Skip to content

fix(mac): revive the .app build against current deps + static layout#1557

Merged
jaylfc merged 2 commits into
devfrom
fix/mac-app-rebuild
Jul 3, 2026
Merged

fix(mac): revive the .app build against current deps + static layout#1557
jaylfc merged 2 commits into
devfrom
fix/mac-app-rebuild

Conversation

@jaylfc

@jaylfc jaylfc commented Jul 2, 2026

Copy link
Copy Markdown
Owner

The Mac app (C1+A milestone, PR #269) had drifted ~2 months. A rebuild against current dev surfaced two mechanical breakages, both fixed:

  • tinyagentos/requirements.lock predated the auth rewrite and other additions, so the bundled Python had no argon2 and the app died at import with ModuleNotFoundError. Lock regenerated via uv pip compile for py3.12/aarch64-apple-darwin (also drops stale absolute paths from the old header).
  • mac/build/assemble_bundle.sh staged the frontend to Resources/frontend, but the server serves from static/ (SPA at static/desktop), so /desktop 404'd. It now stages repo static/ plus the SPA build into the location the server actually reads.

Smoke-tested on Apple Silicon against the rebuilt bundle (launcher run directly): /api/health 200, /desktop 200 with real SPA HTML + JS + manifest, clean SIGTERM shutdown reaping the embedded Python child. No signing/notarization (those stages self-skip without a Dev ID; notarization needs Jay's Apple Developer credentials). The pinned python-build-standalone (3.12.13) and apple-container-cli (0.12.0) still resolve with matching SHAs, no checksum bumps needed.

Built + smoke-tested by a subagent to an orchestrator spec; the orchestrator re-ran the smoke test and confirmed the assembled arm64 bundle.

Summary by CodeRabbit

  • Bug Fixes
    • Fixed desktop app packaging so bundled frontend assets are placed in the correct app location.
    • Improved app startup asset handling by checking for the expected SPA entry point and failing early if it’s missing.
    • Prevented layout changes from causing desktop-specific files to be packaged in the wrong path.

@qodo-code-review

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 767c368c-f1bf-45e4-8c7b-4992fa1ad07a

📥 Commits

Reviewing files that changed from the base of the PR and between c19e2f7 and ede3c1e.

⛔ Files ignored due to path filters (1)
  • tinyagentos/requirements.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • mac/build/assemble_bundle.sh

📝 Walkthrough

Walkthrough

The PR modifies assemble_bundle.sh to change where frontend assets are packaged in the macOS app bundle, copying static assets into taos/static/ and locating/copying the SPA root (with index.html detection) into static/desktop/ instead of a separate Resources/frontend directory.

Changes

Bundle Packaging Update

Layer / File(s) Summary
Frontend asset packaging path change
mac/build/assemble_bundle.sh
Packaging now copies repo static/ contents and SPA root (detected via index.html under $STAGING/frontend or $STAGING/frontend/desktop) into taOS.app/Contents/Resources/taos/static/desktop/, replacing the prior copy into Resources/frontend, with an error if no index.html is found.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • jaylfc/taOS#1207: Both PRs adjust the desktop SPA bundle's on-disk placement under static/desktop during packaging/install to prevent incorrect desktop paths.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the macOS app build and static asset layout fixes in the change set.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/mac-app-rebuild

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gitar-bot

gitar-bot Bot commented Jul 2, 2026

Copy link
Copy Markdown

Gitar is working

Gitar

Comment thread mac/build/assemble_bundle.sh Outdated
mkdir -p "$CONTENTS/Resources/taos/static"
cp -R "$REPO_ROOT/static"/. "$CONTENTS/Resources/taos/static/"
rm -rf "$CONTENTS/Resources/taos/static/desktop"
cp -R "$STAGING/frontend" "$CONTENTS/Resources/taos/static/desktop"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: cp -R "$STAGING/frontend" "$CONTENTS/Resources/taos/static/desktop" silently re-introduces the original /desktop 404 if the upstream build script ever nests the SPA under $STAGING/frontend/desktop/ instead of placing index.html at $STAGING/frontend/index.html. The fix here assumes a specific shape for $STAGING/frontend, but nothing in this script asserts it (no [ -f "$STAGING/frontend/index.html" ] guard, and the target is renamed to desktop/ regardless of what is inside). If the SPA layout changes upstream, this path regresses to a nested desktop/desktop/ and /desktop 404s again with no build-time signal.

