Quickstart
Run your first command
echo 'console.log("hello from kratex")' > app.js
kratex run node app.js
Output:
[kratex] active policy: builtin-default ((built-in default))
hello from kratex
Kratex ran your command with its built-in rules active. The CLI bundles a default policy that runs in enforce mode, so you get protection with no configuration. The [kratex] active policy: banner is written to stderr; set KRATEX_QUIET=1 to suppress it.
See a real block
Most built-in rules fire only on third-party code; a small family of credential-path protections applies to all code. Here is a real block kratex install produces when a dependency phones home during install.
When a dependency’s postinstall script makes an outbound network call during install, the same shape as the October 2021 ua-parser-js incident, kratex install installs the dependency tree with scripts disabled, then evaluates each lifecycle script against policy before running it. The built-in kratex.builtin.third-party-lifecycle-network rule blocks the outbound network call before it opens and prints a receipt naming the package that tried it:
(The receipt dials 127.0.0.1:1 as a harmless stand-in for the real exfiltration host. The {credentials} tag appears because npm reads .npmrc during install, and that exposure carries into the script it launches; see How it works.) This block fires in every policy mode, with no policy file present.
Want to run Kratex live in your browser, with nothing to install? The defeat-the-policy challenge plants a credential, runs a dependency that tries to steal it, and dares you to get it past Kratex’s built-in defaults.
Notice the to allow section of the receipt. For every block, Kratex prints a rule scoped to that package and operation; paste it into kratex.policy.json at the project root and the call is allowed on the next run. Here the blocked call is the exfiltration itself, so no allow applies. A prebuilt-binary fetcher like puppeteer or electron trips the same rule during a normal install; that is the case the printed allow exists for. See Policy authoring for the full grammar.
Write your own policy
The bundled default protects you with no setup. To customize, create a kratex.policy.json at your project root. A policy that omits mode runs in enforce (blocking) mode; set "mode": "audit" to record violations without blocking while you take inventory:
{
"version": 1,
"mode": "audit",
"rules": []
}
With an empty rule list in audit mode, every operation proceeds and every violation is recorded, so you can see what your dependencies actually do before you start blocking. When you are ready, switch to "mode": "enforce" and add allow rules for the calls you intend to keep.
Next steps
- How it works: the preload model, caller-chain attribution, and how rules become decisions.
- Built-in rules: the full catalog of default rules.
- Policy authoring: how to write your own rules.