Context: Working on dotfiles (.config) (main)
Investigated why macOS System Settings shows 6 entries for “sh” from “unidentified developer” under Allow in Background. Turns out all 6 are Nix-related launchd agents that use /bin/sh -c "/bin/wait4path /nix/store && exec <binary>" as their entry point. 4 from Home Manager (aerospace, atuin-daemon, jankyborders, tldr-update) and 2 from the Nix installer (darwin-store, nix-daemon).
Fixed the 4 HM agents by adding AssociatedBundleIdentifiers to each plist via Home Manager’s freeform launchd config. AeroSpace gets its real bundle ID (bobko.aerospace), the CLI tools (atuin, borders, tldr) get associated with Ghostty (com.mitchellh.ghostty).
Still need to run sudo sfltool resetbtm + reboot to clear the cached BTM database, but that also wipes “Open at Login” items which don’t auto-restore. Will do that manually when convenient.