opencode-landstrip 0.3.13 → 0.14.1

package/README.md

@@ -1,7 +1,7 @@
 # opencode-landstrip
 
 Landlock-based sandboxing for [opencode](https://opencode.ai/) using
-[`landstrip`](https://github.com/jarkkojs/landstrip).
+[`landstrip`](https://github.com/landstrip/landstrip).
 
 ## Install
 
@@ -26,7 +26,7 @@ manually:
 
 `opencode plugin install opencode-landstrip` configures both entrypoints.
 
-This installs `opencode-landstrip` and its `@jarkkojs/landstrip` dependency, which
+This installs `opencode-landstrip` and its `@landstrip/landstrip` dependency, which
 includes platform-specific native binaries for Linux, macOS, and Windows.
 
 Requires OpenCode `1.17.7` or newer.
@@ -82,5 +82,5 @@ Set `enabled` to `false` in `sandbox.json`, or pass plugin options:
 `opencode-landstrip` is licensed under `MIT`. See [LICENSE](LICENSE) for more
 information.
 
-The bundled `@jarkkojs/landstrip` package is licensed separately as
+The bundled `@landstrip/landstrip` package is licensed separately as
 `Apache-2.0 AND LGPL-2.1-or-later`.

package/index.ts

@@ -32,14 +32,12 @@ interface LandstripPolicy {
   filesystem: SandboxFilesystemConfig;
 }
 
-interface LandstripErrorResponse {
-  reason: 'Other' | 'AccessDenied' | 'LaunchFailed' | 'SetupFailed' | 'Usage';
-  file?: string;
-  operation?: 'read' | 'write';
-  program?: string;
-  type?: 'filesystem' | 'network' | 'platform' | 'launch' | 'encoding';
-  source?: string;
-}
+type LandstripTrap =
+  | { kind: 'Filesystem'; operation: 'read' | 'write'; path: string; mechanism: string }
+  | { kind: 'Network'; operation: string; target: string; mechanism: string }
+  | { kind: 'Launch'; program: string; message: string }
+  | { kind: 'Usage'; message: string }
+  | { kind: 'Internal'; fields: Record<string, string> };
 
 interface BashSandboxState {
   originalCommand: string;
@@ -60,40 +58,13 @@ interface SandboxPermissionDecision {
 
 type ToastVariant = 'info' | 'success' | 'warning' | 'error';
 
-const LANDSTRIP_VERSION = [0, 11, 9] as const;
+const LANDSTRIP_VERSION = [0, 14, 5] as const;
 const REQUIRED_LANDSTRIP_VERSION = LANDSTRIP_VERSION.join('.');
-const LANDSTRIP_ERROR_REASONS = new Set<LandstripErrorResponse['reason']>([
-  'Other',
-  'AccessDenied',
-  'LaunchFailed',
-  'SetupFailed',
-  'Usage',
-]);
-const LANDSTRIP_OPERATIONS = new Set<NonNullable<LandstripErrorResponse['operation']>>([
-  'read',
-  'write',
-]);
-const LANDSTRIP_ERROR_TYPES = new Set<NonNullable<LandstripErrorResponse['type']>>([
-  'filesystem',
-  'network',
-  'platform',
-  'launch',
-  'encoding',
-]);
+const LANDSTRIP_OPERATIONS = new Set<'read' | 'write'>(['read', 'write']);
 const SUPPORTED_PLATFORMS = new Set<NodeJS.Platform>(['linux', 'darwin', 'win32']);
 
-function isLandstripErrorReason(value: string): value is LandstripErrorResponse['reason'] {
-  return LANDSTRIP_ERROR_REASONS.has(value as LandstripErrorResponse['reason']);
-}
-
-function isLandstripOperation(
-  value: string,
-): value is NonNullable<LandstripErrorResponse['operation']> {
-  return LANDSTRIP_OPERATIONS.has(value as NonNullable<LandstripErrorResponse['operation']>);
-}
-
-function isLandstripErrorType(value: string): value is NonNullable<LandstripErrorResponse['type']> {
-  return LANDSTRIP_ERROR_TYPES.has(value as NonNullable<LandstripErrorResponse['type']>);
+function isLandstripOperation(value: unknown): value is 'read' | 'write' {
+  return typeof value === 'string' && LANDSTRIP_OPERATIONS.has(value as 'read' | 'write');
 }
 
 function expandPath(filePath: string, baseDirectory: string): string {
@@ -130,6 +101,38 @@ function canonicalizePath(filePath: string, baseDirectory: string): string {
   }
 }
 
