bx-mac 1.4.0 → 1.5.1

package/README.md

@@ -234,23 +234,32 @@ Unified sandbox rules for your home directory. Paths relative to `$HOME`. Each l
 .kube
 .config/gcloud
 
-# Allow read-write access to extra directories
+# Allow read-write access to extra paths
 rw:work/bin
 rw:shared/libs
+rw:~/projects/*       # globs supported, ~ is expanded
 
 # Allow read-only access (can read but not modify)
 ro:reference/docs
 ro:shared/toolchain
+ro:.npmrc             # files work too; overrides built-in block
 ```
 
-`rw:` and `ro:` entries also **override** the built-in protected lists - e.g. `ro:.npmrc` makes the otherwise-blocked `~/.npmrc` readable, `rw:.aws` opens the AWS credentials directory. Files (not just directories) are accepted as targets. Use this with care - you are explicitly weakening the default protection.
+Plain deny rules have two scopes:
 
-Deny rules are applied **in addition** to the built-in protected lists:
+- **At `$HOME` top level only** (no recursive `**` walk). `secrets/` matches `~/secrets`, not `~/nested/secrets`; `.config/gcloud` matches as a literal.
+- **Recursively inside each workdir** - same semantics as a project-level `.bxignore`, so `secrets/` and `*.pem` apply across every project you open. The recursive scan skips `node_modules`, `.git`, caches, `DerivedData`, `Pods`, and similar subtrees for speed.
+
+Deny rules are applied **in addition** to the built-in protected lists. `rw:` and `ro:` entries however **override** them - `ro:.npmrc` exposes the otherwise-blocked `~/.npmrc` read-only, `rw:.aws` opens the AWS credentials directory completely. Files (not just directories) are accepted, `~/...` is expanded, and globs (`*`, `**`) are matched against `$HOME`. Use override entries deliberately - you are weakening the default protection. `bx` prints a warning on stderr when an override exposes a built-in protected path.
+
+Built-in protected lists:
 
 > 🔒 **Dotdirs:** `.ssh` `.gnupg` `.docker` `.zsh_sessions` `.cargo` `.gradle` `.gem`
 >
 > 🏛️ **Library (opinionated):** `Accounts` `Calendars` `Contacts` `Cookies` `Finance` `Mail` `Messages` `Mobile Documents` `Photos` `Safari` and [others (see full list)](src/profile.ts) — plus containers of password managers & finance apps
 
+**Limitation:** Overrides only work on whole protected paths. `rw:.aws/profile.json` does not selectively unblock a file inside `~/.aws` - the parent deny still wins (Apple SBPL: deny beats allow). Use `rw:.aws` to open the entire directory.
+
 ### `<project>/.bxignore`
 
 Block paths within the working directory. Uses [`.gitignore`-style pattern matching](https://git-scm.com/docs/gitignore#_pattern_format):
@@ -284,6 +293,13 @@ my-project/deploy/.bxignore         # deployment credentials
 
 Each `.bxignore` resolves its patterns relative to its own directory.
 
+Project `.bxignore` also accepts `ro:` entries to make paths within the workdir read-only (write-protect generated files, vendored libraries, etc.). `rw:` is silently ignored here - the workdir is already read-write by default.
+
+```gitignore
+ro:vendor/
+ro:generated/schema.ts
+```
+
 ### Self-protecting directories
 
 You can make any directory protect itself — no global configuration needed. There are two ways:

package/dist/bx.js

@@ -1045,6 +1045,50 @@ function toGlobPattern(line) {
 function resolveGlobMatches(pattern, baseDir) {
 	return globSync(toGlobPattern(pattern), { cwd: baseDir }).map((match) => resolve(baseDir, match));
 }
+const SCAN_EXCLUDE_NAMES = new Set([
+	"Library",
+	"Applications",
+	"node_modules",
+	".git",
+	".Trash",
+	".cache",
+	".npm",
+	".pnpm-store",
+	".yarn",
+	".cargo",
+	".rustup",
+	".gradle",
+	".gem",
+	".m2",
+	".nvm",
+	".bun",
+	".deno",
+	"DerivedData",
+	"Pods"
+]);
+function scanExcludeFilter(entry) {
+	const name = typeof entry === "string" ? entry.split("/").pop() ?? "" : entry?.name ?? "";
+	return SCAN_EXCLUDE_NAMES.has(name);
+}
+function resolveGlobMatchesBatch(patterns, baseDir) {
+	if (patterns.length === 0) return [];
+	return globSync(patterns.map(toGlobPattern), {
+		cwd: baseDir,
+		exclude: scanExcludeFilter
+	}).map((match) => resolve(baseDir, match));
+}
+/**
+* Resolve patterns against `baseDir` at top level only (no recursive `**`
+* expansion).  Trailing slashes are stripped; leading slashes are stripped
+* (already anchored).  Used for `~/.bxignore` in $HOME to keep the lookup
+* cheap while still matching literal/glob paths at the home root.
