Metadata-Version: 2.4
Name: ptrace-approve
Version: 3.0.0
Summary: Intercept and approve filesystem-modifying syscalls
License: MIT
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: python-ptrace>=0.9.9
Requires-Dist: pytest

# ptrace-approve
Approve a programs actions from the command-line. Remeber choices.

Claude code approval system *for the code generated by claude code*.

This is ai-generated unreviewed code. I have used it a coouple of times.

## Caveats
AI-generated code, unreviewed, *slow*. This runs python code on every system call so for some use cases is *very slow* and breaks parallelization, think lots of system calls in parallel threads.

Processes and not traced after an exec (`--trace-children`), but you will have approved the exec. I had issues getting filenames (due to not being able to access memory) when we exec'd into other processes. This specifically happened for git. But this is not the normal mode of execution.

## Motivation
I wanted to rub some vibe coded apps over my code and not have it destroy my code.

## Alternatives and prior work
This is influenced form a UI perspective by cluade code, where you approve individual commands as claude wishes to run them, optionally adding exceptions. There is a tool called `maybe` which is a similar idea and has been declared as unmaintained by it's previous maintainer.

`ptrace-approve` uses ptrace and apparmor does similar things. Apparmor is faster, and can record rules to allow - but not does not have this sort of interactive real time approval.  `ptrace-approve` use the `python-pytrace` library which does all the fiddly work. This does the last mile of making something useful and doing pattern matching.

Tools like austral can place limits at the module or function level using a type systems.

## Installation
pipx install ptrace-approve

## Usage
ptrace-approve app

By default all reads are allowed.

Individually approve rules or add patterns. `.` in patterns does not match ,'s or brackets. Use `(.|[.(),])` for the conventional meaning of . in regexps

the abolsute path to app app is found and a default profile is stored for the app based on this path.

ptrace-approve --clear app

Patterns 

/regexp/
**/__pycache__/*
`*` does not match forwards slashes
"*" - literal
...
_ - any argument


## Change log
2.0.0 - Change match format
3.0.0 - Don't trace after exec, but trace after the initial fork.
