fix(agent): harden macos es/ne scaffolding and supervision

Author: bb-connor

.codex/swarm/lanes.tsv

@@ -1,10 +1,12 @@
 lane	worktree	branch	profile	role	brief_id	description	docs	bootstrap
-orch	huntronomer-workspace-orch	feature/huntronomer-workspace-orchestrator	swarm-orchestrator	workstream_orchestrator	ORCH	Workspace-shell orchestrator lane for metadata, shared shell wiring, merge sequencing, and capability policy	docs/plans/clawdstrike/huntronomer/workspace-shell/swarm-plan.md,docs/plans/clawdstrike/huntronomer/workspace-shell/roadmap.md,docs/specs/17-huntronomer-workspace-services.md,docs/specs/18-huntronomer-shell-command-model.md	cd apps/desktop && bun install --frozen-lockfile && cargo fetch --locked --manifest-path src-tauri/Cargo.toml
-ws1	ws1-workspace-core	feature/huntronomer-ws-core	swarm-worker	lane_worker	WS1	Workspace-core lane for trusted roots, canonical paths, filesystem contracts, and settings persistence	docs/plans/clawdstrike/huntronomer/workspace-shell/swarm-plan.md,docs/plans/clawdstrike/huntronomer/workspace-shell/target-architecture.md,docs/specs/17-huntronomer-workspace-services.md	cd apps/desktop && bun install --frozen-lockfile && cargo fetch --locked --manifest-path src-tauri/Cargo.toml
-ws2	ws2-search-watch	feature/huntronomer-ws-search-watch	swarm-worker	lane_worker	WS2	Watcher and search lane for notify, fd, rg, and allowlisted sidecar process management	docs/plans/clawdstrike/huntronomer/workspace-shell/swarm-plan.md,docs/plans/clawdstrike/huntronomer/workspace-shell/roadmap.md,docs/specs/17-huntronomer-workspace-services.md	cd apps/desktop && bun install --frozen-lockfile && cargo fetch --locked --manifest-path src-tauri/Cargo.toml
-ws3	ws3-workspace-shell	feature/huntronomer-ws-shell-ui	swarm-worker	lane_worker	WS3	Workspace-shell UI lane for route scaffolding, tree layout, breadcrumbs, pane state, and command entry points	docs/plans/clawdstrike/huntronomer/workspace-shell/swarm-plan.md,docs/plans/clawdstrike/huntronomer/workspace-shell/target-architecture.md,docs/specs/18-huntronomer-shell-command-model.md	cd apps/desktop && bun install --frozen-lockfile
-ws4	ws4-monaco-editor	feature/huntronomer-ws-monaco	swarm-worker	lane_worker	WS4	Monaco editor lane for buffer models, tab flows, save and reload behavior, and editor tests	docs/plans/clawdstrike/huntronomer/workspace-shell/swarm-plan.md,docs/plans/clawdstrike/huntronomer/workspace-shell/roadmap.md,docs/specs/17-huntronomer-workspace-services.md	cd apps/desktop && bun install --frozen-lockfile
-ws5	ws5-terminal-pty	feature/huntronomer-ws-terminal	swarm-worker	lane_worker	WS5	Terminal lane for PTY session lifecycle, xterm integration, resize behavior, and task-versus-shell sessions	docs/plans/clawdstrike/huntronomer/workspace-shell/swarm-plan.md,docs/plans/clawdstrike/huntronomer/workspace-shell/target-architecture.md,docs/specs/17-huntronomer-workspace-services.md	cd apps/desktop && bun install --frozen-lockfile && cargo fetch --locked --manifest-path src-tauri/Cargo.toml
-ws6	ws6-search-git-ui	feature/huntronomer-ws-search-git-ui	swarm-worker	lane_worker	WS6	Search and git UX lane for quick-open, content search, git status, diff summaries, and editor deep links	docs/plans/clawdstrike/huntronomer/workspace-shell/swarm-plan.md,docs/plans/clawdstrike/huntronomer/workspace-shell/roadmap.md,docs/specs/17-huntronomer-workspace-services.md	cd apps/desktop && bun install --frozen-lockfile
-ws7	ws7-language-client	feature/huntronomer-ws-language-client	swarm-worker	lane_worker	WS7	Language-intelligence lane for monaco-languageclient, language-server supervision, diagnostics, and symbol navigation	docs/plans/clawdstrike/huntronomer/workspace-shell/swarm-plan.md,docs/plans/clawdstrike/huntronomer/workspace-shell/roadmap.md,docs/specs/17-huntronomer-workspace-services.md,docs/specs/18-huntronomer-shell-command-model.md	cd apps/desktop && bun install --frozen-lockfile && cargo fetch --locked --manifest-path src-tauri/Cargo.toml
-ws8	ws8-release-verify	feature/huntronomer-ws-release-verify	swarm-worker	lane_worker	WS8	Persistence and release-hardening lane for session recall, packaging checks, smoke verification, and optional index evaluation	docs/plans/clawdstrike/huntronomer/workspace-shell/swarm-plan.md,docs/plans/clawdstrike/huntronomer/workspace-shell/roadmap.md,docs/specs/17-huntronomer-workspace-services.md,docs/specs/18-huntronomer-shell-command-model.md	cd apps/desktop && bun install --frozen-lockfile && cargo fetch --locked --manifest-path src-tauri/Cargo.toml
+ORCH	macos-es-ne-orch	feature/macos-es-ne-orchestrator	swarm-orchestrator	workstream_orchestrator	ORCH	Orchestrator lane for the macOS EndpointSecurity and NetworkExtension implementation wave; owns shared metadata, architecture exceptions, merge order, and final consolidation	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/network-extension-provider-and-topology.md,docs/plans/clawdstrike/macos-es-ne/endpoint-security-auth-contract.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md,docs/plans/multi-agent/codex-swarm-playbook.md	cargo-fetch-locked
+HOST	macos-es-ne-host-foundation	feature/macos-es-ne-host-foundation	swarm-worker	lane_worker	HOST	Containing-app foundation lane for apps/agent macOS host modules, combined-system-extension lifecycle hooks, and frozen local IPC contract	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/network-extension-provider-and-topology.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md	cargo-fetch-agent-locked
+RHOST	macos-es-ne-host-review	feature/macos-es-ne-host-review	swarm-review	merge_reviewer	RHOST	Review lane for HOST focused on ownership violations, contract drift, degraded-state handling, and missing verification	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md	cargo-fetch-agent-locked
+POLAT	macos-es-ne-policy-attest	feature/macos-es-ne-policy-attest	swarm-worker	lane_worker	POLAT	Policy and attestation lane for the frozen macOS runtime contract, ES fail-open semantics, and receipt schema changes	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/network-extension-provider-and-topology.md,docs/plans/clawdstrike/macos-es-ne/endpoint-security-auth-contract.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md,docs/nono-integration/04-policy-translation.md,docs/nono-integration/06-receipt-attestation.md	cargo-fetch-locked
+RPOLAT	macos-es-ne-policy-review	feature/macos-es-ne-policy-review	swarm-review	merge_reviewer	RPOLAT	Review lane for POLAT focused on contract integrity, degraded-state truthfulness, test coverage, and merge risk	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/endpoint-security-auth-contract.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md,docs/nono-integration/04-policy-translation.md,docs/nono-integration/06-receipt-attestation.md	cargo-fetch-locked
+ESINT	macos-es-ne-es-integration	feature/macos-es-ne-es-integration	swarm-worker	lane_worker	ESINT	EndpointSecurity implementation lane for the combined-system-extension ES subtree; must drive host macOS status plus attestation provider_states and deadline counters truthfully	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/endpoint-security-auth-contract.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md	cargo-fetch-agent-locked
+NEINT	macos-es-ne-ne-integration	feature/macos-es-ne-ne-integration	swarm-worker	lane_worker	NEINT	NetworkExtension implementation lane for the combined-system-extension NE subtree; must drive host and attestation provider state with the content-filter baseline while preserving actual backend reporting	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/network-extension-provider-and-topology.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md,docs/nono-integration/04-policy-translation.md	cargo-fetch-agent-locked
+RESINT	macos-es-ne-es-review	feature/macos-es-ne-es-review	swarm-review	merge_reviewer	RESINT	Review lane for ESINT focused on contract adherence, deadline/fail-open semantics, host and receipt degraded-state truthfulness, and verification evidence	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/endpoint-security-auth-contract.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md	cargo-fetch-agent-locked
+RNEINT	macos-es-ne-ne-review	feature/macos-es-ne-ne-review	swarm-review	merge_reviewer	RNEINT	Review lane for NEINT focused on provider choice, backend-truthful network reporting, degraded-state handling, and verification evidence	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/network-extension-provider-and-topology.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md	cargo-fetch-agent-locked
+PKG	macos-es-ne-pkg-sign	feature/macos-es-ne-pkg-sign	swarm-worker	lane_worker	PKG	MacOS packaging lane for the combined system extension, entitlements, signing, notarization, and CI release wiring in apps/agent	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/network-extension-provider-and-topology.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md	cargo-fetch-agent-locked
+RPKG	macos-es-ne-pkg-review	feature/macos-es-ne-pkg-review	swarm-review	merge_reviewer	RPKG	Review lane for PKG focused on deployment-model correctness, signing integrity, denied-path coverage, and release pipeline regressions	docs/plans/clawdstrike/macos-es-ne/swarm-plan.md,docs/plans/clawdstrike/macos-es-ne/deployment-and-verification.md	cargo-fetch-agent-locked

