buildEgressConfig

buildEgressConfig(allowlist, opts): EgressConfig

Defined in: src/egress.ts:456

Generate ALL egress config artefacts from the allowlist. PURE — no I/O.

Parameters

allowlist

string[]

Deduped, sorted hostname list (from buildEgressAllowlist).

opts

hostGateway?

{ ip: string; port: number; }

When set, opens exactly that host IP+port outbound (least-privilege agent→Shepherd reachability via the slirp host-loopback gateway).

hostGateway.ip

string

hostGateway.port

number

minCacheTtl?

number

dnsmasq min-cache-ttl seconds (default 600).

nftSet?

string

nft set identifier (default “inet#egress#allowed”).

resolver?

string

Upstream DNS resolver IP (default “10.0.2.3” = slirp4netns’s built-in).

tmpDir

string

Per-agent tmp directory for dnsmasq log + override files.

Returns

EgressConfig