Thanks for your interest. Snare is early-stage and moving fast — contributions are very welcome.
git clone https://github.com/peg/snare
cd snare
go build ./...
go test ./...No external dependencies required. The CLI is a single static binary.
cmd/snare/ entrypoint
internal/cli/ command routing and UX
internal/bait/ canary templates and plant/remove logic
internal/manifest/ ~/.snare/manifest.json management
internal/config/ ~/.snare/config.json management
internal/token/ credential token generation (crypto/rand)
internal/serve/ self-hosted callback server (snare serve)
worker/ Cloudflare Worker (snare.sh backend)
- Add a
Typeconstant ininternal/bait/bait.go - Add a template in the
templatesmap - Add a
caseinPlant()to set template data fields - Add the type to
highReliabilityTypesor leave it as medium (default) - Add the type string to the
CANARY_TYPESarray inworker/index.js - Add a test in
internal/bait/bait_test.go
The key constraint: the callback URL must be the real service endpoint, not a comment or secondary field. If the SDK won't call it during normal credential use, it's medium reliability at best.
go test ./... # all packages
go test ./internal/bait/... -v # verbose, single package
go test ./... -race -count=1 # with race detector (matches CI)- Open an issue first for significant changes
- Keep PRs focused — one thing per PR
- Tests required for new canary types and CLI commands
- No giveaway strings in generated credentials (
SNARE,FAKE,TEST,canary)
cd worker
npx wrangler dev # local dev server
npx wrangler deploy # deploy to your own CF accountThe worker never reads request bodies. Please maintain this invariant.
Apache 2.0. By contributing, you agree your contributions are licensed under the same terms.