Taking inqueries for iSpy

EDIT June 12, 2014: We’re Giving away licenses to iSpy!

Espionage owes its existence and unique capabilities to a little known system that we’ve developed in-house called iSpy.

iSpy is a low-level, generic system for detecting and moderating events on the filesystem. It is comprised of three main components: a kernel extension, a system-wide daemon, and an application framework.

Brief History

I originally became interested in the problem of watching the filesystem when I had an idea for an application that would automatically clean your Desktop as files were added to it, moving downloaded files to their proper locations for you, thus resulting in an uncluttered Desktop. It would be possible to generalize such an application to perform various other tasks as well. It wasn’t until I discovered that such an application already existed that I turned my sights to another problem: password protected folders.

As I studied the available systems that I might be able to use to solve this problem (fs_usage, FSEvents, Spotlight, and others), I realized why this problem hadn’t been solved before: none of these systems allowed you to detect or intercept folder access. And “just like that”, iSpy was born.

Not only can iSpy detect when a folder or file is accessed, written to, read from, executed, or deleted, but it actually detects and reports these events before they happen. This gives iSpy the unique capability of allowing events on the filesystem to be moderated by a user-land application.

Using iSpy

Using it is actually very simple. The API consists primarily of only 3 significant functions that register, modify, and unregister events, respectively.

Licensing iSpy

Originally we were planning on keeping iSpy firmly in the hands of Tao Effect, but we’ve recently decided to head in a new direction. That is why we are considering licensing this system to trustworthy third-party developers, so that it may be used to create more unique software instead of being monopolized by Espionage.

This does not mean that we will be abandoning its development, to the contrary an update to it is scheduled for the near future, and it will continue to be supported and maintained by Tao Effect for quite some time. However, as we are working on software that will not make use of the system, it is unlikely for the time being that Tao Effect will create any significant new software using it (other than Espionage, which is in active development, and will continue to be for quite some time).

While we haven’t hammered out exactly how we plan to license it, we’re curious to see if there’s any interest out there. Whatever the final terms, we’ll do our best to make sure that they are fair to both parties, and that the cost of licensing would be less than developing it in-house. If you’re wondering whether iSpy is the right event system for your project, let us know by sending email and any questions to:

To:      contact (at) taoeffect (dot) com
Subject: Interested in iSpy

6 thoughts on “Taking inqueries for iSpy

  1. Reply


    This looks very much like fslogger, which is free with source code provided under the GPL: http://osxbook.com/software/fslogger/

  2. Reply

    Greg Slepak Post author

    fslogger simply uses FSEvents, which does not have all the capabilities of iSpy.

  3. Reply


    Does iSpy allow you to detect whenever a specific filetype is created/access/modified?

    Say someone saves a .txt file in a random location on the hard drive, would you be able to intercept that event “before it happens”?

  4. Reply

    Greg Slepak Post author

    @tagnal: yes, you could simply tell it to watch subfolders for any file creation and then check the filetype based on the file extension that’s being used (and this would be done “before it happens”).

  5. Reply


    Thanks for the reply. So when iSpy intercepts a write operation, to say a .txt file, it will pass that data to a user-land application. Can that application manipulate that data and pass it back to iSpy before it gets written onto the disk?

    I guess what I’m asking is if iSpy gives some similar capabilities as what a FS Filter Driver would on a windows system. Does that make sense?

  6. Reply

    Greg Slepak Post author

    it will pass that data to a user-land application

    The data is not passed, you are only given the file path and various other info about it like the process that causing the event, the user id, etc.

Leave a Reply

Your email address will not be published. Required fields are marked *