mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-09 15:59:30 +00:00
* feat(mac): unified Liquid Glass pairing approval panel Replace the serial node/device pairing NSAlerts with one floating approval panel. Both prompters feed request cards into a shared PairingApprovalCenter; each card shows a hardware icon, platform and model, app/core version, source IP, a copyable short id, request age, a trust line (first connection / already-paired-id caution / repair token rotation), and a friendly access summary with an elevated warning for system.run-class commands. Requests resolved elsewhere disappear live; Not Now snoozes without resolving (gateway TTL applies) and the menu-bar pending line reopens the panel. Liquid Glass surface on macOS 26+, material fallback on macOS 15. Deletes the NSAlert + invisible-host-window machinery, dead node isRepair handling, and text-only describe() body. Closes #102535 * fix(mac): satisfy swiftformat conditionalAssignment and resync native i18n inventory |
||
|---|---|---|
| .. | ||
| Icon.icon | ||
| Packaging | ||
| Sources | ||
| Tests/OpenClawIPCTests | ||
| Package.resolved | ||
| Package.swift | ||
| README.md | ||
OpenClaw macOS app (dev + signing)
Quick dev run
# from repo root
scripts/restart-mac.sh
Options:
scripts/restart-mac.sh --no-sign # fastest dev; ad-hoc signing (TCC permissions do not stick)
scripts/restart-mac.sh --sign # force code signing (requires cert)
Packaging flow
scripts/package-mac-app.sh
Creates dist/OpenClaw.app and signs it via scripts/codesign-mac-app.sh.
Signing behavior
Auto-selects identity (first match):
- Developer ID Application
- Apple Distribution
- Apple Development
- first available identity
If none found:
- errors by default
- set
ALLOW_ADHOC_SIGNING=1orSIGN_IDENTITY="-"to ad-hoc sign
Team ID audit (Sparkle mismatch guard)
After signing, we read the app bundle Team ID and compare every Mach-O inside the app. If any embedded binary has a different Team ID, signing fails.
Skip the audit:
SKIP_TEAM_ID_CHECK=1 scripts/package-mac-app.sh
Library validation workaround (dev only)
If Sparkle Team ID mismatch blocks loading (common with Apple Development certs), opt in:
DISABLE_LIBRARY_VALIDATION=1 scripts/package-mac-app.sh
This adds com.apple.security.cs.disable-library-validation to app entitlements.
Use for local dev only; keep off for release builds.
Useful env flags
SIGN_IDENTITY="Apple Development: Your Name (TEAMID)"ALLOW_ADHOC_SIGNING=1(ad-hoc, TCC permissions do not persist)CODESIGN_TIMESTAMP=off(offline debug)DISABLE_LIBRARY_VALIDATION=1(dev-only Sparkle workaround)SKIP_TEAM_ID_CHECK=1(bypass audit)