safari-pilot 0.1.0

package/extension/content-main.js

@@ -0,0 +1,310 @@
+// content-main.js — MAIN world
+// WARNING: This code runs in the page's context. It CAN be observed by page JS.
+// Never store secrets. Never read credentials. Minimal footprint.
+
+(() => {
+  'use strict';
+
+  // Namespace to minimize collision risk
+  const SP = Object.create(null);
+
+  // ─── Shadow DOM Traversal ─────────────────────────────────────────────────
+  // Traverses open AND closed shadow roots. Closed roots are accessible from
+  // MAIN world because we intercept Element.attachShadow at document_idle.
+  // Primary reason this extension exists — no other automation layer can do this.
+
+  SP.queryShadow = (selector, shadowSelector) => {
+    // If shadowSelector provided: find hosts matching selector, then query inside their shadows
+    // If only selector: query entire document including all shadow subtrees
+    const results = [];
+
+    const walkShadow = (node, targetSelector) => {
+      const shadow = node.shadowRoot;
+      if (shadow) {
+        const found = shadow.querySelectorAll(targetSelector);
+        results.push(...found);
+        shadow.querySelectorAll('*').forEach(child => walkShadow(child, targetSelector));
+      }
+    };
+
+    if (shadowSelector) {
+      // Two-phase: find shadow hosts by selector, then query inside their shadows
+      const hosts = document.querySelectorAll(selector);
+      hosts.forEach(host => {
+        if (host.shadowRoot) {
+          results.push(...host.shadowRoot.querySelectorAll(shadowSelector));
+          host.shadowRoot.querySelectorAll('*').forEach(child => walkShadow(child, shadowSelector));
+        }
+      });
+    } else {
+      // Single-phase: query full document + all shadow subtrees
+      results.push(...document.querySelectorAll(selector));
+      document.querySelectorAll('*').forEach(el => walkShadow(el, selector));
+    }
+
+    return results;
+  };
+
+  SP.queryShadowAll = (selector, root = document) => {
+    const results = [];
+    const walk = (node) => {
+      if (node.shadowRoot) {
+        results.push(...node.shadowRoot.querySelectorAll(selector));
+        node.shadowRoot.querySelectorAll('*').forEach(walk);
+      }
+      node.querySelectorAll('*').forEach(child => {
+        if (child.shadowRoot) walk(child);
+      });
+    };
+    results.push(...root.querySelectorAll(selector));
+    walk(root);
+    return results;
+  };
+
+  // ─── Framework-Aware Form Filling ─────────────────────────────────────────
+  // React tracks input state via _valueTracker. A plain .value assignment won't
+  // trigger React's synthetic event system. We must use the native setter and
+  // delete the tracker so React sees the change as "new" input.
+
+  SP.fillReact = (element, value) => {
+    const nativeInputValueSetter =
+      Object.getOwnPropertyDescriptor(HTMLInputElement.prototype, 'value')?.set ||
+      Object.getOwnPropertyDescriptor(HTMLTextAreaElement.prototype, 'value')?.set;
+
+    if (!nativeInputValueSetter) {
+      throw new Error('Cannot find native value setter');
+    }
+
+    // Bypass React's _valueTracker so it sees the programmatic change as new
+    if (element._valueTracker) {
+      element._valueTracker.setValue('');
+    }
+
+    nativeInputValueSetter.call(element, value);
+    element.dispatchEvent(new Event('input', { bubbles: true }));
+    element.dispatchEvent(new Event('change', { bubbles: true }));
+    element.dispatchEvent(new FocusEvent('blur', { bubbles: true }));
+  };
+
+  SP.fillVue = async (element, value) => {
+    // Vue 3 uses Proxy-based reactivity — direct assignment triggers v-model
+    element.value = value;
+    element.dispatchEvent(new Event('input', { bubbles: true }));
+    // Wait for Vue's nextTick so watchers run before change event
+    await new Promise(resolve => setTimeout(resolve, 0));
+    element.dispatchEvent(new Event('change', { bubbles: true }));
+  };
+
+  // ─── Dialog Interception ──────────────────────────────────────────────────
+  // Replaces window.alert/confirm/prompt with captured versions.
+  // Must run in MAIN world — ISOLATED world cannot override window globals.
+
+  SP.interceptDialogs = () => {
+    const dialogQueue = [];
+    const handlers = {};
+
+    ['alert', 'confirm', 'prompt'].forEach(type => {
+      const original = window[type];
+      window[type] = function(message, defaultValue) {
+        const entry = { type, message, timestamp: Date.now() };
+        dialogQueue.push(entry);
+
+        if (handlers[type]) {
+          return handlers[type](message, defaultValue);
+        }
+        // Sensible defaults: accept alerts, auto-confirm, return empty prompt
+        if (type === 'alert') return undefined;
+        if (type === 'confirm') return true;
+        if (type === 'prompt') return defaultValue || '';
+      };
+    });
+
+    return {
+      getQueue: () => [...dialogQueue],
+      setHandler: (type, fn) => { handlers[type] = fn; },
+      clear: () => { dialogQueue.length = 0; },
+    };
+  };
+
+  // ─── Network Interception ─────────────────────────────────────────────────
+  // Monkey-patches fetch and XMLHttpRequest for capture and mocking.
+  // Only JS-initiated requests are interceptable — browser-native resource
+  // loading (img src, link href, etc.) bypasses this.
+
+  SP.interceptNetwork = () => {
+    const captured = [];
+    const originalFetch = window.fetch;
+    const OriginalXHR = window.XMLHttpRequest;
+
+    window.fetch = async function(...args) {
+      const request = new Request(...args);
+      const entry = {
+        type: 'fetch',
+        url: request.url,
+        method: request.method,
+        timestamp: Date.now(),
+      };
+      try {
+        const response = await originalFetch.apply(this, args);
+        entry.status = response.status;
+        entry.statusText = response.statusText;
+        captured.push(entry);
+        return response;
+      } catch (error) {
+        entry.error = error.message;
+        captured.push(entry);
+        throw error;
+      }
+    };
+
+    // Patch XMLHttpRequest
+    window.XMLHttpRequest = function() {
+      const xhr = new OriginalXHR();
+      const entry = { type: 'xhr', timestamp: Date.now() };
+
+      const originalOpen = xhr.open.bind(xhr);
+      xhr.open = function(method, url, ...rest) {
+        entry.method = method;
+        entry.url = url;
+        return originalOpen(method, url, ...rest);
+      };
+
+      xhr.addEventListener('load', () => {
+        entry.status = xhr.status;
+        entry.statusText = xhr.statusText;
+        captured.push({ ...entry });
+      });
+
+      xhr.addEventListener('error', () => {
+        entry.error = 'XHR error';
+        captured.push({ ...entry });
+      });
+
+      return xhr;
+    };
+
+    return {
+      getCaptured: () => [...captured],
+      clear: () => { captured.length = 0; },
+      restore: () => {
+        window.fetch = originalFetch;
+        window.XMLHttpRequest = OriginalXHR;
+      },
+    };
+  };
+
+  // ─── Framework Detection ──────────────────────────────────────────────────
+
+  SP.detectFramework = () => {
+    const detected = [];
+
+    if (window.__REACT_DEVTOOLS_GLOBAL_HOOK__ || document.querySelector('[data-reactroot]') || document.querySelector('[data-reactid]')) {
+      detected.push('react');
+    }
+    if (window.__vue_devtools_global_hook__ || document.querySelector('[data-v-app]')) {
+      detected.push('vue');
+    }
+    if (window.ng || window.getAllAngularRootElements?.()?.length > 0) {
+      detected.push('angular');
+    }
+    if (document.querySelector('[data-svelte]') || window.__svelte) {
+      detected.push('svelte');
+    }
+
+    return detected;
+  };
+
+  // ─── Expose namespace ──────────────────────────────────────────────────────
+  window.__safariPilot = SP;
+
+  // ─── Message Channel from ISOLATED World ──────────────────────────────────
+  // The ISOLATED world relay forwards background script commands here via
+  // window.postMessage. We respond with results on the same channel.
+  // SECURITY: use window.location.origin (never '*') as postMessage target.
