bx-mac 0.5.0 → 0.7.0

package/README.md

@@ -87,6 +87,9 @@ bx claude ~/work/my-project
 # ⚡ Run a script in a sandbox
 bx exec ~/work/my-project -- python train.py
 
+# 🔍 Preview what will be protected (no launch)
+bx --dry ~/work/my-project
+
 # 🔍 See the generated sandbox profile
 bx --verbose ~/work/my-project
 ```
@@ -95,6 +98,7 @@ bx --verbose ~/work/my-project
 
 | Option | Description |
 |---|---|
+| `--dry` | Show a tree of all protected, read-only, and accessible paths — don't launch anything |
 | `--verbose` | Print the generated sandbox profile to stderr |
 | `--profile-sandbox` | Use an isolated VSCode profile (separate extensions/settings, `code` mode only) |
 
@@ -128,14 +132,25 @@ Deny rules are applied **in addition** to the built-in protected list:
 
 ### `<project>/.bxignore`
 
-Block paths within the working directory. Supports glob patterns. bx searches for `.bxignore` files **recursively** through the entire project tree (skipping `.`-prefixed dirs and `node_modules`), so you can place them in subdirectories to hide secrets close to where they live.
+Block paths within the working directory. Uses [`.gitignore`-style pattern matching](https://git-scm.com/docs/gitignore#_pattern_format):
+
+| Pattern | Matches | Why |
+|---|---|---|
+| `.env` | `.env` at any depth | No `/` → recursive |
+| `.env.*` | `.env.local`, `sub/.env.production` | No `/` → recursive |
+| `*.pem` | `key.pem`, `sub/deep/cert.pem` | No `/` → recursive |
+| `secrets/` | `secrets/` at any depth | Trailing `/` is a dir marker, not a path separator |
+| `/.env` | Only `<workdir>/.env` | Leading `/` → anchored to root |
+| `config/secrets` | Only `<workdir>/config/secrets` | Contains `/` → relative to workdir |
+
+bx searches for `.bxignore` files **recursively** through the entire project tree (skipping `.`-prefixed dirs and `node_modules`), so you can place them in subdirectories to hide secrets close to where they live.
 
 ```gitignore
 .env
 .env.*
 secrets/
-**/*.pem
-**/*.key
+*.pem
+*.key
 ```
 
 For example, a monorepo might have:

package/dist/bx.js

@@ -1,8 +1,9 @@
 #!/usr/bin/env node
-const __VERSION__ = "0.5.0";
+const __VERSION__ = "0.7.0";
 import { accessSync, constants, cpSync, existsSync, globSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { dirname, join, resolve } from "node:path";
 import { spawn } from "node:child_process";
+import { createInterface } from "node:readline";
 import { fileURLToPath } from "node:url";
 import process from "node:process";
 //#region src/guards.ts
@@ -76,6 +77,7 @@ const MODES = [
 function parseArgs() {
 	const rawArgs = process.argv.slice(2);
 	const verbose = rawArgs.includes("--verbose");
+	const dry = rawArgs.includes("--dry");
 	const profileSandbox = rawArgs.includes("--profile-sandbox");
 	const positional = rawArgs.filter((a) => !a.startsWith("--"));
 	const doubleDashIdx = rawArgs.indexOf("--");
@@ -83,11 +85,14 @@ function parseArgs() {
 	const beforeDash = doubleDashIdx >= 0 ? rawArgs.slice(0, doubleDashIdx).filter((a) => !a.startsWith("--")) : positional;
 	let mode = "code";
 	let workArgs;
+	let explicit = false;
 	if (beforeDash.length > 0 && MODES.includes(beforeDash[0])) {
 		mode = beforeDash[0];
 		workArgs = beforeDash.slice(1);
+		explicit = true;
 	} else workArgs = beforeDash;
 	if (workArgs.length === 0) workArgs = ["."];
+	else explicit = true;
 	if (mode === "exec" && execCmd.length === 0) {
 		console.error("sandbox: exec mode requires a command after \"--\"");
 		console.error("usage: bx exec [workdir...] -- command [args...]");
@@ -97,8 +102,10 @@ function parseArgs() {
 		mode,
 		workArgs,
 		verbose,
+		dry,
 		profileSandbox,
-		execCmd
+		execCmd,
+		implicit: !explicit
 	};
 }
 //#endregion
@@ -121,10 +128,22 @@ function parseLines(filePath) {
 	return readFileSync(filePath, "utf-8").split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
 }
 /**
+* Convert a .bxignore line to a glob pattern following .gitignore semantics:
+* - Leading "/" anchors to the base dir (stripped before globbing)
+* - Patterns without "/" (except trailing) match recursively via ** / prefix
+* - Patterns with "/" (non-leading, non-trailing) are relative to baseDir
+* - Trailing "/" marks directories only and doesn't count as path separator
+*/
+function toGlobPattern(line) {
+	if (line.startsWith("/")) return line.slice(1);
+	if ((line.endsWith("/") ? line.slice(0, -1) : line).includes("/")) return line;
+	return `**/${line}`;
+}
+/**
 * Apply a single .bxignore file: resolve glob patterns relative to baseDir.
