# macOS Signing

## Overview

The macOS signing process for OpenClaw is automated through build scripts that handle code signing, bundle identification, and metadata injection.

## Key Components

**Main Script**: `scripts/package-mac-app.sh` orchestrates the packaging and signing workflow, requiring Node 22+ for TypeScript and Control UI builds.

**Signing Identity**: The process reads the `SIGN_IDENTITY` environment variable. Developers can configure a persistent signing certificate by exporting this value in their shell configuration.

## Core Functionality

The packaging script performs several tasks:

1. Establishes a stable debug bundle identifier (`ai.openclaw.mac.debug`)
2. Updates Info.plist with the bundle identifier
3. Invokes `codesign-mac-app.sh` to sign binaries and the app bundle
4. Implements timestamping for Developer ID signatures (configurable via `CODESIGN_TIMESTAMP`)
5. Injects build metadata (`OpenClawBuildTimestamp` and `OpenClawGitCommit`)
6. Validates Team ID consistency across all Mach-O files

## Signing Options

| Option | Configuration |
|--------|---------------|
| Auto-selection | Run script without environment variables |
| Production certificates | `SIGN_IDENTITY="Developer ID Application: Name"` |
| Ad-hoc signing | `ALLOW_ADHOC_SIGNING=1` or `SIGN_IDENTITY="-"` |
| Offline builds | `CODESIGN_TIMESTAMP=off` |

## Important Caveat

Ad-hoc signatures automatically disable the Hardened Runtime to prevent framework loading failures. This approach compromises TCC permission persistence between rebuilds.