File tree Expand file tree Collapse file tree 4 files changed +608
-164
lines changed
Expand file tree Collapse file tree 4 files changed +608
-164
lines changed Original file line number Diff line number Diff line change @@ -18,3 +18,7 @@ test-suite/gateway-stress/Dockerfile @zama-ai/fhevm-devs
1818
1919# Coprocessor Team ownership
2020/coprocessor / @ zama-ai/fhevm-coprocessor
21+
22+ # Enforces changes in Sandboxed AI CI/CD
23+ .github /squid /sandbox- * .conf @ zama-ai/infosec
24+ .github /workflows /claude- * .yml @ zama-ai/infosec
Original file line number Diff line number Diff line change 1+ # Strict domain allowlist for CI sandbox
2+ # Only these domains are reachable through the Squid proxy.
3+ # Based on: https://github.com/zama-ai/security-hub/tree/main/docs/how-tos/sandboxed-claude-code
4+ #
5+ # To add a new domain: append ".example.com" to the acl below.
6+ # Leading dot means "this domain and all subdomains".
7+
8+ acl allowed_domains dstdomain \
9+ .api.anthropic.com \
10+ .platform.claude.com \
11+ .github.com
12+
13+ # Allow only explicitly allowed domains
14+ http_access deny !allowed_domains
15+ http_access allow allowed_domains
16+
17+ # Deny everything else
18+ http_access deny all
You can’t perform that action at this time.
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?v=4&size=40){kind=avatar}
0 commit comments