+
+  window.addEventListener('message', (event) => {
+    if (event.source !== window) return;
+    if (event.data?.type !== 'SAFARI_PILOT_CMD') return;
+
+    const { requestId, method, params } = event.data;
+
+    const respond = (ok, payload) => {
+      window.postMessage(
+        { type: 'SAFARI_PILOT_RESPONSE', requestId, ok, ...payload },
+        window.location.origin
+      );
+    };
+
+    (async () => {
+      try {
+        let result;
+        switch (method) {
+          case 'queryShadow': {
+            const elements = SP.queryShadow(params.selector, params.shadowSelector);
+            result = Array.from(elements).map(el => ({
+              tagName: el.tagName,
+              id: el.id,
+              className: el.className,
+              textContent: el.textContent?.slice(0, 200),
+            }));
+            break;
+          }
+          case 'queryShadowAll': {
+            const elements = SP.queryShadowAll(params.selector);
+            result = Array.from(elements).map(el => ({
+              tagName: el.tagName,
+              id: el.id,
+              className: el.className,
+              textContent: el.textContent?.slice(0, 200),
+            }));
+            break;
+          }
+          case 'fillReact': {
+            const target = document.querySelector(params.selector);
+            if (!target) throw new Error(`Element not found: ${params.selector}`);
+            SP.fillReact(target, params.value);
+            result = { filled: true };
+            break;
+          }
+          case 'fillVue': {
+            const target = document.querySelector(params.selector);
+            if (!target) throw new Error(`Element not found: ${params.selector}`);
+            await SP.fillVue(target, params.value);
+            result = { filled: true };
+            break;
+          }
+          case 'interceptDialogs': {
+            const controller = SP.interceptDialogs();
+            // Store controller so later commands can query it
+            SP._dialogController = controller;
+            result = { intercepting: true };
+            break;
+          }
+          case 'getDialogQueue': {
+            result = SP._dialogController?.getQueue() ?? [];
+            break;
+          }
+          case 'interceptNetwork': {
+            const controller = SP.interceptNetwork();
+            SP._networkController = controller;
+            result = { intercepting: true };
+            break;
+          }
+          case 'getNetworkCaptures': {
+            result = SP._networkController?.getCaptured() ?? [];
+            break;
+          }
+          case 'detectFramework': {
+            result = SP.detectFramework();
+            break;
+          }
+          default:
+            throw new Error(`Unknown method: ${method}`);
+        }
+        respond(true, { value: result });
+      } catch (error) {
+        respond(false, { error: { message: error.message, name: error.name } });
+      }
+    })();
+  });
+})();

package/extension/manifest.json

@@ -0,0 +1,39 @@
+{
+  "manifest_version": 3,
+  "name": "Safari Pilot",
+  "version": "0.1.0",
+  "description": "Native Safari automation for AI agents",
+  "permissions": [
+    "activeTab",
+    "scripting",
+    "storage",
+    "cookies",
+    "declarativeNetRequest",
+    "nativeMessaging",
+    "tabs"
+  ],
+  "host_permissions": ["<all_urls>"],
+  "background": {
+    "service_worker": "background.js",
+    "type": "module"
+  },
+  "content_scripts": [
+    {
+      "matches": ["<all_urls>"],
+      "js": ["content-isolated.js"],
+      "run_at": "document_idle",
+      "world": "ISOLATED"
+    },
+    {
+      "matches": ["<all_urls>"],
+      "js": ["content-main.js"],
+      "run_at": "document_idle",
+      "world": "MAIN"
+    }
+  ],
+  "icons": {
+    "48": "icons/icon-48.png",
+    "96": "icons/icon-96.png",
+    "128": "icons/icon-128.png"
+  }
+}

package/hooks/session-end.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+# safari-pilot session-end hook
+# Runs when Claude Code session ends (Stop event).
+# Summarizes audit log and performs cleanup.
