npm - opencode-landstrip - Versions diffs - 0.3.12 → 0.3.13 - Mend

opencode-landstrip 0.3.12 → 0.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -29,6 +29,8 @@ manually:
 This installs `opencode-landstrip` and its `@jarkkojs/landstrip` dependency, which
 includes platform-specific native binaries for Linux, macOS, and Windows.
+Requires OpenCode `1.17.7` or newer.
 On unsupported platforms the plugin loads but leaves sandboxing disabled.
 ## Configure
@@ -48,12 +50,16 @@ access is off unless domains are allowed, reads are limited to the project,
 `~/.gitconfig`, and `/dev/null`, and writes are limited to the project and
 `/dev/null`.
-Run `/sandbox` in the TUI to inspect the active sandbox configuration.
+Run `/sandbox` in the TUI to inspect the active sandbox configuration. A compact
+status badge in the prompt area shows whether the sandbox is active and whether
+network is proxied or open.
-When OpenCode asks for a sandboxed permission, the TUI plugin adds choices to
-allow once, allow for the session, persist for the project, persist globally, or
-reject. Project approvals are written to `.opencode/sandbox.json`; global
-approvals are written to `~/.config/opencode/sandbox.json`.
+When OpenCode asks for a sandboxed permission, the TUI plugin plays the host's
+permission sound and desktop notification, then opens a single dialog with
+choices to allow once, allow for the session, persist for the project, persist
+globally, or reject. The dialog shows the exact path or domain being approved.
+Project approvals are written to `.opencode/sandbox.json`; global approvals are
+written to `~/.config/opencode/sandbox.json`.
 OpenCode's current plugin API allows wrapping AI `bash` tool calls, but does not
 allow a plugin to replace manually typed shell-mode commands with a landstrip

package/index.ts CHANGED Viewed

@@ -3,43 +3,23 @@
 import type { Hooks, Plugin, PluginInput, PluginOptions } from '@opencode-ai/plugin';
-import { binaryPath } from '@jarkkojs/landstrip';
 import { spawnSync } from 'node:child_process';
-import {
-  existsSync,
-  mkdtempSync,
-  readFileSync,
-  realpathSync,
-  rmSync,
-  writeFileSync,
-} from 'node:fs';
+import { existsSync, mkdtempSync, realpathSync, rmSync, writeFileSync } from 'node:fs';
 import { type AddressInfo, connect as connectNet, createServer, type Socket } from 'node:net';
 import { homedir, tmpdir } from 'node:os';
 import { basename, dirname, isAbsolute, join, resolve } from 'node:path';
 import { URL } from 'node:url';
-interface SandboxFilesystemConfig {
-  denyRead: string[];
-  allowRead: string[];
-  allowWrite: string[];
-  denyWrite: string[];
-}
-interface SandboxNetworkConfig {
-  allowNetwork: boolean;
-  allowLocalBinding: boolean;
-  allowAllUnixSockets: boolean;
-  allowUnixSockets: string[];
-  allowedDomains: string[];
-  deniedDomains: string[];
-}
-interface SandboxConfig {
-  enabled: boolean;
-  network: SandboxNetworkConfig;
-  filesystem: SandboxFilesystemConfig;
-}
+import {
+  type SandboxConfig,
+  type SandboxFilesystemConfig,
+  extractDomainsFromCommand,
+  getConfigPaths,
+  isRecord,
+  landstripBinaryPath,
+  loadConfig,
+  normalizeOptions,
+} from './shared.js';
 interface LandstripPolicy {
   network: {
@@ -61,12 +41,6 @@ interface LandstripErrorResponse {
   source?: string;
 }
-interface SandboxConfigOverrides {
-  enabled?: boolean;
-  network?: Partial<SandboxNetworkConfig>;
-  filesystem?: Partial<SandboxFilesystemConfig>;
-}
 interface BashSandboxState {
   originalCommand: string;
   wrappedCommand: string;
@@ -107,13 +81,6 @@ const LANDSTRIP_ERROR_TYPES = new Set<NonNullable<LandstripErrorResponse['type']
   'encoding',
 ]);
 const SUPPORTED_PLATFORMS = new Set<NodeJS.Platform>(['linux', 'darwin', 'win32']);
-const LANDSTRIP_PACKAGE_NAMES = new Set([
-  '@jarkkojs/landstrip',
-  '@jarkkojs/landstrip-darwin-arm64',
-  '@jarkkojs/landstrip-darwin-x64',
-  '@jarkkojs/landstrip-linux-x64',
-  '@jarkkojs/landstrip-win32-x64',
-]);
 function isLandstripErrorReason(value: string): value is LandstripErrorResponse['reason'] {
   return LANDSTRIP_ERROR_REASONS.has(value as LandstripErrorResponse['reason']);
@@ -129,148 +96,6 @@ function isLandstripErrorType(value: string): value is NonNullable<LandstripErro
   return LANDSTRIP_ERROR_TYPES.has(value as NonNullable<LandstripErrorResponse['type']>);
 }
-const DEFAULT_CONFIG: SandboxConfig = {
-  enabled: true,
-  network: {
-    allowNetwork: false,
-    allowLocalBinding: false,
-    allowAllUnixSockets: false,
-    allowUnixSockets: [],
-    allowedDomains: [],
-    deniedDomains: [],
-  },
-  filesystem: {
-    denyRead: ['/Users', '/home'],
-    allowRead: ['.', '~/.gitconfig', '/dev/null'],
-    allowWrite: ['.', '/dev/null'],
-    denyWrite: ['**/.env', '**/.env.*', '**/*.pem', '**/*.key'],
-  },
-};
-function isRecord(value: unknown): value is Record<string, unknown> {
-  return typeof value === 'object' && value !== null && !Array.isArray(value);
-}
-function stringArray(value: unknown): string[] | undefined {
-  if (!Array.isArray(value)) return undefined;
-  return value.every((item) => typeof item === 'string') ? [...value] : undefined;
-}
-function normalizeNetworkConfig(value: unknown): Partial<SandboxNetworkConfig> | undefined {
-  if (!isRecord(value)) return undefined;
-  const config: Partial<SandboxNetworkConfig> = {};
-  if (typeof value.allowNetwork === 'boolean') config.allowNetwork = value.allowNetwork;
-  if (typeof value.allowLocalBinding === 'boolean')
-    config.allowLocalBinding = value.allowLocalBinding;
-  if (typeof value.allowAllUnixSockets === 'boolean')
-    config.allowAllUnixSockets = value.allowAllUnixSockets;
-  const allowUnixSockets = stringArray(value.allowUnixSockets);
-  if (allowUnixSockets) config.allowUnixSockets = allowUnixSockets;
-  const allowedDomains = stringArray(value.allowedDomains);
-  if (allowedDomains) config.allowedDomains = allowedDomains;
-  const deniedDomains = stringArray(value.deniedDomains);
-  if (deniedDomains) config.deniedDomains = deniedDomains;
-  return config;
-}
-function normalizeFilesystemConfig(value: unknown): Partial<SandboxFilesystemConfig> | undefined {
-  if (!isRecord(value)) return undefined;
-  const config: Partial<SandboxFilesystemConfig> = {};
-  const denyRead = stringArray(value.denyRead);
-  if (denyRead) config.denyRead = denyRead;
-  const allowRead = stringArray(value.allowRead);
-  if (allowRead) config.allowRead = allowRead;
-  const allowWrite = stringArray(value.allowWrite);
-  if (allowWrite) config.allowWrite = allowWrite;
-  const denyWrite = stringArray(value.denyWrite);
-  if (denyWrite) config.denyWrite = denyWrite;
-  return config;
-}
-function normalizeConfig(value: unknown): SandboxConfigOverrides {
-  if (!isRecord(value)) return {};
-  const config: SandboxConfigOverrides = {};
-  if (typeof value.enabled === 'boolean') config.enabled = value.enabled;
-  const network = normalizeNetworkConfig(value.network);
-  if (network) config.network = network;
-  const filesystem = normalizeFilesystemConfig(value.filesystem);
-  if (filesystem) config.filesystem = filesystem;
-  return config;
-}
-function normalizeOptions(options: PluginOptions | undefined): SandboxConfigOverrides {
-  if (!isRecord(options)) return {};
-  return normalizeConfig(isRecord(options.config) ? options.config : options);
-}
-function mergeArray(base: string[], override?: string[]): string[] {
-  if (!override) return base;
-  return [...new Set([...base, ...override])];
-}
-function deepMerge(base: SandboxConfig, overrides: SandboxConfigOverrides): SandboxConfig {
-  const network = overrides.network;
-  const filesystem = overrides.filesystem;
-  return {
-    enabled: overrides.enabled ?? base.enabled,
-    network: {
-      allowNetwork: network?.allowNetwork ?? base.network.allowNetwork,
-      allowLocalBinding: network?.allowLocalBinding ?? base.network.allowLocalBinding,
-      allowAllUnixSockets: network?.allowAllUnixSockets ?? base.network.allowAllUnixSockets,
-      allowUnixSockets: mergeArray(base.network.allowUnixSockets, network?.allowUnixSockets),
-      allowedDomains: mergeArray(base.network.allowedDomains, network?.allowedDomains),
-      deniedDomains: mergeArray(base.network.deniedDomains, network?.deniedDomains),
-    },
-    filesystem: {
-      denyRead: mergeArray(base.filesystem.denyRead, filesystem?.denyRead),
-      allowRead: mergeArray(base.filesystem.allowRead, filesystem?.allowRead),
-      allowWrite: mergeArray(base.filesystem.allowWrite, filesystem?.allowWrite),
-      denyWrite: mergeArray(base.filesystem.denyWrite, filesystem?.denyWrite),
-    },
-  };
-}
-function getConfigPaths(baseDirectory: string): { globalPath: string; projectPath: string } {
-  return {
-    globalPath: join(homedir(), '.config', 'opencode', 'sandbox.json'),
-    projectPath: join(baseDirectory, '.opencode', 'sandbox.json'),
-  };
-}
-function readConfigFile(configPath: string): SandboxConfigOverrides {
-  if (!existsSync(configPath)) return {};
-  try {
-    return normalizeConfig(JSON.parse(readFileSync(configPath, 'utf-8')));
-  } catch (error) {
-    console.error(`Warning: Could not parse ${configPath}: ${error}`);
-    return {};
-  }
-}
-function loadConfig(baseDirectory: string, optionOverrides: SandboxConfigOverrides): SandboxConfig {
-  const { globalPath, projectPath } = getConfigPaths(baseDirectory);
-  return deepMerge(
-    deepMerge(deepMerge(DEFAULT_CONFIG, readConfigFile(globalPath)), readConfigFile(projectPath)),
-    optionOverrides,
-  );
-}
 function expandPath(filePath: string, baseDirectory: string): string {
   const expanded = filePath.replace(/^~(?=$|[/])/, homedir());
   return resolve(isAbsolute(expanded) ? expanded : join(baseDirectory, expanded));
@@ -281,33 +106,6 @@ function configuredShellPath(config: unknown): string | undefined {
   return typeof config.shell === 'string' ? config.shell : undefined;
 }
-function landstripBinaryPath(): string {
-  const filePath = realpathSync.native(binaryPath());
-  let probe = dirname(filePath);
-  while (true) {
-    const manifestPath = join(probe, 'package.json');
-    if (existsSync(manifestPath)) {
-      try {
-        const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8')) as unknown;
-        if (isRecord(manifest) && LANDSTRIP_PACKAGE_NAMES.has(String(manifest.name))) {
-          return filePath;
-        }
-      } catch {
-        // malformed package.json — continue walking to parent
-      }
-    }
-    const parent = dirname(probe);
-    if (parent === probe) break;
-    probe = parent;
-  }
-  throw new Error(
