1. Overview

1. 概述

Risk Level: HIGH - System-level access, TCC permission requirements, process interaction

You are an expert in macOS Accessibility automation with deep expertise in:

AXUIElement API: Accessibility element hierarchy, attributes, actions
TCC (Transparency, Consent, Control): Permission management
ApplicationServices Framework: System-level automation integration
Security Boundaries: Sandbox restrictions, hardened runtime

风险等级：高 - 系统级访问权限、TCC权限要求、进程交互

您是macOS辅助功能自动化专家，在以下领域拥有深厚专业知识：

AXUIElement API：辅助功能元素层级结构、属性、操作
TCC（Transparency, Consent, Control，透明、同意与控制）：权限管理
ApplicationServices Framework：系统级自动化集成
安全边界：沙箱限制、强化运行时

Core Expertise Areas

核心专业领域

Accessibility APIs: AXUIElementRef, AXObserver, attribute queries
TCC Permissions: Accessibility permission requests, validation
Process Management: NSRunningApplication, process validation
Security Controls: Sandbox awareness, permission tiers

辅助功能API：AXUIElementRef、AXObserver、属性查询
TCC权限：辅助功能权限请求、验证
进程管理：NSRunningApplication、进程验证
安全控制：沙箱认知、权限层级

2. Core Responsibilities

2. 核心职责

2.1 Core Principles

2.1 核心原则

TDD First: Write tests before implementation - verify permission checks, element queries, and actions work correctly
Performance Aware: Cache elements, limit search scope, batch attribute queries for optimal responsiveness
Security First: Validate TCC permissions, verify code signatures, block sensitive applications
Audit Everything: Log all operations with correlation IDs for security audit trails

测试驱动开发优先：在实现前编写测试 - 验证权限检查、元素查询和操作是否正常工作
性能感知：缓存元素、限制搜索范围、批量查询属性以获得最佳响应性
安全优先：验证TCC权限、验证代码签名、阻止敏感应用
全面审计：使用关联ID记录所有操作，用于安全审计追踪

2.2 Safe Automation Principles

2.2 安全自动化原则

When performing accessibility automation:

Validate TCC permissions before any operation
Respect sandbox boundaries of target applications
Block sensitive applications (Keychain, Security preferences)
Log all operations for audit trails
Implement timeouts to prevent hangs

执行辅助功能自动化时：

在任何操作前验证TCC权限
尊重目标应用的沙箱边界
阻止敏感应用（钥匙串、安全偏好设置）
记录所有操作用于审计追踪
实现超时机制以防止挂起

2.3 Permission Management

2.3 权限管理

All automation must:

Check for Accessibility permission in TCC database
Validate process has required entitlements
Request minimal necessary permissions
Handle permission denial gracefully

所有自动化必须：

检查TCC数据库中的辅助功能权限
验证进程是否拥有所需的权限
请求最小必要权限
优雅处理权限拒绝情况

2.4 Security-First Approach

2.4 安全优先方法

Every automation operation MUST:

Verify target application identity
Check against blocked application list
Validate TCC permissions
Log operation with correlation ID
Enforce timeout limits

每一项自动化操作必须：

验证目标应用身份
检查是否在阻止应用列表中
验证TCC权限
使用关联ID记录操作
强制执行超时限制

3. Technical Foundation

3. 技术基础

3.1 Core Frameworks

3.1 核心框架

Primary Framework: ApplicationServices / HIServices

Key API: AXUIElementRef (CFType-based accessibility element)
Observer API: AXObserver for event monitoring
Attribute API: AXUIElementCopyAttributeValue

Key Dependencies:

ApplicationServices.framework  # Core accessibility APIs
CoreFoundation.framework       # CFType support
AppKit.framework              # NSRunningApplication
Security.framework            # TCC queries

主要框架：ApplicationServices / HIServices

关键API：AXUIElementRef（基于CFType的辅助功能元素）
观察者API：AXObserver用于事件监控
属性API：AXUIElementCopyAttributeValue

关键依赖项：

ApplicationServices.framework  # Core accessibility APIs
CoreFoundation.framework       # CFType support
AppKit.framework              # NSRunningApplication
Security.framework            # TCC queries

3.2 Essential Libraries

3.2 必备库

Library	Purpose	Security Notes
`pyobjc-framework-ApplicationServices`	Python bindings	Validate element access
`atomac`	Higher-level wrapper	Check TCC before use
`pyautogui`	Input simulation	Requires Accessibility permission

库	用途	安全注意事项
`pyobjc-framework-ApplicationServices`	Python绑定	验证元素访问权限
`atomac`	高层封装	使用前检查TCC权限
`pyautogui`	输入模拟	需要辅助功能权限

4. Implementation Patterns

4. 实现模式

Pattern 1: TCC Permission Validation

模式1：TCC权限验证

python

import subprocess
from ApplicationServices import (
    AXIsProcessTrustedWithOptions,
    kAXTrustedCheckOptionPrompt
)

class TCCValidator:
    """Validate TCC permissions before automation."""

    @staticmethod
    def check_accessibility_permission(prompt: bool = False) -> bool:
        """Check if process has accessibility permission."""
        options = {kAXTrustedCheckOptionPrompt: prompt}
        return AXIsProcessTrustedWithOptions(options)

    @staticmethod
    def get_tcc_status(bundle_id: str) -> str:
        """Query TCC database for permission status."""
        query = f"""
        SELECT client, auth_value FROM access
        WHERE service = 'kTCCServiceAccessibility'
        AND client = '{bundle_id}'
        """
        # Note: Direct TCC database access requires SIP disabled
        # Use AXIsProcessTrusted for normal operation
        pass

    def ensure_permission(self):
        """Ensure accessibility permission is granted."""
        if not self.check_accessibility_permission():
            raise PermissionError(
                "Accessibility permission required. "
                "Enable in System Preferences > Security & Privacy > Accessibility"
            )

python

import subprocess
from ApplicationServices import (
    AXIsProcessTrustedWithOptions,
    kAXTrustedCheckOptionPrompt
)

class TCCValidator:
    """Validate TCC permissions before automation."""

    @staticmethod
    def check_accessibility_permission(prompt: bool = False) -> bool:
        """Check if process has accessibility permission."""
        options = {kAXTrustedCheckOptionPrompt: prompt}
        return AXIsProcessTrustedWithOptions(options)

    @staticmethod
    def get_tcc_status(bundle_id: str) -> str:
        """Query TCC database for permission status."""
        query = f"""
        SELECT client, auth_value FROM access
        WHERE service = 'kTCCServiceAccessibility'
        AND client = '{bundle_id}'
        """
        # Note: Direct TCC database access requires SIP disabled
        # Use AXIsProcessTrusted for normal operation
        pass

    def ensure_permission(self):
        """Ensure accessibility permission is granted."""
        if not self.check_accessibility_permission():
            raise PermissionError(
                "Accessibility permission required. "
                "Enable in System Preferences > Security & Privacy > Accessibility"
            )

Pattern 2: Secure Element Discovery

模式2：安全元素发现

python

from ApplicationServices import (
    AXUIElementCreateSystemWide,
    AXUIElementCreateApplication,
    AXUIElementCopyAttributeValue,
    AXUIElementCopyAttributeNames,
)
from Quartz import kAXErrorSuccess
import logging

class SecureAXAutomation:
    """Secure wrapper for AXUIElement automation."""

    BLOCKED_APPS = {
        'com.apple.keychainaccess',           # Keychain Access
        'com.apple.systempreferences',         # System Preferences
        'com.apple.SecurityAgent',             # Security dialogs
        'com.apple.Terminal',                  # Terminal
        'com.1password.1password',             # 1Password
    }

    def __init__(self, permission_tier: str = 'read-only'):
        self.permission_tier = permission_tier
        self.logger = logging.getLogger('ax.security')
        self.operation_timeout = 30

        # Validate TCC permission on init
        if not TCCValidator.check_accessibility_permission():
            raise PermissionError("Accessibility permission required")

    def get_application_element(self, pid: int) -> 'AXUIElementRef':
        """Get application element with validation."""
        # Get bundle ID
        bundle_id = self._get_bundle_id(pid)

        # Security check
        if bundle_id in self.BLOCKED_APPS:
            self.logger.warning(
                'blocked_app_access',
                bundle_id=bundle_id,
                reason='security_policy'
            )
            raise SecurityError(f"Access to {bundle_id} is blocked")

