poke-gate 0.2.2 → 0.3.1

package/README.md

@@ -28,6 +28,25 @@ Run Poke Gate on your Mac, then message Poke from iMessage, Telegram, or SMS to
 brew install f/tap/poke-gate
 ```
 
+**Install via npx**
+
+If you have Node.js installed, you can download and install the macOS app with a single command:
+
+```bash
+npx poke-gate download-macos
+```
+
+This downloads the latest DMG from GitHub Releases, installs the app to `/Applications`, and clears the quarantine flag automatically.
+
+**Don't have Node.js?** Install it first:
+
+```bash
+# Option 1: Homebrew
+brew install node
+
+# Option 2: Download from https://nodejs.org
+```
+
 **Manual download**
 
 Download the latest **Poke.macOS.Gate.dmg** from [Releases](https://github.com/f/poke-gate/releases), open it, and drag to Applications. Since the app is not notarized, you may need to run:
@@ -36,7 +55,9 @@ Download the latest **Poke.macOS.Gate.dmg** from [Releases](https://github.com/f
 xattr -cr /Applications/Poke\ macOS\ Gate.app
 ```
 
-**CLI** (no macOS app needed)
+**CLI only** (no macOS app needed)
+
+If you just want to run poke-gate from the terminal without the menu bar app:
 
 ```bash
 npx poke-gate
@@ -123,7 +144,9 @@ Hit **Run** in Xcode, or build from the command line:
 
 ## CLI usage
 
-If you prefer the command line over the macOS app:
+The CLI requires [Node.js](https://nodejs.org) 18 or later. If you don't have it, install via `brew install node` or download from [nodejs.org](https://nodejs.org).
+
+Start the gate:
 
 ```bash
 npx poke-gate
@@ -142,6 +165,12 @@ npx poke-gate --mode limited
 npx poke-gate --mode sandbox
 ```
 
+Install or update the macOS app:
+
+```bash
+npx poke-gate download-macos
+```
+
 Config is stored at `~/.config/poke-gate/config.json`.
 
 ## Agents
@@ -264,30 +293,6 @@ POKE_GATE_PERMISSION_MODE=limited npx poke-gate
 
 Only run Poke Gate on machines and networks you trust. Use `limited` or `sandbox` mode if you want tighter restrictions.
 
-## Project structure
-
-```
-clients/
-  Poke macOS Gate/       macOS menu bar app (SwiftUI)
-bin/
-  poke-gate.js           CLI entry point with --mode flag
-src/
-  app.js                 Startup: MCP server + tunnel + agent scheduler
-  agents.js              Agent discovery, scheduling, env loading, download
-  mcp-server.js          JSON-RPC MCP handler, tools, access policy, sandbox
-  permission-service.js  HMAC approval tokens, session whitelisting
-  tunnel.js              PokeTunnel wrapper
-test/
-  mcp-server-access-policy.test.js
-  mcp-server-loop-guard.test.js
-  mcp-server-sandbox-command.test.js
-  permission-service.test.js
-examples/
-  agents/
-    beeper.1h.js         Example: Beeper message digest agent
-    .env.beeper          Example env file for beeper agent
-```
-
 ## Credits
 
 - [Poke](https://poke.com) by [The Interaction Company of California](https://interaction.co)

package/bin/poke-gate.js

@@ -39,6 +39,12 @@ async function main() {
     const prompt = promptIdx !== -1 ? args.slice(promptIdx + 1).join(" ") : args.slice(2).join(" ") || null;
     const { createAgent } = await import("../src/agent-create.js");
     await createAgent(prompt);
+  } else if (args[0] === "download-macos") {
+    const { downloadMacOSApp } = await import("../src/download-macos.js");
+    await downloadMacOSApp();
+  } else if (args[0] === "take-screenshot") {
+    const { takeScreenshot } = await import("../src/take-screenshot.js");
+    await takeScreenshot();
   } else {
     const mode = parseMode();
     if (mode) {

package/clients/Poke macOS Gate/Poke macOS Gate/AccessibilityPermissionView.swift

@@ -4,7 +4,7 @@ struct AccessibilityPermissionView: View {
     @ObservedObject var service: GateService
 
     var body: some View {
-        let granted = service.hasSystemPermissionsGranted
+        let granted = service.isPermissionGranted(.accessibility)
 
         VStack(alignment: .leading, spacing: 10) {
             HStack(spacing: 8) {

package/clients/Poke macOS Gate/Poke macOS Gate/GateService.swift

@@ -1,6 +1,5 @@
 import Foundation
 import Combine
-import ScreenCaptureKit
 import AppKit
 import CoreGraphics
 import ApplicationServices
@@ -41,30 +40,35 @@ class GateService: ObservableObject {
 
     enum SystemPermission: String, CaseIterable, Identifiable {
         case accessibility
+        case screenRecording
 
         var id: String { rawValue }
 
         var title: String {
             switch self {
             case .accessibility: return "Accessibility"
+            case .screenRecording: return "Screen Recording"
             }
         }
 
         var subtitle: String {
             switch self {
             case .accessibility: return "Needed for keyboard, mouse, and automation-style control."
+            case .screenRecording: return "Needed for the take_screenshot tool."
             }
         }
 
         var settingsURL: String {
             switch self {
             case .accessibility: return "x-apple.systempreferences:com.apple.preference.security?Privacy_Accessibility"
+            case .screenRecording: return "x-apple.systempreferences:com.apple.preference.security?Privacy_ScreenCapture"
             }
         }
 
         var systemImageName: String {
             switch self {
             case .accessibility: return "figure.wave"
+            case .screenRecording: return "camera.viewfinder"
             }
         }
     }
@@ -97,6 +101,10 @@ class GateService: ObservableObject {
     @Published var permissionMode: PermissionMode
     @Published var hasCompletedSetup: Bool
     @Published var systemPermissionStatuses: [SystemPermissionStatus] = []
+    @Published var availableUpdate: String? = nil
+    @Published var isUpdating = false
+    @Published var isCheckingForUpdate = false
+    @Published var updateCheckResult: String? = nil
 
     private var hasAutoStarted = false
     private var process: Process?
@@ -121,7 +129,9 @@ class GateService: ObservableObject {
             object: nil,
             queue: .main
         ) { [weak self] _ in
-            self?.refreshSystemPermissions()
+            Task { @MainActor in
+                self?.refreshSystemPermissions()
+            }
         }
     }
 
@@ -233,74 +243,124 @@ class GateService: ObservableObject {
         case .accessibility:
             let options = [kAXTrustedCheckOptionPrompt.takeUnretainedValue(): true] as CFDictionary
             _ = AXIsProcessTrustedWithOptions(options)
+        case .screenRecording:
+            guard let url = URL(string: permission.settingsURL) else { return }
+            NSWorkspace.shared.open(url)
         }
     }
 
-    func captureAndSend() {
-        appendLog("Screenshot requested via deeplink.")
 
-        Task {
+    func autoStartIfNeeded() {
+        guard !hasAutoStarted else { return }
+        hasAutoStarted = true
+        if hasAPIKey {
+            start()
+        }
+        checkForUpdate(silent: true)
+    }
+
+    func checkForUpdate(silent: Bool = false) {
+        let currentVersion = Bundle.main.object(forInfoDictionaryKey: "CFBundleShortVersionString") as? String ?? "0.0.0"
+        isCheckingForUpdate = true
+        updateCheckResult = nil
+
+        Task.detached {
+            let start = ContinuousClock.now
+            var found = false
+
+            defer {
+                Task { @MainActor in
+                    self.isCheckingForUpdate = false
+                    if !found && !silent {
+                        self.updateCheckResult = "You're on the latest version."
+                    }
+                }
+            }
+
+            guard let url = URL(string: "https://registry.npmjs.org/poke-gate/latest") else { return }
             do {
-                let content = try await SCShareableContent.current
-                guard let display = content.displays.first else {
-                    appendLog("No display found for screenshot.")
-                    return
+                let (data, _) = try await URLSession.shared.data(from: url)
+                guard let json = try JSONSerialization.jsonObject(with: data) as? [String: Any],
+                      let latestVersion = json["version"] as? String else { return }
+
+                let elapsed = ContinuousClock.now - start
+                if elapsed < .seconds(1) {
+                    try await Task.sleep(for: .seconds(1) - elapsed)
                 }
 
-                let filter = SCContentFilter(display: display, excludingWindows: [])
-                let config = SCStreamConfiguration()
-                config.width = display.width * 2
-                config.height = display.height * 2
-                config.capturesAudio = false
-
-                let image = try await SCScreenshotManager.captureImage(
-                    contentFilter: filter,
-                    configuration: config
-                )
-
-                let rep = NSBitmapImageRep(cgImage: image)
-                guard let pngData = rep.representation(using: .png, properties: [:]) else {
-                    appendLog("Failed to encode screenshot as PNG.")
