alvin-bot 4.26.0 → 5.1.0

package/dist/services/permissions-wizard.js

@@ -0,0 +1,291 @@
+/**
+ * Permissions Wizard (5.1.0).
+ *
+ * Reality check up front: on macOS, TCC (Transparency, Consent, Control)
+ * permissions are architecturally NOT grantable by an app — no API, no
+ * AppleScript, no sudo trick, no signed-entitlement bypass for a normal
+ * Node CLI. The user has to toggle the switches in System Settings.
+ *
+ * What this wizard DOES do — make the toggling experience painless:
+ *
+ *   1. Detect every permission's current state
+ *   2. For each missing one: open the EXACT right Settings pane
+ *   3. Wait for the user to toggle (poll detect every 2 s)
+ *   4. Verify and move to the next
+ *   5. End with a clear summary of granted / skipped / still-missing
+ *
+ * Covered permissions (macOS):
+ *   - sudo password (not TCC; stored in Keychain so brew/apt commands
+ *     don't re-prompt — separate from TCC but bundled here for
+ *     "one upfront onboarding" UX)
+ *   - Full Disk Access (TCC — for protected dirs like ~/Library/Mail,
+ *     ~/Documents when needed by skills/codex)
+ *   - Automation (TCC — for osascript driving Apple Mail/Notes/Calendar)
+ *   - Accessibility (TCC — for cliclick mouse/keyboard automation)
+ *
+ * On Linux: only sudo applies. The wizard reports a no-op for TCC steps.
+ *
+ * Opt-out: set ALVIN_DISABLE_SELF_PRESERVATION=true to silence everything,
+ * but this wizard never runs unless explicitly invoked — no startup hook.
+ */
+import { execSync } from "child_process";
+import os from "os";
+import { getSudoStatus, openSystemSettings, storePassword, verifyPassword, } from "./sudo.js";
+const PLATFORM = os.platform();
+export const PERMISSIONS = [
+    {
+        id: "sudo",
+        name: "Sudo / Admin Access",
+        why: "Lets Alvin run admin commands (brew install, apt-get, etc.) without re-prompting every time.",
+        platforms: ["darwin", "linux"],
+        detect: async (status) => {
+            const s = status ?? (await getSudoStatus());
+            if (!s.configured)
+                return { state: "missing", detail: "password not stored" };
+            if (!s.verified)
+                return { state: "missing", detail: "stored but doesn't authenticate" };
+            return { state: "granted" };
+        },
+    },
+    {
+        id: "full-disk-access",
+        name: "Full Disk Access",
+        why: "Lets `node` (and anything it spawns — codex, file-skills, document tools) read protected directories like ~/Library/Mail, ~/Documents when skills need them.",
+        platforms: ["darwin"],
+        detect: async (status) => {
+            const s = status ?? (await getSudoStatus());
+            if (PLATFORM !== "darwin")
+                return { state: "n/a" };
+            return { state: s.permissions.fullDiskAccess ? "granted" : "missing" };
+        },
+        openPane: () => openSystemSettings("full-disk-access"),
+    },
+    {
+        id: "automation",
+        name: "Automation (Apple Events)",
+        why: "Lets osascript drive Apple Mail, Apple Notes, Calendar, Finder — used by the email-send, apple-notes, and several productivity skills.",
+        platforms: ["darwin"],
+        detect: async (status) => {
+            const s = status ?? (await getSudoStatus());
+            if (PLATFORM !== "darwin")
+                return { state: "n/a" };
+            const a = s.permissions.automation;
+            if (a === null || a === undefined)
+                return { state: "n/a" };
+            return { state: a ? "granted" : "missing" };
+        },
+        openPane: () => openSystemSettings("automation"),
+    },
+    {
+        id: "accessibility",
+        name: "Accessibility",
+        why: "Lets cliclick simulate mouse + keyboard input — used by some browser-automation and UI-testing skills.",
+        platforms: ["darwin"],
+        detect: async (status) => {
+            const s = status ?? (await getSudoStatus());
+            if (PLATFORM !== "darwin")
+                return { state: "n/a" };
+            if (s.accessibilityDetail === "cliclick-missing") {
+                return { state: "tool-missing", detail: "cliclick not installed (brew install cliclick)" };
+            }
+            return { state: s.permissions.accessibility ? "granted" : "missing" };
+        },
+        openPane: () => openSystemSettings("accessibility"),
+        prereq: "brew install cliclick",
+    },
+];
+/**
+ * Read-only — return the current state of every applicable permission.