+
+set -euo pipefail
+
+SAFARI_PILOT_DATA="${SAFARI_PILOT_DATA:-$HOME/.safari-pilot}"
+LOG_DIR="${SAFARI_PILOT_DATA}/logs"
+AUDIT_LOG="${SAFARI_PILOT_DATA}/audit.log"
+PID_FILE="${SAFARI_PILOT_DATA}/daemon.pid"
+
+# ── 1. OS gate ─────────────────────────────────────────────────────────────────
+if [[ "$(uname)" != "Darwin" ]]; then
+  exit 0
+fi
+
+# ── 2. Audit log summary ──────────────────────────────────────────────────────
+if [[ -f "$AUDIT_LOG" ]]; then
+  TOTAL=$(wc -l < "$AUDIT_LOG" | tr -d ' ')
+  ERRORS=$(grep -c '"result":"error"' "$AUDIT_LOG" 2>/dev/null || echo 0)
+  OK=$(grep -c '"result":"ok"' "$AUDIT_LOG" 2>/dev/null || echo 0)
+  echo "safari-pilot: Session summary — ${TOTAL} actions logged (${OK} ok, ${ERRORS} errors)" >&2
+
+  # Archive the audit log with a timestamp to prevent unbounded growth
+  if [[ "$TOTAL" -gt 0 ]]; then
+    ARCHIVE="${LOG_DIR}/audit-$(date +%Y%m%d-%H%M%S).log"
+    mkdir -p "$LOG_DIR"
+    cp "$AUDIT_LOG" "$ARCHIVE" 2>/dev/null || true
+    # Truncate the live audit log for the next session
+    : > "$AUDIT_LOG" 2>/dev/null || true
+    echo "safari-pilot: Audit log archived to ${ARCHIVE}" >&2
+  fi
+else
+  echo "safari-pilot: No audit log found — session had no tool calls" >&2
+fi
+
+# ── 3. Clean up stale session logs (keep last 10) ────────────────────────────
+if [[ -d "$LOG_DIR" ]]; then
+  # List session logs sorted by time, remove all but the 10 most recent
+  SESSION_LOGS=$(ls -t "${LOG_DIR}"/session-*.log 2>/dev/null | tail -n +11)
+  if [[ -n "$SESSION_LOGS" ]]; then
+    echo "$SESSION_LOGS" | xargs rm -f 2>/dev/null || true
+  fi
+
+  # Keep only 20 most recent audit archives
+  AUDIT_ARCHIVES=$(ls -t "${LOG_DIR}"/audit-*.log 2>/dev/null | tail -n +21)
+  if [[ -n "$AUDIT_ARCHIVES" ]]; then
+    echo "$AUDIT_ARCHIVES" | xargs rm -f 2>/dev/null || true
+  fi
+fi
+
+# ── 4. Daemon shutdown (optional — leave running for fast restart) ─────────────
+# The daemon is intentionally left running between sessions for faster startup.
+# Uncomment below to stop it on session end:
+#
+# if [[ -f "$PID_FILE" ]]; then
+#   DAEMON_PID=$(cat "$PID_FILE")
+#   if kill -0 "$DAEMON_PID" 2>/dev/null; then
+#     kill "$DAEMON_PID" 2>/dev/null || true
+#     echo "safari-pilot: Daemon stopped (PID: $DAEMON_PID)" >&2
+#   fi
+#   rm -f "$PID_FILE"
+# fi
+
+echo "safari-pilot: Session ended" >&2
+exit 0

package/hooks/session-start.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+# safari-pilot session-start hook
+# Runs at the start of every Claude Code session when safari-pilot is installed.
+# Gates: OS check → macOS version → Safari presence → daemon startup → health check
+
+set -euo pipefail
+
+PLUGIN_ROOT="${CLAUDE_PLUGIN_ROOT:-$(dirname "$(cd "$(dirname "$0")" && pwd)")}"
+DAEMON_BIN="${PLUGIN_ROOT}/bin/SafariPilotd"
+LOG_DIR="${SAFARI_PILOT_DATA:-$HOME/.safari-pilot}/logs"
+SESSION_LOG="${LOG_DIR}/session-$(date +%Y%m%d-%H%M%S).log"
+
+# ── 1. OS gate ─────────────────────────────────────────────────────────────────
+if [[ "$(uname)" != "Darwin" ]]; then
+  echo "safari-pilot: Skipped (not macOS)" >&2
+  exit 0
+fi
+
+# ── 2. macOS version check (require 12.0+) ────────────────────────────────────
+OS_VERSION=$(sw_vers -productVersion 2>/dev/null || echo "0.0")
+OS_MAJOR=$(echo "$OS_VERSION" | cut -d. -f1)
+if [[ "$OS_MAJOR" -lt 12 ]]; then
+  echo "safari-pilot: Warning — macOS ${OS_VERSION} detected. Requires macOS 12.0 (Monterey) or later." >&2
+  exit 0
+fi
+
+# ── 3. Log directory setup ────────────────────────────────────────────────────
+mkdir -p "$LOG_DIR"
+
+# ── 4. Safari running check ───────────────────────────────────────────────────
+SAFARI_RUNNING=$(osascript -e 'tell application "System Events" to (name of processes) contains "Safari"' 2>/dev/null || echo "false")
+if [[ "$SAFARI_RUNNING" != "true" ]]; then
+  echo "safari-pilot: Safari is not running. Opening Safari..." >&2
+  open -a Safari 2>/dev/null || true
+  # Give Safari a moment to start
+  sleep 1
+fi
+
+# ── 5. Daemon startup ─────────────────────────────────────────────────────────
+if [[ -x "$DAEMON_BIN" ]]; then
+  # Check if daemon is already running
+  if ! pgrep -f "SafariPilotd" > /dev/null 2>&1; then
+    echo "safari-pilot: Starting daemon..." >&2
+    "$DAEMON_BIN" --daemon >> "$SESSION_LOG" 2>&1 &
+    DAEMON_PID=$!
