shelllock-macos
Protect any shell command behind Touch ID 🔐
Table of Contents
About
Gate any shell command or script behind biometric auth. AI agents cannot bypass this — they can't physically touch your fingerprint sensor.
you type: shelllock ./deploy.sh
↓
Touch ID prompt appears
↓
✓ authenticated → script runs
✗ failed → nothing happens
Use cases:
- Protect deploy scripts from eager AI agents (Cursor, Copilot)
- Gate destructive commands (
rm -rf,git push --force) - Secure sensitive operations (DB migrations, prod access)
Install
brew tap vdutts7/tap
brew install shelllock
From source
git clone https://github.com/vdutts7/shelllock-macos.git
cd shelllock-macos
make install
Build manually
make build
# Or directly
swiftc -O -o shelllock Sources/shelllock.swift
SDK mismatch fix:
sudo rm -rf /Library/Developer/CommandLineTools
xcode-select --install
Usage
# Basic
shelllock ./deploy.sh
# Custom prompt
shelllock -m "Deploy to production?" ./deploy.sh
# Inline command
shelllock -c "npm run build && npm test"
Self-protecting scripts
Add to top of any script:
#!/bin/bash
if [[ "${SHELLLOCK_VERIFIED:-}" != "1" ]]; then
exec env SHELLLOCK_VERIFIED=1 shelllock -m "Run this script?" "$0" "$@"
fi
Tools Used
Related
- applock-macos — Touch ID gate for
.appbundles
Contact