 */
 function applyIgnoreFile(filePath, baseDir, ignored) {
-	for (const line of parseLines(filePath)) for (const match of globSync(line, { cwd: baseDir })) ignored.push(resolve(baseDir, match));
+	for (const line of parseLines(filePath)) for (const match of globSync(toGlobPattern(line), { cwd: baseDir })) ignored.push(resolve(baseDir, match));
 }
 /**
 * Recursively find and apply .bxignore files in a directory tree.
@@ -190,7 +209,13 @@ function collectBlockedDirs(parentDir, home, scriptDir, allowedDirs) {
 	for (const name of readdirSync(parentDir)) {
 		if (name.startsWith(".")) continue;
 		const fullPath = join(parentDir, name);
-		if (!statSync(fullPath).isDirectory()) continue;
+		let isDir;
+		try {
+			isDir = statSync(fullPath).isDirectory();
+		} catch {
+			continue;
+		}
+		if (!isDir) continue;
 		if (parentDir === home && name === "Library") continue;
 		if (scriptDir.startsWith(fullPath + "/") || scriptDir === fullPath) continue;
 		if (allowedDirs.has(fullPath)) continue;
@@ -211,7 +236,7 @@ function collectIgnoredPaths(home, workDirs) {
 	const globalIgnore = join(home, ".bxignore");
 	if (existsSync(globalIgnore)) {
 		const denyLines = parseLines(globalIgnore).filter((l) => !l.match(/^(RW|RO):/i));
-		for (const line of denyLines) for (const match of globSync(line, { cwd: home })) ignored.push(resolve(home, match));
+		for (const line of denyLines) for (const match of globSync(toGlobPattern(line), { cwd: home })) ignored.push(resolve(home, match));
 	}
 	for (const workDir of workDirs) collectIgnoreFilesRecursive(workDir, ignored);
 	return ignored;
@@ -222,7 +247,11 @@ function collectIgnoredPaths(home, workDirs) {
 function generateProfile(workDirs, blockedDirs, ignoredPaths, readOnlyDirs = []) {
 	const denyRules = blockedDirs.map((dir) => `  (subpath "${dir}")`).join("\n");
 	const ignoredRules = ignoredPaths.length > 0 ? `\n; Hidden paths from .bxignore\n(deny file*\n${ignoredPaths.map((p) => {
-		return existsSync(p) && statSync(p).isDirectory() ? `  (subpath "${p}")` : `  (literal "${p}")`;
+		let isDir = false;
+		try {
+			isDir = existsSync(p) && statSync(p).isDirectory();
+		} catch {}
+		return isDir ? `  (subpath "${p}")` : `  (literal "${p}")`;
 	}).join("\n")}\n)\n` : "";
 	const readOnlyRules = readOnlyDirs.length > 0 ? `\n; Read-only directories\n(deny file-write*\n${readOnlyDirs.map((dir) => `  (subpath "${dir}")`).join("\n")}\n)\n` : "";
 	return `; Auto-generated sandbox profile
@@ -305,6 +334,7 @@ Usage:
   bx exec [workdir...] -- command [args...]  arbitrary command
 
 Options:
+  --dry                show what will be protected, don't launch
   --verbose            print the generated sandbox profile
   --profile-sandbox    use an isolated VSCode profile (code mode only)
   -v, --version        show version
@@ -315,17 +345,30 @@ Configuration:
                          path         block access (deny)
                          rw:path      allow read-write access
                          ro:path      allow read-only access
-  <workdir>/.bxignore  blocked paths in project (supports globs, searched recursively)
+  <workdir>/.bxignore  blocked paths in project (.gitignore-style matching)
 
 https://github.com/holtwick/bx-mac`);
 	process.exit(0);
 }
-checkOwnSandbox();
-checkVSCodeTerminal();
-checkExternalSandbox();
-const { mode, workArgs, verbose, profileSandbox, execCmd } = parseArgs();
+const { mode, workArgs, verbose, dry, profileSandbox, execCmd, implicit } = parseArgs();
 const HOME = process.env.HOME;
 const WORK_DIRS = workArgs.map((a) => resolve(a));
+if (implicit && !dry) {
+	const rl = createInterface({
+		input: process.stdin,
+		output: process.stderr
+	});
+	const answer = await new Promise((res) => {
+		rl.question(`sandbox: open ${WORK_DIRS[0]} in VSCode? [Y/n] `, res);
+	});
+	rl.close();
+	if (answer && !answer.match(/^y(es)?$/i)) process.exit(0);
