Initial commit: OpenClaw Skill Collection

6 custom skills (assign-task, dispatch-webhook, daily-briefing,
task-capture, qmd-brain, tts-voice) with technical documentation.
Compatible with Claude Code, OpenClaw, Codex CLI, and OpenCode.

openclaw-knowhow-skill/docs/infrastructure/platforms/mac/signing.md

@@ -0,0 +1,35 @@
+# macOS Signing
+
+## Overview
+
+The macOS signing process for OpenClaw is automated through build scripts that handle code signing, bundle identification, and metadata injection.
+
+## Key Components
+
+**Main Script**: `scripts/package-mac-app.sh` orchestrates the packaging and signing workflow, requiring Node 22+ for TypeScript and Control UI builds.
+
+**Signing Identity**: The process reads the `SIGN_IDENTITY` environment variable. Developers can configure a persistent signing certificate by exporting this value in their shell configuration.
+
+## Core Functionality
+
+The packaging script performs several tasks:
+
+1. Establishes a stable debug bundle identifier (`ai.openclaw.mac.debug`)
+2. Updates Info.plist with the bundle identifier
+3. Invokes `codesign-mac-app.sh` to sign binaries and the app bundle
+4. Implements timestamping for Developer ID signatures (configurable via `CODESIGN_TIMESTAMP`)
+5. Injects build metadata (`OpenClawBuildTimestamp` and `OpenClawGitCommit`)
+6. Validates Team ID consistency across all Mach-O files
+
+## Signing Options
+
+| Option | Configuration |
+|--------|---------------|
+| Auto-selection | Run script without environment variables |
+| Production certificates | `SIGN_IDENTITY="Developer ID Application: Name"` |
+| Ad-hoc signing | `ALLOW_ADHOC_SIGNING=1` or `SIGN_IDENTITY="-"` |
+| Offline builds | `CODESIGN_TIMESTAMP=off` |
+
+## Important Caveat
+
+Ad-hoc signatures automatically disable the Hardened Runtime to prevent framework loading failures. This approach compromises TCC permission persistence between rebuilds.