Skip to content

Release authority blockers prevent mass-production readiness #71

Description

@rogu3bear

Summary

Cursor Designer's local app and artifact gates are mostly green, but the app is not mass-production ready because the public release authority gates are blocked on Apple notarization credentials, Gatekeeper acceptance, stable GitHub release metadata, and manual release evidence.

This issue intentionally tracks the external release-authority work. It should not be closed from tests alone.

Fresh evidence

Repository state when filed:

  • branch: main
  • HEAD: 91f14f5
  • local tree: clean against origin/main
  • open PRs: none

Passing local app proof from the current audit:

  • ./scripts/check-monorepo-references.sh
  • ./scripts/check-website-boundary.sh
  • ./scripts/check-distribution-boundary.sh
  • ./scripts/check-compatibility-boundary.sh
  • ./scripts/check-local-first.sh
  • ./scripts/check-app-ui-contract.sh
  • swift test --package-path apps/macos: 201 tests, 0 failures
  • make -C apps/macos preflight
  • make -C apps/macos launch-smoke
  • make -C apps/macos dmg
  • make -C apps/macos dmg-install-check
  • make -C apps/macos dmg-artifact-match-check
  • make -C apps/macos signed-dmg

Current signed local artifact:

  • path: apps/macos/CursorDesigner.dmg
  • SHA-256: b69d869d5356d0b0c9390b5b4bf0be3aea421ad7ac05d84ef586f6a7dfdb852b
  • app version: 1.0.0
  • app build: 1

Failing release-authority proof:

  • make -C apps/macos release-artifact-readiness NOTARY_PROFILE="notarization"
  • make -C apps/macos north-star-audit NOTARY_PROFILE="notarization"

Observed blockers:

  • Gatekeeper rejects app: source=Unnotarized Developer ID
  • Gatekeeper rejects DMG: source=Insufficient Context
  • stapler reports CursorDesigner.dmg does not have a stapled ticket
  • notarytool reports no Keychain password item found for profile: notarization
  • gh release list shows only prerelease v0.8-unstable-alpha; there is no stable public release metadata

Required closure

Close this only after all of the following pass against the same candidate DMG:

  • make -C apps/macos notary-profile-check NOTARY_PROFILE=""
  • make -C apps/macos release-candidate SIGN_IDENTITY="" NOTARY_PROFILE=""
  • make -C apps/macos release-readiness NOTARY_PROFILE=""
  • make -C apps/macos manual-release-evidence-check MANUAL_EVIDENCE=""
  • make -C apps/macos north-star-audit NOTARY_PROFILE="" MANUAL_EVIDENCE=""

Manual evidence must come from apps/macos/MANUAL_RELEASE_CHECKS.md and must match the same Gatekeeper-accepted DMG by commit, release tag, DMG filename, DMG SHA-256, mounted app bundle ID, app version, app build, and executable SHA-256.

Non-goals

  • Do not create or publish a website to work around this.
  • Do not add Homebrew/stable download claims before the release metadata and manual evidence pass.
  • Do not mark mass-production readiness from the automated Swift test suite alone.

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wantedExtra attention is needed

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions