opencode-landstrip 0.1.0 → 0.1.1

package/index.ts

@@ -62,6 +62,8 @@ interface SandboxConfigOverrides {
 }
 
 interface BashSandboxState {
+  originalCommand: string;
+  wrappedCommand: string;
   policyDir: string;
   port: number;
   stop: () => Promise<void>;
@@ -97,7 +99,7 @@ const DEFAULT_CONFIG: SandboxConfig = {
   },
   filesystem: {
     denyRead: ['/Users', '/home'],
-    allowRead: ['.', '~/.config/opencode', '~/.local', '~/.cargo'],
+    allowRead: ['.', '~/.config/opencode', '~/.config/git', '~/.gitconfig', '~/.local', '~/.cargo'],
     allowWrite: ['.', '/tmp'],
     denyWrite: ['.env', '.env.*', '*.pem', '*.key'],
   },
@@ -621,6 +623,18 @@ function buildWrappedCommand(
   return args.map(shellQuote).join(' ');
 }
 
+function isGeneratedWrappedCommand(config: SandboxConfig, command: string): boolean {
+  return (
+    command.startsWith(`${shellQuote(config.landstrip.command)} `) &&
+    command.includes(` ${shellQuote('-p')} `) &&
+    command.includes('opencode-landstrip-')
+  );
+}
+
+function landstripDescription(description: string): string {
+  return description.endsWith(' (landstrip)') ? description : `${description} (landstrip)`;
+}
+
 function getToolPath(args: Record<string, unknown>): string | undefined {
   const filePath = args.filePath ?? args.path;
   return typeof filePath === 'string' ? filePath : undefined;
@@ -810,7 +824,24 @@ export default (async ({ client, directory }: PluginInput, options?: PluginOptio
     config: SandboxConfig,
   ): Promise<void> {
     if (typeof args.command !== 'string') return;
-    await cleanupBash(callID);
+
+    const existing = activeBash.get(callID);
+    if (existing) {
+      if (args.command === existing.originalCommand || args.command === existing.wrappedCommand) {
+        args.command = existing.wrappedCommand;
+        if (typeof args.description === 'string')
+          args.description = landstripDescription(args.description);
+        return;
+      }
+
+      await cleanupBash(callID);
+    }
+
+    if (isGeneratedWrappedCommand(config, args.command)) {
+      if (typeof args.description === 'string')
+        args.description = landstripDescription(args.description);
+      return;
+    }
 
     const blockedDomain = firstBlockedDomain(args.command, config);
     if (blockedDomain) {
@@ -834,19 +865,25 @@ export default (async ({ client, directory }: PluginInput, options?: PluginOptio
       throw error;
     }
 
+    const originalCommand = args.command;
+    const wrappedCommand = buildWrappedCommand(
+      config,
+      policy.path,
+      configuredShell ?? process.env.SHELL ?? '/bin/sh',
+      originalCommand,
+    );
+
     activeBash.set(callID, {
+      originalCommand,
+      wrappedCommand,
       policyDir: policy.dir,
       port: proxy.port,
       stop: proxy.stop,
     });
 
-    args.command = buildWrappedCommand(
-      config,
-      policy.path,
-      configuredShell ?? process.env.SHELL ?? '/bin/sh',
-      args.command,
-    );
-    if (typeof args.description === 'string') args.description = `${args.description} (landstrip)`;
+    args.command = wrappedCommand;
+    if (typeof args.description === 'string')
+      args.description = landstripDescription(args.description);
   }
 
   const hooks: Hooks = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",
@@ -31,13 +31,15 @@
     }
   },
   "scripts": {
-    "fmt": "oxfmt index.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md",
+    "fmt": "oxfmt index.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md test/*.test.mjs",
     "lint": "oxlint index.ts",
     "check": "tsc --noEmit",
-    "all": "npm run fmt && npm run lint && npm run check",
-    "ci:fmt": "oxfmt --check index.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md",
+    "test": "node --test test/*.test.mjs",
+    "all": "npm run fmt && npm run lint && npm run check && npm test",
+    "ci:fmt": "oxfmt --check index.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md test/*.test.mjs",
     "ci:lint": "npm run lint",
-    "ci:check": "npm run check"
+    "ci:check": "npm run check",
+    "ci:test": "npm test"
   },
   "devDependencies": {
     "@opencode-ai/plugin": "^1.16.2",

package/sandbox.json

@@ -7,9 +7,15 @@
     "allowedDomains": [
       "github.com",
       "*.github.com",
+      "api.github.com",
       "raw.githubusercontent.com",
+      "objects.githubusercontent.com",
+      "codeload.github.com",
       "registry.npmjs.org",
+      "npmjs.org",
       "*.npmjs.org",
+      "nodejs.org",
+      "*.nodejs.org",
       "crates.io",
       "*.crates.io",
       "static.crates.io"
@@ -18,8 +24,34 @@
   },
   "filesystem": {
     "denyRead": ["/home"],
-    "allowRead": [".", "~/.config/opencode", "~/.local", "~/.cargo"],
-    "allowWrite": [".", "/tmp", "~/.cargo", "~/.rustup"],
+    "allowRead": [
+      ".",
+      "/tmp",
+      "/var/tmp",
+      "/dev/null",
+      "~/.config/opencode",
+      "~/.config/git",
+      "~/.gitconfig",
+      "~/.local",
+      "~/.cargo",
+      "~/.rustup",
+      "~/.npm",
+      "~/.cache",
+      "~/.bun",
+      "~/.node-gyp"
+    ],
+    "allowWrite": [
+      ".",
+      "/tmp",
+      "/var/tmp",
+      "/dev/null",
+      "~/.cargo",
+      "~/.rustup",
+      "~/.npm",
+      "~/.cache",
+      "~/.bun",
+      "~/.node-gyp"
+    ],
     "denyWrite": [".env", ".env.*", "*.pem", "*.key"]
   }
 }