[codex] Fix macOS helper bundle identities

[juliusmarminge]

Summary

Fixes #2405.

Restores T3 Code-specific macOS Electron helper identity so enterprise EDR tools can associate helper processes, especially the GPU helper, with the parent app instead of the default Electron identity.

Changes

• Explicitly configure electron-builder mac helper bundle IDs under com.t3tools.t3code.helper.*, including com.t3tools.t3code.helper.gpu.
• Restore production launcher helper Info.plist patching for launcher-created macOS bundles while keeping dev launches on the stock Electron path.
• Add a scripts regression test that verifies the mac build config pins helper bundle IDs.

Validation

• bun fmt
• bun lint (passes with existing warnings outside this change)
• bun typecheck
• bun run --filter @t3tools/scripts test -- build-desktop-artifact.test.ts

Note

Fix macOS Electron helper bundle identities in the desktop app build

• Adds MAC_HELPER_BUNDLE_IDS constant in build-desktop-artifact.ts defining explicit bundle IDs for all six Electron helper processes, rooted at com.t3tools.t3code.
• Spreads these IDs into the mac config in createBuildConfig so electron-builder sets them at package time.
• Adds patchHelperBundleInfoPlists in electron-launcher.mjs to scan Contents/Frameworks for Electron Helper*.app bundles and rewrite their CFBundleDisplayName, CFBundleName, and CFBundleIdentifier to match the app's display name and bundle ID.
• Bumps LAUNCHER_VERSION from 2 to 3 to trigger re-patching on existing installs.

^{Macroscope summarized f760713.}

---

Note

Medium Risk
Changes macOS packaging/launcher plist patching and bundle IDs, which can affect helper process launching and code signing/notarization behavior on macOS.

Overview
Ensures macOS Electron helper apps (including GPU/renderer/plugin helpers) use T3 Code-specific bundle identifiers instead of the default Electron identity.

This updates the production macOS launcher to also rewrite each Electron Helper*.app Info.plist (name + CFBundleIdentifier) and bumps LAUNCHER_VERSION to force regeneration. Separately, the desktop build script now hard-codes and applies MAC_HELPER_BUNDLE_IDS in the mac electron-builder config and adds a regression test asserting these IDs are present.

^{Reviewed by Cursor Bugbot for commit f760713. Bugbot is set up for automated code reviews on this repo. Configure here.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: a5ea4bf1-706c-4c9c-9092-88c9c920ab99

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch t3code/c171adfb

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Approvability

Verdict: Approved

Build-time configuration fix that ensures macOS Electron helper processes get correct bundle identifiers. Changes are limited to build scripts and packaging config, with no runtime behavior impact. Includes test coverage.

^{You can customize Macroscope's approvability policy. Learn more.}

[juliusmarminge]

@bhavyamithal-jp can you confirm whether this fixes it