bx-mac 0.2.1 → 0.4.0

package/README.md

@@ -14,6 +14,12 @@ bx ~/work/my-project
 
 That's it. 🎉 VSCode opens with full access to `~/work/my-project` and nothing else.
 
+Need multiple directories? No problem:
+
+```bash
+bx ~/work/my-project ~/work/shared-lib
+```
+
 ## ✅ What it does
 
 - 🔒 Blocks `~/Documents`, `~/Desktop`, `~/Downloads`, and all other personal folders
@@ -21,8 +27,9 @@ That's it. 🎉 VSCode opens with full access to `~/work/my-project` and nothing
 - 🛡️ Protects sensitive dotdirs like `~/.ssh`, `~/.gnupg`, `~/.docker`, `~/.cargo`
 - ⚙️ Keeps VSCode, extensions, shell, Node.js, and other tooling fully functional
 - 🔍 Generates sandbox rules dynamically based on your actual `$HOME` contents
-- 📝 Supports `.bxignore` to hide secrets like `.env` files within a project
+- 📝 Supports `.bxignore` files (searched recursively) to hide secrets like `.env` files within a project
 - 📂 Supports `~/.bxallow` to grant access to shared utility directories
+- 🗂️ Supports multiple working directories in a single sandbox
 
 ## 🚫 What it doesn't do
 
@@ -54,13 +61,13 @@ pnpm link -g
 
 | Command | What it launches |
 |---|---|
-| `bx [workdir]` | 🖥️ VSCode (default) |
-| `bx code [workdir]` | 🖥️ VSCode (explicit) |
-| `bx term [workdir]` | 💻 Sandboxed login shell (`$SHELL -l`) |
-| `bx claude [workdir]` | 🤖 Claude Code CLI |
-| `bx exec [workdir] -- cmd` | ⚡ Any command you want |
+| `bx [workdir...]` | 🖥️ VSCode (default) |
+| `bx code [workdir...]` | 🖥️ VSCode (explicit) |
+| `bx term [workdir...]` | 💻 Sandboxed login shell (`$SHELL -l`) |
+| `bx claude [workdir...]` | 🤖 Claude Code CLI |
+| `bx exec [workdir...] -- cmd` | ⚡ Any command you want |
 
-If no directory is given, the current directory is used.
+If no directory is given, the current directory is used. All modes accept multiple directories.
 
 ### Examples
 
@@ -68,6 +75,9 @@ If no directory is given, the current directory is used.
 # 🖥️ VSCode with sandbox protection
 bx ~/work/my-project
 
+# 📂 Multiple working directories
+bx ~/work/my-project ~/work/shared-lib
+
 # 💻 Work on a project in a sandboxed terminal
 bx term ~/work/my-project
 
@@ -90,7 +100,7 @@ bx --verbose ~/work/my-project
 
 ## 📝 Configuration
 
-bx uses three optional config files — one entry per line, `#` for comments.
+bx uses three optional config files — one entry per line, `#` for comments. Project `.bxignore` files are discovered recursively.
 
 ### `~/.bxallow`
 
@@ -119,7 +129,7 @@ These are blocked **in addition** to the built-in protected list:
 
 ### `<project>/.bxignore`
 
-Block paths within the working directory. Supports glob patterns.
+Block paths within the working directory. Supports glob patterns. bx searches for `.bxignore` files **recursively** through the entire project tree (skipping `.`-prefixed dirs and `node_modules`), so you can place them in subdirectories to hide secrets close to where they live.
 
 ```gitignore
 .env
@@ -129,15 +139,25 @@ secrets/
 **/*.key
 ```
 
+For example, a monorepo might have:
+
+```text
+my-project/.bxignore          # top-level rules
+my-project/services/api/.bxignore   # API-specific secrets
+my-project/deploy/.bxignore         # deployment credentials
+```
+
+Each `.bxignore` resolves its patterns relative to its own directory.
+
 ## 🔧 How it works
 
 bx generates a macOS sandbox profile at launch time:
 
