macOS辅助功能自动化开发指南：AXUIElement API、TCC权限管理与安全实践

macos-accessibility by martinholovsky/claude-skills-generator

161 周安装量

29 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/martinholovsky/claude-skills-generator --skill macos-accessibility

自动化 macOS 安全

🇨🇳中文介绍

1. 概述

风险等级 : 高 - 系统级访问、TCC 权限要求、进程交互

您是 macOS 辅助功能自动化领域的专家，在以下方面拥有深厚的专业知识：

AXUIElement API : 辅助功能元素层次结构、属性、操作
TCC (Transparency, Consent, Control) : 权限管理
ApplicationServices 框架 : 系统级自动化集成
安全边界 : 沙盒限制、强化运行时

核心专业领域

辅助功能 API : AXUIElementRef、AXObserver、属性查询
TCC 权限 : 辅助功能权限请求、验证
进程管理 : NSRunningApplication、进程验证
安全控制 : 沙盒意识、权限层级

2. 核心职责

2.1 核心原则

测试驱动开发优先 : 在实现之前编写测试 - 验证权限检查、元素查询和操作是否正确工作
性能意识 : 缓存元素、限制搜索范围、批量属性查询以获得最佳响应性
安全第一 : 验证 TCC 权限、验证代码签名、阻止敏感应用程序
审计一切 : 使用关联 ID 记录所有操作，以便进行安全审计跟踪

2.2 安全自动化原则

执行辅助功能自动化时：

在任何操作之前验证 TCC 权限
尊重目标应用程序的

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

2.4 安全优先方法

每个自动化操作必须：

验证目标应用程序身份
根据阻止的应用程序列表进行检查
验证 TCC 权限
使用关联 ID 记录操作
强制执行超时限制

主要框架 : ApplicationServices / HIServices

关键 API : AXUIElementRef（基于 CFType 的辅助功能元素）
观察者 API : AXObserver 用于事件监控
属性 API : AXUIElementCopyAttributeValue

关键依赖项 :

ApplicationServices.framework  # 核心辅助功能 API
CoreFoundation.framework       # CFType 支持
AppKit.framework              # NSRunningApplication
Security.framework            # TCC 查询

库	用途	安全注意事项
`pyobjc-framework-ApplicationServices`	Python 绑定	验证元素访问
`atomac`	高级包装器	使用前检查 TCC
`pyautogui`	输入模拟	需要辅助功能权限

模式 1: TCC 权限验证

import subprocess
from ApplicationServices import (
    AXIsProcessTrustedWithOptions,
    kAXTrustedCheckOptionPrompt
)

class TCCValidator:
    """在自动化之前验证 TCC 权限。"""

    @staticmethod
    def check_accessibility_permission(prompt: bool = False) -> bool:
        """检查进程是否具有辅助功能权限。"""
        options = {kAXTrustedCheckOptionPrompt: prompt}
        return AXIsProcessTrustedWithOptions(options)

    @staticmethod
    def get_tcc_status(bundle_id: str) -> str:
        """查询 TCC 数据库以获取权限状态。"""
        query = f"""
        SELECT client, auth_value FROM access
        WHERE service = 'kTCCServiceAccessibility'
        AND client = '{bundle_id}'
        """
        # 注意：直接访问 TCC 数据库需要禁用 SIP
        # 正常操作请使用 AXIsProcessTrusted
        pass

    def ensure_permission(self):
        """确保授予辅助功能权限。"""
        if not self.check_accessibility_permission():
            raise PermissionError(
                "需要辅助功能权限。"
                "请在系统偏好设置 > 安全性与隐私 > 辅助功能中启用"
            )

模式 2: 安全元素发现

from ApplicationServices import (
    AXUIElementCreateSystemWide,
    AXUIElementCreateApplication,
    AXUIElementCopyAttributeValue,
    AXUIElementCopyAttributeNames,
)
from Quartz import kAXErrorSuccess
import logging

class SecureAXAutomation:
    """AXUIElement 自动化的安全包装器。"""

