macOS: apps launched from integrated terminal can't request TCC permissions (mic, camera)

[mikaelweiss]

Problem

When running an app that needs microphone or camera access from T3 Code's integrated terminal, macOS never shows the permission prompt — it silently fails. The same app works fine when launched from a standalone terminal (e.g. Ghostty).

This affects both dev and production builds.

Cause

macOS TCC requires two things to show privacy permission prompts for child processes:

1. A valid code signature on the parent app bundle
2. Usage description keys in the app's Info.plist (e.g. NSMicrophoneUsageDescription)

Dev builds

The dev launcher (apps/desktop/scripts/electron-launcher.mjs) patches the Electron app bundle's Info.plist (display name, bundle ID, icon) but doesn't re-sign the bundle afterward. This invalidates the existing code signature, so TCC silently denies all permission prompts for child processes.

Production builds

The mac build config in scripts/build-desktop-artifact.ts has two issues:

1. No usage description keys — NSMicrophoneUsageDescription, NSCameraUsageDescription, etc. are not included in the mac extendInfo, so macOS doesn't know the app needs those permissions.
2. Unsigned builds have no signature at all — CSC_IDENTITY_AUTO_DISCOVERY is set to "false" for all unsigned builds, which disables signing entirely. Without even an ad-hoc signature, TCC can't attribute permissions to the app.

Suggested fix

Dev (~11 lines, 1 file)

Ad-hoc re-sign the app bundle after patching plists in electron-launcher.mjs:

spawnSync("codesign", ["--force", "--deep", "--sign", "-", appBundlePath]);

I've tested this locally and it resolves the issue for dev.

Prod

1. Add NSMicrophoneUsageDescription and NSCameraUsageDescription to the mac build config via extendInfo.
2. For unsigned mac builds, use ad-hoc signing (identity: "-") instead of disabling signing entirely.

I haven't been able to test the prod fix locally (no signing setup), but the approach matches Apple's TCC documentation.

Reproduction

1. Open a project in T3 Code (desktop, macOS)
2. In the integrated terminal, run any app that requests microphone or camera access
3. No permission prompt appears; the app fails silently
4. Run the same command in an external terminal — it works

PR

I created a PR, but I think it was auto closed.

[m13v]

Great analysis. We hit the exact same problem building Fazm (macOS desktop AI agent) - child processes launched from our app couldn't get TCC prompts for microphone and camera.

Your fix is correct on both fronts:

1. For dev builds - the ad-hoc re-sign after plist patching is the key fix. We do the same: any time we modify the app bundle's contents (Info.plist, embedded binaries, etc.), we immediately re-sign with codesign --force --deep --sign -. Without this, macOS sees a broken signature and silently drops all TCC prompts.

2. For prod builds - adding the NS*UsageDescription keys is mandatory. macOS won't even show the permission prompt without them, regardless of signing. We needed NSAccessibilityUsageDescription, NSMicrophoneUsageDescription, NSCameraUsageDescription, and NSScreenCaptureUsageDescription.

One thing your analysis doesn't mention: the --deep flag in codesign is important because Electron apps have nested frameworks and helpers that also need valid signatures. Without --deep, the outer signature is valid but the helpers (which actually spawn child processes) have broken signatures.

Also, for the unsigned builds issue - ad-hoc signing (identity '-') is definitely the right call over no signing at all. The difference is significant: unsigned binaries get no TCC identity at all, while ad-hoc signed binaries get a code directory hash that TCC can track. Users can grant permissions and have them stick across launches.

[m13v]

Our macOS AI agent that handles the full TCC permission lifecycle (accessibility, screen capture, microphone, camera): https://fazm.ai/gh

The MCP server that solved the same code signing + TCC interaction: https://github.com/mediar-ai/mcp-server-macos-use/blob/main/Sources/MCPServer/main.swift