3.1 KiB
2026-05-09 macOS screenshot and registration-test notes
Visible-window screenshot fix
During a Screen Sharing / screenshot debugging session, screencapture initially produced valid PNG files that contained only wallpaper and the menu bar even though Chrome was frontmost. stat -f '%Su' /dev/console returned root, but scutil <<< 'show State:/Users/ConsoleUser' showed the real GUI session was chick and on-console.
Useful diagnostic sequence:
stat -f '%Su' /dev/console 2>/dev/null || true
scutil <<< 'show State:/Users/ConsoleUser' 2>/dev/null | sed -n '1,40p' || true
osascript -e 'tell application "System Events" to get name of first application process whose frontmost is true' 2>&1 || true
osascript -e 'tell application "System Events" to get name of every application process whose visible is true' 2>&1 || true
log show --last 5m --style compact \
--predicate 'process == "tccd" AND (eventMessage CONTAINS[c] "Accessibility" OR eventMessage CONTAINS[c] "ScreenCapture" OR eventMessage CONTAINS[c] "osascript" OR eventMessage CONTAINS[c] "python")' \
2>/dev/null | tail -120
Key log signal: TCC attributed denied Accessibility/ScreenCapture requests to Hermes gateway's responsible Homebrew Python, not just Terminal or osascript:
/Users/chick/homebrew/Cellar/python@3.11/3.11.15/Frameworks/Python.framework/Versions/3.11/bin/python3.11
/Users/chick/homebrew/Cellar/python@3.11/3.11.15/Frameworks/Python.framework/Versions/3.11/Resources/Python.app
Grant Accessibility and Screen Recording / 录屏与系统录音 to those paths. After grant, validation showed:
System Settings
Terminal windows=0
Finder windows=0
Google Chrome windows=1
System Settings windows=1
A full screencapture then included Chrome, System Settings, Dock, menu bar, and notifications. A cropped window capture using AppleScript bounds also worked.
LAN and SOCKS5 checks before registration
After Screen Sharing reset and permissions fix, these checks passed:
192.168.2.1: ping OK; ports 80/443 open; visible Chrome loaded iKuai login page at192.168.2.1/login#/login.socks5://192.168.2.8:1085: ping/TCP OK;curl -x socks5h://192.168.2.8:1085 https://www.google.com/generate_204returned HTTP 204; proxy exit IP was54.65.165.232.
For BOSS's Codex OAuth registration tests, if the env proxy field is empty after this check, set:
BROWSER_PROXY_SERVER=socks5://192.168.2.8:1085
Then verify with:
curl -x socks5h://192.168.2.8:1085 -sS --connect-timeout 8 --max-time 15 https://api.ipify.org
Ordinary registration test setup
When BOSS asked to skip Plus and register a normal account:
- Set
PLUS_MODE_ENABLED=false. - Keep target
PANEL_MODE=codex2api. - Verify target
http://192.168.2.62:7878/admin/accountsreturned HTTP 200. - Create ClawEmail sub-mailbox using exactly 8 lowercase letters, e.g.
chickliu.zlajiqjc@claw.163.com. - Append a
pendingrecord to/Users/chick/.Hermes/workspace/codex-oauth/run-records/clawemail_accounts.jsonl. - Stop and wait for BOSS to say “继续” before launching the visible browser flow.