ptrace-approve 2.1.0

Intercept and approve filesystem-modifying syscalls

ptrace-approve

Approve a programs actions from the command-line. Remeber choices.

Claude code approval system for the code generated by claude code.

This is ai-generated unreviewed code. I have used it a coouple of times.

Caveats

AI-generated code, unreviewed, slow. This runs python code on every system call so for some use cases is very slow and breaks parallelization, think lots of system calls in parallel threads.

Child processes and not traced (strace -f) (but you approve when the are spawned).

Motivation

I wanted to rub some vibe coded apps over my code and not have it destroy my code.

Alternatives and prior work

This is influenced form a UI perspective by cluade code, where you approve individual commands as claude wishes to run them, optionally adding exceptions. There is a tool called maybe which is a similar idea and has been declared as unmaintained by it's previous maintainer.

ptrace-approve uses ptrace and apparmor does similar things. Apparmor is faster, and can record rules to allow - but not does not have this sort of interactive real time approval. ptrace-approve use the python-pytrace library which does all the fiddly work. This does the last mile of making something useful and doing pattern matching.

Tools like austral can place limits at the module or function level using a type systems.

Installation

pipx install ptrace-approve

Usage

ptrace-approve app

By default all reads are allowed.

Individually approve rules or add patterns. . in patterns does not match ,'s or brackets. Use (.|[.(),]) for the conventional meaning of . in regexps

the abolsute path to app app is found and a default profile is stored for the app based on this path.

ptrace-approve --clear app

Patterns

/regexp/ */pycache/ * does not match forwards slashes "*" - literal ... _ - any argument

Change log

2.0.0 - Change match format