for further clarification:
the jelly binary is the SSH server. connecting lands you in a Go TUI app, not a shell. there's no filesystem access, no command execution, users are fully sandboxed inside the app. it's built on charmbracelet/wish if you want to look at how that works.
happy to address specific concerns if you have them. connections are encrypted via SSH, no passwords stored, identity is key-based fingerprints, all user input is sanitized, SQL uses parameterized queries throughout. what specifically are you worried about?
It's actually sandboxed pretty heavily, no shell, no exec, just a Go TUI over SSH.
Would love to hear what attack surface you're thinking about. Always trying to tighten this up and make it as secure as possible!
reply