bx-mac 1.0.2 → 1.1.0

package/README.md

@@ -122,6 +122,9 @@ bx --dry ~/work/my-project
 
 # 🔍 See the generated sandbox profile
 bx --verbose ~/work/my-project
+
+# 🔄 Use an isolated app profile
+bx --vscode-user code ~/work/my-project
 ```
 
 ## ⚙️ Options
@@ -131,7 +134,7 @@ bx --verbose ~/work/my-project
 | `--dry` | Show a tree of all protected, read-only, and accessible paths — don't launch anything |
 | `--verbose` | Print the generated sandbox profile plus launch details (binary, arguments, cwd, focus command) |
 | `--background` | Run the app detached in the background (like `nohup &`), output goes to `/tmp/bx-<pid>.log` |
-| `--profile-sandbox` | Use an isolated VSCode profile (separate extensions/settings, `code` mode only) |
+| `--vscode-user [path]` | Use an isolated app profile (default: `~/.vscode-sandbox`, or specify a custom path) |
 
 On normal runs, bx also prints a short policy summary (number of workdirs, blocked directories, hidden paths, and read-only directories).
 
@@ -166,8 +169,9 @@ path = "/usr/local/bin/code"
 | `fallback` | Absolute fallback path if `mdfind` discovery fails |
 | `args` | Extra arguments always passed to the app |
 | `passPaths` | Paths passed as app launch args (`true`/`false`/`N`/`["~/p1", "~/p2"]`) |
-| `paths` | Default working directories when none are given on the CLI (supports `~/` paths) |
+| `paths` | Default working directories when none are given on the CLI (supports `~/` paths and `*` globs) |
 | `background` | Run the app detached in the background by default (`true`/`false`) |
+| `profile` | Use an isolated app profile (`true` = `~/.vscode-sandbox`, `"path"` = custom path) |
 
 **Resolution order:** `path` → `mdfind` by `bundle` + `binary` → `fallback`
 
@@ -342,7 +346,7 @@ Or preconfigure them in `~/.bxconfig.toml`:
 paths = ["~/work/project-a", "~/work/project-b"]
 ```
 
-For VSCode specifically, `--profile-sandbox` forces a separate Electron process via an isolated `--user-data-dir`, but this means separate extensions and settings.
+For VSCode specifically, `--vscode-user` forces a separate Electron process via an isolated `--user-data-dir`, but this means separate extensions and settings. You can specify a custom path (`--vscode-user ~/my-profile`) or use the default (`--vscode-user` alone uses `~/.vscode-sandbox`). This can also be configured per app in `~/.bxconfig.toml` via the `profile` field.
 
 ## 💡 Tips
 
@@ -369,6 +373,7 @@ Some AI coding tools ship with their own sandboxing. bx complements these by pro
 - [Claude Code](https://code.claude.com/docs/en/sandboxing) — built-in sandbox for file and command restrictions
 - [Gemini CLI](https://geminicli.com/docs/cli/sandbox/) — sandbox mode for file system access control
 - [OpenAI Codex](https://developers.openai.com/codex/concepts/sandboxing) — containerized sandboxing for code execution
+- [VS Code Copilot](https://code.visualstudio.com/docs/copilot/agents/agent-tools#_sandbox-agent-commands) — agent sandbox mode (preview) that restricts write access to the working directory and blocks network access for terminal commands (`chat.agent.sandbox` setting)
 
 These are great when available, but they only protect within their own tool. bx wraps the entire process — so even if a tool's built-in sandbox is misconfigured, disabled, or absent, your files stay protected.
 