+/**
+ * Translates an absolute glob pattern to a regular expression using standard
+ * path semantics: `**` crosses directory boundaries (and `**​/` may match zero
+ * segments), while a single `*` is confined to one path segment.
+ */
+function globToRegExp(globPattern: string): RegExp {
+  let regex = '';
+
+  for (let i = 0; i < globPattern.length; i++) {
+    const char = globPattern[i];
+    if (char === '*') {
+      if (globPattern[i + 1] === '*') {
+        i++;
+        if (globPattern[i + 1] === '/') {
+          i++;
+          regex += '(?:.*/)?';
+        } else {
+          regex += '.*';
+        }
+      } else {
+        regex += '[^/]*';
+      }
+    } else if (/[.+^${}()|[\]\\]/.test(char)) {
+      regex += `\\${char}`;
+    } else {
+      regex += char;
+    }
+  }
+
+  return new RegExp(`^${regex}$`);
+}
+
 function matchesPattern(filePath: string, patterns: string[], baseDirectory: string): boolean {
   const abs = canonicalizePath(filePath, baseDirectory);
 
@@ -139,8 +142,7 @@ function matchesPattern(filePath: string, patterns: string[], baseDirectory: str
       : canonicalizePath(pattern, baseDirectory);
 
     if (pattern.includes('*')) {
-      const escaped = absPattern.replace(/[.+^${}()|[\]\\]/g, '\\$&').replace(/\*/g, '.*');
-      return new RegExp(`^${escaped}$`).test(abs);
+      return globToRegExp(absPattern).test(abs);
     }
 
     const sep = absPattern.endsWith('/') ? '' : '/';
@@ -242,13 +244,16 @@ function extractBlockedPath(
   );
   if (match) return normalizeBlockedPath(match[1], baseDirectory);
 
-  // Landstrip structured error format with file field
+  // Landstrip structured trap format carrying a denied path
   const landstripErrors = parseLandstripErrors(output);
-  for (const error of landstripErrors) {
-    if (error.file) return normalizeBlockedPath(error.file, baseDirectory);
+  for (const trap of landstripErrors) {
+    if (trap.kind === 'Filesystem') return normalizeBlockedPath(trap.path, baseDirectory);
+    if (trap.kind === 'Internal' && trap.fields.file) {
+      return normalizeBlockedPath(trap.fields.file, baseDirectory);
+    }
   }
 
-  // If landstrip reported an error but without a file field, try to
+  // If landstrip reported a trap but without a path, try to
   // extract the blocked path from the command itself
   if (landstripErrors.length > 0 && command) {
     for (const candidate of extractCandidatePaths(command)) {
@@ -297,10 +302,6 @@ function evaluateReadPermission(
 ): SandboxPermissionDecision {
   const filePath = canonicalizePath(path, baseDirectory);
 
-  if (!shouldPromptForRead(filePath, effectiveAllowRead, baseDirectory)) {
-    return { status: 'allow', kind: 'read', resource: filePath, message: '' };
-  }
-
   if (isBlockedByDenyRead(filePath, config, baseDirectory)) {
     return {
       status: 'deny',
@@ -310,6 +311,10 @@ function evaluateReadPermission(
     };
   }
 
+  if (!shouldPromptForRead(filePath, effectiveAllowRead, baseDirectory)) {
+    return { status: 'allow', kind: 'read', resource: filePath, message: '' };
+  }
+
   return {
     status: 'ask',
     kind: 'read',
@@ -326,10 +331,6 @@ function evaluateWritePermission(
 ): SandboxPermissionDecision {
   const filePath = canonicalizePath(path, baseDirectory);
 
-  if (!shouldPromptForWrite(filePath, effectiveAllowWrite, baseDirectory)) {
-    return { status: 'allow', kind: 'write', resource: filePath, message: '' };
-  }
-
   if (matchesPattern(filePath, config.filesystem.denyWrite, baseDirectory)) {
     return {
       status: 'deny',
@@ -339,6 +340,10 @@ function evaluateWritePermission(
     };
   }
 
+  if (!shouldPromptForWrite(filePath, effectiveAllowWrite, baseDirectory)) {
+    return { status: 'allow', kind: 'write', resource: filePath, message: '' };
+  }
+
   return {
     status: 'ask',
     kind: 'write',
@@ -351,7 +356,7 @@ function evaluateDomainPermission(
   domain: string,
   config: SandboxConfig,
 ): SandboxPermissionDecision {
-  if (config.network.allowNetwork || domainMatchesAny(domain, config.network.allowedDomains)) {
+  if (config.network.allowNetwork) {
     return { status: 'allow', kind: 'domain', resource: domain, message: '' };
   }
 
@@ -364,6 +369,10 @@ function evaluateDomainPermission(
     };
   }
 
+  if (domainMatchesAny(domain, config.network.allowedDomains)) {
+    return { status: 'allow', kind: 'domain', resource: domain, message: '' };
+  }
+
   return {
     status: 'ask',
     kind: 'domain',
@@ -396,63 +405,94 @@ function hasMinimumVersion(version: string, minimum: readonly [number, number, n
   return true;
 }
 
-function parseLandstripErrors(output: string): LandstripErrorResponse[] {
-  const errors: LandstripErrorResponse[] = [];
-
-  for (const block of output.trim().split(/\n\n+/)) {
-    const fields: Record<string, string> = {};
-
-    for (const line of block.split('\n')) {
-      const colonIndex = line.indexOf(':');
-      if (colonIndex === -1) continue;
-      const key = line.slice(0, colonIndex).trim();
-      const value = line.slice(colonIndex + 1).trim();
-      if (key.length > 0 && value.length > 0) fields[key] = value;
+function decodeLandstripTrap(value: unknown): LandstripTrap | null {
+  if (typeof value !== 'object' || value === null || Array.isArray(value)) return null;
+  const entries = Object.entries(value as Record<string, unknown>);
+  if (entries.length !== 1) return null;
+  const [kind, payload] = entries[0];
+
+  switch (kind) {
+    case 'Filesystem': {
+      if (!Array.isArray(payload)) return null;
+      const [operation, path, mechanism] = payload;
+      if (!isLandstripOperation(operation) || typeof path !== 'string') return null;
+      return { kind, operation, path, mechanism: typeof mechanism === 'string' ? mechanism : '' };
     }
-
-    if (fields.reason && isLandstripErrorReason(fields.reason)) {
-      const error: LandstripErrorResponse = {
-        reason: fields.reason,
-      };
-
-      if (fields.file) error.file = fields.file;
-      if (fields.operation && isLandstripOperation(fields.operation)) {
-        error.operation = fields.operation;
+    case 'Network': {
+      if (!Array.isArray(payload)) return null;
+      const [operation, target, mechanism] = payload;
+      if (typeof operation !== 'string' || typeof target !== 'string') return null;
+      return { kind, operation, target, mechanism: typeof mechanism === 'string' ? mechanism : '' };
+    }
+    case 'Launch': {
+      if (!Array.isArray(payload)) return null;
+      const [program, message] = payload;
+      if (typeof program !== 'string') return null;
+      return { kind, program, message: typeof message === 'string' ? message : '' };
+    }
+    case 'Usage': {
+      if (typeof payload !== 'string') return null;
+      return { kind, message: payload };
+    }
+    case 'Internal': {
+      if (typeof payload !== 'object' || payload === null || Array.isArray(payload)) return null;
+      const fields: Record<string, string> = {};
+      for (const [key, val] of Object.entries(payload as Record<string, unknown>)) {
+        fields[key] = typeof val === 'string' ? val : JSON.stringify(val);
       }
-      if (fields.program) error.program = fields.program;
-      if (fields.source) error.source = fields.source;
+      return { kind, fields };
+    }
+    default:
+      return null;
+  }
+}
 
-      if (fields.type && isLandstripErrorType(fields.type)) error.type = fields.type;
+function parseLandstripErrors(output: string): LandstripTrap[] {
+  const traps: LandstripTrap[] = [];
 
-      errors.push(error);
+  for (const line of output.split('\n')) {
+    const trimmed = line.trim();
+    if (trimmed.length === 0 || trimmed[0] !== '{') continue;
+
+    let parsed: unknown;
+    try {
+      parsed = JSON.parse(trimmed);
+    } catch {
+      continue;
     }
+
+    const trap = decodeLandstripTrap(parsed);
+    if (trap) traps.push(trap);
   }
 
-  return errors;
+  return traps;
 }
 
-function formatLandstripErrors(errors: LandstripErrorResponse[]): string {
-  return errors
-    .map((err) => {
-      const parts: string[] = [`landstrip: ${err.reason}`];
-
-      if (err.file) {
-        parts.push(` (${err.file})`);
-      }
-      if (err.operation) {
-        parts.push(` ${err.operation}`);
-      }
-      if (err.program) {
-        parts.push(` ${err.program}`);
-      }
-      if (err.type) {
-        parts.push(`:${err.type}`);
-      }
-      if (err.source) parts.push(`: ${err.source}`);
+function formatLandstripTrap(trap: LandstripTrap): string {
+  switch (trap.kind) {
+    case 'Filesystem':
+      return `landstrip: filesystem ${trap.operation} denied (${trap.path})${
+        trap.mechanism ? ` [${trap.mechanism}]` : ''
+      }`;
+    case 'Network':
+      return `landstrip: network ${trap.operation} denied (${trap.target})${
+        trap.mechanism ? ` [${trap.mechanism}]` : ''
+      }`;
+    case 'Launch':
+      return `landstrip: launch failed (${trap.program})${trap.message ? `: ${trap.message}` : ''}`;
+    case 'Usage':
+      return `landstrip: usage error: ${trap.message}`;
+    case 'Internal': {
+      const detail = Object.entries(trap.fields)
+        .map(([key, val]) => `${key}: ${val}`)
+        .join(', ');
+      return `landstrip: internal error${detail ? ` (${detail})` : ''}`;
+    }
+  }
+}
 
