opencode-landstrip 0.3.8 → 0.3.10

package/README.md

@@ -14,6 +14,18 @@ Add the plugin to `opencode.json`:
 }
 ```
 
+Add the TUI entrypoint to `tui.json` if you install or configure the plugin
+manually:
+
+```json
+{
+  "$schema": "https://opencode.ai/config.json",
+  "plugin": ["opencode-landstrip"]
+}
+```
+
+`opencode plugin install opencode-landstrip` configures both entrypoints.
+
 This installs `opencode-landstrip` and its `@jarkkojs/landstrip` dependency, which
 includes platform-specific native binaries for Linux, macOS, and Windows.
 
@@ -32,9 +44,12 @@ The plugin wraps opencode's AI `bash` tool in `landstrip`, routes proxy-aware
 network traffic through an allowlist proxy, and blocks read/write tool access
 outside configured filesystem allowlists.
 
+Run `/sandbox` in the TUI to inspect the active sandbox configuration.
+
 opencode's current server plugin API does not expose Pi-style custom permission
-dialogs or a way to rewrite manually typed shell-mode commands. Blocked access
-fails with an error that points at the sandbox config files.
+dialogs or a way to rewrite manually typed shell-mode commands. The `/sandbox`
+status view is provided by the TUI plugin entrypoint. Blocked access fails with
+an error that points at the sandbox config files.
 
 ## Disable
 

package/index.ts

@@ -310,7 +310,7 @@ function shouldPromptForWrite(path: string, allowWrite: string[], baseDirectory:
 }
 
 function extractDomainsFromCommand(command: string): string[] {
-  const urlRegex = /https?:\/\/([^\s/:?#]+)(?::\d+)?(?:[/?#]|\s|$)/g;
+  const urlRegex = /https?:\/\/([^\s/:?#'"]+)(?::\d+)?(?:[/?#]|\s|$)/g;
   const domains = new Set<string>();
   let match: RegExpExecArray | null;
 
@@ -577,7 +577,7 @@ function writePolicyFile(
   baseDirectory: string,
   proxyPort: number | null,
 ): { dir: string; path: string } {
-  const dir = mkdtempSync(join(tmpdir(), 'opencode-landstrip-XXXXXX'));
+  const dir = mkdtempSync(join(tmpdir(), 'opencode-landstrip-'));
   const path = join(dir, 'policy.json');
   writeFileSync(
     path,
@@ -666,8 +666,11 @@ function startProxy(config: SandboxConfig): Promise<{ port: number; stop: () =>
       buffered = Buffer.concat([buffered, chunk]);
       const headerEnd = buffered.indexOf('\r\n\r\n');
       if (headerEnd === -1) {
-        if (buffered.length > 65536)
+        if (buffered.length > 65536) {
+          client.removeAllListeners('data');
+          client.pause();
           denyProxyRequest(client, '431 Request Header Fields Too Large');
+        }
         return;
       }
 
@@ -758,6 +761,43 @@ function landstripDescription(description: string): string {
   return description.endsWith(' (landstrip)') ? description : `${description} (landstrip)`;
 }
 
+function splitShellQuotedArgs(command: string): string[] {
+  const args: string[] = [];
+  let i = 0;
+  while (i < command.length) {
+    while (i < command.length && command[i] === ' ') i++;
+    if (i >= command.length) break;
+    if (command[i] === "'") {
+      i++;
+      let arg = '';
+      while (i < command.length && command[i] !== "'") {
+        arg += command[i];
+        i++;
+      }
+      if (i < command.length) i++;
+      args.push(arg);
+    } else {
+      let arg = '';
+      while (i < command.length && command[i] !== ' ') {
+        arg += command[i];
+        i++;
+      }
+      args.push(arg);
+    }
+  }
+  return args;
+}
+
+function extractOriginalCommand(wrappedCommand: string): string | null {
+  const args = splitShellQuotedArgs(wrappedCommand);
+  const pIdx = args.indexOf('-p');
+  if (pIdx === -1 || pIdx + 3 >= args.length) return null;
+  const flagIdx = pIdx + 3;
+  const flag = args[flagIdx];
+  if (flag !== '-lc' && flag !== '-c') return null;
+  return args.slice(flagIdx + 1).join(' ');
+}
+
 function getToolPath(args: Record<string, unknown>): string | undefined {
