npm - @dgxo/mashadevcli - Versions diffs - 1.1.0 - Mend

@dgxo/mashadevcli 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (140) hide show

package/LICENSE +202 -0
package/README.md +393 -0
package/bundle/builtin/skill-creator/SKILL.md +382 -0
package/bundle/builtin/skill-creator/scripts/init_skill.cjs +239 -0
package/bundle/builtin/skill-creator/scripts/package_skill.cjs +131 -0
package/bundle/builtin/skill-creator/scripts/validate_skill.cjs +131 -0
package/bundle/docs/CONTRIBUTING.md +1 -0
package/bundle/docs/admin/enterprise-controls.md +115 -0
package/bundle/docs/assets/connected_devtools.png +0 -0
package/bundle/docs/assets/gemini-screenshot.png +0 -0
package/bundle/docs/assets/monitoring-dashboard-logs.png +0 -0
package/bundle/docs/assets/monitoring-dashboard-metrics.png +0 -0
package/bundle/docs/assets/monitoring-dashboard-overview.png +0 -0
package/bundle/docs/assets/release_patch.png +0 -0
package/bundle/docs/assets/theme-ansi-light.png +0 -0
package/bundle/docs/assets/theme-ansi.png +0 -0
package/bundle/docs/assets/theme-atom-one.png +0 -0
package/bundle/docs/assets/theme-ayu-light.png +0 -0
package/bundle/docs/assets/theme-ayu.png +0 -0
package/bundle/docs/assets/theme-custom.png +0 -0
package/bundle/docs/assets/theme-default-light.png +0 -0
package/bundle/docs/assets/theme-default.png +0 -0
package/bundle/docs/assets/theme-dracula.png +0 -0
package/bundle/docs/assets/theme-github-light.png +0 -0
package/bundle/docs/assets/theme-github.png +0 -0
package/bundle/docs/assets/theme-google-light.png +0 -0
package/bundle/docs/assets/theme-xcode-light.png +0 -0
package/bundle/docs/changelogs/index.md +867 -0
package/bundle/docs/changelogs/latest.md +208 -0
package/bundle/docs/changelogs/preview.md +187 -0
package/bundle/docs/cli/checkpointing.md +93 -0
package/bundle/docs/cli/cli-reference.md +115 -0
package/bundle/docs/cli/creating-skills.md +80 -0
package/bundle/docs/cli/custom-commands.md +327 -0
package/bundle/docs/cli/enterprise.md +604 -0
package/bundle/docs/cli/gemini-ignore.md +71 -0
package/bundle/docs/cli/gemini-md.md +116 -0
package/bundle/docs/cli/generation-settings.md +210 -0
package/bundle/docs/cli/headless.md +50 -0
package/bundle/docs/cli/model-routing.md +42 -0
package/bundle/docs/cli/model.md +53 -0
package/bundle/docs/cli/plan-mode.md +375 -0
package/bundle/docs/cli/rewind.md +51 -0
package/bundle/docs/cli/sandbox.md +257 -0
package/bundle/docs/cli/session-management.md +184 -0
package/bundle/docs/cli/settings.md +165 -0
package/bundle/docs/cli/skills.md +134 -0
package/bundle/docs/cli/system-prompt.md +125 -0
package/bundle/docs/cli/telemetry.md +922 -0
package/bundle/docs/cli/themes.md +269 -0
package/bundle/docs/cli/token-caching.md +20 -0
package/bundle/docs/cli/trusted-folders.md +126 -0
package/bundle/docs/cli/tutorials/automation.md +283 -0
package/bundle/docs/cli/tutorials/file-management.md +142 -0
package/bundle/docs/cli/tutorials/mcp-setup.md +113 -0
package/bundle/docs/cli/tutorials/memory-management.md +126 -0
package/bundle/docs/cli/tutorials/session-management.md +105 -0
package/bundle/docs/cli/tutorials/shell-commands.md +107 -0
package/bundle/docs/cli/tutorials/skills-getting-started.md +110 -0
package/bundle/docs/cli/tutorials/task-planning.md +93 -0
package/bundle/docs/cli/tutorials/web-tools.md +78 -0
package/bundle/docs/core/index.md +107 -0
package/bundle/docs/core/remote-agents.md +84 -0
package/bundle/docs/core/subagents.md +307 -0
package/bundle/docs/examples/proxy-script.md +83 -0
package/bundle/docs/extensions/best-practices.md +188 -0
package/bundle/docs/extensions/index.md +61 -0
package/bundle/docs/extensions/reference.md +333 -0
package/bundle/docs/extensions/releasing.md +154 -0
package/bundle/docs/extensions/writing-extensions.md +308 -0
