opencode-landstrip 0.1.0 → 0.2.0

package/README.md

@@ -3,17 +3,6 @@
 Landlock-based sandboxing for [opencode](https://opencode.ai/) using
 [`landstrip`](https://github.com/jarkkojs/landstrip).
 
-## Prerequisites
-
-Install `landstrip` and make sure it is on the `PATH` used to launch opencode:
-
-```bash
-cargo install landstrip
-```
-
-`landstrip` supports Linux, macOS, and Windows. On other platforms this plugin
-loads but leaves sandboxing disabled.
-
 ## Install
 
 Add the plugin to `opencode.json`:
@@ -25,6 +14,11 @@ Add the plugin to `opencode.json`:
 }
 ```
 
+This installs `opencode-landstrip` and its `@jarkkojs/landstrip` dependency, which
+includes platform-specific native binaries for Linux, macOS, and Windows.
+
+On unsupported platforms the plugin loads but leaves sandboxing disabled.
+
 ## Configure
 
 Create `.opencode/sandbox.json` in a project or

package/index.ts

@@ -3,6 +3,8 @@
 
 import type { Hooks, Plugin, PluginInput, PluginOptions } from '@opencode-ai/plugin';
 
+import { binaryPath } from '@jarkkojs/landstrip';
+
 import { spawnSync } from 'node:child_process';
 import {
   existsSync,
@@ -32,16 +34,10 @@ interface SandboxNetworkConfig {
   deniedDomains: string[];
 }
 
-interface LandstripConfig {
-  command: string;
-  debug: boolean;
-}
-
 interface SandboxConfig {
   enabled: boolean;
   network: SandboxNetworkConfig;
   filesystem: SandboxFilesystemConfig;
-  landstrip: LandstripConfig;
 }
 
 interface LandstripPolicy {
@@ -54,14 +50,24 @@ interface LandstripPolicy {
   filesystem: SandboxFilesystemConfig;
 }
 
+interface LandstripErrorResponse {
+  category: 'policy' | 'tool' | 'platform' | 'system';
+  file?: string;
+  program?: string;
+  target?: 'filesystem' | 'network' | 'platform';
+  kind?: 'launch' | 'encoding';
+  message: string;
+}
+
 interface SandboxConfigOverrides {
   enabled?: boolean;
   network?: Partial<SandboxNetworkConfig>;
   filesystem?: Partial<SandboxFilesystemConfig>;
-  landstrip?: Partial<LandstripConfig>;
 }
 
 interface BashSandboxState {
+  originalCommand: string;
+  wrappedCommand: string;
   policyDir: string;
   port: number;
   stop: () => Promise<void>;
@@ -69,7 +75,7 @@ interface BashSandboxState {
 
 type ToastVariant = 'info' | 'success' | 'warning' | 'error';
 
-const LANDSTRIP_VERSION = [0, 8, 3] as const;
+const LANDSTRIP_VERSION = [0, 9, 2] as const;
 const SUPPORTED_PLATFORMS = new Set<NodeJS.Platform>(['linux', 'darwin', 'win32']);
 
 const DEFAULT_CONFIG: SandboxConfig = {
@@ -97,14 +103,10 @@ const DEFAULT_CONFIG: SandboxConfig = {
   },
   filesystem: {
     denyRead: ['/Users', '/home'],
-    allowRead: ['.', '~/.config/opencode', '~/.local', '~/.cargo'],
+    allowRead: ['.', '~/.config/opencode', '~/.config/git', '~/.gitconfig', '~/.local', '~/.cargo'],
     allowWrite: ['.', '/tmp'],
     denyWrite: ['.env', '.env.*', '*.pem', '*.key'],
   },
-  landstrip: {
-    command: 'landstrip',
-    debug: false,
-  },
 };
 
 function isRecord(value: unknown): value is Record<string, unknown> {
@@ -156,15 +158,6 @@ function normalizeFilesystemConfig(value: unknown): Partial<SandboxFilesystemCon
   return config;
 }
 
-function normalizeLandstripConfig(value: unknown): Partial<LandstripConfig> | undefined {
-  if (!isRecord(value)) return undefined;
-
-  const config: Partial<LandstripConfig> = {};
-  if (typeof value.command === 'string') config.command = value.command;
-  if (typeof value.debug === 'boolean') config.debug = value.debug;
-  return config;
