Every npm install executes arbitrary native code with your full file-system permissions.
ClearanceKit intercepts every file-system access event and enforces per-process allow policies —
so a compromised package can't silently reach your SSH keys, credentials, or private data.
How it works
ClearanceKit uses Apple's Endpoint Security framework to place itself between every file-system operation and the process that triggered it — before the access is granted.
Any process — including those spawned by npm install, pip install, or brew upgrade — attempts to open, rename, read, or write a file.
The kernel delivers an authorisation event to ClearanceKit's system extension before the access is permitted. The extension must respond within the deadline.
The extension checks the process's cryptographic Team ID and Signing ID against your rules — not file paths or hashes, which can be spoofed or go stale after updates.
Denied events surface in the SwiftUI interface so you can review them and build policy as you work. Allowed accesses pass through with zero latency.
Features
Surgical, per-process file-system control with zero-maintenance policies that survive software updates.
Bind rules to the cryptographic Team ID and Signing ID embedded in every binary — not file paths that can be spoofed or hashes that go stale after each update.
Confine any process to a specific set of path prefixes. Any access outside the allowed set is denied regardless of other policy rules — zero escape.
Allow access only when the process was launched by a trusted parent. Grant a build tool read access to source files only when invoked from your trusted CI runner.
Live event stream, one-click policy creation, app protections, process tree visualisation, and a real-time pipeline throughput graph — all in a native sidebar app built entirely with SwiftUI.
Deploy policies across your entire developer fleet via Apple Configuration Profiles. Any MDM that supports managed preferences works — Jamf, Kandji, Mosyle, and more.
ClearanceKit never makes outbound connections and has no third-party dependencies. Every capability — Endpoint Security, XPC, SQLite, SwiftUI — is provided by Apple's own frameworks. No telemetry, no update checks, no supply chain to audit beyond Apple's toolchain.
What's at risk
postinstall script can reach all of thisAny unsandboxed process runs with your full file-system permissions. A malicious package or compromised dependency can silently exfiltrate all of the following.
SSH private keys ~/.ssh/id_*
AWS / GCP / Azure credentials
iMessage chat history ~/Library/Messages/
Safari & browser cookies
Git credentials ~/.git-credentials
GPG private keys ~/.gnupg/
Signal, Slack, Discord data
VS Code / IDE state & workspace
Why code signing beats file paths
Traditional MAC systems bind permissions to file paths or binary hashes. ClearanceKit binds them to the Developer ID certificate embedded in the binary.
Installation
No configuration files. No command-line setup. Download, drag, and grant the two permissions macOS requires.
Get the latest signed and notarized release below. Every release is attested with GitHub's build provenance attestation.
Open the DMG and drag clearancekit.app to the Applications folder shortcut.
On first launch, open the Setup tab and click Activate Extension. macOS prompts for approval in System Settings — once only.
Endpoint Security requires Full Disk Access for the system extension. Grant it when prompted, or navigate to System Settings → Privacy & Security.
Free and open source. Signed, notarized, and attested. No account required. No telemetry. No auto-updates. No third-party dependencies — just Apple APIs.