pi-landstrip 0.11.0 → 0.11.2

package/index.ts

@@ -72,15 +72,36 @@ interface LandstripPolicy {
   filesystem: SandboxFilesystemConfig;
 }
 
+type LandstripErrorReason = 'Other' | 'AccessDenied' | 'LaunchFailed' | 'SetupFailed' | 'Usage';
+type LandstripOperation = 'read' | 'write';
+type LandstripErrorType = 'filesystem' | 'network' | 'platform' | 'launch' | 'encoding';
+
 interface LandstripErrorResponse {
-  reason: 'Other' | 'LaunchFailed' | 'SetupFailed' | 'Usage';
+  reason: LandstripErrorReason;
   file?: string;
+  operation?: LandstripOperation;
   program?: string;
-  type?: 'filesystem' | 'network' | 'platform' | 'launch' | 'encoding';
-  source: string;
+  type?: LandstripErrorType;
+  source?: string;
 }
 
-const LANDSTRIP_VERSION = [0, 11, 3] as const;
+const LANDSTRIP_VERSION = [0, 11, 6] as const;
+const REQUIRED_LANDSTRIP_VERSION = LANDSTRIP_VERSION.join('.');
+const LANDSTRIP_ERROR_REASONS = new Set<LandstripErrorReason>([
+  'Other',
+  'AccessDenied',
+  'LaunchFailed',
+  'SetupFailed',
+  'Usage',
+]);
+const LANDSTRIP_OPERATIONS = new Set<LandstripOperation>(['read', 'write']);
+const LANDSTRIP_ERROR_TYPES = new Set<LandstripErrorType>([
+  'filesystem',
+  'network',
+  'platform',
+  'launch',
+  'encoding',
+]);
 const SUPPORTED_PLATFORMS = new Set<NodeJS.Platform>(['linux', 'darwin', 'win32']);
 
 const DEFAULT_CONFIG: SandboxConfig = {
@@ -226,9 +247,6 @@ function addReadPathToConfig(configPath: string, pathToAdd: string): void {
   config.filesystem = {
     ...config.filesystem,
     allowRead: [...existing, pathToAdd],
-    denyRead: config.filesystem?.denyRead ?? [],
-    allowWrite: config.filesystem?.allowWrite ?? [],
-    denyWrite: config.filesystem?.denyWrite ?? [],
   } as SandboxFilesystemConfig;
   writeConfigFile(configPath, config);
 }
@@ -241,9 +259,6 @@ function addWritePathToConfig(configPath: string, pathToAdd: string): void {
   config.filesystem = {
     ...config.filesystem,
     allowWrite: [...existing, pathToAdd],
-    denyRead: config.filesystem?.denyRead ?? [],
-    allowRead: config.filesystem?.allowRead ?? [],
-    denyWrite: config.filesystem?.denyWrite ?? [],
   } as SandboxFilesystemConfig;
   writeConfigFile(configPath, config);
 }
@@ -337,19 +352,46 @@ function normalizeBlockedPath(path: string, cwd: string): string {
   return canonicalizePath(isAbsolute(path) ? path : join(cwd, path));
 }
 
+function isPathLike(value: string): boolean {
+  const trimmed = value.trim();
+  return (
+    trimmed === '~' ||
+    trimmed.startsWith('/') ||
+    trimmed.startsWith('~/') ||
+    trimmed.startsWith('./') ||
+    trimmed.startsWith('../') ||
+    trimmed.startsWith('.') ||
+    trimmed.includes('/')
+  );
+}
+
+function normalizePathMatch(value: string, cwd: string): string | null {
+  return isPathLike(value) ? normalizeBlockedPath(value, cwd) : null;
+}
+
+function isFilesystemAccessDenied(error: LandstripErrorResponse): boolean {
+  return error.reason === 'AccessDenied' && error.type === 'filesystem';
+}
+
+function isLandstripErrorReason(value: string): value is LandstripErrorReason {
+  return LANDSTRIP_ERROR_REASONS.has(value as LandstripErrorReason);
+}
+
+function isLandstripOperation(value: string): value is LandstripOperation {
+  return LANDSTRIP_OPERATIONS.has(value as LandstripOperation);
+}
+
+function isLandstripErrorType(value: string): value is LandstripErrorType {
+  return LANDSTRIP_ERROR_TYPES.has(value as LandstripErrorType);
+}
+
 function extractCandidatePaths(command: string): string[] {
   const paths: string[] = [];
   // Split on whitespace, preserving quoted strings minimally
   const tokens = command.match(/[^\s"']+|"[^"]*"|'[^']*'/g) ?? [];
   for (const token of tokens) {
     const clean = token.replace(/^["']|["']$/g, '').replace(/[,;]$/, '');
-    if (
-      clean.startsWith('/') ||
-      clean.startsWith('~/') ||
-      clean === '~' ||
-      clean.startsWith('./') ||
-      clean.startsWith('../')
-    ) {
+    if (isPathLike(clean)) {
       paths.push(clean);
     }
   }
@@ -357,36 +399,17 @@ function extractCandidatePaths(command: string): string[] {
 }
 
 function extractBlockedPath(output: string, cwd: string, command?: string): string | null {
-  // bash/sh: line X: /path: Permission denied
-  let match = output.match(
-    /(?:\/bin\/bash|bash|sh): (?:line \d+: )?([^:\n]+): (?:Operation not permitted|Permission denied)/,
-  );
-  if (match) return normalizeBlockedPath(match[1], cwd);
-
-  // ls/cat/cp: cannot open/access/stat '/path': Permission denied
-  match = output.match(
-    /^[a-zA-Z0-9_-]+: cannot (?:open|access|stat|create)(?: directory)? '?([^'\n]+?)'?(?: for (?:reading|writing))?: Permission denied$/m,
-  );
-  if (match) return normalizeBlockedPath(match[1], cwd);
-
-  // Generic: cmd: /absolute/path: Permission denied or Operation not permitted
-  match = output.match(
-    /^[a-zA-Z0-9_-]+: (\/[^\n:]+): (?:Operation not permitted|Permission denied)$/m,
-  );
-  if (match) return normalizeBlockedPath(match[1], cwd);
-
-  // Landstrip structured error format with file field
-  const landstripErrors = parseLandstripErrors(output);
+  const landstripErrors = parseLandstripErrors(output).filter(isFilesystemAccessDenied);
   for (const error of landstripErrors) {
     if (error.file) return normalizeBlockedPath(error.file, cwd);
   }
 
   // If landstrip reported an error but without a file field, try to
-  // extract the blocked path from the command itself
+  // extract the blocked path from the command itself.
   if (landstripErrors.length > 0 && command) {
     const config = loadConfig(cwd);
     for (const candidate of extractCandidatePaths(command)) {
-      const resolved = canonicalizePath(candidate);
+      const resolved = normalizeBlockedPath(candidate, cwd);
       if (
         matchesPattern(resolved, config.filesystem.denyRead) ||
         !matchesPattern(resolved, config.filesystem.allowRead)
@@ -396,11 +419,35 @@ function extractBlockedPath(output: string, cwd: string, command?: string): stri
     }
   }
 
+  // bash/sh: line X: /path: Permission denied
+  let match = output.match(
+    /(?:\/bin\/bash|bash|sh): (?:line \d+: )?([^:\n]+): (?:Operation not permitted|Permission denied)/,
+  );
+  if (match) return normalizePathMatch(match[1], cwd);
+
+  // ls/cat/cp: cannot open/access/stat '/path': Permission denied
+  match = output.match(
+    /^[a-zA-Z0-9_-]+: cannot (?:open|access|stat|create)(?: directory)? '?([^'\n]+?)'?(?: for (?:reading|writing))?: Permission denied$/m,
+  );
+  if (match) return normalizePathMatch(match[1], cwd);
+
+  // Generic: cmd: /absolute/path: Permission denied or Operation not permitted
+  match = output.match(
+    /^[a-zA-Z0-9_-]+: (\/[^:\n]+): (?:Operation not permitted|Permission denied)$/m,
+  );
+  if (match) return normalizeBlockedPath(match[1], cwd);
+
   return null;
 }
 
-function extractBlockedWritePath(output: string, cwd: string, command?: string): string | null {
-  return extractBlockedPath(output, cwd, command);
+function extractBlockedWritePath(output: string, cwd: string): string | null {
+  for (const error of parseLandstripErrors(output).filter(isFilesystemAccessDenied)) {
+    if (error.file && error.operation === 'write') {
+      return normalizeBlockedPath(error.file, cwd);
+    }
+  }
+
+  return null;
 }
 
 function parseLandstripErrors(output: string): LandstripErrorResponse[] {
@@ -419,22 +466,21 @@ function parseLandstripErrors(output: string): LandstripErrorResponse[] {
 
     if (
       fields.reason &&
-      ['Other', 'LaunchFailed', 'SetupFailed', 'Usage'].includes(fields.reason) &&
-      fields.source
+      isLandstripErrorReason(fields.reason) &&
+      (fields.source || fields.reason === 'AccessDenied')
     ) {
-      const error: LandstripErrorResponse = {
-        reason: fields.reason as LandstripErrorResponse['reason'],
-        source: fields.source,
-      };
+      const error: LandstripErrorResponse = { reason: fields.reason };
 