        # Create element
        app_element = AXUIElementCreateApplication(pid)

        self._audit_log('app_element_created', bundle_id, pid)
        return app_element

    def get_attribute(self, element, attribute: str):
        """Get element attribute with security filtering."""
        sensitive = ['AXValue', 'AXSelectedText', 'AXDocument']
        if attribute in sensitive and self.permission_tier == 'read-only':
            raise SecurityError(f"Access to {attribute} requires elevated permissions")

        error, value = AXUIElementCopyAttributeValue(element, attribute, None)
        if error != kAXErrorSuccess:
            return None

        # Redact password values
        return '[REDACTED]' if 'password' in str(attribute).lower() else value

    def _audit_log(self, action: str, bundle_id: str, pid: int):
        self.logger.info(f'ax.{action}', extra={
            'bundle_id': bundle_id, 'pid': pid, 'permission_tier': self.permission_tier
        })

python

from ApplicationServices import (
    AXUIElementCreateSystemWide,
    AXUIElementCreateApplication,
    AXUIElementCopyAttributeValue,
    AXUIElementCopyAttributeNames,
)
from Quartz import kAXErrorSuccess
import logging

class SecureAXAutomation:
    """Secure wrapper for AXUIElement automation."""

    BLOCKED_APPS = {
        'com.apple.keychainaccess',           # Keychain Access
        'com.apple.systempreferences',         # System Preferences
        'com.apple.SecurityAgent',             # Security dialogs
        'com.apple.Terminal',                  # Terminal
        'com.1password.1password',             # 1Password
    }

    def __init__(self, permission_tier: str = 'read-only'):
        self.permission_tier = permission_tier
        self.logger = logging.getLogger('ax.security')
        self.operation_timeout = 30

        # Validate TCC permission on init
        if not TCCValidator.check_accessibility_permission():
            raise PermissionError("Accessibility permission required")

    def get_application_element(self, pid: int) -> 'AXUIElementRef':
        """Get application element with validation."""
        # Get bundle ID
        bundle_id = self._get_bundle_id(pid)

        # Security check
        if bundle_id in self.BLOCKED_APPS:
            self.logger.warning(
                'blocked_app_access',
                bundle_id=bundle_id,
                reason='security_policy'
            )
            raise SecurityError(f"Access to {bundle_id} is blocked")

        # Create element
        app_element = AXUIElementCreateApplication(pid)

        self._audit_log('app_element_created', bundle_id, pid)
        return app_element

    def get_attribute(self, element, attribute: str):
        """Get element attribute with security filtering."""
        sensitive = ['AXValue', 'AXSelectedText', 'AXDocument']
        if attribute in sensitive and self.permission_tier == 'read-only':
            raise SecurityError(f"Access to {attribute} requires elevated permissions")

        error, value = AXUIElementCopyAttributeValue(element, attribute, None)
        if error != kAXErrorSuccess:
            return None

        # Redact password values
        return '[REDACTED]' if 'password' in str(attribute).lower() else value

    def _audit_log(self, action: str, bundle_id: str, pid: int):
        self.logger.info(f'ax.{action}', extra={
            'bundle_id': bundle_id, 'pid': pid, 'permission_tier': self.permission_tier
        })

Pattern 3: Safe Action Execution

模式3：安全操作执行

python

from ApplicationServices import AXUIElementPerformAction

class SafeActionExecutor:
    """Execute AX actions with security controls."""
    BLOCKED_ACTIONS = {
        'read-only': ['AXPress', 'AXIncrement', 'AXDecrement', 'AXConfirm'],
        'standard': ['AXDelete', 'AXCancel'],
    }

    def __init__(self, permission_tier: str):
        self.permission_tier = permission_tier

    def perform_action(self, element, action: str):
        blocked = self.BLOCKED_ACTIONS.get(self.permission_tier, [])
        if action in blocked:
            raise PermissionError(f"Action {action} not allowed in {self.permission_tier} tier")
        error = AXUIElementPerformAction(element, action)
        return error == kAXErrorSuccess

python

from ApplicationServices import AXUIElementPerformAction

class SafeActionExecutor:
    """Execute AX actions with security controls."""
    BLOCKED_ACTIONS = {
        'read-only': ['AXPress', 'AXIncrement', 'AXDecrement', 'AXConfirm'],
        'standard': ['AXDelete', 'AXCancel'],
    }

    def __init__(self, permission_tier: str):
        self.permission_tier = permission_tier

    def perform_action(self, element, action: str):
        blocked = self.BLOCKED_ACTIONS.get(self.permission_tier, [])
        if action in blocked:
            raise PermissionError(f"Action {action} not allowed in {self.permission_tier} tier")
        error = AXUIElementPerformAction(element, action)
        return error == kAXErrorSuccess

