npm - bx-mac - Versions diffs - 0.3.0 → 0.5.0 - Mend

bx-mac 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -14,6 +14,12 @@ bx ~/work/my-project
 That's it. 🎉 VSCode opens with full access to `~/work/my-project` and nothing else.
+Need multiple directories? No problem:
+```bash
+bx ~/work/my-project ~/work/shared-lib
+```
 ## ✅ What it does
 - 🔒 Blocks `~/Documents`, `~/Desktop`, `~/Downloads`, and all other personal folders
@@ -21,8 +27,9 @@ That's it. 🎉 VSCode opens with full access to `~/work/my-project` and nothing
 - 🛡️ Protects sensitive dotdirs like `~/.ssh`, `~/.gnupg`, `~/.docker`, `~/.cargo`
 - ⚙️ Keeps VSCode, extensions, shell, Node.js, and other tooling fully functional
 - 🔍 Generates sandbox rules dynamically based on your actual `$HOME` contents
-- 📝 Supports `.bxignore` to hide secrets like `.env` files within a project
-- 📂 Supports `~/.bxallow` to grant access to shared utility directories
+- 📝 Supports `.bxignore` files (searched recursively) to hide secrets like `.env` files within a project
+- 📂 Supports `rw:` and `ro:` prefixes in `~/.bxignore` to grant read-write or read-only access to extra directories
+- 🗂️ Supports multiple working directories in a single sandbox
 ## 🚫 What it doesn't do
@@ -54,13 +61,13 @@ pnpm link -g
 | Command | What it launches |
 |---|---|
-| `bx [workdir]` | 🖥️ VSCode (default) |
-| `bx code [workdir]` | 🖥️ VSCode (explicit) |
-| `bx term [workdir]` | 💻 Sandboxed login shell (`$SHELL -l`) |
-| `bx claude [workdir]` | 🤖 Claude Code CLI |
-| `bx exec [workdir] -- cmd` | ⚡ Any command you want |
+| `bx [workdir...]` | 🖥️ VSCode (default) |
+| `bx code [workdir...]` | 🖥️ VSCode (explicit) |
+| `bx term [workdir...]` | 💻 Sandboxed login shell (`$SHELL -l`) |
+| `bx claude [workdir...]` | 🤖 Claude Code CLI |
+| `bx exec [workdir...] -- cmd` | ⚡ Any command you want |
-If no directory is given, the current directory is used.
+If no directory is given, the current directory is used. All modes accept multiple directories.
 ### Examples
@@ -68,6 +75,9 @@ If no directory is given, the current directory is used.
 # 🖥️ VSCode with sandbox protection
 bx ~/work/my-project
+# 📂 Multiple working directories
+bx ~/work/my-project ~/work/shared-lib
 # 💻 Work on a project in a sandboxed terminal
 bx term ~/work/my-project
@@ -90,36 +100,35 @@ bx --verbose ~/work/my-project
 ## 📝 Configuration
-bx uses three optional config files — one entry per line, `#` for comments.
-### `~/.bxallow`
-Allow extra directories beyond the working directory. Paths relative to `$HOME`.
-```gitignore
-# Shared shell scripts and utilities
-work/bin
-shared/libs
-```
+bx uses two optional config files — one entry per line, `#` for comments. Project `.bxignore` files are discovered recursively.
 ### `~/.bxignore`
-Block additional dotdirs or files in your home. Paths relative to `$HOME`.
+Unified sandbox rules for your home directory. Paths relative to `$HOME`. Each line is either a deny rule (no prefix) or an access grant (`rw:` / `ro:` prefix, case-insensitive).
 ```gitignore
+# Block additional sensitive paths (no prefix = deny)
 .aws
 .azure
 .kube
 .config/gcloud
+# Allow read-write access to extra directories
+rw:work/bin
+rw:shared/libs
+# Allow read-only access (can read but not modify)
+ro:reference/docs
+ro:shared/toolchain
 ```
-These are blocked **in addition** to the built-in protected list:
+Deny rules are applied **in addition** to the built-in protected list:
 > 🔒 `.Trash` `.ssh` `.gnupg` `.docker` `.zsh_sessions` `.cargo` `.gradle` `.gem`
 ### `<project>/.bxignore`
-Block paths within the working directory. Supports glob patterns.
+Block paths within the working directory. Supports glob patterns. bx searches for `.bxignore` files **recursively** through the entire project tree (skipping `.`-prefixed dirs and `node_modules`), so you can place them in subdirectories to hide secrets close to where they live.
 ```gitignore
 .env
@@ -129,16 +138,27 @@ secrets/
 **/*.key
 ```
+For example, a monorepo might have:
+```text
+my-project/.bxignore          # top-level rules
+my-project/services/api/.bxignore   # API-specific secrets
+my-project/deploy/.bxignore         # deployment credentials
+```
+Each `.bxignore` resolves its patterns relative to its own directory.
