npm - opencode-landstrip - Versions diffs - 0.16.4 → 0.16.6 - Mend

opencode-landstrip 0.16.4 → 0.16.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.ts CHANGED Viewed

@@ -11,7 +11,6 @@ import { basename, dirname, isAbsolute, join, resolve } from 'node:path';
 import { URL } from 'node:url';
 import {
-  list,
   type LandstripTrap,
   type SandboxConfig,
   type SandboxFilesystemConfig,
@@ -26,6 +25,7 @@ import {
   permissionPatterns,
   permissionType,
   readDiscoveryPort,
+  sandboxSummary,
 } from './shared.js';
 interface LandstripPolicy {
@@ -96,12 +96,17 @@ function canonicalizePath(filePath: string, baseDirectory: string): string {
   }
 }
+const globRegExpCache = new Map<string, RegExp>();
 /**
  * Translates an absolute glob pattern to a regular expression using standard
  * path semantics: `**` crosses directory boundaries (and `**/` may match zero
  * segments), while a single `*` is confined to one path segment.
  */
 function globToRegExp(globPattern: string): RegExp {
+  const cached = globRegExpCache.get(globPattern);
+  if (cached) return cached;
   let regex = '';
   for (let i = 0; i < globPattern.length; i++) {
@@ -125,7 +130,9 @@ function globToRegExp(globPattern: string): RegExp {
     }
   }
-  return new RegExp(`^${regex}$`);
+  const result = new RegExp(`^${regex}$`);
+  globRegExpCache.set(globPattern, result);
+  return result;
 }
 // Component count of an absolute path; "/" is 0. Used to rank how specific a
@@ -708,10 +715,8 @@ function splitShellQuotedArgs(command: string): string[] {
 function extractOriginalCommand(wrappedCommand: string): string | null {
   const args = splitShellQuotedArgs(wrappedCommand);
   const pIdx = args.indexOf('-p');
-  if (pIdx === -1 || pIdx + 3 >= args.length) return null;
-  const flagIdx = pIdx + 3;
-  const flag = args[flagIdx];
-  if (flag !== '-lc' && flag !== '-c') return null;
+  const flagIdx = args.findIndex((arg, i) => i > pIdx && (arg === '-lc' || arg === '-c'));
+  if (flagIdx === -1) return null;
   // The query-response form appends `|| <plain invocation>`; stop at that
   // separator so the fallback branch is not folded into the recovered command.
   const end = args.indexOf('||', flagIdx + 1);
@@ -807,37 +812,11 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
     });
   }
-  function sandboxSummary(config: SandboxConfig): string {
+  function buildSandboxSummary(config: SandboxConfig): string {
     const { globalPath, projectPath } = getConfigPaths(directory);
-    const networkMode = config.network.allowNetwork ? 'unrestricted' : 'proxied';
-    const allowed = list(config.network.allowedDomains);
-    const denied = list(config.network.deniedDomains);
-    const denyRead = list(config.filesystem.denyRead);
-    const allowRead = list(config.filesystem.allowRead);
-    const allowWrite = list(config.filesystem.allowWrite);
-    const denyWrite = list(config.filesystem.denyWrite);
-    return [
-      '# Sandbox Configuration',
-      '',
-      `Status: ${sandboxDisabled ? 'disabled for this session' : 'active'}`,
-      `landstrip package binary: ${landstripBinaryPath()}`,
-      '',
-      'Config files:',
-      `- project: ${projectPath}`,
-      `- global: ${globalPath}`,
-      '',
-      `Network (${networkMode}):`,
-      `- allow network: ${config.network.allowNetwork ? 'yes' : 'no'}`,
-      `- allowed: ${allowed}`,
-      `- denied: ${denied}`,
-      '',
-      'Filesystem:',
-      `- deny read: ${denyRead}`,
-      `- allow read: ${allowRead}`,
-      `- allow write: ${allowWrite}`,
-      `- deny write: ${denyWrite}`,
-    ].join('\n');
+    const statusText = sandboxDisabled ? 'disabled for this session' : undefined;
+    const report = sandboxSummary(config, globalPath, projectPath, statusText);
+    return ['# Sandbox Configuration', '', report].join('\n');
   }
   client.app
@@ -1275,7 +1254,7 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
     'command.execute.before': async (input, output) => {
       if (input.command.trim() === '/sandbox') {
         const config = loadConfig(directory, optionOverrides);
-        pushCommandText(input, output, sandboxSummary(config));
+        pushCommandText(input, output, buildSandboxSummary(config));
         await client.tui
           ?.showToast?.({
             body: { title: 'Sandbox', message: `Config loaded for ${directory}`, variant: 'info' },

