feat(onboarding): shared engine for iOS + Android, TUI as render-only wrapper (PR 1)

cli/build.mjs

@@ -318,6 +318,8 @@ const buildCLI = Bun.build({
   external: HELPER_PACKAGES,
   define: {
     'process.env.SUPA_DB': '"production"',
+    'globalThis.__CAPGO_DEV__': 'false',
+    'globalThis.__CAPGO_MCP_ONBOARDING__': 'false',
     // Gates the CAPGO_KEYCHAIN_HELPER_PATH dev override. `false` here makes
     // the minifier delete the whole branch from release bundles —
     // publish_cli.yml asserts the string is absent from dist/index.js.
@@ -351,6 +353,8 @@ const buildSDK = Bun.build({
   external: HELPER_PACKAGES,
   define: {
     'process.env.SUPA_DB': '"production"',
+    'globalThis.__CAPGO_DEV__': 'false',
+    'globalThis.__CAPGO_MCP_ONBOARDING__': 'false',
     // Gates the CAPGO_KEYCHAIN_HELPER_PATH dev override. `false` here makes
     // the minifier delete the whole branch from release bundles —
     // publish_cli.yml asserts the string is absent from dist/index.js.

cli/package.json

@@ -109,12 +109,36 @@
     "test:apple-api-import-helpers": "bun test/test-apple-api-import-helpers.mjs",
     "test:bundle-id-detector": "bun test/test-bundle-id-detector.mjs",
     "test:apple-api-app-list": "bun test/test-apple-api-app-list.mjs",
+    "test:apple-api-cert-create": "bun test/test-apple-api-cert-create.mjs",
     "test:app-verification": "bun test/test-app-verification.mjs",
     "test:pbxproj-parser": "bun test/test-pbxproj-parser.mjs",
     "test:manifest-path-encoding": "bun test/test-manifest-path-encoding.mjs",
     "test:self-update": "bun test/test-self-update.mjs",
     "test:update-prompt": "bun test/test-update-prompt.mjs",
-    "test": "bun run build && bun run test:helper-dce && bun run test:version-detection:setup && bun run test:bundle && bun run test:functional && bun run test:semver && bun run test:version-edge-cases && bun run test:regex && bun run test:upload && bun run test:fail-on-incompatible && bun run test:credentials && bun run test:credentials-validation && bun run test:android-service-account-validation && bun run test:build-zip-filter && bun run test:checksum && bun run test:build-needed && bun run test:ci-prompts && bun run test:ci-secrets && bun run test:android-onboarding-progress && bun run test:onboarding-telemetry && bun run test:v2-event-migration && bun run test:analytics && bun run test:analytics-error-category && bun run test:analytics-org-resolver && bun run test:supabase-perf && bun run test:preview-qr && bun run test:mcp-analytics && bun run test:app-created-source && bun run test:doctor-analytics && bun run test:posthog-exception && bun run test:build-platform-selection && bun run test:onboarding-recovery && bun run test:onboarding-progress && bun run test:onboarding-run-targets && bun run test:run-device-command && bun run test:init-app-conflict && bun run test:init-guardrails && bun run test:prompt-preferences && bun run test:esm-sdk && bun run test:mcp && bun run test:version-detection && bun run test:platform-paths && bun run test:payload-split && bun run test:manifest-path-encoding && bun run test:macos-signing && bun run test:apple-api-import-helpers && bun run test:bundle-id-detector && bun run test:apple-api-app-list && bun run test:app-verification && bun run test:pbxproj-parser && bun run test:ai-log-capture && bun run test:ai-analyze-flow && bun run test:ai-sse-parser && bun run test:ai-render-markdown && bun run test:ai-stream-markdown && bun run test:ai-onboarding-mode && bun run test:ai-fit && bun run test:platform-layout && bun run test:frame-fit && bun run test:onboarding-min-size && bun run test:min-size-gate && bun run test:shell-size-gate && bun run test:build-log-sanitize && bun run test:build-output-viewport && bun run test:diff-viewer-viewport && bun run test:build-complete-exit && bun run test:ai-analyze-stream && bun run test:support-mailto && bun run test:support-redact && bun run test:support-internal-log && bun run test:support-help-menu && bun run test:support-contact && bun run test:support-bundle-files && bun run test:self-update && bun run test:update-prompt",
+    "test:android-tail-engine": "bun test/test-android-tail-engine.mjs",
+    "test:android-tail-render": "bun test/test-android-tail-render.mjs",
+    "test:android-tail-routing": "bun test/test-android-tail-routing.mjs",
+    "test:dev-gate-stripped": "bun test/test-dev-gate-stripped.mjs",
+    "test:frame-fit-ios-shared": "bun test/test-frame-fit-ios-shared.mjs",
+    "test:ios-confirm-app-id": "bun test/test-ios-confirm-app-id.mjs",
+    "test:ios-create-new": "bun test/test-ios-create-new.mjs",
+    "test:ios-e2e": "bun test/test-ios-e2e.mjs",
+    "test:ios-flow-contract": "bun test/test-ios-flow-contract.mjs",
+    "test:ios-import-discovery": "bun test/test-ios-import-discovery.mjs",
+    "test:ios-import-export": "bun test/test-ios-import-export.mjs",
+    "test:ios-import-pickers": "bun test/test-ios-import-pickers.mjs",
+    "test:ios-import-recovery": "bun test/test-ios-import-recovery.mjs",
+    "test:ios-recovery": "bun test/test-ios-recovery.mjs",
+    "test:ios-resume": "bun test/test-ios-resume.mjs",
+    "test:ios-tail-handoff": "bun test/test-ios-tail-handoff.mjs",
+    "test:ios-tui-render": "bun test/test-ios-tui-render.mjs",
+    "test:p8-error": "bun test/test-p8-error.mjs",
+    "test:ios-tui-routing": "bun test/test-ios-tui-routing.mjs",
+    "test:ios-updater-sync-validation": "bun test/test-ios-updater-sync-validation.mjs",
+    "test:ios-verify-app": "bun test/test-ios-verify-app.mjs",
+    "test:platform-flow-contract": "bun test/test-platform-flow-contract.mjs",
+    "test:tail-engine-shared": "bun test/test-tail-engine-shared.mjs",
+    "test": "bun run build && bun run test:helper-dce && bun run test:version-detection:setup && bun run test:bundle && bun run test:functional && bun run test:semver && bun run test:version-edge-cases && bun run test:regex && bun run test:upload && bun run test:fail-on-incompatible && bun run test:credentials && bun run test:credentials-validation && bun run test:android-service-account-validation && bun run test:build-zip-filter && bun run test:checksum && bun run test:build-needed && bun run test:ci-prompts && bun run test:ci-secrets && bun run test:android-onboarding-progress && bun run test:onboarding-telemetry && bun run test:v2-event-migration && bun run test:analytics && bun run test:analytics-error-category && bun run test:analytics-org-resolver && bun run test:supabase-perf && bun run test:preview-qr && bun run test:mcp-analytics && bun run test:app-created-source && bun run test:doctor-analytics && bun run test:posthog-exception && bun run test:build-platform-selection && bun run test:onboarding-recovery && bun run test:onboarding-progress && bun run test:onboarding-run-targets && bun run test:run-device-command && bun run test:init-app-conflict && bun run test:init-guardrails && bun run test:prompt-preferences && bun run test:esm-sdk && bun run test:mcp && bun run test:version-detection && bun run test:platform-paths && bun run test:payload-split && bun run test:manifest-path-encoding && bun run test:macos-signing && bun run test:apple-api-import-helpers && bun run test:bundle-id-detector && bun run test:apple-api-app-list && bun run test:app-verification && bun run test:pbxproj-parser && bun run test:ai-log-capture && bun run test:ai-analyze-flow && bun run test:ai-sse-parser && bun run test:ai-render-markdown && bun run test:ai-stream-markdown && bun run test:ai-onboarding-mode && bun run test:ai-fit && bun run test:platform-layout && bun run test:frame-fit && bun run test:onboarding-min-size && bun run test:min-size-gate && bun run test:shell-size-gate && bun run test:build-log-sanitize && bun run test:build-output-viewport && bun run test:diff-viewer-viewport && bun run test:build-complete-exit && bun run test:ai-analyze-stream && bun run test:support-mailto && bun run test:support-redact && bun run test:support-internal-log && bun run test:support-help-menu && bun run test:support-contact && bun run test:support-bundle-files && bun run test:self-update && bun run test:update-prompt && bun run test:apple-api-cert-create && bun run test:android-tail-engine && bun run test:android-tail-render && bun run test:android-tail-routing && bun run test:dev-gate-stripped && bun run test:frame-fit-ios-shared && bun run test:ios-confirm-app-id && bun run test:ios-create-new && bun run test:ios-e2e && bun run test:ios-flow-contract && bun run test:ios-import-discovery && bun run test:ios-import-export && bun run test:ios-import-pickers && bun run test:ios-import-recovery && bun run test:ios-recovery && bun run test:ios-resume && bun run test:ios-tail-handoff && bun run test:ios-tui-render && bun run test:p8-error && bun run test:ios-tui-routing && bun run test:ios-updater-sync-validation && bun run test:ios-verify-app && bun run test:platform-flow-contract && bun run test:tail-engine-shared",
     "test:build-platform-selection": "bun test/test-build-platform-selection.mjs",
     "test:ai-log-capture": "bun test/test-ai-log-capture.mjs",
     "test:ai-analyze-flow": "bun test/test-ai-analyze-flow.mjs",