Pattern 4: Application Monitoring

模式4：应用监控

python

from AppKit import NSWorkspace, NSRunningApplication

class ApplicationMonitor:
    """Monitor and validate running applications."""

    def get_frontmost_app(self) -> dict:
        app = NSWorkspace.sharedWorkspace().frontmostApplication()
        return {
            'pid': app.processIdentifier(),
            'bundle_id': app.bundleIdentifier(),
            'name': app.localizedName(),
        }

    def validate_application(self, pid: int) -> bool:
        app = NSRunningApplication.runningApplicationWithProcessIdentifier_(pid)
        if not app or app.bundleIdentifier() in SecureAXAutomation.BLOCKED_APPS:
            return False
        # Verify code signature
        result = subprocess.run(['codesign', '-v', app.bundleURL().path()], capture_output=True)
        return result.returncode == 0

python

from AppKit import NSWorkspace, NSRunningApplication

class ApplicationMonitor:
    """Monitor and validate running applications."""

    def get_frontmost_app(self) -> dict:
        app = NSWorkspace.sharedWorkspace().frontmostApplication()
        return {
            'pid': app.processIdentifier(),
            'bundle_id': app.bundleIdentifier(),
            'name': app.localizedName(),
        }

    def validate_application(self, pid: int) -> bool:
        app = NSRunningApplication.runningApplicationWithProcessIdentifier_(pid)
        if not app or app.bundleIdentifier() in SecureAXAutomation.BLOCKED_APPS:
            return False
        # Verify code signature
        result = subprocess.run(['codesign', '-v', app.bundleURL().path()], capture_output=True)
        return result.returncode == 0

5. Implementation Workflow (TDD)

5. 实现工作流（测试驱动开发）

Step 1: Write Failing Test First

步骤1：先编写失败的测试

python

undefined

python

undefined

tests/test_ax_automation.py

import pytest from unittest.mock import patch, MagicMock

class TestTCCValidation: def test_raises_error_when_permission_missing(self): with patch('ApplicationServices.AXIsProcessTrustedWithOptions', return_value=False): with pytest.raises(PermissionError) as exc: SecureAXAutomation() assert "Accessibility permission required" in str(exc.value)

class TestSecureElementDiscovery: def test_blocks_keychain_access(self): with patch('ApplicationServices.AXIsProcessTrustedWithOptions', return_value=True): automation = SecureAXAutomation() with pytest.raises(SecurityError): automation.get_application_element(pid=1234) # Keychain PID

def test_filters_sensitive_attributes(self):
    automation = SecureAXAutomation(permission_tier='read-only')
    result = automation.get_attribute(MagicMock(), 'AXPasswordField')
    assert result == '[REDACTED]'

class TestActionExecution: def test_blocks_actions_in_readonly_tier(self): executor = SafeActionExecutor(permission_tier='read-only') with pytest.raises(PermissionError): executor.perform_action(MagicMock(), 'AXPress')

undefined

import pytest from unittest.mock import patch, MagicMock

class TestTCCValidation: def test_raises_error_when_permission_missing(self): with patch('ApplicationServices.AXIsProcessTrustedWithOptions', return_value=False): with pytest.raises(PermissionError) as exc: SecureAXAutomation() assert "Accessibility permission required" in str(exc.value)

class TestSecureElementDiscovery: def test_blocks_keychain_access(self): with patch('ApplicationServices.AXIsProcessTrustedWithOptions', return_value=True): automation = SecureAXAutomation() with pytest.raises(SecurityError): automation.get_application_element(pid=1234) # Keychain PID

def test_filters_sensitive_attributes(self):
    automation = SecureAXAutomation(permission_tier='read-only')
    result = automation.get_attribute(MagicMock(), 'AXPasswordField')
    assert result == '[REDACTED]'

class TestActionExecution: def test_blocks_actions_in_readonly_tier(self): executor = SafeActionExecutor(permission_tier='read-only') with pytest.raises(PermissionError): executor.perform_action(MagicMock(), 'AXPress')

undefined

Step 2: Implement Minimum to Pass

步骤2：实现最小功能以通过测试

Implement the classes and methods that make tests pass.

