Alice Poteat 785809791c Sort denyRead paths shallow-first so file masks land after dir tmpfs ...

A file-deny listed before its ancestor dir-deny in the denyRead array
was wiped: the /dev/null mask landed first, then the ancestor tmpfs
replaced it, then allowRead re-bound the project dir — file readable.

Normalize then sort by segment count before the mount loop. Ancestors
process first (tmpfs + re-binds), descendant file masks layer on top.
User-specified order no longer matters.

2026-03-31 11:12:36 -07:00

..

sandbox

Sort denyRead paths shallow-first so file masks land after dir tmpfs

2026-03-31 11:12:36 -07:00

utils

feat: support argv0 in RipgrepConfig (#163)

2026-03-09 11:38:32 -07:00

cli-config-loading.test.ts

Replace file watcher with fd 3 control channel for config updates

2026-01-14 14:35:12 -08:00

cli.test.ts

Add CLI tests for -c flag and command handling

2025-12-12 10:35:24 -05:00

config-validation.test.ts

Add enableWeakerNetworkIsolation option to conditionally allow trustd.agent mach-lookup

2026-02-09 21:52:21 -08:00

configurable-proxy-ports.test.ts

Change test URL from httpbin.org to example.com

2025-11-03 17:54:00 -08:00

control-fd.test.ts

Replace file watcher with fd 3 control channel for config updates

2026-01-14 14:35:12 -08:00