dpearson2699/browserenginekit
skills/browserenginekit/SKILL.md
Build alternative browser engines using BrowserEngineKit. Use when developing a non-WebKit browser engine for iOS/iPadOS in supported regions, managing web content/rendering/networking extension processes, configuring GPU and networking process capabilities, checking alternative-engine device eligibility, or reviewing BrowserEngineKit entitlements and Info.plist setup.
$ install --global
skillsauthnpx skillsauth add dpearson2699/swift-ios-skills browserenginekitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 29, 2026, 3:05 AM18.6s3 files scanned
SKILL.md
- name:
- browserenginekit
- description:
- Build alternative browser engines using BrowserEngineKit. Use when developing a non-WebKit browser engine for iOS/iPadOS in supported regions, managing web content/rendering/networking extension processes, configuring GPU and networking process capabilities, checking alternative-engine device eligibility, or reviewing BrowserEngineKit entitlements and Info.plist setup.
BrowserEngineKit
Framework for building web browsers with alternative (non-WebKit) rendering engines on iOS and iPadOS. Provides process isolation, XPC communication, capability management, and system integration for browser apps that implement their own HTML/CSS/JavaScript engine. Examples target Swift 6.3 and current Apple SDKs.
BrowserEngineKit is a specialized framework. Alternative browser engines are available only through Apple-approved entitlement profiles and supported-region device eligibility. EU support applies to eligible users on iOS 17.4+ and iPadOS 18+; Japan support starts with iOS 26.2 and adds explicit PAC/MIE security requirements for browser apps. Development and testing can occur anywhere. The companion frameworks BrowserEngineCore (low-level primitives) and BrowserKit (eligibility checks, data transfer) support the overall workflow.
Contents
- Overview and Eligibility
- Entitlements
- Architecture
- Process Management
- Extension Types
- Capabilities
- Layer Hosting and View Coordination
- Text Interaction
- Sandbox and Security
- Downloads
- Common Mistakes
- Review Checklist
- References
Overview and Eligibility
Eligibility Checking
Use BEAvailability from the BrowserKit framework to check whether the device
is eligible for alternative browser engines. BEAvailability is available on
iOS/iPadOS 18.4+:
import BrowserKit
do {
let eligible = try await BEAvailability.isEligible(for: .webBrowser)
guard eligible else { return /* fall back or explain */ }
// Device supports alternative browser engines
} catch {
// Handle eligibility lookup failure
}
Eligibility depends on the device region and OS version. Do not hard-code region checks; rely on the system API.
Availability anchors: process APIs are iOS/iPadOS 17.4+, BEDownloadMonitor
is iOS 18.2+, .revision2 restricted sandbox is iOS 26+, and
RenderingExtensionFeature.coreML is iOS 26.2+.
Entitlements
Browser App (Host)
The host app requires two entitlements:
| Entitlement | Purpose |
|---|---|
| com.apple.developer.web-browser | Enables default-browser candidacy |
| com.apple.developer.web-browser-engine.host | Enables alternative engine extensions |
Both must be requested from Apple. The request process varies by region.
Extension Entitlements
Each extension target requires its type-specific entitlement set to true:
| Extension Type | Entitlement |
|---|---|
| Web content | com.apple.developer.web-browser-engine.webcontent |
| Networking | com.apple.developer.web-browser-engine.networking |
| Rendering | com.apple.developer.web-browser-engine.rendering |
Optional Entitlements
| Entitlement | Extension | Purpose |
|---|---|---|
| com.apple.security.cs.allow-jit | Web content | JIT compilation of scripts |
| com.apple.developer.kernel.extended-virtual-addressing | Web content | Required alongside JIT |
| com.apple.developer.memory.transfer_send | Rendering | Send memory attribution; value is host app bundle ID |
| com.apple.developer.memory.transfer_accept | Web content | Accept memory attribution; value is host app bundle ID |
| com.apple.developer.web-browser-engine.restrict.notifyd | Web content | Restrict notification daemon access |
Embedded Browser Engine (Non-Browser Apps)
Apps that are not browsers but embed an alternative engine for in-app browsing use different entitlements:
| Entitlement | Purpose |
|---|---|
| com.apple.developer.embedded-web-browser-engine | Enable embedded engine |
| com.apple.developer.embedded-web-browser-engine.engine-association | Declare engine ownership |
engine-association is available starting iOS/iPadOS/Mac Catalyst 26.2 and is
set to first-party when you own the engine or third-party when another
developer owns it. Embedded engines use arm64 only (not arm64e), cannot
include browser extensions, and cannot use JIT compilation.
Japan-Specific Requirements
Browser apps distributed in Japan are supported on iOS 26.2+ and must adopt the
current security mitigations Apple lists for Japan, including Pointer
Authentication Codes and Memory Integrity Enforcement for relevant allocators
and extension processes. Enable hardware memory tagging with
com.apple.security.hardened-process.checked-allocations; Apple strongly
recommends enabling it in the EU as well.
Architecture
A browser built with BrowserEngineKit consists of four components running in separate processes:
Host App (UI, coordination)
|
|-- XPC --> Web Content Extension (HTML parsing, JS, DOM)
|-- XPC --> Networking Extension (URLSession, sockets)
|-- XPC --> Rendering Extension (Metal, GPU, media)
The host app launches and manages all extensions. Extensions cannot launch other extensions. Extensions communicate with each other through anonymous XPC endpoints brokered by the host app.
Bootstrap Sequence
- Host launches web content, networking, and rendering extensions
- Host creates XPC connections to each extension
- Host requests anonymous XPC endpoints from networking and rendering
- Host sends both endpoints to the web content extension via a bootstrap message
- Web content extension connects directly to networking and rendering
This architecture follows the principle of least privilege: the web content extension works with untrusted data but has no direct OS resource access.
Process Management
Launching Extensions
Each extension type has a corresponding process class in the host app:
import BrowserEngineKit
// Web content (one per tab or iframe)
let contentProcess = try await WebContentProcess(
bundleIdentifier: nil,
onInterruption: {
// Handle crash or OS interruption
}
)
// Networking (typically one instance)
let networkProcess = try await NetworkingProcess(
bundleIdentifier: nil,
onInterruption: {
// Handle interruption
}
)
// Rendering / GPU (typically one instance)
let renderingProcess = try await RenderingProcess(
bundleIdentifier: nil,
onInterruption: {
// Handle interruption
}
)
Pass nil for bundleIdentifier to use the default extension target. The
interruption handler fires if the extension crashes or is terminated by the OS.
Creating XPC Connections
let connection = try contentProcess.makeLibXPCConnection()
// Use connection for inter-process messaging
Each process type provides makeLibXPCConnection() to create an
xpc_connection_t for communication.
Stopping Extensions
contentProcess.invalidate()
After calling invalidate(), no further method calls on the process object
are valid.
Extension Types
Web Content Extension
Hosts the browser engine's HTML parser, CSS engine, JavaScript interpreter,
and DOM. Conform to WebContentExtension to handle incoming XPC connections:
import BrowserEngineKit
@main
struct MyWebContentExtension: WebContentExtension {
func handle(xpcConnection: xpc_connection_t) {
// Set up message handlers on the connection
}
}
Configure via WebContentExtensionConfiguration in the extension's
EXAppExtensionAttributes.
Networking Extension
Handles all network requests using URLSession or socket APIs. One instance
serves all tabs:
import BrowserEngineKit
@main
struct MyNetworkingExtension: NetworkingExtension {
func handle(xpcConnection: xpc_connection_t) {
// Handle network request messages
}
}
Configure via NetworkingExtensionConfiguration.
Rendering Extension
Accesses the GPU via Metal for video decoding, compositing, and complex rendering. One instance typically serves the entire browser:
import BrowserEngineKit
@main
struct MyRenderingExtension: RenderingExtension {
init() {
if #available(iOS 26.2, macOS 26.2, *) {
enableFeature(.coreML)
}
}
func handle(xpcConnection: xpc_connection_t) {
// Handle rendering commands
}
}
Configure via RenderingExtensionConfiguration.
Capabilities
Grant capabilities to extensions so the OS schedules them appropriately:
// Grant foreground priority to an extension
let grant = try contentProcess.grantCapability(.foreground)
// ... extension does foreground work ...
// Relinquish when done
grant.invalidate()
Available Capabilities
| Capability | Use Case |
|---|---|
| .foreground | Active tab rendering, visible content |
| .background | Background tasks, prefetching |
| .suspended | Minimal activity, pending cleanup |
| .mediaPlaybackAndCapture(environment:) | Audio/video playback, camera/mic capture |
Media Environment
For media capabilities, create a MediaEnvironment tied to a page URL.
The environment supports AVCaptureSession for camera/mic access and is
XPC-serializable for cross-process transport:
let mediaEnv = MediaEnvironment(webPage: pageURL)
let grant = try contentProcess.grantCapability(
.mediaPlaybackAndCapture(environment: mediaEnv)
)
try mediaEnv.activate()
let captureSession = try mediaEnv.makeCaptureSession()
Visibility Propagation
Attach a visibility propagation interaction to browser views so extensions
know when content is on screen. Both WebContentProcess and
RenderingProcess provide createVisibilityPropagationInteraction().
Layer Hosting and View Coordination
The rendering extension draws into a LayerHierarchy, whose content the
host app displays via LayerHierarchyHostingView. Handles are passed over
XPC. Use LayerHierarchyHostingTransactionCoordinator to synchronize layer
updates atomically across processes.
See references/browserenginekit-patterns.md for detailed layer hosting examples and transaction coordination.
Text Interaction
Adopt BETextInput on custom text views to integrate with UIKit's text
system. This enables standard text selection, autocorrect, dictation, and
keyboard interactions.
Key integration points:
asyncInputDelegatefor communicating text changes to the systemhandleKeyEntry(_:completionHandler:)for keyboard eventsBETextInteractionfor selection gestures, edit menus, and context menusBEScrollViewandBEScrollViewDelegatefor custom scroll handling
See references/browserenginekit-patterns.md for detailed text interaction implementation.
Sandbox and Security
Restricted Sandbox
After initialization, lock down content extensions using the restricted sandbox:
// In the web content extension, after setup:
if #available(iOS 26.0, macOS 26.0, *) {
applyRestrictedSandbox(revision: .revision2)
} else {
applyRestrictedSandbox(revision: .revision1)
}
This removes access to resources the extension used during startup but no longer needs. Use the latest available revision for the strongest restrictions.
JIT Compilation
Web content extensions that JIT-compile JavaScript toggle memory between
writable and executable states. Use the BE_JIT_WRITE_PROTECT_TAG from
BrowserEngineCore:
import BrowserEngineCore
// BE_JIT_WRITE_PROTECT_TAG is used with pthread_jit_write_protect_np
// to control JIT memory page permissions
Requires the com.apple.security.cs.allow-jit and
com.apple.developer.kernel.extended-virtual-addressing entitlements on
the web content extension only.
arm64e Requirement
All executables (host app and extensions) must be built with the arm64e
instruction set for distribution. Build as a universal binary to also support
arm64 iPads.
In Xcode build settings or xcconfig:
ARCHS[sdk=iphoneos*]=arm64e
Do not use arm64e for Simulator targets.
Downloads
Report download progress to the system using BEDownloadMonitor. Create an
access token, initialize the monitor with source/destination URLs and a
Progress object, then call beginMonitoring() to show the system download
UI. Use resumeMonitoring(placeholderURL:) to resume interrupted downloads.
BEDownloadMonitor is available on iOS 18.2+.
See references/browserenginekit-patterns.md for full download management examples.
Common Mistakes
DON'T: Skip the bootstrap sequence
// WRONG - content extension has no path to other extensions
let contentProcess = try await WebContentProcess(
bundleIdentifier: nil, onInterruption: {}
)
// Immediately start sending work without connecting to networking/rendering
// CORRECT - broker connections through the host app
let networkEndpoint = try await networkProxy.getEndpoint()
let renderEndpoint = try await renderProxy.getEndpoint()
try await contentProxy.bootstrap(
renderingExtension: renderEndpoint,
networkExtension: networkEndpoint
)
DON'T: Launch extensions from other extensions
// WRONG - extensions cannot launch other extensions
// (inside a WebContentExtension)
let network = try await NetworkingProcess(...)
// CORRECT - only the host app launches extensions
// Host app creates all processes, then brokers connections
DON'T: Use extension process objects after invalidation
// WRONG
contentProcess.invalidate()
let conn = try contentProcess.makeLibXPCConnection() // Error
// CORRECT - create a new process if needed
let newProcess = try await WebContentProcess(
bundleIdentifier: nil, onInterruption: {}
)
DON'T: Apply JIT entitlements to non-content extensions
JIT compilation entitlements (com.apple.security.cs.allow-jit) are valid
only on web content extensions. Adding them to the host app, rendering
extension, or networking extension causes App Store rejection.
