npm - bx-mac - Versions diffs - 0.7.0 → 0.8.2 - Mend

bx-mac 0.7.0 → 0.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/bx.js CHANGED Viewed

@@ -1,30 +1,900 @@
 #!/usr/bin/env node
-const __VERSION__ = "0.7.0";
 import { accessSync, constants, cpSync, existsSync, globSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync } from "node:fs";
-import { dirname, join, resolve } from "node:path";
-import { spawn } from "node:child_process";
+import { basename, dirname, join, resolve } from "node:path";
+import { execFileSync, spawn } from "node:child_process";
 import { createInterface } from "node:readline";
 import { fileURLToPath } from "node:url";
-import process from "node:process";
+import process$1 from "node:process";
+//#region node_modules/.pnpm/smol-toml@1.6.1/node_modules/smol-toml/dist/error.js
+/*!
+* Copyright (c) Squirrel Chat et al., All rights reserved.
+* SPDX-License-Identifier: BSD-3-Clause
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+*
+* 1. Redistributions of source code must retain the above copyright notice, this
+*    list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright notice,
+*    this list of conditions and the following disclaimer in the
+*    documentation and/or other materials provided with the distribution.
+* 3. Neither the name of the copyright holder nor the names of its contributors
+*    may be used to endorse or promote products derived from this software without
+*    specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+function getLineColFromPtr(string, ptr) {
+	let lines = string.slice(0, ptr).split(/\r\n|\n|\r/g);
+	return [lines.length, lines.pop().length + 1];
+}
+function makeCodeBlock(string, line, column) {
+	let lines = string.split(/\r\n|\n|\r/g);
+	let codeblock = "";
+	let numberLen = (Math.log10(line + 1) | 0) + 1;
+	for (let i = line - 1; i <= line + 1; i++) {
+		let l = lines[i - 1];
+		if (!l) continue;
+		codeblock += i.toString().padEnd(numberLen, " ");
+		codeblock += ":  ";
+		codeblock += l;
+		codeblock += "\n";
+		if (i === line) {
+			codeblock += " ".repeat(numberLen + column + 2);
+			codeblock += "^\n";
+		}
+	}
+	return codeblock;
+}
+var TomlError = class extends Error {
+	line;
+	column;
+	codeblock;
+	constructor(message, options) {
+		const [line, column] = getLineColFromPtr(options.toml, options.ptr);
+		const codeblock = makeCodeBlock(options.toml, line, column);
+		super(`Invalid TOML document: ${message}\n\n${codeblock}`, options);
+		this.line = line;
+		this.column = column;
+		this.codeblock = codeblock;
+	}
+};
+//#endregion
+//#region node_modules/.pnpm/smol-toml@1.6.1/node_modules/smol-toml/dist/util.js
+/*!
+* Copyright (c) Squirrel Chat et al., All rights reserved.
+* SPDX-License-Identifier: BSD-3-Clause
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+*
+* 1. Redistributions of source code must retain the above copyright notice, this
+*    list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright notice,
+*    this list of conditions and the following disclaimer in the
+*    documentation and/or other materials provided with the distribution.
+* 3. Neither the name of the copyright holder nor the names of its contributors
+*    may be used to endorse or promote products derived from this software without
+*    specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+function isEscaped(str, ptr) {
+	let i = 0;
+	while (str[ptr - ++i] === "\\");
+	return --i && i % 2;
+}
+function indexOfNewline(str, start = 0, end = str.length) {
+	let idx = str.indexOf("\n", start);
+	if (str[idx - 1] === "\r") idx--;
+	return idx <= end ? idx : -1;
+}
+function skipComment(str, ptr) {
+	for (let i = ptr; i < str.length; i++) {
+		let c = str[i];
+		if (c === "\n") return i;
+		if (c === "\r" && str[i + 1] === "\n") return i + 1;
+		if (c < " " && c !== "	" || c === "") throw new TomlError("control characters are not allowed in comments", {
+			toml: str,
+			ptr
+		});
+	}
+	return str.length;
+}
+function skipVoid(str, ptr, banNewLines, banComments) {
+	let c;
+	while (1) {
+		while ((c = str[ptr]) === " " || c === "	" || !banNewLines && (c === "\n" || c === "\r" && str[ptr + 1] === "\n")) ptr++;
+		if (banComments || c !== "#") break;
+		ptr = skipComment(str, ptr);
+	}
+	return ptr;
+}
+function skipUntil(str, ptr, sep, end, banNewLines = false) {
+	if (!end) {
+		ptr = indexOfNewline(str, ptr);
+		return ptr < 0 ? str.length : ptr;
+	}
+	for (let i = ptr; i < str.length; i++) {
+		let c = str[i];
+		if (c === "#") i = indexOfNewline(str, i);
+		else if (c === sep) return i + 1;
+		else if (c === end || banNewLines && (c === "\n" || c === "\r" && str[i + 1] === "\n")) return i;
+	}
+	throw new TomlError("cannot find end of structure", {
+		toml: str,
+		ptr
+	});
+}
+function getStringEnd(str, seek) {
+	let first = str[seek];
+	let target = first === str[seek + 1] && str[seek + 1] === str[seek + 2] ? str.slice(seek, seek + 3) : first;
+	seek += target.length - 1;
+	do
+		seek = str.indexOf(target, ++seek);
+	while (seek > -1 && first !== "'" && isEscaped(str, seek));
+	if (seek > -1) {
+		seek += target.length;
+		if (target.length > 1) {
+			if (str[seek] === first) seek++;
+			if (str[seek] === first) seek++;
+		}
+	}
+	return seek;
+}
+//#endregion
+//#region node_modules/.pnpm/smol-toml@1.6.1/node_modules/smol-toml/dist/date.js
+/*!
+* Copyright (c) Squirrel Chat et al., All rights reserved.
+* SPDX-License-Identifier: BSD-3-Clause
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+*
+* 1. Redistributions of source code must retain the above copyright notice, this
+*    list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright notice,
+*    this list of conditions and the following disclaimer in the
+*    documentation and/or other materials provided with the distribution.
+* 3. Neither the name of the copyright holder nor the names of its contributors
+*    may be used to endorse or promote products derived from this software without
+*    specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+let DATE_TIME_RE = /^(\d{4}-\d{2}-\d{2})?[T ]?(?:(\d{2}):\d{2}(?::\d{2}(?:\.\d+)?)?)?(Z|[-+]\d{2}:\d{2})?$/i;
+var TomlDate = class TomlDate extends Date {
+	#hasDate = false;
+	#hasTime = false;
+	#offset = null;
+	constructor(date) {
+		let hasDate = true;
+		let hasTime = true;
+		let offset = "Z";
+		if (typeof date === "string") {
+			let match = date.match(DATE_TIME_RE);
+			if (match) {
+				if (!match[1]) {
+					hasDate = false;
+					date = `0000-01-01T${date}`;
+				}
+				hasTime = !!match[2];
+				hasTime && date[10] === " " && (date = date.replace(" ", "T"));
+				if (match[2] && +match[2] > 23) date = "";
+				else {
+					offset = match[3] || null;
+					date = date.toUpperCase();
+					if (!offset && hasTime) date += "Z";
+				}
+			} else date = "";
+		}
+		super(date);
+		if (!isNaN(this.getTime())) {
+			this.#hasDate = hasDate;
+			this.#hasTime = hasTime;
+			this.#offset = offset;
+		}
+	}
+	isDateTime() {
+		return this.#hasDate && this.#hasTime;
+	}
+	isLocal() {
+		return !this.#hasDate || !this.#hasTime || !this.#offset;
+	}
+	isDate() {
+		return this.#hasDate && !this.#hasTime;
+	}
+	isTime() {
+		return this.#hasTime && !this.#hasDate;
+	}
+	isValid() {
+		return this.#hasDate || this.#hasTime;
+	}
+	toISOString() {
+		let iso = super.toISOString();
+		if (this.isDate()) return iso.slice(0, 10);
+		if (this.isTime()) return iso.slice(11, 23);
+		if (this.#offset === null) return iso.slice(0, -1);
+		if (this.#offset === "Z") return iso;
+		let offset = +this.#offset.slice(1, 3) * 60 + +this.#offset.slice(4, 6);
+		offset = this.#offset[0] === "-" ? offset : -offset;
+		return (/* @__PURE__ */ new Date(this.getTime() - offset * 6e4)).toISOString().slice(0, -1) + this.#offset;
+	}
+	static wrapAsOffsetDateTime(jsDate, offset = "Z") {
+		let date = new TomlDate(jsDate);
+		date.#offset = offset;
+		return date;
+	}
+	static wrapAsLocalDateTime(jsDate) {
+		let date = new TomlDate(jsDate);
+		date.#offset = null;
+		return date;
+	}
+	static wrapAsLocalDate(jsDate) {
+		let date = new TomlDate(jsDate);
+		date.#hasTime = false;
+		date.#offset = null;
+		return date;
+	}
+	static wrapAsLocalTime(jsDate) {
+		let date = new TomlDate(jsDate);
+		date.#hasDate = false;
+		date.#offset = null;
+		return date;
+	}
+};
+//#endregion
+//#region node_modules/.pnpm/smol-toml@1.6.1/node_modules/smol-toml/dist/primitive.js
+/*!
+* Copyright (c) Squirrel Chat et al., All rights reserved.
+* SPDX-License-Identifier: BSD-3-Clause
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+*
+* 1. Redistributions of source code must retain the above copyright notice, this
+*    list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright notice,
+*    this list of conditions and the following disclaimer in the
+*    documentation and/or other materials provided with the distribution.
+* 3. Neither the name of the copyright holder nor the names of its contributors
+*    may be used to endorse or promote products derived from this software without
+*    specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+let INT_REGEX = /^((0x[0-9a-fA-F](_?[0-9a-fA-F])*)|(([+-]|0[ob])?\d(_?\d)*))$/;
+let FLOAT_REGEX = /^[+-]?\d(_?\d)*(\.\d(_?\d)*)?([eE][+-]?\d(_?\d)*)?$/;
+let LEADING_ZERO = /^[+-]?0[0-9_]/;
+let ESCAPE_REGEX = /^[0-9a-f]{2,8}$/i;
+let ESC_MAP = {
+	b: "\b",
+	t: "	",
+	n: "\n",
+	f: "\f",
+	r: "\r",
+	e: "\x1B",
+	"\"": "\"",
+	"\\": "\\"
+};
+function parseString(str, ptr = 0, endPtr = str.length) {
+	let isLiteral = str[ptr] === "'";
+	let isMultiline = str[ptr++] === str[ptr] && str[ptr] === str[ptr + 1];
+	if (isMultiline) {
+		endPtr -= 2;
+		if (str[ptr += 2] === "\r") ptr++;
+		if (str[ptr] === "\n") ptr++;
+	}
+	let tmp = 0;
+	let isEscape;
+	let parsed = "";
+	let sliceStart = ptr;
+	while (ptr < endPtr - 1) {
+		let c = str[ptr++];
+		if (c === "\n" || c === "\r" && str[ptr] === "\n") {
+			if (!isMultiline) throw new TomlError("newlines are not allowed in strings", {
+				toml: str,
+				ptr: ptr - 1
+			});
+		} else if (c < " " && c !== "	" || c === "") throw new TomlError("control characters are not allowed in strings", {
+			toml: str,
+			ptr: ptr - 1
+		});
+		if (isEscape) {
+			isEscape = false;
+			if (c === "x" || c === "u" || c === "U") {
+				let code = str.slice(ptr, ptr += c === "x" ? 2 : c === "u" ? 4 : 8);
+				if (!ESCAPE_REGEX.test(code)) throw new TomlError("invalid unicode escape", {
+					toml: str,
+					ptr: tmp
+				});
+				try {
+					parsed += String.fromCodePoint(parseInt(code, 16));
+				} catch {
+					throw new TomlError("invalid unicode escape", {
+						toml: str,
+						ptr: tmp
+					});
+				}
+			} else if (isMultiline && (c === "\n" || c === " " || c === "	" || c === "\r")) {
+				ptr = skipVoid(str, ptr - 1, true);
+				if (str[ptr] !== "\n" && str[ptr] !== "\r") throw new TomlError("invalid escape: only line-ending whitespace may be escaped", {
+					toml: str,
+					ptr: tmp
+				});
+				ptr = skipVoid(str, ptr);
+			} else if (c in ESC_MAP) parsed += ESC_MAP[c];
+			else throw new TomlError("unrecognized escape sequence", {
+				toml: str,
+				ptr: tmp
+			});
+			sliceStart = ptr;
+		} else if (!isLiteral && c === "\\") {
+			tmp = ptr - 1;
+			isEscape = true;
+			parsed += str.slice(sliceStart, tmp);
+		}
+	}
+	return parsed + str.slice(sliceStart, endPtr - 1);
+}
+function parseValue(value, toml, ptr, integersAsBigInt) {
+	if (value === "true") return true;
+	if (value === "false") return false;
+	if (value === "-inf") return -Infinity;
+	if (value === "inf" || value === "+inf") return Infinity;
+	if (value === "nan" || value === "+nan" || value === "-nan") return NaN;
+	if (value === "-0") return integersAsBigInt ? 0n : 0;
+	let isInt = INT_REGEX.test(value);
+	if (isInt || FLOAT_REGEX.test(value)) {
+		if (LEADING_ZERO.test(value)) throw new TomlError("leading zeroes are not allowed", {
+			toml,
+			ptr
+		});
+		value = value.replace(/_/g, "");
+		let numeric = +value;
+		if (isNaN(numeric)) throw new TomlError("invalid number", {
+			toml,
+			ptr
+		});
+		if (isInt) {
+			if ((isInt = !Number.isSafeInteger(numeric)) && !integersAsBigInt) throw new TomlError("integer value cannot be represented losslessly", {
+				toml,
+				ptr
+			});
+			if (isInt || integersAsBigInt === true) numeric = BigInt(value);
+		}
+		return numeric;
+	}
+	const date = new TomlDate(value);
+	if (!date.isValid()) throw new TomlError("invalid value", {
+		toml,
+		ptr
+	});
+	return date;
+}
+//#endregion
+//#region node_modules/.pnpm/smol-toml@1.6.1/node_modules/smol-toml/dist/extract.js
+/*!
+* Copyright (c) Squirrel Chat et al., All rights reserved.
+* SPDX-License-Identifier: BSD-3-Clause
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+*
+* 1. Redistributions of source code must retain the above copyright notice, this
+*    list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright notice,
+*    this list of conditions and the following disclaimer in the
+*    documentation and/or other materials provided with the distribution.
+* 3. Neither the name of the copyright holder nor the names of its contributors
+*    may be used to endorse or promote products derived from this software without
+*    specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+function sliceAndTrimEndOf(str, startPtr, endPtr) {
+	let value = str.slice(startPtr, endPtr);
+	let commentIdx = value.indexOf("#");
+	if (commentIdx > -1) {
+		skipComment(str, commentIdx);
+		value = value.slice(0, commentIdx);
+	}
+	return [value.trimEnd(), commentIdx];
+}
+function extractValue(str, ptr, end, depth, integersAsBigInt) {
+	if (depth === 0) throw new TomlError("document contains excessively nested structures. aborting.", {
+		toml: str,
+		ptr
+	});
+	let c = str[ptr];
+	if (c === "[" || c === "{") {
+		let [value, endPtr] = c === "[" ? parseArray(str, ptr, depth, integersAsBigInt) : parseInlineTable(str, ptr, depth, integersAsBigInt);
+		if (end) {
+			endPtr = skipVoid(str, endPtr);
+			if (str[endPtr] === ",") endPtr++;
+			else if (str[endPtr] !== end) throw new TomlError("expected comma or end of structure", {
+				toml: str,
+				ptr: endPtr
+			});
+		}
+		return [value, endPtr];
+	}
+	let endPtr;
+	if (c === "\"" || c === "'") {
+		endPtr = getStringEnd(str, ptr);
+		let parsed = parseString(str, ptr, endPtr);
+		if (end) {
+			endPtr = skipVoid(str, endPtr);
+			if (str[endPtr] && str[endPtr] !== "," && str[endPtr] !== end && str[endPtr] !== "\n" && str[endPtr] !== "\r") throw new TomlError("unexpected character encountered", {
+				toml: str,
+				ptr: endPtr
+			});
+			endPtr += +(str[endPtr] === ",");
+		}
+		return [parsed, endPtr];
+	}
+	endPtr = skipUntil(str, ptr, ",", end);
+	let slice = sliceAndTrimEndOf(str, ptr, endPtr - +(str[endPtr - 1] === ","));
+	if (!slice[0]) throw new TomlError("incomplete key-value declaration: no value specified", {
+		toml: str,
+		ptr
+	});
+	if (end && slice[1] > -1) {
+		endPtr = skipVoid(str, ptr + slice[1]);
+		endPtr += +(str[endPtr] === ",");
+	}
+	return [parseValue(slice[0], str, ptr, integersAsBigInt), endPtr];
+}
+//#endregion
+//#region node_modules/.pnpm/smol-toml@1.6.1/node_modules/smol-toml/dist/struct.js
+/*!
+* Copyright (c) Squirrel Chat et al., All rights reserved.
