diff --git a/.github/workflows/release-menubar.yml b/.github/workflows/release-menubar.yml
index df8fd31..b3902d3 100644
--- a/.github/workflows/release-menubar.yml
+++ b/.github/workflows/release-menubar.yml
@@ -1,10 +1,9 @@
 name: Release macOS Menubar
 
 # Triggers on a `mac-v*` tag push (e.g. `git tag mac-v0.8.0 && git push origin mac-v0.8.0`),
-# or manually via the Actions tab. Runs entirely on the free macos-latest runner -- no Apple
-# Developer Program membership, no signing certificates, no secrets required. The bundle ships
-# ad-hoc signed; `npx codeburn menubar` strips the download quarantine flag on install so
-# Gatekeeper stays quiet.
+# or manually via the Actions tab. Builds a universal arm64+x86_64 bundle, ad-hoc signs it,
+# zips via `ditto`, and uploads the zip to the GitHub Release. `npx codeburn menubar` clears
+# the download quarantine flag on install so Gatekeeper stays quiet.
 on:
   push:
     tags:
@@ -62,9 +61,9 @@ jobs:
             npx codeburn menubar
             ```
 
-            Unsigned build. The installer clears Gatekeeper quarantine on download, so the
-            app launches without warnings. Direct-download users from this page may see
-            "cannot verify developer" -- right-click → Open once to dismiss it, or use the
-            npx command above.
+            That command drops the app into `~/Applications`, clears the download
+            quarantine, and launches it. If you download the zip from this page directly
+            and macOS shows "cannot verify developer", right-click the app in Finder and
+            pick Open to whitelist it once.
           files: mac/.build/dist/CodeBurnMenubar-*.zip
           fail_on_unmatched_files: true
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6fc672a..831b81d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,7 @@
 - **Native macOS menubar app.** Swift + SwiftUI app under `mac/` replaces the SwiftBar plugin. Agent tabs, Today/7/30/Month/All period switcher, Trend/Forecast/Pulse/Stats/Plan insights, activity and model breakdowns, optimize findings, CSV/JSON export, instant currency switching, live 60s refresh.
 - **`codeburn menubar`.** One-command install: downloads the latest `.app` from GitHub Releases, strips Gatekeeper quarantine, drops it into `~/Applications`, and launches it. `--force` reinstalls in place.
 - **`status --format menubar-json`.** Structured payload consumed by the native menubar app. Current-period totals, per-activity and per-model breakdowns, provider costs, optimize findings, and 365-day history.
-- **Release workflow.** `.github/workflows/release-menubar.yml` builds a universal `.app` bundle and zip on `mac-v*` tag push. Runs on the free macos-latest runner, no Apple Developer Program required.
+- **Release workflow.** `.github/workflows/release-menubar.yml` builds a universal `.app` bundle and zip on `mac-v*` tag push.
 
 ### Changed
 - **`codeburn export -f csv`** now writes a folder of one-table-per-file CSVs (`summary`, `daily`, `activity`, `models`, `projects`, `sessions`, `tools`, `shell-commands`) plus a `README.txt` index. Each file opens cleanly as a single table in any spreadsheet.
diff --git a/mac/README.md b/mac/README.md
index aab3bc6..4d3e2ae 100644
--- a/mac/README.md
+++ b/mac/README.md
@@ -16,7 +16,7 @@ One command:
 npx codeburn menubar
 ```
 
-That's it. The command downloads the latest signed `.app` from GitHub Releases, drops it into `~/Applications`, clears Gatekeeper quarantine, and launches it. Re-running it upgrades in place with `--force`, or just launches the existing copy otherwise.
+That's it. The command downloads the latest `.app` from GitHub Releases, drops it into `~/Applications`, clears Gatekeeper quarantine, and launches it. Re-running it upgrades in place with `--force`, or just launches the existing copy otherwise.
 
 If you already have the CLI installed globally (`npm install -g codeburn`), `codeburn menubar` works the same way.
 
diff --git a/mac/Scripts/package-app.sh b/mac/Scripts/package-app.sh
index d8b68c7..5672b5e 100755
--- a/mac/Scripts/package-app.sh
+++ b/mac/Scripts/package-app.sh
@@ -85,10 +85,10 @@ cat > "${BUNDLE}/Contents/PkgInfo" <<'PKG'
 APPL????
 PKG
 
-# Ad-hoc sign so macOS treats the bundle as internally consistent. This does NOT give us a
-# recognisable developer name in Finder (that needs the $99 Developer ID cert), but it
-# satisfies macOS's minimum bundle-validity checks on 14+ and prevents some Gatekeeper edge
-# cases on managed Macs.
+# Ad-hoc sign so macOS treats the bundle as internally consistent. This satisfies the
+# minimum bundle-validity checks on macOS 14+ and prevents a class of Gatekeeper edge
+# cases on managed Macs. A Developer ID signature (separate setup) would additionally
+# surface the publisher name in Finder; not required here.
 echo "▸ Ad-hoc signing..."
 codesign --force --sign - --timestamp=none --deep "${BUNDLE}" 2>/dev/null || true
 codesign --verify --deep --strict "${BUNDLE}" 2>/dev/null || echo "  (signature verify skipped)"