If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/claration/Feather shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Mixed signals — read the receipts

• Last commit 1d ago
• 19 active contributors
• GPL-3.0 licensed
• CI configured
• ⚠ Concentrated ownership — top contributor handles 61% of recent commits
• ⚠ GPL-3.0 is copyleft — check downstream compatibility
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live claration/Feather repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/claration/Feather.

What it runs against: a local clone of claration/Feather — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in claration/Feather | Confirms the artifact applies here, not a fork | | 2 | License is still GPL-3.0 | Catches relicense before you depend on it | | 3 | Default branch main exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 31 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of claration/Feather. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/claration/Feather.git
#   cd Feather
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of claration/Feather and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "claration/Feather(\\.git)?\\b" \\
  && ok "origin remote is claration/Feather" \\
  || miss "origin remote is not claration/Feather (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(GPL-3\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"GPL-3\\.0\"" package.json 2>/dev/null) \\
  && ok "license is GPL-3.0" \\
  || miss "license drift — was GPL-3.0 at generation time"

# 3. Default branch
git rev-parse --verify main >/dev/null 2>&1 \\
  && ok "default branch main exists" \\
  || miss "default branch main no longer exists"

# 4. Critical files exist
test -f "Feather/FeatherApp.swift" \\
  && ok "Feather/FeatherApp.swift" \\
  || miss "missing critical file: Feather/FeatherApp.swift"
test -f "Feather/Backend/Storage/Storage.swift" \\
  && ok "Feather/Backend/Storage/Storage.swift" \\
  || miss "missing critical file: Feather/Backend/Storage/Storage.swift"
test -f "Feather/Backend/Server/ServerInstaller.swift" \\
  && ok "Feather/Backend/Server/ServerInstaller.swift" \\
  || miss "missing critical file: Feather/Backend/Server/ServerInstaller.swift"
test -f "Feather/Backend/Observable/DownloadManager.swift" \\
  && ok "Feather/Backend/Observable/DownloadManager.swift" \\
  || miss "missing critical file: Feather/Backend/Observable/DownloadManager.swift"
test -f "AltSourceKit/Sources/AltSourceKit/Models/ASRepository.swift" \\
  && ok "AltSourceKit/Sources/AltSourceKit/Models/ASRepository.swift" \\
  || miss "missing critical file: AltSourceKit/Sources/AltSourceKit/Models/ASRepository.swift"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 31 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/claration/Feather"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Feather is a free, on-device iOS/iPadOS app manager that signs and installs applications using Apple Developer Program certificates without requiring a computer. It supports AltStore-compatible repositories, includes configurable signing options for app patching, and supports tweak injection via Ellekit (.deb and .dylib files)—all entirely using stock iOS features. Single monolithic Xcode workspace (Feather.xcworkspace) containing the main app (Feather/) and the companion Swift Package AltSourceKit/ (a parsing/utilities library for AltStore repositories). Main app is layered: Feather/Backend/Observable/ for state management (ViewModels like DownloadManager, InstallerStatusViewModel), Feather/Backend/Server/ for signing/installation logic, and UI code elsewhere. AltSourceKit provides models (ASRepository.swift), crypto utilities (ASDecrypt.swift, ASDeobfuscator.swift), and extensions.

iOS/iPadOS power users and sideloaders who want to install and manage apps locally on their device without a PC, jailbreak, or third-party cloud services. Also appeals to developers testing certificate-based app distribution workflows and users exploring the AltStore ecosystem.

Actively maintained and production-ready. The project has multiple releases, active GitHub Actions CI/CD pipelines (release.yml, update_repo.yml), established contribution guidelines (CONTRIBUTING.md, CODE_OF_CONDUCT.md), and significant Swift codebase (~384KB). Maintenance is steady rather than rapid, suggesting stability over constant churn.

Single maintainer (khcrysalis) creates potential bus-factor risk. Codebase heavily depends on Apple's private/semi-private APIs for app installation and certificate handling—iOS updates could break functionality without warning. No visible test suite in the file structure suggests limited test coverage for core signing/installation logic.

The repo maintains active release cycles (GitHub Release badge suggests frequent updates) and update workflows. Recent activity includes release automation and repository updates via CI. No visible ongoing feature branches or large PRs are disclosed, suggesting steady-state maintenance with occasional feature/security patches.

Clone and open in Xcode:

git clone https://github.com/claration/Feather.git
cd Feather
open Feather.xcworkspace

Then build for iOS in Xcode (no npm/pod install needed; SPM dependencies are pre-resolved in Feather.xcodeproj/xcshareddata/swiftpm/Package.resolved).

Daily commands: Open Feather.xcworkspace in Xcode, select the Feather scheme, and press Run (Cmd+R). The app requires iOS 14+ and a valid Apple Developer Program certificate pair to function (signing is done on-device at runtime). No server setup required—it's entirely local.

