CRITICAL: Binary killed (SIGKILL) on macOS 26.x Tollman — Missing hardened runtime codesignature #1
Description
Executive Summary
Severity: P0 — Complete binary crash on macOS 26.3.1 (Tollman / Sequoia)
Impact: opencode cannot launch; all sessions appear inaccessible (data is safe — the binary is the problem)
Root Cause: Binary ships with adhoc,linker-signed codesignature — no TeamIdentifier, no hardened runtime flags. macOS 26.x kills it with SIGKILL.
Workaround: 1-line fix, no Apple account required (below)
Upstream issue: anomalyco#18503
Environment
| Field | Value |
|---|---|
| macOS Version | 26.3.1 (Tollman) / Sequoia |
| Architecture | arm64 (Apple Silicon) |
| Binary | ~/.opencode/bin/opencode |
| Shell | zsh |
Symptom
$ opencode -s <session-id>
zsh: killed opencodeNo stack trace. No error message. No logs. Process silently killed by the OS.
Root Cause
macOS 26.x (Sequoia / Tollman) enforces stricter Gatekeeper + System Integrity Protection rules. Binaries accessing protected user directories (~/.local/share/, SQLite databases) must carry a valid TeamIdentifier in their codesignature.
codesign -dv ~/.opencode/bin/opencode
# Format=Mach-O thin (arm64)
# Signature=adhoc
# TeamIdentifier=not set ← root causeThe binary has flags=0x2(adhoc) — no hardened runtime (0x10000), no TeamIdentifier. macOS issues SIGKILL with zero opportunity for the process to log or recover.
Reference: Apple TN3127 — Inside Code Signing Requirements
Immediate Workaround (Verified)
codesign --force --deep --sign - ~/.opencode/bin/opencodeVerify:
opencode --version # launches without being killedRecommended Permanent Fixes
Option A — Apple Developer Certificate (Production-grade)
codesign \
--force --deep \
--sign "Developer ID Application: <Team> (<TeamID>)" \
--options runtime \
--entitlements entitlements.plist \
./opencodeOption B — Post-install hook (no Apple account)
codesign --force --deep --sign - "$(which opencode)"Option C — Self-healing launcher shim
#!/bin/bash
BINARY="$HOME/.opencode/bin/opencode"
if ! codesign -v "$BINARY" 2>/dev/null; then
codesign --force --deep --sign - "$BINARY"
fi
exec "$BINARY" "$@"Risk Assessment
| Risk | Level | Notes |
|---|---|---|
| Data loss | None | SQLite sessions intact |
| User impact | Critical | Entire tool unusable without workaround |
| Upgrade risk | High | Silent regression on macOS 26.x |
| Fix complexity | Low | One-line CI change or post-install hook |
Notes
- macOS upgrade to Tollman is a silent breaking change — users get zero explanation for the crash.
- All 1183 sessions verified safe after fix.