The client identity prompted for Keychain access on every launch/rebuild. Root
cause: the macOS app target was ad-hoc signed (CODE_SIGN_IDENTITY = "-"), and
the identity lived in the file keychain whose "Always Allow" ACL is bound to the
app's exact code signature (cdhash for ad-hoc). Every rebuild changed the binary
-> changed the cdhash -> the ACL no longer matched -> re-prompt.
- Sign the macOS target with Apple Development (team already set) instead of
ad-hoc, so the designated requirement is identity-based and stable across
rebuilds.
- Move the identity to the data-protection keychain (kSecUseDataProtectionKeychain)
gated by a team-scoped keychain-access-group entitlement — access is granted by
the app's entitlement, not a per-binary ACL, so it's prompt-free and survives
rebuilds. Add Config/Punktfunk.entitlements and wire CODE_SIGN_ENTITLEMENTS into
all six app configs (macOS/iOS/tvOS).
- Unsigned / ad-hoc builds (e.g. `swift run`) lack the entitlement
(errSecMissingEntitlement) — fall back to the legacy file keychain so they still
work (with the old prompt), no hard failure.
macOS re-mints the identity on first run (the old file-keychain copy isn't in the
data-protection keychain) -> one re-pair, which is acceptable. iOS keeps its
identity (the explicit access group equals the prior default).
Validated: swift build; swift test (39 passed, 0 failures); xcodebuild
-showBuildSettings confirms Apple Development + Config/Punktfunk.entitlements.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