-                    return
+                if Self.isNewer(latestVersion, than: currentVersion) {
+                    found = true
+                    await MainActor.run {
+                        self.availableUpdate = latestVersion
+                        self.appendLog("Update available: v\(latestVersion) (current: v\(currentVersion))")
+                    }
                 }
+            } catch {}
+        }
+    }
 
-                let tempPath = NSTemporaryDirectory() + "poke-gate-screenshot.png"
-                let tempURL = URL(fileURLWithPath: tempPath)
-                try pngData.write(to: tempURL)
-                appendLog("Screenshot saved to \(tempPath) (\(pngData.count) bytes)")
+    private nonisolated static func isNewer(_ remote: String, than local: String) -> Bool {
+        let r = remote.split(separator: ".").compactMap { Int($0) }
+        let l = local.split(separator: ".").compactMap { Int($0) }
+        for i in 0..<max(r.count, l.count) {
+            let rv = i < r.count ? r[i] : 0
+            let lv = i < l.count ? l[i] : 0
+            if rv > lv { return true }
+            if rv < lv { return false }
+        }
+        return false
+    }
 
-                guard let token = loadPokeLoginToken() else {
-                    appendLog("Cannot send screenshot: not signed in to Poke.")
-                    return
-                }
+    func performUpdate() {
+        guard let version = availableUpdate else { return }
+        isUpdating = true
+        appendLog("Updating to v\(version)...")
+
+        stop()
+
+        let fullPath = shellPath()
+        let npxBin = findNpx()
 
-                let url = URL(string: "https://poke.com/api/v1/inbound/api-message")!
-                var request = URLRequest(url: url)
-                request.httpMethod = "POST"
-                request.setValue("Bearer \(token)", forHTTPHeaderField: "Authorization")
-                request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        let proc = Process()
+        let pipe = Pipe()
+        proc.executableURL = URL(fileURLWithPath: "/bin/zsh")
+        proc.arguments = ["-c", "\(npxBin) -y poke-gate@\(version) download-macos"]
+        proc.environment = ProcessInfo.processInfo.environment.merging(
+            ["PATH": fullPath],
+            uniquingKeysWith: { _, new in new }
+        )
+        proc.standardOutput = pipe
+        proc.standardError = pipe
+        proc.currentDirectoryURL = FileManager.default.homeDirectoryForCurrentUser
 
-                let message = "Here's a screenshot of my screen right now. [Image attached as base64 PNG, \(pngData.count) bytes, \(display.width)x\(display.height)]"
-                let body: [String: Any] = ["message": message]
-                request.httpBody = try JSONSerialization.data(withJSONObject: body)
+        let handle = pipe.fileHandleForReading
+        handle.readabilityHandler = { [weak self] fh in
+            let data = fh.availableData
+            guard !data.isEmpty, let line = String(data: data, encoding: .utf8) else { return }
+            DispatchQueue.main.async {
+                for l in line.components(separatedBy: .newlines) where !l.isEmpty {
+                    self?.appendLog(l)
+                }
+            }
+        }
 
-                let (_, response) = try await URLSession.shared.data(for: request)
-                if let httpResp = response as? HTTPURLResponse, httpResp.statusCode == 200 {
-                    appendLog("Screenshot sent to Poke.")
+        proc.terminationHandler = { [weak self] proc in
+            DispatchQueue.main.async {
+                self?.isUpdating = false
+                if proc.terminationStatus == 0 {
+                    self?.appendLog("Update complete. The app will relaunch.")
+                    self?.availableUpdate = nil
                 } else {
-                    appendLog("Failed to send screenshot to Poke.")
+                    self?.appendLog("Update failed (exit \(proc.terminationStatus)).")
                 }
-            } catch {
-                appendLog("Screenshot error: \(error.localizedDescription)")
             }
         }
-    }
 
-    func autoStartIfNeeded() {
-        guard !hasAutoStarted else { return }
-        hasAutoStarted = true
-        if hasAPIKey {
-            start()
+        do {
+            try proc.run()
+        } catch {
+            isUpdating = false
+            appendLog("Failed to start update: \(error.localizedDescription)")
         }
     }
 
@@ -496,7 +556,7 @@ class GateService: ObservableObject {
     private func killOrphanedProcesses() {
         let task = Process()
         task.executableURL = URL(fileURLWithPath: "/usr/bin/pkill")
-        task.arguments = ["-f", "poke-gate"]
+        task.arguments = ["-f", "node.*poke-gate.*app\\.js"]
         try? task.run()
         task.waitUntilExit()
     }
@@ -677,14 +737,10 @@ class GateService: ObservableObject {
         writeConfig(json)
     }
 
-    private func isPermissionGranted(_ permission: SystemPermission) -> Bool {
+    func isPermissionGranted(_ permission: SystemPermission) -> Bool {
         switch permission {
         case .accessibility:
             if AXIsProcessTrusted() { return true }
-            // AXIsProcessTrusted() can return false despite the toggle being ON
-            // in System Settings when the TCC entry's code signature doesn't match
-            // the running binary (ad-hoc signing, rebuild from Xcode, etc.).
-            // Probe the API directly as a fallback.
             let systemWide = AXUIElementCreateSystemWide()
             var value: AnyObject?
             let result = AXUIElementCopyAttributeValue(
@@ -693,6 +749,8 @@ class GateService: ObservableObject {
                 &value
             )
             return result == .success || result == .noValue || result == .attributeUnsupported
+        case .screenRecording:
+            return CGPreflightScreenCaptureAccess()
         }
     }
 

package/clients/Poke macOS Gate/Poke macOS Gate/Info.plist

@@ -6,16 +6,5 @@
 	<string>dev.fka.Poke-macOS-Gate</string>
 	<key>LSUIElement</key>
 	<true/>
-	<key>CFBundleURLTypes</key>
-	<array>
-		<dict>
-			<key>CFBundleURLName</key>
-			<string>dev.fka.Poke-macOS-Gate</string>
-			<key>CFBundleURLSchemes</key>
-			<array>
-				<string>poke-gate</string>
-			</array>
-		</dict>
-	</array>
 </dict>
 </plist>

package/clients/Poke macOS Gate/Poke macOS Gate/Poke_macOS_GateApp.swift

@@ -3,15 +3,6 @@ import ServiceManagement
 
 class AppDelegate: NSObject, NSApplicationDelegate {
     var service: GateService?
-
-    func application(_ application: NSApplication, open urls: [URL]) {
-        for url in urls {
-            guard url.scheme == "poke-gate" else { continue }
-            if url.host == "screenshot" {
-                service?.captureAndSend()
-            }
-        }
-    }
 }
 
 @main
@@ -111,6 +102,9 @@ struct PopoverContent: View {
             SetupView(service: service)
         } else {
             VStack(spacing: 10) {
+                if service.availableUpdate != nil {
+                    updateBanner
+                }
                 statusSection
                 recentActivitySection
                 accessModeSection
@@ -119,8 +113,8 @@ struct PopoverContent: View {
             }
             .frame(width: 320)
             .padding(10)
-            .onChange(of: service.hasSystemPermissionsGranted) { _, granted in
-                if granted && pendingFullMode {
+            .onChange(of: service.systemPermissionStatuses) { _, _ in
+                if service.isPermissionGranted(.accessibility) && pendingFullMode {
                     pendingFullMode = false
                     service.setPermissionMode(.full)
                 }
@@ -128,6 +122,37 @@ struct PopoverContent: View {
         }
     }
 
+    private var updateBanner: some View {
+        HStack(spacing: 8) {
+            Image(systemName: "arrow.down.circle.fill")
+                .foregroundStyle(.blue)
+
+            VStack(alignment: .leading, spacing: 1) {
+                Text("Update available: v\(service.availableUpdate ?? "")")
+                    .font(.caption)
+                    .fontWeight(.semibold)
+                Text("A new version of Poke Gate is ready.")
