Skip to content

[HIGH] Existing v0.2.0 customers need one-time manual install of v0.2.2+ to escape App Sandbox #52

Open
Open
[HIGH] Existing v0.2.0 customers need one-time manual install of v0.2.2+ to escape App Sandbox#52
Labels
hardeningReliability or defense-in-depth improvement
@matthewod11-stack

Description

@matthewod11-stack
matthewod11-stack
opened on Apr 17, 2026

Description

v0.2.0 shipped with `com.apple.security.app-sandbox=true`, which blocks the auto-updater from replacing the app bundle on disk. Customers running v0.2.0 cannot auto-update to any future version (including v0.2.2 which removes sandbox) — their sandbox still applies to the running process and the kernel denies `file-write-unlink /Applications/People Partner.app`.

Fix requires a one-time manual install of v0.2.2 from the DMG. After that, auto-update works normally for all future versions.

Current State

  • v0.2.0: live on customer machines, sandboxed, auto-update broken.
  • v0.2.1: deleted (had same bug).
  • v0.2.2: published (sandbox removed, hardened runtime intact).
  • No customer-facing communication yet explaining the one-time manual install requirement.

Suggested Fix

  • Send email to every paying customer explaining: "Download v0.2.2 from peoplepartner.io/download and replace your current install. Your license and data are preserved. This is a one-time step; future updates will be automatic."
  • Add a banner or notice to peoplepartner.io/download calling out the v0.2.2 one-time update.
  • Add a support-page FAQ entry: "My app shows 'Update Available' but nothing happens when I click it" → points to the manual install instructions.
  • Optional: send a second email 2 weeks after v0.2.2 publish to catch customers who didn't see the first one.

Verification

  • Email sent via Resend (same pipeline as license delivery).
  • peoplepartner.io/download shows the notice.
  • Support page FAQ updated.
  • After customer manually installs v0.2.2, cut a v0.2.3 test release; confirm customer's app auto-updates cleanly.

Automation Hints

scope: customer-ops only — no code changes in app/
do-not-touch: src-tauri/
approach: email + docs + site banner
risk: low (communication task)
max-files-changed: 3 (email template, support page, download page banner)
blocked-by: none
bail-if: email delivery pipeline unavailable (would block the primary communication channel)

Priority

High — the longer customers are on v0.2.0 the more they diverge from the security-hardening improvements in v0.2.2, and the "Update Available" button silently failing when clicked is a trust-damaging bug.

Metadata

Metadata

Assignees

No one assigned

    Labels

    hardeningReliability or defense-in-depth improvement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions