npm - opencode-landstrip - Versions diffs - 0.16.12 → 0.16.14 - Mend

opencode-landstrip 0.16.12 → 0.16.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,9 +1,31 @@
 # opencode-landstrip
-Landlock-based sandboxing for [opencode](https://opencode.ai/) using
-[`landstrip`](https://github.com/landstrip/landstrip).
+`opencode-landstrip` is a plugin for [OpenCode](https://opencode.ai/) providing
+a sandbox defined with a policy compatible with Anthropic's JSON format. It uses
+[`landstrip`](https://github.com/landstrip/landstrip) to implement the sandbox.
-## Install
+`opencode-landstrip` has a default policy [sandbox.json](./sandbox.json), and
+allows the define either or both global or project specific policies.
+## Installing the plugin
+### Automatic install
+Project specific install:
+```
+opencode plugin install opencode-landstrip
+```
+Global install:
+```
+opencode plugin install opencode-landstrip --global
+```
+### Manual install
+These changes are applied to OpenCode's configuration directories
 Add the plugin to `opencode.json`:
@@ -14,8 +36,7 @@ Add the plugin to `opencode.json`:
 }
 ```
-Add the TUI entrypoint to `tui.json` if you install or configure the plugin
-manually:
+Add TUI entry point to `tui.json`:
 ```json
 {
@@ -24,59 +45,31 @@ manually:
 }
 ```
-`opencode plugin install opencode-landstrip` configures both entrypoints.
-This installs `opencode-landstrip` and its `@landstrip/landstrip` dependency, which
-includes platform-specific native binaries for Linux, macOS, and Windows.
-Requires OpenCode `1.17.7` or newer.
-On unsupported platforms the plugin loads but leaves sandboxing disabled.
-## Configure
-Create `.opencode/sandbox.json` in a project or
-`~/.config/opencode/sandbox.json` globally. Project config takes precedence and
-array fields are merged with global/default values.
+The plugin can be later on disabled as follows:
-See [`sandbox.json`](./sandbox.json) for a starter config.
+```json
+{
+  "$schema": "https://opencode.ai/config.json",
+  "plugin": [["opencode-landstrip", { "enabled": false }]]
+}
+```
 ## Behavior
-The plugin wraps opencode's AI `bash` tool in `landstrip`, routes proxy-aware
-network traffic through an allowlist proxy, and blocks read/write tool access
-outside configured filesystem allowlists. The default policy is strict: network
-access is off unless domains are allowed, reads are limited to the project,
-`~/.gitconfig`, and `/dev/null`, and writes are limited to the project and
-`/dev/null`.
-Run `/sandbox` in the TUI to inspect the active sandbox configuration. A compact
-status badge in the prompt area shows whether the sandbox is active and whether
-network is proxied or open.
-When OpenCode asks for a sandboxed permission, the TUI plugin plays the host's
-permission sound and desktop notification, then opens a single dialog with
-choices to allow once, allow for the session, persist for the project, persist
-globally, or reject. The dialog shows the exact path or domain being approved.
+When OpenCode asks for a sandboxed permission, the plugin emits a host
+notification. After that the plugin opens a dialog with the choices to allow
+once, allow for the session, persist for the project, persist globally, or
+reject. The dialog shows the exact path or domain being approved.
 Project approvals are written to `.opencode/sandbox.json`; global approvals are
-written to `~/.config/opencode/sandbox.json`.
+written to `~/.config/opencode/sandbox.json`. When the global configuration is
+initially written it acquires the copy of the default sandbox configuration.
 OpenCode's current plugin API allows wrapping AI `bash` tool calls, but does not
 allow a plugin to replace manually typed shell-mode commands with a landstrip
 wrapper. Those commands can still receive the proxy environment from OpenCode,
 but they are not process-sandboxed by this plugin.
