chore(build): Add macOS production scheme and Developer ID Application signing support for standalone distribution

[DeckerSU]

This PR prepares macOS releases to be signed with our “Developer ID Application” certificate. As you probably know, a “Developer ID Application” certificate is used for distributing macOS apps outside the App Store and is trusted by Gatekeeper.

Because of this, we need two workflows / build processes:

• One for signing with the “Apple Distribution” certificate for App Store distribution only (iOS, macOS, tvOS, watchOS)
• And another for distribution outside the App Store.

To simplify things, I am using Xcode schemes. The default scheme currently in the Xcode project applies to everything related to App Store builds. Please keep that in mind.

• Any changes to the default scheme and the Debug, Release, and Profile configurations are for App Store releases.
• The “production” scheme uses the Release-production, Debug-production, and Profile-production configurations, which are intended for distribution outside the App Store - that is, .dmg, .pkg, .zip that we can upload to GitHub or https://komodoplatform.com/.

Please do not mix them up.

I also suspect not everyone is familiar with how schemes relate to Flutter and how to make Flutter use a selected scheme during the build. I recommend reading this guide - https://docs.flutter.dev/deployment/flavors-ios - and paying close attention to the notes.

The release build for distribution outside the App Store should use the production flavor, for example:

flutter build macos --no-pub --release -v --dart-define=... --flavor production

This flavor will also be used by our Jenkins pipelines.

Once again, the main thing to remember is that the default build/flavor/scheme is for App Store distribution, and the “production” flavor and scheme are for signing with the “Developer ID Application” certificate and for standalone distribution outside the App Store.

This PR also changes the bundle ID from “com.komodo.komodowallet” to “com.komodo.wallet”, as specified in our Apple account.

NB! Please do not merge this PR until #3175 has been tested, approved, and merged, and until I explicitly approve this PR. These items are subject to change, and I may add more commits.

---

Note

Adds a macOS production flavor/scheme with Developer ID signing, updates bundle ID to com.komodo.wallet, and introduces DMG packaging and signing verification scripts with related build config updates.

• macOS build/signing:
  • Add Debug-production, Release-production, Profile-production configs and production scheme with Developer ID Application signing, manual code signing flags, and team settings.
  • Update bundle ID to com.komodo.wallet across project configs.
  • Podfile: map Release-production and apply signing settings for that config.
• Release tooling:
  • Add contrib/make-dmg.sh and contrib/test-sign-timestamp.sh with README documenting DMG build, signing, notarization, and verification.
  • .gitignore: ignore dist/ output.
• SDK:
  • Bump sdk submodule commit.

^{Written by Cursor Bugbot for commit 98b396b. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

Release Notes

• New Features

  • Added production build configurations for macOS with code signing setup
  • Added DMG installer creation support for macOS releases

• Documentation

  • Added macOS build, packaging, and notarization workflow documentation

• Chores

  • Updated macOS app bundle identifier
  • Added code signature and timestamp verification tooling
  • Updated SDK dependency

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

This PR introduces a comprehensive macOS production build infrastructure, including build scripts for DMG creation and code signing verification, new Xcode production configurations and scheme, updated CocoaPods setup with code signing parameters, and bundle identifier changes from com.komodo.komodowallet to com.komodo.wallet.

Changes

Cohort / File(s)	Summary
Build Infrastructure & Tooling .gitignore, contrib/README.md, contrib/make-dmg.sh, contrib/test-sign-timestamp.sh	Added .gitignore entries for dist/ and DMG releases; documented macOS build/packaging utilities; added make-dmg.sh script for creating compressed DMG installers with Finder layout configuration; added test-sign-timestamp.sh script for verifying code signatures and Apple timestamping in app bundles
CocoaPods Configuration macos/Podfile	Added Release-production build configuration mapping and post-install hook to configure code signing parameters (DEVELOPMENT_TEAM, CODE_SIGN_STYLE, CODE_SIGN_IDENTITY, etc.) for Release-production builds
Xcode Project Configuration macos/Runner.xcodeproj/project.pbxproj	Introduced three new production configurations (Debug-production, Release-production, Profile-production) with associated xcconfig files; added Pods_Runner.framework references; updated pod-related build phases; expanded XCConfigurationList entries
Xcode Scheme & App Config macos/Runner.xcodeproj/xcshareddata/xcschemes/production.xcscheme, macos/Runner/Configs/AppInfo.xcconfig	Added production.xcscheme defining build/test/run lifecycle for production configurations; changed bundle identifier from com.komodo.komodowallet to com.komodo.wallet
Dependency Management sdk	Updated SDK submodule pointer to commit 9881ff2e0da95295cd6629e1b709af779fcac856

