Merge pull request #164 from shipth-is/163-feature-support-the-additional-entitlement-capabilities

feature: updated entitlement/capabilities parsing from export_presets.cfg and sync with Apple portal

Author: madebydavid

docs/game/ios/app.md

@@ -94,24 +94,21 @@ EXAMPLES
 
 #### Description
 
-Synchronies the Apple App "BundleId" with the capabilities from the local project.
+Synchronizes the Apple App **Bundle ID** with the capabilities defined in your Godot iOS export preset.
 
-This command will read your **export_presets.cfg** file and determine which capabilities
-to enable in the Apple Developer Portal.
+This command reads your **export_presets.cfg** (iOS preset) and enables or disables the corresponding capabilities on the Bundle ID in the Apple Developer Portal.
 
-Currently, only the following permissions are supported:
+**Godot options that are synced**
 
-- **Access WiFi**
-- **Push Notifications**
+| Godot option | Synced as | Notes |
+| --- | --- | --- |
+| capabilities/access_wifi | [Access WiFi](https://developer.apple.com/documentation/bundleresources/entitlements) | |
+| entitlements/increased_memory_limit | [Increased Memory Limit](https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.developer.kernel.increased-memory-limit) | |
+| entitlements/game_center | [Game Center](https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.developer.game-center) | |
+| entitlements/push_notifications | [Push Notifications](https://developer.apple.com/documentation/bundleresources/entitlements/aps-environment) | Production or Development; or legacy **capabilities/push_notifications** (true). Sets aps-environment / APNS. |
+| entitlements/additional | [Entitlements](https://developer.apple.com/documentation/bundleresources/entitlements) (parsed) | Known entitlement keys (e.g. `com.apple.developer.applesignin` for Sign in with Apple) are synced. Unknown keys remain in your app’s entitlements only. |
 
-:::warning
-
-If your game uses other capabilities or if you are using plugins to enable certain
-features such as **GPS** or **file access**, please get in touch so that we can work with you.
-
-**ShipThis is still in beta and we need your help to improve it.**
-
-:::
+**Not synced:** Other export options (e.g. `capabilities/additional`, `capabilities/performance_gaming_tier`) only affect the exported app; they are not synced to the Bundle ID.
 
 :::tip
 You do not need to have an **export_presets.cfg** file in your game directory.

package-lock.json

@@ -24,7 +24,7 @@
     "fast-glob": "^3.3.2",
     "fs-extra": "^11.2.0",
     "fullscreen-ink": "^0.1.0",
-    "godot-export-presets": "^0.1.6",
+    "godot-export-presets": "^0.1.9",
     "ink": "^5.0.1",
     "ink-spinner": "^5.0.0",
     "isomorphic-git": "^1.27.1",

package.json

@@ -0,0 +1,91 @@
+import {CapabilityType} from './expo.js'
+
+export type EntitlementKeyToCapability = Record<
+  string,
+  {name: string; type: (typeof CapabilityType)[keyof typeof CapabilityType]}
+>
+
+/** Known entitlement keys in raw entitlements XML → CapabilityType and display name. */
+export const ENTITLEMENT_KEY_TO_CAPABILITY: EntitlementKeyToCapability = {
+  'com.apple.developer.applesignin': {name: 'Sign in with Apple', type: CapabilityType.APPLE_ID_AUTH},
+  'com.apple.developer.game-center': {name: 'Game Center', type: CapabilityType.GAME_CENTER},
+  'com.apple.developer.healthkit': {name: 'HealthKit', type: CapabilityType.HEALTH_KIT},
+  'com.apple.developer.healthkit.recalibrate-estimates': {
+    name: 'HealthKit Recalibrate Estimates',
+    type: CapabilityType.HEALTH_KIT_RECALIBRATE_ESTIMATES,
+  },
+  'com.apple.developer.homekit': {name: 'HomeKit', type: CapabilityType.HOME_KIT},
+  'com.apple.developer.associated-domains': {
+    name: 'Associated Domains',
+    type: CapabilityType.ASSOCIATED_DOMAINS,
+  },
+  'com.apple.developer.authentication-services.autofill-credential-provider': {
+    name: 'AutoFill Credential Provider',
+    type: CapabilityType.AUTO_FILL_CREDENTIAL,
+  },
+  'com.apple.developer.ClassKit-environment': {name: 'ClassKit', type: CapabilityType.CLASS_KIT},
+  'com.apple.developer.family-controls': {
+    name: 'Family Controls',
+    type: CapabilityType.FAMILY_CONTROLS,
+  },
+  'com.apple.developer.group-session': {
+    name: 'Group Activities',
+    type: CapabilityType.GROUP_ACTIVITIES,
+  },
+  'com.apple.developer.fileprovider.testing-mode': {
+    name: 'File Provider Testing Mode',
+    type: CapabilityType.FILE_PROVIDER_TESTING_MODE,
+  },
+  'com.apple.developer.networking.networkextension': {
+    name: 'Network Extensions',
+    type: CapabilityType.NETWORK_EXTENSIONS,
+  },
+  'com.apple.developer.networking.vpn.api': {
+    name: 'Personal VPN',
+    type: CapabilityType.PERSONAL_VPN,
+  },
+  'com.apple.developer.in-app-payments': {name: 'Apple Pay', type: CapabilityType.APPLE_PAY},
+  'com.apple.developer.kernel.extended-virtual-addressing': {
+    name: 'Extended Virtual Addressing',
+    type: CapabilityType.EXTENDED_VIRTUAL_ADDRESSING,
+  },
+  'com.apple.developer.journal.allow': {
+    name: 'Journaling Suggestions',
+    type: CapabilityType.JOURNALING_SUGGESTIONS,
+  },
+  'com.apple.developer.managed-app-distribution.install-ui': {
+    name: 'Managed App Installation UI',
+    type: CapabilityType.MANAGED_APP_INSTALLATION_UI,
+  },
+  'com.apple.developer.media-device-discovery-extension': {
+    name: 'Media Device Discovery',
+    type: CapabilityType.MEDIA_DEVICE_DISCOVERY,
+  },
+  'com.apple.developer.matter.allow-setup-payload': {
+    name: 'Matter Allow Setup Payload',
+    type: CapabilityType.MATTER_ALLOW_SETUP_PAYLOAD,
+  },
+  'com.apple.developer.sustained-execution': {
+    name: 'Sustained Execution',
+    type: CapabilityType.SUSTAINED_EXECUTION,
+  },
+  'com.apple.security.application-groups': {name: 'App Groups', type: CapabilityType.APP_GROUP},
+}
+
+const KEY_ELEMENT_REGEX = /<key>\s*([^<]+?)\s*<\/key>/g
+
+/** Parse raw entitlements XML string for known keys; return their CapabilityTypes (no duplicates). Matches exact <key>…</key> elements to avoid substring false positives (e.g. healthkit vs healthkit.recalibrate-estimates). */
+export function parseEntitlementsAdditional(
+  raw: string,
+): (typeof CapabilityType)[keyof typeof CapabilityType][] {
+  const types: (typeof CapabilityType)[keyof typeof CapabilityType][] = []
+  if (!raw || typeof raw !== 'string') return types
+  let match: RegExpExecArray | null
+  KEY_ELEMENT_REGEX.lastIndex = 0
+  while ((match = KEY_ELEMENT_REGEX.exec(raw)) !== null) {
+    const key = match[1].trim()
+    const entry = ENTITLEMENT_KEY_TO_CAPABILITY[key]
+    if (entry && !types.includes(entry.type)) types.push(entry.type)
+  }
+  return types
+}

src/apple/entitlements.ts

@@ -83,12 +83,14 @@ export default class GameIosProfileCreate extends BaseGameCommand<typeof GameIos
         )
 
