fix(release): daemon zip/tar archive contains canonical binary name

make release was packing "mxcli-daemon-windows-amd64.exe" inside the
zip instead of "mxcli-daemon.exe", causing the launcher to error with
"no file named mxcli-daemon.exe found in zip archive" on first run.

The same bug existed for Linux/Darwin tar.zst archives (internal name
was "mxcli-daemon-linux-amd64" instead of "mxcli-daemon"), though that
path was untested.

Fix: rename to the canonical name before packing, remove the temp copy
after. Also refactor downloadDaemonVersionForPlatform to accept goos/
goarch so Linux CI can exercise the Windows extraction path, and add
cross-platform integration tests to prevent regression.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

Author: claude

Makefile

@@ -166,11 +166,15 @@ release: clean sync-all
 	@echo "  -> Compressing daemon binaries (requires zstd)"
 	@for f in $(BUILD_DIR)/$(DAEMON_NAME)-linux-* $(BUILD_DIR)/$(DAEMON_NAME)-darwin-*; do \
 		echo "    $$f -> $$f.tar.zst"; \
-		tar -cf - -C $(BUILD_DIR) $$(basename $$f) | zstd -19 -f -o $$f.tar.zst; \
+		cp "$$f" "$(BUILD_DIR)/$(DAEMON_NAME)"; \
+		tar -cf - -C $(BUILD_DIR) $(DAEMON_NAME) | zstd -19 -f -o $$f.tar.zst; \
+		rm -f "$(BUILD_DIR)/$(DAEMON_NAME)"; \
 	done
 	@for f in $(BUILD_DIR)/$(DAEMON_NAME)-windows-*.exe; do \
 		echo "    $$f -> $$f.zip"; \
-		zip -j $$f.zip $$f; \
+		cp "$$f" "$(BUILD_DIR)/$(DAEMON_NAME).exe"; \
+		zip -j $$f.zip "$(BUILD_DIR)/$(DAEMON_NAME).exe"; \
+		rm -f "$(BUILD_DIR)/$(DAEMON_NAME).exe"; \
 	done
 
 	@echo ""

cmd/mxcli-launcher/daemon.go

@@ -118,9 +118,10 @@ func (e *Env) downloadDaemon(destPath string) error {
 }
 
 func (e *Env) downloadDaemonVersion(tag, destPath string) error {
-	goos := runtime.GOOS
-	goarch := runtime.GOARCH
+	return e.downloadDaemonVersionForPlatform(tag, destPath, runtime.GOOS, runtime.GOARCH)
+}
 
+func (e *Env) downloadDaemonVersionForPlatform(tag, destPath, goos, goarch string) error {
 	var archiveExt string
 	if goos == "windows" {
 		archiveExt = ".exe.zip"

cmd/mxcli-launcher/install_update_test.go

@@ -4,6 +4,7 @@ package main
 
 import (
 	"os"
+	"runtime"
 	"strconv"
 	"strings"
 	"sync"
@@ -18,9 +19,16 @@ import (
 // Returns both Env (for launcher calls) and FakeGitHub (for RequestLog assertions).
 func newInstallEnv(t *testing.T, cfg *testfixtures.FakeGitHub, daemonContent []byte) (*Env, *testfixtures.FakeGitHub) {
 	t.Helper()
-	payload, err := testfixtures.BuildDaemonPayload(daemonContent)
+	return newInstallEnvForPlatform(t, cfg, daemonContent, runtime.GOOS, runtime.GOARCH)
+}
+
+// newInstallEnvForPlatform is like newInstallEnv but targets an explicit platform,
+// enabling Linux CI to exercise Windows download/extraction paths.
+func newInstallEnvForPlatform(t *testing.T, cfg *testfixtures.FakeGitHub, daemonContent []byte, goos, goarch string) (*Env, *testfixtures.FakeGitHub) {
+	t.Helper()
+	payload, err := testfixtures.BuildDaemonPayloadForPlatform(goos, goarch, daemonContent)
 	if err != nil {
-		t.Fatalf("BuildDaemonPayload: %v", err)
+		t.Fatalf("BuildDaemonPayloadForPlatform: %v", err)
 	}
 	cfg.Payload = payload
 	gh := testfixtures.NewFakeGitHub(t, cfg)
@@ -386,3 +394,49 @@ func TestRunUpgrade_ConcurrentOnlyOneWins(t *testing.T) {
 		t.Errorf("expected exactly 1 lock acquisition, got %d", successes)
 	}
 }
+
+// — Cross-platform download path tests —
+// These run on any host OS so Linux CI can exercise Windows packaging.
+
+func TestDownloadDaemonVersion_WindowsZipOnLinuxCI(t *testing.T) {
+	t.Parallel()
+	// Regression test: make release was packing "mxcli-daemon-windows-amd64.exe" inside
+	// the zip instead of "mxcli-daemon.exe", causing "no file named found in zip archive".
+	// BuildDaemonPayloadForPlatform("windows",...) creates a zip with "mxcli-daemon.exe"
+	// inside (the correct post-fix layout), so this test fails if the extraction logic
+	// or the fixture naming drifts apart again.
+	e, _ := newInstallEnvForPlatform(t, &testfixtures.FakeGitHub{LatestTag: "v0.15.0"}, []byte("win-binary"), "windows", "amd64")
+
+	dest := e.daemonBinaryPath()
+	if err := e.downloadDaemonVersionForPlatform("v0.15.0", dest, "windows", "amd64"); err != nil {
+		t.Fatalf("Windows download failed: %v", err)
+	}
+
+	got, err := os.ReadFile(dest)
+	if err != nil {
+		t.Fatalf("daemon binary not written: %v", err)
+	}
+	if string(got) != "win-binary" {
+		t.Errorf("binary content = %q, want win-binary", got)
+	}
+}
+
+func TestDownloadDaemonVersion_LinuxTarZst(t *testing.T) {
+	t.Parallel()
+	// Mirrors TestDownloadDaemon_FreshInstall but explicitly targets Linux/amd64
+	// so both Unix and Windows hosts exercise the tar.zst path.
+	e, _ := newInstallEnvForPlatform(t, &testfixtures.FakeGitHub{LatestTag: "v0.15.0"}, []byte("linux-binary"), "linux", "amd64")
+
+	dest := e.daemonBinaryPath()
+	if err := e.downloadDaemonVersionForPlatform("v0.15.0", dest, "linux", "amd64"); err != nil {
+		t.Fatalf("Linux download failed: %v", err)
+	}
+
+	got, err := os.ReadFile(dest)
+	if err != nil {
+		t.Fatalf("daemon binary not written: %v", err)
+	}
+	if string(got) != "linux-binary" {
+		t.Errorf("binary content = %q, want linux-binary", got)
+	}
+}

