feat(widevine): add CastLabs EVS VMP signing and auto-generated release notes

[flexiondotorg]

Summary

Add CastLabs EVS VMP signing for macOS and Windows Widevine DRM support. Enable auto-generated release notes in GitHub Actions to automatically populate release descriptions from commits and pull requests.

Changes

• Add CastLabs EVS VMP signing integration for Widevine DRM content protection on macOS and Windows
• Implement afterPack.cjs hook for code signing during build process
• Add macOS entitlements configuration (entitlements.mac.plist)
• Enable auto-generated release notes in GitHub Actions workflow
• Fix macOS support in devShell and build recipes
• Update AGENTS.md with CastLabs and Widevine implementation details
• Add required dependencies and build configuration

Testing

• Verify Electron build succeeds with new code signing configuration
• Confirm macOS and Windows builds complete without errors
• Test that GitHub releases include auto-generated notes from commits

Related Issues

Closes #widevine-support

[cubic-dev-ai]

2 issues found across 9 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/builder.yml">

<violation number="1" location=".github/workflows/builder.yml:128">
P1: `uv` is only installed for macOS, but EVS signing uses `uvx` on Windows too. Install `uv` for Windows builds as well to avoid Windows packaging failures.</violation>
</file>

<file name="justfile">

<violation number="1" location="justfile:64">
P1: `install`/`build` now unconditionally depend on `_fix-frameworks` and `_sign-evs`, but those recipes are not defined for Windows, so Windows builds will fail.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}