Goal
Sign and notarize the macOS build so users no longer have to right-click → Open to bypass Gatekeeper.
Why
Friction for first-time users. The current unsigned dmg flow scares non-developers ("damaged / unidentified developer"). Notarization removes the warning.
Acceptance
Hints
- Requires Apple Developer Program membership ($99/yr).
- Reference: https://www.electron.build/code-signing.html
- entitlements file likely needs
com.apple.security.network.client (statusLine HTTP) and optionally com.apple.security.files.user-selected.read-write (no — pet only writes to userData).
Blockers
- Apple Developer cert availability. Until owner registers, this issue stays open.
Goal
Sign and notarize the macOS build so users no longer have to right-click → Open to bypass Gatekeeper.
Why
Friction for first-time users. The current unsigned dmg flow scares non-developers ("damaged / unidentified developer"). Notarization removes the warning.
Acceptance
build.macset withhardenedRuntime: true,gatekeeperAssess: true,entitlements: build/entitlements.mac.plist.CSC_LINK,CSC_KEY_PASSWORD,APPLE_ID,APPLE_APP_SPECIFIC_PASSWORD,APPLE_TEAM_ID) as secrets..dmgpassesspctl --assess --type installwithout warning on a fresh mac.Hints
com.apple.security.network.client(statusLine HTTP) and optionallycom.apple.security.files.user-selected.read-write(no — pet only writes to userData).Blockers