Run Developer ID notarization for packaged agentd app

[haasonsaas]

Summary

Complete the release-credential side of the packaging path added in #23: build dist/EvalOps agentd.app with a Developer ID Application identity, submit the archive to Apple notarization, staple the ticket, and verify Gatekeeper accepts the artifact.

Acceptance

• scripts/package_app.sh runs with AGENTD_CODESIGN_IDENTITY set to the Developer ID Application certificate.
• Notarization runs through either AGENTD_NOTARY_PROFILE or AGENTD_NOTARY_APPLE_ID / AGENTD_NOTARY_TEAM_ID / AGENTD_NOTARY_PASSWORD.
• xcrun stapler staple "dist/EvalOps agentd.app" succeeds.
• spctl -a -t exec -vv "dist/EvalOps agentd.app" accepts the stapled app.
• Record the signing identity, notarization request id, and generated artifact checksum in the issue before closing.

Notes

The repo/CI now verifies hardened-runtime app packaging with ad-hoc signing. This issue is only for the Apple account/certificate-backed release proof that cannot be completed without the release credentials.

[haasonsaas]

Progress update: PR #26 merged in 7821b76.

What changed:

• Added a manual package-release GitHub Actions workflow for the credential-backed path this issue needs.
• The workflow imports a base64 .p12 Developer ID cert into a temporary keychain, runs scripts/package_app.sh with Developer ID signing and notarytool credentials, staples the app, records SHA256SUMS, codesign output, and spctl output, and uploads the app/zip/evidence files as artifacts.
• README now documents the required repository secrets.

Validation before merge:

• ruby -e 'require "yaml"; YAML.load_file(".github/workflows/package-release.yml")'\n- actionlint .github/workflows/package-release.yml\n- scripts/package_app.sh\n- swift test\n- swift build -Xswiftc -warnings-as-errors\n- xcrun swift-format lint --strict --recursive Sources Tests Package.swift\n- git diff --check\n- GitHub required ci and Socket checks passed on Add notarized release packaging workflow #26.\n\nI checked this local machine before this PR: security find-identity -v -p codesigning reported 0 valid identities and no AGENTD_* / Apple notary env vars were present, so I could not complete the actual notarization proof here. Next step to close this issue is to configure the documented GitHub secrets, dispatch package-release, and record the uploaded artifact checksum plus notary/Gatekeeper evidence from that run.

[haasonsaas]

Progress update: PR #48 merged in c47f483 / squash on 2026-04-29.

Release packaging defects from the prior feedback sweep are fixed:

• CFBundleExecutable is now explicit and scripts/package_app.sh keeps it aligned with AGENTD_PRODUCT.
• When notarization succeeds, the app is stapled and the zip is regenerated afterward so the distributed archive contains the stapled ticket.
• update-channel.json now writes notarized as a JSON boolean.
• SHA256SUMS in the manual release workflow now uses artifact-root-relative paths.

Validated locally: scripts/package_app.sh, swift test, swift build -Xswiftc -warnings-as-errors, xcrun swift-format lint --strict --recursive Sources Tests Package.swift, python3 scripts/mock_chronicle.py --self-test Tests/Fixtures/chronicle, shellcheck scripts/package_app.sh scripts/permission_smoke.sh, actionlint .github/workflows/package-release.yml, and git diff --check.

Still required to close this issue: run the credential-backed package-release workflow with Developer ID/notary secrets and record the notarization request, Gatekeeper evidence, and checksums from that run.

[haasonsaas]

New evidence from PR #50: this is now the main blocker for durable permission smoke.

On this machine, security find-identity -v -p codesigning reported 0 valid signing identities, so local packages are ad-hoc signed. The packaged app's designated requirement was CDHash-based, which means macOS TCC approvals can be tied to the exact build artifact. Rebuilding changes the CDHash and can make Screen Recording/Accessibility approvals appear to vanish even when the app path and bundle ID are unchanged.

PR #50 now records signature/CDHash/designated requirement in dist/permission-smoke-report.md and adds no-rebuild verification commands, but #25 cannot be made durable until the packaged app has a stable Developer ID/Apple Development identity and notarized release flow.

[haasonsaas]

I dispatched package-release against main after PR #50 merged: https://github.com/evalops/agentd/actions/runs/25094924958

It failed at the intended Require release secrets gate before any signing work ran. Missing repository secrets reported by the workflow:

• AGENTD_CODESIGN_CERTIFICATE_P12
• AGENTD_CODESIGN_CERTIFICATE_PASSWORD
• AGENTD_CODESIGN_IDENTITY
• AGENTD_NOTARY_APPLE_ID
• AGENTD_NOTARY_TEAM_ID
• AGENTD_NOTARY_PASSWORD

So #24 is blocked specifically on configuring the Developer ID certificate and Apple notary credentials in GitHub secrets. Once those are present, rerun this same workflow on main and use its uploaded SHA256SUMS, codesign.txt, and spctl.txt artifacts as the closure evidence.

[haasonsaas]

Completed release credential setup and notarization proof.

What changed:

• Created a Developer ID Application certificate for team 7BPHA88333 using the Apple Work account.
• Configured all required package-release GitHub Actions secrets:
  • AGENTD_CODESIGN_CERTIFICATE_P12
  • AGENTD_CODESIGN_CERTIFICATE_PASSWORD
  • AGENTD_CODESIGN_IDENTITY
  • AGENTD_NOTARY_APPLE_ID
  • AGENTD_NOTARY_TEAM_ID
  • AGENTD_NOTARY_PASSWORD
• PR fix: mark agentd bundle as app package #51 fixed the app bundle metadata by adding CFBundlePackageType=APPL; the first credential-backed run had already proven signing/notary worked but Gatekeeper rejected the bundle as “valid but does not seem to be an app.”

Successful workflow:

• Run: https://github.com/evalops/agentd/actions/runs/25095755314
• Commit: e2b3cd415e9d1f72f951894343a32a3b4d70ee29
• Notary request id: ae3c9c4f-9f9f-4a01-baec-7a6ccc1da69d
• Notary status: Accepted
• Stapler: The staple and validate action worked!
• Gatekeeper: accepted, source=Notarized Developer ID
• Origin: Developer ID Application: Jonathan Haas (7BPHA88333)

Artifact evidence:

• agentd.zip: e56e4aa381d9840426694762ec3163f4e6e7bbd056d7c2a6e254e08ba4b06008
• app binary: 4013062d5849b36eb918933f2b04e8c96875835b94cc645960e22cd4daf0bd17
• update-channel.json: ad4ca7a4b8436d234bbd547a134f27ba369a8236b6d7315fe9ffdb6c6cbe4abf
• Codesign TeamIdentifier: 7BPHA88333
• Codesign CDHash: 1447fc64b8db3f47437086d303e82974e32812b8
• Timestamp: Apr 29, 2026 at 7:13:12 AM

I also downloaded the artifact and verified locally on this machine:

• spctl -a -t exec -vv EvalOps agentd.app: accepted, Notarized Developer ID
• codesign --verify --strict --deep --verbose=2 EvalOps agentd.app: valid on disk and satisfies its designated requirement

[haasonsaas]

Closing: Developer ID signing/notarization secrets are configured, package-release succeeded, stapling and Gatekeeper evidence are recorded above.