-}
-
 function normalizeConfig(value: unknown): SandboxConfigOverrides {
   if (!isRecord(value)) return {};
 
@@ -177,9 +170,6 @@ function normalizeConfig(value: unknown): SandboxConfigOverrides {
   const filesystem = normalizeFilesystemConfig(value.filesystem);
   if (filesystem) config.filesystem = filesystem;
 
-  const landstrip = normalizeLandstripConfig(value.landstrip);
-  if (landstrip) config.landstrip = landstrip;
-
   return config;
 }
 
@@ -199,10 +189,6 @@ function deepMerge(base: SandboxConfig, overrides: SandboxConfigOverrides): Sand
       ...base.filesystem,
       ...overrides.filesystem,
     },
-    landstrip: {
-      ...base.landstrip,
-      ...overrides.landstrip,
-    },
   };
 }
 
@@ -362,8 +348,8 @@ function firstBlockedDomain(
   return null;
 }
 
-function landstripVersion(command: string): string | null {
-  const result = spawnSync(command, ['--version'], { encoding: 'utf-8' });
+function landstripVersion(): string | null {
+  const result = spawnSync(binaryPath(), ['--version'], { encoding: 'utf-8' });
   if (result.status !== 0) return null;
   return result.stdout.trim();
 }
@@ -386,6 +372,52 @@ function hasMinimumVersion(version: string, minimum: readonly [number, number, n
   return true;
 }
 
+function parseLandstripErrors(output: string): LandstripErrorResponse[] {
+  const errors: LandstripErrorResponse[] = [];
+
+  for (const line of output.split('\n')) {
+    try {
+      const parsed = JSON.parse(line);
+
+      if (
+        typeof parsed === 'object' &&
+        parsed !== null &&
+        typeof parsed.category === 'string' &&
+        ['policy', 'tool', 'platform', 'system'].includes(parsed.category) &&
+        typeof parsed.message === 'string' &&
+        parsed.message.length > 0
+      ) {
+        errors.push(parsed as LandstripErrorResponse);
+      }
+    } catch {
+      // ignore non-JSON lines
+    }
+  }
+
+  return errors;
+}
+
+function formatLandstripErrors(errors: LandstripErrorResponse[]): string {
+  return errors
+    .map((err) => {
+      const parts: string[] = [`landstrip: ${err.category}`];
+
+      if (err.target) {
+        parts.push(`(${err.target})`);
+      }
+      if (err.program) {
+        parts.push(` ${err.program}`);
+      }
+      if (err.kind) {
+        parts.push(`:${err.kind}`);
+      }
+      parts.push(`: ${err.message}`);
+
+      return parts.join('');
+    })
+    .join('\n');
+}
+
 function splitHostPort(target: string, defaultPort: number): { host: string; port: number } | null {
   const bracketMatch = target.match(/^\[([^\]]+)\](?::(\d+))?$/);
   if (bracketMatch) {
@@ -604,21 +636,22 @@ function shellArgs(shell: string, command: string): string[] {
   return [shell, '-lc', command];
 }
 
-function buildWrappedCommand(
-  config: SandboxConfig,
-  policyPath: string,
-  shell: string,
-  command: string,
-): string {
-  const args = [
-    config.landstrip.command,
-    ...(config.landstrip.debug ? ['--debug'] : []),
-    '-p',
-    policyPath,
-    ...shellArgs(shell, command),
-  ];
+function buildWrappedCommand(policyPath: string, shell: string, command: string): string {
+  const args = ['-p', policyPath, ...shellArgs(shell, command)];
 
-  return args.map(shellQuote).join(' ');
+  return [binaryPath(), ...args].map(shellQuote).join(' ');
+}
+
+function isGeneratedWrappedCommand(command: string): boolean {
+  return (
+    command.startsWith(`${shellQuote(binaryPath())} `) &&
+    command.includes(` ${shellQuote('-p')} `) &&
+    command.includes('opencode-landstrip-')
+  );
+}
+
+function landstripDescription(description: string): string {
+  return description.endsWith(' (landstrip)') ? description : `${description} (landstrip)`;
 }
 
 function getToolPath(args: Record<string, unknown>): string | undefined {
@@ -696,10 +729,7 @@ export default (async ({ client, directory }: PluginInput, options?: PluginOptio
   const notified = new Set<string>();
   let enabledNotified = false;
   let configuredShell: string | undefined;
-  let landstripCheck:
-    | { command: string; ok: true; version: string }
-    | { command: string; ok: false; reason: string }
-    | undefined;
+  let landstripCheck: { ok: true; version: string } | { ok: false; reason: string } | undefined;
 
   async function notifyOnce(key: string, message: string, variant: ToastVariant): Promise<void> {
     if (notified.has(key)) return;
@@ -724,38 +754,35 @@ export default (async ({ client, directory }: PluginInput, options?: PluginOptio
       .catch(() => undefined);
   }
 
-  function checkLandstrip(config: SandboxConfig): typeof landstripCheck {
-    if (landstripCheck?.command === config.landstrip.command) return landstripCheck;
+  function checkLandstrip(): typeof landstripCheck {
+    if (landstripCheck) return landstripCheck;
 
     if (!SUPPORTED_PLATFORMS.has(process.platform)) {
       landstripCheck = {
-        command: config.landstrip.command,
         ok: false,
         reason: `landstrip sandboxing is not supported on ${process.platform}`,
       };
       return landstripCheck;
     }
 
-    const version = landstripVersion(config.landstrip.command);
+    const version = landstripVersion();
     if (!version) {
       landstripCheck = {
-        command: config.landstrip.command,
         ok: false,
-        reason: `landstrip was not found. Install it with: cargo install landstrip`,
+        reason: `landstrip was not found. Reinstall with: npm install @jarkkojs/landstrip`,
       };
       return landstripCheck;
     }
 
     if (!hasMinimumVersion(version, LANDSTRIP_VERSION)) {
       landstripCheck = {
-        command: config.landstrip.command,
         ok: false,
-        reason: `landstrip 0.8.3 or newer is required; found: ${version}`,
+        reason: `landstrip 0.9.2 or newer is required; found: ${version}`,
       };
       return landstripCheck;
     }
 
-    landstripCheck = { command: config.landstrip.command, ok: true, version };
+    landstripCheck = { ok: true, version };
     return landstripCheck;
   }
 
@@ -763,7 +790,7 @@ export default (async ({ client, directory }: PluginInput, options?: PluginOptio
     const config = loadConfig(directory, optionOverrides);
     if (!config.enabled) return null;
 
-    const check = checkLandstrip(config);
+    const check = checkLandstrip();
     if (!check?.ok) {
       await notifyOnce(
         `disabled:${check?.reason ?? 'unknown'}`,
@@ -810,7 +837,24 @@ export default (async ({ client, directory }: PluginInput, options?: PluginOptio
     config: SandboxConfig,
   ): Promise<void> {
     if (typeof args.command !== 'string') return;
-    await cleanupBash(callID);
+
+    const existing = activeBash.get(callID);
+    if (existing) {
+      if (args.command === existing.originalCommand || args.command === existing.wrappedCommand) {
+        args.command = existing.wrappedCommand;
+        if (typeof args.description === 'string')
+          args.description = landstripDescription(args.description);
