Clear needs review.

Fixed back sides
Few more
2026-04-09 18:57:22 +02:00 · 2025-09-11 18:51:01 -07:00 · 2025-09-11 18:43:35 -07:00 · 2025-09-11 18:31:45 -07:00 · 2025-09-11 18:27:47 -07:00
104 changed files with 1426 additions and 3750 deletions
--- a/.github/readme/app-dark.png
+++ b/.github/readme/app-dark.png
--- a/.github/readme/app-light.png
+++ b/.github/readme/app-light.png
--- a/.github/readme/localize_add.png
+++ b/.github/readme/localize_add.png
--- a/.github/readme/localize_sidebar.png
+++ b/.github/readme/localize_sidebar.png
--- a/.github/readme/localize_translate.png
+++ b/.github/readme/localize_translate.png
--- a/.github/readme/notification.png
+++ b/.github/readme/notification.png
--- a/.github/readme/touchid.png
+++ b/.github/readme/touchid.png
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -37,7 +37,7 @@ jobs:
        build-mode: ${{ matrix.build-mode }}
    - if: matrix.build-mode == 'manual'
      name: "Select Xcode"
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.4.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
    - if: matrix.build-mode == 'manual'
      name: "Build"
      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -3,6 +3,7 @@ name: Nightly
 on: 
  schedule: 
    - cron: "0 8 * * *"
+  workflow_dispatch:
  
 jobs:
  build:
@@ -11,7 +12,6 @@ jobs:
      id-token: write
      contents: write
      attestations: write
-      actions: read
    timeout-minutes: 10
    steps:
    - uses: actions/checkout@v5
@@ -25,7 +25,7 @@ jobs:
        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
      run: ./.github/scripts/signing.sh
    - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.4.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
    - name: Update Build Number
      env:
        RUN_ID: ${{ github.run_id }}
@@ -33,30 +33,23 @@ jobs:
            DATE=$(date "+%Y-%m-%d")
            sed -i '' -e "s/GITHUB_CI_VERSION/0.0.0_nightly-$DATE/g" Sources/Config/Config.xcconfig
            sed -i '' -e "s/GITHUB_BUILD_NUMBER/1.$RUN_ID/g" Sources/Config/Config.xcconfig
-            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Secretive/Credits.rtf
    - name: Build
      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
-    - name: Move to Artifact Folder
-      run: mkdir Artifact; cp -r Archive.xcarchive/Products/Applications/Secretive.app Artifact
-    - name: Upload App to Artifacts
-      id: upload
-      uses: actions/upload-artifact@v4
-      with:
-        name: Secretive
-        path: Artifact
-    - name: Download Zipped Artifact
-      id: download
-      env: 
-        ZIP_ID: ${{ steps.upload.outputs.artifact-id }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Create ZIP
      run: |
-            curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
-            https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
+            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip
    - name: Notarize
      env: 
        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
      run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
+    - name: Upload App to Artifacts
+      id: upload
+      uses: actions/upload-artifact@v4
+      with:
+        name: Secretive.zip
+        path: Secretive.zip
    - name: Attest
      id: attest
      uses: actions/attest-build-provenance@v2
--- a/.github/workflows/oneoff.yml
+++ b/.github/workflows/oneoff.yml
@@ -1,64 +0,0 @@
-name: One-Off Build
-
-on: 
-  workflow_dispatch:
-  
-jobs:
-  build:
-    runs-on: macos-26
-    permissions:
-      id-token: write
-      contents: write
-      attestations: write
-      actions: read
-    timeout-minutes: 10
-    steps:
-    - uses: actions/checkout@v5
-    - name: Setup Signing
-      env: 
-        SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
-        SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
-        HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }}
-        AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }}
-        APPLE_API_KEY_DATA: ${{ secrets.APPLE_API_KEY_DATA }}
-        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
-      run: ./.github/scripts/signing.sh
-    - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.4.app
-    - name: Update Build Number
-      env:
-        RUN_ID: ${{ github.run_id }}
-      run: |
-            DATE=$(date "+%Y-%m-%d")
-            sed -i '' -e "s/GITHUB_CI_VERSION/0.0.0_oneoff-$DATE/g" Sources/Config/Config.xcconfig
-            sed -i '' -e "s/GITHUB_BUILD_NUMBER/1.$RUN_ID/g" Sources/Config/Config.xcconfig
-            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Config/Config.xcconfig
-    - name: Build
-      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
-    - name: Move to Artifact Folder
-      run: mkdir Artifact; cp -r Archive.xcarchive/Products/Applications/Secretive.app Artifact
-    - name: Upload App to Artifacts
-      id: upload
-      uses: actions/upload-artifact@v4
-      with:
-        name: Secretive
-        path: Artifact
-    - name: Download Zipped Artifact
-      id: download
-      env: 
-        ZIP_ID: ${{ steps.upload.outputs.artifact-id }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-            curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
-            https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
-    - name: Notarize
-      env: 
-        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
-        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
-      run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
-    - name: Attest
-      id: attest
-      uses: actions/attest-build-provenance@v2
-      with:
-        subject-name: "Secretive.zip"
-        subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,7 +22,7 @@ jobs:
        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
      run: ./.github/scripts/signing.sh
    - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.4.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
    - name: Test
      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme PackageTests test
      # SPM doesn't seem to pick up on the tests currently?
@@ -32,7 +32,6 @@ jobs:
      id-token: write
      contents: write
      attestations: write
-      actions: read
    runs-on: macos-26
    timeout-minutes: 10
    steps:
@@ -47,7 +46,7 @@ jobs:
        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
      run: ./.github/scripts/signing.sh
    - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.4.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
    - name: Update Build Number
      env:
        TAG_NAME: ${{ github.ref }}
@@ -56,43 +55,37 @@ jobs:
            export CLEAN_TAG=$(echo $TAG_NAME | sed -e 's/refs\/tags\/v//')
            sed -i '' -e "s/GITHUB_CI_VERSION/$CLEAN_TAG/g" Sources/Config/Config.xcconfig
            sed -i '' -e "s/GITHUB_BUILD_NUMBER/1.$RUN_ID/g" Sources/Config/Config.xcconfig
-            sed -i '' -e "s/GITHUB_BUILD_URL/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Secretive/Credits.rtf
    - name: Build
      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
-    - name: Move to Artifact Folder
-      run: mkdir Artifact; cp -r Archive.xcarchive/Products/Applications/Secretive.app Artifact
-    - name: Upload App to Artifacts
-      id: upload
-      uses: actions/upload-artifact@v4
-      with:
-        name: Secretive.zip
-        path: Artifact
-    - name: Download Zipped Artifact
-      id: download
-      env: 
-        ZIP_ID: ${{ steps.upload.outputs.artifact-id }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Create ZIP
      run: |
-            curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
-            https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
+            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip
    - name: Notarize
      env: 
        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
      run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
+    - name: Upload App to Artifacts
+      id: upload
+      uses: actions/upload-artifact@v4
+      with:
+        name: Secretive.zip
+        path: Secretive.zip
    - name: Attest
      id: attest
      uses: actions/attest-build-provenance@v2
      with:
-        subject-path: "Secretive.zip"
+        subject-name: "Secretive.zip"
+        subject-digest: ${{ steps.upload.outputs.artifact-digest }}
    - name: Create Release
+      run: |
+            sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md
+            sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md
+            gh release create $TAG_NAME -d -F .github/templates/release.md
+            gh release upload Secretive.zip
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        TAG_NAME: ${{ github.ref }}
        RUN_ID: ${{ github.run_id }}
        ATTESTATION_ID: ${{ steps.attest.outputs.attestation-id }}
-      run: |
-            sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md
-            sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md
-            gh release create $TAG_NAME -d -F .github/templates/release.md
-            gh release upload $TAG_NAME Secretive.zip
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,7 +10,7 @@ jobs:
    steps:
    - uses: actions/checkout@v5
    - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26.4.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
    - name: Test Main Packages
      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme PackageTests test
      # SPM doesn't seem to pick up on the tests currently?
--- a/.gitignore
+++ b/.gitignore
@@ -93,7 +93,3 @@ iOSInjectionProject/
 Archive.xcarchive
 .DS_Store
 contents.xcworkspacedata
-
-# Per-User Configs
-
-Sources/Config/OpenSource.xcconfig
--- a/Sources/Secretive/AppIcon.icon/Assets/Icon
+++ b/Sources/Secretive/AppIcon.icon/Assets/Icon
--- a/Sources/Secretive/AppIcon.icon/Assets/Rectangle
+++ b/Sources/Secretive/AppIcon.icon/Assets/Rectangle
--- a/Sources/Secretive/AppIcon.icon/Assets/Rectangle
+++ b/Sources/Secretive/AppIcon.icon/Assets/Rectangle
--- a/Sources/Secretive/AppIcon.icon/icon.json
+++ b/Sources/Secretive/AppIcon.icon/icon.json
--- a/Package.swift
+++ b/Package.swift
@@ -22,9 +22,6 @@ let package = Package(
        .library(
            name: "SmartCardSecretKit",
            targets: ["SmartCardSecretKit"]),
-        .library(
-            name: "SSHProtocolKit",
-            targets: ["SSHProtocolKit"]),
    ],
    dependencies: [
    ],
@@ -56,19 +53,6 @@ let package = Package(
            resources: [localization],
            swiftSettings: swiftSettings
        ),
-        .target(
-            name: "SSHProtocolKit",
-            dependencies: ["SecretKit"],
-            path: "Sources/Packages/Sources/SSHProtocolKit",
-            resources: [localization],
-            swiftSettings: swiftSettings,
-        ),
-        .testTarget(
-            name: "SSHProtocolKitTests",
-            dependencies: ["SSHProtocolKit"],
-            path: "Sources/Packages/Tests/SSHProtocolKitTests",
-            swiftSettings: swiftSettings,
-        ),
    ]
 )

--- a/README.md
+++ b/README.md
@@ -1,11 +1,11 @@
 # Secretive [![Test](https://github.com/maxgoedjen/secretive/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/maxgoedjen/secretive/actions/workflows/test.yml) ![Release](https://github.com/maxgoedjen/secretive/workflows/Release/badge.svg)


-Secretive is an app for protecting and managing SSH keys with the Secure Enclave.
+Secretive is an app for storing and managing SSH keys in the Secure Enclave. It is inspired by the [sekey project](https://github.com/sekey/sekey), but rewritten in Swift with no external dependencies and with a handy native management app.
+
 <picture>
  <source media="(prefers-color-scheme: dark)" srcset="/.github/readme/app-dark.png">
-  <source media="(prefers-color-scheme: light)" srcset="/.github/readme/app-light.png">
-  <img src="/.github/readme/app-dark.png" alt="Screenshot of Secretive" width="600">
+  <img src="/.github/readme/app-light.png" alt="Screenshot of Secretive" width="600">
 </picture>


@@ -13,7 +13,7 @@ Secretive is an app for protecting and managing SSH keys with the Secure Enclave

 ### Safer Storage

-The most common setup for SSH keys is just keeping them on disk, guarded by proper permissions. This is fine in most cases, but it's not super hard for malicious users or malware to copy your private key. If you protect your keys with the Secure Enclave, it's impossible to export them, by design.
+The most common setup for SSH keys is just keeping them on disk, guarded by proper permissions. This is fine in most cases, but it's not super hard for malicious users or malware to copy your private key. If you store your keys in the Secure Enclave, it's impossible to export them, by design.

 ### Access Control

@@ -53,7 +53,7 @@ Builds are produced by GitHub Actions with an auditable build and release genera

 ### A Note Around Code Signing and Keychains

-While Secretive uses the Secure Enclave to protect keys, it still relies on Keychain APIs to store and access them. Keychain restricts reads of keys to the app (and specifically, the bundle ID) that created them. If you build Secretive from source, make sure you are consistent in which bundle ID you use so that the Keychain is able to locate your keys.
+While Secretive uses the Secure Enclave for key storage, it still relies on Keychain APIs to access them. Keychain restricts reads of keys to the app (and specifically, the bundle ID) that created them. If you build Secretive from source, make sure you are consistent in which bundle ID you use so that the Keychain is able to locate your keys.

 ### Backups and Transfers to New Machines

@@ -62,11 +62,3 @@ Because secrets in the Secure Enclave are not exportable, they are not able to b
 ## Security

 Secretive's security policy is detailed in [SECURITY.md](SECURITY.md). To report security issues, please use [GitHub's private reporting feature.](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability)
-
-## Acknowledgements
-
-### sekey
-Secretive was inspired by the [sekey project](https://github.com/sekey/sekey).
-
-### Localization
-Secretive is localized to many languages by a generous team of volunteers. To learn more, see [LOCALIZING.md](LOCALIZING.md). Secretive's localization workflow is generously provided by [Crowdin](https://crowdin.com).
--- a/Sources/Config/Config.xcconfig
+++ b/Sources/Config/Config.xcconfig
@@ -1,8 +1,2 @@
 CI_VERSION = GITHUB_CI_VERSION
 CI_BUILD_NUMBER = GITHUB_BUILD_NUMBER
-CI_BUILD_LINK = GITHUB_BUILD_URL
-
-#include? "OpenSource.xcconfig"
-
-SECRETIVE_BASE_BUNDLE_ID = $(SECRETIVE_BASE_BUNDLE_ID_OSS:default=com.maxgoedjen.Secretive)
-SECRETIVE_DEVELOPMENT_TEAM = $(SECRETIVE_DEVELOPMENT_TEAM_OSS:default=Z72PRUAWF6)
--- a/Sources/Packages/Package.swift
+++ b/Sources/Packages/Package.swift
@@ -21,19 +21,13 @@ let package = Package(
            targets: ["SmartCardSecretKit"]),
        .library(
            name: "SecretAgentKit",
-            targets: ["SecretAgentKit"]),
-        .library(
-            name: "Common",
-            targets: ["Common"]),
+            targets: ["SecretAgentKit", "XPCWrappers"]),
        .library(
            name: "Brief",
            targets: ["Brief"]),
        .library(
            name: "XPCWrappers",
            targets: ["XPCWrappers"]),
-        .library(
-            name: "SSHProtocolKit",
-            targets: ["SSHProtocolKit"]),
    ],
    dependencies: [
    ],
@@ -46,7 +40,7 @@ let package = Package(
        ),
        .testTarget(
            name: "SecretKitTests",
-            dependencies: ["SecretKit", "SecretAgentKit", "SecureEnclaveSecretKit", "SmartCardSecretKit"],
+            dependencies: ["SecretKit", "SecureEnclaveSecretKit", "SmartCardSecretKit"],
            swiftSettings: swiftSettings,
        ),
        .target(
@@ -63,7 +57,7 @@ let package = Package(
        ),
        .target(
            name: "SecretAgentKit",
-            dependencies: ["SecretKit", "SSHProtocolKit", "Common"],
+            dependencies: ["SecretKit"],
            resources: [localization],
            swiftSettings: swiftSettings,
        ),
@@ -71,26 +65,9 @@ let package = Package(
            name: "SecretAgentKitTests",
            dependencies: ["SecretAgentKit"],
        ),
-        .target(
-            name: "SSHProtocolKit",
-            dependencies: ["SecretKit"],
-            resources: [localization],
-            swiftSettings: swiftSettings,
-        ),
-        .testTarget(
-            name: "SSHProtocolKitTests",
-            dependencies: ["SSHProtocolKit"],
-            swiftSettings: swiftSettings,
-        ),
-        .target(
-            name: "Common",
-            dependencies: ["SSHProtocolKit", "SecretKit"],
-            resources: [localization],
-            swiftSettings: swiftSettings,
-        ),
        .target(
            name: "Brief",
-            dependencies: ["XPCWrappers", "SSHProtocolKit"],
+            dependencies: ["XPCWrappers"],
            resources: [localization],
            swiftSettings: swiftSettings,
        ),
--- a/Sources/Packages/Resources/Localizable.xcstrings
+++ b/Sources/Packages/Resources/Localizable.xcstrings
--- a/Sources/Packages/Sources/Brief/Release.swift
+++ b/Sources/Packages/Sources/Brief/Release.swift
@@ -1,8 +1,7 @@
 import Foundation
-import SwiftUI

 /// A release is a representation of a downloadable update.
-public struct Release: Codable, Sendable, Hashable {
+public struct Release: Codable, Sendable {

    /// The user-facing name of the release. Typically "Secretive 1.2.3"
    public let name: String
@@ -16,8 +15,6 @@ public struct Release: Codable, Sendable, Hashable {
    /// A user-facing description of the contents of the update.
    public let body: String

-    public let attributedBody: AttributedString
-
    /// Initializes a Release.
    /// - Parameters:
    ///   - name: The user-facing name of the release.
@@ -29,56 +26,6 @@ public struct Release: Codable, Sendable, Hashable {
        self.prerelease = prerelease
        self.html_url = html_url
        self.body = body
-        self.attributedBody = AttributedString(_markdown: body)
-    }
-
-    public init(_ release: GitHubRelease) {
-        self.name = release.name
-        self.prerelease = release.prerelease
-        self.html_url = release.html_url
-        self.body = release.body
-        self.attributedBody = AttributedString(_markdown: release.body)
-    }
-
-}
-
-public struct GitHubRelease: Codable, Sendable {
-    let name: String
-    let prerelease: Bool
-    let html_url: URL
-    let body: String
-}
-
-fileprivate extension AttributedString {
-
-    init(_markdown markdown: String) {
-        let split = markdown.split(whereSeparator: \.isNewline)
-        let lines = split
-            .compactMap {
-                try? AttributedString(markdown: String($0), options: .init(allowsExtendedAttributes: true, interpretedSyntax: .full))
-            }
-            .map { (string: AttributedString) in
-                guard case let .header(level) = string.runs.first?.presentationIntent?.components.first?.kind else { return string }
-                return AttributedString("\n") + string
-                    .transformingAttributes(\.font) { font in
-                        font.value = switch level {
-                        case 2: .headline.bold()
-                        case 3: .headline
-                        default: .subheadline
-                        }
-                    }
-                    .transformingAttributes(\.underlineStyle) { underline in
-                        underline.value = switch level {
-                        case 2: .single
-                        default: .none
-                        }
-                    }
-                + AttributedString("\n")
-            }
-        self = lines.reduce(into: AttributedString()) { partialResult, next in
-            partialResult.append(next)
-            partialResult.append(AttributedString("\n"))
-        }
    }

 }
--- a/Sources/Packages/Sources/Common/URLs.swift
+++ b/Sources/Packages/Sources/Common/URLs.swift
@@ -1,46 +0,0 @@
-import Foundation
-import SSHProtocolKit
-import SecretKit
-
-extension URL {
-
-    public static var agentHomeURL: URL {
-        URL(fileURLWithPath: URL.homeDirectory.path().replacingOccurrences(of: Bundle.hostBundleID, with: Bundle.agentBundleID))
-    }
-
-    public static var socketPath: String {
-        #if DEBUG
-        URL.agentHomeURL.appendingPathComponent("socket-debug.ssh").path()
-        #else
-        URL.agentHomeURL.appendingPathComponent("socket.ssh").path()
-        #endif
-    }
-
-    public static var publicKeyDirectory: URL {
-        agentHomeURL.appending(component: "PublicKeys")
-    }
-
-    /// The path for a Secret's public key.
-    /// - Parameter secret: The Secret to return the path for.
-    /// - Returns: The path to the Secret's public key.
-    /// - Warning: This method returning a path does not imply that a key has been written to disk already. This method only describes where it will be written to.
-    public static func publicKeyPath<SecretType: Secret>(for secret: SecretType, in directory: URL) -> String {
-        let keyWriter = OpenSSHPublicKeyWriter()
-        let minimalHex = keyWriter.openSSHMD5Fingerprint(secret: secret).replacingOccurrences(of: ":", with: "")
-        return directory.appending(component: "\(minimalHex).pub").path()
-    }
-
-}
-
-extension String {
-
-    public var normalizedPathAndFolder: (String, String) {
-        // All foundation-based normalization methods replace this with the container directly.
-        let processedPath = replacingOccurrences(of: "~", with: "/Users/\(NSUserName())")
-        let url = URL(filePath: processedPath)
-        let folder = url.deletingLastPathComponent().path()
-        return (processedPath, folder)
-    }
-
-}
-
--- a/Sources/Packages/Sources/SSHProtocolKit/Data+Hex.swift
+++ b/Sources/Packages/Sources/SSHProtocolKit/Data+Hex.swift
@@ -1,37 +0,0 @@
-import Foundation
-import CryptoKit
-
-public struct HexDataStyle<SequenceType: Sequence>: Hashable, Codable {
-
-    let separator: String
-
-    public init(separator: String) {
-        self.separator = separator
-    }
-
-}
-
-extension HexDataStyle: FormatStyle where SequenceType.Element == UInt8 {
-
-    public func format(_ value: SequenceType) -> String {
-        value
-            .compactMap { ("0" + String($0, radix: 16, uppercase: false)).suffix(2) }
-            .joined(separator: separator)
-    }
-
-}
-
-extension FormatStyle where Self == HexDataStyle<Data> {
-
-    public static func hex(separator: String = "") -> HexDataStyle<Data> {
-        HexDataStyle(separator: separator)
-    }
-
-}
-extension FormatStyle where Self == HexDataStyle<Insecure.MD5Digest> {
-
-    public static func hex(separator: String = ":") -> HexDataStyle<Insecure.MD5Digest> {
-        HexDataStyle(separator: separator)
-    }
-
-}
--- a/Sources/Packages/Sources/SecretAgentKit/Agent.swift
+++ b/Sources/Packages/Sources/SecretAgentKit/Agent.swift
@@ -3,7 +3,6 @@ import CryptoKit
 import OSLog
 import SecretKit
 import AppKit
-import SSHProtocolKit

 /// The `Agent` is an implementation of an SSH agent. It manages coordination and access between a socket, traces requests, notifies witnesses and passes requests to stores.
 public final class Agent: Sendable {
@@ -48,7 +47,6 @@ extension Agent {
                logger.debug("Agent returned \(SSHAgent.Response.agentSignResponse.debugDescription)")
            case .unknown(let value):
                logger.error("Agent received unknown request of type \(value).")
-                throw UnhandledRequestError()
            default:
                logger.debug("Agent received valid request of type \(request.debugDescription), but not currently supported.")
                throw UnhandledRequestError()
--- a/Sources/Packages/Sources/SecretAgentKit/OpenSSHCertificateHandler.swift
+++ b/Sources/Packages/Sources/SecretAgentKit/OpenSSHCertificateHandler.swift
@@ -1,12 +1,11 @@
 import Foundation
 import OSLog
 import SecretKit
-import SSHProtocolKit

 /// Manages storage and lookup for OpenSSH certificates.
 public actor OpenSSHCertificateHandler: Sendable {

-    private let publicKeyFileStoreController = PublicKeyFileStoreController(directory: URL.publicKeyDirectory)
+    private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: URL.homeDirectory)
    private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent", category: "OpenSSHCertificateHandler")
    private let writer = OpenSSHPublicKeyWriter()
    private var keyBlobsAndNames: [AnySecret: (Data, Data)] = [:]
--- a/Sources/Packages/Sources/SecretAgentKit/OpenSSHReader.swift
+++ b/Sources/Packages/Sources/SecretAgentKit/OpenSSHReader.swift
@@ -1,49 +1,42 @@
 import Foundation

 /// Reads OpenSSH protocol data.
-public final class OpenSSHReader {
+final class OpenSSHReader {

    var remaining: Data
-    var done = false

    /// Initialize the reader with an OpenSSH data payload.
    /// - Parameter data: The data to read.
-    public init(data: Data) {
+    init(data: Data) {
        remaining = Data(data)
    }

    /// Reads the next chunk of data from the playload.
    /// - Returns: The next chunk of data.
-    public func readNextChunk(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> Data {
-        let length = try readNextBytes(as: UInt32.self, convertEndianness: convertEndianness)
+    func readNextChunk(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> Data {
+        let littleEndianLength = try readNextBytes(as: UInt32.self)
+        let length = convertEndianness ? Int(littleEndianLength.bigEndian) : Int(littleEndianLength)
        guard remaining.count >= length else { throw .beyondBounds }
-        let dataRange = 0..<Int(length)
+        let dataRange = 0..<length
        let ret = Data(remaining[dataRange])
        remaining.removeSubrange(dataRange)
-        if remaining.isEmpty {
-            done = true
-        }
        return ret
    }

-    public func readNextBytes<T: FixedWidthInteger>(as: T.Type, convertEndianness: Bool = true) throws(OpenSSHReaderError) -> T {
+    func readNextBytes<T>(as: T.Type) throws(OpenSSHReaderError) -> T {
        let size = MemoryLayout<T>.size
        guard remaining.count >= size else { throw .beyondBounds }
        let lengthRange = 0..<size
        let lengthChunk = remaining[lengthRange]
        remaining.removeSubrange(lengthRange)
-        if remaining.isEmpty {
-            done = true
-        }
-        let value = unsafe lengthChunk.bytes.unsafeLoad(as: T.self)
-        return convertEndianness ? T(value.bigEndian) : T(value)
+        return unsafe lengthChunk.bytes.unsafeLoad(as: T.self)
    }

-    public func readNextChunkAsString(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> String {
+    func readNextChunkAsString(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> String {
        try String(decoding: readNextChunk(convertEndianness: convertEndianness), as: UTF8.self)
    }

-    public func readNextChunkAsSubReader(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> OpenSSHReader {
+    func readNextChunkAsSubReader(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> OpenSSHReader {
        OpenSSHReader(data: try readNextChunk(convertEndianness: convertEndianness))
    }

--- a/Sources/Packages/Sources/SecretAgentKit/SSHAgentInputParser.swift
+++ b/Sources/Packages/Sources/SecretAgentKit/SSHAgentInputParser.swift
@@ -1,12 +1,11 @@
 import Foundation
 import OSLog
 import SecretKit
-import SSHProtocolKit

 public protocol SSHAgentInputParserProtocol {

    func parse(data: Data) async throws -> SSHAgent.Request
-
+    
 }

 public struct SSHAgentInputParser: SSHAgentInputParserProtocol {
@@ -14,7 +13,7 @@ public struct SSHAgentInputParser: SSHAgentInputParserProtocol {
    private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent", category: "InputParser")

    public init() {
-
+        
    }

    public func parse(data: Data) throws(AgentParsingError) -> SSHAgent.Request {
--- a/Sources/Packages/Sources/SecretAgentKit/SSHAgentProtocol.swift
+++ b/Sources/Packages/Sources/SecretAgentKit/SSHAgentProtocol.swift
--- a/Sources/Packages/Sources/SecretAgentKit/SigningRequestTracer.swift
+++ b/Sources/Packages/Sources/SecretAgentKit/SigningRequestTracer.swift
@@ -36,7 +36,7 @@ extension SigningRequestTracer {
    /// - Parameter pid: The process ID to look up.
    /// - Returns: A ``SecretKit.SigningRequestProvenance.Process`` describing the process.
    func process(from pid: Int32) -> SigningRequestProvenance.Process {
-        var pidAndNameInfo = unsafe self.pidAndNameInfo(from: pid)
+        var pidAndNameInfo = self.pidAndNameInfo(from: pid)
        let ppid = unsafe pidAndNameInfo.kp_eproc.e_ppid != 0 ? pidAndNameInfo.kp_eproc.e_ppid : nil
        let procName = unsafe withUnsafeMutablePointer(to: &pidAndNameInfo.kp_proc.p_comm.0) { pointer in
            unsafe String(cString: pointer)
--- a/Sources/Packages/Sources/SecretAgentKit/SocketController.swift
+++ b/Sources/Packages/Sources/SecretAgentKit/SocketController.swift
@@ -36,21 +36,16 @@ public struct SocketController {
        logger.debug("Socket controller path is clear")
        port = SocketPort(path: path)
        fileHandle = FileHandle(fileDescriptor: port.socket, closeOnDealloc: true)
-        Task { @MainActor [fileHandle, sessionsContinuation, logger] in
-            // Create the sequence before triggering the notification to
-            // ensure it will not be missed.
-            let connectionAcceptedNotifications = NotificationCenter.default.notifications(named: .NSFileHandleConnectionAccepted)
-
-            fileHandle.acceptConnectionInBackgroundAndNotify()
-
-            for await notification in connectionAcceptedNotifications {
+        Task { [fileHandle, sessionsContinuation, logger] in
+            for await notification in NotificationCenter.default.notifications(named: .NSFileHandleConnectionAccepted) {
                logger.debug("Socket controller accepted connection")
                guard let new = notification.userInfo?[NSFileHandleNotificationFileHandleItem] as? FileHandle else { continue }
                let session = Session(fileHandle: new)
                sessionsContinuation.yield(session)
-                fileHandle.acceptConnectionInBackgroundAndNotify()
+                await fileHandle.acceptConnectionInBackgroundAndNotifyOnMainActor()
            }
        }
+        fileHandle.acceptConnectionInBackgroundAndNotify(forModes: [RunLoop.Mode.common])
        logger.debug("Socket listening at \(path)")
    }

@@ -82,14 +77,8 @@ extension SocketController {
            self.fileHandle = fileHandle
            provenance = SigningRequestTracer().provenance(from: fileHandle)
            (messages, messagesContinuation) = AsyncStream.makeStream()
-            Task { @MainActor [messagesContinuation, logger] in
-                // Create the sequence before triggering the notification to
-                // ensure it will not be missed.
-                let dataAvailableNotifications = NotificationCenter.default.notifications(named: .NSFileHandleDataAvailable, object: fileHandle)
-
-                fileHandle.waitForDataInBackgroundAndNotify()
-
-                for await _ in dataAvailableNotifications {
+            Task { [messagesContinuation, logger] in
+                for await _ in NotificationCenter.default.notifications(named: .NSFileHandleDataAvailable, object: fileHandle) {
                    let data = fileHandle.availableData
                    guard !data.isEmpty else {
                        logger.debug("Socket controller received empty data, ending continuation.")
@@ -101,13 +90,16 @@ extension SocketController {
                    logger.debug("Socket controller yielded data.")
                }
            }
+            Task {
+                await fileHandle.waitForDataInBackgroundAndNotifyOnMainActor()
+            }
        }
        
        /// Writes new data to the socket.
        /// - Parameter data: The data to write.
-        @MainActor public func write(_ data: Data) throws {
-          try fileHandle.write(contentsOf: data)
-          fileHandle.waitForDataInBackgroundAndNotify()
+        public func write(_ data: Data) async throws {
+            try fileHandle.write(contentsOf: data)
+            await fileHandle.waitForDataInBackgroundAndNotifyOnMainActor()
        }
        
        /// Closes the socket and cleans up resources.
@@ -121,6 +113,22 @@ extension SocketController {

 }

+private extension FileHandle {
+
+    /// Ensures waitForDataInBackgroundAndNotify will be called on the main actor.
+    @MainActor func waitForDataInBackgroundAndNotifyOnMainActor() {
+        waitForDataInBackgroundAndNotify()
+    }
+
+
+    /// Ensures acceptConnectionInBackgroundAndNotify will be called on the main actor.
+    /// - Parameter modes: the runloop modes to use.
+    @MainActor func acceptConnectionInBackgroundAndNotifyOnMainActor(forModes modes: [RunLoop.Mode]? = [RunLoop.Mode.common]) {
+        acceptConnectionInBackgroundAndNotify(forModes: modes)
+    }
+
+}
+
 private extension SocketPort {

    convenience init(path: String) {
--- a/Sources/Packages/Sources/SecretKit/Convenience/PersistentAuthenticationHandler.swift
+++ b/Sources/Packages/Sources/SecretKit/Convenience/PersistentAuthenticationHandler.swift
@@ -1,69 +0,0 @@
-import LocalAuthentication
-
-/// A context describing a persisted authentication.
-package final class PersistentAuthenticationContext<SecretType: Secret>: PersistedAuthenticationContext {
-
-    /// The Secret to persist authentication for.
-    let secret: SecretType
-    /// The LAContext used to authorize the persistent context.
-    package nonisolated(unsafe) let context: LAContext
-    /// An expiration date for the context.
-    /// - Note -  Monotonic time instead of Date() to prevent people setting the clock back.
-    let monotonicExpiration: UInt64
-
-    /// Initializes a context.
-    /// - Parameters:
-    ///   - secret: The Secret to persist authentication for.
-    ///   - context: The LAContext used to authorize the persistent context.
-    ///   - duration: The duration of the authorization context, in seconds.
-    init(secret: SecretType, context: LAContext, duration: TimeInterval) {
-        self.secret = secret
-        unsafe self.context = context
-        let durationInNanoSeconds = Measurement(value: duration, unit: UnitDuration.seconds).converted(to: .nanoseconds).value
-        self.monotonicExpiration = clock_gettime_nsec_np(CLOCK_MONOTONIC) + UInt64(durationInNanoSeconds)
-    }
-
-    /// A boolean describing whether or not the context is still valid.
-    package var valid: Bool {
-        clock_gettime_nsec_np(CLOCK_MONOTONIC) < monotonicExpiration
-    }
-
-    package var expiration: Date {
-        let remainingNanoseconds = monotonicExpiration - clock_gettime_nsec_np(CLOCK_MONOTONIC)
-        let remainingInSeconds = Measurement(value: Double(remainingNanoseconds), unit: UnitDuration.nanoseconds).converted(to: .seconds).value
-        return Date(timeIntervalSinceNow: remainingInSeconds)
-    }
-}
-
-package actor PersistentAuthenticationHandler<SecretType: Secret>: Sendable {
-
-    private var persistedAuthenticationContexts: [SecretType: PersistentAuthenticationContext<SecretType>] = [:]
-
-    package init() {
-    }
-
-    package func existingPersistedAuthenticationContext(secret: SecretType) -> PersistentAuthenticationContext<SecretType>? {
-        guard let persisted = persistedAuthenticationContexts[secret], persisted.valid else { return nil }
-        return persisted
-    }
-
-    package func persistAuthentication(secret: SecretType, forDuration duration: TimeInterval) async throws {
-        let newContext = LAContext()
-        newContext.touchIDAuthenticationAllowableReuseDuration = duration
-        newContext.localizedCancelTitle = String(localized: .authContextRequestDenyButton)
-
-        let formatter = DateComponentsFormatter()
-        formatter.unitsStyle = .spellOut
-        formatter.allowedUnits = [.hour, .minute, .day]
-
-
-        let durationString = formatter.string(from: duration)!
-        newContext.localizedReason = String(localized: .authContextPersistForDuration(secretName: secret.name, duration: durationString))
-        let success = try await newContext.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: newContext.localizedReason)
-        guard success else { return }
-        let context = PersistentAuthenticationContext(secret: secret, context: newContext, duration: duration)
-        persistedAuthenticationContexts[secret] = context
-    }
-
-}
-
--- a/Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift
+++ b/Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift
@@ -64,7 +64,7 @@ public final class AnySecretStoreModifiable: AnySecretStore, SecretStoreModifiab
    private let _create: @Sendable (String, Attributes) async throws -> AnySecret
    private let _delete: @Sendable (AnySecret) async throws -> Void
    private let _update: @Sendable (AnySecret, String, Attributes) async throws -> Void
-    private let _supportedKeyTypes: @Sendable () -> KeyAvailability
+    private let _supportedKeyTypes: @Sendable () -> [KeyType]

    public init<SecretStoreType>(_ secretStore: SecretStoreType) where SecretStoreType: SecretStoreModifiable {
        _create = { AnySecret(try await secretStore.create(name: $0, attributes: $1)) }
@@ -87,7 +87,7 @@ public final class AnySecretStoreModifiable: AnySecretStore, SecretStoreModifiab
        try await _update(secret, name, attributes)
    }

-    public var supportedKeyTypes: KeyAvailability {
+    public var supportedKeyTypes: [KeyType] {
        _supportedKeyTypes()
    }

--- a/Sources/Packages/Sources/SecretKit/OpenSSH/LengthAndData.swift
+++ b/Sources/Packages/Sources/SecretKit/OpenSSH/LengthAndData.swift
--- a/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHPublicKeyWriter.swift
+++ b/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHPublicKeyWriter.swift
@@ -1,6 +1,5 @@
 import Foundation
 import CryptoKit
-import SecretKit

 /// Generates OpenSSH representations of the public key sof secrets.
 public struct OpenSSHPublicKeyWriter: Sendable {
@@ -50,7 +49,9 @@ public struct OpenSSHPublicKeyWriter: Sendable {
    /// Generates an OpenSSH MD5 fingerprint string.
    /// - Returns: OpenSSH MD5 fingerprint string.
    public func openSSHMD5Fingerprint<SecretType: Secret>(secret: SecretType) -> String {
-        Insecure.MD5.hash(data: data(secret: secret)).formatted(.hex(separator: ":"))
+        Insecure.MD5.hash(data: data(secret: secret))
+            .compactMap { ("0" + String($0, radix: 16, uppercase: false)).suffix(2) }
+            .joined(separator: ":")
    }

    public func comment<SecretType: Secret>(secret: SecretType) -> String {
--- a/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHSignatureWriter.swift
+++ b/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHSignatureWriter.swift
@@ -1,6 +1,5 @@
 import Foundation
 import CryptoKit
-import SecretKit

 /// Generates OpenSSH representations of Secrets.
 public struct OpenSSHSignatureWriter: Sendable {
@@ -30,28 +29,19 @@ public struct OpenSSHSignatureWriter: Sendable {

 extension OpenSSHSignatureWriter {

-    /// Converts a fixed-width big-endian integer (e.g. r/s from CryptoKit rawRepresentation) into an SSH mpint.
-    /// Strips unnecessary leading zeros and prefixes `0x00` if needed to keep the value positive.
-    private func mpint(fromFixedWidthPositiveBytes bytes: Data) -> Data {
-        // mpint zero is encoded as a string with zero bytes of data.
-        guard let firstNonZeroIndex = bytes.firstIndex(where: { $0 != 0x00 }) else {
-            return Data()
-        }
-
-        let trimmed = Data(bytes[firstNonZeroIndex...])
-
-        if let first = trimmed.first, first >= 0x80 {
-            var prefixed = Data([0x00])
-            prefixed.append(trimmed)
-            return prefixed
-        }
-        return trimmed
-    }
-
    func ecdsaSignature(_ rawRepresentation: Data, keyType: KeyType) -> Data {
        let rawLength = rawRepresentation.count/2
-        let r = mpint(fromFixedWidthPositiveBytes: Data(rawRepresentation[0..<rawLength]))
-        let s = mpint(fromFixedWidthPositiveBytes: Data(rawRepresentation[rawLength...]))
+        // Check if we need to pad with 0x00 to prevent certain
+        // ssh servers from thinking r or s is negative
+        let paddingRange: ClosedRange<UInt8> = 0x80...0xFF
+        var r = Data(rawRepresentation[0..<rawLength])
+        if paddingRange ~= r.first! {
+            r.insert(0x00, at: 0)
+        }
+        var s = Data(rawRepresentation[rawLength...])
+        if paddingRange ~= s.first! {
+            s.insert(0x00, at: 0)
+        }

        var signatureChunk = Data()
        signatureChunk.append(r.lengthAndData)
--- a/Sources/Packages/Sources/SecretAgentKit/PublicKeyStandinFileController.swift
+++ b/Sources/Packages/Sources/SecretAgentKit/PublicKeyStandinFileController.swift
@@ -1,8 +1,5 @@
 import Foundation
 import OSLog
-import SecretKit
-import SSHProtocolKit
-import Common

 /// Controller responsible for writing public keys to disk, so that they're easily accessible by scripts.
 public final class PublicKeyFileStoreController: Sendable {
@@ -12,8 +9,8 @@ public final class PublicKeyFileStoreController: Sendable {
    private let keyWriter = OpenSSHPublicKeyWriter()

    /// Initializes a PublicKeyFileStoreController.
-    public init(directory: URL) {
-        self.directory = directory
+    public init(homeDirectory: URL) {
+        directory = homeDirectory.appending(component: "PublicKeys")
    }

    /// Writes out the keys specified to disk.
@@ -22,10 +19,9 @@ public final class PublicKeyFileStoreController: Sendable {
    public func generatePublicKeys(for secrets: [AnySecret], clear: Bool = false) throws {
        logger.log("Writing public keys to disk")
        if clear {
-            let validPaths = Set(secrets.map { URL.publicKeyPath(for: $0, in: directory) })
-                .union(Set(secrets.map { sshCertificatePath(for: $0) }))
+            let validPaths = Set(secrets.map { publicKeyPath(for: $0) }).union(Set(secrets.map { sshCertificatePath(for: $0) }))
            let contentsOfDirectory = (try? FileManager.default.contentsOfDirectory(atPath: directory.path())) ?? []
-            let fullPathContents = contentsOfDirectory.map { directory.appending(path: $0).path() }
+            let fullPathContents = contentsOfDirectory.map { "\(directory)/\($0)" }

            let untracked = Set(fullPathContents)
                .subtracting(validPaths)
@@ -36,13 +32,21 @@ public final class PublicKeyFileStoreController: Sendable {
        }
        try? FileManager.default.createDirectory(at: directory, withIntermediateDirectories: false, attributes: nil)
        for secret in secrets {
-            let path = URL.publicKeyPath(for: secret, in: directory)
+            let path = publicKeyPath(for: secret)
            let data = Data(keyWriter.openSSHString(secret: secret).utf8)
            FileManager.default.createFile(atPath: path, contents: data, attributes: nil)
        }
        logger.log("Finished writing public keys")
    }

+    /// The path for a Secret's public key.
+    /// - Parameter secret: The Secret to return the path for.
+    /// - Returns: The path to the Secret's public key.
+    /// - Warning: This method returning a path does not imply that a key has been written to disk already. This method only describes where it will be written to.
+    public func publicKeyPath<SecretType: Secret>(for secret: SecretType) -> String {
+        let minimalHex = keyWriter.openSSHMD5Fingerprint(secret: secret).replacingOccurrences(of: ":", with: "")
+        return directory.appending(component: "\(minimalHex).pub").path()
+    }

    /// Short-circuit check to ship enumerating a bunch of paths if there's nothing in the cert directory.
    public var hasAnyCertificates: Bool {
--- a/Sources/Packages/Sources/SecretKit/Types/SecretStore.swift
+++ b/Sources/Packages/Sources/SecretKit/Types/SecretStore.swift
@@ -62,37 +62,10 @@ public protocol SecretStoreModifiable<SecretType>: SecretStore {
    ///   - attributes: The new attributes for the secret.
    func update(secret: SecretType, name: String, attributes: Attributes) async throws

-    var supportedKeyTypes: KeyAvailability { get }
+    var supportedKeyTypes: [KeyType] { get }

 }

-public struct KeyAvailability: Sendable {
-
-    public let available: [KeyType]
-    public let unavailable: [UnavailableKeyType]
-
-    public init(available: [KeyType], unavailable: [UnavailableKeyType]) {
-        self.available = available
-        self.unavailable = unavailable
-    }
-
-    public struct UnavailableKeyType: Sendable {
-        public let keyType: KeyType
-        public let reason: Reason
-
-        public init(keyType: KeyType, reason: Reason) {
-            self.keyType = keyType
-            self.reason = reason
-        }
-
-        public enum Reason: Sendable {
-            case macOSUpdateRequired
-        }
-    }
-
-}
-
-
 extension NSNotification.Name {

    // Distributed notification that keys were modified out of process (ie, that the management tool added/removed secrets)
--- a/Sources/Packages/Sources/SecureEnclaveSecretKit/CryptoKitMigrator.swift
+++ b/Sources/Packages/Sources/SecureEnclaveSecretKit/CryptoKitMigrator.swift
@@ -50,16 +50,16 @@ extension SecureEnclave {
                    let secret = Secret(id: UUID().uuidString, name: name, publicKey: parsed.publicKey.x963Representation, attributes: Attributes(keyType: .init(algorithm: .ecdsa, size: 256), authentication: auth))
                    guard !migratedPublicKeys.contains(parsed.publicKey.x963Representation) else {
                        logger.log("Skipping \(name), public key already present. Marking as migrated.")
-                        markMigrated(secret: secret, oldID: id)
+                        try markMigrated(secret: secret, oldID: id)
                        continue
                    }
                    logger.log("Migrating \(name).")
                    try store.saveKey(tokenObjectID, name: name, attributes: secret.attributes)
                    logger.log("Migrated \(name).")
-                    markMigrated(secret: secret, oldID: id)
+                    try markMigrated(secret: secret, oldID: id)
                    migratedAny = true
                } catch {
-                    logger.error("Failed to migrate \(name): \(error.localizedDescription).")
+                    logger.error("Failed to migrate \(name): \(error).")
                }
            }
            if migratedAny {
@@ -69,10 +69,10 @@ extension SecureEnclave {



-        public func markMigrated(secret: Secret, oldID: Data) {
+        public func markMigrated(secret: Secret, oldID: Data) throws {
            let updateQuery = KeychainDictionary([
                kSecClass: kSecClassKey,
-                kSecAttrApplicationLabel: oldID
+                kSecAttrApplicationLabel: secret.id
            ])

            let newID = oldID + Constants.migrationMagicNumber
@@ -82,7 +82,7 @@ extension SecureEnclave {

            let status = SecItemUpdate(updateQuery, updatedAttributes)
            if status != errSecSuccess {
-                logger.warning("Failed to mark \(secret.name) as migrated: \(status).")
+                throw KeychainError(statusCode: status)
            }
        }

--- a/Sources/Packages/Sources/SecureEnclaveSecretKit/PersistentAuthenticationHandler.swift
+++ b/Sources/Packages/Sources/SecureEnclaveSecretKit/PersistentAuthenticationHandler.swift
@@ -0,0 +1,70 @@
+import LocalAuthentication
+import SecretKit
+
+extension SecureEnclave {
+
+    /// A context describing a persisted authentication.
+    final class PersistentAuthenticationContext: PersistedAuthenticationContext {
+
+        /// The Secret to persist authentication for.
+        let secret: Secret
+        /// The LAContext used to authorize the persistent context.
+        nonisolated(unsafe) let context: LAContext
+        /// An expiration date for the context.
+        /// - Note -  Monotonic time instead of Date() to prevent people setting the clock back.
+        let monotonicExpiration: UInt64
+
+        /// Initializes a context.
+        /// - Parameters:
+        ///   - secret: The Secret to persist authentication for.
+        ///   - context: The LAContext used to authorize the persistent context.
+        ///   - duration: The duration of the authorization context, in seconds.
+        init(secret: Secret, context: LAContext, duration: TimeInterval) {
+            self.secret = secret
+            unsafe self.context = context
+            let durationInNanoSeconds = Measurement(value: duration, unit: UnitDuration.seconds).converted(to: .nanoseconds).value
+            self.monotonicExpiration = clock_gettime_nsec_np(CLOCK_MONOTONIC) + UInt64(durationInNanoSeconds)
+        }
+
+        /// A boolean describing whether or not the context is still valid.
+        var valid: Bool {
+            clock_gettime_nsec_np(CLOCK_MONOTONIC) < monotonicExpiration
+        }
+
+        var expiration: Date {
+            let remainingNanoseconds = monotonicExpiration - clock_gettime_nsec_np(CLOCK_MONOTONIC)
+            let remainingInSeconds = Measurement(value: Double(remainingNanoseconds), unit: UnitDuration.nanoseconds).converted(to: .seconds).value
+            return Date(timeIntervalSinceNow: remainingInSeconds)
+        }
+    }
+
+    actor PersistentAuthenticationHandler: Sendable {
+
+        private var persistedAuthenticationContexts: [Secret: PersistentAuthenticationContext] = [:]
+
+        func existingPersistedAuthenticationContext(secret: Secret) -> PersistentAuthenticationContext? {
+            guard let persisted = persistedAuthenticationContexts[secret], persisted.valid else { return nil }
+            return persisted
+        }
+
+        func persistAuthentication(secret: Secret, forDuration duration: TimeInterval) async throws {
+            let newContext = LAContext()
+            newContext.touchIDAuthenticationAllowableReuseDuration = duration
+            newContext.localizedCancelTitle = String(localized: .authContextRequestDenyButton)
+
+            let formatter = DateComponentsFormatter()
+            formatter.unitsStyle = .spellOut
+            formatter.allowedUnits = [.hour, .minute, .day]
+
+            
+            let durationString = formatter.string(from: duration)!
+            newContext.localizedReason = String(localized: .authContextPersistForDuration(secretName: secret.name, duration: durationString))
+            let success = try await newContext.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: newContext.localizedReason)
+            guard success else { return }
+            let context = PersistentAuthenticationContext(secret: secret, context: newContext, duration: duration)
+            persistedAuthenticationContexts[secret] = context
+        }
+
+    }
+
+}
--- a/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
+++ b/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
@@ -17,7 +17,7 @@ extension SecureEnclave {
        }
        public let id = UUID()
        public let name = String(localized: .secureEnclave)
-        private let persistentAuthenticationHandler = PersistentAuthenticationHandler<Secret>()
+        private let persistentAuthenticationHandler = PersistentAuthenticationHandler()

        /// Initializes a Store.
        @MainActor public init() {
@@ -186,22 +186,17 @@ extension SecureEnclave {
            await reloadSecrets()
        }
        
-        public let supportedKeyTypes: KeyAvailability = {
-            let macOS26Keys: [KeyType] = [.mldsa65, .mldsa87]
-            let isAtLeastMacOS26 = if #available(macOS 26, *) {
-                true
-            } else {
-                false
-            }
-            return KeyAvailability(
-                available: [
+        public var supportedKeyTypes: [KeyType] {
+            if #available(macOS 26, *) {
+                [
                    .ecdsa256,
-                ] + (isAtLeastMacOS26 ? macOS26Keys : []),
-                unavailable: (isAtLeastMacOS26 ? [] : macOS26Keys).map {
-                    KeyAvailability.UnavailableKeyType(keyType: $0, reason: .macOSUpdateRequired)
-                }
-            )
-        }()
+                    .mldsa65,
+                    .mldsa87,
+                ]
+            } else {
+                [.ecdsa256]
+            }
+        }
    }

 }
--- a/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift
+++ b/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift
@@ -34,7 +34,6 @@ extension SmartCard {
        public var secrets: [Secret] {
            state.secrets
        }
-        private let persistentAuthenticationHandler = PersistentAuthenticationHandler<Secret>()

        /// Initializes a Store.
        public init() {
@@ -59,15 +58,9 @@ extension SmartCard {

        public func sign(data: Data, with secret: Secret, for provenance: SigningRequestProvenance) async throws -> Data {
            guard let tokenID = await state.tokenID else { fatalError() }
-            var context: LAContext
-            if let existing = await persistentAuthenticationHandler.existingPersistedAuthenticationContext(secret: secret) {
-                context = unsafe existing.context
-            } else {
-                let newContext = LAContext()
-                newContext.localizedReason = String(localized: .authContextRequestSignatureDescription(appName: provenance.origin.displayName, secretName: secret.name))
-                newContext.localizedCancelTitle = String(localized: .authContextRequestDenyButton)
-                context = newContext
-            }
+            let context = LAContext()
+            context.localizedReason = String(localized: .authContextRequestSignatureDescription(appName: provenance.origin.displayName, secretName: secret.name))
+            context.localizedCancelTitle = String(localized: .authContextRequestDenyButton)
            let attributes = KeychainDictionary([
                kSecClass: kSecClassKey,
                kSecAttrKeyClass: kSecAttrKeyClassPrivate,
@@ -93,12 +86,11 @@ extension SmartCard {
            return signature as Data
        }
        
-        public func existingPersistedAuthenticationContext(secret: Secret) async -> PersistedAuthenticationContext? {
-            await persistentAuthenticationHandler.existingPersistedAuthenticationContext(secret: secret)
+        public func existingPersistedAuthenticationContext(secret: Secret) -> PersistedAuthenticationContext? {
+            nil
        }

-        public func persistAuthentication(secret: Secret, forDuration duration: TimeInterval) async throws {
-            try await persistentAuthenticationHandler.persistAuthentication(secret: secret, forDuration: duration)
+        public func persistAuthentication(secret: Secret, forDuration: TimeInterval) throws {
        }

        /// Reloads all secrets from the store.
@@ -171,7 +163,7 @@ extension SmartCard.Store {
            let publicKeySecRef = SecKeyCopyPublicKey(publicKeyRef)!
            let publicKeyAttributes = SecKeyCopyAttributes(publicKeySecRef) as! [CFString: Any]
            let publicKey = publicKeyAttributes[kSecValueData] as! Data
-            let attributes = Attributes(keyType: KeyType(secAttr: algorithmSecAttr, size: keySize)!, authentication: .presenceRequired)
+            let attributes = Attributes(keyType: KeyType(secAttr: algorithmSecAttr, size: keySize)!, authentication: .unknown)
            let secret = SmartCard.Secret(id: tokenID, name: name, publicKey: publicKey, attributes: attributes)
            guard signatureAlgorithm(for: secret) != nil else { return nil }
            return secret
--- a/Sources/Packages/Sources/XPCWrappers/TeamID.swift
+++ b/Sources/Packages/Sources/XPCWrappers/TeamID.swift
@@ -1,26 +0,0 @@
-import Foundation
-
-extension ProcessInfo {
-    private static let fallbackTeamID = "Z72PRUAWF6"
-
-    private static let teamID: String = {
-        #if DEBUG
-        guard let task = SecTaskCreateFromSelf(nil) else {
-            assertionFailure("SecTaskCreateFromSelf failed")
-            return fallbackTeamID
-        }
-
-        guard let value = SecTaskCopyValueForEntitlement(task, "com.apple.developer.team-identifier" as CFString, nil) as? String else {
-            assertionFailure("SecTaskCopyValueForEntitlement(com.apple.developer.team-identifier) failed")
-            return fallbackTeamID
-        }
-
-        return value
-        #else
-        /// Always use hardcoded team ID for release builds, just in case.
-        return fallbackTeamID
-        #endif
-    }()
-
-    public var teamID: String { Self.teamID }
-}
--- a/Sources/Packages/Sources/XPCWrappers/XPCServiceDelegate.swift
+++ b/Sources/Packages/Sources/XPCWrappers/XPCServiceDelegate.swift
@@ -12,7 +12,7 @@ public final class XPCServiceDelegate: NSObject, NSXPCListenerDelegate {
        newConnection.exportedInterface = NSXPCInterface(with: (any _XPCProtocol).self)
        let exportedObject = exportedObject
        newConnection.exportedObject = exportedObject
-        newConnection.setCodeSigningRequirement("anchor apple generic and certificate leaf[subject.OU] = \"\(ProcessInfo.processInfo.teamID)\"")
+        newConnection.setCodeSigningRequirement("anchor apple generic and certificate leaf[subject.OU] = Z72PRUAWF6")
        newConnection.resume()
        return true
    }
@@ -34,9 +34,7 @@ public final class XPCServiceDelegate: NSObject, NSXPCListenerDelegate {
                    if let error = error as? Codable & Error {
                        reply(nil, NSError(error))
                    } else {
-                        // Sending cast directly tries to serialize it and crashes XPCEncoder.
-                        let cast = error as NSError
-                        reply(nil, NSError(domain: cast.domain, code: cast.code, userInfo: [NSLocalizedDescriptionKey: error.localizedDescription]))
+                        reply(nil, error)
                    }
                }
            }
--- a/Sources/Packages/Sources/XPCWrappers/XPCTypedSession.swift
+++ b/Sources/Packages/Sources/XPCWrappers/XPCTypedSession.swift
@@ -8,7 +8,7 @@ public struct XPCTypedSession<ResponseType: Codable & Sendable, ErrorType: Error
    public init(serviceName: String, warmup: Bool = false) async throws {
        let connection = NSXPCConnection(serviceName: serviceName)
        connection.remoteObjectInterface = NSXPCInterface(with: (any _XPCProtocol).self)
-        connection.setCodeSigningRequirement("anchor apple generic and certificate leaf[subject.OU] = \"\(ProcessInfo.processInfo.teamID)\"")
+        connection.setCodeSigningRequirement("anchor apple generic and certificate leaf[subject.OU] = Z72PRUAWF6")
        connection.resume()
        guard let proxy = connection.remoteObjectProxy as? _XPCProtocol else { fatalError() }
        self.connection = connection
--- a/Sources/Packages/Tests/SSHProtocolKitTests/OpenSSHSignatureWriterTests.swift
+++ b/Sources/Packages/Tests/SSHProtocolKitTests/OpenSSHSignatureWriterTests.swift
@@ -1,83 +0,0 @@
-import Foundation
-import Testing
-import SSHProtocolKit
-@testable import SecretKit
-
-@Suite struct OpenSSHSignatureWriterTests {
-
-    private let writer = OpenSSHSignatureWriter()
-
-    @Test func ecdsaMpintStripsUnnecessaryLeadingZeros() throws {
-        let secret = Constants.ecdsa256Secret
-
-        // r has a leading 0x00 followed by 0x01 (< 0x80): the mpint must not keep the leading zero.
-        let rBytes: [UInt8] = [0x00] + (1...31).map { UInt8($0) }
-        let r = Data(rBytes)
-        // s has two leading 0x00 bytes followed by 0x7f (< 0x80): the mpint must not keep the leading zeros.
-        let sBytes: [UInt8] = [0x00, 0x00, 0x7f] + Array(repeating: UInt8(0x01), count: 29)
-        let s = Data(sBytes)
-        let rawRepresentation = r + s
-
-        let response = writer.data(secret: secret, signature: rawRepresentation)
-        let (parsedR, parsedS) = try parseEcdsaSignatureMpints(from: response)
-
-        #expect(parsedR == Data((1...31).map { UInt8($0) }))
-        #expect(parsedS == Data([0x7f] + Array(repeating: UInt8(0x01), count: 29)))
-    }
-
-    @Test func ecdsaMpintPrefixesZeroWhenHighBitSet() throws {
-        let secret = Constants.ecdsa256Secret
-
-        // r starts with 0x80 (high bit set): mpint must be prefixed with 0x00.
-        let r = Data([UInt8(0x80)] + Array(repeating: UInt8(0x01), count: 31))
-        let s = Data([UInt8(0x01)] + Array(repeating: UInt8(0x02), count: 31))
-        let rawRepresentation = r + s
-
-        let response = writer.data(secret: secret, signature: rawRepresentation)
-        let (parsedR, parsedS) = try parseEcdsaSignatureMpints(from: response)
-
-        #expect(parsedR == Data([0x00, 0x80] + Array(repeating: UInt8(0x01), count: 31)))
-        #expect(parsedS == Data([0x01] + Array(repeating: UInt8(0x02), count: 31)))
-    }
-
-}
-
-private extension OpenSSHSignatureWriterTests {
-
-    enum Constants {
-        static let ecdsa256Secret = TestSecret(
-            id: Data(),
-            name: "Test Key (ECDSA 256)",
-            publicKey: Data(repeating: 0x01, count: 65),
-            attributes: Attributes(
-                keyType: KeyType(algorithm: .ecdsa, size: 256),
-                authentication: .notRequired,
-                publicKeyAttribution: "test@example.com"
-            )
-        )
-    }
-
-    enum ParseError: Error {
-        case eof
-        case invalidAlgorithm
-    }
-
-    func parseEcdsaSignatureMpints(from openSSHSignedData: Data) throws -> (r: Data, s: Data) {
-        let reader = OpenSSHReader(data: openSSHSignedData)
-
-        // Prefix
-        _ = try reader.readNextBytes(as: UInt32.self)
-
-        let algorithm = try reader.readNextChunkAsString()
-        guard algorithm == "ecdsa-sha2-nistp256" else {
-            throw ParseError.invalidAlgorithm
-        }
-
-        let sigReader = try reader.readNextChunkAsSubReader()
-        let r = try sigReader.readNextChunk()
-        let s = try sigReader.readNextChunk()
-        return (r, s)
-    }
-
-}
-
--- a/Sources/Packages/Tests/SSHProtocolKitTests/TestSecret.swift
+++ b/Sources/Packages/Tests/SSHProtocolKitTests/TestSecret.swift
@@ -1,11 +0,0 @@
-import Foundation
-import SecretKit
-
-public struct TestSecret: SecretKit.Secret {
-    
-    public let id: Data
-    public let name: String
-    public let publicKey: Data
-    public var attributes: Attributes
-    
-}
--- a/Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift
+++ b/Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift
@@ -1,7 +1,6 @@
 import Foundation
 import Testing
 import CryptoKit
-@testable import SSHProtocolKit
@testable import SecretKit
@testable import SecretAgentKit