+                    .font(.caption2)
+                    .foregroundStyle(.secondary)
+            }
+
+            Spacer()
+
+            if service.isUpdating {
+                ProgressView()
+                    .controlSize(.small)
+            } else {
+                Button("Update") {
+                    service.performUpdate()
+                }
+                .controlSize(.small)
+                .buttonStyle(.borderedProminent)
+            }
+        }
+        .padding(10)
+        .macPanelStyle(.neutral, cornerRadius: 10)
+    }
+
     private var statusSection: some View {
         VStack(alignment: .leading, spacing: 6) {
             HStack(spacing: 8) {
@@ -303,8 +328,10 @@ struct PopoverContent: View {
         .macPanelStyle(.neutral, cornerRadius: 12)
     }
 
+    @State private var refreshRotation: Double = 0
+
     private var footerSection: some View {
-        HStack {
+        HStack(spacing: 6) {
             Button {
                 NSApp.activate(ignoringOtherApps: true)
                 openWindow(id: "about")
@@ -315,6 +342,28 @@ struct PopoverContent: View {
             }
             .buttonStyle(.plain)
 
+            Button {
+                service.checkForUpdate()
+            } label: {
+                Image(systemName: "arrow.triangle.2.circlepath")
+                    .font(.system(size: 9))
+                    .foregroundStyle(MacVisualStyle.sectionTitleColor)
+                    .rotationEffect(.degrees(refreshRotation))
+            }
+            .buttonStyle(.plain)
+            .disabled(service.isCheckingForUpdate)
+            .onChange(of: service.isCheckingForUpdate) { _, checking in
+                if checking {
+                    withAnimation(.linear(duration: 1).repeatForever(autoreverses: false)) {
+                        refreshRotation = 360
+                    }
+                } else {
+                    withAnimation(.default) {
+                        refreshRotation = 0
+                    }
+                }
+            }
+
             Spacer()
 
             Text("Not affiliated with Poke")
@@ -322,6 +371,18 @@ struct PopoverContent: View {
                 .foregroundStyle(MacVisualStyle.sectionTitleColor.opacity(0.7))
         }
         .padding(.horizontal, 6)
+        .onChange(of: service.updateCheckResult) { _, result in
+            guard let message = result else { return }
+            service.updateCheckResult = nil
+            DispatchQueue.main.async {
+                let alert = NSAlert()
+                alert.messageText = "Version Check"
+                alert.informativeText = message
+                alert.alertStyle = .informational
+                alert.addButton(withTitle: "OK")
+                alert.runModal()
+            }
+        }
     }
 
     private func sectionTitle(_ text: String) -> some View {
@@ -366,7 +427,7 @@ struct PopoverContent: View {
     private func handleModeSelection(_ mode: GateService.PermissionMode) {
         guard mode != service.permissionMode else { return }
 
-        if mode == .full && !service.hasSystemPermissionsGranted {
+        if mode == .full && !service.isPermissionGranted(.accessibility) {
             pendingFullMode = true
             service.openSystemPermission(.accessibility)
         } else {

package/clients/Poke macOS Gate/Poke macOS Gate.xcodeproj/project.pbxproj

@@ -286,7 +286,7 @@
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 15.0;
-				MARKETING_VERSION = 0.2.1;
+				MARKETING_VERSION = 0.3.0;
 				PRODUCT_BUNDLE_IDENTIFIER = "dev.fka.Poke-macOS-Gate";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
@@ -322,7 +322,7 @@
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 15.0;
-				MARKETING_VERSION = 0.2.1;
+				MARKETING_VERSION = 0.3.0;
 				PRODUCT_BUNDLE_IDENTIFIER = "dev.fka.Poke-macOS-Gate";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;

package/docs/cli.md

@@ -82,6 +82,22 @@ npx poke-gate agent create --prompt "send me a daily git commit summary across a
 npx poke-gate agent create --prompt "track Spotify listening and log my music taste"
 ```
 
+## Download the macOS app
+
+```bash
+npx poke-gate download-macos
+```
+
+Downloads and installs the Poke macOS Gate app from GitHub Releases. Matches the version of the npm package being run.
+
+This command:
+1. Downloads the DMG from the matching GitHub release
+2. Mounts the DMG, copies the app to `/Applications`
+3. Clears the quarantine flag (`xattr -cr`)
+4. Launches the app
+
+The macOS app also checks for updates automatically on startup and shows a banner when a new version is available.
+
 ## Install an agent
 
 ```bash

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "poke-gate",
-  "version": "0.2.2",
+  "version": "0.3.1",
   "description": "Expose your machine to your Poke AI assistant via MCP tunnel",
   "type": "module",
   "bin": {

package/src/app.js

@@ -9,9 +9,10 @@ enableLogging(verbose);
 
 function killExistingInstances() {
   const myPid = process.pid;
+  const ppid = process.ppid;
   try {
-    const out = execSync("pgrep -f 'poke-gate'", { encoding: "utf-8" }).trim();
-    const pids = out.split("\n").map(Number).filter((p) => p && p !== myPid);
+    const out = execSync("pgrep -f 'node.*poke-gate.*app\\.js'", { encoding: "utf-8" }).trim();
+    const pids = out.split("\n").map(Number).filter((p) => p && p !== myPid && p !== ppid);
     for (const pid of pids) {
       try { process.kill(pid, "SIGTERM"); } catch {}
     }
@@ -146,8 +147,8 @@ function buildAccessModeMessage(mode) {
     default:
       return (
         "Access mode: Full. " +
-        "You can run any shell command, read and write files, list directories, take screenshots, and check system info. " +
-        "Use the tools directly whenever needed — no approval required."
+        "You can run any shell command, read files, list directories, take screenshots, and check system info — no approval needed. " +
+        "Only destructive actions (deleting files, rm, write_file) require a one-time approval; after that, everything is auto-approved for the session."
       );
   }
 }

package/src/download-macos.js

@@ -0,0 +1,133 @@
+import https from "node:https";
+import { createWriteStream, unlinkSync, readFileSync } from "node:fs";
+import { execSync } from "node:child_process";
+import { tmpdir } from "node:os";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const APP_NAME = "Poke macOS Gate";
+const DMG_ASSET = "Poke.macOS.Gate.dmg";
+const INSTALL_PATH = `/Applications/${APP_NAME}.app`;
+const REPO = "f/poke-gate";
+
+function getPackageVersion() {
+  const pkgPath = join(dirname(fileURLToPath(import.meta.url)), "..", "package.json");
+  const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+  return pkg.version;
+}
+
+function httpGet(url) {
+  return new Promise((resolve, reject) => {
+    https.get(url, { headers: { "User-Agent": "poke-gate" } }, (res) => {
+      if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+        return httpGet(res.headers.location).then(resolve, reject);
+      }
+      resolve(res);
+    }).on("error", reject);
+  });
+}
+
+function downloadFile(url, dest, version) {
+  return new Promise((resolve, reject) => {
+    const follow = (followUrl) => {
+      https.get(followUrl, { headers: { "User-Agent": "poke-gate" } }, (res) => {
+        if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+          return follow(res.headers.location);
+        }
+        if (res.statusCode !== 200) {
+          reject(new Error(`Download failed: HTTP ${res.statusCode}`));
+          return;
+        }
+
+        const total = parseInt(res.headers["content-length"], 10) || 0;
+        let downloaded = 0;
+        const file = createWriteStream(dest);
+
+        res.on("data", (chunk) => {
+          downloaded += chunk.length;
+          if (total > 0) {
+            const pct = Math.round((downloaded / total) * 100);
+            const dlMB = (downloaded / 1024 / 1024).toFixed(1);
+            const totalMB = (total / 1024 / 1024).toFixed(1);
+            process.stdout.write(`\rDownloading ${APP_NAME} v${version}... ${pct}% (${dlMB}/${totalMB} MB)`);
+          }
+        });
+
+        res.pipe(file);
+
+        file.on("finish", () => {
+          file.close(() => {
+            console.log("");
+            resolve();
+          });
+        });
+
+        file.on("error", (err) => {
+          file.close();
+          reject(err);
+        });
+      }).on("error", reject);
+    };
+    follow(url);
+  });
+}
+
+function run(cmd) {
+  return execSync(cmd, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }).trim();
+}
+
+export async function downloadMacOSApp() {
+  const version = getPackageVersion();
+  const tag = `v${version}`;
+  const dmgUrl = `https://github.com/${REPO}/releases/download/${tag}/${DMG_ASSET}`;
+
+  console.log(`Poke Gate macOS installer (${tag})`);
+  console.log("");
+
+  const res = await httpGet(`https://api.github.com/repos/${REPO}/releases/tags/${tag}`);
+  const chunks = [];
+  for await (const chunk of res) chunks.push(chunk);
+  const release = JSON.parse(Buffer.concat(chunks).toString());
+
+  if (!release.assets || !release.assets.find((a) => a.name === DMG_ASSET)) {
+    console.error(`No DMG found for ${tag}. The release may not have finished building yet.`);
+    process.exit(1);
+  }
+
+  const dmgPath = join(tmpdir(), `poke-gate-${version}.dmg`);
+
+  try {
+    await downloadFile(dmgUrl, dmgPath, version);
+
+    console.log("Mounting DMG...");
+    const mountOutput = run(`hdiutil attach "${dmgPath}" -nobrowse`);
+    const mountMatch = mountOutput.match(/\/Volumes\/.+/);
+    if (!mountMatch) {
+      throw new Error("Failed to detect mount point from hdiutil output.");
+    }
+    const mountPoint = mountMatch[0].trim();
+    const appSource = `${mountPoint}/${APP_NAME}.app`;
+
+    console.log("Stopping running instances...");
+    try { run(`pkill -f "${APP_NAME}"`); } catch {}
+    await new Promise((r) => setTimeout(r, 1000));
+
+    console.log(`Installing to ${INSTALL_PATH}...`);
+    try { run(`rm -rf "${INSTALL_PATH}"`); } catch {}
+    run(`cp -R "${appSource}" "${INSTALL_PATH}"`);
+
+    console.log("Clearing quarantine...");
+    run(`xattr -cr "${INSTALL_PATH}"`);
+
+    console.log("Unmounting DMG...");
+    try { run(`hdiutil detach "${mountPoint}" -quiet`); } catch {}
+
+    console.log("");
+    console.log(`Poke macOS Gate v${version} installed successfully.`);
+    console.log("");
+    console.log("Launching...");
+    try { run(`open "${INSTALL_PATH}"`); } catch {}
+  } finally {
+    try { unlinkSync(dmgPath); } catch {}
+  }
+}

package/src/mcp-server.js

@@ -22,6 +22,15 @@ const runCommandLoopState = new Map();
 
 const SAFE_TOOL_NAMES = new Set(["read_file", "read_image", "list_directory", "system_info", "network_speed"]);
 
+const DESTRUCTIVE_COMMAND_PATTERNS = [
+  /\brm\b/i,
+  /\brmdir\b/i,
+  /\bunlink\b/i,
+  /\bmkfs\b/i,
+  /\bdiskutil\s+erase/i,
+  />\s*\//,
+];
+
 const LIMITED_RUN_COMMANDS = new Set([
   "curl", "yt-dlp", "youtube-dl",
   "ls", "pwd", "cat", "grep", "find", "head", "tail", "wc", "sed", "awk",
@@ -270,6 +279,15 @@ function hasDangerousPattern(commandText) {
   return DANGEROUS_COMMAND_PATTERNS.some((pattern) => pattern.test(commandText));
 }
 
+function isDestructiveInFullMode(name, cleanArgs) {
+  if (name === "write_file") return true;
+  if (name === "run_command") {
+    const cmd = typeof cleanArgs.command === "string" ? cleanArgs.command : "";
+    return DESTRUCTIVE_COMMAND_PATTERNS.some((p) => p.test(cmd));
+  }
+  return false;
+}
+
 function validateRunCommandAgainstAllowlist(commandText, allowlist) {
   if (typeof commandText !== "string" || commandText.trim().length === 0) {
     return "Command is empty.";
@@ -565,7 +583,11 @@ function handleToolCall(name, args, context = {}) {
     return blocked;
   }
 
-  if (PERMISSION_MODE !== "full" && permissionService.isRisky(name)) {
+  const needsApproval = PERMISSION_MODE === "full"
+    ? isDestructiveInFullMode(name, cleanArgs)
+    : permissionService.isRisky(name);
+
+  if (needsApproval) {
     const commandText = typeof cleanArgs.command === "string" ? cleanArgs.command : "";
     const alreadyAllowed = sessionAutoApproveAllRisky.has(sessionId) ||
       (commandText && permissionService.isAllowedBySessionPattern(sessionId, commandText));
@@ -581,12 +603,15 @@ function handleToolCall(name, args, context = {}) {
         return buildApprovalResponse(name, cleanArgs, approval);
       }
 
-      if (name === "run_command" && args.remember_in_session === true && commandText) {