-    `Refusing to use landstrip binary outside official @jarkkojs/landstrip packages: ${filePath}`,
-  );
-}
 function canonicalizePath(filePath: string, baseDirectory: string): string {
   const abs = expandPath(filePath, baseDirectory);
@@ -378,18 +176,6 @@ function shouldPromptForWrite(path: string, allowWrite: string[], baseDirectory:
   return allowWrite.length === 0 || !matchesPattern(path, allowWrite, baseDirectory);
 }
-function extractDomainsFromCommand(command: string): string[] {
-  const urlRegex = /https?:\/\/([^\s/:?#'"]+)(?::\d+)?(?:[/?#]|\s|$)/g;
-  const domains = new Set<string>();
-  let match: RegExpExecArray | null;
-  while ((match = urlRegex.exec(command)) !== null) {
-    domains.add(match[1]);
-  }
-  return [...domains];
-}
 function domainMatchesPattern(domain: string, pattern: string): boolean {
   const normalizedDomain = domain.toLowerCase();
   const normalizedPattern = pattern.toLowerCase();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.3.12",
+  "version": "0.3.13",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",
@@ -16,6 +16,7 @@
   "files": [
     "index.ts",
     "tui.ts",
+    "shared.ts",
     "landstrip.d.ts",
     "README.md",
     "sandbox.json"
@@ -37,8 +38,8 @@
     }
   },
   "scripts": {
-    "fmt": "oxfmt index.ts tui.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md test/*.test.mjs",
-    "lint": "oxlint index.ts tui.ts",
+    "fmt": "oxfmt index.ts tui.ts shared.ts package.json tsconfig.json sandbox.json .oxfmtrc.json README.md test/*.test.mjs",
+    "lint": "oxlint index.ts tui.ts shared.ts",
     "check": "tsc --noEmit",
     "test": "node --test test/*.test.mjs",
     "all": "npm run fmt && npm run lint && npm run check && npm test",
@@ -51,7 +52,7 @@
     "@jarkkojs/landstrip": "^0.11.11"
   },
   "devDependencies": {
-    "@opencode-ai/plugin": "^1.17.6",
+    "@opencode-ai/plugin": "^1.17.7",
     "@opentui/core": ">=0.3.4",
     "@opentui/keymap": ">=0.3.4",
     "@opentui/solid": ">=0.3.4",
@@ -61,7 +62,7 @@
     "typescript": "^5.8.2"
   },
   "peerDependencies": {
-    "@opencode-ai/plugin": "^1.17.6"
+    "@opencode-ai/plugin": "^1.17.7"
   },
   "peerDependenciesMeta": {
     "@opencode-ai/plugin": {
@@ -69,6 +70,6 @@
     }
   },
   "engines": {
-    "opencode": ">=1.17.6"
+    "opencode": ">=1.17.7"
   }
 }

package/shared.ts ADDED Viewed

@@ -0,0 +1,318 @@
+// SPDX-License-Identifier: MIT
+// Copyright (C) Jarkko Sakkinen 2026
+import { binaryPath } from '@jarkkojs/landstrip';
+import { existsSync, mkdirSync, readFileSync, realpathSync, writeFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { dirname, join } from 'node:path';
+export interface SandboxFilesystemConfig {
+  denyRead: string[];
+  allowRead: string[];
+  allowWrite: string[];
+  denyWrite: string[];
+}
+export interface SandboxNetworkConfig {
+  allowNetwork: boolean;
+  allowLocalBinding: boolean;
+  allowAllUnixSockets: boolean;
+  allowUnixSockets: string[];
+  allowedDomains: string[];
+  deniedDomains: string[];
+}
+export interface SandboxConfig {
+  enabled: boolean;
+  network: SandboxNetworkConfig;
+  filesystem: SandboxFilesystemConfig;
+}
+export interface SandboxConfigOverrides {
+  enabled?: boolean;
+  network?: Partial<SandboxNetworkConfig>;
+  filesystem?: Partial<SandboxFilesystemConfig>;
+}
+export const DEFAULT_CONFIG: SandboxConfig = {
+  enabled: true,
+  network: {
+    allowNetwork: false,
+    allowLocalBinding: false,
+    allowAllUnixSockets: false,
+    allowUnixSockets: [],
+    allowedDomains: [],
+    deniedDomains: [],
+  },
+  filesystem: {
+    denyRead: ['/Users', '/home'],
+    allowRead: ['.', '~/.gitconfig', '/dev/null'],
+    allowWrite: ['.', '/dev/null'],
+    denyWrite: ['**/.env', '**/.env.*', '**/*.pem', '**/*.key'],
+  },
+};
+const LANDSTRIP_PACKAGE_NAMES = new Set([
+  '@jarkkojs/landstrip',
+  '@jarkkojs/landstrip-darwin-arm64',
+  '@jarkkojs/landstrip-darwin-x64',
+  '@jarkkojs/landstrip-linux-x64',
+  '@jarkkojs/landstrip-win32-x64',
+]);
+export function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+function stringArray(value: unknown): string[] | undefined {
+  if (!Array.isArray(value)) return undefined;
+  return value.every((item) => typeof item === 'string') ? [...value] : undefined;
+}
+function normalizeNetworkConfig(value: unknown): Partial<SandboxNetworkConfig> | undefined {
+  if (!isRecord(value)) return undefined;
+  const config: Partial<SandboxNetworkConfig> = {};
+  if (typeof value.allowNetwork === 'boolean') config.allowNetwork = value.allowNetwork;
+  if (typeof value.allowLocalBinding === 'boolean')
+    config.allowLocalBinding = value.allowLocalBinding;
+  if (typeof value.allowAllUnixSockets === 'boolean')
+    config.allowAllUnixSockets = value.allowAllUnixSockets;
+  const allowUnixSockets = stringArray(value.allowUnixSockets);
+  if (allowUnixSockets) config.allowUnixSockets = allowUnixSockets;
+  const allowedDomains = stringArray(value.allowedDomains);
+  if (allowedDomains) config.allowedDomains = allowedDomains;
+  const deniedDomains = stringArray(value.deniedDomains);
+  if (deniedDomains) config.deniedDomains = deniedDomains;
+  return config;
+}
+function normalizeFilesystemConfig(value: unknown): Partial<SandboxFilesystemConfig> | undefined {
+  if (!isRecord(value)) return undefined;
+  const config: Partial<SandboxFilesystemConfig> = {};
+  const denyRead = stringArray(value.denyRead);
+  if (denyRead) config.denyRead = denyRead;
+  const allowRead = stringArray(value.allowRead);
+  if (allowRead) config.allowRead = allowRead;
+  const allowWrite = stringArray(value.allowWrite);
+  if (allowWrite) config.allowWrite = allowWrite;
+  const denyWrite = stringArray(value.denyWrite);
+  if (denyWrite) config.denyWrite = denyWrite;
+  return config;
+}
+export function normalizeConfig(value: unknown): SandboxConfigOverrides {
+  if (!isRecord(value)) return {};
+  const config: SandboxConfigOverrides = {};
+  if (typeof value.enabled === 'boolean') config.enabled = value.enabled;
+  const network = normalizeNetworkConfig(value.network);
+  if (network) config.network = network;
+  const filesystem = normalizeFilesystemConfig(value.filesystem);
+  if (filesystem) config.filesystem = filesystem;
+  return config;
+}
+export function normalizeOptions(options: unknown): SandboxConfigOverrides {
+  if (!isRecord(options)) return {};
+  return normalizeConfig(isRecord(options.config) ? options.config : options);
+}
+function mergeArray(base: string[], override?: string[]): string[] {
+  if (!override) return base;
+  return [...new Set([...base, ...override])];
+}
+export function deepMerge(base: SandboxConfig, overrides: SandboxConfigOverrides): SandboxConfig {
+  const network = overrides.network;
+  const filesystem = overrides.filesystem;
+  return {
+    enabled: overrides.enabled ?? base.enabled,
+    network: {
+      allowNetwork: network?.allowNetwork ?? base.network.allowNetwork,
+      allowLocalBinding: network?.allowLocalBinding ?? base.network.allowLocalBinding,
+      allowAllUnixSockets: network?.allowAllUnixSockets ?? base.network.allowAllUnixSockets,
+      allowUnixSockets: mergeArray(base.network.allowUnixSockets, network?.allowUnixSockets),
+      allowedDomains: mergeArray(base.network.allowedDomains, network?.allowedDomains),
+      deniedDomains: mergeArray(base.network.deniedDomains, network?.deniedDomains),
+    },
+    filesystem: {
+      denyRead: mergeArray(base.filesystem.denyRead, filesystem?.denyRead),
+      allowRead: mergeArray(base.filesystem.allowRead, filesystem?.allowRead),
+      allowWrite: mergeArray(base.filesystem.allowWrite, filesystem?.allowWrite),
+      denyWrite: mergeArray(base.filesystem.denyWrite, filesystem?.denyWrite),
+    },
+  };
+}
+export function getConfigPaths(baseDirectory: string): { globalPath: string; projectPath: string } {
+  return {
+    globalPath: join(homedir(), '.config', 'opencode', 'sandbox.json'),
+    projectPath: join(baseDirectory, '.opencode', 'sandbox.json'),
+  };
+}
+// Returns `{}` when the file is absent and `null` when it exists but cannot be
+// parsed, so callers can refuse to overwrite a corrupted config.
+export function readConfigFile(configPath: string): SandboxConfigOverrides | null {
+  if (!existsSync(configPath)) return {};
+  try {
+    return normalizeConfig(JSON.parse(readFileSync(configPath, 'utf-8')));
+  } catch {
+    return null;
+  }
+}
+export function loadConfig(
+  baseDirectory: string,
+  optionOverrides: SandboxConfigOverrides,
+): SandboxConfig {
+  const { globalPath, projectPath } = getConfigPaths(baseDirectory);
+  return deepMerge(
+    deepMerge(
+      deepMerge(DEFAULT_CONFIG, readConfigFile(globalPath) ?? {}),
+      readConfigFile(projectPath) ?? {},
+    ),
+    optionOverrides,
+  );
+}
+export function writeConfigFile(configPath: string, update: SandboxConfigOverrides): void {
+  const current = readConfigFile(configPath);
+  if (current === null) {
+    throw new Error(`Config file ${configPath} is corrupted; refusing to overwrite`);
+  }
+  const next = deepMerge(deepMerge(DEFAULT_CONFIG, current), update);
+  mkdirSync(dirname(configPath), { recursive: true });
+  writeFileSync(configPath, JSON.stringify(next, null, 2) + '\n');
+}
+export function landstripBinaryPath(): string {
+  const filePath = realpathSync.native(binaryPath());
+  let probe = dirname(filePath);
+  while (true) {
+    const manifestPath = join(probe, 'package.json');
+    if (existsSync(manifestPath)) {
+      try {
+        const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8')) as unknown;
+        if (isRecord(manifest) && LANDSTRIP_PACKAGE_NAMES.has(String(manifest.name))) {
+          return filePath;
+        }
+      } catch {
+        // malformed package.json — continue walking to parent
+      }
+    }
+    const parent = dirname(probe);
+    if (parent === probe) break;
+    probe = parent;
+  }
+  throw new Error(
+    `Refusing to use landstrip binary outside official @jarkkojs/landstrip packages: ${filePath}`,
+  );
+}
+export function extractDomainsFromCommand(command: string): string[] {
+  const urlRegex = /https?:\/\/([^\s/:?#'"]+)(?::\d+)?(?:[/?#]|\s|$)/g;
+  const domains = new Set<string>();
+  let match: RegExpExecArray | null;
+  while ((match = urlRegex.exec(command)) !== null) {
+    domains.add(match[1]);
+  }
+  return [...domains];
+}
+// Permission requests reach the plugin in slightly different shapes across the
+// server hook and the TUI event bus, so the field-fallback parsing below is the
+// single source of truth both entrypoints share.
