Skip to content

Upgrade to recommended Xcode 26 project settings #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mattt merged 1 commit into from
Jan 29, 2026
Merged

Upgrade to recommended Xcode 26 project settings #127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 22 additions & 42 deletions App/App.Debug.entitlements
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,45 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true />
<key>com.apple.security.automation.apple-events</key>
<true />
<key>com.apple.security.device.camera</key>
<true />
<key>com.apple.security.device.microphone</key>
<true />
<key>com.apple.security.device.audio-input</key>
<true />
<key>com.apple.security.files.user-selected.read-write</key>
<true />
<key>com.apple.security.inherit</key>
<true />
<key>com.apple.security.network.client</key>
<true />
<key>com.apple.security.network.server</key>
<true />
<key>com.apple.security.personal-information.addressbook</key>
<true />
<key>com.apple.security.personal-information.calendars</key>
<true />
<key>com.apple.security.personal-information.health</key>
<true />
<key>com.apple.security.personal-information.location</key>
<true />
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.Terminal</string>
</array>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<array>
<string>/Users/*/Library/Messages/</string>
</array>
<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
<array>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spks</string>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spki</string>
</array>
</dict>
</plist>
<dict>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
<key>com.apple.security.personal-information.health</key>
<true/>
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.Terminal</string>
</array>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<array>
<string>/Users/*/Library/Messages/</string>
</array>
<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
<array>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spks</string>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spki</string>
</array>
</dict>
Comment on lines +4 to +24
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical entitlements are being removed from the debug entitlements file while the corresponding build settings are being added to the Debug configuration in project.pbxproj. For a sandboxed macOS app, the entitlements file must explicitly contain the entitlement keys (e.g., com.apple.security.app-sandbox, com.apple.security.network.client, com.apple.security.device.camera, etc.) - build settings alone are not sufficient. Without these explicit entitlements, the app will not have the permissions it needs at runtime, even if the build settings are enabled.

Copilot uses AI. Check for mistakes.
</plist>
66 changes: 22 additions & 44 deletions App/App.entitlements
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,47 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.weatherkit</key>
<true />
<key>com.apple.security.app-sandbox</key>
<true />
<key>com.apple.security.automation.apple-events</key>
<true />
<key>com.apple.security.device.camera</key>
<true />
<key>com.apple.security.device.microphone</key>
<true />
<key>com.apple.security.device.audio-input</key>
<true />
<key>com.apple.security.files.user-selected.read-write</key>
<true />
<key>com.apple.security.inherit</key>
<true />
<key>com.apple.security.network.client</key>
<true />
<key>com.apple.security.network.server</key>
<true />
<key>com.apple.security.personal-information.addressbook</key>
<true />
<key>com.apple.security.personal-information.calendars</key>
<true />
<key>com.apple.security.personal-information.health</key>
<true />
<key>com.apple.security.personal-information.location</key>
<true />
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.Terminal</string>
</array>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<array>
<string>/Users/*/Library/Messages/</string>
</array>
<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
<array>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spks</string>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spki</string>
</array>
</dict>
</plist>
<dict>
<key>com.apple.developer.weatherkit</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
<key>com.apple.security.personal-information.health</key>
<true/>
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.Terminal</string>
</array>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<array>
<string>/Users/*/Library/Messages/</string>
</array>
<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
<array>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spks</string>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spki</string>
</array>
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical security entitlements are being removed from the entitlements file while corresponding build settings are being added to enable these capabilities in the project configuration. This creates a potential mismatch where the build settings enable permissions (ENABLE_INCOMING_NETWORK_CONNECTIONS, ENABLE_OUTGOING_NETWORK_CONNECTIONS, etc.) but the entitlements file no longer contains the required entitlement keys (com.apple.security.network.client, com.apple.security.network.server, etc.). The app may fail to function properly or fail App Store review because the entitlements file should contain the actual entitlement keys that grant these permissions. Build settings alone are not sufficient - the entitlements file must explicitly declare these capabilities for sandboxed macOS apps.

Suggested change
</array>
</array>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>

