for further clarification:
the jelly binary is the SSH server. connecting lands you in a Go TUI app, not a shell. there's no filesystem access, no command execution, users are fully sandboxed inside the app. it's built on charmbracelet/wish if you want to look at how that works.
replysecurity nightmre
replyhappy to address specific concerns if you have them. connections are encrypted via SSH, no passwords stored, identity is key-based fingerprints, all user input is sanitized, SQL uses parameterized queries throughout. what specifically are you worried about?
reply