 ## 🔧 How it works
 bx generates a macOS sandbox profile at launch time:
 1. **Scan** `$HOME` for non-hidden directories
 2. **Block** each one individually with `(deny file* (subpath ...))`
-3. **Skip** the working directory, `~/Library`, dotfiles, and `~/.bxallow` paths
+3. **Skip** all working directories, `~/Library`, dotfiles, and `rw:`/`ro:` paths from `~/.bxignore`
 4. **Descend** into parent directories of allowed paths to block only siblings (because SBPL deny rules always override allow rules)
-5. **Append** deny rules for protected dotdirs and `.bxignore` entries
-6. **Write** the profile to `/tmp`, launch the app via `sandbox-exec`, clean up on exit
+5. **Append** deny rules for protected dotdirs, plain entries in `~/.bxignore`, and `.bxignore` files found recursively in each working directory
+6. **Apply** `(deny file-write*)` rules for `ro:` directories (read allowed, write blocked)
+7. **Write** the profile to `/tmp`, launch the app via `sandbox-exec`, clean up on exit
 ### Why not a simple deny-all + allow?

package/dist/bx.js CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-const __VERSION__ = "0.3.0";
+const __VERSION__ = "0.5.0";
 import { accessSync, constants, cpSync, existsSync, globSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { dirname, join, resolve } from "node:path";
 import { spawn } from "node:child_process";
@@ -27,6 +27,23 @@ function checkVSCodeTerminal() {
 	}
 }
 /**
+* Abort if any workdir IS $HOME or is not inside $HOME.
+*/
+function checkWorkDirs(workDirs, home) {
+	for (const dir of workDirs) {
+		if (dir === home) {
+			console.error("sandbox: ERROR — working directory cannot be $HOME itself.");
+			console.error("sandbox: Sandboxing your entire home directory is not supported. Aborting.");
+			process.exit(1);
+		}
+		if (!dir.startsWith(home + "/")) {
+			console.error(`sandbox: ERROR — working directory is outside $HOME: ${dir}`);
+			console.error("sandbox: Only directories inside $HOME are supported. Aborting.");
+			process.exit(1);
+		}
+	}
+}
+/**
 * Detect if we're inside an unknown sandbox by probing well-known
 * directories that exist on every Mac but would be blocked.
 */
@@ -130,15 +147,39 @@ function collectIgnoreFilesRecursive(dir, ignored) {
 	}
 }
 /**
-* Parse ~/.bxallow and return a set of all allowed directories.
+* Parse ~/.bxignore for RW:/RO: prefixed lines and return allowed directories.
+* Lines without prefix are ignored here (handled by collectIgnoredPaths).
+* Also checks for deprecated ~/.bxallow and migrates its entries.
 */
-function parseAllowedDirs(home, workDirs) {
+function parseHomeConfig(home, workDirs) {
 	const allowed = new Set(workDirs);
-	for (const line of parseLines(join(home, ".bxallow"))) {
-		const absolute = resolve(home, line);
-		if (existsSync(absolute) && statSync(absolute).isDirectory()) allowed.add(absolute);
+	const readOnly = /* @__PURE__ */ new Set();
+	const bxallowPath = join(home, ".bxallow");
+	if (existsSync(bxallowPath)) {
+		console.error("sandbox: WARNING — ~/.bxallow is deprecated. Move entries to ~/.bxignore with RW: prefix.");
+		for (const line of parseLines(bxallowPath)) {
+			const absolute = resolve(home, line);
+			if (existsSync(absolute) && statSync(absolute).isDirectory()) allowed.add(absolute);
+		}
+	}
+	for (const line of parseLines(join(home, ".bxignore"))) {
+		let prefix = "";
+		let path = line;
+		const match = line.match(/^(RW|RO):(.+)$/i);
+		if (match) {
+			prefix = match[1].toUpperCase();
+			path = match[2].trim();
+		}
+		if (!prefix) continue;
+		const absolute = resolve(home, path);
+		if (!existsSync(absolute) || !statSync(absolute).isDirectory()) continue;
+		if (prefix === "RW") allowed.add(absolute);
+		else readOnly.add(absolute);
 	}
-	return allowed;
+	return {
+		allowed,
+		readOnly
+	};
 }
 /**
 * Recursively collect directories to block under parentDir.
@@ -163,22 +204,27 @@ function collectBlockedDirs(parentDir, home, scriptDir, allowedDirs) {
 }
 /**
 * Collect paths to deny from .bxignore files and built-in protected dotdirs.
-* Searches ~/.bxignore and recursively through all workdirs.
+* Searches ~/.bxignore (skipping RW:/RO: lines) and recursively through all workdirs.
