Yes the resources is the correct place, however I did want Apple to confirm some additional things. I got a response to my questions, and have been able to confirm some things too which is good: So the original question of `Where should I add this file within the package setup? You should add it as a resource file as described in Bundling resources with a Swift package. Should there be a privacy info file per importable target? Or is it per library/package project? It is per target. The target that builds the app or third-party SDK requiring a privacy manifest should only contain one privacy manifest. If your app links against a third-party SDK requiring a privacy manifest but doesn't collect data and use required reason API, then their target doesn't need to contain a privacy manifest file. Is it expected that the generated privacy report of an application will show info based on flags within the package's manifest file? The generated privacy ​report will show all information inputted into the ​privacy manifest file. However, it is worth noting that during my testing/validating - it only showed up in the report if there were tracking items. For example, I purposely added a tracking item and included it in a sample project: however, when the libraries privacy report had Privacy Tracking as NO and also no additional items or required reason api's it did not include in the report: am assuming this is due to the report only highlighting flagged trackings/collections (at least that is my understanding of the available documentation)

Thanks for the response, I resolved the issue after reading this. And this is completely developer error - the updated entitlements for the app running this were not included in the git branch I was working from. The incoming/outgoing connection entitlements were not enabled at all 🤦‍♂️- I have fixed the entitlements and it's all good now. Apologies, this is something I should have confirmed before bugging folks (end of day brain) 😅

Yeah a bit of an odd one - am putting together a sample project to raise a tech support ticket. Hopefully can be resolved, will post back with any future updates 🤞

Yeah works in general and only seems to fail when the directory contains a Package.swift file.

Yes - currently the UserDefaults are shared using an app group

sorry missed the last bit - I am storing them in UserDefaults at the moment

Yes - used to save a bookmark pointing to the directory is correct

Definitely should have put more details sorry 😅 So yes it is a Mac app and it is Sandboxed. Specifically, the Mac application is the companion app housing an XcodeSourceEditorExtension. In order for the extension to read source contents and do it's thing, it requires read access to the project directory. The user adds these permissions via the Mac application, which uses an open panel so the user can select an Xcode project file, workspace, or Package.swift file. Once the user submits this, the url to the directory containing the project file is used to save a bookmark to the directory. When the user launches Xcode and invokes the extension, it resolves the active project to find the matching bookmark based on the directory the active project is in. Once resolved it calls the startAccessingSecurityScopedResource method, does its thing, then calls the stopAccessingSecurityScopedResource once it has finished. I first noticed the issue when trying to use the extension in a standalone swift package project. Debugging led me to find the problem described in the original post.

Update: Just to confirm that AppStore releases will install fine and appear in Xcode 🎉 Unique testing experience for this one - looking forward to Xcode 14 being released so can get back into a testing process 😅

Sorry for infrequent updates - can confirm latest Xcode Beta resolves the TestFlight issue. Submitting to the store over the next day so will post back if the issue is resolved for current Xcode (13.4.1)

Thanks, I came to the same conclusion after a few more hours debugging and trying other source editor extension projects 😅 I have created a tech support ticket which has movement and have since provided a sample application that has the same outcome. Am hoping to get an answer soon, in the meantime I have distributed a developer signed build to get some testing from a internal small pool to prepare for the release. Hopefully the timing all works out, if not once am happy enough with it I will just be releasing it to the public store as you suggested and going from there. Cheers, Michael

An update - after a bit of digging in logs I found that Xcode is logging an error on launch when it tries to load the extension: IDEExtensionManager: Xcode Extension does not meet code signing requirement: com.cheekyghost.<appName>.XcodeExtension (file:///Applications/<appName>.app/Contents/PlugIns/<appName>Extension.appex/), Error Domain=DVTSecErrorDomain Code=-67050 "code failed to satisfy specified code requirement(s)" UserInfo={NSLocalizedDescription=code failed to satisfy specified code requirement(s)} upon checking using code sign am getting the following when using the command: codesign -vvvv -R="anchor apple" <appname>.app ... --prepared:/Applications/<appName>.app/Contents/PlugIns/<appName>Extension.appex --validated:/Applications/<appName>.app/Contents/PlugIns/<appName>Extension.appex --prepared:/Applications/<appName>.app/Contents/Frameworks/lib_InternalSwiftSyntaxParser.dylib --validated:/Applications/<appName>.app/Contents/Frameworks/lib_InternalSwiftSyntaxParser.dylib --prepared:/Applications/<appName>.app/Contents/Frameworks/libswift_Concurrency.dylib --validated:/Applications/<appName>.app/Contents/Frameworks/libswift_Concurrency.dylib <appName>.app: valid on disk <appName>.app: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) I can't seem to get details on what is causing the last failure: test-requirement: code failed to satisfy specified code requirement(s)