Skip to content

krishnasureshcpa/ghosty

Repository files navigation

Ghosty mascot

GHOSTY

macOS Privacy & Security TUI

InstallUsageTechContribute

CI Python Textual macOS License


Ghosty turns the 919-line macOS Security & Privacy Guide into a typed, reversible action catalog wrapped in a Textual TUI — sidebar navigation, live before/after diffs, parallel execution, dry-run by default, and one-command rollback.

20 chapters · 80+ reversible actions · Snapshot → Verify → Undo


Install

Pre-built (recommended) — no clone needed, one command:

uv tool install ghosty-cli          # uv (fastest)
pipx install ghosty-cli             # pipx
brew install krishnasureshcpa/tap/ghosty  # Homebrew

From sourceghosty available globally after install:

git clone https://github.com/krishnasureshcpa/ghosty
cd ghosty
make install                        # one command → ghosty on PATH
# or: python install.py             # interactive installer
# or: uv tool install .             # same as make install

Run from source (no global install):

cd ghosty && uv sync && uv run ghosty

Usage

ghosty                  Launch the TUI
ghosty test             Self-test + welcome screen
ghosty doctor           System health dashboard
ghosty harden all       Non-interactive full hardening
ghosty harden firewall  Single chapter
ghosty snapshot save    Snapshot current state
ghosty rollback         Undo last action
ghosty --help           Full CLI reference

Inside the TUI

Key Action
up/down Navigate action list
1-9 Jump to chapter
space Toggle selection
enter Inspect / execute
d Dry-run preview
a Apply (with confirmation)
u Undo (last applied)
/ Fuzzy search
? Help overlay

Features

Area Detail
Curated catalog Every action authored from the macOS privacy cheat sheet — nothing made up
Snapshots Every mutable action preceded by state capture, recorded in JSONL
Rollback ghosty undo replays the inverse op-store in dependency order
Parallel grid 4-action pipelines render at ~30 fps with ETA and per-cell status
Doctor Checks Apple Silicon, SIP, FileVault, brew, sudo, network isolation
Dry-run Every command shows preview before sudo, with confirm/cancel
Real installs brew install actually runs, binary verified, optionally launched
JSON output --json flag for scripting and CI integration
Overrideable $GHOSTY_CHEATSHEET for a custom privacy guide path
macOS guard CLI exits with clear error on unsupported platforms

Tech

Layer Choice
Language Python 3.12+
TUI Textual ≥ 0.85 (async, CSS, animations)
Styling Rich ≥ 13 (gradients, syntax, progress)
CLI Click ≥ 8.1
Model Pydantic v2
Shell asyncio — no races, no zombies
Resolver uv — 10× faster than pip + venv

Structure

src/ghosty/
├── app/          — Textual app shell, screens, keybindings
├── catalog/      — 20 chapters of curated hardening actions
├── runner/       — Execution engine, parallel grid, rollback
├── backends/     — macOS defaults, brew, file ops, launchctl
├── theme/        — Color palette, styling tokens
└── cli.py        — Click entrypoint

v1 → v2

v1 (Go + Bubble Tea, 6 items) v2 (Python + Textual, 20 chapters · 80+ actions)
Install buttons were stubs Every click actually runs brew / defaults write
Manual, single-step Snapshot → mutate → verify → undo workflow
No rollback Every action records its inverse
Static screenshot Animated banner, keyframed transitions, live grid
Plain main.go Modular src/ghosty/ with 6 packages

Contributing

See CONTRIBUTING.md. Catalog additions start as PRs against catalog/ with a verification op proving the setting changed.

Report vulnerabilities per SECURITY.md — not as public issues.


License

MIT © 2026 Krishna Suresh CPA.


Acknowledgments

★ Star on GitHub

About

Phantom-grade macOS privacy & security TUI built on Textual

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors