Correct Architecture for Agents in 2018

My macOS app, designed in 2009, can programatically install up to 5 launchd agents, depending on user configuration. These launchd agents have WatchPaths to certain files in the user's Home directory. The ProgramArguments of these agents launch a command-line Helper tool which is located in my app's Contents/Helpers. The tool runs for a minute or so (nice = 20) and then terminates itself. This may happen up to a dozen times per hour when the user is busy changing relevant files.


I think that I now need to replace these agents and command-line tool with a constantly-running background helper .app, which the user must add to Login Items. This new helper will run its own kqueues or FSEvents to watch the relevant files.


My reasons for making the change are:


  • Launchd tasks are referred to as legacy in current Apple documentation.
  • My helper needs to have Full Disk Access (as in System Preferences > Security and Privacy > Full Disk Access) in macOS 10.14, and it appears that Full Disk Access only works for the main executable of a .app package, not command-line tools.
  • There is some system log, I forgot where it is, which adds an entry every time one of my tools runs and terminates itself, and occasionally users ask me why they see hundreds of entries in this log.


Since this is going to be a lot of work, I'd like to ask: Is my reasoning correct?


Also, what is the appropriate modern method for interapplication communication between the main .app and the helper .app?


Thank you!

After performing several experiments over the last week, I've confirmed that, at this time (macOS 10.14 Mojave Beta 8), and for the forseeable future, for a helper to actually get Full Disk Access:

  • The helper must be packaged as a .app.
  • The helper must be shipped in Contents/Library/LoginItems of its main app.
  • The main app must enable the helper by calling SMLoginItemSetEnabled(). (This will cause the helper process to launch at login, and the system will keep it running constantly.)
  • The user must add the main app to the whitelist in System Preferences > Security and Privacy > Full Disk Access.


Well, since my helper needs Full Disk Access, this is the answer for me.


It also appears to be the type of helper which is best supported by Apple at this time.

Correct Architecture for Agents in 2018
 
 
Q