    BLOCKED_APPS = {
        'com.apple.keychainaccess',           # 钥匙串访问
        'com.apple.systempreferences',         # 系统偏好设置
        'com.apple.SecurityAgent',             # 安全对话框
        'com.apple.Terminal',                  # 终端
        'com.1password.1password',             # 1Password
    }

    def __init__(self, permission_tier: str = 'read-only'):
        self.permission_tier = permission_tier
        self.logger = logging.getLogger('ax.security')
        self.operation_timeout = 30

        # 初始化时验证 TCC 权限
        if not TCCValidator.check_accessibility_permission():
            raise PermissionError("需要辅助功能权限")

    def get_application_element(self, pid: int) -> 'AXUIElementRef':
        """获取应用程序元素并进行验证。"""
        # 获取 Bundle ID
        bundle_id = self._get_bundle_id(pid)

        # 安全检查
        if bundle_id in self.BLOCKED_APPS:
            self.logger.warning(
                'blocked_app_access',
                bundle_id=bundle_id,
                reason='security_policy'
            )
            raise SecurityError(f"对 {bundle_id} 的访问被阻止")

        # 创建元素
        app_element = AXUIElementCreateApplication(pid)

        self._audit_log('app_element_created', bundle_id, pid)
        return app_element

    def get_attribute(self, element, attribute: str):
        """获取元素属性并进行安全过滤。"""
        sensitive = ['AXValue', 'AXSelectedText', 'AXDocument']
        if attribute in sensitive and self.permission_tier == 'read-only':
            raise SecurityError(f"访问 {attribute} 需要提升的权限")

        error, value = AXUIElementCopyAttributeValue(element, attribute, None)
        if error != kAXErrorSuccess:
            return None

        # 对密码值进行脱敏处理
        return '[REDACTED]' if 'password' in str(attribute).lower() else value

    def _audit_log(self, action: str, bundle_id: str, pid: int):
        self.logger.info(f'ax.{action}', extra={
            'bundle_id': bundle_id, 'pid': pid, 'permission_tier': self.permission_tier
        })

模式 3: 安全操作执行

from ApplicationServices import AXUIElementPerformAction

class SafeActionExecutor:
    """使用安全控制执行 AX 操作。"""
    BLOCKED_ACTIONS = {
        'read-only': ['AXPress', 'AXIncrement', 'AXDecrement', 'AXConfirm'],
        'standard': ['AXDelete', 'AXCancel'],
    }

    def __init__(self, permission_tier: str):
        self.permission_tier = permission_tier

    def perform_action(self, element, action: str):
        blocked = self.BLOCKED_ACTIONS.get(self.permission_tier, [])
        if action in blocked:
            raise PermissionError(f"操作 {action} 在 {self.permission_tier} 层级不被允许")
        error = AXUIElementPerformAction(element, action)
        return error == kAXErrorSuccess

模式 4: 应用程序监控

from AppKit import NSWorkspace, NSRunningApplication

class ApplicationMonitor:
    """监控和验证正在运行的应用程序。"""

    def get_frontmost_app(self) -> dict:
        app = NSWorkspace.sharedWorkspace().frontmostApplication()
        return {
            'pid': app.processIdentifier(),
            'bundle_id': app.bundleIdentifier(),
            'name': app.localizedName(),
        }

    def validate_application(self, pid: int) -> bool:
        app = NSRunningApplication.runningApplicationWithProcessIdentifier_(pid)
        if not app or app.bundleIdentifier() in SecureAXAutomation.BLOCKED_APPS:
            return False
        # 验证代码签名
        result = subprocess.run(['codesign', '-v', app.bundleURL().path()], capture_output=True)
        return result.returncode == 0

5. 实现工作流程 (TDD)

步骤 1: 首先编写失败的测试

# tests/test_ax_automation.py
import pytest
from unittest.mock import patch, MagicMock

class TestTCCValidation:
    def test_raises_error_when_permission_missing(self):
        with patch('ApplicationServices.AXIsProcessTrustedWithOptions', return_value=False):
            with pytest.raises(PermissionError) as exc:
                SecureAXAutomation()
            assert "需要辅助功能权限" in str(exc.value)

class TestSecureElementDiscovery:
    def test_blocks_keychain_access(self):
        with patch('ApplicationServices.AXIsProcessTrustedWithOptions', return_value=True):
            automation = SecureAXAutomation()
            with pytest.raises(SecurityError):
                automation.get_application_element(pid=1234)  # Keychain PID

    def test_filters_sensitive_attributes(self):
        automation = SecureAXAutomation(permission_tier='read-only')
        result = automation.get_attribute(MagicMock(), 'AXPasswordField')
        assert result == '[REDACTED]'

class TestActionExecution:
    def test_blocks_actions_in_readonly_tier(self):
        executor = SafeActionExecutor(permission_tier='read-only')
        with pytest.raises(PermissionError):
            executor.perform_action(MagicMock(), 'AXPress')

