Skip to content

Improve development build experience#516

Open
johnyoonh wants to merge 2 commits intosteipete:mainfrom
johnyoonh:fix/build-improvements
Open

Improve development build experience#516
johnyoonh wants to merge 2 commits intosteipete:mainfrom
johnyoonh:fix/build-improvements

Conversation

@johnyoonh
Copy link

@johnyoonh johnyoonh commented Mar 13, 2026
edited
Loading

Summary

Improves development build scripts for smoother workflow.

Changes

compile_and_run.sh

  • Automatically source .envrc for APP_IDENTITY environment variable
  • Enables consistent code signing with development certificate
  • Eliminates need to manually export APP_IDENTITY before each build

package_app.sh

  • Add privacy usage descriptions to Info.plist:
    • Apple Events: Interact with other apps for URLs/sessions
    • Desktop/Documents/Downloads: Open configuration and log files
    • Photo Library/Apple Music: Explicitly state not used (framework requirement)

Benefits

  • Consistent code signing across rebuilds
  • Clear privacy descriptions instead of generic dialogs
  • Streamlined development workflow

Note

This PR improves the development experience but does NOT directly fix issue #485 (Claude keychain prompt cycle). That issue requires changes to Claude OAuth keychain handling logic.

Copilot AI review requested due to automatic review settings March 13, 2026 03:31
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 13, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3a76ce031a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Scripts/compile_and_run.sh
# Source .envrc if it exists to load APP_IDENTITY and other environment variables
if [[ -f "${ROOT_DIR}/.envrc" ]]; then
# shellcheck disable=SC1091
source "${ROOT_DIR}/.envrc"
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Avoid sourcing .envrc directly in build script

compile_and_run.sh runs with set -euo pipefail, so sourcing .envrc executes every command in that file and hard-fails on common direnv-only helpers (for example PATH_add/use), which can break local builds even when APP_IDENTITY is the only value needed. This also removes direnv’s explicit trust gate: if someone adds a .envrc in a branch, running this script will execute it immediately.

Useful? React with 👍 / 👎.

Copilot AI reviewed Mar 13, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the local development packaging/build scripts to reduce repeated macOS permission prompts (keychain/code-signing + privacy prompts) during rebuilds by making signing identity configuration more automatic and by providing explicit TCC usage descriptions in the generated Info.plist.

Changes:

  • compile_and_run.sh: Load APP_IDENTITY from a root .envrc (if present) to stabilize dev code signing across rebuilds.
  • package_app.sh: Add macOS privacy usage description strings (Apple Events, protected folders, Photo Library, Apple Music) into the generated app Info.plist.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
Scripts/compile_and_run.sh Sources .envrc to load/export APP_IDENTITY before build/signing.
Scripts/package_app.sh Injects several macOS privacy usage description keys into the generated Info.plist.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Scripts/compile_and_run.sh
Comment on lines +8 to +14
# Source .envrc if it exists to load APP_IDENTITY and other environment variables
if [[ -f "${ROOT_DIR}/.envrc" ]]; then
# shellcheck disable=SC1091
source "${ROOT_DIR}/.envrc"
export APP_IDENTITY
fi

Scripts/compile_and_run.sh
Comment on lines +11 to +12
source "${ROOT_DIR}/.envrc"
export APP_IDENTITY
Scripts/compile_and_run.sh
Comment on lines +10 to +12
# shellcheck disable=SC1091
source "${ROOT_DIR}/.envrc"
export APP_IDENTITY
Scripts/package_app.sh
<key>CodexBuildTimestamp</key><string>${BUILD_TIMESTAMP}</string>
<key>CodexGitCommit</key><string>${GIT_COMMIT}</string>
<!-- Usage descriptions for macOS privacy permissions -->
<key>NSAppleEventsUsageDescription</key><string>CodexBar needs to interact with other applications to open URLs and manage your AI coding sessions.</string>
Scripts/package_app.sh
Comment on lines +202 to +204
<key>NSDesktopFolderUsageDescription</key><string>CodexBar needs access to open configuration and log files from your Desktop.</string>
<key>NSDocumentsFolderUsageDescription</key><string>CodexBar needs access to open configuration and log files from your Documents folder.</string>
<key>NSDownloadsFolderUsageDescription</key><string>CodexBar needs access to open configuration and log files from your Downloads folder.</string>
@johnyoonh johnyoonh changed the title Improve build scripts to reduce permission prompts Improve development build experience Mar 13, 2026
@johnyoonh johnyoonh force-pushed the fix/build-improvements branch from 3a76ce0 to 4b400e1 Compare March 13, 2026 03:46
@johnyoonh johnyoonh requested a review from Copilot March 13, 2026 03:50
Copilot AI reviewed Mar 13, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves the local development/build workflow and the packaged app’s privacy permission prompts by auto-loading signing-related env vars and adding explicit TCC usage descriptions to the generated Info.plist.

Changes:

  • Update compile_and_run.sh to load APP_IDENTITY (and other env vars) from a project .envrc when present.
  • Update package_app.sh to embed macOS privacy usage description keys into the generated Info.plist.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
Scripts/compile_and_run.sh Attempts to streamline dev signing by sourcing .envrc for APP_IDENTITY.
Scripts/package_app.sh Adds explicit TCC usage description strings to the generated Info.plist.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Scripts/compile_and_run.sh
Comment on lines +8 to +16
# Source .envrc if it exists to load APP_IDENTITY and other environment variables
# Note: This executes all commands in .envrc, but direnv requires explicit user approval
# via 'direnv allow', so this is safe for development use.
if [[ -f "${ROOT_DIR}/.envrc" ]]; then
# shellcheck disable=SC1091
source "${ROOT_DIR}/.envrc"
export APP_IDENTITY
fi

Scripts/compile_and_run.sh
Comment on lines +12 to +14
# shellcheck disable=SC1091
source "${ROOT_DIR}/.envrc"
export APP_IDENTITY
Scripts/package_app.sh
<key>CodexBuildTimestamp</key><string>${BUILD_TIMESTAMP}</string>
<key>CodexGitCommit</key><string>${GIT_COMMIT}</string>
<!-- Usage descriptions for macOS privacy permissions -->
<key>NSAppleEventsUsageDescription</key><string>CodexBar needs to interact with other applications to open URLs and manage your AI coding sessions.</string>
johnyoonh and others added 2 commits March 13, 2026 02:44
@johnyoonh @qwencoder
Add output.log to .gitignore
0e0eaa7 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
@johnyoonh @qwencoder
Improve development build experience
bb54acf 
- compile_and_run.sh: Automatically source .envrc for APP_IDENTITY
  - Added comment acknowledging direnv trust model
- package_app.sh: Add privacy usage descriptions to Info.plist
  - Apple Events: Interact with other apps for URLs/sessions
  - Desktop/Documents/Downloads: Open config and log files
  - Photo Library/Apple Music: Explicitly state not used

Benefits:
- Consistent code signing across rebuilds
- Clear privacy descriptions instead of generic dialogs
- Streamlined development workflow

Note: Does NOT fix issue steipete#485 (Claude keychain prompt cycle).
That requires changes to Claude OAuth keychain handling logic.

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
@johnyoonh johnyoonh force-pushed the fix/build-improvements branch from 4b400e1 to bb54acf Compare March 13, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@johnyoonh