+      if (fields.source) error.source = fields.source;
       if (fields.file) error.file = fields.file;
       if (fields.program) error.program = fields.program;
 
-      if (
-        fields.type &&
-        ['filesystem', 'network', 'platform', 'launch', 'encoding'].includes(fields.type)
-      ) {
-        error.type = fields.type as LandstripErrorResponse['type'];
+      if (fields.operation && isLandstripOperation(fields.operation)) {
+        error.operation = fields.operation;
+      }
+
+      if (fields.type && isLandstripErrorType(fields.type)) {
+        error.type = fields.type;
       }
 
       errors.push(error);
@@ -458,7 +504,12 @@ function formatLandstripErrors(errors: LandstripErrorResponse[]): string {
       if (err.type) {
         parts.push(`:${err.type}`);
       }
-      parts.push(`: ${err.source}`);
+      if (err.operation) {
+        parts.push(`:${err.operation}`);
+      }
+      if (err.source) {
+        parts.push(`: ${err.source}`);
+      }
 
       return parts.join('');
     })
@@ -1080,6 +1131,7 @@ export function createLandstripIntegration(
             }
 
             const blockedPath = extractBlockedPath(stderrAcc, cwd, command);
+            const blockedWritePath = extractBlockedWritePath(stderrAcc, cwd);
             if (blockedPath && ctx.hasUI) {
               const config = loadConfig(cwd);
               const isDeniedByDenyRead = matchesPattern(blockedPath, config.filesystem.denyRead);
@@ -1090,7 +1142,10 @@ export function createLandstripIntegration(
                 matchesPattern,
               );
 
-              if (isDeniedByDenyRead || !isReadAllowed) {
+              if (blockedWritePath === blockedPath && !isWriteAllowed) {
+                const choice = await promptWriteBlock(ctx, blockedPath);
+                if (choice !== 'abort') await applyWriteChoice(choice, blockedPath, cwd);
+              } else if (isDeniedByDenyRead || !isReadAllowed) {
                 const choice = await promptReadBlock(
                   ctx,
                   blockedPath,
@@ -1142,16 +1197,12 @@ export function createLandstripIntegration(
       }
       throw error;
     }
-    const outputText = result.content
-      .filter((content) => content.type === 'text')
-      .map((content) => content.text)
-      .join('\n');
     const landstripErrors = parseLandstripErrors(landstripStderr);
     if (landstripErrors.length > 0) {
       const message = formatLandstripErrors(landstripErrors);
       result.content.unshift({ type: 'text', text: `\n${message}\n` });
     }
-    const blockedPath = extractBlockedWritePath(outputText, ctx.cwd, params.command);
+    const blockedPath = extractBlockedWritePath(landstripStderr, ctx.cwd);
 
     if (!blockedPath || !ctx.hasUI) return result;
 
@@ -1251,7 +1302,10 @@ export function createLandstripIntegration(
     if (!hasMinimumVersion(version, LANDSTRIP_VERSION)) {
       sandboxEnabled = false;
       sandboxReady = false;
-      ctx.ui.notify(`landstrip 0.11.3 or newer is required; found: ${version}`, 'error');
+      ctx.ui.notify(
+        `landstrip ${REQUIRED_LANDSTRIP_VERSION} or newer is required; found: ${version}`,
+        'error',
+      );
       return false;
     }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-landstrip",
-  "version": "0.11.0",
+  "version": "0.11.2",
   "description": "Landlock-based sandboxing for pi with interactive permission prompts",
   "keywords": [
     "landstrip",
@@ -31,7 +31,7 @@
   },
   "dependencies": {
     "@earendil-works/pi-tui": "^0.78.0",
-    "@jarkkojs/landstrip": "^0.11.4"
+    "@jarkkojs/landstrip": "^0.11.6"
   },
   "devDependencies": {
     "@earendil-works/pi-coding-agent": "^0.78.0",