v1.2.3: fix auto-paste (drop sandbox + yield activation), migrate history

Auto-paste was silently broken since the project flipped on
ENABLE_APP_SANDBOX (1.0.0): a sandboxed app on macOS 14+ cannot use
NSRunningApplication.activate() to bring a foreign app forward, so the
synthesized ⌘V landed on us instead of the target. Two coupled fixes:

1. Drop ENABLE_APP_SANDBOX and set com.apple.security.app-sandbox = false
   in the checked-in entitlements file. Hardened runtime stays on; no
   network linkage; AES-GCM at rest; Keychain key. Every shipping
   clipboard manager (Maccy, Paste, Alfred, Raycast) runs unsandboxed
   for the same reason.

2. NSApp.yieldActivation(to:) before app.activate() so macOS 14+
   accepts the foreign-app activation. Moved off the deprecated
   activate(options:) API.

History from pre-1.2.3 sandbox containers is migrated to the
unsandboxed Application Support location on first launch. Migration
runs before KeyManager so a re-signed-binary keychain re-auth prompt
can't block it.

CHANGELOG, SECURITY.md, README updated to reflect the unsandboxed
posture and the trade-off rationale.

Author: SNGWN

CHANGELOG.md

@@ -2,6 +2,30 @@
 
 All notable changes to this project are documented here. Format loosely follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/); versioning follows [Semantic Versioning](https://semver.org/).
 
+## [1.2.3] — 2026-05-31
+
+### Fixed
+
+- **Auto-paste now actually works.** Two compounding bugs were silently swallowing the synthesized ⌘V:
+  1. The App Sandbox was enabled (since v1.0.0, via `ENABLE_APP_SANDBOX = YES` in the project). A sandboxed app on macOS 14+ cannot use `NSRunningApplication.activate()` to bring a foreign app to the foreground, so the previously-focused app never actually came forward and the keystroke landed on Clip-Board (or nowhere).
+  2. Even unsandboxed, macOS 14+ requires the currently-active app to explicitly **yield activation** before another app can take focus. We now call `NSApp.yieldActivation(to:)` before activating the target, then post ⌘V once it's truly frontmost.
+
+### Changed
+
+- **App is no longer sandboxed.** Every shipping clipboard manager that does cross-app paste injection (Maccy, Paste, Alfred, Raycast) runs unsandboxed for exactly this reason — the sandbox is fundamentally incompatible with "activate any other app and synthesize a paste into it." See `SECURITY.md` for the full rationale and what hardening we *do* still apply (hardened runtime, no network linkage, AES-GCM at rest, Keychain key, file mode 0600 / dir 0700).
+- Updated `NSRunningApplication.activate(options:)` (deprecated in macOS 14) → `activate()`.
+- Bumped auto-paste activation budget from 500 ms → 600 ms (the yield handoff costs a frame or two).
+
+### Security / hygiene
+
+- Entitlements file now explicitly sets `com.apple.security.app-sandbox = false` with an inline comment explaining the trade-off, so reviewers can diff source against the signed binary and see the unsandboxed posture is intentional, not an oversight.
+
+### Migration
+
+- **Pre-1.2.3 history is automatically carried over.** Upgrading from 1.2.2 or earlier: on first launch, the old sandbox-container history (`~/Library/Containers/Siddharth.Sangwa.ClipBoard/Data/Library/Application Support/ClipboardManager/`) is copied to the new unsandboxed location (`~/Library/Application Support/ClipboardManager/`). The legacy container is left in place untouched, so downgrading still works.
+
+[1.2.3]: https://github.com/Light-House-Group/Clip-Board/releases/tag/v1.2.3
+
 ## [1.2.2] — 2026-05-30
 
