wg-wrap.git - wg-wrap runs commands in network namespaces configured with userspace wireguard tunnels.

Age	Commit message (Collapse)	Author
2026-05-29	security: upgrade dependencies to remediate transitive vulnerabilities	James O'Doherty
	Upgrades several indirect and direct dependencies to their latest safe versions, successfully resolving 26 dormant vulnerabilities identified by govulncheck. - Upgraded golang.org/x/crypto from v0.37.0 to v0.52.0 (remediating 13 CVEs) - Upgraded golang.org/x/net from v0.39.0 to v0.55.0 (remediating 12 CVEs) - Upgraded golang.org/x/sys from v0.32.0 to v0.45.0 (remediating 1 CVE) - Upgraded golang.zx2c4.com/wireguard to v0.0.0-20260522210424-ecfc5a8d5446 Ran `go mod tidy` and verified that all unit, integration, and E2E data-plane tests continue to compile and pass successfully.
2026-05-29	feat: implement userspace wireguard data-path and unprivileged host fd-passing	James O'Doherty
	- Implement complete rootless network namespace bootstrap via C launcher using unshare(CLONE_NEWUSER \| CLONE_NEWNS \| CLONE_NEWNET). - Resolve unprivileged network isolation blackhole via host-socket preservation (FD passing): open client UDP sockets on the host pre-isolation, clear O_CLOEXEC, and ingest them via custom `FDBind` inside the sandbox. - Implement isolated routing table automation over `tun0` (addresses, MTU, default routes). - Implement persistent, multi-process namespace sharing and joining using reference-counted PID files and the setns system call. - Write robust, self-contained E2E data plane test suites in `tests/e2e/e2e_test.go` using a mock UDP listener. - Update project documentation (`README.md` and `AGENTS.md`) to reflect completed milestones. - Ensure 100% test passing rate and zero lint/staticcheck warnings.
2026-05-22	docs: update README and AGENTS.md to reflect embedded launcher architecture	James O'Doherty

2026-05-22	feat: implement rootless network isolation bootstrap and C launcher	James O'Doherty