Intercept and approve filesystem-modifying syscalls
Project description
ptrace-approve
Approve a programs actions from the command-line. Remeber choices.
Claude code approval system for the code generated by claude code.
This is ai-generated unreviewed code. I have used it a coouple of times.
Caveats
AI-generated code, unreviewed, slow. This runs python code on every system call so for some use cases is very slow and breaks parallelization, think lots of system calls in parallel threads.
Processes and not traced after an exec (--trace-children), but you will have approved the exec. I had issues getting filenames (due to not being able to access memory) when we exec'd into other processes. This specifically happened for git. But this is not the normal mode of execution.
Motivation
I wanted to rub some vibe coded apps over my code and not have it destroy my code.
Alternatives and prior work
This is influenced form a UI perspective by cluade code, where you approve individual commands as claude wishes to run them, optionally adding exceptions. There is a tool called maybe which is a similar idea and has been declared as unmaintained by it's previous maintainer.
ptrace-approve uses ptrace and apparmor does similar things. Apparmor is faster, and can record rules to allow - but not does not have this sort of interactive real time approval. ptrace-approve use the python-pytrace library which does all the fiddly work. This does the last mile of making something useful and doing pattern matching.
Tools like austral can place limits at the module or function level using a type systems.
Installation
pipx install ptrace-approve
Usage
ptrace-approve app
By default all reads are allowed.
Individually approve rules or add patterns. . in patterns does not match ,'s or brackets. Use (.|[.(),]) for the conventional meaning of . in regexps
the abolsute path to app app is found and a default profile is stored for the app based on this path.
ptrace-approve --clear app
Patterns
/regexp/
*/pycache/
* does not match forwards slashes
"*" - literal
...
_ - any argument
Change log
2.0.0 - Change match format 3.0.0 - Don't trace after exec, but trace after the initial fork.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ptrace_approve-3.0.0.tar.gz.
File metadata
- Download URL: ptrace_approve-3.0.0.tar.gz
- Upload date:
- Size: 11.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2131a19c006f76f8ff3fdf64adc856510f5e4e2f98543d428a4f0a6f5390bc94
|
|
| MD5 |
78051aacf1cbea4c0b5658542b2bba72
|
|
| BLAKE2b-256 |
e5608916f3b376b77e0db29f0d235f3de3de037c181e1729603c6a40588166f7
|
File details
Details for the file ptrace_approve-3.0.0-py3-none-any.whl.
File metadata
- Download URL: ptrace_approve-3.0.0-py3-none-any.whl
- Upload date:
- Size: 11.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
083b96bd32e53c54460c423249cff24a6e5feb4dc2636f28788721bc0bf421f8
|
|
| MD5 |
70d47be3c098f5049597e108f63da78e
|
|
| BLAKE2b-256 |
4009f16e748a6ec6d542dfd63bbdf12eef9e91ab0dd944489fe475304f5eb14b
|
