Update SecretListItemView.swift

* [fix]: eliminate race condition in SocketController

* [refactor]: use sequence- rather than iterator-based iteration

* [fix]: remove now-superfluous await

---------

Co-authored-by: Max Goedjen <max.goedjen@gmail.com>

.github/workflows/codeql.yml

@@ -37,7 +37,7 @@ jobs:
         build-mode: ${{ matrix.build-mode }}
     - if: matrix.build-mode == 'manual'
       name: "Select Xcode"
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.2.app
     - if: matrix.build-mode == 'manual'
       name: "Build"
       run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO

.github/workflows/nightly.yml

@@ -3,7 +3,6 @@ name: Nightly
 on: 
   schedule: 
     - cron: "0 8 * * *"
-  workflow_dispatch:
   
 jobs:
   build:
@@ -12,6 +11,7 @@ jobs:
       id-token: write
       contents: write
       attestations: write
+      actions: read
     timeout-minutes: 10
     steps:
     - uses: actions/checkout@v5
@@ -25,7 +25,7 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.2.app
     - name: Update Build Number
       env:
         RUN_ID: ${{ github.run_id }}
@@ -36,20 +36,27 @@ jobs:
             sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Config/Config.xcconfig
     - name: Build
       run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
-    - name: Create ZIP
+    - name: Move to Artifact Folder
+      run: mkdir Artifact; cp -r Archive.xcarchive/Products/Applications/Secretive.app Artifact
+    - name: Upload App to Artifacts
+      id: upload
+      uses: actions/upload-artifact@v4
+      with:
+        name: Secretive
+        path: Artifact
+    - name: Download Zipped Artifact
+      id: download
+      env: 
+        ZIP_ID: ${{ steps.upload.outputs.artifact-id }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
-            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip
+            curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
+            https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
     - name: Notarize
       env: 
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
         APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
       run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
-    - name: Upload App to Artifacts
-      id: upload
-      uses: actions/upload-artifact@v4
-      with:
-        name: Secretive.zip
-        path: Secretive.zip
     - name: Attest
       id: attest
       uses: actions/attest-build-provenance@v2

.github/workflows/oneoff.yml

@@ -0,0 +1,64 @@
+name: One-Off Build
+
+on: 
+  workflow_dispatch:
+  
+jobs:
+  build:
+    runs-on: macos-26
+    permissions:
+      id-token: write
+      contents: write
+      attestations: write
+      actions: read
+    timeout-minutes: 10
+    steps:
+    - uses: actions/checkout@v5
+    - name: Setup Signing
+      env: 
+        SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
+        SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
+        HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }}
+        AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }}
+        APPLE_API_KEY_DATA: ${{ secrets.APPLE_API_KEY_DATA }}
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+      run: ./.github/scripts/signing.sh
+    - name: Set Environment
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.2.app
+    - name: Update Build Number
+      env:
+        RUN_ID: ${{ github.run_id }}
+      run: |
+            DATE=$(date "+%Y-%m-%d")
+            sed -i '' -e "s/GITHUB_CI_VERSION/0.0.0_oneoff-$DATE/g" Sources/Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_NUMBER/1.$RUN_ID/g" Sources/Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Config/Config.xcconfig
+    - name: Build
+      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
+    - name: Move to Artifact Folder
+      run: mkdir Artifact; cp -r Archive.xcarchive/Products/Applications/Secretive.app Artifact
+    - name: Upload App to Artifacts
+      id: upload
+      uses: actions/upload-artifact@v4
+      with:
+        name: Secretive
+        path: Artifact
+    - name: Download Zipped Artifact
+      id: download
+      env: 
+        ZIP_ID: ${{ steps.upload.outputs.artifact-id }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+            curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
+            https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
+    - name: Notarize
+      env: 
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+      run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
+    - name: Attest
+      id: attest
+      uses: actions/attest-build-provenance@v2
+      with:
+        subject-name: "Secretive.zip"
+        subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}

.github/workflows/release.yml

@@ -22,7 +22,7 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.2.app
     - name: Test
       run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme PackageTests test
       # SPM doesn't seem to pick up on the tests currently?
@@ -32,6 +32,7 @@ jobs:
       id-token: write
       contents: write
       attestations: write
+      actions: read
     runs-on: macos-26
     timeout-minutes: 10
     steps:
@@ -46,7 +47,7 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.2.app
     - name: Update Build Number
       env:
         TAG_NAME: ${{ github.ref }}
@@ -58,33 +59,40 @@ jobs:
             sed -i '' -e "s/GITHUB_BUILD_URL/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Config/Config.xcconfig
     - name: Build
       run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
-    - name: Create ZIP
+    - name: Move to Artifact Folder
-      run: |
+      run: mkdir Artifact; cp -r Archive.xcarchive/Products/Applications/Secretive.app Artifact
-            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip
-    - name: Notarize
-      env: 
-        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
-        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
-      run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
     - name: Upload App to Artifacts
       id: upload
       uses: actions/upload-artifact@v4
       with:
         name: Secretive.zip
-        path: Secretive.zip
+        path: Artifact
+    - name: Download Zipped Artifact
+      id: download
+      env: 
+        ZIP_ID: ${{ steps.upload.outputs.artifact-id }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+            curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
+            https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
+    - name: Notarize
+      env: 
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+      run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
     - name: Attest
       id: attest
       uses: actions/attest-build-provenance@v2
       with:
         subject-path: "Secretive.zip"
     - name: Create Release
-      run: |
-            sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md
-            sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md
-            gh release create $TAG_NAME -d -F .github/templates/release.md
-            gh release upload $TAG_NAME Secretive.zip
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         TAG_NAME: ${{ github.ref }}
         RUN_ID: ${{ github.run_id }}
         ATTESTATION_ID: ${{ steps.attest.outputs.attestation-id }}
+      run: |
+            sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md
+            sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md
+            gh release create $TAG_NAME -d -F .github/templates/release.md
+            gh release upload $TAG_NAME Secretive.zip

.github/workflows/test.yml

@@ -10,7 +10,7 @@ jobs:
     steps:
     - uses: actions/checkout@v5
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.2.app
     - name: Test Main Packages
       run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme PackageTests test
       # SPM doesn't seem to pick up on the tests currently?

