Skip to content

feat: add macOS support and Homebrew distribution#6

Merged
hughesjs merged 2 commits intomasterfrom
macos
Feb 25, 2026
Merged

feat: add macOS support and Homebrew distribution#6
hughesjs merged 2 commits intomasterfrom
macos

Conversation

@hughesjs
Copy link
Copy Markdown
Owner

@hughesjs hughesjs commented Feb 25, 2026

Summary

  • Adds macOS support using sudo -A with a native osascript password dialogue (analogous to polkit on Linux)
  • Extracts IPrivilegedExecutor interface for platform-agnostic privilege escalation
  • Adds macOS-specific blocklist patterns (diskutil destructive subcommands, newfs, dd to /dev/disk)
  • Adds Homebrew tap distribution via hughesjs/homebrew-tap
  • Cross-platform install/uninstall scripts, CI (unit tests + build on macOS), and CD (macOS tarballs + formula publishing)

Changes

  • New files: IPrivilegedExecutor.cs, SudoExecutor.cs, generate-homebrew-formula.sh
  • Modified: PkexecExecutor.cs, SudoExecutionTool.cs, Program.cs, DefaultBlocklist.cs, CommandValidatorTests.cs, install/uninstall scripts, CI/CD pipelines, all docs
  • New secrets required: HOMEBREW_TAP_TOKEN (PAT with repo scope for hughesjs/homebrew-tap)
  • One-time setup: Create hughesjs/homebrew-tap repo with Formula/ directory

Test plan

  • Unit tests pass on macOS (27 tests including 13 new macOS blocklist tests)
  • macOS ARM64 binary builds and runs (--help verified)
  • SudoExecutor tested live — native password dialogue appears, commands execute as root
  • CI pipeline passes (macOS unit tests + build jobs)
  • Verify Homebrew formula generation script produces valid Ruby

🤖 Generated with Claude Code

James Hughes added 2 commits February 25, 2026 22:05
feat: add macOS support with sudo askpass and Homebrew distribution
b24f810 
- Extract IPrivilegedExecutor interface from PkexecExecutor
- Add SudoExecutor for macOS using sudo -A with osascript askpass dialogue
- Platform-aware DI registration and audit log defaults
- Add macOS blocklist patterns (diskutil, newfs, dd to /dev/disk)
- Cross-platform install/uninstall scripts (macOS installs to /usr/local/bin)
- CD pipeline: macOS builds, tarballs, Homebrew formula generation and tap publishing
- CI pipeline: unit tests on macOS, macOS binary build verification
- Documentation updates across README, SECURITY, and CLAUDE.md
chore: remove Homebrew formula generation and tap publishing
be7cb18
@hughesjs hughesjs merged commit f8072e5 into master Feb 25, 2026
11 checks passed
@hughesjs hughesjs deleted the macos branch February 25, 2026 22:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hughesjs