67 lines
3.1 KiB
Markdown
67 lines
3.1 KiB
Markdown
# 2026-05-09 macOS screenshot and registration-test notes
|
|
|
|
## Visible-window screenshot fix
|
|
|
|
During a Screen Sharing / screenshot debugging session, `screencapture` initially produced valid PNG files that contained only wallpaper and the menu bar even though Chrome was frontmost. `stat -f '%Su' /dev/console` returned `root`, but `scutil <<< 'show State:/Users/ConsoleUser'` showed the real GUI session was `chick` and on-console.
|
|
|
|
Useful diagnostic sequence:
|
|
|
|
```bash
|
|
stat -f '%Su' /dev/console 2>/dev/null || true
|
|
scutil <<< 'show State:/Users/ConsoleUser' 2>/dev/null | sed -n '1,40p' || true
|
|
osascript -e 'tell application "System Events" to get name of first application process whose frontmost is true' 2>&1 || true
|
|
osascript -e 'tell application "System Events" to get name of every application process whose visible is true' 2>&1 || true
|
|
log show --last 5m --style compact \
|
|
--predicate 'process == "tccd" AND (eventMessage CONTAINS[c] "Accessibility" OR eventMessage CONTAINS[c] "ScreenCapture" OR eventMessage CONTAINS[c] "osascript" OR eventMessage CONTAINS[c] "python")' \
|
|
2>/dev/null | tail -120
|
|
```
|
|
|
|
Key log signal: TCC attributed denied Accessibility/ScreenCapture requests to Hermes gateway's responsible Homebrew Python, not just Terminal or osascript:
|
|
|
|
```text
|
|
/Users/chick/homebrew/Cellar/python@3.11/3.11.15/Frameworks/Python.framework/Versions/3.11/bin/python3.11
|
|
/Users/chick/homebrew/Cellar/python@3.11/3.11.15/Frameworks/Python.framework/Versions/3.11/Resources/Python.app
|
|
```
|
|
|
|
Grant **Accessibility** and **Screen Recording / 录屏与系统录音** to those paths. After grant, validation showed:
|
|
|
|
```text
|
|
System Settings
|
|
Terminal windows=0
|
|
Finder windows=0
|
|
Google Chrome windows=1
|
|
System Settings windows=1
|
|
```
|
|
|
|
A full `screencapture` then included Chrome, System Settings, Dock, menu bar, and notifications. A cropped window capture using AppleScript bounds also worked.
|
|
|
|
## LAN and SOCKS5 checks before registration
|
|
|
|
After Screen Sharing reset and permissions fix, these checks passed:
|
|
|
|
- `192.168.2.1`: ping OK; ports 80/443 open; visible Chrome loaded iKuai login page at `192.168.2.1/login#/login`.
|
|
- `socks5://192.168.2.8:1085`: ping/TCP OK; `curl -x socks5h://192.168.2.8:1085 https://www.google.com/generate_204` returned HTTP 204; proxy exit IP was `54.65.165.232`.
|
|
|
|
For BOSS's Codex OAuth registration tests, if the env proxy field is empty after this check, set:
|
|
|
|
```bash
|
|
BROWSER_PROXY_SERVER=socks5://192.168.2.8:1085
|
|
```
|
|
|
|
Then verify with:
|
|
|
|
```bash
|
|
curl -x socks5h://192.168.2.8:1085 -sS --connect-timeout 8 --max-time 15 https://api.ipify.org
|
|
```
|
|
|
|
## Ordinary registration test setup
|
|
|
|
When BOSS asked to skip Plus and register a normal account:
|
|
|
|
- Set `PLUS_MODE_ENABLED=false`.
|
|
- Keep target `PANEL_MODE=codex2api`.
|
|
- Verify target `http://192.168.2.62:7878/admin/accounts` returned HTTP 200.
|
|
- Create ClawEmail sub-mailbox using exactly 8 lowercase letters, e.g. `chickliu.zlajiqjc@claw.163.com`.
|
|
- Append a `pending` record to `/Users/chick/.Hermes/workspace/codex-oauth/run-records/clawemail_accounts.jsonl`.
|
|
- Stop and wait for BOSS to say “继续” before launching the visible browser flow.
|