I see a three of issues here. First, you’re asking for something that doesn’t make sense. accessControl uses a this-device-only modifier, but you’re setting kSecAttrSynchronizable to true. What’s the point of synchronising something if it’s limited to this device only? This stems from a misunderstanding of kSecAttrAccessibleWhenUnlockedThisDeviceOnly, I think. I set it to kSecAttrAccessibleWhenUnlocked, and it still didn’t work. Second, you’re setting kSecAttrAccessControl and kSecAttrAccessible. That’s weird because the former subsumes the latter. Note how the value you’re using to kSecAttrAccessible is also being passed when you create accessControl. I removed the kSecAttrAccessible attribute altogether, and it still gives me paramErr. Persistent references to synchronizable items should be avoided; while they may work locally, they cannot be moved between devices, and may not resolve if the item is modified on some other device. I only use the identifier locally and in-memory, so it doesn’t matter if it’s not valid on other machines, but this seems like an unnecessary limitation either way, since it’s not hard to make a globally unique identifier. Something that's confusing to me is that when you call SecAccessControlCreateWithFlags(), you pass both "protection" and "access control" constraints, which seem to have at least semantic overlap. I want the user to have to provide access to the password each time it is used, rather than only when unlocked. My understanding is that that’s what .userPresence does, but it seems like that could have also been a protection class. What does it mean to say kSecAttrAccessibleAlways and .userPresence, for example? And the "ThisDeviceOnly" variants could imply that unlocking on one device doesn't automatically unlock on another device, hence why I was using that. In any case, I'm using kSecAttrAccessControl because I want each use of the password to require the user actually be there (I get that the system won’t always prompt, that it caches authorization for some amount of time, but that's okay). In any case, I still can't figure out why it won’t let me add .userPresence to the password. … On a whim I removed the kSecAttrSynchronizable = true, and that got rid of the error! I’m not explicitly using kSecUseDataProtectionKeychain, which is not what I was expecting. For example, TN3137 says: To target the data protection keychain, set the kSecUseDataProtectionKeychain attribute or the kSecAttrSynchronizable attribute to true. And lastly just to confirm: Something stored with .userPresence requires presence even to query attributes and not the password value itself? That's the behavior I'm seeing. I can work with that, but I wasn't expecting it for some reason.

Okay, looking into TN3137, it says To target the data protection keychain, set the kSecUseDataProtectionKeychain attribute or the kSecAttrSynchronizable attribute to true. I am setting kSecAttrSynchronizable to true when adding items, so it should be using the data protection keychain.

macOS, yes, sorry. I’ll look into this aspect, thank you. I see these items going into the iCloud keychain (the flag is for unit tests where they end up in the login keychain), as viewed via Keychain Access.

Okay, it seems ScreenCaptureKit will let me enumerate windows and get their titles, but I have to rely on the hope that the first one listed is the topmost window (seems to be, but not sure that's guaranteed). I also need screen recording permission, unfortunately, as it gives my app much more than it needs. My alternative is AppleEvents with the temporary exemption (which I think still applies, as there’s no alternative).

In my case, all I need is the window title for the frontmost Terminal.app window (and ideally, any other terminal emulator a user might use, like iTerm2). I don't need to control anything or record the screen.

I may have solved my problem. I just discovered the "Associated Domains Development" setting in Settings, and turned that on, and suddenly the phone fetched the AASA file directly.

When I try it, I get "'module' is inaccessible due to 'internal' protection level". I do see that it's being generated for one of my project's dependencies (in this case, it's a Vapor project, and the module that code completion jumps to is in in swift-crypto’s DerivedSources folder). UPDATE: Seems I had a malformed Package.swift (a missing comma), and instead of showing the error, Xcode just choked on compiling my test code. Running swift-test on the command line revealed this.

Where is Bundle.module defined?

After a lot of tinkering, I came upon a solution. Not sure if all of this is necessary: Only initialize the full stack if not in a SwiftUI preview. This was gross, relying on a runtime environment variable. Create a simple NSPersistentContainer when using in-memory store for previews and unit tests Only call setQueryGenerationFrom(.current) for the "real" stack, not the preview stack. This last one was key.

Thank you. It sounds like the best approach is to start with a standard/traditional Core Data stack and "migrate" to Swift Data from there.

Oh thank you, @DTS Engineer, that's helpful. Yes, I meant UICloudSharingController. I had completely failed to remember ShareLink, not realizing it works for this case. Ideally, I'd be able to use SwiftData for the bulk of my local objects, but afaik there’s no direct support for CKShare in SwiftData. Can you tell me if I have to create the Core Data stack from scratch, or can I insert the necessary bits (e.g. all the descriptions and options for shared zones, etc.) into the stack created by the Swift Data APIs?

Are you saying I have to create a file on disk in order to print?

I still get this in Xcode 16b5 on macOS in my SwiftData/SwiftUI app. I don't explicitly use NSKeyedArchiver anywhere, nor do I have any transformations on my model objects.

I did eventually get this to work. I needed to skip the two-byte header after all. Not sure why it didn't work the previous times I tried doing that.

I might not have been clear. As I understand it, the Share Extension is for making my app a recipient of shares from another app. In my case, I want to mimic what Ivory is doing, not be shared to from Ivory. I want to add a handful of "Copy…" commands that do slightly different things. In fact, what I should probably do is have one "Copy" command and an "Options" menu like Mobile Safari offers, where you can choose to "Send As" different formats. Is all that also provided by the Share Extension?