bx-mac 0.4.0 → 0.6.0

package/README.md

@@ -28,7 +28,7 @@ bx ~/work/my-project ~/work/shared-lib
 - ⚙️ Keeps VSCode, extensions, shell, Node.js, and other tooling fully functional
 - 🔍 Generates sandbox rules dynamically based on your actual `$HOME` contents
 - 📝 Supports `.bxignore` files (searched recursively) to hide secrets like `.env` files within a project
-- 📂 Supports `~/.bxallow` to grant access to shared utility directories
+- 📂 Supports `rw:` and `ro:` prefixes in `~/.bxignore` to grant read-write or read-only access to extra directories
 - 🗂️ Supports multiple working directories in a single sandbox
 
 ## 🚫 What it doesn't do
@@ -100,43 +100,53 @@ bx --verbose ~/work/my-project
 
 ## 📝 Configuration
 
-bx uses three optional config files — one entry per line, `#` for comments. Project `.bxignore` files are discovered recursively.
-
-### `~/.bxallow`
-
-Allow extra directories beyond the working directory. Paths relative to `$HOME`.
-
-```gitignore
-# Shared shell scripts and utilities
-work/bin
-shared/libs
-```
+bx uses two optional config files — one entry per line, `#` for comments. Project `.bxignore` files are discovered recursively.
 
 ### `~/.bxignore`
 
-Block additional dotdirs or files in your home. Paths relative to `$HOME`.
+Unified sandbox rules for your home directory. Paths relative to `$HOME`. Each line is either a deny rule (no prefix) or an access grant (`rw:` / `ro:` prefix, case-insensitive).
 
 ```gitignore
+# Block additional sensitive paths (no prefix = deny)
 .aws
 .azure
 .kube
 .config/gcloud
+
+# Allow read-write access to extra directories
+rw:work/bin
+rw:shared/libs
+
+# Allow read-only access (can read but not modify)
+ro:reference/docs
+ro:shared/toolchain
 ```
 
-These are blocked **in addition** to the built-in protected list:
+Deny rules are applied **in addition** to the built-in protected list:
 
 > 🔒 `.Trash` `.ssh` `.gnupg` `.docker` `.zsh_sessions` `.cargo` `.gradle` `.gem`
 
 ### `<project>/.bxignore`
 
-Block paths within the working directory. Supports glob patterns. bx searches for `.bxignore` files **recursively** through the entire project tree (skipping `.`-prefixed dirs and `node_modules`), so you can place them in subdirectories to hide secrets close to where they live.
+Block paths within the working directory. Uses [`.gitignore`-style pattern matching](https://git-scm.com/docs/gitignore#_pattern_format):
+
+| Pattern | Matches | Why |
+|---|---|---|
+| `.env` | `.env` at any depth | No `/` → recursive |
+| `.env.*` | `.env.local`, `sub/.env.production` | No `/` → recursive |
+| `*.pem` | `key.pem`, `sub/deep/cert.pem` | No `/` → recursive |
+| `secrets/` | `secrets/` at any depth | Trailing `/` is a dir marker, not a path separator |
+| `/.env` | Only `<workdir>/.env` | Leading `/` → anchored to root |
+| `config/secrets` | Only `<workdir>/config/secrets` | Contains `/` → relative to workdir |
+
+bx searches for `.bxignore` files **recursively** through the entire project tree (skipping `.`-prefixed dirs and `node_modules`), so you can place them in subdirectories to hide secrets close to where they live.
 
 ```gitignore
 .env
 .env.*
 secrets/
-**/*.pem
-**/*.key
+*.pem
+*.key
 ```
 
 For example, a monorepo might have:
@@ -155,10 +165,11 @@ bx generates a macOS sandbox profile at launch time:
 
 1. **Scan** `$HOME` for non-hidden directories
 2. **Block** each one individually with `(deny file* (subpath ...))`
-3. **Skip** all working directories, `~/Library`, dotfiles, and `~/.bxallow` paths
+3. **Skip** all working directories, `~/Library`, dotfiles, and `rw:`/`ro:` paths from `~/.bxignore`
 4. **Descend** into parent directories of allowed paths to block only siblings (because SBPL deny rules always override allow rules)
-5. **Append** deny rules for protected dotdirs, `~/.bxignore`, and `.bxignore` files found recursively in each working directory
-6. **Write** the profile to `/tmp`, launch the app via `sandbox-exec`, clean up on exit
+5. **Append** deny rules for protected dotdirs, plain entries in `~/.bxignore`, and `.bxignore` files found recursively in each working directory
+6. **Apply** `(deny file-write*)` rules for `ro:` directories (read allowed, write blocked)
+7. **Write** the profile to `/tmp`, launch the app via `sandbox-exec`, clean up on exit
 
 ### Why not a simple deny-all + allow?
 

package/dist/bx.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-const __VERSION__ = "0.4.0";
+const __VERSION__ = "0.6.0";
 import { accessSync, constants, cpSync, existsSync, globSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { dirname, join, resolve } from "node:path";
 import { spawn } from "node:child_process";
@@ -121,10 +121,22 @@ function parseLines(filePath) {
 	return readFileSync(filePath, "utf-8").split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
 }
 /**
+* Convert a .bxignore line to a glob pattern following .gitignore semantics:
+* - Leading "/" anchors to the base dir (stripped before globbing)
+* - Patterns without "/" (except trailing) match recursively via ** / prefix
+* - Patterns with "/" (non-leading, non-trailing) are relative to baseDir
+* - Trailing "/" marks directories only and doesn't count as path separator
+*/
+function toGlobPattern(line) {
+	if (line.startsWith("/")) return line.slice(1);
+	if ((line.endsWith("/") ? line.slice(0, -1) : line).includes("/")) return line;
+	return `**/${line}`;
+}
+/**
 * Apply a single .bxignore file: resolve glob patterns relative to baseDir.
 */
 function applyIgnoreFile(filePath, baseDir, ignored) {
-	for (const line of parseLines(filePath)) for (const match of globSync(line, { cwd: baseDir })) ignored.push(resolve(baseDir, match));
+	for (const line of parseLines(filePath)) for (const match of globSync(toGlobPattern(line), { cwd: baseDir })) ignored.push(resolve(baseDir, match));
 }
 /**
 * Recursively find and apply .bxignore files in a directory tree.
@@ -147,15 +159,39 @@ function collectIgnoreFilesRecursive(dir, ignored) {
 	}
 }
 /**
-* Parse ~/.bxallow and return a set of all allowed directories.
+* Parse ~/.bxignore for RW:/RO: prefixed lines and return allowed directories.
+* Lines without prefix are ignored here (handled by collectIgnoredPaths).
+* Also checks for deprecated ~/.bxallow and migrates its entries.
 */
-function parseAllowedDirs(home, workDirs) {
+function parseHomeConfig(home, workDirs) {
 	const allowed = new Set(workDirs);
-	for (const line of parseLines(join(home, ".bxallow"))) {
-		const absolute = resolve(home, line);
-		if (existsSync(absolute) && statSync(absolute).isDirectory()) allowed.add(absolute);
+	const readOnly = /* @__PURE__ */ new Set();
+	const bxallowPath = join(home, ".bxallow");
+	if (existsSync(bxallowPath)) {
+		console.error("sandbox: WARNING — ~/.bxallow is deprecated. Move entries to ~/.bxignore with RW: prefix.");
+		for (const line of parseLines(bxallowPath)) {
+			const absolute = resolve(home, line);
+			if (existsSync(absolute) && statSync(absolute).isDirectory()) allowed.add(absolute);
+		}
 	}
-	return allowed;
+	for (const line of parseLines(join(home, ".bxignore"))) {
+		let prefix = "";
+		let path = line;
+		const match = line.match(/^(RW|RO):(.+)$/i);
+		if (match) {
+			prefix = match[1].toUpperCase();
+			path = match[2].trim();
+		}
+		if (!prefix) continue;
+		const absolute = resolve(home, path);
+		if (!existsSync(absolute) || !statSync(absolute).isDirectory()) continue;
+		if (prefix === "RW") allowed.add(absolute);
+		else readOnly.add(absolute);
+	}
+	return {
+		allowed,
+		readOnly
+	};
 }
 /**
 * Recursively collect directories to block under parentDir.
@@ -180,22 +216,27 @@ function collectBlockedDirs(parentDir, home, scriptDir, allowedDirs) {
 }
 /**
 * Collect paths to deny from .bxignore files and built-in protected dotdirs.
-* Searches ~/.bxignore and recursively through all workdirs.
+* Searches ~/.bxignore (skipping RW:/RO: lines) and recursively through all workdirs.
 */
 function collectIgnoredPaths(home, workDirs) {
 	const ignored = PROTECTED_DOTDIRS.map((d) => join(home, d));
-	applyIgnoreFile(join(home, ".bxignore"), home, ignored);
+	const globalIgnore = join(home, ".bxignore");
+	if (existsSync(globalIgnore)) {
+		const denyLines = parseLines(globalIgnore).filter((l) => !l.match(/^(RW|RO):/i));
+		for (const line of denyLines) for (const match of globSync(toGlobPattern(line), { cwd: home })) ignored.push(resolve(home, match));
+	}
 	for (const workDir of workDirs) collectIgnoreFilesRecursive(workDir, ignored);
 	return ignored;
 }
 /**
 * Generate the SBPL sandbox profile string.
 */
-function generateProfile(workDirs, blockedDirs, ignoredPaths) {
+function generateProfile(workDirs, blockedDirs, ignoredPaths, readOnlyDirs = []) {
 	const denyRules = blockedDirs.map((dir) => `  (subpath "${dir}")`).join("\n");
 	const ignoredRules = ignoredPaths.length > 0 ? `\n; Hidden paths from .bxignore\n(deny file*\n${ignoredPaths.map((p) => {
 		return existsSync(p) && statSync(p).isDirectory() ? `  (subpath "${p}")` : `  (literal "${p}")`;
 	}).join("\n")}\n)\n` : "";
+	const readOnlyRules = readOnlyDirs.length > 0 ? `\n; Read-only directories\n(deny file-write*\n${readOnlyDirs.map((dir) => `  (subpath "${dir}")`).join("\n")}\n)\n` : "";
 	return `; Auto-generated sandbox profile
 ; Working directories: ${workDirs.join(", ")}
 