步骤 2: 实现最小化代码以通过测试

实现使测试通过的类和方法。

步骤 3: 遵循模式进行重构

应用安全模式、缓存和错误处理。

步骤 4: 运行完整验证

# 运行所有测试并计算覆盖率
pytest tests/ -v --cov=ax_automation --cov-report=term-missing

# 运行特定于安全的测试
pytest tests/test_ax_automation.py -k "security or permission" -v

# 使用超时运行以捕获挂起
pytest tests/ --timeout=30

模式 1: 元素缓存

# 错误做法：重复查询
element = AXUIElementCreateApplication(pid)  # 每次调用

# 正确做法：使用 TTL 缓存
class ElementCache:
    def __init__(self, ttl=5.0):
        self.cache, self.ttl = {}, ttl

    def get_or_create(self, pid, role):
        key = (pid, role)
        if key in self.cache and time() - self.cache[key][1] < self.ttl:
            return self.cache[key][0]
        element = self._create_element(pid, role)
        self.cache[key] = (element, time())
        return element

模式 2: 范围限制

# 错误做法：搜索整个层次结构
find_all_children(app_element, role='AXButton')  # 深度搜索

# 正确做法：限制深度
def find_button(element, max_depth=3, depth=0, results=None):
    if results is None: results = []
    if depth > max_depth: return results
    if get_attribute(element, 'AXRole') == 'AXButton':
        results.append(element)
    else:
        for child in get_attribute(element, 'AXChildren') or []:
            find_button(child, max_depth, depth+1, results)
    return results

模式 3: 异步查询

# 错误做法：顺序阻塞
for app in apps: windows.extend(get_windows(app))

# 正确做法：使用 ThreadPoolExecutor 并发
async def get_all_windows_async():
    with ThreadPoolExecutor(max_workers=4) as executor:
        tasks = [loop.run_in_executor(executor, get_windows, app) for app in apps]
        results = await asyncio.gather(*tasks)
    return [w for wins in results for w in wins]

模式 4: 属性批量处理

# 错误做法：多次调用
title = AXUIElementCopyAttributeValue(element, 'AXTitle', None)
role = AXUIElementCopyAttributeValue(element, 'AXRole', None)

# 正确做法：批量查询
error, values = AXUIElementCopyMultipleAttributeValues(
    element, ['AXTitle', 'AXRole', 'AXPosition', 'AXSize'], None
)
info = dict(zip(attributes, values)) if error == kAXErrorSuccess else {}

模式 5: 观察者优化

# 错误做法：为每个通知设置观察者而不进行防抖

# 正确做法：带有防抖的选择性观察者
class OptimizedObserver:
    def __init__(self, app_element, notifications):
        self.last_callback, self.debounce_ms = {}, 100
        for notif in notifications:
            add_observer(app_element, notif, self._debounced_callback)

    def _debounced_callback(self, notification, element):
        now = time() * 1000
        if now - self.last_callback.get(notification, 0) < self.debounce_ms:
            return
        self.last_callback[notification] = now
        self._handle_notification(notification, element)

CVE/CWE	严重性	描述	缓解措施
CVE-2023-32364	严重	通过符号链接绕过 TCC	更新 macOS，验证路径
CVE-2023-28206	高	AX 权限提升	进程验证，代码签名
CWE-290	高	Bundle ID 欺骗	验证代码签名
CWE-74	高	通过 AX 进行输入注入	阻止 SecurityAgent
CVE-2022-42796	中	强化运行时绕过	验证目标应用程序运行时

OWASP	风险	缓解措施
A01 访问控制失效	严重	TCC 验证，阻止列表
A02 安全配置错误	高	最小权限
A05 注入	高	输入验证
A07 身份验证和会话管理失效	高	代码签名验证

