Files
2026-07-13 12:22:33 +08:00

101 lines
5.3 KiB
Markdown

---
summary: "Safe troubleshooting for macOS Keychain and browser Safe Storage prompts."
read_when:
- Investigating Chrome Safe Storage or browser Safe Storage prompts
- Explaining prompts that appear after uninstalling CodexBar
- Collecting safe support details without exposing secrets
---
# Keychain prompts
CodexBar can trigger macOS Keychain prompts when an enabled provider imports browser cookies, reads a provider-owned
OAuth item, or uses a CodexBar-owned cache entry. Chromium browser cookie import commonly asks for the browser's
Safe Storage item, such as "Chrome Safe Storage", "Brave Safe Storage", or "Microsoft Edge Safe Storage".
CodexBar does not need your browser password. macOS owns the prompt, and the prompt should identify the app or binary
that is requesting access. For support reports, include that requesting app/path when possible and do not paste
passwords, cookie headers, OAuth tokens, API keys, or Keychain item values.
Before a Keychain read that may require interaction, CodexBar shows an explanation of the item and its purpose.
**Learn More** opens this page without dismissing that explanation or starting the macOS prompt. Choose **OK** only
when you are ready to continue, or use the opt-out below.
After you acknowledge the Claude OAuth explanation, CodexBar does not repeat that explanation for six hours. This
cooldown only applies to CodexBar's explanatory alert: macOS can still show its own Keychain authorization prompt,
and the Claude **Never prompt** and global **Disable Keychain access** settings remain in effect.
## If the prompt appears after uninstalling CodexBar
Deleting `CodexBar.app` prevents a new process from launching from that bundle, but it does not terminate a process
that is already running from it. That process can continue to request Keychain access until it quits. If macOS still
shows a prompt such as "CodexBar wants to use your confidential information stored in 'Chrome Safe Storage'", the
usual causes are:
- A CodexBar process or bundled helper is still running.
- CodexBar is still enabled in Login Items and relaunched from an existing install.
- Another copy of `CodexBar.app` exists elsewhere on the machine.
- The uninstall path did not remove the same copy that launched the process. Finder, Homebrew cask, Sparkle updates,
and manually copied apps can leave different install paths in play.
- The prompt is naming the requesting binary, not proving that the copy you deleted is the one still running.
Safe checks:
```bash
pgrep -fl 'CodexBar|CodexBarCLI'
ls -ld /Applications/CodexBar.app
brew info --cask codexbar
mdfind 'kMDItemCFBundleIdentifier == "com.steipete.codexbar"'
```
Also check:
- **Activity Monitor**: search for `CodexBar` and `CodexBarCLI`.
- **System Settings -> General -> Login Items**: remove CodexBar if it remains listed.
- **Keychain prompt screenshot**: capture the full prompt, especially any requesting app/path details. Redact user
names or unrelated window contents if needed, but do not include secrets.
If you find a still-running process, quit CodexBar from the menu if possible, or quit it from Activity Monitor. If you
find another installed copy, confirm whether that copy is the one macOS names in the prompt before changing anything
else.
## Stop CodexBar from using Keychain
If CodexBar is still installed and you want it to stop all Keychain access:
1. Open **CodexBar -> Settings -> Advanced**.
2. In **Keychain access**, enable **Disable Keychain access**.
3. Relaunch CodexBar.
This disables Keychain reads and writes from CodexBar. Browser-cookie-based providers will be skipped because
CodexBar can no longer decrypt browser cookies. Manual cookie headers, API keys, and CLI/OAuth flows that do not rely
on Keychain can still work where the provider supports them.
## Browser Safe Storage prompts
If a Chromium-family Safe Storage check requires interaction or is denied, CodexBar pauses automatic cookie imports
for every Chromium-family browser for six hours. This prevents a denial in Arc, Edge, Brave, or another Chromium
browser from immediately moving to the next browser and showing another prompt. **Refresh Now** is an explicit retry
for the browser that was blocked; Safari and Firefox-family cookie imports remain available during the pause.
For normal browser-cookie import prompts, either allow CodexBar in the Keychain item's Access Control list or disable
Keychain access:
1. Open **Keychain Access.app**.
2. Select the `login` keychain.
3. Search for the item named in the prompt, for example `Chrome Safe Storage`.
4. Open the item, choose **Access Control**, and add `CodexBar.app` under "Always allow access by these applications".
5. Relaunch CodexBar.
Avoid "Allow all applications" unless you intentionally want every app to access that item. Do not paste or share the
item's secret value when asking for help.
## What to include in a support issue
- CodexBar version and install source: GitHub release, Homebrew cask, Sparkle update, or another source.
- macOS version.
- The uninstall method if this happened after uninstalling.
- Whether Activity Monitor or `pgrep` still shows CodexBar.
- Whether System Settings -> General -> Login Items still lists CodexBar.
- Whether `/Applications/CodexBar.app`, Homebrew cask metadata, or Spotlight finds another copy.
- A screenshot of the Keychain prompt showing the requested item and requesting app/path, with secrets redacted.