Problem
codedb-darwin-x86_64 ships unsigned as a workaround for #504: Zig 0.16 x86_64-macos binaries can segfault on macOS 26 after codesign (including under Rosetta), so build.zig deliberately skips the codesign step for that target and the README table lists it as "temporarily unsigned".
"Temporarily" needs an owner: nothing currently tracks re-checking whether the upstream Zig/macOS interaction is fixed, so the slice will stay unsigned (and un-notarizable) indefinitely. Unsigned binaries trip Gatekeeper for Intel-mac users installing outside install.sh's quarantine handling.
Expected
codedb-darwin-x86_64 is codesigned + notarized like the arm64 slice, and the README support table shows ✅ for both macOS rows.
Re-check procedure (each new Zig release / macOS point release)
zig build -Doptimize=ReleaseFast -Dtarget=x86_64-macoscodesign --force --sign "<Developer ID>" --options runtime zig-out/bin/codedb- Run the signed binary under Rosetta on macOS 26:
arch -x86_64 ./codedb --version and python3 scripts/e2e_mcp_test.py --binary ./codedb --project .
- If no segfault: remove the x86_64 skip in
build.zig (the codesign-identity gate), update the README table, and sign + notarize the slice in the release flow.
Fix
Blocked on upstream (#504 root cause — Zig 0.16 x86_64-macos + macOS 26 codesign). This issue tracks the periodic re-check and the un-gating once it passes.
Note: the failing state is "signed x86_64 binary segfaults on launch on macOS 26" — reproducible via the procedure above, not capturable as a zig unit test.
Problem
codedb-darwin-x86_64ships unsigned as a workaround for #504: Zig 0.16 x86_64-macos binaries can segfault on macOS 26 after codesign (including under Rosetta), sobuild.zigdeliberately skips the codesign step for that target and the README table lists it as "temporarily unsigned"."Temporarily" needs an owner: nothing currently tracks re-checking whether the upstream Zig/macOS interaction is fixed, so the slice will stay unsigned (and un-notarizable) indefinitely. Unsigned binaries trip Gatekeeper for Intel-mac users installing outside
install.sh's quarantine handling.Expected
codedb-darwin-x86_64is codesigned + notarized like the arm64 slice, and the README support table shows ✅ for both macOS rows.Re-check procedure (each new Zig release / macOS point release)
zig build -Doptimize=ReleaseFast -Dtarget=x86_64-macoscodesign --force --sign "<Developer ID>" --options runtime zig-out/bin/codedbarch -x86_64 ./codedb --versionandpython3 scripts/e2e_mcp_test.py --binary ./codedb --project .build.zig(thecodesign-identitygate), update the README table, and sign + notarize the slice in the release flow.Fix
Blocked on upstream (#504 root cause — Zig 0.16 x86_64-macos + macOS 26 codesign). This issue tracks the periodic re-check and the un-gating once it passes.