Hi @eskimo! Thank you, for your response and suggestions. I ran an additional step in CD pipeline with two commands security find-generic-password -l '<profile-name>' and security find-generic-password -a ' com.apple.gke.notary.tool.com.<profile-name>'. The first one successfully found the entry in the keychain, however, the second one failed. On which result should I rely on?

Ok, considering only the real product: The UI element app is an app, right? Not something else, like an app extension. Exactly, that is an app not an app extension or anything else Are either of these sandboxed? They aren't sandboxed Where did you app the Apple event capability? On the UI element app? Yes, on the UI element app via Xcode "Signing & Capabilities" In that TCC error, which bundle ID and path are shown? The container app? Or the UI element app? UI element app