diff --git a/local-agent/boss-agent-status.mjs b/local-agent/boss-agent-status.mjs index 4f42a78..9769ade 100644 --- a/local-agent/boss-agent-status.mjs +++ b/local-agent/boss-agent-status.mjs @@ -887,22 +887,10 @@ export async function openBossAgentPermissionSettings(target = "all", platform = } const nativeUrl = `boss-agent://permissions/open?target=${encodeURIComponent(target)}&returnTab=permissions`; - const nativeDeepLink = await runCommand("open", ["-b", "com.hyzq.boss.agent", nativeUrl], 2500); - if (nativeDeepLink.ok) { - return { - ok: true, - target, - settingsUrl, - message: "已通过 boss-agent 发起系统权限申请。", - nativeRequest: true, - nativeUrl, - }; - } - const nativeLaunch = await runCommand( "open", [ - "-a", + "-na", "/Applications/boss-agent.app", "--args", "--request-permission", @@ -923,6 +911,18 @@ export async function openBossAgentPermissionSettings(target = "all", platform = }; } + const nativeDeepLink = await runCommand("open", ["-b", "com.hyzq.boss.agent", nativeUrl], 2500); + if (nativeDeepLink.ok) { + return { + ok: true, + target, + settingsUrl, + message: "已通过 boss-agent 发起系统权限申请。", + nativeRequest: true, + nativeUrl, + }; + } + const result = await runCommand("open", [settingsUrl], 2500); return { ok: result.ok, @@ -930,10 +930,10 @@ export async function openBossAgentPermissionSettings(target = "all", platform = settingsUrl, message: result.ok ? "已打开系统权限设置。" - : nativeDeepLink.stderr - || nativeDeepLink.stdout - || nativeLaunch.stderr + : nativeLaunch.stderr || nativeLaunch.stdout + || nativeDeepLink.stderr + || nativeDeepLink.stdout || result.stderr || result.stdout || "打开系统权限设置失败。", diff --git a/scripts/build-boss-agent-mac-app.sh b/scripts/build-boss-agent-mac-app.sh index 7f0b238..7490260 100644 --- a/scripts/build-boss-agent-mac-app.sh +++ b/scripts/build-boss-agent-mac-app.sh @@ -10,6 +10,7 @@ SOURCE_FILE="$ROOT_DIR/apps/boss-agent-mac/Sources/BossAgentApp.swift" BINARY_PATH="$MACOS_DIR/boss-agent" ICONSET_DIR="$RESOURCES_DIR/BossAgent.iconset" ICON_PATH="$RESOURCES_DIR/BossAgent.icns" +SIGNING_IDENTITY="${BOSS_AGENT_CODESIGN_IDENTITY:-}" if ! command -v swiftc >/dev/null 2>&1; then echo "swiftc not found. Install Xcode Command Line Tools first." >&2 @@ -21,6 +22,20 @@ if ! command -v iconutil >/dev/null 2>&1; then exit 1 fi +if [[ -z "$SIGNING_IDENTITY" ]] && command -v security >/dev/null 2>&1; then + SIGNING_IDENTITY="$( + security find-identity -v -p codesigning 2>/dev/null \ + | awk -F'"' '/"Apple Development:|Developer ID Application:|Mac Developer:|Boss Agent/ { print $2; exit }' + )" +fi + +if [[ -z "$SIGNING_IDENTITY" ]]; then + SIGNING_IDENTITY="-" + echo "boss-agent: no stable code signing identity found; falling back to ad-hoc signing." >&2 +else + echo "boss-agent: signing with identity: $SIGNING_IDENTITY" >&2 +fi + rm -rf "$APP_DIR" mkdir -p "$MACOS_DIR" "$RESOURCES_DIR" @@ -176,5 +191,5 @@ cat > "$CONTENTS_DIR/Info.plist" <<'PLIST' PLIST plutil -lint "$CONTENTS_DIR/Info.plist" >/dev/null -codesign --force --deep --sign - "$APP_DIR" >/dev/null +codesign --force --deep --timestamp=none --sign "$SIGNING_IDENTITY" "$APP_DIR" >/dev/null echo "$APP_DIR" diff --git a/tests/boss-agent-status.test.mjs b/tests/boss-agent-status.test.mjs index fc4a65c..d62234e 100644 --- a/tests/boss-agent-status.test.mjs +++ b/tests/boss-agent-status.test.mjs @@ -298,11 +298,15 @@ test("boss-agent mac app intercepts permission links and triggers native app per assert.match(buildScript, /CFBundleIconFile/); assert.match(buildScript, /BossAgent\.icns/); assert.match(buildScript, /iconutil -c icns/); - assert.match(buildScript, /codesign --force --deep --sign - "\$APP_DIR"/); + assert.match(buildScript, /BOSS_AGENT_CODESIGN_IDENTITY/); + assert.match(buildScript, /security find-identity -v -p codesigning/); + assert.match(buildScript, /falling back to ad-hoc signing/); + assert.match(buildScript, /codesign --force --deep --timestamp=none --sign "\$SIGNING_IDENTITY" "\$APP_DIR"/); const statusSource = readFileSync("local-agent/boss-agent-status.mjs", "utf8"); assert.match(statusSource, /boss-agent:\/\/permissions\/open/); assert.match(statusSource, /com\.hyzq\.boss\.agent/); + assert.match(statusSource, /"-na"/); assert.match(statusSource, /--request-permission/); assert.match(statusSource, /\/Applications\/boss-agent\.app/); assert.match(statusSource, /nativeRequest/);