+ * Used by `permissions status` and by the doctor command.
+ */
+export async function readPermissionsSnapshot() {
+    const status = await getSudoStatus();
+    const out = [];
+    for (const perm of PERMISSIONS) {
+        if (!perm.platforms.includes(PLATFORM)) {
+            out.push({ permission: perm, state: "n/a", detail: `not applicable on ${PLATFORM}` });
+            continue;
+        }
+        const r = await perm.detect(status);
+        out.push({ permission: perm, ...r });
+    }
+    return out;
+}
+/**
+ * Wait up to `timeoutMs` for a permission to flip from missing→granted.
+ * Polls detect() every 2 seconds. Used after openPane() to give the
+ * user time to toggle the switch.
+ */
+async function waitForGrant(perm, timeoutMs) {
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+        const r = await perm.detect();
+        if (r.state === "granted")
+            return true;
+        await new Promise((resolve) => setTimeout(resolve, 2000));
+    }
+    return false;
+}
+/**
+ * Run the full guided permissions wizard. Sequential per permission.
+ *
+ * Behaviour per permission:
+ *   - already granted → skip silently (one-liner)
+ *   - tool-missing → tell user the prereq, offer to skip
+ *   - missing (TCC) → open Settings pane, wait up to 60 s, verify
+ *   - missing (sudo) → prompt for password, store in Keychain, verify
+ *
+ * The user can decline any step. Nothing is required for the bot to keep
+ * working — degraded skills just won't work until the relevant permission
+ * is granted.
+ */
+export async function runPermissionsWizard(cb) {
+    const result = { granted: [], skipped: [], stillMissing: [], toolMissing: [] };
+    cb.print("\n🛡️  Mac Permissions Wizard");
+    cb.print("─────────────────────────────────────────────────────────");
+    cb.print("macOS doesn't let any app grant TCC permissions on its own —");
+    cb.print("we'll walk you through each toggle. Decline any step you want.");
+    cb.print("");
+    // First read snapshot once so we don't re-probe constantly
+    const initial = await readPermissionsSnapshot();
+    cb.print("Current state:");
+    for (const snap of initial) {
+        const icon = snap.state === "granted" ? "✓" : snap.state === "n/a" ? "·" : "✗";
+        cb.print(`  ${icon} ${snap.permission.name.padEnd(28)}  ${snap.state}${snap.detail ? "  (" + snap.detail + ")" : ""}`);
+    }
+    cb.print("");
+    // ── Sudo step (always first; not TCC, just Keychain) ────────────────
+    const sudoSnap = initial.find((s) => s.permission.id === "sudo");
+    if (sudoSnap && sudoSnap.state !== "granted" && sudoSnap.permission.platforms.includes(PLATFORM)) {
+        cb.print(`\n[1/4] ${sudoSnap.permission.name}`);
+        cb.print(`      ${sudoSnap.permission.why}`);
+        cb.print(`      Status: ${sudoSnap.state}${sudoSnap.detail ? " (" + sudoSnap.detail + ")" : ""}`);
+        const proceed = await cb.confirm("      Set up now?");
+        if (!proceed) {
+            result.skipped.push("sudo");
+        }
+        else {
+            const pw = await cb.promptPassword("      Your macOS account password (stored in Keychain): ");
+            if (!pw) {
+                result.skipped.push("sudo");
+            }
+            else {
+                const stored = storePassword(pw);
+                if (!stored.ok) {
+                    cb.print(`      ❌ Could not store: ${stored.error}`);
+                    result.stillMissing.push("sudo");
+                }
+                else {
+                    const verify = await verifyPassword();
+                    if (verify.ok) {
+                        cb.print(`      ✓ Stored in ${stored.method} and verified.`);
+                        result.granted.push("sudo");
+                    }
+                    else {
+                        cb.print(`      ❌ Wrong password — Keychain entry removed.`);
+                        // storePassword stored it; verifyPassword found it wrong.