       // Create the profile
-      // TODO: only one of these can exist per bundleId - if forcing, should/can we disable existing ones?
+      // We use the current YYYY-MM-DD HH:mm:ss as a unique identifier
+      const timestamp = new Date().toISOString().replace(/[:.]/g, '-')
+      const name = `ShipThis Profile for ${iosBundleId} at ${timestamp}`
       const profile = await AppleProfile.createAsync(ctx, {
         bundleId: bundleId.id,
         certificates: [validAppleCert.id],
         devices: [],
-        name: `ShipThis Profile for ${iosBundleId}`,
+        name: name,
         profileType: AppleProfileType.IOS_APP_STORE,
       })
 

src/commands/game/ios/profile/create.tsx

@@ -14,8 +14,9 @@ import {
   ExportPresetsFile,
 } from 'godot-export-presets'
 
-import {CapabilityType} from '@cli/apple/expo.js'
-import {Platform} from '@cli/types'
+import {ENTITLEMENT_KEY_TO_CAPABILITY, parseEntitlementsAdditional} from '../apple/entitlements.js'
+import {CapabilityType} from '../apple/expo.js'
+import {Platform} from '../types/index.js'
 
 // Check if the current working directory is a Godot game
 // TODO: allow for cwd override
@@ -25,38 +26,106 @@ export function isCWDGodotGame(): boolean {
   return fs.existsSync(godotProject)
 }
 
-// From the docs:
-// capabilities/access_wifi=true
-// capabilities/push_notifications=false
-// From the source code:
-// https://github.com/godotengine/godot/blob/b435551682f93cf49f606d260b28e13ff5526beb/platform/ios/export/export_plugin.cpp#L321
-// r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "capabilities/access_wifi"), false));
-// r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "capabilities/push_notifications"), false));
-// r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "capabilities/performance_gaming_tier"), false));
-// r_options->push_back(ExportOption(PropertyInfo(Variant::BOOL, "capabilities/performance_a12"), false));
+// Godot iOS export options (entitlements & capabilities):
+// See EditorExportPlatformAppleEmbedded::get_export_options and
+// $entitlements_full / $required_device_capabilities in:
+// https://github.com/godotengine/godot/blob/master/editor/export/editor_export_platform_apple_embedded.cpp
+// We support both entitlements/push_notifications (enum, Godot 4.6+) and legacy capabilities/push_notifications (bool).
 
-export const GODOT_CAPABILITIES = [
-  // TODO: how about capabilities from godot extensions
+export interface GodotSyncableCapability {
+  key: string
+  name: string
+  type: (typeof CapabilityType)[keyof typeof CapabilityType]
+  /** If true, enabled by entitlements/push_notifications or legacy capabilities/push_notifications */
+  pushKey?: boolean
+}
+
+/** Syncable capabilities with a fixed preset key (bool or enum). Push is handled specially. */
+export const GODOT_SYNCABLE_CAPABILITIES: GodotSyncableCapability[] = [
   {key: 'capabilities/access_wifi', name: 'Access WiFi', type: CapabilityType.ACCESS_WIFI},
-  {key: 'capabilities/push_notifications', name: 'Push Notifications', type: CapabilityType.PUSH_NOTIFICATIONS},
+  {key: 'entitlements/increased_memory_limit', name: 'Increased Memory Limit', type: CapabilityType.INCREASED_MEMORY_LIMIT},
+  {key: 'entitlements/game_center', name: 'Game Center', type: CapabilityType.GAME_CENTER},
+  {key: 'entitlements/push_notifications', name: 'Push Notifications', type: CapabilityType.PUSH_NOTIFICATIONS, pushKey: true},
 ]
 
-// Tells us which capabilities are enabled in the Godot project
-export async function getGodotProjectCapabilities(platform: Platform) {
-  const exportPresets = await getGodotExportPresets(platform)
+const syncableTypes = new Set(GODOT_SYNCABLE_CAPABILITIES.map((c) => c.type))
 