   const filePath = args.filePath ?? args.path;
   return typeof filePath === 'string' ? filePath : undefined;
@@ -850,10 +890,10 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
   const optionOverrides = normalizeOptions(options);
   const activeBash = new Map<string, BashSandboxState>();
   const notified = new Set<string>();
-  const sessionAllowedDomains: string[] = [];
   const sessionAllowedReadPaths: string[] = [];
   const sessionAllowedWritePaths: string[] = [];
   let enabledNotified = false;
+  let sandboxDisabled = false;
   let configuredShell: string | undefined;
   let landstripCheck: { ok: true; version: string } | { ok: false; reason: string } | undefined;
 
@@ -865,8 +905,55 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
     return [...config.filesystem.allowWrite, ...sessionAllowedWritePaths];
   }
 
+  function pushCommandText(
+    input: { sessionID: string },
+    output: { parts: unknown[] },
+    text: string,
+  ): void {
+    output.parts.push({
+      type: 'text',
+      text,
+      id: '',
+      sessionID: input.sessionID,
+      messageID: '',
+    });
+  }
+
+  function sandboxSummary(config: SandboxConfig): string {
+    const { globalPath, projectPath } = getConfigPaths(directory);
+    const networkMode = config.network.allowNetwork ? 'unrestricted' : 'proxied';
+    const allowed = config.network.allowedDomains.join(', ') || '(none)';
+    const denied = config.network.deniedDomains.join(', ') || '(none)';
+    const denyRead = config.filesystem.denyRead.join(', ') || '(none)';
+    const allowRead = getEffectiveAllowRead(config).join(', ') || '(none)';
+    const allowWrite = getEffectiveAllowWrite(config).join(', ') || '(none)';
+    const denyWrite = config.filesystem.denyWrite.join(', ') || '(none)';
+
+    return [
+      '# Sandbox Configuration',
+      '',
+      `Status: ${sandboxDisabled ? 'disabled for this session' : 'active'}`,
+      `landstrip: ${binaryPath()}`,
+      '',
+      'Config files:',
+      `- project: ${projectPath}`,
+      `- global: ${globalPath}`,
+      '',
+      `Network (${networkMode}):`,
+      `- allow network: ${config.network.allowNetwork ? 'yes' : 'no'}`,
+      `- allowed: ${allowed}`,
+      `- denied: ${denied}`,
+      '',
+      'Filesystem:',
+      `- deny read: ${denyRead}`,
+      `- allow read: ${allowRead}`,
+      `- allow write: ${allowWrite}`,
+      `- deny write: ${denyWrite}`,
+    ].join('\n');
+  }
+
   client.app
-    .log({
+    ?.log?.({
       body: {
         service: 'opencode-landstrip',
         level: 'info',
@@ -874,10 +961,10 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
       },
       query: { directory },
     })
-    .catch(() => undefined);
+    ?.catch?.(() => undefined);
 
   client.tui
-    .showToast({
+    ?.showToast?.({
       body: {
         title: 'Sandbox',
         message: `Loaded for ${directory}`,
@@ -885,29 +972,41 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
         duration: 5000,
       },
     })
-    .catch(() => undefined);
+    ?.catch?.(() => undefined);
+
+  const notifyGate = new Map<string, Promise<void>>();
 
   async function notifyOnce(key: string, message: string, variant: ToastVariant): Promise<void> {
     if (notified.has(key)) return;
-    notified.add(key);
-
-    await client.tui
-      .showToast({
-        body: { title: 'opencode-landstrip', message, variant },
-        query: { directory },
-      })
-      .catch(() => undefined);
-
-    await client.app
-      .log({
-        body: {
-          service: 'opencode-landstrip',
-          level: variant === 'error' ? 'error' : variant === 'warning' ? 'warn' : 'info',
-          message,
-        },
-        query: { directory },
-      })
-      .catch(() => undefined);
+    const pending = notifyGate.get(key);
+    if (pending) return pending;
+
+    const promise = (async () => {
+      notified.add(key);
+
+      await client.tui
+        ?.showToast?.({
+          body: { title: 'opencode-landstrip', message, variant },
+          query: { directory },
+        })
+        ?.catch?.(() => undefined);
+
+      await client.app
+        ?.log?.({
+          body: {
+            service: 'opencode-landstrip',
+            level: variant === 'error' ? 'error' : variant === 'warning' ? 'warn' : 'info',
+            message,
+          },
+          query: { directory },
+        })
+        ?.catch?.(() => undefined);
+
+      notifyGate.delete(key);
+    })();
+
+    notifyGate.set(key, promise);
+    return promise;
   }
 
   function checkLandstrip(): typeof landstripCheck {
@@ -943,6 +1042,8 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
   }
 
   async function activeConfig(): Promise<SandboxConfig | null> {
+    if (sandboxDisabled) return null;
+
     const config = loadConfig(directory, optionOverrides);
     if (!config.enabled) return null;
 
@@ -1014,16 +1115,24 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
       await cleanupBash(callID);
     }
 
-    if (isGeneratedWrappedCommand(args.command)) {
-      if (typeof args.description === 'string')
-        args.description = landstripDescription(args.description);
-      return;
+    if (isGeneratedWrappedCommand(args.command as string)) {
+      const policyMatch = (args.command as string).match(/\s'-p'\s+'([^']+)'/);
+      if (policyMatch && existsSync(policyMatch[1])) {
+        if (typeof args.description === 'string')
+          args.description = landstripDescription(args.description);
+        return;
+      }
+      if (activeBash.has(callID)) await cleanupBash(callID);
+      const original = extractOriginalCommand(args.command as string);
+      if (original) {
+        args.command = original;
+      }
     }
 
     const allowNetwork = config.network.allowNetwork;
 
     if (!allowNetwork) {
-      const blockedDomain = firstBlockedDomain(args.command, config);
+      const blockedDomain = firstBlockedDomain(args.command as string, config);
       if (blockedDomain) {
         const reason =
           blockedDomain.reason === 'deniedDomains'
@@ -1047,7 +1156,7 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
       throw error;
     }
 
-    const originalCommand = args.command;
+    const originalCommand = args.command as string;
     const wrappedCommand = buildWrappedCommand(
       policy.path,
       configuredShell ?? process.env.SHELL ?? '/bin/sh',
@@ -1067,40 +1176,6 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
       args.description = landstripDescription(args.description);
   }
 
-  function buildConfigSummary(config: SandboxConfig): string {
-    const { globalPath, projectPath } = getConfigPaths(directory);
-    const check = checkLandstrip();
-    const version = check?.ok === true ? check.version : 'unknown';
-    const status = config.enabled && check?.ok === true ? 'enabled' : 'disabled';
-
-    const lines = [
-      'Sandbox Configuration',
-      `  Status:         ${status}`,
-      `  Project config: ${projectPath}`,
-      `  Global config:  ${globalPath}`,
-      `  landstrip:      ${binaryPath()} (v${version})`,
-      '',
-      `  Allow network:  ${config.network.allowNetwork}`,
-      '',
-      'Network (bash commands go through HTTP proxy):',
-      `  Allow local binding: ${config.network.allowLocalBinding}`,
-      `  Allow all Unix sockets: ${config.network.allowAllUnixSockets}`,
-      ...(config.network.allowUnixSockets.length > 0
-        ? [`  Allow Unix sockets: ${config.network.allowUnixSockets.join(', ')}`]
-        : []),
-      `  Allowed domains: ${config.network.allowedDomains.join(', ') || '(none)'}`,
-      `  Denied domains:  ${config.network.deniedDomains.join(', ') || '(none)'}`,
