CLI focus blocker for macOS — block distracting websites and apps
Project description
Lockin
A CLI focus blocker for macOS. Blocks distracting websites and apps at the network level so you can actually get work done.
- Blocks websites via
/etc/hosts(not a browser extension — works across all browsers) - Kills distracting app processes (Discord, Spotify, etc.)
- Tamper-resistant: sessions cannot be stopped early, even with
sudo - Enforced by a launchd watchdog daemon that re-applies blocks every 3 seconds
- Survives reboots, browser restarts, and DNS flushes
Install
pip install lockin
Or with pipx (recommended):
pipx install lockin
Requires macOS and Python 3.11+.
Quick Start
# 1. Create a profile
lockin profile create work --preset social --preset entertainment
# 2. Start a focus session (requires sudo for /etc/hosts access)
sudo lockin start work --duration 2h
# 3. Check status
lockin
That's it. For the next 2 hours, social media and streaming sites are unreachable and Discord/Spotify get killed on launch.
Commands
Sessions
sudo lockin start <profile> --duration 2h # Start a focus session
lockin status # Check remaining time (or just `lockin`)
lockin stop # Refused during active sessions (by design)
Profiles
Profiles define what to block. They combine presets with custom sites and apps.
lockin profile list # List all profiles
lockin profile create deep --preset social --preset entertainment --preset news
lockin profile create coding --preset social --site chatgpt.com --app Slack
lockin profile show work # See what a profile blocks
lockin profile delete old-profile
Presets
Built-in categories of sites and apps:
lockin preset # List all presets
| Preset | Sites | Apps |
|---|---|---|
| social | x.com, twitter.com, facebook.com, instagram.com, tiktok.com, reddit.com, threads.net, snapchat.com, linkedin.com | Discord |
| entertainment | youtube.com, netflix.com, twitch.tv, hulu.com, disneyplus.com, primevideo.com, spotify.com | Spotify |
| news | news.ycombinator.com, cnn.com, bbc.com, nytimes.com, theguardian.com | — |
| gaming | steampowered.com, store.steampowered.com, epicgames.com, riotgames.com | Steam, Epic Games Launcher |
Each domain is blocked with all subdomain variants (www, m, api, mobile, app).
Always-Blocked
Block domains permanently, outside of any session:
lockin block reddit.com
lockin unblock reddit.com
Schedules
lockin schedule create mornings --profile work --days mon,tue,wed,thu,fri --start 09:00 --duration 120
lockin schedule list
lockin schedule delete mornings
Other
lockin apps # List detected macOS apps
sudo lockin install # Install watchdog daemon
sudo lockin uninstall # Uninstall daemon (only when no active session)
lockin --version
How It Works
- Website blocking: Writes blocked domains to
/etc/hostspointing to0.0.0.0, then sets the system immutable flag (chflags schg) to prevent edits - App blocking: Kills blocked apps via
osascript(graceful quit) thenkillall(force kill) - Watchdog daemon: A launchd daemon (
KeepAlive: true) runs every 3 seconds to re-apply blocks if tampered with, re-kill blocked apps, and clean up when the session expires - Session signing: Sessions are signed with HMAC-SHA256 (key derived from hardware UUID). Modifying the session file invalidates the signature
Tamper Protection
The whole point of Lockin is that you cannot bypass it during a session:
| Attack | Mitigation |
|---|---|
Edit /etc/hosts |
Immutable flag (schg) blocks writes; watchdog re-applies if removed |
| Kill the watchdog | launchd auto-respawns it immediately |
sudo lockin stop --force |
No code path exists to stop active sessions |
| Delete the session file | Blocks become permanent (no valid session = no cleanup) |
| Change the end time in session file | HMAC validation fails, watchdog ignores it |
| Reboot | Session persists at /var/lockin/, daemon has RunAtLoad: true |
| Change system clock | Watchdog cross-checks elapsed time vs 2x duration |
Configuration
Profiles and schedules are stored in ~/.config/lockin/config.json. Sessions are stored in /var/lockin/session.json.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file lockin-0.1.1.tar.gz.
File metadata
- Download URL: lockin-0.1.1.tar.gz
- Upload date:
- Size: 41.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dc6e25410028033845d55ed20816879a313f3252bff756ac7a05fb5a53d51444
|
|
| MD5 |
4c304d4f60ddf1cee5b862d2fde8dfab
|
|
| BLAKE2b-256 |
4302220f2272b22fc7728ec26768a42b3c2ba4928822c41ea65f666515b9010f
|
File details
Details for the file lockin-0.1.1-py3-none-any.whl.
File metadata
- Download URL: lockin-0.1.1-py3-none-any.whl
- Upload date:
- Size: 17.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fd952b3ec2c3f3b9da5262923649ee89f90c91c270cf4aa917f5bf43ec306fdb
|
|
| MD5 |
20cd19b838fafdfb5f6225230adb84a9
|
|
| BLAKE2b-256 |
fdbc77f3954f638b408e186fc1ac7d043343cc23e6a6fa39213e2221c448902e
|
