confirm-pam
| Crates.io | confirm-pam |
| lib.rs | confirm-pam |
| version | 0.6.0 |
| created_at | 2025-07-04 14:23:29.557478+00 |
| updated_at | 2025-07-04 14:26:30.575565+00 |
| description | A CLI tool for biometric authentication confirmation |
| homepage | https://github.com/azu/confirm-pam |
| repository | https://github.com/azu/confirm-pam |
| max_upload_size | |
| id | 1738052 |
| size | 48,187 |
azu (azu)
documentation
https://github.com/azu/confirm-pam
README
confirm-pam
A CLI tool for biometric authentication confirmation.
Overview
confirm-pam is a command-line tool that provides biometric authentication (fingerprint/Touch ID) confirmation prompts. It's designed to prevent automated tools (including AI agents) from bypassing security checks like git commit --no-verify.
Features
- â Touch ID authentication on macOS
- ð Custom message display during authentication prompt
- ðĶ Simple exit codes: 0 for success, 1 for failure/cancel, 2 for errors
- ðŠķ Lightweight binary with minimal dependencies
- ð Fast native performance
Installation
From crates.io (Recommended)
cargo install confirm-pam
From Source
# Clone and build
git clone https://github.com/azu/confirm-pam
cd confirm-pam
cargo build --release
# Copy to PATH
sudo cp target/release/confirm-pam /usr/local/bin/
Usage
Basic Usage
confirm-pam "Your authentication message here"
Exit Codes
0- Authentication successful1- User cancelled authentication2- Error occurred (biometrics unavailable, etc.)
Shell Script Integration
if confirm-pam "Allow sensitive operation?"; then
echo "Authenticated - proceeding"
else
echo "Authentication failed or cancelled"
exit 1
fi
Git Hook Example
Create .git/hooks/pre-commit:
#!/bin/bash
# Prevent --no-verify without biometric confirmation
if [[ "$GIT_PARAMS" == *"--no-verify"* ]]; then
if ! confirm-pam "Allow bypassing git hooks with --no-verify?"; then
echo "â Touch ID authentication required to use --no-verify"
exit 1
fi
fi
Platform Support
| Platform | Status | Authentication Method | Issue |
|---|---|---|---|
| macOS | â Supported | Touch ID | - |
| Linux | ð§ Planned | PAM + fprintd | #1 |
| Windows | ð§ Planned | Windows Hello | #2 |
Requirements
macOS
- macOS 10.12.2 or later
- Touch ID capable device
- Touch ID must be configured in System Preferences
Development
Using Make Commands
# Show available commands
make help
# Build the project
make build
# Run all tests (unit + lint + format check)
make test
# Run Touch ID integration tests (requires user interaction)
make dev-test
# Clean build artifacts
make clean
# Install to system PATH
make install
# Create a release (tag + build)
make release
Using Cargo Directly
# Run tests
cargo test
# Run integration tests (requires user interaction)
./test_touchid.sh
# Build for release
cargo build --release
# Format code
cargo fmt
# Run linter
cargo clippy
Release Process
This project uses local manual releases with make commands:
Release Commands
# Patch release (0.1.0 â 0.1.1): Bug fixes, small improvements
make release-patch
# Minor release (0.1.0 â 0.2.0): New features, enhancements
make release-minor
# Major release (0.1.0 â 1.0.0): Breaking changes, major releases
make release-major
What happens automatically
- â
Version bumped in
Cargo.tomlusing semver - â Git tag created and pushed
- â Published to crates.io
- â GitHub release created with binaries
Manual Release Steps
For manual control over release process
# 1. Update version manually in Cargo.toml
# 2. Commit and tag
git add Cargo.toml
git commit -m "chore: release v0.x.x"
git tag v0.x.x
git push origin main
git push origin v0.x.x
# 3. Publish to crates.io
cargo publish
# 4. Create GitHub release (manual via web interface)
Contributing
Contributions are welcome! Please see the open issues for planned features and improvements.
License
MIT License - See LICENSE file for details
Acknowledgments
This project was inspired by the need to add human verification to automated development workflows, particularly to prevent AI tools from bypassing security measures.