Add missing multicast entitlement for macOS local network permission

[Copilot]

Summary

macOS Catalyst app cannot request local network permission, preventing connection to local Home Assistant instances. The app has NSLocalNetworkUsageDescription and NSBonjourServices configured, but lacks the required sandbox entitlements to trigger the permission dialog.

Added com.apple.developer.networking.multicast and com.apple.security.network.server entitlements to App-catalyst.entitlements. These enable Bonjour/mDNS discovery and trigger the system permission prompt when NetServiceBrowser attempts local network access.

File Changed: Configuration/Entitlements/App-catalyst.entitlements

<key>com.apple.developer.networking.multicast</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>

Affects only macOS Catalyst builds. iOS entitlements unchanged.

Screenshots

N/A - Entitlement change only, no UI modifications

Link to pull request in Documentation repository

Documentation: home-assistant/companion.home-assistant#

Any other notes

This resolves the issue where the app never appears in System Settings → Privacy & Security → Local Network on macOS Sequoia (15.x) and Tahoe (26.x). After this change, users will see the permission prompt on first local network discovery attempt.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>macOS Tahoe (26.x): App doesn't request local network permission, cannot connect to local instance</issue_title>
<issue_description>## Platform

• OS: macOS Tahoe 26.2 (Build 25C56)
• Hardware: MacBook
• App: Home Assistant Companion (Catalyst app from App Store)

Problem Description

The Home Assistant Companion app on macOS Tahoe cannot connect to local Home Assistant instances because it fails to request the "Local Network" permission during onboarding or normal operation.

Observed Behavior

1. App never appears in: System Settings → Privacy & Security → Local Network
2. Connection attempts fail with errors like:
   • NSURLErrorDomain -1003
   • "Unable to connect. The server with the specified hostname could not be found"
3. Browser (Safari/Chrome) on same Mac successfully connects to http://192.168.0.241:8123
4. Home Assistant server is confirmed working (accessible from other devices)

Expected Behavior

• App should request local network permission during initial setup
• App should appear in Local Network privacy settings
• App should connect to local HA instance when on same network

Impact

Critical for Mac automation users: Cannot access Mac-specific sensors:

• binary_sensor.active (Mac activity state)
• sensor.frontmost_app (current app)
• binary_sensor.camera_in_use / audio_input_in_use
• sensor.storage, sensor.displays, etc.

These sensors are essential for Mac presence detection, focus mode automations, and system monitoring.

Workarounds Attempted

1. ✅ Server config: Added internal_url and server_host = "0.0.0.0" to HA config
2. ❌ Remove/re-add server: Doesn't trigger permission prompt
3. ✅ Browser access: Works, but loses all Mac sensor functionality
4. ⚠️ Recovery mode reset: Requires booting to Recovery Mode and manually deleting /Volumes/Data/Library/Preferences/com.apple.networkextension.*.plist (see guide)

Technical Context

This appears to be a macOS Catalyst-specific issue affecting macOS Sequoia (15.x) and Tahoe (26.x). The iOS version of the app properly requests and obtains local network permissions.

Apple's Local Network Permission Requirements:

• Introduced in iOS 14 / macOS Big Sur
• Requires explicit user consent
• Cannot be manually granted without app requesting it
• Stored in SIP-protected files (not resettable via tccutil)

Reproduction Steps

1. Install HA Companion app from Mac App Store
2. Launch app and attempt to connect to local HA instance (e.g., http://192.168.0.241:8123)
3. Observe connection failure
4. Check System Settings → Privacy & Security → Local Network
5. Note: App is not listed

Additional Information

• Same issue reported in Community Forum (Jan 2025)
• No existing GitHub issue tracking this problem
• Affects both fresh installs and upgrades

Suggested Fix

App should explicitly request local network access using NSLocalNetworkUsageDescription and trigger the system permission prompt during:

1. Initial onboarding when entering local URL
2. First connection attempt to local network address
3. Optionally: Add manual "Request Permission" button in settings

---

Note: This prevents macOS users from leveraging the full Home Assistant ecosystem for Mac automation and sensor integration.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes macOS Tahoe (26.x): App doesn't request local network permission, cannot connect to local instance #4192

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@af979b0). Learn more about missing BASE report.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4193   +/-   ##
=======================================
  Coverage        ?   44.85%           
=======================================
  Files           ?      250           
  Lines           ?    14410           
  Branches        ?        0           
=======================================
  Hits            ?     6464           
  Misses          ?     7946           
  Partials        ?        0           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.