+* SPDX-License-Identifier: BSD-3-Clause
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+*
+* 1. Redistributions of source code must retain the above copyright notice, this
+*    list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright notice,
+*    this list of conditions and the following disclaimer in the
+*    documentation and/or other materials provided with the distribution.
+* 3. Neither the name of the copyright holder nor the names of its contributors
+*    may be used to endorse or promote products derived from this software without
+*    specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+let KEY_PART_RE = /^[a-zA-Z0-9-_]+[ \t]*$/;
+function parseKey(str, ptr, end = "=") {
+	let dot = ptr - 1;
+	let parsed = [];
+	let endPtr = str.indexOf(end, ptr);
+	if (endPtr < 0) throw new TomlError("incomplete key-value: cannot find end of key", {
+		toml: str,
+		ptr
+	});
+	do {
+		let c = str[ptr = ++dot];
+		if (c !== " " && c !== "	") if (c === "\"" || c === "'") {
+			if (c === str[ptr + 1] && c === str[ptr + 2]) throw new TomlError("multiline strings are not allowed in keys", {
+				toml: str,
+				ptr
+			});
+			let eos = getStringEnd(str, ptr);
+			if (eos < 0) throw new TomlError("unfinished string encountered", {
+				toml: str,
+				ptr
+			});
+			dot = str.indexOf(".", eos);
+			let strEnd = str.slice(eos, dot < 0 || dot > endPtr ? endPtr : dot);
+			let newLine = indexOfNewline(strEnd);
+			if (newLine > -1) throw new TomlError("newlines are not allowed in keys", {
+				toml: str,
+				ptr: ptr + dot + newLine
+			});
+			if (strEnd.trimStart()) throw new TomlError("found extra tokens after the string part", {
+				toml: str,
+				ptr: eos
+			});
+			if (endPtr < eos) {
+				endPtr = str.indexOf(end, eos);
+				if (endPtr < 0) throw new TomlError("incomplete key-value: cannot find end of key", {
+					toml: str,
+					ptr
+				});
+			}
+			parsed.push(parseString(str, ptr, eos));
+		} else {
+			dot = str.indexOf(".", ptr);
+			let part = str.slice(ptr, dot < 0 || dot > endPtr ? endPtr : dot);
+			if (!KEY_PART_RE.test(part)) throw new TomlError("only letter, numbers, dashes and underscores are allowed in keys", {
+				toml: str,
+				ptr
+			});
+			parsed.push(part.trimEnd());
+		}
+	} while (dot + 1 && dot < endPtr);
+	return [parsed, skipVoid(str, endPtr + 1, true, true)];
+}
+function parseInlineTable(str, ptr, depth, integersAsBigInt) {
+	let res = {};
+	let seen = /* @__PURE__ */ new Set();
+	let c;
+	ptr++;
+	while ((c = str[ptr++]) !== "}" && c) if (c === ",") throw new TomlError("expected value, found comma", {
+		toml: str,
+		ptr: ptr - 1
+	});
+	else if (c === "#") ptr = skipComment(str, ptr);
+	else if (c !== " " && c !== "	" && c !== "\n" && c !== "\r") {
+		let k;
+		let t = res;
+		let hasOwn = false;
+		let [key, keyEndPtr] = parseKey(str, ptr - 1);
+		for (let i = 0; i < key.length; i++) {
+			if (i) t = hasOwn ? t[k] : t[k] = {};
+			k = key[i];
+			if ((hasOwn = Object.hasOwn(t, k)) && (typeof t[k] !== "object" || seen.has(t[k]))) throw new TomlError("trying to redefine an already defined value", {
+				toml: str,
+				ptr
+			});
+			if (!hasOwn && k === "__proto__") Object.defineProperty(t, k, {
+				enumerable: true,
+				configurable: true,
+				writable: true
+			});
+		}
+		if (hasOwn) throw new TomlError("trying to redefine an already defined value", {
+			toml: str,
+			ptr
+		});
+		let [value, valueEndPtr] = extractValue(str, keyEndPtr, "}", depth - 1, integersAsBigInt);
+		seen.add(value);
+		t[k] = value;
+		ptr = valueEndPtr;
+	}
+	if (!c) throw new TomlError("unfinished table encountered", {
+		toml: str,
+		ptr
+	});
+	return [res, ptr];
+}
+function parseArray(str, ptr, depth, integersAsBigInt) {
+	let res = [];
+	let c;
+	ptr++;
+	while ((c = str[ptr++]) !== "]" && c) if (c === ",") throw new TomlError("expected value, found comma", {
+		toml: str,
+		ptr: ptr - 1
+	});
+	else if (c === "#") ptr = skipComment(str, ptr);
+	else if (c !== " " && c !== "	" && c !== "\n" && c !== "\r") {
+		let e = extractValue(str, ptr - 1, "]", depth - 1, integersAsBigInt);
+		res.push(e[0]);
+		ptr = e[1];
+	}
+	if (!c) throw new TomlError("unfinished array encountered", {
+		toml: str,
+		ptr
+	});
+	return [res, ptr];
+}
+//#endregion
+//#region node_modules/.pnpm/smol-toml@1.6.1/node_modules/smol-toml/dist/parse.js
+/*!
+* Copyright (c) Squirrel Chat et al., All rights reserved.
+* SPDX-License-Identifier: BSD-3-Clause
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+*
+* 1. Redistributions of source code must retain the above copyright notice, this
+*    list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright notice,
+*    this list of conditions and the following disclaimer in the
+*    documentation and/or other materials provided with the distribution.
+* 3. Neither the name of the copyright holder nor the names of its contributors
+*    may be used to endorse or promote products derived from this software without
+*    specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+function peekTable(key, table, meta, type) {
+	let t = table;
+	let m = meta;
+	let k;
+	let hasOwn = false;
+	let state;
+	for (let i = 0; i < key.length; i++) {
+		if (i) {
+			t = hasOwn ? t[k] : t[k] = {};
+			m = (state = m[k]).c;
+			if (type === 0 && (state.t === 1 || state.t === 2)) return null;
+			if (state.t === 2) {
+				let l = t.length - 1;
+				t = t[l];
+				m = m[l].c;
+			}
+		}
+		k = key[i];
+		if ((hasOwn = Object.hasOwn(t, k)) && m[k]?.t === 0 && m[k]?.d) return null;
+		if (!hasOwn) {
+			if (k === "__proto__") {
+				Object.defineProperty(t, k, {
+					enumerable: true,
+					configurable: true,
+					writable: true
+				});
+				Object.defineProperty(m, k, {
+					enumerable: true,
+					configurable: true,
+					writable: true
+				});
+			}
+			m[k] = {
+				t: i < key.length - 1 && type === 2 ? 3 : type,
+				d: false,
+				i: 0,
+				c: {}
+			};
+		}
+	}
+	state = m[k];
+	if (state.t !== type && !(type === 1 && state.t === 3)) return null;
+	if (type === 2) {
+		if (!state.d) {
+			state.d = true;
+			t[k] = [];
+		}
+		t[k].push(t = {});
+		state.c[state.i++] = state = {
+			t: 1,
+			d: false,
+			i: 0,
+			c: {}
+		};
+	}
+	if (state.d) return null;
+	state.d = true;
+	if (type === 1) t = hasOwn ? t[k] : t[k] = {};
+	else if (type === 0 && hasOwn) return null;
+	return [
+		k,
+		t,
+		state.c
+	];
+}
+function parse(toml, { maxDepth = 1e3, integersAsBigInt } = {}) {
+	let res = {};
+	let meta = {};
+	let tbl = res;
+	let m = meta;
+	for (let ptr = skipVoid(toml, 0); ptr < toml.length;) {
+		if (toml[ptr] === "[") {
+			let isTableArray = toml[++ptr] === "[";
+			let k = parseKey(toml, ptr += +isTableArray, "]");
+			if (isTableArray) {
+				if (toml[k[1] - 1] !== "]") throw new TomlError("expected end of table declaration", {
+					toml,
+					ptr: k[1] - 1
+				});
+				k[1]++;
+			}
+			let p = peekTable(k[0], res, meta, isTableArray ? 2 : 1);
+			if (!p) throw new TomlError("trying to redefine an already defined table or value", {
+				toml,
+				ptr
+			});
+			m = p[2];
+			tbl = p[1];
+			ptr = k[1];
+		} else {
+			let k = parseKey(toml, ptr);
+			let p = peekTable(k[0], tbl, m, 0);
+			if (!p) throw new TomlError("trying to redefine an already defined table or value", {
+				toml,
+				ptr
+			});
+			let v = extractValue(toml, k[1], void 0, maxDepth, integersAsBigInt);
+			p[1][p[0]] = v[0];
+			ptr = v[1];
+		}
+		ptr = skipVoid(toml, ptr, true);
+		if (toml[ptr] && toml[ptr] !== "\n" && toml[ptr] !== "\r") throw new TomlError("each key-value declaration must be followed by an end-of-line", {
+			toml,
+			ptr
+		});
+		ptr = skipVoid(toml, ptr);
+	}
+	return res;
+}
+//#endregion
+//#region src/fmt.ts
+const DIM$1 = "\x1B[2m";
+const RESET$1 = "\x1B[0m";
+const PREFIX = `[36mbx${RESET$1}`;
+const fmt = {
+	info: (msg) => `🔒 ${PREFIX} · ${msg}`,
+	warn: (msg) => `⚠️  ${PREFIX} · ${msg}`,
+	error: (msg) => `🚫 ${PREFIX} · ${msg}`,
+	detail: (msg) => `   ${DIM$1}${msg}${RESET$1}`
+};
+//#endregion
+//#region src/config.ts
+/** Built-in app definitions — always available, can be overridden via config */
+const BUILTIN_APPS = {
+	code: {
+		bundle: "com.microsoft.VSCode",
+		binary: "Contents/MacOS/Electron",
+		fallback: "/Applications/Visual Studio Code.app/Contents/MacOS/Electron",
+		args: ["--no-sandbox"]
+	},
+	xcode: {
+		bundle: "com.apple.dt.Xcode",
+		binary: "Contents/MacOS/Xcode",
+		fallback: "/Applications/Xcode.app/Contents/MacOS/Xcode"
+	}
+};
+/** Shell-only built-in modes that are not app definitions */
+const BUILTIN_MODES = [
+	"term",
+	"claude",
+	"exec"
+];
+/**
+* Load and parse ~/.bxconfig.toml. Returns empty apps if file missing or invalid.
+*/
+function loadConfig(home) {
+	const configPath = join(home, ".bxconfig.toml");
+	if (!existsSync(configPath)) return { apps: {} };
+	try {
+		const doc = parse(readFileSync(configPath, "utf-8"));
+		const apps = {};
+		if (doc.apps && typeof doc.apps === "object") for (const [name, def] of Object.entries(doc.apps)) apps[name] = {
+			bundle: typeof def.bundle === "string" ? def.bundle : void 0,
+			binary: typeof def.binary === "string" ? def.binary : void 0,
+			path: typeof def.path === "string" ? def.path : void 0,
+			fallback: typeof def.fallback === "string" ? def.fallback : void 0,
+			args: Array.isArray(def.args) ? def.args.filter((a) => typeof a === "string") : void 0,
+			passWorkdirs: typeof def.passWorkdirs === "boolean" ? def.passWorkdirs : void 0,
+			workdirs: Array.isArray(def.workdirs) ? def.workdirs.filter((a) => typeof a === "string") : void 0
+		};
+		return { apps };
+	} catch (err) {
+		console.error(`\n${fmt.warn(`failed to parse ${configPath}: ${err instanceof Error ? err.message : err}`)}`);
+		return { apps: {} };
+	}
+}
+/**
+* Merge built-in apps with user config (config wins on conflict).
+*/
+function getAvailableApps(config) {
+	const merged = {};
+	for (const [name, def] of Object.entries(BUILTIN_APPS)) merged[name] = { ...def };
+	for (const [name, def] of Object.entries(config.apps)) if (merged[name]) merged[name] = {
+		...merged[name],
+		...stripUndefined(def)
+	};
+	else merged[name] = def;
+	return merged;
+}
+function stripUndefined(obj) {
+	const result = {};
+	for (const [k, v] of Object.entries(obj)) if (v !== void 0) result[k] = v;
+	return result;
+}
+/**
+* Get all valid mode names (builtin modes + app names).
+*/
+function getValidModes(apps) {
+	return [...BUILTIN_MODES, ...Object.keys(apps)];
+}
+/**
+* Resolve an AppDefinition to an executable path.
+* Resolution chain: path (explicit) → mdfind + binary → fallback
+*/
+function resolveAppPath(app) {
+	if (app.path) {
+		if (existsSync(app.path)) return app.path;
+		console.error(`\n${fmt.warn(`configured path not found: ${app.path}`)}`);
+	}
+	if (app.bundle) try {
+		const appPath = execFileSync("mdfind", [`kMDItemCFBundleIdentifier == '${app.bundle.replace(/'/g, "'\\''")}'`], {
+			encoding: "utf-8",
+			timeout: 5e3
+		}).trim().split("\n")[0];
+		if (appPath) if (app.binary) {
+			const fullPath = join(appPath, app.binary);
+			if (existsSync(fullPath)) return fullPath;
+		} else return appPath;
+	} catch {}
+	if (app.fallback && existsSync(app.fallback)) return app.fallback;
+	return null;
+}
+//#endregion
 //#region src/guards.ts
 /**
 * Abort if we're already inside a bx sandbox (env var set by us).
 */
 function checkOwnSandbox() {
-	if (process.env.CODEBOX_SANDBOX === "1") {
-		console.error("sandbox: ERROR — already running inside a bx sandbox.");
-		console.error("sandbox: Nesting sandbox-exec causes silent failures. Aborting.");
-		process.exit(1);
+	if (process$1.env.CODEBOX_SANDBOX === "1") {
+		console.error(`\n${fmt.error("already running inside a bx sandbox")}`);
+		console.error(fmt.detail("nesting sandbox-exec causes silent failures\n"));
+		process$1.exit(1);
 	}
 }
 /**
 * Warn if launched from inside a VSCode terminal.
 */
 function checkVSCodeTerminal() {
-	if (process.env.VSCODE_PID) {
-		console.error("sandbox: WARNING — running from inside a VSCode terminal.");
-		console.error("sandbox: This will launch a *new* instance in a sandbox.");
-		console.error("sandbox: The current VSCode instance will NOT be sandboxed.");
+	if (process$1.env.VSCODE_PID) {
+		console.error(`\n${fmt.warn("running from inside a VSCode terminal")}`);
+		console.error(fmt.detail("this will launch a *new* instance in a sandbox"));
+		console.error(fmt.detail("the current VSCode instance will NOT be sandboxed"));
 	}
 }
 /**
@@ -33,18 +903,50 @@ function checkVSCodeTerminal() {
 function checkWorkDirs(workDirs, home) {
 	for (const dir of workDirs) {
 		if (dir === home) {
-			console.error("sandbox: ERROR — working directory cannot be $HOME itself.");
-			console.error("sandbox: Sandboxing your entire home directory is not supported. Aborting.");
-			process.exit(1);
+			console.error(`\n${fmt.error("working directory cannot be $HOME itself")}`);
+			console.error(fmt.detail("sandboxing your entire home directory is not supported\n"));
+			process$1.exit(1);
 		}
 		if (!dir.startsWith(home + "/")) {
-			console.error(`sandbox: ERROR — working directory is outside $HOME: ${dir}`);
-			console.error("sandbox: Only directories inside $HOME are supported. Aborting.");
-			process.exit(1);
+			console.error(`\n${fmt.error(`working directory is outside $HOME: ${dir}`)}`);
+			console.error(fmt.detail("only directories inside $HOME are supported\n"));
+			process$1.exit(1);
 		}
 	}
 }
 /**
+* Warn if the target app is already running — the new workspace will open
+* in the existing (unsandboxed) instance, bypassing our sandbox profile.
+*/
+async function checkAppAlreadyRunning(mode, apps) {
+	if (BUILTIN_MODES.includes(mode)) return;
+	const app = apps[mode];
+	if (!app?.bundle) return;
+	let running = false;
+	try {
+		running = execFileSync("lsappinfo", ["list"], {
+			encoding: "utf-8",
+			timeout: 3e3
+		}).includes(`bundleID="${app.bundle}"`);
+	} catch {
+		return;
+	}
+	if (!running) return;
+	console.error(`\n${fmt.warn(`"${mode}" is already running`)}`);
+	console.error(fmt.detail("the workspace will open in the EXISTING instance — sandbox will NOT apply"));
+	if (mode === "code") console.error(fmt.detail("quit the app first, or use --profile-sandbox for an isolated instance"));
+	else console.error(fmt.detail("quit the app first to ensure sandbox protection"));
+	const rl = createInterface({
+		input: process$1.stdin,
+		output: process$1.stderr
+	});
+	const answer = await new Promise((res) => {
+		rl.question(`   continue without sandbox? [y/N] `, res);
+	});
+	rl.close();
+	if (!answer.match(/^y(es)?$/i)) process$1.exit(0);
+}
+/**
 * Detect if we're inside an unknown sandbox by probing well-known
 * directories that exist on every Mac but would be blocked.