DON'T: Hard-code region eligibility
// WRONG
if Locale.current.region?.identifier == "DE" {
useAlternativeEngine()
}
// CORRECT - use the system eligibility API
let eligible = try await BEAvailability.isEligible(for: .webBrowser)
if eligible {
useAlternativeEngine()
}
DON'T: Forget to set UIRequiredDeviceCapabilities
Without web-browser-engine in UIRequiredDeviceCapabilities, users on
unsupported devices can download the app and hit runtime failures.
Review Checklist
- [ ]
com.apple.developer.web-browser-engine.hostentitlement on host app - [ ] Each extension has its type-specific entitlement
- [ ]
UIRequiredDeviceCapabilitiesincludesweb-browser-engine - [ ]
arm64einstruction set configured for all iOS device targets - [ ]
arm64eis not set for Simulator targets - [ ] Swift packages built with
iOSPackagesShouldBuildARM64eworkspace setting - [ ] Extension point identifiers set correctly in each extension's Info.plist
- [ ] Interruption handlers implemented for all process types
- [ ] Bootstrap sequence connects content extension to networking and rendering
- [ ] Capabilities granted before work begins and invalidated when done
- [ ] Visibility propagation interaction added to browser content views
- [ ] Restricted sandbox applied to content extensions after initialization
- [ ]
BEAvailabilityused for eligibility checks instead of manual region logic - [ ] Memory attribution entitlements use the host app bundle ID as their value
- [ ] Download progress reported via
BEDownloadMonitorfor active downloads on iOS 18.2+ - [ ] Memory tagging enabled for Japan distribution on iOS 26.2+ (recommended for EU)
References
- Extended patterns (text interaction, layer hosting, scroll views, file bookmarks, XPC communication, content filtering): references/browserenginekit-patterns.md
- BrowserEngineKit framework
- Designing your browser architecture
- Creating browser extensions in Xcode
- Managing the browser extension life cycle
- Using XPC to communicate with browser extensions
- Web Browser Engine Entitlement
- BrowserKit framework
- BrowserEngineCore framework
- Sample: Developing a browser app with an alternative engine
Related Skills
dpearson2699/swift-charts
development
VerifiedTrustedCommunity
Implement, review, or improve data visualizations using Swift Charts. Use when building bar, line, area, point, pie, donut, or iOS 26 3D charts; when adding chart selection, scrolling, annotations, axes, scales, legends, or foregroundStyle grouping; when plotting functions with BarPlot, LinePlot, AreaPlot, PointPlot, Chart3D, or SurfacePlot; or when creating heat maps, Gantt charts, grouped bars, sparklines, threshold lines, or spatial visualizations.
642SKILL.mdUpdated Apr 23, 2026
dpearson2699/swift-architecture
data-ai
VerifiedTrustedCommunity
Select, implement, or migrate between app architecture patterns for Apple platform apps. Use when choosing between MV (Model-View with @Observable), MVVM, MVI, TCA (The Composable Architecture), Clean Architecture, VIPER, or Coordinator patterns; when evaluating architecture fit for a feature's complexity; when migrating from one pattern to another; or when reviewing whether an app's current architecture is appropriate. Scoped to Apple-platform patterns using Swift 6.3, SwiftUI, and UIKit.
642SKILL.mdUpdated Apr 23, 2026
dpearson2699/swift-api-design-guidelines
development
VerifiedTrustedCommunity
Apply Swift API Design Guidelines to name, label, and document Swift APIs. Covers argument label rules (prepositional phrase rule, grammatical phrase rule, first-label omission), mutating/nonmutating pair naming (-ed/-ing participle pattern, form- prefix, sort/sorted, formUnion/union), side-effect naming (noun for pure, verb for mutating), documentation comment structure (summary by declaration kind, O(1) complexity rule), clarity at call site, role-based naming, protocol naming (-able/-ible/-ing), default arguments over method families, casing conventions, and terminology. Use when designing new Swift APIs, reviewing naming and argument labels, writing documentation comments, or refactoring for call site clarity.
642SKILL.mdUpdated Apr 23, 2026
dpearson2699/storekit
development
VerifiedTrustedCommunity
Implement, review, or improve in-app purchases and subscriptions using StoreKit 2. Use when building paywalls with SubscriptionStoreView or ProductView, processing transactions with Product and Transaction APIs, verifying entitlements, handling purchase flows (consumable, non-consumable, auto-renewable), implementing offer codes or promotional/win-back/introductory offers, managing subscription status and renewal state, setting up StoreKit testing with configuration files, or integrating Family Sharing, Ask to Buy, refund handling, and billing retry logic.
642SKILL.mdUpdated Apr 23, 2026