Sources/Packages/Package.swift

@@ -22,6 +22,9 @@ let package = Package(
         .library(
             name: "SecretAgentKit",
             targets: ["SecretAgentKit", "XPCWrappers"]),
+        .library(
+            name: "Common",
+            targets: ["Common"]),
         .library(
             name: "Brief",
             targets: ["Brief"]),
@@ -65,6 +68,12 @@ let package = Package(
             name: "SecretAgentKitTests",
             dependencies: ["SecretAgentKit"],
         ),
+        .target(
+            name: "Common",
+            dependencies: [],
+            resources: [localization],
+            swiftSettings: swiftSettings,
+        ),
         .target(
             name: "Brief",
             dependencies: ["XPCWrappers"],

Sources/Packages/Sources/Common/URLs.swift

@@ -2,19 +2,23 @@ import Foundation
 
 extension URL {
 
-    static var agentHomeURL: URL {
+    public static var agentHomeURL: URL {
         URL(fileURLWithPath: URL.homeDirectory.path().replacingOccurrences(of: Bundle.hostBundleID, with: Bundle.agentBundleID))
     }
 
-    static var socketPath: String {
+    public static var socketPath: String {
+        #if DEBUG
+        URL.agentHomeURL.appendingPathComponent("socket-debug.ssh").path()
+        #else
         URL.agentHomeURL.appendingPathComponent("socket.ssh").path()
+        #endif
     }
 
 }
 
 extension String {
 
-    var normalizedPathAndFolder: (String, String) {
+    public var normalizedPathAndFolder: (String, String) {
         // All foundation-based normalization methods replace this with the container directly.
         let processedPath = replacingOccurrences(of: "~", with: "/Users/\(NSUserName())")
         let url = URL(filePath: processedPath)

Sources/Packages/Sources/SecretAgentKit/Agent.swift

@@ -47,6 +47,7 @@ extension Agent {
                 logger.debug("Agent returned \(SSHAgent.Response.agentSignResponse.debugDescription)")
             case .unknown(let value):
                 logger.error("Agent received unknown request of type \(value).")
+                throw UnhandledRequestError()
             default:
                 logger.debug("Agent received valid request of type \(request.debugDescription), but not currently supported.")
                 throw UnhandledRequestError()

Sources/Packages/Sources/SecretAgentKit/SigningRequestTracer.swift

@@ -36,7 +36,7 @@ extension SigningRequestTracer {
     /// - Parameter pid: The process ID to look up.
     /// - Returns: A ``SecretKit.SigningRequestProvenance.Process`` describing the process.
     func process(from pid: Int32) -> SigningRequestProvenance.Process {
-        var pidAndNameInfo = self.pidAndNameInfo(from: pid)
+        var pidAndNameInfo = unsafe self.pidAndNameInfo(from: pid)
         let ppid = unsafe pidAndNameInfo.kp_eproc.e_ppid != 0 ? pidAndNameInfo.kp_eproc.e_ppid : nil
         let procName = unsafe withUnsafeMutablePointer(to: &pidAndNameInfo.kp_proc.p_comm.0) { pointer in
             unsafe String(cString: pointer)

Sources/Packages/Sources/SecretAgentKit/SocketController.swift

@@ -36,16 +36,21 @@ public struct SocketController {
         logger.debug("Socket controller path is clear")
         port = SocketPort(path: path)
         fileHandle = FileHandle(fileDescriptor: port.socket, closeOnDealloc: true)
-        Task { [fileHandle, sessionsContinuation, logger] in
+        Task { @MainActor [fileHandle, sessionsContinuation, logger] in
-            for await notification in NotificationCenter.default.notifications(named: .NSFileHandleConnectionAccepted) {
+            // Create the sequence before triggering the notification to
+            // ensure it will not be missed.
+            let connectionAcceptedNotifications = NotificationCenter.default.notifications(named: .NSFileHandleConnectionAccepted)
+
+            fileHandle.acceptConnectionInBackgroundAndNotify()
+
+            for await notification in connectionAcceptedNotifications {
                 logger.debug("Socket controller accepted connection")
                 guard let new = notification.userInfo?[NSFileHandleNotificationFileHandleItem] as? FileHandle else { continue }
                 let session = Session(fileHandle: new)
                 sessionsContinuation.yield(session)
-                await fileHandle.acceptConnectionInBackgroundAndNotifyOnMainActor()
+                fileHandle.acceptConnectionInBackgroundAndNotify()
             }
         }
-        fileHandle.acceptConnectionInBackgroundAndNotify(forModes: [RunLoop.Mode.common])
         logger.debug("Socket listening at \(path)")
     }
 
@@ -77,8 +82,14 @@ extension SocketController {
             self.fileHandle = fileHandle
             provenance = SigningRequestTracer().provenance(from: fileHandle)
             (messages, messagesContinuation) = AsyncStream.makeStream()
-            Task { [messagesContinuation, logger] in
+            Task { @MainActor [messagesContinuation, logger] in
-                for await _ in NotificationCenter.default.notifications(named: .NSFileHandleDataAvailable, object: fileHandle) {
+                // Create the sequence before triggering the notification to
+                // ensure it will not be missed.
+                let dataAvailableNotifications = NotificationCenter.default.notifications(named: .NSFileHandleDataAvailable, object: fileHandle)
+
+                fileHandle.waitForDataInBackgroundAndNotify()
+
+                for await _ in dataAvailableNotifications {
                     let data = fileHandle.availableData
                     guard !data.isEmpty else {
                         logger.debug("Socket controller received empty data, ending continuation.")
@@ -90,16 +101,13 @@ extension SocketController {
                     logger.debug("Socket controller yielded data.")
                 }
             }
-            Task {
-                await fileHandle.waitForDataInBackgroundAndNotifyOnMainActor()
-            }
         }
         
         /// Writes new data to the socket.
         /// - Parameter data: The data to write.
-        public func write(_ data: Data) async throws {
+        @MainActor public func write(_ data: Data) throws {
           try fileHandle.write(contentsOf: data)
-            await fileHandle.waitForDataInBackgroundAndNotifyOnMainActor()
+          fileHandle.waitForDataInBackgroundAndNotify()
         }
         
         /// Closes the socket and cleans up resources.
@@ -113,22 +121,6 @@ extension SocketController {
 
 }
 
-private extension FileHandle {
-
-    /// Ensures waitForDataInBackgroundAndNotify will be called on the main actor.
-    @MainActor func waitForDataInBackgroundAndNotifyOnMainActor() {
-        waitForDataInBackgroundAndNotify()
-    }
-
-
-    /// Ensures acceptConnectionInBackgroundAndNotify will be called on the main actor.
-    /// - Parameter modes: the runloop modes to use.
-    @MainActor func acceptConnectionInBackgroundAndNotifyOnMainActor(forModes modes: [RunLoop.Mode]? = [RunLoop.Mode.common]) {
-        acceptConnectionInBackgroundAndNotify(forModes: modes)
-    }
-
-}
-
 private extension SocketPort {
 
     convenience init(path: String) {

Sources/SecretAgent/AppDelegate.swift

@@ -6,6 +6,7 @@ import SmartCardSecretKit
 import SecretAgentKit
 import Brief
 import Observation
+import Common
 
 @main
 class AppDelegate: NSObject, NSApplicationDelegate {
@@ -26,7 +27,7 @@ class AppDelegate: NSObject, NSApplicationDelegate {
         Agent(storeList: storeList, witness: notifier)
     }()
     private lazy var socketController: SocketController = {
-        let path = (NSHomeDirectory() as NSString).appendingPathComponent("socket.ssh") as String
+        let path = URL.socketPath as String
         return SocketController(path: path)
     }()
     private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent", category: "AppDelegate")
@@ -41,7 +42,7 @@ class AppDelegate: NSObject, NSApplicationDelegate {
                         for await message in session.messages {
                             let request = try await inputParser.parse(data: message)
                             let agentResponse = await agent.handle(request: request, provenance: session.provenance)
-                            try await session.write(agentResponse)
+                            try session.write(agentResponse)
                         }
                     } catch {
                         try session.close()

Sources/Secretive.xcodeproj/project.pbxproj

@@ -9,7 +9,6 @@
 /* Begin PBXBuildFile section */
 		2C4A9D2F2636FFD3008CC8E2 /* EditSecretView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 2C4A9D2E2636FFD3008CC8E2 /* EditSecretView.swift */; };
 		50020BB024064869003D4025 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50020BAF24064869003D4025 /* AppDelegate.swift */; };
-		50033AC327813F1700253856 /* BundleIDs.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50033AC227813F1700253856 /* BundleIDs.swift */; };
 		5003EF3B278005E800DF2006 /* SecretKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3A278005E800DF2006 /* SecretKit */; };
 		5003EF3D278005F300DF2006 /* Brief in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3C278005F300DF2006 /* Brief */; };
 		5003EF3F278005F300DF2006 /* SecretAgentKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3E278005F300DF2006 /* SecretAgentKit */; };
@@ -26,13 +25,11 @@
 		50153E22250DECA300525160 /* SecretListItemView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50153E21250DECA300525160 /* SecretListItemView.swift */; };
 		501578132E6C0479004A37D0 /* XPCInputParser.swift in Sources */ = {isa = PBXBuildFile; fileRef = 501578122E6C0479004A37D0 /* XPCInputParser.swift */; };
 		5018F54F24064786002EB505 /* Notifier.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5018F54E24064786002EB505 /* Notifier.swift */; };
-		504788EC2E680DC800B4556F /* URLs.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504788EB2E680DC400B4556F /* URLs.swift */; };
 		504788F22E681F3A00B4556F /* Instructions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504788F12E681F3A00B4556F /* Instructions.swift */; };
 		504788F42E681F6900B4556F /* ToolConfigurationView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504788F32E681F6900B4556F /* ToolConfigurationView.swift */; };
 		504788F62E68206F00B4556F /* GettingStartedView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504788F52E68206F00B4556F /* GettingStartedView.swift */; };
 		504789232E697DD300B4556F /* BoxBackgroundStyle.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504789222E697DD300B4556F /* BoxBackgroundStyle.swift */; };
 		50571E0324393C2600F76F6C /* JustUpdatedChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50571E0224393C2600F76F6C /* JustUpdatedChecker.swift */; };
-		50571E0524393D1500F76F6C /* LaunchAgentController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50571E0424393D1500F76F6C /* LaunchAgentController.swift */; };
 		50617D8323FCE48E0099B055 /* App.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D8223FCE48E0099B055 /* App.swift */; };
 		50617D8523FCE48E0099B055 /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D8423FCE48E0099B055 /* ContentView.swift */; };
 		50617D8A23FCE48E0099B055 /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50617D8923FCE48E0099B055 /* Preview Assets.xcassets */; };
@@ -70,6 +67,8 @@
 		50BDCB762E6450950072D2E7 /* ConfigurationItemView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50BDCB752E6450950072D2E7 /* ConfigurationItemView.swift */; };
 		50C385A52407A76D00AF2719 /* SecretDetailView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50C385A42407A76D00AF2719 /* SecretDetailView.swift */; };
 		50CF4ABC2E601B0F005588DC /* ActionButtonStyle.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50CF4ABB2E601B0F005588DC /* ActionButtonStyle.swift */; };
+		50E0145C2EDB9CDF00B121F1 /* Common in Frameworks */ = {isa = PBXBuildFile; productRef = 50E0145B2EDB9CDF00B121F1 /* Common */; };
+		50E0145E2EDB9CE400B121F1 /* Common in Frameworks */ = {isa = PBXBuildFile; productRef = 50E0145D2EDB9CE400B121F1 /* Common */; };
 		50E4C4532E73C78C00C73783 /* WindowBackgroundStyle.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50E4C4522E73C78900C73783 /* WindowBackgroundStyle.swift */; };
 		50E4C4C32E7765DF00C73783 /* AboutView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50E4C4C22E7765DF00C73783 /* AboutView.swift */; };
 		50E4C4C82E777E4200C73783 /* AppIcon.icon in Resources */ = {isa = PBXBuildFile; fileRef = 50E4C4C72E777E4200C73783 /* AppIcon.icon */; };
@@ -181,20 +180,17 @@
 /* Begin PBXFileReference section */
 		2C4A9D2E2636FFD3008CC8E2 /* EditSecretView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = EditSecretView.swift; sourceTree = "<group>"; };
 		50020BAF24064869003D4025 /* AppDelegate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
-		50033AC227813F1700253856 /* BundleIDs.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BundleIDs.swift; sourceTree = "<group>"; };
 		5003EF39278005C800DF2006 /* Packages */ = {isa = PBXFileReference; lastKnownFileType = wrapper; path = Packages; sourceTree = "<group>"; };
 		5008C23D2E525D8200507AC2 /* Localizable.xcstrings */ = {isa = PBXFileReference; lastKnownFileType = text.json.xcstrings; name = Localizable.xcstrings; path = Packages/Resources/Localizable.xcstrings; sourceTree = SOURCE_ROOT; };
 		50153E1F250AFCB200525160 /* UpdateView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UpdateView.swift; sourceTree = "<group>"; };
 		50153E21250DECA300525160 /* SecretListItemView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretListItemView.swift; sourceTree = "<group>"; };
 		501578122E6C0479004A37D0 /* XPCInputParser.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = XPCInputParser.swift; sourceTree = "<group>"; };
 		5018F54E24064786002EB505 /* Notifier.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Notifier.swift; sourceTree = "<group>"; };
-		504788EB2E680DC400B4556F /* URLs.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = URLs.swift; sourceTree = "<group>"; };
 		504788F12E681F3A00B4556F /* Instructions.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Instructions.swift; sourceTree = "<group>"; };
 		504788F32E681F6900B4556F /* ToolConfigurationView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ToolConfigurationView.swift; sourceTree = "<group>"; };
 		504788F52E68206F00B4556F /* GettingStartedView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = GettingStartedView.swift; sourceTree = "<group>"; };
 		504789222E697DD300B4556F /* BoxBackgroundStyle.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BoxBackgroundStyle.swift; sourceTree = "<group>"; };
 		50571E0224393C2600F76F6C /* JustUpdatedChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = JustUpdatedChecker.swift; sourceTree = "<group>"; };
-		50571E0424393D1500F76F6C /* LaunchAgentController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LaunchAgentController.swift; sourceTree = "<group>"; };
 		5059933F2E7A3B5B0092CFFA /* en */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = en; path = en.lproj/Main.storyboard; sourceTree = "<group>"; };
 		50617D7F23FCE48E0099B055 /* Secretive.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Secretive.app; sourceTree = BUILT_PRODUCTS_DIR; };
 		50617D8223FCE48E0099B055 /* App.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = App.swift; sourceTree = "<group>"; };
@@ -248,6 +244,7 @@
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				50E0145C2EDB9CDF00B121F1 /* Common in Frameworks */,
 				5003EF3B278005E800DF2006 /* SecretKit in Frameworks */,
 				501421622781262300BBAA70 /* Brief in Frameworks */,
 				5003EF5F2780081600DF2006 /* SecureEnclaveSecretKit in Frameworks */,
@@ -281,20 +278,13 @@
 				5003EF652780081B00DF2006 /* SmartCardSecretKit in Frameworks */,
 				5003EF3F278005F300DF2006 /* SecretAgentKit in Frameworks */,
 				5003EF41278005FA00DF2006 /* SecretKit in Frameworks */,
+				50E0145E2EDB9CE400B121F1 /* Common in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
 /* End PBXFrameworksBuildPhase section */
 
