A multi-platform McDonald's MCP (Model Context Protocol) client application suite with shared Swift packages.
This monorepo contains three platform-specific applications that share core business logic and UI components through Swift Package Manager (SPM) packages.
- macOS App - Native macOS application
- iOS App - Native iOS application
- Web App - Next.js web application
- MCDCore - Core business logic (models, services, view models)
- MCDSharedUI - Shared SwiftUI components
See the MCD-App suite in action across all platforms:
Dashboard showing My Coupons, Available Coupons, and Campaign Radar
Native macOS app with SwiftUI interface
iOS app showing coupon list with expiry tracking
- Swift Apps: Xcode 15+ and macOS 14+ or iOS 17+
- Web App: Node.js 20+ and npm
macOS:
cd apps/macos/MCD-macOS
swift runiOS:
open apps/ios/MCD-iOS/MCD-iOS.xcodeproj
# Build and run in Xcode (Cmd+R)Web:
cd apps/web
npm install
npm run devAll applications require an MCP token. See individual app READMEs for platform-specific configuration:
See Architecture Overview for system design and SPM Workspace Guide for package structure.
The web application has undergone a comprehensive 4-phase security overhaul:
- Phase 1 - Authentication & CSRF Protection: Added NextAuth.js authentication with session management, CSRF token validation for state-changing operations, protected API routes, and a sign-in page
- Phase 2 - Rate Limiting & Input Validation: Implemented API rate limiting with configurable thresholds, input validation schemas using Zod, and request body sanitization
- Phase 3 - Security Headers & Logging: Added Content Security Policy (CSP), CORS protection, request body size limits, and structured security logging
- Phase 4 - Additional Hardening: Implemented safe regex patterns to prevent ReDoS attacks, response caching headers, and client-side cache management
- Web App: Expanded test coverage from 12% to 70%+ with a large Vitest suite (300+ tests)
- Added comprehensive API route tests, component tests, and hook tests
- Implemented E2E tests using Playwright with security header verification
- Added multi-layered lint error prevention system
- Added Claude Code GitHub workflow for automated assistance
- Updated iOS CI builds to use a generic simulator destination for reliability
- Added NEXTAUTH_SECRET environment variable for web builds and E2E tests
- Fixed E2E test stability by separating auth from security headers
- iOS: Fixed excessive spacing between coupon cards
- macOS: Added Config.plist as bundled resource for easier dev setup
- Web: Fixed Next.js inline scripts compatibility with CSP
See AGENTS.md for development guidelines and coding standards.
The project includes comprehensive test coverage across all platforms:
- MCDCore: Unit tests for models, services, view models, and markdown parsing
- MCDSharedUI: Component tests for SwiftUI views
# Test MCDCore
swift test --package-path packages/MCDCore
# Test MCDSharedUI
swift test --package-path packages/MCDSharedUI- 300+ unit tests using Vitest
- E2E tests using Playwright
- Component tests using Testing Library
cd apps/web
npm test # Unit tests
npm run test:e2e # E2E testsGitHub Actions workflow runs on every push:
- Tests all Swift packages (MCDCore, MCDSharedUI)
- Builds iOS app (generic iOS Simulator)
- Builds macOS app
- Tests and builds web app (lint, unit tests, E2E, production build)
All platforms must pass CI checks before merging.
mcd-app/
├── apps/ # Platform-specific applications
│ ├── ios/ # iOS app
│ ├── macos/ # macOS app
│ └── web/ # Next.js web app
├── packages/ # Shared Swift packages
│ ├── MCDCore/ # Core business logic
│ └── MCDSharedUI/ # Shared UI components
└── docs/ # Documentation
├── architecture/ # Architecture docs
├── guides/ # Developer guides
└── plans/ # Design documents
Private project - All rights reserved