opencode-landstrip 0.3.10 → 0.3.12

package/landstrip.d.ts

@@ -0,0 +1,3 @@
+declare module '@jarkkojs/landstrip' {
+  function binaryPath(): string;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.3.10",
+  "version": "0.3.12",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",
@@ -16,6 +16,7 @@
   "files": [
     "index.ts",
     "tui.ts",
+    "landstrip.d.ts",
     "README.md",
     "sandbox.json"
   ],
@@ -47,20 +48,20 @@
     "ci:test": "npm test"
   },
   "dependencies": {
-    "@jarkkojs/landstrip": "^0.11.0"
+    "@jarkkojs/landstrip": "^0.11.11"
   },
   "devDependencies": {
-    "@opencode-ai/plugin": "^1.16.2",
-    "@opentui/core": ">=0.3.2",
-    "@opentui/keymap": ">=0.3.2",
-    "@opentui/solid": ">=0.3.2",
+    "@opencode-ai/plugin": "^1.17.6",
+    "@opentui/core": ">=0.3.4",
+    "@opentui/keymap": ">=0.3.4",
+    "@opentui/solid": ">=0.3.4",
     "@types/node": "^24.0.0",
     "oxfmt": "^0.53.0",
     "oxlint": "^1.68.0",
     "typescript": "^5.8.2"
   },
   "peerDependencies": {
-    "@opencode-ai/plugin": "^1.16.2"
+    "@opencode-ai/plugin": "^1.17.6"
   },
   "peerDependenciesMeta": {
     "@opencode-ai/plugin": {
@@ -68,6 +69,6 @@
     }
   },
   "engines": {
-    "opencode": ">=1.16.2"
+    "opencode": ">=1.17.6"
   }
 }

package/sandbox.json

@@ -1,57 +1,17 @@
 {
   "enabled": true,
   "network": {
-    "allowLocalBinding": true,
+    "allowNetwork": false,
+    "allowLocalBinding": false,
     "allowAllUnixSockets": false,
     "allowUnixSockets": [],
-    "allowedDomains": [
-      "github.com",
-      "*.github.com",
-      "api.github.com",
-      "raw.githubusercontent.com",
-      "objects.githubusercontent.com",
-      "codeload.github.com",
-      "registry.npmjs.org",
-      "npmjs.org",
-      "*.npmjs.org",
-      "nodejs.org",
-      "*.nodejs.org",
-      "crates.io",
-      "*.crates.io",
-      "static.crates.io"
-    ],
+    "allowedDomains": [],
     "deniedDomains": []
   },
   "filesystem": {
-    "denyRead": ["/home"],
-    "allowRead": [
-      ".",
-      "/tmp",
-      "/var/tmp",
-      "/dev/null",
-      "~/.config/opencode",
-      "~/.config/git",
-      "~/.gitconfig",
-      "~/.local",
-      "~/.cargo",
-      "~/.rustup",
-      "~/.npm",
-      "~/.cache",
-      "~/.bun",
-      "~/.node-gyp"
-    ],
-    "allowWrite": [
-      ".",
-      "/tmp",
-      "/var/tmp",
-      "/dev/null",
-      "~/.cargo",
-      "~/.rustup",
-      "~/.npm",
-      "~/.cache",
-      "~/.bun",
-      "~/.node-gyp"
-    ],
-    "denyWrite": [".env", ".env.*", "*.pem", "*.key"]
+    "denyRead": ["/Users", "/home"],
+    "allowRead": [".", "~/.gitconfig", "/dev/null"],
+    "allowWrite": [".", "/dev/null"],
+    "denyWrite": ["**/.env", "**/.env.*", "**/*.pem", "**/*.key"]
   }
 }

package/tui.ts

@@ -5,9 +5,9 @@ import type { TuiPlugin } from '@opencode-ai/plugin/tui';
 
 import { binaryPath } from '@jarkkojs/landstrip';
 
-import { existsSync, readFileSync } from 'node:fs';
+import { existsSync, mkdirSync, readFileSync, realpathSync, writeFileSync } from 'node:fs';
 import { homedir } from 'node:os';
-import { join } from 'node:path';
+import { dirname, join } from 'node:path';
 