+                        // We should revoke to avoid leaving a bogus pw lying around.
+                        try {
+                            const { revokePassword } = await import("./sudo.js");
+                            revokePassword();
+                        }
+                        catch { }
+                        result.stillMissing.push("sudo");
+                    }
+                }
+            }
+        }
+    }
+    else if (sudoSnap?.state === "granted") {
+        cb.print(`[1/4] ${sudoSnap.permission.name}  ✓ already configured`);
+        result.granted.push("sudo");
+    }
+    // ── TCC permissions (Mac only) ──────────────────────────────────────
+    if (PLATFORM !== "darwin") {
+        cb.print("\nNon-macOS platform — TCC permissions are macOS-only. Skipping.");
+        return result;
+    }
+    let i = 2;
+    for (const id of ["full-disk-access", "automation", "accessibility"]) {
+        const perm = PERMISSIONS.find((p) => p.id === id);
+        const snap = initial.find((s) => s.permission.id === id);
+        cb.print(`\n[${i}/4] ${perm.name}`);
+        cb.print(`      ${perm.why}`);
+        cb.print(`      Status: ${snap.state}${snap.detail ? " (" + snap.detail + ")" : ""}`);
+        i++;
+        if (snap.state === "granted") {
+            cb.print(`      ✓ Already granted.`);
+            result.granted.push(id);
+            continue;
+        }
+        if (snap.state === "tool-missing") {
+            cb.print(`      ⚠ Prerequisite missing: ${perm.prereq || "(no install hint)"}`);
+            const install = await cb.confirm("      Install the prerequisite now?");
+            if (install && perm.prereq) {
+                try {
+                    execSync(perm.prereq, { stdio: "inherit", timeout: 120_000 });
+                    cb.print(`      ✓ Installed.`);
+                }
+                catch {
+                    cb.print(`      ❌ Install failed.`);
+                    result.toolMissing.push(id);
+                    continue;
+                }
+            }
+            else {
+                result.toolMissing.push(id);
+                continue;
+            }
+        }
+        // Open the Settings pane and wait for toggle
+        if (!perm.openPane) {
+            cb.print(`      (no automatic pane-open for this permission)`);
+            result.stillMissing.push(id);
+            continue;
+        }
+        const proceed = await cb.confirm("      Open System Settings and grant now?");
+        if (!proceed) {
+            result.skipped.push(id);
+            continue;
+        }
+        cb.print(`      → Opening System Settings…`);
+        perm.openPane();
+        cb.print(`      → Waiting up to 60 s for you to toggle the switch (polls every 2 s)…`);
+        cb.print(`      → For Full Disk Access: add the actual node binary —`);
+        cb.print(`         ${getNodeBinaryHint()}`);
+        const granted = await waitForGrant(perm, 60_000);
+        if (granted) {
+            cb.print(`      ✓ Granted.`);
+            result.granted.push(id);
+        }
+        else {
+            cb.print(`      ⏱  Timeout — you can run the wizard again any time.`);
+            result.stillMissing.push(id);
+        }
+    }
+    return result;
+}
+function getNodeBinaryHint() {
+    try {
+        const path = execSync(`readlink -f "$(command -v node)"`, { encoding: "utf-8", timeout: 1000 }).trim();
+        return path || "(could not resolve node binary)";
+    }
+    catch {
+        return "(run: readlink -f \"$(command -v node)\")";
+    }
+}
+/**
+ * Format a snapshot list as a compact human-readable block.
+ * Used by both `permissions status` and the doctor command.
+ */
+export function formatPermissionsSnapshot(snaps) {
+    const lines = [];
+    for (const snap of snaps) {
+        const icon = snap.state === "granted" ? "✓" :
+            snap.state === "tool-missing" ? "⚠" :
+                snap.state === "n/a" ? "·" : "✗";
+        lines.push(`  ${icon} ${snap.permission.name.padEnd(28)}  ${snap.state}` +
+            (snap.detail ? `  — ${snap.detail}` : ""));
+    }
+    return lines.join("\n");
+}

package/dist/services/self-diagnosis.js

@@ -0,0 +1,272 @@
+/**
+ * AI-driven Self-Diagnosis (Self-Preservation Phase 2, feature 3I).
+ *
+ * Trigger model — IMPORTANT:
+ *
+ *   3I does NOT run at watchdog-brake time. The bot is mid-exit then;
+ *   spawning a fresh process just to make one AI call would be heavy
+ *   and racy. Instead, 3I runs at the next successful bot start:
+ *   it scans ~/.alvin-bot/diagnostics/ for forensic bundles that don't
+ *   yet have a sidecar .analysis.md file, runs AI analysis on each,
+ *   writes the sidecar, and delivers a Telegram summary via 1D.
+ *
+ *   User-visible consequence: when the bot recovers from a brake, the
+ *   first thing it does after Pre-Flight is analyze why it crashed —
+ *   the operator gets the diagnosis on their phone within ~30 s of
+ *   the bot coming back up.
+ *
+ * Provider-agnostic — uses the active Provider's query() async generator,
+ * works for claude-sdk / codex-cli / groq / gemini / openai / offline-gemma4.
+ * The prompt is deliberately tight (~250 tokens base + bundle content,
+ * truncated to ~12 KB) so even small-context models can handle it.
+ *
+ * Output shape — we force a structured plain-text response (no JSON;
+ * JSON parsing reliability is unever across providers, especially with
+ * smaller models). The 5-line format is hard to mess up:
+ *
+ *   HYPOTHESIS: ...
+ *   ROOT_CAUSE_CATEGORY: ...
+ *   REMEDIATION: ...
+ *   CONFIDENCE: HIGH|MEDIUM|LOW
+ *   EXPLANATION: ...
+ *
+ * Privacy: forensic bundles are already curated by 2F to exclude
+ * secrets (BOT_TOKEN, API keys); only whitelisted non-secret env vars
+ * are included. So the AI request contains: bot version, logs, env
+ * keys (non-secret), tool inventory, disk state. No tokens leave the
+ * machine.
+ *
+ * Auto-remediation policy (v1, intentionally conservative):
+ *   - We NEVER auto-apply any remediation. The AI's REMEDIATION line
+ *     is shown to the operator as a suggestion only.
+ *   - Operator runs it manually if it looks right.
+ *   - This will likely relax in a future release once we build
+ *     confidence in the AI's track record per remediation category.
+ *
+ * Opt-out:
+ *   ALVIN_DISABLE_SELF_DIAGNOSIS=true      → skip 3I specifically
+ *   ALVIN_DISABLE_SELF_PRESERVATION=true   → skip ALL Phase-1/2
+ */
+import { existsSync, readFileSync, writeFileSync, readdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { emitCritical } from "./critical-notify.js";
+const PROMPT_TEMPLATE = `You are an SRE assistant. An Alvin Bot instance hit a critical failure.
