Feature/merge remove binary target

ALAMOFIRE-OPTIONS.md

@@ -0,0 +1,52 @@
+
+# AlamoFire Options
+This provides some other options available with the AlamoFire networking stack.
+
+## Network Retry Options
+The `ApproovInterceptor` class implements Alamofire's Interceptor protocol which includes an option to invoke a retry attempt in case the original request failed. We do not implement the retry option in `ApproovInterceptor`, but if you require implementing one, you should mimic the contents of the `adapt()` function and perhaps add some logic regarding retry attempts. See an example [here](https://github.com/Alamofire/Alamofire/blob/master/Documentation/AdvancedUsage.md#adapting-and-retrying-requests-with-requestinterceptor).
+
+## Trust Manager
+The `ApproovSession` object internally handles the creation of a default `AproovTrustManager` that handles dynamic pinning. You may set your own `ServerTrustManager` during construction like so:
+
+```swift
+let session = ApproovSession(serverTrustManager: manager)
+```
+However, if you do this then Approov dynamic pinning WILL NOT be applied.
+
+An alternative is to use the `ApproovTrustManager` along with your own `ServerTrustEvaluating` implementations as follows:
+
+```swift
+let evaluators: [String: ServerTrustEvaluating] = [
+    "some.other.host.com": RevocationTrustEvaluator(),
+    "another.host": PinnedCertificatesTrustEvaluator()
+]
+let manager = ApproovTrustManager(allHostsMustBeEvaluated: true, evaluators: evaluators)
+let session = ApproovSession(serverTrustManager: manager)
+```
+
+This approach will use the Approov dynamic pinning for all hosts that are being [mangaged](https://approov.io/docs/latest/approov-usage-documentation/#managing-api-domains) by Approov. Other host names will be passed to your custom evaluators. If you specify an evaluator that is also managed by Approov, then Approov will take precedence.
+
+### Alamofire Request
+If your code makes use of the default Alamofire `Session`, like so:
+
+```swift
+AF.request("https://httpbin.org/get").response { response in
+    debugPrint(response)
+}
+```
+
+all you will need to do to use Approov is to replace the default `Session` object with the `ApproovSession`:
+
+```swift
+let approovSession = ApproovSession()
+approovSession!.request("https://httpbin.org/get").responseData { response in
+    debugPrint(response)
+}
+```
+
+## Network Delegate
+You may specify your own network delegate when the `ApproovSession` is constructed as follows:
+
+```swift
+let session = ApproovSession(delegate: delegate)
+```

ApproovSession.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "ApproovSession"
-  s.version      = "3.5.4"
+  s.version      = "3.5.5"
   s.summary      = "Approov mobile attestation SDK"
   s.description  = <<-DESC
     Approov SDK integrates security attestation and secure string fetching for both iOS and watchOS apps.
@@ -9,7 +9,8 @@ Pod::Spec.new do |s|
   s.license      = { :type => "Commercial", :file => "LICENSE" }
   s.authors      = { "Approov, Ltd." => "support@approov.io" }
   s.source       = { :git => "https://github.com/approov/approov-service-alamofire", :tag => s.version }
-
+  s.module_name = 'ApproovAFSession'
+
   # Supported platforms
   s.ios.deployment_target = '11.0'
   s.watchos.deployment_target = '9.0'
@@ -18,6 +19,9 @@ Pod::Spec.new do |s|
   s.source_files = "Sources/ApproovSession/**/*.{swift,h}"
   # Dependency on the Approov SDK
   s.dependency 'approov-ios-sdk', '~> 3.5.3'
+  # Add dependency on swift-http-structured-headers
+  s.dependency 'swift-http-structured-headers', '~> 1.4.0'
+  s.dependency 'Alamofire', '~> 5.2.0'
   s.frameworks = 'Approov'
   # Pod target xcconfig settings if required
   s.pod_target_xcconfig = {

CHANGELOG.md

@@ -0,0 +1,28 @@
+# Changelog
+
+All notable changes to this package will be documented in this file.
+
+The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
+
+
+## [3.5.5] - 2026-03-06
+
+### Fixed
+- Made `loggingLevel` thread-safe with a dedicated `loggingQueue` to prevent data races on concurrent reads/writes.
+- Gated all `os_log` calls in `ApproovTrustManager` behind `ApproovService.loggingLevel` so that `setLoggingLevel` controls all package logging consistently.
+- Fixed logging level guard mismatch in `ApproovDefaultMessageSigning` (`.info` → `.error`) and gated additional debug logs.
+
+### Added
+- Added `REFERENCE.md` and `USAGE.md` documentation to match other Approov Swift service layers.
+- Separated `CHANGELOG.md` from the primary README for better discoverability.
+- Introduced `ApproovServiceMutator` interface to allow customizing the behavior of the `ApproovService` during attestation and interception flows without forking the project.
+- Added `setUseApproovStatusIfNoToken` configuration to `ApproovService`. When enabled, failure reasons (like `mitm_detected` or `no_network`) are placed in the Approov-Token header if a request proceeds without a valid token.
+- Added `setLoggingLevel(_ level: ApproovLogLevel)` configuration for fine-grained control over the package's internal `os_log` statements. Supports `.off`, `.error`, `.warning`, `.info`, and `.debug`.
+### Changed
+- `ApproovDefaultMessageSigning` now gracefully skips signing and proceeds with the request without throwing an error if the install message signature is unavailable.
+- `ApproovDefaultMessageSigning` now implements `ApproovServiceMutator` instead of `ApproovInterceptorExtensions`.
+- `ApproovDefaultMessageSigning` now checks for the configured Approov token header via an internal synchronized accessor instead of assuming `Approov-Token`.
+### Deprecated
+- `ApproovInterceptorExtensions` was replaced by the much more robust `ApproovServiceMutator` protocol. The deprecated `setApproovInterceptorExtensions` API now forwards to `setServiceMutator` for backward compatibility.
+### Removed
+- `setProceedOnNetworkFailure()` has been removed. Use the `ApproovServiceMutator` instead to customize behavior on network failures. See `USAGE.md` for examples of how to implement a custom mutator.

