fix: disable macOS code signing to prevent 'app damaged' error

[AmintaCCCP]

Summary

Fixes macOS "app is damaged, cannot open" error reported in #151.

Root Cause

The build config sets identity: null (skip signing) but keeps hardenedRuntime: true, causing electron-builder to produce an ad-hoc signed binary with no Sealed Resources. Gatekeeper on macOS rejects this as "damaged":

flags=0x20002(adhoc,linker-signed)
Sealed Resources=none
Signature=adhoc

Changes

• electron-builder.yml: Remove hardenedRuntime, entitlements, entitlementsInherit; add sign: false
• build-desktop.yml: Remove hardenedRuntime: true; add sign: false alongside existing identity: null

User Impact

After this fix, macOS users can open the app by right-clicking → Open on first launch. No code signing certificate required.

Closes #151

Summary by CodeRabbit

• Chores
  • Updated macOS packaging/signing configuration for the desktop app: removed hardened runtime and entitlements directives while keeping gatekeeper assessment disabled.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Removes macOS hardened runtime and entitlements directives from electron-builder and deletes hardenedRuntime and identity from the workflow's packageJson.build.mac block; gatekeeperAssess: false remains.

Changes

macOS Code Signing Configuration

Layer / File(s)	Summary
Remove hardenedRuntime and entitlements settings electron-builder.yml, .github/workflows/build-desktop.yml	Removes hardenedRuntime, entitlements, and entitlementsInherit from the mac packaging configuration and deletes hardenedRuntime: true and identity: null from the workflow's packageJson.build.mac block; gatekeeperAssess: false remains.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nudged a key, then watched it flee,

Hardened bits and entitlements set free,
The build ticks on beneath the moon,
A quiet hop, a tiny tune,
Night gardens hum with packaging glee.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: disabling macOS code signing to fix the 'app damaged' error reported in the linked issue.
Linked Issues check	✅ Passed	The changes directly address issue #151 by removing problematic signing configurations that caused Gatekeeper rejection, enabling macOS users to open the app.
Out of Scope Changes check	✅ Passed	All changes are scoped to fixing the macOS signing issue: modifications to electron-builder.yml and build-desktop.yml align with the stated objective of resolving the 'app damaged' error.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/macos-signing-damaged-app

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/build-desktop.yml (1)

498-511: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Align PR signing controls with the “unsigned macOS” goal

mac.identity: null already disables macOS code signing (and hardened runtime) in electron-builder, so the missing sign: false is unlikely to re-enable signing by itself. The real mismatch is CSC_FOR_PULL_REQUEST: true, which allows signing logic to run for PR builds—set it to false to match the intent of never attempting signing on PR artifacts.

🔧 Suggested fix

         } else if ('${{ matrix.os }}' === 'macos-latest') {
           packageJson.build.mac = {
             target: [
               {
                 target: 'dmg',
                 arch: ['x64', 'arm64']
               }
             ],
             icon: 'build/icon.png',
             category: 'public.app-category.productivity',
             gatekeeperAssess: false,
             identity: null,
+            sign: false
 
           };

-        CSC_FOR_PULL_REQUEST: true
+        CSC_FOR_PULL_REQUEST: false

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/build-desktop.yml around lines 498 - 511, The PR allows
signing to run despite intending unsigned macOS artifacts—set the CI env var
CSC_FOR_PULL_REQUEST to false in the build workflow and also make the mac build
intent explicit by adding sign: false alongside the existing
packageJson.build.mac.identity = null; update the workflow matrix branch where
CSC_FOR_PULL_REQUEST is defined and update the mac object (target identity) in
the packageJson generation (reference symbols: CSC_FOR_PULL_REQUEST,
packageJson.build.mac, identity, sign) so PR builds never attempt code signing.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.github/workflows/build-desktop.yml:
- Around line 498-511: The PR allows signing to run despite intending unsigned
macOS artifacts—set the CI env var CSC_FOR_PULL_REQUEST to false in the build
workflow and also make the mac build intent explicit by adding sign: false
alongside the existing packageJson.build.mac.identity = null; update the
workflow matrix branch where CSC_FOR_PULL_REQUEST is defined and update the mac
object (target identity) in the packageJson generation (reference symbols:
CSC_FOR_PULL_REQUEST, packageJson.build.mac, identity, sign) so PR builds never
attempt code signing.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eb74bb2e-a41c-486b-950e-31ee3433a8af

📥 Commits

Reviewing files that changed from the base of the PR and between 1d49b1c and 646bb0f.

📒 Files selected for processing (1)

• .github/workflows/build-desktop.yml