#!/usr/bin/env bash # ============================================================================= # GIGARep Verify & Fix # ============================================================================= set -uo pipefail # Add both possible Homebrew paths to ensure command -v brew works export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" ADMIN_USER="${SUDO_USER:-$USER}" RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; RESET='\033[0m' FIXED=0; ALREADY_OK=0; FAILED=0 check_fix() { local name="$1" check="$2" fix="$3" if eval "$check" &>/dev/null; then echo -e " ${GREEN}✅ $name${RESET}" ((ALREADY_OK++)) else echo -e " ${YELLOW}⚠️ $name — fixing...${RESET}" eval "$fix" 2>&1 | tail -3 # Re-check after fix if eval "$check" &>/dev/null; then echo -e " ${GREEN}✅ $name — FIXED${RESET}" ((FIXED++)) else echo -e " ${RED}❌ $name — STILL BROKEN${RESET}" ((FAILED++)) fi fi } echo "════════════════════════════════════════════════════════" echo " GIGARep Verify & Fix — $(hostname)" echo "════════════════════════════════════════════════════════" check_fix "Homebrew" \ "sudo -u $ADMIN_USER command -v brew" \ "sudo -u $ADMIN_USER NONINTERACTIVE=1 /bin/bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"" # If brew installed successfully, ensure it's in PATH if sudo -u $ADMIN_USER command -v brew &>/dev/null; then BREW_BIN=$(sudo -u $ADMIN_USER command -v brew) export PATH="$(dirname $BREW_BIN):$PATH" fi check_fix "Node.js" \ "command -v node" \ "sudo -u $ADMIN_USER brew install node" check_fix "jq" \ "command -v jq" \ "sudo -u $ADMIN_USER brew install jq" check_fix "himalaya" \ "command -v himalaya" \ "sudo -u $ADMIN_USER brew install himalaya" check_fix "OpenClaw" \ "command -v openclaw" \ "sudo -u $ADMIN_USER npm install -g openclaw" check_fix "Claude Code" \ "command -v claude" \ "sudo -u $ADMIN_USER npm install -g @anthropic-ai/claude-code" check_fix "gog" \ "command -v gog" \ "sudo -u $ADMIN_USER npm install -g @anthropic-ai/gog" check_fix "Claude Code API key" \ "test -f /Users/$ADMIN_USER/.claude/.env && grep -q ANTHROPIC /Users/$ADMIN_USER/.claude/.env" \ "mkdir -p /Users/$ADMIN_USER/.claude && echo 'ANTHROPIC_API_KEY=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' > /Users/$ADMIN_USER/.claude/.env && chown -R $ADMIN_USER /Users/$ADMIN_USER/.claude" # Apps check_fix "Google Chrome" \ "test -d '/Applications/Google Chrome.app'" \ "curl -sL 'https://dl.google.com/chrome/mac/universal/stable/GGRO/googlechrome.dmg' -o /tmp/chrome.dmg && hdiutil attach /tmp/chrome.dmg -nobrowse -mountpoint /tmp/chrome-mount && cp -R '/tmp/chrome-mount/Google Chrome.app' /Applications/ && hdiutil detach /tmp/chrome-mount -quiet" check_fix "BlueBubbles" \ "test -d '/Applications/BlueBubbles.app'" \ "if [[ \"$(uname -m)\" == \"arm64\" ]]; then curl -sL 'https://github.com/BlueBubblesApp/bluebubbles-server/releases/download/v1.9.9/BlueBubbles-1.9.9-arm64.dmg' -o /tmp/bb.dmg; else curl -sL 'https://github.com/BlueBubblesApp/bluebubbles-server/releases/download/v1.9.9/BlueBubbles-1.9.9.dmg' -o /tmp/bb.dmg; fi && hdiutil attach /tmp/bb.dmg -nobrowse -mountpoint /tmp/bb-mount && cp -R '/tmp/bb-mount/BlueBubbles.app' /Applications/ && hdiutil detach /tmp/bb-mount -quiet" check_fix "RealVNC Server" \ "test -f /Library/vnc/vncserver" \ "curl -sL 'https://downloads.realvnc.com/download/file/vnc.files/VNC-Server-7.15.0-MacOSX-universal.pkg' -o /tmp/vnc-server.pkg && installer -pkg /tmp/vnc-server.pkg -target /" check_fix "RealVNC /etc/vnc" \ "test -d /etc/vnc/service" \ "mkdir -p /etc/vnc/config.d /etc/vnc/service && touch /etc/vnc/service/on && chown -R root:wheel /etc/vnc && chown -R root:wheel /Library/vnc" check_fix "Screen Sharing disabled" \ "! launchctl list 2>/dev/null | grep -q com.apple.screensharing" \ "launchctl disable system/com.apple.screensharing && launchctl bootout system/com.apple.screensharing" check_fix "RealVNC running" \ "pgrep -f 'vncserver -service'" \ "launchctl