+*/
+function resolveTopLevelMatches(patterns, baseDir) {
+	if (patterns.length === 0) return [];
+	const cleaned = patterns.map((p) => p.startsWith("/") ? p.slice(1) : p).map((p) => p.endsWith("/") ? p.slice(0, -1) : p).filter((p) => p.length > 0);
+	if (cleaned.length === 0) return [];
+	return globSync(cleaned, { cwd: baseDir }).map((m) => resolve(baseDir, m));
+}
 /**
 * A directory is self-protected if it contains a `.bxprotect` file
 * or a `.bxignore` with a bare `/` entry.  Self-protected directories
@@ -1055,19 +1099,27 @@ function isSelfProtected(dir) {
 	if (existsSync(join(dir, ".bxprotect"))) return true;
 	return parseLines(join(dir, ".bxignore")).some((l) => l === "/" || l === ".");
 }
-function applyIgnoreFile(filePath, baseDir, ignored) {
+function applyIgnoreFile(filePath, baseDir, ignored, readOnly) {
 	for (const line of parseLines(filePath)) {
 		if (line === "/" || line === ".") continue;
+		const accessMatch = line.match(ACCESS_PREFIX_RE);
+		if (accessMatch) {
+			if (!readOnly) continue;
+			const [, prefix, rawPath] = accessMatch;
+			if (prefix.toUpperCase() !== "RO") continue;
+			for (const m of resolveGlobMatches(rawPath.trim(), baseDir)) readOnly.add(realpathSafe(m));
+			continue;
+		}
 		ignored.push(...resolveGlobMatches(line, baseDir));
 	}
 }
-function collectIgnoreFilesRecursive(dir, ignored) {
+function collectIgnoreFilesRecursive(dir, ignored, readOnly) {
 	if (isSelfProtected(dir)) {
 		ignored.push(dir);
 		return;
 	}
 	const ignoreFile = join(dir, ".bxignore");
-	if (existsSync(ignoreFile)) applyIgnoreFile(ignoreFile, dir, ignored);
+	if (existsSync(ignoreFile)) applyIgnoreFile(ignoreFile, dir, ignored, readOnly);
 	let entries;
 	try {
 		entries = readdirSync(dir);
@@ -1078,11 +1130,29 @@ function collectIgnoreFilesRecursive(dir, ignored) {
 		if (name.startsWith(".") || name === "node_modules") continue;
 		const fullPath = join(dir, name);
 		try {
-			if (statSync(fullPath).isDirectory()) collectIgnoreFilesRecursive(fullPath, ignored);
+			if (statSync(fullPath).isDirectory()) collectIgnoreFilesRecursive(fullPath, ignored, readOnly);
 		} catch {}
 	}
 }
 const ACCESS_PREFIX_RE = /^(RW|RO):(.+)$/i;
+function expandHomePath(home, raw) {
+	const trimmed = raw.trim();
+	if (trimmed === "~") return home;
+	if (trimmed.startsWith("~/")) return join(home, trimmed.slice(2));
+	return resolve(home, trimmed);
+}
+function realpathSafe(p) {
+	try {
+		return realpathSync(p);
+	} catch {
+		return p;
+	}
+}
+function resolveAccessTargets(home, raw) {
+	const expanded = expandHomePath(home, raw);
+	if (existsSync(expanded)) return [realpathSafe(expanded)];
+	return globSync(raw.trim().replace(/^~\//, ""), { cwd: home }).map((m) => realpathSafe(join(home, m))).filter((p) => existsSync(p));
+}
 function parseHomeConfig(home, workDirs) {
 	const allowed = new Set(workDirs);
 	const readOnly = /* @__PURE__ */ new Set();
@@ -1090,10 +1160,10 @@ function parseHomeConfig(home, workDirs) {
 		const match = line.match(ACCESS_PREFIX_RE);
 		if (!match) continue;
 		const [, prefix, rawPath] = match;
-		const absolute = resolve(home, rawPath.trim());
-		if (!existsSync(absolute)) continue;
-		if (prefix.toUpperCase() === "RW") allowed.add(absolute);
-		else readOnly.add(absolute);
+		const targets = resolveAccessTargets(home, rawPath);
+		if (targets.length === 0) continue;
+		const target = prefix.toUpperCase() === "RW" ? allowed : readOnly;
+		for (const t of targets) target.add(t);
 	}
 	return {
 		allowed,
@@ -1143,22 +1213,26 @@ function collectProtectedContainers(home) {
 	}
 	return matched;
 }
+function isOverridden(path, overrides) {
+	return overrides.has(path) || overrides.has(realpathSafe(path));
+}
 function collectReadOnlyDotfiles(home, overrides = /* @__PURE__ */ new Set()) {
-	return PROTECTED_HOME_DOTFILES_RO.map((f) => join(home, f)).filter((p) => !overrides.has(p));
