grant/ten31-transcripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 0: menu-bar scaffold, permissions, backend health check

Browse Source 
Native SwiftUI menu-bar app (LSUIElement, macOS 13+), generated from project.yml
via XcodeGen. Includes:
- PermissionsManager (Microphone / Screen Recording / Accessibility) + UI
- SparkControlHealth: GET /api/status over self-signed TLS (InsecureTrustDelegate)
- AppSettings persistence (host, TLS-skip, output folder, adapter toggles)
- Menu-bar panel + Settings, app sandbox & hardened runtime off (LAN tool)
This commit is contained in:
Grant Gilliam
2026-06-05 19:33:53 -05:00
commit b2ae3a62b9
19 changed files with 1448 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ten31Transcripts/App/AppDelegate.swift
+10
View File
@@ -0,0 +1,10 @@
import AppKit
final class AppDelegate: NSObject, NSApplicationDelegate {
func applicationDidFinishLaunching(_ notification: Notification) {
// Run as a menu-bar accessory (no Dock icon, no main window).
// LSUIElement in Info.plist already enforces this; set it explicitly too
// so behavior is unambiguous regardless of how the app is launched.
NSApp.setActivationPolicy(.accessory)
}
}
Ten31Transcripts/App/Ten31TranscriptsApp.swift
+28
View File
@@ -0,0 +1,28 @@
import SwiftUI
/// Menu-bar-only app entry point.
///
/// `LSUIElement` (set in Info.plist) keeps the app out of the Dock; the
/// `MenuBarExtra` scene provides the status-bar item and its panel. Phase 0 only
/// wires up permissions, settings, and a backend health check no audio,
/// capture, or call detection yet.
@main
struct Ten31TranscriptsApp: App {
@NSApplicationDelegateAdaptor(AppDelegate.self) private var appDelegate
@StateObject private var settings = AppSettings()
@StateObject private var permissions = PermissionsManager()
@StateObject private var health = SparkControlHealth()
var body: some Scene {
MenuBarExtra {
MenuBarView()
.environmentObject(settings)
.environmentObject(permissions)
.environmentObject(health)
} label: {
Image(systemName: "waveform.circle")
}
.menuBarExtraStyle(.window)
}
}
Ten31Transcripts/Backend/InsecureTrustDelegate.swift
+24
View File
@@ -0,0 +1,24 @@
import Foundation
/// URLSession delegate that trusts the server certificate without validation.
///
/// SparkControl sits behind a Start9 self-signed Root CA on the LAN, so default
/// trust evaluation rejects it. This delegate is used **only** when the
/// "Skip TLS verification" setting is on. It trusts any server certificate
/// acceptable for a personal tool on a trusted local network and nothing else.
final class InsecureTrustDelegate: NSObject, URLSessionDelegate {
func urlSession(
_ session: URLSession,
didReceive challenge: URLAuthenticationChallenge,
completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void
) {
guard
challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust,
let serverTrust = challenge.protectionSpace.serverTrust
else {
completionHandler(.performDefaultHandling, nil)
return
}
completionHandler(.useCredential, URLCredential(trust: serverTrust))
}
}
Ten31Transcripts/Backend/SparkControlHealth.swift
+66
View File
@@ -0,0 +1,66 @@
import Foundation
import Combine
/// Performs the Phase 0 backend reachability check: `GET {baseURL}/api/status`.
///
/// This is a thin slice the full `SparkControlClient` (label-merge, multipart,
/// sequential queueing, retries) arrives in Phase 5.
@MainActor
final class SparkControlHealth: ObservableObject {
enum Status: Equatable {
case unknown
case checking
case online(String)
case offline(String)
}
@Published private(set) var status: Status = .unknown
@Published private(set) var lastChecked: Date?
func check(baseURL: String, skipTLS: Bool) async {
status = .checking
let trimmed = baseURL.trimmingCharacters(in: .whitespacesAndNewlines)
let base = trimmed.hasSuffix("/") ? String(trimmed.dropLast()) : trimmed
guard !base.isEmpty, let url = URL(string: base + "/api/status") else {
status = .offline("Invalid host URL")
return
}
let config = URLSessionConfiguration.ephemeral
config.timeoutIntervalForRequest = 8
config.waitsForConnectivity = false
let delegate: URLSessionDelegate? = skipTLS ? InsecureTrustDelegate() : nil
let session = URLSession(configuration: config, delegate: delegate, delegateQueue: nil)
defer { session.finishTasksAndInvalidate() }
do {
let (data, response) = try await session.data(from: url)
lastChecked = Date()
guard let http = response as? HTTPURLResponse else {
status = .offline("No HTTP response")
return
}
if (200..<300).contains(http.statusCode) {
status = .online(Self.summarize(data) ?? "Reachable")
} else {
status = .offline("HTTP \(http.statusCode)")
}
} catch {
lastChecked = Date()
status = .offline(error.localizedDescription)
}
}
/// Best-effort one-line summary of the `/api/status` body, if it's JSON.
private static func summarize(_ data: Data) -> String? {
guard let object = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
return nil
}
if let s = object["status"] as? String { return s }
if let s = object["state"] as? String { return s }
return "Reachable"
}
}
Ten31Transcripts/Permissions/PermissionsManager.swift
+89
View File
@@ -0,0 +1,89 @@
import AVFoundation
import CoreGraphics
import ApplicationServices
import AppKit
import Combine
enum PermissionState {
case granted
case denied
case notDetermined
}
/// Tracks and requests the three TCC permissions the app needs.
///
/// - Microphone: AVFoundation authorization (has a real "not determined" state).
/// - Screen Recording: CoreGraphics preflight/request (binary granted/denied).
/// - Accessibility: AXIsProcessTrusted (binary granted/denied).
@MainActor
final class PermissionsManager: ObservableObject {
@Published private(set) var microphone: PermissionState = .notDetermined
@Published private(set) var screenRecording: PermissionState = .notDetermined
@Published private(set) var accessibility: PermissionState = .notDetermined
init() {
refresh()
}
func refresh() {
microphone = Self.microphoneState()
screenRecording = CGPreflightScreenCaptureAccess() ? .granted : .denied
accessibility = AXIsProcessTrusted() ? .granted : .denied
}
// MARK: - Requests
func requestMicrophone() {
AVCaptureDevice.requestAccess(for: .audio) { _ in
Task { @MainActor in self.refresh() }
}
}
/// Triggers the system Screen Recording prompt on first call. The user must
/// still toggle the app on in System Settings; `refresh()` reflects it after.
func requestScreenRecording() {
_ = CGRequestScreenCaptureAccess()
refresh()
}
/// Shows the Accessibility trust prompt (deep-links to the right pane).
func requestAccessibility() {
// Literal is the value of `kAXTrustedCheckOptionPrompt`; used directly to
// stay robust across SDK import shapes of that constant.
let options = ["AXTrustedCheckOptionPrompt": true] as CFDictionary
_ = AXIsProcessTrustedWithOptions(options)
refresh()
}
func openSettings(_ pane: SettingsPane) {
guard let url = URL(string: pane.urlString) else { return }
NSWorkspace.shared.open(url)
}
// MARK: - Helpers
private static func microphoneState() -> PermissionState {
switch AVCaptureDevice.authorizationStatus(for: .audio) {
case .authorized: return .granted
case .denied, .restricted: return .denied
case .notDetermined: return .notDetermined
@unknown default: return .notDetermined
}
}
enum SettingsPane {
case microphone
case screenRecording
case accessibility
var urlString: String {
let root = "x-apple.systempreferences:com.apple.preference.security?"
switch self {
case .microphone: return root + "Privacy_Microphone"
case .screenRecording: return root + "Privacy_ScreenCapture"
case .accessibility: return root + "Privacy_Accessibility"
}
}
}
}
Ten31Transcripts/Settings/AppSettings.swift
+66
View File
@@ -0,0 +1,66 @@
import Foundation
import Combine
/// User-facing settings, persisted to `UserDefaults`.
///
/// Phase 0 scope: backend host + TLS-skip, output folder, and adapter toggles.
/// The adapter toggles persist but do nothing yet (adapters arrive in Phase 34).
@MainActor
final class AppSettings: ObservableObject {
/// Adapters the app will eventually run, in display order.
static let adapterKeys: [(key: String, label: String)] = [
("zoom", "Zoom"),
("teams", "Microsoft Teams"),
("signal", "Signal"),
("meet", "Google Meet"),
]
@Published var backendBaseURL: String {
didSet { defaults.set(backendBaseURL, forKey: Keys.backendBaseURL) }
}
@Published var skipTLSVerification: Bool {
didSet { defaults.set(skipTLSVerification, forKey: Keys.skipTLS) }
}
@Published var outputFolderPath: String {
didSet { defaults.set(outputFolderPath, forKey: Keys.outputFolder) }
}
@Published var adapterEnabled: [String: Bool] {
didSet { defaults.set(adapterEnabled, forKey: Keys.adapterEnabled) }
}
/// Output folder as a resolved file URL (expands a leading `~`).
