Claude finished @brandonbiete's task —— View job

Code Review Complete

Summary

This PR cleanly reverts the macOS runner upgrade from macos-15 back to macos-13 and changes the target architecture from arm64 back to x64. The revert is a mirror image of PR #918, restoring the previous stable configuration.

Changes:

• .github/workflows/build.yml: Reverts macos-cli and macos-gui jobs from macos-15 → macos-13
• .github/workflows/build.yml: Reverts keytar architecture from darwin-arm64 → darwin-x64
• package.json: Reverts CLI packaging target from macos-arm64 → macos-x64

Findings

Finding 1: Consider adding context about why the revert is necessary

💭 The PR description states the objective is to "get back to stable state" but doesn't explain what instability was observed with macos-15/arm64. For future reference and team knowledge, consider documenting:

• What failures or issues occurred with macos-15?
• Was it a runner availability issue, build failure, or compatibility problem?
• Are there plans to re-attempt the upgrade?

This information would be valuable in the linked Jira ticket or PR comments.

Technical Assessment

Correctness: ✅ The revert is complete and accurate. All three changes (two runner versions + one architecture target) perfectly mirror the original upgrade.

Consistency: ✅ The changes are internally consistent:

• Runner version matches architecture (macos-13 with x64)
• Keytar binary download matches pkg target architecture
• Both CLI and GUI jobs use the same runner version

Risk: ⚠️ Low risk for the revert itself, but worth noting:

• This restores x64-only macOS builds, which may not be optimal for Apple Silicon users
• The keytar dependency uses prebuilt binaries from a specific GitHub release, so architecture must match exactly

Good Practices Observed

• Clean revert with clear commit message
• Linked to Jira ticket for tracking
• Minimal, focused change scope

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 16.01%. Comparing base (f5abaf1) to head (af33975).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

@@            Coverage Diff             @@
##             main     #925      +/-   ##
==========================================
+ Coverage   10.95%   16.01%   +5.05%     
==========================================
  Files          64       67       +3     
  Lines        2646     2791     +145     
  Branches      480      481       +1     
==========================================
+ Hits          290      447     +157     
+ Misses       2332     2306      -26     
- Partials       24       38      +14     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Checkmarx One – Scan Summary & Details – 1b7981f5-05b3-40ce-942b-80b40a4220d8

New Issues (4)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-12727	Npm-electron-39.1.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a ... Attack Vector: NETWORK Attack Complexity: LOW ID: IT1tq4P72y3CLc2CaCeP%2FD55UyfXm%2BRSWIC64dqaX8A%3D Vulnerable Package
	CVE-2025-64756	Npm-glob-10.4.5	details Recommended version: 10.5.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH ID: JFIqUGl%2FGGZDOHXO9cwOFRq%2FBpTLFExL91SYUqc0KSY%3D Vulnerable Package
	CVE-2025-12728	Npm-electron-39.1.0	details Description: Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engag... Attack Vector: NETWORK Attack Complexity: HIGH ID: MqFHSwcvMCBPs5BmUrzOIgdn8TpoT4p0zrZwdC0mb3E%3D Vulnerable Package
	CVE-2025-12729	Npm-electron-39.1.0	details Description: Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engag... Attack Vector: NETWORK Attack Complexity: HIGH ID: P%2BEJN4Vbzaw0BtEsOwFzBryv5rqgCwXLEMC3XE2y3Uk%3D Vulnerable Package