Consider either asserting the SPA shape (e.g. guarding with [[ -f "$STAGING/frontend/index.html" ]]) or, more robustly, copying contents with cp -R "$STAGING/frontend"/. "$CONTENTS/Resources/taos/static/desktop/" so the SPA root is determined by index.html location, not by the directory's name.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jul 2, 2026

Copy link
Copy Markdown

Code Review Summary

Status: 4 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 4
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
mac/build/assemble_bundle.sh 75 No existence guard for $REPO_ROOT/static before cp -R (carried from previous review — still unfixed)
mac/build/assemble_bundle.sh 84 Error message "no SPA index.html under $STAGING/frontend" is misleading: only two hard-coded subpaths are probed; nested layouts yield the same generic message with no indication of what was checked (new)
mac/build/assemble_bundle.sh 87 rm -rf "$CONTENTS/Resources/taos/static/desktop" silently destroys any pre-existing static/desktop/ content just copied from $REPO_ROOT/static on the previous line; non-SPA shared assets would be wiped on every build (new)
mac/build/assemble_bundle.sh 89 cp -R follows symlinks by default and does not preserve their targets; use cp -RL (or rsync -aL) and consider cp -P for explicit link preservation (carried from previous review — still unfixed)

Previously flagged, now resolved

File Line Issue Status
mac/build/assemble_bundle.sh (was 77) cp -R "$STAGING/frontend" .../static/desktop silently regresses to a nested desktop/desktop/ if upstream ever nests SPA under $STAGING/frontend/desktop/ Resolved — script now probes $STAGING/frontend/index.html first and falls back to $STAGING/frontend/desktop/index.html, then rm -rfs static/desktop before placing the SPA. Nested layout no longer silently misroutes.
mac/build/assemble_bundle.sh 85 Error prefix assemble_bundle: is inconsistent with [assemble_bundle] used elsewhere Still active as comment 4 (line shifted to 84 in new file); defect persists.
Files Reviewed (1 file + 1 generated skipped)
  • mac/build/assemble_bundle.sh — 4 active warnings (2 new this pass, 2 carried from previous review)
  • tinyagentos/requirements.lock — skipped (generated lock file regenerated via uv pip compile; reviewed only for accidental edits, none found)

Fix these issues in Kilo Cloud

Previous Review Summary (commit f841935)

Current summary above is authoritative. Previous snapshots are kept for context only.

Previous review (commit f841935)

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
mac/build/assemble_bundle.sh 77 cp -R "$STAGING/frontend" ".../static/desktop" silently regresses to a nested desktop/desktop/ (and /desktop 404) if the upstream build ever nests the SPA under $STAGING/frontend/desktop/; the script assumes a specific SPA root shape with no guard.
Files Reviewed (2 files)
  • mac/build/assemble_bundle.sh - 1 issue
  • tinyagentos/requirements.lock - skipped (generated lock file)

Fix these issues in Kilo Cloud


Reviewed by minimax-m3 · Input: 38.9K · Output: 6.6K · Cached: 586.8K

# SPA_DIR). Resources/frontend was never read by the server.
mkdir -p "$CONTENTS/Resources/taos/static"
cp -R "$REPO_ROOT/static"/. "$CONTENTS/Resources/taos/static/"
# Locate the SPA root by its index.html rather than trusting the directory

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: No existence guard for $REPO_ROOT/static before cp -R.

The neighbouring blocks at lines 62 and 66 use [[ -d "$REPO_ROOT/data" ]] / [[ -d "$REPO_ROOT/app-catalog" ]] before staging, so a missing directory is silently skipped. This block unconditionally runs cp -R "$REPO_ROOT/static"/. "$CONTENTS/Resources/taos/static/". If the repo layout ever drops the static/ directory (or this script is invoked from a stale checkout), the glob "$REPO_ROOT/static"/. does not match and cp is called with the literal path plus / plus .; the rest of the script will then stage the SPA into a fresh static/desktop/ but the shared assets directory will be empty, producing a broken /desktop with missing icons/wallpapers/manifests and no build-time signal.

Mirror the app-catalog pattern and wrap in [[ -d "$REPO_ROOT/static" ]], or fail loudly with a descriptive error.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

rm -rf "$CONTENTS/Resources/taos/static/desktop"
mkdir -p "$CONTENTS/Resources/taos/static/desktop"
cp -R "$SPA_SRC"/. "$CONTENTS/Resources/taos/static/desktop/"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: cp -R follows symlinks by default and does not preserve their targets.

cp -R "$SPA_SRC"/. "$CONTENTS/Resources/taos/static/desktop/" (and the matching cp -R "$REPO_ROOT/static"/. ... on line 76) will, for any symlink found inside $STAGING/frontend or $REPO_ROOT/static, follow the link and copy the target file contents into the bundle rather than copying the symlink itself. If the staging tree ever contains a symlink that points outside $STAGING/frontend (e.g. a shared node_modules shortcut to the host filesystem, a stray editor symlink, or an attacker-controlled checkout), arbitrary host files can be silently inlined into taOS.app and shipped to users. This also breaks reproducibility (the target file's contents are baked in rather than a stable symlink).

Use cp -RP (or cp -a) so symlinks are preserved as symlinks and followed targets are not pulled in.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

SPA_SRC="$STAGING/frontend/desktop"
else
echo "assemble_bundle: no SPA index.html under $STAGING/frontend" >&2
exit 1

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: Error prefix assemble_bundle: is inconsistent with the rest of the script.

Lines 36 and 110 (and the argparse error on line 17 uses assemble_bundle.sh:) emit messages with the [assemble_bundle] / assemble_bundle.sh: prefix. This newly added diagnostic uses bare assemble_bundle:, which breaks log-grep conventions and makes it harder to filter build noise.

Suggested change
exit 1
echo "[assemble_bundle] no SPA index.html under $STAGING/frontend" >&2

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

jaylfc added 2 commits July 3, 2026 11:43
Two months of controller drift broke the C1 build pipeline:

- Regenerate tinyagentos/requirements.lock from the current pyproject
  (argon2-cffi, sqlcipher3, matrix-nio, taosmd 0.4.0, pywebpush, etc.).
  The old lock predated the auth rewrite, so python -m tinyagentos died
  at import with ModuleNotFoundError: argon2.
- assemble_bundle.sh: stage the frontend where the server actually reads
  it. The server serves PROJECT_DIR/static and the SPA from static/desktop
  (SPA_DIR), but the script copied it to Resources/frontend, which nothing
  reads — /desktop 404'd. Now copies repo static/ plus the SPA build into
  Resources/taos/static.

Verified: unsigned build assembles taOS.app + DMG; launching the bundled
binary boots the embedded server, /api/health and /desktop return 200,
SPA JS + shared static assets load, SIGTERM reaps the Python child.
Fold review: the bundle assembler assumed the SPA lives directly at
$STAGING/frontend and renamed it to desktop/ regardless of contents, so an
upstream layout change nesting the SPA under frontend/desktop/ would silently
reintroduce the /desktop 404. Now the SPA root is found by its index.html
(direct or one level down) and the build fails loudly if neither exists.
@jaylfc jaylfc force-pushed the fix/mac-app-rebuild branch from f841935 to ede3c1e Compare July 3, 2026 10:44
echo "assemble_bundle: no SPA index.html under $STAGING/frontend" >&2
exit 1
fi
rm -rf "$CONTENTS/Resources/taos/static/desktop"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: rm -rf "$CONTENTS/Resources/taos/static/desktop" silently destroys any pre-existing static/desktop/ content that was just copied in from $REPO_ROOT/static on the line above. If the repo's static/desktop/ ever ships shared (non-SPA) assets — PWA icons, fonts, manifests used by other routes, or files from a prior layout — they are wiped on every build without notice. Guard the deletion (e.g. only remove the dir when SPA_SRC differs, or move the cp -R of repo static/ to happen after the SPA copy, or explicitly test -d and only remove when the path was newly created).


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

elif [[ -f "$STAGING/frontend/desktop/index.html" ]]; then
SPA_SRC="$STAGING/frontend/desktop"
else
echo "assemble_bundle: no SPA index.html under $STAGING/frontend" >&2

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: The error string "no SPA index.html under $STAGING/frontend" is misleading: this block only checks two hard-coded paths ($STAGING/frontend/index.html and $STAGING/frontend/desktop/index.html) and never actually searches the directory tree. If upstream ever nests the SPA elsewhere (e.g. $STAGING/frontend/v2/desktop/index.html, or a dist/ step in front of index.html), the user sees the generic "no SPA index.html" message with no hint about which paths were probed. List the probed paths in the message, or fall back to a find before declaring failure.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@jaylfc jaylfc merged commit ef776f8 into dev Jul 3, 2026
9 checks passed
@github-project-automation github-project-automation Bot moved this from Todo to Done in TinyAgentOS Roadmap Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

1 participant