Embedding automation command line tool into an AppStore app

I am developing a macOS word-processing app that should be distributed via the Apple App Store. Some of the app's functions like generating HTML and PDF exports should be automatable via Shortcuts and via shell scripts. To support the latter, I plan to include a command line tool inside the app that can be called from the Terminal or a shell script. The tool should be able to instruct the main app to then perform the desired commands.

A well-known AppStore app that uses this design is BBEdit which also contains multiple command line tools that offer functionality from the main app to users of the Terminal.

My technical questions now are:

Should the command line tool executable be sandboxed and if yes, how?

Even after many trials, I have not found a way to make a working sandboxed command line tool. If a sandboxed tool is started from the Terminal, it is immediately terminated with an exception in _libsecinit_appsandbox.cold.12. I am aware of the Apple developer documentation article Embedding A Helper Tool In A Sandboxed App, but it addresses a different architecture in which the helper tool is started from the main app and therefore is able to inherit its sandbox.

BBEdit is only sandboxing the main app, but not its embedded command line tools and is still allowed in the App Store. Is this the way to go for me as well or does BBEdit get some special treatment in the App Store?

How can the command line tool pass the permission to access files to the main app?

As my main app is sandboxed, it needs explicit permission from the user to be able to access files. Users of a command line tool give this permission by providing file paths as arguments. How can I pass these permissions along to the main app? BBEdit is able to do this even when the user has not given it full-disk access. I know that it is using Apple Events for the communication between the command line tool and the main app, but I am not sure how this allows to pass permissions. Can anyone shed light on how to implement a solution here?

Thanks!

Embedding automation command line tool into an AppStore app
 
 
Q