feat: add Dangerous Read Everything Mode with AX tree traversal#65
Merged
Conversation
Introduces the foundation types for the Dangerous Read Mode feature: - ScreenContext: Sendable struct for captured screen data with XML formatting - AccessibilityPermission: AXIsProcessTrusted wrapper and trust request helper - PromptGuard.maxScreenContextLength constant (4000 chars) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Swift actor that captures screen context via macOS Accessibility API: - Reads focused app name, window title, focused text, selected text - Skips capture when Hatoko itself is focused - Graceful AX error handling with nil returns Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tests for ScreenContext struct construction, formatting, truncation, and PasteContext.buildSystemPrompt integration with screenContext parameter. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- PasteContext.buildSystemPrompt gains screenContext: parameter (default nil) - Screen context injected as <screen_context> XML block after paste context - SystemPromptProvider.screenContextInstruction added for LLM guidance - LLM generation logic extracted to HatokoInputController+LLMGeneration.swift Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- DangerousReadModeController: session lifecycle with 7-layer safety (settings gate, AX trust, consent dialog, time limit, visual indicator, instant kill shortcut, text truncation) - DangerousReadIndicatorWindow: red floating badge with countdown timer Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Settings section with enable toggle, duration/interval pickers, accessibility permission check, and red warning text - Keybinding hint for Ctrl+Shift+Space added - Localization strings for en and ja Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Ctrl+Shift+Space toggles dangerous read mode session - Ctrl+Space now excludes Shift to avoid conflict - Marked text prefix shows warning emoji when mode is active - LLM generation extracted to separate extension for file length Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… truth Move key strings and default values from private constants in DangerousReadModeController to public static lets. SettingsView now references these constants instead of duplicating magic strings. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add activeState check before writing capture results to prevent a theoretical race where a pre-cancellation capture overwrites the nil set by stopSession(). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents Task leak when IMKInputController instances are recreated during IME activation/deactivation cycles while a session is active. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Eliminates TOCTOU risk by combining the active check and context read into a single atomic operation. Also makes latestScreenContext private. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
remainingSeconds now uses the duration captured at session start instead of re-reading UserDefaults, preventing inconsistency if settings change during an active session. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
storedMaxDuration() and storedCaptureInterval() centralize the "read from UserDefaults, fallback to default" logic that was previously duplicated in both DangerousReadModeController and SettingsView. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Truncates windowTitle to 500 chars to prevent unexpectedly long titles (e.g. browser tabs with full URLs) from inflating the LLM system prompt. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Chat responses should only be added to the chat window, not stored in llmSuggestion which is used by the inline suggestion flow. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…o Ctrl+Shift+D Avoids conflict with Ctrl+Space (LLM mode). Restores original isCtrlSpace check without shift exclusion. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When visibleText (from AX tree traversal) is available, formatted() outputs it as "Visible text:" and omits focusedText to avoid redundancy. Falls back to focusedText when visibleText is nil. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
captureFullWindowContext() walks the focused window's AX element tree recursively, collecting all visible text sorted top-to-bottom by position. Deduplicates parent-child text overlap. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switches capture loop to captureFullWindowContext() with scanning state signaling. Indicator uses @observable state to drive pac-man animation (ᗧ···) during tree traversal at 200ms frame intervals. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- scanFrame is now private(set) with advanceScanFrame/resetScanFrame methods to prevent out-of-bounds array access - View uses modulo on access as additional safety - Added doc comment explaining why @unchecked Sendable is needed Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Caps collected text fragments at 500 to prevent memory exhaustion on apps with extremely large AX trees (e.g. complex browser pages). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds CFGetTypeID guard before force casting to AXValue, matching the defensive pattern used in copyElementAttribute. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Covers emptyVisibleTextTreatedAsNil and truncatesLongWindowTitle to complete ScreenContext field validation coverage. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…conds - defer guarantees setScanning(false) on early return from capture loop - startCountdown now uses remainingSeconds computed property as single source of truth instead of an independent decrementing counter Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- setScanning(true/false) now bracket the capture call within each loop iteration instead of using defer at Task scope - startSession() returns early if already active to prevent Task leak Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All ScreenContext fields now have length limits, preventing unexpectedly long app names from inflating the LLM prompt. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Removes the misleading do-without-catch block. defer guarantees setScanning(false) on every exit path including early return and Task cancellation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
captureFullWindowContext() supersedes this method. Removing dead code eliminates the risk of the two methods diverging silently. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Covers the truncateShort applied to appName added in the previous fix, ensuring all fields have consistent test coverage. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- setScanning(false) now called immediately after capture, not via defer at while-scope which left indicator on during sleep interval - Task-level defer ensures cleanup on cancellation/early return - nil capture results no longer overwrite valid previous context Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Clarifies that only consecutive elements are compared for containment, not all pairs. Adds doc comment explaining the behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Per Swift Concurrency best practices, long-running Tasks should capture self weakly to avoid circular references (Task holds self, self holds Task via captureTask/countdownTask properties). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Permission check was evaluated once at view init and never updated. Now re-checks on button tap (with 1s delay for system dialog) and on every settings window appearance. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The munching animation now runs the entire time Dangerous Read Mode is on, not just during AX tree traversal. More fun and clearer visual feedback that the mode is active. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
安全機構(7重の防御)
AXIsProcessTrusted()でシステムレベルの権限確認.criticalスタイルで確認maxScreenContextLengthで送信テキスト量を制限新規ファイル
Hatoko/Accessibility/— AccessibilityPermission, ScreenContext, ScreenReader (actor), DangerousReadModeControllerHatoko/UI/DangerousReadIndicatorWindow.swift— パクパクアニメーション付きインジケーターHatoko/InputMethod/HatokoInputController+LLMGeneration.swift— LLM生成ロジック分離Test plan
mint run swiftlint lint --strict— 0 violationsxcodebuild test— 全テスト合格install.sh→ System Settingsでアクセシビリティ権限付与🤖 Generated with Claude Code