Sequence Diagram(s)

sequenceDiagram
    actor Dev as Developer
    participant DMGScript as make-dmg.sh
    participant OSTools as macOS Tools<br/>(hdiutil, osascript)
    participant Finder as Finder Layout
    
    Dev->>DMGScript: Invoke with .app path
    DMGScript->>DMGScript: Validate app & prepare staging
    DMGScript->>OSTools: Create read/write DMG
    DMGScript->>OSTools: Mount DMG at mount point
    DMGScript->>OSTools: Copy app + Applications symlink
    
    rect rgb(200, 220, 255)
        Note over DMGScript,Finder: Configure Finder window
        DMGScript->>Finder: Run AppleScript for layout
        Finder->>Finder: Set window bounds, icon size,<br/>background, icon positions
    end
    
    DMGScript->>OSTools: Unmount DMG (with retries)
    DMGScript->>OSTools: Convert to compressed UDZO
    DMGScript->>Dev: Return final DMG

Loading

sequenceDiagram
    actor Dev as Developer
    participant SignScript as test-sign-timestamp.sh
    participant CodesignTool as codesign
    participant SpctlTool as spctl
    
    Dev->>SignScript: Invoke with app path
    SignScript->>SignScript: Validate app exists
    
    rect rgb(200, 220, 255)
        Note over SignScript,CodesignTool: Per-executable verification
        loop For each Mach-O executable
            SignScript->>CodesignTool: Run codesign -d --verbose=4
            CodesignTool-->>SignScript: Return signature details
            SignScript->>SignScript: Extract & print timestamp
            SignScript->>SignScript: Check for Apple TSA authority
        end
    end
    
    SignScript->>CodesignTool: Deep verify entire bundle
    SignScript->>SpctlTool: Assess Gatekeeper status
    SignScript->>Dev: Print summary report

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Significant scope spanning multiple build configuration domains (Xcode project settings, CocoaPods, schemes, scripts), with complex modifications to project.pbxproj requiring careful verification of all configuration entries, alongside moderate-complexity shell script logic for macOS-specific tooling.

Possibly related PRs

• build(ios,macos): update pod file locks to match pubspec #2594: Updates Podfile and Podfile.lock dependencies; shares Pod configuration concerns with this PR's Podfile signing setup additions.
• build(sdk): add sdk as git submodule and update deps to path overrides #3110: Initializes and manages the SDK submodule; directly related to this PR's SDK pointer update.

Suggested labels

QA, documentation, build-system

Suggested reviewers

• takenagain
• smk762

Poem

🐰 A DMG emerges from scripts so fine,
Production configs in Xcode align,
Code signing sealed with timestamps true,
The macOS build pipeline gleams anew! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore(build): Add macOS production scheme and Developer ID Application signing support for standalone distribution" directly and accurately reflects the primary objective of the pull request. According to the PR objectives, the main goal is to add a macOS production scheme with Release-production/Debug-production/Profile-production build configurations and Developer ID Application signing support for standalone distribution outside the App Store. The title is specific and concise—it clearly identifies what is being added (production scheme and signing support), specifies the platform (macOS), and explains the use case (standalone distribution). The title avoids vague terminology and does not attempt to cover every detail (such as the bundle identifier changes, contrib scripts, or SDK bump), which is appropriate per the evaluation criteria.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch patch-macos-release-profile

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Visit the preview URL for this PR (updated for commit 98b396b):

https://walletrc--pull-3185-merge-t27njkp8.web.app

_{(expires Mon, 27 Oct 2025 13:08:00 GMT)}

_{🔥 via Firebase Hosting GitHub Action 🌎}

_{Sign: f66a4ff03faa546f12f0ae5a841bd9eff2714dcc}

[DeckerSU]

Looks like I will need to create a separate branch in https://github.com/KomodoPlatform/komodo-defi-sdk-flutter, since changes are also required in [CP-User] Install kdf executable and/or dylib, specifically in packages/komodo_defi_framework/macos/komodo_defi_framework.podspec.

[DeckerSU]

Also, the kdf binary currently remains unsigned at all if the configuration is not “Release” https://github.com/KomodoPlatform/komodo-defi-sdk-flutter/blob/448eecc0dcd88473edb227dd0e47bf2cc6001a09/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec#L106-L108, because signing is only applied under the Release configuration condition.

[DeckerSU]

Small script for checking signatures before use notarytool:

test-sign-timestamp.sh

#!/bin/bash
set -euo pipefail

APP="build/macos/Build/Products/Release-production/Komodo Wallet.app"
RED='\033[0;31m'; GRN='\033[0;32m'; YEL='\033[0;33m'; NC='\033[0m'

# Searching for all executable Mach-O files (+x)
while IFS= read -r -d '' f; do
  if file -b "$f" | grep -q 'Mach-O'; then
    echo "==> $f"
    if codesign --verify --strict --verbose=2 "$f" 2>/dev/null; then
      if codesign -d --verbose=4 "$f" 2>&1 | grep -q '^Timestamp='; then
        if codesign -d --verbose=4 "$f" 2>&1 | grep -A2 '^Timestamp=' | grep -q 'Timestamp Authority=.*Apple'; then
          echo -e "   ${GRN}✔ Signed + Apple timestamp${NC}"
        else
          echo -e "   ${YEL}▲ Signed + timestamp, but TSA is not Apple (check it)${NC}"
        fi
      else
        echo -e "   ${RED}✖ Signed, but NO timestamp${NC}"
      fi
    else
      echo -e "   ${RED}✖ Code signature INVALID${NC}"
    fi
  fi
done < <(find "$APP" -type f -perm -111 -print0)

[DeckerSU]

Updated version of test-sign-timestamp.sh:

#!/bin/bash
set -euo pipefail

APP="build/macos/Build/Products/Release-production/Komodo Wallet.app"
RED='\033[0;31m'; GRN='\033[0;32m'; YEL='\033[0;33m'; NC='\033[0m'

# Searching for all executable Mach-O files (+x)
while IFS= read -r -d '' f; do
  if file -b "$f" | grep -q 'Mach-O'; then
    echo "==> $f"
    INFO="$(LC_ALL=C /usr/bin/codesign -d --verbose=4 "$f" 2>&1 || true)"
    if echo "$INFO" | grep -q '^[[:space:]]*Timestamp='; then
      TS="$(echo "$INFO" | sed -n 's/^[[:space:]]*Timestamp=//p' | head -n1)"
      echo -e "   ${GRN}✔ Signed + timestamp${NC} ($TS)"

      # On newer systems, the 'Timestamp Authority=' line is often missing.
      # If you really need to check the TSA, look for 'Apple' in the certificate chain.
      if echo "$INFO" | grep -q 'Authority=.*Apple'; then
        : # All good, timestamp is most likely from Apple
      else
        echo -e "   ${YEL}▲ Timestamp present, but TSA line not shown by 'codesign' (this is normal).${NC}"
      fi
    else
      echo -e "   ${RED}✖ Signed, but NO timestamp${NC}"
    fi
  fi
done < <(find "$APP" -type f -perm -111 -print0)

When I finish all the checking scripts, I’ll probably include them in the contrib folder at the project root, just to have those handy tools available in the repo.

[DeckerSU]

Seems Ok:

Conducting pre-submission checks for KomodoWallet.zip and initiating connection to the Apple notary service...
Submission ID received
  id: xxx
Upload progress: 100,00% (77,5 MB of 77,5 MB)   
Successfully uploaded file
  id: xxx
  path: /Users/decker/komodo-wallet/KomodoWallet.zip
Waiting for processing to complete.
Current status: Accepted.............
Processing complete
  id: xxx
  status: Accepted

[smk762]

Provided binaries launched, logged in and successfully completed a swap. Thanks!

[DeckerSU]

Testing Status Update

✅ All testing completed successfully!

The KDF binaries used in the Komodo Wallet macOS build are confirmed to be universal and work perfectly on both Intel and Apple Silicon Macs. The application signs correctly and launches without issues on both architectures.

Key Testing Results:

• ✅ Universal KDF binaries working on Intel and Apple Silicon
• ✅ Code signing with Developer ID Application certificate successful
• ✅ Application launches and functions properly on both Mac types
• ✅ Notarization process completed successfully (status: Accepted)

Build Instructions Available

Complete build and packaging instructions for creating DMG files are now documented in the ./contrib/README.md file, including:

• Step-by-step build process with --flavor production
• Code signing verification with test-sign-timestamp.sh
• DMG creation with make-dmg.sh
• Notarization workflow with Apple Notary Service

Ready for Merge

If @CharlVS approves this PR, it can be merged. All functionality has been thoroughly tested and the documentation is complete.

⚠️ CRITICAL: Required SDK Changes Before Merge

BEFORE merging this PR (#3185), the following SDK changes MUST be merged:

The required changes are located in the SDK repository branch: patch-macos-release-profile

These SDK changes include:

• macOS KDF binary location updates (moved from Resources to Framework Helpers)
• Code signing improvements for all Release configurations
• Binary architecture handling updates
• Legacy path cleanup

Note: No PR has been opened for these SDK changes intentionally to allow reviewers to analyze them and potentially merge them with the latest SDK changes before creating a pull request.

Important Note About Related PRs

PR #3175 (chore(sdk): bump to universal macOS KDF + new CDN; regen pods) should remain closed for now, as this PR (#3185) already incorporates the changes for "bump to universal macOS KDF + new CDN".

The Firebase and other changes from PR #3175 can be cherry-picked separately later if needed.

[CharlVS]

@coderabbitai review

[Copilot]

Pull Request Overview

This PR introduces a dedicated macOS production build configuration for non-App Store distribution using Developer ID Application signing. The changes separate App Store and standalone distribution workflows through distinct Xcode schemes and build configurations, while updating the bundle identifier to align with the Apple developer account registration.

• Adds production scheme and configurations (Debug-production, Release-production, Profile-production) for Developer ID signing
• Updates bundle ID from com.komodo.komodowallet to com.komodo.wallet
• Includes DMG packaging and code signing verification tooling

Reviewed Changes

Copilot reviewed 8 out of 10 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
sdk	Updates SDK submodule reference
macos/Runner/Configs/AppInfo.xcconfig	Changes bundle identifier to com.komodo.wallet
macos/Runner.xcodeproj/xcshareddata/xcschemes/production.xcscheme	Adds new production scheme referencing production build configurations
macos/Runner.xcodeproj/project.pbxproj	Adds Debug/Release/Profile-production configurations with Developer ID signing settings
macos/Podfile	Maps Release-production configuration and applies manual signing for production builds
contrib/test-sign-timestamp.sh	Adds script to verify code signing and timestamps
contrib/make-dmg.sh	Adds DMG creation script with Finder layout configuration
contrib/README.md	Documents the tooling scripts and release process

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Missing space after 'Release-production' before =>. Should be 'Release-production' => :release, for consistent formatting with other entries.

Suggested change

	'Release-production'=> :release,
	'Release-production' => :release,

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

macos/Podfile (1)

15-20: Map all custom configs and fix minor formatting.

Map Debug-production/Profile-production so CocoaPods treats them correctly, and keep spacing consistent.

 project 'Runner', {
   'Debug' => :debug,
   'Profile' => :release,
   'Release' => :release,
-  'Release-production'=> :release,
+  'Debug-production'   => :debug,
+  'Profile-production' => :release,
+  'Release-production' => :release,
 }

♻️ Duplicate comments (2)

macos/Podfile (1)

19-20: Formatting nit already noted.

The missing space before => was flagged earlier; keep entries consistent.

-  'Release-production'=> :release,
+  'Release-production' => :release,

macos/Runner.xcodeproj/xcshareddata/xcschemes/production.xcscheme (1)

40-49: Remove or fix the undefined RunnerUITests reference.

The scheme references a non-existent test target; tests under this scheme will fail.

       <Testables>
-         <TestableReference
-            skipped = "NO">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "00380F9121DF178D00097171"
-               BuildableName = "RunnerUITests.xctest"
-               BlueprintName = "RunnerUITests"
-               ReferencedContainer = "container:Runner.xcodeproj">
-            </BuildableReference>
-         </TestableReference>
+         <!-- No test targets for production scheme, or add the correct one -->
       </Testables>

🧹 Nitpick comments (7)

.gitignore (1)

85-86: LGTM; consider ignoring standalone artifacts too.

dist/ is good. Optionally add patterns for top-level DMG/PKG/ZIP in case they’re created outside dist.

Example:

 # .dmg Release
 dist/
+*.dmg
+*.pkg
+*.zip

contrib/test-sign-timestamp.sh (1)

1-3: Solid verification script; a couple of minor hardening tweaks.

• Prefer env shebang for portability and align with make-dmg.sh.
• Optionally check stapling status too (fast, informative).

-#!/bin/bash
+#!/usr/bin/env bash
@@
 echo -e "${BLU}Performing deep signature verification of the .app bundle...${NC}"
 /usr/bin/codesign --verify --deep --strict --verbose=2 "$APP"
 
 echo ""
 echo -e "${BLU}Gatekeeper assessment (spctl) for the .app bundle...${NC}"
 /usr/sbin/spctl --assess --type execute -vv "$APP"
+
+echo ""
+echo -e "${BLU}Stapler validation (if stapled)...${NC}"
+if command -v /usr/bin/xcrun >/dev/null 2>&1; then
+  /usr/bin/xcrun stapler validate "$APP" || true
+fi

Also applies to: 8-16, 35-55, 58-67

macos/Runner/Configs/AppInfo.xcconfig (1)

2-4: Include Pods xcconfigs for new production configurations.

Without these, Runner may inherit non‑production Pods settings. Safer to include the production variants too.

 # Only include if the file exists (CI-friendly approach)
 #include? "Target Support Files/Pods-Runner/Pods-Runner.debug.xcconfig"
 #include? "Target Support Files/Pods-Runner/Pods-Runner.release.xcconfig"
 #include? "Target Support Files/Pods-Runner/Pods-Runner.profile.xcconfig"
+// Production variants
+#include? "Target Support Files/Pods-Runner/Pods-Runner.debug-production.xcconfig"
+#include? "Target Support Files/Pods-Runner/Pods-Runner.release-production.xcconfig"
+#include? "Target Support Files/Pods-Runner/Pods-Runner.profile-production.xcconfig"

Also applies to: 15-17

macos/Podfile (1)

57-67: Avoid hard-coding team; derive from env and fall back.

This eases local builds and CI secrets rotation.

-  team_id = '8HPBYKKKQP'
+  team_id = ENV.fetch('DEVELOPMENT_TEAM', '8HPBYKKKQP')
@@
-      cfg.build_settings['OTHER_CODE_SIGN_FLAGS[sdk=macosx*]'] = '--options=runtime --timestamp'
+      cfg.build_settings['OTHER_CODE_SIGN_FLAGS[sdk=macosx*]'] = '--options=runtime --timestamp'

contrib/README.md (1)

71-95: Great doc; add a quick “verify entitlements” and “quarantine” tip.

Small additions help triage notarization issues locally.

 To view app entitlements used in the resulting .app:
 ```bash
 codesign -d --entitlements :- "build/macos/Build/Products/Release-production/Komodo Wallet.app" | plutil -p -
+security find-identity -v -p codesigning
+xattr -lr "build/macos/Build/Products/Release-production/Komodo Wallet.app" | grep -q com.apple.quarantine && echo "Quarantine present"

Also applies to: 98-106, 128-134

</blockquote></details>
<details>
<summary>contrib/make-dmg.sh (1)</summary><blockquote>

`1-11`: **DMG builder looks solid; minor polish for reliability.**

- Align shebang with test script for portability.
- Handle pre-existing “Applications” symlink in staging.
- Slightly increase post-open delay to reduce Finder race flakiness.


```diff
-#!/usr/bin/env bash
+#!/usr/bin/env bash
@@
 ln -s /Applications "${STAGING}/Applications"
+# If rerun, ensure symlink is sane
+[[ -L "${STAGING}/Applications" ]] || { rm -f "${STAGING}/Applications"; ln -s /Applications "${STAGING}/Applications"; }
@@
 sleep 2  # give Finder a bit more time to see the mounted volume
 osascript <<OSAEOF
@@
   delay 0.6
   try
     close w
-    delay 0.3
+    delay 0.6
     open mp
-    delay 0.3
+    delay 0.6
   end try

Also applies to: 16-31, 81-92, 140-154, 208-217, 225-228

macos/Runner.xcodeproj/project.pbxproj (1)

863-867: Use Release entitlements for Release-production.

Point Release-production at Release.entitlements to avoid shipping debug/profile-only entitlements (e.g., get-task-allow).

-				CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements;
+				CODE_SIGN_ENTITLEMENTS = Runner/Release.entitlements;

Please confirm Release.entitlements excludes com.apple.security.get-task-allow and includes Hardened Runtime where needed.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 92d5140 and 98b396b.