var outputFolderURL: URL {
URL(fileURLWithPath: (outputFolderPath as NSString).expandingTildeInPath,
isDirectory: true)
}
private let defaults: UserDefaults
init(defaults: UserDefaults = .standard) {
self.defaults = defaults
self.backendBaseURL = defaults.string(forKey: Keys.backendBaseURL)
?? "https://your-spark-backend.local:62419"
self.skipTLSVerification = defaults.object(forKey: Keys.skipTLS) as? Bool ?? true
self.outputFolderPath = defaults.string(forKey: Keys.outputFolder)
?? "~/Ten31Transcripts"
let stored = defaults.dictionary(forKey: Keys.adapterEnabled) as? [String: Bool]
self.adapterEnabled = stored ?? Dictionary(
uniqueKeysWithValues: Self.adapterKeys.map { ($0.key, true) }
)
}
private enum Keys {
static let backendBaseURL = "backendBaseURL"
static let skipTLS = "skipTLSVerification"
static let outputFolder = "outputFolderPath"
static let adapterEnabled = "adapterEnabled"
}
}
Ten31Transcripts/Support/Info.plist
+43
View File
@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundleDisplayName</key>
<string>Ten31 Transcripts</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>$(MARKETING_VERSION)</string>
<key>CFBundleVersion</key>
<string>$(CURRENT_PROJECT_VERSION)</string>
<key>LSMinimumSystemVersion</key>
<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
<key>LSUIElement</key>
<true/>
<key>NSPrincipalClass</key>
<string>NSApplication</string>
<key>NSHumanReadableCopyright</key>
<string>Ten31</string>
<key>NSMicrophoneUsageDescription</key>
<string>Ten31 Transcripts records your microphone during calls to build the local audio track.</string>
<key>NSAppleEventsUsageDescription</key>
<string>Ten31 Transcripts reads the active browser tab's URL to detect Google Meet calls.</string>
<key>NSLocalNetworkUsageDescription</key>
<string>Ten31 Transcripts connects to your SparkControl server on the local network.</string>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsLocalNetworking</key>
<true/>
</dict>
</dict>
</plist>
Ten31Transcripts/Support/Ten31Transcripts.entitlements
+11
View File
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<!-- App Sandbox is intentionally OFF: the app must read other apps' windows,
audio, accessibility trees, and the browser's active-tab URL, which the
sandbox forbids. This is a personal, LAN-only tool. -->
<key>com.apple.security.app-sandbox</key>
<false/>
</dict>
</plist>
Ten31Transcripts/UI/MenuBarView.swift
+116
View File
@@ -0,0 +1,116 @@
import SwiftUI
import AppKit
/// The menu-bar panel: permission statuses, backend health, and a link to
/// Settings. Shown when the user clicks the status-bar item.
struct MenuBarView: View {
@EnvironmentObject private var settings: AppSettings
@EnvironmentObject private var permissions: PermissionsManager
@EnvironmentObject private var health: SparkControlHealth
var body: some View {
NavigationStack {
VStack(alignment: .leading, spacing: 12) {
header
Divider()
permissionsSection
Divider()
backendSection
Divider()
footer
}
.padding(14)
.frame(width: 320)
}
.onAppear { permissions.refresh() }
.task { await refreshHealth() }
}
private var header: some View {
VStack(alignment: .leading, spacing: 2) {
Text("Ten31 Transcripts").font(.headline)
Text("Phase 0 · setup & status")
.font(.caption)
.foregroundStyle(.secondary)
}
}
private var permissionsSection: some View {
VStack(alignment: .leading, spacing: 8) {
Text("Permissions").font(.subheadline).bold()
PermissionRow(
title: "Microphone",
state: permissions.microphone,
onGrant: permissions.requestMicrophone,
onOpenSettings: { permissions.openSettings(.microphone) }
)
PermissionRow(
title: "Screen Recording",
state: permissions.screenRecording,
onGrant: permissions.requestScreenRecording,
onOpenSettings: { permissions.openSettings(.screenRecording) }
)
PermissionRow(
title: "Accessibility",
state: permissions.accessibility,
onGrant: permissions.requestAccessibility,
onOpenSettings: { permissions.openSettings(.accessibility) }
)
}
}
private var backendSection: some View {
VStack(alignment: .leading, spacing: 8) {
HStack {
Text("Backend").font(.subheadline).bold()
Spacer()
Button("Check") { Task { await refreshHealth() } }
.disabled(health.status == .checking)
}
Text(settings.backendBaseURL)
.font(.caption)
.foregroundStyle(.secondary)
.lineLimit(1)
.truncationMode(.middle)
HStack(spacing: 8) {
StatusDot(color: healthColor)
Text(healthText).font(.caption)
}
}
}
private var footer: some View {
HStack {
NavigationLink("Settings…") {
SettingsView()
}
Spacer()
Button("Quit") { NSApplication.shared.terminate(nil) }
}
}
private func refreshHealth() async {
await health.check(
baseURL: settings.backendBaseURL,
skipTLS: settings.skipTLSVerification
)
}
private var healthColor: Color {
switch health.status {
case .online: return .green
case .offline: return .red
case .checking: return .orange
case .unknown: return .gray
}
}
private var healthText: String {
switch health.status {
case .unknown: return "Not checked yet"
case .checking: return "Checking…"
case .online(let detail): return "Online · \(detail)"
case .offline(let error): return "Offline · \(error)"
}
}
}
Ten31Transcripts/UI/PermissionRow.swift
+54
View File
@@ -0,0 +1,54 @@
import SwiftUI
/// Small status indicator dot.