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.16.4",
+  "version": "0.16.6",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",

package/shared.ts CHANGED Viewed

@@ -209,31 +209,43 @@ export function writeConfigFile(configPath: string, update: SandboxConfigOverrid
   writeFileSync(configPath, JSON.stringify(next, null, 2) + '\n');
 }
+let _landstripBinaryPath: string | undefined;
+let _landstripBinaryPathError: unknown;
 export function landstripBinaryPath(): string {
-  const filePath = realpathSync.native(binaryPath());
-  let probe = dirname(filePath);
+  if (_landstripBinaryPath !== undefined) return _landstripBinaryPath;
+  if (_landstripBinaryPathError !== undefined) throw _landstripBinaryPathError;
-  while (true) {
-    const manifestPath = join(probe, 'package.json');
-    if (existsSync(manifestPath)) {
-      try {
-        const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8')) as unknown;
-        if (isRecord(manifest) && LANDSTRIP_PACKAGE_NAMES.has(String(manifest.name))) {
-          return filePath;
+  try {
+    const filePath = realpathSync.native(binaryPath());
+    let probe = dirname(filePath);
+    while (true) {
+      const manifestPath = join(probe, 'package.json');
+      if (existsSync(manifestPath)) {
+        try {
+          const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8')) as unknown;
+          if (isRecord(manifest) && LANDSTRIP_PACKAGE_NAMES.has(String(manifest.name))) {
+            _landstripBinaryPath = filePath;
+            return filePath;
+          }
+        } catch {
+          // malformed package.json — continue walking to parent
         }
-      } catch {
-        // malformed package.json — continue walking to parent
       }
+      const parent = dirname(probe);
+      if (parent === probe) break;
+      probe = parent;
     }
-    const parent = dirname(probe);
-    if (parent === probe) break;
-    probe = parent;
+    throw new Error(
+      `Refusing to use landstrip binary outside official @landstrip/landstrip packages: ${filePath}`,
+    );
+  } catch (error) {
+    _landstripBinaryPathError = error;
+    throw error;
   }
-  throw new Error(
-    `Refusing to use landstrip binary outside official @landstrip/landstrip packages: ${filePath}`,
-  );
 }
 export function extractDomainsFromCommand(command: string): string[] {
@@ -529,3 +541,48 @@ export function readDiscoveryPort(baseDirectory: string): number | null {
     return null;
   }
 }
+/**
+ * Human-readable sandbox configuration report consumed by both the server
+ * command and the TUI inspector dialog.
+ */
+export function sandboxSummary(
+  config: SandboxConfig,
+  globalPath: string,
+  projectPath: string,
+  statusOverride?: string,
+): string {
+  const networkMode = config.network.allowNetwork ? 'unrestricted' : 'proxied';
+  const allowed = list(config.network.allowedDomains);
+  const denied = list(config.network.deniedDomains);
+  const unixSockets = config.network.allowAllUnixSockets
+    ? 'all'
+    : list(config.network.allowUnixSockets);
+  const denyRead = list(config.filesystem.denyRead);
+  const allowRead = list(config.filesystem.allowRead);
+  const allowWrite = list(config.filesystem.allowWrite);
+  const denyWrite = list(config.filesystem.denyWrite);
+  const status = statusOverride ?? (config.enabled ? 'active' : 'disabled by config');
+  return [
+    `Status: ${status}`,
+    `landstrip package binary: ${landstripBinaryPath()}`,
+    '',
+    'Config files',
+    `${projectPath} ${existsSync(projectPath) ? '(found)' : '(missing)'}`,
+    `${globalPath} ${existsSync(globalPath) ? '(found)' : '(missing)'}`,
+    '',
+    `Network: ${networkMode}`,
+    `allow network: ${config.network.allowNetwork ? 'yes' : 'no'}`,
+    `allowed: ${allowed}`,
+    `denied: ${denied}`,
+    `unix sockets: ${unixSockets}`,
+    '',
+    'Filesystem',
+    `deny read: ${denyRead}`,
+    `allow read: ${allowRead}`,
+    `allow write: ${allowWrite}`,
+    `deny write: ${denyWrite}`,
+  ].join('\n');
+}

