npm - coder-config - Versions diffs - 0.46.16 → 0.47.1-beta - Mend

coder-config 0.46.16 → 0.47.1-beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/config-loader.js CHANGED Viewed

@@ -28,7 +28,7 @@ const { init, show } = require('./lib/init');
 const { memoryList, memoryInit, memoryAdd, memorySearch } = require('./lib/memory');
 const { envList, envSet, envUnset } = require('./lib/env');
 const { getProjectsRegistryPath, loadProjectsRegistry, saveProjectsRegistry, projectList, projectAdd, projectRemove } = require('./lib/projects');
-const { getWorkstreamsPath, loadWorkstreams, saveWorkstreams, workstreamList, workstreamCreate, workstreamUpdate, workstreamDelete, workstreamUse, workstreamActive, workstreamAddProject, workstreamRemoveProject, workstreamInject, workstreamDetect, workstreamGet, getActiveWorkstream, countWorkstreamsForProject, workstreamInstallHook, workstreamInstallHookGemini, workstreamInstallHookCodex, workstreamDeactivate, workstreamCheckPath, getSettingsPath, loadSettings, saveSettings, workstreamAddTrigger, workstreamRemoveTrigger, workstreamSetAutoActivate, setGlobalAutoActivate, shouldAutoActivate, workstreamCheckFolder, workstreamInstallCdHook, workstreamUninstallCdHook, workstreamCdHookStatus, discoverSubProjects, generateRulesFromRepos, generateRulesWithClaude, generateRulesWithAI, getAvailableAITools, findAIBinary, AI_TOOLS } = require('./lib/workstreams');
+const { getWorkstreamsPath, loadWorkstreams, saveWorkstreams, workstreamList, workstreamCreate, workstreamUpdate, workstreamDelete, workstreamUse, workstreamActive, workstreamAddProject, workstreamRemoveProject, workstreamInject, workstreamDetect, workstreamGet, getActiveWorkstream, countWorkstreamsForProject, workstreamInstallHook, workstreamInstallHookGemini, workstreamInstallHookCodex, workstreamDeactivate, workstreamCheckPath, getSettingsPath, loadSettings, saveSettings, workstreamAddTrigger, workstreamRemoveTrigger, workstreamSetAutoActivate, setGlobalAutoActivate, shouldAutoActivate, workstreamCheckFolder, workstreamInstallCdHook, workstreamUninstallCdHook, workstreamCdHookStatus, discoverSubProjects, generateRulesFromRepos, generateRulesWithClaude, generateRulesWithAI, getAvailableAITools, findAIBinary, AI_TOOLS, workstreamSetSandbox } = require('./lib/workstreams');
 const { getActivityPath, getDefaultActivity, loadActivity, saveActivity, detectProjectRoot, activityLog, activitySummary, generateWorkstreamName, activitySuggestWorkstreams, activityClear } = require('./lib/activity');
 const { getLoopsPath, loadLoops, saveLoops, loadLoopState, saveLoopState, loadHistory, saveHistory, loopList, loopCreate, loopGet, loopUpdate, loopDelete, loopStart, loopPause, loopResume, loopCancel, loopApprove, loopComplete, loopFail, loopStatus, loopHistory, loopConfig, getActiveLoop, recordIteration, saveClarifications, savePlan, loadClarifications, loadPlan, loopInject, archiveLoop } = require('./lib/loops');
 const { getSessionStatus, showSessionStatus, flushContext, clearContext, installHooks: sessionInstallHooks, getFlushedContext, installFlushCommand, installAll: sessionInstallAll, SESSION_DIR, FLUSHED_CONTEXT_FILE } = require('./lib/sessions');
@@ -132,7 +132,7 @@ class ClaudeConfigManager {
   }
   // Apply
-  apply(projectDir) { return apply(this.registryPath, projectDir); }
+  apply(projectDir) { return apply(this.registryPath, projectDir, this.installDir); }
   applyForAntigravity(projectDir) { return applyForAntigravity(this.registryPath, projectDir); }
   applyForGemini(projectDir) { return applyForGemini(this.registryPath, projectDir); }
   detectInstalledTools() { return detectInstalledTools(); }
@@ -206,6 +206,7 @@ class ClaudeConfigManager {
   workstreamAddTrigger(idOrName, folderPath) { return workstreamAddTrigger(this.installDir, idOrName, folderPath); }
   workstreamRemoveTrigger(idOrName, folderPath) { return workstreamRemoveTrigger(this.installDir, idOrName, folderPath); }
   workstreamSetAutoActivate(idOrName, value) { return workstreamSetAutoActivate(this.installDir, idOrName, value); }
+  workstreamSetSandbox(idOrName, value) { return workstreamSetSandbox(this.installDir, idOrName, value); }
   setGlobalAutoActivate(value) { return setGlobalAutoActivate(this.installDir, value); }
   shouldAutoActivate(workstream) { return shouldAutoActivate(this.installDir, workstream); }
   workstreamCheckFolder(folderPath, jsonOutput) { return workstreamCheckFolder(this.installDir, folderPath, jsonOutput); }