-  const options: Record<string, any> = exportPresets.options || {}
+/** All syncable capability entries for the Bundle ID table (fixed + from entitlements/additional, one row per type). */
+export const GODOT_CAPABILITIES: GodotSyncableCapability[] = [
+  ...GODOT_SYNCABLE_CAPABILITIES,
+  ...Object.entries(ENTITLEMENT_KEY_TO_CAPABILITY)
+    .filter(([, {type}]) => !syncableTypes.has(type))
+    .map(([key, {name, type}]) => ({
+      key: `entitlements/additional (${key})`,
+      name,
+      type,
+    })),
+]
 
-  const capabilities = []
+function isPushEnabled(options: Record<string, unknown>): boolean {
+  const entitlementsPush = options['entitlements/push_notifications']
+  if (entitlementsPush != null) {
+    const s = `${entitlementsPush}`.trim().toLowerCase()
+    if (s === 'production' || s === 'development') return true
+    if (s === 'disabled') return false
+  }
+  const legacyPush = options['capabilities/push_notifications']
+  if (legacyPush != null) {
+    return `${legacyPush}`.toLowerCase() === 'true'
+  }
+  return false
+}
+
+/** Optional override for testing; when set, skip getGodotExportPresets and use these options. */
+export interface GetGodotProjectCapabilitiesOverrides {
+  options?: Record<string, unknown>
+}
 
-  for (const capability of GODOT_CAPABILITIES) {
+// Tells us which capabilities are enabled in the Godot project (for syncing to Apple Bundle ID).
+export async function getGodotProjectCapabilities(
+  platform: Platform,
+  overrides?: GetGodotProjectCapabilitiesOverrides,
+) {
+  const options: Record<string, unknown> =
+    overrides?.options ?? (await getGodotExportPresets(platform)).options ?? {}
+  const capabilities: (typeof CapabilityType)[keyof typeof CapabilityType][] = []
+
+  for (const capability of GODOT_SYNCABLE_CAPABILITIES) {
+    if (capability.pushKey) {
+      if (isPushEnabled(options)) capabilities.push(capability.type)
+      continue
+    }
     if (!(capability.key in options)) continue
-    if (`${options[capability.key]}`.toLocaleLowerCase() === 'true') capabilities.push(capability.type)
+    if (`${options[capability.key]}`.toLowerCase() === 'true') capabilities.push(capability.type)
+  }
+
+  const additionalRaw = options['entitlements/additional']
+  const fromAdditional = parseEntitlementsAdditional(
+    typeof additionalRaw === 'string' ? additionalRaw : '',
+  )
+  for (const type of fromAdditional) {
+    if (!capabilities.includes(type)) capabilities.push(type)
   }
 
   return capabilities
 }
 
+/** Display-only: options that go to plist/device capabilities; we do not sync these. */
+export async function getGodotProjectDisplayOnlyCapabilities(platform: Platform): Promise<{
+  performanceGamingTier: boolean
+  performanceA12: boolean
+  capabilitiesAdditional: string[]
+}> {
+  const exportPresets = await getGodotExportPresets(platform)
+  const options: Record<string, unknown> = exportPresets.options ?? {}
+  const arr = options['capabilities/additional']
+  return {
+    performanceGamingTier: `${options['capabilities/performance_gaming_tier']}`.toLowerCase() === 'true',
+    performanceA12: `${options['capabilities/performance_a12']}`.toLowerCase() === 'true',
+    capabilitiesAdditional: Array.isArray(arr) ? arr.map((x) => `${x}`) : [],
+  }
+}
+
 export function getGodotProjectConfig(): ConfigFile {
   const cwd = process.cwd()
   const projectGodotPath = path.join(cwd, 'project.godot')

