update to jail naming

Author: f0ssel

.gitignore

@@ -4,8 +4,8 @@
 *.dll
 *.so
 *.dylib
-boundary
-boundary.exe
+jail
+jail.exe
 
 # Test binary, built with `go test -c`
 *.test

README.md

@@ -1,8 +1,8 @@
-# boundary
+# jail
 
 **Network isolation tool for monitoring and restricting HTTP/HTTPS requests from processes**
 
-boundary creates an isolated network environment for target processes, intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces user-defined allow rules.
+jail creates an isolated network environment for target processes, intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces user-defined allow rules.
 
 ## Features
 
@@ -18,24 +18,24 @@ boundary creates an isolated network environment for target processes, intercept
 
 ```bash
 # Build the tool
-go build -o boundary .
+go build -o jail .
 
 # Allow only requests to github.com
-./boundary --allow "github.com" -- curl https://github.com
+./jail --allow "github.com" -- curl https://github.com
 
 # Allow full access to GitHub issues API, but only GET/HEAD elsewhere on GitHub
-./boundary \
+./jail \
  --allow "github.com/api/issues/*" \
  --allow "GET,HEAD github.com" \
  -- npm install
 
 # Default deny-all: everything is blocked unless explicitly allowed
-./boundary -- curl https://example.com
+./jail -- curl https://example.com
 ```
 
 ## Allow Rules
 
-boundary uses simple wildcard patterns for URL matching.
+jail uses simple wildcard patterns for URL matching.
 
 ### Rule Format
 
@@ -52,14 +52,14 @@ boundary uses simple wildcard patterns for URL matching.
 
 ```bash
 # Basic patterns
-boundary --allow "github.com" -- git pull
+jail --allow "github.com" -- git pull
 
 # Wildcard patterns
-boundary --allow "*.github.com" -- npm install # GitHub subdomains
-boundary --allow "api.*" -- ./app # Any API domain
+jail --allow "*.github.com" -- npm install # GitHub subdomains
+jail --allow "api.*" -- ./app # Any API domain
 
 # Method-specific rules
-boundary --allow "GET,HEAD api.github.com" -- curl https://api.github.com
+jail --allow "GET,HEAD api.github.com" -- curl https://api.github.com
 ```
 
 **Default Policy:** All traffic is denied unless explicitly allowed.
@@ -68,13 +68,13 @@ boundary --allow "GET,HEAD api.github.com" -- curl https://api.github.com
 
 ```bash
 # Monitor all requests with info logging
-boundary --log-level info --allow "*" -- npm install
+jail --log-level info --allow "*" -- npm install
 
 # Debug logging for troubleshooting
-boundary --log-level debug --allow "github.com" -- git pull
+jail --log-level debug --allow "github.com" -- git pull
 
 # Error-only logging
-boundary --log-level error --allow "*" -- ./app
+jail --log-level error --allow "*" -- ./app
 ```
 
 **Log Levels:**
@@ -85,20 +85,20 @@ boundary --log-level error --allow "*" -- ./app
 
 ## Blocked Request Messages
 
-When a request is blocked, boundary provides helpful guidance:
+When a request is blocked, jail provides helpful guidance:
 
 ```
-🚫 Request Blocked by Boundary
+🚫 Request Blocked by Jail
 
 Request: GET /
 Host: google.com
 Reason: No matching allow rules (default deny-all policy)
 
-To allow this request, restart boundary with:
+To allow this request, restart jail with:
  --allow "google.com" # Allow all methods to this host
  --allow "GET google.com" # Allow only GET requests to this host
 
-For more help: https://github.com/coder/boundary
+For more help: https://github.com/coder/jail
 ```
 
 ## Platform Support
@@ -128,30 +128,30 @@ For more help: https://github.com/coder/boundary
 ### Build from Source
 
 ```bash
-git clone https://github.com/coder/boundary
-cd boundary
-go build -o boundary .
+git clone https://github.com/coder/jail
+cd jail
+go build -o jail .
 ```
 
 ## TLS Interception
 
-boundary automatically generates a Certificate Authority (CA) to intercept HTTPS traffic:
+jail automatically generates a Certificate Authority (CA) to intercept HTTPS traffic:
 
-- CA stored in `~/.config/boundary/` (or `$XDG_CONFIG_HOME/boundary/`)
-- CA certificate provided via `BOUNDARY_CA_CERT` environment variable
+- CA stored in `~/.config/jail/` (or `$XDG_CONFIG_HOME/jail/`)
+- CA certificate provided via `JAIL_CA_CERT` environment variable
 - Certificates generated on-demand for intercepted domains
 - CA expires after 1 year
 
