@mmerterden/multi-agent-pipeline 8.6.1 → 10.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +544 -2484
- package/README.md +117 -138
- package/docs/features.md +1 -1
- package/index.js +8 -10
- package/install/_adapters.mjs +5 -1
- package/install/_common.mjs +63 -0
- package/install/claude.mjs +14 -14
- package/install/copilot.mjs +14 -8
- package/install/index.mjs +85 -19
- package/install/templates/claude-hooks.json +18 -0
- package/install/templates/copilot-instructions.md +3 -3
- package/package.json +21 -6
- package/pipeline/adapters/_base.mjs +366 -14
- package/pipeline/adapters/antigravity.mjs +140 -0
- package/pipeline/adapters/codex.mjs +159 -0
- package/pipeline/adapters/copilot-chat-orchestration.mjs +148 -0
- package/pipeline/adapters/copilot-chat.mjs +34 -68
- package/pipeline/adapters/cursor-orchestration.mjs +152 -0
- package/pipeline/adapters/cursor.mjs +49 -90
- package/pipeline/agents/android-architect.md +5 -5
- package/pipeline/agents/backend-architect.md +4 -4
- package/pipeline/agents/code-reviewer.md +10 -10
- package/pipeline/agents/dev-critic.md +17 -17
- package/pipeline/agents/explorer.md +3 -3
- package/pipeline/agents/ios-architect.md +4 -4
- package/pipeline/agents/security-auditor.md +12 -12
- package/pipeline/agents/task-clarifier.md +18 -18
- package/pipeline/claude-md-template.md +3 -3
- package/pipeline/commands/archive-guard.md +3 -3
- package/pipeline/commands/figma-to-swiftui.md +10 -10
- package/pipeline/commands/multi-agent/_account-picker.md +13 -9
- package/pipeline/commands/multi-agent/_dev-context.md +15 -15
- package/pipeline/commands/multi-agent/_input-parser.md +4 -4
- package/pipeline/commands/multi-agent/_repo-picker.md +9 -9
- package/pipeline/commands/multi-agent/analysis-resolve.md +129 -0
- package/pipeline/commands/multi-agent/analysis.md +667 -0
- package/pipeline/commands/multi-agent/autopilot.md +22 -22
- package/pipeline/commands/multi-agent/build-optimize.md +77 -0
- package/pipeline/commands/multi-agent/channels.md +96 -96
- package/pipeline/commands/multi-agent/delete.md +19 -17
- package/pipeline/commands/multi-agent/dev-autopilot.md +23 -23
- package/pipeline/commands/multi-agent/dev-local-autopilot.md +23 -23
- package/pipeline/commands/multi-agent/dev-local.md +25 -22
- package/pipeline/commands/multi-agent/dev.md +49 -49
- package/pipeline/commands/multi-agent/diff-explain.md +4 -4
- package/pipeline/commands/multi-agent/garbage-collect.md +58 -0
- package/pipeline/commands/multi-agent/help.md +75 -66
- package/pipeline/commands/multi-agent/issue.md +3 -3
- package/pipeline/commands/multi-agent/jira.md +12 -12
- package/pipeline/commands/multi-agent/kill.md +6 -6
- package/pipeline/commands/multi-agent/language.md +12 -12
- package/pipeline/commands/multi-agent/local-autopilot.md +34 -34
- package/pipeline/commands/multi-agent/local.md +24 -25
- package/pipeline/commands/multi-agent/log.md +6 -6
- package/pipeline/commands/multi-agent/manual-test.md +3 -3
- package/pipeline/commands/multi-agent/prune-logs.md +60 -0
- package/pipeline/commands/multi-agent/purge.md +10 -7
- package/pipeline/commands/multi-agent/refactor.md +9 -9
- package/pipeline/commands/multi-agent/refs/analysis-template.md +1062 -0
- package/pipeline/commands/multi-agent/refs/android-guide.md +15 -13
- package/pipeline/commands/multi-agent/refs/audit-guide.md +20 -20
- package/pipeline/commands/multi-agent/refs/backend-guide.md +9 -9
- package/pipeline/commands/multi-agent/refs/channels/confluence.md +17 -17
- package/pipeline/commands/multi-agent/refs/channels/issue-comment.md +30 -30
- package/pipeline/commands/multi-agent/refs/channels/jira.md +15 -15
- package/pipeline/commands/multi-agent/refs/channels/pr-review-actions.md +19 -17
- package/pipeline/commands/multi-agent/refs/channels/pr.md +22 -22
- package/pipeline/commands/multi-agent/refs/channels/wiki.md +19 -19
- package/pipeline/commands/multi-agent/refs/component-dispatch.md +11 -11
- package/pipeline/commands/multi-agent/refs/conventions-defaults.md +179 -0
- package/pipeline/commands/multi-agent/refs/cross-cli-contract.md +35 -33
- package/pipeline/commands/multi-agent/refs/features/dev-critic.md +5 -5
- package/pipeline/commands/multi-agent/refs/features/external-context-injection.md +6 -6
- package/pipeline/commands/multi-agent/refs/features/model-fallback.md +73 -0
- package/pipeline/commands/multi-agent/refs/features/plan-todos.md +1 -1
- package/pipeline/commands/multi-agent/refs/features/prior-fix-detection.md +4 -4
- package/pipeline/commands/multi-agent/refs/features/repo-map.md +6 -6
- package/pipeline/commands/multi-agent/refs/features/shadow-git.md +2 -2
- package/pipeline/commands/multi-agent/refs/frontend-guide.md +16 -16
- package/pipeline/commands/multi-agent/refs/issue-jira-triad.md +18 -18
- package/pipeline/commands/multi-agent/refs/keychain.md +18 -8
- package/pipeline/commands/multi-agent/refs/knowledge.md +9 -9
- package/pipeline/commands/multi-agent/refs/multi-repo-integration-build.md +19 -19
- package/pipeline/commands/multi-agent/refs/phases/log-format.md +29 -9
- package/pipeline/commands/multi-agent/refs/phases/modes.md +33 -33
- package/pipeline/commands/multi-agent/refs/phases/operations.md +11 -11
- package/pipeline/commands/multi-agent/refs/phases/phase-0-init.md +93 -57
- package/pipeline/commands/multi-agent/refs/phases/phase-1-analysis.md +59 -28
- package/pipeline/commands/multi-agent/refs/phases/phase-2-planning.md +115 -63
- package/pipeline/commands/multi-agent/refs/phases/phase-3-dev.md +99 -36
- package/pipeline/commands/multi-agent/refs/phases/phase-4-review.md +160 -63
- package/pipeline/commands/multi-agent/refs/phases/phase-5-test.md +33 -18
- package/pipeline/commands/multi-agent/refs/phases/phase-6-commit.md +45 -43
- package/pipeline/commands/multi-agent/refs/phases/phase-7-report.md +54 -28
- package/pipeline/commands/multi-agent/refs/phases.md +17 -17
- package/pipeline/commands/multi-agent/refs/picker-contract.md +65 -0
- package/pipeline/commands/multi-agent/refs/progress-contract.md +37 -21
- package/pipeline/commands/multi-agent/refs/rules.md +83 -25
- package/pipeline/commands/multi-agent/refs/swiftui-guide.md +32 -30
- package/pipeline/commands/multi-agent/refs/tracker-contract.md +54 -30
- package/pipeline/commands/multi-agent/refs/wiki-capture.md +36 -33
- package/pipeline/commands/multi-agent/resume.md +9 -9
- package/pipeline/commands/multi-agent/review.md +24 -24
- package/pipeline/commands/multi-agent/scan.md +10 -10
- package/pipeline/commands/multi-agent/search.md +8 -8
- package/pipeline/commands/multi-agent/setup.md +111 -84
- package/pipeline/commands/multi-agent/stack.md +5 -5
- package/pipeline/commands/multi-agent/status.md +5 -5
- package/pipeline/commands/multi-agent/sync.md +123 -111
- package/pipeline/commands/multi-agent/test.md +6 -6
- package/pipeline/commands/multi-agent/update.md +1 -1
- package/pipeline/commands/multi-agent.md +66 -60
- package/pipeline/commands/sim-test.md +14 -14
- package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-1-analysis.json +1 -1
- package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-4-review.json +2 -2
- package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-4-triage.json +2 -2
- package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/metadata.json +1 -1
- package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-1-analysis.json +2 -2
- package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-4-review.json +3 -3
- package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-4-triage.json +4 -4
- package/pipeline/eval/golden-tasks/02-android-feature-compose/metadata.json +1 -1
- package/pipeline/eval/golden-tasks/02-android-feature-compose/task.json +1 -1
- package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/expected/phase-1-analysis.json +29 -0
- package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/expected/phase-2-plan.json +42 -0
- package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/expected/phase-4-review.json +20 -0
- package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/expected/phase-4-triage.json +15 -0
- package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/metadata.json +14 -0
- package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/task.json +12 -0
- package/pipeline/eval/golden-tasks/04-frontend-next-hydration/expected/phase-1-analysis.json +29 -0
- package/pipeline/eval/golden-tasks/04-frontend-next-hydration/expected/phase-2-plan.json +40 -0
- package/pipeline/eval/golden-tasks/04-frontend-next-hydration/expected/phase-4-review.json +20 -0
- package/pipeline/eval/golden-tasks/04-frontend-next-hydration/expected/phase-4-triage.json +15 -0
- package/pipeline/eval/golden-tasks/04-frontend-next-hydration/metadata.json +14 -0
- package/pipeline/eval/golden-tasks/04-frontend-next-hydration/task.json +12 -0
- package/pipeline/eval/golden-tasks/05-ios-security-keychain/expected/phase-1-analysis.json +29 -0
- package/pipeline/eval/golden-tasks/05-ios-security-keychain/expected/phase-2-plan.json +42 -0
- package/pipeline/eval/golden-tasks/05-ios-security-keychain/expected/phase-4-review.json +28 -0
- package/pipeline/eval/golden-tasks/05-ios-security-keychain/expected/phase-4-triage.json +27 -0
- package/pipeline/eval/golden-tasks/05-ios-security-keychain/metadata.json +14 -0
- package/pipeline/eval/golden-tasks/05-ios-security-keychain/task.json +12 -0
- package/pipeline/eval/golden-tasks/06-android-refactor-usecase/expected/phase-1-analysis.json +29 -0
- package/pipeline/eval/golden-tasks/06-android-refactor-usecase/expected/phase-2-plan.json +41 -0
- package/pipeline/eval/golden-tasks/06-android-refactor-usecase/expected/phase-4-review.json +12 -0
- package/pipeline/eval/golden-tasks/06-android-refactor-usecase/expected/phase-4-triage.json +6 -0
- package/pipeline/eval/golden-tasks/06-android-refactor-usecase/metadata.json +14 -0
- package/pipeline/eval/golden-tasks/06-android-refactor-usecase/task.json +12 -0
- package/pipeline/eval/golden-tasks/07-backend-node-idempotency/expected/phase-1-analysis.json +29 -0
- package/pipeline/eval/golden-tasks/07-backend-node-idempotency/expected/phase-2-plan.json +42 -0
- package/pipeline/eval/golden-tasks/07-backend-node-idempotency/expected/phase-4-review.json +28 -0
- package/pipeline/eval/golden-tasks/07-backend-node-idempotency/expected/phase-4-triage.json +27 -0
- package/pipeline/eval/golden-tasks/07-backend-node-idempotency/metadata.json +14 -0
- package/pipeline/eval/golden-tasks/07-backend-node-idempotency/task.json +12 -0
- package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/expected/phase-1-analysis.json +25 -0
- package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/expected/phase-2-plan.json +31 -0
- package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/expected/phase-4-review.json +12 -0
- package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/expected/phase-4-triage.json +18 -0
- package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/metadata.json +14 -0
- package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/task.json +12 -0
- package/pipeline/eval/golden-tasks/README.md +14 -14
- package/pipeline/eval/intent-cases.json +40 -0
- package/pipeline/eval/run-metrics-fixture.json +46 -0
- package/pipeline/eval/triage/01-empty-findings/notes.md +1 -1
- package/pipeline/eval/triage/02-real-blocker/notes.md +2 -2
- package/pipeline/eval/triage/03-out-of-scope-defer/notes.md +1 -1
- package/pipeline/eval/triage/04-false-positive-reject/notes.md +1 -1
- package/pipeline/eval/triage/05-mixed-classification/notes.md +2 -2
- package/pipeline/eval/triage/06-severity-mismatch/notes.md +2 -2
- package/pipeline/eval/triage/07-duplicate-reviewers/notes.md +1 -1
- package/pipeline/eval/triage/08-style-misclassified/notes.md +1 -1
- package/pipeline/eval/triage/09-cascading-finding/notes.md +2 -2
- package/pipeline/eval/triage/10-deferred-crossref/notes.md +2 -2
- package/pipeline/eval/triage/11-vercel-token-leak-blocker/expected.json +3 -3
- package/pipeline/eval/triage/11-vercel-token-leak-blocker/input.json +2 -2
- package/pipeline/eval/triage/11-vercel-token-leak-blocker/notes.md +5 -5
- package/pipeline/eval/triage/README.md +4 -4
- package/pipeline/lib/account-resolver.sh +3 -3
- package/pipeline/lib/ask-choice.sh +98 -0