+}
+if (!dry) {
+	checkOwnSandbox();
+	checkVSCodeTerminal();
+	checkExternalSandbox();
+}
 checkWorkDirs(WORK_DIRS, HOME);
 if (mode === "code" && profileSandbox) setupVSCodeProfile(HOME);
 const { allowed, readOnly } = parseHomeConfig(HOME, WORK_DIRS);
@@ -335,8 +378,6 @@ const extraIgnored = ignoredPaths.length - PROTECTED_DOTDIRS.length;
 if (extraIgnored > 0) console.error(`sandbox: .bxignore hides ${extraIgnored} extra path(s)`);
 if (readOnly.size > 0) console.error(`sandbox: ${readOnly.size} read-only director${readOnly.size === 1 ? "y" : "ies"}`);
 const profile = generateProfile(WORK_DIRS, blockedDirs, ignoredPaths, [...readOnly]);
-const profilePath = join("/tmp", `bx-${process.pid}.sb`);
-writeFileSync(profilePath, profile);
 const dirLabel = WORK_DIRS.length === 1 ? WORK_DIRS[0] : `${WORK_DIRS.length} directories`;
 console.error(`sandbox: ${mode} mode, working directory: ${dirLabel}`);
 if (verbose) {
@@ -344,6 +385,54 @@ if (verbose) {
 	console.error(profile);
 	console.error("--- End of profile ---\n");
 }
+if (dry) {
+	const R = "\x1B[31m", G = "\x1B[32m", Y = "\x1B[33m", C = "\x1B[36m", D = "\x1B[2m", X = "\x1B[0m";
+	const icon = (k) => k === "read-only" ? `${Y}◉${X}` : k === "workdir" ? `${G}✔${X}` : `${R}✖${X}`;
+	const tag = (k) => `${D}${k}${X}`;
+	const root = { children: /* @__PURE__ */ new Map() };
+	function addEntry(absPath, kind, isDir) {
+		const parts = (absPath.startsWith(HOME + "/") ? absPath.slice(HOME.length + 1) : absPath).split("/");
+		let node = root;
+		for (const part of parts) {
+			if (!node.children.has(part)) node.children.set(part, { children: /* @__PURE__ */ new Map() });
+			node = node.children.get(part);
+		}
+		node.kind = kind;
+		node.isDir = isDir;
+	}
+	for (const d of blockedDirs) addEntry(d, "blocked", true);
+	for (const p of ignoredPaths) {
+		let isDir = false;
+		try {
+			isDir = statSync(p).isDirectory();
+		} catch {
+			if (p.slice(p.lastIndexOf("/") + 1).startsWith(".")) isDir = true;
+		}
+		addEntry(p, "ignored", isDir);
+	}
+	for (const d of readOnly) addEntry(d, "read-only", true);
+	for (const d of WORK_DIRS) addEntry(d, "workdir", true);
+	function printTree(node, prefix) {
+		const entries = [...node.children.entries()].sort((a, b) => a[0].localeCompare(b[0]));
+		for (let i = 0; i < entries.length; i++) {
+			const [name, child] = entries[i];
+			const last = i === entries.length - 1;
+			const connector = last ? "└── " : "├── ";
+			const pipe = last ? "    " : "│   ";
+			if (child.kind) {
+				const suffix = child.isDir ? "/" : "";
+				console.log(`${prefix}${connector}${icon(child.kind)} ${name}${suffix}  ${tag(child.kind)}`);
+			} else console.log(`${prefix}${connector}${C}${name}/${X}`);
+			if (child.children.size > 0) printTree(child, prefix + pipe);
+		}
+	}
+	console.log(`\n${C}~/${X}`);
+	printTree(root, "");
+	console.log(`\n${R}✖${X} = denied  ${Y}◉${X} = read-only  ${G}✔${X} = read-write\n`);
+	process.exit(0);
+}
+const profilePath = join("/tmp", `bx-${process.pid}.sb`);
+writeFileSync(profilePath, profile);
 const cmd = buildCommand(mode, WORK_DIRS, HOME, profileSandbox, execCmd);
 spawn("sandbox-exec", [
 	"-f",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bx-mac",
-  "version": "0.5.0",
+  "version": "0.7.0",
   "description": "Launch apps in a macOS sandbox — only the project directory is accessible",
   "type": "module",
   "bin": {
@@ -10,7 +10,10 @@
     "dist"
   ],
   "scripts": {
+    "start": "npm run build && node ./dist/bx.js",
     "build": "rolldown -c",
+    "build:native": "bun build src/index.ts --compile --outfile dist/bx-native --define \"__VERSION__=\\\"$(node -p \"require('./package.json').version\")\\\"\"",
+    "sign": "./scripts/sign.sh",
     "test": "vitest run",
     "prepublishOnly": "npm run build",
     "post:release": "./scripts/release.sh"