opencode-landstrip 0.14.0 → 0.14.2

package/index.ts

@@ -58,7 +58,7 @@ interface SandboxPermissionDecision {
 
 type ToastVariant = 'info' | 'success' | 'warning' | 'error';
 
-const LANDSTRIP_VERSION = [0, 14, 0] as const;
+const LANDSTRIP_VERSION = [0, 14, 5] as const;
 const REQUIRED_LANDSTRIP_VERSION = LANDSTRIP_VERSION.join('.');
 const LANDSTRIP_OPERATIONS = new Set<'read' | 'write'>(['read', 'write']);
 const SUPPORTED_PLATFORMS = new Set<NodeJS.Platform>(['linux', 'darwin', 'win32']);
@@ -101,6 +101,38 @@ function canonicalizePath(filePath: string, baseDirectory: string): string {
   }
 }
 
+/**
+ * Translates an absolute glob pattern to a regular expression using standard
+ * path semantics: `**` crosses directory boundaries (and `**​/` may match zero
+ * segments), while a single `*` is confined to one path segment.
+ */
+function globToRegExp(globPattern: string): RegExp {
+  let regex = '';
+
+  for (let i = 0; i < globPattern.length; i++) {
+    const char = globPattern[i];
+    if (char === '*') {
+      if (globPattern[i + 1] === '*') {
+        i++;
+        if (globPattern[i + 1] === '/') {
+          i++;
+          regex += '(?:.*/)?';
+        } else {
+          regex += '.*';
+        }
+      } else {
+        regex += '[^/]*';
+      }
+    } else if (/[.+^${}()|[\]\\]/.test(char)) {
+      regex += `\\${char}`;
+    } else {
+      regex += char;
+    }
+  }
+
+  return new RegExp(`^${regex}$`);
+}
+
 function matchesPattern(filePath: string, patterns: string[], baseDirectory: string): boolean {
   const abs = canonicalizePath(filePath, baseDirectory);
 
@@ -110,8 +142,7 @@ function matchesPattern(filePath: string, patterns: string[], baseDirectory: str
       : canonicalizePath(pattern, baseDirectory);
 
     if (pattern.includes('*')) {
-      const escaped = absPattern.replace(/[.+^${}()|[\]\\]/g, '\\$&').replace(/\*/g, '.*');
-      return new RegExp(`^${escaped}$`).test(abs);
+      return globToRegExp(absPattern).test(abs);
     }
 
     const sep = absPattern.endsWith('/') ? '' : '/';
@@ -271,10 +302,6 @@ function evaluateReadPermission(
 ): SandboxPermissionDecision {
   const filePath = canonicalizePath(path, baseDirectory);
 
-  if (!shouldPromptForRead(filePath, effectiveAllowRead, baseDirectory)) {
-    return { status: 'allow', kind: 'read', resource: filePath, message: '' };
-  }
-
   if (isBlockedByDenyRead(filePath, config, baseDirectory)) {
     return {
       status: 'deny',
@@ -284,6 +311,10 @@ function evaluateReadPermission(
     };
   }
 
+  if (!shouldPromptForRead(filePath, effectiveAllowRead, baseDirectory)) {
+    return { status: 'allow', kind: 'read', resource: filePath, message: '' };
+  }
+
   return {
     status: 'ask',
     kind: 'read',
@@ -300,10 +331,6 @@ function evaluateWritePermission(
 ): SandboxPermissionDecision {
   const filePath = canonicalizePath(path, baseDirectory);
 
-  if (!shouldPromptForWrite(filePath, effectiveAllowWrite, baseDirectory)) {
-    return { status: 'allow', kind: 'write', resource: filePath, message: '' };
-  }
-
   if (matchesPattern(filePath, config.filesystem.denyWrite, baseDirectory)) {
     return {
       status: 'deny',
@@ -313,6 +340,10 @@ function evaluateWritePermission(
     };
   }
 
+  if (!shouldPromptForWrite(filePath, effectiveAllowWrite, baseDirectory)) {
+    return { status: 'allow', kind: 'write', resource: filePath, message: '' };
+  }
+
   return {
     status: 'ask',
     kind: 'write',
@@ -325,7 +356,7 @@ function evaluateDomainPermission(
   domain: string,
   config: SandboxConfig,
 ): SandboxPermissionDecision {
-  if (config.network.allowNetwork || domainMatchesAny(domain, config.network.allowedDomains)) {
+  if (config.network.allowNetwork) {
     return { status: 'allow', kind: 'domain', resource: domain, message: '' };
   }
 
