Commit graph

10 commits

Author SHA1 Message Date
AgentSeal
d349a01e99 harden(mac): fail-closed minos guard, weak-link errno check, strip em-dashes
Review follow-up on the Sonoma deployment-target fix:
- The release minos guard was fail-open: if vtool returned nothing (missing
  binary, tool change) the check passed vacuously and could green-light a bad
  release. Now it fails closed when no minos is reported.
- The libswift_errno check now excludes weak links, so it only fails on a
  breaking STRONG link. dyld tolerates a missing weakly-linked dylib, so a
  macOS 15.x SDK runner that weak-links errno at the .v14 target no longer
  causes a spurious release failure.
- Removed em-dashes from the changed files per repo style.

Verified: fresh .v14 build is minos 14.0 with no strong errno link; the guard
now fails closed on an unreadable binary and passes on the real one; 71 Swift
tests pass.
2026-07-10 09:20:15 +02:00
wanghao20
c8bddb52c2 fix(mac): address review notes on PR #577 — correct SDK/deployment-target wording, universal build-local.sh, CI minos guard
- README.md / build-local.sh: the -10825 fix is the Package.swift deployment
  target, not the SDK used to build (ld64's $ld$previous drops
  libswift_errno.dylib based on minos, so it already applies to the
  CI-distributed release too). build-local.sh exists only for building on a
  Sonoma machine with just the Command Line Tools.
- build-local.sh: build arm64 and x86_64 separately and lipo them into a
  universal binary (`--arch arm64 --arch x86_64` together needs xcbuild,
  which CLT doesn't ship); assert the active SDK is actually 14.x instead of
  silently trusting `xcrun`; use `pkill -x` instead of `-f` to avoid matching
  unrelated processes; broaden the @MainActor patch regex to slurp mode so it
  also covers multi-line struct headers and `extension X: View`.
- package-app.sh: fail the build if the packaged binary's minos isn't 14.0
  for every arch slice, or if it links libswift_errno.dylib, so a future
  deployment-target regression is caught in CI instead of a user's crash report.
2026-07-10 09:19:18 +02:00
Resham Joshi
4a384cd31d
feat(menubar): add macOS app icon (#455)
Adds assets/menubar-logo.png and generates AppIcon.icns (all standard sizes
via sips + iconutil) in package-app.sh, so the menubar app ships with a real
icon instead of the generic one. Info.plist already referenced AppIcon.

Icon and bundler change from @tvcsantos's #439; the unrelated tsconfig.json
change in that PR was left out.
2026-06-06 23:16:03 +02:00
iamtoruk
a2ab52aafd build(menubar): allow signing with a stable identity via CODESIGN_IDENTITY 2026-05-30 13:18:46 -07:00
iamtoruk
909efcf989 Harden menubar refresh and installer 2026-05-14 18:32:15 -07:00
iamtoruk
f058f36dbd Normalize menubar version display 2026-05-11 11:21:39 -07:00
iamtoruk
469d956312 Preserve menubar bundle seal during install 2026-05-11 11:11:37 -07:00
iamtoruk
15334fac67 Add SHA-256 checksum verification to menubar installer
The installer now downloads and verifies a .sha256 companion file
before extracting and launching the menubar app. Build script and
CI workflow generate the checksum alongside the zip. Adds SECURITY.md
with reporting instructions.

Addresses #215.
2026-05-04 10:08:58 -07:00
Resham Joshi
0b96ff182e docs: scrub private strategy notes from public text
Removes references to future signing decisions, dollar amounts, and
star thresholds from the menubar README, the CHANGELOG, the release
workflow (its YAML comments and the auto-generated release body), and
the packaging script. The technical description stays; the 'we are
not paying for X right now' framing is out.
2026-04-17 17:12:48 -07:00
Resham Joshi
495a254338 feat(mac): native Swift menubar app + one-command install
Introduces mac/ with a native SwiftUI menubar app that replaces the
previous SwiftBar plugin entirely. Install via `npx codeburn menubar`,
which downloads the .app from GitHub Releases, strips Gatekeeper
quarantine, and drops it into ~/Applications.

Highlights

- mac/ SwiftUI app: agent tabs, Today/7/30/Month/All period switcher,
  Trend/Forecast/Pulse/Stats/Plan insights, activity + model
  breakdowns, optimize findings, CSV/JSON export, Star-on-GitHub
  banner, live 60s refresh, instant currency switching with offline FX
  cache.
- Security: CodeburnCLI argv-based spawn (no shell interpretation),
  SafeFile symlink guards + O_NOFOLLOW writes, FX rate clamping to
  [0.0001, 1_000_000], keychain filtered to account == "default",
  removed byte-window credential log, in-flight refresh guard, POSIX
  flock on config.json writes, TerminalLauncher validates argv before
  AppleScript interpolation.
- Performance: shared static NumberFormatter (thousands of allocations
  per popover redraw eliminated), concurrent pipe drain with 20 MB cap
  + 60s timeout in DataClient, Observation-tracked reactive UI, 5-min
  payload cache keyed on (period, provider).
- CLI: new `codeburn menubar` subcommand that downloads + installs +
  launches the .app (no clone, no build). New `status --format
  menubar-json` payload builder. `export` rewritten to produce a
  folder of one-table-per-file CSVs with a `.codeburn-export` marker
  so arbitrary -o paths cannot be silently deleted.
- Removed: src/menubar.ts (SwiftBar plugin generator),
  install-menubar / uninstall-menubar subcommands, `status --format
  menubar` directive output, tests/menubar.test.ts,
  tests/security/menubar-injection.test.ts.
- Release: .github/workflows/release-menubar.yml builds universal
  binary, assembles .app, ad-hoc signs, zips, uploads on mac-v* tag
  push. Runs on the free macos-latest runner.

Tests

- 230 TypeScript tests pass
- 10 Swift CapacityEstimator tests pass
- TypeScript typecheck clean
- Swift release build clean
2026-04-17 16:55:56 -07:00