Build universal macOS release artifact

[TurboTheTurtle]

Closes #57.

Builds the macOS release artifact through a shared universal binary packaging script so the Homebrew-consumed zip contains both arm64 and x86_64 slices. The release workflow now validates the packaged archive with lipo/file checks, and the notarization helper reuses the same universal build path.

Real behavior proof:

• Real environment tested: macOS 27.0 (26A5353q), arm64 host, Xcode 26.5, Swift 6.3.2.
• Exact steps or command run after this patch: make macos-artifact; unzip dist/remindctl-macos.zip; run file, lipo -info, and scripts/check-macos-artifact.sh dist/remindctl-macos.zip on the generated archive.
• Evidence after fix: the archive extracted to one top-level remindctl binary; file reported Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64:Mach-O 64-bit executable arm64]; lipo -info reported Architectures in the fat file ... are: x86_64 arm64.
• Observed result after fix: scripts/check-macos-artifact.sh dist/remindctl-macos.zip passed.
• What was not tested: execution on physical Intel Mac hardware and notarized release upload.

[TurboTheTurtle]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 20, 2026, 5:54 AM ET / 09:54 UTC.

Summary
The PR replaces the macOS release artifact build with shared universal build, package, and verification scripts, updates notarization to reuse that path, and documents make macos-artifact.

Reproducibility: yes. for source-level release packaging: current main builds and zips one default-architecture macOS binary, matching the linked Intel Mac artifact failure. I did not execute the shipped artifact on Intel hardware in this review.

Review metrics: 2 noteworthy metrics.

• Release automation surface: 1 workflow modified; 3 executable scripts added; 1 signing helper changed. The changed code sits on the tag release path that publishes the Homebrew-consumed artifact.
• Patch size: 7 files, +125/-35. The diff is bounded, but broad enough to warrant focused release-path review.

Root-cause cluster
Relationship: fixed_by_candidate
Canonical: #57
Summary: This PR is the open implementation candidate for the linked Intel Mac release artifact bug.

Members:

• canonical: remindctl ships arm64-only — "Bad CPU type in executable" on Intel Macs #57 - The PR body uses closing syntax for the issue, and the diff directly changes the release artifact path that produced the reported arm64-only zip.

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• A maintainer release dry run would further reduce confidence risk for the tag workflow and notarization path.

Risk before merge

• [P1] The PR changes the tag release packaging path that publishes the Homebrew-consumed archive, while ordinary PR checks do not exercise the full tag release, upload, and tap-dispatch path end to end.
• [P1] The supplied proof validates local macOS artifact creation and architecture checks, but not physical Intel Mac execution or notarized release upload.

Maintainer options:

1. Accept artifact proof and merge after normal gates (recommended)
   Maintainers can merge once they accept the PR body's macOS artifact output, with the first full tag-release run still validating the release workflow path.
2. Run a release dry run first
   A maintainer can run the packaging path or a controlled release dry run before landing to reduce the remaining automation uncertainty.

Next step before merge

• [P2] No repair PR is queued because there is no concrete patch defect; maintainers should decide whether the provided artifact proof is enough for release automation merge risk.

Security
Cleared: The diff changes release automation but does not add third-party actions, dependencies, broader workflow permissions, or new secret exposure.

Review details

Best possible solution:

Land the shared universal packaging path after maintainer review accepts the artifact proof and normal release gates, then let the linked issue close when this PR merges.

Do we have a high-confidence way to reproduce the issue?

Yes for source-level release packaging: current main builds and zips one default-architecture macOS binary, matching the linked Intel Mac artifact failure. I did not execute the shipped artifact on Intel hardware in this review.

Is this the best way to solve the issue?

Yes: the shared universal build, package, and check path is the narrow maintainable fix for the release artifact bug. The remaining question is maintainer acceptance of release automation risk, not a different implementation direction.

AGENTS.md: not found in the target repository.

Codex review notes: model internal, reasoning high; reviewed against 4e8643ff0ed9.

Label changes

Label justifications:

• P2: The PR addresses a bounded release-packaging bug that blocks Intel Mac users from running the distributed CLI.
• merge-risk: 🚨 automation: Merging changes the GitHub release packaging workflow and local release scripts that ordinary PR CI does not run end to end.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body provides after-fix macOS live output for building and inspecting the generated universal zip, which is sufficient artifact proof for this review.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body provides after-fix macOS live output for building and inspecting the generated universal zip, which is sufficient artifact proof for this review.

Evidence reviewed

What I checked:

• Current main still packages one default-architecture binary: The release workflow on current main runs one swift build -c release --product remindctl, ad-hoc signs .build/release/remindctl, and zips that one binary as dist/remindctl-macos.zip. (.github/workflows/release.yml:53, 4e8643ff0ed9)
• Universal build exists only in the local notarization helper on main: Current main has scripts/sign-and-notarize.sh building both arm64 and x86_64 with lipo, but the release workflow does not call that helper for the published Homebrew-consumed zip. (scripts/sign-and-notarize.sh:32, 4e8643ff0ed9)
• Latest shipped release does not contain the fix: v0.3.1 contains the release-prep commit that introduced the current single-build workflow, and GitHub release v0.3.1 publishes remindctl-macos.zip from that release line. (.github/workflows/release.yml:53, 04fbfd02e76f)
• PR adds a shared universal package path: The proposed package script calls the universal build helper, codesigns the output binary, zips a single top-level remindctl, and invokes the artifact checker before publishing Done. (scripts/package-macos-release.sh:20, 458c13cd3329)
• PR verifies the requested slices: The added build helper creates a lipo output and verifies the requested architectures, and the added checker verifies either a zip or binary with lipo and file. (scripts/build-macos-universal.sh:38, 458c13cd3329)
• Proof is real macOS artifact output: The PR body reports a macOS arm64 host, make macos-artifact, unzip, file, lipo -info, and checker output showing both x86_64 and arm64 slices in the generated archive. (458c13cd3329)

Likely related people:

• Peter Steinberger: Current-main blame and file history attribute the release workflow packaging path, release docs, Makefile release targets, and notarization helper to the v0.3.1 release-preparation commit. (role: release workflow author; confidence: high; commits: 04fbfd02e76f; files: .github/workflows/release.yml, scripts/sign-and-notarize.sh, docs/RELEASING.md)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[TurboTheTurtle]

@clawsweeper re-review