Apple credentials (physical iPhone)

Lakebed Native handles Apple code signing through Lakebed Native cloud build and lakebed-native apple commands. You use your Apple Developer account; Lakebed Native hosts compile infrastructure.

Who pays for what

How device installs work

For internal / ad-hoc distribution (physical iPhone without TestFlight), Lakebed:

1. Authenticates to App Store Connect (API key or Apple ID during setup).
2. Ensures the bundle ID exists on your team.
3. Creates or reuses an Apple Distribution certificate.
4. Registers devices and builds an Ad Hoc provisioning profile containing those UDIDs.
5. Refreshes the profile when new devices are registered before the next build.

Credentials are stored securely for repeat builds — you do not manage .p12 files manually unless you choose advanced local signing.

Per-capsule build projects

Each capsule gets its own build project and unique bundle ID (for example dev.lakebed.capsule.myapp) when you run lakebed-native new or lakebed-native apple setup. Build config lives under .lakebed-native/ (internal; you do not edit this for normal workflows).

The repo shell/ project is for maintainer universal-shell template builds only.

Setup (one-time per capsule + Apple team)

Recommended: App Store Connect API key

export EXPO_ASC_API_KEY_PATH=/path/to/AuthKey_XXXXX.p8
export EXPO_ASC_KEY_ID=XXXXXXXXXX
export EXPO_ASC_ISSUER_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
export EXPO_APPLE_TEAM_ID=XXXXXXXXXX   # optional if only one team
export EXPO_APPLE_TEAM_TYPE=COMPANY_OR_ORGANIZATION  # or INDIVIDUAL

Create a key in App Store Connect → Users and Access → Keys.

Interactive setup (Apple ID)

cd my-capsule
npx lakebed-native apple setup

Follow prompts to sign in with your Apple Developer account. Lakebed configures the device-preview profile (internal ad-hoc).

Register your iPhone

Ad hoc builds only install on registered devices.

Register every device before your first Lakebed Native Cloud build. Cloud shell builds are limited to once every 36 hours; JS-only capsule updates do not need a rebuild. If you try to rebuild without adding UDIDs, the CLI tells you the previous IPA is still valid.

npx lakebed-native apple devices register

List registered devices:

npx lakebed-native apple devices list

Check readiness

npx lakebed-native apple status

Build profile

Internal device builds use the device-preview profile (ad-hoc, remote signing). Cloud builds refresh ad-hoc profiles when new devices were registered.

Fast device pack (Mac + shell template)

After one your-team, your-devices cloud build, save the shell IPA locally for fast repacks on Mac:

npx lakebed-native cloud build --platform ios --wait
npx lakebed-native apple fetch-shell-ipa
# → ~/.lakebed-native/ or .lakebed-native/artifacts/LakebedNative-device.ipa (your ad-hoc profile)

This IPA is not downloadable from lakebednative.xyz — it is tied to your Apple team and registered UDIDs.

Then each capsule packs in seconds (inject JS + re-sign on your Mac):

npx lakebed-native pack my-capsule --platform ios --device

Auto-route: Mac + template IPA + keychain cert → fast pack; otherwise → Lakebed Native cloud (~12 min).

Force cloud: pack ... --device --cloud

Local Mac alternative

If the shell IPA template already exists:

npx lakebed-native apple build

To rebuild the template: cloud build --platform ios --wait then apple fetch-shell-ipa.

Troubleshooting

Deploy backend (separate from builds)

Capsule API + DB live on normal Lakebed hosted:

npx lakebed-native deploy --api https://api.lakebed.dev

Lakebed Native Cloud builds the shell binary only — not your capsule server.