package/bundle/docs/get-started/authentication.md +402 -0
package/bundle/docs/get-started/examples.md +139 -0
package/bundle/docs/get-started/gemini-3.md +115 -0
package/bundle/docs/get-started/index.md +82 -0
package/bundle/docs/get-started/installation.md +174 -0
package/bundle/docs/hooks/best-practices.md +709 -0
package/bundle/docs/hooks/index.md +164 -0
package/bundle/docs/hooks/reference.md +330 -0
package/bundle/docs/hooks/writing-hooks.md +474 -0
package/bundle/docs/ide-integration/ide-companion-spec.md +267 -0
package/bundle/docs/ide-integration/index.md +224 -0
package/bundle/docs/index.md +141 -0
package/bundle/docs/integration-tests.md +211 -0
package/bundle/docs/issue-and-pr-automation.md +172 -0
package/bundle/docs/local-development.md +134 -0
package/bundle/docs/mermaid/context.mmd +103 -0
package/bundle/docs/mermaid/render-path.mmd +64 -0
package/bundle/docs/npm.md +62 -0
package/bundle/docs/redirects.json +20 -0
package/bundle/docs/reference/commands.md +526 -0
package/bundle/docs/reference/configuration.md +1786 -0
package/bundle/docs/reference/keyboard-shortcuts.md +164 -0
package/bundle/docs/reference/memport.md +246 -0
package/bundle/docs/reference/policy-engine.md +364 -0
package/bundle/docs/reference/tools.md +106 -0
package/bundle/docs/release-confidence.md +164 -0
package/bundle/docs/releases.md +540 -0
package/bundle/docs/resources/faq.md +175 -0
package/bundle/docs/resources/quota-and-pricing.md +165 -0
package/bundle/docs/resources/tos-privacy.md +102 -0
package/bundle/docs/resources/troubleshooting.md +176 -0
package/bundle/docs/resources/uninstall.md +56 -0
package/bundle/docs/sidebar.json +233 -0
package/bundle/docs/tools/activate-skill.md +43 -0
package/bundle/docs/tools/ask-user.md +95 -0
package/bundle/docs/tools/file-system.md +129 -0
package/bundle/docs/tools/internal-docs.md +46 -0
package/bundle/docs/tools/mcp-server.md +1150 -0
package/bundle/docs/tools/memory.md +35 -0
package/bundle/docs/tools/planning.md +58 -0
package/bundle/docs/tools/shell.md +216 -0
package/bundle/docs/tools/todos.md +35 -0
package/bundle/docs/tools/web-fetch.md +35 -0
package/bundle/docs/tools/web-search.md +32 -0
package/bundle/docs/update/update-guide.md +111 -0
package/bundle/masha.js +563471 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/client/main.js +89 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/src/_client-assets.d.ts +7 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/src/_client-assets.js +9 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/src/_client-assets.js.map +1 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/src/index.d.ts +48 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/src/index.js +299 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/src/index.js.map +1 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/src/types.d.ts +36 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/src/types.js +7 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/dist/src/types.js.map +1 -0
package/bundle/node_modules/@dgxo/mashadevcli-devtools/package.json +32 -0
package/bundle/policies/conseca.toml +6 -0
package/bundle/policies/discovered.toml +8 -0
package/bundle/policies/plan.toml +109 -0
package/bundle/policies/read-only.toml +53 -0
package/bundle/policies/write.toml +80 -0
package/bundle/policies/yolo.toml +54 -0
package/bundle/sandbox-macos-permissive-open.sb +27 -0
package/bundle/sandbox-macos-permissive-proxied.sb +37 -0
package/bundle/sandbox-macos-restrictive-open.sb +96 -0
package/bundle/sandbox-macos-restrictive-proxied.sb +98 -0
package/bundle/sandbox-macos-strict-open.sb +131 -0
package/bundle/sandbox-macos-strict-proxied.sb +133 -0
package/package.json +169 -0