 ### Fixed

Clip Board.xcodeproj/project.pbxproj

@@ -254,12 +254,11 @@
 				CODE_SIGN_ENTITLEMENTS = "Clip Board/Clip Board.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5;
+				CURRENT_PROJECT_VERSION = 6;
 				DEVELOPMENT_TEAM = 474XD43PW6;
-				ENABLE_APP_SANDBOX = YES;
+				ENABLE_APP_SANDBOX = NO;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_PREVIEWS = YES;
-				ENABLE_USER_SELECTED_FILES = readonly;
 				GENERATE_INFOPLIST_FILE = YES;
 				INFOPLIST_FILE = "Clip-Board-Info.plist";
 				INFOPLIST_KEY_CFBundleDisplayName = "Clip Board";
@@ -271,7 +270,7 @@
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14;
-				MARKETING_VERSION = 1.2.2;
+				MARKETING_VERSION = 1.2.3;
 				PRODUCT_BUNDLE_IDENTIFIER = Siddharth.Sangwa.ClipBoard;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
@@ -294,12 +293,11 @@
 				CODE_SIGN_ENTITLEMENTS = "Clip Board/Clip Board.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5;
+				CURRENT_PROJECT_VERSION = 6;
 				DEVELOPMENT_TEAM = 474XD43PW6;
-				ENABLE_APP_SANDBOX = YES;
+				ENABLE_APP_SANDBOX = NO;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_PREVIEWS = YES;
-				ENABLE_USER_SELECTED_FILES = readonly;
 				GENERATE_INFOPLIST_FILE = YES;
 				INFOPLIST_FILE = "Clip-Board-Info.plist";
 				INFOPLIST_KEY_CFBundleDisplayName = "Clip Board";
@@ -311,7 +309,7 @@
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14;
-				MARKETING_VERSION = 1.2.2;
+				MARKETING_VERSION = 1.2.3;
 				PRODUCT_BUNDLE_IDENTIFIER = Siddharth.Sangwa.ClipBoard;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;

Clip Board/AppAndCrypto.swift

@@ -192,10 +192,10 @@ final class KeyManager {
 
 /// Centralized on-disk locations, each created with tight permissions once at first use.
 ///
-/// Under the app sandbox, `applicationSupportDirectory` resolves to the container path
-/// (`~/Library/Containers/<bundle-id>/Data/Library/Application Support/ClipboardManager`),
-/// not the global `~/Library/Application Support`. Either way, it's per-user and
-/// inaccessible to other apps without the user explicitly granting access.
+/// Resolves to `~/Library/Application Support/ClipboardManager`. The directory is created
+/// 0700 on first access so other users on the machine can't read it. (Releases 1.0.0–1.2.2
+/// ran sandboxed and stored under `~/Library/Containers/<bundle-id>/Data/...`; 1.2.3+ is
+/// unsandboxed and migrates the old container payload via `migrateLegacyContainerIfNeeded()`.)
 enum AppPaths {
     /// `…/Application Support/ClipboardManager` (0700). Cached — created once.
     static let base: URL = {
@@ -214,6 +214,53 @@ enum AppPaths {
         return folder
     }()
 
+    /// One-time migration of pre-1.2.3 sandbox-container history into the unsandboxed
+    /// Application Support location. Idempotent and safe: only runs when the destination
+    /// has no encrypted history yet and a legacy container payload exists. Never overwrites
+    /// newer data; never deletes the source (so a downgrade still finds the old store).
+    /// Call once at launch, BEFORE the persistence manager loads.
+    static func migrateLegacyContainerIfNeeded() {
+        let fm = FileManager.default
+        let historyName = "history.json.enc"
+        let destHistory = base.appendingPathComponent(historyName)
+        if fm.fileExists(atPath: destHistory.path) { return }
+
+        // Reconstruct the old sandbox container path manually — it's a regular path in
+        // the user's home directory; we just hard-code the bundle ID component.
+        // NOTE: appendingPathComponent percent-encodes embedded slashes, so chain one
+        // component per call (passing "Library/Containers" as one arg is wrong).
+        guard let bundleID = Bundle.main.bundleIdentifier else { return }
+        guard let home = ProcessInfo.processInfo.environment["HOME"].map(URL.init(fileURLWithPath:)) else { return }
+        let legacy = home
+            .appendingPathComponent("Library", isDirectory: true)
+            .appendingPathComponent("Containers", isDirectory: true)
+            .appendingPathComponent(bundleID, isDirectory: true)
+            .appendingPathComponent("Data", isDirectory: true)
+            .appendingPathComponent("Library", isDirectory: true)
+            .appendingPathComponent("Application Support", isDirectory: true)
+            .appendingPathComponent("ClipboardManager", isDirectory: true)
+        let legacyHistory = legacy.appendingPathComponent(historyName)
+        guard fm.fileExists(atPath: legacyHistory.path) else { return }
+
+        Log.app.notice("Migrating legacy sandbox-container history into Application Support.")
+        do {
+            try fm.copyItem(at: legacyHistory, to: destHistory)
+        } catch {
+            Log.app.error("Legacy history copy failed: \(error.localizedDescription, privacy: .private)")
+            return
+        }
+        // Carry images over too if present.
+        let legacyImages = legacy.appendingPathComponent("images", isDirectory: true)
+        if let names = try? fm.contentsOfDirectory(atPath: legacyImages.path) {
+            for name in names {
+                let src = legacyImages.appendingPathComponent(name)
+                let dst = imagesFolder.appendingPathComponent(name)
+                if fm.fileExists(atPath: dst.path) { continue }
+                try? fm.copyItem(at: src, to: dst)
+            }
+        }
+    }
+
     private static func ensureDirectory(_ url: URL) {
         let fm = FileManager.default
         guard !fm.fileExists(atPath: url.path) else { return }
@@ -447,6 +494,13 @@ final class AppDelegate: NSObject, NSApplicationDelegate {
     private var menuBarController: MenuBarController?
 