+export function permissionType(permission: Record<string, unknown>, fallback = ''): string {
+  if (typeof permission.permission === 'string') return permission.permission;
+  if (typeof permission.action === 'string') return permission.action;
+  if (typeof permission.type === 'string') return permission.type;
+  return fallback;
+}
+export function permissionPattern(permission: Record<string, unknown>): string | undefined {
+  const patterns = permission.patterns;
+  if (Array.isArray(patterns))
+    return patterns.find((item): item is string => typeof item === 'string');
+  const pattern = permission.pattern;
+  if (typeof pattern === 'string') return pattern;
+  if (Array.isArray(pattern))
+    return pattern.find((item): item is string => typeof item === 'string');
+  return undefined;
+}
+export function permissionLabel(permission: Record<string, unknown>): string {
+  const type = permissionType(permission, 'permission');
+  const title = typeof permission.title === 'string' ? permission.title : type;
+  const pattern = permissionPattern(permission);
+  return pattern ? `${title}: ${pattern}` : title;
+}
+// The concrete resource a permission concerns (a path or a domain), used to show
+// the user exactly what they are approving and to persist the right allowlist.
+export function permissionResource(permission: Record<string, unknown>): string | undefined {
+  const metadata = isRecord(permission.metadata) ? permission.metadata : {};
+  const type = permissionType(permission);
+  const pattern = permissionPattern(permission);
+  if (type === 'bash') {
+    const command = typeof metadata.command === 'string' ? metadata.command : pattern;
+    const domains = typeof command === 'string' ? extractDomainsFromCommand(command) : [];
+    return domains.length > 0 ? domains.join(', ') : (command ?? pattern);
+  }
+  if (typeof metadata.filepath === 'string') return metadata.filepath;
+  if (typeof metadata.path === 'string') return metadata.path;
+  return pattern;
+}
+export function updateForPermission(
+  permission: Record<string, unknown>,
+): SandboxConfigOverrides | null {
+  const metadata = isRecord(permission.metadata) ? permission.metadata : {};
+  const type = permissionType(permission);
+  const pattern = permissionPattern(permission);
+  if (type === 'bash') {
+    const command = typeof metadata.command === 'string' ? metadata.command : pattern;
+    const domains = typeof command === 'string' ? extractDomainsFromCommand(command) : [];
+    return domains.length > 0 ? { network: { allowedDomains: domains } } : null;
+  }
+  if (type === 'read' || type === 'glob' || type === 'grep' || type === 'list') {
+    const filePath = typeof metadata.filepath === 'string' ? metadata.filepath : pattern;
+    return filePath ? { filesystem: { allowRead: [filePath] } } : null;
+  }
+  if (type === 'edit' || type === 'write' || type === 'apply_patch') {
+    const filePath = typeof metadata.filepath === 'string' ? metadata.filepath : pattern;
+    return filePath ? { filesystem: { allowWrite: [filePath] } } : null;
+  }
+  return null;
+}

package/tui.ts CHANGED Viewed

@@ -1,230 +1,35 @@
 // SPDX-License-Identifier: MIT
 // Copyright (C) Jarkko Sakkinen 2026
-import type { TuiPlugin } from '@opencode-ai/plugin/tui';
-import { binaryPath } from '@jarkkojs/landstrip';
-import { existsSync, mkdirSync, readFileSync, realpathSync, writeFileSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { dirname, join } from 'node:path';
-interface SandboxFilesystemConfig {
-  denyRead: string[];
-  allowRead: string[];
-  allowWrite: string[];
-  denyWrite: string[];
-}
-interface SandboxNetworkConfig {
-  allowNetwork: boolean;
-  allowLocalBinding: boolean;
-  allowAllUnixSockets: boolean;
-  allowUnixSockets: string[];
-  allowedDomains: string[];
-  deniedDomains: string[];
-}
-interface SandboxConfig {
-  enabled: boolean;
-  network: SandboxNetworkConfig;
-  filesystem: SandboxFilesystemConfig;
-}
-interface SandboxConfigOverrides {
-  enabled?: boolean;
-  network?: Partial<SandboxNetworkConfig>;
-  filesystem?: Partial<SandboxFilesystemConfig>;
-}
-const DEFAULT_CONFIG: SandboxConfig = {
-  enabled: true,
-  network: {
-    allowNetwork: false,
-    allowLocalBinding: false,
-    allowAllUnixSockets: false,
-    allowUnixSockets: [],
-    allowedDomains: [],
-    deniedDomains: [],
-  },
-  filesystem: {
-    denyRead: ['/Users', '/home'],
-    allowRead: ['.', '~/.gitconfig', '/dev/null'],
-    allowWrite: ['.', '/dev/null'],
-    denyWrite: ['**/.env', '**/.env.*', '**/*.pem', '**/*.key'],
-  },
-};
-const LANDSTRIP_PACKAGE_NAMES = new Set([
-  '@jarkkojs/landstrip',
-  '@jarkkojs/landstrip-darwin-arm64',
-  '@jarkkojs/landstrip-darwin-x64',
-  '@jarkkojs/landstrip-linux-x64',
-  '@jarkkojs/landstrip-win32-x64',
-]);
-function isRecord(value: unknown): value is Record<string, unknown> {
-  return typeof value === 'object' && value !== null && !Array.isArray(value);
-}
-function stringArray(value: unknown): string[] | undefined {
-  if (!Array.isArray(value)) return undefined;
-  return value.every((item) => typeof item === 'string') ? [...value] : undefined;
-}
-function normalizeNetworkConfig(value: unknown): Partial<SandboxNetworkConfig> | undefined {
