mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-17 20:31:36 +00:00
* fix(macos): bootstrap Codex before onboarding test * fix(plugins): activate deferred runtimes on demand * fix(macos): stage Codex runtime for onboarding probe * fix(macos): expose sanitized onboarding errors * fix(codex): reuse native CLI auth during onboarding * fix(macos): hide Crestodian without inference * fix(codex): honor explicit runtime policy during setup * fix(onboarding): redact verification errors * fix(macos): reset onboarding state with gateway route * fix(onboarding): persist Codex plugin install metadata * chore: refresh onboarding inventories * fix(macos): restart AI setup after gateway change * chore: refresh native onboarding inventory * fix(onboarding): defer gateway restart until setup persists * fix(macos): reset Crestodian on gateway changes * chore(macos): refresh native i18n inventory * fix(onboarding): harden inference setup state * docs(skills): reuse pristine Parallels snapshots * chore(macos): refresh onboarding i18n inventory * fix(onboarding): prevent stale gateway and install state * docs(skills): preserve saved Parallels sessions * fix(macos): balance AI onboarding layout * fix(parallels): parse npm workspace pack output * chore(macos): refresh onboarding i18n inventory * fix(parallels): bundle workspace runtime in package artifact * fix(parallels): isolate canonical package helper * fix(parallels): pack self-contained workspace artifact * fix(packaging): exclude macOS app bundle * fix(macos): restart inference checks after route changes * docs(changelog): defer onboarding note to release * fix(onboarding): enforce inference-first gateway setup
OpenClaw macOS app (dev + signing)
Quick dev run
# from repo root
scripts/restart-mac.sh
Options:
scripts/restart-mac.sh --no-sign # fastest dev; ad-hoc signing (TCC permissions do not stick)
scripts/restart-mac.sh --sign # force code signing (requires cert)
Packaging flow
scripts/package-mac-app.sh
Creates dist/OpenClaw.app and signs it via scripts/codesign-mac-app.sh.
Signing behavior
Auto-selects identity (first match):
- Developer ID Application
- Apple Distribution
- Apple Development
- first available identity
If none found:
- errors by default
- set
ALLOW_ADHOC_SIGNING=1orSIGN_IDENTITY="-"to ad-hoc sign
Team ID audit (Sparkle mismatch guard)
After signing, we read the app bundle Team ID and compare every Mach-O inside the app. If any embedded binary has a different Team ID, signing fails.
Skip the audit:
SKIP_TEAM_ID_CHECK=1 scripts/package-mac-app.sh
Library validation workaround (dev only)
If Sparkle Team ID mismatch blocks loading (common with Apple Development certs), opt in:
DISABLE_LIBRARY_VALIDATION=1 scripts/package-mac-app.sh
This adds com.apple.security.cs.disable-library-validation to app entitlements.
Use for local dev only; keep off for release builds.
Useful env flags
SIGN_IDENTITY="Apple Development: Your Name (TEAMID)"ALLOW_ADHOC_SIGNING=1(ad-hoc, TCC permissions do not persist)CODESIGN_TIMESTAMP=off(offline debug)DISABLE_LIBRARY_VALIDATION=1(dev-only Sparkle workaround)SKIP_TEAM_ID_CHECK=1(bypass audit)