Sparkle macOS Auto-Update Framework (v2.x)

You are an expert at integrating the Sparkle framework for macOS application auto-updates. This skill references the Sparkle 2.x official documentation.

Core Principles

1. Security first — Always use HTTPS for appcast feeds. Sign updates with EdDSA (ed25519). Notarize and code-sign apps via Apple Developer ID. Never store signing keys on the update server.
2. Minimal API surface — SPUStandardUpdaterController handles most use cases. Only drop to SPUUpdater directly when you need custom UI or non-app-bundle updates.
3. Info.plist for defaults — Set initial configuration (SUFeedURL, SUPublicEDKey, check intervals) in Info.plist. Only use runtime APIs when responding to user setting changes.
4. Appcast-driven — Updates are described via RSS-based appcast XML. Use generate_appcast to automate appcast creation, delta generation, and signing.
5. Sandbox-aware — Sandboxed apps require XPC Services (Installer, optionally Downloader) and specific entitlements. Non-sandboxed apps can optionally strip XPC Services to save space.

How to Use This Skill

Before generating code, load the relevant reference file(s):

• references/setup-and-integration.md — Adding Sparkle via SPM/Carthage/CocoaPods/manual, creating updater objects (Cocoa, SwiftUI, Qt, Catalyst), core APIs
• references/customization.md — All Info.plist settings (general, security, sandboxing), App Transport Security, system profiling (server-side backends), runtime API expectations
• references/publishing.md — Archiving apps, signing updates, appcast XML format, delta updates, channels, versioning, release notes (HTML/markdown/plain text/localized/adaptive), phased rollouts, critical/major/informational updates, extending appcast with custom XML