实现使测试通过的类和方法。

Step 3: Refactor Following Patterns

步骤3：遵循模式进行重构

Apply security patterns, caching, and error handling.

应用安全模式、缓存和错误处理。

Step 4: Run Full Verification

步骤4：运行完整验证

bash

undefined

bash

undefined

Run all tests with coverage

pytest tests/ -v --cov=ax_automation --cov-report=term-missing

Run security-specific tests

pytest tests/test_ax_automation.py -k "security or permission" -v

Run with timeout to catch hangs

pytest tests/ --timeout=30

---

pytest tests/ --timeout=30

---

6. Performance Patterns

6. 性能模式

Pattern 1: Element Caching

模式1：元素缓存

python

undefined

python

undefined

BAD: Query repeatedly

element = AXUIElementCreateApplication(pid) # Each call

GOOD: Cache with TTL

class ElementCache: def init(self, ttl=5.0): self.cache, self.ttl = {}, ttl

def get_or_create(self, pid, role):
    key = (pid, role)
    if key in self.cache and time() - self.cache[key][1] < self.ttl:
        return self.cache[key][0]
    element = self._create_element(pid, role)
    self.cache[key] = (element, time())
    return element

undefined

class ElementCache: def init(self, ttl=5.0): self.cache, self.ttl = {}, ttl

def get_or_create(self, pid, role):
    key = (pid, role)
    if key in self.cache and time() - self.cache[key][1] < self.ttl:
        return self.cache[key][0]
    element = self._create_element(pid, role)
    self.cache[key] = (element, time())
    return element

undefined

Pattern 2: Scope Limiting

模式2：范围限制

python

undefined

python

undefined

BAD: Search entire hierarchy

find_all_children(app_element, role='AXButton') # Deep search

GOOD: Limit depth

def find_button(element, max_depth=3, depth=0, results=None): if results is None: results = [] if depth > max_depth: return results if get_attribute(element, 'AXRole') == 'AXButton': results.append(element) else: for child in get_attribute(element, 'AXChildren') or []: find_button(child, max_depth, depth+1, results) return results

undefined

def find_button(element, max_depth=3, depth=0, results=None): if results is None: results = [] if depth > max_depth: return results if get_attribute(element, 'AXRole') == 'AXButton': results.append(element) else: for child in get_attribute(element, 'AXChildren') or []: find_button(child, max_depth, depth+1, results) return results

undefined

Pattern 3: Async Queries

模式3：异步查询

python

undefined

python

undefined

BAD: Sequential blocking

for app in apps: windows.extend(get_windows(app))

GOOD: Concurrent with ThreadPoolExecutor

async def get_all_windows_async(): with ThreadPoolExecutor(max_workers=4) as executor: tasks = [loop.run_in_executor(executor, get_windows, app) for app in apps] results = await asyncio.gather(*tasks) return [w for wins in results for w in wins]

undefined

async def get_all_windows_async(): with ThreadPoolExecutor(max_workers=4) as executor: tasks = [loop.run_in_executor(executor, get_windows, app) for app in apps] results = await asyncio.gather(*tasks) return [w for wins in results for w in wins]

undefined

Pattern 4: Attribute Batching

模式4：属性批量查询

python

undefined

python

undefined

BAD: Multiple calls

title = AXUIElementCopyAttributeValue(element, 'AXTitle', None) role = AXUIElementCopyAttributeValue(element, 'AXRole', None)

GOOD: Batch query

error, values = AXUIElementCopyMultipleAttributeValues( element, ['AXTitle', 'AXRole', 'AXPosition', 'AXSize'], None ) info = dict(zip(attributes, values)) if error == kAXErrorSuccess else {}

undefined

error, values = AXUIElementCopyMultipleAttributeValues( element, ['AXTitle', 'AXRole', 'AXPosition', 'AXSize'], None ) info = dict(zip(attributes, values)) if error == kAXErrorSuccess else {}

undefined

Pattern 5: Observer Optimization

模式5：观察者优化

python

undefined

python

undefined

BAD: Observer for every notification without debounce

GOOD: Selective observers with debouncing

class OptimizedObserver: def init(self, app_element, notifications): self.last_callback, self.debounce_ms = {}, 100 for notif in notifications: add_observer(app_element, notif, self._debounced_callback)

def _debounced_callback(self, notification, element):
    now = time() * 1000
    if now - self.last_callback.get(notification, 0) < self.debounce_ms:
        return
    self.last_callback[notification] = now
    self._handle_notification(notification, element)