package/bundle/policies/write.toml ADDED Viewed

@@ -0,0 +1,80 @@
+# Priority system for policy rules:
+# - Higher priority numbers win over lower priority numbers
+# - When multiple rules match, the highest priority rule is applied
+# - Rules are evaluated in order of priority (highest first)
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+# - Extension policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+# - Workspace policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+# - User policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
+# - Admin policies (TOML): 5 + priority/1000 (e.g., priority 100 → 5.100)
+#
+# This ensures Admin > User > Workspace > Extension > Default hierarchy is always preserved,
+# while allowing user-specified priorities to work within each tier.
+#
+# Settings-based and dynamic rules (all in user tier 4.x):
+#   4.95: Tools that the user has selected as "Always Allow" in the interactive UI
+#   4.9:  MCP servers excluded list (security: persistent server blocks)
+#   4.4:  Command line flag --exclude-tools (explicit temporary blocks)
+#   4.3:  Command line flag --allowed-tools (explicit temporary allows)
+#   4.2:  MCP servers with trust=true (persistent trusted servers)
+#   4.1:  MCP servers allowed list (persistent general server allows)
+#
+# TOML policy priorities (before transformation):
+#   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+#   15: Auto-edit tool override (becomes 1.015 in default tier)
+#   50: Read-only tools (becomes 1.050 in default tier)
+#   999: YOLO mode allow-all (becomes 1.999 in default tier)
+[[rule]]
+toolName = "replace"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "replace"
+decision = "allow"
+priority = 15
+modes = ["autoEdit"]
+[rule.safety_checker]
+type = "in-process"
+name = "allowed-path"
+required_context = ["environment"]
+[[rule]]
+toolName = "save_memory"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "run_shell_command"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "write_file"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "activate_skill"
+decision = "ask_user"
+priority = 10
+[[rule]]
+toolName = "write_file"
+decision = "allow"
+priority = 15
+modes = ["autoEdit"]
+[rule.safety_checker]
+type = "in-process"
+name = "allowed-path"
+required_context = ["environment"]
+[[rule]]
+toolName = "web_fetch"
+decision = "ask_user"
+priority = 10

package/bundle/policies/yolo.toml ADDED Viewed

@@ -0,0 +1,54 @@
+# Priority system for policy rules:
+# - Higher priority numbers win over lower priority numbers
+# - When multiple rules match, the highest priority rule is applied
+# - Rules are evaluated in order of priority (highest first)
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+# - Extension policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+# - Workspace policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+# - User policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
+# - Admin policies (TOML): 5 + priority/1000 (e.g., priority 100 → 5.100)
+#
+# This ensures Admin > User > Workspace > Extension > Default hierarchy is always preserved,
+# while allowing user-specified priorities to work within each tier.
+#
+# Settings-based and dynamic rules (all in user tier 4.x):
+#   4.95: Tools that the user has selected as "Always Allow" in the interactive UI
+#   4.9:  MCP servers excluded list (security: persistent server blocks)
+#   4.4:  Command line flag --exclude-tools (explicit temporary blocks)
+#   4.3:  Command line flag --allowed-tools (explicit temporary allows)
+#   4.2:  MCP servers with trust=true (persistent trusted servers)
+#   4.1:  MCP servers allowed list (persistent general server allows)
+#
+# TOML policy priorities (before transformation):
+#   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+#   15: Auto-edit tool override (becomes 1.015 in default tier)
+#   50: Read-only tools (becomes 1.050 in default tier)
+#   998: YOLO mode allow-all (becomes 1.998 in default tier)
+#   999: Ask-user tool (becomes 1.999 in default tier)
+# Ask-user tool always requires user interaction, even in YOLO mode.
+# This ensures the model can gather user preferences/decisions when needed.
+# Note: In non-interactive mode, this decision is converted to DENY by the policy engine.
+[[rule]]
+toolName = "ask_user"
+decision = "ask_user"
+priority = 999
+modes = ["yolo"]
+# Plan mode transitions are blocked in YOLO mode to maintain state consistency
+# and because planning currently requires human interaction (plan approval),
+# which conflicts with YOLO's autonomous nature.
+[[rule]]
+toolName = ["enter_plan_mode", "exit_plan_mode"]
+decision = "deny"
+priority = 999
+modes = ["yolo"]
+# Allow everything else in YOLO mode
+[[rule]]
+decision = "allow"
+priority = 998
+modes = ["yolo"]
+allow_redirection = true