• Feather/FeatherApp.swift — Main application entry point and SwiftUI app initialization; all contributors must understand the app's lifecycle setup
• Feather/Backend/Storage/Storage.swift — Core data persistence layer managing Core Data model; critical for understanding how app state and certificates are cached
• Feather/Backend/Server/ServerInstaller.swift — Primary installation engine that handles certificate-based app signing and deployment; load-bearing for app functionality
• Feather/Backend/Observable/DownloadManager.swift — Manages app downloads and installation queuing; essential for understanding async state management
• AltSourceKit/Sources/AltSourceKit/Models/ASRepository.swift — Data model for app repositories; foundational for parsing and managing app sources
• Feather/Backend/Storage/Feather.xcdatamodeld/Feather.xcdatamodel/contents — Core Data schema definition; defines persistent storage structure for certificates, apps, and sources
• Feather.xcconfig — Build configuration and compiler settings; necessary for understanding project setup and build targets

Add a new Certificate Storage Operation

1. Define new Core Data entity properties in the schema (Feather/Backend/Storage/Feather.xcdatamodeld/Feather.xcdatamodel/contents)
2. Add a new extension file following the Storage+* naming pattern (e.g., Storage+NewFeature.swift) to implement CRUD methods (Feather/Backend/Storage/Storage+Certificate.swift)
3. Call the new storage methods from ServerInstaller or state managers to integrate with installation flow (Feather/Backend/Server/ServerInstaller.swift)

Add a new App Repository Source Type

1. Extend ASRepository model or create new decoder in AltSourceKit (AltSourceKit/Sources/AltSourceKit/Models/ASRepository.swift)
2. Implement decryption/deobfuscation logic if the source is encrypted (AltSourceKit/Sources/AltSourceKit/Utilities/ASDecrypt.swift)
3. Add storage extension method to persist the source and its apps (Feather/Backend/Storage/Storage+Sources.swift)
4. Trigger a refresh from the DownloadManager or appropriate observable (Feather/Backend/Observable/DownloadManager.swift)

Add Installation Progress UI State

1. Add new @Published property to InstallerStatusViewModel to expose new status (Feather/Backend/Observable/InstallerStatusViewModel.swift)
2. Update ServerInstaller to publish progress notifications during installation phases (Feather/Backend/Server/ServerInstaller.swift)
3. Reference the observable in SwiftUI views to display real-time progress updates

• SwiftUI — Modern declarative UI framework native to iOS; enables responsive, maintainable interface for app management
• Core Data — Built-in persistence layer for managing certificates, installed apps, and repository sources on-device without external databases
• Apple Developer Certificates — Leverages official Apple infrastructure (MDM/enterprise distribution) to enable app installation without jailbreak; core to Feather's value proposition
• Swift Package Manager (AltSourceKit) — Modular, reusable library for repository parsing; decouples source handling from main app logic
• HTTPS/TLS Server (embedded) — Feather hosts signed apps locally over HTTPS to facilitate secure, device-to-device installation via MDM protocols

• On-device installation server instead of cloud-based signing

  • Why: Increases user privacy (no app data leaves device) and reduces infrastructure cost; avoids central point of failure
  • Consequence: Device must have sufficient CPU/memory for signing operations (~2–5s per app); cryptographic overhead per installation

• Embedded Core Data instead of CloudKit or external sync

  • Why: Simplifies architecture and avoids network dependency; app functions completely offline
  • Consequence: No cross-device sync of certificates/sources; user must manage sources on each device separately

• Support for encrypted/obfuscated repositories (ASDeobfuscator, ASDecrypt)

  • Why: Allows integration with community-run app sources that use encryption for legal/privacy reasons
  • Consequence: Increased parsing complexity and potential security/maintenance burden; requires careful key management

• Cross-platform support (iOS/macOS/Android) — iOS/iPadOS only
• Cloud synchronization of installed apps or certificates — device-local only
• App store submission — this is a developer/power-user tool
• Jailbreak detection or anti-tampering — explicitly designed for users outside App Store

Apple API fragility: app signing and installation rely on private/undocumented iOS APIs that can break without notice in new iOS versions—monitor Apple's annual WWDC announcements. Certificate lifecycle: users must maintain valid Apple Developer certificates locally; expired certs silently fail (no on-device renewal). AltStore repository format changes: if you modify ASRepository.swift, breaking changes will silently drop support for older repository sources. Tweak injection: Ellekit-based injection (AltSourceKit/Utilities/Key/) may conflict with future iOS security hardening; test on multiple iOS versions. No CocoaPods/Carthage: pure SPM dependencies in Package.resolved—adding external dependencies requires manual Xcode workspace configuration. Single-threaded assumption risk: DownloadManager and ServerInstaller+Compute may not be thread-safe; verify concurrent access patterns before modifying.