-      '',
-      'Filesystem (bash + read/write/edit tools):',
-      `  Deny Read:   ${config.filesystem.denyRead.join(', ') || '(none)'}`,
-      `  Allow Read:  ${config.filesystem.allowRead.join(', ') || '(none)'}`,
-      `  Allow Write: ${config.filesystem.allowWrite.join(', ') || '(none)'}`,
-      `  Deny Write:  ${config.filesystem.denyWrite.join(', ') || '(none)'}`,
-    ];
-
-    return lines.join('\n');
-  }
-
   const hooks: Hooks = {
     config: async (config) => {
       configuredShell = configuredShellPath(config);
@@ -1164,13 +1239,13 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
       if (errors.length > 0) {
         const message = formatLandstripErrors(errors);
         await client.tui
-          .showToast({
+          ?.showToast?.({
             body: { title: 'opencode-landstrip', message, variant: 'error' },
             query: { directory },
           })
-          .catch(() => undefined);
+          ?.catch?.(() => undefined);
         await client.app
-          .log({
+          ?.log?.({
             body: {
               service: 'opencode-landstrip',
               level: 'error',
@@ -1178,7 +1253,7 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
             },
             query: { directory },
           })
-          .catch(() => undefined);
+          ?.catch?.(() => undefined);
       }
 
       const blockedPath = extractBlockedWritePath(outputText, directory, state.originalCommand);
@@ -1196,43 +1271,88 @@ const plugin: Plugin = async ({ client, directory }: PluginInput, options?: Plug
             'warning',
           );
         }
+        if (
+          !sessionAllowedReadPaths.includes(blockedPath) &&
+          !matchesPattern(blockedPath, config.filesystem.allowRead, directory) &&
+          !matchesPattern(blockedPath, config.filesystem.denyRead, directory)
+        ) {
+          sessionAllowedReadPaths.push(blockedPath);
+          await notifyOnce(
+            `read-allow:${blockedPath}`,
+            `Read access granted for session: "${blockedPath}"`,
+            'warning',
+          );
+        }
       }
 
       await cleanupBash(input.callID);
     },
 
     'command.execute.before': async (input, output) => {
-      if (input.command === 'sandbox' || input.command === '/sandbox') {
+      if (input.command.trim() === '/sandbox') {
         const config = loadConfig(directory, optionOverrides);
-        const summary = buildConfigSummary(config);
-        await client.tui
-          .showToast({
-            body: { title: 'Sandbox', message: summary, variant: 'info', duration: 15000 },
-            query: { directory },
-          })
-          .catch(() => undefined);
+        pushCommandText(input, output, sandboxSummary(config));
         return;
       }
 
-      // Check domain in user shell commands (commands starting with !)
+      if (input.command.trim() === '/sandbox-disable') {
+        if (sandboxDisabled) {
+          pushCommandText(
+            input,
+            output,
+            'Sandbox is already disabled. Use /sandbox-enable to re-enable.',
+          );
+          return;
+        }
+        sandboxDisabled = true;
+        pushCommandText(
+          input,
+          output,
+          'Sandbox disabled for this session. Use /sandbox-enable to re-enable.',
+        );
+        return;
+      }
+
+      if (input.command.trim() === '/sandbox-enable') {
+        if (!sandboxDisabled) {
+          pushCommandText(
+            input,
+            output,
+            'Sandbox is already enabled. Use /sandbox-disable to pause.',
+          );
+          return;
+        }
+        sandboxDisabled = false;
+        pushCommandText(input, output, 'Sandbox re-enabled.');
+        return;
+      }
+
+      // Check domain and filesystem in user shell commands (commands starting with !)
       if (input.command.startsWith('!')) {
         const shellCommand = input.command.slice(1).trim();
         const config = await activeConfig();
-        if (!config || config.network.allowNetwork) return;
-
-        const blockedDomain = firstBlockedDomain(shellCommand, config);
-        if (blockedDomain) {
-          const reason =
-            blockedDomain.reason === 'deniedDomains'
-              ? 'is blocked by network.deniedDomains'
-              : 'is not in network.allowedDomains';
-          output.parts.push({
-            type: 'text',
-            text: `Sandbox: network access denied for "${blockedDomain.domain}" (${reason}).`,
-            id: '',
-            sessionID: input.sessionID,
-            messageID: '',
-          });
+        if (!config) return;
+
+        const effectiveAllowRead = getEffectiveAllowRead(config);
+        const effectiveAllowWrite = getEffectiveAllowWrite(config);
+
+        for (const path of extractCandidatePaths(shellCommand)) {
+          assertReadAllowed(path, config, directory, effectiveAllowRead);
+          assertWriteAllowed(path, config, directory, effectiveAllowWrite);
+        }
+
+        if (!config.network.allowNetwork) {
+          const blockedDomain = firstBlockedDomain(shellCommand, config);
+          if (blockedDomain) {
+            const reason =
+              blockedDomain.reason === 'deniedDomains'
+                ? 'is blocked by network.deniedDomains'
+                : 'is not in network.allowedDomains';
+            throw errorWithConfigPaths(
+              directory,
+              `Sandbox: network access denied for "${blockedDomain.domain}" (${reason}).`,
+            );
+          }
         }
       }
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-landstrip",
-  "version": "0.3.8",
+  "version": "0.3.10",
   "description": "Landlock-based sandboxing for opencode with landstrip",
   "keywords": [
     "landlock",

package/tui.ts

@@ -3,48 +3,269 @@
 
 import type { TuiPlugin } from '@opencode-ai/plugin/tui';
 
-const tui: TuiPlugin = async (api) => {
+import { binaryPath } from '@jarkkojs/landstrip';
+
+import { existsSync, readFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+interface SandboxFilesystemConfig {
+  denyRead: string[];
+  allowRead: string[];
+  allowWrite: string[];
+  denyWrite: string[];
+}
+
+interface SandboxNetworkConfig {
+  allowNetwork: boolean;
+  allowLocalBinding: boolean;
+  allowAllUnixSockets: boolean;
+  allowUnixSockets: string[];
+  allowedDomains: string[];
+  deniedDomains: string[];
+}
+
+interface SandboxConfig {
+  enabled: boolean;
+  network: SandboxNetworkConfig;
+  filesystem: SandboxFilesystemConfig;
+}
+
+interface SandboxConfigOverrides {
+  enabled?: boolean;
+  network?: Partial<SandboxNetworkConfig>;
+  filesystem?: Partial<SandboxFilesystemConfig>;
+}
+
+const DEFAULT_CONFIG: SandboxConfig = {
+  enabled: true,
+  network: {
+    allowNetwork: false,
+    allowLocalBinding: false,
+    allowAllUnixSockets: false,
+    allowUnixSockets: [],
+    allowedDomains: [
+      'npmjs.org',
+      '*.npmjs.org',
+      'registry.npmjs.org',
+      'registry.yarnpkg.com',
+      'pypi.org',
+      '*.pypi.org',
+      'github.com',
+      '*.github.com',
+      'api.github.com',
+      'raw.githubusercontent.com',
+      'crates.io',
+      '*.crates.io',
+      'static.crates.io',
+    ],
+    deniedDomains: [],
+  },
+  filesystem: {
+    denyRead: ['/Users', '/home'],
+    allowRead: [
+      '.',
+      '/dev/null',
+      '~/.config/opencode',
+      '~/.config/git',
+      '~/.gitconfig',
+      '~/.local',
+      '~/.cargo',
+    ],
+    allowWrite: ['.', '/tmp', '/dev/null'],
