Stabilize iOS/watchOS/tvOS apps and add cross-platform audit remediation

2026-02-11 12:54:40 -06:00
parent e40275e694
commit acce712261
77 changed files with 2940 additions and 765 deletions
--- a/docs/stabilization_steps_1_5.md
+++ b/docs/stabilization_steps_1_5.md
@@ -0,0 +1,35 @@
+# Steps 1-5 Stabilization Deliverables
+
+This repo now includes:
+
+1. `SharedCore` Swift package with cross-platform utilities and dedicated test targets:
+   - `SharedCoreiOSTests`
+   - `SharedCoreWatchOSTests`
+   - `SharedCoreTVOSTests`
+2. Auth token lifecycle protections in shared iOS/tvOS user/network code:
+   - token sanitization
+   - JWT expiry checks
+   - proactive refresh trigger when near expiry
+   - forced logout on `401`/`403`
+3. Smoke scripts in `scripts/smoke/` for iOS/watchOS/tvOS plus package tests.
+4. Runtime logging hooks (structured `os.Logger`) in network/auth/datastore/watch bridge/workout paths.
+5. CI workflow `.github/workflows/apple-platform-ci.yml` that runs the smoke suite.
+6. Build warning cleanup:
+   - disabled AppIntents metadata extraction for iOS/watchOS/tvOS targets that do not link `AppIntents`.
+
+## SharedCore wiring
+
+- `SharedCore` is linked as a local Swift package product to:
+  - `Werkout_ios` (iOS)
+  - `Werkout_watch Watch App` (watchOS)
+  - `WekoutThotViewer` (tvOS)
+- Shared helpers are actively used in app code:
+  - `TokenSecurity` now drives token sanitization/expiry/rotation checks in `UserStore`.
+  - `RuntimeReporter` now handles network/auth/datastore runtime error reporting.
+
+## Local commands
+
+```bash
+./scripts/ci/scan_tokens.sh
+./scripts/smoke/smoke_all.sh
+```