@@ -45,8 +44,8 @@ import CryptoKit
        let agent = Agent(storeList: list)
        let response = await agent.handle(request: request, provenance: .test)
        let responseReader = OpenSSHReader(data: response)
-        let length = try responseReader.readNextBytes(as: UInt32.self)
-        let type = try responseReader.readNextBytes(as: UInt8.self)
+        let length = try responseReader.readNextBytes(as: UInt32.self).bigEndian
+        let type = try responseReader.readNextBytes(as: UInt8.self).bigEndian
        #expect(length == response.count - MemoryLayout<UInt32>.size)
        #expect(type == SSHAgent.Response.agentSignResponse.rawValue)
        let outer = OpenSSHReader(data: responseReader.remaining)
--- a/Sources/Packages/Tests/SecretAgentKitTests/OpenSSHReaderTests.swift
+++ b/Sources/Packages/Tests/SecretAgentKitTests/OpenSSHReaderTests.swift
@@ -1,6 +1,8 @@
 import Foundation
 import Testing
-import SSHProtocolKit
+@testable import SecretAgentKit
+@testable import SecureEnclaveSecretKit
+@testable import SmartCardSecretKit

@Suite struct OpenSSHReaderTests {

--- a/Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift
+++ b/Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift
@@ -1,7 +1,6 @@
 import Foundation
 import SecretKit
 import CryptoKit
-import SSHProtocolKit

 struct Stub {}

--- a/Sources/Packages/Tests/SSHProtocolKitTests/OpenSSHPublicKeyWriterTests.swift
+++ b/Sources/Packages/Tests/SSHProtocolKitTests/OpenSSHPublicKeyWriterTests.swift
@@ -1,7 +1,8 @@
 import Foundation
 import Testing
@testable import SecretKit
-import SSHProtocolKit
+@testable import SecureEnclaveSecretKit
+@testable import SmartCardSecretKit

@Suite struct OpenSSHPublicKeyWriterTests {

@@ -46,8 +47,8 @@ import SSHProtocolKit
 extension OpenSSHPublicKeyWriterTests {

    enum Constants {
-        static let ecdsa256Secret =  TestSecret(id: Data(), name: "Test Key (ECDSA 256)", publicKey: Data(base64Encoded: "BOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo=")!, attributes: Attributes(keyType: KeyType(algorithm: .ecdsa, size: 256), authentication: .notRequired, publicKeyAttribution: "test@example.com"))
-        static let ecdsa384Secret = TestSecret(id: Data(), name: "Test Key (ECDSA 384)", publicKey: Data(base64Encoded: "BG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ==")!, attributes: Attributes(keyType: KeyType(algorithm: .ecdsa, size: 384), authentication: .notRequired, publicKeyAttribution: "test@example.com"))
+        static let ecdsa256Secret =  SmartCard.Secret(id: Data(), name: "Test Key (ECDSA 256)", publicKey: Data(base64Encoded: "BOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo=")!, attributes: Attributes(keyType: KeyType(algorithm: .ecdsa, size: 256), authentication: .notRequired, publicKeyAttribution: "test@example.com"))
+        static let ecdsa384Secret = SmartCard.Secret(id: Data(), name: "Test Key (ECDSA 384)", publicKey: Data(base64Encoded: "BG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ==")!, attributes: Attributes(keyType: KeyType(algorithm: .ecdsa, size: 384), authentication: .notRequired, publicKeyAttribution: "test@example.com"))

    }

--- a/Sources/SecretAgent/AppDelegate.swift
+++ b/Sources/SecretAgent/AppDelegate.swift
@@ -6,7 +6,6 @@ import SmartCardSecretKit
 import SecretAgentKit
 import Brief
 import Observation
-import Common

@main
 class AppDelegate: NSObject, NSApplicationDelegate {
@@ -22,12 +21,12 @@ class AppDelegate: NSObject, NSApplicationDelegate {
    }()
    private let updater = Updater(checkOnLaunch: true)
    private let notifier = Notifier()
-    private let publicKeyFileStoreController = PublicKeyFileStoreController(directory: URL.publicKeyDirectory)
+    private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: URL.homeDirectory)
    private lazy var agent: Agent = {
        Agent(storeList: storeList, witness: notifier)
    }()
    private lazy var socketController: SocketController = {
-        let path = URL.socketPath as String
+        let path = (NSHomeDirectory() as NSString).appendingPathComponent("socket.ssh") as String
        return SocketController(path: path)
    }()
    private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent", category: "AppDelegate")
@@ -35,14 +34,14 @@ class AppDelegate: NSObject, NSApplicationDelegate {
    func applicationDidFinishLaunching(_ aNotification: Notification) {
        logger.debug("SecretAgent finished launching")
        Task {
+            let inputParser = try await XPCAgentInputParser()
            for await session in socketController.sessions {
                Task {
-                    let inputParser = try await XPCAgentInputParser()
                    do {
                        for await message in session.messages {
                            let request = try await inputParser.parse(data: message)
                            let agentResponse = await agent.handle(request: request, provenance: session.provenance)
-                            try session.write(agentResponse)
+                            try await session.write(agentResponse)
                        }
                    } catch {
                        try session.close()
--- a/Sources/SecretAgent/Base.lproj/Main.storyboard
+++ b/Sources/SecretAgent/Base.lproj/Main.storyboard
--- a/Sources/SecretAgent/SecretAgent.entitlements
+++ b/Sources/SecretAgent/SecretAgent.entitlements
@@ -2,24 +2,8 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-	<key>com.apple.security.hardened-process</key>
-	<true/>
-	<key>com.apple.security.hardened-process.checked-allocations</key>
-	<true/>
-	<key>com.apple.security.hardened-process.checked-allocations.enable-pure-data</key>
-	<true/>
-	<key>com.apple.security.hardened-process.checked-allocations.no-tagged-receive</key>
-	<true/>
-	<key>com.apple.security.hardened-process.dyld-ro</key>
-	<true/>
-	<key>com.apple.security.hardened-process.enhanced-security-version-string</key>
-	<string>1</string>
-	<key>com.apple.security.hardened-process.hardened-heap</key>
-	<true/>
 	<key>com.apple.security.smartcard</key>
 	<true/>
-	<key>com.apple.security.hardened-process.platform-restrictions-string</key>
-	<string>2</string>
 	<key>keychain-access-groups</key>
 	<array>
 		<string>$(AppIdentifierPrefix)com.maxgoedjen.Secretive</string>
--- a/Sources/SecretAgent/XPCInputParser.swift
+++ b/Sources/SecretAgent/XPCInputParser.swift
@@ -2,25 +2,18 @@ import Foundation
 import SecretAgentKit
 import Brief
 import XPCWrappers
-import OSLog
-import SSHProtocolKit

 /// Delegates all agent input parsing to an XPC service which wraps OpenSSH
 public final class XPCAgentInputParser: SSHAgentInputParserProtocol {

-    private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent", category: "XPCAgentInputParser")
    private let session: XPCTypedSession<SSHAgent.Request, SSHAgentInputParser.AgentParsingError>

    public init() async throws {
-        logger.debug("Creating XPCAgentInputParser")
        session = try await XPCTypedSession(serviceName: "com.maxgoedjen.Secretive.SecretAgentInputParser", warmup: true)
-        logger.debug("XPCAgentInputParser is warmed up.")
    }

    public func parse(data: Data) async throws -> SSHAgent.Request {
-        logger.debug("Parsing input")
-        defer { logger.debug("Parsed input") }
-        return try await session.send(data)
+        try await session.send(data)
    }

    deinit {
--- a/Sources/SecretAgentInputParser/SecretAgentInputParser.entitlements
+++ b/Sources/SecretAgentInputParser/SecretAgentInputParser.entitlements
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>com.apple.security.hardened-process</key>
-	<true/>
-	<key>com.apple.security.hardened-process.checked-allocations</key>
-	<true/>
-	<key>com.apple.security.hardened-process.checked-allocations.enable-pure-data</key>
-	<true/>
-	<key>com.apple.security.hardened-process.checked-allocations.no-tagged-receive</key>
-	<true/>
-	<key>com.apple.security.hardened-process.dyld-ro</key>
-	<true/>
-	<key>com.apple.security.hardened-process.hardened-heap</key>
-	<true/>
-	<key>com.apple.security.hardened-process.enhanced-security-version-string</key>
-	<string>1</string>
-	<key>com.apple.security.hardened-process.platform-restrictions-string</key>
-	<string>2</string>
-</dict>
-</plist>
--- a/Sources/SecretAgentInputParser/SecretAgentInputParser.swift
+++ b/Sources/SecretAgentInputParser/SecretAgentInputParser.swift
@@ -2,7 +2,6 @@ import Foundation
 import OSLog
 import XPCWrappers
 import SecretAgentKit
-import SSHProtocolKit

 final class SecretAgentInputParser: NSObject, XPCProtocol {

--- a/Sources/Secretive.xcodeproj/project.pbxproj
+++ b/Sources/Secretive.xcodeproj/project.pbxproj
@@ -9,7 +9,7 @@
 /* Begin PBXBuildFile section */
 		2C4A9D2F2636FFD3008CC8E2 /* EditSecretView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 2C4A9D2E2636FFD3008CC8E2 /* EditSecretView.swift */; };
 		50020BB024064869003D4025 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50020BAF24064869003D4025 /* AppDelegate.swift */; };
-		5002C3AB2EEF483300FFAD22 /* XPCWrappers in Frameworks */ = {isa = PBXBuildFile; productRef = 5002C3AA2EEF483300FFAD22 /* XPCWrappers */; };
+		50033AC327813F1700253856 /* BundleIDs.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50033AC227813F1700253856 /* BundleIDs.swift */; };
 		5003EF3B278005E800DF2006 /* SecretKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3A278005E800DF2006 /* SecretKit */; };
 		5003EF3D278005F300DF2006 /* Brief in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3C278005F300DF2006 /* Brief */; };
 		5003EF3F278005F300DF2006 /* SecretAgentKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3E278005F300DF2006 /* SecretAgentKit */; };
@@ -19,6 +19,7 @@
 		5003EF632780081B00DF2006 /* SecureEnclaveSecretKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF622780081B00DF2006 /* SecureEnclaveSecretKit */; };
 		5003EF652780081B00DF2006 /* SmartCardSecretKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF642780081B00DF2006 /* SmartCardSecretKit */; };
 		5008C23E2E525D8900507AC2 /* Localizable.xcstrings in Resources */ = {isa = PBXBuildFile; fileRef = 5008C23D2E525D8200507AC2 /* Localizable.xcstrings */; };
+		5008C2402E52792400507AC2 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50617D8623FCE48E0099B055 /* Assets.xcassets */; };
 		5008C2412E52D18700507AC2 /* Localizable.xcstrings in Resources */ = {isa = PBXBuildFile; fileRef = 5008C23D2E525D8200507AC2 /* Localizable.xcstrings */; };
 		501421622781262300BBAA70 /* Brief in Frameworks */ = {isa = PBXBuildFile; productRef = 501421612781262300BBAA70 /* Brief */; };
 		501421652781268000BBAA70 /* SecretAgent.app in CopyFiles */ = {isa = PBXBuildFile; fileRef = 50A3B78A24026B7500D209EA /* SecretAgent.app */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; };
@@ -26,18 +27,22 @@
 		50153E22250DECA300525160 /* SecretListItemView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50153E21250DECA300525160 /* SecretListItemView.swift */; };
 		501578132E6C0479004A37D0 /* XPCInputParser.swift in Sources */ = {isa = PBXBuildFile; fileRef = 501578122E6C0479004A37D0 /* XPCInputParser.swift */; };
 		5018F54F24064786002EB505 /* Notifier.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5018F54E24064786002EB505 /* Notifier.swift */; };
+		504788EC2E680DC800B4556F /* URLs.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504788EB2E680DC400B4556F /* URLs.swift */; };
 		504788F22E681F3A00B4556F /* Instructions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504788F12E681F3A00B4556F /* Instructions.swift */; };
 		504788F42E681F6900B4556F /* ToolConfigurationView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504788F32E681F6900B4556F /* ToolConfigurationView.swift */; };
 		504788F62E68206F00B4556F /* GettingStartedView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504788F52E68206F00B4556F /* GettingStartedView.swift */; };
 		504789232E697DD300B4556F /* BoxBackgroundStyle.swift in Sources */ = {isa = PBXBuildFile; fileRef = 504789222E697DD300B4556F /* BoxBackgroundStyle.swift */; };
 		50571E0324393C2600F76F6C /* JustUpdatedChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50571E0224393C2600F76F6C /* JustUpdatedChecker.swift */; };
+		50571E0524393D1500F76F6C /* LaunchAgentController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50571E0424393D1500F76F6C /* LaunchAgentController.swift */; };
 		50617D8323FCE48E0099B055 /* App.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D8223FCE48E0099B055 /* App.swift */; };
 		50617D8523FCE48E0099B055 /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D8423FCE48E0099B055 /* ContentView.swift */; };
+		50617D8723FCE48E0099B055 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50617D8623FCE48E0099B055 /* Assets.xcassets */; };
 		50617D8A23FCE48E0099B055 /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50617D8923FCE48E0099B055 /* Preview Assets.xcassets */; };
 		50617DD223FCEFA90099B055 /* PreviewStore.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DD123FCEFA90099B055 /* PreviewStore.swift */; };
 		5065E313295517C500E16645 /* ToolbarButtonStyle.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5065E312295517C500E16645 /* ToolbarButtonStyle.swift */; };
 		5066A6C22516F303004B5A36 /* SetupView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5066A6C12516F303004B5A36 /* SetupView.swift */; };
 		5066A6C82516FE6E004B5A36 /* CopyableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5066A6C72516FE6E004B5A36 /* CopyableView.swift */; };
+		506772C72424784600034DED /* Credits.rtf in Resources */ = {isa = PBXBuildFile; fileRef = 506772C62424784600034DED /* Credits.rtf */; };
 		506772C92425BB8500034DED /* NoStoresView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506772C82425BB8500034DED /* NoStoresView.swift */; };
 		50692D1D2E6FDB880043C7BB /* SecretiveUpdater.xpc in Embed XPC Services */ = {isa = PBXBuildFile; fileRef = 50692D122E6FDB880043C7BB /* SecretiveUpdater.xpc */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; };
 		50692D282E6FDB8D0043C7BB /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50692D242E6FDB8D0043C7BB /* main.swift */; };
@@ -61,7 +66,6 @@
 		50A3B79424026B7600D209EA /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50A3B79324026B7600D209EA /* Preview Assets.xcassets */; };
 		50A3B79724026B7600D209EA /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 50A3B79524026B7600D209EA /* Main.storyboard */; };
 		50AE97002E5C1A420018C710 /* IntegrationsView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50AE96FF2E5C1A420018C710 /* IntegrationsView.swift */; };
-		50B832C02F62202A00D2FCB8 /* InternetAccessPolicy.plist in Resources */ = {isa = PBXBuildFile; fileRef = 50692BA52E6D5CC90043C7BB /* InternetAccessPolicy.plist */; };
 		50B8550D24138C4F009958AC /* DeleteSecretView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50B8550C24138C4F009958AC /* DeleteSecretView.swift */; };
 		50BB046B2418AAAE00D6E079 /* EmptyStoreView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50BB046A2418AAAE00D6E079 /* EmptyStoreView.swift */; };
 		50BDCB722E63BAF20072D2E7 /* AgentStatusView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50BDCB712E63BAF20072D2E7 /* AgentStatusView.swift */; };
@@ -69,12 +73,6 @@
 		50BDCB762E6450950072D2E7 /* ConfigurationItemView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50BDCB752E6450950072D2E7 /* ConfigurationItemView.swift */; };
 		50C385A52407A76D00AF2719 /* SecretDetailView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50C385A42407A76D00AF2719 /* SecretDetailView.swift */; };
 		50CF4ABC2E601B0F005588DC /* ActionButtonStyle.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50CF4ABB2E601B0F005588DC /* ActionButtonStyle.swift */; };
-		50E0145C2EDB9CDF00B121F1 /* Common in Frameworks */ = {isa = PBXBuildFile; productRef = 50E0145B2EDB9CDF00B121F1 /* Common */; };
-		50E0145E2EDB9CE400B121F1 /* Common in Frameworks */ = {isa = PBXBuildFile; productRef = 50E0145D2EDB9CE400B121F1 /* Common */; };
-		50E4C4532E73C78C00C73783 /* WindowBackgroundStyle.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50E4C4522E73C78900C73783 /* WindowBackgroundStyle.swift */; };
-		50E4C4C32E7765DF00C73783 /* AboutView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50E4C4C22E7765DF00C73783 /* AboutView.swift */; };
-		50E4C4C82E777E4200C73783 /* AppIcon.icon in Resources */ = {isa = PBXBuildFile; fileRef = 50E4C4C72E777E4200C73783 /* AppIcon.icon */; };
-		50E4C4C92E777E4200C73783 /* AppIcon.icon in Resources */ = {isa = PBXBuildFile; fileRef = 50E4C4C72E777E4200C73783 /* AppIcon.icon */; };
 /* End PBXBuildFile section */

