What I'm saying is that it's very easy now to take some arbitrary task - doing a compile/release cycle for example - and quickly knock up a simple signed macOS .app that sandboxes itself and then invokes the release script as a subprocess. Sandboxing is transitive and the .app itself can authenticate to the OS to obtain creds before passing them to the subprocess.

In the past I've thought about making a quick SaaS that does this for people so they don't have to fiddle with it locally and maybe some day I still will. But you can easily do it locally especially with Xcode and AI now. You wouldn't have to know anything about macOS development.