src/utils/godot.ts

@@ -0,0 +1,78 @@
+import {expect} from 'chai'
+
+import {CapabilityType} from '../../src/apple/expo.js'
+import {
+  ENTITLEMENT_KEY_TO_CAPABILITY,
+  parseEntitlementsAdditional,
+} from '../../src/apple/entitlements.js'
+
+describe('ENTITLEMENT_KEY_TO_CAPABILITY', () => {
+  it('includes expected entitlement keys with correct CapabilityType', () => {
+    expect(ENTITLEMENT_KEY_TO_CAPABILITY['com.apple.developer.applesignin']).to.deep.equal({
+      name: 'Sign in with Apple',
+      type: CapabilityType.APPLE_ID_AUTH,
+    })
+    expect(ENTITLEMENT_KEY_TO_CAPABILITY['com.apple.developer.healthkit']).to.deep.equal({
+      name: 'HealthKit',
+      type: CapabilityType.HEALTH_KIT,
+    })
+    expect(ENTITLEMENT_KEY_TO_CAPABILITY['com.apple.security.application-groups']).to.deep.equal({
+      name: 'App Groups',
+      type: CapabilityType.APP_GROUP,
+    })
+  })
+
+  it('has entries for all commonly used entitlement keys', () => {
+    const expectedKeys = [
+      'com.apple.developer.applesignin',
+      'com.apple.developer.game-center',
+      'com.apple.developer.healthkit',
+      'com.apple.developer.homekit',
+      'com.apple.developer.associated-domains',
+      'com.apple.security.application-groups',
+    ]
+    for (const key of expectedKeys) {
+      expect(ENTITLEMENT_KEY_TO_CAPABILITY[key], `missing key: ${key}`).to.be.ok
+      expect(ENTITLEMENT_KEY_TO_CAPABILITY[key].name).to.be.a('string')
+      expect(ENTITLEMENT_KEY_TO_CAPABILITY[key].type).to.be.a('string')
+    }
+  })
+})
+
+describe('parseEntitlementsAdditional', () => {
+  it('returns empty array for empty string', () => {
+    expect(parseEntitlementsAdditional('')).to.deep.equal([])
+  })
+
+  it('returns matching CapabilityTypes for known keys in raw XML', () => {
+    const raw = '<key>com.apple.developer.applesignin</key><array><string>Default</string></array>'
+    expect(parseEntitlementsAdditional(raw)).to.include(CapabilityType.APPLE_ID_AUTH)
+  })
+
+  it('returns multiple types when multiple known keys present', () => {
+    const raw =
+      '<key>com.apple.developer.healthkit</key><true/><key>com.apple.developer.homekit</key><true/>'
+    const result = parseEntitlementsAdditional(raw)
+    expect(result).to.include(CapabilityType.HEALTH_KIT)
+    expect(result).to.include(CapabilityType.HOME_KIT)
+    expect(result).to.have.lengthOf(2)
+  })
+
+  it('returns no duplicates when same key appears multiple times', () => {
+    const raw =
+      '<key>com.apple.developer.healthkit</key><true/><key>com.apple.developer.healthkit</key>'
+    const result = parseEntitlementsAdditional(raw)
+    expect(result.filter((c) => c === CapabilityType.HEALTH_KIT)).to.have.lengthOf(1)
+  })
+
+  it('ignores unknown keys', () => {
+    expect(parseEntitlementsAdditional('<key>com.example.unknown</key><true/>')).to.deep.equal([])
+  })
+
+  it('matches exact key elements only (no substring: healthkit.recalibrate-estimates does not match healthkit)', () => {
+    const raw = '<key>com.apple.developer.healthkit.recalibrate-estimates</key><true/>'
+    const result = parseEntitlementsAdditional(raw)
+    expect(result).to.deep.equal([CapabilityType.HEALTH_KIT_RECALIBRATE_ESTIMATES])
+    expect(result).not.to.include(CapabilityType.HEALTH_KIT)
+  })
+})