+    echo "safari-pilot: Daemon started (PID: $DAEMON_PID)" >&2
+    echo "$DAEMON_PID" > "${SAFARI_PILOT_DATA:-$HOME/.safari-pilot}/daemon.pid"
+  else
+    echo "safari-pilot: Daemon already running" >&2
+  fi
+else
+  echo "safari-pilot: Daemon binary not found at ${DAEMON_BIN} — running in AppleScript-only mode" >&2
+fi
+
+# ── 6. JS from Apple Events check ────────────────────────────────────────────
+JS_CHECK=$(osascript -e 'tell application "Safari" to do JavaScript "1+1" in current tab of front window' 2>&1 || true)
+if echo "$JS_CHECK" | grep -q "2"; then
+  echo "safari-pilot: Ready (JS from Apple Events enabled)" >&2
+else
+  echo "safari-pilot: Warning — JS from Apple Events may be disabled." >&2
+  echo "  Enable in Safari: Develop menu → Allow JavaScript from Apple Events" >&2
+  echo "  (If no Develop menu: Safari → Settings → Advanced → Show features for web developers)" >&2
+fi
+
+echo "safari-pilot: Session started on macOS ${OS_VERSION}" >&2
+exit 0

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "safari-pilot",
+  "version": "0.1.0",
+  "description": "Native Safari browser automation for AI agents on macOS",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist/",
+    "bin/",
+    "skills/",
+    "hooks/",
+    "extension/",
+    "scripts/",
+    ".claude-plugin/",
+    ".mcp.json",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest",
+    "test:unit": "vitest run test/unit/",
+    "test:integration": "vitest run test/integration/",
+    "test:e2e": "vitest run test/e2e/",
+    "test:security": "vitest run test/security/",
+    "lint": "tsc --noEmit",
+    "postinstall": "bash scripts/postinstall.sh",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.4.0",
+    "vitest": "^2.0.0",
+    "@types/node": "^20.0.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "os": ["darwin"],
+  "license": "MIT",
+  "author": "Aakash Kumar"
+}

package/scripts/build-extension.sh

@@ -0,0 +1,135 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+EXT_DIR="$ROOT/extension"
+APP_DIR="$ROOT/app"
+XCODE_PROJECT_DIR="$APP_DIR/Safari Pilot"
+BUNDLE_ID="com.safari-pilot.app"
+
+echo "=== Safari Pilot Extension Build ==="
+
+# Step 1: Generate Xcode project from extension source
+echo "Generating Xcode project..."
+xcrun safari-web-extension-packager "$EXT_DIR" \
+  --project-location "$APP_DIR" \
+  --app-name "Safari Pilot" \
+  --bundle-identifier "$BUNDLE_ID" \
+  --macos-only \
+  --no-open \
+  --no-prompt \
+  --force
+
+# The packager generates the project inside a subdirectory named after the app
+# Resulting path: app/Safari Pilot/Safari Pilot.xcodeproj
+if [ ! -d "$XCODE_PROJECT_DIR/Safari Pilot.xcodeproj" ]; then
+  echo "ERROR: Xcode project not found at expected location: $XCODE_PROJECT_DIR/Safari Pilot.xcodeproj"
+  exit 1
+fi
+
+# Step 2: Fix bundle identifier in generated project
+# The packager sets the app's bundle ID to com.safari-pilot.Safari-Pilot (derived from name)
+# instead of our explicit com.safari-pilot.app — causing embedded binary validation failure.
+# Fix: replace the auto-derived ID with our explicit bundle ID in both Debug and Release configs.
+PBXPROJ="$XCODE_PROJECT_DIR/Safari Pilot.xcodeproj/project.pbxproj"
+echo "Fixing bundle identifier in Xcode project..."
