180 lines
4.7 KiB
Markdown
180 lines
4.7 KiB
Markdown
---
|
|
summary: "Development setup: stable signing and reducing Keychain prompts."
|
|
read_when:
|
|
- Setting up local development
|
|
- Reducing Keychain prompts during rebuilds
|
|
- Configuring dev signing
|
|
---
|
|
|
|
# Development Setup Guide
|
|
|
|
## Reducing Keychain Permission Prompts
|
|
|
|
When developing CodexBar, you may see frequent keychain permission prompts like:
|
|
|
|
> **CodexBar wants to access key "Claude Code-credentials" in your keychain.**
|
|
|
|
This happens because each rebuild creates a new code signature, and macOS treats it as a "different" app.
|
|
That can affect both CodexBar-owned entries (`com.steipete.CodexBar`, `com.steipete.codexbar.cache`) and
|
|
third-party items such as `Claude Code-credentials`, so an ad-hoc-signed rebuild can keep re-triggering
|
|
password/keychain approval dialogs even after you previously chose **Always Allow**.
|
|
|
|
### Quick Fix (Temporary)
|
|
|
|
When the prompt appears, click **"Always Allow"** instead of just "Allow". This grants access to the current build.
|
|
|
|
### Permanent Fix (Recommended)
|
|
|
|
Use a stable development certificate that doesn't change between rebuilds:
|
|
|
|
#### 1. Create Development Certificate
|
|
|
|
```bash
|
|
./Scripts/setup_dev_signing.sh
|
|
```
|
|
|
|
This creates a self-signed certificate named "CodexBar Development".
|
|
|
|
#### 2. Trust the Certificate
|
|
|
|
1. Open **Keychain Access.app**
|
|
2. Find **"CodexBar Development"** in the **login** keychain
|
|
3. Double-click it
|
|
4. Expand the **"Trust"** section
|
|
5. Set **"Code Signing"** to **"Always Trust"**
|
|
6. Close the window (enter your password when prompted)
|
|
|
|
#### 3. Configure Your Shell
|
|
|
|
Add this to your `~/.zshrc` (or `~/.bashrc` if using bash):
|
|
|
|
```bash
|
|
export APP_IDENTITY='CodexBar Development'
|
|
```
|
|
|
|
Then restart your terminal:
|
|
|
|
```bash
|
|
source ~/.zshrc
|
|
```
|
|
|
|
#### 4. Rebuild
|
|
|
|
```bash
|
|
./Scripts/compile_and_run.sh
|
|
```
|
|
|
|
Now your builds will use the stable certificate, and keychain prompts will be much less frequent!
|
|
|
|
> Note: `compile_and_run.sh` now auto-detects a valid signing identity (Developer ID or CodexBar Development).
|
|
> Set `APP_IDENTITY` to override the auto-detected choice.
|
|
|
|
---
|
|
|
|
## Cleaning Up Old App Bundles
|
|
|
|
If you see multiple `CodexBar *.app` bundles in your project directory, you can clean them up:
|
|
|
|
```bash
|
|
# Remove all numbered builds
|
|
rm -rf "CodexBar "*.app
|
|
|
|
# The .gitignore already excludes these patterns:
|
|
# - CodexBar.app
|
|
# - CodexBar *.app/
|
|
```
|
|
|
|
The build script creates `CodexBar.app` in the project root. Old numbered builds (like `CodexBar 2.app`) are created when Finder can't overwrite the running app.
|
|
|
|
---
|
|
|
|
## Development Workflow
|
|
|
|
### Standard Build & Run
|
|
|
|
```bash
|
|
./Scripts/compile_and_run.sh
|
|
```
|
|
|
|
This script:
|
|
1. Kills existing CodexBar instances
|
|
2. Runs `swift build` (release mode)
|
|
3. Runs the sharded full test suite when `--test` is passed
|
|
4. Packages the app with `./Scripts/package_app.sh`
|
|
5. Launches `CodexBar.app`
|
|
6. Verifies it stays running
|
|
|
|
Launching an unbundled `CodexBar` executable, including SwiftPM builds using `.build` or a custom scratch path, disables
|
|
Keychain access for that process to avoid repeated password prompts. Use the packaged `CodexBar.app` when local
|
|
validation needs browser cookies or stored credentials; packaged app bundles keep their normal Keychain behavior
|
|
regardless of signing mode.
|
|
|
|
When the script falls back to ad-hoc signing, it preserves CodexBar-owned keychain state by default.
|
|
That means you may still see keychain prompts for existing CodexBar cache entries, but allowing those prompts keeps the
|
|
cached browser/OAuth state available across normal rebuilds.
|
|
If you want a clean reset of CodexBar-owned keychain state for an ad-hoc build, run
|
|
`./Scripts/compile_and_run.sh --clear-adhoc-keychain` before relaunching.
|
|
Third-party keychain items still need stable signing if you want macOS to remember **Always Allow** across rebuilds.
|
|
|
|
### Quick Build (No Tests)
|
|
|
|
```bash
|
|
swift build -c release
|
|
./Scripts/package_app.sh
|
|
```
|
|
|
|
### Run Tests Only
|
|
|
|
```bash
|
|
make test
|
|
```
|
|
|
|
### Debug Build
|
|
|
|
```bash
|
|
swift build # defaults to debug
|
|
./Scripts/package_app.sh debug
|
|
```
|
|
|
|
---
|
|
|
|
## Troubleshooting
|
|
|
|
### "CodexBar is already running"
|
|
|
|
The compile_and_run script should kill old instances, but if it doesn't:
|
|
|
|
```bash
|
|
pkill -x CodexBar || pkill -f CodexBar.app || true
|
|
```
|
|
|
|
### "Permission denied" when accessing keychain
|
|
|
|
Make sure you clicked **"Always Allow"** or set up the development certificate (see above).
|
|
|
|
### Multiple app bundles keep appearing
|
|
|
|
This happens when the running app locks the bundle. The compile_and_run script handles this by killing the app first.
|
|
|
|
If you still see old bundles:
|
|
|
|
```bash
|
|
rm -rf "CodexBar "*.app
|
|
```
|
|
|
|
### App doesn't reflect latest changes
|
|
|
|
Always rebuild and restart:
|
|
|
|
```bash
|
|
./Scripts/compile_and_run.sh
|
|
```
|
|
|
|
Or manually:
|
|
|
|
```bash
|
|
./Scripts/package_app.sh
|
|
pkill -x CodexBar || pkill -f CodexBar.app || true
|
|
open -n CodexBar.app
|
|
```
|