opencode-landstrip 0.3.12 → 0.14.0

package/README.md

@@ -1,7 +1,7 @@
 # opencode-landstrip
 
 Landlock-based sandboxing for [opencode](https://opencode.ai/) using
-[`landstrip`](https://github.com/jarkkojs/landstrip).
+[`landstrip`](https://github.com/landstrip/landstrip).
 
 ## Install
 
@@ -26,9 +26,11 @@ manually:
 
 `opencode plugin install opencode-landstrip` configures both entrypoints.
 
-This installs `opencode-landstrip` and its `@jarkkojs/landstrip` dependency, which
+This installs `opencode-landstrip` and its `@landstrip/landstrip` dependency, which
 includes platform-specific native binaries for Linux, macOS, and Windows.
 
+Requires OpenCode `1.17.7` or newer.
+
 On unsupported platforms the plugin loads but leaves sandboxing disabled.
 
 ## Configure
@@ -48,12 +50,16 @@ access is off unless domains are allowed, reads are limited to the project,
 `~/.gitconfig`, and `/dev/null`, and writes are limited to the project and
 `/dev/null`.
 
-Run `/sandbox` in the TUI to inspect the active sandbox configuration.
+Run `/sandbox` in the TUI to inspect the active sandbox configuration. A compact
+status badge in the prompt area shows whether the sandbox is active and whether
+network is proxied or open.
 
-When OpenCode asks for a sandboxed permission, the TUI plugin adds choices to
-allow once, allow for the session, persist for the project, persist globally, or
-reject. Project approvals are written to `.opencode/sandbox.json`; global
-approvals are written to `~/.config/opencode/sandbox.json`.
+When OpenCode asks for a sandboxed permission, the TUI plugin plays the host's
+permission sound and desktop notification, then opens a single dialog with
+choices to allow once, allow for the session, persist for the project, persist
+globally, or reject. The dialog shows the exact path or domain being approved.
+Project approvals are written to `.opencode/sandbox.json`; global approvals are
+written to `~/.config/opencode/sandbox.json`.
 
 OpenCode's current plugin API allows wrapping AI `bash` tool calls, but does not
 allow a plugin to replace manually typed shell-mode commands with a landstrip
@@ -76,5 +82,5 @@ Set `enabled` to `false` in `sandbox.json`, or pass plugin options:
 `opencode-landstrip` is licensed under `MIT`. See [LICENSE](LICENSE) for more
 information.
 
-The bundled `@jarkkojs/landstrip` package is licensed separately as
+The bundled `@landstrip/landstrip` package is licensed separately as
 `Apache-2.0 AND LGPL-2.1-or-later`.

package/index.ts

@@ -3,43 +3,23 @@
 
 import type { Hooks, Plugin, PluginInput, PluginOptions } from '@opencode-ai/plugin';
 
-import { binaryPath } from '@jarkkojs/landstrip';
-
 import { spawnSync } from 'node:child_process';
-import {
-  existsSync,
-  mkdtempSync,
-  readFileSync,
-  realpathSync,
-  rmSync,
-  writeFileSync,
-} from 'node:fs';
+import { existsSync, mkdtempSync, realpathSync, rmSync, writeFileSync } from 'node:fs';
 import { type AddressInfo, connect as connectNet, createServer, type Socket } from 'node:net';
 import { homedir, tmpdir } from 'node:os';
 import { basename, dirname, isAbsolute, join, resolve } from 'node:path';
 import { URL } from 'node:url';
 
-interface SandboxFilesystemConfig {
-  denyRead: string[];
-  allowRead: string[];
-  allowWrite: string[];
-  denyWrite: string[];
-}
-
-interface SandboxNetworkConfig {
-  allowNetwork: boolean;
-  allowLocalBinding: boolean;
-  allowAllUnixSockets: boolean;
-  allowUnixSockets: string[];
-  allowedDomains: string[];
-  deniedDomains: string[];
-}
-
-interface SandboxConfig {
-  enabled: boolean;
-  network: SandboxNetworkConfig;
-  filesystem: SandboxFilesystemConfig;
-}
+import {
+  type SandboxConfig,
+  type SandboxFilesystemConfig,
+  extractDomainsFromCommand,
+  getConfigPaths,
+  isRecord,
+  landstripBinaryPath,
+  loadConfig,
+  normalizeOptions,
+} from './shared.js';
 
 interface LandstripPolicy {
   network: {
@@ -52,20 +32,12 @@ interface LandstripPolicy {
   filesystem: SandboxFilesystemConfig;
 }
 
-interface LandstripErrorResponse {
-  reason: 'Other' | 'AccessDenied' | 'LaunchFailed' | 'SetupFailed' | 'Usage';
-  file?: string;
-  operation?: 'read' | 'write';
-  program?: string;
-  type?: 'filesystem' | 'network' | 'platform' | 'launch' | 'encoding';
-  source?: string;
-}
-
-interface SandboxConfigOverrides {
-  enabled?: boolean;
-  network?: Partial<SandboxNetworkConfig>;
-  filesystem?: Partial<SandboxFilesystemConfig>;
-}
+type LandstripTrap =
+  | { kind: 'Filesystem'; operation: 'read' | 'write'; path: string; mechanism: string }
+  | { kind: 'Network'; operation: string; target: string; mechanism: string }
+  | { kind: 'Launch'; program: string; message: string }
+  | { kind: 'Usage'; message: string }
+  | { kind: 'Internal'; fields: Record<string, string> };
 
 interface BashSandboxState {
   originalCommand: string;
@@ -86,189 +58,13 @@ interface SandboxPermissionDecision {
 
 type ToastVariant = 'info' | 'success' | 'warning' | 'error';
 
-const LANDSTRIP_VERSION = [0, 11, 9] as const;
+const LANDSTRIP_VERSION = [0, 14, 0] as const;
 const REQUIRED_LANDSTRIP_VERSION = LANDSTRIP_VERSION.join('.');
-const LANDSTRIP_ERROR_REASONS = new Set<LandstripErrorResponse['reason']>([
-  'Other',
-  'AccessDenied',
-  'LaunchFailed',
-  'SetupFailed',
-  'Usage',
-]);
-const LANDSTRIP_OPERATIONS = new Set<NonNullable<LandstripErrorResponse['operation']>>([
-  'read',
-  'write',
-]);
-const LANDSTRIP_ERROR_TYPES = new Set<NonNullable<LandstripErrorResponse['type']>>([
-  'filesystem',
-  'network',
-  'platform',
-  'launch',
-  'encoding',
-]);
+const LANDSTRIP_OPERATIONS = new Set<'read' | 'write'>(['read', 'write']);
 const SUPPORTED_PLATFORMS = new Set<NodeJS.Platform>(['linux', 'darwin', 'win32']);
-const LANDSTRIP_PACKAGE_NAMES = new Set([
-  '@jarkkojs/landstrip',
-  '@jarkkojs/landstrip-darwin-arm64',
-  '@jarkkojs/landstrip-darwin-x64',
-  '@jarkkojs/landstrip-linux-x64',
-  '@jarkkojs/landstrip-win32-x64',
-]);
-
-function isLandstripErrorReason(value: string): value is LandstripErrorResponse['reason'] {
-  return LANDSTRIP_ERROR_REASONS.has(value as LandstripErrorResponse['reason']);
-}
-
-function isLandstripOperation(
-  value: string,
-): value is NonNullable<LandstripErrorResponse['operation']> {
-  return LANDSTRIP_OPERATIONS.has(value as NonNullable<LandstripErrorResponse['operation']>);
-}
-
-function isLandstripErrorType(value: string): value is NonNullable<LandstripErrorResponse['type']> {
-  return LANDSTRIP_ERROR_TYPES.has(value as NonNullable<LandstripErrorResponse['type']>);
-}
-
-const DEFAULT_CONFIG: SandboxConfig = {
-  enabled: true,
-  network: {
-    allowNetwork: false,
-    allowLocalBinding: false,
-    allowAllUnixSockets: false,
-    allowUnixSockets: [],
-    allowedDomains: [],
-    deniedDomains: [],
-  },
-  filesystem: {
-    denyRead: ['/Users', '/home'],
-    allowRead: ['.', '~/.gitconfig', '/dev/null'],
-    allowWrite: ['.', '/dev/null'],
-    denyWrite: ['**/.env', '**/.env.*', '**/*.pem', '**/*.key'],
-  },
-};
-
-function isRecord(value: unknown): value is Record<string, unknown> {
-  return typeof value === 'object' && value !== null && !Array.isArray(value);
-}
-
-function stringArray(value: unknown): string[] | undefined {
-  if (!Array.isArray(value)) return undefined;
-  return value.every((item) => typeof item === 'string') ? [...value] : undefined;
-}
-
-function normalizeNetworkConfig(value: unknown): Partial<SandboxNetworkConfig> | undefined {
-  if (!isRecord(value)) return undefined;
-
-  const config: Partial<SandboxNetworkConfig> = {};
-  if (typeof value.allowNetwork === 'boolean') config.allowNetwork = value.allowNetwork;
-  if (typeof value.allowLocalBinding === 'boolean')
-    config.allowLocalBinding = value.allowLocalBinding;
-  if (typeof value.allowAllUnixSockets === 'boolean')
-    config.allowAllUnixSockets = value.allowAllUnixSockets;
-
-  const allowUnixSockets = stringArray(value.allowUnixSockets);
-  if (allowUnixSockets) config.allowUnixSockets = allowUnixSockets;
 