 1. **Scan** `$HOME` for non-hidden directories
 2. **Block** each one individually with `(deny file* (subpath ...))`
-3. **Skip** the working directory, `~/Library`, dotfiles, and `~/.bxallow` paths
+3. **Skip** all working directories, `~/Library`, dotfiles, and `~/.bxallow` paths
 4. **Descend** into parent directories of allowed paths to block only siblings (because SBPL deny rules always override allow rules)
-5. **Append** deny rules for protected dotdirs and `.bxignore` entries
+5. **Append** deny rules for protected dotdirs, `~/.bxignore`, and `.bxignore` files found recursively in each working directory
 6. **Write** the profile to `/tmp`, launch the app via `sandbox-exec`, clean up on exit
 
 ### Why not a simple deny-all + allow?

package/dist/bx.js

@@ -1,21 +1,53 @@
 #!/usr/bin/env node
+const __VERSION__ = "0.4.0";
 import { accessSync, constants, cpSync, existsSync, globSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { dirname, join, resolve } from "node:path";
 import { spawn } from "node:child_process";
 import { fileURLToPath } from "node:url";
-//#region src/index.ts
-const __dirname = dirname(fileURLToPath(import.meta.url));
-if (process.env.CODEBOX_SANDBOX === "1") {
-	console.error("sandbox: ERROR — already running inside a bx sandbox.");
-	console.error("sandbox: Nesting sandbox-exec causes silent failures. Aborting.");
-	process.exit(1);
+import process from "node:process";
+//#region src/guards.ts
+/**
+* Abort if we're already inside a bx sandbox (env var set by us).
+*/
+function checkOwnSandbox() {
+	if (process.env.CODEBOX_SANDBOX === "1") {
+		console.error("sandbox: ERROR — already running inside a bx sandbox.");
+		console.error("sandbox: Nesting sandbox-exec causes silent failures. Aborting.");
+		process.exit(1);
+	}
+}
+/**
+* Warn if launched from inside a VSCode terminal.
+*/
+function checkVSCodeTerminal() {
+	if (process.env.VSCODE_PID) {
+		console.error("sandbox: WARNING — running from inside a VSCode terminal.");
+		console.error("sandbox: This will launch a *new* instance in a sandbox.");
+		console.error("sandbox: The current VSCode instance will NOT be sandboxed.");
+	}
 }
-if (process.env.VSCODE_PID) {
-	console.error("sandbox: WARNING — running from inside a VSCode terminal.");
-	console.error("sandbox: This will launch a *new* instance in a sandbox.");
-	console.error("sandbox: The current VSCode instance will NOT be sandboxed.");
+/**
+* Abort if any workdir IS $HOME or is not inside $HOME.
+*/
+function checkWorkDirs(workDirs, home) {
+	for (const dir of workDirs) {
+		if (dir === home) {
+			console.error("sandbox: ERROR — working directory cannot be $HOME itself.");
+			console.error("sandbox: Sandboxing your entire home directory is not supported. Aborting.");
+			process.exit(1);
+		}
+		if (!dir.startsWith(home + "/")) {
+			console.error(`sandbox: ERROR — working directory is outside $HOME: ${dir}`);
+			console.error("sandbox: Only directories inside $HOME are supported. Aborting.");
+			process.exit(1);
+		}
+	}
 }
-function isAlreadySandboxed() {
+/**
+* Detect if we're inside an unknown sandbox by probing well-known
+* directories that exist on every Mac but would be blocked.
+*/
+function checkExternalSandbox() {
 	for (const dir of [
 		"Documents",
 		"Desktop",
@@ -25,141 +57,187 @@ function isAlreadySandboxed() {
 		try {
 			accessSync(target, constants.R_OK);
 		} catch (e) {
-			if (e.code === "EPERM") return true;
+			if (e.code === "EPERM") {
+				console.error("sandbox: ERROR — already running inside a sandbox!");
+				console.error("sandbox: Nesting sandbox-exec may cause silent failures. Aborting.");
+				process.exit(1);
+			}
 		}
 	}
-	return false;
-}
-if (isAlreadySandboxed()) {
-	console.error("sandbox: ERROR — already running inside a sandbox!");
-	console.error("sandbox: Nesting sandbox-exec may cause silent failures. Aborting.");
-	process.exit(1);
