wx-cli

History

jakevin 9d5a78ac04 docs(macOS): document TCC csreq invalidation after re-signing WeChat (#48 ) macOS TCC binds permissions to (bundle id, csreq) where csreq encodes the app's code signature. `codesign --force --deep --sign -` on WeChat changes the csreq, silently invalidating every existing TCC grant for com.tencent.xinWeChat — yet System Settings still paints each toggle as ON because the UI only checks bundle id, hiding the drift. WeChat then reprompts for screen recording / camera / microphone / file access despite "looking allowed". Three doc-only updates, no code changes: - README.md quick start: add the `tccutil reset` loop right after the codesign step, plus a one-line callout pointing at the deep-dive section. - SKILL.md macOS init flow: same loop in the agent-readable order, so agents executing the steps don't skip it. - docs/macos-permission-guide.md: new section 五 with first-principles root cause, the reset loop, the macOS 26 "录屏与系统录音 / 仅系统录音" UI split footgun, and ad-hoc signature verification. Builds on the BobbyCat PR #29 — keeps the symptom description and the macOS 26 UI split note, expands scope from ScreenCapture-only to all TCC services that re-signing actually breaks (Camera / Microphone / AppleEvents / AddressBook / Documents / Downloads / Desktop), drops the misleading TCC.db sqlite query (path varies by macOS version, can need FDA, and is no more useful than just trying WeChat's screenshot again), and explicitly leaves the reset as a manual step rather than auto-running it from `wx init` because it would wipe currently-working grants. Co-authored-by: BobbyCat <114374951+BobbyCats@users.noreply.github.com>	2026-05-14 15:13:50 +08:00
..
macos-3x-vs-4x-decryption-guide.md	fix: replace nonexistent scan_keys.js with actual tools in quickstart	2026-03-05 23:26:55 +08:00
macos-permission-guide.md	docs(macOS): document TCC csreq invalidation after re-signing WeChat (#48 )	2026-05-14 15:13:50 +08:00

docs(macOS): document TCC csreq invalidation after re-signing WeChat (#48 )

macOS TCC binds permissions to (bundle id, csreq) where csreq encodes
the app's code signature. `codesign --force --deep --sign -` on
WeChat changes the csreq, silently invalidating every existing TCC
grant for com.tencent.xinWeChat — yet System Settings still paints
each toggle as ON because the UI only checks bundle id, hiding the
drift. WeChat then reprompts for screen recording / camera /
microphone / file access despite "looking allowed".

Three doc-only updates, no code changes:

- README.md quick start: add the `tccutil reset` loop right after the
  codesign step, plus a one-line callout pointing at the deep-dive
  section.
- SKILL.md macOS init flow: same loop in the agent-readable order, so
  agents executing the steps don't skip it.
- docs/macos-permission-guide.md: new section 五 with first-principles
  root cause, the reset loop, the macOS 26 "录屏与系统录音 / 仅系统
  录音" UI split footgun, and ad-hoc signature verification.

Builds on the BobbyCat PR #29 — keeps the symptom description and the
macOS 26 UI split note, expands scope from ScreenCapture-only to all
TCC services that re-signing actually breaks (Camera / Microphone /
AppleEvents / AddressBook / Documents / Downloads / Desktop), drops
the misleading TCC.db sqlite query (path varies by macOS version, can
need FDA, and is no more useful than just trying WeChat's screenshot
again), and explicitly leaves the reset as a manual step rather than
auto-running it from `wx init` because it would wipe currently-working
grants.

Co-authored-by: BobbyCat <114374951+BobbyCats@users.noreply.github.com>

2026-05-14 15:13:50 +08:00

macos-3x-vs-4x-decryption-guide.md

fix: replace nonexistent scan_keys.js with actual tools in quickstart

2026-03-05 23:26:55 +08:00

macos-permission-guide.md

docs(macOS): document TCC csreq invalidation after re-signing WeChat (#48 )

2026-05-14 15:13:50 +08:00