cli-8.3.0

🆕 Changelog

Added

• Precompiled, signed, and notarized macOS keychain helper packages (@capgo/cli-keychain-darwin-arm64 and @capgo/cli-keychain-darwin-x64) that are automatically installed for the appropriate architecture
• Signature verification for helper binaries before execution to ensure authenticity
• Keychain helper now ships as a macOS app bundle (Capgo.app) with proper branding, displaying the Capgo name and icon in Keychain prompts
• Support for persistent "Always Allow" grants across releases via stable bundle identifier

Changed

• Keychain export now uses precompiled helper binaries instead of runtime Swift compilation
• Passphrase for p12 export now passed via stdin instead of command-line arguments for improved security
• Keychain helper published under 'rc' dist-tag initially, with stable versions going to 'latest'

Removed

• Runtime Swift compiler (swiftc) dependency and on-demand compilation workflow
• Temporary cache for compiled helper binaries
• Compiling-helper onboarding step from the CLI wizard

Fixed

• Strengthened codesign verification to pin bundle identifier, preventing acceptance of arbitrary binaries signed with the same certificate
• Added artifact validation to ensure exported p12 files are non-empty and match expected size
• Improved error handling: failed chmod operations on exported p12 files now delete the file and fail explicitly
• Prevented potential use-after-free in Swift helper by holding passphrase reference across SecItemExport operation

Security

• Helper binary signature verification now enforces both Developer ID certificate and specific Capgo Team ID requirements
• Anti-footgun gate prevents helper execution outside authorized CLI context
• Passphrase transmission moved from visible process arguments to stdin to prevent exposure via ps command
• Added dead-code elimination check to prevent development override paths from leaking into production builds

---

🔗 Full Changelog: capgo-12.164.0...cli-8.3.0