Context
apw doctor and apw doctor --json (issue #27 expanded the CI environment diagnostics) report structured health for the broker, app install, AASA reachability, fallback providers, and CI environment. Today operators triaging an issue have to copy-paste each output stream individually.
A single apw doctor --bundle <path> (or --export) that gathers the JSON diagnostics, broker logs (subject to ~/.apw perms), bundle metadata, and signature info into a redacted tarball would dramatically shorten support cycles.
Proposed Fix
- Add
apw doctor --bundle <path> that writes a tar/zip with: doctor.json, sanitized ~/.apw/native-app/ metadata, bundle codesign info, OS/Xcode versions.
- Redact secret material aggressively — no env vars, no token-like strings, no AASA payloads beyond domain names.
- Document expected contents in
docs/SECURITY_POSTURE_AND_TESTING.md so operators know what they're sharing.
Acceptance criteria
Context
apw doctorandapw doctor --json(issue #27 expanded the CI environment diagnostics) report structured health for the broker, app install, AASA reachability, fallback providers, and CI environment. Today operators triaging an issue have to copy-paste each output stream individually.A single
apw doctor --bundle <path>(or--export) that gathers the JSON diagnostics, broker logs (subject to~/.apwperms), bundle metadata, and signature info into a redacted tarball would dramatically shorten support cycles.Proposed Fix
apw doctor --bundle <path>that writes a tar/zip with:doctor.json, sanitized~/.apw/native-app/metadata, bundle codesign info, OS/Xcode versions.docs/SECURITY_POSTURE_AND_TESTING.mdso operators know what they're sharing.Acceptance criteria
apw doctor --bundle <path>produces a deterministic archive layout.