-        permissionService.allowPatternForSession(sessionId, commandText);
-      }
-
-      if (args.remember_all_risky === true) {
+      if (PERMISSION_MODE === "full") {
         sessionAutoApproveAllRisky.add(sessionId);
+      } else {
+        if (name === "run_command" && args.remember_in_session === true && commandText) {
+          permissionService.allowPatternForSession(sessionId, commandText);
+        }
+        if (args.remember_all_risky === true) {
+          sessionAutoApproveAllRisky.add(sessionId);
+        }
       }
     }
   }
@@ -754,23 +779,11 @@ function handleToolCall(name, args, context = {}) {
     case "take_screenshot": {
       logTool(name, cleanArgs);
 
-      return runCommand('open -Ra "Poke macOS Gate" 2>/dev/null', homedir()).then((appCheck) => {
-        if (appCheck.exitCode === 0) {
-          return runCommand('open "poke-gate://screenshot"', homedir()).then(() => {
-            return { content: [{ type: "text", text: "Screenshot captured and sent to Poke via the macOS app." }] };
-          });
+      return runCommand("npx -y poke-gate@latest take-screenshot", homedir(), { permissionMode: "full" }).then((result) => {
+        if (result.exitCode === 0) {
+          return { content: [{ type: "text", text: "Screenshot captured and sent to Poke." }] };
         }
-
-        const ts = new Date().toISOString().replace(/[:.]/g, "-");
-        const dest = cleanArgs.path
-          ? resolve(cleanArgs.path.replace(/^~/, homedir()))
-          : join(homedir(), "Desktop", `screenshot-${ts}.png`);
-        return runCommand(`/usr/sbin/screencapture -x "${dest}"`, homedir()).then((result) => {
-          if (result.exitCode === 0) {
-            return { content: [{ type: "text", text: `Screenshot saved to ${dest}` }] };
-          }
-          return { content: [{ type: "text", text: `Screenshot failed: ${result.stderr || "unknown error"}. Grant Screen Recording permission to Terminal or install the Poke macOS Gate app.` }], isError: true };
-        });
+        return { content: [{ type: "text", text: `Screenshot failed: ${result.stderr || result.stdout || "unknown error"}` }], isError: true };
       });
     }
 

package/src/take-screenshot.js

@@ -0,0 +1,48 @@
+import { execSync } from "node:child_process";
+import { readFileSync, unlinkSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir, platform } from "node:os";
+import { Poke, getToken, isLoggedIn, login } from "poke";
+
+export async function takeScreenshot() {
+  if (platform() !== "darwin") {
+    console.error("Screenshots are only supported on macOS.");
+    process.exit(1);
+  }
+
+  if (!isLoggedIn()) {
+    console.log("Signing in to Poke...");
+    await login();
+  }
+
+  const token = getToken();
+  if (!token) {
+    console.error("Authentication failed: no token returned by Poke SDK.");
+    process.exit(1);
+  }
+
+  const dest = join(tmpdir(), `poke-gate-screenshot-${Date.now()}.png`);
+
+  console.log("Capturing screenshot...");
+  try {
+    execSync(`/usr/sbin/screencapture -x "${dest}"`, { stdio: "pipe" });
+  } catch {
+    console.error("Screenshot failed. Grant Screen Recording permission in System Settings > Privacy & Security > Screen Recording.");
+    process.exit(1);
+  }
+
+  const png = readFileSync(dest);
+  const base64 = png.toString("base64");
+
+  console.log(`Screenshot captured (${(png.length / 1024).toFixed(0)} KB). Sending to Poke...`);
+
+  try {
+    const poke = new Poke({ token });
+    await poke.sendMessage(
+      `Here is a screenshot of my screen right now. Reply me with the image.\n\n\`\`\`\ndata:image/png;base64,${base64}\n\`\`\``
+    );
+    console.log("Screenshot sent to Poke.");
+  } finally {
+    try { unlinkSync(dest); } catch {}
+  }
+}

package/src/tunnel.js

@@ -64,7 +64,7 @@ export async function startTunnel({ mcpUrl, onEvent }) {
     url: mcpUrl,
     name: "poke-gate",
     token,
-    cleanupOnStop: false,
+    cleanupOnStop: true,
   });
 
   tunnel.on("connected", (info) => {