package/bundle/sandbox-macos-permissive-open.sb ADDED Viewed

@@ -0,0 +1,27 @@
+(version 1)
+;; allow everything by default
+(allow default)
+;; deny all writes EXCEPT under specific paths
+(deny file-write*)
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+    (literal "/dev/ptmx")
+    (regex #"^/dev/ttys[0-9]*$")
+)

package/bundle/sandbox-macos-permissive-proxied.sb ADDED Viewed

@@ -0,0 +1,37 @@
+(version 1)
+;; allow everything by default
+(allow default)
+;; deny all writes EXCEPT under specific paths
+(deny file-write*)
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; deny all inbound network traffic EXCEPT on debugger port
+(deny network-inbound)
+(allow network-inbound (local ip "localhost:9229"))
+;; deny all outbound network traffic EXCEPT through proxy on localhost:8877
+;; set `GEMINI_SANDBOX_PROXY_COMMAND=<command>` to run proxy alongside sandbox
+;; proxy must listen on :::8877 (see docs/examples/proxy-script.md)
+(deny network-outbound)
+(allow network-outbound (remote tcp "localhost:8877"))
+(allow network-bind (local ip "*:*"))

package/bundle/sandbox-macos-restrictive-open.sb ADDED Viewed

@@ -0,0 +1,96 @@
+(version 1)
+;; deny everything by default
+(deny default)
+;; allow reading files from anywhere on host
+(allow file-read*)
+;; allow exec/fork (children inherit policy)
+(allow process-exec)
+(allow process-fork)
+;; allow signals to self, e.g. SIGPIPE on write to closed pipe
+(allow signal (target self))
+;; allow read access to specific information about system
+;; from https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/common.sb;l=273-319;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd
+(allow sysctl-read
+  (sysctl-name "hw.activecpu")
+  (sysctl-name "hw.busfrequency_compat")
+  (sysctl-name "hw.byteorder")
+  (sysctl-name "hw.cacheconfig")
+  (sysctl-name "hw.cachelinesize_compat")
+  (sysctl-name "hw.cpufamily")
+  (sysctl-name "hw.cpufrequency_compat")
+  (sysctl-name "hw.cputype")
+  (sysctl-name "hw.l1dcachesize_compat")
+  (sysctl-name "hw.l1icachesize_compat")
+  (sysctl-name "hw.l2cachesize_compat")
+  (sysctl-name "hw.l3cachesize_compat")
+  (sysctl-name "hw.logicalcpu_max")
+  (sysctl-name "hw.machine")
+  (sysctl-name "hw.ncpu")
+  (sysctl-name "hw.nperflevels")
+  (sysctl-name "hw.optional.arm.FEAT_BF16")
+  (sysctl-name "hw.optional.arm.FEAT_DotProd")
+  (sysctl-name "hw.optional.arm.FEAT_FCMA")
+  (sysctl-name "hw.optional.arm.FEAT_FHM")
+  (sysctl-name "hw.optional.arm.FEAT_FP16")
+  (sysctl-name "hw.optional.arm.FEAT_I8MM")
+  (sysctl-name "hw.optional.arm.FEAT_JSCVT")
+  (sysctl-name "hw.optional.arm.FEAT_LSE")
+  (sysctl-name "hw.optional.arm.FEAT_RDM")
+  (sysctl-name "hw.optional.arm.FEAT_SHA512")
+  (sysctl-name "hw.optional.armv8_2_sha512")
+  (sysctl-name "hw.packages")
+  (sysctl-name "hw.pagesize_compat")
+  (sysctl-name "hw.physicalcpu_max")
+  (sysctl-name "hw.tbfrequency_compat")
+  (sysctl-name "hw.vectorunit")
+  (sysctl-name "kern.hostname")
+  (sysctl-name "kern.maxfilesperproc")
+  (sysctl-name "kern.osproductversion")
+  (sysctl-name "kern.osrelease")
+  (sysctl-name "kern.ostype")
+  (sysctl-name "kern.osvariant_status")
+  (sysctl-name "kern.osversion")
+  (sysctl-name "kern.secure_kernel")
+  (sysctl-name "kern.usrstack64")
+  (sysctl-name "kern.version")
+  (sysctl-name "sysctl.proc_cputype")
+  (sysctl-name-prefix "hw.perflevel")
+)
+;; allow writes to specific paths
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; allow communication with sysmond for process listing (e.g. for pgrep)
+(allow mach-lookup (global-name "com.apple.sysmond"))
+;; enable terminal access required by ink
+;; fixes setRawMode EPERM failure (at node:tty:81:24)
+(allow file-ioctl (regex #"^/dev/tty.*"))
+;; allow inbound network traffic on debugger port
+(allow network-inbound (local ip "localhost:9229"))
+;; allow all outbound network traffic
+(allow network-outbound)

package/bundle/sandbox-macos-restrictive-proxied.sb ADDED Viewed

@@ -0,0 +1,98 @@
+(version 1)
+;; deny everything by default
+(deny default)
+;; allow reading files from anywhere on host
+(allow file-read*)
+;; allow exec/fork (children inherit policy)
+(allow process-exec)
+(allow process-fork)
+;; allow signals to self, e.g. SIGPIPE on write to closed pipe
+(allow signal (target self))
+;; allow read access to specific information about system
+;; from https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/common.sb;l=273-319;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd
+(allow sysctl-read
+  (sysctl-name "hw.activecpu")
+  (sysctl-name "hw.busfrequency_compat")
+  (sysctl-name "hw.byteorder")
+  (sysctl-name "hw.cacheconfig")
+  (sysctl-name "hw.cachelinesize_compat")
+  (sysctl-name "hw.cpufamily")
+  (sysctl-name "hw.cpufrequency_compat")
+  (sysctl-name "hw.cputype")
+  (sysctl-name "hw.l1dcachesize_compat")
+  (sysctl-name "hw.l1icachesize_compat")
+  (sysctl-name "hw.l2cachesize_compat")
+  (sysctl-name "hw.l3cachesize_compat")
+  (sysctl-name "hw.logicalcpu_max")
+  (sysctl-name "hw.machine")
+  (sysctl-name "hw.ncpu")
+  (sysctl-name "hw.nperflevels")
+  (sysctl-name "hw.optional.arm.FEAT_BF16")
+  (sysctl-name "hw.optional.arm.FEAT_DotProd")
+  (sysctl-name "hw.optional.arm.FEAT_FCMA")
+  (sysctl-name "hw.optional.arm.FEAT_FHM")
+  (sysctl-name "hw.optional.arm.FEAT_FP16")
+  (sysctl-name "hw.optional.arm.FEAT_I8MM")
+  (sysctl-name "hw.optional.arm.FEAT_JSCVT")
+  (sysctl-name "hw.optional.arm.FEAT_LSE")
+  (sysctl-name "hw.optional.arm.FEAT_RDM")
+  (sysctl-name "hw.optional.arm.FEAT_SHA512")
+  (sysctl-name "hw.optional.armv8_2_sha512")
+  (sysctl-name "hw.packages")
+  (sysctl-name "hw.pagesize_compat")
+  (sysctl-name "hw.physicalcpu_max")
+  (sysctl-name "hw.tbfrequency_compat")
+  (sysctl-name "hw.vectorunit")
+  (sysctl-name "kern.hostname")
+  (sysctl-name "kern.maxfilesperproc")
+  (sysctl-name "kern.osproductversion")
+  (sysctl-name "kern.osrelease")
+  (sysctl-name "kern.ostype")
+  (sysctl-name "kern.osvariant_status")
+  (sysctl-name "kern.osversion")
+  (sysctl-name "kern.secure_kernel")
+  (sysctl-name "kern.usrstack64")
+  (sysctl-name "kern.version")
+  (sysctl-name "sysctl.proc_cputype")
+  (sysctl-name-prefix "hw.perflevel")
+)
+;; allow writes to specific paths
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; allow communication with sysmond for process listing (e.g. for pgrep)
+(allow mach-lookup (global-name "com.apple.sysmond"))
+;; enable terminal access required by ink
+;; fixes setRawMode EPERM failure (at node:tty:81:24)
+(allow file-ioctl (regex #"^/dev/tty.*"))
+;; allow inbound network traffic on debugger port
+(allow network-inbound (local ip "localhost:9229"))
+;; allow outbound network traffic through proxy on localhost:8877
+;; set `GEMINI_SANDBOX_PROXY_COMMAND=<command>` to run proxy alongside sandbox
+;; proxy must listen on :::8877 (see docs/examples/proxy-script.md)
+(allow network-outbound (remote tcp "localhost:8877"))

