{"id":44691405,"url":"https://github.com/lu-zhengda/macdog","last_synced_at":"2026-02-21T05:01:24.842Z","repository":{"id":338560738,"uuid":"1158276945","full_name":"lu-zhengda/macdog","owner":"lu-zhengda","description":"macOS security \u0026 privacy suite — audit your security posture, manage firewall rules, and harden your system","archived":false,"fork":false,"pushed_at":"2026-02-15T06:01:33.000Z","size":59,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-15T12:27:48.396Z","etag":null,"topics":["bubbletea","claude-code","claude-code-plugin","cli","developer-tools","firewall","golang","homebrew","macos","privacy","security","tui"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lu-zhengda.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-15T04:42:15.000Z","updated_at":"2026-02-15T06:01:26.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/lu-zhengda/macdog","commit_stats":null,"previous_names":["lu-zhengda/macdog"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/lu-zhengda/macdog","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lu-zhengda%2Fmacdog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lu-zhengda%2Fmacdog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lu-zhengda%2Fmacdog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lu-zhengda%2Fmacdog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lu-zhengda","download_url":"https://codeload.github.com/lu-zhengda/macdog/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lu-zhengda%2Fmacdog/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29674359,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-21T03:11:15.450Z","status":"ssl_error","status_checked_at":"2026-02-21T03:10:34.920Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bubbletea","claude-code","claude-code-plugin","cli","developer-tools","firewall","golang","homebrew","macos","privacy","security","tui"],"created_at":"2026-02-15T07:11:55.695Z","updated_at":"2026-02-21T05:01:24.835Z","avatar_url":"https://github.com/lu-zhengda.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# macdog\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n[![Platform: macOS](https://img.shields.io/badge/Platform-macOS-lightgrey.svg)](https://github.com/lu-zhengda/macdog)\n[![Homebrew](https://img.shields.io/badge/Homebrew-lu--zhengda/tap-orange.svg)](https://github.com/lu-zhengda/homebrew-tap)\n\nmacOS security \u0026 privacy suite — audit your security posture, manage firewall rules, review privacy permissions, and harden your system.\n\n## Install\n\n```bash\nbrew tap lu-zhengda/tap\nbrew install macdog\n```\n\n## Usage\n\n```\n$ macdog audit\nSecurity Grade: B (75/100)\n\nCHECK                        STATUS\n-----                        ------\nSystem Integrity Protection  enabled\nFirewall                     off\nFileVault                    on\nGatekeeper                   enabled\nRemote Login                 off\n```\n\n## Commands\n\n| Command | Description |\n|---------|-------------|\n| `status` | **Concise overall security status summary** (exit 0/1/2) |\n| `audit` | Full security audit with letter grade (A-F) |\n| `firewall` | Show firewall status and application rules |\n| `firewall enable` | Enable the application firewall (sudo) |\n| `firewall disable` | Disable the application firewall (sudo) |\n| `firewall allow \u003cpath\u003e` | Allow an app through the firewall (sudo) |\n| `firewall block \u003cpath\u003e` | Block an app in the firewall (sudo) |\n| `privacy` | List TCC privacy permissions |\n| `privacy revoke \u003cservice\u003e \u003cbundle-id\u003e` | Revoke a TCC permission |\n| `login` | List login items and launch agents |\n| `login remove \u003cname\u003e` | Remove a login item or disable a launch agent |\n| `harden` | Apply security hardening preset |\n| `harden --dry-run` | Preview hardening changes without applying |\n\n## Status Command\n\n`macdog status` gives you a fast, read-only overview of your security posture without running slow operations like event-log scanning.\n\n```\n$ macdog status\n\nSecurity Status: WARNING   Grade B (75/100)\n\nDOMAIN        STATUS  DETAIL\n------        ------  ------\nSIP           on      enabled\nFirewall      off     off, 3 rules\nFileVault     on      on\nGatekeeper    on      enabled\nRemote Login  off     off\nLogin Items   OK      12 items\nPrivacy       OK      47 granted, 3 denied (50 total)\n\nGenerated: 2026-02-18T08:30:00Z\n```\n\n```bash\n# Machine-readable JSON (ideal for CI / AI agents)\nmacdog status --json\n```\n\n```json\n{\n  \"overall\": \"warning\",\n  \"score\": 75,\n  \"grade\": \"B\",\n  \"generated_at\": \"2026-02-18T08:30:00Z\",\n  \"audit\": {\n    \"sip\": \"enabled\",\n    \"firewall\": \"off\",\n    \"file_vault\": \"on\",\n    \"gatekeeper\": \"enabled\",\n    \"remote_login\": \"off\",\n    \"score\": 75,\n    \"grade\": \"B\"\n  },\n  \"firewall\": { \"enabled\": false, \"stealth_mode\": false, \"block_all\": false, \"rule_count\": 3 },\n  \"login_items\": { \"count\": 12 },\n  \"privacy\": { \"granted\": 47, \"denied\": 3, \"total\": 50 }\n}\n```\n\n### Status Exit Codes\n\n| Code | Overall | Meaning |\n|------|---------|---------|\n| `0` | `ok` | Score ≥ 90 — all checks passing |\n| `1` | `warning` | Score 60–89 — one or more checks failing |\n| `2` | `critical` | Score \u003c 60 — multiple critical checks failing |\n\n\u003e **Privacy note:** The `privacy` field requires Full Disk Access for Terminal. If unavailable, the field includes an `\"error\"` key and counts are 0.\n\n## Security Audit Scoring\n\n| Check | Points |\n|-------|--------|\n| SIP enabled | 25 |\n| Firewall on | 25 |\n| FileVault on | 25 |\n| Gatekeeper enabled | 15 |\n| Remote Login off | 10 |\n\n| Grade | Score |\n|-------|-------|\n| A | 90-100 |\n| B | 75-89 |\n| C | 60-74 |\n| D | 40-59 |\n| F | 0-39 |\n\n## TUI Dashboard\n\nLaunch `macdog` without arguments to open the interactive dashboard:\n\n- **Audit tab** — Security grade with check status for SIP, Firewall, FileVault, Gatekeeper, and Remote Login\n- **Firewall tab** — Firewall state, stealth mode, block-all, and application rules\n- **Privacy tab** — TCC permissions (Camera, Microphone, Contacts, etc.) per app\n- **Login Items tab** — Login items and launch agents with their type\n- **Harden tab** — Recommended hardening actions with current vs. desired state\n\n| Key | Action |\n|-----|--------|\n| `Tab` / `l` | Next tab |\n| `Shift+Tab` / `h` | Previous tab |\n| `j` / `k` | Navigate up/down |\n| `Enter` | Apply action (Harden tab) |\n| `q` | Quit |\n\n## Notes\n\n- Firewall enable/disable and hardening actions require `sudo`\n- Reading TCC permissions requires Full Disk Access for Terminal\n- Some checks may show \"unknown\" in sandboxed or restricted environments\n\n## Claude Code\n\nAvailable as a skill in the [macos-toolkit](https://github.com/lu-zhengda/macos-toolkit) Claude Code plugin.\n\n## License\n\n[MIT](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flu-zhengda%2Fmacdog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flu-zhengda%2Fmacdog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flu-zhengda%2Fmacdog/lists"}