membrane/config-default.yaml at main · noperator/membrane · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# Workspace .membrane.yaml entries are appended to the global list, not
# replaced. This applies to all list keys: ignore, readonly, allow, and args.

# `dns_resolver` is the upstream DNS resolver used by the handler's dns-proxy.
# Defaults to 1.1.1.1 if not set.
dns_resolver:

# `ssl_insecure` disables upstream TLS certificate verification in
# mitmproxy. Useful for internal services with self-signed or private
# CA certs. Disabled by default.
ssl_insecure: false

# `ignore` lists patterns matched against filenames or relative paths.
# Matching files and directories are shadowed with an empty placeholder
# inside the container; the agent can see they exist but cannot read
# their contents.
ignore:
  - "*.bak"
  - "*.tmp"

# `readonly` lists patterns mounted into the container as read-only. Use
# this for things like .git (so the agent can read history but not
# rewrite it) or credential files that should be visible but not
# writable.
readonly:
  - .git
  - .env
  - .membrane.yaml

# `allow` lists what the agent is allowed to reach. Each entry is
# auto-detected from its value: hostname, IP, CIDR, or URL. Object
# form supports additional constraints via ports: and http: keys.
allow:
  # Anthropic
  - statsig.anthropic.com
  - api.anthropic.com
  - platform.claude.com
  - statsig.com
  - sentry.io

  # Node.js/npm
  - registry.npmjs.org
  - deb.nodesource.com

  # Python packages
  - files.pythonhosted.org
  - pypi.org

  # Go packages
  - golang.org
  - google.golang.org
  - sum.golang.org
  - proxy.golang.org
  - dl.google.com
  - storage.googleapis.com
  - gopkg.in
  - goproxy.io
  - go.dev
  - pkg.go.dev

  # Rust packages
  - crates.io
  - static.crates.io
  - index.crates.io

  # Ubuntu/Debian packages
  - deb.debian.org
  - archive.ubuntu.com
  - ports.ubuntu.com
  - security.ubuntu.com

  # Ubuntu PPAs (deadsnakes, golang-backports, etc.)
  - launchpad.net
  - api.launchpad.net
  - ppa.launchpadcontent.net

  # GitHub
  - api.github.com
  - api.github.com
  - codeload.github.com
  - github.com
  - objects.githubusercontent.com
  - raw.githubusercontent.com
  - release-assets.githubusercontent.com

  # GitLab
  - gitlab.com

  # Bitbucket
  - bitbucket.org

  # OpenAI
  - ab.chatgpt.com
  - api.openai.com
  - chatgpt.com

  # OpenRouter
  - openrouter.ai

  # Docker Hub
  - docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com
  - hub.docker.com
  - production.cloudflare.docker.com
  - registry-1.docker.io
  - auth.docker.io

  # Cloudflare
  - cloudflare-dns.com

  # AWS STS
  - sts.amazonaws.com

  # AWS Bedrock - North America
  - bedrock-runtime.us-east-1.amazonaws.com
  - bedrock.us-east-1.amazonaws.com
  - bedrock-runtime.us-west-1.amazonaws.com
  - bedrock.us-west-1.amazonaws.com
  - bedrock-runtime.us-east-2.amazonaws.com
  - bedrock.us-east-2.amazonaws.com
  - bedrock-runtime.us-west-2.amazonaws.com
  - bedrock.us-west-2.amazonaws.com

# `args` lists raw arguments appended to the `docker run` command.
# Environment variables are expanded ($VAR, ${VAR}). Each flag and
# its argument must be separate items.
args: