macOS Self-Signed Code Signing Certificate

Create and manage a self-signed code signing certificate for macOS app development, so that system permissions survive across rebuilds without requiring the user to re-grant them every time.

Why This Exists

macOS TCC (Transparency, Consent, and Control) grants permissions like Screen Recording and Microphone based on the app's bundle ID + code signature. With ad-hoc signing (CODE_SIGN_IDENTITY="-"), every rebuild produces a different signature hash, so macOS treats it as a new app and revokes permissions. This forces the user to re-grant permissions after every build — a painful experience during iterative development.

The fix: Create a self-signed certificate and use it consistently. Same bundle ID + same certificate = same app identity to TCC. Permissions persist across rebuilds. The user grants Screen Recording / Microphone / Accessibility once, and it works forever.

Setup (One-Time)