 ### Disable TLS Interception
 
 ```bash
-boundary --no-tls-intercept --allow "*" -- ./app
+jail --no-tls-intercept --allow "*" -- ./app
 ```
 
 ## Command-Line Options
 
 ```text
-boundary [flags] -- command [args...]
+jail [flags] -- command [args...]
 
 OPTIONS:
  --allow <SPEC> Allow rule (repeatable)
@@ -165,14 +165,14 @@ OPTIONS:
 
 ```bash
 # Build
-go build -o boundary .
+go build -o jail .
 
 # Test
 go test ./...
 
 # Cross-compile
-GOOS=linux GOARCH=amd64 go build -o boundary-linux .
-GOOS=darwin GOARCH=amd64 go build -o boundary-macos .
+GOOS=linux GOARCH=amd64 go build -o jail-linux .
+GOOS=darwin GOARCH=amd64 go build -o jail-macos .
 ```
 
 ## License

go.mod

@@ -1,16 +1,11 @@
-module boundary
+module github.com/coder/jail
 
-go 1.21.4
+go 1.25
 
-toolchain go1.23.8
+require github.com/coder/serpent v0.10.0
 
 require (
 cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6 // indirect
-github.com/coder/serpent v0.10.0
-gopkg.in/yaml.v3 v3.0.1 // indirect
-)
-
-require (
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 // indirect
 github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -32,4 +27,5 @@ require (
 golang.org/x/sys v0.17.0 // indirect
 golang.org/x/term v0.17.0 // indirect
 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
+gopkg.in/yaml.v3 v3.0.1 // indirect
 )

main.go

@@ -2,6 +2,7 @@ package main
 
 import (
 "context"
+cryptotls "crypto/tls"
 "fmt"
 "log/slog"
 "os"
@@ -10,72 +11,70 @@ import (
 "strings"
 "syscall"
 "time"
-cryptotls "crypto/tls"
-
-"boundary/netjail"
-"boundary/proxy"
-"boundary/rules"
-"boundary/tls"
 
+"github.com/coder/jail/netjail"
+"github.com/coder/jail/proxy"
+"github.com/coder/jail/rules"
+"github.com/coder/jail/tls"
 "github.com/coder/serpent"
 )
 
 var (
-allowStrings  []string
-noTLSIntercept  bool
-logLevel  string
-noJailCleanup  bool
+allowStrings []string
+noTLSIntercept bool
+logLevel string
+noJailCleanup bool
 )
 
 func main() {
 cmd := &serpent.Command{
-Use: "boundary [flags] -- command [args...]",
+Use: "jail [flags] -- command [args...]",
 Short: "Monitor and restrict HTTP/HTTPS requests from processes",
-Long: `boundary creates an isolated network environment for the target process,
+Long: `jail creates an isolated network environment for the target process,
 intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces
 user-defined rules.
 
 Examples:
  # Allow only requests to github.com
- boundary --allow "github.com" -- curl https://github.com
+ jail --allow "github.com" -- curl https://github.com
 
  # Monitor all requests to specific domains (allow only those)
- boundary --allow "github.com/api/issues/*" --allow "GET,HEAD github.com" -- npm install
+ jail --allow "github.com/api/issues/*" --allow "GET,HEAD github.com" -- npm install
 
  # Block everything by default (implicit)`,
 Options: serpent.OptionSet{
 {
 Name: "allow",
 Flag: "allow",
-Env: "BOUNDARY_ALLOW",
+Env: "JAIL_ALLOW",
 Description: "Allow rule (can be specified multiple times). Format: 'pattern' or 'METHOD[,METHOD] pattern'.",
 Value: serpent.StringArrayOf(&allowStrings),
 },
 {
 Name: "no-tls-intercept",
 Flag: "no-tls-intercept",
-Env: "BOUNDARY_NO_TLS_INTERCEPT",
+Env: "JAIL_NO_TLS_INTERCEPT",
 Description: "Disable HTTPS interception.",
 Value: serpent.BoolOf(&noTLSIntercept),
 },
 {
 Name: "log-level",
 Flag: "log-level",