@@ -338,6 +369,10 @@ function evaluateDomainPermission(
     };
   }
 
+  if (domainMatchesAny(domain, config.network.allowedDomains)) {
+    return { status: 'allow', kind: 'domain', resource: domain, message: '' };
+  }
+
   return {
     status: 'ask',
     kind: 'domain',
@@ -547,10 +582,15 @@ function startProxy(config: SandboxConfig): Promise<{ port: number; stop: () =>
       return;
     }
 
+    let connected = false;
     const upstream = connectNet(endpoint.port, endpoint.host, () => {
+      connected = true;
       client.write('HTTP/1.1 200 Connection Established\r\n\r\n');
       pipeSockets(client, upstream, rest);
     });
+    upstream.on('error', () => {
+      if (!connected) denyProxyRequest(client, '502 Bad Gateway');
+    });
   }
 
   async function handleHttp(client: Socket, headerText: string, rest: Buffer): Promise<void> {
@@ -589,10 +629,15 @@ function startProxy(config: SandboxConfig): Promise<{ port: number; stop: () =>
     const rewrittenHeader = lines
       .filter((line) => !line.toLowerCase().startsWith('proxy-connection:'))
       .join('\r\n');
+    let connected = false;
     const upstream = connectNet(port, url.hostname, () => {
+      connected = true;
       upstream.write(`${rewrittenHeader}\r\n\r\n`);
       pipeSockets(client, upstream, rest);
     });
+    upstream.on('error', () => {
+      if (!connected) denyProxyRequest(client, '502 Bad Gateway');
+    });
   }
 
   function handleClient(client: Socket): void {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.14.0",
+  "version": "0.14.2",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",

package/tui.ts

@@ -64,7 +64,7 @@ function sandboxSummary(baseDirectory: string, optionOverrides: SandboxConfigOve
     `allow write: ${list(config.filesystem.allowWrite)}`,
     `deny write: ${list(config.filesystem.denyWrite)}`,
     '',
-    'esc or any key to close',
+    'Press esc or enter to close',
   ].join('\n');
 }
 
@@ -118,7 +118,10 @@ const tui: TuiPlugin = async (api, options, meta) => {
       activeId = undefined;
       api.ui.dialog.clear();
     }
-    pump();
+    // Defer: `clear()` above tears the dialog down by calling its `onClose`,
+    // and the host pops the stack asynchronously. Opening the next dialog
+    // synchronously here would race that teardown and get wiped.
+    queueMicrotask(pump);
   }
 
   async function replyPermission(
@@ -212,9 +215,11 @@ const tui: TuiPlugin = async (api, options, meta) => {
       () => {
         // Dialog dismissed (esc) without a choice: drop our hold so the next
         // pending permission can surface, but leave it unresolved upstream.
+        // The host pops the dialog itself; calling `clear()` here would re-enter
+        // this `onClose` (clear() invokes every entry's onClose) and loop until
+        // the stack overflows. Defer `pump()` so the pop settles first.
         if (activeId === permission.id) activeId = undefined;
-        api.ui.dialog.clear();
-        pump();
+        queueMicrotask(pump);
       },
     );
   }
@@ -233,14 +238,14 @@ const tui: TuiPlugin = async (api, options, meta) => {
     const directory = api.state.path.directory || process.cwd();
     const message = sandboxSummary(directory, optionOverrides);
 
-    api.ui.dialog.replace(
-      () =>
-        api.ui.DialogAlert({
-          title: 'Sandbox Configuration',
-          message,
-          onConfirm: () => api.ui.dialog.clear(),
-        }),
-      () => api.ui.dialog.clear(),
+    // No `onConfirm`/`onClose` that call `clear()`: the host already pops the
+    // dialog on enter/esc/click, and its `clear()` re-invokes every entry's
+    // `onClose`, so a `clear()` in there recurses forever and freezes the TUI.
+    api.ui.dialog.replace(() =>
+      api.ui.DialogAlert({
+        title: 'Sandbox Configuration',
+        message,
+      }),
     );
   };