Add iOS 17.2+ push-to-start for Live Activity renewal (#622)

* Add iOS 17.2+ push-to-start for Live Activity renewal

iOS 17.2+ now uses APNs push-to-start for every Live Activity creation
path — initial start, renewal, and forced restart — so the LA can renew
silently in the background instead of requiring the user to foreground
the app at the 7.5 h ceiling. iOS 16.x retains the existing
Activity.request() flow with the renewal-failed notification; the
#available gates are at the entry points so the legacy helpers can be
removed in one commit when the deployment target reaches 17.2.

Push-to-start uses a silent payload (alert with empty title/body +
interruption-level: passive) so adoption is invisible on phone and
watch. The push-to-start token is observed at startup and persisted
between launches; activityUpdates adoption resets the renewal deadline.
The "tap to update" overlay is suppressed on iOS 17.2+ unless renewal
has actually failed, since the time-based pre-emptive warning would be
misleading when push-to-start is handling renewal automatically.

Settings:
- APN page: inline validity badges for Key ID and APNs key, with one-
  line error text when either is malformed.
- Live Activity page: section footer noting APNs is required, plus a
  warning row when credentials are missing or invalid.

* Remove dead iOS 16.2 availability checks in LiveActivityManager

Deployment target is 16.6, so #available(iOS 16.2, *) is always true at
runtime and the @available(iOS 16.2, *) on Activity.activityUpdates is
satisfied by the deployment target alone. The runtime branch and its
'(iOS 16.2+)' log strings just made the file harder to read alongside
the real iOS 17.2 push-to-start gating.

* Log iOS/macOS version in log file header

UIDevice.current.systemVersion reports the iOS-equivalent on Mac
Catalyst, so use ProcessInfo.operatingSystemVersion (and label it
macOS) when running as a Catalyst app.

* Improve push-to-start safety, backoff, and token-wait behaviour (#625)

- Keep old LA alive until APNs send confirms success, so a failed
  push-to-start (rate-limited, invalid token, network error) no longer
  leaves the user with no activity and nothing to replace it
- Reset laPushToStartBackoff to 0 in adoptPushToStartActivity so a
  near-term renewal is not silently blocked by the 5-minute post-send
  base interval once the new LA is confirmed by activityUpdates
- Add apns-collapse-id (bundle-id.la.start) so APNs coalesces redundant
  push-to-start sends that race (refresh tick + user restart)
- Set apns-expiration to 10 minutes instead of 0 so a brief
  connectivity gap does not permanently lose the start notification,
  while avoiding delivery of clinically stale glucose data
- Raise pushToStartForceRestartThreshold from 2 to 4 to reduce false
  positives on slow connections where activityUpdates delivery lags
- Add a single automatic 10-second retry when the push-to-start token
  is not yet available, before surfacing the "could not start" error

https://claude.ai/code/session_01GJZERMhqLmEy8p4cpVX53q

Co-authored-by: Claude <noreply@anthropic.com>

---------

Co-authored-by: Phil A <76601115+MtlPhil@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

Author: 3 people

LoopFollow.xcodeproj/project.pbxproj

@@ -291,6 +291,7 @@
 		FC1BDD3224A2585C001B652C /* DataStructs.swift in Sources */ = {isa = PBXBuildFile; fileRef = FC1BDD2E24A232A3001B652C /* DataStructs.swift */; };
 		FC3AE7B5249E8E0E00AAE1E0 /* LoopFollow.xcdatamodeld in Sources */ = {isa = PBXBuildFile; fileRef = FC3AE7B3249E8E0E00AAE1E0 /* LoopFollow.xcdatamodeld */; };
 		FC3CAB022493B6220068A152 /* BackgroundTaskAudio.swift in Sources */ = {isa = PBXBuildFile; fileRef = FCC688592489554800A0279D /* BackgroundTaskAudio.swift */; };
+		A1A1A10001000000A0CFEED1 /* APNsCredentialValidator.swift in Sources */ = {isa = PBXBuildFile; fileRef = A1A1A10001000000A0CFEED2 /* APNsCredentialValidator.swift */; };
 		FC5A5C3D2497B229009C550E /* Config.xcconfig in Resources */ = {isa = PBXBuildFile; fileRef = FC5A5C3C2497B229009C550E /* Config.xcconfig */; };
 		FC7CE518248ABE37001F83B8 /* Siri_Alert_Calibration_Needed.caf in Resources */ = {isa = PBXBuildFile; fileRef = FC7CE4A9248ABE2B001F83B8 /* Siri_Alert_Calibration_Needed.caf */; };
 		FC7CE519248ABE37001F83B8 /* Rise_And_Shine.caf in Resources */ = {isa = PBXBuildFile; fileRef = FC7CE4AA248ABE2B001F83B8 /* Rise_And_Shine.caf */; };
@@ -875,6 +876,7 @@
 		FCA2DDE52501095000254A8C /* Timers.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Timers.swift; sourceTree = "<group>"; };
 		FCC0FAC124922A22003E610E /* DictionaryKeyPath.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DictionaryKeyPath.swift; sourceTree = "<group>"; };
 		FCC688592489554800A0279D /* BackgroundTaskAudio.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = BackgroundTaskAudio.swift; sourceTree = "<group>"; };
+		A1A1A10001000000A0CFEED2 /* APNsCredentialValidator.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = APNsCredentialValidator.swift; sourceTree = "<group>"; };
 		FCC6885B2489559400A0279D /* blank.wav */ = {isa = PBXFileReference; lastKnownFileType = audio.wav; path = blank.wav; sourceTree = "<group>"; };
 		FCC6885D24896A6C00A0279D /* silence.mp3 */ = {isa = PBXFileReference; lastKnownFileType = audio.mp3; path = silence.mp3; sourceTree = "<group>"; };
 		FCC6886624898F8000A0279D /* UserDefaultsValue.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UserDefaultsValue.swift; sourceTree = "<group>"; };
@@ -1690,6 +1692,7 @@
 				FCC6886A24898FD800A0279D /* ObservationToken.swift */,
 				FCC6886C2489909D00A0279D /* AnyConvertible.swift */,
 				FCC688592489554800A0279D /* BackgroundTaskAudio.swift */,
+				A1A1A10001000000A0CFEED2 /* APNsCredentialValidator.swift */,
 				A8CA8BE0B3D247408FE088B4 /* BackgroundRefreshManager.swift */,
 				FCFEEC9F2488157B00402A7F /* Chart.swift */,
 				FCC0FAC124922A22003E610E /* DictionaryKeyPath.swift */,
@@ -2385,6 +2388,7 @@
 				DD493ADD2ACF21E0009A6922 /* Basals.swift in Sources */,
 				FC16A98124996C07003D6245 /* DateTime.swift in Sources */,
 				FC3CAB022493B6220068A152 /* BackgroundTaskAudio.swift in Sources */,
+				A1A1A10001000000A0CFEED1 /* APNsCredentialValidator.swift in Sources */,
 				DDCC3A582DDC9655006F1C10 /* MissedBolusAlarmEditor.swift in Sources */,
 				DDEF50402D479B8A00884336 /* LoopAPNSService.swift in Sources */,
 				DD485F142E454B2600CE8CBF /* SecureMessenger.swift in Sources */,

