Skip to content

feat: add allow_list_dirs for Bun runtime compatibility #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Pierozi merged 3 commits into from
Feb 2, 2026
Merged

feat: add allow_list_dirs for Bun runtime compatibility #17

Pierozi merged 3 commits into from
Feb 2, 2026

Conversation

@Pierozi
Copy link
Contributor

@Pierozi Pierozi commented Feb 2, 2026
edited
Loading

Summary

  • Adds allow_list_dirs config option enabling Seatbelt's literal filter for directory listing without file access
  • Solves Bun's startup failure in sandboxes caused by readdir() on parent directories (/Users, ~/)
  • Includes auto-detection and built-in profile for seamless Bun support

Test plan

  • All unit tests pass (4 new tests for allow_list_dirs behavior)
  • Bun profile generates correct Seatbelt rules with literal filter
  • deny_read takes precedence over allow_list_dirs (last-match-wins)
  • Manual test: sx bun bun run dev in a Bun project
  • Verify parent directory listing works but file contents remain inaccessible

Fixes #13

@Pierozi Pierozi added the bug Something isn't working label Feb 2, 2026
@Pierozi Pierozi self-assigned this Feb 2, 2026
@Pierozi Pierozi added bugfix and removed bug Something isn't working labels Feb 2, 2026
@Pierozi Pierozi force-pushed the feat/bun-compat branch 2 times, most recently from 7e14962 to 752b115 Compare February 2, 2026 08:47
@Pierozi
feat(sandbox): add allow_list_dirs for Bun runtime compatibility
722c207 
- Add allow_list_dirs config to FilesystemConfig for directory listing only
- Use Seatbelt literal filter for readdir without file/subdir access
- Add built-in bun profile with parent directory listing enabled
- Auto-detect Bun projects via bun.lockb and bunfig.toml markers
- Add comprehensive tests for allow_list_dirs behavior

Fixes #13
@Pierozi
style: fmt
4a93064
@Pierozi
feat(bun): make profile configurable and add sxb alias
1e72f6e 
- Remove hardcoded network_mode to let users choose
- Add ~/.bun to allow_write for cache updates
- Remove redundant deny_read rules (covered by base)
- Add sxb alias to zsh, bash, fish integrations
@Pierozi Pierozi merged commit 03ba5ad into main Feb 2, 2026
6 checks passed
Pierozi added a commit that referenced this pull request Feb 2, 2026
@Pierozi
feat: add allow_list_dirs for Bun runtime compatibility (#17)
b644da0 
* feat(sandbox): add allow_list_dirs for Bun runtime compatibility

- Add allow_list_dirs config to FilesystemConfig for directory listing only
- Use Seatbelt literal filter for readdir without file/subdir access
- Add built-in bun profile with parent directory listing enabled
- Auto-detect Bun projects via bun.lockb and bunfig.toml markers
- Add comprehensive tests for allow_list_dirs behavior

Fixes #13

* style: fmt

* feat(bun): make profile configurable and add sxb alias

- Remove hardcoded network_mode to let users choose
- Add ~/.bun to allow_write for cache updates
- Remove redundant deny_read rules (covered by base)
- Add sxb alias to zsh, bash, fish integrations
@Pierozi Pierozi deleted the feat/bun-compat branch February 3, 2026 09:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Pierozi Pierozi

Labels

bugfix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bun runtime incompatible with sandbox - requires readdir() on /Users

2 participants

@Pierozi