Package.swift

@@ -2,47 +2,43 @@
 // The swift-tools-version declares the minimum version of Swift required to build this package.
 import PackageDescription
 // Release tag
-let releaseTAG = "3.5.4"
+let releaseTAG = "3.5.5"
 // SDK package version (used for both iOS and watchOS)
 let sdkVersion = "3.5.3"
 
 let package = Package(
-    name: "ApproovSession",
+    name: "ApproovAFSession",
     platforms: [
         .iOS(.v11),
         .watchOS(.v9)
     ],
     products: [
         // Products define the executables and libraries a package produces, and make them visible to other packages.
         .library(
-            name: "ApproovSession",
-            targets: ["ApproovSession"]
+            name: "ApproovAFSession",
+            targets: ["ApproovAFSession"]
         ),
-        .library(name: "ApproovSessionDynamic", type: .dynamic, targets: ["ApproovSession"])
+        .library(name: "ApproovAFSessionDynamic", type: .dynamic, targets: ["ApproovAFSession"])
     ],
     dependencies: [
         // Package's external dependencies and from where they can be fetched:
         .package(url: "https://github.com/Alamofire/Alamofire.git", .upToNextMajor(from: "5.2.0")),
-        .package(url: "https://github.com/apple/swift-http-structured-headers.git", from: "1.0.0")
+        .package(url: "https://github.com/apple/swift-http-structured-headers.git", from: "1.0.0"),
+        // Force-unwrapping is safe here because sdkVersion is a valid semantic version string
+        .package(url: "https://github.com/approov/approov-ios-sdk.git", from: Version(sdkVersion)!)
     ],
     targets: [
         // Targets are the basic building blocks of a package. A target can define a module or a test suite.
         // Targets can depend on other targets in this package, and on products in packages this package depends on.
         .target(
-            name: "ApproovSession",
+            name: "ApproovAFSession",
             dependencies: [
-                "Approov",
-                "Alamofire",
+                .product(name: "Approov", package: "approov-ios-sdk"),
+                .product(name: "Alamofire", package: "Alamofire"),
                 .product(name: "RawStructuredFieldValues", package: "swift-http-structured-headers")
             ],
             path: "Sources/ApproovSession",  // Point to the shared source code
             exclude: ["README.md", "LICENSE"]
-        ),
-        // Binary target for the merged xcframework
-        .binaryTarget(
-            name: "Approov",
-            url: "https://github.com/approov/approov-ios-sdk/releases/download/\(sdkVersion)/Approov.xcframework.zip",
-            checksum: "acfbee9e6c8009535c070c87c0d5756c2ba8f78e7b8147d7632f12bfcb940c89" // SHA256 checksum of the xcframework zip file
         )
     ]
 )

README.md

@@ -3,3 +3,22 @@
 A wrapper for the [Approov SDK](https://github.com/approov/approov-ios-sdk) to enable easy integration when using [`Alamofire`](https://github.com/Alamofire/Alamofire) for making the API calls that you wish to protect with Approov. In order to use this you will need a trial or paid [Approov](https://www.approov.io) account.
 
 Please see the [Quickstart](https://github.com/approov/quickstart-ios-swift-alamofire) for usage instructions.
+
+## Swift Package Manager Import
+
+When adding this package with Swift Package Manager, import the module as:
+
+```swift
+import ApproovAFSession
+```
+
+The primary Alamofire session type remains `ApproovSession`.
+
+## Documentation
+
+This repository includes several Markdown files to help you understand and configure the Approov Service:
+
+- [**README.md**](README.md) - This file, providing a basic overview and import instructions.
+- [**USAGE.md**](USAGE.md) - Detailed guide on the features and functionality of the Approov Service, including how to interact with the service layer, customize its behavior with `ApproovServiceMutator`, and setup token binding or message signing.
+- [**ALAMOFIRE-OPTIONS.md**](ALAMOFIRE-OPTIONS.md) - Additional options specifically available with the Alamofire networking stack, such as network retry options and customizing the `Session`, `ServerTrustManager`, or network delegates.
+- [**CHANGELOG.md**](CHANGELOG.md) - Record of all notable changes, new features, and bug fixes for each version of the package.