 /* Begin PBXGroup section */
-		50033AC427813F1C00253856 /* Helpers */ = {
-			isa = PBXGroup;
-			children = (
-				50033AC227813F1700253856 /* BundleIDs.swift */,
-			);
-			path = Helpers;
-			sourceTree = "<group>";
-		};
 		504788ED2E681EB200B4556F /* Modifiers */ = {
 			isa = PBXGroup;
 			children = (
@@ -378,7 +368,6 @@
 				50617D8223FCE48E0099B055 /* App.swift */,
 				508A58B0241ED1C40069DC07 /* Views */,
 				508A58B1241ED1EA0069DC07 /* Controllers */,
-				50033AC427813F1C00253856 /* Helpers */,
 				50617D8E23FCE48E0099B055 /* Info.plist */,
 				508BF28D25B4F005009EFB7E /* InternetAccessPolicy.plist */,
 				50E4C4C72E777E4200C73783 /* AppIcon.icon */,
@@ -444,11 +433,9 @@
 		508A58B1241ED1EA0069DC07 /* Controllers */ = {
 			isa = PBXGroup;
 			children = (
-				504788EB2E680DC400B4556F /* URLs.swift */,
 				508A58B2241ED2180069DC07 /* AgentStatusChecker.swift */,
 				5091D2BB25183B830049FD9B /* ApplicationDirectoryController.swift */,
 				50571E0224393C2600F76F6C /* JustUpdatedChecker.swift */,
-				50571E0424393D1500F76F6C /* LaunchAgentController.swift */,
 			);
 			path = Controllers;
 			sourceTree = "<group>";
@@ -510,6 +497,7 @@
 				5003EF5E2780081600DF2006 /* SecureEnclaveSecretKit */,
 				5003EF602780081600DF2006 /* SmartCardSecretKit */,
 				501421612781262300BBAA70 /* Brief */,
+				50E0145B2EDB9CDF00B121F1 /* Common */,
 			);
 			productName = Secretive;
 			productReference = 50617D7F23FCE48E0099B055 /* Secretive.app */;
@@ -580,6 +568,7 @@
 				5003EF40278005FA00DF2006 /* SecretKit */,
 				5003EF622780081B00DF2006 /* SecureEnclaveSecretKit */,
 				5003EF642780081B00DF2006 /* SmartCardSecretKit */,
+				50E0145D2EDB9CE400B121F1 /* Common */,
 			);
 			productName = SecretAgent;
 			productReference = 50A3B78A24026B7500D209EA /* SecretAgent.app */;
@@ -690,7 +679,6 @@
 				2C4A9D2F2636FFD3008CC8E2 /* EditSecretView.swift in Sources */,
 				50E4C4532E73C78C00C73783 /* WindowBackgroundStyle.swift in Sources */,
 				5091D2BC25183B830049FD9B /* ApplicationDirectoryController.swift in Sources */,
-				504788EC2E680DC800B4556F /* URLs.swift in Sources */,
 				504789232E697DD300B4556F /* BoxBackgroundStyle.swift in Sources */,
 				5066A6C22516F303004B5A36 /* SetupView.swift in Sources */,
 				5065E313295517C500E16645 /* ToolbarButtonStyle.swift in Sources */,
@@ -700,14 +688,12 @@
 				50571E0324393C2600F76F6C /* JustUpdatedChecker.swift in Sources */,
 				5079BA0F250F29BF00EA86F4 /* StoreListView.swift in Sources */,
 				50617DD223FCEFA90099B055 /* PreviewStore.swift in Sources */,
-				50033AC327813F1700253856 /* BundleIDs.swift in Sources */,
 				50BDCB722E63BAF20072D2E7 /* AgentStatusView.swift in Sources */,
 				508A58B3241ED2180069DC07 /* AgentStatusChecker.swift in Sources */,
 				50C385A52407A76D00AF2719 /* SecretDetailView.swift in Sources */,
 				5099A02423FD2AAA0062B6F2 /* CreateSecretView.swift in Sources */,
 				50AE97002E5C1A420018C710 /* IntegrationsView.swift in Sources */,
 				50153E20250AFCB200525160 /* UpdateView.swift in Sources */,
-				50571E0524393D1500F76F6C /* LaunchAgentController.swift in Sources */,
 				5066A6C82516FE6E004B5A36 /* CopyableView.swift in Sources */,
 				50B8550D24138C4F009958AC /* DeleteSecretView.swift in Sources */,
 				50BB046B2418AAAE00D6E079 /* EmptyStoreView.swift in Sources */,
@@ -1561,6 +1547,14 @@
 			isa = XCSwiftPackageProductDependency;
 			productName = SecretAgentKit;
 		};
+		50E0145B2EDB9CDF00B121F1 /* Common */ = {
+			isa = XCSwiftPackageProductDependency;
+			productName = Common;
+		};
+		50E0145D2EDB9CE400B121F1 /* Common */ = {
+			isa = XCSwiftPackageProductDependency;
+			productName = Common;
+		};
 /* End XCSwiftPackageProductDependency section */
 	};
 	rootObject = 50617D7723FCE48D0099B055 /* Project object */;

Sources/Secretive/App.swift

@@ -7,7 +7,7 @@ import Brief
 @main
 struct Secretive: App {
     
-    @Environment(\.agentStatusChecker) var agentStatusChecker
+    @Environment(\.agentLaunchController) var agentLaunchController
     @Environment(\.justUpdatedChecker) var justUpdatedChecker
 
     @SceneBuilder var body: some Scene {
@@ -15,14 +15,16 @@ struct Secretive: App {
             ContentView()
                 .environment(EnvironmentValues._secretStoreList)
                 .onReceive(NotificationCenter.default.publisher(for: NSApplication.didBecomeActiveNotification)) { _ in
+                    Task {
                         @AppStorage("defaultsHasRunSetup") var hasRunSetup = false
-                    guard hasRunSetup else { return }
+                        @AppStorage("explicitlyDisabled") var explicitlyDisabled = false
-                    agentStatusChecker.check()
+                        guard hasRunSetup && !explicitlyDisabled else { return }
-                    if agentStatusChecker.running && justUpdatedChecker.justUpdatedBuild {
+                        agentLaunchController.check()
+                        guard !agentLaunchController.developmentBuild else { return }
+                        if justUpdatedChecker.justUpdatedBuild || !agentLaunchController.running {
                             // Relaunch the agent, since it'll be running from earlier update still
-                        reinstallAgent()
+                            try await agentLaunchController.forceLaunch()
-                    } else if !agentStatusChecker.running && !agentStatusChecker.developmentBuild {
+                        }
-                        forceLaunchAgent()
                     }
                 }
         }
@@ -79,30 +81,6 @@ extension Secretive {
 
 }
 
-extension Secretive {
-
-    private func reinstallAgent() {
-        Task {
-            _ = await LaunchAgentController().install()
-            try? await Task.sleep(for: .seconds(1))
-            agentStatusChecker.check()
-            if !agentStatusChecker.running {
-                forceLaunchAgent()
-            }
-        }
-    }
-
-    private func forceLaunchAgent() {
-        // We've run setup, we didn't just update, launchd is just not doing it's thing.
-        // Force a launch directly.
-        Task {
-            _ = await LaunchAgentController().forceLaunch()
-            agentStatusChecker.check()
-        }
-    }
-
-}
-
 private enum Constants {
     static let helpURL = URL(string: "https://github.com/maxgoedjen/secretive/blob/main/FAQ.md")!
 }
@@ -121,8 +99,8 @@ extension EnvironmentValues {
         return list
     }()
 
-    private static let _agentStatusChecker = AgentStatusChecker()
+    private static let _agentLaunchController = AgentLaunchController()
-    @Entry var agentStatusChecker: any AgentStatusCheckerProtocol = _agentStatusChecker
+    @Entry var agentLaunchController: any AgentLaunchControllerProtocol = _agentLaunchController
     private static let _updater: any UpdaterProtocol = {
         @AppStorage("defaultsHasRunSetup") var hasRunSetup = false
         return Updater(checkOnLaunch: hasRunSetup)

Sources/Secretive/Controllers/AgentStatusChecker.swift

@@ -2,18 +2,26 @@ import Foundation
 import AppKit
 import SecretKit
 import Observation
+import OSLog
+import ServiceManagement
+import Common
 
-@MainActor protocol AgentStatusCheckerProtocol: Observable, Sendable {
+@MainActor protocol AgentLaunchControllerProtocol: Observable, Sendable {
     var running: Bool { get }
     var developmentBuild: Bool { get }
     var process: NSRunningApplication? { get }
     func check()
+    func install() async throws
+    func uninstall() async throws
+    func forceLaunch() async throws
 }
 
-@Observable @MainActor final class AgentStatusChecker: AgentStatusCheckerProtocol {
+@Observable @MainActor final class AgentLaunchController: AgentLaunchControllerProtocol {
 
     var running: Bool = false
     var process: NSRunningApplication? = nil
+    private let logger = Logger(subsystem: "com.maxgoedjen.secretive", category: "LaunchAgentController")
+    private let service = SMAppService.loginItem(identifier: Bundle.agentBundleID)
 
     nonisolated init() {
         Task { @MainActor in
@@ -33,7 +41,7 @@ import Observation
 
     // The process corresponding to this instance of Secretive
     var instanceSecretAgentProcess: NSRunningApplication? {
-        // FIXME: CHECK VERSION
+        // TODO: CHECK VERSION
         let agents = allSecretAgentProcesses
         for agent in agents {
             guard let url = agent.bundleURL else { continue }
@@ -49,6 +57,47 @@ import Observation
         Bundle.main.bundleURL.isXcodeURL
     }
 
+    func install() async throws {
+        logger.debug("Installing agent")
+        try? await service.unregister()
+        // This is definitely a bit of a "seems to work better" thing but:
+        // Seems to more reliably hit if these are on separate runloops, otherwise it seems like it sometimes doesn't kill old
+        // and start new?
+        try await Task.sleep(for: .seconds(1))
+        try service.register()
+        try await Task.sleep(for: .seconds(1))
+        check()
+    }
+
+    func uninstall() async throws {
+        logger.debug("Uninstalling agent")
+        try await Task.sleep(for: .seconds(1))
+        try await service.unregister()
+        try await Task.sleep(for: .seconds(1))
+        check()
+    }
+
+    func forceLaunch() async throws {
+        logger.debug("Agent is not running, attempting to force launch by reinstalling")
+        try await install()
+        if running {
+            logger.debug("Agent successfully force launched by reinstalling")
+            return
+        }
+        logger.debug("Agent is not running, attempting to force launch by launching directly")
+        let url = Bundle.main.bundleURL.appendingPathComponent("Contents/Library/LoginItems/SecretAgent.app")
+        let config = NSWorkspace.OpenConfiguration()
+        config.activates = false
+        do {
+            try await NSWorkspace.shared.openApplication(at: url, configuration: config)
+            logger.debug("Agent force launched")
+            try await Task.sleep(for: .seconds(1))
+        } catch {
+            logger.error("Error force launching \(error.localizedDescription)")
+        }
+        check()
+    }
+
 }
 