.codex/swarm/waves.tsv

@@ -1,7 +1,11 @@
 wave	lanes
-wave0	orch
-wave1	ws1,ws3
-wave2	ws2,ws4
-wave3	ws5,ws6
-wave4	ws7
-wave5	ws8
+wave0	ORCH
+wave1	HOST
+wave2	RHOST
+wave3	POLAT
+wave4	RPOLAT
+wave5	ESINT,NEINT
+wave6	RESINT,RNEINT
+wave7	PKG
+wave8	RPKG
+wave9	ORCH

.github/workflows/ci.yml

@@ -245,8 +245,27 @@ jobs:
       - name: Check desktop Tauri crate
         run: cargo check --manifest-path apps/desktop/src-tauri/Cargo.toml
 
-      - name: Check agent Tauri crate
-        run: cargo check --manifest-path apps/agent/src-tauri/Cargo.toml
+      - name: Check agent macOS packaging sources
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          required=(
+            apps/agent/src-tauri/macos/system-extension/entitlements/agent-app.entitlements
+            apps/agent/src-tauri/macos/system-extension/entitlements/combined-system-extension.entitlements
+            apps/agent/src-tauri/macos/system-extension/plists/agent-packaging-template.plist
+            apps/agent/src-tauri/macos/system-extension/plists/combined-system-extension-template.plist
+            apps/agent/src-tauri/macos/system-extension/profiles/developer-id-profile-template.plist
+          )
+
+          for path in "${required[@]}"; do
+            [[ -f "$path" ]] || {
+              echo "missing macOS packaging asset: $path" >&2
+              exit 1
+            }
+          done
+
+          CLAWDSTRIKE_VALIDATE_MACOS_PACKAGING=1 cargo check --manifest-path apps/agent/src-tauri/Cargo.toml
 
   desktop-frontend:
     name: Desktop Frontend

.github/workflows/release.yml

@@ -70,6 +70,36 @@ jobs:
       - name: Validate version consistency
         run: scripts/release-preflight.sh "${{ needs.resolve-version.outputs.version }}"
 