Copilot uses AI. Check for mistakes.
</dict>
</plist>
33 changes: 23 additions & 10 deletions iMCP.xcodeproj/project.pbxproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@
attributes = {
BuildIndependentTargetsInParallel = 1;
LastSwiftUpdateCheck = 1620;
LastUpgradeCheck = 1630;
LastUpgradeCheck = 2620;
TargetAttributes = {
F8F44E6C2D59038D0075D79C = {
CreatedOnToolsVersion = 16.2;
Expand Down Expand Up @@ -305,11 +305,11 @@
GCC_DYNAMIC_NO_PIC = NO;
GCC_NO_COMMON_BLOCKS = YES;
GCC_OPTIMIZATION_LEVEL = 0;
GCC_TREAT_WARNINGS_AS_ERRORS = YES;
GCC_PREPROCESSOR_DEFINITIONS = (
"DEBUG=1",
"$(inherited)",
);
GCC_TREAT_WARNINGS_AS_ERRORS = YES;
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
GCC_WARN_UNDECLARED_SELECTOR = YES;
Expand All @@ -320,6 +320,7 @@
MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
MTL_FAST_MATH = YES;
ONLY_ACTIVE_ARCH = YES;
STRING_CATALOG_GENERATE_SYMBOLS = YES;
SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)";
SWIFT_OPTIMIZATION_LEVEL = "-Onone";
SWIFT_TREAT_WARNINGS_AS_ERRORS = YES;
Expand Down Expand Up @@ -377,6 +378,7 @@
LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
MTL_ENABLE_DEBUG_INFO = NO;
MTL_FAST_MATH = YES;
STRING_CATALOG_GENERATE_SYMBOLS = YES;
SWIFT_COMPILATION_MODE = wholemodule;
SWIFT_TREAT_WARNINGS_AS_ERRORS = YES;
};
Expand All @@ -387,17 +389,27 @@
buildSettings = {
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
CODE_SIGN_ENTITLEMENTS = App/App.Debug.entitlements;
CODE_SIGN_IDENTITY = "";
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Development";
AUTOMATION_APPLE_EVENTS = YES;
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AUTOMATION_APPLE_EVENTS is being added and set to YES in the Debug configuration. This grants the app permission to control other applications via Apple Events. Verify this is necessary for the app's functionality. Additionally, ensure that the corresponding entitlement (com.apple.security.automation.apple-events) is present in App.Debug.entitlements, as it appears to have been removed in the current changes, which would prevent Apple Events automation from working even with this build setting enabled.

Suggested change
AUTOMATION_APPLE_EVENTS = YES;
AUTOMATION_APPLE_EVENTS = NO;

Copilot uses AI. Check for mistakes.
CODE_SIGNING_ALLOWED = NO;
CODE_SIGNING_REQUIRED = NO;
CODE_SIGN_ENTITLEMENTS = App/App.Debug.entitlements;
CODE_SIGN_IDENTITY = "-";
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CODE_SIGN_IDENTITY has been changed from an empty string ("") to a dash ("-"). While both indicate "Don't Code Sign", the dash is the more explicit and recommended way to disable code signing in Xcode. However, verify that this change is intentional and consistent with your build requirements, as it may affect debugging and distribution workflows.

Suggested change
CODE_SIGN_IDENTITY = "-";
CODE_SIGN_IDENTITY = "";

Copilot uses AI. Check for mistakes.
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Development";
CODE_SIGN_STYLE = Manual;
CURRENT_PROJECT_VERSION = 8;
DEAD_CODE_STRIPPING = YES;
DEVELOPMENT_TEAM = "";
ENABLE_APP_SANDBOX = YES;
ENABLE_HARDENED_RUNTIME = YES;
ENABLE_INCOMING_NETWORK_CONNECTIONS = YES;
ENABLE_OUTGOING_NETWORK_CONNECTIONS = YES;
ENABLE_PREVIEWS = YES;
ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = YES;
ENABLE_RESOURCE_ACCESS_CALENDARS = YES;
ENABLE_RESOURCE_ACCESS_CAMERA = YES;
ENABLE_RESOURCE_ACCESS_CONTACTS = YES;
ENABLE_RESOURCE_ACCESS_LOCATION = YES;
Comment on lines +407 to +411
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Debug configuration is missing several sandbox resource access settings that are present in the Release configuration. Specifically, Debug is missing: ENABLE_RESOURCE_ACCESS_BLUETOOTH, ENABLE_RESOURCE_ACCESS_PHOTO_LIBRARY, ENABLE_RESOURCE_ACCESS_PRINTING, and ENABLE_RESOURCE_ACCESS_USB. This inconsistency between configurations could lead to different runtime behavior when testing in Debug vs Release builds, making it harder to catch permission-related issues during development.

Suggested change
ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = YES;
ENABLE_RESOURCE_ACCESS_CALENDARS = YES;
ENABLE_RESOURCE_ACCESS_CAMERA = YES;
ENABLE_RESOURCE_ACCESS_CONTACTS = YES;
ENABLE_RESOURCE_ACCESS_LOCATION = YES;
ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = YES;
ENABLE_RESOURCE_ACCESS_BLUETOOTH = YES;
ENABLE_RESOURCE_ACCESS_CALENDARS = YES;
ENABLE_RESOURCE_ACCESS_CAMERA = YES;
ENABLE_RESOURCE_ACCESS_CONTACTS = YES;
ENABLE_RESOURCE_ACCESS_LOCATION = YES;
ENABLE_RESOURCE_ACCESS_PHOTO_LIBRARY = YES;
ENABLE_RESOURCE_ACCESS_PRINTING = YES;
ENABLE_RESOURCE_ACCESS_USB = YES;