-Env: "BOUNDARY_LOG_LEVEL",
+Env: "JAIL_LOG_LEVEL",
 Description: "Set log level (error, warn, info, debug).",
 Default: "warn",
 Value: serpent.StringOf(&logLevel),
 },
 {
 Name: "no-jail-cleanup",
 Flag: "no-jail-cleanup",
-Env: "BOUNDARY_NO_JAIL_CLEANUP",
+Env: "JAIL_NO_JAIL_CLEANUP",
 Description: "Skip jail cleanup (hidden flag for testing).",
 Value: serpent.BoolOf(&noJailCleanup),
 Hidden: true,
 },
 },
-Handler: runBoundary,
+Handler: runJail,
 }
 
 err := cmd.Invoke().WithOS().Run()
@@ -108,7 +107,7 @@ func setupLogging(logLevel string) *slog.Logger {
 return slog.New(handler)
 }
 
-func runBoundary(inv *serpent.Invocation) error {
+func runJail(inv *serpent.Invocation) error {
 logger := setupLogging(logLevel)
 
 // Get command arguments
@@ -172,21 +171,21 @@ func runBoundary(inv *serpent.Invocation) error {
 
 // Set standard CA certificate environment variables for common tools
 // This makes tools like curl, git, etc. trust our dynamically generated CA
-extraEnv["SSL_CERT_FILE"] = caCertPath  // OpenSSL/LibreSSL-based tools
-extraEnv["SSL_CERT_DIR"] = configDir  // OpenSSL certificate directory
-extraEnv["CURL_CA_BUNDLE"] = caCertPath  // curl
-extraEnv["GIT_SSL_CAINFO"] = caCertPath  // Git
-extraEnv["REQUESTS_CA_BUNDLE"] = caCertPath  // Python requests
-extraEnv["NODE_EXTRA_CA_CERTS"] = caCertPath  // Node.js
-extraEnv["BOUNDARY_CA_CERT"] = string(caCertPEM) // Keep for backward compatibility
+extraEnv["SSL_CERT_FILE"] = caCertPath // OpenSSL/LibreSSL-based tools
+extraEnv["SSL_CERT_DIR"] = configDir // OpenSSL certificate directory
+extraEnv["CURL_CA_BUNDLE"] = caCertPath // curl
+extraEnv["GIT_SSL_CAINFO"] = caCertPath // Git
+extraEnv["REQUESTS_CA_BUNDLE"] = caCertPath // Python requests
+extraEnv["NODE_EXTRA_CA_CERTS"] = caCertPath // Node.js
+extraEnv["JAIL_CA_CERT"] = string(caCertPEM) // Keep for backward compatibility
 }
 
 // Create network jail configuration
 netjailConfig := netjail.Config{
-HTTPPort:  8040,
-HTTPSPort:  8043,
-NetJailName:  "boundary",
-SkipCleanup:  noJailCleanup,
+HTTPPort: 8040,
+HTTPSPort: 8043,
+NetJailName: "jail",
+SkipCleanup: noJailCleanup,
 }
 
 // Create network jail
@@ -274,4 +273,4 @@ func runBoundary(inv *serpent.Invocation) error {
 }
 
 return nil
-}
+}

proxy/proxy.go

@@ -10,7 +10,7 @@ import (
 "net/url"
 "time"
 
-"boundary/rules"
+"github.com/coder/jail/rules"
 )
 
 // ProxyServer handles HTTP and HTTPS requests with rule-based filtering
@@ -249,24 +249,24 @@ func (p *ProxyServer) forwardHTTPSRequest(w http.ResponseWriter, r *http.Request
 func (p *ProxyServer) writeBlockedResponse(w http.ResponseWriter, r *http.Request) {
 w.Header().Set("Content-Type", "text/plain")
 w.WriteHeader(http.StatusForbidden)
-
+
 // Extract host from URL for cleaner display
 host := r.URL.Host
 if host == "" {
 host = r.Host
 }
-
-fmt.Fprintf(w, `🚫 Request Blocked by Boundary
+
+fmt.Fprintf(w, `🚫 Request Blocked by Jail
 
 Request: %s %s
 Host: %s
 Reason: No matching allow rules (default deny-all policy)
 
-To allow this request, restart boundary with:
+To allow this request, restart jail with:
  --allow "%s" # Allow all methods to this host
  --allow "%s %s" # Allow only %s requests to this host
 
-For more help: https://github.com/coder/boundary
-`, 
+For more help: https://github.com/coder/jail
+`,
 r.Method, r.URL.Path, host, host, r.Method, host, r.Method)
-}
+}