Paste protection doesn't work with clipboard managers

[sysophost]

I've been playing with this feature and found that content pasted using Raycast, i.e. retrieved from the clipboard manager and pasted into the frontmost application, doesn't trigger the paste protection alert.

It turns out that paste operations from the Raycast clipboard manager don't send cmd+v so isn't caught as a paste event.

The code snippet below does reliably trigger for paste events both using cmd+v as well as pastes from the Raycast clipboard manager.
Code was generated by Gemini, don't hate me for the use of emojis.

import Foundation
import CoreGraphics
import AppKit

// Virtual Key Code for 'V' is 9
let kVK_ANSI_V: Int64 = 9

func pasteCallback(proxy: CGEventTapProxy, type: CGEventType, event: CGEvent, refcon: UnsafeMutableRawPointer?) -> Unmanaged<CGEvent>? {
    guard type == .keyDown else { return Unmanaged.passUnretained(event) }

    let keyCode = event.getIntegerValueField(.keyboardEventKeycode)
    let flags = event.flags

    if keyCode == kVK_ANSI_V && flags.contains(.maskCommand) {
        // 1. Get the PID of the process that created this event
        // For physical hardware, this is typically 0.
        // For Raycast/injected events, this is the PID of the source app.
        let sourcePID = event.getIntegerValueField(.eventSourceUnixProcessID)
        
        // 2. Get the PID of the process receiving the event
        let targetPID = event.getIntegerValueField(.eventTargetUnixProcessID)
        
        print("\n--- [PASTE EVENT DETECTED] ---")
        
        if sourcePID == 0 {
            print("👤 Type: HUMAN (Hardware)")
            print("   Action: User pressed physical keys")
        } else {
            let sourceName = getAppName(pid: Int32(sourcePID))
            print("🤖 Type: SYNTHETIC (Injected)")
            print("   Source: \(sourceName) (PID: \(sourcePID))")
        }
        
        let targetName = getAppName(pid: Int32(targetPID))
        print("   Target: \(targetName) (PID: \(targetPID))")
    }

    return Unmanaged.passUnretained(event)
}

// Helper to turn a PID into an App Name
func getAppName(pid: Int32) -> String {
    if let app = NSRunningApplication(processIdentifier: pid) {
        return app.localizedName ?? "Unknown App"
    }
    return "System/Background Process"
}

func run() {
    let mask = (1 << CGEventType.keyDown.rawValue)
    
    // Using .cgAnnotatedSessionEventTap is critical to see the PIDs
    guard let tap = CGEvent.tapCreate(
        tap: .cgAnnotatedSessionEventTap,
        place: .headInsertEventTap,
        options: .defaultTap,
        eventsOfInterest: CGEventMask(mask),
        callback: pasteCallback,
        userInfo: nil
    ) else {
        print("Error: Accessibility permissions required.")
        return
    }

    let runLoopSource = CFMachPortCreateRunLoopSource(kCFAllocatorDefault, tap, 0)
    CFRunLoopAddSource(CFRunLoopGetCurrent(), runLoopSource, .commonModes)
    CGEvent.tapEnable(tap: tap, enable: true)
    
    print("Monitoring source and target of all pastes...")
    CFRunLoopRun()
}

run()

I know this is a bit of an edge case and probably is straying into feature creep but thought it was worth mentioning.

[objective-see]

Thanks! You are right about the current limitations of the BB's current approach.

I'm a bit hesitant to go the CGEvent route, as once a paste event is intercepted, if the user then approves it (e.g. from BB's alert), we'd have to "re-inject" it back to the target application (e.g. terminal), via a synthetic event. This seems a bit messy? (But maybe not?)

Also this still would miss right-click -> paste events (BB's current approach misses this too).

As such, I'm just holding out for an Endpoint Security paste event 🤞🏼