add sign

Author: vickiegpt

CodeApp/Services/ANEInferenceEngine.swift

@@ -202,10 +202,19 @@ class ANEInferenceEngine {
         // Group RMSNorm
         y = groupRMSNorm(y, weight: w.ssmNorm)
 
-        // Gate
+        // D skip connection (feedthrough: y += D * x)
+        let D = w.ssmBeta.matvec(xNorm)
+        for g in 0..<nGroups {
+            for j in 0..<dInnerPerGroup {
+                let ch = g * dInnerPerGroup + j
+                y[ch] += D[g] * xSsm[ch]
+            }
+        }
+
+        // Gate (SiLU, NOT sigmoid)
         let gateRaw = w.attnGate.matvec(xNorm)
         for i in 0..<ssmInner {
-            y[i] *= 1.0 / (1.0 + exp(-gateRaw[i]))
+            y[i] *= gateRaw[i] / (1.0 + exp(-gateRaw[i]))
         }
 
         // Output projection + residual
@@ -431,14 +440,16 @@ class ANEInferenceEngine {
     }
 
     private func groupRMSNorm(_ x: [Float], weight: [Float]) -> [Float] {
+        let perChannel = weight.count > dInnerPerGroup
         var result = x
         for g in 0..<nGroups {
             let off = g * dInnerPerGroup
             var sumSq: Float = 0
             for j in 0..<dInnerPerGroup { sumSq += result[off + j] * result[off + j] }
             let rms = sqrt(sumSq / Float(dInnerPerGroup) + rmsEps)
             for j in 0..<dInnerPerGroup {
-                result[off + j] = (result[off + j] / rms) * weight[j]
+                let wIdx = perChannel ? (off + j) : j
+                result[off + j] = (result[off + j] / rms) * weight[wIdx]
             }
         }
         return result

fastlane/Fastfile

@@ -159,11 +159,17 @@ platform :ios do
       UI.important("Warning: Could not find main provisioning profile '#{main_profile}'")
     end
 
-    # Re-sign embedded frameworks
+    # Extract entitlements from the already-signed app in the archive
+    # (codesign -d --entitlements extracts the embedded entitlements)
+    main_entitlements_file = File.join(export_path, "main.entitlements.plist")
+    sh("codesign -d --entitlements '#{main_entitlements_file}' '#{exported_app}' 2>/dev/null || true")
+    has_main_entitlements = File.exist?(main_entitlements_file) && File.size(main_entitlements_file) > 0
+
+    # Re-sign embedded frameworks (no entitlements needed for frameworks)
     frameworks_path = File.join(exported_app, "Frameworks")
     if File.directory?(frameworks_path)
       Dir["#{frameworks_path}/*.framework", "#{frameworks_path}/*.dylib"].each do |fw|
-        sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --timestamp=none '#{fw}'")
+        sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --timestamp '#{fw}'")
       end
     end
 
@@ -176,23 +182,24 @@ platform :ios do
       appex_fw = File.join(appex, "Frameworks")
       if File.directory?(appex_fw)
         Dir["#{appex_fw}/*.framework", "#{appex_fw}/*.dylib"].each do |fw|
-          sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --timestamp=none '#{fw}'")
+          sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --timestamp '#{fw}'")
         end
       end
-      entitlements_appex = File.join(appex, "archived-expanded-entitlements.xcent")
-      if File.exist?(entitlements_appex)
-        sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --entitlements '#{entitlements_appex}' --timestamp=none '#{appex}'")
+      # Extract extension entitlements from existing signature
+      ext_entitlements_file = File.join(export_path, "ext_#{File.basename(appex)}.entitlements.plist")
+      sh("codesign -d --entitlements '#{ext_entitlements_file}' '#{appex}' 2>/dev/null || true")
+      if File.exist?(ext_entitlements_file) && File.size(ext_entitlements_file) > 0
+        sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --entitlements '#{ext_entitlements_file}' --timestamp '#{appex}'")
       else
-        sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --timestamp=none '#{appex}'")
+        sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --timestamp '#{appex}'")
       end
     end
 
     # Re-sign the main app bundle
-    entitlements_main = File.join(exported_app, "archived-expanded-entitlements.xcent")
-    if File.exist?(entitlements_main)
-      sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --entitlements '#{entitlements_main}' --timestamp=none '#{exported_app}'")
+    if has_main_entitlements
+      sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --entitlements '#{main_entitlements_file}' --timestamp '#{exported_app}'")
     else
-      sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --timestamp=none '#{exported_app}'")
+      sh("codesign --force --sign '#{sign_identity}' --keychain '#{keychain_path}' --timestamp '#{exported_app}'")
     end
 
     ipa_output = File.join(export_path, "Code.ipa")