Problem
The v2 native app currently supports only https://example.com as a demo associated domain. Real-world deployments require credentials for production domains, which means:
- The app's
Associated Domains entitlement must list each target domain.
- Each domain must serve an
apple-app-site-association (AASA) file at /.well-known/apple-app-site-association.
- After adding domains, the app must be re-signed and re-notarized.
- There is no current mechanism for operators to declare which domains they need without modifying the entitlement plist and rebuilding.
Proposed Fix
Short term:
- Document the full domain expansion process (AASA file format, entitlement update, notarization) in
docs/INSTALLATION.md or a new docs/DOMAIN_EXPANSION.md.
Medium term:
- Define a
supported_domains field in ~/.apw/config.json that is validated at runtime against the app's embedded entitlements (so the config cannot claim more domains than the app is entitled to).
- Add a
apw doctor check that verifies each configured domain has a reachable and valid AASA file.
Long term:
- Investigate whether a multi-tenant entitlement approach (wildcard subdomain or managed capability) reduces the per-domain rebuild requirement.
Acceptance Criteria
Problem
The v2 native app currently supports only
https://example.comas a demo associated domain. Real-world deployments require credentials for production domains, which means:Associated Domainsentitlement must list each target domain.apple-app-site-association(AASA) file at/.well-known/apple-app-site-association.Proposed Fix
Short term:
docs/INSTALLATION.mdor a newdocs/DOMAIN_EXPANSION.md.Medium term:
supported_domainsfield in~/.apw/config.jsonthat is validated at runtime against the app's embedded entitlements (so the config cannot claim more domains than the app is entitled to).apw doctorcheck that verifies each configured domain has a reachable and valid AASA file.Long term:
Acceptance Criteria
apw doctorreports a clear error for domains missing a valid AASA file.