-## Disable
-Set `enabled` to `false` in `sandbox.json`, or pass plugin options:
-```json
-{
-  "$schema": "https://opencode.ai/config.json",
-  "plugin": [["opencode-landstrip", { "enabled": false }]]
-}
-```
 ## License
 `opencode-landstrip` is licensed under `MIT`. See [LICENSE](LICENSE) for more

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.16.12",
+  "version": "0.16.14",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",

package/sandbox.json CHANGED Viewed

@@ -12,6 +12,13 @@
     "denyRead": ["/Users", "/home"],
     "allowRead": [".", "~/.gitconfig", "~/.config/git/config", "/dev/null"],
     "allowWrite": [".", "/dev/null"],
-    "denyWrite": ["**/.env", "**/.env.*", "**/*.pem", "**/*.key"]
+    "denyWrite": [
+      "**/.env",
+      "**/.env.*",
+      "**/*.pem",
+      "**/*.key",
+      ".opencode/sandbox.json",
+      "~/.config/opencode/sandbox.json"
+    ]
   }
 }

package/shared.ts CHANGED Viewed

@@ -6,6 +6,7 @@ import { binaryPath } from '@landstrip/landstrip';
 import { createHash } from 'node:crypto';
 import { existsSync, mkdirSync, readFileSync, realpathSync, rmSync, writeFileSync } from 'node:fs';
 import { homedir, tmpdir } from 'node:os';
+import { fileURLToPath } from 'node:url';
 import { dirname, join } from 'node:path';
 export interface SandboxFilesystemConfig {
@@ -36,23 +37,7 @@ export interface SandboxConfigOverrides {
   filesystem?: Partial<SandboxFilesystemConfig>;
 }
-export const DEFAULT_CONFIG: SandboxConfig = {
-  enabled: true,
-  network: {
-    allowNetwork: false,
-    allowLocalBinding: false,
-    allowAllUnixSockets: false,
-    allowUnixSockets: [],
-    allowedDomains: [],
-    deniedDomains: [],
-  },
-  filesystem: {
-    denyRead: ['/Users', '/home'],
-    allowRead: ['.', '~/.gitconfig', '~/.config/git/config', '/dev/null'],
-    allowWrite: ['.', '/dev/null'],
-    denyWrite: ['**/.env', '**/.env.*', '**/*.pem', '**/*.key'],
-  },
-};
+const packageDir = dirname(fileURLToPath(import.meta.url));
 const LANDSTRIP_PACKAGE_NAMES = new Set([
   '@landstrip/landstrip',
@@ -188,13 +173,18 @@ export function loadConfig(
   optionOverrides: SandboxConfigOverrides,
 ): SandboxConfig {
   const { globalPath, projectPath } = getConfigPaths(baseDirectory);
-  return deepMerge(
-    deepMerge(
-      deepMerge(DEFAULT_CONFIG, readConfigFile(globalPath) ?? {}),
-      readConfigFile(projectPath) ?? {},
-    ),
-    optionOverrides,
-  );
+  const templatePath = join(packageDir, 'sandbox.json');
+  if (!existsSync(globalPath)) {
+    mkdirSync(dirname(globalPath), { recursive: true });
+    writeFileSync(globalPath, readFileSync(templatePath, 'utf-8'), 'utf-8');
+  }
+  const templateConfig: SandboxConfig = JSON.parse(readFileSync(templatePath, 'utf-8'));
+  const globalOverrides = readConfigFile(globalPath) ?? {};
+  const baseConfig = deepMerge(templateConfig, globalOverrides);
+  return deepMerge(deepMerge(baseConfig, readConfigFile(projectPath) ?? {}), optionOverrides);
 }
 export function writeConfigFile(configPath: string, update: SandboxConfigOverrides): void {
@@ -203,7 +193,10 @@ export function writeConfigFile(configPath: string, update: SandboxConfigOverrid
     throw new Error(`Config file ${configPath} is corrupted; refusing to overwrite`);
   }
-  const next = deepMerge(deepMerge(DEFAULT_CONFIG, current), update);
+  const templateConfig: SandboxConfig = JSON.parse(
+    readFileSync(join(packageDir, 'sandbox.json'), 'utf-8'),
+  );
+  const next = deepMerge(deepMerge(templateConfig, current), update);
   mkdirSync(dirname(configPath), { recursive: true });
   writeFileSync(configPath, JSON.stringify(next, null, 2) + '\n');