Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/macos-screenshot-proxy-and-registration-prep-2026-05-09.md
T
2026-05-10 08:45:11 +08:00

3.1 KiB

2026-05-09 macOS screenshot and registration-test notes

Visible-window screenshot fix

During a Screen Sharing / screenshot debugging session, screencapture initially produced valid PNG files that contained only wallpaper and the menu bar even though Chrome was frontmost. stat -f '%Su' /dev/console returned root, but scutil <<< 'show State:/Users/ConsoleUser' showed the real GUI session was chick and on-console.

Useful diagnostic sequence:

stat -f '%Su' /dev/console 2>/dev/null || true
scutil <<< 'show State:/Users/ConsoleUser' 2>/dev/null | sed -n '1,40p' || true
osascript -e 'tell application "System Events" to get name of first application process whose frontmost is true' 2>&1 || true
osascript -e 'tell application "System Events" to get name of every application process whose visible is true' 2>&1 || true
log show --last 5m --style compact \
  --predicate 'process == "tccd" AND (eventMessage CONTAINS[c] "Accessibility" OR eventMessage CONTAINS[c] "ScreenCapture" OR eventMessage CONTAINS[c] "osascript" OR eventMessage CONTAINS[c] "python")' \
  2>/dev/null | tail -120

Key log signal: TCC attributed denied Accessibility/ScreenCapture requests to Hermes gateway's responsible Homebrew Python, not just Terminal or osascript:

/Users/chick/homebrew/Cellar/python@3.11/3.11.15/Frameworks/Python.framework/Versions/3.11/bin/python3.11
/Users/chick/homebrew/Cellar/python@3.11/3.11.15/Frameworks/Python.framework/Versions/3.11/Resources/Python.app

Grant Accessibility and Screen Recording / 录屏与系统录音 to those paths. After grant, validation showed:

System Settings
Terminal windows=0
Finder windows=0
Google Chrome windows=1
System Settings windows=1

A full screencapture then included Chrome, System Settings, Dock, menu bar, and notifications. A cropped window capture using AppleScript bounds also worked.

LAN and SOCKS5 checks before registration

After Screen Sharing reset and permissions fix, these checks passed:

  • 192.168.2.1: ping OK; ports 80/443 open; visible Chrome loaded iKuai login page at 192.168.2.1/login#/login.
  • socks5://192.168.2.8:1085: ping/TCP OK; curl -x socks5h://192.168.2.8:1085 https://www.google.com/generate_204 returned HTTP 204; proxy exit IP was 54.65.165.232.

For BOSS's Codex OAuth registration tests, if the env proxy field is empty after this check, set:

BROWSER_PROXY_SERVER=socks5://192.168.2.8:1085

Then verify with:

curl -x socks5h://192.168.2.8:1085 -sS --connect-timeout 8 --max-time 15 https://api.ipify.org

Ordinary registration test setup

When BOSS asked to skip Plus and register a normal account:

  • Set PLUS_MODE_ENABLED=false.
  • Keep target PANEL_MODE=codex2api.
  • Verify target http://192.168.2.62:7878/admin/accounts returned HTTP 200.
  • Create ClawEmail sub-mailbox using exactly 8 lowercase letters, e.g. chickliu.zlajiqjc@claw.163.com.
  • Append a pending record to /Users/chick/.Hermes/workspace/codex-oauth/run-records/clawemail_accounts.jsonl.
  • Stop and wait for BOSS to say “继续” before launching the visible browser flow.