 */
@@ -54,49 +956,48 @@ function checkExternalSandbox() {
 		"Desktop",
 		"Downloads"
 	]) {
-		const target = join(process.env.HOME, dir);
+		const target = join(process$1.env.HOME, dir);
 		try {
 			accessSync(target, constants.R_OK);
 		} catch (e) {
 			if (e.code === "EPERM") {
-				console.error("sandbox: ERROR — already running inside a sandbox!");
-				console.error("sandbox: Nesting sandbox-exec may cause silent failures. Aborting.");
-				process.exit(1);
+				console.error(`\n${fmt.error("already running inside a sandbox")}`);
+				console.error(fmt.detail("nesting sandbox-exec may cause silent failures\n"));
+				process$1.exit(1);
 			}
 		}
 	}
 }
 //#endregion
 //#region src/args.ts
-const MODES = [
-	"code",
-	"term",
-	"claude",
-	"exec"
-];
-function parseArgs() {
-	const rawArgs = process.argv.slice(2);
+/**
+* Parse CLI arguments. `validModes` is the list of recognized mode names
+* (builtin modes + app names from config).
+*/
+function parseArgs(validModes) {
+	const rawArgs = process$1.argv.slice(2);
 	const verbose = rawArgs.includes("--verbose");
 	const dry = rawArgs.includes("--dry");
 	const profileSandbox = rawArgs.includes("--profile-sandbox");
 	const positional = rawArgs.filter((a) => !a.startsWith("--"));
 	const doubleDashIdx = rawArgs.indexOf("--");
-	const execCmd = doubleDashIdx >= 0 ? rawArgs.slice(doubleDashIdx + 1) : [];
+	const appArgs = doubleDashIdx >= 0 ? rawArgs.slice(doubleDashIdx + 1) : [];
 	const beforeDash = doubleDashIdx >= 0 ? rawArgs.slice(0, doubleDashIdx).filter((a) => !a.startsWith("--")) : positional;
 	let mode = "code";
 	let workArgs;
-	let explicit = false;
-	if (beforeDash.length > 0 && MODES.includes(beforeDash[0])) {
+	let implicitWorkdirs = false;
+	if (beforeDash.length > 0 && validModes.includes(beforeDash[0])) {
 		mode = beforeDash[0];
 		workArgs = beforeDash.slice(1);
-		explicit = true;
 	} else workArgs = beforeDash;
-	if (workArgs.length === 0) workArgs = ["."];
-	else explicit = true;
-	if (mode === "exec" && execCmd.length === 0) {
-		console.error("sandbox: exec mode requires a command after \"--\"");
-		console.error("usage: bx exec [workdir...] -- command [args...]");
-		process.exit(1);
+	if (workArgs.length === 0) {
+		workArgs = ["."];
+		implicitWorkdirs = true;
+	}
+	if (mode === "exec" && appArgs.length === 0) {
+		console.error(`\n${fmt.error("exec mode requires a command after \"--\"")}`);
+		console.error(fmt.detail("usage: bx exec [workdir...] -- command [args...]\n"));
+		process$1.exit(1);
 	}
 	return {
 		mode,
@@ -104,8 +1005,8 @@ function parseArgs() {
 		verbose,
 		dry,
 		profileSandbox,
-		execCmd,
-		implicit: !explicit
+		appArgs,
+		implicit: implicitWorkdirs
 	};
 }
 //#endregion
@@ -120,34 +1021,29 @@ const PROTECTED_DOTDIRS = [
 	".gradle",
 	".gem"
 ];
-/**
-* Parse a config file with one entry per line (supports # comments).
-*/
 function parseLines(filePath) {
 	if (!existsSync(filePath)) return [];
 	return readFileSync(filePath, "utf-8").split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
 }
 /**
-* Convert a .bxignore line to a glob pattern following .gitignore semantics:
-* - Leading "/" anchors to the base dir (stripped before globbing)
-* - Patterns without "/" (except trailing) match recursively via ** / prefix
-* - Patterns with "/" (non-leading, non-trailing) are relative to baseDir
-* - Trailing "/" marks directories only and doesn't count as path separator
+* Convert a .bxignore line to a glob pattern (.gitignore semantics):
+*
+*   "/foo"       → anchored to base dir       → "foo"
+*   "foo/bar"    → relative path, use as-is    → "foo/bar"
+*   "foo"        → no slash, match recursively → "** /foo"
+*   "secrets/"   → trailing slash = dir marker, still recursive
 */
 function toGlobPattern(line) {
 	if (line.startsWith("/")) return line.slice(1);
 	if ((line.endsWith("/") ? line.slice(0, -1) : line).includes("/")) return line;
 	return `**/${line}`;
 }
-/**
-* Apply a single .bxignore file: resolve glob patterns relative to baseDir.
-*/
+function resolveGlobMatches(pattern, baseDir) {
+	return globSync(toGlobPattern(pattern), { cwd: baseDir }).map((match) => resolve(baseDir, match));
+}
 function applyIgnoreFile(filePath, baseDir, ignored) {
-	for (const line of parseLines(filePath)) for (const match of globSync(toGlobPattern(line), { cwd: baseDir })) ignored.push(resolve(baseDir, match));
+	for (const line of parseLines(filePath)) ignored.push(...resolveGlobMatches(line, baseDir));
 }
-/**
-* Recursively find and apply .bxignore files in a directory tree.
-*/
 function collectIgnoreFilesRecursive(dir, ignored) {
 	const ignoreFile = join(dir, ".bxignore");
 	if (existsSync(ignoreFile)) applyIgnoreFile(ignoreFile, dir, ignored);
@@ -165,11 +1061,7 @@ function collectIgnoreFilesRecursive(dir, ignored) {
 		} catch {}
 	}
 }
-/**
-* Parse ~/.bxignore for RW:/RO: prefixed lines and return allowed directories.
-* Lines without prefix are ignored here (handled by collectIgnoredPaths).
-* Also checks for deprecated ~/.bxallow and migrates its entries.
-*/
+const ACCESS_PREFIX_RE = /^(RW|RO):(.+)$/i;
 function parseHomeConfig(home, workDirs) {
 	const allowed = new Set(workDirs);
 	const readOnly = /* @__PURE__ */ new Set();
@@ -182,17 +1074,12 @@ function parseHomeConfig(home, workDirs) {
 		}
 	}
 	for (const line of parseLines(join(home, ".bxignore"))) {
-		let prefix = "";
-		let path = line;
-		const match = line.match(/^(RW|RO):(.+)$/i);
-		if (match) {
-			prefix = match[1].toUpperCase();
-			path = match[2].trim();
-		}
-		if (!prefix) continue;
-		const absolute = resolve(home, path);
+		const match = line.match(ACCESS_PREFIX_RE);
+		if (!match) continue;
+		const [, prefix, rawPath] = match;
+		const absolute = resolve(home, rawPath.trim());
 		if (!existsSync(absolute) || !statSync(absolute).isDirectory()) continue;
-		if (prefix === "RW") allowed.add(absolute);
+		if (prefix.toUpperCase() === "RW") allowed.add(absolute);
 		else readOnly.add(absolute);
 	}
 	return {
@@ -200,10 +1087,12 @@ function parseHomeConfig(home, workDirs) {
 		readOnly
 	};
 }
-/**
-* Recursively collect directories to block under parentDir.
-* Never blocks a parent of an allowed path — instead descends and blocks siblings.
-*/
+function isAllowedOrAncestor(fullPath, allowedDirs) {
+	if (allowedDirs.has(fullPath)) return "allowed";
+	const prefix = fullPath + "/";
+	for (const dir of allowedDirs) if (dir.startsWith(prefix)) return "ancestor";
+	return "none";
+}
 function collectBlockedDirs(parentDir, home, scriptDir, allowedDirs) {
 	const blocked = [];
 	for (const name of readdirSync(parentDir)) {
@@ -218,8 +1107,9 @@ function collectBlockedDirs(parentDir, home, scriptDir, allowedDirs) {
 		if (!isDir) continue;
 		if (parentDir === home && name === "Library") continue;
 		if (scriptDir.startsWith(fullPath + "/") || scriptDir === fullPath) continue;
-		if (allowedDirs.has(fullPath)) continue;
-		if ([...allowedDirs].some((d) => d.startsWith(fullPath + "/"))) {
+		const status = isAllowedOrAncestor(fullPath, allowedDirs);
+		if (status === "allowed") continue;
+		if (status === "ancestor") {
 			blocked.push(...collectBlockedDirs(fullPath, home, scriptDir, allowedDirs));
 			continue;
 		}
@@ -227,82 +1117,92 @@ function collectBlockedDirs(parentDir, home, scriptDir, allowedDirs) {
 	}
 	return blocked;
 }
-/**
-* Collect paths to deny from .bxignore files and built-in protected dotdirs.
-* Searches ~/.bxignore (skipping RW:/RO: lines) and recursively through all workdirs.
