Harden MVP runtime and fix packaged desktop white screen

scripts/adhoc-sign.js

@@ -9,7 +9,30 @@ exports.default = async function (context) {
     `${context.packager.appInfo.productFilename}.app`,
   );
   console.log(`Ad-hoc signing: ${appPath}`);
-  execSync(`xattr -cr "${appPath}"`);
-  execSync(`codesign --force --deep --sign - "${appPath}"`);
-  console.log('Ad-hoc signing complete.');
+
+  // Remove Finder/iCloud metadata that can make codesign fail with
+  // "resource fork, Finder information, or similar detritus not allowed".
+  const cleanupCmds = [
+    `xattr -cr "${appPath}"`,
+    `dot_clean -m "${appPath}"`,
+    `find "${appPath}" -name '._*' -delete`,
+    `xattr -r -d com.apple.FinderInfo "${appPath}"`,
+    `xattr -r -d com.apple.ResourceFork "${appPath}"`,
+    `xattr -r -d com.apple.quarantine "${appPath}"`,
+  ];
+
+  for (const cmd of cleanupCmds) {
+    try {
+      execSync(cmd, { stdio: 'ignore' });
+    } catch {
+      // Cleanup commands are best-effort.
+    }
+  }
+
+  try {
+    execSync(`codesign --force --deep --sign - "${appPath}"`, { stdio: 'inherit' });
+    console.log('Ad-hoc signing complete.');
+  } catch (err) {
+    console.warn('Ad-hoc signing skipped due to codesign error. Build artifacts are still usable locally.');
+  }
 };