Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/macos-screenshot-proxy-and-registration-prep-2026-05-09.md
2026-05-10 08:45:11 +08:00

67 lines
3.1 KiB
Markdown

# 2026-05-09 macOS screenshot and registration-test notes
## Visible-window screenshot fix
During a Screen Sharing / screenshot debugging session, `screencapture` initially produced valid PNG files that contained only wallpaper and the menu bar even though Chrome was frontmost. `stat -f '%Su' /dev/console` returned `root`, but `scutil <<< 'show State:/Users/ConsoleUser'` showed the real GUI session was `chick` and on-console.
Useful diagnostic sequence:
```bash
stat -f '%Su' /dev/console 2>/dev/null || true
scutil <<< 'show State:/Users/ConsoleUser' 2>/dev/null | sed -n '1,40p' || true
osascript -e 'tell application "System Events" to get name of first application process whose frontmost is true' 2>&1 || true
osascript -e 'tell application "System Events" to get name of every application process whose visible is true' 2>&1 || true
log show --last 5m --style compact \
--predicate 'process == "tccd" AND (eventMessage CONTAINS[c] "Accessibility" OR eventMessage CONTAINS[c] "ScreenCapture" OR eventMessage CONTAINS[c] "osascript" OR eventMessage CONTAINS[c] "python")' \
2>/dev/null | tail -120
```
Key log signal: TCC attributed denied Accessibility/ScreenCapture requests to Hermes gateway's responsible Homebrew Python, not just Terminal or osascript:
```text
/Users/chick/homebrew/Cellar/python@3.11/3.11.15/Frameworks/Python.framework/Versions/3.11/bin/python3.11
/Users/chick/homebrew/Cellar/python@3.11/3.11.15/Frameworks/Python.framework/Versions/3.11/Resources/Python.app
```
Grant **Accessibility** and **Screen Recording / 录屏与系统录音** to those paths. After grant, validation showed:
```text
System Settings
Terminal windows=0
Finder windows=0
Google Chrome windows=1
System Settings windows=1
```
A full `screencapture` then included Chrome, System Settings, Dock, menu bar, and notifications. A cropped window capture using AppleScript bounds also worked.
## LAN and SOCKS5 checks before registration
After Screen Sharing reset and permissions fix, these checks passed:
- `192.168.2.1`: ping OK; ports 80/443 open; visible Chrome loaded iKuai login page at `192.168.2.1/login#/login`.
- `socks5://192.168.2.8:1085`: ping/TCP OK; `curl -x socks5h://192.168.2.8:1085 https://www.google.com/generate_204` returned HTTP 204; proxy exit IP was `54.65.165.232`.
For BOSS's Codex OAuth registration tests, if the env proxy field is empty after this check, set:
```bash
BROWSER_PROXY_SERVER=socks5://192.168.2.8:1085
```
Then verify with:
```bash
curl -x socks5h://192.168.2.8:1085 -sS --connect-timeout 8 --max-time 15 https://api.ipify.org
```
## Ordinary registration test setup
When BOSS asked to skip Plus and register a normal account:
- Set `PLUS_MODE_ENABLED=false`.
- Keep target `PANEL_MODE=codex2api`.
- Verify target `http://192.168.2.62:7878/admin/accounts` returned HTTP 200.
- Create ClawEmail sub-mailbox using exactly 8 lowercase letters, e.g. `chickliu.zlajiqjc@claw.163.com`.
- Append a `pending` record to `/Users/chick/.Hermes/workspace/codex-oauth/run-records/clawemail_accounts.jsonl`.
- Stop and wait for BOSS to say “继续” before launching the visible browser flow.