You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-**File blocking** — prevents sensitive files (`.env`, `.pem`, secrets) from being sent
14
19
-**Desktop UI** — real-time session inspector with request/response viewer
15
20
-**Audit logging** — structured JSON logs with automatic rotation
@@ -102,6 +107,11 @@ egressor --version
102
107
listen_address: "127.0.0.1:8080"
103
108
104
109
policy:
110
+
# Block requests that reference files outside these directories.
111
+
# If empty, no directory scope is enforced.
112
+
allowed_directories:
113
+
# - "~/Projects/my-app"
114
+
105
115
deny_file_patterns:
106
116
- "*.env"
107
117
- "*.pem"
@@ -122,6 +132,15 @@ intercept:
122
132
max_body_size: 1048576# 1MB
123
133
```
124
134
135
+
### Allowed directories
136
+
137
+
When `allowed_directories` is set, any request containing file references outside those directories is blocked. This prevents LLM tools from accessing files beyond the intended project scope (e.g. `~/.ssh`, `/etc/passwd`, `~/.aws/credentials`).
138
+
139
+
- Relative paths are resolved against the current working directory
140
+
- Path traversals (`../`) are cleaned before evaluation
141
+
- Multiple directories can be specified
142
+
- Leave empty to allow all directories (default)
143
+
125
144
### Deny file patterns
126
145
127
146
Glob patterns that block requests containing matching file references:
@@ -144,7 +163,7 @@ The default mode opens a native desktop window (built with Wails + React):
144
163
145
164
- **Sessions tab** — live table of intercepted connections with method, host, status, file count
146
165
- **Detail panel** — click a session to see full request/response headers, body (JSON-formatted), and detected files
147
-
- **Policy tab** — edit deny file patterns, add/remove patterns, save to config
166
+
- **Policy tab** — manage allowed directories and deny file patterns, save to config
0 commit comments