- package/pipeline/lib/channels-multi-repo.sh +3 -3
- package/pipeline/lib/classify-intent.sh +110 -0
- package/pipeline/lib/context-link-extractor.sh +3 -3
- package/pipeline/lib/credential-store-resolver.sh +3 -3
- package/pipeline/lib/credential-store.sh +9 -5
- package/pipeline/lib/extract-conventions.sh +1034 -0
- package/pipeline/lib/fetch-confluence.sh +3 -3
- package/pipeline/lib/fetch-crashlytics.sh +5 -5
- package/pipeline/lib/fetch-fortify.sh +5 -21
- package/pipeline/lib/fetch-swagger.sh +5 -5
- package/pipeline/lib/figma-screenshot.sh +536 -0
- package/pipeline/lib/issue-fetcher.sh +46 -20
- package/pipeline/lib/md2confluence-v3.py +1076 -0
- package/pipeline/lib/multi-repo-pipeline.sh +13 -22
- package/pipeline/lib/plan-todos.sh +7 -7
- package/pipeline/lib/post-pr-review.sh +53 -21
- package/pipeline/lib/repo-cache.sh +5 -5
- package/pipeline/lib/review-watch.sh +17 -13
- package/pipeline/lib/shadow-git.sh +7 -7
- package/pipeline/lib/submodule-detector.sh +3 -3
- package/pipeline/lib/vercel-deploy.sh +28 -15
- package/pipeline/preferences-template.json +21 -4
- package/pipeline/rules/app-store-guidelines.md +2 -2
- package/pipeline/rules/code-style.md +6 -6
- package/pipeline/rules/figma-pipeline.md +100 -2
- package/pipeline/rules/kotlin-android.md +8 -8
- package/pipeline/rules/security.md +4 -4
- package/pipeline/rules/tdd.md +1 -1
- package/pipeline/rules/testing.md +5 -5
- package/pipeline/schemas/agent-state.schema.json +55 -20
- package/pipeline/schemas/analysis-output.schema.json +7 -2
- package/pipeline/schemas/analysis-spec.schema.json +484 -0
- package/pipeline/schemas/clarify-output.schema.json +5 -5
- package/pipeline/schemas/conventions-output.schema.json +70 -0
- package/pipeline/schemas/dev-critic-output.schema.json +2 -2
- package/pipeline/schemas/diff-risk.schema.json +3 -3
- package/pipeline/schemas/figma-project-config.schema.json +3 -3
- package/pipeline/schemas/learnings-ledger.schema.json +39 -0
- package/pipeline/schemas/migrations/README.md +2 -2
- package/pipeline/schemas/migrations/figma-config-1.0.0-to-2.0.0.mjs +5 -5
- package/pipeline/schemas/migrations/prefs-2.0.0-to-2.1.0.mjs +3 -3
- package/pipeline/schemas/migrations/prefs-2.1.0-to-2.2.0.mjs +4 -4
- package/pipeline/schemas/migrations/prefs-2.2.0-to-2.3.0.mjs +5 -5
- package/pipeline/schemas/migrations/state-2.0.0-to-2.1.0.mjs +3 -3
- package/pipeline/schemas/plan-todos.schema.json +4 -4
- package/pipeline/schemas/planning-output.schema.json +3 -3
- package/pipeline/schemas/prefs.schema.json +97 -13
- package/pipeline/schemas/reviewer-output.schema.json +7 -3
- package/pipeline/schemas/test-gap.schema.json +1 -1
- package/pipeline/schemas/token-budget.json +8 -8
- package/pipeline/schemas/triage-corpus.schema.json +1 -1
- package/pipeline/schemas/triage-output.schema.json +44 -6
- package/pipeline/scripts/README.md +64 -64
- package/pipeline/scripts/aggregate-metrics.mjs +55 -16
- package/pipeline/scripts/audit-log-rotate.sh +3 -3
- package/pipeline/scripts/audit-log.sh +20 -7
- package/pipeline/scripts/benchmark-phase-0.sh +6 -6
- package/pipeline/scripts/build-skills-index.mjs +15 -15
- package/pipeline/scripts/check-md-links.mjs +59 -0
- package/pipeline/scripts/classify-plan-safety.mjs +24 -18
- package/pipeline/scripts/cost-budget-check.mjs +160 -0
- package/pipeline/scripts/cost-table.json +23 -13
- package/pipeline/scripts/diff-explain.mjs +12 -12
- package/pipeline/scripts/diff-risk-score.mjs +18 -17
- package/pipeline/scripts/eval-golden-tasks-live.mjs +13 -10
- package/pipeline/scripts/eval-golden-tasks.mjs +3 -14
- package/pipeline/scripts/eval-intent.mjs +103 -0
- package/pipeline/scripts/eval-triage.mjs +3 -3
- package/pipeline/scripts/evidence-gate.mjs +155 -0
- package/pipeline/scripts/fixtures/install-layout.tsv +9 -9
- package/pipeline/scripts/gc-tmp.sh +102 -0
- package/pipeline/scripts/gen-mode-dispatch.mjs +27 -21
- package/pipeline/scripts/gen-skills-index.mjs +6 -6
- package/pipeline/scripts/github-ssh-setup.sh +1 -1
- package/pipeline/scripts/keychain-save.sh +1 -1
- package/pipeline/scripts/keychain.py +6 -6
- package/pipeline/scripts/learnings-ledger.mjs +284 -0
- package/pipeline/scripts/lint-skills.mjs +80 -0
- package/pipeline/scripts/log-metric.sh +18 -9
- package/pipeline/scripts/match-skills.mjs +13 -8
- package/pipeline/scripts/memory-load.sh +3 -3
- package/pipeline/scripts/memory-save.sh +5 -5
- package/pipeline/scripts/migrate-prefs.mjs +17 -17
- package/pipeline/scripts/migrate-state.mjs +12 -12
- package/pipeline/scripts/output-quality-check.sh +7 -7
- package/pipeline/scripts/phase-banner.sh +5 -5
- package/pipeline/scripts/phase-tracker.sh +90 -53
- package/pipeline/scripts/pre-commit-check.sh +45 -5
- package/pipeline/scripts/pre-push-check.sh +7 -7
- package/pipeline/scripts/prune-logs.sh +118 -0
- package/pipeline/scripts/render-agent-log-cost.sh +55 -18
- package/pipeline/scripts/render-cost-summary.sh +9 -9
- package/pipeline/scripts/render-work-summary.sh +4 -4
- package/pipeline/scripts/repo-map.mjs +9 -9
- package/pipeline/scripts/run-aggregator.mjs +7 -6
- package/pipeline/scripts/run-metrics.mjs +129 -0
- package/pipeline/scripts/run-smokes.mjs +76 -0
- package/pipeline/scripts/scan-skills.sh +11 -11
- package/pipeline/scripts/search-logs.sh +8 -8
- package/pipeline/scripts/sign-skills.sh +2 -2
- package/pipeline/scripts/smoke-adapters.sh +79 -10
- package/pipeline/scripts/smoke-add-detail.sh +5 -5
- package/pipeline/scripts/smoke-agent-log-cost.sh +85 -6
- package/pipeline/scripts/smoke-agent-model-routing.sh +3 -3
- package/pipeline/scripts/smoke-ask-choice.sh +42 -0
- package/pipeline/scripts/smoke-bitbucket-contract.sh +19 -3
- package/pipeline/scripts/smoke-changelog-version.sh +47 -0
- package/pipeline/scripts/smoke-channels-flow.sh +1 -1
- package/pipeline/scripts/smoke-ci-workflows.sh +5 -5
- package/pipeline/scripts/smoke-clarify.sh +3 -3
- package/pipeline/scripts/smoke-commands-skills-parity.sh +4 -4
- package/pipeline/scripts/smoke-community-gates.sh +75 -0
- package/pipeline/scripts/smoke-compliance-skills.sh +5 -5
- package/pipeline/scripts/smoke-cost-budget.sh +70 -0
- package/pipeline/scripts/smoke-cost-summary.sh +4 -4
- package/pipeline/scripts/smoke-cross-cli-behavior.sh +50 -9
- package/pipeline/scripts/smoke-cross-phase-cohesion.sh +5 -5
- package/pipeline/scripts/smoke-delete-flow.sh +5 -5
- package/pipeline/scripts/smoke-dev-critic.sh +2 -2
- package/pipeline/scripts/smoke-diff-explain.sh +22 -3
- package/pipeline/scripts/smoke-diff-risk.sh +1 -1
- package/pipeline/scripts/smoke-dynamic-skill-loading.sh +1 -1
- package/pipeline/scripts/smoke-eval-live.sh +4 -4
- package/pipeline/scripts/smoke-evidence-gate.sh +93 -0
- package/pipeline/scripts/smoke-existing-discovery-gate.sh +1 -1
- package/pipeline/scripts/smoke-extract-conventions.sh +163 -0
- package/pipeline/scripts/smoke-figma-android-parity.sh +1 -1
- package/pipeline/scripts/smoke-figma-credential-store.sh +3 -3
- package/pipeline/scripts/smoke-figma-cross-cli-inventory.sh +12 -12
- package/pipeline/scripts/smoke-figma-dispatch.sh +5 -5
- package/pipeline/scripts/smoke-figma-sync.sh +1 -1
- package/pipeline/scripts/smoke-gate-hooks.sh +56 -0
- package/pipeline/scripts/smoke-gc-tmp.sh +84 -0
- package/pipeline/scripts/smoke-identity-isolation.sh +7 -7
- package/pipeline/scripts/smoke-install-layout.sh +10 -10
- package/pipeline/scripts/smoke-intent-guard.sh +86 -0
- package/pipeline/scripts/smoke-issue-comment-template.sh +3 -3
- package/pipeline/scripts/smoke-issue-jira-triad.sh +1 -1
- package/pipeline/scripts/smoke-keychain.sh +6 -6
- package/pipeline/scripts/smoke-language-axis.sh +2 -2
- package/pipeline/scripts/smoke-learnings-ledger.sh +86 -0
- package/pipeline/scripts/smoke-lib-scripts.sh +2 -2
- package/pipeline/scripts/smoke-mcp-gate.sh +68 -0
- package/pipeline/scripts/smoke-md-links.sh +8 -0
- package/pipeline/scripts/smoke-md2confluence.sh +126 -0
- package/pipeline/scripts/smoke-metrics-cache-ratio.sh +72 -0
- package/pipeline/scripts/smoke-migrate-state.sh +10 -10
- package/pipeline/scripts/smoke-mode-dispatch-drift.sh +7 -4
- package/pipeline/scripts/smoke-model-fallback.sh +80 -0
- package/pipeline/scripts/smoke-multi-repo-integration.sh +3 -3
- package/pipeline/scripts/smoke-multi-repo-worktree.sh +1 -1
- package/pipeline/scripts/smoke-no-mcp-in-dev-phases.sh +115 -0
- package/pipeline/scripts/smoke-no-token-prompt.sh +31 -15
- package/pipeline/scripts/smoke-pat-audit.sh +26 -5
- package/pipeline/scripts/smoke-per-repo-memory.sh +1 -1
- package/pipeline/scripts/smoke-phase-0-multi-repo.sh +1 -1
- package/pipeline/scripts/smoke-phase-6-multi.sh +2 -2
- package/pipeline/scripts/smoke-phase-banner.sh +1 -1
- package/pipeline/scripts/smoke-phase-tracker.sh +1 -1
- package/pipeline/scripts/smoke-phase0-bridge-contract.sh +4 -4
- package/pipeline/scripts/smoke-phase4-triage.sh +94 -7
- package/pipeline/scripts/smoke-plan-approval-gate.sh +3 -3
- package/pipeline/scripts/smoke-plan-safety.sh +1 -1
- package/pipeline/scripts/smoke-plan-todos.sh +7 -4
- package/pipeline/scripts/smoke-pr-review-actions.sh +2 -2
- package/pipeline/scripts/smoke-pre-commit.sh +34 -2
- package/pipeline/scripts/smoke-pref-migration.sh +1 -1
- package/pipeline/scripts/smoke-prefs-language.sh +5 -5
- package/pipeline/scripts/smoke-progress-contract.sh +3 -3
- package/pipeline/scripts/smoke-prune-logs.sh +87 -0
- package/pipeline/scripts/smoke-push-retry.sh +1 -1
- package/pipeline/scripts/smoke-readme-counts.sh +1 -1
- package/pipeline/scripts/smoke-repo-map.sh +9 -9
- package/pipeline/scripts/smoke-review-watch.sh +12 -0
- package/pipeline/scripts/smoke-run-aggregator.sh +7 -7
- package/pipeline/scripts/smoke-run-metrics.sh +50 -0
- package/pipeline/scripts/smoke-schema-validation.sh +18 -11
- package/pipeline/scripts/smoke-search.sh +5 -5
- package/pipeline/scripts/smoke-shared-runtime.sh +108 -0
- package/pipeline/scripts/smoke-skill-authoring.sh +13 -13
- package/pipeline/scripts/smoke-skill-language.sh +4 -4
- package/pipeline/scripts/smoke-skill-manifest.sh +2 -2
- package/pipeline/scripts/smoke-skill-scan.sh +2 -2
- package/pipeline/scripts/smoke-stack-swap.sh +2 -2
- package/pipeline/scripts/smoke-subagent-validators.sh +8 -5
- package/pipeline/scripts/smoke-sync-adapters.sh +1 -1
- package/pipeline/scripts/smoke-sync-delegation.sh +7 -7
- package/pipeline/scripts/smoke-sync-parity.sh +1 -1
- package/pipeline/scripts/smoke-tasklist-ordering.sh +7 -7
- package/pipeline/scripts/smoke-telemetry.sh +1 -1
- package/pipeline/scripts/smoke-test-gap.sh +5 -5
- package/pipeline/scripts/smoke-token-budget.sh +1 -1
- package/pipeline/scripts/smoke-tracker-contract.sh +6 -6
- package/pipeline/scripts/smoke-tracker-tokens-invocation.sh +9 -1
- package/pipeline/scripts/smoke-triage-memory.sh +2 -2
- package/pipeline/scripts/smoke-url-enrichment.sh +2 -2
- package/pipeline/scripts/smoke-validator-contradiction.sh +1 -1
- package/pipeline/scripts/smoke-validator-gates.sh +164 -0
- package/pipeline/scripts/smoke-vercel-deploy-redact.sh +11 -11
- package/pipeline/scripts/smoke-wiki-integration.sh +2 -2
- package/pipeline/scripts/smoke-work-summary.sh +3 -3
- package/pipeline/scripts/smoke-worktree-path-convention.sh +4 -4
- package/pipeline/scripts/smoke-write-state.sh +2 -2
- package/pipeline/scripts/stack-swap.sh +3 -3
- package/pipeline/scripts/sync-adapters.mjs +37 -10
- package/pipeline/scripts/sync-parity-check.sh +6 -6
- package/pipeline/scripts/test-gap-scan.mjs +11 -13
- package/pipeline/scripts/token-budget-report.mjs +4 -4
- package/pipeline/scripts/triage-memory.mjs +6 -6
- package/pipeline/scripts/uninstall.mjs +42 -4
- package/pipeline/scripts/update-issue-progress.sh +2 -2
- package/pipeline/scripts/validate-analysis.mjs +19 -21
- package/pipeline/scripts/validate-diff-risk.mjs +4 -4
- package/pipeline/scripts/validate-planning.mjs +3 -3
- package/pipeline/scripts/validate-reviewer.mjs +4 -4
- package/pipeline/scripts/validate-schemas.mjs +4 -4
- package/pipeline/scripts/validate-test-gap.mjs +4 -4
- package/pipeline/scripts/validate-triage.mjs +68 -9
- package/pipeline/scripts/verify-skills.sh +7 -7
- package/pipeline/scripts/write-state.mjs +49 -11
- package/pipeline/skills/.skill-manifest.json +245 -149
- package/pipeline/skills/.skills-index.json +236 -47
- package/pipeline/skills/figma-android/README.md +5 -5
- package/pipeline/skills/figma-android/figma-component-code-connect/SKILL.md +3 -3
- package/pipeline/skills/figma-android/figma-component-implement/SKILL.md +8 -8
- package/pipeline/skills/figma-android/figma-component-test/SKILL.md +4 -4
- package/pipeline/skills/figma-android/figma-component-wiki/SKILL.md +5 -5
- package/pipeline/skills/figma-android/figma-to-component/SKILL.md +14 -14
- package/pipeline/skills/figma-common/README.md +29 -29
- package/pipeline/skills/figma-common/figma-cli-iterate/SKILL.md +20 -15
- package/pipeline/skills/figma-common/figma-cli-iterate-mend/SKILL.md +35 -30
- package/pipeline/skills/figma-common/figma-cli-lean-iterate/SKILL.md +35 -30
- package/pipeline/skills/figma-common/figma-cli-skip/SKILL.md +20 -20
- package/pipeline/skills/figma-common/figma-commit/COMMON_REBASE.md +32 -32
- package/pipeline/skills/figma-common/figma-commit/REVIEW.md +9 -9
- package/pipeline/skills/figma-common/figma-commit/SKILL.md +25 -20
- package/pipeline/skills/figma-common/figma-component-confluence-sync/SKILL.md +11 -6
- package/pipeline/skills/figma-common/figma-component-start/SKILL.md +30 -25
- package/pipeline/skills/figma-common/figma-component-status-update/SKILL.md +9 -4
- package/pipeline/skills/figma-common/figma-fix/SKILL.md +27 -22
- package/pipeline/skills/figma-common/figma-form-integration/SKILL.md +38 -38
- package/pipeline/skills/figma-common/figma-issue/SKILL.md +39 -34
- package/pipeline/skills/figma-common/figma-iterate/SKILL.md +20 -15
- package/pipeline/skills/figma-common/figma-iteration-commit/SKILL.md +44 -39
- package/pipeline/skills/figma-common/figma-mend/SKILL.md +6 -6
- package/pipeline/skills/figma-common/figma-price-integration/SKILL.md +30 -30
- package/pipeline/skills/figma-common/figma-remote-mcp-auth/SKILL.md +1 -1
- package/pipeline/skills/figma-common/figma-review/SKILL.md +31 -26
- package/pipeline/skills/figma-common/figma-setup/SKILL.md +11 -11
- package/pipeline/skills/figma-common/figma-setup/scripts/fetch-mcp-token.py +5 -5
- package/pipeline/skills/figma-common/figma-skip/SKILL.md +6 -6
- package/pipeline/skills/figma-common/figma-ui-patterns/SKILL.md +12 -12
- package/pipeline/skills/figma-common/figma-utility/SKILL.md +4 -4
- package/pipeline/skills/figma-common/figma-utility/scripts/figma-utility.py +1 -1
- package/pipeline/skills/figma-common/figma-validate/SKILL.md +48 -48
- package/pipeline/skills/figma-common/performance-iteration-commit-all/SKILL.md +42 -37
- package/pipeline/skills/figma-common/performance-review-next/SKILL.md +23 -18
- package/pipeline/skills/figma-common/performance-start/SKILL.md +52 -47
- package/pipeline/skills/figma-common/performance-swiftui/SKILL.md +68 -68
- package/pipeline/skills/figma-common/performance-tour/SKILL.md +42 -37
- package/pipeline/skills/figma-ios/REVIEW_CHECKLIST.md +16 -16
- package/pipeline/skills/figma-ios/figma-component-code-connect/SKILL.md +15 -15
- package/pipeline/skills/figma-ios/figma-component-implement/SKILL.md +9 -9
- package/pipeline/skills/figma-ios/figma-component-test/SKILL.md +15 -15
- package/pipeline/skills/figma-ios/figma-component-wiki/SKILL.md +18 -18
- package/pipeline/skills/figma-ios/figma-to-component/SKILL.md +38 -38
- package/pipeline/skills/figma-ios/figma-to-component/halt-return-protocol.md +2 -2
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-0-init.md +12 -12
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-1-gathering.md +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-1.5-existing-discovery.md +19 -19
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2-orchestrator.md +25 -25
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2a-testing-identifiers.md +7 -7
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2b-localization.md +6 -6
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2c-accessibility.md +38 -38
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2d-analytics.md +3 -3
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3-orchestrator.md +29 -29
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3a-location.md +6 -6
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3b-tokens.md +3 -3
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3c-nested.md +12 -12
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3d-patterns.md +57 -57
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3e-assets.md +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3f-utilities.md +6 -6
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3g-property-coverage.md +10 -10
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3h-variant-config.md +16 -16
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4-orchestrator.md +23 -23
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4a-configuration.md +26 -26
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4b-view.md +43 -43
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4c-documentation.md +17 -17
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4d-preview.md +19 -19
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4e-modifiers.md +15 -15
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5-orchestrator.md +39 -39
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5a-viewinspector.md +7 -7
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5b-snapshot.md +29 -29
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5c-unit.md +9 -9
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-6-code-connect.md +31 -31
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7-wiki.md +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7a-confluence-generate.md +18 -18
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7a-wiki-generate.md +16 -16
- package/pipeline/skills/figma-ios/figma-to-component/phases/phase-8-cleanup.md +2 -2
- package/pipeline/skills/figma-ios/figma-to-component/reference/accessibility.md +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/reference/code-connect.md +49 -49
- package/pipeline/skills/figma-ios/figma-to-component/reference/figma-to-swiftui-effects.md +8 -8
- package/pipeline/skills/figma-ios/figma-to-component/reference/halt-return-protocol.md +2 -2
- package/pipeline/skills/figma-ios/figma-to-component/reference/macros.md +9 -9
- package/pipeline/skills/figma-ios/figma-to-component/reference/missing-tokens.md +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/reference/orchestrator-discipline.md +10 -10
- package/pipeline/skills/figma-ios/figma-to-component/reference/remote-mcp-script.md +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/reference/rest-api-script.md +11 -11
- package/pipeline/skills/figma-ios/figma-to-component/reference/scripts-inventory.md +14 -14
- package/pipeline/skills/figma-ios/figma-to-component/reference/snapshot-testing.md +2 -2
- package/pipeline/skills/figma-ios/figma-to-component/reference/subcomponent-graph.md +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/reference/testing-identifiers-naming.md +6 -6
- package/pipeline/skills/figma-ios/figma-to-component/reference/tools.md +9 -9
- package/pipeline/skills/figma-ios/figma-to-component/reference/viewinspector.md +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/reference/wiki-to-confluence-mapping.md +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/scripts/apply-author-login-map.py +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/scripts/backfill-status.py +18 -18
- package/pipeline/skills/figma-ios/figma-to-component/scripts/build-author-registry.py +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/scripts/bulk-sync-issues.py +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/scripts/code-connect-data-gather.py +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/scripts/code-connect-publish.sh +3 -3
- package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-component-status-upload.py +18 -18
- package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-component-status.py +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-data-gather.py +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-page-ids.example.json +9 -0
- package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-publish.py +3 -3
- package/pipeline/skills/figma-ios/figma-to-component/scripts/figma-subcomponent-graph.py +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/scripts/figma-update.py +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/issue_sync_propagate.py +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/registry_writer.py +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_figma_update.py +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_registry_writer.py +3 -3
- package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_skill_figma_issue.py +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_update_issue_gh.py +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/scripts/phase1-gather.py +12 -12
- package/pipeline/skills/figma-ios/figma-to-component/scripts/phase2-finalize.py +3 -3
- package/pipeline/skills/figma-ios/figma-to-component/scripts/phase3-scripts.py +26 -26
- package/pipeline/skills/figma-ios/figma-to-component/scripts/phase4-finalize.py +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/scripts/phase5-finalize.py +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/scripts/phase6-finalize.py +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/scripts/phase7-finalize.py +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/scripts/register-icons-codeconnect.py +4 -4
- package/pipeline/skills/figma-ios/figma-to-component/scripts/remote-mcp-fetch.py +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/scripts/resolve-author-logins.py +2 -2
- package/pipeline/skills/figma-ios/figma-to-component/scripts/run-uicomponents-tests.sh +1 -1
- package/pipeline/skills/figma-ios/figma-to-component/scripts/sidebar-generator.py +5 -5
- package/pipeline/skills/figma-ios/figma-to-component/scripts/update-issue-from-registry.py +41 -41
- package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase4.sh +8 -8
- package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase6.sh +7 -7
- package/pipeline/skills/shared/README.md +62 -41
- package/pipeline/skills/shared/core/apple-archive-compliance/SKILL.md +39 -39
- package/pipeline/skills/shared/core/google-play-compliance/SKILL.md +44 -44
- package/pipeline/skills/shared/core/multi-agent/SKILL.md +182 -176
- package/pipeline/skills/shared/core/multi-agent-analysis/SKILL.md +55 -0
- package/pipeline/skills/shared/core/multi-agent-analysis-resolve/SKILL.md +48 -0
- package/pipeline/skills/shared/core/multi-agent-autopilot/SKILL.md +16 -16
- package/pipeline/skills/shared/core/multi-agent-build-optimize/SKILL.md +48 -0
- package/pipeline/skills/shared/core/multi-agent-channels/SKILL.md +40 -40
- package/pipeline/skills/shared/core/multi-agent-delete/SKILL.md +33 -30
- package/pipeline/skills/shared/core/multi-agent-dev/SKILL.md +26 -26
- package/pipeline/skills/shared/core/multi-agent-dev-autopilot/SKILL.md +22 -22
- package/pipeline/skills/shared/core/multi-agent-dev-local/SKILL.md +6 -6
- package/pipeline/skills/shared/core/multi-agent-dev-local-autopilot/SKILL.md +12 -12
- package/pipeline/skills/shared/core/multi-agent-diff-explain/SKILL.md +20 -20
- package/pipeline/skills/shared/core/multi-agent-garbage-collect/SKILL.md +61 -0
- package/pipeline/skills/shared/core/multi-agent-help/SKILL.md +22 -22
- package/pipeline/skills/shared/core/multi-agent-issue/SKILL.md +15 -15
- package/pipeline/skills/shared/core/multi-agent-jira/SKILL.md +12 -12
- package/pipeline/skills/shared/core/multi-agent-kill/SKILL.md +14 -14
- package/pipeline/skills/shared/core/multi-agent-language/SKILL.md +12 -12
- package/pipeline/skills/shared/core/multi-agent-local/SKILL.md +10 -10
- package/pipeline/skills/shared/core/multi-agent-local-autopilot/SKILL.md +18 -18
- package/pipeline/skills/shared/core/multi-agent-log/SKILL.md +9 -9
- package/pipeline/skills/shared/core/multi-agent-manual-test/SKILL.md +20 -20
- package/pipeline/skills/shared/core/multi-agent-prune-logs/SKILL.md +63 -0
- package/pipeline/skills/shared/core/multi-agent-purge/SKILL.md +16 -13
- package/pipeline/skills/shared/core/multi-agent-refactor/SKILL.md +110 -110
- package/pipeline/skills/shared/core/multi-agent-resume/SKILL.md +13 -13
- package/pipeline/skills/shared/core/multi-agent-review/SKILL.md +22 -22
- package/pipeline/skills/shared/core/multi-agent-scan/SKILL.md +18 -18
- package/pipeline/skills/shared/core/multi-agent-search/SKILL.md +13 -13
- package/pipeline/skills/shared/core/multi-agent-setup/SKILL.md +33 -30
- package/pipeline/skills/shared/core/multi-agent-stack/SKILL.md +14 -14
- package/pipeline/skills/shared/core/multi-agent-status/SKILL.md +9 -9
- package/pipeline/skills/shared/core/multi-agent-sync/SKILL.md +79 -79
- package/pipeline/skills/shared/core/multi-agent-test/SKILL.md +5 -5
- package/pipeline/skills/shared/core/multi-agent-update/SKILL.md +10 -10
- package/pipeline/skills/shared/external/NOTICE-swift-ios-skills.md +41 -0
- package/pipeline/skills/shared/external/NOTICE-xcode-build-skills.md +53 -0
- package/pipeline/skills/shared/external/agentflow/SKILL.md +9 -9
- package/pipeline/skills/shared/external/alarmkit/SKILL.md +113 -52
- package/pipeline/skills/shared/external/alarmkit/evals/evals.json +41 -0
- package/pipeline/skills/shared/external/alarmkit/references/alarmkit-patterns.md +23 -16
- package/pipeline/skills/shared/external/app-clips/SKILL.md +85 -354
- package/pipeline/skills/shared/external/app-clips/evals/evals.json +50 -0
- package/pipeline/skills/shared/external/app-clips/references/data-handoff-notifications-location.md +135 -0
- package/pipeline/skills/shared/external/app-clips/references/routing-and-experiences.md +125 -0
- package/pipeline/skills/shared/external/app-clips/references/size-capabilities-and-promotion.md +113 -0
- package/pipeline/skills/shared/external/app-intents/SKILL.md +152 -59
- package/pipeline/skills/shared/external/app-intents/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/app-intents/references/appintents-advanced.md +161 -118
- package/pipeline/skills/shared/external/app-store-optimization/SKILL.md +289 -392
- package/pipeline/skills/shared/external/app-store-optimization/evals/evals.json +46 -0
- package/pipeline/skills/shared/external/app-store-optimization/references/keyword-research-methodology.md +174 -0
- package/pipeline/skills/shared/external/app-store-optimization/references/product-page-variants.md +191 -0
- package/pipeline/skills/shared/external/app-store-review/SKILL.md +57 -107
- package/pipeline/skills/shared/external/app-store-review/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/app-store-review/references/privacy-manifest.md +35 -12
- package/pipeline/skills/shared/external/app-store-review/references/review-checklists.md +28 -26
- package/pipeline/skills/shared/external/apple-on-device-ai/SKILL.md +53 -62
- package/pipeline/skills/shared/external/apple-on-device-ai/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/apple-on-device-ai/references/coreml-conversion.md +7 -1
- package/pipeline/skills/shared/external/apple-on-device-ai/references/coreml-optimization.md +4 -1
- package/pipeline/skills/shared/external/apple-on-device-ai/references/foundation-models.md +32 -12
- package/pipeline/skills/shared/external/apple-on-device-ai/references/mlx-swift.md +34 -30
- package/pipeline/skills/shared/external/authentication/SKILL.md +134 -138
- package/pipeline/skills/shared/external/authentication/evals/evals.json +48 -0
- package/pipeline/skills/shared/external/authentication/references/keychain-biometric.md +56 -29
- package/pipeline/skills/shared/external/authentication/references/passkeys.md +183 -0
- package/pipeline/skills/shared/external/avkit/SKILL.md +497 -0
- package/pipeline/skills/shared/external/avkit/evals/evals.json +55 -0
- package/pipeline/skills/shared/external/avkit/references/avkit-patterns.md +668 -0
- package/pipeline/skills/shared/external/background-processing/SKILL.md +29 -29
- package/pipeline/skills/shared/external/background-processing/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/background-processing/references/background-task-patterns.md +44 -19
- package/pipeline/skills/shared/external/callkit-voip/SKILL.md +136 -99
- package/pipeline/skills/shared/external/callkit-voip/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/callkit-voip/references/callkit-patterns.md +27 -8
- package/pipeline/skills/shared/external/ci-cd-pipelines/SKILL.md +7 -6
- package/pipeline/skills/shared/external/clean-code/SKILL.md +2 -2
- package/pipeline/skills/shared/external/cloudkit-sync/SKILL.md +63 -56
- package/pipeline/skills/shared/external/cloudkit-sync/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/cloudkit-sync/references/cloudkit-patterns.md +7 -4
- package/pipeline/skills/shared/external/contacts-framework/SKILL.md +31 -11
- package/pipeline/skills/shared/external/contacts-framework/evals/evals.json +41 -0
- package/pipeline/skills/shared/external/contacts-framework/references/contacts-patterns.md +51 -51
- package/pipeline/skills/shared/external/core-bluetooth/SKILL.md +70 -65
- package/pipeline/skills/shared/external/core-bluetooth/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/core-bluetooth/references/ble-patterns.md +25 -1
- package/pipeline/skills/shared/external/core-data/SKILL.md +496 -0
- package/pipeline/skills/shared/external/core-data/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/core-motion/SKILL.md +47 -14
- package/pipeline/skills/shared/external/core-motion/evals/evals.json +49 -0
- package/pipeline/skills/shared/external/core-motion/references/motion-patterns.md +47 -16
- package/pipeline/skills/shared/external/core-nfc/SKILL.md +43 -54
- package/pipeline/skills/shared/external/core-nfc/evals/evals.json +49 -0
- package/pipeline/skills/shared/external/core-nfc/references/nfc-patterns.md +32 -2
- package/pipeline/skills/shared/external/coreml/SKILL.md +89 -48
- package/pipeline/skills/shared/external/coreml/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/coreml/references/coreml-swift-integration.md +82 -37
- package/pipeline/skills/shared/external/cryptokit/SKILL.md +493 -0
- package/pipeline/skills/shared/external/cryptokit/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/cryptokit/references/cryptokit-patterns.md +602 -0
- package/pipeline/skills/shared/external/css-modern/SKILL.md +3 -2
- package/pipeline/skills/shared/external/database-patterns/SKILL.md +6 -5
- package/pipeline/skills/shared/external/debugging-instruments/SKILL.md +77 -47
- package/pipeline/skills/shared/external/debugging-instruments/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/debugging-instruments/references/instruments-guide.md +42 -34
- package/pipeline/skills/shared/external/debugging-instruments/references/lldb-patterns.md +2 -2
- package/pipeline/skills/shared/external/device-integrity/SKILL.md +136 -176
- package/pipeline/skills/shared/external/device-integrity/evals/evals.json +45 -0
- package/pipeline/skills/shared/external/device-integrity/references/device-integrity-patterns.md +240 -0
- package/pipeline/skills/shared/external/energykit/SKILL.md +73 -34
- package/pipeline/skills/shared/external/energykit/evals/evals.json +45 -0
- package/pipeline/skills/shared/external/energykit/references/energykit-patterns.md +80 -38
- package/pipeline/skills/shared/external/eventkit-calendar/SKILL.md +67 -53
- package/pipeline/skills/shared/external/eventkit-calendar/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/eventkit-calendar/references/eventkit-patterns.md +53 -3
- package/pipeline/skills/shared/external/healthkit/SKILL.md +57 -124
- package/pipeline/skills/shared/external/healthkit/evals/evals.json +46 -0
- package/pipeline/skills/shared/external/healthkit/references/healthkit-patterns.md +82 -1
- package/pipeline/skills/shared/external/homekit-matter/SKILL.md +43 -41
- package/pipeline/skills/shared/external/homekit-matter/evals/evals.json +45 -0
- package/pipeline/skills/shared/external/homekit-matter/references/matter-commissioning.md +13 -8
- package/pipeline/skills/shared/external/html-semantic/SKILL.md +5 -4
- package/pipeline/skills/shared/external/humanizer/SKILL.md +4 -4
- package/pipeline/skills/shared/external/ios-accessibility/SKILL.md +174 -18
- package/pipeline/skills/shared/external/ios-accessibility/evals/evals.json +49 -0
- package/pipeline/skills/shared/external/ios-accessibility/references/a11y-patterns.md +262 -4
- package/pipeline/skills/shared/external/ios-accessibility/references/media-accessibility.md +117 -0
- package/pipeline/skills/shared/external/ios-accessibility/references/nutrition-labels.md +141 -0
- package/pipeline/skills/shared/external/ios-localization/SKILL.md +67 -14
- package/pipeline/skills/shared/external/ios-localization/evals/evals.json +49 -0
- package/pipeline/skills/shared/external/ios-localization/references/formatstyle-locale.md +20 -3
- package/pipeline/skills/shared/external/ios-localization/references/string-catalogs.md +131 -22
- package/pipeline/skills/shared/external/ios-networking/SKILL.md +69 -22
- package/pipeline/skills/shared/external/ios-networking/evals/evals.json +50 -0
- package/pipeline/skills/shared/external/ios-networking/references/background-websocket.md +28 -16
- package/pipeline/skills/shared/external/ios-networking/references/file-storage-patterns.md +354 -0
- package/pipeline/skills/shared/external/ios-networking/references/network-framework.md +69 -44
- package/pipeline/skills/shared/external/ios-networking/references/urlsession-patterns.md +35 -69
- package/pipeline/skills/shared/external/ios-security/references/file-storage-patterns.md +8 -8
- package/pipeline/skills/shared/external/ios-simulator/SKILL.md +485 -0
- package/pipeline/skills/shared/external/ios-simulator/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/ios-simulator/references/simctl-commands.md +316 -0
- package/pipeline/skills/shared/external/live-activities/SKILL.md +120 -131
- package/pipeline/skills/shared/external/live-activities/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/live-activities/references/{live-activity-patterns.md → activitykit-patterns.md} +148 -63
- package/pipeline/skills/shared/external/mapkit-location/SKILL.md +40 -21
- package/pipeline/skills/shared/external/mapkit-location/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/mapkit-location/references/{corelocation-patterns.md → mapkit-corelocation-patterns.md} +88 -41
- package/pipeline/skills/shared/external/mapkit-location/references/mapkit-patterns.md +27 -24
- package/pipeline/skills/shared/external/metrickit-diagnostics/SKILL.md +129 -172
- package/pipeline/skills/shared/external/metrickit-diagnostics/evals/evals.json +46 -0
- package/pipeline/skills/shared/external/metrickit-diagnostics/references/metrickit-patterns.md +180 -0
- package/pipeline/skills/shared/external/musickit-audio/SKILL.md +45 -18
- package/pipeline/skills/shared/external/musickit-audio/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/musickit-audio/references/musickit-patterns.md +26 -6
- package/pipeline/skills/shared/external/natural-language/SKILL.md +48 -18
- package/pipeline/skills/shared/external/natural-language/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/natural-language/references/translation-patterns.md +20 -7
- package/pipeline/skills/shared/external/nextjs-app-router/SKILL.md +4 -3
- package/pipeline/skills/shared/external/passkit-wallet/SKILL.md +156 -66
- package/pipeline/skills/shared/external/passkit-wallet/evals/evals.json +51 -0
- package/pipeline/skills/shared/external/passkit-wallet/references/wallet-passes.md +69 -19
- package/pipeline/skills/shared/external/pdfkit/SKILL.md +499 -0
- package/pipeline/skills/shared/external/pdfkit/evals/evals.json +42 -0
- package/pipeline/skills/shared/external/pdfkit/references/pdfkit-patterns.md +844 -0
- package/pipeline/skills/shared/external/pencilkit-drawing/SKILL.md +122 -28
- package/pipeline/skills/shared/external/pencilkit-drawing/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/pencilkit-drawing/references/pencilkit-patterns.md +49 -18
- package/pipeline/skills/shared/external/permissionkit/SKILL.md +100 -51
- package/pipeline/skills/shared/external/permissionkit/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/permissionkit/references/permissionkit-patterns.md +48 -8
- package/pipeline/skills/shared/external/photos-camera-media/SKILL.md +13 -15
- package/pipeline/skills/shared/external/photos-camera-media/references/camera-capture.md +4 -4
- package/pipeline/skills/shared/external/photos-camera-media/references/image-loading-caching.md +2 -2
- package/pipeline/skills/shared/external/photos-camera-media/references/{photospicker-patterns.md → photokit-patterns.md} +3 -3
- package/pipeline/skills/shared/external/push-notifications/SKILL.md +45 -48
- package/pipeline/skills/shared/external/push-notifications/evals/evals.json +46 -0
- package/pipeline/skills/shared/external/push-notifications/references/notification-patterns.md +22 -33
- package/pipeline/skills/shared/external/push-notifications/references/rich-notifications.md +56 -37
- package/pipeline/skills/shared/external/python-patterns/SKILL.md +4 -3
- package/pipeline/skills/shared/external/react-best-practices/SKILL.md +1 -0
- package/pipeline/skills/shared/external/realitykit-ar/SKILL.md +74 -53
- package/pipeline/skills/shared/external/realitykit-ar/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/realitykit-ar/references/realitykit-patterns.md +10 -10
- package/pipeline/skills/shared/external/rest-api-design/SKILL.md +21 -20
- package/pipeline/skills/shared/external/shareplay-activities/SKILL.md +81 -64
- package/pipeline/skills/shared/external/shareplay-activities/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/shareplay-activities/references/shareplay-patterns.md +48 -9
- package/pipeline/skills/shared/external/speech-recognition/SKILL.md +118 -104
- package/pipeline/skills/shared/external/speech-recognition/evals/evals.json +49 -0
- package/pipeline/skills/shared/external/speech-recognition/references/speechanalyzer-patterns.md +171 -0
- package/pipeline/skills/shared/external/spm-build-analysis/SKILL.md +93 -0
- package/pipeline/skills/shared/external/spm-build-analysis/references/build-optimization-sources.md +155 -0
- package/pipeline/skills/shared/external/spm-build-analysis/references/recommendation-format.md +85 -0
- package/pipeline/skills/shared/external/spm-build-analysis/references/spm-analysis-checks.md +105 -0
- package/pipeline/skills/shared/external/spm-build-analysis/scripts/check_spm_pins.py +118 -0
- package/pipeline/skills/shared/external/storekit/SKILL.md +110 -44
- package/pipeline/skills/shared/external/storekit/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/storekit/references/app-review-guidelines.md +94 -43
- package/pipeline/skills/shared/external/storekit/references/storekit-advanced.md +82 -33
- package/pipeline/skills/shared/external/swift-api-design-guidelines/SKILL.md +449 -0
- package/pipeline/skills/shared/external/swift-api-design-guidelines/evals/evals.json +50 -0
- package/pipeline/skills/shared/external/swift-api-design-guidelines/references/argument-labels-and-parameters.md +164 -0
- package/pipeline/skills/shared/external/swift-api-design-guidelines/references/conventions-and-special-rules.md +219 -0
- package/pipeline/skills/shared/external/swift-api-design-guidelines/references/naming-and-clarity.md +184 -0
- package/pipeline/skills/shared/external/swift-api-design-guidelines/references/side-effects-and-mutating-pairs.md +158 -0
- package/pipeline/skills/shared/external/swift-architecture/SKILL.md +499 -0
- package/pipeline/skills/shared/external/swift-architecture/evals/evals.json +45 -0
- package/pipeline/skills/shared/external/swift-charts/SKILL.md +52 -40
- package/pipeline/skills/shared/external/swift-charts/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/swift-charts/references/charts-patterns.md +92 -11
- package/pipeline/skills/shared/external/swift-codable/SKILL.md +43 -16
- package/pipeline/skills/shared/external/swift-codable/evals/evals.json +43 -0
- package/pipeline/skills/shared/external/swift-concurrency/SKILL.md +50 -30
- package/pipeline/skills/shared/external/swift-concurrency/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/swift-concurrency/references/approachable-concurrency.md +11 -4
- package/pipeline/skills/shared/external/swift-concurrency/references/async-algorithms.md +113 -0
- package/pipeline/skills/shared/external/swift-concurrency/references/bridging-interop.md +150 -0
- package/pipeline/skills/shared/external/swift-concurrency/references/{swift-6-2-concurrency.md → concurrency-patterns.md} +22 -11
- package/pipeline/skills/shared/external/swift-concurrency/references/diagnostics.md +52 -0
- package/pipeline/skills/shared/external/swift-concurrency/references/swiftui-concurrency.md +2 -2
- package/pipeline/skills/shared/external/swift-concurrency/references/synchronization-primitives.md +21 -15
- package/pipeline/skills/shared/external/swift-concurrency-expert/SKILL.md +3 -3
- package/pipeline/skills/shared/external/swift-concurrency-pro/SKILL.md +2 -2
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/actors.md +3 -3
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/async-streams.md +1 -1
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/bridging.md +3 -3
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/bug-patterns.md +3 -3
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/cancellation.md +8 -8
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/diagnostics.md +1 -1
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/hotspots.md +2 -2
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/interop.md +4 -4
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/new-features.md +1 -1
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/structured.md +2 -2
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/testing.md +2 -2
- package/pipeline/skills/shared/external/swift-concurrency-pro/references/unstructured.md +3 -3
- package/pipeline/skills/shared/external/swift-formatstyle/SKILL.md +339 -0
- package/pipeline/skills/shared/external/swift-language/SKILL.md +33 -34
- package/pipeline/skills/shared/external/swift-language/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/swift-language/references/swift-attributes-interop.md +97 -0
- package/pipeline/skills/shared/external/swift-language/references/swift-patterns-extended.md +19 -6
- package/pipeline/skills/shared/external/swift-security/SKILL.md +195 -0
- package/pipeline/skills/shared/external/swift-security/evals/evals.json +48 -0
- package/pipeline/skills/shared/external/swift-security/references/biometric-authentication.md +595 -0
- package/pipeline/skills/shared/external/swift-security/references/certificate-trust.md +611 -0
- package/pipeline/skills/shared/external/swift-security/references/common-anti-patterns.md +708 -0
- package/pipeline/skills/shared/external/swift-security/references/compliance-owasp-mapping.md +573 -0
- package/pipeline/skills/shared/external/swift-security/references/credential-storage-patterns.md +752 -0
- package/pipeline/skills/shared/external/swift-security/references/cryptokit-public-key.md +538 -0
- package/pipeline/skills/shared/external/swift-security/references/cryptokit-symmetric.md +530 -0
- package/pipeline/skills/shared/external/swift-security/references/keychain-access-control.md +543 -0
- package/pipeline/skills/shared/external/swift-security/references/keychain-fundamentals.md +620 -0
- package/pipeline/skills/shared/external/swift-security/references/keychain-item-classes.md +515 -0
- package/pipeline/skills/shared/external/swift-security/references/keychain-sharing.md +496 -0
- package/pipeline/skills/shared/external/swift-security/references/migration-legacy-stores.md +747 -0
- package/pipeline/skills/shared/external/swift-security/references/secure-enclave.md +566 -0
- package/pipeline/skills/shared/external/swift-security/references/testing-security-code.md +813 -0
- package/pipeline/skills/shared/external/swift-testing/SKILL.md +97 -297
- package/pipeline/skills/shared/external/swift-testing/evals/evals.json +44 -0
- package/pipeline/skills/shared/external/swift-testing/references/testing-advanced.md +123 -0
- package/pipeline/skills/shared/external/swift-testing/references/testing-patterns.md +162 -34
- package/pipeline/skills/shared/external/swift-testing-pro/SKILL.md +2 -2
- package/pipeline/skills/shared/external/swift-testing-pro/references/async-tests.md +3 -3
- package/pipeline/skills/shared/external/swift-testing-pro/references/core-rules.md +2 -2
- package/pipeline/skills/shared/external/swift-testing-pro/references/migrating-from-xctest.md +5 -5
- package/pipeline/skills/shared/external/swift-testing-pro/references/new-features.md +3 -3
- package/pipeline/skills/shared/external/swift-testing-pro/references/writing-better-tests.md +5 -5
- package/pipeline/skills/shared/external/swiftdata/SKILL.md +44 -23
- package/pipeline/skills/shared/external/swiftdata/evals/evals.json +47 -0
- package/pipeline/skills/shared/external/swiftdata/references/core-data-coexistence.md +3 -3
- package/pipeline/skills/shared/external/swiftdata/references/indexing.md +75 -0
- package/pipeline/skills/shared/external/swiftdata/references/predicate-pitfalls.md +54 -0
- package/pipeline/skills/shared/external/swiftdata/references/swiftdata-advanced.md +14 -10
- package/pipeline/skills/shared/external/swiftdata/references/swiftdata-queries.md +5 -5
- package/pipeline/skills/shared/external/swiftdata-pro/SKILL.md +2 -2
- package/pipeline/skills/shared/external/swiftdata-pro/references/class-inheritance.md +2 -2
- package/pipeline/skills/shared/external/swiftdata-pro/references/cloudkit.md +1 -1
- package/pipeline/skills/shared/external/swiftdata-pro/references/core-rules.md +6 -6
- package/pipeline/skills/shared/external/swiftlint/SKILL.md +337 -0
- package/pipeline/skills/shared/external/swiftlint/references/adoption-and-configuration.md +297 -0
- package/pipeline/skills/shared/external/swiftlint/references/custom-rules-and-analyze.md +170 -0
- package/pipeline/skills/shared/external/swiftlint/references/plugins-run-scripts-and-integrations.md +307 -0
- package/pipeline/skills/shared/external/swiftlint/references/rule-reference.md +35 -0
- package/pipeline/skills/shared/external/swiftlint/references/rules-suppressions-and-baselines.md +306 -0
- package/pipeline/skills/shared/external/swiftui-animation/SKILL.md +56 -65
- package/pipeline/skills/shared/external/swiftui-animation/references/animation-advanced.md +48 -44
- package/pipeline/skills/shared/external/swiftui-animation/references/core-animation-bridge.md +6 -6
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/charts-accessibility.md +13 -13
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/charts.md +3 -3
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/image-optimization.md +1 -1
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/latest-apis.md +4 -4
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/layout-best-practices.md +2 -2
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/list-patterns.md +1 -1
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-scenes.md +16 -16
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-views.md +11 -11
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-window-styling.md +7 -7
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/state-management.md +5 -5
- package/pipeline/skills/shared/external/swiftui-expert-skill/references/view-structure.md +6 -6
- package/pipeline/skills/shared/external/swiftui-gestures/SKILL.md +38 -16
- package/pipeline/skills/shared/external/swiftui-gestures/references/gesture-patterns.md +13 -3
- package/pipeline/skills/shared/external/swiftui-layout-components/SKILL.md +32 -28
- package/pipeline/skills/shared/external/swiftui-layout-components/references/form.md +1 -1
- package/pipeline/skills/shared/external/swiftui-layout-components/references/grids.md +202 -41
- package/pipeline/skills/shared/external/swiftui-layout-components/references/list.md +16 -25
- package/pipeline/skills/shared/external/swiftui-layout-components/references/scrollview.md +71 -26
- package/pipeline/skills/shared/external/swiftui-liquid-glass/SKILL.md +284 -65
- package/pipeline/skills/shared/external/swiftui-liquid-glass/references/liquid-glass.md +387 -0
- package/pipeline/skills/shared/external/swiftui-navigation/SKILL.md +10 -10
- package/pipeline/skills/shared/external/swiftui-navigation/references/deeplinks.md +15 -3
- package/pipeline/skills/shared/external/swiftui-navigation/references/navigationstack.md +2 -2
- package/pipeline/skills/shared/external/swiftui-navigation/references/tabview.md +1 -1
- package/pipeline/skills/shared/external/swiftui-patterns/SKILL.md +51 -25
- package/pipeline/skills/shared/external/swiftui-patterns/references/architecture-patterns.md +78 -6
- package/pipeline/skills/shared/external/swiftui-patterns/references/deprecated-migration.md +161 -16
- package/pipeline/skills/shared/external/swiftui-patterns/references/design-polish.md +85 -27
- package/pipeline/skills/shared/external/swiftui-patterns/references/platform-and-sharing.md +37 -33
- package/pipeline/skills/shared/external/swiftui-performance/SKILL.md +39 -51
- package/pipeline/skills/shared/external/swiftui-performance/references/demystify-swiftui-performance-wwdc23.md +204 -30
- package/pipeline/skills/shared/external/swiftui-performance/references/optimizing-swiftui-performance-instruments.md +226 -21
- package/pipeline/skills/shared/external/swiftui-performance/references/understanding-hangs-in-your-app.md +220 -20
- package/pipeline/skills/shared/external/swiftui-performance/references/understanding-improving-swiftui-performance.md +159 -34
- package/pipeline/skills/shared/external/swiftui-performance/references/wwdc-session-sources.md +27 -0
- package/pipeline/skills/shared/external/swiftui-pro/SKILL.md +2 -2
- package/pipeline/skills/shared/external/swiftui-pro/references/accessibility.md +4 -4
- package/pipeline/skills/shared/external/swiftui-pro/references/api.md +1 -1
- package/pipeline/skills/shared/external/swiftui-pro/references/data.md +2 -2
- package/pipeline/skills/shared/external/swiftui-pro/references/design.md +4 -4
- package/pipeline/skills/shared/external/swiftui-pro/references/hygiene.md +2 -2
- package/pipeline/skills/shared/external/swiftui-pro/references/navigation.md +1 -1
- package/pipeline/skills/shared/external/swiftui-pro/references/performance.md +1 -1
- package/pipeline/skills/shared/external/swiftui-pro/references/swift.md +2 -2
- package/pipeline/skills/shared/external/swiftui-pro/references/views.md +2 -2
- package/pipeline/skills/shared/external/swiftui-ui-patterns/SKILL.md +1 -1
- package/pipeline/skills/shared/external/swiftui-uikit-interop/SKILL.md +12 -12
- package/pipeline/skills/shared/external/swiftui-uikit-interop/references/hosting-migration.md +3 -3
- package/pipeline/skills/shared/external/swiftui-uikit-interop/references/representable-recipes.md +1 -1
- package/pipeline/skills/shared/external/swiftui-webkit/SKILL.md +11 -11
- package/pipeline/skills/shared/external/swiftui-webkit/references/migration-and-fallbacks.md +124 -10
- package/pipeline/skills/shared/external/tailwind-css/SKILL.md +3 -2
- package/pipeline/skills/shared/external/testing-backend/SKILL.md +2 -1
- package/pipeline/skills/shared/external/tipkit/SKILL.md +3 -3
- package/pipeline/skills/shared/external/tipkit/references/tipkit-patterns.md +9 -9
- package/pipeline/skills/shared/external/typescript-patterns/SKILL.md +17 -16
- package/pipeline/skills/shared/external/vision-framework/SKILL.md +11 -11
- package/pipeline/skills/shared/external/vision-framework/references/vision-requests.md +1 -1
- package/pipeline/skills/shared/external/vision-framework/references/visionkit-scanner.md +5 -5
- package/pipeline/skills/shared/external/vue-composition/SKILL.md +7 -6
- package/pipeline/skills/shared/external/weatherkit/SKILL.md +3 -3
- package/pipeline/skills/shared/external/weatherkit/references/weatherkit-patterns.md +9 -9
- package/pipeline/skills/shared/external/web-accessibility/SKILL.md +1 -0
- package/pipeline/skills/shared/external/web-performance/SKILL.md +8 -7
- package/pipeline/skills/shared/external/web-testing/SKILL.md +7 -6
- package/pipeline/skills/shared/external/widgetkit/SKILL.md +23 -17
- package/pipeline/skills/shared/external/widgetkit/references/widgetkit-advanced.md +99 -0
- package/pipeline/skills/shared/external/xcode-build-benchmark/SKILL.md +89 -0
- package/pipeline/skills/shared/external/xcode-build-benchmark/references/benchmark-artifacts.md +94 -0
- package/pipeline/skills/shared/external/xcode-build-benchmark/references/benchmarking-workflow.md +67 -0
- package/pipeline/skills/shared/external/xcode-build-benchmark/schemas/build-benchmark.schema.json +230 -0
- package/pipeline/skills/shared/external/xcode-build-benchmark/scripts/benchmark_builds.py +308 -0
- package/pipeline/skills/shared/external/xcode-build-fixer/SKILL.md +219 -0
- package/pipeline/skills/shared/external/xcode-build-fixer/references/build-settings-best-practices.md +216 -0
- package/pipeline/skills/shared/external/xcode-build-fixer/references/fix-patterns.md +290 -0
- package/pipeline/skills/shared/external/xcode-build-fixer/references/recommendation-format.md +85 -0
- package/pipeline/skills/shared/external/xcode-build-fixer/scripts/benchmark_builds.py +308 -0
- package/pipeline/skills/shared/external/xcode-build-orchestrator/SKILL.md +157 -0
- package/pipeline/skills/shared/external/xcode-build-orchestrator/references/benchmark-artifacts.md +94 -0
- package/pipeline/skills/shared/external/xcode-build-orchestrator/references/build-settings-best-practices.md +216 -0
- package/pipeline/skills/shared/external/xcode-build-orchestrator/references/orchestration-report-template.md +143 -0
- package/pipeline/skills/shared/external/xcode-build-orchestrator/references/recommendation-format.md +85 -0
- package/pipeline/skills/shared/external/xcode-build-orchestrator/scripts/benchmark_builds.py +308 -0
- package/pipeline/skills/shared/external/xcode-build-orchestrator/scripts/diagnose_compilation.py +273 -0
- package/pipeline/skills/shared/external/xcode-build-orchestrator/scripts/generate_optimization_report.py +533 -0
- package/pipeline/skills/shared/external/xcode-compilation-analyzer/SKILL.md +90 -0
- package/pipeline/skills/shared/external/xcode-compilation-analyzer/references/build-optimization-sources.md +155 -0
- package/pipeline/skills/shared/external/xcode-compilation-analyzer/references/code-compilation-checks.md +106 -0
- package/pipeline/skills/shared/external/xcode-compilation-analyzer/references/recommendation-format.md +85 -0
- package/pipeline/skills/shared/external/xcode-compilation-analyzer/scripts/diagnose_compilation.py +273 -0
- package/pipeline/skills/shared/external/xcode-project-analyzer/SKILL.md +77 -0
- package/pipeline/skills/shared/external/xcode-project-analyzer/references/build-optimization-sources.md +155 -0
- package/pipeline/skills/shared/external/xcode-project-analyzer/references/build-settings-best-practices.md +216 -0
- package/pipeline/skills/shared/external/xcode-project-analyzer/references/project-audit-checks.md +101 -0
- package/pipeline/skills/shared/external/xcode-project-analyzer/references/recommendation-format.md +85 -0
- package/pipeline/skills/skills-index.md +213 -192
- package/docs/GENERICITY-REVIEW.md +0 -277
- package/docs/STABILITY-FIX-PLAN.md +0 -168
- package/pipeline/scripts/.last-figma-sync-plan.json +0 -23
- package/pipeline/scripts/README-figma-smokes.md +0 -34
- package/pipeline/scripts/figma-placeholder-map.json +0 -191
- package/pipeline/scripts/import-figma-skills.sh +0 -253
- package/pipeline/scripts/smoke-figma-config-schema.sh +0 -144
- package/pipeline/scripts/smoke-figma-skill-import.sh +0 -174
- package/pipeline/scripts/smoke-install-leak-gate.sh +0 -125
- package/pipeline/scripts/smoke-personal-data.sh +0 -82
- package/pipeline/scripts/sync-figma-source.sh +0 -228
- package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-page-ids.json +0 -94
- package/pipeline/skills/shared/external/app-store-review/references/code-signing.md +0 -259
- package/pipeline/skills/shared/external/app-store-review/references/rejection-patterns.md +0 -152
- package/pipeline/skills/shared/external/pencilkit-drawing/references/paperkit-integration.md +0 -376
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: device-integrity
|
|
3
|
-
description: "Verify device legitimacy and app integrity using DeviceCheck (DCDevice per-device bits) and App Attest (DCAppAttestService key generation, attestation, and assertion flows). Use when implementing fraud prevention, detecting compromised devices, validating app authenticity with Apple's servers, protecting sensitive API endpoints with attested requests, or adding device verification to
|
|
3
|
+
description: "Verify device legitimacy and app integrity using DeviceCheck (DCDevice per-device bits) and App Attest (DCAppAttestService key generation, attestation, and assertion flows). Use when implementing fraud prevention, detecting compromised devices, validating app authenticity with Apple's servers, protecting sensitive API endpoints with attested requests, or adding device verification to a backend architecture."
|
|
4
4
|
---
|
|
5
5
|
|
|
6
6
|
# Device Integrity
|
|
7
7
|
|
|
8
|
-
Verify that requests to your server come from a genuine Apple device running
|
|
9
|
-
your
|
|
10
|
-
(e.g., "claimed promo offer"). App Attest uses Secure Enclave keys
|
|
11
|
-
attestation to cryptographically prove app legitimacy on
|
|
8
|
+
Verify that requests to your server come from a genuine Apple device running a
|
|
9
|
+
legitimate instance of your app. DeviceCheck provides per-device bits for
|
|
10
|
+
simple flags (e.g., "claimed promo offer"). App Attest uses Secure Enclave keys
|
|
11
|
+
and Apple attestation to cryptographically prove app legitimacy on sensitive
|
|
12
|
+
requests.
|
|
12
13
|
|
|
13
14
|
## Contents
|
|
14
15
|
|
|
@@ -22,13 +23,15 @@ attestation to cryptographically prove app legitimacy on each request.
|
|
|
22
23
|
- [Common Patterns](#common-patterns)
|
|
23
24
|
- [Common Mistakes](#common-mistakes)
|
|
24
25
|
- [Review Checklist](#review-checklist)
|
|
26
|
+
- [References](#references)
|
|
25
27
|
|
|
26
28
|
## DCDevice (DeviceCheck Tokens)
|
|
27
29
|
|
|
28
30
|
[`DCDevice`](https://sosumi.ai/documentation/devicecheck/dcdevice) generates a
|
|
29
|
-
unique, ephemeral token that identifies a device.
|
|
30
|
-
|
|
31
|
-
|
|
31
|
+
unique, ephemeral token that identifies a device. Treat each token as
|
|
32
|
+
single-use: generate a new token for each server operation instead of caching or
|
|
33
|
+
reusing one. The token is sent to your server, which then communicates with
|
|
34
|
+
Apple's servers to read or set two per-device bits. Available on iOS 11+.
|
|
32
35
|
|
|
33
36
|
### Token Generation
|
|
34
37
|
|
|
@@ -76,6 +79,9 @@ Your server uses the device token to call Apple's DeviceCheck API endpoints:
|
|
|
76
79
|
The server authenticates with a DeviceCheck private key from the Apple Developer
|
|
77
80
|
portal, creating a signed JWT for each request.
|
|
78
81
|
|
|
82
|
+
Use `https://api.development.devicecheck.apple.com` only while testing; use
|
|
83
|
+
`https://api.devicecheck.apple.com` for production.
|
|
84
|
+
|
|
79
85
|
### What the Two Bits Are For
|
|
80
86
|
|
|
81
87
|
Apple stores two Boolean values per device per developer team. You decide what
|
|
@@ -84,8 +90,8 @@ they mean. Common uses:
|
|
|
84
90
|
- **Bit 0:** Device has claimed a promotional offer.
|
|
85
91
|
- **Bit 1:** Device has been flagged for fraud.
|
|
86
92
|
|
|
87
|
-
Bits persist across app reinstall
|
|
88
|
-
|
|
93
|
+
Bits persist across app reinstall. You control when to reset them via the
|
|
94
|
+
server API.
|
|
89
95
|
|
|
90
96
|
## DCAppAttestService (App Attest)
|
|
91
97
|
|
|
@@ -113,11 +119,20 @@ guard attestService.isSupported else {
|
|
|
113
119
|
}
|
|
114
120
|
```
|
|
115
121
|
|
|
122
|
+
For app extensions, App Attest is supported only in Action, extensible SSO, and
|
|
123
|
+
watchOS extensions. Treat other extension types as unsupported even if
|
|
124
|
+
`isSupported` returns `true`.
|
|
125
|
+
|
|
116
126
|
## App Attest Key Generation
|
|
117
127
|
|
|
118
|
-
Generate
|
|
119
|
-
|
|
120
|
-
|
|
128
|
+
Generate one cryptographic key pair per user account on each device. The
|
|
129
|
+
private key stays in the Secure Enclave. The returned `keyId` is the only
|
|
130
|
+
identifier your app can later use to access the key, so record and reuse the
|
|
131
|
+
account/device-scoped `keyId`; do not share one key across users. Avoid
|
|
132
|
+
unnecessary regeneration because each new key affects App Attest key-count risk
|
|
133
|
+
metrics. Only treat the `keyId` as usable after your server verifies
|
|
134
|
+
attestation. If server verification fails, discard the `keyId` and generate a
|
|
135
|
+
new key before retrying.
|
|
121
136
|
|
|
122
137
|
```swift
|
|
123
138
|
import DeviceCheck
|
|
@@ -126,7 +141,7 @@ actor AppAttestManager {
|
|
|
126
141
|
private let service = DCAppAttestService.shared
|
|
127
142
|
private var keyId: String?
|
|
128
143
|
|
|
129
|
-
/// Generate and
|
|
144
|
+
/// Generate and record a key pair for App Attest.
|
|
130
145
|
func generateKeyIfNeeded() async throws -> String {
|
|
131
146
|
if let existingKeyId = loadKeyIdFromKeychain() {
|
|
132
147
|
self.keyId = existingKeyId
|
|
@@ -145,7 +160,7 @@ actor AppAttestManager {
|
|
|
145
160
|
let data = Data(keyId.utf8)
|
|
146
161
|
let query: [String: Any] = [
|
|
147
162
|
kSecClass as String: kSecClassGenericPassword,
|
|
148
|
-
kSecAttrAccount as String: "app-attest-key-id",
|
|
163
|
+
kSecAttrAccount as String: "app-attest-key-id-\(currentAccountID)",
|
|
149
164
|
kSecAttrService as String: Bundle.main.bundleIdentifier ?? "",
|
|
150
165
|
kSecValueData as String: data,
|
|
151
166
|
kSecAttrAccessible as String: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
|
|
@@ -157,7 +172,7 @@ actor AppAttestManager {
|
|
|
157
172
|
private func loadKeyIdFromKeychain() -> String? {
|
|
158
173
|
let query: [String: Any] = [
|
|
159
174
|
kSecClass as String: kSecClassGenericPassword,
|
|
160
|
-
kSecAttrAccount as String: "app-attest-key-id",
|
|
175
|
+
kSecAttrAccount as String: "app-attest-key-id-\(currentAccountID)",
|
|
161
176
|
kSecAttrService as String: Bundle.main.bundleIdentifier ?? "",
|
|
162
177
|
kSecReturnData as String: true,
|
|
163
178
|
kSecMatchLimit as String: kSecMatchLimitOne
|
|
@@ -170,14 +185,16 @@ actor AppAttestManager {
|
|
|
170
185
|
}
|
|
171
186
|
```
|
|
172
187
|
|
|
173
|
-
**Important:** Generate the key once
|
|
174
|
-
key
|
|
188
|
+
**Important:** Generate the key once per user account on a device, persist that
|
|
189
|
+
account/device `keyId`, and keep the key count low. Generating unnecessary keys
|
|
190
|
+
pollutes App Attest risk metrics.
|
|
175
191
|
|
|
176
192
|
## App Attest Attestation Flow
|
|
177
193
|
|
|
178
194
|
Attestation proves that the key was generated on a genuine Apple device running
|
|
179
|
-
your
|
|
180
|
-
|
|
195
|
+
a legitimate instance of your app. You perform attestation once per key, then
|
|
196
|
+
store the verified public key and receipt on your server. The app stores the
|
|
197
|
+
`keyId` for future assertions after the server accepts the attestation.
|
|
181
198
|
|
|
182
199
|
### Client-Side Attestation
|
|
183
200
|
|
|
@@ -244,18 +261,20 @@ extension AppAttestManager {
|
|
|
244
261
|
|
|
245
262
|
### Server-Side Attestation Verification
|
|
246
263
|
|
|
247
|
-
Your server
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
264
|
+
Your server validates the attestation object (CBOR), verifies the certificate
|
|
265
|
+
chain against Apple's App Attest root CA, checks Apple's nonce calculation, and
|
|
266
|
+
stores the verified public key and receipt for future assertion verification.
|
|
267
|
+
The attestation nonce is not `SHA256(challenge)` alone; it is
|
|
268
|
+
`SHA256(authData || SHA256(challenge))` and is compared with the credential
|
|
269
|
+
certificate extension `1.2.840.113635.100.8.2`. See
|
|
270
|
+
[references/device-integrity-patterns.md](references/device-integrity-patterns.md)
|
|
271
|
+
for the full server verification flow.
|
|
254
272
|
|
|
255
273
|
## App Attest Assertion Flow
|
|
256
274
|
|
|
257
|
-
After attestation, use assertions to sign
|
|
258
|
-
proves the request came from the attested app instance
|
|
275
|
+
After attestation, use assertions to sign sensitive requests. Each assertion
|
|
276
|
+
proves the request came from the attested app instance and includes a
|
|
277
|
+
server-issued, one-time challenge to prevent replay.
|
|
259
278
|
|
|
260
279
|
### Client-Side Assertion
|
|
261
280
|
|
|
@@ -264,16 +283,14 @@ import DeviceCheck
|
|
|
264
283
|
import CryptoKit
|
|
265
284
|
|
|
266
285
|
extension AppAttestManager {
|
|
267
|
-
/// Generate an assertion
|
|
268
|
-
///
|
|
269
|
-
|
|
270
|
-
func generateAssertion(for requestData: Data) async throws -> Data {
|
|
286
|
+
/// Generate an assertion for encoded client data.
|
|
287
|
+
/// Client data should include a one-time server challenge and request context.
|
|
288
|
+
func generateAssertion(for clientData: Data) async throws -> Data {
|
|
271
289
|
guard let keyId else {
|
|
272
290
|
throw DeviceIntegrityError.keyNotGenerated
|
|
273
291
|
}
|
|
274
292
|
|
|
275
|
-
|
|
276
|
-
let clientDataHash = Data(SHA256.hash(data: requestData))
|
|
293
|
+
let clientDataHash = Data(SHA256.hash(data: clientData))
|
|
277
294
|
|
|
278
295
|
return try await service.generateAssertion(keyId, clientDataHash: clientDataHash)
|
|
279
296
|
}
|
|
@@ -283,6 +300,13 @@ extension AppAttestManager {
|
|
|
283
300
|
### Using Assertions in Network Requests
|
|
284
301
|
|
|
285
302
|
```swift
|
|
303
|
+
struct AppAttestClientData: Encodable {
|
|
304
|
+
let challenge: String
|
|
305
|
+
let method: String
|
|
306
|
+
let path: String
|
|
307
|
+
let bodySHA256: String
|
|
308
|
+
}
|
|
309
|
+
|
|
286
310
|
extension AppAttestManager {
|
|
287
311
|
/// Perform an attested API request.
|
|
288
312
|
func makeAttestedRequest(
|
|
@@ -290,146 +314,75 @@ extension AppAttestManager {
|
|
|
290
314
|
method: String = "POST",
|
|
291
315
|
body: Data
|
|
292
316
|
) async throws -> (Data, URLResponse) {
|
|
293
|
-
let
|
|
317
|
+
let challenge = try await fetchAssertionChallenge()
|
|
318
|
+
let bodyHash = Data(SHA256.hash(data: body)).base64EncodedString()
|
|
319
|
+
let clientData = try JSONEncoder().encode(
|
|
320
|
+
AppAttestClientData(
|
|
321
|
+
challenge: challenge,
|
|
322
|
+
method: method,
|
|
323
|
+
path: url.path,
|
|
324
|
+
bodySHA256: bodyHash
|
|
325
|
+
)
|
|
326
|
+
)
|
|
327
|
+
let assertion = try await generateAssertion(for: clientData)
|
|
294
328
|
|
|
295
329
|
var request = URLRequest(url: url)
|
|
296
330
|
request.httpMethod = method
|
|
297
331
|
request.setValue("application/json", forHTTPHeaderField: "Content-Type")
|
|
298
|
-
request.setValue(assertion.base64EncodedString(), forHTTPHeaderField: "X-App-Assertion")
|
|
332
|
+
request.setValue(assertion.base64EncodedString(), forHTTPHeaderField: "X-App-Attest-Assertion")
|
|
333
|
+
request.setValue(clientData.base64EncodedString(), forHTTPHeaderField: "X-App-Attest-Client-Data")
|
|
299
334
|
request.httpBody = body
|
|
300
335
|
|
|
301
336
|
return try await URLSession.shared.data(for: request)
|
|
302
337
|
}
|
|
338
|
+
|
|
339
|
+
private func fetchAssertionChallenge() async throws -> String {
|
|
340
|
+
let url = serverURL.appending(path: "assert/challenge")
|
|
341
|
+
let (data, _) = try await URLSession.shared.data(from: url)
|
|
342
|
+
return String(decoding: data, as: UTF8.self)
|
|
343
|
+
}
|
|
303
344
|
}
|
|
304
345
|
```
|
|
305
346
|
|
|
306
347
|
### Server-Side Assertion Verification
|
|
307
348
|
|
|
308
|
-
Your server
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
349
|
+
Your server decodes the assertion (CBOR), verifies the authenticator data and
|
|
350
|
+
counter, recomputes `clientDataHash` from the submitted client data, verifies
|
|
351
|
+
the signature over `SHA256(authenticatorData || clientDataHash)` with the
|
|
352
|
+
stored public key, and confirms the embedded challenge and request context. See
|
|
353
|
+
[references/device-integrity-patterns.md](references/device-integrity-patterns.md)
|
|
354
|
+
for step-by-step server verification.
|
|
314
355
|
|
|
315
356
|
## Server Verification Guidance
|
|
316
357
|
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
| Phase | When | What It Proves | Frequency |
|
|
320
|
-
|-------|------|---------------|-----------|
|
|
321
|
-
| **Attestation** | After key generation | The key lives on a genuine Apple device running your unmodified app | Once per key |
|
|
322
|
-
| **Assertion** | With each sensitive request | The request came from the attested app instance | Per request |
|
|
358
|
+
See [references/device-integrity-patterns.md](references/device-integrity-patterns.md) for full server architecture guidance including attestation vs. assertion comparison, recommended endpoint design, and risk assessment.
|
|
323
359
|
|
|
324
|
-
###
|
|
360
|
+
### Security Boundaries
|
|
325
361
|
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
Combine App Attest with [fraud risk assessment](https://sosumi.ai/documentation/devicecheck/assessing-fraud-risk) for defense in depth. App Attest alone does not guarantee the user is not abusing the app -- it confirms the app is genuine.
|
|
362
|
+
App Attest proves app-instance integrity for selected requests. It does not
|
|
363
|
+
replace user authentication, OAuth/JWT/session handling, API token design,
|
|
364
|
+
entitlement or subscription authorization, TLS, certificate pinning, or general
|
|
365
|
+
networking security. Treat those as handoffs to authentication, networking, or
|
|
366
|
+
broader security guidance, and still enforce normal authentication and
|
|
367
|
+
authorization after App Attest passes.
|
|
333
368
|
|
|
334
369
|
## Error Handling
|
|
335
370
|
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
```swift
|
|
339
|
-
import DeviceCheck
|
|
340
|
-
|
|
341
|
-
func handleAttestError(_ error: Error) {
|
|
342
|
-
if let dcError = error as? DCError {
|
|
343
|
-
switch dcError.code {
|
|
344
|
-
case .unknownSystemFailure:
|
|
345
|
-
// Transient system error -- retry with exponential backoff
|
|
346
|
-
break
|
|
347
|
-
case .featureUnsupported:
|
|
348
|
-
// Device or OS does not support this feature
|
|
349
|
-
// Fall back to alternative verification
|
|
350
|
-
break
|
|
351
|
-
case .invalidKey:
|
|
352
|
-
// Key is corrupted or was invalidated
|
|
353
|
-
// Generate a new key and re-attest
|
|
354
|
-
break
|
|
355
|
-
case .invalidInput:
|
|
356
|
-
// The clientDataHash or keyId was malformed
|
|
357
|
-
break
|
|
358
|
-
case .serverUnavailable:
|
|
359
|
-
// Apple's attestation server is unreachable -- retry later
|
|
360
|
-
break
|
|
361
|
-
@unknown default:
|
|
362
|
-
break
|
|
363
|
-
}
|
|
364
|
-
}
|
|
365
|
-
}
|
|
366
|
-
```
|
|
367
|
-
|
|
368
|
-
### Retry Strategy
|
|
369
|
-
|
|
370
|
-
```swift
|
|
371
|
-
extension AppAttestManager {
|
|
372
|
-
func attestKeyWithRetry(maxAttempts: Int = 3) async throws -> Data {
|
|
373
|
-
var lastError: Error?
|
|
374
|
-
|
|
375
|
-
for attempt in 0..<maxAttempts {
|
|
376
|
-
do {
|
|
377
|
-
return try await attestKey()
|
|
378
|
-
} catch let error as DCError where error.code == .serverUnavailable {
|
|
379
|
-
lastError = error
|
|
380
|
-
let delay = UInt64(pow(2.0, Double(attempt))) * 1_000_000_000
|
|
381
|
-
try await Task.sleep(nanoseconds: delay)
|
|
382
|
-
} catch {
|
|
383
|
-
throw error // Non-retryable errors propagate immediately
|
|
384
|
-
}
|
|
385
|
-
}
|
|
386
|
-
|
|
387
|
-
throw lastError ?? DeviceIntegrityError.attestationFailed
|
|
388
|
-
}
|
|
389
|
-
}
|
|
390
|
-
```
|
|
371
|
+
Handle `DCError` codes from DeviceCheck operations. Key cases:
|
|
391
372
|
|
|
392
|
-
|
|
373
|
+
- `.serverUnavailable` - retry with exponential backoff
|
|
374
|
+
- `.invalidKey` - the key was already attested, assertion used an unattested key, or the service rejected the key
|
|
375
|
+
- `.featureUnsupported` - fall back to `DCDevice` tokens
|
|
376
|
+
- `.invalidInput` - malformed `clientDataHash` or `keyId`
|
|
393
377
|
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
extension AppAttestManager {
|
|
400
|
-
func handleInvalidKey() async throws -> String {
|
|
401
|
-
deleteKeyIdFromKeychain()
|
|
402
|
-
keyId = nil
|
|
403
|
-
return try await generateKeyIfNeeded()
|
|
404
|
-
}
|
|
405
|
-
|
|
406
|
-
private func deleteKeyIdFromKeychain() {
|
|
407
|
-
let query: [String: Any] = [
|
|
408
|
-
kSecClass as String: kSecClassGenericPassword,
|
|
409
|
-
kSecAttrAccount as String: "app-attest-key-id",
|
|
410
|
-
kSecAttrService as String: Bundle.main.bundleIdentifier ?? ""
|
|
411
|
-
]
|
|
412
|
-
SecItemDelete(query as CFDictionary)
|
|
413
|
-
}
|
|
414
|
-
}
|
|
415
|
-
```
|
|
378
|
+
For `attestKey`, retry `.serverUnavailable` later with the same `keyId` and the
|
|
379
|
+
same `clientDataHash`. For other attestation errors, discard the key identifier
|
|
380
|
+
and create a new key before retrying. See
|
|
381
|
+
[references/device-integrity-patterns.md](references/device-integrity-patterns.md)
|
|
382
|
+
for full error handling code, retry strategy, and rejected-key recovery.
|
|
416
383
|
|
|
417
384
|
## Common Patterns
|
|
418
385
|
|
|
419
|
-
### Full Integration Manager
|
|
420
|
-
|
|
421
|
-
Combine the patterns above into a single `actor` that manages the full lifecycle:
|
|
422
|
-
1. Check `isSupported` and fall back to `DCDevice` tokens on unsupported devices.
|
|
423
|
-
2. Call `generateKeyIfNeeded()` on launch to create or load the persisted key.
|
|
424
|
-
3. Call `attestKeyWithRetry()` once after key generation.
|
|
425
|
-
4. Use `generateAssertion(for:)` on each sensitive server request.
|
|
426
|
-
5. Handle `DCError.invalidKey` by regenerating and re-attesting.
|
|
427
|
-
|
|
428
|
-
### Gradual Rollout
|
|
429
|
-
|
|
430
|
-
Apple recommends a gradual rollout. Gate App Attest behind a remote feature
|
|
431
|
-
flag and fall back to `DCDevice` tokens on unsupported devices.
|
|
432
|
-
|
|
433
386
|
### Environment Entitlement
|
|
434
387
|
|
|
435
388
|
Set the App Attest environment in your entitlements file. Use `development`
|
|
@@ -440,38 +393,45 @@ during testing and `production` for App Store builds:
|
|
|
440
393
|
<string>production</string>
|
|
441
394
|
```
|
|
442
395
|
|
|
443
|
-
When the entitlement is
|
|
444
|
-
|
|
396
|
+
When the entitlement is omitted during development, the app uses the App Attest
|
|
397
|
+
sandbox by default. After distribution through TestFlight, the App Store, or the
|
|
398
|
+
Apple Developer Enterprise Program, the app ignores the entitlement value and
|
|
399
|
+
uses production.
|
|
445
400
|
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
```swift
|
|
449
|
-
enum DeviceIntegrityError: Error {
|
|
450
|
-
case deviceCheckUnsupported
|
|
451
|
-
case keyNotGenerated
|
|
452
|
-
case attestationFailed
|
|
453
|
-
case attestationVerificationFailed
|
|
454
|
-
case assertionFailed
|
|
455
|
-
case serverVerificationFailed
|
|
456
|
-
}
|
|
457
|
-
```
|
|
401
|
+
See [references/device-integrity-patterns.md](references/device-integrity-patterns.md) for the full integration manager pattern, gradual rollout guidance, and error type definition.
|
|
458
402
|
|
|
459
403
|
## Common Mistakes
|
|
460
404
|
|
|
461
|
-
1. **Generating a new key on every launch.** Generate once, persist the `keyId
|
|
462
|
-
2. **
|
|
463
|
-
3. **
|
|
464
|
-
4. **
|
|
465
|
-
5. **
|
|
466
|
-
6. **
|
|
405
|
+
1. **Generating a new key on every launch.** Generate once per user account on a device, persist the `keyId`, and keep key counts low.
|
|
406
|
+
2. **Reusing `DCDevice` tokens.** Treat generated tokens as single-use. Generate a new token for each server operation.
|
|
407
|
+
3. **Skipping the fallback for unsupported devices or extensions.** Not all devices and extension types support App Attest. Use `DCDevice` tokens or other risk assessment as fallback.
|
|
408
|
+
4. **Trusting attestation client-side.** All verification must happen on your server.
|
|
409
|
+
5. **Signing only the raw request body.** Assertion client data must include a one-time server challenge and enough request context for the server to bind the assertion to the request.
|
|
410
|
+
6. **Verifying the wrong attestation nonce.** Compare the certificate extension with `SHA256(authData || SHA256(challenge))`, not `SHA256(challenge)` alone.
|
|
411
|
+
7. **Not implementing replay protection.** The server must validate one-time challenges and track the assertion counter.
|
|
412
|
+
8. **Mixing development and production environments.** Sandbox keys and receipts do not work in production, and production keys and receipts do not work in sandbox.
|
|
413
|
+
9. **Not handling `DCError.invalidKey`.** Check for repeated attestation, unattested assertion keys, or service rejection; regenerate only after the state is known bad.
|
|
467
414
|
|
|
468
415
|
## Review Checklist
|
|
469
416
|
|
|
470
|
-
- [ ] `
|
|
471
|
-
- [ ]
|
|
472
|
-
- [ ]
|
|
473
|
-
- [ ]
|
|
474
|
-
- [ ]
|
|
475
|
-
- [ ]
|
|
476
|
-
- [ ]
|
|
417
|
+
- [ ] `DCDevice` tokens generated per server operation and never cached for reuse
|
|
418
|
+
- [ ] `DCAppAttestService.isSupported` checked before use; unsupported devices and extension types have a fallback
|
|
419
|
+
- [ ] Key generated once per user account on each device and `keyId` persisted only for that app account/device
|
|
420
|
+
- [ ] Attestation performed once per key; server stores verified public key and receipt
|
|
421
|
+
- [ ] Server validates attestation certificate chain, App ID hash, environment `aaguid`, credential ID, and nonce `SHA256(authData || SHA256(challenge))`
|
|
422
|
+
- [ ] Assertions include one-time challenge plus request context; server verifies signature, RP ID, counter, challenge, and request binding
|
|
423
|
+
- [ ] Protected endpoints still enforce normal user authentication and entitlement authorization after App Attest passes
|
|
424
|
+
- [ ] `DCError` cases handled: `.serverUnavailable` retries attestation with the same key/hash; bad keys are discarded and regenerated
|
|
425
|
+
- [ ] App Attest environment entitlement and sandbox/production server routing are consistent
|
|
477
426
|
- [ ] Gradual rollout considered; feature flag in place for enabling/disabling
|
|
427
|
+
|
|
428
|
+
## References
|
|
429
|
+
|
|
430
|
+
- Extended patterns: [references/device-integrity-patterns.md](references/device-integrity-patterns.md)
|
|
431
|
+
- [DeviceCheck framework](https://sosumi.ai/documentation/devicecheck)
|
|
432
|
+
- [DCDevice](https://sosumi.ai/documentation/devicecheck/dcdevice)
|
|
433
|
+
- [DCAppAttestService](https://sosumi.ai/documentation/devicecheck/dcappattestservice)
|
|
434
|
+
- [Establishing your app's integrity](https://sosumi.ai/documentation/devicecheck/establishing-your-app-s-integrity)
|
|
435
|
+
- [Validating apps that connect to your server](https://sosumi.ai/documentation/devicecheck/validating-apps-that-connect-to-your-server)
|
|
436
|
+
- [Attestation Object Validation Guide](https://sosumi.ai/documentation/devicecheck/attestation-object-validation-guide)
|
|
437
|
+
- [App Attest Environment](https://sosumi.ai/documentation/bundleresources/entitlements/com.apple.developer.devicecheck.appattest-environment)
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "device-integrity",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 0,
|
|
6
|
+
"name": "app-attest-attestation-verifier",
|
|
7
|
+
"prompt": "We're adding server-side App Attest verification for an iOS app. The client sends keyId, attestationObject, and the original one-time challenge. What exact checks should the verifier perform before storing anything?",
|
|
8
|
+
"expected_output": "A source-grounded App Attest attestation verification checklist that covers CBOR/certificate validation, nonce composition, App ID and environment checks, credential ID/keyId checks, and storing verified public key plus receipt.",
|
|
9
|
+
"files": [],
|
|
10
|
+
"expectations": [
|
|
11
|
+
"Computes `clientDataHash = SHA256(challenge)`, then verifies the certificate nonce against `SHA256(authData || clientDataHash)` rather than `SHA256(challenge)` alone.",
|
|
12
|
+
"Names the credential certificate extension OID `1.2.840.113635.100.8.2` as the source of the nonce value to compare.",
|
|
13
|
+
"Verifies the App ID/RP ID hash, environment `aaguid`, initial counter, `credentialId`, and keyId/public-key hash relationship.",
|
|
14
|
+
"Stores the verified public key and receipt for future assertion and fraud-risk use instead of treating the raw attestation object as the trusted durable record."
|
|
15
|
+
]
|
|
16
|
+
},
|
|
17
|
+
{
|
|
18
|
+
"id": 1,
|
|
19
|
+
"name": "app-attest-sensitive-request-assertion",
|
|
20
|
+
"prompt": "Design the App Attest assertion contract for a premium-content download endpoint. The app already has an attested key. What should the client sign and what should the server verify on every sensitive request?",
|
|
21
|
+
"expected_output": "A replay-safe assertion design that signs client data containing a server challenge and request context, then verifies assertion CBOR, signature, RP ID, counter, challenge, and request binding server-side.",
|
|
22
|
+
"files": [],
|
|
23
|
+
"expectations": [
|
|
24
|
+
"Requires a fresh one-time server challenge for the assertion flow and embeds it in the client data.",
|
|
25
|
+
"Includes request context or a request-body hash in the signed client data so the assertion is bound to the sensitive request.",
|
|
26
|
+
"Verifies the assertion signature over `SHA256(authenticatorData || SHA256(clientData))` using the public key stored from attestation.",
|
|
27
|
+
"Checks the RP ID hash, monotonically increasing counter, and embedded challenge before accepting the request."
|
|
28
|
+
]
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
"id": 2,
|
|
32
|
+
"name": "device-integrity-boundary-and-errors",
|
|
33
|
+
"prompt": "Review this plan: cache a DCDevice token for the whole install, use one App Attest key for all users, retry any attestKey failure with a new key immediately, treat invalidKey as an OS update problem, and add OAuth/session-token/certificate-pinning advice to the same device-integrity checklist. What should be corrected?",
|
|
34
|
+
"expected_output": "A boundary-aware correction list that fixes DeviceCheck token reuse, App Attest key scope, retry/error handling, environment behavior, and routes unrelated authentication/network security work to sibling guidance.",
|
|
35
|
+
"files": [],
|
|
36
|
+
"expectations": [
|
|
37
|
+
"States that `DCDevice.generateToken()` tokens are single-use and should not be cached for the whole install.",
|
|
38
|
+
"Requires App Attest keys to be unique per user account on each device and warns against unnecessary key generation because it affects risk metrics.",
|
|
39
|
+
"For `serverUnavailable`, retries attestation later with the same key and same `clientDataHash`; for other attestation errors, discards the key identifier before a new-key retry.",
|
|
40
|
+
"Describes `invalidKey` using Apple-documented causes: already-attested key, unattested assertion key, or service rejection, without attributing it to OS updates or Secure Enclave resets.",
|
|
41
|
+
"Keeps OAuth/session-token design, certificate pinning, and broad networking security out of the device-integrity checklist except as sibling-skill handoffs."
|
|
42
|
+
]
|
|
43
|
+
}
|
|
44
|
+
]
|
|
45
|
+
}
|