-  if (!isRecord(value)) return undefined;
-  const config: Partial<SandboxNetworkConfig> = {};
-  if (typeof value.allowNetwork === 'boolean') config.allowNetwork = value.allowNetwork;
-  if (typeof value.allowLocalBinding === 'boolean')
-    config.allowLocalBinding = value.allowLocalBinding;
-  if (typeof value.allowAllUnixSockets === 'boolean')
-    config.allowAllUnixSockets = value.allowAllUnixSockets;
-  const allowUnixSockets = stringArray(value.allowUnixSockets);
-  if (allowUnixSockets) config.allowUnixSockets = allowUnixSockets;
-  const allowedDomains = stringArray(value.allowedDomains);
-  if (allowedDomains) config.allowedDomains = allowedDomains;
-  const deniedDomains = stringArray(value.deniedDomains);
-  if (deniedDomains) config.deniedDomains = deniedDomains;
-  return config;
-}
-function normalizeFilesystemConfig(value: unknown): Partial<SandboxFilesystemConfig> | undefined {
-  if (!isRecord(value)) return undefined;
-  const config: Partial<SandboxFilesystemConfig> = {};
-  const denyRead = stringArray(value.denyRead);
-  if (denyRead) config.denyRead = denyRead;
-  const allowRead = stringArray(value.allowRead);
-  if (allowRead) config.allowRead = allowRead;
-  const allowWrite = stringArray(value.allowWrite);
-  if (allowWrite) config.allowWrite = allowWrite;
-  const denyWrite = stringArray(value.denyWrite);
-  if (denyWrite) config.denyWrite = denyWrite;
-  return config;
-}
-function normalizeConfig(value: unknown): SandboxConfigOverrides {
-  if (!isRecord(value)) return {};
-  const config: SandboxConfigOverrides = {};
-  if (typeof value.enabled === 'boolean') config.enabled = value.enabled;
-  const network = normalizeNetworkConfig(value.network);
-  if (network) config.network = network;
-  const filesystem = normalizeFilesystemConfig(value.filesystem);
-  if (filesystem) config.filesystem = filesystem;
-  return config;
-}
-function normalizeOptions(options: unknown): SandboxConfigOverrides {
-  if (!isRecord(options)) return {};
-  return normalizeConfig(isRecord(options.config) ? options.config : options);
-}
-function mergeArray(base: string[], override?: string[]): string[] {
-  if (!override) return base;
-  return [...new Set([...base, ...override])];
-}
-function deepMerge(base: SandboxConfig, overrides: SandboxConfigOverrides): SandboxConfig {
-  const network = overrides.network;
-  const filesystem = overrides.filesystem;
-  return {
-    enabled: overrides.enabled ?? base.enabled,
-    network: {
-      allowNetwork: network?.allowNetwork ?? base.network.allowNetwork,
-      allowLocalBinding: network?.allowLocalBinding ?? base.network.allowLocalBinding,
-      allowAllUnixSockets: network?.allowAllUnixSockets ?? base.network.allowAllUnixSockets,
-      allowUnixSockets: mergeArray(base.network.allowUnixSockets, network?.allowUnixSockets),
-      allowedDomains: mergeArray(base.network.allowedDomains, network?.allowedDomains),
-      deniedDomains: mergeArray(base.network.deniedDomains, network?.deniedDomains),
-    },
-    filesystem: {
-      denyRead: mergeArray(base.filesystem.denyRead, filesystem?.denyRead),
-      allowRead: mergeArray(base.filesystem.allowRead, filesystem?.allowRead),
-      allowWrite: mergeArray(base.filesystem.allowWrite, filesystem?.allowWrite),
-      denyWrite: mergeArray(base.filesystem.denyWrite, filesystem?.denyWrite),
-    },
-  };
-}
-function getConfigPaths(baseDirectory: string): { globalPath: string; projectPath: string } {
-  return {
-    globalPath: join(homedir(), '.config', 'opencode', 'sandbox.json'),
-    projectPath: join(baseDirectory, '.opencode', 'sandbox.json'),
-  };
-}
-function readConfigFile(configPath: string): SandboxConfigOverrides | null {
-  if (!existsSync(configPath)) return {};
-  try {
-    return normalizeConfig(JSON.parse(readFileSync(configPath, 'utf-8')));
-  } catch {
-    return null;
-  }
-}
-function landstripBinaryPath(): string {
-  const filePath = realpathSync.native(binaryPath());
-  let probe = dirname(filePath);
-  while (true) {
-    const manifestPath = join(probe, 'package.json');
-    if (existsSync(manifestPath)) {
-      try {
-        const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8')) as unknown;
-        if (isRecord(manifest) && LANDSTRIP_PACKAGE_NAMES.has(String(manifest.name))) {
-          return filePath;
-        }
-      } catch {
-        // malformed package.json — continue walking to parent
-      }
-    }
-    const parent = dirname(probe);
-    if (parent === probe) break;
-    probe = parent;
-  }
-  throw new Error(
-    `Refusing to use landstrip binary outside official @jarkkojs/landstrip packages: ${filePath}`,
-  );
+import type { TuiPlugin, TuiSlotContext, TuiSlotPlugin } from '@opencode-ai/plugin/tui';
+import { existsSync } from 'node:fs';
+import {
+  type SandboxConfigOverrides,
+  getConfigPaths,
+  landstripBinaryPath,
+  loadConfig,
+  normalizeOptions,
+  permissionLabel,
+  permissionResource,
+  updateForPermission,
+  writeConfigFile,
+} from './shared.js';
+// The shape shared by the `permission.asked` event payload and the entries
+// returned from `api.state.session.permission()`. Both carry `permission`
+// (the kind), `patterns`, and `tool.callID`; neither carries a `title`.
