wg-wrap.git - wg-wrap runs commands in network namespaces configured with userspace wireguard tunnels.

Age	Commit message (Collapse)	Author
8 days	feat(cli): introduce explicit run/exec subcommands to prevent typo-execution	James O'Doherty
	Prevent the ambiguity where a mistyped subcommand was interpreted as the target wrapped process. - Introduce `run` and `exec` (alias) subcommands for launching wrapped processes. - Promote internal test commands (`test-ns`, `test-args`, `test-lifecycle`) to explicit subcommands. - Update CLI routing to return an error for unknown subcommands instead of falling back to the default execution path. - Update `README.md` usage examples and all test suites to use the new subcommand structure.
11 days	refactor: decouple namespace operations and improve test coverage	James O'Doherty
	- Introduce `namespace.Ops` interface to decouple `Manager` from system-level namespace operations, enabling easier unit testing via mocks. - Add unit tests for `internal/paths` to verify path resolution logic across different environment configurations. - Implement `EnsureBinary` helper in E2E tests to gracefully skip tests when `WG_WRAP_BIN` is not set, allowing `go test ./...` to pass in non-build environments. - Apply project-wide formatting and fix linting issues.
2026-05-29	refactor: rename module to git.theodohertyfamily.com/wg-wrap and apply ↵	James O'Doherty
	public domain license - Update go.mod and all internal imports to reflect the new module path - Add LICENSE file with the Unlicense (public domain dedication) - Increase timeouts in e2e lifecycle tests to prevent flaky failures - Verify all tests, linting, and formatting pass with the new module name
2026-05-29	Fix DNS leaks, lifecycle race, and editor arg splitting	James O'Doherty
	- DNS Leak / Isolation Bypass: Blocked glibc's systemd-resolved and D-Bus socket communication within the unprivileged mount namespace by introducing BlockHostServices(). This targeted mount-blocking forces glibc to fall back to the standard resolv.conf DNS routing path and prevents host leaks. - Lifecycle Race: Reordered and protected the reference-counting cleanup routine under the profile flock to ensure that check-and-unpin operations are atomic and do not teardown namespaces actively used by parallel processes. - Editor Arguments: Split the EDITOR environment variable into discrete field tokens before invocation to support editor configurations containing command-line flags. - Testing: Added E2E regression tests for DNS leak detection, namespace unpinning concurrency, and editor argument parsing. All E2E tests now compile and pass cleanly.