     func applicationDidFinishLaunching(_ notification: Notification) {
+        // 0. One-time migration of pre-1.2.3 sandbox-container history into the
+        //    unsandboxed Application Support directory. No-op after first run.
+        //    Runs BEFORE KeyManager: a re-signed binary can trigger a modal Keychain
+        //    re-authorization prompt that blocks ensureKeyExists for the first few
+        //    seconds, and we don't want migration gated on the user dismissing it.
+        AppPaths.migrateLegacyContainerIfNeeded()
+
         // 1. Encryption key must exist before persistence load.
         do { try KeyManager.shared.ensureKeyExists() }
         catch { Log.crypto.error("ensureKeyExists failed: \(error.localizedDescription, privacy: .private)") }

Clip Board/Clip Board.entitlements

@@ -2,8 +2,25 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<!--
+	Clip-Board is NOT sandboxed. A sandboxed app cannot use
+	NSRunningApplication.activate() to bring a foreign app to the foreground,
+	which makes the "synthesize ⌘V into the previously focused app" auto-paste
+	flow silently fail. Every shipping clipboard manager (Maccy, Paste, Alfred,
+	Raycast) runs unsandboxed for the same reason.
+
+	What we still do for hardening:
+	  • Hardened runtime ON (see Xcode build settings)
+	  • No network entitlements requested or linked (verify: otool -L)
+	  • History encrypted at rest with AES-GCM-256 (key in Keychain,
+	    WhenUnlockedThisDeviceOnly, non-syncable)
+	  • Files 0600, directory 0700, atomic writes
+
+	Reviewers can verify the running binary's entitlements with:
+	  codesign -d --entitlements - "Clip Board.app"
+	-->
 	<key>com.apple.security.app-sandbox</key>
-	<true/>
+	<false/>
 	<key>com.apple.security.network.client</key>
 	<false/>
 	<key>com.apple.security.network.server</key>
@@ -18,7 +35,5 @@
 	<false/>
 	<key>com.apple.security.personal-information.calendars</key>
 	<false/>
-	<key>com.apple.security.files.user-selected.read-only</key>
-	<true/>
 </dict>
 </plist>

Clip Board/History.swift

@@ -460,11 +460,20 @@ final class AutoPaster {
             return
         }
         Log.autopaste.info("Activating target: \(app.localizedName ?? "?", privacy: .public) (pid=\(app.processIdentifier))")
-        app.activate(options: [])
+
+        // macOS 14+ requires the currently-active app to explicitly yield activation
+        // rights before another app can take focus. Without this, our LSUIElement
+        // retains "active app" status after the panel orders out, and the synthesized
+        // ⌘V either lands on us or nowhere. yieldActivation(to:) is the documented
+        // replacement for the legacy `.activateIgnoringOtherApps` option.
+        if #available(macOS 14.0, *) {
+            NSApp.yieldActivation(to: app)
+        }
+        app.activate()
 
         // Wait for the target app to actually be frontmost before injecting the keystroke.
-        // 500ms total budget, polled every 20ms.
-        let deadline = Date().addingTimeInterval(0.5)
+        // 600ms total budget, polled every 20ms.
+        let deadline = Date().addingTimeInterval(0.6)
         waitUntilFrontmost(app: app, deadline: deadline)
     }
 

README.md

@@ -142,11 +142,12 @@ Two verification commands you can run on any downloaded release:
 # 1. Linked libraries — should contain only Apple system frameworks.
 otool -L "Clip Board.app/Contents/MacOS/Clip Board"
 