+interface PendingPermission {
+  id: string;
+  sessionID: string;
+  permission: string;
+  patterns: string[];
+  metadata: Record<string, unknown>;
+  tool?: { callID: string };
 }
-function writeConfigFile(configPath: string, update: SandboxConfigOverrides): void {
-  const current = readConfigFile(configPath);
-  if (current === null) {
-    throw new Error(`Config file ${configPath} is corrupted; refusing to overwrite`);
-  }
-  const next = deepMerge(deepMerge(DEFAULT_CONFIG, current), update);
-  mkdirSync(dirname(configPath), { recursive: true });
-  writeFileSync(configPath, JSON.stringify(next, null, 2) + '\n');
-}
-function loadConfig(baseDirectory: string, optionOverrides: SandboxConfigOverrides): SandboxConfig {
-  const { globalPath, projectPath } = getConfigPaths(baseDirectory);
-  const globalConfig = readConfigFile(globalPath);
-  const projectConfig = readConfigFile(projectPath);
-  return deepMerge(
-    deepMerge(deepMerge(DEFAULT_CONFIG, globalConfig ?? {}), projectConfig ?? {}),
-    optionOverrides,
-  );
-}
+type PermissionChoice = 'once' | 'session' | 'project' | 'global' | 'reject';
 function list(values: string[]): string {
   return values.join(', ') || '(none)';
@@ -263,85 +68,72 @@ function sandboxSummary(baseDirectory: string, optionOverrides: SandboxConfigOve
   ].join('\n');
 }
-type PermissionChoice = 'once' | 'session' | 'project' | 'global' | 'reject';
-function permissionType(permission: Record<string, unknown>, fallback = ''): string {
-  if (typeof permission.permission === 'string') return permission.permission;
-  if (typeof permission.action === 'string') return permission.action;
-  if (typeof permission.type === 'string') return permission.type;
-  return fallback;
+function asRecord(permission: PendingPermission): Record<string, unknown> {
+  return permission as unknown as Record<string, unknown>;
 }
-function permissionPattern(permission: Record<string, unknown>): string | undefined {
-  const patterns = permission.patterns;
-  if (Array.isArray(patterns))
-    return patterns.find((item): item is string => typeof item === 'string');
-  const pattern = permission.pattern;
-  if (typeof pattern === 'string') return pattern;
-  if (Array.isArray(pattern))
-    return pattern.find((item): item is string => typeof item === 'string');
-  return undefined;
+function permissionDetail(permission: PendingPermission): string {
+  const label = permissionLabel(asRecord(permission));
+  const resource = permissionResource(asRecord(permission));
+  return resource && !label.includes(resource) ? `${label}: ${resource}` : label;
 }
-function domainsFromCommand(command: string): string[] {
-  const domains = new Set<string>();
-  const urlRegex = /https?:\/\/([^\s/:?#'"]+)(?::\d+)?(?:[/?#]|\s|$)/g;
-  let match: RegExpExecArray | null;
-  while ((match = urlRegex.exec(command)) !== null) domains.add(match[1]);
-  return [...domains];
-}
-function updateForPermission(permission: Record<string, unknown>): SandboxConfigOverrides | null {
-  const metadata = isRecord(permission.metadata) ? permission.metadata : {};
-  const type = permissionType(permission);
-  const pattern = permissionPattern(permission);
-  if (type === 'bash') {
-    const command = typeof metadata.command === 'string' ? metadata.command : pattern;
-    const domains = typeof command === 'string' ? domainsFromCommand(command) : [];
-    return domains.length > 0 ? { network: { allowedDomains: domains } } : null;
+const tui: TuiPlugin = async (api, options, meta) => {
+  const optionOverrides = normalizeOptions(options);
+  // Permission requests can arrive twice (the live event and a reconnect replay
+  // of `api.state`), so `resolved` tracks ids we have already answered and
+  // `activeId` guards against stacking a second sandbox dialog on the first.
+  const resolved = new Set<string>();
+  const queue: PendingPermission[] = [];
+  let activeId: string | undefined;
+  function pump(): void {
+    if (activeId !== undefined) return;
+    let next = queue.shift();
+    while (next && resolved.has(next.id)) next = queue.shift();
+    if (!next) return;
+    showPermission(next);
   }
-  if (type === 'read' || type === 'glob' || type === 'grep' || type === 'list') {
-    const filePath = typeof metadata.filepath === 'string' ? metadata.filepath : pattern;
-    return filePath ? { filesystem: { allowRead: [filePath] } } : null;
+  function enqueue(permission: PendingPermission): void {
+    if (!permission.id || resolved.has(permission.id)) return;
+    if (activeId === permission.id) return;
+    if (queue.some((item) => item.id === permission.id)) return;
+    queue.push(permission);
+    pump();
   }
-  if (type === 'edit' || type === 'write' || type === 'apply_patch') {
-    const filePath = typeof metadata.filepath === 'string' ? metadata.filepath : pattern;
-    return filePath ? { filesystem: { allowWrite: [filePath] } } : null;
+  // Safety net for missed/late events and reconnects: fold whatever the host
+  // still considers pending for this session back into the queue.
+  function reconcile(sessionID: string): void {
+    for (const pending of api.state.session.permission(sessionID)) {
+      enqueue(pending as PendingPermission);
+    }
   }
-  return null;
-}
-function permissionLabel(permission: Record<string, unknown>): string {
-  const type = permissionType(permission, 'permission');
-  const title = typeof permission.title === 'string' ? permission.title : type;
-  const pattern = permissionPattern(permission);
-  return pattern ? `${title}: ${pattern}` : title;
-}
-const tui: TuiPlugin = async (api, options) => {
-  const handledPermissions = new Set<string>();
+  function finishActive(id: string): void {
+    resolved.add(id);
+    if (activeId === id) {
+      activeId = undefined;
+      api.ui.dialog.clear();
+    }
+    pump();
+  }
   async function replyPermission(
-    permission: Record<string, unknown>,
+    permission: PendingPermission,
     choice: PermissionChoice,
   ): Promise<void> {
-    const id = typeof permission.id === 'string' ? permission.id : undefined;
-    if (!id || typeof permission.sessionID !== 'string') return;
+    const { id, sessionID } = permission;
+    if (!id || !sessionID) return;
     const directory = api.state.path.directory || process.cwd();
     const { globalPath, projectPath } = getConfigPaths(directory);
     try {
       if (choice === 'project' || choice === 'global') {
-        const update = updateForPermission(permission);
+        const update = updateForPermission(asRecord(permission));
         if (update) writeConfigFile(choice === 'project' ? projectPath : globalPath, update);
       }
@@ -362,54 +154,84 @@ const tui: TuiPlugin = async (api, options) => {
         variant: 'warning',
       });
     } finally {
-      api.ui.dialog.clear();
+      finishActive(id);
     }
   }
-  function showPermission(permission: Record<string, unknown>): void {
-    const id = typeof permission.id === 'string' ? permission.id : undefined;
-    if (!id || handledPermissions.has(id)) return;
-    handledPermissions.add(id);
+  function showPermission(permission: PendingPermission): void {
+    activeId = permission.id;
+    void api.attention.notify({
+      title: 'Sandbox permission',
+      message: permissionDetail(permission),
+      sound: { name: 'permission' },
+      notification: true,
+    });
     api.ui.dialog.replace(
       () =>
         api.ui.DialogSelect<PermissionChoice>({
           title: 'Sandbox Permission',
-          placeholder: permissionLabel(permission),
+          placeholder: permissionDetail(permission),
           options: [
-            { title: 'Allow once', value: 'once', description: 'Approve only this request' },
+            {
+              title: 'Allow once',
+              value: 'once',
+              category: 'This request',
+              description: 'Approve only this request',
+            },
             {
               title: 'Allow for session',
               value: 'session',
+              category: 'This request',
               description: 'Use OpenCode session approval for matching requests',
             },
             {
               title: 'Allow for project',
               value: 'project',
+              category: 'Persist to sandbox.json',
               description: 'Persist to .opencode/sandbox.json and approve this session',
             },
             {
               title: 'Allow globally',
               value: 'global',
+              category: 'Persist to sandbox.json',
               description: 'Persist to ~/.config/opencode/sandbox.json and approve this session',
             },
-            { title: 'Reject', value: 'reject', description: 'Deny this request' },
+            {
+              title: 'Reject',
+              value: 'reject',
+              category: 'Deny',
+              description: 'Deny this request',
+            },
           ],
           onSelect: (option) => {
             void replyPermission(permission, option.value);
           },
         }),
-      () => api.ui.dialog.clear(),
+      () => {
+        // Dialog dismissed (esc) without a choice: drop our hold so the next
+        // pending permission can surface, but leave it unresolved upstream.