 }
+//#endregion
+//#region src/args.ts
 const MODES = [
 	"code",
 	"term",
 	"claude",
 	"exec"
 ];
-const rawArgs = process.argv.slice(2);
-const verbose = rawArgs.includes("--verbose");
-const profileSandbox = rawArgs.includes("--profile-sandbox");
-const positional = rawArgs.filter((a) => !a.startsWith("--"));
-const doubleDashIdx = rawArgs.indexOf("--");
-const execCmd = doubleDashIdx >= 0 ? rawArgs.slice(doubleDashIdx + 1) : [];
-const beforeDash = doubleDashIdx >= 0 ? rawArgs.slice(0, doubleDashIdx).filter((a) => !a.startsWith("--")) : positional;
-let mode = "code";
-let workArg = ".";
-if (beforeDash.length > 0 && MODES.includes(beforeDash[0])) {
-	mode = beforeDash[0];
-	workArg = beforeDash[1] ?? ".";
-} else if (beforeDash.length > 0) workArg = beforeDash[0];
-if (mode === "exec" && execCmd.length === 0) {
-	console.error("sandbox: exec mode requires a command after \"--\"");
-	console.error("usage: bx exec [workdir] -- command [args...]");
-	process.exit(1);
+function parseArgs() {
+	const rawArgs = process.argv.slice(2);
+	const verbose = rawArgs.includes("--verbose");
+	const profileSandbox = rawArgs.includes("--profile-sandbox");
+	const positional = rawArgs.filter((a) => !a.startsWith("--"));
+	const doubleDashIdx = rawArgs.indexOf("--");
+	const execCmd = doubleDashIdx >= 0 ? rawArgs.slice(doubleDashIdx + 1) : [];
+	const beforeDash = doubleDashIdx >= 0 ? rawArgs.slice(0, doubleDashIdx).filter((a) => !a.startsWith("--")) : positional;
+	let mode = "code";
+	let workArgs;
+	if (beforeDash.length > 0 && MODES.includes(beforeDash[0])) {
+		mode = beforeDash[0];
+		workArgs = beforeDash.slice(1);
+	} else workArgs = beforeDash;
+	if (workArgs.length === 0) workArgs = ["."];
+	if (mode === "exec" && execCmd.length === 0) {
+		console.error("sandbox: exec mode requires a command after \"--\"");
+		console.error("usage: bx exec [workdir...] -- command [args...]");
+		process.exit(1);
+	}
+	return {
+		mode,
+		workArgs,
+		verbose,
+		profileSandbox,
+		execCmd
+	};
 }
-const HOME = process.env.HOME;
-const SCRIPT_DIR = __dirname;
-const WORK_DIR = resolve(workArg);
-const allowedDirs = new Set([WORK_DIR]);
-const sandboxAllowPath = join(HOME, ".bxallow");
-if (existsSync(sandboxAllowPath)) for (const raw of readFileSync(sandboxAllowPath, "utf-8").split("\n")) {
-	const line = raw.trim();
-	if (!line || line.startsWith("#")) continue;
-	const absolute = resolve(HOME, line);
-	if (existsSync(absolute) && statSync(absolute).isDirectory()) allowedDirs.add(absolute);
+//#endregion
+//#region src/profile.ts
+const PROTECTED_DOTDIRS = [
+	".Trash",
+	".ssh",
+	".gnupg",
+	".docker",
+	".zsh_sessions",
+	".cargo",
+	".gradle",
+	".gem"
+];
+/**
+* Parse a config file with one entry per line (supports # comments).
+*/
+function parseLines(filePath) {
+	if (!existsSync(filePath)) return [];
+	return readFileSync(filePath, "utf-8").split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
 }
-const VSCODE_APP = "/Applications/Visual Studio Code.app/Contents/MacOS/Electron";
-const VSCODE_DATA = join(HOME, ".vscode-sandbox");
-const VSCODE_EXTENSIONS_GLOBAL = join(HOME, ".vscode", "extensions");
-const VSCODE_EXTENSIONS_LOCAL = join(VSCODE_DATA, "extensions");
-if (mode === "code" && profileSandbox) {
-	mkdirSync(VSCODE_DATA, { recursive: true });
-	if (!existsSync(VSCODE_EXTENSIONS_LOCAL) && existsSync(VSCODE_EXTENSIONS_GLOBAL)) {
-		console.error("sandbox: copying extensions from global install...");
-		cpSync(VSCODE_EXTENSIONS_GLOBAL, VSCODE_EXTENSIONS_LOCAL, { recursive: true });
+/**
+* Apply a single .bxignore file: resolve glob patterns relative to baseDir.
+*/
+function applyIgnoreFile(filePath, baseDir, ignored) {
+	for (const line of parseLines(filePath)) for (const match of globSync(line, { cwd: baseDir })) ignored.push(resolve(baseDir, match));
+}
+/**
+* Recursively find and apply .bxignore files in a directory tree.