-# 2. Sandbox entitlements — should show network.client and network.server as <false/>.
+# 2. Entitlements — should show network.client and network.server as <false/>,
+#    and app-sandbox as <false/> (see SECURITY.md for why we're unsandboxed).
 codesign -d --entitlements - "Clip Board.app"
 ```
 
-The entitlements file is checked into the repo at [`Clip Board/Clip Board.entitlements`](Clip%20Board/Clip%20Board.entitlements) — the source of truth a reviewer can diff against the signed binary.
+The entitlements file is checked into the repo at [`Clip Board/Clip Board.entitlements`](Clip%20Board/Clip%20Board.entitlements) — the source of truth a reviewer can diff against the signed binary. **Note:** Clip-Board is not sandboxed, because the macOS App Sandbox blocks `NSRunningApplication.activate()` on a foreign app — which silently breaks auto-paste. Every shipping clipboard manager (Maccy, Paste, Alfred, Raycast) runs unsandboxed for the same reason. See [SECURITY.md](SECURITY.md#sandbox--entitlements) for the full rationale and the hardening we apply in lieu of the sandbox (hardened runtime, no network linkage, AES-GCM at rest, Keychain key).
 
 ### Auto-paste and the Accessibility permission
 
@@ -182,7 +183,7 @@ The floating panel and the menu-bar window share the same SwiftUI root (`SharedH
 1. You copy text → macOS pasteboard updates → `changeCount` increments.
 2. `ClipboardWatcher` polls every 500 ms, detects the change, **skips transient/concealed types**.
 3. Trimmed text → `ItemsViewModel.addItem` → dedupe (move-to-top on exact match) or insert.
-4. After a 300 ms debounce, the items array is snapshotted on the main thread, then handed to the IO queue: **encode → AES-GCM encrypt → atomic write** to the app's sandboxed Application Support directory (`~/Library/Containers/Siddharth.Sangwa.ClipBoard/Data/Library/Application Support/ClipboardManager/history.json.enc` — sandboxed apps can't reach the global `~/Library/Application Support`), file mode `0600`, directory mode `0700`.
+4. After a 300 ms debounce, the items array is snapshotted on the main thread, then handed to the IO queue: **encode → AES-GCM encrypt → atomic write** to `~/Library/Application Support/ClipboardManager/history.json.enc`, file mode `0600`, directory mode `0700`. (Releases ≤ 1.2.2 ran sandboxed and stored under `~/Library/Containers/Siddharth.Sangwa.ClipBoard/Data/Library/Application Support/ClipboardManager/` — 1.2.3 migrates that payload on first launch.)
 5. On launch: load file → decrypt → decode. If anything fails, **quarantine** to `history.broken-<timestamp>` and start fresh.
 
 History is wrapped as `{"version": 1, "items": [...]}` for forward compatibility. The legacy unversioned format is migrated transparently.

SECURITY.md

@@ -59,10 +59,22 @@ When you select an item, Clip-Board writes it to `NSPasteboard.general` (the sys
 
 ## Sandbox & entitlements
 
-The app is sandboxed (`com.apple.security.app-sandbox = true`) with **network entitlements explicitly disabled** (`com.apple.security.network.client = false`, `com.apple.security.network.server = false`). The entitlements file is checked into the repo at [`Clip Board/Clip Board.entitlements`](Clip%20Board/Clip%20Board.entitlements); reviewers can verify the signed binary against it with:
-
-```bash
-codesign -d --entitlements - "Clip Board.app"
-```
+**Clip-Board is not sandboxed**, and this is intentional. The macOS App Sandbox blocks `NSRunningApplication.activate()` on a foreign app, which makes "bring your last-focused app back to front, then synthesize ⌘V into it" silently fail. Every shipping clipboard manager that does cross-app paste injection (Maccy, Paste, Alfred, Raycast) runs unsandboxed for the same reason. Releases prior to 1.2.3 shipped with `app-sandbox = true` set in the project; that was a packaging carry-over from the Xcode template, not a security decision, and it broke auto-paste. As of 1.2.3 the entitlements file explicitly sets it to `false` with an in-file comment explaining why.
+
+What we still do for hardening, in lieu of the sandbox:
+
+- **Hardened runtime ON** (`ENABLE_HARDENED_RUNTIME = YES`) — Library Validation is enforced.
+- **No network entitlements requested or used.** The binary does not link `Network.framework`, `CFNetwork` (except via system Foundation, which is unavoidable but unused for outbound), or third-party HTTP libraries. Verify yourself:
+  ```bash
+  otool -L "Clip Board.app/Contents/MacOS/Clip Board"
+  ```
+  Only Apple system frameworks should be listed.
+- **Network client/server entitlements explicitly `false`** in the checked-in entitlements file at [`Clip Board/Clip Board.entitlements`](Clip%20Board/Clip%20Board.entitlements). These are defaults, but stating them explicitly means a reviewer can diff source vs. signed binary and confirm intent. Verify the signed binary's entitlements with:
+  ```bash
+  codesign -d --entitlements - "Clip Board.app"
+  ```
+- History encrypted at rest with **AES-GCM-256**, key in **Keychain** (`WhenUnlockedThisDeviceOnly`, non-syncable). See the *Cryptographic details* section above.
+- History file mode `0600`, directory mode `0700`, **atomic writes** (no partial-file exposure on crash).
+- History storage lives under `~/Library/Application Support/ClipboardManager/` (the conventional unsandboxed path; previously inside the sandbox container, now plain Application Support).
 
 If you have suggestions for hardening any of the above — particularly key rotation, in-memory protection, or schema integrity — open an issue (for design discussions) or follow the reporting process (for vulnerabilities).