kastellanRust development
Workers, channel adapters, and the macOS sandbox-parity work. The codebase is a 13-crate workspace with a strict no-unsandboxed-spawn rule.
Help hold the walls
A security-first project needs adversarial eyes as much as feature hands.
Security review
Red-team the sandbox policies, the threat model, the egress proxy. Finding a hole is a contribution, not a nuisance.
Docs & testing
The onboarding manual, cross-distro testing, macOS coverage. If a setup step surprised you, that’s a bug in the docs.
Ideas & issues
Design discussions and issue triage happen in the open on GitHub. Issues โ
Build it in three commands
git clone https://github.com/hherb/kastellan
cd kastellan && cargo build --workspace
cargo test --workspaceUbuntu 24.04+ needs one extra step โ an AppArmor profile so bubblewrap can create user namespaces (sudo scripts/linux/install-bwrap-apparmor-profile.sh). macOS works out of the box.
House rules
- AGPL-3.0, and AGPL-compatible dependencies only โ license hygiene is part of the security boundary.
- Linux and macOS are both first-class: no platform-specific feature lands without a counterpart of equivalent guarantee.
- Every worker is sandboxed before it runs. There is no unsandboxed escape hatch, and reviewers refuse PRs that try to add one.
- The repo’s handover convention (docs/devel/handovers/) means any contributor โ or any AI session โ can pick up exactly where the last one left off.
Start with the repo:
github.com/hherb/kastellan