OpenAdapt Desktop Experimental 0.1.1
Pre-releaseExperimental Native Installers
OpenAdapt Desktop native packages are Experimental scaffold-shell artifacts.
They verify platform packaging and removal, not an integrated OpenAdapt workflow.
The window is hidden by default, the tray and Rust commands remain scaffolds, and
the Python sidecar is not started or bundled. Use openadapt-flow for the
supported record, compile, certify, replay, and governed-repair path.
Native releases use a distinct desktop-vX.Y.Z tag and prerelease channel. The
native version comes from package.json, src-tauri/Cargo.toml, and
src-tauri/tauri.conf.json; it is intentionally separate from the Python
package's semantic-release version.
Artifact labels
Every filename includes Experimental, the native version, operating system,
architecture, and signing state. The initial matrix is:
| Platform | Architectures | Packages | Signing labels |
|---|---|---|---|
| macOS | Apple Silicon (arm64), Intel (x86_64) |
DMG | adhoc or developer-id-notarized |
| Windows | x86_64 |
MSI and NSIS setup executable | unsigned or authenticode |
| Linux | x86_64 |
DEB and AppImage | unsigned plus GitHub provenance |
The build workflow runs structural install/uninstall smoke tests on clean hosted
runners. These tests do not certify recording, replay, the updater, Gatekeeper,
SmartScreen reputation, distribution-repository metadata, or production use.
Integrity and provenance
Release jobs stage the exact post-signing, smoke-tested files, generate one
sorted SHA256SUMS manifest, verify it, and create GitHub artifact attestations
over that manifest. Consumers can verify downloaded assets with:
sha256sum -c SHA256SUMS
for artifact in OpenAdapt-Desktop-Experimental-*; do
gh attestation verify "$artifact" --repo OpenAdaptAI/openadapt-desktop
doneAn attestation binds bytes to a build identity; it does not establish that the
software is secure or functionally complete.
External signing requirements
The protected native-release GitHub environment may provide complete signing
credential sets. Partial sets fail the build instead of falling back silently.
- macOS Developer ID and notarization:
APPLE_CERTIFICATE,
APPLE_CERTIFICATE_PASSWORD,APPLE_SIGNING_IDENTITY,APPLE_ID,
APPLE_PASSWORD, andAPPLE_TEAM_ID. - Windows Authenticode:
WINDOWS_CERTIFICATE,
WINDOWS_CERTIFICATE_PASSWORD, andWINDOWS_CERTIFICATE_THUMBPRINT. The
certificate must support code signing; Tauri uses SHA-256 and an RFC 3161
timestamp service. - Linux AppImage GPG is intentionally disabled until the workflow pins an
external AppImage signature validator and publishes the corresponding public
key fingerprint through an authenticated channel. AppImage does not
self-verify; DEB/RPM repository metadata signing is also a separate boundary.
When no complete credential set is configured, the prerelease remains explicit
about ad-hoc or unsigned status. The updater stays disabled until its independent
public/private signing-key lifecycle and recovery procedure are established.