Remote scripts
Install snippets like curl | sh can run changing code before you have inspected it.
Early project direction
Packy helps you install software without getting owned.
Packy is a planned local desktop AI friend for safer installs. It is designed to live in your dock, tray, or menu bar, notice risky install activity, and help you understand what a command will do before you approve it.
Local-first by default
No install history, package list, shell command, or machine state should leave the device unless the user opts in.
Modern install instructions ask for a lot of trust.
A README tells you to paste a command. A package manager downloads a dependency tree. A postinstall script edits your shell profile. Packy exists for the moment before you hit enter.
Registry traps
Typosquats, new maintainers, suspicious postinstall scripts, and risky dependency chains can hide inside normal package flows.
System changes
Unsigned binaries, global npm installs, pip-as-root, new daemons, services, launch agents, and PATH edits deserve a second look.
A dock companion for install decisions.
Packy's primary UX is planned as a desktop companion, not a CLI-first tool. The planned companion loop is to notice install-related activity, explain the risk in plain language, and offer safer paths without turning every install into a lecture.
- Notice: planned detection for install commands, downloaded installers, registry operations, and package-manager prompts.
- Inspect: planned metadata fetches, script reads, install-path comparisons, and signature or advisory checks when available.
- Explain: planned summaries of what changes, what persists, what runs as root, and what safer options exist.
- Ask: planned pauses before risky steps so the user understands and approves the path.
Example interaction
Packy should speak up at the risky moment.
This is illustrative product direction, not a shipped workflow yet. The goal is concrete: warn when an install pattern deserves inspection, then help the user choose a safer path.
curl -fsSL https://example.com/install.sh | sh
Packy noticed a remote shell installer.
This command downloads a script and runs it immediately. Want me to fetch it first, summarize what it changes, look for package-manager alternatives, and check whether signatures or release checksums are available?
Planned safer options: 1. Download and inspect the script before running it. 2. Prefer a signed package or official package manager when available. 3. Run with the least privilege needed. 4. Record before/after changes if you continue.
Planned capabilities
Concrete checks, not vague AI vibes.
These are design goals for the implementation. They should stay phrased as planned until code backs them.
Inspect install commands
A first prototype now parses command text for common risky patterns. Deeper shell parsing and package-manager plans are planned.
Compare install paths
Explain differences between Homebrew, apt, npm, pip, official downloads, signed packages, and ad hoc scripts.
Explain supply-chain risk
Call out typosquatting, maintainer churn, dependency depth, lifecycle scripts, binary provenance, and risky defaults.
Check facts when available
Use package metadata, advisories, signatures, checksums, release pages, and local caches rather than model memory alone.
Watch recent installs
Track local install activity and produce before/after reports without sending machine state to a cloud service by default.
Keep state local
Store install history, package lists, command context, and risk notes on the device unless the user explicitly chooses otherwise.
Safety model
Suggest, plan, approve, execute.
Packy should be useful without becoming an unsupervised root shell. The assistant can explain and propose, but deterministic policy should gate privileged actions.
Notice a risky pattern
Remote shell installers, global writes, unsigned binaries, and hidden lifecycle hooks get flagged.
Build an inspectable path
Packy explains what it wants to inspect, what it can verify, and where uncertainty remains.
Ask before risky steps
The user chooses whether to inspect, use a safer alternative, continue, or stop.
Never blindly shell out
Privileged commands should require explicit approval and policy checks, not LLM impulse.
Local AI
Helpful without default cloud exposure.
The design center is local-first privacy. Packy should avoid uploading install history, package lists, shell commands, or machine state by default.
Planned architecture direction
A tiny local model can classify install-related activity and decide when to notify. A larger local model can be optional for deeper explanations. Tools, retrieval, and cache should provide current package facts when model memory is not enough.
Cloud services may become optional later, but they should not be required for the core private install-safety loop.
Status
Early project. Static site for now.
This repository currently hosts a static GitHub Pages site, repo-local agent guidance, an architecture document, and a first deterministic command-risk analyzer. The desktop companion implementation is still to come, so the page distinguishes current code from intended product direction.
Current code can inspect command text only. Future copy should not claim Packy already watches installs, executes commands, verifies signatures, or blocks risky behavior until those capabilities exist in code.