In case they're useful, here's some additional details. The full output of codesign: $ codesign -d -vvv --entitlements :- bootstrap-mercury.app/Contents/MacOS/bootstrap-mercury-cli Executable=/Users/wiggles/bootstrap-mercury/target/release/bootstrap-mercury.app/Contents/MacOS/bootstrap-mercury-cli Identifier=com.mercury.bootstrap-mercury Format=Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=42249 flags=0x10000(runtime) hashes=1309+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=6f611e6bf5d9542cbf5055cc667bb68fabf65ff6 CandidateCDHashFull sha256=6f611e6bf5d9542cbf5055cc667bb68fabf65ff6dae50c89113e73bc6bb20200 Hash choices=sha256 CMSDigest=6f611e6bf5d9542cbf5055cc667bb68fabf65ff6dae50c89113e73bc6bb20200 CMSDigestType=2 CDHash=6f611e6bf5d9542cbf5055cc667bb68fabf65ff6 Signature size=9067 Authority=Developer ID Application: Mercury Technologies, Inc. (4J49M7587W) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Sep 7, 2022 at 1:48:20 PM Info.plist=not bound TeamIdentifier=4J49M7587W Runtime Version=12.3.0 Sealed Resources=none Internal requirements count=1 size=192 Warning: Specifying ':' in the path is deprecated and will not work in a future release <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict></dict></plist> And for the wrapper script: $ codesign -d -vvv --entitlements :- bootstrap-mercury.app/Contents/MacOS/bootstrap-mercury Executable=/Users/wiggles/bootstrap-mercury/target/release/bootstrap-mercury.app/Contents/MacOS/bootstrap-mercury Identifier=bootstrap-mercury-app-arm64 Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1159 flags=0x10000(runtime) hashes=29+3 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=d276166d4570f957e1bccab20dfa6ec124904461 CandidateCDHashFull sha256=d276166d4570f957e1bccab20dfa6ec124904461fc0bd358e221b78fbb465e7d Hash choices=sha256 CMSDigest=d276166d4570f957e1bccab20dfa6ec124904461fc0bd358e221b78fbb465e7d CMSDigestType=2 CDHash=d276166d4570f957e1bccab20dfa6ec124904461 Signature size=9067 Authority=Developer ID Application: Mercury Technologies, Inc. (4J49M7587W) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Sep 7, 2022 at 1:48:20 PM Info.plist entries=9 TeamIdentifier=4J49M7587W Runtime Version=12.3.0 Sealed Resources version=2 rules=13 files=2 Internal requirements count=1 size=188 Warning: Specifying ':' in the path is deprecated and will not work in a future release

Actually, I'm not really sure what's going on here anymore. spctl shows the same error with the /bin/ls command-line tool: $ spctl -a -v --raw /bin/ls /bin/ls: rejected (the code is valid but does not seem to be an app) <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>assessment:authority</key> <dict> <key>assessment:authority:flags</key> <integer>0</integer> <key>assessment:authority:source</key> <string>obsolete resource envelope</string> <key>assessment:authority:weak</key> <true/> </dict> <key>assessment:cserror</key> <integer>-67002</integer> <key>assessment:remote</key> <true/> <key>assessment:verdict</key> <false/> </dict> </plist> But when I double-click /bin/ls in Finder, it opens and runs correctly without any prompting. Shouldn't that be subject to the same document-validation logic described in the “Tool Blocked by Gatekeeper” section of this Resolving Gatekeeper Problems post? Especially weird because spctl says the document-open logic should pass? $ spctl -a -t open --context context:primary-signature -v bootstrap-mercury-cli bootstrap-mercury-cli: accepted source=Notarized Developer ID