fix: keep boss agent permission grants stable across updates
This commit is contained in:
AI Bot
@@ -887,22 +887,10 @@ export async function openBossAgentPermissionSettings(target = "all", platform =
|
||||
}
|
||||
|
||||
const nativeUrl = `boss-agent://permissions/open?target=${encodeURIComponent(target)}&returnTab=permissions`;
|
||||
const nativeDeepLink = await runCommand("open", ["-b", "com.hyzq.boss.agent", nativeUrl], 2500);
|
||||
if (nativeDeepLink.ok) {
|
||||
return {
|
||||
ok: true,
|
||||
target,
|
||||
settingsUrl,
|
||||
message: "已通过 boss-agent 发起系统权限申请。",
|
||||
nativeRequest: true,
|
||||
nativeUrl,
|
||||
};
|
||||
}
|
||||
|
||||
const nativeLaunch = await runCommand(
|
||||
"open",
|
||||
[
|
||||
"-a",
|
||||
"-na",
|
||||
"/Applications/boss-agent.app",
|
||||
"--args",
|
||||
"--request-permission",
|
||||
@@ -923,6 +911,18 @@ export async function openBossAgentPermissionSettings(target = "all", platform =
|
||||
};
|
||||
}
|
||||
|
||||
const nativeDeepLink = await runCommand("open", ["-b", "com.hyzq.boss.agent", nativeUrl], 2500);
|
||||
if (nativeDeepLink.ok) {
|
||||
return {
|
||||
ok: true,
|
||||
target,
|
||||
settingsUrl,
|
||||
message: "已通过 boss-agent 发起系统权限申请。",
|
||||
nativeRequest: true,
|
||||
nativeUrl,
|
||||
};
|
||||
}
|
||||
|
||||
const result = await runCommand("open", [settingsUrl], 2500);
|
||||
return {
|
||||
ok: result.ok,
|
||||
@@ -930,10 +930,10 @@ export async function openBossAgentPermissionSettings(target = "all", platform =
|
||||
settingsUrl,
|
||||
message: result.ok
|
||||
? "已打开系统权限设置。"
|
||||
: nativeDeepLink.stderr
|
||||
|| nativeDeepLink.stdout
|
||||
|| nativeLaunch.stderr
|
||||
: nativeLaunch.stderr
|
||||
|| nativeLaunch.stdout
|
||||
|| nativeDeepLink.stderr
|
||||
|| nativeDeepLink.stdout
|
||||
|| result.stderr
|
||||
|| result.stdout
|
||||
|| "打开系统权限设置失败。",
|
||||
|
||||
@@ -10,6 +10,7 @@ SOURCE_FILE="$ROOT_DIR/apps/boss-agent-mac/Sources/BossAgentApp.swift"
|
||||
BINARY_PATH="$MACOS_DIR/boss-agent"
|
||||
ICONSET_DIR="$RESOURCES_DIR/BossAgent.iconset"
|
||||
ICON_PATH="$RESOURCES_DIR/BossAgent.icns"
|
||||
SIGNING_IDENTITY="${BOSS_AGENT_CODESIGN_IDENTITY:-}"
|
||||
|
||||
if ! command -v swiftc >/dev/null 2>&1; then
|
||||
echo "swiftc not found. Install Xcode Command Line Tools first." >&2
|
||||
@@ -21,6 +22,20 @@ if ! command -v iconutil >/dev/null 2>&1; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "$SIGNING_IDENTITY" ]] && command -v security >/dev/null 2>&1; then
|
||||
SIGNING_IDENTITY="$(
|
||||
security find-identity -v -p codesigning 2>/dev/null \
|
||||
| awk -F'"' '/"Apple Development:|Developer ID Application:|Mac Developer:|Boss Agent/ { print $2; exit }'
|
||||
)"
|
||||
fi
|
||||
|
||||
if [[ -z "$SIGNING_IDENTITY" ]]; then
|
||||
SIGNING_IDENTITY="-"
|
||||
echo "boss-agent: no stable code signing identity found; falling back to ad-hoc signing." >&2
|
||||
else
|
||||
echo "boss-agent: signing with identity: $SIGNING_IDENTITY" >&2
|
||||
fi
|
||||
|
||||
rm -rf "$APP_DIR"
|
||||
mkdir -p "$MACOS_DIR" "$RESOURCES_DIR"
|
||||
|
||||
@@ -176,5 +191,5 @@ cat > "$CONTENTS_DIR/Info.plist" <<'PLIST'
|
||||
PLIST
|
||||
|
||||
plutil -lint "$CONTENTS_DIR/Info.plist" >/dev/null
|
||||
codesign --force --deep --sign - "$APP_DIR" >/dev/null
|
||||
codesign --force --deep --timestamp=none --sign "$SIGNING_IDENTITY" "$APP_DIR" >/dev/null
|
||||
echo "$APP_DIR"
|
||||
|
||||
@@ -298,11 +298,15 @@ test("boss-agent mac app intercepts permission links and triggers native app per
|
||||
assert.match(buildScript, /CFBundleIconFile/);
|
||||
assert.match(buildScript, /BossAgent\.icns/);
|
||||
assert.match(buildScript, /iconutil -c icns/);
|
||||
assert.match(buildScript, /codesign --force --deep --sign - "\$APP_DIR"/);
|
||||
assert.match(buildScript, /BOSS_AGENT_CODESIGN_IDENTITY/);
|
||||
assert.match(buildScript, /security find-identity -v -p codesigning/);
|
||||
assert.match(buildScript, /falling back to ad-hoc signing/);
|
||||
assert.match(buildScript, /codesign --force --deep --timestamp=none --sign "\$SIGNING_IDENTITY" "\$APP_DIR"/);
|
||||
|
||||
const statusSource = readFileSync("local-agent/boss-agent-status.mjs", "utf8");
|
||||
assert.match(statusSource, /boss-agent:\/\/permissions\/open/);
|
||||
assert.match(statusSource, /com\.hyzq\.boss\.agent/);
|
||||
assert.match(statusSource, /"-na"/);
|
||||
assert.match(statusSource, /--request-permission/);
|
||||
assert.match(statusSource, /\/Applications\/boss-agent\.app/);
|
||||
assert.match(statusSource, /nativeRequest/);
|
||||
|
||||
Reference in New Issue
Block a user