+Below is the forensic dump. Read it, then respond in EXACTLY this 5-line format —
+no markdown, no commentary, no extra lines:
+
+HYPOTHESIS: <one short sentence: what likely went wrong>
+ROOT_CAUSE_CATEGORY: <pick ONE: config-error | resource-exhaustion | external-failure | code-bug | environment-conflict | unknown>
+REMEDIATION: <one shell command the operator can run, OR "no automated action available">
+CONFIDENCE: <HIGH | MEDIUM | LOW>
+EXPLANATION: <2-4 sentences explaining your reasoning, plain text>
+
+--- FORENSIC DUMP ---
+{BUNDLE_CONTENT}
+--- END OF DUMP ---`;
+function isDisabled() {
+    return (process.env.ALVIN_DISABLE_SELF_DIAGNOSIS === "true" ||
+        process.env.ALVIN_DISABLE_SELF_PRESERVATION === "true");
+}
+function parseAIResponse(text) {
+    const get = (key) => {
+        // ^KEY: ... up to next \n^KEY:|end. Multiline-safe.
+        const re = new RegExp(`^${key}:\\s*([\\s\\S]*?)(?=^(?:HYPOTHESIS|ROOT_CAUSE_CATEGORY|REMEDIATION|CONFIDENCE|EXPLANATION):|$)`, "m");
+        const m = text.match(re);
+        return m ? m[1].trim() : "";
+    };
+    const conf = get("CONFIDENCE").split(/\s+/)[0]?.toUpperCase() || "";
+    return {
+        hypothesis: get("HYPOTHESIS") || "(no hypothesis returned)",
+        rootCauseCategory: get("ROOT_CAUSE_CATEGORY") || "unknown",
+        remediation: get("REMEDIATION") || "(no remediation)",
+        confidence: (["HIGH", "MEDIUM", "LOW"].includes(conf) ? conf : "UNKNOWN"),
+        explanation: get("EXPLANATION") || "(no explanation)",
+        raw: text,
+    };
+}
+/**
+ * Truncate the forensic bundle to fit within small-context windows.
+ * Keep the first 2 KB (event detail, process state, env) and last 8 KB
+ * (recent logs, where the actual error usually surfaces).
+ */
+function truncateBundle(text, maxChars = 12_000) {
+    if (text.length <= maxChars)
+        return text;
+    const head = text.slice(0, 2000);
+    const tail = text.slice(-(maxChars - 2000 - 50));
+    return `${head}\n\n[... ${text.length - maxChars} chars elided ...]\n\n${tail}`;
+}
+/**
+ * Run AI analysis on a single forensic bundle. Returns null on opt-out,
+ * unparseable response, or provider failure. Side-effects: writes
+ * `<bundlePath>.analysis.md` sidecar with the formatted result.
+ */
+export async function analyzeBundle(bundlePath, registry, opts = {}) {
+    if (isDisabled())
+        return null;
+    if (!existsSync(bundlePath))
+        return null;
+    let provider, activeKey = "(unknown)";
+    try {
+        provider = registry.getActive();
+        activeKey = registry.getActiveKey();
+    }
+    catch {
+        return null;
+    }
+    if (!provider)
+        return null;
+    const t0 = Date.now();
+    const bundleRaw = readFileSync(bundlePath, "utf-8");
+    const bundleClipped = truncateBundle(bundleRaw);
+    const prompt = PROMPT_TEMPLATE.replace("{BUNDLE_CONTENT}", bundleClipped);
+    // Hard timeout — protects against a hung provider call wedging
+    // the bot startup forever. Stream may be aborted mid-flight.