Copilot uses AI. Check for mistakes.
ENABLE_USER_SELECTED_FILES = readwrite;
GENERATE_INFOPLIST_FILE = YES;
INFOPLIST_FILE = App/Info.plist;
INFOPLIST_KEY_CFBundleDisplayName = iMCP;
Expand Down Expand Up @@ -442,7 +454,7 @@
buildSettings = {
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
AUTOMATION_APPLE_EVENTS = NO;
AUTOMATION_APPLE_EVENTS = YES;
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AUTOMATION_APPLE_EVENTS is being changed from NO to YES. This grants the app permission to control other applications via Apple Events/AppleScript. Given that the app's capabilities include accessing Calendar, Contacts, Messages, and other system data, verify that this permission is necessary. If the app doesn't actually need to automate other applications, leaving this enabled could be a security concern and may require additional justification during App Store review.

Suggested change
AUTOMATION_APPLE_EVENTS = YES;
AUTOMATION_APPLE_EVENTS = NO;

Copilot uses AI. Check for mistakes.
CODE_SIGN_ENTITLEMENTS = App/App.entitlements;
CODE_SIGN_IDENTITY = "Apple Development";
CODE_SIGN_STYLE = Automatic;
Expand All @@ -451,18 +463,19 @@
DEVELOPMENT_TEAM = "";
ENABLE_APP_SANDBOX = YES;
ENABLE_HARDENED_RUNTIME = YES;
ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO;
ENABLE_INCOMING_NETWORK_CONNECTIONS = YES;
ENABLE_OUTGOING_NETWORK_CONNECTIONS = YES;
Comment on lines +466 to +467
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Network connections are being enabled by changing ENABLE_INCOMING_NETWORK_CONNECTIONS and ENABLE_OUTGOING_NETWORK_CONNECTIONS from NO to YES. For an MCP (Model Context Protocol) app that connects to AI services, network access is expected. However, verify that the corresponding network entitlements (com.apple.security.network.client and com.apple.security.network.server) are properly declared in the App.entitlements file. Currently, these entitlements appear to have been removed from the entitlements file, which will prevent the app from establishing network connections at runtime.

Copilot uses AI. Check for mistakes.
ENABLE_PREVIEWS = YES;
ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = YES;
ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO;
ENABLE_RESOURCE_ACCESS_CALENDARS = NO;
ENABLE_RESOURCE_ACCESS_CALENDARS = YES;
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ENABLE_RESOURCE_ACCESS_CALENDARS is being changed from NO to YES, which is consistent with the app's documented Calendar capabilities. However, verify that the corresponding entitlement (com.apple.security.personal-information.calendars) is present in the App.entitlements file. The current changes show this entitlement being removed from the file, which will prevent calendar access at runtime even though the build setting is enabled.

Suggested change
ENABLE_RESOURCE_ACCESS_CALENDARS = YES;
ENABLE_RESOURCE_ACCESS_CALENDARS = NO;

Copilot uses AI. Check for mistakes.
ENABLE_RESOURCE_ACCESS_CAMERA = YES;
ENABLE_RESOURCE_ACCESS_CONTACTS = YES;
ENABLE_RESOURCE_ACCESS_LOCATION = YES;
ENABLE_RESOURCE_ACCESS_PHOTO_LIBRARY = NO;
ENABLE_RESOURCE_ACCESS_PRINTING = NO;
ENABLE_RESOURCE_ACCESS_USB = NO;
ENABLE_USER_SELECTED_FILES = readwrite;
GENERATE_INFOPLIST_FILE = YES;
INFOPLIST_FILE = App/Info.plist;
INFOPLIST_KEY_CFBundleDisplayName = iMCP;
Expand Down Expand Up @@ -497,8 +510,8 @@
SDKROOT = auto;
SUPPORTED_PLATFORMS = macosx;
SUPPORTS_MACCATALYST = NO;
SWIFT_EMIT_LOC_STRINGS = YES;
SWIFT_ACTIVE_COMPILATION_CONDITIONS = "WEATHERKIT_AVAILABLE $(inherited)";
SWIFT_EMIT_LOC_STRINGS = YES;
SWIFT_VERSION = 5.0;
XROS_DEPLOYMENT_TARGET = 2.2;
};
Expand Down
2 changes: 1 addition & 1 deletion iMCP.xcodeproj/xcshareddata/xcschemes/iMCP.xcscheme
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<Scheme
LastUpgradeVersion = "1630"
LastUpgradeVersion = "2620"
version = "1.7">
<BuildAction
parallelizeBuildables = "YES"
Expand Down