• On-Device Code Signing (without Xcode/iTunes) — Feather's entire premise relies on using iOS's built-in code signing APIs (Security framework) to sign apps locally—understanding how certificate chains and provisioning profiles work is essential to debugging signing failures.
• AltStore Repository Format (custom package source) — Feather extends AltStore's JSON-based repository schema (parsed in ASRepository.swift); contributors must understand this format to add new features like source verification or caching.
• Dylib Injection & Tweak Loading — Feather uses Ellekit to inject .dylib and .deb files into signed apps; understanding Mach-O binary format and ASLR (Address Space Layout Randomization) is key for troubleshooting injection failures.
• Certificate Revocation & Trust Validation — The ASDecrypt.swift and certificate handling in ServerInstaller+Compute.swift must validate certificate chains; knowledge of OCSP/CRL and X.509 is needed for understanding trust failures.
• Reactive Streams (Combine/Observable Patterns) — View models like DownloadManager and InstallerStatusViewModel use Observable/Combine to notify UI of state changes; understanding publishers/subscribers is essential for adding new features.
• Obfuscation & Deobfuscation (ASDeobfuscator) — Some AltStore repositories ship obfuscated metadata; ASDeobfuscator.swift reverses this to extract real app data—understanding common obfuscation techniques (string XOR, base64, etc.) helps debug repo parsing.
• Swift Package Manager (SPM) Monorepo Pattern — The workspace embeds AltSourceKit as a local SPM package alongside the main app; understanding how Package.swift resolves and versioning works is critical for dependency updates.

• altstoreio/AltStore — The inspiration and macOS/Windows companion; Feather is the on-device iOS version of the same concept.
• qnblackcat/How-to-Run-Custom-Scripts-on-AltStore — Community project extending AltStore/Feather with custom script injection—useful reference for tweak/script workflows.
• tealbathingsuit/ellekit — The tweak injection framework that Feather depends on; essential for understanding AltSourceKit/Utilities/Key/ implementation.
• khcrysalis/AltSourceKit — Standalone copy of the SPM package embedded in Feather; shared between Feather and potential other apps using the same repo format.
• AppHouseKit/AppHouseKit — Alternative iOS app management framework; shows competing approaches to on-device signing (useful for architecture comparison).

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for AltSourceKit encryption/decryption utilities

The AltSourceKit submodule contains critical security-sensitive code (ASDecrypt.swift, ASDeobfuscator.swift, EsignSourceKey.swift) that handles certificate decryption and key management, but there are no visible test files in the file structure. Given this is a security-critical component for app installation, comprehensive unit tests would prevent regressions and ensure correctness of cryptographic operations.

• [ ] Create AltSourceKit/Tests/AltSourceKitTests/ directory structure
• [ ] Add unit tests for ASDecrypt.swift covering encryption/decryption edge cases
• [ ] Add unit tests for ASDeobfuscator.swift with various obfuscation scenarios
• [ ] Add unit tests for EsignSourceKey.swift validating key parsing and validation
• [ ] Update AltSourceKit/Package.swift to include test target configuration
• [ ] Ensure tests run in GitHub Actions (extend .github/workflows/release.yml or create new test workflow)

Refactor Storage layer into focused modules with dedicated tests

The Storage backend has multiple concerns spread across 5 separate files (Storage+Certificate.swift, Storage+Imported.swift, Storage+Shared.swift, Storage+Signed.swift, Storage+Sources.swift). This extension-based organization makes it difficult to test individual concerns and increases cognitive load. Extracting these into distinct manager classes would improve testability and maintainability.

• [ ] Create Feather/Backend/Storage/Managers/ directory with CertificateManager.swift, ImportedAppsManager.swift, SharedAppsManager.swift, SignedAppsManager.swift, SourcesManager.swift
• [ ] Move corresponding Storage+ extension logic into respective manager classes
• [ ] Update Storage.swift to delegate to manager instances (composition pattern)
• [ ] Create Feather/Tests/Backend/Storage/ with unit tests for each manager
• [ ] Update imports across Feather/ codebase to use new manager classes

Add comprehensive workflow for automated app signing validation

The ServerInstaller.swift and related signing logic (ServerInstaller+Compute.swift, ServerInstaller+TLS.swift) are critical to the app's core functionality but lack automated validation. Adding a GitHub Actions workflow to build, sign, and validate test apps on each PR would catch signing regressions early and document signing requirements.