-  const allowedDomains = stringArray(value.allowedDomains);
-  if (allowedDomains) config.allowedDomains = allowedDomains;
-
-  const deniedDomains = stringArray(value.deniedDomains);
-  if (deniedDomains) config.deniedDomains = deniedDomains;
-
-  return config;
-}
-
-function normalizeFilesystemConfig(value: unknown): Partial<SandboxFilesystemConfig> | undefined {
-  if (!isRecord(value)) return undefined;
-
-  const config: Partial<SandboxFilesystemConfig> = {};
-  const denyRead = stringArray(value.denyRead);
-  if (denyRead) config.denyRead = denyRead;
-
-  const allowRead = stringArray(value.allowRead);
-  if (allowRead) config.allowRead = allowRead;
-
-  const allowWrite = stringArray(value.allowWrite);
-  if (allowWrite) config.allowWrite = allowWrite;
-
-  const denyWrite = stringArray(value.denyWrite);
-  if (denyWrite) config.denyWrite = denyWrite;
-
-  return config;
-}
-
-function normalizeConfig(value: unknown): SandboxConfigOverrides {
-  if (!isRecord(value)) return {};
-
-  const config: SandboxConfigOverrides = {};
-  if (typeof value.enabled === 'boolean') config.enabled = value.enabled;
-
-  const network = normalizeNetworkConfig(value.network);
-  if (network) config.network = network;
-
-  const filesystem = normalizeFilesystemConfig(value.filesystem);
-  if (filesystem) config.filesystem = filesystem;
-
-  return config;
-}
-
-function normalizeOptions(options: PluginOptions | undefined): SandboxConfigOverrides {
-  if (!isRecord(options)) return {};
-  return normalizeConfig(isRecord(options.config) ? options.config : options);
-}
-
-function mergeArray(base: string[], override?: string[]): string[] {
-  if (!override) return base;
-  return [...new Set([...base, ...override])];
-}
-
-function deepMerge(base: SandboxConfig, overrides: SandboxConfigOverrides): SandboxConfig {
-  const network = overrides.network;
-  const filesystem = overrides.filesystem;
-
-  return {
-    enabled: overrides.enabled ?? base.enabled,
-    network: {
-      allowNetwork: network?.allowNetwork ?? base.network.allowNetwork,
-      allowLocalBinding: network?.allowLocalBinding ?? base.network.allowLocalBinding,
-      allowAllUnixSockets: network?.allowAllUnixSockets ?? base.network.allowAllUnixSockets,
-      allowUnixSockets: mergeArray(base.network.allowUnixSockets, network?.allowUnixSockets),
-      allowedDomains: mergeArray(base.network.allowedDomains, network?.allowedDomains),
-      deniedDomains: mergeArray(base.network.deniedDomains, network?.deniedDomains),
-    },
-    filesystem: {
-      denyRead: mergeArray(base.filesystem.denyRead, filesystem?.denyRead),
-      allowRead: mergeArray(base.filesystem.allowRead, filesystem?.allowRead),
-      allowWrite: mergeArray(base.filesystem.allowWrite, filesystem?.allowWrite),
-      denyWrite: mergeArray(base.filesystem.denyWrite, filesystem?.denyWrite),
-    },
-  };
-}
-
-function getConfigPaths(baseDirectory: string): { globalPath: string; projectPath: string } {
-  return {
-    globalPath: join(homedir(), '.config', 'opencode', 'sandbox.json'),
-    projectPath: join(baseDirectory, '.opencode', 'sandbox.json'),
-  };
-}
-
-function readConfigFile(configPath: string): SandboxConfigOverrides {
-  if (!existsSync(configPath)) return {};
-
-  try {
-    return normalizeConfig(JSON.parse(readFileSync(configPath, 'utf-8')));
-  } catch (error) {
-    console.error(`Warning: Could not parse ${configPath}: ${error}`);
-    return {};
-  }
-}
-
-function loadConfig(baseDirectory: string, optionOverrides: SandboxConfigOverrides): SandboxConfig {
-  const { globalPath, projectPath } = getConfigPaths(baseDirectory);
-  return deepMerge(
-    deepMerge(deepMerge(DEFAULT_CONFIG, readConfigFile(globalPath)), readConfigFile(projectPath)),
-    optionOverrides,
-  );
+function isLandstripOperation(value: unknown): value is 'read' | 'write' {
+  return typeof value === 'string' && LANDSTRIP_OPERATIONS.has(value as 'read' | 'write');
 }
 