⛔ Files ignored due to path filters (1)

• macos/Podfile.lock is excluded by !**/*.lock

📒 Files selected for processing (9)

• .gitignore (1 hunks)
• contrib/README.md (1 hunks)
• contrib/make-dmg.sh (1 hunks)
• contrib/test-sign-timestamp.sh (1 hunks)
• macos/Podfile (2 hunks)
• macos/Runner.xcodeproj/project.pbxproj (13 hunks)
• macos/Runner.xcodeproj/xcshareddata/xcschemes/production.xcscheme (1 hunks)
• macos/Runner/Configs/AppInfo.xcconfig (1 hunks)
• sdk (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: CharlVS is validating code guidelines 🚀

sdk

[error] 4-4: Target of URI doesn't exist: 'package:mocktail/mocktail.dart'

---

[error] 9-9: Missing concrete implementations of 'abstract class IBinanceProvider.fetch24hrTicker', 'abstract class IBinanceProvider.fetchExchangeInfo', 'abstract class IBinanceProvider.fetchExchangeInfoReduced', and 'abstract class IBinanceProvider.fetchKlines'

---

[error] 9-9: Classes can only extend other classes

---

[error] 29-29: The function 'when' isn't defined

---

[error] 4-4: Target of URI doesn't exist: 'package:mocktail/mocktail.dart'

---

[error] 12-12: Missing concrete implementation of 'abstract class ApiClient.executeRpc'

---

[error] 246-246: The method 'proxyHandler' isn't defined for the type 'KdfHttpServerOperations'

---

[error] 8-8: Target of URI doesn't exist: 'package:komodo_defi_framework_example/services/secure_storage_service.dart'

---

[error] 557-557: The method 'SecureStorageService' isn't defined for the type '_ConfigureDialogState'

---

[error] 9-9: The class 'DexDungeon' isn't defined

---

[error] 41-41: Undefined class 'CounterComponent'

---

[error] 81-81: The name 'GamePage' isn't a class

---

[error] 118-118: The function 'when' isn't defined

---

[error] 32-32: The function 'when' isn't defined

---

[error] 1-1: Target of URI doesn't exist: 'package:dex_dungeon/title/title.dart'

---

[error] 2-2: Target of URI doesn't exist: 'package:komodo_compliance_console/counter/counter.dart'

---

[warning] 1-1: The include file 'package:very_good_analysis/analysis_options.6.0.0.yaml' can't be found

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Test web-app-macos
• GitHub Check: Build Desktop (windows)
• GitHub Check: Build Desktop (linux)
• GitHub Check: Build Mobile (Android)
• GitHub Check: Build Mobile (iOS)

🔇 Additional comments (1)

macos/Runner.xcodeproj/project.pbxproj (1)

656-663: Bundle identifier updates look consistent.

com.komodo.wallet applied across Debug/Release/Profile and production variants.

Run a local build to ensure any keychain groups or URL schemes tied to the old ID were updated accordingly.

Also applies to: 518-521, 795-801, 975-979

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Developer ID distribution does not use provisioning profiles.

Remove the macOS provisioning profile specifier to prevent Xcode from searching for a non-applicable profile.

-				PROVISIONING_PROFILE_SPECIFIER = "";
-				"PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "[decker] Komodo(8HPBYKKKQP.com.komodo.wallet)";
+				PROVISIONING_PROFILE_SPECIFIER = "";

After this change, archive/sign with “Developer ID Application” should still succeed; please re-run an Archive on Release-production to confirm.

---

I'll verify the core claim in this review comment by searching for information about Developer ID distribution and provisioning profiles.

I found important information about Developer ID distribution. Let me search for more specific details about whether the provisioning profile specifier should be set for Developer ID signing in Xcode build settings.

Let me search more specifically for macOS Developer ID provisioning profile requirements:

Based on my research, I've verified the key claims in this review comment. Developer ID provisioning profiles are required for apps using advanced capabilities such as CloudKit, not unconditionally unnecessary for all Developer ID distribution as the review states.

The review comment's reasoning is incomplete. However, the practical suggestion to remove the provisioning profile specifier for macOS builds may still be valid. The review appropriately requests verification by re-running an Archive on Release-production, which is the correct validation approach.

Clarify the claim about Developer ID provisioning profiles.

Developer ID provisioning profiles are needed for apps using advanced capabilities such as CloudKit, so the blanket statement that "Developer ID distribution does not use provisioning profiles" is inaccurate. Update the review comment to be more precise: provisioning profiles are conditionally required for Developer ID distribution only when using advanced capabilities. For basic apps, the provisioning profile specifier can be removed, but the claim should reflect this nuance. The suggested verification by re-running the Release-production archive is the correct approach.

---

🌐 Web query:

Developer ID distribution provisioning profile macOS

💡 Result:

Short answer

• A "Developer ID" distribution provisioning profile is created in the Apple Developer portal (Certificates, Identifiers & Profiles → Profiles → Distribution → Developer ID) when your macOS app distributed outside the Mac App Store requires Apple-managed entitlements/advanced capabilities (CloudKit, push, system extensions, DriverKit, etc.). [1][2]

What it does

• Binds your App ID to one or more Developer ID distribution certificates and the entitlements your app uses, producing a .provisionprofile that you embed in the app bundle. Gatekeeper checks that profile at install and (for profiles used by the app) at every launch. If the profile expires, affected apps may stop launching. [1][3]

When you need it

• Required if your app uses capabilities that must be enabled in an App ID (entitlements) for Developer ID–signed apps (e.g., CloudKit, system extensions). If your app needs no such entitlements, you can sign with a Developer ID Application certificate and notarize without a provisioning profile. [1][2]

Practical notes

• Create matching App ID (with requested capabilities) first, then create the Developer ID provisioning profile and download/install it (Xcode or manually). The profile file type for macOS is .provisionprofile. Certificates (Developer ID Application / Developer ID Installer) are still required for signing; notarization is normally required for distribution. [2][4]

References

1. Apple Developer — Developer ID overview and profile expiration/behavior. [Apple Developer]. [1]
2. Xcode / Distribution methods documentation (Developer ID vs Mac App Store / how to create profiles). [2]
3. Apple Developer glossary — Developer ID certificate & distribution provisioning profile. [3]
4. Practical code-signing guides (example docs covering macOS provisioning profile usage and file types). [4]

---

I have confirmation that Developer ID provisioning profiles are conditionally required. Let me verify whether the Komodo wallet app uses any of the advanced capabilities that would require a provisioning profile.

---

🏁 Script executed:

#!/bin/bash
# Search for CloudKit usage
echo "=== Searching for CloudKit usage ==="
rg -i "cloudkit" --type swift --type objc

# Search for push notification usage
echo "=== Searching for push notification capabilities ==="
rg -i "(nsusernotification|remote.*notification|aps)" --type swift --type objc

# Search for system extensions
echo "=== Searching for system extensions ==="
rg -i "(system.*extension|kernel.*extension|kext)" --type swift --type objc

# Search for DriverKit
echo "=== Searching for DriverKit ==="
rg -i "driverkit" --type swift --type objc

# Check for entitlements plist that might reveal capabilities
echo "=== Checking entitlements files ==="
fd -e plist -e entitlements | head -20

Length of output: 1108

---

No advanced capabilities found in the code. Let me check the macOS entitlements file to confirm what capabilities are actually declared:

---

🏁 Script executed:

#!/bin/bash
cat macos/Runner/Release.entitlements

Length of output: 410

---

Remove macOS provisioning profile specifier—app uses no advanced capabilities requiring it.

The Komodo wallet app uses only basic entitlements (app sandbox, network access, file access) and has no CloudKit, push notifications, system extensions, or DriverKit usage. Per Apple documentation, Developer ID distribution without provisioning profiles is supported for apps that don't use advanced capabilities. The provisioning profile specifier can be safely removed.

-				PROVISIONING_PROFILE_SPECIFIER = "";
-				"PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "[decker] Komodo(8HPBYKKKQP.com.komodo.wallet)";
+				PROVISIONING_PROFILE_SPECIFIER = "";

🤖 Prompt for AI Agents

In macos/Runner.xcodeproj/project.pbxproj around lines 886 to 891, remove the
macOS provisioning profile specifier entry
("PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "[decker]
Komodo(8HPBYKKKQP.com.komodo.wallet)"); also remove the unused generic
PROVISIONING_PROFILE_SPECIFIER = "" if present, leaving no provisioning profile
specifier for macOS builds since the app uses only basic entitlements; save the
file and ensure the project still opens and builds with Developer ID
distribution settings.