• [ ] Create .github/workflows/signing-validation.yml that triggers on PRs affecting Feather/Backend/Server/
• [ ] Configure job to build Feather for testing with a test certificate
• [ ] Add validation steps to verify ServerInstaller+Compute.swift signing logic produces valid certificates
• [ ] Add validation steps to verify ServerInstaller+TLS.swift TLS certificate generation
• [ ] Document signing test requirements in CONTRIBUTING.md (link to test certificate setup)
• [ ] Add job status badge to README.md

• Add unit tests for AltSourceKit/Sources/AltSourceKit/Utilities/ASDecrypt.swift and ASDeobfuscator.swift—these cryptographic utilities have no visible test coverage and are critical to security.
• Document the AltStore repository schema by creating a markdown spec in docs/ covering the structure parsed by ASRepository.swift, with examples from actual sources (currently missing from README).
• Implement error recovery UI for failed certificate validation in InstallerStatusViewModel.swift—currently likely shows generic errors; add specific messaging for expired certs, invalid bundle IDs, etc.

• High · Potential Hardcoded Cryptographic Keys — AltSourceKit/Sources/AltSourceKit/Utilities/Key/EsignSourceKey.swift. The file structure indicates the presence of EsignSourceKey.swift in the Utilities/Key directory. This suggests hardcoded cryptographic keys or signing credentials may be present in the codebase. Given that Feather is an application installer using certificates from Apple Developer Program, exposure of these keys could allow unauthorized app signing and distribution. Fix: Audit this file immediately to ensure no hardcoded keys are present. If keys are stored, implement secure key management using Keychain or similar OS-level secure storage. Keys should never be committed to version control. Implement key rotation policies and consider using environment variables or secure configuration management for sensitive credentials.
• High · Decryption Utilities Without Apparent Input Validation — AltSourceKit/Sources/AltSourceKit/Utilities/ASDecrypt.swift and ASDeobfuscator.swift. The presence of ASDecrypt.swift and ASDeobfuscator.swift suggests cryptographic operations and obfuscation handling. Without visible input validation in the file names, these utilities may be vulnerable to malformed input or attacks leveraging improper handling of encrypted/obfuscated data. Fix: Review these files to ensure: (1) All inputs are properly validated before decryption operations, (2) Proper error handling for decryption failures, (3) No sensitive data is logged during decryption, (4) Cryptographic libraries used are current and secure, (5) Timing attack protections are in place.
• High · Certificate Management Security — Feather/Backend/Storage/Storage+Certificate.swift. Multiple Storage files reference certificate handling (Storage+Certificate.swift). The application manages Apple Developer Program certificates for app signing. Insecure storage or handling of these certificates could lead to unauthorized app installation, code injection, or distribution of malicious applications. Fix: Ensure certificates are stored only in iOS Keychain with appropriate security attributes. Verify certificate validation is performed for all imported certificates. Implement certificate pinning where applicable. Audit all certificate usage to prevent unauthorized access or modification. Never cache decrypted certificate data in memory longer than necessary.
• High · Server TLS Implementation Risk — Feather/Backend/Server/ServerInstaller+TLS.swift. ServerInstaller+TLS.swift indicates custom TLS implementation for server communication. Custom cryptographic implementations are prone to vulnerabilities including improper certificate validation, weak cipher selection, or bypass of security checks. Fix: Audit the TLS implementation to ensure: (1) Certificate pinning is properly implemented, (2) All certificates are validated including hostname verification, (3) Only strong cipher suites are used, (4) TLS version is 1.2 or higher (prefer 1.3), (5) No deprecated or weak cryptographic algorithms are used, (6) OWASP Mobile Security guidelines are followed.
• Medium · Data Storage Model Security — Feather/Backend/Storage/Feather.xcdatamodeld/. The Feather.xcdatamodeld CoreData model stores application data. CoreData without proper encryption may expose sensitive application metadata, user preferences, and installation history. Fix: Implement Core Data encryption using NSPersistentStoreDescription with encryption options. Alternatively, use file-level encryption for the database file. Ensure sensitive data fields are properly protected and never stored in plaintext. Review what data is being persisted and minimize storage of sensitive information.
• Medium · Downloaded Application Verification — Feather/Backend/Observable/DownloadManager.swift. DownloadManager.swift handles application downloads. Without proper signature verification or checksum validation, there is risk of man-in-the-middle attacks or serving tampered applications to users. Fix: Implement comprehensive verification for all downloaded applications including: (1) SHA-256 or stronger checksum validation, (2) Signature verification using developer certificates, (3) HTTPS-only downloads with certificate pinning, (4) Integrity checks before installation, (5) Proper error handling for verification failures.
• Medium · Source Repository Data Validation — AltSourceKit/Sources/AltSourceKit/Models/ASRepository.. ASRepository.swift and Storage+Sources.swift handle repository data. If repository manifests are not properly validated, malicious repositories could be added, leading to installation of compromised applications. Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.