 extension URL {

Sources/Secretive/Controllers/LaunchAgentController.swift

@@ -1,65 +0,0 @@
-import Foundation
-import ServiceManagement
-import AppKit
-import OSLog
-import SecretKit
-
-struct LaunchAgentController {
-    
-    private let logger = Logger(subsystem: "com.maxgoedjen.secretive", category: "LaunchAgentController")
-
-    func install() async -> Bool {
-        logger.debug("Installing agent")
-        _ = setEnabled(false)
-        // This is definitely a bit of a "seems to work better" thing but:
-        // Seems to more reliably hit if these are on separate runloops, otherwise it seems like it sometimes doesn't kill old
-        // and start new?
-        try? await Task.sleep(for: .seconds(1))
-        let result = await MainActor.run {
-            setEnabled(true)
-        }
-        try? await Task.sleep(for: .seconds(1))
-        return result
-    }
-
-    func uninstall() async -> Bool {
-        logger.debug("Uninstalling agent")
-        try? await Task.sleep(for: .seconds(1))
-        let result = await MainActor.run {
-            setEnabled(false)
-        }
-        try? await Task.sleep(for: .seconds(1))
-        return result
-    }
-
-    func forceLaunch() async -> Bool {
-        logger.debug("Agent is not running, attempting to force launch")
-        let url = Bundle.main.bundleURL.appendingPathComponent("Contents/Library/LoginItems/SecretAgent.app")
-        let config = NSWorkspace.OpenConfiguration()
-        config.activates = false
-        do {
-            try await NSWorkspace.shared.openApplication(at: url, configuration: config)
-            logger.debug("Agent force launched")
-            try? await Task.sleep(for: .seconds(1))
-            return true
-        } catch {
-            logger.error("Error force launching \(error.localizedDescription)")
-            return false
-        }
-    }
-
-    private func setEnabled(_ enabled: Bool) -> Bool {
-        let service = SMAppService.loginItem(identifier: Bundle.agentBundleID)
-        do {
-            if enabled {
-                try service.register()
-            } else {
-                try service.unregister()
-            }
-            return true
-        } catch {
-            return false
-        }
-    }
-
-}

Sources/Secretive/Preview Content/PreviewAgentStatusChecker.swift

@@ -1,7 +1,7 @@
 import Foundation
 import AppKit
 
-class PreviewAgentStatusChecker: AgentStatusCheckerProtocol {
+class PreviewAgentLaunchController: AgentLaunchControllerProtocol {
 
     let running: Bool
     let process: NSRunningApplication?
@@ -15,4 +15,13 @@ class PreviewAgentStatusChecker: AgentStatusCheckerProtocol {
     func check() {
     }
 
+    func install() async throws {
+    }
+
+    func uninstall() async throws {
+    }
+
+    func forceLaunch() async throws {
+    }
+
 }

Sources/Secretive/Views/Configuration/SetupView.swift

@@ -3,6 +3,7 @@ import SwiftUI
 struct SetupView: View {
 
     @Environment(\.dismiss) private var dismiss
+    @Environment(\.agentLaunchController) private var agentLaunchController
     @Binding var setupComplete: Bool
 
     @State var showingIntegrations = false
@@ -31,7 +32,7 @@ struct SetupView: View {
                     ) {
                         installed = true
                         Task {
-                            await LaunchAgentController().install()
+                            try? await agentLaunchController.install()
                         }
                     }
                 }

Sources/Secretive/Views/Configuration/ToolConfigurationView.swift

@@ -10,6 +10,7 @@ struct ToolConfigurationView: View {
 
     @State var creating = false
     @State var selectedSecret: AnySecret?
+    @State var email = ""
 
     init(selectedInstruction: ConfigurationFileInstructions) {
         self.selectedInstruction = selectedInstruction
@@ -48,6 +49,12 @@ struct ToolConfigurationView: View {
                                     .tag(secret)
                             }
                         }
+                        TextField(text: $email, prompt: Text(.integrationsConfigureUsingEmailPlaceholder)) {
+                            Text(.integrationsConfigureUsingEmailTitle)
+                            Text(.integrationsConfigureUsingEmailSubtitle)
+                                .font(.subheadline)
+                                .foregroundStyle(.secondary)
+                        }
                     } header: {
                         Text(.integrationsConfigureUsingSecretHeader)
                     }
@@ -60,7 +67,7 @@ struct ToolConfigurationView: View {
                 Section {
                     ConfigurationItemView(title: .integrationsPathTitle, value: stepGroup.path, action: .revealInFinder(stepGroup.path))
                     ForEach(stepGroup.steps, id: \.self.key) { step in
-                        ConfigurationItemView(title: .integrationsAddThisTitle, action: .copy(String(localized: step))) {
+                        ConfigurationItemView(title: .integrationsAddThisTitle, action: .copy(placeholdersReplaced(text: String(localized: step)))) {
                             HStack {
                                 Text(placeholdersReplaced(text: String(localized: step)))
                                     .padding(8)
@@ -102,9 +109,11 @@ struct ToolConfigurationView: View {
     func placeholdersReplaced(text: String) -> String {
         guard let selectedSecret else { return text }
         let writer = OpenSSHPublicKeyWriter()
+        let gitAllowedSignersString = [email.isEmpty ? String(localized: .integrationsConfigureUsingEmailPlaceholder) : email, writer.openSSHString(secret: selectedSecret)]
+            .joined(separator: " ")
         let fileController = PublicKeyFileStoreController(homeDirectory: URL.agentHomeURL)
         return text
-            .replacingOccurrences(of: Instructions.Constants.publicKeyPlaceholder, with: writer.openSSHString(secret: selectedSecret))
+            .replacingOccurrences(of: Instructions.Constants.publicKeyPlaceholder, with: gitAllowedSignersString)
             .replacingOccurrences(of: Instructions.Constants.publicKeyPathPlaceholder, with: fileController.publicKeyPath(for: selectedSecret))
     }
 

