0

I have been following instructions to build a simple SwiftUI GPT-3 client using the OpenAISwift client library. The app works as expected on iOS but when I try to run a macos version I am getting these errors:

2023-01-02 15:07:14.845094-0500 GPT2[35955:1083936] [] networkd_settings_read_from_file Sandbox is preventing this process from reading networkd settings file at "/Library/Preferences/com.apple.networkd.plist", please add an exception. 2023-01-02 15:07:14.845261-0500 GPT2[35955:1083936] [] networkd_settings_read_from_file Sandbox is preventing this process from reading networkd settings file at "/Library/Preferences/com.apple.networkd.plist", please add an exception. 2023-01-02 15:07:15.078105-0500 GPT2[35955:1086396] [] nw_resolver_can_use_dns_xpc_block_invoke Sandbox does not allow access to com.apple.dnssd.service

I found another macos OpenAIKit project on gitub stating that the following need to be added to info.plist for macos:

<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-only</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.network.server</key>
    <true/>
</dict>
</plist>

but I did not see these choices available in the XCode 14 project properties info section. I would have tried pasting the dict object in to a text version of the info.plist but I could not see a way to edit the info.plist as a text.

Here is the simple code I am using:

import SwiftUI
import OpenAISwift

final class ViewModel: ObservableObject {
    init() {}
    
    private var client: OpenAISwift?
    
    func setup() {
        client = OpenAISwift(authToken: "MYKEYHERE")
       
        
    }
    
    func send(text: String,
        completion: @escaping (String) -> Void) {
            client?.sendCompletion(with: text,
                           maxTokens: 500,
                           completionHandler: {result in
        
        switch result {
        case .success(let model):
            let output = model.choices.first?.text ?? ""
            completion(output)
        case .failure:
            break
        }
    })
}
}

struct ContentView: View {
    @ObservedObject var viewModel = ViewModel()
    @State var text = ""
  @State var models = [String]()
    
    var body: some View {
        VStack(alignment: .leading) {
            ForEach(models, id: \.self) { string in
                Text(string)
            }
            
            Spacer()
            
            HStack {
                TextField("Type here ...", text: $text)
                Button("Send") {
                    send()
                }
            }
        }
        .onAppear{
            viewModel.setup()
        }.padding()
        
    }
    
    func send() {
        guard !text.trimmingCharacters(in: .whitespaces).isEmpty else {
            return
        }
        models.append("Me: \(text)")
        viewModel.send(text: text) { response in
            DispatchQueue.main.async {
                self.models.append("GPT: " + response)
                self.text = ""
            }
            
        }
    }
}

struct ContentView_Previews: PreviewProvider {
    static var previews: some View {
        ContentView()
    }
}

How can I get this multiplatform app running on macos Ventura 13.1? Thanks for any help.

mahal tertin
  • 3,239
  • 24
  • 41
user1974376
  • 141
  • 1
  • 8

2 Answers2

2

I found in the project editor under Signing and capabilities a section for enabling a sandbox. I selected the incoming and outgoing Network connections and that fixed the issue. GPT is now talking to the macos SwiftUI app. I should state that I am not sure what vulnerabilities I might be enablling by doing this if any. I would love to hear from anyone about possible security issues with these two settings checked.

enter image description here

Cerbrus
  • 70,800
  • 18
  • 132
  • 147
user1974376
  • 141
  • 1
  • 8
0

I believe that you have found the answer on how to do it (adding the sandbox capabilities), but you need some more information regarding that to consider the answer complete.

In short those settings make app less secure, but at the level that is generally acceptable. Those settings don't exist on iOS as they are always enabled. As such they don't lead to some serious vulnerabilities.

The first setting allows the app to expand its access to all files that user selects by the open file dialog box (for this I am not even certain how this expands the security, though technically it does).

The second setting allows the app to access the internet. By default Mac apps cannot access the internet at all. This makes sense to provide additional security/privacy for some type of apps (e.g. enterprise apps or file managers), but some generally accepted things (like collecting analytics and crash reports) require this permission.

The third setting allows the app to be a sort of internet server. This is definitely a bit more of potential security problem, but as the app is still sandboxed in its access to the computer as long as the sandbox is working as expected this doesn't represent some big door for intruders either.

Ivan Ičin
  • 9,672
  • 5
  • 36
  • 57