macOS Sonoma: App Group access REJECTED – group identifier not TeamID-prefixed, app never becomes visible #318
Description
On macOS Sonoma, CodexBar launches but never becomes visible (no menu bar item). Logs show the app is denied access to its App Group container due to an invalid app group identifier.
Environment
macOS: Sonoma (paste exact sw_vers output below)
Apple Silicon (arm64)
Install method: Homebrew cask + GitHub release (both affected)
CodexBar version: 0.17.0 (also seen on 0.18.0-beta)
What happens
open -a CodexBar launches the process
App stays running-active-NotVisible
No menu bar icon appears
No crash report
Relevant logs
containermanagerd:
[com.steipete.codexbar] requesting [group.com.steipete.codexbar]: REJECTED.
Requestor's signature does not allow it to access a TCC-protected group container.
Group containers identifiers should be prefixed by requestor's team ID to allow access on this platform.
Code signing info
Identifier = com.steipete.codexbar
TeamIdentifier = Y5PE65HELJ
Entitlements:
com.apple.security.application-groups = (
group.com.steipete.codexbar
)
Analysis
On Sonoma, App Group identifiers must be TeamID-prefixed.
group.com.steipete.codexbar is rejected because it is not tied to Y5PE65HELJ.
This prevents container creation and appears to block normal app startup/UI.
Expected fix
Ship a build where all targets (app, widget, helpers) use a TeamID-prefixed app group, e.g.:
group.Y5PE65HELJ.com.steipete.codexbar
(or whatever format matches your provisioning)
This needs to be updated consistently across:
CodexBar.app
Widget extension
Any helper/CLI targets that touch the app group
Workarounds tried
Full uninstall + zap
Clearing Containers
Reinstall via Homebrew and direct release
Clearing TCC
Ad-hoc re-signing (not viable for App Groups)
None resolve the issue.
Happy to test a patched build.