That makes sense, thanks for the TN2083 link as well. I had read that section of your post and concluded it didn't apply since I had assumed switch user meant I was now operating as that user. When using codesign with a CI like Github Actions or Jenkins then, would the suggested solution be to use LaunchAgents as that user (which I assume would avoid the Unix tool mixed execution context issue)?