opencode-landstrip 0.3.10 → 0.3.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -7
- package/index.ts +464 -158
- package/landstrip.d.ts +3 -0
- package/package.json +9 -8
- package/sandbox.json +7 -47
- package/tui.ts +265 -43
package/README.md
CHANGED
|
@@ -20,7 +20,7 @@ manually:
|
|
|
20
20
|
```json
|
|
21
21
|
{
|
|
22
22
|
"$schema": "https://opencode.ai/config.json",
|
|
23
|
-
"plugin": ["opencode-landstrip"]
|
|
23
|
+
"plugin": ["opencode-landstrip/tui"]
|
|
24
24
|
}
|
|
25
25
|
```
|
|
26
26
|
|
|
@@ -34,7 +34,8 @@ On unsupported platforms the plugin loads but leaves sandboxing disabled.
|
|
|
34
34
|
## Configure
|
|
35
35
|
|
|
36
36
|
Create `.opencode/sandbox.json` in a project or
|
|
37
|
-
`~/.config/opencode/sandbox.json` globally. Project config takes precedence
|
|
37
|
+
`~/.config/opencode/sandbox.json` globally. Project config takes precedence and
|
|
38
|
+
array fields are merged with global/default values.
|
|
38
39
|
|
|
39
40
|
See [`sandbox.json`](./sandbox.json) for a starter config.
|
|
40
41
|
|
|
@@ -42,14 +43,22 @@ See [`sandbox.json`](./sandbox.json) for a starter config.
|
|
|
42
43
|
|
|
43
44
|
The plugin wraps opencode's AI `bash` tool in `landstrip`, routes proxy-aware
|
|
44
45
|
network traffic through an allowlist proxy, and blocks read/write tool access
|
|
45
|
-
outside configured filesystem allowlists.
|
|
46
|
+
outside configured filesystem allowlists. The default policy is strict: network
|
|
47
|
+
access is off unless domains are allowed, reads are limited to the project,
|
|
48
|
+
`~/.gitconfig`, and `/dev/null`, and writes are limited to the project and
|
|
49
|
+
`/dev/null`.
|
|
46
50
|
|
|
47
51
|
Run `/sandbox` in the TUI to inspect the active sandbox configuration.
|
|
48
52
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
+
When OpenCode asks for a sandboxed permission, the TUI plugin adds choices to
|
|
54
|
+
allow once, allow for the session, persist for the project, persist globally, or
|
|
55
|
+
reject. Project approvals are written to `.opencode/sandbox.json`; global
|
|
56
|
+
approvals are written to `~/.config/opencode/sandbox.json`.
|
|
57
|
+
|
|
58
|
+
OpenCode's current plugin API allows wrapping AI `bash` tool calls, but does not
|
|
59
|
+
allow a plugin to replace manually typed shell-mode commands with a landstrip
|
|
60
|
+
wrapper. Those commands can still receive the proxy environment from OpenCode,
|
|
61
|
+
but they are not process-sandboxed by this plugin.
|
|
53
62
|
|
|
54
63
|
## Disable
|
|
55
64
|
|
|
@@ -66,3 +75,6 @@ Set `enabled` to `false` in `sandbox.json`, or pass plugin options:
|
|
|
66
75
|
|
|
67
76
|
`opencode-landstrip` is licensed under `MIT`. See [LICENSE](LICENSE) for more
|
|
68
77
|
information.
|
|
78
|
+
|
|
79
|
+
The bundled `@jarkkojs/landstrip` package is licensed separately as
|
|
80
|
+
`Apache-2.0 AND LGPL-2.1-or-later`.
|