From 4b0b775e8e580e9f97000f53bd543c7ee489b007 Mon Sep 17 00:00:00 2001
From: enricobuehler <buehler@unom.io>
Date: Mon, 15 Jun 2026 23:57:06 +0200
Subject: [PATCH] fix(apple): allow CoreHaptics audioanalyticsd mach-lookup
 under the macOS sandbox

GCDeviceHaptics.createEngine returns a CHHapticEngine (the only controller-rumble
API on Apple platforms); starting it spins up CoreHaptics, which looks up the
system audio-analytics daemon over Mach. The App Sandbox denies that global-name
lookup and the framework's precondition turns the denial into a hard crash
("Process is sandboxed but com.apple.security.exception.mach-lookup.global-name
doesn't contain com.apple.audioanalyticsd") the moment a controller's rumble
engine starts.

Add the documented, App-Store-acceptable temporary-exception whitelisting exactly
that one service. Verified embedded into the signed binary (codesign -d
--entitlements) alongside the existing entitlements. macOS-only (iOS/tvOS reject
temporary-exception keys and don't need it). App Store: declare it in App Sandbox
Entitlement Usage Information.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .../apple/Config/Punktfunk-macOS.entitlements    | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/clients/apple/Config/Punktfunk-macOS.entitlements b/clients/apple/Config/Punktfunk-macOS.entitlements
index 02445b0..10dcd4f 100644
--- a/clients/apple/Config/Punktfunk-macOS.entitlements
+++ b/clients/apple/Config/Punktfunk-macOS.entitlements
@@ -48,6 +48,22 @@
 	<key>com.apple.security.device.usb</key>
 	<true/>
 
+	<!-- Controller rumble via CoreHaptics: GCDeviceHaptics.createEngine → CHHapticEngine
+	     (GamepadFeedback's RumbleRenderer), and AVAudioEngine playback, reach the system
+	     audio-analytics daemon `com.apple.audioanalyticsd` over Mach. The sandbox denies that
+	     global-name lookup unless it's whitelisted here, and the framework's own precondition
+	     turns the denial into a HARD CRASH ("Process is sandboxed but
+	     com.apple.security.exception.mach-lookup.global-name doesn't contain
+	     com.apple.audioanalyticsd") the moment a controller's haptics engine starts. This
+	     temporary exception is the documented, App-Store-acceptable way to permit exactly that
+	     lookup — and ONLY that service (the key takes exact names, no wildcards). App Store:
+	     declare it in App Store Connect → App Sandbox Entitlement Usage Information ("CoreHaptics
+	     gamepad rumble contacts the system audio-analytics daemon"). -->
+	<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
+	<array>
+		<string>com.apple.audioanalyticsd</string>
+	</array>
+
 	<!-- Keychain Sharing (unchanged from the shared file): a team-scoped access group so the
 	     punktfunk/1 client identity in the data-protection keychain is gated by the app's
 	     entitlement (team + bundle id), persisting across rebuilds with NO prompt — see