cli/src/__dev__/README.md

@@ -0,0 +1,16 @@
+# `src/__dev__/` — dev/test-only modules (NEVER shipped)
+
+Modules here exist only for development and testing (e.g. spoofing the Apple API
+in AI tests). They MUST be referenced **only** from inside
+`if (globalThis.__CAPGO_DEV__) { … }` branches.
+
+Why this is safe in the NPM release:
+
+1. The release build defines `globalThis.__CAPGO_DEV__ = false` (see `build.mjs`),
+   so `minify`'s dead-code elimination removes the branch **and** tree-shakes the
+   imported `__dev__` module out of `dist/index.js`.
+2. npm publishes only `dist/` (`package.json` `files`), so source is never published.
+3. `test/test-dev-gate-stripped.mjs` greps the built bundle for dev markers and
+   fails the build if any leak.
+
+Never import a `__dev__` module from a non-dev (always-on) code path.

cli/src/build/mobileprovision-parser.ts

@@ -77,7 +77,14 @@ function parseMobileprovisionBuffer(data: Buffer, source: string): Mobileprovisi
   return { name, uuid, applicationIdentifier, bundleId }
 }
 
-function parseMobileprovisionBufferDetailed(data: Buffer, source: string): MobileprovisionDetail {
+/**
+ * Buffer-based variant of {@link parseMobileprovisionDetailed} — parses the raw
+ * .mobileprovision bytes directly instead of reading a path. Used by the iOS
+ * onboarding engine's import-provide-profile-path effect, which reads the file
+ * via its injected `readFile` dep (so the IO stays at the boundary) and parses
+ * the returned Buffer here. `source` is a label used only in error messages.
+ */
+export function parseMobileprovisionBufferDetailed(data: Buffer, source = '<buffer input>'): MobileprovisionDetail {
   const base = parseMobileprovisionBuffer(data, source)
 
   const xmlStartMarker = '<?xml'