+    const timeoutMs = opts.timeoutMs ?? 120_000;
+    const abortController = new AbortController();
+    const timer = setTimeout(() => abortController.abort(), timeoutMs);
+    let fullText = "";
+    try {
+        for await (const chunk of provider.query({
+            prompt,
+            systemPrompt: "You are a precise SRE assistant. Reply ONLY in the requested format.",
+            abortSignal: abortController.signal,
+        })) {
+            if (chunk.type === "text") {
+                if (chunk.delta)
+                    fullText += chunk.delta;
+                else if (chunk.text)
+                    fullText = chunk.text;
+            }
+            else if (chunk.type === "error") {
+                clearTimeout(timer);
+                return null;
+            }
+            else if (chunk.type === "done") {
+                if (chunk.text)
+                    fullText = chunk.text;
+                break;
+            }
+        }
+    }
+    catch {
+        clearTimeout(timer);
+        return null;
+    }
+    clearTimeout(timer);
+    if (!fullText.trim())
+        return null;
+    const parsed = parseAIResponse(fullText);
+    const result = {
+        ...parsed,
+        durationMs: Date.now() - t0,
+        provider: activeKey,
+    };
+    // Write sidecar — overwrites if user re-runs analysis
+    try {
+        const sidecarPath = bundlePath.replace(/\.md$/, ".analysis.md");
+        writeFileSync(sidecarPath, formatAnalysis(result, bundlePath), { mode: 0o600 });
+    }
+    catch {
+        // Sidecar write failed — non-fatal, we still return the result
+    }
+    return result;
+}
+function formatAnalysis(r, bundlePath) {
+    return [
+        `# AI Self-Diagnosis`,
+        ``,
+        `**Bundle:** \`${bundlePath}\``,
+        `**Generated:** ${new Date().toISOString()}`,
+        `**Provider:** ${r.provider}`,
+        `**Duration:** ${r.durationMs} ms`,
+        ``,
+        `## Hypothesis`,
+        r.hypothesis,
+        ``,
+        `## Root Cause Category`,
+        `\`${r.rootCauseCategory}\``,
+        ``,
+        `## Suggested Remediation`,
+        `\`\`\`bash`,
+        r.remediation,
+        `\`\`\``,
+        `> **Note:** the bot does NOT auto-apply this. Run it yourself only if it makes sense.`,
+        ``,
+        `## Confidence`,
+        `**${r.confidence}**`,
+        ``,
+        `## Explanation`,
+        r.explanation,
+        ``,
+        `---`,
+        ``,
+        `### Raw AI response`,
+        `\`\`\``,
+        r.raw,
+        `\`\`\``,
+        ``,
+    ].join("\n");
+}
+/**
+ * Find diagnostic bundles in ~/.alvin-bot/diagnostics/ that do NOT yet
+ * have a sidecar .analysis.md. Used by the startup scanner.
+ */
+function findUnanalyzedBundles() {
+    const dir = join(homedir(), ".alvin-bot", "diagnostics");
+    if (!existsSync(dir))
+        return [];
+    try {
+        return readdirSync(dir)
+            .filter((f) => f.endsWith(".md") && !f.endsWith(".analysis.md"))
+            .filter((f) => !existsSync(join(dir, f.replace(/\.md$/, ".analysis.md"))))
+            .map((f) => join(dir, f));
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Scan for unanalyzed bundles and run AI analysis on each. Designed
+ * to be called once at bot startup, in the background (non-blocking).
+ *
+ * Delivers one Telegram DM per analyzed bundle via the 1D channel,
+ * with the structured findings. Auto-deduplicates: a bundle with an
+ * existing sidecar is skipped.
+ */
+export async function runStartupAnalyzer(registry) {
+    if (isDisabled())
+        return;
+    if (!registry)
+        return;
+    const bundles = findUnanalyzedBundles();
+    if (bundles.length === 0)
+        return;
+    // Process oldest first (FIFO so the operator sees them in order)
+    bundles.sort();
+    console.log(`🧠 Self-diagnosis: ${bundles.length} unanalyzed bundle(s) found — analyzing...`);
+    for (const bundlePath of bundles) {
+        try {
+            const result = await analyzeBundle(bundlePath, registry);
+            if (!result) {
+                console.warn(`   ⚠ ${bundlePath}: analysis returned no result (provider error or opt-out)`);
+                continue;
+            }
+            console.log(`   ✓ ${bundlePath.split("/").pop()} → ${result.rootCauseCategory} (${result.confidence}, ${result.durationMs}ms via ${result.provider})`);
+            // Deliver via 1D — severity warn (informational), not critical
+            emitCritical({
+                category: "custom",
+                severity: "warn",
+                title: `AI diagnosis ready — ${result.rootCauseCategory} (${result.confidence} confidence)`,
+                detail: `Hypothesis: ${result.hypothesis}\n\n` +
+                    `Explanation: ${result.explanation}\n\n` +
+                    `Full analysis: ${bundlePath.replace(/\.md$/, ".analysis.md")}`,
+                suggestedAction: result.remediation,
+            });
+        }
+        catch (err) {
+            console.warn(`   ⚠ ${bundlePath}: analyzer threw — ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+}

package/dist/services/sudo.js

@@ -218,7 +218,47 @@ export function openSystemSettings(pane) {
     }
 }
 /**
- * Get comprehensive sudo status.