+*/
+function collectIgnoreFilesRecursive(dir, ignored) {
+	const ignoreFile = join(dir, ".bxignore");
+	if (existsSync(ignoreFile)) applyIgnoreFile(ignoreFile, dir, ignored);
+	let entries;
+	try {
+		entries = readdirSync(dir);
+	} catch {
+		return;
+	}
+	for (const name of entries) {
+		if (name.startsWith(".") || name === "node_modules") continue;
+		const fullPath = join(dir, name);
+		try {
+			if (statSync(fullPath).isDirectory()) collectIgnoreFilesRecursive(fullPath, ignored);
+		} catch {}
 	}
 }
-function collectBlockedDirs(parentDir) {
+/**
+* Parse ~/.bxallow and return a set of all allowed directories.
+*/
+function parseAllowedDirs(home, workDirs) {
+	const allowed = new Set(workDirs);
+	for (const line of parseLines(join(home, ".bxallow"))) {
+		const absolute = resolve(home, line);
+		if (existsSync(absolute) && statSync(absolute).isDirectory()) allowed.add(absolute);
+	}
+	return allowed;
+}
+/**
+* Recursively collect directories to block under parentDir.
+* Never blocks a parent of an allowed path — instead descends and blocks siblings.
+*/
+function collectBlockedDirs(parentDir, home, scriptDir, allowedDirs) {
 	const blocked = [];
 	for (const name of readdirSync(parentDir)) {
 		if (name.startsWith(".")) continue;
 		const fullPath = join(parentDir, name);
 		if (!statSync(fullPath).isDirectory()) continue;
-		if (parentDir === HOME && name === "Library") continue;
-		if (SCRIPT_DIR.startsWith(fullPath + "/") || SCRIPT_DIR === fullPath) continue;
+		if (parentDir === home && name === "Library") continue;
+		if (scriptDir.startsWith(fullPath + "/") || scriptDir === fullPath) continue;
 		if (allowedDirs.has(fullPath)) continue;
 		if ([...allowedDirs].some((d) => d.startsWith(fullPath + "/"))) {
-			blocked.push(...collectBlockedDirs(fullPath));
+			blocked.push(...collectBlockedDirs(fullPath, home, scriptDir, allowedDirs));
 			continue;
 		}
 		blocked.push(fullPath);
 	}
 	return blocked;
 }
-const blockedDirs = collectBlockedDirs(HOME);
-const PROTECTED_DOTDIRS = [
-	".Trash",
-	".ssh",
-	".gnupg",
-	".docker",
-	".zsh_sessions",
-	".cargo",
-	".gradle",
-	".gem"
-];
-const ignoredPaths = PROTECTED_DOTDIRS.map((d) => join(HOME, d));
-function parseSandboxIgnore(filePath, baseDir) {
-	if (!existsSync(filePath)) return;
-	for (const raw of readFileSync(filePath, "utf-8").split("\n")) {
-		const line = raw.trim();
-		if (!line || line.startsWith("#")) continue;
-		const matches = globSync(line, { cwd: baseDir });
-		for (const match of matches) ignoredPaths.push(resolve(baseDir, match));
-	}
+/**
+* Collect paths to deny from .bxignore files and built-in protected dotdirs.
+* Searches ~/.bxignore and recursively through all workdirs.
+*/
+function collectIgnoredPaths(home, workDirs) {
+	const ignored = PROTECTED_DOTDIRS.map((d) => join(home, d));
+	applyIgnoreFile(join(home, ".bxignore"), home, ignored);
+	for (const workDir of workDirs) collectIgnoreFilesRecursive(workDir, ignored);
+	return ignored;
 }
-parseSandboxIgnore(join(HOME, ".bxignore"), HOME);
-parseSandboxIgnore(join(WORK_DIR, ".bxignore"), WORK_DIR);
-const extraIgnored = ignoredPaths.length - PROTECTED_DOTDIRS.length;
-if (extraIgnored > 0) console.error(`sandbox: .bxignore hides ${extraIgnored} extra path(s)`);
-const profile = `; Auto-generated sandbox profile
-; Working directory: ${WORK_DIR}
+/**
+* Generate the SBPL sandbox profile string.
+*/
+function generateProfile(workDirs, blockedDirs, ignoredPaths) {
+	const denyRules = blockedDirs.map((dir) => `  (subpath "${dir}")`).join("\n");
+	const ignoredRules = ignoredPaths.length > 0 ? `\n; Hidden paths from .bxignore\n(deny file*\n${ignoredPaths.map((p) => {
+		return existsSync(p) && statSync(p).isDirectory() ? `  (subpath "${p}")` : `  (literal "${p}")`;
+	}).join("\n")}\n)\n` : "";
+	return `; Auto-generated sandbox profile
+; Working directories: ${workDirs.join(", ")}
 
