To be fair, we do have fs_usage and, if you disable SIP, dtrace. fs_usage is nowhere near as awesome and comprehensive as strace, but it's something.

While it doesn't capture every syscall, you can get pretty far with the (seemingly little known) Endpoint Security Framework: https://developer.apple.com/documentation/endpointsecurity

I cobbled together a little tool at my previous job that would capture a full trace of all process fork+exec and file opens, which would then present all of these events in the usual tracing UI (like you'd get when view a trace of a single program with Tracy[1] or Perfetto[2]).

We had a massive monorepo built with bazel and a heap of shell, and it wasn't clear which part of our code base was responsible for generating some mis-generated file. This tool gave me the whole inter-process call stack, complete with arguments and environment variables, letting me quickly find where and how to fix the problem.

It's such a nice tool to have that it kinda blows my mind that no one has openly published anything like it. By leveraging eBPF on Linux, the same UI could be used on both macOS and Linux. If I had more time and energy, I'd do it myself.

[1]: https://github.com/wolfpld/tracy

[2]: https://perfetto.dev/