fix(desktop): bypass TCC permission check for screen recording and accessibility in debug builds

[MinitJain]

Summary

• On macOS Sequoia, CGPreflightScreenCaptureAccess() always returns false for ad-hoc signed or unsigned debug binaries, regardless of what is granted in System Settings
• This blocks contributors from getting past the permissions screen when running a local dev build
• Adds a #[cfg(debug_assertions)] early return for ScreenRecording and Accessibility in macos_permission_status() — bypassing the TCC check only in debug builds
• Camera and microphone are unaffected since those work correctly without a signed binary

Why only these two?

ScreenRecording and Accessibility use OS APIs (CGPreflightScreenCaptureAccess, AXIsProcessTrusted) that require a binary signed with a valid Apple Developer ID on Sequoia. Camera and microphone use AVFoundation which prompts and grants correctly regardless of signing.

Test plan

• Run cargo build and launch the debug binary — permissions screen should be skipped, app goes straight to main UI
• Release build behavior is unchanged (bypass is debug_assertions only)

Closes #1722

🤖 Generated with Claude Code

Greptile Summary

This PR adds a #[cfg(debug_assertions)] early-return bypass in macos_permission_status for ScreenRecording and Accessibility permissions, addressing a macOS Sequoia regression where CGPreflightScreenCaptureAccess and AXIsProcessTrusted always return false for ad-hoc-signed or unsigned debug binaries regardless of System Settings grants. The bypass is tightly scoped to debug builds only and leaves release-build behavior, Camera, and Microphone checks untouched.

Confidence Score: 5/5

Safe to merge — the bypass is compile-time gated to debug builds and has no effect on release binaries.

The change is a single, well-scoped early-return behind #[cfg(debug_assertions)]. It correctly targets only the two permissions whose OS APIs fail for unsigned binaries on Sequoia, leaves Camera/Microphone and all non-macOS paths untouched, and cannot reach production. No P0/P1 findings were identified.

No files require special attention.

Vulnerabilities

No security concerns identified. The bypass is gated behind #[cfg(debug_assertions)], which is a compile-time flag stripped from release builds, so it cannot be triggered in production binaries.

Important Files Changed

Filename	Overview
apps/desktop/src-tauri/src/permissions.rs	Adds a compile-time #[cfg(debug_assertions)] guard that short-circuits macos_permission_status for ScreenRecording and Accessibility — clean, minimal change with no impact on release builds, Windows, or Camera/Microphone permissions.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[macos_permission_status called] --> B{cfg debug_assertions\nAND ScreenRecording\nOR Accessibility?}
    B -- Yes --> C[return Granted immediately\ndebug builds only]
    B -- No --> D{permission type}
    D -- ScreenRecording --> E[scap_screencapturekit::has_permission]
    D -- Camera --> F[AVFoundation authorization status]
    D -- Microphone --> G[AVFoundation authorization status]
    D -- Accessibility --> H[AXIsProcessTrusted]
    E --> I[Granted / Empty / Denied]
    F --> I
    G --> I
    H --> I
    C --> J[OSPermissionStatus::Granted]
    I --> K[OSPermissionStatus]

Loading

_{Reviews (1): Last reviewed commit: "fix(desktop): bypass TCC permission chec..." | Re-trigger Greptile}

_{(4/5) You can add custom instructions or style guidelines for the agent here!}

[MinitJain]

The implementation follows the approach suggested by @tembo in #1722 — single #[cfg(debug_assertions)] block at the top of macos_permission_status() rather than per-permission conditionals.

[tembo]

The implementation follows the approach suggested by @tembo in #1722 — single #[cfg(debug_assertions)] block at the top of macos_permission_status() rather than per-permission conditionals.

I've created #undefined with the requested changes. Please review and merge it into this PR when ready.