This document covers the contributor and maintainer details that don't need to sit in the consumer-focused README.
- macOS 15 or later on Apple Silicon
- Xcode with Swift 6.1 or later
- Codex CLI installed and signed in with ChatGPT for live usage data
Run the normal development checks with:
swift build --build-tests
swift test --parallelThe Makefile also provides a release build target and a standard test target:
make build # swift build -c release
make test # swift testRun the executable directly from source with:
make runswift run doesn't create an app bundle, so launch-at-login controls are only available in an installed build.
After any code change that affects the app, install and relaunch it:
make install
open ~/Applications/CodexBar.appmake install builds the release executable, creates dist/CodexBar.app, signs it with an available Apple Development identity or ad-hoc identity, stops the running installed copy, and copies the new bundle to ~/Applications.
To create the signed bundle without installing it:
make bundleYou can override the bundle metadata and signing options when packaging:
make bundle VERSION=0.3 BUILD=42 CODESIGN_IDENTITY="Developer ID Application: YOUR_NAME (TEAM_ID)" CODESIGN_OPTS="--options runtime --timestamp"Sources/CodexBarCorecontains the testable protocol models, usage mapping, formatting, severity thresholds, celebration detection, and snapshot stabilization.Sources/CodexBarcontains the app-server client, settings, menu-bar UI, reactions, launch-at-login support, and icon rendering.Tests/CodexBarCoreTestscovers the core behavior.Packaging/Info.plistandMakefilebuild the distributable app bundle..github/workflows/build.ymlruns CI and publishes releases.
Releases use vX.Y tags. Publishing a GitHub release triggers the release job, which:
- Builds and tests all targets.
- Imports the Developer ID certificate into a temporary keychain.
- Builds and signs
CodexBar.appwith the hardened runtime and timestamping. - Verifies the signature, submits the app for notarization, and staples the ticket.
- Creates and uploads
CodexBar-X.Y.dmg. - Updates
gordonbeeming/homebrew-tapwith the matching version and SHA-256 checksum. - Signs the Homebrew cask commit before pushing it through the repository-specific deploy key.
The prod GitHub environment provides these secrets:
DEVELOPER_ID_CERTIFICATEDEVELOPER_ID_PASSWORDAPPLE_IDAPPLE_TEAM_IDAPPLE_APP_PASSWORDHOMEBREW_TAP_DEPLOY_KEYCOMMIT_SIGNING_KEY
The certificate secret contains the base64-encoded .p12. COMMIT_SIGNING_KEY must contain an OpenSSH-formatted private key because Git's SSH signing helper doesn't accept the PKCS#8 export produced by some password managers.