Security
Native power, explicit boundaries.
WebHarness lets web apps reach Mac capabilities through declared intent, local boundaries, runtime consent, and a release path that can grow with the product.
Support Desk
Capability boundary
Identityvisible before open
Local accessdeclared up front
Consentasked when needed
Releaseevidence when wider
Runtime boundary
Harnesses run in a Mac app surface. Native actions move through declared, scoped capability routes.
Consent where it matters
Sensitive local access is not ambient JavaScript power. The app has to declare intent before it can ask.
Visible package identity
Users can understand what the app is, who made it, and what native access it expects.
Release confidence
Managed release turns a proven Harness into a signed app and installer with team-facing evidence.
Security posture
A Harness makes native access visible.
The user should understand the product boundary. The release work stays behind the product surface, shown only as clear confidence signals.
- Capability intent is declared before runtime.
- Native calls are denied outside the Harness boundary.
- Packages have visible identity and permission context.
- Managed release adds evidence when distribution matters.