+sed -i '' "s/PRODUCT_BUNDLE_IDENTIFIER = \"com.safari-pilot.Safari-Pilot\";/PRODUCT_BUNDLE_IDENTIFIER = \"$BUNDLE_ID\";/g" "$PBXPROJ"
+
+# Step 3: Create placeholder Icon.png if missing
+# The packager references Icon.png in the project but doesn't create it.
+ICON_PATH="$XCODE_PROJECT_DIR/Safari Pilot/Resources/Icon.png"
+if [ ! -f "$ICON_PATH" ]; then
+  echo "Creating placeholder Icon.png..."
+  python3 -c "
+import struct, zlib
+
+def png_chunk(name, data):
+    chunk = name + data
+    return struct.pack('>I', len(data)) + chunk + struct.pack('>I', zlib.crc32(chunk) & 0xffffffff)
+
+w, h = 16, 16
+raw = b''
+for y in range(h):
+    raw += b'\x00'
+    for x in range(w):
+        raw += bytes([100, 100, 100])
+
+sig = b'\x89PNG\r\n\x1a\n'
+ihdr_data = struct.pack('>IIBBBBB', w, h, 8, 2, 0, 0, 0)
+idat_data = zlib.compress(raw)
+
+png = sig + png_chunk(b'IHDR', ihdr_data) + png_chunk(b'IDAT', idat_data) + png_chunk(b'IEND', b'')
+
+with open('$ICON_PATH', 'wb') as f:
+    f.write(png)
+"
+fi
+
+# Step 4: Build the app
+echo "Building app (Release)..."
+cd "$XCODE_PROJECT_DIR"
+xcodebuild \
+  -project "Safari Pilot.xcodeproj" \
+  -scheme "Safari Pilot" \
+  -configuration Release \
+  -derivedDataPath "$ROOT/.build/extension" \
+  build 2>&1
+
+# Step 5: Copy built app to bin/
+APP_PATH=$(find "$ROOT/.build/extension" -name "Safari Pilot.app" -type d | head -1)
+if [ -n "$APP_PATH" ]; then
+  echo "Built app at: $APP_PATH"
+  mkdir -p "$ROOT/bin"
+  rm -rf "$ROOT/bin/Safari Pilot.app"
+  cp -R "$APP_PATH" "$ROOT/bin/Safari Pilot.app"
+  echo "Copied to bin/Safari Pilot.app"
+else
+  echo "ERROR: Built app not found in derived data"
+  exit 1
+fi
+
+echo "=== Build complete ==="
+
+# ── Signing & Notarization ───────────────────────────────────────────────────
+
+SIGN_IDENTITY="Developer ID Application: Aakash Kumar (V37WLKRXUJ)"
+APP_PATH="$ROOT/bin/Safari Pilot.app"
+APPEX_PATH="$APP_PATH/Contents/PlugIns/Safari Pilot Extension.appex"
+
+echo "=== Signing Extension ==="
+
+# Step 6: Sign the .appex FIRST (inside-out — NEVER use --deep)
+echo "Signing .appex..."
+codesign --force --options runtime --timestamp \
+  --sign "$SIGN_IDENTITY" \
+  "$APPEX_PATH"
+
+# Step 7: Sign the .app container
+echo "Signing .app..."
+codesign --force --options runtime --timestamp \
+  --sign "$SIGN_IDENTITY" \
+  "$APP_PATH"
+
+# Step 8: Verify signature
+echo "Verifying signatures..."
+codesign --verify --deep --strict --verbose=2 "$APP_PATH"
+spctl -a -t exec -vv "$APP_PATH"
+
+echo "=== Notarizing ==="
+
+# Step 9: Create ZIP for notarization
+ditto -c -k --keepParent "$APP_PATH" "$ROOT/bin/Safari Pilot.zip"
+
+# Step 10: Submit for notarization and wait
+xcrun notarytool submit "$ROOT/bin/Safari Pilot.zip" \
+  --keychain-profile "apple-notarytool" --wait
+
+# Step 11: Staple the ticket
+xcrun stapler staple "$APP_PATH"
+
+# Step 12: Re-zip the stapled app for distribution
+rm "$ROOT/bin/Safari Pilot.zip"
+ditto -c -k --keepParent "$APP_PATH" "$ROOT/bin/Safari Pilot.zip"
+
+echo "=== Signed, Notarized, and Stapled ==="