let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(macos): add current TeamID to Peekaboo allowlist

Browse Source 
Problem: The bridge only accepts the upstream TeamID, so packaged builds signed locally (Nix/CI) can’t use the bridge even though they are the same app.

Fix: Include the running app’s TeamID (from its code signature) in the allowlist.

Safety: TeamID gating remains; this just adds the app’s own TeamID to preserve permissions/automation in reproducible installs.
This commit is contained in:
Josh Palmer
2025-12-20 21:59:00 +01:00
parent ced271bec1
commit 1d8b47785c
1 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
apps/macos/Sources/Clawdis/PeekabooBridgeHostCoordinator.swift
View File

@@ -1,4 +1,5 @@
import Foundation import Foundation
import Security
import os import os
import PeekabooAutomationKit import PeekabooAutomationKit
import PeekabooBridge import PeekabooBridge
@@ -32,7 +33,10 @@ final class PeekabooBridgeHostCoordinator {
private func startIfNeeded() async { private func startIfNeeded() async {
guard self.host == nil else { return } guard self.host == nil else { return }
let allowlistedTeamIDs: Set<String> = ["Y5PE65HELJ"] var allowlistedTeamIDs: Set<String> = ["Y5PE65HELJ"]
if let teamID = Self.currentTeamID() {
allowlistedTeamIDs.insert(teamID)
}
let allowlistedBundles: Set<String> = [] let allowlistedBundles: Set<String> = []
let services = ClawdisPeekabooBridgeServices() let services = ClawdisPeekabooBridgeServices()
@@ -55,6 +59,31 @@ final class PeekabooBridgeHostCoordinator {
self.logger self.logger
.info("PeekabooBridge host started at \(PeekabooBridgeConstants.clawdisSocketPath, privacy: .public)") .info("PeekabooBridge host started at \(PeekabooBridgeConstants.clawdisSocketPath, privacy: .public)")
} }
private static func currentTeamID() -> String? {
var code: SecCode?
guard SecCodeCopySelf(SecCSFlags(), &code) == errSecSuccess,
let code
else {
return nil
}
var staticCode: SecStaticCode?
guard SecCodeCopyStaticCode(code, SecCSFlags(), &staticCode) == errSecSuccess,
let staticCode
else {
return nil
}
var infoCF: CFDictionary?
guard SecCodeCopySigningInformation(staticCode, SecCSFlags(rawValue: kSecCSSigningInformation), &infoCF) == errSecSuccess,
let info = infoCF as? [String: Any]
else {
return nil
}
return info[kSecCodeInfoTeamIdentifier as String] as? String
}
} }
@MainActor @MainActor