+        return;
+      }
+
+      await cleanupBash(callID);
+    }
+
+    if (isGeneratedWrappedCommand(args.command)) {
+      if (typeof args.description === 'string')
+        args.description = landstripDescription(args.description);
+      return;
+    }
 
     const blockedDomain = firstBlockedDomain(args.command, config);
     if (blockedDomain) {
@@ -834,19 +878,24 @@ export default (async ({ client, directory }: PluginInput, options?: PluginOptio
       throw error;
     }
 
+    const originalCommand = args.command;
+    const wrappedCommand = buildWrappedCommand(
+      policy.path,
+      configuredShell ?? process.env.SHELL ?? '/bin/sh',
+      originalCommand,
+    );
+
     activeBash.set(callID, {
+      originalCommand,
+      wrappedCommand,
       policyDir: policy.dir,
       port: proxy.port,
       stop: proxy.stop,
     });
 
-    args.command = buildWrappedCommand(
-      config,
-      policy.path,
-      configuredShell ?? process.env.SHELL ?? '/bin/sh',
-      args.command,
-    );
-    if (typeof args.description === 'string') args.description = `${args.description} (landstrip)`;
+    args.command = wrappedCommand;
+    if (typeof args.description === 'string')
+      args.description = landstripDescription(args.description);
   }
 
   const hooks: Hooks = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",
@@ -31,13 +31,18 @@
     }
   },
   "scripts": {
-    "fmt": "oxfmt index.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md",
+    "fmt": "oxfmt index.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md test/*.test.mjs",
     "lint": "oxlint index.ts",
     "check": "tsc --noEmit",
-    "all": "npm run fmt && npm run lint && npm run check",
-    "ci:fmt": "oxfmt --check index.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md",
+    "test": "node --test test/*.test.mjs",
+    "all": "npm run fmt && npm run lint && npm run check && npm test",
+    "ci:fmt": "oxfmt --check index.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md test/*.test.mjs",
     "ci:lint": "npm run lint",
-    "ci:check": "npm run check"
+    "ci:check": "npm run check",
+    "ci:test": "npm test"
+  },
+  "dependencies": {
+    "@jarkkojs/landstrip": "^0.9.2"
   },
   "devDependencies": {
     "@opencode-ai/plugin": "^1.16.2",

package/sandbox.json

@@ -7,9 +7,15 @@
     "allowedDomains": [
       "github.com",
       "*.github.com",
+      "api.github.com",
       "raw.githubusercontent.com",
+      "objects.githubusercontent.com",
+      "codeload.github.com",
       "registry.npmjs.org",
+      "npmjs.org",
       "*.npmjs.org",
+      "nodejs.org",
+      "*.nodejs.org",
       "crates.io",
       "*.crates.io",
       "static.crates.io"
@@ -18,8 +24,34 @@
   },
   "filesystem": {
     "denyRead": ["/home"],
-    "allowRead": [".", "~/.config/opencode", "~/.local", "~/.cargo"],
-    "allowWrite": [".", "/tmp", "~/.cargo", "~/.rustup"],
+    "allowRead": [
+      ".",
+      "/tmp",
+      "/var/tmp",
+      "/dev/null",
+      "~/.config/opencode",
+      "~/.config/git",
+      "~/.gitconfig",
+      "~/.local",
+      "~/.cargo",
+      "~/.rustup",
+      "~/.npm",
+      "~/.cache",
+      "~/.bun",
+      "~/.node-gyp"
+    ],
+    "allowWrite": [
+      ".",
+      "/tmp",
+      "/var/tmp",
+      "/dev/null",
+      "~/.cargo",
+      "~/.rustup",
+      "~/.npm",
+      "~/.cache",
+      "~/.bun",
+      "~/.node-gyp"
+    ],
     "denyWrite": [".env", ".env.*", "*.pem", "*.key"]
   }
 }