unload /Library/LaunchDaemons/com.realvnc.vncserver.plist 2>/dev/null; launchctl load /Library/LaunchDaemons/com.realvnc.vncserver.plist" check_fix "SSH enabled" \ "systemsetup -getremotelogin 2>/dev/null | grep -q 'On'" \ "systemsetup -setremotelogin on" check_fix "Mac Studio SSH key" \ "grep -q 'admin@Mac' /Users/$ADMIN_USER/.ssh/authorized_keys 2>/dev/null" \ "mkdir -p /Users/$ADMIN_USER/.ssh && echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXIPMdjiuReXH2DzH059UTWBIiQEiZHfLp/cKW7Xzyu admin@Mac.attlocal.net' >> /Users/$ADMIN_USER/.ssh/authorized_keys && chmod 700 /Users/$ADMIN_USER/.ssh && chmod 600 /Users/$ADMIN_USER/.ssh/authorized_keys && chown -R $ADMIN_USER /Users/$ADMIN_USER/.ssh" check_fix "Tailscale" "command -v tailscale" "sudo -u $ADMIN_USER brew install tailscale" echo "" echo "════════════════════════════════════════════════════════" echo " Manual Privacy Permissions (System Settings)" echo "════════════════════════════════════════════════════════" echo "" check_fix "Mosyle MDM enrolled" \ "profiles status -type enrollment 2>/dev/null | grep -q 'MDM enrollment: Yes'" \ "open 'https://join.mosyle.com/?account=gigagoods' && echo 'Mosyle enrollment page opened — click through to install profile'" echo "" echo " ⚠️ MANUAL STEPS (via RealVNC after sign-in):" echo " System Settings → Privacy & Security:" echo " Full Disk Access: Terminal, BlueBubbles" echo " Screen Recording: RealVNC Server" echo " Accessibility: RealVNC Server" echo " Input Monitoring: RealVNC Server" echo "" echo "════════════════════════════════════════════════════════" echo " Results: ✅ OK=$ALREADY_OK 🔧 Fixed=$FIXED ❌ Failed=$FAILED" echo "════════════════════════════════════════════════════════" # Claude Code full setup (skip onboarding + pre-trust workspaces + dangerous mode) setup_claude_code() { local user="$1" # Pre-trust workspaces and skip onboarding cat > "/Users/$user/.claude.json" << 'CLAUDEJSON' {"numStartups":5,"installMethod":"native","autoUpdates":false,"hasCompletedOnboarding":true,"lastOnboardingVersion":"2.1.96","projects":{"/":{"hasTrustDialogAccepted":true,"allowedTools":[],"hasClaudeMdExternalIncludesApproved":true},"/Users":{"hasTrustDialogAccepted":true,"allowedTools":[],"hasClaudeMdExternalIncludesApproved":true},"/Users/admin":{"hasTrustDialogAccepted":true,"allowedTools":[],"hasClaudeMdExternalIncludesApproved":true},"/Users/admin/clawd":{"hasTrustDialogAccepted":true,"allowedTools":[],"hasClaudeMdExternalIncludesApproved":true},"/Users/admin/Desktop":{"hasTrustDialogAccepted":true,"allowedTools":[],"hasClaudeMdExternalIncludesApproved":true},"/Users/admin/Documents":{"hasTrustDialogAccepted":true,"allowedTools":[],"hasClaudeMdExternalIncludesApproved":true},"/Users/admin/Downloads":{"hasTrustDialogAccepted":true,"allowedTools":[],"hasClaudeMdExternalIncludesApproved":true},"/tmp":{"hasTrustDialogAccepted":true,"allowedTools":[],"hasClaudeMdExternalIncludesApproved":true},"/var":{"hasTrustDialogAccepted":true,"allowedTools":[],"hasClaudeMdExternalIncludesApproved":true}}} CLAUDEJSON chown "$user" "/Users/$user/.claude.json" # Settings: Opus + medium thinking + bypass all permissions mkdir -p "/Users/$user/.claude" cat > "/Users/$user/.claude/settings.json" << 'CLAUDESETTINGS' {"model":"opus","effortLevel":"medium","permissions":{"allow":["Write(*)","Edit(*)","Bash(*)"],"deny":[],"defaultMode":"bypassPermissions"},"skipDangerousModePermissionPrompt":true,"apiKeyHelper":"cat ~/.claude/.env | grep ANTHROPIC_API_KEY | cut -d= -f2"} CLAUDESETTINGS chown -R "$user" "/Users/$user/.claude" } check_fix "Claude Code onboarding" \ "test -f /Users/$ADMIN_USER/.claude.json && grep -q hasTrustDialogAccepted /Users/$ADMIN_USER/.claude.json" \ "setup_claude_code $ADMIN_USER" check_fix "Claude Code settings" \ "test -f /Users/$ADMIN_USER/.claude/settings.json && grep -q bypassPermissions /Users/$ADMIN_USER/.claude/settings.json" \ "setup_claude_code $ADMIN_USER"