touch-notify requires Full Disk Access on macOS (not documented)

[ai-astrid]

Problem

The keycutter-touch-notify service fails silently on macOS because log stream requires Full Disk Access. Without this permission, the service:

• Crashes repeatedly with exit code 77
• Shows "YubiKey touch needed!" immediately on startup (false positive from error message)
• Logs show the service restarting every 10 seconds (ThrottleInterval)

Running log stream manually shows:

log: Must be admin to run 'stream' command

Root Cause

The script parses log stream output, but when the command fails with "Must be admin", this error message passes through the event detection logic (can't extract timestamp, so it's treated as a new event) and triggers a notification before the script crashes.

Solution

The bash binary running the script needs Full Disk Access in macOS Privacy settings.

Steps to Fix

1. Open System Settings → Privacy & Security → Full Disk Access
2. Click + button
3. Press Cmd+Shift+G and enter: /opt/homebrew/Cellar/bash/5.3.9/bin (adjust version as needed)
4. Select bash and click Open
5. Restart the service:

   launchctl unload ~/Library/LaunchAgents/com.keycutter.touch-notify.plist
   launchctl load ~/Library/LaunchAgents/com.keycutter.touch-notify.plist

Suggested Improvements

1. Documentation: Add Full Disk Access requirement to install instructions
2. Better error handling: Detect the "Must be admin" error and provide a helpful message instead of playing a sound
3. Install script: Check for Full Disk Access during keycutter-touch-notify-install and warn if not configured

Environment

• macOS Sequoia
• Homebrew bash 5.3.9
• keycutter installed via standard method