package/bundle/sandbox-macos-strict-open.sb ADDED Viewed

@@ -0,0 +1,131 @@
+(version 1)
+;; deny everything by default
+(deny default)
+;; allow reading ONLY from working directory, system paths, and essential user paths
+(allow file-read*
+    (literal "/")
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    ;; Only allow reading essential dotfiles/directories under HOME, not the entire HOME
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (literal (string-append (param "HOME_DIR") "/.gitconfig"))
+    (subpath (string-append (param "HOME_DIR") "/.nvm"))
+    (subpath (string-append (param "HOME_DIR") "/.fnm"))
+    (subpath (string-append (param "HOME_DIR") "/.node"))
+    (subpath (string-append (param "HOME_DIR") "/.config"))
+    ;; Allow reads from included directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    ;; System paths required for Node.js, shell, and common tools
+    (subpath "/usr")
+    (subpath "/bin")
+    (subpath "/sbin")
+    (subpath "/Library")
+    (subpath "/System")
+    (subpath "/private")
+    (subpath "/dev")
+    (subpath "/etc")
+    (subpath "/opt")
+    (subpath "/Applications")
+)
+;; allow path traversal everywhere (metadata only: stat/lstat, NOT readdir or file content)
+;; this is needed for Node.js module resolution to traverse intermediate directories
+(allow file-read-metadata)
+;; allow exec/fork (children inherit policy)
+(allow process-exec)
+(allow process-fork)
+;; allow signals to self, e.g. SIGPIPE on write to closed pipe
+(allow signal (target self))
+;; allow read access to specific information about system
+;; from https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/common.sb;l=273-319;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd
+(allow sysctl-read
+  (sysctl-name "hw.activecpu")
+  (sysctl-name "hw.busfrequency_compat")
+  (sysctl-name "hw.byteorder")
+  (sysctl-name "hw.cacheconfig")
+  (sysctl-name "hw.cachelinesize_compat")
+  (sysctl-name "hw.cpufamily")
+  (sysctl-name "hw.cpufrequency_compat")
+  (sysctl-name "hw.cputype")
+  (sysctl-name "hw.l1dcachesize_compat")
+  (sysctl-name "hw.l1icachesize_compat")
+  (sysctl-name "hw.l2cachesize_compat")
+  (sysctl-name "hw.l3cachesize_compat")
+  (sysctl-name "hw.logicalcpu_max")
+  (sysctl-name "hw.machine")
+  (sysctl-name "hw.ncpu")
+  (sysctl-name "hw.nperflevels")
+  (sysctl-name "hw.optional.arm.FEAT_BF16")
+  (sysctl-name "hw.optional.arm.FEAT_DotProd")
+  (sysctl-name "hw.optional.arm.FEAT_FCMA")
+  (sysctl-name "hw.optional.arm.FEAT_FHM")
+  (sysctl-name "hw.optional.arm.FEAT_FP16")
+  (sysctl-name "hw.optional.arm.FEAT_I8MM")
+  (sysctl-name "hw.optional.arm.FEAT_JSCVT")
+  (sysctl-name "hw.optional.arm.FEAT_LSE")
+  (sysctl-name "hw.optional.arm.FEAT_RDM")
+  (sysctl-name "hw.optional.arm.FEAT_SHA512")
+  (sysctl-name "hw.optional.armv8_2_sha512")
+  (sysctl-name "hw.packages")
+  (sysctl-name "hw.pagesize_compat")
+  (sysctl-name "hw.physicalcpu_max")
+  (sysctl-name "hw.tbfrequency_compat")
+  (sysctl-name "hw.vectorunit")
+  (sysctl-name "kern.hostname")
+  (sysctl-name "kern.maxfilesperproc")
+  (sysctl-name "kern.osproductversion")
+  (sysctl-name "kern.osrelease")
+  (sysctl-name "kern.ostype")
+  (sysctl-name "kern.osvariant_status")
+  (sysctl-name "kern.osversion")
+  (sysctl-name "kern.secure_kernel")
+  (sysctl-name "kern.usrstack64")
+  (sysctl-name "kern.version")
+  (sysctl-name "sysctl.proc_cputype")
+  (sysctl-name-prefix "hw.perflevel")
+)
+;; allow writes to specific paths
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (literal (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; allow communication with sysmond for process listing (e.g. for pgrep)
+(allow mach-lookup (global-name "com.apple.sysmond"))
+;; enable terminal access required by ink
+;; fixes setRawMode EPERM failure (at node:tty:81:24)
+(allow file-ioctl (regex #"^/dev/tty.*"))
+;; allow inbound network traffic on debugger port
+(allow network-inbound (local ip "localhost:9229"))
+;; allow all outbound network traffic
+(allow network-outbound)

