Sandboxed vs. Non Sandboxed
In macOS a given app can or cannot be sandboxed and since macOS Sierra non App Store apps can access iCloud APIs so could be a non-sandboxed app using this locations to sync data.
So if you want to access a sandboxed iCloud location you should go to the app container and use it as the home path.
$SANDBOXED_CONTAINER = ~/Library/Container/com.example.app/Data
Each app can have one or more document containers inside named with its Bundle ID:
The information and details of each container are stored here:
The info is stored in a plist file with the name of the container for example:
And the icons are stored in a folder with the name of the container:
iCloud.com.pvieito.Example/40x40_iOS.png iCloud.com.pvieito.Example/80x80_iOS.png iCloud.com.pvieito.Example/120x120_iOS.png
This synced data is stored as a property list file in:
CloudKit works online but macOS stores a cache of its contents in a folder appropriately called CloudKit: