Scheudle timer on mian

.github/workflows/add-to-project.yml

@@ -10,7 +10,7 @@ jobs:
     name: Add issue to project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/add-to-project@v1.0.1
+      - uses: actions/add-to-project@v0.0.3
         with:
           project-url: https://github.com/users/maxgoedjen/projects/1
           github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}

.github/workflows/nightly.yml

@@ -5,8 +5,8 @@ on:
     - cron: "0 8 * * *"
 jobs:
   build:
-#     runs-on: macOS-latest
-    runs-on: macos-14
+#     runs-on: macOS-latest-xlarge
+    runs-on: macos-13-xlarge
     timeout-minutes: 10
     steps:
     - uses: actions/checkout@v4
@@ -20,7 +20,7 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_15.4.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_15.2.app
     - name: Update Build Number
       env:
         RUN_ID: ${{ github.run_id }}
@@ -48,7 +48,7 @@ jobs:
             shasum -a 256 Secretive.zip
             shasum -a 256 Archive.zip
     - name: Upload App to Artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: Secretive.zip
         path: Secretive.zip

.github/workflows/release.yml

@@ -6,8 +6,8 @@ on:
       - '*'
 jobs:
   test:
-#     runs-on: macOS-latest
-    runs-on: macos-14
+#     runs-on: macOS-latest-xlarge
+    runs-on: macos-13-xlarge
     timeout-minutes: 10
     steps:
     - uses: actions/checkout@v4
@@ -21,7 +21,7 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_15.4.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_15.2.app
     - name: Test
       run: |
             pushd Sources/Packages
@@ -29,7 +29,7 @@ jobs:
             popd
   build:
 #     runs-on: macOS-latest
-    runs-on: macos-14
+    runs-on: macos-13
     timeout-minutes: 10
     steps:
     - uses: actions/checkout@v4
@@ -43,7 +43,7 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_15.4.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_15.2.app
     - name: Update Build Number
       env:
         TAG_NAME: ${{ github.ref }}
@@ -107,12 +107,12 @@ jobs:
         asset_name: Secretive.zip
         asset_content_type: application/zip
     - name: Upload App to Artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v1
       with:
         name: Secretive.zip
         path: Secretive.zip
     - name: Upload Archive to Artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v1
       with:
         name: Xcode_Archive.zip
         path: Archive.zip

.github/workflows/test.yml

@@ -3,13 +3,13 @@ name: Test
 on: [push, pull_request]
 jobs:
   test:
-#     runs-on: macOS-latest
-    runs-on: macos-14
+#     runs-on: macOS-latest-xlarge
+    runs-on: macos-13-xlarge
     timeout-minutes: 10
     steps:
     - uses: actions/checkout@v4
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_15.4.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_15.2.app
     - name: Test
       run: |
             pushd Sources/Packages

Sources/Packages/Package.swift

@@ -34,12 +34,12 @@ let package = Package(
         .target(
             name: "SecretKit",
             dependencies: [],
-            swiftSettings: [.unsafeFlags(["-warnings-as-errors"])]
+            swiftSettings: [.enableExperimentalFeature("StrictConcurrency"), .unsafeFlags(["-warnings-as-errors"])]
         ),
         .testTarget(
             name: "SecretKitTests",
             dependencies: ["SecretKit", "SecureEnclaveSecretKit", "SmartCardSecretKit"],
-            swiftSettings: [.unsafeFlags(["-warnings-as-errors"])]
+            swiftSettings: [.enableExperimentalFeature("StrictConcurrency"), .unsafeFlags(["-warnings-as-errors"])]
         ),
         .target(
             name: "SecureEnclaveSecretKit",
@@ -49,12 +49,12 @@ let package = Package(
         .target(
             name: "SmartCardSecretKit",
             dependencies: ["SecretKit"],
-            swiftSettings: [.unsafeFlags(["-warnings-as-errors"])]
+            swiftSettings: [.enableExperimentalFeature("StrictConcurrency"), .unsafeFlags(["-warnings-as-errors"])]
         ),
         .target(
             name: "SecretAgentKit",
             dependencies: ["SecretKit", "SecretAgentKitHeaders"],
-            swiftSettings: [.unsafeFlags(["-warnings-as-errors"])]
+            swiftSettings: [.enableExperimentalFeature("StrictConcurrency"), .unsafeFlags(["-warnings-as-errors"])]
         ),
         .systemLibrary(
             name: "SecretAgentKitHeaders"

Sources/Packages/Sources/SecretAgentKit/Agent.swift

@@ -35,7 +35,7 @@ extension Agent {
     ///   - writer: A ``FileHandleWriter`` to write the response to.
     /// - Return value: 
     ///   - Boolean if data could be read
-    @discardableResult public func handle(reader: FileHandleReader, writer: FileHandleWriter) async -> Bool {
+    @discardableResult @Sendable public func handle(reader: FileHandleReader, writer: FileHandleWriter) async -> Bool {
         logger.debug("Agent handling new data")
         let data = Data(reader.availableData)
         guard data.count > 4 else { return false}

Sources/Packages/Sources/SecretKit/Types/Secret.swift

@@ -17,7 +17,7 @@ public protocol Secret: Identifiable, Hashable {
 }
 
 /// The type of algorithm the Secret uses. Currently, only elliptic curve algorithms are supported.
-public enum Algorithm: Hashable {
+public enum Algorithm: Hashable, Sendable {
 
     case ellipticCurve
     case rsa

Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveSecret.swift

@@ -5,7 +5,7 @@ import SecretKit
 extension SecureEnclave {
 
     /// An implementation of Secret backed by the Secure Enclave.
-    public struct Secret: SecretKit.Secret {
+    public struct Secret: SecretKit.Secret, Sendable {
 
         public let id: Data
         public let name: String

Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift

@@ -180,7 +180,7 @@ extension SecureEnclave {
 
         public func persistAuthentication(secret: Secret, forDuration duration: TimeInterval) throws {
             let newContext = LAContext()
-            newContext.touchIDAuthenticationAllowableReuseDuration = duration
+            newContext.touchIDAuthenticationAllowableReuseDuration = max(duration, LATouchIDAuthenticationMaximumAllowableReuseDuration)
             newContext.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
 
             let formatter = DateComponentsFormatter()
@@ -196,6 +196,23 @@ extension SecureEnclave {
                 guard success else { return }
                 let context = PersistentAuthenticationContext(secret: secret, context: newContext, duration: duration)
                 self?.persistedAuthenticationContexts[secret] = context
+                // Contexts will expire within LATouchIDAuthenticationMaximumAllowableReuseDuration unless we periodically refresh them
+                if duration > LATouchIDAuthenticationMaximumAllowableReuseDuration {
+                    DispatchQueue.main.async {
+                        Timer.scheduledTimer(withTimeInterval: LATouchIDAuthenticationMaximumAllowableReuseDuration - 10, repeats: true) { [weak self] timer in
+                            print("Refreshing context")
+                            guard let refreshContext = self?.persistedAuthenticationContexts[secret] else { return }
+                            guard refreshContext.valid else {
+                                timer.invalidate()
+                                return
+                            }
+                            refreshContext.context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "Refresh") { success, _ in
+                                guard success else { return }
+                                print("Refreshed")
+                            }
+                        }
+                    }
+                }
             }
         }
 
@@ -211,7 +228,7 @@ extension SecureEnclave.Store {
 
     /// Reloads all secrets from the store.
     /// - Parameter notifyAgent: A boolean indicating whether a distributed notification should be posted, notifying other processes (ie, the SecretAgent) to reload their stores as well.
-    private func reloadSecretsInternal(notifyAgent: Bool = true) {
+    @Sendable private func reloadSecretsInternal(notifyAgent: Bool = true) {
         let before = secrets
         secrets.removeAll()
         loadSecrets()

Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift

@@ -117,7 +117,7 @@ extension SmartCard {
 
 extension SmartCard.Store {
 
-    private func reloadSecretsInternal() {
+    @Sendable private func reloadSecretsInternal() {
         self.isAvailable = self.tokenID != nil
         let before = self.secrets
         self.secrets.removeAll()

Sources/Secretive.xcodeproj/project.pbxproj

@@ -433,9 +433,6 @@
 				fr,
 				de,
 				"pt-BR",
-				fi,
-				ko,
-				ca,
 			);
 			mainGroup = 50617D7623FCE48D0099B055;
 			productRefGroup = 50617D8023FCE48E0099B055 /* Products */;
@@ -614,7 +611,7 @@
 				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
 				MTL_FAST_MATH = YES;
 				ONLY_ACTIVE_ARCH = YES;
-				OTHER_SWIFT_FLAGS = "";
+				OTHER_SWIFT_FLAGS = "-Xfrontend -warn-concurrency -Xfrontend -enable-actor-data-race-checks";
 				SDKROOT = macosx;
 				STRIP_INSTALLED_PRODUCT = NO;
 				STRIP_SWIFT_SYMBOLS = NO;
@@ -673,7 +670,7 @@
 				MACOSX_DEPLOYMENT_TARGET = 11.0;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				MTL_FAST_MATH = YES;
-				OTHER_SWIFT_FLAGS = "";
+				OTHER_SWIFT_FLAGS = "-Xfrontend -warn-concurrency -Xfrontend -enable-actor-data-race-checks";
 				SDKROOT = macosx;
 				STRIP_INSTALLED_PRODUCT = NO;
 				STRIP_SWIFT_SYMBOLS = NO;
@@ -707,6 +704,7 @@
 				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "";
+				SWIFT_STRICT_CONCURRENCY = complete;
 				SWIFT_VERSION = 5.0;
 			};
 			name = Debug;
@@ -735,6 +733,7 @@
 				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "Secretive - Host";
+				SWIFT_STRICT_CONCURRENCY = complete;
 				SWIFT_VERSION = 5.0;
 			};
 			name = Release;
@@ -837,7 +836,7 @@
 				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
 				MTL_FAST_MATH = YES;
 				ONLY_ACTIVE_ARCH = YES;
-				OTHER_SWIFT_FLAGS = "";
+				OTHER_SWIFT_FLAGS = "-Xfrontend -warn-concurrency -Xfrontend -enable-actor-data-race-checks";
 				SDKROOT = macosx;
 				STRIP_INSTALLED_PRODUCT = NO;
 				STRIP_SWIFT_SYMBOLS = NO;
@@ -867,6 +866,7 @@
 				MARKETING_VERSION = 1;
 				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				SWIFT_STRICT_CONCURRENCY = complete;
 				SWIFT_VERSION = 5.0;
 			};
 			name = Test;
@@ -911,6 +911,7 @@
 				MARKETING_VERSION = 1;
 				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				SWIFT_STRICT_CONCURRENCY = complete;
 				SWIFT_VERSION = 5.0;
 			};
 			name = Test;
@@ -935,6 +936,7 @@
 				MARKETING_VERSION = 1;
 				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				SWIFT_STRICT_CONCURRENCY = complete;
 				SWIFT_VERSION = 5.0;
 			};
 			name = Debug;
@@ -961,6 +963,7 @@
 				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "Secretive - Secret Agent";
+				SWIFT_STRICT_CONCURRENCY = complete;
 				SWIFT_VERSION = 5.0;
 			};
 			name = Release;