Thanks again for your guidance. I’m following up with concrete implementation details and current repro logs because we still cannot read SSID via CoreWLAN from our agent process. Environment: macOS 26.3 (build 25D125) Xcode 26.2 (17C52) Wi-Fi interface: en0 Agent bundle ID: com.acme.SSIDInspector.Agent App bundle ID: com.acme.SSIDInspector How we launch the agent: We use SMAppService.agent(plistName:) from the main app. Embedded LaunchAgent plist path in app bundle: com.acme.SSIDInspector.Agent.plist Plist details: Label = com.acme.SSIDInspector.Agent BundleProgram = Contents/Resources/SSIDInspectorAgent.app/Contents/MacOS/SSIDInspectorAgent MachServices includes com.acme.SSIDInspector.Agent RunAtLoad = true, KeepAlive = true We call register()/unregister() on SMAppService, and use XPC (NSXPCConnection to mach service) to verify the agent is running/reachable. Privacy/authorization setup: Agent Info.plist usage strings are present: NSLocationAlwaysUsageDescription NSLocationUsageDescription NSLocationWhenInUseUsageDescription Agent entitlement includes: com.apple.security.personal-information.location = true Agent requests location authorization via CLLocationManager.requestAlwaysAuthorization(). On startup we consistently see: notDetermined -> authorizedAlways one warmup location update received and stopped. Observed CoreWLAN behavior: In the agent process, CWWiFiClient.shared().interface()?.ssid() remains nil. At the same time, CoreWLAN interface data indicates association (BSSID/channel present), so our diagnostic path marks this as redacted/unavailable SSID. Representative log sequence (2026-02-26 13:16:02 local): location authorization changed: authorizedAlways location authorization granted; CoreWLAN SSID reads should be eligible corewlan summary currentInterface=en0 currentSSID=nil interfaces=en0:ssid=nil probe source corewlan returned redacted SSID marker observed SSID becomes <SSID Redacted> (not actual SSID) Important note: The remaining issue is specifically CoreWLAN SSID visibility in this LaunchAgent context. Question: Given this setup, is there any additional requirement/restriction for SSID visibility when the process is a background LaunchAgent registered via SMAppService (as opposed to a foreground app process)? If helpful, I can provide a minimal reproducible sample project with this exact architecture. Thank you. “Also, in System Settings > Privacy & Security > Location Services, we consistently see duplicate SSIDInspector entries (one with a warning icon) plus SSIDInspectorAgent. This suggests stale or conflicting TCC identity records. We are resetting TCC and re-registering via SMAppService, but wanted to confirm whether duplicate/stale TCC rows can affect CoreWLAN SSID visibility for a LaunchAgent process.”

Disregard that last remark about duplicate tcc entries. I cleaned everything out manually.