LASSO Dashboard Tour

Navigate Space Play/Pause
1 / 12
Login Page
Step 1 of 12

Login Page

Token-based authentication protects the dashboard. Supports both access tokens and GitHub OAuth.

Dashboard Overview
Step 2 of 12

Dashboard Overview

The main dashboard shows sandbox statistics, a creation form, and the active sandboxes table with real-time status. Four profiles: minimal, development, offline, and strict.

Sandbox Detail -- Strict Profile
Step 3 of 12

Sandbox Detail -- Strict Profile

Detailed view of the strict sandbox showing the terminal, command policy with git history blocking, network policy cards with blocked database ports, and live audit feed.

Command Execution -- Allowed
Step 4 of 12

Command Execution -- Allowed

Running 'ls -la' inside the strict sandbox. The command gate checks the whitelist and allows execution. Result appears instantly via HTMX.

Command Blocked -- Security Violation
Step 5 of 12

Command Blocked -- Security Violation

Attempting 'git log -p' is blocked immediately. Git history content is restricted to prevent PII exposure from commit diffs. A violation is logged to the audit trail.

Network Policy -- Database Port Blocking
Step 6 of 12

Network Policy -- Database Port Blocking

Network policy cards show blocked database ports (MSSQL, PostgreSQL, MySQL, MongoDB, Redis, etc.). Database access is blocked at both command and network levels.

Audit Log -- HMAC-Signed Entries
Step 7 of 12

Audit Log -- HMAC-Signed Entries

Every command execution, lifecycle event, and security violation is recorded with HMAC-signed, hash-chained audit entries. Blocked commands are highlighted in red.

Security Profiles
Step 8 of 12

Security Profiles

Four built-in profiles with different security postures: minimal, development, offline, and strict.

Profile Detail -- Strict
Step 9 of 12

Profile Detail -- Strict

Full configuration view of the strict profile with tabs for filesystem, commands, network, resources, guardrails, audit, and raw JSON.

Profile Commands Tab -- Git History Blocking
Step 10 of 12

Profile Commands Tab -- Git History Blocking

The commands tab shows the whitelist of allowed commands and blocked argument patterns. Git push, log -p, diff, and show are blocked to prevent PII exposure.

Profile Network Tab -- Strict Isolation
Step 11 of 12

Profile Network Tab -- Strict Isolation

The network tab shows the strict profile's network mode (none) with all database ports blocked as defense in depth.

System Capabilities Check
Step 12 of 12

System Capabilities Check

LASSO verifies container runtimes (Docker/Podman), Linux kernel namespaces, and cgroups v2 for full isolation.