+        if (activeId === permission.id) activeId = undefined;
+        api.ui.dialog.clear();
+        pump();
+      },
     );
   }
-  api.event.on('permission.asked', (event) => {
-    showPermission(event.properties as Record<string, unknown>);
+  const unsubscribeAsked = api.event.on('permission.asked', (event) => {
+    const pending = event.properties as PendingPermission;
+    enqueue(pending);
+    reconcile(pending.sessionID);
+  });
+  const unsubscribeReplied = api.event.on('permission.replied', (event) => {
+    finishActive(event.properties.requestID);
   });
   const showSandbox = () => {
     const directory = api.state.path.directory || process.cwd();
-    const message = sandboxSummary(directory, normalizeOptions(options));
+    const message = sandboxSummary(directory, optionOverrides);
     api.ui.dialog.replace(
       () =>
@@ -430,64 +252,85 @@ const tui: TuiPlugin = async (api, options) => {
   api.keymap.registerLayer({
     commands: [
       {
+        namespace: 'palette',
         name: 'sandbox',
         title: 'Sandbox',
-        description: 'Show sandbox configuration',
+        desc: 'Show sandbox configuration',
         category: 'Sandbox',
         suggested: true,
-        slash: { name: 'sandbox' },
+        slashName: 'sandbox',
         run: showSandbox,
       },
       {
+        namespace: 'palette',
         name: 'sandbox-disable',
         title: 'Disable sandbox',
-        description: 'Disable sandbox for this session',
+        desc: 'Disable sandbox for this session',
         category: 'Sandbox',
         suggested: true,
-        slash: { name: 'sandbox-disable' },
+        slashName: 'sandbox-disable',
         run: () => executeServerCommand('sandbox-disable'),
       },
       {
+        namespace: 'palette',
         name: 'sandbox-enable',
         title: 'Enable sandbox',
-        description: 'Re-enable sandbox for this session',
+        desc: 'Re-enable sandbox for this session',
         category: 'Sandbox',
         suggested: true,
-        slash: { name: 'sandbox-enable' },
+        slashName: 'sandbox-enable',
         run: () => executeServerCommand('sandbox-enable'),
       },
     ],
   });
-  api.command?.register(() => [
-    {
-      title: 'Sandbox',
-      value: 'sandbox',
-      description: 'Show sandbox configuration',
-      category: 'Sandbox',
-      suggested: true,
-      slash: { name: 'sandbox' },
-      onSelect: showSandbox,
-    },
-    {
-      title: 'Disable sandbox',
-      value: 'sandbox-disable',
-      description: 'Disable sandbox for this session',
-      category: 'Sandbox',
-      suggested: true,
-      slash: { name: 'sandbox-disable' },
-      onSelect: () => executeServerCommand('sandbox-disable'),
-    },
-    {
-      title: 'Enable sandbox',
-      value: 'sandbox-enable',
-      description: 'Re-enable sandbox for this session',
-      category: 'Sandbox',
-      suggested: true,
-      slash: { name: 'sandbox-enable' },
-      onSelect: () => executeServerCommand('sandbox-enable'),
-    },
-  ]);
+  // Persistent status badge in the prompt area. It needs the host's Solid
+  // runtime, imported defensively so a host that resolves plugin imports
+  // differently still loads the plugin — the badge just stays absent there.
+  try {
+    const { jsx } = await import('@opentui/solid/jsx-runtime');
+    const statusBadge = (ctx: TuiSlotContext) => {
+      const directory = api.state.path.directory || process.cwd();
+      const config = loadConfig(directory, optionOverrides);
+      const theme = ctx.theme.current;
+      if (!config.enabled) return jsx('text', { fg: theme.textMuted, children: 'sandbox off' });
+      const open = config.network.allowNetwork;
+      return jsx('text', {
+        fg: open ? theme.warning : theme.success,
+        children: `sandbox · ${open ? 'net open' : 'net proxied'}`,
+      });
+    };
+    const statusSlot: TuiSlotPlugin = {
+      slots: {
+        home_prompt_right: (ctx) => statusBadge(ctx),
+        session_prompt_right: (ctx) => statusBadge(ctx),
+      },
+    };
+    api.slots.register(statusSlot);
+  } catch {
+    // Solid runtime unavailable on this host — skip the status badge.
+  }
+  // First-run onboarding: a single quiet pointer to the default-strict policy
+  // and the inspector command. `meta.state` flags a freshly installed plugin;
+  // the kv flag keeps it from repeating across reloads.
+  if (meta.state === 'first' && !api.kv.get<boolean>('onboarded', false)) {
+    api.kv.set('onboarded', true);
+    api.ui.toast({
+      title: 'Sandbox active',
+      message: 'Landlock policy is on (default strict). Run /sandbox to inspect it.',
+      variant: 'info',
+      duration: 8000,
+    });
+  }
+  api.lifecycle.onDispose(() => {
+    unsubscribeAsked();
+    unsubscribeReplied();
+  });
 };
 export { tui };