mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-09 08:43:59 +00:00
* fix(macos): preserve device identity storage Avoid selecting App Group identity storage when the running app lacks the matching application-groups entitlement, so unentitled macOS builds fall back to the legacy writable identity directory. Existing unrecognized identity files are now preserved instead of being replaced by a newly generated identity, matching the no-overwrite behavior already used for recognized invalid identity data. * fix(macos): repair identity CI coverage Limit the App Group entitlement probe to macOS builds so iOS keeps its existing App Group path behavior. Update the state-dir identity regression to assert the new no-overwrite contract for invalid identity-shaped files. * fix(macos): migrate existing app group identity on legacy fallback Unentitled macOS builds now migrate a readable App Group device identity into the selected legacy store before falling back, so an upgrade preserves the existing device id instead of minting a new one. * fix(macos): migrate device auth store with identity on app group fallback The app group to legacy identity migration now carries the sibling device-auth store file, so an unentitled build keeps its stored device tokens (keyed by the migrated deviceId) instead of re-pairing. The process-immutable entitlement check is resolved once per process rather than creating a SecTask on every state-dir lookup, and the migration source API returns an identity+auth pair struct. --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>