 /* Begin PBXContainerItemProxy section */
@@ -182,23 +180,24 @@
 /* Begin PBXFileReference section */
 		2C4A9D2E2636FFD3008CC8E2 /* EditSecretView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = EditSecretView.swift; sourceTree = "<group>"; };
 		50020BAF24064869003D4025 /* AppDelegate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
+		50033AC227813F1700253856 /* BundleIDs.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BundleIDs.swift; sourceTree = "<group>"; };
 		5003EF39278005C800DF2006 /* Packages */ = {isa = PBXFileReference; lastKnownFileType = wrapper; path = Packages; sourceTree = "<group>"; };
-		500666D02F04786900328939 /* SecretiveUpdater.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = SecretiveUpdater.entitlements; sourceTree = "<group>"; };
-		500666D12F04787200328939 /* SecretAgentInputParser.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = SecretAgentInputParser.entitlements; sourceTree = "<group>"; };
 		5008C23D2E525D8200507AC2 /* Localizable.xcstrings */ = {isa = PBXFileReference; lastKnownFileType = text.json.xcstrings; name = Localizable.xcstrings; path = Packages/Resources/Localizable.xcstrings; sourceTree = SOURCE_ROOT; };
 		50153E1F250AFCB200525160 /* UpdateView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UpdateView.swift; sourceTree = "<group>"; };
 		50153E21250DECA300525160 /* SecretListItemView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretListItemView.swift; sourceTree = "<group>"; };
 		501578122E6C0479004A37D0 /* XPCInputParser.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = XPCInputParser.swift; sourceTree = "<group>"; };
 		5018F54E24064786002EB505 /* Notifier.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Notifier.swift; sourceTree = "<group>"; };
+		504788EB2E680DC400B4556F /* URLs.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = URLs.swift; sourceTree = "<group>"; };
 		504788F12E681F3A00B4556F /* Instructions.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Instructions.swift; sourceTree = "<group>"; };
 		504788F32E681F6900B4556F /* ToolConfigurationView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ToolConfigurationView.swift; sourceTree = "<group>"; };
 		504788F52E68206F00B4556F /* GettingStartedView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = GettingStartedView.swift; sourceTree = "<group>"; };
 		504789222E697DD300B4556F /* BoxBackgroundStyle.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BoxBackgroundStyle.swift; sourceTree = "<group>"; };
 		50571E0224393C2600F76F6C /* JustUpdatedChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = JustUpdatedChecker.swift; sourceTree = "<group>"; };
-		5059933F2E7A3B5B0092CFFA /* en */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = en; path = en.lproj/Main.storyboard; sourceTree = "<group>"; };
+		50571E0424393D1500F76F6C /* LaunchAgentController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LaunchAgentController.swift; sourceTree = "<group>"; };
 		50617D7F23FCE48E0099B055 /* Secretive.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Secretive.app; sourceTree = BUILT_PRODUCTS_DIR; };
 		50617D8223FCE48E0099B055 /* App.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = App.swift; sourceTree = "<group>"; };
 		50617D8423FCE48E0099B055 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
+		50617D8623FCE48E0099B055 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
 		50617D8923FCE48E0099B055 /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = "<group>"; };
 		50617D8E23FCE48E0099B055 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		50617D8F23FCE48E0099B055 /* Secretive.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = Secretive.entitlements; sourceTree = "<group>"; };
@@ -206,6 +205,7 @@
 		5065E312295517C500E16645 /* ToolbarButtonStyle.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ToolbarButtonStyle.swift; sourceTree = "<group>"; };
 		5066A6C12516F303004B5A36 /* SetupView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SetupView.swift; sourceTree = "<group>"; };
 		5066A6C72516FE6E004B5A36 /* CopyableView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CopyableView.swift; sourceTree = "<group>"; };
+		506772C62424784600034DED /* Credits.rtf */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; path = Credits.rtf; sourceTree = "<group>"; };
 		506772C82425BB8500034DED /* NoStoresView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NoStoresView.swift; sourceTree = "<group>"; };
 		50692BA52E6D5CC90043C7BB /* InternetAccessPolicy.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = InternetAccessPolicy.plist; sourceTree = "<group>"; };
 		50692D122E6FDB880043C7BB /* SecretiveUpdater.xpc */ = {isa = PBXFileReference; explicitFileType = "wrapper.xpc-service"; includeInIndex = 0; path = SecretiveUpdater.xpc; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -228,6 +228,7 @@
 		5099A02323FD2AAA0062B6F2 /* CreateSecretView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CreateSecretView.swift; sourceTree = "<group>"; };
 		50A3B78A24026B7500D209EA /* SecretAgent.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = SecretAgent.app; sourceTree = BUILT_PRODUCTS_DIR; };
 		50A3B79324026B7600D209EA /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = "<group>"; };
+		50A3B79624026B7600D209EA /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = "<group>"; };
 		50A3B79824026B7600D209EA /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		50A3B79924026B7600D209EA /* SecretAgent.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = SecretAgent.entitlements; sourceTree = "<group>"; };
 		50AE96FF2E5C1A420018C710 /* IntegrationsView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = IntegrationsView.swift; sourceTree = "<group>"; };
@@ -238,10 +239,6 @@
 		50BDCB752E6450950072D2E7 /* ConfigurationItemView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ConfigurationItemView.swift; sourceTree = "<group>"; };
 		50C385A42407A76D00AF2719 /* SecretDetailView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretDetailView.swift; sourceTree = "<group>"; };
 		50CF4ABB2E601B0F005588DC /* ActionButtonStyle.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionButtonStyle.swift; sourceTree = "<group>"; };
-		50E4C4522E73C78900C73783 /* WindowBackgroundStyle.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WindowBackgroundStyle.swift; sourceTree = "<group>"; };
-		50E4C4C22E7765DF00C73783 /* AboutView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AboutView.swift; sourceTree = "<group>"; };
-		50E4C4C72E777E4200C73783 /* AppIcon.icon */ = {isa = PBXFileReference; lastKnownFileType = folder.iconcomposer.icon; path = AppIcon.icon; sourceTree = "<group>"; };
-		F418C9A82F0C57F000E9ADF8 /* OpenSource.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = OpenSource.xcconfig; sourceTree = "<group>"; };
 /* End PBXFileReference section */

 /* Begin PBXFrameworksBuildPhase section */
@@ -249,7 +246,6 @@
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				50E0145C2EDB9CDF00B121F1 /* Common in Frameworks */,
 				5003EF3B278005E800DF2006 /* SecretKit in Frameworks */,
 				501421622781262300BBAA70 /* Brief in Frameworks */,
 				5003EF5F2780081600DF2006 /* SecureEnclaveSecretKit in Frameworks */,
@@ -270,7 +266,6 @@
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				5002C3AB2EEF483300FFAD22 /* XPCWrappers in Frameworks */,
 				50692E6C2E6FFA510043C7BB /* SecretAgentKit in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
@@ -284,23 +279,29 @@
 				5003EF652780081B00DF2006 /* SmartCardSecretKit in Frameworks */,
 				5003EF3F278005F300DF2006 /* SecretAgentKit in Frameworks */,
 				5003EF41278005FA00DF2006 /* SecretKit in Frameworks */,
-				50E0145E2EDB9CE400B121F1 /* Common in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
 /* End PBXFrameworksBuildPhase section */

 /* Begin PBXGroup section */
-		504788ED2E681EB200B4556F /* Modifiers */ = {
+		50033AC427813F1C00253856 /* Helpers */ = {
+			isa = PBXGroup;
+			children = (
+				50033AC227813F1700253856 /* BundleIDs.swift */,
+			);
+			path = Helpers;
+			sourceTree = "<group>";
+		};
+		504788ED2E681EB200B4556F /* Styles */ = {
 			isa = PBXGroup;
 			children = (
-				50E4C4522E73C78900C73783 /* WindowBackgroundStyle.swift */,
 				50CF4ABB2E601B0F005588DC /* ActionButtonStyle.swift */,
 				50BDCB732E6436C60072D2E7 /* ErrorStyle.swift */,
 				504789222E697DD300B4556F /* BoxBackgroundStyle.swift */,
 				5065E312295517C500E16645 /* ToolbarButtonStyle.swift */,
 			);
-			path = Modifiers;
+			path = Styles;
 			sourceTree = "<group>";
 		};
 		504788EE2E681EC300B4556F /* Secrets */ = {
@@ -334,7 +335,6 @@
 		504788F02E681F0100B4556F /* Views */ = {
 			isa = PBXGroup;
 			children = (
-				50E4C4C22E7765DF00C73783 /* AboutView.swift */,
 				50BDCB712E63BAF20072D2E7 /* AgentStatusView.swift */,
 				50617D8423FCE48E0099B055 /* ContentView.swift */,
 				5066A6C72516FE6E004B5A36 /* CopyableView.swift */,
@@ -374,10 +374,12 @@
 				50617D8223FCE48E0099B055 /* App.swift */,
 				508A58B0241ED1C40069DC07 /* Views */,
 				508A58B1241ED1EA0069DC07 /* Controllers */,
+				50033AC427813F1C00253856 /* Helpers */,
+				50617D8623FCE48E0099B055 /* Assets.xcassets */,
 				50617D8E23FCE48E0099B055 /* Info.plist */,
 				508BF28D25B4F005009EFB7E /* InternetAccessPolicy.plist */,
-				50E4C4C72E777E4200C73783 /* AppIcon.icon */,
 				50617D8F23FCE48E0099B055 /* Secretive.entitlements */,
+				506772C62424784600034DED /* Credits.rtf */,
 				5008C23D2E525D8200507AC2 /* Localizable.xcstrings */,
 				50617D8823FCE48E0099B055 /* Preview Content */,
 			);
@@ -398,7 +400,6 @@
 		50692D272E6FDB8D0043C7BB /* SecretiveUpdater */ = {
 			isa = PBXGroup;
 			children = (
-				500666D02F04786900328939 /* SecretiveUpdater.entitlements */,
 				50692D232E6FDB8D0043C7BB /* Info.plist */,
 				50692BA52E6D5CC90043C7BB /* InternetAccessPolicy.plist */,
 				50692D242E6FDB8D0043C7BB /* main.swift */,
@@ -410,7 +411,6 @@
 		50692E662E6FF9E20043C7BB /* SecretAgentInputParser */ = {
 			isa = PBXGroup;
 			children = (
-				500666D12F04787200328939 /* SecretAgentInputParser.entitlements */,
 				50692E622E6FF9E20043C7BB /* Info.plist */,
 				50692E632E6FF9E20043C7BB /* main.swift */,
 				50692E642E6FF9E20043C7BB /* SecretAgentInputParser.swift */,
@@ -423,7 +423,6 @@
 			children = (
 				508A590F241EEF6D0069DC07 /* Secretive.xctestplan */,
 				508A58AB241E121B0069DC07 /* Config.xcconfig */,
-				F418C9A82F0C57F000E9ADF8 /* OpenSource.xcconfig */,
 			);
 			path = Config;
 			sourceTree = "<group>";
@@ -433,7 +432,7 @@
 			children = (
 				504788EF2E681ED700B4556F /* Configuration */,
 				504788EE2E681EC300B4556F /* Secrets */,
-				504788ED2E681EB200B4556F /* Modifiers */,
+				504788ED2E681EB200B4556F /* Styles */,
 				504788F02E681F0100B4556F /* Views */,
 			);
 			path = Views;
@@ -442,9 +441,11 @@
 		508A58B1241ED1EA0069DC07 /* Controllers */ = {
 			isa = PBXGroup;
 			children = (
+				504788EB2E680DC400B4556F /* URLs.swift */,
 				508A58B2241ED2180069DC07 /* AgentStatusChecker.swift */,
 				5091D2BB25183B830049FD9B /* ApplicationDirectoryController.swift */,
 				50571E0224393C2600F76F6C /* JustUpdatedChecker.swift */,
+				50571E0424393D1500F76F6C /* LaunchAgentController.swift */,
 			);
 			path = Controllers;
 			sourceTree = "<group>";
@@ -506,7 +507,6 @@
 				5003EF5E2780081600DF2006 /* SecureEnclaveSecretKit */,
 				5003EF602780081600DF2006 /* SmartCardSecretKit */,
 				501421612781262300BBAA70 /* Brief */,
-				50E0145B2EDB9CDF00B121F1 /* Common */,
 			);
 			productName = Secretive;
 			productReference = 50617D7F23FCE48E0099B055 /* Secretive.app */;
@@ -548,7 +548,6 @@
 			name = SecretAgentInputParser;
 			packageProductDependencies = (
 				50692E6B2E6FFA510043C7BB /* SecretAgentKit */,
-				5002C3AA2EEF483300FFAD22 /* XPCWrappers */,
 			);
 			productName = SecretAgentInputParser;
 			productReference = 50692E502E6FF9D20043C7BB /* SecretAgentInputParser.xpc */;
@@ -578,7 +577,6 @@
 				5003EF40278005FA00DF2006 /* SecretKit */,
 				5003EF622780081B00DF2006 /* SecureEnclaveSecretKit */,
 				5003EF642780081B00DF2006 /* SmartCardSecretKit */,
-				50E0145D2EDB9CE400B121F1 /* Common */,
 			);
 			productName = SecretAgent;
 			productReference = 50A3B78A24026B7500D209EA /* SecretAgent.app */;
@@ -592,7 +590,7 @@
 			attributes = {
 				BuildIndependentTargetsInParallel = YES;
 				LastSwiftUpdateCheck = 2600;
-				LastUpgradeCheck = 2640;
+				LastUpgradeCheck = 2600;
 				ORGANIZATIONNAME = "Max Goedjen";
 				TargetAttributes = {
 					50617D7E23FCE48D0099B055 = {
@@ -615,6 +613,7 @@
 			hasScannedForEncodings = 0;
 			knownRegions = (
 				en,
+				Base,
 				it,
 				fr,
 				de,
@@ -644,8 +643,9 @@
 			buildActionMask = 2147483647;
 			files = (
 				50617D8A23FCE48E0099B055 /* Preview Assets.xcassets in Resources */,
-				50E4C4C82E777E4200C73783 /* AppIcon.icon in Resources */,
 				5008C23E2E525D8900507AC2 /* Localizable.xcstrings in Resources */,
+				50617D8723FCE48E0099B055 /* Assets.xcassets in Resources */,
+				506772C72424784600034DED /* Credits.rtf in Resources */,
 				508BF28E25B4F005009EFB7E /* InternetAccessPolicy.plist in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
@@ -654,7 +654,6 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				50B832C02F62202A00D2FCB8 /* InternetAccessPolicy.plist in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -672,8 +671,8 @@
 				50A3B79724026B7600D209EA /* Main.storyboard in Resources */,
 				5008C2412E52D18700507AC2 /* Localizable.xcstrings in Resources */,
 				50A3B79424026B7600D209EA /* Preview Assets.xcassets in Resources */,
-				50E4C4C92E777E4200C73783 /* AppIcon.icon in Resources */,
 				508BF2AA25B4F1CB009EFB7E /* InternetAccessPolicy.plist in Resources */,
+				5008C2402E52792400507AC2 /* Assets.xcassets in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -686,10 +685,9 @@
 			files = (
 				504788F22E681F3A00B4556F /* Instructions.swift in Sources */,
 				50BDCB742E6436CA0072D2E7 /* ErrorStyle.swift in Sources */,
-				50E4C4C32E7765DF00C73783 /* AboutView.swift in Sources */,
 				2C4A9D2F2636FFD3008CC8E2 /* EditSecretView.swift in Sources */,
-				50E4C4532E73C78C00C73783 /* WindowBackgroundStyle.swift in Sources */,
 				5091D2BC25183B830049FD9B /* ApplicationDirectoryController.swift in Sources */,
+				504788EC2E680DC800B4556F /* URLs.swift in Sources */,
 				504789232E697DD300B4556F /* BoxBackgroundStyle.swift in Sources */,
 				5066A6C22516F303004B5A36 /* SetupView.swift in Sources */,
 				5065E313295517C500E16645 /* ToolbarButtonStyle.swift in Sources */,
@@ -699,12 +697,14 @@
 				50571E0324393C2600F76F6C /* JustUpdatedChecker.swift in Sources */,
 				5079BA0F250F29BF00EA86F4 /* StoreListView.swift in Sources */,
 				50617DD223FCEFA90099B055 /* PreviewStore.swift in Sources */,
+				50033AC327813F1700253856 /* BundleIDs.swift in Sources */,
 				50BDCB722E63BAF20072D2E7 /* AgentStatusView.swift in Sources */,
 				508A58B3241ED2180069DC07 /* AgentStatusChecker.swift in Sources */,
 				50C385A52407A76D00AF2719 /* SecretDetailView.swift in Sources */,
 				5099A02423FD2AAA0062B6F2 /* CreateSecretView.swift in Sources */,
 				50AE97002E5C1A420018C710 /* IntegrationsView.swift in Sources */,
 				50153E20250AFCB200525160 /* UpdateView.swift in Sources */,
+				50571E0524393D1500F76F6C /* LaunchAgentController.swift in Sources */,
 				5066A6C82516FE6E004B5A36 /* CopyableView.swift in Sources */,
 				50B8550D24138C4F009958AC /* DeleteSecretView.swift in Sources */,
 				50BB046B2418AAAE00D6E079 /* EmptyStoreView.swift in Sources */,
@@ -784,7 +784,7 @@
 		50A3B79524026B7600D209EA /* Main.storyboard */ = {
 			isa = PBXVariantGroup;
 			children = (
-				5059933F2E7A3B5B0092CFFA /* en */,
+				50A3B79624026B7600D209EA /* Base */,
 			);
 			name = Main.storyboard;
 			sourceTree = "<group>";
@@ -948,7 +948,7 @@
 				CURRENT_PROJECT_VERSION = 1;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_ASSET_PATHS = "\"Secretive/Preview Content\"";
-				DEVELOPMENT_TEAM = "$(SECRETIVE_DEVELOPMENT_TEAM)";
+				DEVELOPMENT_TEAM = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
 				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -971,7 +971,7 @@
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 1;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).Host";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "";
 			};
@@ -988,7 +988,7 @@
 				CURRENT_PROJECT_VERSION = 1;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_ASSET_PATHS = "\"Secretive/Preview Content\"";
-				DEVELOPMENT_TEAM = "$(SECRETIVE_DEVELOPMENT_TEAM)";
+				DEVELOPMENT_TEAM = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
 				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -1011,7 +1011,7 @@
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 1;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).Host";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "Secretive - Host";
 			};
@@ -1021,19 +1021,16 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
-				CODE_SIGN_ENTITLEMENTS = SecretiveUpdater/SecretiveUpdater.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
 				CURRENT_PROJECT_VERSION = 1;
-				DEVELOPMENT_TEAM = "$(SECRETIVE_DEVELOPMENT_TEAM)";
+				DEVELOPMENT_TEAM = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
-				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
 				ENABLE_OUTGOING_NETWORK_CONNECTIONS = YES;
-				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO;
 				ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO;
 				ENABLE_RESOURCE_ACCESS_CALENDARS = NO;
@@ -1048,9 +1045,9 @@
 				INFOPLIST_KEY_CFBundleDisplayName = SecretiveUpdater;
 				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Max Goedjen. All rights reserved.";
 				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
-				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				MACOSX_DEPLOYMENT_TARGET = 26.0;
 				MARKETING_VERSION = 1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).SecretiveUpdater";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretiveUpdater;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
 				SKIP_INSTALL = YES;
@@ -1067,16 +1064,13 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
-				CODE_SIGN_ENTITLEMENTS = SecretiveUpdater/SecretiveUpdater.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
 				CURRENT_PROJECT_VERSION = 1;
 				ENABLE_APP_SANDBOX = YES;
-				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
 				ENABLE_OUTGOING_NETWORK_CONNECTIONS = YES;
-				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO;
 				ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO;
 				ENABLE_RESOURCE_ACCESS_CALENDARS = NO;
@@ -1091,9 +1085,9 @@
 				INFOPLIST_KEY_CFBundleDisplayName = SecretiveUpdater;
 				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Max Goedjen. All rights reserved.";
 				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
-				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				MACOSX_DEPLOYMENT_TARGET = 26.0;
 				MARKETING_VERSION = 1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).SecretiveUpdater";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretiveUpdater;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
 				SKIP_INSTALL = YES;
@@ -1109,19 +1103,16 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
-				CODE_SIGN_ENTITLEMENTS = SecretiveUpdater/SecretiveUpdater.entitlements;
 				CODE_SIGN_IDENTITY = "Developer ID Application";
 				CODE_SIGN_STYLE = Manual;
 				COMBINE_HIDPI_IMAGES = YES;
 				CURRENT_PROJECT_VERSION = 1;
 				DEVELOPMENT_TEAM = "";
-				"DEVELOPMENT_TEAM[sdk=macosx*]" = "$(SECRETIVE_DEVELOPMENT_TEAM)";
+				"DEVELOPMENT_TEAM[sdk=macosx*]" = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
-				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
 				ENABLE_OUTGOING_NETWORK_CONNECTIONS = YES;
-				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO;
 				ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO;
 				ENABLE_RESOURCE_ACCESS_CALENDARS = NO;
@@ -1136,9 +1127,9 @@
 				INFOPLIST_KEY_CFBundleDisplayName = SecretiveUpdater;
 				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Max Goedjen. All rights reserved.";
 				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
-				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				MACOSX_DEPLOYMENT_TARGET = 26.0;
 				MARKETING_VERSION = 1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).SecretiveUpdater";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretiveUpdater;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "";
 				REGISTER_APP_GROUPS = YES;
@@ -1155,25 +1146,22 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
-				CODE_SIGN_ENTITLEMENTS = SecretAgentInputParser/SecretAgentInputParser.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
 				CURRENT_PROJECT_VERSION = 1;
-				DEVELOPMENT_TEAM = "$(SECRETIVE_DEVELOPMENT_TEAM)";
+				DEVELOPMENT_TEAM = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
-				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
-				ENABLE_POINTER_AUTHENTICATION = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
 				GENERATE_INFOPLIST_FILE = YES;
 				INFOPLIST_FILE = SecretAgentInputParser/Info.plist;
 				INFOPLIST_KEY_CFBundleDisplayName = SecretAgentInputParser;
 				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Max Goedjen. All rights reserved.";
 				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
-				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				MACOSX_DEPLOYMENT_TARGET = 26.0;
 				MARKETING_VERSION = 1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).SecretAgentInputParser";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgentInputParser;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
 				SKIP_INSTALL = YES;
@@ -1190,23 +1178,20 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
-				CODE_SIGN_ENTITLEMENTS = SecretAgentInputParser/SecretAgentInputParser.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
 				CURRENT_PROJECT_VERSION = 1;
 				ENABLE_APP_SANDBOX = YES;
-				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
-				ENABLE_POINTER_AUTHENTICATION = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
 				GENERATE_INFOPLIST_FILE = YES;
 				INFOPLIST_FILE = SecretAgentInputParser/Info.plist;
 				INFOPLIST_KEY_CFBundleDisplayName = SecretAgentInputParser;
 				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Max Goedjen. All rights reserved.";
 				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
-				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				MACOSX_DEPLOYMENT_TARGET = 26.0;
 				MARKETING_VERSION = 1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).SecretAgentInputParser";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgentInputParser;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
 				SKIP_INSTALL = YES;
@@ -1222,26 +1207,23 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
-				CODE_SIGN_ENTITLEMENTS = SecretAgentInputParser/SecretAgentInputParser.entitlements;
 				CODE_SIGN_IDENTITY = "Developer ID Application";
 				CODE_SIGN_STYLE = Manual;
 				COMBINE_HIDPI_IMAGES = YES;
 				CURRENT_PROJECT_VERSION = 1;
 				DEVELOPMENT_TEAM = "";
-				"DEVELOPMENT_TEAM[sdk=macosx*]" = "$(SECRETIVE_DEVELOPMENT_TEAM)";
+				"DEVELOPMENT_TEAM[sdk=macosx*]" = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
-				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
-				ENABLE_POINTER_AUTHENTICATION = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
 				GENERATE_INFOPLIST_FILE = YES;
 				INFOPLIST_FILE = SecretAgentInputParser/Info.plist;
 				INFOPLIST_KEY_CFBundleDisplayName = SecretAgentInputParser;
 				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Max Goedjen. All rights reserved.";
 				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
-				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				MACOSX_DEPLOYMENT_TARGET = 26.0;
 				MARKETING_VERSION = 1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).SecretAgentInputParser";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgentInputParser;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "";
 				REGISTER_APP_GROUPS = YES;
@@ -1362,7 +1344,7 @@
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 1;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).Host";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 			};
 			name = Test;
@@ -1371,17 +1353,14 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
-				CODE_SIGN_ENTITLEMENTS = SecretAgent/SecretAgent.entitlements;
 				CODE_SIGN_STYLE = Manual;
 				COMBINE_HIDPI_IMAGES = YES;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_ASSET_PATHS = "\"SecretAgent/Preview Content\"";
 				ENABLE_APP_SANDBOX = YES;
-				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
 				ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO;
-				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_PREVIEWS = YES;
 				ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO;
 				ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO;
@@ -1398,7 +1377,7 @@
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 1;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).SecretAgent";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 			};
 			name = Test;
@@ -1412,13 +1391,11 @@
 				COMBINE_HIDPI_IMAGES = YES;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_ASSET_PATHS = "\"SecretAgent/Preview Content\"";
-				DEVELOPMENT_TEAM = "$(SECRETIVE_DEVELOPMENT_TEAM)";
+				DEVELOPMENT_TEAM = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
-				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
 				ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO;
-				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_PREVIEWS = YES;
 				ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO;
 				ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO;
@@ -1435,7 +1412,7 @@
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 1;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).SecretAgent";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 			};
 			name = Debug;
@@ -1450,13 +1427,11 @@
 				COMBINE_HIDPI_IMAGES = YES;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_ASSET_PATHS = "\"SecretAgent/Preview Content\"";
-				DEVELOPMENT_TEAM = "$(SECRETIVE_DEVELOPMENT_TEAM)";
+				DEVELOPMENT_TEAM = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
-				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
 				ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO;
-				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_PREVIEWS = YES;
 				ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO;
 				ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO;
@@ -1473,7 +1448,7 @@
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 1;
-				PRODUCT_BUNDLE_IDENTIFIER = "$(SECRETIVE_BASE_BUNDLE_ID).SecretAgent";
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "Secretive - Secret Agent";
 			};
@@ -1535,10 +1510,6 @@
 /* End XCConfigurationList section */

 /* Begin XCSwiftPackageProductDependency section */
-		5002C3AA2EEF483300FFAD22 /* XPCWrappers */ = {
-			isa = XCSwiftPackageProductDependency;
-			productName = XPCWrappers;
-		};
 		5003EF3A278005E800DF2006 /* SecretKit */ = {
 			isa = XCSwiftPackageProductDependency;
 			productName = SecretKit;
@@ -1587,14 +1558,6 @@
 			isa = XCSwiftPackageProductDependency;
 			productName = SecretAgentKit;
 		};
-		50E0145B2EDB9CDF00B121F1 /* Common */ = {
-			isa = XCSwiftPackageProductDependency;
-			productName = Common;
-		};
-		50E0145D2EDB9CE400B121F1 /* Common */ = {
-			isa = XCSwiftPackageProductDependency;
-			productName = Common;
-		};
 /* End XCSwiftPackageProductDependency section */
 	};
 	rootObject = 50617D7723FCE48D0099B055 /* Project object */;
--- a/Sources/Secretive.xcodeproj/xcshareddata/xcschemes/PackageTests.xcscheme
+++ b/Sources/Secretive.xcodeproj/xcshareddata/xcschemes/PackageTests.xcscheme
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "2640"
+   LastUpgradeVersion = "2600"
   version = "1.7">
   <BuildAction
      parallelizeBuildables = "YES"
@@ -14,8 +14,7 @@
      shouldUseLaunchSchemeArgsEnv = "YES">
      <TestPlans>
         <TestPlanReference
-            reference = "container:Config/Secretive.xctestplan"
-            default = "YES">
+            reference = "container:Config/Secretive.xctestplan">
         </TestPlanReference>
      </TestPlans>
   </TestAction>
--- a/Sources/Secretive.xcodeproj/xcshareddata/xcschemes/SecretAgent.xcscheme
+++ b/Sources/Secretive.xcodeproj/xcshareddata/xcschemes/SecretAgent.xcscheme
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "2640"
+   LastUpgradeVersion = "2600"
   version = "1.7">
   <BuildAction
      parallelizeBuildables = "YES"
--- a/Sources/Secretive.xcodeproj/xcshareddata/xcschemes/Secretive.xcscheme
+++ b/Sources/Secretive.xcodeproj/xcshareddata/xcschemes/Secretive.xcscheme
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "2640"
+   LastUpgradeVersion = "2600"
   version = "1.7">
   <BuildAction
      parallelizeBuildables = "YES"
--- a/Sources/Secretive/App.swift
+++ b/Sources/Secretive/App.swift
@@ -4,88 +4,6 @@ import SecureEnclaveSecretKit
 import SmartCardSecretKit
 import Brief

-@main
-struct Secretive: App {
-    
-    @Environment(\.agentLaunchController) var agentLaunchController
-    @Environment(\.justUpdatedChecker) var justUpdatedChecker
-
-    @SceneBuilder var body: some Scene {
-        WindowGroup {
-            ContentView()
-                .environment(EnvironmentValues._secretStoreList)
-                .onReceive(NotificationCenter.default.publisher(for: NSApplication.didBecomeActiveNotification)) { _ in
-                    Task {
-                        @AppStorage("defaultsHasRunSetup") var hasRunSetup = false
-                        @AppStorage("explicitlyDisabled") var explicitlyDisabled = false
-                        guard hasRunSetup && !explicitlyDisabled else { return }
-                        agentLaunchController.check()
-                        guard !agentLaunchController.developmentBuild else { return }
-                        if justUpdatedChecker.justUpdatedBuild || !agentLaunchController.running {
-                            // Relaunch the agent, since it'll be running from earlier update still
-                            try await agentLaunchController.forceLaunch()
-                        }
-                    }
-                }
-        }
-        .commands {
-            AppCommands()
-        }
-        WindowGroup(id: String(describing: IntegrationsView.self)) {
-            IntegrationsView()
-        }
-        .windowResizability(.contentMinSize)
-        WindowGroup(id: String(describing: AboutView.self)) {
-            AboutView()
-        }
-        .windowStyle(.hiddenTitleBar)
-        .windowResizability(.contentSize)
-    }
-
-}
-
-extension Secretive {
-
-    struct AppCommands: Commands {
-
-        @Environment(\.openWindow) var openWindow
-        @Environment(\.openURL) var openURL
-        @FocusedValue(\.showCreateSecret) var showCreateSecret
-
-        var body: some Commands {
-            CommandGroup(replacing: .appInfo) {
-                Button(.aboutMenuBarTitle, systemImage: "info.circle") {
-                    openWindow(id: String(describing: AboutView.self))
-                }
-            }
-            CommandGroup(before: CommandGroupPlacement.appSettings) {
-                Button(.integrationsMenuBarTitle, systemImage: "app.connected.to.app.below.fill") {
-                    openWindow(id: String(describing: IntegrationsView.self))
-                }
-            }
-            CommandGroup(after: CommandGroupPlacement.newItem) {
-                Button(.appMenuNewSecretButton, systemImage: "plus") {
-                    showCreateSecret?()
-                }
-                .keyboardShortcut(KeyboardShortcut(KeyEquivalent("N"), modifiers: [.command, .shift]))
-                .disabled(showCreateSecret?.isEnabled == false)
-            }
-            CommandGroup(replacing: .help) {
-                Button(.appMenuHelpButton) {
-                    openURL(Constants.helpURL)
-                }
-            }
-            SidebarCommands()
-        }
-    }
-
-}
-
-private enum Constants {
-    static let helpURL = URL(string: "https://github.com/maxgoedjen/secretive/blob/main/FAQ.md")!
-}
-
-
 extension EnvironmentValues {

    // This is injected through .environment modifier below instead of @Entry for performance reasons (basially, restrictions around init/mainactor causing delay in loading secrets/"empty screen" blip).
@@ -99,8 +17,8 @@ extension EnvironmentValues {
        return list
    }()

-    private static let _agentLaunchController = AgentLaunchController()
-    @Entry var agentLaunchController: any AgentLaunchControllerProtocol = _agentLaunchController
+    private static let _agentStatusChecker = AgentStatusChecker()
+    @Entry var agentStatusChecker: any AgentStatusCheckerProtocol = _agentStatusChecker
    private static let _updater: any UpdaterProtocol = {
        @AppStorage("defaultsHasRunSetup") var hasRunSetup = false
        return Updater(checkOnLaunch: hasRunSetup)
@@ -115,22 +33,88 @@ extension EnvironmentValues {
    }
 }

-extension FocusedValues {
-    @Entry var showCreateSecret: OpenSheet?
-}
+@main
+struct Secretive: App {
+    
+    @Environment(\.agentStatusChecker) var agentStatusChecker
+    @Environment(\.justUpdatedChecker) var justUpdatedChecker
+    @AppStorage("defaultsHasRunSetup") var hasRunSetup = false
+    @State private var showingSetup = false
+    @State private var showingIntegrations = false
+    @State private var showingCreation = false

-final class OpenSheet {
-
-    let closure: () -> Void
-    let isEnabled: Bool
-
-    init(isEnabled: Bool = true, closure: @escaping () -> Void) {
-        self.isEnabled = isEnabled
-        self.closure = closure
-    }
-
-    func callAsFunction() {
-        closure()
+    @SceneBuilder var body: some Scene {
+        WindowGroup {
+            ContentView(showingCreation: $showingCreation, runningSetup: $showingSetup, hasRunSetup: $hasRunSetup)
+                .environment(EnvironmentValues._secretStoreList)
+                .onAppear {
+                    if !hasRunSetup {
+                        showingSetup = true
+                    }
+                }
+                .onReceive(NotificationCenter.default.publisher(for: NSApplication.didBecomeActiveNotification)) { _ in
+                    guard hasRunSetup else { return }
+                    agentStatusChecker.check()
+                    if agentStatusChecker.running && justUpdatedChecker.justUpdatedBuild {
+                        // Relaunch the agent, since it'll be running from earlier update still
+                        reinstallAgent()
+                    } else if !agentStatusChecker.running && !agentStatusChecker.developmentBuild {
+                        forceLaunchAgent()
+                    }
+                }
+                .sheet(isPresented: $showingIntegrations) {
+                    IntegrationsView()
+                }
+        }
+        .commands {
+            CommandGroup(before: CommandGroupPlacement.appSettings) {
+                Button(.integrationsMenuBarTitle, systemImage: "app.connected.to.app.below.fill") {
+                    showingIntegrations = true
+                }
+            }
+            CommandGroup(after: CommandGroupPlacement.newItem) {
+                Button(.appMenuNewSecretButton) {
+                    showingCreation = true
+                }
+                .keyboardShortcut(KeyboardShortcut(KeyEquivalent("N"), modifiers: [.command, .shift]))
+            }
+            CommandGroup(replacing: .help) {
+                Button(.appMenuHelpButton) {
+                    NSWorkspace.shared.open(Constants.helpURL)
+                }
+            }
+            SidebarCommands()
+        }
    }

 }
+
+extension Secretive {
+
+    private func reinstallAgent() {
+        Task {
+            _ = await LaunchAgentController().install()
+            try? await Task.sleep(for: .seconds(1))
+            agentStatusChecker.check()
+            if !agentStatusChecker.running {
+                forceLaunchAgent()
+            }
+        }
+    }
+
+    private func forceLaunchAgent() {
+        // We've run setup, we didn't just update, launchd is just not doing it's thing.
+        // Force a launch directly.
+        Task {
+            _ = await LaunchAgentController().forceLaunch()
+            agentStatusChecker.check()
+        }
+    }
+
+}
+
+
+private enum Constants {
+    static let helpURL = URL(string: "https://github.com/maxgoedjen/secretive/blob/main/FAQ.md")!
+}
+
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Contents.json
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Contents.json
@@ -0,0 +1,68 @@
+{
+  "images" : [
+    {
+      "filename" : "Icon-macOS-ClearDark-16x16@1x.png",
+      "idiom" : "mac",
+      "scale" : "1x",
+      "size" : "16x16"
+    },
+    {
+      "filename" : "Icon-macOS-ClearDark-16x16@2x.png",
+      "idiom" : "mac",
+      "scale" : "2x",
+      "size" : "16x16"
+    },
+    {
+      "filename" : "Icon-macOS-ClearDark-32x32@1x.png",
+      "idiom" : "mac",
+      "scale" : "1x",
+      "size" : "32x32"
+    },
+    {
+      "filename" : "Icon-macOS-ClearDark-32x32@2x.png",
+      "idiom" : "mac",
+      "scale" : "2x",
+      "size" : "32x32"
+    },
+    {
+      "filename" : "Icon-macOS-ClearDark-128x128@1x.png",
+      "idiom" : "mac",
+      "scale" : "1x",
+      "size" : "128x128"
+    },
+    {
+      "filename" : "Icon-macOS-ClearDark-128x128@2x.png",
+      "idiom" : "mac",
+      "scale" : "2x",
+      "size" : "128x128"
+    },
+    {
+      "filename" : "Icon-macOS-ClearDark-256x256@1x.png",
+      "idiom" : "mac",
+      "scale" : "1x",
+      "size" : "256x256"
+    },
+    {
+      "filename" : "Icon-macOS-ClearDark-256x256@2x.png",
+      "idiom" : "mac",
+      "scale" : "2x",
+      "size" : "256x256"
+    },
+    {
+      "filename" : "Icon-macOS-ClearDark-512x512@1x.png",
+      "idiom" : "mac",
+      "scale" : "1x",
+      "size" : "512x512"
+    },
+    {
+      "filename" : "Icon-macOS-ClearDark-1024x1024@1x.png",
+      "idiom" : "mac",
+      "scale" : "2x",
+      "size" : "512x512"
+    }
+  ],
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-1024x1024@1x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-1024x1024@1x.png
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-128x128@1x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-128x128@1x.png
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-128x128@2x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-128x128@2x.png
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-16x16@1x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-16x16@1x.png
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-16x16@2x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-16x16@2x.png
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-256x256@1x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-256x256@1x.png
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-256x256@2x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-256x256@2x.png
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-32x32@1x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-32x32@1x.png
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-32x32@2x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-32x32@2x.png
--- a/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-512x512@1x.png
+++ b/Sources/Secretive/Assets.xcassets/AppIcon.appiconset/Icon-macOS-ClearDark-512x512@1x.png
--- a/Sources/Secretive/Assets.xcassets/Contents.json
+++ b/Sources/Secretive/Assets.xcassets/Contents.json
@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}
--- a/Sources/Secretive/Controllers/AgentStatusChecker.swift
+++ b/Sources/Secretive/Controllers/AgentStatusChecker.swift
@@ -2,26 +2,18 @@ import Foundation
 import AppKit
 import SecretKit
 import Observation
-import OSLog
-import ServiceManagement
-import Common

-@MainActor protocol AgentLaunchControllerProtocol: Observable, Sendable {
+@MainActor protocol AgentStatusCheckerProtocol: Observable, Sendable {
    var running: Bool { get }
    var developmentBuild: Bool { get }
    var process: NSRunningApplication? { get }
    func check()
-    func install() async throws
-    func uninstall() async throws
-    func forceLaunch() async throws
 }

-@Observable @MainActor final class AgentLaunchController: AgentLaunchControllerProtocol {
+@Observable @MainActor final class AgentStatusChecker: AgentStatusCheckerProtocol {

    var running: Bool = false
    var process: NSRunningApplication? = nil
-    private let logger = Logger(subsystem: "com.maxgoedjen.secretive", category: "LaunchAgentController")
-    private let service = SMAppService.loginItem(identifier: Bundle.agentBundleID)

    nonisolated init() {
        Task { @MainActor in
@@ -41,7 +33,7 @@ import Common

    // The process corresponding to this instance of Secretive
    var instanceSecretAgentProcess: NSRunningApplication? {
-        // TODO: CHECK VERSION
+        // FIXME: CHECK VERSION
        let agents = allSecretAgentProcesses
        for agent in agents {
            guard let url = agent.bundleURL else { continue }
@@ -57,47 +49,6 @@ import Common
        Bundle.main.bundleURL.isXcodeURL
    }

-    func install() async throws {
-        logger.debug("Installing agent")
-        try? await service.unregister()
-        // This is definitely a bit of a "seems to work better" thing but:
-        // Seems to more reliably hit if these are on separate runloops, otherwise it seems like it sometimes doesn't kill old
-        // and start new?
-        try await Task.sleep(for: .seconds(1))
-        try service.register()
-        try await Task.sleep(for: .seconds(1))
-        check()
-    }
-
-    func uninstall() async throws {
-        logger.debug("Uninstalling agent")
-        try await Task.sleep(for: .seconds(1))
-        try await service.unregister()
-        try await Task.sleep(for: .seconds(1))
-        check()
-    }
-
-    func forceLaunch() async throws {
-        logger.debug("Agent is not running, attempting to force launch by reinstalling")
-        try await install()
-        if running {
-            logger.debug("Agent successfully force launched by reinstalling")
-            return
-        }
-        logger.debug("Agent is not running, attempting to force launch by launching directly")
-        let url = Bundle.main.bundleURL.appendingPathComponent("Contents/Library/LoginItems/SecretAgent.app")
-        let config = NSWorkspace.OpenConfiguration()
-        config.activates = false
-        do {
-            try await NSWorkspace.shared.openApplication(at: url, configuration: config)
-            logger.debug("Agent force launched")
-            try await Task.sleep(for: .seconds(1))
-        } catch {
-            logger.error("Error force launching \(error.localizedDescription)")
-        }
-        check()
-    }
-
 }

 extension URL {
--- a/Sources/Secretive/Controllers/LaunchAgentController.swift
+++ b/Sources/Secretive/Controllers/LaunchAgentController.swift
@@ -0,0 +1,65 @@
+import Foundation
+import ServiceManagement
+import AppKit
+import OSLog
+import SecretKit
+
+struct LaunchAgentController {
+    
+    private let logger = Logger(subsystem: "com.maxgoedjen.secretive", category: "LaunchAgentController")
+
+    func install() async -> Bool {
+        logger.debug("Installing agent")
+        _ = setEnabled(false)
+        // This is definitely a bit of a "seems to work better" thing but:
+        // Seems to more reliably hit if these are on separate runloops, otherwise it seems like it sometimes doesn't kill old
+        // and start new?
+        try? await Task.sleep(for: .seconds(1))
+        let result = await MainActor.run {
+            setEnabled(true)
+        }
+        try? await Task.sleep(for: .seconds(1))
+        return result
+    }
+
+    func uninstall() async -> Bool {
+        logger.debug("Uninstalling agent")
+        try? await Task.sleep(for: .seconds(1))
+        let result = await MainActor.run {
+            setEnabled(false)
+        }
+        try? await Task.sleep(for: .seconds(1))
+        return result
+    }
+
+    func forceLaunch() async -> Bool {
+        logger.debug("Agent is not running, attempting to force launch")
+        let url = Bundle.main.bundleURL.appendingPathComponent("Contents/Library/LoginItems/SecretAgent.app")
+        let config = NSWorkspace.OpenConfiguration()
+        config.activates = false
+        do {
+            try await NSWorkspace.shared.openApplication(at: url, configuration: config)
+            logger.debug("Agent force launched")
+            try? await Task.sleep(for: .seconds(1))
+            return true
+        } catch {
+            logger.error("Error force launching \(error.localizedDescription)")
+            return false
+        }
+    }
+
+    private func setEnabled(_ enabled: Bool) -> Bool {
+        let service = SMAppService.loginItem(identifier: Bundle.agentBundleID)
+        do {
+            if enabled {
+                try service.register()
+            } else {
+                try service.unregister()
+            }
+            return true
+        } catch {
+            return false
+        }
+    }
+
+}
--- a/Sources/Secretive/Controllers/URLs.swift
+++ b/Sources/Secretive/Controllers/URLs.swift
@@ -0,0 +1,25 @@
+import Foundation
+
+extension URL {
+
+    static var agentHomeURL: URL {
+        URL(fileURLWithPath: URL.homeDirectory.path().replacingOccurrences(of: Bundle.hostBundleID, with: Bundle.agentBundleID))
+    }
+
+    static var socketPath: String {
+        URL.agentHomeURL.appendingPathComponent("socket.ssh").path()
+    }
+
+}
+
+extension String {
+
+    var normalizedPathAndFolder: (String, String) {
+        // All foundation-based normalization methods replace this with the container directly.
+        let processedPath = replacingOccurrences(of: "~", with: "/Users/\(NSUserName())")
+        let url = URL(filePath: processedPath)
+        let folder = url.deletingLastPathComponent().path()
+        return (processedPath, folder)
+    }
+
+}
--- a/Sources/Secretive/Credits.rtf
+++ b/Sources/Secretive/Credits.rtf
@@ -0,0 +1,36 @@
+{\rtf1\ansi\ansicpg1252\cocoartf2580
+\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+{\*\expandedcolortbl;;}
+\margl1440\margr1440\vieww9000\viewh8400\viewkind0
+\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6119\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
+{\field{\*\fldinst{HYPERLINK "https://github.com/maxgoedjen/secretive"}}{\fldrslt 
+\f0\fs24 \cf0 GitHub Repository}}
+\f0\fs24 \
+\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
+\cf0 \
+{\field{\*\fldinst{HYPERLINK "GITHUB_BUILD_URL"}}{\fldrslt Build Log}}\
+\
+Special Thanks To:\
+\
+{\field{\*\fldinst{HYPERLINK "https://github.com/maxgoedjen/secretive/graphs/contributors"}}{\fldrslt Contributors}}:\
+{\field{\*\fldinst{HYPERLINK "https://github.com/0xflotus"}}{\fldrslt 0xflotus}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/aaron-trout"}}{\fldrslt Aaron Trout}}\
+\pard\pardeftab720\partightenfactor0
+{\field{\*\fldinst{HYPERLINK "https://github.com/EppO"}}{\fldrslt \cf0 Florent Monbillard}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/vladimyr"}}{\fldrslt Dario Vladovi\uc0\u263 }}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/lavalleeale"}}{\fldrslt Alex Lavallee}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/joshheyse"}}{\fldrslt Josh}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/diesal11"}}{\fldrslt Dylan Lundy}}\
+\
+\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
+\cf0 Testers:\
+{\field{\*\fldinst{HYPERLINK "https://github.com/bdash"}}{\fldrslt Mark Rowe}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/danielctull"}}{\fldrslt Daniel Tull}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/davedelong"}}{\fldrslt Dave DeLong}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/esttorhe"}}{\fldrslt Esteban Torres}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/joeblau"}}{\fldrslt Joe Blau}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/marksands"}}{\fldrslt Mark Sands}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/mergesort"}}{\fldrslt Joe Fabisevich}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/phillco"}}{\fldrslt Phil Cohen}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/zackdotcomputer"}}{\fldrslt Zack Sheppard}}}
--- a/Sources/Packages/Sources/Common/BundleIDs.swift
+++ b/Sources/Packages/Sources/Common/BundleIDs.swift
--- a/Sources/Secretive/Info.plist
+++ b/Sources/Secretive/Info.plist
@@ -20,8 +20,6 @@
 	<string>$(CI_VERSION)</string>
 	<key>CFBundleVersion</key>
 	<string>$(CI_BUILD_NUMBER)</string>
-	<key>GitHubBuildLog</key>
-	<string>https://$(CI_BUILD_LINK)</string>
 	<key>LSMinimumSystemVersion</key>
 	<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
 	<key>NSHumanReadableCopyright</key>
--- a/Content/PreviewAgentStatusChecker.swift
+++ b/Content/PreviewAgentStatusChecker.swift
@@ -1,7 +1,7 @@
 import Foundation
 import AppKit

-class PreviewAgentLaunchController: AgentLaunchControllerProtocol {
+class PreviewAgentStatusChecker: AgentStatusCheckerProtocol {

    let running: Bool
    let process: NSRunningApplication?
@@ -15,13 +15,4 @@ class PreviewAgentLaunchController: AgentLaunchControllerProtocol {
    func check() {
    }

-    func install() async throws {
-    }
-
-    func uninstall() async throws {
-    }
-
-    func forceLaunch() async throws {
-    }
-
 }
--- a/Content/PreviewStore.swift
+++ b/Content/PreviewStore.swift
@@ -60,17 +60,16 @@ extension Preview {
        let id = UUID()
        var name: String { "Modifiable Preview Store" }
        let secrets: [Secret]
-        var supportedKeyTypes: KeyAvailability {
-            return KeyAvailability(
-                available: [
+        var supportedKeyTypes: [KeyType] {
+            if #available(macOS 26, *) {
+                [
                    .ecdsa256,
                    .mldsa65,
-                    .mldsa87
-                ],
-                unavailable: [
-                    .init(keyType: .ecdsa384, reason: .macOSUpdateRequired)
+                    .mldsa87,
                ]
-            )
+            } else {
+                [.ecdsa256]
+            }
        }
        
        init(secrets: [Secret]) {
--- a/Sources/Secretive/Secretive.entitlements
+++ b/Sources/Secretive/Secretive.entitlements
@@ -4,22 +4,16 @@
 <dict>
 	<key>com.apple.security.hardened-process</key>
 	<true/>
-	<key>com.apple.security.hardened-process.checked-allocations</key>
-	<true/>
-	<key>com.apple.security.hardened-process.checked-allocations.enable-pure-data</key>
-	<true/>
-	<key>com.apple.security.hardened-process.checked-allocations.no-tagged-receive</key>
-	<true/>
 	<key>com.apple.security.hardened-process.dyld-ro</key>
 	<true/>
+	<key>com.apple.security.hardened-process.enhanced-security-version</key>
+	<integer>1</integer>
 	<key>com.apple.security.hardened-process.hardened-heap</key>
 	<true/>
-	<key>com.apple.security.hardened-process.enhanced-security-version-string</key>
-	<string>1</string>
+	<key>com.apple.security.hardened-process.platform-restrictions</key>
+	<integer>2</integer>
 	<key>com.apple.security.smartcard</key>
 	<true/>
-	<key>com.apple.security.hardened-process.platform-restrictions-string</key>
-	<string>2</string>
 	<key>keychain-access-groups</key>
 	<array>
 		<string>$(AppIdentifierPrefix)com.maxgoedjen.Secretive</string>
--- a/Sources/Secretive/Views/Configuration/ConfigurationItemView.swift
+++ b/Sources/Secretive/Views/Configuration/ConfigurationItemView.swift
@@ -32,7 +32,7 @@ struct ConfigurationItemView<Content: View>: View {
                Spacer()
                switch action {
                case .copy(let string):
-                    Button(.copyableClickToCopyButton, systemImage: "doc.on.doc") {
+                    Button(.copyableClickToCopyButton, systemImage: "document.on.document") {
                        NSPasteboard.general.declareTypes([.string], owner: nil)
                        NSPasteboard.general.setString(string, forType: .string)
                    }
--- a/Sources/Secretive/Views/Configuration/IntegrationsView.swift
+++ b/Sources/Secretive/Views/Configuration/IntegrationsView.swift
@@ -21,19 +21,47 @@ struct IntegrationsView: View {
                }
            }
        } detail: {
-            IntegrationsDetailView(selectedInstruction: $selectedInstruction)
+                IntegrationsDetailView(selectedInstruction: $selectedInstruction)
+                .fauxToolbar {
+                    Button(.setupDoneButton) {
+                        dismiss()
+                    }
+                    .normalButton()
+                }
        }
-        .toolbar {
-            Button(.setupDoneButton) {
-                dismiss()
-            }
-        }
-        .hiddenToolbar()
-        .windowBackgroundStyle(.thinMaterial)
        .onAppear {
            selectedInstruction = instructions.gettingStarted
        }
-        .frame(minWidth: 400, minHeight: 400)
+        .frame(minHeight: 500)
+    }
+
+}
+
+extension View {
+
+    func fauxToolbar<Content: View>(content: () -> Content) -> some View {
+        modifier(FauxToolbarModifier(toolbarContent: content()))
+    }
+
+}
+
+struct FauxToolbarModifier<ToolbarContent: View>: ViewModifier {
+
+    var toolbarContent: ToolbarContent
+
+    func body(content: Content) -> some View {
+        VStack(alignment: .leading, spacing: 0) {
+            content
+            Divider()
+            HStack {
+                Spacer()
+                toolbarContent
+                .padding(.top, 8)
+                .padding(.trailing, 16)
+                .padding(.bottom, 16)
+            }
+        }
+
    }

 }
--- a/Sources/Secretive/Views/Configuration/SetupView.swift
+++ b/Sources/Secretive/Views/Configuration/SetupView.swift
@@ -3,7 +3,6 @@ import SwiftUI
 struct SetupView: View {

    @Environment(\.dismiss) private var dismiss
-    @Environment(\.agentLaunchController) private var agentLaunchController
    @Binding var setupComplete: Bool

    @State var showingIntegrations = false
@@ -32,7 +31,7 @@ struct SetupView: View {
                    ) {
                        installed = true
                        Task {
-                            try? await agentLaunchController.install()
+                            await LaunchAgentController().install()
                        }
                    }
                }
@@ -86,10 +85,7 @@ struct SetupView: View {
            integrations = true
        }, content: {
            IntegrationsView()
-                .frame(minWidth: 500, minHeight: 400)
        })
-        .frame(idealWidth: 600)
-        .fixedSize(horizontal: false, vertical: true)
    }
 }

@@ -176,13 +172,10 @@ struct StepView<Content: View>: View {
                .frame(width: 20)
            VStack(alignment: .leading, spacing: 4) {
                Text(title)
-                    .fixedSize(horizontal: false, vertical: true)
                    .bold()
                Text(description)
-                    .fixedSize(horizontal: false, vertical: true)
                if let detail {
                    Text(detail)
-                        .fixedSize(horizontal: false, vertical: true)
                        .font(.callout)
                        .italic()
                }
--- a/Sources/Secretive/Views/Configuration/ToolConfigurationView.swift
+++ b/Sources/Secretive/Views/Configuration/ToolConfigurationView.swift
@@ -1,7 +1,5 @@
 import SwiftUI
 import SecretKit
-import SSHProtocolKit
-import Common

 struct ToolConfigurationView: View {

@@ -12,7 +10,6 @@ struct ToolConfigurationView: View {

    @State var creating = false
    @State var selectedSecret: AnySecret?
-    @State var email = ""

    init(selectedInstruction: ConfigurationFileInstructions) {
        self.selectedInstruction = selectedInstruction
@@ -35,7 +32,6 @@ struct ToolConfigurationView: View {
                                        selectedSecret = created
                                    }
                                }
-                                .fixedSize()
                            }
                        }
                    }
@@ -51,12 +47,6 @@ struct ToolConfigurationView: View {
                                    .tag(secret)
                            }
                        }
-                        TextField(text: $email, prompt: Text(.integrationsConfigureUsingEmailPlaceholder)) {
-                            Text(.integrationsConfigureUsingEmailTitle)
-                            Text(.integrationsConfigureUsingEmailSubtitle)
-                                .font(.subheadline)
-                                .foregroundStyle(.secondary)
-                        }
                    } header: {
                        Text(.integrationsConfigureUsingSecretHeader)
                    }
@@ -69,7 +59,7 @@ struct ToolConfigurationView: View {
                Section {
                    ConfigurationItemView(title: .integrationsPathTitle, value: stepGroup.path, action: .revealInFinder(stepGroup.path))
                    ForEach(stepGroup.steps, id: \.self.key) { step in
-                        ConfigurationItemView(title: .integrationsAddThisTitle, action: .copy(placeholdersReplaced(text: String(localized: step)))) {
+                        ConfigurationItemView(title: .integrationsAddThisTitle, action: .copy(String(localized: step))) {
                            HStack {
                                Text(placeholdersReplaced(text: String(localized: step)))
                                    .padding(8)
@@ -111,11 +101,10 @@ struct ToolConfigurationView: View {
    func placeholdersReplaced(text: String) -> String {
        guard let selectedSecret else { return text }
        let writer = OpenSSHPublicKeyWriter()
-        let gitAllowedSignersString = [email.isEmpty ? String(localized: .integrationsConfigureUsingEmailPlaceholder) : email, writer.openSSHString(secret: selectedSecret)]
-            .joined(separator: " ")
+        let fileController = PublicKeyFileStoreController(homeDirectory: URL.agentHomeURL)
        return text
-            .replacingOccurrences(of: Instructions.Constants.publicKeyPlaceholder, with: gitAllowedSignersString)
-            .replacingOccurrences(of: Instructions.Constants.publicKeyPathPlaceholder, with: URL.publicKeyPath(for: selectedSecret, in: URL.publicKeyDirectory))
+            .replacingOccurrences(of: Instructions.Constants.publicKeyPlaceholder, with: writer.openSSHString(secret: selectedSecret))
+            .replacingOccurrences(of: Instructions.Constants.publicKeyPathPlaceholder, with: fileController.publicKeyPath(for: selectedSecret))
    }

 }
--- a/Sources/Secretive/Views/Modifiers/WindowBackgroundStyle.swift
+++ b/Sources/Secretive/Views/Modifiers/WindowBackgroundStyle.swift
@@ -1,47 +0,0 @@
-import SwiftUI
-
-struct WindowBackgroundStyleModifier: ViewModifier {
-
-    let shapeStyle: any ShapeStyle
-
-    func body(content: Content) -> some View {
-        if #available(macOS 15.0, *) {
-            content
-                .containerBackground(
-                    shapeStyle, for: .window
-                )
-        } else {
-            content
-        }
-    }
-
-}
-
-extension View {
-
-    func windowBackgroundStyle(_ style: some ShapeStyle) -> some View {
-        modifier(WindowBackgroundStyleModifier(shapeStyle: style))
-    }
-
-}
-
-struct HiddenToolbarModifier: ViewModifier {
-
-    func body(content: Content) -> some View {
-        if #available(macOS 15.0, *) {
-            content
-                .toolbarBackgroundVisibility(.hidden, for: .automatic)
-        } else {
-            content
-        }
-    }
-
-}
-
-extension View {
-
-    func hiddenToolbar() -> some View {
-        modifier(HiddenToolbarModifier())
-    }
-
-}
--- a/Sources/Secretive/Views/Secrets/CreateSecretView.swift
+++ b/Sources/Secretive/Views/Secrets/CreateSecretView.swift
@@ -75,23 +75,10 @@ struct CreateSecretView<StoreType: SecretStoreModifiable>: View {
                    Section {
                        VStack {
                            Picker(.createSecretKeyTypeLabel, selection: $keyType) {
-                                ForEach(store.supportedKeyTypes.available, id: \.self) { option in
+                                ForEach(store.supportedKeyTypes, id: \.self) { option in
                                    Text(String(describing: option))
                                        .tag(option)
-                                }
-                                Divider()
-                                ForEach(store.supportedKeyTypes.unavailable, id: \.keyType) { option in
-                                    VStack {
-                                        Button {
-                                        } label: {
-                                            Text(String(describing: option.keyType))
-                                            switch option.reason {
-                                            case .macOSUpdateRequired:
-                                                Text(.createSecretKeyTypeMacOSUpdateRequiredLabel)
-                                            }
-                                        }
-                                    }
-                                    .selectionDisabled()
+                                        .font(.caption)
                                }
                            }
                            if keyType?.algorithm == .mldsa {
@@ -132,7 +119,7 @@ struct CreateSecretView<StoreType: SecretStoreModifiable>: View {
            .padding()
        }
        .onAppear {
-            keyType = store.supportedKeyTypes.available.first
+            keyType = store.supportedKeyTypes.first
        }
        .formStyle(.grouped)
    }
--- a/Sources/Secretive/Views/Secrets/SecretDetailView.swift
+++ b/Sources/Secretive/Views/Secrets/SecretDetailView.swift
@@ -1,13 +1,12 @@
 import SwiftUI
 import SecretKit
-import Common
-import SSHProtocolKit

 struct SecretDetailView<SecretType: Secret>: View {
    
    let secret: SecretType

    private let keyWriter = OpenSSHPublicKeyWriter()
+    private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: URL.agentHomeURL)

    var body: some View {
        ScrollView {
@@ -22,7 +21,7 @@ struct SecretDetailView<SecretType: Secret>: View {
                    CopyableView(title: .secretDetailPublicKeyLabel, image: Image(systemName: "key"), text: keyString)
                    Spacer()
                        .frame(height: 20)
-                    CopyableView(title: .secretDetailPublicKeyPathLabel, image: Image(systemName: "lock.doc"), text: URL.publicKeyPath(for: secret, in: URL.publicKeyDirectory), showRevealInFinder: true)
+                    CopyableView(title: .secretDetailPublicKeyPathLabel, image: Image(systemName: "lock.doc"), text: publicKeyFileStoreController.publicKeyPath(for: secret), showRevealInFinder: true)
                    Spacer()
                }
            }
--- a/Sources/Secretive/Views/Secrets/SecretListItemView.swift
+++ b/Sources/Secretive/Views/Secrets/SecretListItemView.swift
@@ -24,18 +24,6 @@ struct SecretListItemView: View {
                Text(secret.name)
            }
        }
-        .sheet(isPresented: $isRenaming, onDismiss: {
-            renamedSecret(secret)
-        }, content: {
-            if let modifiable = store as? AnySecretStoreModifiable {
-                EditSecretView(store: modifiable, secret: secret)
-            }
-        })
-        .showingDeleteConfirmation(isPresented: $isDeleting, secret, store as? AnySecretStoreModifiable) { deleted in
-            if deleted {
-                deletedSecret(secret)
-            }
-        }
        .contextMenu {
            if store is AnySecretStoreModifiable {
                Button(action: { isRenaming = true }) {
@@ -48,5 +36,17 @@ struct SecretListItemView: View {
                }
            }
        }
+        .showingDeleteConfirmation(isPresented: $isDeleting, secret, store as? AnySecretStoreModifiable) { deleted in
+            if deleted {
+                deletedSecret(secret)
+            }
+        }
+        .sheet(isPresented: $isRenaming, onDismiss: {
+            renamedSecret(secret)
+        }, content: {
+            if let modifiable = store as? AnySecretStoreModifiable {
+                EditSecretView(store: modifiable, secret: secret)
+            }
+        })
    }
 }
--- a/Sources/Secretive/Views/Modifiers/ActionButtonStyle.swift
+++ b/Sources/Secretive/Views/Modifiers/ActionButtonStyle.swift
@@ -24,7 +24,7 @@ extension View {