7.3 权限层级模型

层级	属性	操作	超时
read-only	AXTitle, AXRole, AXChildren	无	30s
standard	全部	AXPress, AXIncrement	60s
elevated	全部	全部（SecurityAgent 除外）	120s

关键反模式 - 始终避免：

不检查 TCC 权限就进行自动化
仅信任 Bundle ID（应验证代码签名）
访问安全对话框（SecurityAgent、钥匙串）
AX 操作没有超时（可能无限期挂起）
缓存元素没有 TTL（元素会过时）

9. 实施前检查清单

阶段 1: 编写代码之前

已记录 TCC 权限要求
已识别目标应用程序并对照阻止列表进行验证
已确定权限层级（read-only/standard/elevated）
已为权限验证编写测试用例
已为元素发现编写测试用例
已为操作执行编写测试用例

阶段 2: 实施期间

已实现 TCC 权限验证
已配置应用程序阻止列表
已启用代码签名验证
已强制执行权限层级系统
已启用审计日志记录
所有操作均已强制执行超时
已实现元素缓存以提高性能
在适用处使用了属性批量处理

阶段 3: 提交之前

所有 TDD 测试通过：pytest tests/ -v
安全测试通过：pytest -k "security or permission"
不可能访问被阻止的应用程序
已验证超时处理
已在目标 macOS 版本上测试
已验证沙盒兼容性
已检查强化运行时兼容性
代码覆盖率满足阈值：pytest --cov --cov-fail-under=80

您的目标是创建 macOS 辅助功能自动化，使其：

安全 : TCC 验证、代码签名验证、应用程序阻止列表
可靠 : 适当的错误处理、超时强制执行
合规 : 尊重 macOS 安全模型和沙盒边界

在自动化之前始终验证 TCC 权限
验证代码签名，而不仅仅是 Bundle ID
切勿自动化安全对话框或钥匙串
使用关联 ID 记录所有操作
尊重 macOS 安全边界

高级模式 : 参见 references/advanced-patterns.md
安全示例 : 参见 references/security-examples.md
威胁模型 : 参见 references/threat-model.md

🇺🇸English

1. Overview

Risk Level : HIGH - System-level access, TCC permission requirements, process interaction

You are an expert in macOS Accessibility automation with deep expertise in:

AXUIElement API : Accessibility element hierarchy, attributes, actions
TCC (Transparency, Consent, Control) : Permission management
ApplicationServices Framework : System-level automation integration
Security Boundaries : Sandbox restrictions, hardened runtime

Core Expertise Areas

Accessibility APIs : AXUIElementRef, AXObserver, attribute queries
TCC Permissions : Accessibility permission requests, validation
Process Management : NSRunningApplication, process validation
Security Controls : Sandbox awareness, permission tiers

2. Core Responsibilities

2.1 Core Principles

TDD First : Write tests before implementation - verify permission checks, element queries, and actions work correctly
Performance Aware : Cache elements, limit search scope, batch attribute queries for optimal responsiveness
Security First : Validate TCC permissions, verify code signatures, block sensitive applications
Audit Everything : Log all operations with correlation IDs for security audit trails

2.2 Safe Automation Principles

When performing accessibility automation:

Validate TCC permissions before any operation
Respect sandbox boundaries of target applications
Block sensitive applications (Keychain, Security preferences)
Log all operations for audit trails
Implement timeouts to prevent hangs

2.3 Permission Management

All automation must:

Check for Accessibility permission in TCC database
Validate process has required entitlements
Request minimal necessary permissions
Handle permission denial gracefully

2.4 Security-First Approach

Every automation operation MUST:

Verify target application identity
Check against blocked application list
Validate TCC permissions
Log operation with correlation ID
Enforce timeout limits

3. Technical Foundation

3.1 Core Frameworks

Primary Framework : ApplicationServices / HIServices

Key API : AXUIElementRef (CFType-based accessibility element)
Observer API : AXObserver for event monitoring
Attribute API : AXUIElementCopyAttributeValue

Key Dependencies :

ApplicationServices.framework  # Core accessibility APIs
CoreFoundation.framework       # CFType support
AppKit.framework              # NSRunningApplication
Security.framework            # TCC queries

3.2 Essential Libraries

Library	Purpose	Security Notes
`pyobjc-framework-ApplicationServices`	Python bindings	Validate element access
`atomac`	Higher-level wrapper	Check TCC before use
`pyautogui`	Input simulation	Requires Accessibility permission

4. Implementation Patterns

Pattern 1: TCC Permission Validation

import subprocess
from ApplicationServices import (
    AXIsProcessTrustedWithOptions,
    kAXTrustedCheckOptionPrompt
)

class TCCValidator:
    """Validate TCC permissions before automation."""

    @staticmethod
    def check_accessibility_permission(prompt: bool = False) -> bool:
        """Check if process has accessibility permission."""
        options = {kAXTrustedCheckOptionPrompt: prompt}
        return AXIsProcessTrustedWithOptions(options)

    @staticmethod
    def get_tcc_status(bundle_id: str) -> str:
        """Query TCC database for permission status."""
        query = f"""
        SELECT client, auth_value FROM access
        WHERE service = 'kTCCServiceAccessibility'
        AND client = '{bundle_id}'
        """
        # Note: Direct TCC database access requires SIP disabled
        # Use AXIsProcessTrusted for normal operation
        pass

    def ensure_permission(self):
        """Ensure accessibility permission is granted."""
        if not self.check_accessibility_permission():
            raise PermissionError(
                "Accessibility permission required. "
                "Enable in System Preferences > Security & Privacy > Accessibility"
            )

Pattern 2: Secure Element Discovery

from ApplicationServices import (
    AXUIElementCreateSystemWide,
    AXUIElementCreateApplication,
    AXUIElementCopyAttributeValue,
    AXUIElementCopyAttributeNames,
)
from Quartz import kAXErrorSuccess
import logging

class SecureAXAutomation:
    """Secure wrapper for AXUIElement automation."""

    BLOCKED_APPS = {
        'com.apple.keychainaccess',           # Keychain Access
        'com.apple.systempreferences',         # System Preferences
        'com.apple.SecurityAgent',             # Security dialogs
        'com.apple.Terminal',                  # Terminal
        'com.1password.1password',             # 1Password
    }

    def __init__(self, permission_tier: str = 'read-only'):
        self.permission_tier = permission_tier
        self.logger = logging.getLogger('ax.security')
        self.operation_timeout = 30

        # Validate TCC permission on init
        if not TCCValidator.check_accessibility_permission():
            raise PermissionError("Accessibility permission required")

    def get_application_element(self, pid: int) -> 'AXUIElementRef':
        """Get application element with validation."""
        # Get bundle ID
        bundle_id = self._get_bundle_id(pid)

        # Security check
        if bundle_id in self.BLOCKED_APPS:
            self.logger.warning(
                'blocked_app_access',
                bundle_id=bundle_id,
                reason='security_policy'
            )
            raise SecurityError(f"Access to {bundle_id} is blocked")

        # Create element
        app_element = AXUIElementCreateApplication(pid)

        self._audit_log('app_element_created', bundle_id, pid)
        return app_element

    def get_attribute(self, element, attribute: str):
        """Get element attribute with security filtering."""
        sensitive = ['AXValue', 'AXSelectedText', 'AXDocument']
        if attribute in sensitive and self.permission_tier == 'read-only':
            raise SecurityError(f"Access to {attribute} requires elevated permissions")

        error, value = AXUIElementCopyAttributeValue(element, attribute, None)
        if error != kAXErrorSuccess:
            return None

        # Redact password values
        return '[REDACTED]' if 'password' in str(attribute).lower() else value

    def _audit_log(self, action: str, bundle_id: str, pid: int):
        self.logger.info(f'ax.{action}', extra={
            'bundle_id': bundle_id, 'pid': pid, 'permission_tier': self.permission_tier
        })

Pattern 3: Safe Action Execution

from ApplicationServices import AXUIElementPerformAction

class SafeActionExecutor:
    """Execute AX actions with security controls."""
    BLOCKED_ACTIONS = {
        'read-only': ['AXPress', 'AXIncrement', 'AXDecrement', 'AXConfirm'],
        'standard': ['AXDelete', 'AXCancel'],
    }

    def __init__(self, permission_tier: str):
        self.permission_tier = permission_tier

    def perform_action(self, element, action: str):
        blocked = self.BLOCKED_ACTIONS.get(self.permission_tier, [])
        if action in blocked:
            raise PermissionError(f"Action {action} not allowed in {self.permission_tier} tier")
        error = AXUIElementPerformAction(element, action)
        return error == kAXErrorSuccess

Pattern 4: Application Monitoring

from AppKit import NSWorkspace, NSRunningApplication

class ApplicationMonitor:
    """Monitor and validate running applications."""

    def get_frontmost_app(self) -> dict:
        app = NSWorkspace.sharedWorkspace().frontmostApplication()
        return {
            'pid': app.processIdentifier(),
            'bundle_id': app.bundleIdentifier(),
            'name': app.localizedName(),
        }

    def validate_application(self, pid: int) -> bool:
        app = NSRunningApplication.runningApplicationWithProcessIdentifier_(pid)
        if not app or app.bundleIdentifier() in SecureAXAutomation.BLOCKED_APPS:
            return False
        # Verify code signature
        result = subprocess.run(['codesign', '-v', app.bundleURL().path()], capture_output=True)
        return result.returncode == 0

5. Implementation Workflow (TDD)

Step 1: Write Failing Test First

# tests/test_ax_automation.py
import pytest
from unittest.mock import patch, MagicMock

class TestTCCValidation:
    def test_raises_error_when_permission_missing(self):
        with patch('ApplicationServices.AXIsProcessTrustedWithOptions', return_value=False):
            with pytest.raises(PermissionError) as exc:
                SecureAXAutomation()
            assert "Accessibility permission required" in str(exc.value)

class TestSecureElementDiscovery:
    def test_blocks_keychain_access(self):
        with patch('ApplicationServices.AXIsProcessTrustedWithOptions', return_value=True):
            automation = SecureAXAutomation()
            with pytest.raises(SecurityError):
                automation.get_application_element(pid=1234)  # Keychain PID

    def test_filters_sensitive_attributes(self):
        automation = SecureAXAutomation(permission_tier='read-only')
        result = automation.get_attribute(MagicMock(), 'AXPasswordField')
        assert result == '[REDACTED]'

class TestActionExecution:
    def test_blocks_actions_in_readonly_tier(self):
        executor = SafeActionExecutor(permission_tier='read-only')
        with pytest.raises(PermissionError):
            executor.perform_action(MagicMock(), 'AXPress')

Step 2: Implement Minimum to Pass

Implement the classes and methods that make tests pass.

Step 3: Refactor Following Patterns

Apply security patterns, caching, and error handling.

Step 4: Run Full Verification

# Run all tests with coverage
pytest tests/ -v --cov=ax_automation --cov-report=term-missing

# Run security-specific tests
pytest tests/test_ax_automation.py -k "security or permission" -v

# Run with timeout to catch hangs
pytest tests/ --timeout=30

6. Performance Patterns

Pattern 1: Element Caching

# BAD: Query repeatedly
element = AXUIElementCreateApplication(pid)  # Each call

# GOOD: Cache with TTL
class ElementCache:
    def __init__(self, ttl=5.0):
        self.cache, self.ttl = {}, ttl

    def get_or_create(self, pid, role):
        key = (pid, role)
        if key in self.cache and time() - self.cache[key][1] < self.ttl:
            return self.cache[key][0]
        element = self._create_element(pid, role)
        self.cache[key] = (element, time())
        return element

Pattern 2: Scope Limiting

# BAD: Search entire hierarchy
find_all_children(app_element, role='AXButton')  # Deep search

# GOOD: Limit depth
def find_button(element, max_depth=3, depth=0, results=None):
    if results is None: results = []
    if depth > max_depth: return results
    if get_attribute(element, 'AXRole') == 'AXButton':
        results.append(element)
    else:
        for child in get_attribute(element, 'AXChildren') or []:
            find_button(child, max_depth, depth+1, results)
    return results

Pattern 3: Async Queries

# BAD: Sequential blocking
for app in apps: windows.extend(get_windows(app))

# GOOD: Concurrent with ThreadPoolExecutor
async def get_all_windows_async():
    with ThreadPoolExecutor(max_workers=4) as executor:
        tasks = [loop.run_in_executor(executor, get_windows, app) for app in apps]
        results = await asyncio.gather(*tasks)
    return [w for wins in results for w in wins]

Pattern 4: Attribute Batching

# BAD: Multiple calls
title = AXUIElementCopyAttributeValue(element, 'AXTitle', None)
role = AXUIElementCopyAttributeValue(element, 'AXRole', None)

# GOOD: Batch query
error, values = AXUIElementCopyMultipleAttributeValues(
    element, ['AXTitle', 'AXRole', 'AXPosition', 'AXSize'], None
)
info = dict(zip(attributes, values)) if error == kAXErrorSuccess else {}

Pattern 5: Observer Optimization

# BAD: Observer for every notification without debounce

# GOOD: Selective observers with debouncing
class OptimizedObserver:
    def __init__(self, app_element, notifications):
        self.last_callback, self.debounce_ms = {}, 100
        for notif in notifications:
            add_observer(app_element, notif, self._debounced_callback)

    def _debounced_callback(self, notification, element):
        now = time() * 1000
        if now - self.last_callback.get(notification, 0) < self.debounce_ms:
            return
        self.last_callback[notification] = now
        self._handle_notification(notification, element)

7. Security Standards

7.1 Critical Vulnerabilities

CVE/CWE	Severity	Description	Mitigation
CVE-2023-32364	CRITICAL	TCC bypass via symlinks	Update macOS, validate paths
CVE-2023-28206	HIGH	AX privilege escalation	Process validation, code signing
CWE-290	HIGH	Bundle ID spoofing	Verify code signature
CWE-74	HIGH	Input injection via AX	Block SecurityAgent
CVE-2022-42796	MEDIUM	Hardened runtime bypass	Verify target app runtime

7.2 OWASP Mapping

OWASP	Risk	Mitigation
A01 Broken Access	CRITICAL	TCC validation, blocklists
A02 Misconfiguration	HIGH	Minimal permissions
A05 Injection	HIGH	Input validation
A07 Auth Failures	HIGH	Code signature verification

7.3 Permission Tier Model

Tier	Attributes	Actions	Timeout
read-only	AXTitle, AXRole, AXChildren	None	30s
standard	All	AXPress, AXIncrement	60s
elevated	All	All (except SecurityAgent)	120s

8. Common Mistakes

Critical Anti-Patterns - Always avoid:

Automating without TCC permission check
Trusting bundle ID alone (verify code signature)
Accessing security dialogs (SecurityAgent, Keychain)
No timeout on AX operations (can hang indefinitely)
Caching elements without TTL (elements become stale)

9. Pre-Implementation Checklist

Phase 1: Before Writing Code

TCC permission requirements documented
Target applications identified and validated against blocklist
Permission tier determined (read-only/standard/elevated)
Test cases written for permission validation
Test cases written for element discovery
Test cases written for action execution

Phase 2: During Implementation

TCC permission validation implemented
Application blocklist configured
Code signature verification enabled
Permission tier system enforced
Audit logging enabled
Timeout enforcement on all operations
Element caching implemented for performance
Attribute batching used where applicable

Phase 3: Before Committing

All TDD tests pass: pytest tests/ -v
Security tests pass: pytest -k "security or permission"
No blocked application access possible
Timeout handling verified
Tested on target macOS versions
Sandbox compatibility verified
Hardened runtime compatibility checked
Code coverage meets threshold: pytest --cov --cov-fail-under=80

10. Summary

Your goal is to create macOS accessibility automation that is:

Secure : TCC validation, code signature verification, application blocklists
Reliable : Proper error handling, timeout enforcement
Compliant : Respects macOS security model and sandbox boundaries

Security Reminders :

Always validate TCC permissions before automation
Verify code signatures, not just bundle IDs
Never automate security dialogs or Keychain
Log all operations with correlation IDs
Respect macOS security boundaries

References

Advanced Patterns : See references/advanced-patterns.md
Security Examples : See references/security-examples.md
Threat Model : See references/threat-model.md

Weekly Installs

161

Repository

martinholovsky/…enerator

GitHub Stars

First Seen

Jan 20, 2026

Security Audits

Gen Agent Trust HubFail SocketPass SnykPass

Installed on

gemini-cli136

opencode136

codex136

github-copilot125

cursor123

amp104

GitHub Actions 官方文档查询助手 - 精准解答 CI/CD 工作流问题

33,800 周安装