clash_starlark 0.7.2

Starlark policy evaluator for Clash — compiles .star files to JSON policy
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

go_safe = sandbox(
    name = "go_safe",
    default = ask(),
    fs = {
        subpath("$PWD", follow_worktrees = True): allow("rx"),
        "$HOME": {glob("go/**"): allow(), glob(".cache/go-build/**"): allow()},
        glob("$TMPDIR/**"): allow(),
    },
    net = deny(),
    doc = "Go safe: vet, test, build. Module cache writable, source read-only.",
)

sandbox("hello")

go_full = sandbox(
    name = "go_full",
    default = ask(),
    fs = {
        subpath("$PWD"): allow(FULL),
        "$HOME": {glob("go/**"): allow(), glob(".cache/go-build/**"): allow()},
        glob("$TMPDIR/**"): allow(),
    },
    net = allow(),
    doc = "Go full: get, mod tidy, install. Full project access, network enabled.",
)

go = {tool("Bash"): {"go": allow(sandbox = go_full)}}