Rewrites the builder console to browse local Xcode projects instead of
accepting source uploads or git URLs. Replaces the devices page with a
profiles page that manages ad-hoc provisioning profiles and lists
registered bundle IDs per team.
Adds multi-account support: ASC API keys are now stored in an asc_keys
table keyed by team_id (team_name, key_id, issuer_id, p8_filename). At
build time, the worker reads DEVELOPMENT_TEAM from the Xcode project and
auto-picks the matching key for fastlane sigh + JWT signing. Legacy
single-key settings auto-migrate on first boot.
Fixes storefront IPA parser to handle binary plists produced by Xcode.
Drops the enrollment bridge, device management routes, and direct
ASC API client -- fastlane sigh handles profile lifecycle now.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Builder service (Mac mini):
- Build worker: xcodebuild archive + export + fastlane signing + upload to unraid
- /api/build/upload (source archive) and /api/build/git (clone) ingest paths
- SSE-streamed build logs, builds list UI, live status updates
- /api/devices/from-enrollment bridge endpoint (shared-secret auth)
Storefront (unraid):
- /enroll/ public flow: landing page, mobileconfig generator, callback parser
- Forwards extracted UDIDs to the Mac mini builder for ASC registration
- docker-compose.yml now passes BUILDER_URL and BUILDER_SHARED_SECRET
Updated CLAUDE.md with full architecture, deploy flow, and gotchas.
Phase 1-3 of the builder subsystem on the Mac mini:
- Express + SQLite + sessions scaffolding, LAN-only service on port 3090
- App Store Connect JWT client (ES256 signing, devices/profiles/bundleIds)
- Device management UI with Apple-side registration
- Fastlane sigh wrapper with profile cache + auto-install to ~/Library/
- launchd plist + deploy script for Mac mini supervision