package/lib/apply.js CHANGED Viewed

@@ -8,11 +8,12 @@ const { execSync } = require('child_process');
 const { TOOL_PATHS } = require('./constants');
 const { loadJson, saveJson, loadEnvFile, interpolate, resolveEnvVars } = require('./utils');
 const { findProjectRoot, findAllConfigs, mergeConfigs, findAllConfigsForTool } = require('./config');
+const { getActiveWorkstream, writeWorkstreamSandboxSettings } = require('./workstreams');
 /**
  * Generate .mcp.json for a project (with hierarchical config merging)
  */
-function apply(registryPath, projectDir = null) {
+function apply(registryPath, projectDir = null, installDir = null) {
   const dir = projectDir || findProjectRoot() || process.cwd();
   const registry = loadJson(registryPath);
@@ -100,6 +101,23 @@ function apply(registryPath, projectDir = null) {
   console.log(`✓ Generated ${outputPath}`);
   console.log(`  └─ ${count} MCP(s): ${Object.keys(output.mcpServers).join(', ')}`);
+  // Generate settings.local.json with additionalDirectories for workstream sandbox scope
+  if (installDir) {
+    const active = getActiveWorkstream(installDir);
+    if (active && active.projects && active.projects.length > 0 && active.sandbox === true) {
+      const otherProjects = active.projects.filter(p => {
+        const resolved = path.resolve(p);
+        return resolved !== path.resolve(dir) && !dir.startsWith(resolved + path.sep);
+      });
+      if (otherProjects.length > 0) {
+        writeWorkstreamSandboxSettings(dir, otherProjects);
+        console.log(`✓ Generated .claude/settings.local.json (sandbox scope)`);
+        console.log(`  └─ ${otherProjects.length} additional director${otherProjects.length === 1 ? 'y' : 'ies'}`);
+      }
+    }
+  }
   // Generate settings.json with enabledPlugins if any are configured
   if (mergedConfig.enabledPlugins && Object.keys(mergedConfig.enabledPlugins).length > 0) {
     const settingsPath = path.join(dir, '.claude', 'settings.json');

package/lib/cli.js CHANGED Viewed

@@ -194,6 +194,13 @@ function runCli(manager) {
           process.exit(1);
         }
         manager.workstreamRemoveTrigger(args[2], args[3]);
+      } else if (args[1] === 'sandbox') {
+        if (!args[2]) {
+          console.error('Usage: coder-config workstream sandbox <workstream> [on|off]');
+          process.exit(1);
+        }
+        const value = args[3] || 'on';
+        manager.workstreamSetSandbox(args[2], value);
       } else if (args[1] === 'auto-activate') {
         if (!args[2]) {
           console.error('Usage: coder-config workstream auto-activate <workstream> [on|off|default]');
@@ -385,7 +392,7 @@ ${chalk.dim('Configuration manager for AI coding tools (Claude Code, Gemini CLI,
   // Project Commands
   console.log(box('Project', [
     cmd('init', 'Initialize project with .claude/mcps.json'),
-    cmd('apply', 'Generate .mcp.json from config'),
+    cmd('apply', 'Generate .mcp.json and sandbox scope'),
     cmd('show', 'Show current project config'),
     cmd('list', 'List available MCPs (✓ = active)'),
     cmd('add <mcp> [mcp...]', 'Add MCP(s) to project'),
@@ -434,6 +441,7 @@ ${chalk.dim('Configuration manager for AI coding tools (Claude Code, Gemini CLI,
     cmd('workstream use <name>', 'Set active workstream'),
     cmd('workstream add <ws> <path>', 'Add project to workstream'),
     cmd('workstream remove <ws> <path>', 'Remove from workstream'),
+    cmd('workstream sandbox <ws> [on|off]', 'Toggle sandbox enforcement'),
     cmd('workstream install-hook', 'Install pre-prompt hook'),
   ]));
   console.log();

package/lib/constants.js CHANGED Viewed

@@ -2,7 +2,7 @@
  * Constants and tool path configurations
  */
-const VERSION = '0.46.16';
+const VERSION = '0.47.1-beta';
 // Tool-specific path configurations
 const TOOL_PATHS = {