 (version 1)
 (allow default)
 
 ; Blocked directories (auto-generated from $HOME contents)
 (deny file*
-${blockedDirs.map((dir) => `  (subpath "${dir}")`).join("\n")}
+${denyRules}
 )
-
-${ignoredPaths.length > 0 ? `
-; Hidden paths from .bxignore
-(deny file*
-${ignoredPaths.map((p) => {
-	return existsSync(p) && statSync(p).isDirectory() ? `  (subpath "${p}")` : `  (literal "${p}")`;
-}).join("\n")}
-)
-` : ""}
+${ignoredRules}
 `;
-const profilePath = join("/tmp", `bx-${process.pid}.sb`);
-writeFileSync(profilePath, profile);
-console.error(`sandbox: ${mode} mode, working directory: ${WORK_DIR}`);
-if (verbose) {
-	console.error("\n--- Generated sandbox profile ---");
-	console.error(profile);
-	console.error("--- End of profile ---\n");
 }
-function buildCommand() {
+//#endregion
+//#region src/modes.ts
+const VSCODE_APP = "/Applications/Visual Studio Code.app/Contents/MacOS/Electron";
+/**
+* Prepare VSCode isolated profile if --profile-sandbox is set.
+*/
+function setupVSCodeProfile(home) {
+	const dataDir = join(home, ".vscode-sandbox");
+	const globalExt = join(home, ".vscode", "extensions");
+	const localExt = join(dataDir, "extensions");
+	mkdirSync(dataDir, { recursive: true });
+	if (!existsSync(localExt) && existsSync(globalExt)) {
+		console.error("sandbox: copying extensions from global install...");
+		cpSync(globalExt, localExt, { recursive: true });
+	}
+}
+/**
+* Build the command + args to run inside the sandbox for the given mode.
+*/
+function buildCommand(mode, workDirs, home, profileSandbox, execCmd) {
 	switch (mode) {
 		case "code": {
+			const dataDir = join(home, ".vscode-sandbox");
 			const args = ["--no-sandbox"];
 			if (profileSandbox) {
-				args.push("--user-data-dir", join(VSCODE_DATA, "data"));
-				args.push("--extensions-dir", VSCODE_EXTENSIONS_LOCAL);
+				args.push("--user-data-dir", join(dataDir, "data"));
+				args.push("--extensions-dir", join(dataDir, "extensions"));
 			}
-			args.push(WORK_DIR);
+			args.push(...workDirs);
 			return {
 				bin: VSCODE_APP,
 				args
@@ -171,7 +249,7 @@ function buildCommand() {
 		};
 		case "claude": return {
 			bin: "claude",
-			args: [WORK_DIR]
+			args: []
 		};
 		case "exec": return {
 			bin: execCmd[0],
@@ -179,18 +257,72 @@ function buildCommand() {
 		};
 	}
 }
-const cmd = buildCommand();
+//#endregion
+//#region src/index.ts
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const VERSION = typeof __VERSION__ !== "undefined" ? __VERSION__ : "dev";
+if (process.argv.includes("--version") || process.argv.includes("-v")) {
+	console.log(`bx ${VERSION}`);
+	process.exit(0);
+}
+if (process.argv.includes("--help") || process.argv.includes("-h")) {
+	console.log(`bx ${VERSION} — launch apps in a macOS sandbox
+
+Usage:
+  bx [workdir...]                            VSCode (default)
+  bx code [workdir...]                       VSCode
+  bx term [workdir...]                       sandboxed login shell