package/tui.ts CHANGED Viewed

@@ -2,21 +2,17 @@
 // Copyright (C) Jarkko Sakkinen 2026
 import type { TuiPlugin, TuiSlotContext, TuiSlotPlugin } from '@opencode-ai/plugin/tui';
-import { existsSync } from 'node:fs';
 import { type AddressInfo, createServer, type Socket as NetSocket } from 'node:net';
 import {
-  list,
-  type SandboxConfigOverrides,
   getConfigPaths,
-  landstripBinaryPath,
   loadConfig,
   normalizeOptions,
   parseLandstripTraps,
   permissionLabel,
   permissionResource,
   removeDiscoveryFile,
+  sandboxSummary,
   updateForPermission,
   writeConfigFile,
   writeDiscoveryPort,
@@ -58,39 +54,6 @@ interface PermissionEntry {
 type QueueEntry = PermissionEntry | FsQueryEntry;
-function configPathLine(label: string, filePath: string): string {
-  return `${label}: ${filePath} ${existsSync(filePath) ? '(found)' : '(missing)'}`;
-}
-function sandboxSummary(baseDirectory: string, optionOverrides: SandboxConfigOverrides): string {
-  const config = loadConfig(baseDirectory, optionOverrides);
-  const { globalPath, projectPath } = getConfigPaths(baseDirectory);
-  const networkMode = config.network.allowNetwork ? 'unrestricted' : 'proxied';
-  return [
-    `Status: ${config.enabled ? 'active' : 'disabled by config'}`,
-    `landstrip package binary: ${landstripBinaryPath()}`,
-    '',
-    'Config files',
-    configPathLine('project', projectPath),
-    configPathLine('global', globalPath),
-    '',
-    `Network: ${networkMode}`,
-    `allow network: ${config.network.allowNetwork ? 'yes' : 'no'}`,
-    `allowed: ${list(config.network.allowedDomains)}`,
-    `denied: ${list(config.network.deniedDomains)}`,
-    `unix sockets: ${config.network.allowAllUnixSockets ? 'all' : list(config.network.allowUnixSockets)}`,
-    '',
-    'Filesystem',
-    `deny read: ${list(config.filesystem.denyRead)}`,
-    `allow read: ${list(config.filesystem.allowRead)}`,
-    `allow write: ${list(config.filesystem.allowWrite)}`,
-    `deny write: ${list(config.filesystem.denyWrite)}`,
-    '',
-    'Press esc or enter to close',
-  ].join('\n');
-}
 function asRecord(permission: PendingPermission): Record<string, unknown> {
   return permission as unknown as Record<string, unknown>;
 }
@@ -475,7 +438,10 @@ const tui: TuiPlugin = async (api, options, meta) => {
   const showSandbox = () => {
     const directory = api.state.path.directory || process.cwd();
-    const message = sandboxSummary(directory, optionOverrides);
+    const config = loadConfig(directory, optionOverrides);
+    const { globalPath, projectPath } = getConfigPaths(directory);
+    const message =
+      sandboxSummary(config, globalPath, projectPath) + '\n\nPress esc or enter to close';
     // No `onConfirm`/`onClose` that call `clear()`: the host already pops the
     // dialog on enter/esc/click, and its `clear()` re-invokes every entry's
@@ -489,7 +455,7 @@ const tui: TuiPlugin = async (api, options, meta) => {
   };
   const executeServerCommand = async (command: string): Promise<boolean> => {
-    await api.client.tui.executeCommand({ command });
+    await api.client.tui.executeCommand({ command: `/${command}` });
     return true;
   };
@@ -502,6 +468,7 @@ const tui: TuiPlugin = async (api, options, meta) => {
         desc: 'Show sandbox configuration',
         category: 'Sandbox',
         suggested: true,
+        slash: { name: 'sandbox' },
         slashName: 'sandbox',
         run: showSandbox,
       },
@@ -512,6 +479,7 @@ const tui: TuiPlugin = async (api, options, meta) => {
         desc: 'Disable sandbox for this session',
         category: 'Sandbox',
         suggested: true,
+        slash: { name: 'sandbox-disable' },
         slashName: 'sandbox-disable',
         run: () => executeServerCommand('sandbox-disable'),
       },
@@ -522,12 +490,43 @@ const tui: TuiPlugin = async (api, options, meta) => {
         desc: 'Re-enable sandbox for this session',
         category: 'Sandbox',
         suggested: true,
+        slash: { name: 'sandbox-enable' },
         slashName: 'sandbox-enable',
         run: () => executeServerCommand('sandbox-enable'),
       },
     ],
   });
+  api.command?.register(() => [
+    {
+      title: 'Sandbox',
+      value: 'sandbox',
+      description: 'Show sandbox configuration',
+      category: 'Sandbox',
+      suggested: true,
+      slash: { name: 'sandbox' },
+      onSelect: showSandbox,
+    },
+    {
+      title: 'Disable sandbox',
+      value: 'sandbox-disable',
+      description: 'Disable sandbox for this session',
+      category: 'Sandbox',
+      suggested: true,
+      slash: { name: 'sandbox-disable' },
+      onSelect: () => executeServerCommand('sandbox-disable'),
+    },
+    {
+      title: 'Enable sandbox',
+      value: 'sandbox-enable',
+      description: 'Re-enable sandbox for this session',
+      category: 'Sandbox',
+      suggested: true,
+      slash: { name: 'sandbox-enable' },
+      onSelect: () => executeServerCommand('sandbox-enable'),
+    },
+  ]);
   // Persistent status badge in the prompt area. It needs the host's Solid
   // runtime, imported defensively so a host that resolves plugin imports
   // differently still loads the plugin — the badge just stays absent there.