Where is Bundle.module defined?

When I try it, I get "'module' is inaccessible due to 'internal' protection level". I do see that it's being generated for one of my project's dependencies (in this case, it's a Vapor project, and the module that code completion jumps to is in in swift-crypto’s DerivedSources folder). UPDATE: Seems I had a malformed Package.swift (a missing comma), and instead of showing the error, Xcode just choked on compiling my test code. Running swift-test on the command line revealed this.

I may have solved my problem. I just discovered the "Associated Domains Development" setting in Settings, and turned that on, and suddenly the phone fetched the AASA file directly.

In my case, all I need is the window title for the frontmost Terminal.app window (and ideally, any other terminal emulator a user might use, like iTerm2). I don't need to control anything or record the screen.

Okay, it seems ScreenCaptureKit will let me enumerate windows and get their titles, but I have to rely on the hope that the first one listed is the topmost window (seems to be, but not sure that's guaranteed). I also need screen recording permission, unfortunately, as it gives my app much more than it needs. My alternative is AppleEvents with the temporary exemption (which I think still applies, as there’s no alternative).

macOS, yes, sorry. I’ll look into this aspect, thank you. I see these items going into the iCloud keychain (the flag is for unit tests where they end up in the login keychain), as viewed via Keychain Access.

Okay, looking into TN3137, it says To target the data protection keychain, set the kSecUseDataProtectionKeychain attribute or the kSecAttrSynchronizable attribute to true. I am setting kSecAttrSynchronizable to true when adding items, so it should be using the data protection keychain.

I see a three of issues here. First, you’re asking for something that doesn’t make sense. accessControl uses a this-device-only modifier, but you’re setting kSecAttrSynchronizable to true. What’s the point of synchronising something if it’s limited to this device only? This stems from a misunderstanding of kSecAttrAccessibleWhenUnlockedThisDeviceOnly, I think. I set it to kSecAttrAccessibleWhenUnlocked, and it still didn’t work. Second, you’re setting kSecAttrAccessControl and kSecAttrAccessible. That’s weird because the former subsumes the latter. Note how the value you’re using to kSecAttrAccessible is also being passed when you create accessControl. I removed the kSecAttrAccessible attribute altogether, and it still gives me paramErr. Persistent references to synchronizable items should be avoided; while they may work locally, they cannot be moved between devices, and may not resolve if the item is modified on some other device. I only use the identifier locally and in-memory, so it doesn’t matter if it’s not valid on other machines, but this seems like an unnecessary limitation either way, since it’s not hard to make a globally unique identifier. Something that's confusing to me is that when you call SecAccessControlCreateWithFlags(), you pass both "protection" and "access control" constraints, which seem to have at least semantic overlap. I want the user to have to provide access to the password each time it is used, rather than only when unlocked. My understanding is that that’s what .userPresence does, but it seems like that could have also been a protection class. What does it mean to say kSecAttrAccessibleAlways and .userPresence, for example? And the "ThisDeviceOnly" variants could imply that unlocking on one device doesn't automatically unlock on another device, hence why I was using that. In any case, I'm using kSecAttrAccessControl because I want each use of the password to require the user actually be there (I get that the system won’t always prompt, that it caches authorization for some amount of time, but that's okay). In any case, I still can't figure out why it won’t let me add .userPresence to the password. … On a whim I removed the kSecAttrSynchronizable = true, and that got rid of the error! I’m not explicitly using kSecUseDataProtectionKeychain, which is not what I was expecting. For example, TN3137 says: To target the data protection keychain, set the kSecUseDataProtectionKeychain attribute or the kSecAttrSynchronizable attribute to true. And lastly just to confirm: Something stored with .userPresence requires presence even to query attributes and not the password value itself? That's the behavior I'm seeing. I can work with that, but I wasn't expecting it for some reason.