 }

-struct ToolbarCircleButtonModifier: ViewModifier {
+struct MenuButtonModifier: ViewModifier {

    func body(content: Content) -> some View {
        if #available(macOS 26.0, *) {
@@ -40,8 +40,8 @@ struct ToolbarCircleButtonModifier: ViewModifier {

 extension View {

-    func toolbarCircleButton() -> some View {
-        modifier(ToolbarCircleButtonModifier())
+    func menuButton() -> some View {
+        modifier(MenuButtonModifier())
    }

 }
--- a/Sources/Secretive/Views/Modifiers/BoxBackgroundStyle.swift
+++ b/Sources/Secretive/Views/Modifiers/BoxBackgroundStyle.swift
--- a/Sources/Secretive/Views/Modifiers/ErrorStyle.swift
+++ b/Sources/Secretive/Views/Modifiers/ErrorStyle.swift
--- a/Sources/Secretive/Views/Modifiers/ToolbarButtonStyle.swift
+++ b/Sources/Secretive/Views/Modifiers/ToolbarButtonStyle.swift
@@ -1,6 +1,6 @@
 import SwiftUI

-struct ToolbarStatusButtonStyle: ButtonStyle {
+struct ToolbarButtonStyle: ButtonStyle {

    private let lightColor: Color
    private let darkColor: Color
@@ -39,7 +39,6 @@ struct ToolbarStatusButtonStyle: ButtonStyle {
        } else {
            configuration
                .label
-                .padding(EdgeInsets(top: 6, leading: 8, bottom: 6, trailing: 8))
                .background(colorScheme == .light ? lightColor : darkColor)
                .foregroundColor(.white)
                .clipShape(RoundedRectangle(cornerRadius: 5))
@@ -56,27 +55,3 @@ struct ToolbarStatusButtonStyle: ButtonStyle {
        }
    }
 }
-
-struct ToolbarButtonStyle: PrimitiveButtonStyle {
-
-    var tint: Color = .white.opacity(0.1)
-
-    func makeBody(configuration: Configuration) -> some View {
-        if #available(macOS 26.0, *) {
-            configuration
-                .label
-                .padding(.vertical, 10)
-                .padding(.horizontal, 12)
-                .glassEffect(.regular.interactive().tint(tint))
-                .onTapGesture {
-                    configuration.trigger()
-                }
-        } else {
-            BorderedButtonStyle().makeBody(configuration: configuration)
-                .padding(EdgeInsets(top: 6, leading: 8, bottom: 6, trailing: 8))
-                .foregroundColor(.white)
-                .clipShape(RoundedRectangle(cornerRadius: 5))
-        }
-    }
-}
-
--- a/Sources/Secretive/Views/Views/AboutView.swift
+++ b/Sources/Secretive/Views/Views/AboutView.swift
@@ -1,69 +0,0 @@
-import SwiftUI
-
-struct AboutView: View {
-    var body: some View {
-        if #available(macOS 15.0, *) {
-            AboutViewContent()
-                .containerBackground(
-                    .thinMaterial, for: .window
-                )
-        } else {
-            AboutViewContent()
-        }
-    }
-}
-
-struct AboutViewContent: View {
-
-    @Environment(\.openURL) var openURL
-    var body: some View {
-        VStack(spacing: 10) {
-            HStack {
-                Image(nsImage: NSApplication.shared.applicationIconImage)
-                VStack(alignment: .leading) {
-                    Text(verbatim: "Secretive")
-                        .font(.system(.largeTitle, weight: .bold))
-                    Text("**\(Bundle.main.versionNumber)** (\(Bundle.main.buildNumber))")
-                        .fixedSize(horizontal: true, vertical: false)
-                    HStack {
-                        Button(.aboutViewOnGithubButton) {
-                            openURL(URL(string: "https://github.com/maxgoedjen/secretive")!)
-                        }
-                            .normalButton()
-                        Button(.aboutBuildLogButton) {
-                            openURL(Bundle.main.buildLog)
-                        }
-                        .normalButton()
-                    }
-                }
-            }
-            Text(.aboutThanks(contributorsLink: "https://github.com/maxgoedjen/secretive/graphs/contributors", sponsorsLink: "https://github.com/sponsors/maxgoedjen"))
-                .font(.headline)
-            Text(.aboutOpenSourceNotice)
-                .font(.subheadline)
-        }
-        .padding(EdgeInsets(top: 10, leading: 30, bottom: 30, trailing: 30))
-    }
-
-}
-
-private extension Bundle {
-
-    var buildLog: URL {
-        URL(string: infoDictionary!["GitHubBuildLog"] as! String)!
-    }
-
-    var versionNumber: String {
-        infoDictionary?["CFBundleShortVersionString"] as? String ?? "0.0.0"
-    }
-
-    var buildNumber: String {
-        infoDictionary?["CFBundleVersion"] as? String ?? "0.0"
-    }
-
-}
-
-#Preview {
-    AboutView()
-        .frame(width: 500, height: 250)
-}
--- a/Sources/Secretive/Views/Views/AgentStatusView.swift
+++ b/Sources/Secretive/Views/Views/AgentStatusView.swift
@@ -2,10 +2,10 @@ import SwiftUI

 struct AgentStatusView: View {

-    @Environment(\.agentLaunchController) private var agentLaunchController: any AgentLaunchControllerProtocol
+    @Environment(\.agentStatusChecker) private var agentStatusChecker: any AgentStatusCheckerProtocol

    var body: some View {
-        if agentLaunchController.running {
+        if agentStatusChecker.running {
            AgentRunningView()
        } else {
            AgentNotRunningView()
@@ -14,13 +14,12 @@ struct AgentStatusView: View {
 }
 struct AgentRunningView: View {

-    @Environment(\.agentLaunchController) private var agentLaunchController: any AgentLaunchControllerProtocol
-    @AppStorage("explicitlyDisabled") var explicitlyDisabled = false
+    @Environment(\.agentStatusChecker) private var agentStatusChecker: any AgentStatusCheckerProtocol

    var body: some View {
        Form {
            Section {
-                if let process = agentLaunchController.process {
+                if let process = agentStatusChecker.process {
                    ConfigurationItemView(
                        title: .agentDetailsLocationTitle,
                        value: process.bundleURL!.path(),
@@ -54,14 +53,19 @@ struct AgentRunningView: View {
                        Menu(.agentDetailsRestartAgentButton) {
                            Button(.agentDetailsDisableAgentButton) {
                                Task {
-                                    explicitlyDisabled = true
-                                    try? await agentLaunchController
+                                    _ = await LaunchAgentController()
                                        .uninstall()
+                                    agentStatusChecker.check()
                                }
                            }
                        } primaryAction: {
                            Task {
-                                try? await agentLaunchController.forceLaunch()
+                                let controller = LaunchAgentController()
+                                let installed = await controller.install()
+                                if !installed {
+                                    _ = await controller.forceLaunch()
+                                }
+                                agentStatusChecker.check()
                            }
                        }
                    }
@@ -78,10 +82,9 @@ struct AgentRunningView: View {

 struct AgentNotRunningView: View {

-    @Environment(\.agentLaunchController) private var agentLaunchController
+    @Environment(\.agentStatusChecker) private var agentStatusChecker: any AgentStatusCheckerProtocol
    @State var triedRestart = false
    @State var loading = false
-    @AppStorage("explicitlyDisabled") var explicitlyDisabled = false

    var body: some View {
        Form {
@@ -97,14 +100,18 @@ struct AgentNotRunningView: View {
                        if !triedRestart {
                            Spacer()
                            Button {
-                                explicitlyDisabled = false
                                guard !loading else { return }
                                loading = true
                                Task {
-                                    try await agentLaunchController.forceLaunch()
+                                    let controller = LaunchAgentController()
+                                    let installed = await controller.install()
+                                    if !installed {
+                                        _ = await controller.forceLaunch()
+                                    }
+                                    agentStatusChecker.check()
                                    loading = false

-                                    if !agentLaunchController.running {
+                                    if !agentStatusChecker.running {
                                        triedRestart = true
                                    }
                                }
@@ -138,9 +145,9 @@ struct AgentNotRunningView: View {

 //#Preview {
 //    AgentStatusView()
-//        .environment(\.agentLaunchController, PreviewAgentLaunchController(running: false))
+//        .environment(\.agentStatusChecker, PreviewAgentStatusChecker(running: false))
 //}
 //#Preview {
 //    AgentStatusView()
-//        .environment(\.agentLaunchController, PreviewAgentLaunchController(running: true, process: .current))
+//        .environment(\.agentStatusChecker, PreviewAgentStatusChecker(running: true, process: .current))
 //}
--- a/Sources/Secretive/Views/Views/ContentView.swift
+++ b/Sources/Secretive/Views/Views/ContentView.swift
@@ -6,21 +6,19 @@ import Brief

 struct ContentView: View {

+    @Binding var showingCreation: Bool
+    @Binding var runningSetup: Bool
+    @Binding var hasRunSetup: Bool
+    @State var showingAgentInfo = false
    @State var activeSecret: AnySecret?
+    @Environment(\.colorScheme) var colorScheme
+
+    @Environment(\.secretStoreList) private var storeList
+    @Environment(\.updater) private var updater: any UpdaterProtocol
+    @Environment(\.agentStatusChecker) private var agentStatusChecker: any AgentStatusCheckerProtocol

    @State private var selectedUpdate: Release?
-
-    @Environment(\.colorScheme) private var colorScheme
-    @Environment(\.openWindow) private var openWindow
-    @Environment(\.secretStoreList) private var storeList
-    @Environment(\.updater) private var updater
-    @Environment(\.agentLaunchController) private var agentLaunchController
-
-    @AppStorage("defaultsHasRunSetup") private var hasRunSetup = false
-    @State private var showingCreation = false
    @State private var showingAppPathNotice = false
-    @State private var runningSetup = false
-    @State private var showingAgentInfo = false

    var body: some View {
        VStack {
@@ -37,23 +35,6 @@ struct ContentView: View {
            toolbarItem(appPathNoticeView, id: "appPath")
            toolbarItem(newItemView, id: "new")
        }
-        .onAppear {
-            if !hasRunSetup {
-                runningSetup = true
-            }
-        }
-        .focusedSceneValue(\.showCreateSecret,  .init(isEnabled: !runningSetup) {
-            showingCreation = true
-        })
-        .sheet(isPresented: $showingCreation) {
-            if let modifiable = storeList.modifiableStore {
-                CreateSecretView(store: modifiable) { created in
-                    if let created {
-                        activeSecret = created
-                    }
-                }
-            }
-        }
        .sheet(isPresented: $runningSetup) {
            SetupView(setupComplete: $hasRunSetup)
        }
@@ -104,9 +85,24 @@ extension ContentView {
                    .font(.headline)
                    .foregroundColor(.white)
            })
-            .buttonStyle(ToolbarStatusButtonStyle(color: color))
+            .buttonStyle(ToolbarButtonStyle(color: color))
            .sheet(item: $selectedUpdate) { update in
-                UpdateDetailView(update: update)
+                VStack {
+                    if updater.currentVersion.isTestBuild {
+                        VStack {
+                            if let description = updater.currentVersion.previewDescription {
+                                Text(description)
+                            }
+                            Link(destination: URL(string: "https://github.com/maxgoedjen/secretive/actions/workflows/nightly.yml")!) {
+                                Button(.updaterDownloadLatestNightlyButton) {}
+                                    .frame(maxWidth: .infinity)
+                                    .primaryButton()
+                            }
+                        }
+                        .padding()
+                    }
+                    UpdateDetailView(update: update)
+                }
            }
        }
    }
@@ -117,7 +113,16 @@ extension ContentView {
            Button(.appMenuNewSecretButton, systemImage: "plus") {
                showingCreation = true
            }
-            .toolbarCircleButton()
+            .menuButton()
+            .sheet(isPresented: $showingCreation) {
+                if let modifiable = storeList.modifiableStore {
+                    CreateSecretView(store: modifiable) { created in
+                        if let created {
+                            activeSecret = created
+                        }
+                    }
+                }
+            }
        }
    }

@@ -127,7 +132,7 @@ extension ContentView {
            showingAgentInfo = true
        }, label: {
            HStack {
-                if agentLaunchController.running {
+                if agentStatusChecker.running {
                    Text(.agentRunningNoticeTitle)
                        .font(.headline)
                        .foregroundColor(colorScheme == .light ? Color(white: 0.3) : .white)
@@ -144,9 +149,9 @@ extension ContentView {
            }
        })
        .buttonStyle(
-            ToolbarStatusButtonStyle(
-                lightColor: agentLaunchController.running ? .black.opacity(0.05) : .red.opacity(0.75),
-                darkColor: agentLaunchController.running ? .white.opacity(0.05) : .red.opacity(0.5),
+            ToolbarButtonStyle(
+                lightColor: agentStatusChecker.running ? .black.opacity(0.05) : .red.opacity(0.75),
+                darkColor: agentStatusChecker.running ? .white.opacity(0.05) : .red.opacity(0.5),
            )
        )
        .popover(isPresented: $showingAgentInfo, attachmentAnchor: attachmentAnchor, arrowEdge: .bottom) {
@@ -166,18 +171,18 @@ extension ContentView {
                .font(.headline)
                .foregroundColor(.white)
            })
-            .buttonStyle(ToolbarStatusButtonStyle(color: .orange))
-            .confirmationDialog(.appNotInApplicationsNoticeTitle, isPresented: $showingAppPathNotice) {
-                Button(.appNotInApplicationsNoticeCancelButton, role:  .cancel) {
+            .buttonStyle(ToolbarButtonStyle(color: .orange))
+            .popover(isPresented: $showingAppPathNotice, attachmentAnchor: attachmentAnchor, arrowEdge: .bottom) {
+                VStack {
+                    Image(systemName: "exclamationmark.triangle")
+                        .resizable()
+                        .aspectRatio(contentMode: .fit)
+                        .frame(width: 64)
+                    Text(.appNotInApplicationsNoticeDetailDescription)
+                        .frame(maxWidth: 300)
                }
-                Button(.appNotInApplicationsNoticeQuitButton) {
-                    NSWorkspace.shared.selectFile(Bundle.main.bundlePath, inFileViewerRootedAtPath: Bundle.main.bundlePath)
-                    NSApplication.shared.terminate(nil)
-                }
-            } message: {
-                Text(.appNotInApplicationsNoticeDetailDescription)
+                .padding()
            }
-            .dialogIcon(Image(systemName: "folder.fill.badge.questionmark"))
        }
    }

--- a/Sources/Secretive/Views/Views/CopyableView.swift
+++ b/Sources/Secretive/Views/Views/CopyableView.swift
@@ -11,7 +11,7 @@ struct CopyableView: View {
    @State private var interactionState: InteractionState = .normal
    
    var content: some View {
-        VStack(alignment: .leading, spacing: 15) {
+        VStack(alignment: .leading) {
            HStack {
                image
                    .renderingMode(.template)
@@ -28,19 +28,20 @@ struct CopyableView: View {
                        }
                        copyButton
                    }
-                    .foregroundColor(secondaryTextColor)
-                    .transition(.opacity)
+                        .foregroundColor(secondaryTextColor)
+                        .transition(.opacity)
                }
+
            }
+            .padding(EdgeInsets(top: 20, leading: 20, bottom: 10, trailing: 20))
            Divider()
-                .ignoresSafeArea()
            Text(text)
                .fixedSize(horizontal: false, vertical: true)
                .foregroundColor(primaryTextColor)
+                .padding(EdgeInsets(top: 10, leading: 20, bottom: 20, trailing: 20))
                .multilineTextAlignment(.leading)
                .font(.system(.body, design: .monospaced))
        }
-        .safeAreaPadding(20)
        ._background(interactionState: interactionState)
        .frame(minWidth: 150, maxWidth: .infinity)
    }
@@ -52,12 +53,12 @@ struct CopyableView: View {
                interactionState = hovering ? .hovering : .normal
            }
        }
-        .draggable(text) {
-                content
-                .lineLimit(3)
-                .frame(maxWidth: 300)
+        .onDrag({
+            NSItemProvider(item: NSData(data: text.data(using: .utf8)!), typeIdentifier: UTType.utf8PlainText.identifier)
+        }, preview: {
+            content
                ._background(interactionState: .dragging)
-        }
+        })
        .onTapGesture {
            copy()
            withAnimation {
@@ -78,7 +79,7 @@ struct CopyableView: View {
    var copyButton: some View {
        switch interactionState {
        case .hovering:
-            Button(.copyableClickToCopyButton, systemImage: "doc.on.doc") {
+            Button(.copyableClickToCopyButton, systemImage: "document.on.document") {
                withAnimation {
                    // Button will eat the click, so we set interaction state manually.
                    interactionState = .clicking
@@ -158,8 +159,7 @@ fileprivate struct BackgroundViewModifier: ViewModifier {
                // Very thin opacity lets user hover anywhere over the view, glassEffect doesn't allow.
                    .background(.white.opacity(0.01), in: RoundedRectangle(cornerRadius: 15))
                    .glassEffect(.regular.tint(backgroundColor(interactionState: interactionState)), in: RoundedRectangle(cornerRadius: 15))
-                    .mask(RoundedRectangle(cornerRadius: 15))
-                    .shadow(color: .black.opacity(0.1), radius: 5)
+                
            } else {
                content
                    .background(backgroundColor(interactionState: interactionState))
@@ -170,25 +170,13 @@ fileprivate struct BackgroundViewModifier: ViewModifier {
    
    func backgroundColor(interactionState: InteractionState) -> Color {
        guard appearsActive else { return Color.clear }
-        if #available(macOS 26.0, *) {
-            let base = colorScheme == .dark ? Color(white: 0.2) : Color(white: 1)
-            switch interactionState {
-            case .normal:
-                return base
-            case .hovering:
-                return base.mix(with: .accentColor, by: colorScheme == .dark ? 0.2 : 0.1)
-            case .clicking, .dragging:
-                return base.mix(with: .accentColor, by: 0.8)
-            }
-        } else {
-            switch interactionState {
-            case .normal:
-                return colorScheme == .dark ? Color(white: 0.2) : Color(white: 0.885)
-            case .hovering:
-                return colorScheme == .dark ? Color(white: 0.275) : Color(white: 0.82)
-            case .clicking, .dragging:
-                return .accentColor
-            }
+        switch interactionState {
+        case .normal:
+            return colorScheme == .dark ? Color(white: 0.2) : Color(white: 0.885)
+        case .hovering, .dragging:
+            return colorScheme == .dark ? Color(white: 0.275) : Color(white: 0.82)
+        case .clicking:
+            return .accentColor
        }
    }

@@ -196,10 +184,7 @@ fileprivate struct BackgroundViewModifier: ViewModifier {
 }

 #Preview {
-    VStack {
-        CopyableView(title: .secretDetailSha256FingerprintLabel, image: Image(systemName: "figure.wave"), text: "Hello world.")
-        CopyableView(title: .secretDetailSha256FingerprintLabel, image: Image(systemName: "figure.wave"), text: "Hello world.")
-    }
+    CopyableView(title: .secretDetailSha256FingerprintLabel, image: Image(systemName: "figure.wave"), text: "Hello world.")
        .padding()
 }

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Max Goedjen	0d16a6ffb1	Clear needs review.	2025-09-11 18:51:01 -07:00
Max Goedjen	95658072e7	Fixed back sides	2025-09-11 18:43:35 -07:00
Max Goedjen	7eeb09b1ec	Few more	2025-09-11 18:31:45 -07:00
Max Goedjen	e6f21c13b0	Fix up strings (hopefully)	2025-09-11 18:27:47 -07:00