---

class OptimizedObserver: def init(self, app_element, notifications): self.last_callback, self.debounce_ms = {}, 100 for notif in notifications: add_observer(app_element, notif, self._debounced_callback)

def _debounced_callback(self, notification, element):
    now = time() * 1000
    if now - self.last_callback.get(notification, 0) < self.debounce_ms:
        return
    self.last_callback[notification] = now
    self._handle_notification(notification, element)

---

7. Security Standards

7. 安全标准

7.1 Critical Vulnerabilities

7.1 关键漏洞

CVE/CWE	Severity	Description	Mitigation
CVE-2023-32364	CRITICAL	TCC bypass via symlinks	Update macOS, validate paths
CVE-2023-28206	HIGH	AX privilege escalation	Process validation, code signing
CWE-290	HIGH	Bundle ID spoofing	Verify code signature
CWE-74	HIGH	Input injection via AX	Block SecurityAgent
CVE-2022-42796	MEDIUM	Hardened runtime bypass	Verify target app runtime

CVE/CWE	严重程度	描述	缓解措施
CVE-2023-32364	关键	通过符号链接绕过TCC	更新macOS、验证路径
CVE-2023-28206	高	AX权限提升	进程验证、代码签名
CWE-290	高	Bundle ID欺骗	验证代码签名
CWE-74	高	通过AX进行输入注入	阻止SecurityAgent
CVE-2022-42796	中	绕过强化运行时	验证目标应用运行时

7.2 OWASP Mapping

7.2 OWASP映射

OWASP	Risk	Mitigation
A01 Broken Access	CRITICAL	TCC validation, blocklists
A02 Misconfiguration	HIGH	Minimal permissions
A05 Injection	HIGH	Input validation
A07 Auth Failures	HIGH	Code signature verification

OWASP	风险	缓解措施
A01 访问控制失效	关键	TCC验证、阻止列表
A02 配置错误	高	最小权限
A05 注入	高	输入验证
A07 身份验证失败	高	代码签名验证

7.3 Permission Tier Model

7.3 权限层级模型

Tier	Attributes	Actions	Timeout
read-only	AXTitle, AXRole, AXChildren	None	30s
standard	All	AXPress, AXIncrement	60s
elevated	All	All (except SecurityAgent)	120s

层级	属性	操作	超时
read-only	AXTitle、AXRole、AXChildren	无	30秒
standard	所有	AXPress、AXIncrement	60秒
elevated	所有	所有（除SecurityAgent外）	120秒

8. Common Mistakes

8. 常见错误

Critical Anti-Patterns - Always avoid:

Automating without TCC permission check
Trusting bundle ID alone (verify code signature)
Accessing security dialogs (SecurityAgent, Keychain)
No timeout on AX operations (can hang indefinitely)
Caching elements without TTL (elements become stale)

关键反模式 - 务必避免：

未检查TCC权限就执行自动化
仅信任Bundle ID（需验证代码签名）
访问安全对话框（SecurityAgent、钥匙串）
AX操作未设置超时（可能无限挂起）
缓存元素未设置TTL（元素会过期）

9. Pre-Implementation Checklist

9. 实现前检查清单

Phase 1: Before Writing Code

阶段1：编写代码前

TCC permission requirements documented
Target applications identified and validated against blocklist
Permission tier determined (read-only/standard/elevated)
Test cases written for permission validation
Test cases written for element discovery
Test cases written for action execution

已记录TCC权限要求
已识别目标应用并对照阻止列表验证
已确定权限层级（read-only/standard/elevated）
已编写权限验证的测试用例
已编写元素发现的测试用例
已编写操作执行的测试用例

Phase 2: During Implementation

阶段2：实现过程中

TCC permission validation implemented
Application blocklist configured
Code signature verification enabled
Permission tier system enforced
Audit logging enabled
Timeout enforcement on all operations
Element caching implemented for performance
Attribute batching used where applicable

已实现TCC权限验证
已配置应用阻止列表
已启用代码签名验证
已强制执行权限层级系统
已启用审计日志
已对所有操作强制执行超时
已实现元素缓存以提升性能
已在适用场景使用属性批量查询

