You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Default new AgentConfig files to managed Chronicle mode with the chronicle.evalops.dev endpoint and the standard dev.evalops.agentd / chronicle Keychain bearer slot.
Preserve explicit localOnly: true configs as local dev clients and keep encrypted local fallback enabled when managed config falls back locally.
Embed the signed GitHub Sparkle appcast/public key in support/Info.plist, with automatic checks, signed-feed validation, and pre-extraction verification enabled by default.
Update docs and tests for the managed-client and auto-update defaults.
Test Plan
swift test --filter 'agentdTests.SubmitterTests/testAgentConfigDefaults|agentdTests.SparkleUpdaterConfigurationTests/testBundleInfoPlist'
chronicle.evalops.dev currently resolves but returns Cloudflare 522; I filed evalops/deploy#2103 to wire the public managed origin through GitOps before new clients rely on the endpoint in production.
Medium Risk
Changes default runtime configuration to remote managed mode (endpoint, auth, encryption) and enables automatic Sparkle updates by default, which can affect connectivity and update behavior for new installs if misconfigured.
Overview New installs now default to managed mode.AgentConfig decoding/fallback now assumes localOnly: false unless explicitly set, defaulting organizationId/endpoint to the managed Chronicle values and defaulting auth to Keychain-backed bearer auth; local-only configs still default to loopback + no auth.
Local fallback behavior is hardened. When forcing local-only after a submitter config rejection, the app now preserves the configured encryptLocalBatches setting rather than always disabling encryption.
Sparkle updates are enabled by default in packaged apps.support/Info.plist now embeds the GitHub appcast.xml feed URL + public key and turns on automatic checks + signed-feed/verification settings; docs/tests are updated to reflect these managed-update defaults.
Reviewed by Cursor Bugbot for commit 743417a. Bugbot is set up for automated code reviews on this repo. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AgentConfigfiles to managed Chronicle mode with thechronicle.evalops.devendpoint and the standarddev.evalops.agentd/chronicleKeychain bearer slot.localOnly: trueconfigs as local dev clients and keep encrypted local fallback enabled when managed config falls back locally.support/Info.plist, with automatic checks, signed-feed validation, and pre-extraction verification enabled by default.Test Plan
swift test --filter 'agentdTests.SubmitterTests/testAgentConfigDefaults|agentdTests.SparkleUpdaterConfigurationTests/testBundleInfoPlist'swift testxcrun swift-format lint --strict --recursive Sources Tests Package.swiftpython3 scripts/mock_chronicle.py --self-test Tests/Fixtures/chronicleswift build -Xswiftc -warnings-as-errorsgit diff --checkscripts/package_app.sh/usr/libexec/PlistBuddy -c 'Print :SUFeedURL' -c 'Print :SUPublicEDKey' -c 'Print :SUEnableAutomaticChecks' -c 'Print :SUScheduledCheckInterval' -c 'Print :SURequireSignedFeed' -c 'Print :SUVerifyUpdateBeforeExtraction' 'dist/EvalOps agentd.app/Contents/Info.plist'Notes
chronicle.evalops.devcurrently resolves but returns Cloudflare522; I filed evalops/deploy#2103 to wire the public managed origin through GitOps before new clients rely on the endpoint in production.