+    denyWrite: ['.env', '.env.*', '*.pem', '*.key'],
+  },
+};
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+
+function stringArray(value: unknown): string[] | undefined {
+  if (!Array.isArray(value)) return undefined;
+  return value.every((item) => typeof item === 'string') ? [...value] : undefined;
+}
+
+function normalizeNetworkConfig(value: unknown): Partial<SandboxNetworkConfig> | undefined {
+  if (!isRecord(value)) return undefined;
+
+  const config: Partial<SandboxNetworkConfig> = {};
+  if (typeof value.allowNetwork === 'boolean') config.allowNetwork = value.allowNetwork;
+  if (typeof value.allowLocalBinding === 'boolean')
+    config.allowLocalBinding = value.allowLocalBinding;
+  if (typeof value.allowAllUnixSockets === 'boolean')
+    config.allowAllUnixSockets = value.allowAllUnixSockets;
+
+  const allowUnixSockets = stringArray(value.allowUnixSockets);
+  if (allowUnixSockets) config.allowUnixSockets = allowUnixSockets;
+
+  const allowedDomains = stringArray(value.allowedDomains);
+  if (allowedDomains) config.allowedDomains = allowedDomains;
+
+  const deniedDomains = stringArray(value.deniedDomains);
+  if (deniedDomains) config.deniedDomains = deniedDomains;
+
+  return config;
+}
+
+function normalizeFilesystemConfig(value: unknown): Partial<SandboxFilesystemConfig> | undefined {
+  if (!isRecord(value)) return undefined;
+
+  const config: Partial<SandboxFilesystemConfig> = {};
+  const denyRead = stringArray(value.denyRead);
+  if (denyRead) config.denyRead = denyRead;
+
+  const allowRead = stringArray(value.allowRead);
+  if (allowRead) config.allowRead = allowRead;
+
+  const allowWrite = stringArray(value.allowWrite);
+  if (allowWrite) config.allowWrite = allowWrite;
+
+  const denyWrite = stringArray(value.denyWrite);
+  if (denyWrite) config.denyWrite = denyWrite;
+
+  return config;
+}
+
+function normalizeConfig(value: unknown): SandboxConfigOverrides {
+  if (!isRecord(value)) return {};
+
+  const config: SandboxConfigOverrides = {};
+  if (typeof value.enabled === 'boolean') config.enabled = value.enabled;
+
+  const network = normalizeNetworkConfig(value.network);
+  if (network) config.network = network;
+
+  const filesystem = normalizeFilesystemConfig(value.filesystem);
+  if (filesystem) config.filesystem = filesystem;
+
+  return config;
+}
+
+function normalizeOptions(options: unknown): SandboxConfigOverrides {
+  if (!isRecord(options)) return {};
+  return normalizeConfig(isRecord(options.config) ? options.config : options);
+}
+
+function deepMerge(base: SandboxConfig, overrides: SandboxConfigOverrides): SandboxConfig {
+  return {
+    enabled: overrides.enabled ?? base.enabled,
+    network: {
+      ...base.network,
+      ...overrides.network,
+    },
+    filesystem: {
+      ...base.filesystem,
+      ...overrides.filesystem,
+    },
+  };
+}
+
+function getConfigPaths(baseDirectory: string): { globalPath: string; projectPath: string } {
+  return {
+    globalPath: join(homedir(), '.config', 'opencode', 'sandbox.json'),
+    projectPath: join(baseDirectory, '.opencode', 'sandbox.json'),
+  };
+}
+
+function readConfigFile(configPath: string): SandboxConfigOverrides {
+  if (!existsSync(configPath)) return {};
+
   try {
-    api.keymap.registerLayer({
-      commands: [
-        {
-          name: 'sandbox',
-          title: 'Sandbox',
-          description: 'Show sandbox configuration',
-          category: 'plugin',
-          keybind: 'ctrl+x b',
-          suggested: true,
-          slash: { name: 'sandbox' },
-          run: async () => {
-            await api.client.tui.executeCommand({ command: 'sandbox' });
-            return true;
-          },
-        },
-      ],