cmd/mxcli-launcher/testfixtures/fake_daemon.go

@@ -5,6 +5,7 @@ package testfixtures
 
 import (
 	"archive/tar"
+	"archive/zip"
 	"bytes"
 	"crypto/sha256"
 	"encoding/hex"
@@ -18,22 +19,54 @@ import (
 type DaemonPayload struct {
 	// AssetName is the filename the fake server uses, e.g. "mxcli-daemon-linux-amd64.tar.zst"
 	AssetName string
-	// Archive is the raw bytes of the tar.zst archive.
+	// Archive is the raw bytes of the tar.zst or .exe.zip archive.
 	Archive []byte
 	// Checksum is the correct SHA256 hex digest of Archive.
 	Checksum string
 }
 
-// BuildDaemonPayload creates a minimal tar.zst containing a fake daemon binary
-// for the current platform. The binary content is the provided content bytes.
+// BuildDaemonPayload creates a fake daemon archive for the current platform.
+// Windows → .exe.zip containing "mxcli-daemon.exe".
+// Linux/Darwin → .tar.zst containing "mxcli-daemon".
 func BuildDaemonPayload(content []byte) (*DaemonPayload, error) {
-	goos := runtime.GOOS
-	goarch := runtime.GOARCH
+	return BuildDaemonPayloadForPlatform(runtime.GOOS, runtime.GOARCH, content)
+}
 
-	binaryName := "mxcli-daemon"
+// BuildDaemonPayloadForPlatform creates a fake daemon archive for an arbitrary platform.
+// This allows Linux CI to test the Windows download path without a real Windows machine.
+func BuildDaemonPayloadForPlatform(goos, goarch string, content []byte) (*DaemonPayload, error) {
 	if goos == "windows" {
-		binaryName = "mxcli-daemon.exe"
+		return buildWindowsPayload(goos, goarch, content)
+	}
+	return buildUnixPayload(goos, goarch, content)
+}
+
+func buildWindowsPayload(goos, goarch string, content []byte) (*DaemonPayload, error) {
+	assetName := fmt.Sprintf("mxcli-daemon-%s-%s.exe.zip", goos, goarch)
+
+	var buf bytes.Buffer
+	w := zip.NewWriter(&buf)
+	f, err := w.Create("mxcli-daemon.exe")
+	if err != nil {
+		return nil, fmt.Errorf("zip create: %w", err)
+	}
+	if _, err := f.Write(content); err != nil {
+		return nil, fmt.Errorf("zip write: %w", err)
 	}
+	if err := w.Close(); err != nil {
+		return nil, fmt.Errorf("zip close: %w", err)
+	}
+
+	archiveBytes := buf.Bytes()
+	h := sha256.Sum256(archiveBytes)
+	return &DaemonPayload{
+		AssetName: assetName,
+		Archive:   archiveBytes,
+		Checksum:  hex.EncodeToString(h[:]),
+	}, nil
+}
+
+func buildUnixPayload(goos, goarch string, content []byte) (*DaemonPayload, error) {
 	assetName := fmt.Sprintf("mxcli-daemon-%s-%s.tar.zst", goos, goarch)
 
 	var buf bytes.Buffer
@@ -43,7 +76,7 @@ func BuildDaemonPayload(content []byte) (*DaemonPayload, error) {
 	}
 	tw := tar.NewWriter(zw)
 	hdr := &tar.Header{
-		Name:     binaryName,
+		Name:     "mxcli-daemon",
 		Typeflag: tar.TypeReg,
 		Size:     int64(len(content)),
 		Mode:     0755,
@@ -59,12 +92,10 @@ func BuildDaemonPayload(content []byte) (*DaemonPayload, error) {
 
 	archiveBytes := buf.Bytes()
 	h := sha256.Sum256(archiveBytes)
-	checksum := hex.EncodeToString(h[:])
-
 	return &DaemonPayload{
 		AssetName: assetName,
 		Archive:   archiveBytes,
-		Checksum:  checksum,
+		Checksum:  hex.EncodeToString(h[:]),
 	}, nil
 }