i hate macos to use keychain and store shit in secure enclave your app **needs** to be signed and have correct entitlements. **even for local development** and to sign an "app" i need to put my binary into an "app-like" folder structure (`whatever.app/Contents/MacOS/whatever`) and sign the `.app` **but!** to provide the correct entitlements you **have** to use a "provision profile" – simply passing them to `codesign --entitlements` isn't enough, the app will just SIGKILL. and the only way (i found) to get a provision profile without a valid dev cert is to... steal it from an app built by xcode, lol. because it's issued by the apple backend on a per-bundleid per-device basis. :neocat_googly_woozy: