wyreup

Triggers

Drop a file; if a rule matches, Wyreup proposes its chain. You confirm, it runs. Files never upload. Auto-run is never on by default.

What a trigger is

A trigger is a tiny rule that binds a file type to a saved chain. For example: 

application/pdf  →  pdf-redact | pdf-encrypt | page-numbers-pdf

When a PDF lands anywhere on Wyreup — dropped on the site, opened via the OS "Open with..." menu — the matching rule's chain is proposed, not run. The preview sheet shows the file, the chain, and a pre-flight check, and waits for you to click Run.

How to build one

  1. Go to /chain/build and compose a chain (drag tools, pick params).
  2. When you save, check "Also register as a trigger rule". Pick a MIME pattern — exact (application/pdf) or wildcard (image/*).
  3. The chain saves; the rule lands in /toolbelt with previews on.
  4. Drop a matching file; the preview sheet shows. Click Run.

Safety guarantees

These are enforced in code, not just promises in this page. The full security model is documented in docs/triggers-security.md.

Preview before every run
The preview sheet is the only path from a matched rule to chain execution. No URL parameter, manifest entry, or shared chain can bypass it on the first run.
"Don't ask again" is per-rule, never global
You can mark an individual rule as trusted to skip the preview. Editing any field of the rule (name, MIME, chain, order, enabled) re-arms the prompt. There is no setting that turns off previews globally.
OS "Open with Wyreup" routes through the preview
Installing Wyreup as a PWA registers it as a file handler. When the OS launches Wyreup with a file, the file still goes through the same preview sheet a drag-and-drop would. There is no auto-run mode.
Suspicious-file pre-flight
Before the preview sheet renders Run, Wyreup scans the file for prompt-injection patterns (homoglyphs, invisible characters, control codes) and shows the verdict above Run. High-severity files require an extra confirmation click.
No network egress
Tools that would make network calls (e.g. webhook-replay's send mode) are excluded from auto-run. Chains under triggers run entirely on your device, like every other Wyreup tool.
Output collisions are reported
If a chain would write a file that collides with an existing one, the preview sheet shows the path and asks before overwriting.
Per-rule rate limit
Each rule cannot fire more than 10 times per minute by default (configurable up to 200). Prevents a flood of files from chewing through compute behind your back.
Only built-in tools can run
Wyreup's tool registry is shipped via signed npm publish; it cannot be extended at runtime. Chains imported from JSON or URLs that reference unknown tool IDs are rejected at import — never on first run.

Threat model

We assume an adversary can deliver any file to you — via email, USB, OS "Open with...", or in-browser drop — with full control over the file's MIME, name, and contents, and knowledge of your trigger rules.

What an adversary cannot do, by construction:

  • Run a chain without you seeing the file metadata and chain summary first.
  • Trick Wyreup into running a tool that doesn't ship with it.
  • Exfiltrate a chain's output — outputs are downloaded via the browser's standard save-as flow; no server path is constructed.
  • Auto-confirm a rule on your behalf based on usage frequency.

Get started

Build a chain → Open your toolbelt →