I was under the impression that the fault recovery part was the reason why you were suggesting running an executable. XPC was the thing I found, when I was looking for ways to execute code and communicate with it from my host app. But now I understand that compiling loading a dynamic library is the way to go. That's how I will start, and then probably run all of that in an XPC Service, for fault recovery. Regarding executing the compiled code from a sandboxed app: You were mentioning the com.apple.security.files.user-selected.executable entitlement. This would be exactly what I need, right? But it is almost never allowed by the App Store Review team? What is a way to find out? Submit the app and see? This leads me to my original question again. Could I distribute a Mac app in the App Store, and then have users install an additional, non-sandboxed app from a website, which launches a MachService? Would my sandboxed app be able to talk to that MachService? Or is this forbidden by the system? In other words: Is there any change to build what I want to build, and distribute it through the App Store? Thank you again for your help!

Thank you very much for your reply! It would be great if you could clarify some things for me: and for a named XPC endpoint vended by a launchd daemon you use init(machServiceName:options:). I believe this is what I did, see my second code example (machServiceName: ...). I'm wondering why it didn't work. it’s feasible to compile your code to something that’s loadable (a Mach-O dynamic library or bundle) and then have your XPC service load that. What is the benefit of loading the dynamic lib from the XPC service, and not from the main app directly? Overall stability for cases where the lib crashes? Or would this somehow allow me to distribute my editor app through the App Store? AFAIK it is not allowed for a sandboxed app to compile code, is it? And a XPC service distributed with my sandboxed app is also sandboxed, correct? I understand that loading the dynamic lib has a lot of benefits regarding security and stability, but I'd like to understand if it is a absolute requirement.