+	return PROTECTED_HOME_DOTFILES_RO.map((f) => join(home, f)).filter((p) => !isOverridden(p, overrides));
 }
-function collectIgnoredPaths(home, workDirs, overrides = /* @__PURE__ */ new Set()) {
+function collectIgnoredPaths(home, workDirs, overrides = /* @__PURE__ */ new Set(), readOnly) {
 	const ignored = [
 		...PROTECTED_DOTDIRS.map((d) => join(home, d)),
 		...PROTECTED_HOME_DOTFILES.map((f) => join(home, f)),
 		...PROTECTED_LIBRARY_DIRS.map((d) => join(home, "Library", d)),
 		...new Set(collectProtectedContainers(home))
-	].filter((p) => !overrides.has(p));
+	].filter((p) => !isOverridden(p, overrides));
 	const globalIgnore = join(home, ".bxignore");
-	if (existsSync(globalIgnore)) {
-		const denyLines = parseLines(globalIgnore).filter((l) => !ACCESS_PREFIX_RE.test(l));
-		for (const line of denyLines) for (const m of resolveGlobMatches(line, home)) if (!overrides.has(m)) ignored.push(m);
+	const globalDenyLines = existsSync(globalIgnore) ? parseLines(globalIgnore).filter((l) => !ACCESS_PREFIX_RE.test(l)) : [];
+	for (const m of resolveTopLevelMatches(globalDenyLines, home)) if (!isOverridden(m, overrides)) ignored.push(m);
+	for (const workDir of workDirs) {
+		for (const m of resolveGlobMatchesBatch(globalDenyLines, workDir)) if (!isOverridden(m, overrides)) ignored.push(m);
+		collectIgnoreFilesRecursive(workDir, ignored, readOnly);
 	}
-	for (const workDir of workDirs) collectIgnoreFilesRecursive(workDir, ignored);
 	return ignored;
 }
 function sbplEscape(path) {
@@ -1699,7 +1773,7 @@ function printDryRunTree({ home, blockedDirs, ignoredPaths, readOnlyDirs, workDi
 }
 //#endregion
 //#region src/index.ts
-const VERSION = "1.4.0";
+const VERSION = "1.5.1";
 const __dirname = dirname(fileURLToPath(import.meta.url));
 if (process$1.argv.includes("--version") || process$1.argv.includes("-v")) {
 	console.log(`bx ${VERSION}`);
@@ -1749,8 +1823,9 @@ async function main() {
 	if (profileSandbox) await setupVSCodeProfile(HOME, profileSandbox);
 	const { allowed, readOnly } = parseHomeConfig(HOME, workDirs);
 	const allAccessible = new Set([...allowed, ...readOnly]);
+	warnDangerousOverrides(HOME, allAccessible);
 	const blockedDirs = collectBlockedDirs(HOME, HOME, __dirname, allAccessible);
-	const ignoredPaths = collectIgnoredPaths(HOME, workDirs, allAccessible);
+	const ignoredPaths = collectIgnoredPaths(HOME, workDirs, allAccessible, readOnly);
 	const readOnlyDotfiles = collectReadOnlyDotfiles(HOME, allAccessible);
 	printPolicySummary(mode, workDirs, blockedDirs, ignoredPaths, readOnly);
 	const profile = generateProfile(workDirs, blockedDirs, ignoredPaths, [...readOnly], HOME, readOnlyDotfiles);
@@ -1878,6 +1953,14 @@ function printPolicySummary(mode, workDirs, blockedDirs, ignoredPaths, readOnly)
 	if (extraIgnored > 0) parts.push(`${extraIgnored} from .bxignore`);
 	console.error(fmt.detail(parts.join(" · ")));
 }
+function warnDangerousOverrides(home, accessible) {
+	const hits = [
+		...PROTECTED_DOTDIRS.map((d) => join(home, d)),
+		...PROTECTED_HOME_DOTFILES.map((f) => join(home, f)),
+		...PROTECTED_LIBRARY_DIRS.map((d) => join(home, "Library", d))
+	].filter((p) => accessible.has(p));
+	for (const p of hits) console.error(fmt.detail(`warning: ~/.bxignore override exposes built-in protected path ${p}`));
+}
 function printLaunchDetails(cmd, cwd) {
 	const quote = (a) => JSON.stringify(a);
 	console.error(fmt.detail(`bin:  ${cmd.bin}`));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bx-mac",
-  "version": "1.4.0",
+  "version": "1.5.1",
   "description": "Sandbox any macOS app — only your project directory stays accessible",
   "type": "module",
   "bin": {
@@ -47,10 +47,10 @@
     "darwin"
   ],
   "devDependencies": {
-    "@types/node": "^25.5.2",
-    "rolldown": "^1.0.0-rc.13",
+    "@types/node": "^25.6.0",
+    "rolldown": "^1.0.0-rc.16",
     "smol-toml": "^1.6.1",
-    "vitest": "^4.1.2"
+    "vitest": "^4.1.4"
   },
   "engines": {
     "node": ">=22"