The Fazm AI desktop agent on GitHub is a real Swift app, not a Python wrapper

github.com/mediar-ai/fazm is the Fazm Desktop app for macOS. It is a native Swift/SwiftUI application distributed as a Swift Package (SPM), not a Python script or an Electron wrapper. The language breakdown per GitHub is 78.2% Swift, with a smaller TypeScript portion (the acp-bridge), and minor Shell, Rust, and JavaScript. The repo has four top-level pieces: Desktop/ (the Swift/SwiftUI macOS app), acp-bridge/ (TypeScript bridge for Claude's Agent Client Protocol), Backend/ (Rust, in Backend/Cargo.toml), and Installer/. The README labels it MIT licensed, free to start, fully open source, fully local. The README command to run it locally is ./run.sh.

It is a real macOS app. The Desktop/ directory alone contains 95 Swift source files totaling 47,702 lines (run `find Desktop/Sources -name '*.swift' | xargs wc -l` to verify). Desktop/Package.swift declares macOS 14.0 as the minimum and Swift 5.9 as the tools version. It pulls in production-grade Apple ecosystem packages: GRDB.swift for SQLite, Sparkle for auto-update, Firebase iOS SDK for auth, PostHog and Sentry for telemetry, and Highlightr for syntax highlighting. It also depends on two Mediar-published Swift packages (m13v/macos-session-replay for session recording and m13v/ai-browser-profile-swift-light for browser profile control). None of these are things you pull into a research wrapper.

The anchor file is Desktop/Sources/AppState.swift lines 431-504. It defines three methods that layer on top of each other to detect when the macOS TCC (Transparency, Consent, and Control) database has silently broken the app's accessibility permission: testAccessibilityPermission() makes a real AX call against the frontmost app; confirmAccessibilityBrokenViaFinder(suspectApp:) cross-checks Finder to disambiguate the ambiguous AXError.cannotComplete case (which can mean either 'our permission is broken' or 'this app doesn't implement AX', e.g. Qt, OpenGL, or Python-based apps); and probeAccessibilityViaEventTap() uses CGEvent.tapCreate as a tie-breaker when Finder is not running. The event-tap probe exists because AXIsProcessTrusted caches its result per-process on macOS 26 Tahoe and can return stale 'trusted' when TCC is actually broken. No other open-source macOS AI agent repo ships this logic.

Four. .success, .noValue, .notImplemented, and .attributeUnsupported are all treated as 'AX is working' (noValue means the app has no windows, notImplemented/attributeUnsupported mean the app is just AX-incompatible, not that permission is broken). .apiDisabled is treated as 'permission is stuck' with no confirmation needed because it is unambiguous and logged as ACCESSIBILITY_CHECK: AXError.apiDisabled. .cannotComplete is ambiguous and triggers the Finder cross-check path. Any other error code is logged as 'not permission-related, treating as OK'. The switch lives in testAccessibilityPermission() at roughly line 444.

Requirements in the README: macOS 14.0 or later, Xcode, and an Apple Developer ID for code signing. Clone the repo, cd into it, and run ./run.sh (builds the Swift app and launches it) or ./reset-and-run.sh (performs a clean-slate run, resets onboarding, permissions, and UserDefaults). There is a CLAUDE.md in the repo root that also documents debug triggers via distributed notifications: you can run 'xcrun swift -e ...com.fazm.testQuery...' to send a text query programmatically to the floating bar without touching voice or the UI. That programmatic control surface (com.fazm.control) is itself documented in CLAUDE.md, with commands like newChat, setModel:claude-sonnet-4-6, sendFollowUp:<text>, and setWorkspace:<path>.

The dependency list in Desktop/Package.swift (version 5.9 Swift tools, macOS 14.0 minimum): PostHog/posthog-ios from 3.0.0, getsentry/sentry-cocoa pinned to 8.57.3..<8.58.0, groue/GRDB.swift from 6.24.0 (SQLite), sparkle-project/Sparkle from 2.9.0 (auto-update framework), gonzalezreal/swift-markdown-ui from 2.4.0, firebase/firebase-ios-sdk from 11.0.0 (used for FirebaseCore and FirebaseAuth), m13v/macos-session-replay from 0.7.0, a local Highlightr package under LocalPackages/, and m13v/ai-browser-profile-swift-light from 0.1.0. There is also an ObjCExceptionCatcher target compiled as a plain Objective-C helper. This is a production-app dependency graph, not a notebook-style stack.

No. The primary desktop-control path goes through native macOS Accessibility APIs: AXUIElementCreateApplication, AXUIElementCopyAttributeValue, and related CoreFoundation calls. Screenshot-based vision is not how buttons get clicked or forms get filled. This is why the permission probe in AppState.swift is load-bearing: if AX breaks, the agent is blind. The entire premise of 'any app on your Mac, not just the browser' depends on a reliable accessibility tree, which is why the repo ships four fallback layers (AX call, error-code classification, Finder cross-check, CGEvent tap probe) to detect when macOS has silently revoked that tree.

Clone the repo and run these commands against the working tree. 'find Desktop/Sources -name "*.swift" | wc -l' should return 95. 'find Desktop/Sources -name "*.swift" | xargs wc -l | tail -1' should show 47702 total lines. 'cat Desktop/Package.swift | grep platforms' should show .macOS("14.0"). 'cat CHANGELOG.json | grep -c "\"version\""' should show 11 releases just in the window the file covers. 'grep -n AXUIElement Desktop/Sources/AppState.swift' should return the four hits at lines 439, 441, 470, 472. Every number in this guide is derived from running one of those commands against the repo on April 16-17, 2026.

acp-bridge/ is the Fazm side of the Agent Client Protocol (ACP), the wire protocol the Swift chat provider uses to talk to the Claude agent runtime. TypeScript is the language of the Claude Code / Anthropic agent-side tooling, so the bridge lives in TS where those libraries are first-class. CHANGELOG.json entry v2.1.2 on 2026-04-07 reads 'Upgraded ACP protocol to v0.25.0 with improved error handling for credit exhaustion and rate limits' - that upgrade landed on the TypeScript side and the Swift side consumes the new typed error frames. The split is deliberate: Swift for the native UI and macOS system calls, TypeScript for the protocol bridge, a small Rust backend in Backend/ for high-throughput media work.

Most 'open source computer use' repos in 2026 are Python or Node wrappers around a cloud vision model that receive screenshots and emit pixel coordinates. Fazm inverts this: it is a code-signed native macOS app, built with Swift/SwiftUI, reads the accessibility tree directly, and treats hosted models (Claude Opus, GPT-5.4-Cyber) as interchangeable endpoints behind ANTHROPIC_BASE_URL. The comparison matters for three reasons: accessibility-tree tools are structured text (cheap, fast, reliable) where screenshot tools are pixels (expensive, slow, drift per model); a native app can claim macOS 14.0+ system capabilities like CGEvent taps and AXObserver that a sandboxed Python agent cannot; and a real .app bundle can ship Sparkle auto-updates, Firebase auth, and code signing, which matter for a consumer app but do not matter for a research notebook.