fix: trim publisherName to prevent Windows auto-update signature

[eriklueh]

mismatch

The AZURE_TRUSTED_SIGNING_PUBLISHER_NAME secret contains a trailing space
that propagates into app-update.yml. electron-updater does a strict === comparison between this value and the certificate CN, so "T3 Tools Inc " !== "T3 Tools Inc" causes updates to be rejected with "not signed by the application owner".

Add .trim() via Config.map to strip whitespace as defense-in-depth.

What Changed

Why

UI Changes

Checklist

• This PR is small and focused
• I explained what changed and why
• I included before/after screenshots for any UI changes
• I included a video for animation/interaction changes

---

Note

Low Risk
Low risk: only normalizes AZURE_TRUSTED_SIGNING_PUBLISHER_NAME by trimming whitespace, affecting Windows signing metadata but not altering signing behavior otherwise.

Overview
Prevents Windows auto-update signature mismatches by trimming whitespace from AZURE_TRUSTED_SIGNING_PUBLISHER_NAME when building azureSignOptions, ensuring the generated publisher name matches the certificate CN.

^{Reviewed by Cursor Bugbot for commit d1e15e7. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Trim publisherName to prevent Windows auto-update signature failures

Trims leading and trailing whitespace from the AZURE_TRUSTED_SIGNING_PUBLISHER_NAME env var in build-desktop-artifact.ts. Whitespace in the publisher name can cause signature verification mismatches during Windows auto-update checks.

^{Macroscope summarized d1e15e7.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 631147f6-94c8-4d39-97a5-906cf43da359

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Approvability

Verdict: Approved

This is a simple defensive fix in a build script that trims whitespace from an Azure signing configuration value. The change is minimal, self-contained, and addresses a clear issue where whitespace in the publisher name could break Windows auto-update signature validation.

^{You can customize Macroscope's approvability policy. Learn more.}

[juliusmarminge]

updated the secret. it definitely doesn't have trailing whitespace now