudo access
 
-### Build from Source
+#### Building
 
 ```bash
 git clone https://github.com/coder/jail
 cd jail
+
+# Using Makefile (recommended)
+make build
+
+# Or directly with Go
 go build -o jail .
 ```
 
@@ -164,15 +212,43 @@ OPTIONS:
 ## Development
 
 ```bash
-# Build
+# Build for current platform
+make build
+
+# Build for all platforms
+make build-all
+
+# Run tests
+make test
+
+# Run tests with coverage
+make test-coverage
+
+# Clean build artifacts
+make clean
+
+# Format code
+make fmt
+
+# Lint code (requires golangci-lint)
+make lint
+```
+
+### Manual Commands
+
+```bash
+# Build directly with Go
 go build -o jail .
 
-# Test
+# Run tests
 go test ./...
 
-# Cross-compile
+# Cross-compile manually
 GOOS=linux GOARCH=amd64 go build -o jail-linux .
 GOOS=darwin GOARCH=amd64 go build -o jail-macos .
+
+# Use build script for all platforms
+./scripts/build.sh
 ```
 
 ## License

From 4d7b24469d90025022b39ee6c485bc1677a5e9ea Mon Sep 17 00:00:00 2001
From: "blink-so[bot]" <211532188+blink-so[bot]@users.noreply.github.com>
Date: Wed, 10 Sep 2025 00:43:48 +0000
Subject: [PATCH 2/2] remove installation prerequisites and TLS interception
 sections from README

Simplified README by removing detailed sections:

## Removed Installation Prerequisites
- Linux kernel version requirements
- iptables/pfctl dependencies
- Go version requirements
- sudo access notes

## Removed TLS Interception Section
- CA certificate storage details
- Environment variable explanations
- Certificate generation process
- Usage examples with --no-tls-intercept

## Kept Essential Information
- --no-tls-intercept flag in command-line options (without description)
- Core functionality and usage examples
- Installation and development instructions

Rationale: Users will discover missing dependencies when they try to
use the tool. TLS interception details are implementation specifics
that users don't need to understand upfront.

The README is now more focused and less intimidating for new users.

Co-authored-by: f0ssel <19379394+f0ssel@users.noreply.github.com>
---
 README.md | 31 -------------------------------
 1 file changed, 31 deletions(-)

diff --git a/README.md b/README.md
index 8dfc6ac..c25e53c 100644
--- a/README.md
+++ b/README.md
@@ -154,22 +154,6 @@ sudo mv jail /usr/local/bin/
 
 ### Build from Source
 
-#### Prerequisites
-
-**Linux:**
-- Linux kernel 3.8+ (network namespace support)
-- iptables
-- Go 1.25+ (for building)
-- sudo access
-
-**macOS:**
-- macOS 10.15+ (Catalina or later)
-- pfctl (included)
-- Go 1.25+ (for building)
-- sudo access
-
-#### Building
-
 ```bash
 git clone https://github.com/coder/jail
 cd jail
@@ -181,21 +165,6 @@ make build
 go build -o jail .
 ```
 
-## TLS Interception
-
-jail automatically generates a Certificate Authority (CA) to intercept HTTPS traffic:
-
-- CA stored in `~/.config/jail/` (or `$XDG_CONFIG_HOME/jail/`)
-- CA certificate provided via `JAIL_CA_CERT` environment variable
-- Certificates generated on-demand for intercepted domains
-- CA expires after 1 year
-
-### Disable TLS Interception
-
-```bash
-jail --no-tls-intercept --allow "*" -- ./app
-```
-
 ## Command-Line Options
 
 ```text