willswire · willswire · Feb 26, 2026 · Feb 26, 2026 · Feb 26, 2026 · Feb 26, 2026
diff --git a/.env.template b/.env.template
@@ -0,0 +1,3 @@
+APPLE_KEY_ID=""
+APPLE_PRIVATE_KEY=""
+APPLE_DEVELOPER_ID=""
diff --git a/.github/workflows/deploy-worker.yaml b/.github/workflows/deploy-worker.yaml
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -0,0 +1,19 @@
+name: pull-request
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: lts/*
+          cache: npm
+      - run: npm ci
+      - run: npm run generate-types
+      - run: npm test
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -0,0 +1,31 @@
+name: push
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - uses: googleapis/release-please-action@v4
+        id: release
+        with:
+          release-type: node
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: release-please
+    if: ${{ needs.release-please.outputs.release_created }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cloudflare/wrangler-action@v3
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -170,6 +170,7 @@ dist
 
 .dev.vars
 .wrangler/
+worker-configuration.d.ts
 
 # secrets
 

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # checkd
 
-[![deploy](https://github.com/willswire/checkd/actions/workflows/deploy-worker.yaml/badge.svg?event=release)](https://github.com/willswire/checkd/actions/workflows/deploy-worker.yaml)
+[![push](https://github.com/willswire/checkd/actions/workflows/push.yml/badge.svg)](https://github.com/willswire/checkd/actions/workflows/push.yml)
 
 checkd is a Cloudflare Workers-based server implementation for [Apple's DeviceCheck framework](https://developer.apple.com/documentation/devicecheck), enabling easy validation of requests made by valid Apple devices. This project provides both the core service worker (`checkd`) and example projects (`checkr` iOS app and worker) to demonstrate how to use checkd in an end-to-end workflow.
 
@@ -36,7 +36,7 @@ The `checkd` service worker provides the functionality to validate whether an Ap
 ### Key Files
 
 - **`src/index.ts`**: The main worker file where the functionality resides.
-- **`wrangler.toml`**: Configuration file for deploying the worker with Cloudflare Wrangler.
+- **`wrangler.jsonc`**: Configuration file for deploying the worker with Cloudflare Wrangler.
 - **`tsconfig.json`**: TypeScript configuration file.
 - **Environment Variables**: These include `APPLE_KEY_ID`, `APPLE_PRIVATE_KEY`, `APPLE_DEVELOPER_ID`.
 
@@ -65,8 +65,8 @@ The `checkr` iOS App demonstrates client-side implementation:
 
 ### Key Files in Examples
 
-- **Worker**: The main implementation file `src/index.ts` and configuration files (`wrangler.toml`, `tsconfig.json`).
-- **iOS App**: `ContentView.swift` managing the UI flow, and `SessionHandler.swift` handling the DeviceCheck logic.
+- **Worker**: The main implementation file `src/index.ts` and configuration files (`wrangler.jsonc`, `tsconfig.json`).
+- **iOS App**: `app.swift` containing the UI (`ContentView`) and DeviceCheck logic (`SessionHandler`).
 
 ## Setup and Installation
 
@@ -104,7 +104,7 @@ cd checkd/examples/app/checkr
 
 ### Set Environment Variables
 
-Define the required environment variables (APPLE_KEY_ID, APPLE_PRIVATE_KEY, APPLE_DEVELOPER_ID) in the `wrangler.toml` file or via the Cloudflare Dashboard.
+Define the required environment variables (APPLE_KEY_ID, APPLE_PRIVATE_KEY, APPLE_DEVELOPER_ID) in the `wrangler.jsonc` file or via the Cloudflare Dashboard.
 
 ### Deploy the Cloudflare Worker
 

diff --git a/examples/app/checkr/app.swift b/examples/app/checkr/app.swift
@@ -1,27 +1,39 @@
 import SwiftUI
 import DeviceCheck
 
+var isDevelopment: Bool {
+	#if targetEnvironment(simulator)
+	return true
+	#else
+	guard let receiptURL = Bundle.main.appStoreReceiptURL else { return false }
+	return receiptURL.lastPathComponent == "sandboxReceipt"
+	#endif
+}
+
 class SessionHandler {
 	var session: URLSession
-	
+
 	init() async {
 		let sessionConfiguration = URLSessionConfiguration.default
-		
+
 		let device = DCDevice.current
 		if device.isSupported {
-			print("Device supports DeviceCheck")
-			if let data = try? await device.generateToken() {
-				print("Device token: \(data.base64EncodedString())")
+			do {
+				let data = try await device.generateToken()
 				let tokenString = data.base64EncodedString()
 				sessionConfiguration.httpAdditionalHeaders = [
 					"X-Apple-Device-Token": tokenString,
-					"X-Apple-Device-Development": "true"
+					"X-Apple-Device-Development": String(isDevelopment)
 				]
+			} catch DCError.featureUnsupported {
+				print("DeviceCheck feature unsupported on this device")
+			} catch {
+				print("Failed to generate device token: \(error.localizedDescription)")
 			}
 		} else {
 			print("Device does not support DeviceCheck")
 		}
-		
+
 		self.session = URLSession(configuration: sessionConfiguration)
 	}
 }
@@ -81,6 +93,8 @@ struct ContentView: View {
 	}
 
 	func fetch() async {
+		didFail = false
+		errorDescription = nil
 		do {
 			if let url = URL(string: endpointURL) {
 				let sessionHandler = await SessionHandler()