LoopFollow/Helpers/APNsCredentialValidator.swift

@@ -0,0 +1,32 @@
+// LoopFollow
+// APNsCredentialValidator.swift
+
+import Foundation
+
+/// Validation rules for the APNs credentials the user pastes in
+/// `APNSettingsView`. Used both by the settings UI to surface inline
+/// errors and by `LiveActivitySettingsView` to warn when push-based
+/// updates won't work.
+enum APNsCredentialValidator {
+    /// Apple Key IDs are exactly 10 uppercase alphanumeric characters.
+    static func isValidKeyId(_ keyId: String) -> Bool {
+        guard keyId.count == 10 else { return false }
+        return keyId.allSatisfy { $0.isASCII && ($0.isUppercase || $0.isNumber) }
+    }
+
+    /// A pasted .p8 must contain both PEM markers. We don't try to verify
+    /// the inner base64 here — `LoopAPNSService.validateAndFixAPNSKey`
+    /// already normalizes whitespace and logs deeper warnings, and we
+    /// don't want to reject keys that JWTManager would happily sign.
+    static func isValidApnsKey(_ key: String) -> Bool {
+        let trimmed = key.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return false }
+        return trimmed.contains("-----BEGIN PRIVATE KEY-----")
+            && trimmed.contains("-----END PRIVATE KEY-----")
+    }
+
+    /// Convenience for "is the user fully set up to send APNs pushes?"
+    static func isFullyConfigured(keyId: String, apnsKey: String) -> Bool {
+        isValidKeyId(keyId) && isValidApnsKey(apnsKey)
+    }
+}

LoopFollow/LiveActivity/APNSClient.swift

@@ -101,9 +101,135 @@ class APNSClient {
         }
     }
 
+    // MARK: - Send Live Activity Start (push-to-start, iOS 17.2+)
+
+    enum PushToStartResult {
+        case success
+        case rateLimited
+        case tokenInvalid
+        case failed
+    }
+
+    func sendLiveActivityStart(
+        pushToStartToken: String,
+        attributesTitle: String,
+        state: GlucoseLiveActivityAttributes.ContentState,
+        staleDate: Date,
+    ) async -> PushToStartResult {
+        guard let jwt = JWTManager.shared.getOrGenerateJWT(keyId: lfKeyId, teamId: lfTeamId, apnsKey: lfApnsKey) else {
+            LogManager.shared.log(category: .apns, message: "APNs failed to generate JWT for Live Activity push-to-start")
+            return .failed
+        }
+
+        let payload = buildStartPayload(attributesTitle: attributesTitle, state: state, staleDate: staleDate)
+
+        let host = apnsHost
+        guard let url = URL(string: "\(host)/3/device/\(pushToStartToken)") else {
+            LogManager.shared.log(category: .apns, message: "APNs invalid URL (push-to-start)", isDebug: true)
+            return .failed
+        }
+
+        let environment = BuildDetails.default.isTestFlightBuild() ? "production" : "sandbox"
+        LogManager.shared.log(
+            category: .apns,
+            message: "APNs push-to-start sending host=\(host) env=\(environment) tokenTail=…\(String(pushToStartToken.suffix(8)))"
+        )
+
+        var request = URLRequest(url: url)
+        request.httpMethod = "POST"
+        request.setValue("bearer \(jwt)", forHTTPHeaderField: "authorization")
+        request.setValue("application/json", forHTTPHeaderField: "content-type")
+        request.setValue("\(bundleID).push-type.liveactivity", forHTTPHeaderField: "apns-topic")
+        request.setValue("liveactivity", forHTTPHeaderField: "apns-push-type")
+        request.setValue("10", forHTTPHeaderField: "apns-priority")
+        // 10-minute expiry — long enough to survive a brief connectivity gap
+        // while the glucose reading in the payload is still clinically meaningful.
+        // The stale date (8 h) is too generous: delivering a start with hours-old
+        // glucose data is worse than not starting at all.
+        request.setValue("\(Int(Date().timeIntervalSince1970) + 10 * 60)", forHTTPHeaderField: "apns-expiration")
+        // Collapse key prevents duplicate LA creation if two sends race (e.g., a
+        // refresh tick and a user-initiated restart overlap).
+        request.setValue("\(bundleID).la.start", forHTTPHeaderField: "apns-collapse-id")
+        request.httpBody = payload
+
+        do {
+            let (data, response) = try await URLSession.shared.data(for: request)
+            guard let httpResponse = response as? HTTPURLResponse else {
+                LogManager.shared.log(category: .apns, message: "APNs push-to-start: no HTTP response")
+                return .failed
+            }
+            switch httpResponse.statusCode {
+            case 200:
+                LogManager.shared.log(category: .apns, message: "APNs push-to-start sent successfully")
+                return .success
+            case 403:
+                JWTManager.shared.invalidateCache()
+                LogManager.shared.log(category: .apns, message: "APNs push-to-start JWT rejected (403) — token cache cleared")
+                return .failed
+            case 404, 410:
+                // Push-to-start token rotated or invalid — caller should clear stored token
+                // so the next pushToStartTokenUpdates delivery overwrites it.
+                let reason = httpResponse.statusCode == 410 ? "expired (410)" : "not found (404)"
+                LogManager.shared.log(category: .apns, message: "APNs push-to-start token \(reason) — clearing stored token")
+                return .tokenInvalid
+            case 429:
+                LogManager.shared.log(category: .apns, message: "APNs push-to-start rate limited (429)")
+                return .rateLimited
+            default:
+                let responseBody = String(data: data, encoding: .utf8) ?? "empty"
+                LogManager.shared.log(category: .apns, message: "APNs push-to-start failed status=\(httpResponse.statusCode) body=\(responseBody)")
+                return .failed
+            }
+        } catch {
+            LogManager.shared.log(category: .apns, message: "APNs push-to-start error: \(error.localizedDescription)")
+            return .failed
+        }
+    }
+
+    // alert with empty title/body + interruption-level: passive is what
+    // keeps both phone and watch silent during adoption — iOS drops the
+    // start payload entirely if alert is missing, so the keys must be
+    // present even though the strings are empty.
+    private func buildStartPayload(
+        attributesTitle: String,
+        state: GlucoseLiveActivityAttributes.ContentState,
+        staleDate: Date,
+    ) -> Data? {
+        guard let contentStateDict = contentStateDictionary(state: state) else { return nil }
+
+        let payload: [String: Any] = [
+            "aps": [
+                "timestamp": Int(Date().timeIntervalSince1970),
+                "event": "start",
+                "stale-date": Int(staleDate.timeIntervalSince1970),
+                "attributes-type": "GlucoseLiveActivityAttributes",
+                "attributes": ["title": attributesTitle],
+                "content-state": contentStateDict,
+                "alert": [
+                    "title": "",
+                    "body": "",
+                ],
+                "interruption-level": "passive",
+            ],
+        ]
+        return try? JSONSerialization.data(withJSONObject: payload)
+    }
+
     // MARK: - Payload Builder
 
