wg-wrap.git/README.md, branch main

docs: add case study on agentic development workflow

2026-06-14T05:28:47Z

docs: update diagnostics description and add healthcheck command to README

2026-06-13T18:08:14Z

feat(cli): introduce explicit run/exec subcommands to prevent typo-execution

2026-06-08T02:57:34Z

Prevent the ambiguity where a mistyped subcommand was interpreted as the target wrapped process. - Introduce `run` and `exec` (alias) subcommands for launching wrapped processes. - Promote internal test commands (`test-ns`, `test-args`, `test-lifecycle`) to explicit subcommands. - Update CLI routing to return an error for unknown subcommands instead of falling back to the default execution path. - Update `README.md` usage examples and all test suites to use the new subcommand structure.

refactor: simplify architecture and improve documentation

2026-06-05T02:38:44Z

- Extract orchestration logic from `internal/cli` into a new `internal/manager` package for better composability. - Migrate technical implementation details from README.md to package-level godoc strings. - Rewrite README.md to be more user-centric, focusing on quick start and usage. - Add comprehensive documentation for exported structs and fields across the project. - Verify all changes with `go fmt`, `go vet`, `golangci-lint`, and full E2E test suite.

refactor: rename module to git.theodohertyfamily.com/wg-wrap and apply public domain license

2026-05-30T03:35:21Z

- Update go.mod and all internal imports to reflect the new module path - Add LICENSE file with the Unlicense (public domain dedication) - Increase timeouts in e2e lifecycle tests to prevent flaky failures - Verify all tests, linting, and formatting pass with the new module name

feat: implement robust namespace lifecycle and resilience suite

2026-05-30T00:35:31Z

- Replace marker-file pinning with kernel bind-mount anchors for reliable namespace persistence. - Implement atomic "last-man-out" cleanup sequence using ProfileLock, preventing namespace leaks and race conditions. - Add comprehensive resilience test suite covering: - Crash recovery from stale runtime state. - Host network change stability. - Configuration hot-swap session persistence. - Resource exhaustion and high-churn lifecycle stress. - Align documentation and test expectations with rootless session-based persistence. - Fix argument integrity and isolation leaks. - Ensure 100% pass rate for all E2E and integration tests.

feat(cli,parser): support custom profile names and overhaul WireGuard .conf parser for robustness

2026-05-29T23:30:26Z

- CLI: - Add optional `[name]` argument to `wg-wrap profile import [name]` to allow overriding the imported profile name. If not provided, it falls back to the derived filename. - Update `README.md` command documentation to reflect custom profile names and list the `wg-wrap profile stop ` subcommand. - Expand `internal/cli/profile_test.go` to cover derived vs custom-named profile imports. - WG Configuration Parser: - Overhaul `pkg/wgconf/wgconf.go` to support case-insensitivity on section headers (e.g. `[peer]`, `[interface]`) and key names (e.g. `privatekey`, `allowedips`). - Implement robust trailing comment stripping (both `#` and `;`) while preserving inline comment-like characters in cryptographic keys (e.g. `key-with-hash-inside#123`) using whitespace-padded match logic. - Clean up and normalize leading/trailing spaces/tabs on parsed keys, values, and list elements (e.g. `AllowedIPs` and `DNS` fields). - Gracefully ignore unrecognized keys (e.g. `MTU`, `ListenPort`, `PresharedKey`) without returning errors. - Add comprehensive tests in `pkg/wgconf/wgconf_test.go` covering inline/block comments, formatting variations, unrecognized keys, and case-insensitivity.

feat: implement userspace wireguard data-path and unprivileged host fd-passing

2026-05-29T22:29:12Z

- Implement complete rootless network namespace bootstrap via C launcher using unshare(CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWNET). - Resolve unprivileged network isolation blackhole via host-socket preservation (FD passing): open client UDP sockets on the host pre-isolation, clear O_CLOEXEC, and ingest them via custom `FDBind` inside the sandbox. - Implement isolated routing table automation over `tun0` (addresses, MTU, default routes). - Implement persistent, multi-process namespace sharing and joining using reference-counted PID files and the setns system call. - Write robust, self-contained E2E data plane test suites in `tests/e2e/e2e_test.go` using a mock UDP listener. - Update project documentation (`README.md` and `AGENTS.md`) to reflect completed milestones. - Ensure 100% test passing rate and zero lint/staticcheck warnings.

docs: add diagnostic commands to README

2026-05-22T15:39:06Z

Implement automatic namespace lifecycle cleanup with last-man-out reference counting

2026-05-22T15:12:21Z