[codex] Structure macOS passkey signing failures

[juliusmarminge]

Summary

• replace generic macOS passkey validation throws with distinct schema-tagged errors and safe structural context
• represent invalid RP domains with a normalized reason and input length, never the raw credential, path, or query-bearing value
• preserve URL and publishable-key parser failures as exact causes without storing the publishable key or deriving messages from cause text
• model known configuration failures as a Schema union and pass them through the build-staging boundary unchanged
• wrap only unknown staging defects in BuildScriptError with a stable message and the exact cause

Validation

• vp test scripts/build-desktop-artifact.test.ts (21 tests)
• vp check
• vp run typecheck

---

Note

Low Risk
Changes are confined to desktop build-script validation and error shaping for signed macOS passkey configuration, with no runtime auth behavior changes.

Overview
macOS passkey signing validation in the desktop build script now throws distinct schema-tagged errors instead of generic Error messages, with RP-domain failures carrying a reason code and input length rather than echoing the raw domain string.

BuildScriptError.fromMacPasskeySigningConfiguration passes the known configuration error union through unchanged at staging time and wraps only unknown defects behind a fixed message, keeping publishable keys and parser cause text out of surfaced messages. Tests were extended to lock in those types, redaction on JSON.stringify, and boundary behavior.

^{Reviewed by Cursor Bugbot for commit 5fc6c47. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Structure macOS passkey signing failures into typed error classes

• Introduces typed error classes (InvalidMacPasskeyRpDomainError, InvalidMacPasskeyPublishableKeyError, MissingMacPasskeyProvisioningProfileError, etc.) in build-desktop-artifact.ts to replace generic Error throws across passkey signing validation.
• normalizePasskeyRpDomain now emits InvalidMacPasskeyRpDomainError with structured reason codes (e.g. port-not-allowed, path-not-allowed) and does not leak the raw domain string in error messages.
• resolveMacPasskeySigningConfiguration emits specific typed errors for all validation paths: invalid team ID, missing provisioning profile, bad publishable key, and missing RP domains.
• BuildScriptError.fromMacPasskeySigningConfiguration preserves known passkey config errors as-is and wraps unknown defects with a generic message that omits the original cause text.
• Behavioral Change: buildDesktopArtifact no longer copies the cause message into the wrapping BuildScriptError for unknown defects, and known errors now propagate with their original type.

^{Macroscope summarized 5fc6c47.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2e3cfae4-950b-46a3-9c27-97cd3fb1dc24

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/passkey-signing-errors

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Approvability

Verdict: Approved

Build script refactor that replaces generic errors with typed error classes for macOS passkey signing configuration failures. No changes to validation logic or runtime behavior - purely improves error structure and explicitly avoids leaking sensitive data in error messages.

^{You can customize Macroscope's approvability policy. Learn more.}

Dismissing prior approval to re-evaluate c70f014

Dismissing prior approval to re-evaluate 5fc6c47