     private func buildPayload(state: GlucoseLiveActivityAttributes.ContentState) -> Data? {
+        guard let contentState = contentStateDictionary(state: state) else { return nil }
+        let payload: [String: Any] = [
+            "aps": [
+                "timestamp": Int(Date().timeIntervalSince1970),
+                "event": "update",
+                "content-state": contentState,
+            ],
+        ]
+        return try? JSONSerialization.data(withJSONObject: payload)
+    }
+
+    private func contentStateDictionary(state: GlucoseLiveActivityAttributes.ContentState) -> [String: Any]? {
         let snapshot = state.snapshot
 
         var snapshotDict: [String: Any] = [
@@ -139,22 +265,12 @@ class APNSClient {
         if let minBgMgdl = snapshot.minBgMgdl { snapshotDict["minBgMgdl"] = minBgMgdl }
         if let maxBgMgdl = snapshot.maxBgMgdl { snapshotDict["maxBgMgdl"] = maxBgMgdl }
 
-        let contentState: [String: Any] = [
+        return [
             "snapshot": snapshotDict,
             "seq": state.seq,
             "reason": state.reason,
             "producedAt": state.producedAt.timeIntervalSince1970,
         ]
-
-        let payload: [String: Any] = [
-            "aps": [
-                "timestamp": Int(Date().timeIntervalSince1970),
-                "event": "update",
-                "content-state": contentState,
-            ],
-        ]
-
-        return try? JSONSerialization.data(withJSONObject: payload)
     }
 }