fix: restore signed BrainBar rebuilds

[EtanHey]

Summary

• replace ad-hoc BrainBar app signing with verified Apple Development signing so hotkey-related permissions can persist across rebuilds
• keep the existing install path but fail the build if the final bundle is not signed with the expected identity
• correct the build script output comment to match the actual default install path

Verification

• swift test --package-path brain-bar
• bash brain-bar/build-app.sh
• codesign -dv --verbose=4 ~/Applications/BrainBar.app

Notes

• I could not synthesize F4/Cmd+F4 from the shell because macOS denied terminal-driven keystroke injection ( -> System Events error 1002).
• TCC still shows no ListenEvent/Accessibility grants for the bundle on this machine until the user enables them.

Note

Restore developer code-signing in BrainBar build script

• Replaces ad-hoc (--sign -) codesigning with a named developer identity, sourced from BRAINBAR_CODESIGN_IDENTITY (defaults to Apple Development: Etan Heyman).
• Adds --deep signing and a post-sign verification step in build-app.sh that exits non-zero if the installed app's authority doesn't match the expected identity.
• Changes the default install path from the system /Applications to ~/Applications, overridable via BRAINBAR_APP_DIR.
• Behavioral Change: builds that previously succeeded with ad-hoc signing will now fail if the expected developer certificate is not available in the keychain.

^{Macroscope summarized fbf254b.}

Summary by CodeRabbit

• Chores
  • Improved build script configuration with environment variable support for app output directory and code-signing identity.
  • Enhanced code-signing process with developer signing and post-signature verification to ensure build integrity.

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[EtanHey]

@coderabbitai review

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Modified the build script to support configurable output directory and code-signing identity through environment variables, replacing ad-hoc code-signing with developer signing and adding a post-sign verification step to validate the signature.

Changes

Cohort / File(s)

Summary

Build Script Configuration brain-bar/build-app.sh

Updated documentation for output path default (~/Applications/BrainBar.app), added environment variables for configurable output directory (BRAINBAR_APP_DIR) and code-signing identity (BRAINBAR_CODESIGN_IDENTITY). Replaced ad-hoc signing with developer signing using --deep and --timestamp=none flags. Added post-sign verification step that checks signature authority matches the configured identity and fails the script if verification fails.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A rabbit did hop through the code so fine,
"Let's sign with a key, not ad-hoc design!"
With variables set and verification true,
The build now runs crisp—both strong and through! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: restore signed BrainBar rebuilds' directly corresponds to the main change in the PR: replacing ad-hoc signing with verified Apple Development signing to restore proper code signing.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/rebuild-and-fix

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[EtanHey]

@codex review

[EtanHey]

@cursor @BugBot review

[EtanHey]

@greptileai review

[cursor]

You need to increase your spend limit or enable usage-based billing to run background agents. Go to Cursor

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.