package/dist/bx.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { accessSync, constants, cpSync, existsSync, globSync, mkdirSync, mkdtempSync, openSync, readFileSync, readdirSync, realpathSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { basename, dirname, join, resolve } from "node:path";
-import { execFileSync, spawn } from "node:child_process";
+import { execFileSync, execSync, spawn } from "node:child_process";
 import { createInterface } from "node:readline";
 import process$1 from "node:process";
 import { fileURLToPath } from "node:url";
@@ -830,7 +830,8 @@ function parseAppDef(def) {
 		args: parseStringArray(def.args),
 		passPaths: parsePassPaths(def.passPaths ?? def.passWorkPaths ?? def.passWorkdirs),
 		paths: parseStringArray(def.paths ?? def.workdirs),
-		background: typeof def.background === "boolean" ? def.background : void 0
+		background: typeof def.background === "boolean" ? def.background : void 0,
+		profile: typeof def.profile === "boolean" || typeof def.profile === "string" ? def.profile : void 0
 	};
 }
 /**
@@ -855,7 +856,8 @@ function loadConfig(home) {
 			"passWorkdirs",
 			"paths",
 			"workdirs",
-			"background"
+			"background",
+			"profile"
 		]);
 		for (const [key, val] of Object.entries(doc)) {
 			if (key === "apps") continue;
@@ -1236,7 +1238,7 @@ async function checkAppAlreadyRunning(mode, apps) {
 	}
 	console.error(`\n${fmt.warn(`"${appName}" is already running`)}`);
 	console.error(fmt.detail("the workspace will open in the EXISTING instance — sandbox will NOT apply"));
-	if (mode === "code") console.error(fmt.detail("quit the app first, or use --profile-sandbox for an isolated instance"));
+	if (mode === "code") console.error(fmt.detail("quit the app first, or use --vscode-user for an isolated instance"));
 	else console.error(fmt.detail("quit the app first to ensure sandbox protection"));
 	const rl = createInterface({
 		input: process$1.stdin,
@@ -1280,12 +1282,12 @@ function parseArgs(validModes) {
 	const rawArgs = process$1.argv.slice(2);
 	const verbose = rawArgs.includes("--verbose");
 	const dry = rawArgs.includes("--dry");
-	const profileSandbox = rawArgs.includes("--profile-sandbox");
+	const vscodeUser = parseVscodeUserFlag(rawArgs);
 	const background = rawArgs.includes("--background");
-	const positional = rawArgs.filter((a) => !a.startsWith("--"));
+	const positional = collectPositional(rawArgs);
 	const doubleDashIdx = rawArgs.indexOf("--");
 	const appArgs = doubleDashIdx >= 0 ? rawArgs.slice(doubleDashIdx + 1) : [];
-	const beforeDash = doubleDashIdx >= 0 ? rawArgs.slice(0, doubleDashIdx).filter((a) => !a.startsWith("--")) : positional;
+	const beforeDash = doubleDashIdx >= 0 ? collectPositional(rawArgs.slice(0, doubleDashIdx)) : positional;
 	let mode = "code";
 	let workArgs;
 	let implicitWorkdirs = false;
@@ -1307,12 +1309,42 @@ function parseArgs(validModes) {
 		workArgs,
 		verbose,
 		dry,
-		profileSandbox,
+		vscodeUser,
 		background,
 		appArgs,
 		implicit: implicitWorkdirs
 	};
 }
+function looksLikePath(val) {
+	return val.includes("/") || val.startsWith("~") || val.startsWith(".");
+}
+/** Filter positional args, skipping the path value after --vscode-user */
+function collectPositional(args) {
+	const result = [];
+	for (let i = 0; i < args.length; i++) {
+		if (args[i] === "--vscode-user" || args[i] === "--vscode-user-data") {
+			const next = args[i + 1];
+			if (next && looksLikePath(next)) i++;
+			continue;
+		}
+		if (args[i].startsWith("--")) continue;
+		result.push(args[i]);
+	}
+	return result;
+}
+function parseVscodeUserFlag(args) {
+	for (let i = 0; i < args.length; i++) {
+		if (args[i] === "--vscode-user" || args[i] === "--vscode-user-data") {
+			const next = args[i + 1];
+			if (next && looksLikePath(next)) return next;
+			return true;
+		}
+		if (args[i] === "--vscode-user=false" || args[i] === "--vscode-user-data=false") return false;
+		const eqMatch = args[i].match(/^--vscode-user=(.+)$/);
+		if (eqMatch) return eqMatch[1];
+	}
+	return false;
+}
 //#endregion
 //#region src/modes.ts
 function isBuiltinMode(mode) {
@@ -1342,15 +1374,30 @@ function hasAppSandboxEntitlement(entitlements) {
 	if (new RegExp(`<key>\\s*${SANDBOX_KEY.replace(/\./g, "\\.")}\\s*</key>\\s*<false\\s*/>`, "i").test(entitlements)) return false;
 	return new RegExp(`${SANDBOX_KEY.replace(/\./g, "\\.")}\\s*[=:]\\s*(1|true)`, "i").test(entitlements);
 }
-function setupVSCodeProfile(home) {
-	const dataDir = join(home, ".vscode-sandbox");
+function resolveProfileDir(home, profile) {
+	if (typeof profile === "string") return resolve(profile.replace(/^~\//, home + "/"));
+	return join(home, ".vscode-sandbox");
+}
+async function setupVSCodeProfile(home, profile) {
+	const dataDir = resolveProfileDir(home, profile);
 	const globalExt = join(home, ".vscode", "extensions");
 	const localExt = join(dataDir, "extensions");
 	mkdirSync(dataDir, { recursive: true });
 	if (!existsSync(localExt) && existsSync(globalExt)) {
-		console.error(fmt.detail("copying extensions from global install..."));
-		cpSync(globalExt, localExt, { recursive: true });
+		const rl = createInterface({
+			input: process$1.stdin,
+			output: process$1.stderr
+		});
+		const answer = await new Promise((res) => {
+			rl.question(`${fmt.info(`copy extensions to ${dataDir}?`)} [Y/n] `, res);
+		});
+		rl.close();
+		if (!answer || answer.match(/^y(es)?$/i)) {
+			console.error(fmt.detail("copying extensions from global install..."));
+			cpSync(globalExt, localExt, { recursive: true });
+		}
 	}
+	console.error(fmt.detail(`profile: ${dataDir}`));
 }
 function buildCommand(mode, workDirs, home, profileSandbox, appArgs, apps) {
 	if (isBuiltinMode(mode)) return buildBuiltinCommand(mode, appArgs);
@@ -1387,8 +1434,8 @@ function buildAppCommand(mode, workDirs, home, profileSandbox, appArgs, apps) {
 	}
 	const bin = executableFromBundle(resolvedPath, app);
 	const args = [];
-	if (mode === "code" && profileSandbox) {
-		const dataDir = join(home, ".vscode-sandbox");
+	if (profileSandbox) {
+		const dataDir = resolveProfileDir(home, profileSandbox);
 		args.push("--user-data-dir", join(dataDir, "data"));
 		args.push("--extensions-dir", join(dataDir, "extensions"));
 	}
@@ -1454,6 +1501,26 @@ function bringAppToFront(mode, apps) {
 	}, 250);
 }
 //#endregion
+//#region src/paths.ts
+/** Expand glob patterns (e.g. ~/work/*) in path lists. Only directories are matched. */
+function expandGlobs(paths, home) {
+	const result = [];
+	for (const p of paths) {
+		const resolved = p.replace(/^~(\/|$)/, home + "/");
+		if (!resolved.includes("*")) {
+			result.push(resolved);
+			continue;
+		}
+		const dir = dirname(resolved);
+		const pattern = basename(resolved);
+		const regex = new RegExp("^" + pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*") + "$");
+		try {
+			for (const entry of readdirSync(dir, { withFileTypes: true })) if (entry.isDirectory() && regex.test(entry.name)) result.push(join(dir, entry.name));
+		} catch {}
+	}
+	return result;
+}
+//#endregion
 //#region src/help.ts
 function printHelp(version) {
 	const HOME = process.env.HOME;
@@ -1485,9 +1552,10 @@ Options:
   --dry                show what will be protected, don't launch
   --verbose            print the generated sandbox profile
   --background         run in background, log output to /tmp/bx-<pid>.log
-  --profile-sandbox    use an isolated VSCode profile (code mode only)
+  --vscode-user [path] use an isolated app profile (default: ~/.vscode-sandbox)
   -v, --version        show version
   -h, --help           show this help
+  --docs               open documentation in browser
 