+ * Detect Automation permission on macOS (TCC).
+ *
+ * Method: try to send a benign AppleEvent to System Events. If TCC has
+ * NOT granted the calling binary (typically `node` under launchd)
+ * permission to control System Events, osascript fails with one of:
+ *
+ *   - error 1743 ("Not authorized to send Apple events to ...")
+ *   - "(-1743)" in stderr
+ *   - "errAEEventNotPermitted"
+ *
+ * If TCC grants it, osascript returns a small integer (process count).
+ * Either way, we don't actually care about the count — only that the
+ * call succeeded.
+ *
+ * Returns:
+ *   true  — Automation granted
+ *   false — Automation denied (or never asked, which appears identical)
+ *   null  — non-macOS (no TCC)
+ */
+function detectAutomation() {
+    if (PLATFORM !== "darwin")
+        return null;
+    try {
+        execSync(`osascript -e 'tell application "System Events" to count of processes' 2>&1`, { stdio: "pipe", timeout: 3000 });
+        return true;
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        // Either way, treat as "not granted". The error path is fast; we
+        // don't want to wedge startup on this probe.
+        if (msg.includes("1743") || /[Nn]ot authoriz/i.test(msg) || /errAEEventNotPermitted/.test(msg)) {
+            return false;
+        }
+        // Other error (e.g. osascript itself missing — very unlikely on macOS)
+        // — treat as unknown but bias false to surface the issue.
+        return false;
+    }
+}
+/**
+ * Get comprehensive sudo + permissions status. Used by both the
+ * `/sudo` command and the new permissions wizard.
  */
 export async function getSudoStatus() {
     const configured = retrievePassword() !== null;
@@ -230,15 +270,33 @@ export async function getSudoStatus() {
     }
     // Check macOS permissions
     let accessibility = null;
+    let accessibilityDetail = "n/a";
     let fullDiskAccess = null;
+    let automation = null;
     if (PLATFORM === "darwin") {
+        // Accessibility — distinguish "denied" from "tool not installed".
+        // cliclick is the standard probe; if it's missing the test is
+        // inconclusive but we can tell the wizard exactly what to do.
+        let cliclickPresent = false;
         try {
-            // Check Accessibility (approximate — try to use cliclick)
-            execSync("cliclick p:.", { stdio: "pipe", timeout: 3000 });
-            accessibility = true;
+            execSync("command -v cliclick", { stdio: "pipe", timeout: 1000 });
+            cliclickPresent = true;
         }
-        catch {
+        catch { }
+        if (!cliclickPresent) {
             accessibility = false;
+            accessibilityDetail = "cliclick-missing";
+        }
+        else {
+            try {
+                execSync("cliclick p:.", { stdio: "pipe", timeout: 3000 });
+                accessibility = true;
+                accessibilityDetail = "granted";
+            }
+            catch {
+                accessibility = false;
+                accessibilityDetail = "denied";
+            }
         }
         try {
             // Check Full Disk Access (try to read a protected file)
@@ -248,6 +306,7 @@ export async function getSudoStatus() {
         catch {
             fullDiskAccess = false;
         }
+        automation = detectAutomation();
     }
     return {
         configured,
@@ -255,7 +314,8 @@ export async function getSudoStatus() {
         verified,
         platform: PLATFORM,
         user,
-        permissions: { accessibility, fullDiskAccess },
+        permissions: { accessibility, fullDiskAccess, automation },
+        accessibilityDetail,
     };
 }
 /**