package/bundle/sandbox-macos-strict-proxied.sb ADDED Viewed

@@ -0,0 +1,133 @@
+(version 1)
+;; deny everything by default
+(deny default)
+;; allow reading ONLY from working directory, system paths, and essential user paths
+(allow file-read*
+    (literal "/")
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    ;; Only allow reading essential dotfiles/directories under HOME, not the entire HOME
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (literal (string-append (param "HOME_DIR") "/.gitconfig"))
+    (subpath (string-append (param "HOME_DIR") "/.nvm"))
+    (subpath (string-append (param "HOME_DIR") "/.fnm"))
+    (subpath (string-append (param "HOME_DIR") "/.node"))
+    (subpath (string-append (param "HOME_DIR") "/.config"))
+    ;; Allow reads from included directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    ;; System paths required for Node.js, shell, and common tools
+    (subpath "/usr")
+    (subpath "/bin")
+    (subpath "/sbin")
+    (subpath "/Library")
+    (subpath "/System")
+    (subpath "/private")
+    (subpath "/dev")
+    (subpath "/etc")
+    (subpath "/opt")
+    (subpath "/Applications")
+)
+;; allow path traversal everywhere (metadata only: stat/lstat, NOT readdir or file content)
+;; this is needed for Node.js module resolution to traverse intermediate directories
+(allow file-read-metadata)
+;; allow exec/fork (children inherit policy)
+(allow process-exec)
+(allow process-fork)
+;; allow signals to self, e.g. SIGPIPE on write to closed pipe
+(allow signal (target self))
+;; allow read access to specific information about system
+;; from https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/common.sb;l=273-319;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd
+(allow sysctl-read
+  (sysctl-name "hw.activecpu")
+  (sysctl-name "hw.busfrequency_compat")
+  (sysctl-name "hw.byteorder")
+  (sysctl-name "hw.cacheconfig")
+  (sysctl-name "hw.cachelinesize_compat")
+  (sysctl-name "hw.cpufamily")
+  (sysctl-name "hw.cpufrequency_compat")
+  (sysctl-name "hw.cputype")
+  (sysctl-name "hw.l1dcachesize_compat")
+  (sysctl-name "hw.l1icachesize_compat")
+  (sysctl-name "hw.l2cachesize_compat")
+  (sysctl-name "hw.l3cachesize_compat")
+  (sysctl-name "hw.logicalcpu_max")
+  (sysctl-name "hw.machine")
+  (sysctl-name "hw.ncpu")
+  (sysctl-name "hw.nperflevels")
+  (sysctl-name "hw.optional.arm.FEAT_BF16")
+  (sysctl-name "hw.optional.arm.FEAT_DotProd")
+  (sysctl-name "hw.optional.arm.FEAT_FCMA")
+  (sysctl-name "hw.optional.arm.FEAT_FHM")
+  (sysctl-name "hw.optional.arm.FEAT_FP16")
+  (sysctl-name "hw.optional.arm.FEAT_I8MM")
+  (sysctl-name "hw.optional.arm.FEAT_JSCVT")
+  (sysctl-name "hw.optional.arm.FEAT_LSE")
+  (sysctl-name "hw.optional.arm.FEAT_RDM")
+  (sysctl-name "hw.optional.arm.FEAT_SHA512")
+  (sysctl-name "hw.optional.armv8_2_sha512")
+  (sysctl-name "hw.packages")
+  (sysctl-name "hw.pagesize_compat")
+  (sysctl-name "hw.physicalcpu_max")
+  (sysctl-name "hw.tbfrequency_compat")
+  (sysctl-name "hw.vectorunit")
+  (sysctl-name "kern.hostname")
+  (sysctl-name "kern.maxfilesperproc")
+  (sysctl-name "kern.osproductversion")
+  (sysctl-name "kern.osrelease")
+  (sysctl-name "kern.ostype")
+  (sysctl-name "kern.osvariant_status")
+  (sysctl-name "kern.osversion")
+  (sysctl-name "kern.secure_kernel")
+  (sysctl-name "kern.usrstack64")
+  (sysctl-name "kern.version")
+  (sysctl-name "sysctl.proc_cputype")
+  (sysctl-name-prefix "hw.perflevel")
+)
+;; allow writes to specific paths
+(allow file-write*
+    (subpath (param "TARGET_DIR"))
+    (subpath (param "TMP_DIR"))
+    (subpath (param "CACHE_DIR"))
+    (subpath (string-append (param "HOME_DIR") "/.gemini"))
+    (subpath (string-append (param "HOME_DIR") "/.npm"))
+    (subpath (string-append (param "HOME_DIR") "/.cache"))
+    (literal (string-append (param "HOME_DIR") "/.gitconfig"))
+    ;; Allow writes to included directories from --include-directories
+    (subpath (param "INCLUDE_DIR_0"))
+    (subpath (param "INCLUDE_DIR_1"))
+    (subpath (param "INCLUDE_DIR_2"))
+    (subpath (param "INCLUDE_DIR_3"))
+    (subpath (param "INCLUDE_DIR_4"))
+    (literal "/dev/stdout")
+    (literal "/dev/stderr")
+    (literal "/dev/null")
+)
+;; allow communication with sysmond for process listing (e.g. for pgrep)
+(allow mach-lookup (global-name "com.apple.sysmond"))
+;; enable terminal access required by ink
+;; fixes setRawMode EPERM failure (at node:tty:81:24)
+(allow file-ioctl (regex #"^/dev/tty.*"))
+;; allow inbound network traffic on debugger port
+(allow network-inbound (local ip "localhost:9229"))
+;; allow outbound network traffic through proxy on localhost:8877
+;; set `GEMINI_SANDBOX_PROXY_COMMAND=<command>` to run proxy alongside sandbox
+;; proxy must listen on :::8877 (see docs/examples/proxy-script.md)
+(allow network-outbound (remote tcp "localhost:8877"))