+  bx claude [workdir...]                     Claude Code CLI
+  bx exec [workdir...] -- command [args...]  arbitrary command
+
+Options:
+  --verbose            print the generated sandbox profile
+  --profile-sandbox    use an isolated VSCode profile (code mode only)
+  -v, --version        show version
+  -h, --help           show this help
+
+Configuration:
+  ~/.bxallow           extra allowed directories (one per line)
+  ~/.bxignore          extra blocked paths in $HOME (one per line)
+  <workdir>/.bxignore  blocked paths in project (supports globs, searched recursively)
+
+https://github.com/holtwick/bx-mac`);
+	process.exit(0);
+}
+checkOwnSandbox();
+checkVSCodeTerminal();
+checkExternalSandbox();
+const { mode, workArgs, verbose, profileSandbox, execCmd } = parseArgs();
+const HOME = process.env.HOME;
+const WORK_DIRS = workArgs.map((a) => resolve(a));
+checkWorkDirs(WORK_DIRS, HOME);
+if (mode === "code" && profileSandbox) setupVSCodeProfile(HOME);
+const blockedDirs = collectBlockedDirs(HOME, HOME, __dirname, parseAllowedDirs(HOME, WORK_DIRS));
+const ignoredPaths = collectIgnoredPaths(HOME, WORK_DIRS);
+const extraIgnored = ignoredPaths.length - PROTECTED_DOTDIRS.length;
+if (extraIgnored > 0) console.error(`sandbox: .bxignore hides ${extraIgnored} extra path(s)`);
+const profile = generateProfile(WORK_DIRS, blockedDirs, ignoredPaths);
+const profilePath = join("/tmp", `bx-${process.pid}.sb`);
+writeFileSync(profilePath, profile);
+const dirLabel = WORK_DIRS.length === 1 ? WORK_DIRS[0] : `${WORK_DIRS.length} directories`;
+console.error(`sandbox: ${mode} mode, working directory: ${dirLabel}`);
+if (verbose) {
+	console.error("\n--- Generated sandbox profile ---");
+	console.error(profile);
+	console.error("--- End of profile ---\n");
+}
+const cmd = buildCommand(mode, WORK_DIRS, HOME, profileSandbox, execCmd);
 spawn("sandbox-exec", [
 	"-f",
 	profilePath,
 	"-D",
 	`HOME=${HOME}`,
 	"-D",
-	`WORK=${WORK_DIR}`,
+	`WORK=${WORK_DIRS[0]}`,
 	cmd.bin,
 	...cmd.args
 ], {
-	cwd: WORK_DIR,
+	cwd: WORK_DIRS[0],
 	stdio: "inherit",
 	env: {
 		...process.env,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bx-mac",
-  "version": "0.2.1",
+  "version": "0.4.0",
   "description": "Launch apps in a macOS sandbox — only the project directory is accessible",
   "type": "module",
   "bin": {
@@ -11,8 +11,9 @@
   ],
   "scripts": {
     "build": "rolldown -c",
-    "release": "./scripts/release.sh",
-    "prepublishOnly": "npm run build"
+    "test": "vitest run",
+    "prepublishOnly": "npm run build",
+    "post:release": "./scripts/release.sh"
   },
   "keywords": [
     "sandbox",
@@ -24,7 +25,9 @@
   "author": "Dirk Holtwick",
   "license": "MIT",
   "devDependencies": {
-    "rolldown": "^1.0.0-rc.12"
+    "@types/node": "^25.5.0",
+    "rolldown": "^1.0.0-rc.12",
+    "vitest": "^4.1.2"
   },
   "engines": {
     "node": ">=22"