Sources/Secretive/Views/Secrets/SecretListItemView.swift

@@ -27,11 +27,11 @@ struct SecretListItemView: View {
         .contextMenu {
             if store is AnySecretStoreModifiable {
                 Button(action: { isRenaming = true }) {
-                    Image(systemName: "pencil")
+                    // Image(systemName: "pencil")
                     Text(.secretListEditButton)
                 }
                 Button(action: { isDeleting = true }) {
-                    Image(systemName: "trash")
+                    // Image(systemName: "trash")
                     Text(.secretListDeleteButton)
                 }
             }

Sources/Secretive/Views/Views/AgentStatusView.swift

@@ -2,10 +2,10 @@ import SwiftUI
 
 struct AgentStatusView: View {
 
-    @Environment(\.agentStatusChecker) private var agentStatusChecker: any AgentStatusCheckerProtocol
+    @Environment(\.agentLaunchController) private var agentLaunchController: any AgentLaunchControllerProtocol
 
     var body: some View {
-        if agentStatusChecker.running {
+        if agentLaunchController.running {
             AgentRunningView()
         } else {
             AgentNotRunningView()
@@ -14,12 +14,13 @@ struct AgentStatusView: View {
 }
 struct AgentRunningView: View {
 
-    @Environment(\.agentStatusChecker) private var agentStatusChecker: any AgentStatusCheckerProtocol
+    @Environment(\.agentLaunchController) private var agentLaunchController: any AgentLaunchControllerProtocol
+    @AppStorage("explicitlyDisabled") var explicitlyDisabled = false
 
     var body: some View {
         Form {
             Section {
-                if let process = agentStatusChecker.process {
+                if let process = agentLaunchController.process {
                     ConfigurationItemView(
                         title: .agentDetailsLocationTitle,
                         value: process.bundleURL!.path(),
@@ -53,19 +54,14 @@ struct AgentRunningView: View {
                         Menu(.agentDetailsRestartAgentButton) {
                             Button(.agentDetailsDisableAgentButton) {
                                 Task {
-                                    _ = await LaunchAgentController()
+                                    explicitlyDisabled = true
+                                    try? await agentLaunchController
                                         .uninstall()
-                                    agentStatusChecker.check()
                                 }
                             }
                         } primaryAction: {
                             Task {
-                                let controller = LaunchAgentController()
+                                try? await agentLaunchController.forceLaunch()
-                                let installed = await controller.install()
-                                if !installed {
-                                    _ = await controller.forceLaunch()
-                                }
-                                agentStatusChecker.check()
                             }
                         }
                     }
@@ -82,9 +78,10 @@ struct AgentRunningView: View {
 
 struct AgentNotRunningView: View {
 
-    @Environment(\.agentStatusChecker) private var agentStatusChecker: any AgentStatusCheckerProtocol
+    @Environment(\.agentLaunchController) private var agentLaunchController
     @State var triedRestart = false
     @State var loading = false
+    @AppStorage("explicitlyDisabled") var explicitlyDisabled = false
 
     var body: some View {
         Form {
@@ -100,18 +97,14 @@ struct AgentNotRunningView: View {
                         if !triedRestart {
                             Spacer()
                             Button {
+                                explicitlyDisabled = false
                                 guard !loading else { return }
                                 loading = true
                                 Task {
-                                    let controller = LaunchAgentController()
+                                    try await agentLaunchController.forceLaunch()
-                                    let installed = await controller.install()
-                                    if !installed {
-                                        _ = await controller.forceLaunch()
-                                    }
-                                    agentStatusChecker.check()
                                     loading = false
 
-                                    if !agentStatusChecker.running {
+                                    if !agentLaunchController.running {
                                         triedRestart = true
                                     }
                                 }
@@ -145,9 +138,9 @@ struct AgentNotRunningView: View {
 
 //#Preview {
 //    AgentStatusView()
-//        .environment(\.agentStatusChecker, PreviewAgentStatusChecker(running: false))
+//        .environment(\.agentLaunchController, PreviewAgentLaunchController(running: false))
 //}
 //#Preview {
 //    AgentStatusView()
-//        .environment(\.agentStatusChecker, PreviewAgentStatusChecker(running: true, process: .current))
+//        .environment(\.agentLaunchController, PreviewAgentLaunchController(running: true, process: .current))
 //}

Sources/Secretive/Views/Views/ContentView.swift

@@ -14,7 +14,7 @@ struct ContentView: View {
     @Environment(\.openWindow) private var openWindow
     @Environment(\.secretStoreList) private var storeList
     @Environment(\.updater) private var updater
-    @Environment(\.agentStatusChecker) private var agentStatusChecker
+    @Environment(\.agentLaunchController) private var agentLaunchController
 
     @AppStorage("defaultsHasRunSetup") private var hasRunSetup = false
     @State private var showingCreation = false
@@ -127,7 +127,7 @@ extension ContentView {
             showingAgentInfo = true
         }, label: {
             HStack {
-                if agentStatusChecker.running {
+                if agentLaunchController.running {
                     Text(.agentRunningNoticeTitle)
                         .font(.headline)
                         .foregroundColor(colorScheme == .light ? Color(white: 0.3) : .white)
@@ -145,8 +145,8 @@ extension ContentView {
         })
         .buttonStyle(
             ToolbarStatusButtonStyle(
-                lightColor: agentStatusChecker.running ? .black.opacity(0.05) : .red.opacity(0.75),
+                lightColor: agentLaunchController.running ? .black.opacity(0.05) : .red.opacity(0.75),
-                darkColor: agentStatusChecker.running ? .white.opacity(0.05) : .red.opacity(0.5),
+                darkColor: agentLaunchController.running ? .white.opacity(0.05) : .red.opacity(0.5),
             )
         )
         .popover(isPresented: $showingAgentInfo, attachmentAnchor: attachmentAnchor, arrowEdge: .bottom) {