Summary
Cursor Designer's local app and artifact gates are mostly green, but the app is not mass-production ready because the public release authority gates are blocked on Apple notarization credentials, Gatekeeper acceptance, stable GitHub release metadata, and manual release evidence.
This issue intentionally tracks the external release-authority work. It should not be closed from tests alone.
Fresh evidence
Repository state when filed:
- branch: main
- HEAD: 91f14f5
- local tree: clean against origin/main
- open PRs: none
Passing local app proof from the current audit:
- ./scripts/check-monorepo-references.sh
- ./scripts/check-website-boundary.sh
- ./scripts/check-distribution-boundary.sh
- ./scripts/check-compatibility-boundary.sh
- ./scripts/check-local-first.sh
- ./scripts/check-app-ui-contract.sh
- swift test --package-path apps/macos: 201 tests, 0 failures
- make -C apps/macos preflight
- make -C apps/macos launch-smoke
- make -C apps/macos dmg
- make -C apps/macos dmg-install-check
- make -C apps/macos dmg-artifact-match-check
- make -C apps/macos signed-dmg
Current signed local artifact:
- path: apps/macos/CursorDesigner.dmg
- SHA-256: b69d869d5356d0b0c9390b5b4bf0be3aea421ad7ac05d84ef586f6a7dfdb852b
- app version: 1.0.0
- app build: 1
Failing release-authority proof:
- make -C apps/macos release-artifact-readiness NOTARY_PROFILE="notarization"
- make -C apps/macos north-star-audit NOTARY_PROFILE="notarization"
Observed blockers:
- Gatekeeper rejects app: source=Unnotarized Developer ID
- Gatekeeper rejects DMG: source=Insufficient Context
- stapler reports CursorDesigner.dmg does not have a stapled ticket
- notarytool reports no Keychain password item found for profile: notarization
- gh release list shows only prerelease v0.8-unstable-alpha; there is no stable public release metadata
Required closure
Close this only after all of the following pass against the same candidate DMG:
- make -C apps/macos notary-profile-check NOTARY_PROFILE=""
- make -C apps/macos release-candidate SIGN_IDENTITY="" NOTARY_PROFILE=""
- make -C apps/macos release-readiness NOTARY_PROFILE=""
- make -C apps/macos manual-release-evidence-check MANUAL_EVIDENCE=""
- make -C apps/macos north-star-audit NOTARY_PROFILE="" MANUAL_EVIDENCE=""
Manual evidence must come from apps/macos/MANUAL_RELEASE_CHECKS.md and must match the same Gatekeeper-accepted DMG by commit, release tag, DMG filename, DMG SHA-256, mounted app bundle ID, app version, app build, and executable SHA-256.
Non-goals
- Do not create or publish a website to work around this.
- Do not add Homebrew/stable download claims before the release metadata and manual evidence pass.
- Do not mark mass-production readiness from the automated Swift test suite alone.
Summary
Cursor Designer's local app and artifact gates are mostly green, but the app is not mass-production ready because the public release authority gates are blocked on Apple notarization credentials, Gatekeeper acceptance, stable GitHub release metadata, and manual release evidence.
This issue intentionally tracks the external release-authority work. It should not be closed from tests alone.
Fresh evidence
Repository state when filed:
Passing local app proof from the current audit:
Current signed local artifact:
Failing release-authority proof:
Observed blockers:
Required closure
Close this only after all of the following pass against the same candidate DMG:
Manual evidence must come from apps/macos/MANUAL_RELEASE_CHECKS.md and must match the same Gatekeeper-accepted DMG by commit, release tag, DMG filename, DMG SHA-256, mounted app bundle ID, app version, app build, and executable SHA-256.
Non-goals