 function expandPath(filePath: string, baseDirectory: string): string {
@@ -281,33 +77,6 @@ function configuredShellPath(config: unknown): string | undefined {
   return typeof config.shell === 'string' ? config.shell : undefined;
 }
 
-function landstripBinaryPath(): string {
-  const filePath = realpathSync.native(binaryPath());
-  let probe = dirname(filePath);
-
-  while (true) {
-    const manifestPath = join(probe, 'package.json');
-    if (existsSync(manifestPath)) {
-      try {
-        const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8')) as unknown;
-        if (isRecord(manifest) && LANDSTRIP_PACKAGE_NAMES.has(String(manifest.name))) {
-          return filePath;
-        }
-      } catch {
-        // malformed package.json — continue walking to parent
-      }
-    }
-
-    const parent = dirname(probe);
-    if (parent === probe) break;
-    probe = parent;
-  }
-
-  throw new Error(
-    `Refusing to use landstrip binary outside official @jarkkojs/landstrip packages: ${filePath}`,
-  );
-}
-
 function canonicalizePath(filePath: string, baseDirectory: string): string {
   const abs = expandPath(filePath, baseDirectory);
 
@@ -378,18 +147,6 @@ function shouldPromptForWrite(path: string, allowWrite: string[], baseDirectory:
   return allowWrite.length === 0 || !matchesPattern(path, allowWrite, baseDirectory);
 }
 
-function extractDomainsFromCommand(command: string): string[] {
-  const urlRegex = /https?:\/\/([^\s/:?#'"]+)(?::\d+)?(?:[/?#]|\s|$)/g;
-  const domains = new Set<string>();
-  let match: RegExpExecArray | null;
-
-  while ((match = urlRegex.exec(command)) !== null) {
-    domains.add(match[1]);
-  }
-
-  return [...domains];
-}
-
 function domainMatchesPattern(domain: string, pattern: string): boolean {
   const normalizedDomain = domain.toLowerCase();
   const normalizedPattern = pattern.toLowerCase();
@@ -456,13 +213,16 @@ function extractBlockedPath(
   );
   if (match) return normalizeBlockedPath(match[1], baseDirectory);
 
-  // Landstrip structured error format with file field
+  // Landstrip structured trap format carrying a denied path
   const landstripErrors = parseLandstripErrors(output);
-  for (const error of landstripErrors) {
-    if (error.file) return normalizeBlockedPath(error.file, baseDirectory);
+  for (const trap of landstripErrors) {
+    if (trap.kind === 'Filesystem') return normalizeBlockedPath(trap.path, baseDirectory);
+    if (trap.kind === 'Internal' && trap.fields.file) {
+      return normalizeBlockedPath(trap.fields.file, baseDirectory);
+    }
   }
 
-  // If landstrip reported an error but without a file field, try to
+  // If landstrip reported a trap but without a path, try to
   // extract the blocked path from the command itself
   if (landstripErrors.length > 0 && command) {
     for (const candidate of extractCandidatePaths(command)) {
@@ -610,63 +370,94 @@ function hasMinimumVersion(version: string, minimum: readonly [number, number, n
   return true;
 }
 
-function parseLandstripErrors(output: string): LandstripErrorResponse[] {
-  const errors: LandstripErrorResponse[] = [];
-
-  for (const block of output.trim().split(/\n\n+/)) {
-    const fields: Record<string, string> = {};
+function decodeLandstripTrap(value: unknown): LandstripTrap | null {
+  if (typeof value !== 'object' || value === null || Array.isArray(value)) return null;
+  const entries = Object.entries(value as Record<string, unknown>);
+  if (entries.length !== 1) return null;
+  const [kind, payload] = entries[0];
 
-    for (const line of block.split('\n')) {
-      const colonIndex = line.indexOf(':');
-      if (colonIndex === -1) continue;
-      const key = line.slice(0, colonIndex).trim();
-      const value = line.slice(colonIndex + 1).trim();
-      if (key.length > 0 && value.length > 0) fields[key] = value;
+  switch (kind) {
+    case 'Filesystem': {
+      if (!Array.isArray(payload)) return null;
+      const [operation, path, mechanism] = payload;
+      if (!isLandstripOperation(operation) || typeof path !== 'string') return null;
+      return { kind, operation, path, mechanism: typeof mechanism === 'string' ? mechanism : '' };
     }
-
-    if (fields.reason && isLandstripErrorReason(fields.reason)) {
-      const error: LandstripErrorResponse = {
-        reason: fields.reason,
-      };
-
-      if (fields.file) error.file = fields.file;
-      if (fields.operation && isLandstripOperation(fields.operation)) {
-        error.operation = fields.operation;
+    case 'Network': {
+      if (!Array.isArray(payload)) return null;
+      const [operation, target, mechanism] = payload;
+      if (typeof operation !== 'string' || typeof target !== 'string') return null;
+      return { kind, operation, target, mechanism: typeof mechanism === 'string' ? mechanism : '' };
+    }
+    case 'Launch': {
+      if (!Array.isArray(payload)) return null;
+      const [program, message] = payload;
+      if (typeof program !== 'string') return null;
+      return { kind, program, message: typeof message === 'string' ? message : '' };
+    }
+    case 'Usage': {
+      if (typeof payload !== 'string') return null;
+      return { kind, message: payload };
+    }
+    case 'Internal': {
+      if (typeof payload !== 'object' || payload === null || Array.isArray(payload)) return null;
+      const fields: Record<string, string> = {};
+      for (const [key, val] of Object.entries(payload as Record<string, unknown>)) {
+        fields[key] = typeof val === 'string' ? val : JSON.stringify(val);
       }
-      if (fields.program) error.program = fields.program;
-      if (fields.source) error.source = fields.source;
+      return { kind, fields };
+    }
+    default:
+      return null;
+  }
+}
+
+function parseLandstripErrors(output: string): LandstripTrap[] {
+  const traps: LandstripTrap[] = [];
 
-      if (fields.type && isLandstripErrorType(fields.type)) error.type = fields.type;
+  for (const line of output.split('\n')) {
+    const trimmed = line.trim();
+    if (trimmed.length === 0 || trimmed[0] !== '{') continue;
 
-      errors.push(error);
+    let parsed: unknown;
+    try {
+      parsed = JSON.parse(trimmed);
+    } catch {
+      continue;
     }
+
+    const trap = decodeLandstripTrap(parsed);
+    if (trap) traps.push(trap);
   }
 