-*/
 function collectIgnoredPaths(home, workDirs) {
 	const ignored = PROTECTED_DOTDIRS.map((d) => join(home, d));
 	const globalIgnore = join(home, ".bxignore");
 	if (existsSync(globalIgnore)) {
-		const denyLines = parseLines(globalIgnore).filter((l) => !l.match(/^(RW|RO):/i));
-		for (const line of denyLines) for (const match of globSync(toGlobPattern(line), { cwd: home })) ignored.push(resolve(home, match));
+		const denyLines = parseLines(globalIgnore).filter((l) => !ACCESS_PREFIX_RE.test(l));
+		for (const line of denyLines) ignored.push(...resolveGlobMatches(line, home));
 	}
 	for (const workDir of workDirs) collectIgnoreFilesRecursive(workDir, ignored);
 	return ignored;
 }
-/**
-* Generate the SBPL sandbox profile string.
-*/
+function sbplEscape(path) {
+	return path.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
+}
+function sbplSubpath(path) {
+	return `  (subpath "${sbplEscape(path)}")`;
+}
+function sbplLiteral(path) {
+	return `  (literal "${sbplEscape(path)}")`;
+}
+function sbplPathRule(path) {
+	let isDir = false;
+	try {
+		isDir = existsSync(path) && statSync(path).isDirectory();
+	} catch {}
+	return isDir ? sbplSubpath(path) : sbplLiteral(path);
+}
+function sbplDenyBlock(comment, verb, rules) {
+	if (rules.length === 0) return "";
+	return `\n; ${comment}\n(deny ${verb}\n${rules.join("\n")}\n)\n`;
+}
 function generateProfile(workDirs, blockedDirs, ignoredPaths, readOnlyDirs = []) {
-	const denyRules = blockedDirs.map((dir) => `  (subpath "${dir}")`).join("\n");
-	const ignoredRules = ignoredPaths.length > 0 ? `\n; Hidden paths from .bxignore\n(deny file*\n${ignoredPaths.map((p) => {
-		let isDir = false;
-		try {
-			isDir = existsSync(p) && statSync(p).isDirectory();
-		} catch {}
-		return isDir ? `  (subpath "${p}")` : `  (literal "${p}")`;
-	}).join("\n")}\n)\n` : "";
-	const readOnlyRules = readOnlyDirs.length > 0 ? `\n; Read-only directories\n(deny file-write*\n${readOnlyDirs.map((dir) => `  (subpath "${dir}")`).join("\n")}\n)\n` : "";
+	const blockedRules = sbplDenyBlock("Blocked directories (auto-generated from $HOME contents)", "file*", blockedDirs.map(sbplSubpath));
+	const ignoredRules = sbplDenyBlock("Hidden paths from .bxignore", "file*", ignoredPaths.map(sbplPathRule));
+	const readOnlyRules = sbplDenyBlock("Read-only directories", "file-write*", readOnlyDirs.map(sbplSubpath));
 	return `; Auto-generated sandbox profile
 ; Working directories: ${workDirs.join(", ")}
 (version 1)
 (allow default)
-; Blocked directories (auto-generated from $HOME contents)
-(deny file*
-${denyRules}
-)
-${ignoredRules}${readOnlyRules}
+${blockedRules}${ignoredRules}${readOnlyRules}
 `;
 }
 //#endregion
 //#region src/modes.ts
-const VSCODE_APP = "/Applications/Visual Studio Code.app/Contents/MacOS/Electron";
-/**
-* Prepare VSCode isolated profile if --profile-sandbox is set.
-*/
+function isBuiltinMode(mode) {
+	return BUILTIN_MODES.includes(mode);
+}
+function shouldPassWorkdirs(app, mode) {
+	if (typeof app.passWorkdirs === "boolean") return app.passWorkdirs;
+	return mode !== "xcode";
+}
+function appBundleFromPath(path) {
+	if (path.endsWith(".app")) return path;
+	const idx = path.indexOf(".app/");
+	if (idx < 0) return null;
+	return path.slice(0, idx + 4);
+}
+function executableFromBundle(bundlePath, app) {
+	if (!bundlePath.endsWith(".app")) return bundlePath;
+	if (app.binary) return join(bundlePath, app.binary);
+	return join(bundlePath, "Contents", "MacOS", basename(bundlePath, ".app"));
+}
+const SANDBOX_KEY = "com.apple.security.app-sandbox";
+function hasAppSandboxEntitlement(entitlements) {
+	if (new RegExp(`<key>\\s*${SANDBOX_KEY.replace(/\./g, "\\.")}\\s*</key>\\s*<true\\s*/>`, "i").test(entitlements)) return true;
+	if (new RegExp(`<key>\\s*${SANDBOX_KEY.replace(/\./g, "\\.")}\\s*</key>\\s*<false\\s*/>`, "i").test(entitlements)) return false;
+	return new RegExp(`${SANDBOX_KEY.replace(/\./g, "\\.")}\\s*[=:]\\s*(1|true)`, "i").test(entitlements);
+}
 function setupVSCodeProfile(home) {
 	const dataDir = join(home, ".vscode-sandbox");
 	const globalExt = join(home, ".vscode", "extensions");
 	const localExt = join(dataDir, "extensions");
 	mkdirSync(dataDir, { recursive: true });
 	if (!existsSync(localExt) && existsSync(globalExt)) {
-		console.error("sandbox: copying extensions from global install...");
+		console.error(fmt.detail("copying extensions from global install..."));
 		cpSync(globalExt, localExt, { recursive: true });
 	}
 }
-/**
-* Build the command + args to run inside the sandbox for the given mode.
-*/
-function buildCommand(mode, workDirs, home, profileSandbox, execCmd) {
+function buildCommand(mode, workDirs, home, profileSandbox, appArgs, apps) {
+	if (isBuiltinMode(mode)) return buildBuiltinCommand(mode, appArgs);
+	return buildAppCommand(mode, workDirs, home, profileSandbox, appArgs, apps);
+}
+function buildBuiltinCommand(mode, appArgs) {
 	switch (mode) {
-		case "code": {
-			const dataDir = join(home, ".vscode-sandbox");
-			const args = ["--no-sandbox"];
-			if (profileSandbox) {
-				args.push("--user-data-dir", join(dataDir, "data"));
-				args.push("--extensions-dir", join(dataDir, "extensions"));
-			}
-			args.push(...workDirs);
-			return {
-				bin: VSCODE_APP,
-				args
-			};
-		}
 		case "term": return {
-			bin: process.env.SHELL ?? "/bin/zsh",
+			bin: process$1.env.SHELL ?? "/bin/zsh",
 			args: ["-l"]
 		};
 		case "claude": return {
@@ -310,29 +1210,120 @@ function buildCommand(mode, workDirs, home, profileSandbox, execCmd) {
 			args: []
 		};
 		case "exec": return {
-			bin: execCmd[0],
-			args: execCmd.slice(1)
+			bin: appArgs[0],
+			args: appArgs.slice(1)
 		};
 	}
 }
+function buildAppCommand(mode, workDirs, home, profileSandbox, appArgs, apps) {
+	const app = apps[mode];
+	if (!app) {
+		console.error(`\n${fmt.error(`unknown mode "${mode}"`)}\n`);
+		process$1.exit(1);
+	}
+	const resolvedPath = resolveAppPath(app);
+	if (!resolvedPath) {
+		console.error(`\n${fmt.error(`could not find application for "${mode}"`)}`);
+		if (app.bundle) console.error(fmt.detail(`bundle: ${app.bundle}`));
+		console.error(fmt.detail("hint: set an explicit path in ~/.bxconfig.toml\n"));
+		process$1.exit(1);
+	}
+	const bin = executableFromBundle(resolvedPath, app);
+	const args = [];
+	if (mode === "code" && profileSandbox) {
+		const dataDir = join(home, ".vscode-sandbox");
+		args.push("--user-data-dir", join(dataDir, "data"));
+		args.push("--extensions-dir", join(dataDir, "extensions"));
+	}
+	if (app.args) args.push(...app.args);
+	if (appArgs.length > 0) args.push(...appArgs);
+	if (shouldPassWorkdirs(app, mode)) args.push(...workDirs);
+	return {
+		bin,
+		args
+	};
+}
+function getActivationCommand(mode, apps) {
+	if (isBuiltinMode(mode)) return null;
+	const app = apps[mode];
+	if (!app) return null;
+	if (app.bundle) return {
+		bin: "/usr/bin/open",
+		args: ["-b", app.bundle]
+	};
+	const resolved = resolveAppPath(app);
+	if (!resolved) return null;
+	const bundlePath = appBundleFromPath(resolved);
+	if (!bundlePath) return null;
+	return {
+		bin: "/usr/bin/open",
+		args: ["-a", bundlePath]
+	};
+}
+function getNestedSandboxWarning(mode, apps) {
+	if (isBuiltinMode(mode)) return null;
+	const app = apps[mode];
+	if (!app) return null;
+	const resolvedPath = resolveAppPath(app);
+	if (!resolvedPath) return null;
+	const target = appBundleFromPath(resolvedPath) ?? resolvedPath;
+	try {
+		if (hasAppSandboxEntitlement(execFileSync("codesign", [
+			"-d",
+			"--entitlements",
+			"-",
+			target
+		], {
+			encoding: "utf-8",
+			stdio: [
+				"ignore",
+				"pipe",
+				"pipe"
+			]
+		}))) return `⚠️  "${mode}" has Apple App Sandbox enabled — nested sandboxing may cause issues`;
+	} catch {}
+	return null;
+}
+function bringAppToFront(mode, apps) {
+	const cmd = getActivationCommand(mode, apps);
+	if (!cmd) return;
+	setTimeout(() => {
+		try {
+			spawn(cmd.bin, cmd.args, {
+				stdio: "ignore",
+				detached: true
+			}).unref();
+		} catch {}
+	}, 250);
+}
 //#endregion
-//#region src/index.ts
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const VERSION = typeof __VERSION__ !== "undefined" ? __VERSION__ : "dev";
-if (process.argv.includes("--version") || process.argv.includes("-v")) {
-	console.log(`bx ${VERSION}`);
-	process.exit(0);
+//#region src/help.ts
+function printHelp(version) {
+	const HOME = process.env.HOME;
+	const usageLines = buildUsageLines(HOME, version);
+	console.log(usageLines);
+	console.log(OPTIONS_TEXT);
 }
-if (process.argv.includes("--help") || process.argv.includes("-h")) {
-	console.log(`bx ${VERSION} — launch apps in a macOS sandbox
+function buildUsageLines(home, version) {
+	return `${`bx ${version} — launch apps in a macOS sandbox`}
 Usage:
   bx [workdir...]                            VSCode (default)
-  bx code [workdir...]                       VSCode
-  bx term [workdir...]                       sandboxed login shell
+${home ? buildAppUsageLines(home) : ""}  bx term [workdir...]                       sandboxed login shell
   bx claude [workdir...]                     Claude Code CLI
-  bx exec [workdir...] -- command [args...]  arbitrary command
+  bx exec [workdir...] -- command [args...]  arbitrary command`;
+}
+function buildAppUsageLines(home) {
+	const apps = getAvailableApps(loadConfig(home));
+	const names = Object.keys(apps);
+	const maxLen = Math.max(...names.map((n) => n.length));
+	const colWidth = 41;
+	return names.map((name) => {
+		const left = `  bx ${name} [workdir...] [-- app-args...]`;
+		return `${left}${" ".repeat(Math.max(1, colWidth + maxLen - name.length - left.length + 2))}${name} (app)`;
+	}).join("\n") + "\n";
+}
+const OPTIONS_TEXT = `
 Options:
   --dry                show what will be protected, don't launch
   --verbose            print the generated sandbox profile
@@ -341,118 +1332,195 @@ Options:
   -h, --help           show this help
 Configuration:
+  ~/.bxconfig.toml     app definitions (TOML):
+                         [apps.name]           add a new app
+                         bundle = "..."         macOS bundle ID (auto-discovery)
+                         binary = "..."         relative path in .app bundle
+                         path = "..."           explicit executable path
+                         args = ["..."]         extra arguments
+                         passWorkdirs = true|false pass workdirs as launch args
+                       built-in apps (code, xcode) can be overridden
   ~/.bxignore          sandbox rules (one per line):
                          path         block access (deny)
                          rw:path      allow read-write access
                          ro:path      allow read-only access
   <workdir>/.bxignore  blocked paths in project (.gitignore-style matching)
-https://github.com/holtwick/bx-mac`);
-	process.exit(0);
+https://github.com/holtwick/bx-mac`;
+//#endregion
+//#region src/drytree.ts
+const RED = "\x1B[31m";
+const GREEN = "\x1B[32m";
+const YELLOW = "\x1B[33m";
+const CYAN = "\x1B[36m";
+const DIM = "\x1B[2m";
+const RESET = "\x1B[0m";
+function kindIcon(kind) {
+	switch (kind) {
+		case "read-only": return `${YELLOW}◉${RESET}`;
+		case "workdir": return `${GREEN}✔${RESET}`;
+		default: return `${RED}✖${RESET}`;
+	}
+}
+function insertPath(root, home, absPath, kind, isDir) {
+	const rel = absPath.startsWith(home + "/") ? absPath.slice(home.length + 1) : absPath;
+	let node = root;
+	for (const part of rel.split("/")) {
+		if (!node.children.has(part)) node.children.set(part, { children: /* @__PURE__ */ new Map() });
+		node = node.children.get(part);
+	}
+	node.kind = kind;
+	node.isDir = isDir;
+}
+function isDirectory(path) {
+	try {
+		return statSync(path).isDirectory();
+	} catch {
+		return path.slice(path.lastIndexOf("/") + 1).startsWith(".");
+	}
+}
+function printNode(node, prefix) {
+	const entries = [...node.children.entries()].sort((a, b) => a[0].localeCompare(b[0]));
+	for (let i = 0; i < entries.length; i++) {
+		const [name, child] = entries[i];
+		const isLast = i === entries.length - 1;
+		const connector = isLast ? "└── " : "├── ";
+		const continuation = isLast ? "    " : "│   ";
+		if (child.kind) {
+			const suffix = child.isDir ? "/" : "";
+			console.log(`${prefix}${connector}${kindIcon(child.kind)} ${name}${suffix}  ${DIM}${child.kind}${RESET}`);
+		} else console.log(`${prefix}${connector}${CYAN}${name}/${RESET}`);
+		if (child.children.size > 0) printNode(child, prefix + continuation);
+	}
+}
+function printDryRunTree({ home, blockedDirs, ignoredPaths, readOnlyDirs, workDirs }) {
+	const root = { children: /* @__PURE__ */ new Map() };
+	for (const dir of blockedDirs) insertPath(root, home, dir, "blocked", true);
+	for (const path of ignoredPaths) insertPath(root, home, path, "ignored", isDirectory(path));
+	for (const dir of readOnlyDirs) insertPath(root, home, dir, "read-only", true);
+	for (const dir of workDirs) insertPath(root, home, dir, "workdir", true);
+	console.log(`\n${CYAN}~/${RESET}`);
+	printNode(root, "");
+	console.log(`\n${RED}✖${RESET} = denied  ${YELLOW}◉${RESET} = read-only  ${GREEN}✔${RESET} = read-write\n`);
+}
+//#endregion
+//#region src/index.ts
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const VERSION = typeof __VERSION__ !== "undefined" ? __VERSION__ : "dev";
+if (process$1.argv.includes("--version") || process$1.argv.includes("-v")) {
+	console.log(`bx ${VERSION}`);
+	process$1.exit(0);
+}
+if (process$1.argv.includes("--help") || process$1.argv.includes("-h")) {
+	printHelp(VERSION);
+	process$1.exit(0);
 }
-const { mode, workArgs, verbose, dry, profileSandbox, execCmd, implicit } = parseArgs();
-const HOME = process.env.HOME;
-const WORK_DIRS = workArgs.map((a) => resolve(a));
-if (implicit && !dry) {
+if (!process$1.env.HOME) {
+	console.error(`\n${fmt.error("$HOME environment variable is not set")}\n`);
+	process$1.exit(1);
+}
+const HOME = process$1.env.HOME;
+async function main() {
+	const apps = getAvailableApps(loadConfig(HOME));
+	const { mode, workArgs, verbose, dry, profileSandbox, appArgs, implicit } = parseArgs(getValidModes(apps));
+	const app = apps[mode];
+	const workDirs = (implicit && app?.workdirs?.length ? app.workdirs : workArgs).map((a) => resolve(a.replace(/^~\//, HOME + "/")));
+	if (implicit && !app?.workdirs?.length) {
+		if (workDirs.some((d) => d === HOME)) {
+			console.error(`\n${fmt.error("no working directory specified and current directory is $HOME")}\n`);
+			console.error(fmt.detail(`Usage:  bx ${mode} <workdir>`));
+			console.error(fmt.detail(`Config: set default workdirs in ~/.bxconfig.toml:\n`));
+			console.error(fmt.detail(`[apps.${mode}]`));
+			console.error(fmt.detail(`workdirs = ["~/work/my-project"]\n`));
+			process$1.exit(1);
+		}
+		if (!dry) await confirmLaunch(workDirs[0], mode);
+	}
+	if (!dry) {
+		checkOwnSandbox();
+		checkVSCodeTerminal();
+		checkExternalSandbox();
+	}
+	checkWorkDirs(workDirs, HOME);
+	await checkAppAlreadyRunning(mode, apps);
+	if (mode === "code" && profileSandbox) setupVSCodeProfile(HOME);
+	const { allowed, readOnly } = parseHomeConfig(HOME, workDirs);
+	const blockedDirs = collectBlockedDirs(HOME, HOME, __dirname, new Set([...allowed, ...readOnly]));
+	const ignoredPaths = collectIgnoredPaths(HOME, workDirs);
+	printPolicySummary(mode, workDirs, blockedDirs, ignoredPaths, readOnly);
+	const profile = generateProfile(workDirs, blockedDirs, ignoredPaths, [...readOnly]);
+	if (verbose) {
+		console.error("\n--- Generated sandbox profile ---");
+		console.error(profile);
+		console.error("--- End of profile ---\n");
+	}
+	if (dry) {
+		printDryRunTree({
+			home: HOME,
+			blockedDirs,
+			ignoredPaths,
+			readOnlyDirs: readOnly,
+			workDirs
+		});
+		process$1.exit(0);
+	}
+	const profilePath = join("/tmp", `bx-${process$1.pid}.sb`);
+	writeFileSync(profilePath, profile);
+	const cmd = buildCommand(mode, workDirs, HOME, profileSandbox, appArgs, apps);
+	const nestedSandboxWarning = getNestedSandboxWarning(mode, apps);
+	if (nestedSandboxWarning) console.error(fmt.detail(nestedSandboxWarning));
+	if (verbose) printLaunchDetails(cmd, workDirs[0], getActivationCommand(mode, apps));
+	console.error("");
+	const child = spawn("sandbox-exec", [
+		"-f",
+		profilePath,
+		"-D",
+		`HOME=${HOME}`,
+		"-D",
+		`WORK=${workDirs[0]}`,
+		cmd.bin,
+		...cmd.args
+	], {
+		cwd: workDirs[0],
+		stdio: "inherit",
+		env: {
+			...process$1.env,
+			CODEBOX_SANDBOX: "1"
+		}
+	});
+	bringAppToFront(mode, apps);
+	child.on("close", (code) => {
+		rmSync(profilePath, { force: true });
+		process$1.exit(code ?? 0);
+	});
+}
+async function confirmLaunch(workDir, mode) {
 	const rl = createInterface({
-		input: process.stdin,
-		output: process.stderr
+		input: process$1.stdin,
+		output: process$1.stderr
 	});
 	const answer = await new Promise((res) => {
-		rl.question(`sandbox: open ${WORK_DIRS[0]} in VSCode? [Y/n] `, res);
+		rl.question(`${fmt.info(`open ${workDir} in ${mode}?`)} [Y/n] `, res);
 	});
 	rl.close();
-	if (answer && !answer.match(/^y(es)?$/i)) process.exit(0);
-}
-if (!dry) {
-	checkOwnSandbox();
-	checkVSCodeTerminal();
-	checkExternalSandbox();
-}
-checkWorkDirs(WORK_DIRS, HOME);
-if (mode === "code" && profileSandbox) setupVSCodeProfile(HOME);
-const { allowed, readOnly } = parseHomeConfig(HOME, WORK_DIRS);
-const blockedDirs = collectBlockedDirs(HOME, HOME, __dirname, new Set([...allowed, ...readOnly]));
-const ignoredPaths = collectIgnoredPaths(HOME, WORK_DIRS);
-const extraIgnored = ignoredPaths.length - PROTECTED_DOTDIRS.length;
-if (extraIgnored > 0) console.error(`sandbox: .bxignore hides ${extraIgnored} extra path(s)`);
-if (readOnly.size > 0) console.error(`sandbox: ${readOnly.size} read-only director${readOnly.size === 1 ? "y" : "ies"}`);
-const profile = generateProfile(WORK_DIRS, blockedDirs, ignoredPaths, [...readOnly]);
-const dirLabel = WORK_DIRS.length === 1 ? WORK_DIRS[0] : `${WORK_DIRS.length} directories`;
-console.error(`sandbox: ${mode} mode, working directory: ${dirLabel}`);
-if (verbose) {
-	console.error("\n--- Generated sandbox profile ---");
-	console.error(profile);
-	console.error("--- End of profile ---\n");
-}
-if (dry) {
-	const R = "\x1B[31m", G = "\x1B[32m", Y = "\x1B[33m", C = "\x1B[36m", D = "\x1B[2m", X = "\x1B[0m";
-	const icon = (k) => k === "read-only" ? `${Y}◉${X}` : k === "workdir" ? `${G}✔${X}` : `${R}✖${X}`;
-	const tag = (k) => `${D}${k}${X}`;
-	const root = { children: /* @__PURE__ */ new Map() };
-	function addEntry(absPath, kind, isDir) {
-		const parts = (absPath.startsWith(HOME + "/") ? absPath.slice(HOME.length + 1) : absPath).split("/");
-		let node = root;
-		for (const part of parts) {
-			if (!node.children.has(part)) node.children.set(part, { children: /* @__PURE__ */ new Map() });
-			node = node.children.get(part);
-		}
-		node.kind = kind;
-		node.isDir = isDir;
-	}
-	for (const d of blockedDirs) addEntry(d, "blocked", true);
-	for (const p of ignoredPaths) {
-		let isDir = false;
-		try {
-			isDir = statSync(p).isDirectory();
-		} catch {
-			if (p.slice(p.lastIndexOf("/") + 1).startsWith(".")) isDir = true;
-		}
-		addEntry(p, "ignored", isDir);
-	}
-	for (const d of readOnly) addEntry(d, "read-only", true);
-	for (const d of WORK_DIRS) addEntry(d, "workdir", true);
-	function printTree(node, prefix) {
-		const entries = [...node.children.entries()].sort((a, b) => a[0].localeCompare(b[0]));
-		for (let i = 0; i < entries.length; i++) {
-			const [name, child] = entries[i];
-			const last = i === entries.length - 1;
-			const connector = last ? "└── " : "├── ";
-			const pipe = last ? "    " : "│   ";
-			if (child.kind) {
-				const suffix = child.isDir ? "/" : "";
-				console.log(`${prefix}${connector}${icon(child.kind)} ${name}${suffix}  ${tag(child.kind)}`);
-			} else console.log(`${prefix}${connector}${C}${name}/${X}`);
-			if (child.children.size > 0) printTree(child, prefix + pipe);
-		}
-	}
-	console.log(`\n${C}~/${X}`);
-	printTree(root, "");
-	console.log(`\n${R}✖${X} = denied  ${Y}◉${X} = read-only  ${G}✔${X} = read-write\n`);
-	process.exit(0);
-}
-const profilePath = join("/tmp", `bx-${process.pid}.sb`);
-writeFileSync(profilePath, profile);
-const cmd = buildCommand(mode, WORK_DIRS, HOME, profileSandbox, execCmd);
-spawn("sandbox-exec", [
-	"-f",
-	profilePath,
-	"-D",
-	`HOME=${HOME}`,
-	"-D",
-	`WORK=${WORK_DIRS[0]}`,
-	cmd.bin,
-	...cmd.args
-], {
-	cwd: WORK_DIRS[0],
-	stdio: "inherit",
-	env: {
-		...process.env,
-		CODEBOX_SANDBOX: "1"
-	}
-}).on("close", (code) => {
-	rmSync(profilePath, { force: true });
-	process.exit(code ?? 0);
-});
+	if (answer && !answer.match(/^y(es)?$/i)) process$1.exit(0);
+}
+function printPolicySummary(mode, workDirs, blockedDirs, ignoredPaths, readOnly) {
+	const dirLabel = workDirs.length === 1 ? workDirs[0] : `${workDirs.length} directories`;
+	console.error(`\n${fmt.info(`${mode} → ${dirLabel}`)}`);
+	const parts = [`${blockedDirs.length} blocked`, `${ignoredPaths.length} hidden`];
+	if (readOnly.size > 0) parts.push(`${readOnly.size} read-only`);
+	const extraIgnored = ignoredPaths.length - PROTECTED_DOTDIRS.length;
+	if (extraIgnored > 0) parts.push(`${extraIgnored} from .bxignore`);
+	console.error(fmt.detail(parts.join(" · ")));
+}
+function printLaunchDetails(cmd, cwd, activationCmd) {
+	const quote = (a) => JSON.stringify(a);
+	console.error(fmt.detail(`bin:  ${cmd.bin}`));
+	console.error(fmt.detail(`args: ${cmd.args.map(quote).join(" ") || "(none)"}`));
+	console.error(fmt.detail(`cwd:  ${cwd}`));
+	if (activationCmd) console.error(fmt.detail(`focus: ${activationCmd.bin} ${activationCmd.args.map(quote).join(" ")}`));
+}
+main();
 //#endregion
 export {};