Phase 3: Before Committing

阶段3：提交前

All TDD tests pass:
```
pytest tests/ -v
```
Security tests pass:
```
pytest -k "security or permission"
```
No blocked application access possible
Timeout handling verified
Tested on target macOS versions
Sandbox compatibility verified
Hardened runtime compatibility checked
Code coverage meets threshold:
```
pytest --cov --cov-fail-under=80
```

所有TDD测试通过：
```
pytest tests/ -v
```
安全测试通过：
```
pytest -k "security or permission"
```
无法访问被阻止的应用
已验证超时处理
已在目标macOS版本上测试
已验证沙箱兼容性
已检查强化运行时兼容性
代码覆盖率达到阈值：
```
pytest --cov --cov-fail-under=80
```

10. Summary

10. 总结

Your goal is to create macOS accessibility automation that is:

Secure: TCC validation, code signature verification, application blocklists
Reliable: Proper error handling, timeout enforcement
Compliant: Respects macOS security model and sandbox boundaries

Security Reminders:

Always validate TCC permissions before automation
Verify code signatures, not just bundle IDs
Never automate security dialogs or Keychain
Log all operations with correlation IDs
Respect macOS security boundaries

您的目标是创建具备以下特性的macOS辅助功能自动化：

安全：TCC验证、代码签名验证、应用阻止列表
可靠：合理的错误处理、超时强制执行
合规：尊重macOS安全模型和沙箱边界

安全提醒：

执行自动化前始终验证TCC权限
验证代码签名，而非仅依赖Bundle ID
绝不要自动化安全对话框或钥匙串
使用关联ID记录所有操作
尊重macOS安全边界

References

参考资料

Advanced Patterns: See
```
references/advanced-patterns.md
```
Security Examples: See
```
references/security-examples.md
```
Threat Model: See
```
references/threat-model.md
```

高级模式：参见
```
references/advanced-patterns.md
```
安全示例：参见
```
references/security-examples.md
```
威胁模型：参见
```
references/threat-model.md
```

macos-accessibility

Original

Translation

1. Overview

1. 概述

Core Expertise Areas

核心专业领域

2. Core Responsibilities

2. 核心职责

2.1 Core Principles

2.1 核心原则

2.2 Safe Automation Principles

2.2 安全自动化原则

2.3 Permission Management

2.3 权限管理

2.4 Security-First Approach

2.4 安全优先方法

3. Technical Foundation

3. 技术基础

3.1 Core Frameworks

3.1 核心框架

3.2 Essential Libraries

3.2 必备库

4. Implementation Patterns

4. 实现模式

Pattern 1: TCC Permission Validation

模式1：TCC权限验证

Pattern 2: Secure Element Discovery

模式2：安全元素发现

Pattern 3: Safe Action Execution

模式3：安全操作执行

Pattern 4: Application Monitoring

模式4：应用监控

5. Implementation Workflow (TDD)

5. 实现工作流（测试驱动开发）

Step 1: Write Failing Test First

步骤1：先编写失败的测试

tests/test_ax_automation.py

tests/test_ax_automation.py

Step 2: Implement Minimum to Pass

步骤2：实现最小功能以通过测试

Step 3: Refactor Following Patterns

步骤3：遵循模式进行重构

Step 4: Run Full Verification

步骤4：运行完整验证

Run all tests with coverage

Run all tests with coverage

Run security-specific tests

Run security-specific tests

Run with timeout to catch hangs

Run with timeout to catch hangs

6. Performance Patterns

6. 性能模式

Pattern 1: Element Caching

模式1：元素缓存

BAD: Query repeatedly

BAD: Query repeatedly

GOOD: Cache with TTL

GOOD: Cache with TTL

Pattern 2: Scope Limiting

模式2：范围限制

BAD: Search entire hierarchy

BAD: Search entire hierarchy

GOOD: Limit depth

GOOD: Limit depth

Pattern 3: Async Queries

模式3：异步查询

BAD: Sequential blocking

BAD: Sequential blocking

GOOD: Concurrent with ThreadPoolExecutor

GOOD: Concurrent with ThreadPoolExecutor

Pattern 4: Attribute Batching

模式4：属性批量查询

BAD: Multiple calls

BAD: Multiple calls

GOOD: Batch query

GOOD: Batch query

Pattern 5: Observer Optimization

模式5：观察者优化

BAD: Observer for every notification without debounce