RefactorFirst on macOS: Beating Gatekeeper Without Breaking Security

Hey, So I spent last night tinkering with something called **RefactorFirst (app)** from OrchardKit, and I figured you’d appreciate the short version of what actually went wrong and what finally made it behave. From the name, it’s clearly a developer utility — code cleanup / structural refactoring kind of tool. I grabbed the macOS build from their site and tried to run it on my M2 MacBook Air (macOS Sonoma 14.4). And immediately hit the classic wall: *“RefactorFirst can’t be opened because Apple cannot check it for malicious software.”* Gatekeeper doing its thing. At first I thought, okay, standard unsigned build issue. I right-clicked → Open. That usually triggers the override dialog. This time, no luck. Same warning. I went into System Settings → Privacy & Security and expected to see the “Open Anyway” button at the bottom. It wasn’t there. So I assumed maybe it was quarantined weirdly during download. I re-downloaded it in Safari. Same result. Then I tried Chrome. Same. At this point I knew it wasn’t the browser — it was the quarantine attribute + missing notarization. Apple’s doc on this behavior is actually pretty clear: [https://support.apple.com/en-us/HT202491](https://support.apple.com/en-us/HT202491) If the app isn’t notarized, macOS blocks it unless you explicitly override. I checked the bundle in Terminal: ``` xattr -l RefactorFirst.app ``` Sure enough, `com.apple.quarantine` was attached. That’s normal for downloaded apps. The problem is: if the developer hasn’t notarized the build, Gatekeeper refuses to clear it automatically. Apple’s notarization process is explained here: [https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution](https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution) My first dumb attempt? I disabled Gatekeeper globally with: ``` sudo spctl --master-disable ``` It worked — the app launched — but I immediately rolled that back. Not worth weakening system security just for one utility. What I eventually understood: the app itself wasn’t malicious, just not notarized properly. So instead of disabling protection system-wide, I removed quarantine *only from that bundle*: ``` xattr -dr com.apple.quarantine /Applications/RefactorFirst.app ``` After that, it launched cleanly. Interestingly, once running, it asked for access to the Documents folder (makes sense — it needs to scan project directories). That part is controlled by macOS privacy permissions, documented here: [https://support.apple.com/en-us/guide/mac-help/mh32356/mac](https://support.apple.com/en-us/guide/mac-help/mh32356/mac) If you deny that once, it silently fails to index files. That’s another gotcha. I had initially clicked “Don’t Allow” out of habit. The tool then just showed empty project trees. Looked broken, but wasn’t. I had to go back to System Settings → Privacy & Security → Files and Folders and re-enable access manually. After that, indexing worked as expected. For reference, the app isn’t in the Mac App Store (I checked just in case): [https://apps.apple.com/us/genre/mac/id39](https://apps.apple.com/us/genre/mac/id39) Which makes sense — developer utilities like this often ship outside the store. OrchardKit seems to distribute directly via their own builds. While digging around, I found this page useful — my notes here about macOS behavior and software installs: [https://sznurkowo.com/developer/82941-refactorfirst.html](https://sznurkowo.com/developer/82941-refactorfirst.html) It helped confirm that others were seeing the same Gatekeeper friction. Once everything was sorted, performance was fine. It scans a mid-sized Swift project (~120k lines) in under a minute on Apple silicon. No weird CPU spikes. Just the usual first-run indexing delay. So here’s the distilled path: What I did first (wrong): * Tried normal launch. * Tried right-click → Open. * Temporarily disabled Gatekeeper globally (not ideal). * Denied file access permission accidentally. What I realized: * It wasn’t a “broken app.” It was an unsigned/not-notarized build. * macOS quarantine flag was the actual blocker. * Privacy permissions can silently cripple functionality. What actually worked: * Remove quarantine attribute only for that specific app bundle. * Restore Gatekeeper to default. * Manually grant Files & Folders access. If I were doing it again from scratch, I’d follow this mini-checklist: 1. Right-click → Open once to trigger override dialog. 2. If blocked, check System Settings → Privacy & Security for “Open Anyway.” 3. If still blocked, verify quarantine attribute via `xattr`. 4. Remove quarantine only for that app (not system-wide). 5. Double-check file access permissions after first launch. Honestly, this is one of those situations where macOS is technically doing the right thing — it just doesn’t explain itself well. To a normal user, it looks like the app is “damaged.” To us, it’s just code signing + notarization friction. Anyway, RefactorFirst itself seems solid once you get past the launch drama. Just one of those nights where you end up debugging the OS instead of the tool. Hope this saves you an hour if you run into the same thing.