 Configuration:
   ~/.bxconfig.toml     app definitions (TOML):
@@ -1498,6 +1566,8 @@ Configuration:
                          path = "..."           explicit executable path
                          args = ["..."]         extra arguments
                          passPaths = true|false|N|[...]  paths passed as launch args
+                         profile = true|"path"  use an isolated app profile
+                         paths = ["~/work/*"]   default workdirs (globs supported)
                          background = true      run in background by default
                        built-in apps (code, xcode) can be overridden
   ~/.bxignore          sandbox rules (one per line):
@@ -1579,7 +1649,7 @@ function printDryRunTree({ home, blockedDirs, ignoredPaths, readOnlyDirs, workDi
 }
 //#endregion
 //#region src/index.ts
-const VERSION = "1.0.2";
+const VERSION = "1.1.0";
 const __dirname = dirname(fileURLToPath(import.meta.url));
 if (process$1.argv.includes("--version") || process$1.argv.includes("-v")) {
 	console.log(`bx ${VERSION}`);
@@ -1589,6 +1659,10 @@ if (process$1.argv.includes("--help") || process$1.argv.includes("-h")) {
 	printHelp(VERSION);
 	process$1.exit(0);
 }
+if (process$1.argv.includes("--docs")) {
+	execSync("open https://github.com/holtwick/bx-mac");
+	process$1.exit(0);
+}
 if (!process$1.env.HOME) {
 	console.error(`\n${fmt.error("$HOME environment variable is not set")}\n`);
 	process$1.exit(1);
@@ -1598,9 +1672,9 @@ async function main() {
 	checkOwnSandbox();
 	checkExternalSandbox();
 	const apps = getAvailableApps(loadConfig(HOME));
-	const { mode, workArgs, verbose, dry, profileSandbox, background: backgroundFlag, appArgs, implicit } = parseArgs(getValidModes(apps));
+	const { mode, workArgs, verbose, dry, vscodeUser: vscodeUserFlag, background: backgroundFlag, appArgs, implicit } = parseArgs(getValidModes(apps));
 	const app = apps[mode];
-	const workDirs = (implicit && app?.paths?.length ? app.paths : workArgs).map((a) => realpathSync(resolve(a.replace(/^~\//, HOME + "/"))));
+	const workDirs = expandGlobs(implicit && app?.paths?.length ? app.paths : workArgs, HOME).map((a) => realpathSync(resolve(a)));
 	if (implicit && !app?.paths?.length) {
 		if (workDirs.some((d) => d === HOME)) {
 			console.error(`\n${fmt.error("no working directory specified and current directory is $HOME")}\n`);
@@ -1608,6 +1682,8 @@ async function main() {
 			console.error(fmt.detail(`Config: set default paths in ~/.bxconfig.toml:\n`));
 			console.error(fmt.detail(`[${mode}]`));
 			console.error(fmt.detail(`paths = ["~/work/my-project"]\n`));
+			console.error(fmt.detail(`Run bx --help for more info.`));
+			console.error(fmt.detail(`Docs: https://github.com/holtwick/bx-mac\n`));
 			process$1.exit(1);
 		}
 		if (!dry) await confirmLaunch(workDirs[0], mode);
@@ -1615,7 +1691,8 @@ async function main() {
 	if (!dry) checkVSCodeTerminal();
 	checkWorkDirs(workDirs, HOME);
 	await checkAppAlreadyRunning(mode, apps);
-	if (mode === "code" && profileSandbox) setupVSCodeProfile(HOME);
+	const profileSandbox = vscodeUserFlag !== false ? vscodeUserFlag : app?.profile ?? false;
+	if (profileSandbox) await setupVSCodeProfile(HOME, profileSandbox);
 	const { allowed, readOnly } = parseHomeConfig(HOME, workDirs);
 	const blockedDirs = collectBlockedDirs(HOME, HOME, __dirname, new Set([...allowed, ...readOnly]));
 	const ignoredPaths = collectIgnoredPaths(HOME, workDirs);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bx-mac",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "Sandbox any macOS app — only your project directory stays accessible",
   "type": "module",
   "bin": {
@@ -48,7 +48,7 @@
   ],
   "devDependencies": {
     "@types/node": "^25.5.0",
-    "rolldown": "^1.0.0-rc.12",
+    "rolldown": "^1.0.0-rc.13",
     "smol-toml": "^1.6.1",
     "vitest": "^4.1.2"
   },