 */
 function collectIgnoredPaths(home, workDirs) {
 	const ignored = PROTECTED_DOTDIRS.map((d) => join(home, d));
-	applyIgnoreFile(join(home, ".bxignore"), home, ignored);
+	const globalIgnore = join(home, ".bxignore");
+	if (existsSync(globalIgnore)) {
+		const denyLines = parseLines(globalIgnore).filter((l) => !l.match(/^(RW|RO):/i));
+		for (const line of denyLines) for (const match of globSync(line, { cwd: home })) ignored.push(resolve(home, match));
+	}
 	for (const workDir of workDirs) collectIgnoreFilesRecursive(workDir, ignored);
 	return ignored;
 }
 /**
 * Generate the SBPL sandbox profile string.
 */
-function generateProfile(workDirs, blockedDirs, ignoredPaths) {
+function generateProfile(workDirs, blockedDirs, ignoredPaths, readOnlyDirs = []) {
 	const denyRules = blockedDirs.map((dir) => `  (subpath "${dir}")`).join("\n");
 	const ignoredRules = ignoredPaths.length > 0 ? `\n; Hidden paths from .bxignore\n(deny file*\n${ignoredPaths.map((p) => {
 		return existsSync(p) && statSync(p).isDirectory() ? `  (subpath "${p}")` : `  (literal "${p}")`;
 	}).join("\n")}\n)\n` : "";
+	const readOnlyRules = readOnlyDirs.length > 0 ? `\n; Read-only directories\n(deny file-write*\n${readOnlyDirs.map((dir) => `  (subpath "${dir}")`).join("\n")}\n)\n` : "";
 	return `; Auto-generated sandbox profile
 ; Working directories: ${workDirs.join(", ")}
@@ -189,7 +235,7 @@ function generateProfile(workDirs, blockedDirs, ignoredPaths) {
 (deny file*
 ${denyRules}
 )
-${ignoredRules}
+${ignoredRules}${readOnlyRules}
 `;
 }
 //#endregion
@@ -232,7 +278,7 @@ function buildCommand(mode, workDirs, home, profileSandbox, execCmd) {
 		};
 		case "claude": return {
 			bin: "claude",
-			args: [workDirs[0]]
+			args: []
 		};
 		case "exec": return {
 			bin: execCmd[0],
@@ -265,8 +311,10 @@ Options:
   -h, --help           show this help
 Configuration:
-  ~/.bxallow           extra allowed directories (one per line)
-  ~/.bxignore          extra blocked paths in $HOME (one per line)
+  ~/.bxignore          sandbox rules (one per line):
+                         path         block access (deny)
+                         rw:path      allow read-write access
+                         ro:path      allow read-only access
   <workdir>/.bxignore  blocked paths in project (supports globs, searched recursively)
 https://github.com/holtwick/bx-mac`);
@@ -278,12 +326,15 @@ checkExternalSandbox();
 const { mode, workArgs, verbose, profileSandbox, execCmd } = parseArgs();
 const HOME = process.env.HOME;
 const WORK_DIRS = workArgs.map((a) => resolve(a));
+checkWorkDirs(WORK_DIRS, HOME);
 if (mode === "code" && profileSandbox) setupVSCodeProfile(HOME);
-const blockedDirs = collectBlockedDirs(HOME, HOME, __dirname, parseAllowedDirs(HOME, WORK_DIRS));
+const { allowed, readOnly } = parseHomeConfig(HOME, WORK_DIRS);
+const blockedDirs = collectBlockedDirs(HOME, HOME, __dirname, new Set([...allowed, ...readOnly]));
 const ignoredPaths = collectIgnoredPaths(HOME, WORK_DIRS);
 const extraIgnored = ignoredPaths.length - PROTECTED_DOTDIRS.length;
 if (extraIgnored > 0) console.error(`sandbox: .bxignore hides ${extraIgnored} extra path(s)`);
-const profile = generateProfile(WORK_DIRS, blockedDirs, ignoredPaths);
+if (readOnly.size > 0) console.error(`sandbox: ${readOnly.size} read-only director${readOnly.size === 1 ? "y" : "ies"}`);
+const profile = generateProfile(WORK_DIRS, blockedDirs, ignoredPaths, [...readOnly]);
 const profilePath = join("/tmp", `bx-${process.pid}.sb`);
 writeFileSync(profilePath, profile);
 const dirLabel = WORK_DIRS.length === 1 ? WORK_DIRS[0] : `${WORK_DIRS.length} directories`;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "bx-mac",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "description": "Launch apps in a macOS sandbox — only the project directory is accessible",
   "type": "module",
   "bin": {
@@ -11,6 +11,7 @@
   ],
   "scripts": {
     "build": "rolldown -c",
+    "test": "vitest run",
     "prepublishOnly": "npm run build",
     "post:release": "./scripts/release.sh"
   },
@@ -25,7 +26,8 @@
   "license": "MIT",
   "devDependencies": {
     "@types/node": "^25.5.0",
-    "rolldown": "^1.0.0-rc.12"
+    "rolldown": "^1.0.0-rc.12",
+    "vitest": "^4.1.2"
   },
   "engines": {
     "node": ">=22"