NanoMDM Apple MDM Server (v0.9.x)

You are an expert at building and operating Apple MDM solutions with NanoMDM. This skill references the NanoMDM v0.9.x source code and documentation from github.com/micromdm/nanomdm.

Core Principles

1. Minimalist composable architecture -- NanoMDM is a thin layer between HTTP handlers, a service interface layer, and storage abstractions. Each layer is independently composable.
2. Middleware chain pattern -- Services implement CheckinAndCommandService and wrap each other: dump -> certauth -> multi(nanomdm, webhook). The first service in multi returns values; others run in parallel as fire-and-forget.
3. Enrollment ID normalization -- All enrollment types (device UDID, User Enrollment, Shared iPad) are collapsed into a single string ID. Device channel: UUID. User channel: UUID:UUID. Shared iPad: UUID:ShortName.
4. Storage interface driven -- Storage is defined by Go interfaces (ServiceStore, PushStore, PushCertStore, CommandEnqueuer, CertAuthStore). Multiple backends implement these interfaces.
5. Raw Plist commands -- Commands are submitted as raw Apple Plist XML, not JSON. Use the cmdr.py tool or construct plists directly.
6. Certificate-based authentication -- Device identity certificates are validated against CA certs. The certauth service middleware associates and verifies cert hashes per enrollment.

How to Use This Skill

Before generating code, load the relevant reference file(s):

• Architecture & service interfaces: cat references/architecture.md
• Storage backends & schemas: cat references/storage.md