-    });
-
-    const client = api.client;
-    if (client?.tui?.showToast) {
-      client.tui
-        .showToast({
-          title: 'Sandbox',
-          message: '/sandbox command registered',
-          variant: 'info',
-        })
-        .catch(() => undefined);
-    }
-  } catch (err) {
-    const client = api.client;
-    if (client?.tui?.showToast) {
-      client.tui
-        .showToast({
-          title: 'Sandbox error',
-          message: err instanceof Error ? err.message : String(err),
-          variant: 'error',
-        })
-        .catch(() => undefined);
-    }
+    return normalizeConfig(JSON.parse(readFileSync(configPath, 'utf-8')));
+  } catch {
+    return {};
   }
+}
+
+function loadConfig(baseDirectory: string, optionOverrides: SandboxConfigOverrides): SandboxConfig {
+  const { globalPath, projectPath } = getConfigPaths(baseDirectory);
+  return deepMerge(
+    deepMerge(deepMerge(DEFAULT_CONFIG, readConfigFile(globalPath)), readConfigFile(projectPath)),
+    optionOverrides,
+  );
+}
+
+function list(values: string[]): string {
+  return values.join(', ') || '(none)';
+}
+
+function configPathLine(label: string, filePath: string): string {
+  return `${label}: ${filePath} ${existsSync(filePath) ? '(found)' : '(missing)'}`;
+}
+
+function sandboxSummary(baseDirectory: string, optionOverrides: SandboxConfigOverrides): string {
+  const config = loadConfig(baseDirectory, optionOverrides);
+  const { globalPath, projectPath } = getConfigPaths(baseDirectory);
+  const networkMode = config.network.allowNetwork ? 'unrestricted' : 'proxied';
+
+  return [
+    `Status: ${config.enabled ? 'active' : 'disabled by config'}`,
+    `landstrip: ${binaryPath()}`,
+    '',
+    'Config files',
+    configPathLine('project', projectPath),
+    configPathLine('global', globalPath),
+    '',
+    `Network: ${networkMode}`,
+    `allow network: ${config.network.allowNetwork ? 'yes' : 'no'}`,
+    `allowed: ${list(config.network.allowedDomains)}`,
+    `denied: ${list(config.network.deniedDomains)}`,
+    `unix sockets: ${config.network.allowAllUnixSockets ? 'all' : list(config.network.allowUnixSockets)}`,
+    '',
+    'Filesystem',
+    `deny read: ${list(config.filesystem.denyRead)}`,
+    `allow read: ${list(config.filesystem.allowRead)}`,
+    `allow write: ${list(config.filesystem.allowWrite)}`,
+    `deny write: ${list(config.filesystem.denyWrite)}`,
+    '',
+    'esc or any key to close',
+  ].join('\n');
+}
+
+const tui: TuiPlugin = async (api, options) => {
+  const showSandbox = () => {
+    const directory = api.state.path.directory || process.cwd();
+    const message = sandboxSummary(directory, normalizeOptions(options));
+
+    api.ui.dialog.replace(
+      () =>
+        api.ui.DialogAlert({
+          title: 'Sandbox Configuration',
+          message,
+          onConfirm: () => api.ui.dialog.clear(),
+        }),
+      () => api.ui.dialog.clear(),
+    );
+  };
+
+  api.keymap.registerLayer({
+    commands: [
+      {
+        namespace: 'palette',
+        name: 'landstrip.sandbox.show',
+        title: 'Show sandbox configuration',
+        desc: 'Show landstrip sandbox status and rules',
+        description: 'Show landstrip sandbox status and rules',
+        category: 'Sandbox',
+        suggested: true,
+        slashName: 'sandbox',
+        run: showSandbox,
+      },
+    ],
+  });
+
+  api.command?.register(() => [
+    {
+      title: 'Sandbox',
+      value: 'landstrip.sandbox.show',
+      description: 'Show sandbox configuration',
+      category: 'Sandbox',
+      suggested: true,
+      slash: { name: 'sandbox' },
+      onSelect: showSandbox,
+    },
+  ]);
 };
 
 export { tui };