-      return parts.join('');
-    })
-    .join('\n');
+function formatLandstripErrors(traps: LandstripTrap[]): string {
+  return traps.map(formatLandstripTrap).join('\n');
 }
 
 function splitHostPort(target: string, defaultPort: number): { host: string; port: number } | null {
@@ -542,10 +582,15 @@ function startProxy(config: SandboxConfig): Promise<{ port: number; stop: () =>
       return;
     }
 
+    let connected = false;
     const upstream = connectNet(endpoint.port, endpoint.host, () => {
+      connected = true;
       client.write('HTTP/1.1 200 Connection Established\r\n\r\n');
       pipeSockets(client, upstream, rest);
     });
+    upstream.on('error', () => {
+      if (!connected) denyProxyRequest(client, '502 Bad Gateway');
+    });
   }
 
   async function handleHttp(client: Socket, headerText: string, rest: Buffer): Promise<void> {
@@ -584,10 +629,15 @@ function startProxy(config: SandboxConfig): Promise<{ port: number; stop: () =>
     const rewrittenHeader = lines
       .filter((line) => !line.toLowerCase().startsWith('proxy-connection:'))
       .join('\r\n');
+    let connected = false;
     const upstream = connectNet(port, url.hostname, () => {
+      connected = true;
       upstream.write(`${rewrittenHeader}\r\n\r\n`);
       pipeSockets(client, upstream, rest);
     });
+    upstream.on('error', () => {
+      if (!connected) denyProxyRequest(client, '502 Bad Gateway');
+    });
   }
 
   function handleClient(client: Socket): void {
@@ -948,7 +998,7 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
     if (!version) {
       landstripCheck = {
         ok: false,
-        reason: `landstrip was not found. Reinstall with: npm install @jarkkojs/landstrip`,
+        reason: `landstrip was not found. Reinstall with: npm install @landstrip/landstrip`,
       };
       return landstripCheck;
     }

package/landstrip.d.ts

@@ -1,3 +1,3 @@
-declare module '@jarkkojs/landstrip' {
+declare module '@landstrip/landstrip' {
   function binaryPath(): string;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.3.13",
+  "version": "0.14.1",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",
@@ -11,7 +11,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/jarkkojs/opencode-landstrip.git"
+    "url": "git+https://github.com/landstrip/opencode-landstrip.git"
   },
   "files": [
     "index.ts",
@@ -49,7 +49,7 @@
     "ci:test": "npm test"
   },
   "dependencies": {
-    "@jarkkojs/landstrip": "^0.11.11"
+    "@landstrip/landstrip": "^0.14.5"
   },
   "devDependencies": {
     "@opencode-ai/plugin": "^1.17.7",

package/shared.ts

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: MIT
 // Copyright (C) Jarkko Sakkinen 2026
 
-import { binaryPath } from '@jarkkojs/landstrip';
+import { binaryPath } from '@landstrip/landstrip';
 
 import { existsSync, mkdirSync, readFileSync, realpathSync, writeFileSync } from 'node:fs';
 import { homedir } from 'node:os';
@@ -54,11 +54,11 @@ export const DEFAULT_CONFIG: SandboxConfig = {
 };
 
 const LANDSTRIP_PACKAGE_NAMES = new Set([
-  '@jarkkojs/landstrip',
-  '@jarkkojs/landstrip-darwin-arm64',
-  '@jarkkojs/landstrip-darwin-x64',
-  '@jarkkojs/landstrip-linux-x64',
-  '@jarkkojs/landstrip-win32-x64',
+  '@landstrip/landstrip',
+  '@landstrip/landstrip-darwin-arm64',
+  '@landstrip/landstrip-darwin-x64',
+  '@landstrip/landstrip-linux-x64',
+  '@landstrip/landstrip-win32-x64',
 ]);
 
 export function isRecord(value: unknown): value is Record<string, unknown> {
@@ -227,7 +227,7 @@ export function landstripBinaryPath(): string {
   }
 
   throw new Error(
-    `Refusing to use landstrip binary outside official @jarkkojs/landstrip packages: ${filePath}`,
+    `Refusing to use landstrip binary outside official @landstrip/landstrip packages: ${filePath}`,
   );
 }