 interface SandboxFilesystemConfig {
   denyRead: string[];
@@ -44,38 +44,23 @@ const DEFAULT_CONFIG: SandboxConfig = {
     allowLocalBinding: false,
     allowAllUnixSockets: false,
     allowUnixSockets: [],
-    allowedDomains: [
-      'npmjs.org',
-      '*.npmjs.org',
-      'registry.npmjs.org',
-      'registry.yarnpkg.com',
-      'pypi.org',
-      '*.pypi.org',
-      'github.com',
-      '*.github.com',
-      'api.github.com',
-      'raw.githubusercontent.com',
-      'crates.io',
-      '*.crates.io',
-      'static.crates.io',
-    ],
+    allowedDomains: [],
     deniedDomains: [],
   },
   filesystem: {
     denyRead: ['/Users', '/home'],
-    allowRead: [
-      '.',
-      '/dev/null',
-      '~/.config/opencode',
-      '~/.config/git',
-      '~/.gitconfig',
-      '~/.local',
-      '~/.cargo',
-    ],
-    allowWrite: ['.', '/tmp', '/dev/null'],
-    denyWrite: ['.env', '.env.*', '*.pem', '*.key'],
+    allowRead: ['.', '~/.gitconfig', '/dev/null'],
+    allowWrite: ['.', '/dev/null'],
+    denyWrite: ['**/.env', '**/.env.*', '**/*.pem', '**/*.key'],
   },
 };
+const LANDSTRIP_PACKAGE_NAMES = new Set([
+  '@jarkkojs/landstrip',
+  '@jarkkojs/landstrip-darwin-arm64',
+  '@jarkkojs/landstrip-darwin-x64',
+  '@jarkkojs/landstrip-linux-x64',
+  '@jarkkojs/landstrip-win32-x64',
+]);
 
 function isRecord(value: unknown): value is Record<string, unknown> {
   return typeof value === 'object' && value !== null && !Array.isArray(value);
@@ -147,16 +132,30 @@ function normalizeOptions(options: unknown): SandboxConfigOverrides {
   return normalizeConfig(isRecord(options.config) ? options.config : options);
 }
 
+function mergeArray(base: string[], override?: string[]): string[] {
+  if (!override) return base;
+  return [...new Set([...base, ...override])];
+}
+
 function deepMerge(base: SandboxConfig, overrides: SandboxConfigOverrides): SandboxConfig {
+  const network = overrides.network;
+  const filesystem = overrides.filesystem;
+
   return {
     enabled: overrides.enabled ?? base.enabled,
     network: {
-      ...base.network,
-      ...overrides.network,
+      allowNetwork: network?.allowNetwork ?? base.network.allowNetwork,
+      allowLocalBinding: network?.allowLocalBinding ?? base.network.allowLocalBinding,
+      allowAllUnixSockets: network?.allowAllUnixSockets ?? base.network.allowAllUnixSockets,
+      allowUnixSockets: mergeArray(base.network.allowUnixSockets, network?.allowUnixSockets),
+      allowedDomains: mergeArray(base.network.allowedDomains, network?.allowedDomains),
+      deniedDomains: mergeArray(base.network.deniedDomains, network?.deniedDomains),
     },
     filesystem: {
-      ...base.filesystem,
-      ...overrides.filesystem,
+      denyRead: mergeArray(base.filesystem.denyRead, filesystem?.denyRead),
+      allowRead: mergeArray(base.filesystem.allowRead, filesystem?.allowRead),
+      allowWrite: mergeArray(base.filesystem.allowWrite, filesystem?.allowWrite),
+      denyWrite: mergeArray(base.filesystem.denyWrite, filesystem?.denyWrite),
     },
   };
 }
@@ -168,20 +167,61 @@ function getConfigPaths(baseDirectory: string): { globalPath: string; projectPat
   };
 }
 
-function readConfigFile(configPath: string): SandboxConfigOverrides {
+function readConfigFile(configPath: string): SandboxConfigOverrides | null {
   if (!existsSync(configPath)) return {};
 
   try {
     return normalizeConfig(JSON.parse(readFileSync(configPath, 'utf-8')));
   } catch {
-    return {};
+    return null;
+  }
+}
+
+function landstripBinaryPath(): string {
+  const filePath = realpathSync.native(binaryPath());
+  let probe = dirname(filePath);
+
+  while (true) {
+    const manifestPath = join(probe, 'package.json');
+    if (existsSync(manifestPath)) {
+      try {
+        const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8')) as unknown;
+        if (isRecord(manifest) && LANDSTRIP_PACKAGE_NAMES.has(String(manifest.name))) {
+          return filePath;
+        }
+      } catch {
+        // malformed package.json — continue walking to parent
+      }
+    }
+
+    const parent = dirname(probe);
+    if (parent === probe) break;
+    probe = parent;
+  }
+
+  throw new Error(
+    `Refusing to use landstrip binary outside official @jarkkojs/landstrip packages: ${filePath}`,
+  );
+}
+
+function writeConfigFile(configPath: string, update: SandboxConfigOverrides): void {
+  const current = readConfigFile(configPath);
+  if (current === null) {
+    throw new Error(`Config file ${configPath} is corrupted; refusing to overwrite`);
   }
+
+  const next = deepMerge(deepMerge(DEFAULT_CONFIG, current), update);
+
+  mkdirSync(dirname(configPath), { recursive: true });
+  writeFileSync(configPath, JSON.stringify(next, null, 2) + '\n');
 }
 
 function loadConfig(baseDirectory: string, optionOverrides: SandboxConfigOverrides): SandboxConfig {
   const { globalPath, projectPath } = getConfigPaths(baseDirectory);
+  const globalConfig = readConfigFile(globalPath);
+  const projectConfig = readConfigFile(projectPath);
   return deepMerge(
-    deepMerge(deepMerge(DEFAULT_CONFIG, readConfigFile(globalPath)), readConfigFile(projectPath)),
+    deepMerge(deepMerge(DEFAULT_CONFIG, globalConfig ?? {}), projectConfig ?? {}),
     optionOverrides,
   );
 }
@@ -201,7 +241,7 @@ function sandboxSummary(baseDirectory: string, optionOverrides: SandboxConfigOve
 
   return [
     `Status: ${config.enabled ? 'active' : 'disabled by config'}`,
-    `landstrip: ${binaryPath()}`,
+    `landstrip package binary: ${landstripBinaryPath()}`,
     '',
     'Config files',
     configPathLine('project', projectPath),
@@ -223,7 +263,150 @@ function sandboxSummary(baseDirectory: string, optionOverrides: SandboxConfigOve
   ].join('\n');
 }
 
+type PermissionChoice = 'once' | 'session' | 'project' | 'global' | 'reject';
+
+function permissionType(permission: Record<string, unknown>, fallback = ''): string {
+  if (typeof permission.permission === 'string') return permission.permission;
+  if (typeof permission.action === 'string') return permission.action;
+  if (typeof permission.type === 'string') return permission.type;
+  return fallback;
+}
+
+function permissionPattern(permission: Record<string, unknown>): string | undefined {
+  const patterns = permission.patterns;
+  if (Array.isArray(patterns))
+    return patterns.find((item): item is string => typeof item === 'string');
+
+  const pattern = permission.pattern;
+  if (typeof pattern === 'string') return pattern;
+  if (Array.isArray(pattern))
+    return pattern.find((item): item is string => typeof item === 'string');
+
+  return undefined;
+}
+
+function domainsFromCommand(command: string): string[] {
+  const domains = new Set<string>();
+  const urlRegex = /https?:\/\/([^\s/:?#'"]+)(?::\d+)?(?:[/?#]|\s|$)/g;
+  let match: RegExpExecArray | null;
+
+  while ((match = urlRegex.exec(command)) !== null) domains.add(match[1]);
+
+  return [...domains];
+}
+
+function updateForPermission(permission: Record<string, unknown>): SandboxConfigOverrides | null {
+  const metadata = isRecord(permission.metadata) ? permission.metadata : {};
+  const type = permissionType(permission);
+  const pattern = permissionPattern(permission);
+
+  if (type === 'bash') {
+    const command = typeof metadata.command === 'string' ? metadata.command : pattern;
+    const domains = typeof command === 'string' ? domainsFromCommand(command) : [];
+    return domains.length > 0 ? { network: { allowedDomains: domains } } : null;
+  }
+
+  if (type === 'read' || type === 'glob' || type === 'grep' || type === 'list') {
+    const filePath = typeof metadata.filepath === 'string' ? metadata.filepath : pattern;
+    return filePath ? { filesystem: { allowRead: [filePath] } } : null;
+  }
+
+  if (type === 'edit' || type === 'write' || type === 'apply_patch') {
+    const filePath = typeof metadata.filepath === 'string' ? metadata.filepath : pattern;
+    return filePath ? { filesystem: { allowWrite: [filePath] } } : null;
+  }
+
+  return null;
+}
+
+function permissionLabel(permission: Record<string, unknown>): string {
+  const type = permissionType(permission, 'permission');
+  const title = typeof permission.title === 'string' ? permission.title : type;
+  const pattern = permissionPattern(permission);
+  return pattern ? `${title}: ${pattern}` : title;
+}
+
 const tui: TuiPlugin = async (api, options) => {
+  const handledPermissions = new Set<string>();
+
+  async function replyPermission(
+    permission: Record<string, unknown>,
+    choice: PermissionChoice,
+  ): Promise<void> {
+    const id = typeof permission.id === 'string' ? permission.id : undefined;
+    if (!id || typeof permission.sessionID !== 'string') return;
+
+    const directory = api.state.path.directory || process.cwd();
+    const { globalPath, projectPath } = getConfigPaths(directory);
+
+    try {
+      if (choice === 'project' || choice === 'global') {
+        const update = updateForPermission(permission);
+        if (update) writeConfigFile(choice === 'project' ? projectPath : globalPath, update);
+      }
+
+      await api.client.permission.reply({
+        requestID: id,
+        reply: choice === 'reject' ? 'reject' : choice === 'once' ? 'once' : 'always',
+      });
+
+      api.ui.toast({
+        title: 'Sandbox',
+        message: choice === 'reject' ? 'Permission rejected' : `Permission allowed for ${choice}`,
+        variant: choice === 'reject' ? 'warning' : 'success',
+      });
+    } catch {
+      api.ui.toast({
+        title: 'Sandbox',
+        message: 'Permission was already handled or could not be updated',
+        variant: 'warning',
+      });
+    } finally {
+      api.ui.dialog.clear();
+    }
+  }
+
+  function showPermission(permission: Record<string, unknown>): void {
+    const id = typeof permission.id === 'string' ? permission.id : undefined;
+    if (!id || handledPermissions.has(id)) return;
+    handledPermissions.add(id);
+
+    api.ui.dialog.replace(
+      () =>
+        api.ui.DialogSelect<PermissionChoice>({
+          title: 'Sandbox Permission',
+          placeholder: permissionLabel(permission),
+          options: [
+            { title: 'Allow once', value: 'once', description: 'Approve only this request' },
+            {
+              title: 'Allow for session',
+              value: 'session',
+              description: 'Use OpenCode session approval for matching requests',
+            },
+            {
+              title: 'Allow for project',
+              value: 'project',
+              description: 'Persist to .opencode/sandbox.json and approve this session',
+            },
+            {
+              title: 'Allow globally',
+              value: 'global',
+              description: 'Persist to ~/.config/opencode/sandbox.json and approve this session',
+            },
+            { title: 'Reject', value: 'reject', description: 'Deny this request' },
+          ],
+          onSelect: (option) => {
+            void replyPermission(permission, option.value);
+          },
+        }),
+      () => api.ui.dialog.clear(),
+    );
+  }
+
+  api.event.on('permission.asked', (event) => {
+    showPermission(event.properties as Record<string, unknown>);
+  });
+
   const showSandbox = () => {
     const directory = api.state.path.directory || process.cwd();
     const message = sandboxSummary(directory, normalizeOptions(options));
@@ -239,32 +422,71 @@ const tui: TuiPlugin = async (api, options) => {
     );
   };
 
+  const executeServerCommand = async (command: string): Promise<boolean> => {
+    await api.client.tui.executeCommand({ command });
+    return true;
+  };
+
   api.keymap.registerLayer({
     commands: [
       {
-        namespace: 'palette',
-        name: 'landstrip.sandbox.show',
-        title: 'Show sandbox configuration',
-        desc: 'Show landstrip sandbox status and rules',
-        description: 'Show landstrip sandbox status and rules',
+        name: 'sandbox',
+        title: 'Sandbox',
+        description: 'Show sandbox configuration',
         category: 'Sandbox',
         suggested: true,
-        slashName: 'sandbox',
+        slash: { name: 'sandbox' },
         run: showSandbox,
       },
+      {
+        name: 'sandbox-disable',
+        title: 'Disable sandbox',
+        description: 'Disable sandbox for this session',
+        category: 'Sandbox',
+        suggested: true,
+        slash: { name: 'sandbox-disable' },
+        run: () => executeServerCommand('sandbox-disable'),
+      },
+      {
+        name: 'sandbox-enable',
+        title: 'Enable sandbox',
+        description: 'Re-enable sandbox for this session',
+        category: 'Sandbox',
+        suggested: true,
+        slash: { name: 'sandbox-enable' },
+        run: () => executeServerCommand('sandbox-enable'),
+      },
     ],
   });
 
   api.command?.register(() => [
     {
       title: 'Sandbox',
-      value: 'landstrip.sandbox.show',
+      value: 'sandbox',
       description: 'Show sandbox configuration',
       category: 'Sandbox',
       suggested: true,
       slash: { name: 'sandbox' },
       onSelect: showSandbox,
     },
+    {
+      title: 'Disable sandbox',
+      value: 'sandbox-disable',
+      description: 'Disable sandbox for this session',
+      category: 'Sandbox',
+      suggested: true,
+      slash: { name: 'sandbox-disable' },
+      onSelect: () => executeServerCommand('sandbox-disable'),
+    },
+    {
+      title: 'Enable sandbox',
+      value: 'sandbox-enable',
+      description: 'Re-enable sandbox for this session',
+      category: 'Sandbox',
+      suggested: true,
+      slash: { name: 'sandbox-enable' },
+      onSelect: () => executeServerCommand('sandbox-enable'),
+    },
   ]);
 };