@@ -206,7 +247,7 @@ function generateProfile(workDirs, blockedDirs, ignoredPaths) {
 (deny file*
 ${denyRules}
 )
-${ignoredRules}
+${ignoredRules}${readOnlyRules}
 `;
 }
 //#endregion
@@ -282,9 +323,11 @@ Options:
   -h, --help           show this help
 
 Configuration:
-  ~/.bxallow           extra allowed directories (one per line)
-  ~/.bxignore          extra blocked paths in $HOME (one per line)
-  <workdir>/.bxignore  blocked paths in project (supports globs, searched recursively)
+  ~/.bxignore          sandbox rules (one per line):
+                         path         block access (deny)
+                         rw:path      allow read-write access
+                         ro:path      allow read-only access
+  <workdir>/.bxignore  blocked paths in project (.gitignore-style matching)
 
 https://github.com/holtwick/bx-mac`);
 	process.exit(0);
@@ -297,11 +340,13 @@ const HOME = process.env.HOME;
 const WORK_DIRS = workArgs.map((a) => resolve(a));
 checkWorkDirs(WORK_DIRS, HOME);
 if (mode === "code" && profileSandbox) setupVSCodeProfile(HOME);
-const blockedDirs = collectBlockedDirs(HOME, HOME, __dirname, parseAllowedDirs(HOME, WORK_DIRS));
+const { allowed, readOnly } = parseHomeConfig(HOME, WORK_DIRS);
+const blockedDirs = collectBlockedDirs(HOME, HOME, __dirname, new Set([...allowed, ...readOnly]));
 const ignoredPaths = collectIgnoredPaths(HOME, WORK_DIRS);
 const extraIgnored = ignoredPaths.length - PROTECTED_DOTDIRS.length;
 if (extraIgnored > 0) console.error(`sandbox: .bxignore hides ${extraIgnored} extra path(s)`);
-const profile = generateProfile(WORK_DIRS, blockedDirs, ignoredPaths);
+if (readOnly.size > 0) console.error(`sandbox: ${readOnly.size} read-only director${readOnly.size === 1 ? "y" : "ies"}`);
+const profile = generateProfile(WORK_DIRS, blockedDirs, ignoredPaths, [...readOnly]);
 const profilePath = join("/tmp", `bx-${process.pid}.sb`);
 writeFileSync(profilePath, profile);
 const dirLabel = WORK_DIRS.length === 1 ? WORK_DIRS[0] : `${WORK_DIRS.length} directories`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bx-mac",
-  "version": "0.4.0",
+  "version": "0.6.0",
   "description": "Launch apps in a macOS sandbox — only the project directory is accessible",
   "type": "module",
   "bin": {
@@ -11,6 +11,8 @@
   ],
   "scripts": {
     "build": "rolldown -c",
+    "build:native": "bun build src/index.ts --compile --outfile dist/bx-native --define \"__VERSION__=\\\"$(node -p \"require('./package.json').version\")\\\"\"",
+    "sign": "./scripts/sign.sh",
     "test": "vitest run",
     "prepublishOnly": "npm run build",
     "post:release": "./scripts/release.sh"