+      - name: Validate macOS packaging sources are release-capable
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          required=(
+            apps/agent/src-tauri/macos/system-extension/entitlements/agent-app.entitlements
+            apps/agent/src-tauri/macos/system-extension/entitlements/combined-system-extension.entitlements
+            apps/agent/src-tauri/macos/system-extension/plists/agent-packaging-template.plist
+            apps/agent/src-tauri/macos/system-extension/plists/combined-system-extension-template.plist
+            apps/agent/src-tauri/macos/system-extension/profiles/developer-id-profile-template.plist
+          )
+
+          for path in "${required[@]}"; do
+            [[ -f "$path" ]] || {
+              echo "missing macOS packaging asset: $path" >&2
+              exit 1
+            }
+          done
+
+          if grep -R -nE "__[A-Z0-9_]+__" apps/agent/src-tauri/macos/system-extension; then
+            echo "macOS combined-system-extension packaging still contains placeholders; replace them before release." >&2
+            exit 1
+          fi
+
+          if grep -R -n "scaffold_only" apps/agent/src-tauri/macos/system-extension; then
+            echo "macOS packaging sources still declare scaffold_only state; release requires concrete source metadata plus a real embedded system extension bundle." >&2
+            exit 1
+          fi
+
       - name: Run tests
         run: cargo test --workspace
 
@@ -710,6 +740,14 @@ jobs:
     name: Build Agent DMG
     runs-on: macos-latest
     needs: preflight
+    env:
+      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+      APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+      NOTARYTOOL_PROFILE: ${{ secrets.NOTARYTOOL_PROFILE }}
+      APPLE_ID: ${{ secrets.APPLE_ID }}
+      APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+      CLAWDSTRIKE_REQUIRE_CONCRETE_MACOS_PACKAGING: "1"
+      NOTARIZE_OUT_DIR: ${{ runner.temp }}/clawdstrike-notarization
     steps:
       - uses: actions/checkout@v6
 
@@ -723,9 +761,8 @@ jobs:
       - name: Install tauri-cli
         run: cargo install tauri-cli --locked --version '^2'
 
-      - name: Build agent DMG bundle
-        working-directory: apps/agent
-        run: cargo tauri build --bundles dmg
+      - name: Build and notarize agent app bundle
+        run: bash scripts/notarize-agent-macos.sh
 
       - name: Upload agent DMG artifact
         uses: actions/upload-artifact@v6
@@ -734,6 +771,14 @@ jobs:
           path: apps/agent/src-tauri/target/release/bundle/dmg/*.dmg
           if-no-files-found: error
 
+      - name: Upload notarization evidence
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: clawdstrike-agent-notarization
+          path: ${{ env.NOTARIZE_OUT_DIR }}/
+          if-no-files-found: ignore
+
   create-release:
     name: Create GitHub Release
     runs-on: ubuntu-latest