-  return errors;
+  return traps;
+}
+
+function formatLandstripTrap(trap: LandstripTrap): string {
+  switch (trap.kind) {
+    case 'Filesystem':
+      return `landstrip: filesystem ${trap.operation} denied (${trap.path})${
+        trap.mechanism ? ` [${trap.mechanism}]` : ''
+      }`;
+    case 'Network':
+      return `landstrip: network ${trap.operation} denied (${trap.target})${
+        trap.mechanism ? ` [${trap.mechanism}]` : ''
+      }`;
+    case 'Launch':
+      return `landstrip: launch failed (${trap.program})${trap.message ? `: ${trap.message}` : ''}`;
+    case 'Usage':
+      return `landstrip: usage error: ${trap.message}`;
+    case 'Internal': {
+      const detail = Object.entries(trap.fields)
+        .map(([key, val]) => `${key}: ${val}`)
+        .join(', ');
+      return `landstrip: internal error${detail ? ` (${detail})` : ''}`;
+    }
+  }
 }
 
-function formatLandstripErrors(errors: LandstripErrorResponse[]): string {
-  return errors
-    .map((err) => {
-      const parts: string[] = [`landstrip: ${err.reason}`];
-
-      if (err.file) {
-        parts.push(` (${err.file})`);
-      }
-      if (err.operation) {
-        parts.push(` ${err.operation}`);
-      }
-      if (err.program) {
-        parts.push(` ${err.program}`);
-      }
-      if (err.type) {
-        parts.push(`:${err.type}`);
-      }
-      if (err.source) parts.push(`: ${err.source}`);
-
-      return parts.join('');
-    })
-    .join('\n');
+function formatLandstripErrors(traps: LandstripTrap[]): string {
+  return traps.map(formatLandstripTrap).join('\n');
 }
 
 function splitHostPort(target: string, defaultPort: number): { host: string; port: number } | null {
@@ -1162,7 +953,7 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
     if (!version) {
       landstripCheck = {
         ok: false,
-        reason: `landstrip was not found. Reinstall with: npm install @jarkkojs/landstrip`,
+        reason: `landstrip was not found. Reinstall with: npm install @landstrip/landstrip`,
       };
       return landstripCheck;
     }

package/landstrip.d.ts

@@ -1,3 +1,3 @@
-declare module '@jarkkojs/landstrip' {
+declare module '@landstrip/landstrip' {
   function binaryPath(): string;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.3.12",
+  "version": "0.14.0",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",
@@ -11,11 +11,12 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/jarkkojs/opencode-landstrip.git"
+    "url": "git+https://github.com/landstrip/opencode-landstrip.git"
   },
   "files": [
     "index.ts",
     "tui.ts",
+    "shared.ts",
     "landstrip.d.ts",
     "README.md",
     "sandbox.json"
@@ -37,8 +38,8 @@
     }
   },
   "scripts": {
-    "fmt": "oxfmt index.ts tui.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md test/*.test.mjs",
-    "lint": "oxlint index.ts tui.ts",
+    "fmt": "oxfmt index.ts tui.ts shared.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md test/*.test.mjs",
+    "lint": "oxlint index.ts tui.ts shared.ts",
     "check": "tsc --noEmit",
     "test": "node --test test/*.test.mjs",
     "all": "npm run fmt && npm run lint && npm run check && npm test",
@@ -48,10 +49,10 @@
     "ci:test": "npm test"
   },
   "dependencies": {
-    "@jarkkojs/landstrip": "^0.11.11"
+    "@landstrip/landstrip": "^0.14.5"
   },
   "devDependencies": {
-    "@opencode-ai/plugin": "^1.17.6",
+    "@opencode-ai/plugin": "^1.17.7",
     "@opentui/core": ">=0.3.4",
     "@opentui/keymap": ">=0.3.4",
     "@opentui/solid": ">=0.3.4",
@@ -61,7 +62,7 @@
     "typescript": "^5.8.2"
   },
   "peerDependencies": {
-    "@opencode-ai/plugin": "^1.17.6"
+    "@opencode-ai/plugin": "^1.17.7"
   },
   "peerDependenciesMeta": {
     "@opencode-ai/plugin": {
@@ -69,6 +70,6 @@
     }
   },
   "engines": {
-    "opencode": ">=1.17.6"
+    "opencode": ">=1.17.7"
   }
 }