mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-21 11:09:36 +00:00
5f89cabeb5
Some checks failed
CI / preflight (push) Waiting to run
CI / security-scm-fast (push) Waiting to run
CI / security-dependency-audit (push) Waiting to run
CI / security-fast (push) Blocked by required conditions
CI / build-artifacts (push) Blocked by required conditions
CI / (push) Blocked by required conditions
CI / -1 (push) Blocked by required conditions
CI / checks-fast-contracts-plugins (push) Blocked by required conditions
CI / -2 (push) Blocked by required conditions
CI / checks-fast-contracts-channels (push) Blocked by required conditions
CI / checks-fast-protocol (push) Blocked by required conditions
CI / -3 (push) Blocked by required conditions
CI / checks-node-compat-node22 (push) Blocked by required conditions
CI / -4 (push) Blocked by required conditions
CI / -5 (push) Blocked by required conditions
CI / checks-node-core (push) Blocked by required conditions
CI / check-dependencies (push) Blocked by required conditions
CI / check-lint (push) Blocked by required conditions
CI / check-policy-guards (push) Blocked by required conditions
CI / check-preflight-guards (push) Blocked by required conditions
CI / check-prod-types (push) Blocked by required conditions
CI / check-strict-smoke (push) Blocked by required conditions
CI / check-test-types (push) Blocked by required conditions
CI / check (push) Blocked by required conditions
CI / check-additional-boundaries-a (push) Blocked by required conditions
CI / check-additional-boundaries-b (push) Blocked by required conditions
CI / check-additional-boundaries-c (push) Blocked by required conditions
CI / check-additional-boundaries-d (push) Blocked by required conditions
CI / check-additional-extension-bundled (push) Blocked by required conditions
CI / check-additional-extension-channels (push) Blocked by required conditions
CI / check-additional-extension-package-boundary (push) Blocked by required conditions
CI / check-additional-runtime-topology-architecture (push) Blocked by required conditions
CI / check-additional (push) Blocked by required conditions
CI / build-smoke (push) Blocked by required conditions
CI / check-docs (push) Blocked by required conditions
CI / skills-python (push) Blocked by required conditions
CI / -6 (push) Blocked by required conditions
CI / -7 (push) Blocked by required conditions
CI / macos-swift (push) Blocked by required conditions
CI / -8 (push) Blocked by required conditions
ClawSweeper Dispatch / dispatch (push) Waiting to run
Docs Sync Publish Repo / sync-publish-repo (push) Waiting to run
Docs / docs (push) Waiting to run
Plugin NPM Release / preview_plugins_npm (push) Waiting to run
Plugin NPM Release / preview_plugin_pack (push) Blocked by required conditions
Plugin NPM Release / publish_plugins_npm (push) Blocked by required conditions
Workflow Sanity / no-tabs (push) Waiting to run
Workflow Sanity / actionlint (push) Waiting to run
Workflow Sanity / generated-doc-baselines (push) Waiting to run
Control UI Locale Refresh / plan (push) Has been cancelled
Website Installer Sync / static (push) Has been cancelled
Website Installer Sync / linux-docker (push) Has been cancelled
Website Installer Sync / macos-installer (push) Has been cancelled
Website Installer Sync / windows-installer (push) Has been cancelled
Control UI Locale Refresh / Refresh (push) Has been cancelled
Website Installer Sync / sync-website (push) Has been cancelled
Fixes #68181. Rejects malformed macOS screen.snapshot params before capture, sanitizes capture failures, and bounds inline base64 snapshot responses against the projected node.invoke.result frame size. Supersedes #68186. |
||
|---|---|---|
| .. | ||
| Icon.icon | ||
| Packaging | ||
| Sources | ||
| Tests/OpenClawIPCTests | ||
| Package.resolved | ||
| Package.swift | ||
| README.md | ||
OpenClaw macOS app (dev + signing)
Quick dev run
# from repo root
scripts/restart-mac.sh
Options:
scripts/restart-mac.sh --no-sign # fastest dev; ad-hoc signing (TCC permissions do not stick)
scripts/restart-mac.sh --sign # force code signing (requires cert)
Packaging flow
scripts/package-mac-app.sh
Creates dist/OpenClaw.app and signs it via scripts/codesign-mac-app.sh.
Signing behavior
Auto-selects identity (first match):
- Developer ID Application
- Apple Distribution
- Apple Development
- first available identity
If none found:
- errors by default
- set
ALLOW_ADHOC_SIGNING=1orSIGN_IDENTITY="-"to ad-hoc sign
Team ID audit (Sparkle mismatch guard)
After signing, we read the app bundle Team ID and compare every Mach-O inside the app. If any embedded binary has a different Team ID, signing fails.
Skip the audit:
SKIP_TEAM_ID_CHECK=1 scripts/package-mac-app.sh
Library validation workaround (dev only)
If Sparkle Team ID mismatch blocks loading (common with Apple Development certs), opt in:
DISABLE_LIBRARY_VALIDATION=1 scripts/package-mac-app.sh
This adds com.apple.security.cs.disable-library-validation to app entitlements.
Use for local dev only; keep off for release builds.
Useful env flags
SIGN_IDENTITY="Apple Development: Your Name (TEAMID)"ALLOW_ADHOC_SIGNING=1(ad-hoc, TCC permissions do not persist)CODESIGN_TIMESTAMP=off(offline debug)DISABLE_LIBRARY_VALIDATION=1(dev-only Sparkle workaround)SKIP_TEAM_ID_CHECK=1(bypass audit)