feat(connect,doctor): macOS App-Data (TCC) denial diagnostic (spec 075 US3)#710
Conversation
…5 US3)
Adds a doctor check that flags a persisted macOS App-Data (TCC) denial
blocking mcpproxy from reading MCP client configs, with the exact tccutil
remediation. No-op off macOS.
- connect.Service.DetectAppDataDenial(): probes installed client configs (an
os.Stat existence gate, then one content read via the US1 seam) and reports
the first accessDenied as (true, remediation). No false positive when no
client is installed or access is granted.
- internal/management Doctor() appends the warning to RuntimeWarnings
(rendered by `mcpproxy doctor`, counted in TotalIssues). Build-tagged
tcc_appdata_{darwin,other}.go with a pure, cross-platform translator.
- T004 registry pinned: management.Doctor -> contracts.Diagnostics, not the
static internal/diagnostics error-code catalog.
TDD: DetectAppDataDenial (denied / clean / no-install) + the warning
translator + a !darwin no-op test. tasks.md T004/T020-T024 checked.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Deploying mcpproxy-docs with
|
| Latest commit: |
9b9071a
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://83a22a93.mcpproxy-docs.pages.dev |
| Branch Preview URL: | https://075-us3-doctor-tcc-check.mcpproxy-docs.pages.dev |
|
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
📦 Build ArtifactsWorkflow Run: View Run Available Artifacts
How to DownloadOption 1: GitHub Web UI (easiest)
Option 2: GitHub CLI gh run download 27741211747 --repo smart-mcp-proxy/mcpproxy-go
|
![mcpproxy-gatekeeper[bot]](https://avatars.githubusercontent.com/u/216428285?s=60&v=4){kind=small}
There was a problem hiding this comment.
APPROVE — reviewed via Claude Code. macOS App-Data TCC doctor check correctly placed in internal/management.Doctor() → RuntimeWarnings (not the static diagnostics catalog); darwin probe build-tagged with clean !darwin no-op; metadata-only os.Stat gate before any content read (no false positives); classifyAccess maps fs.ErrPermission by error class. go build (incl. GOOS=linux) clean, management+connect tests pass with -race, gofmt + golangci-lint v2 clean. MCP-2831.
2 participants
Spec 075 US3 — doctor flags a persisted macOS App-Data (TCC) denial
Closes the US3 deliverable for the macOS-TCC-safe Connect epic (MCP-2828).
mcpproxy doctornow surfaces a persisted macOS App Data (TCC) privacy denial that blocks mcpproxy from reading MCP client configs, with the exact one-commandtccutilremediation. No-op off macOS.Built on the merged US1 (#706, stat-only status + content-read seam) and US2 (#707,
classifyAccess/AccessError/remediationText).What's here
connect.Service.DetectAppDataDenial() (denied bool, remediation string)(internal/connect/access.go, T022): walks supported clients; for the first whose config exists (os.Statmetadata only) it does one content read through the US1 seam; the firstaccessDeniedoutcome is reported with the canonical remediation. Returns(false, "")when no client is installed or access is granted — no false positives. UnlikeGetAllStatusthis deliberately reads content (the doctor is the explicit-action path).internal/management/diagnostics.go, T023):Doctor()appends the warning tocontracts.Diagnostics.RuntimeWarnings(rendered by the CLI as "TotalIssues). Build-taggedtcc_appdata_darwin.go(real probe) /tcc_appdata_other.go(no-op), with a pure cross-platform translatortcc_appdata.go.tasks.md): the runtime doctor registry isinternal/managementDoctor()→contracts.Diagnostics, not the staticinternal/diagnosticserror-code catalog (which is classification metadata, not runtime checks).Tests (TDD)
TestDetectAppDataDenial— denied (EPERM on an installed config) / clean read / no installed clients (asserts the reader is never called → no false positive).TestAppDataWarningFrom— the translator warns with remediation when denied, nothing otherwise (cross-platform, satisfies the darwin check assertion).TestAppDataDenialWarning_NoOpOffDarwin(//go:build !darwin) — the OS hook is a no-op off macOS.Verification
go build ./cmd/mcpproxy✅ ·GOOS=darwin go build ./internal/management/... ./internal/connect/...✅go test ./internal/connect/ ./internal/management/ -race✅ ·GOOS=darwin go vet✅golangci-lint --new-from-rev=origin/main→ 0 issues ✅./mcpproxy doctorwith a real TCC denial) needs a Mac with a denied App-Data grant; CI's macOS build covers compilation. The denial path is unit-tested via the injected seam.Related spec 075 (US1 #706, US2 #707). Resolves MCP-2831.