apps/agent/src-tauri/build.rs

@@ -1,3 +1,111 @@
+use std::{env, fs, path::PathBuf};
+
+const REQUIRED_MACOS_PACKAGING_FILES: &[&str] = &[
+    "macos/system-extension/entitlements/agent-app.entitlements",
+    "macos/system-extension/entitlements/combined-system-extension.entitlements",
+    "macos/system-extension/plists/agent-packaging-template.plist",
+    "macos/system-extension/plists/combined-system-extension-template.plist",
+    "macos/system-extension/profiles/developer-id-profile-template.plist",
+];
+
+const TAURI_CONFIG_PATH: &str = "tauri.conf.json";
+const SCAFFOLD_ONLY_MARKER: &str = "scaffold_only";
+const REQUIRED_TAURI_CONFIG_SNIPPETS: &[&str] = &[
+    "\"minimumSystemVersion\": \"13.0\"",
+    "\"macos/system-extension/**/*\"",
+    "\"entitlements\": \"macos/system-extension/entitlements/agent-app.entitlements\"",
+];
+
 fn main() {
+    println!("cargo:rerun-if-changed={TAURI_CONFIG_PATH}");
+    for relative_path in REQUIRED_MACOS_PACKAGING_FILES {
+        println!("cargo:rerun-if-changed={relative_path}");
+    }
+
+    if should_validate_macos_packaging() {
+        validate_macos_packaging()
+            .unwrap_or_else(|error| panic!("macOS packaging validation failed: {error}"));
+    }
+
     tauri_build::build()
 }
+
+fn should_validate_macos_packaging() -> bool {
+    env::var("TARGET")
+        .map(|target| target.contains("apple-darwin"))
+        .unwrap_or(false)
+        || env::var_os("CLAWDSTRIKE_VALIDATE_MACOS_PACKAGING").is_some()
+}
+
+fn validate_macos_packaging() -> Result<(), String> {
+    let manifest_dir = manifest_dir()?;
+
+    let mut missing_files = Vec::new();
+    for relative_path in REQUIRED_MACOS_PACKAGING_FILES {
+        if !manifest_dir.join(relative_path).is_file() {
+            missing_files.push((*relative_path).to_string());
+        }
+    }
+    if !missing_files.is_empty() {
+        return Err(format!(
+            "missing required packaging assets: {}",
+            missing_files.join(", ")
+        ));
+    }
+
+    let tauri_config = fs::read_to_string(manifest_dir.join(TAURI_CONFIG_PATH))
+        .map_err(|error| format!("failed to read {TAURI_CONFIG_PATH}: {error}"))?;
+    let missing_config = REQUIRED_TAURI_CONFIG_SNIPPETS
+        .iter()
+        .filter(|snippet| !tauri_config.contains(**snippet))
+        .copied()
+        .collect::<Vec<_>>();
+    if !missing_config.is_empty() {
+        return Err(format!(
+            "tauri.conf.json is missing required macOS packaging entries: {}",
+            missing_config.join(", ")
+        ));
+    }
+
+    if env::var_os("CLAWDSTRIKE_REQUIRE_CONCRETE_MACOS_PACKAGING").is_some() {
+        let files_with_placeholders = REQUIRED_MACOS_PACKAGING_FILES
+            .iter()
+            .filter_map(|relative_path| {
+                fs::read_to_string(manifest_dir.join(relative_path))
+                    .ok()
+                    .filter(|contents| contents.contains("__"))
+                    .map(|_| (*relative_path).to_string())
+            })
+            .collect::<Vec<_>>();
+        if !files_with_placeholders.is_empty() {
+            return Err(format!(
+                "release-gated packaging placeholders remain in: {}",
+                files_with_placeholders.join(", ")
+            ));
+        }
+
+        let files_with_scaffold_marker = REQUIRED_MACOS_PACKAGING_FILES
+            .iter()
+            .filter_map(|relative_path| {
+                fs::read_to_string(manifest_dir.join(relative_path))
+                    .ok()
+                    .filter(|contents| contents.contains(SCAFFOLD_ONLY_MARKER))
+                    .map(|_| (*relative_path).to_string())
+            })
+            .collect::<Vec<_>>();
+        if !files_with_scaffold_marker.is_empty() {
+            return Err(format!(
+                "release-gated packaging sources still declare scaffold_only state: {}",
+                files_with_scaffold_marker.join(", ")
+            ));
+        }
+    }
+
+    Ok(())
+}
+
+fn manifest_dir() -> Result<PathBuf, String> {
+    env::var("CARGO_MANIFEST_DIR")
+        .map(PathBuf::from)
+        .map_err(|error| format!("missing CARGO_MANIFEST_DIR: {error}"))
+}

apps/agent/src-tauri/macos/system-extension/endpoint-security/Package.swift

@@ -0,0 +1,32 @@
+// swift-tools-version: 5.9
+import PackageDescription
+
+let package = Package(
+    name: "EndpointSecurityExtension",
+    platforms: [
+        .macOS(.v13)
+    ],
+    products: [
+        .library(
+            name: "EndpointSecurityExtension",
+            targets: ["EndpointSecurityExtension"]
+        ),
+        .executable(
+            name: "endpoint-security-status-tool",
+            targets: ["EndpointSecurityStatusTool"]
+        )
+    ],
+    targets: [
+        .target(
+            name: "EndpointSecurityExtension"
+        ),
+        .executableTarget(
+            name: "EndpointSecurityStatusTool",
+            dependencies: ["EndpointSecurityExtension"]
+        ),
+        .testTarget(
+            name: "EndpointSecurityExtensionTests",
+            dependencies: ["EndpointSecurityExtension"]
+        )
+    ]
+)