package/lib/workstreams.js CHANGED Viewed

@@ -86,7 +86,11 @@ function workstreamList(installDir) {
   const detected = workstreamDetect(installDir, process.cwd());
   for (const ws of data.workstreams) {
     const active = detected && ws.id === detected.id ? '● ' : '○ ';
-    console.log(`${active}${ws.name}`);
+    const badges = [];
+    if (ws.sandbox === true) badges.push('[sandbox]');
+    if (ws.autoActivate === true) badges.push('[auto]');
+    const badgeStr = badges.length > 0 ? ' ' + badges.join(' ') : '';
+    console.log(`${active}${ws.name}${badgeStr}`);
     if (ws.projects && ws.projects.length > 0) {
       console.log(`    Projects: ${ws.projects.map(p => path.basename(p)).join(', ')}`);
     }
@@ -391,6 +395,20 @@ function workstreamInject(installDir, silent = false) {
   // Always output the context (for hooks), silent only suppresses "no active" message
   console.log(output);
+  // Generate settings.local.json with additionalDirectories for sandbox scope
+  // Only when sandbox mode is explicitly enabled (default: off)
+  if (active.sandbox === true && active.projects && active.projects.length > 0) {
+    const cwd = process.cwd();
+    const otherProjects = active.projects.filter(p => {
+      const resolved = path.resolve(p);
+      return resolved !== path.resolve(cwd) && !cwd.startsWith(resolved + path.sep);
+    });
+    if (otherProjects.length > 0) {
+      writeWorkstreamSandboxSettings(cwd, otherProjects);
+    }
+  }
   return output;
 }
@@ -633,10 +651,59 @@ fi
   return true;
 }
+/**
+ * Write additionalDirectories to .claude/settings.local.json for sandbox scope
+ */
+function writeWorkstreamSandboxSettings(dir, additionalDirectories) {
+  const claudeDir = path.join(dir, '.claude');
+  const settingsLocalPath = path.join(claudeDir, 'settings.local.json');
+  let existing = {};
+  if (fs.existsSync(settingsLocalPath)) {
+    try { existing = JSON.parse(fs.readFileSync(settingsLocalPath, 'utf8')); } catch {}
+  }
+  const permissions = existing.permissions || {};
+  permissions.additionalDirectories = additionalDirectories;
+  if (!fs.existsSync(claudeDir)) {
+    fs.mkdirSync(claudeDir, { recursive: true });
+  }
+  fs.writeFileSync(settingsLocalPath, JSON.stringify({ ...existing, permissions }, null, 2) + '\n');
+}
+/**
+ * Remove additionalDirectories from .claude/settings.local.json
+ */
+function removeWorkstreamSandboxSettings(dir) {
+  const settingsLocalPath = path.join(dir, '.claude', 'settings.local.json');
+  if (!fs.existsSync(settingsLocalPath)) return;
+  let existing = {};
+  try { existing = JSON.parse(fs.readFileSync(settingsLocalPath, 'utf8')); } catch { return; }
+  if (existing.permissions && existing.permissions.additionalDirectories) {
+    delete existing.permissions.additionalDirectories;
+    // Clean up empty permissions object
+    if (Object.keys(existing.permissions).length === 0) {
+      delete existing.permissions;
+    }
+    // If nothing left, remove the file
+    if (Object.keys(existing).length === 0) {
+      fs.unlinkSync(settingsLocalPath);
+    } else {
+      fs.writeFileSync(settingsLocalPath, JSON.stringify(existing, null, 2) + '\n');
+    }
+  }
+}
 /**
  * Deactivate workstream (output shell command to unset env var)
  */
 function workstreamDeactivate() {
+  // Clean up sandbox settings from CWD
+  removeWorkstreamSandboxSettings(process.cwd());
   console.log('To deactivate the workstream for this session, run:');
   console.log('  unset CODER_WORKSTREAM');
   console.log('\nOr to clear the global active workstream:');
@@ -1308,6 +1375,35 @@ function workstreamRemoveTrigger(installDir, idOrName, folderPath) {
   return ws;
 }
+/**
+ * Set sandbox mode for a workstream
+ * When true (default): generates additionalDirectories in settings.local.json for OS-level enforcement
+ * When false: only injects advisory LLM rules (softer, LLM can override if important)
+ */
+function workstreamSetSandbox(installDir, idOrName, value) {
+  const data = loadWorkstreams(installDir);
+  const ws = data.workstreams.find(
+    w => w.id === idOrName || w.name.toLowerCase() === idOrName.toLowerCase()
+  );
+  if (!ws) {
+    console.error(`Workstream not found: ${idOrName}`);
+    return null;
+  }
+  if (value === 'on' || value === true || value === 'true') {
+    ws.sandbox = true;
+    console.log(`✓ Sandbox enabled for ${ws.name} (OS-level directory enforcement)`);
+  } else if (value === 'off' || value === false || value === 'false') {
+    ws.sandbox = false;
+    console.log(`✓ Sandbox disabled for ${ws.name} (advisory LLM rules only)`);
+  }
+  ws.updatedAt = new Date().toISOString();
+  saveWorkstreams(installDir, data);
+  return ws;
+}
 /**
  * Set auto-activate for a workstream
  * value: true, false, or null (use global default)
@@ -1641,4 +1737,7 @@ module.exports = {
   workstreamInstallCdHook,
   workstreamUninstallCdHook,
   workstreamCdHookStatus,
+  writeWorkstreamSandboxSettings,
+  removeWorkstreamSandboxSettings,
+  workstreamSetSandbox,
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "coder-config",
-  "version": "0.46.16",
+  "version": "0.47.1-beta",
   "description": "Configuration manager for AI coding tools - Claude Code, Gemini CLI, Codex CLI, Antigravity. Manage MCPs, rules, permissions, memory, and workstreams.",
   "author": "regression.io",
   "main": "config-loader.js",