struct StatusDot: View {
let color: Color
var body: some View {
Circle().fill(color).frame(width: 9, height: 9)
}
}
/// One permission line: status dot, label, and a context-appropriate action.
struct PermissionRow: View {
let title: String
let state: PermissionState
let onGrant: () -> Void
let onOpenSettings: () -> Void
var body: some View {
HStack(spacing: 8) {
StatusDot(color: dotColor)
Text(title)
Spacer()
actionButton
}
}
private var dotColor: Color {
switch state {
case .granted: return .green
case .denied: return .red
case .notDetermined: return .orange
}
}
@ViewBuilder
private var actionButton: some View {
switch state {
case .granted:
Image(systemName: "checkmark.circle.fill").foregroundStyle(.green)
case .notDetermined:
// Native prompt (Microphone). The request also registers the app.
Button("Grant", action: onGrant)
case .denied:
// Screen Recording / Accessibility report binary granted/denied, so
// "not yet asked" looks like denied. "Grant" calls the request API,
// which registers the app in the relevant list and shows the system
// prompt the first time; "Open Settings" is the manual fallback.
HStack(spacing: 6) {
Button("Grant", action: onGrant)
Button("Open Settings", action: onOpenSettings)
}
}
}
}
Ten31Transcripts/UI/SettingsView.swift
+67
View File
@@ -0,0 +1,67 @@
import SwiftUI
import AppKit
/// Settings panel (pushed from the menu-bar panel).
struct SettingsView: View {
@EnvironmentObject private var settings: AppSettings
var body: some View {
Form {
Section("SparkControl backend") {
TextField("Base URL", text: $settings.backendBaseURL)
.textFieldStyle(.roundedBorder)
Toggle("Skip TLS verification (self-signed cert)",
isOn: $settings.skipTLSVerification)
}
Section("Output") {
HStack {
Text(settings.outputFolderPath)
.lineLimit(1)
.truncationMode(.middle)
.foregroundStyle(.secondary)
Spacer()
Button("Choose…", action: chooseFolder)
}
}
Section("Adapters") {
Text("Inert in Phase 0 — these toggles only persist for now.")
.font(.caption)
.foregroundStyle(.secondary)
ForEach(AppSettings.adapterKeys, id: \.key) { adapter in
Toggle(adapter.label, isOn: binding(for: adapter.key))
}
}
}
.formStyle(.grouped)
.frame(width: 320)
.navigationTitle("Settings")
}
private func binding(for key: String) -> Binding<Bool> {
Binding(
get: { settings.adapterEnabled[key] ?? true },
set: { settings.adapterEnabled[key] = $0 }
)
}
private func chooseFolder() {
let panel = NSOpenPanel()
panel.canChooseDirectories = true
panel.canChooseFiles = false
panel.allowsMultipleSelection = false
panel.prompt = "Choose"
panel.directoryURL = settings.outputFolderURL
// The app is a menu-bar accessory and this is invoked from the transient
// MenuBarExtra(.window) popover. Use the async begin(...) API rather than
// runModal() a nested modal loop can let the popover dismiss the panel
// out from under it. Activate first so the panel comes to the front.
NSApp.activate(ignoringOtherApps: true)
panel.begin { response in
guard response == .OK, let url = panel.url else { return }
settings.outputFolderPath = url.path
}
}
}