Documentation - iEnterprise Buddy

Installation

iEnterprise Buddy can be installed in two ways: downloading the DMG directly or using Homebrew. Both methods deliver the same Universal Binary that runs natively on Intel and Apple Silicon Macs.

Option 1 — Direct Download (DMG)

Download the latest .dmg file from the website, open it, and drag iEnterprise Buddy.app into your Applications folder. On first launch, macOS Gatekeeper will prompt you to confirm because the app is distributed outside the App Store. Click Open to proceed.

Option 2 — Homebrew Cask

If you use Homebrew, install with a single command:

brew install --cask ienterprisebuddy

To update later:

brew upgrade --cask ienterprisebuddy

System Requirements

macOS 13.0 (Ventura) or later
Universal Binary — runs natively on both Intel and Apple Silicon
Approximately 25 MB disk space
No App Sandbox — required for shell access, Keychain, and system configuration management
Internet connection for license activation (offline grace period supported after activation)

First Launch

When you open iEnterprise Buddy for the first time, the app detects that no prior configuration exists and launches a guided onboarding wizard. This wizard walks you through seven steps to prepare your development environment.

Before the wizard begins, the app checks for Hardened Runtime permissions and verifies it can execute shell commands via the Process API. If macOS prompts for accessibility or full-disk-access permissions, grant them so the app can manage configuration files and interact with developer tools.

After the wizard completes, you land on the main interface: a sidebar on the left listing all seven modules, and the detail view on the right showing the selected module's content.

Onboarding Wizard

The onboarding wizard consists of seven sequential steps. You can skip any step and return to configure it later from the relevant module.

Welcome — Overview of what the app does and the modules available.
Trial Activation — Start your 7-day free trial or enter an existing license key. No credit card is required for the trial.
Shell Detection — The app detects your default shell (zsh, bash, fish) and locates configuration files like ~/.zshrc, ~/.bashrc, or ~/.config/fish/config.fish.
Proxy Setup — If you are behind a corporate proxy, enter the proxy host and port. The app validates connectivity and offers to apply settings across all developer tools.
SSH Detection — Scans ~/.ssh/ for existing keys, checks file permissions, and verifies whether the SSH agent is running.
Git Configuration — Reads your current ~/.gitconfig and prompts you to set or correct user.name, user.email, and enterprise-specific settings like http.proxy and url.*.insteadOf.
Completion — Summary of what was detected and configured. A quick-launch guide points you to the most relevant modules based on your setup.

You can re-run the onboarding wizard at any time from Settings > Run Onboarding Again.

Proxy Configuration

The Proxy Configuration view lets you create, edit, and manage named proxy profiles. Each profile stores all the details needed to route traffic through a corporate proxy, and you can switch between profiles with a single click.

Creating a Profile

Click the + button to create a new profile. Fill in the following fields:

Profile Name — A descriptive label (e.g., "Office Proxy", "VPN Proxy").
Host — The proxy server hostname or IP address.
Port — The proxy port (commonly 8080, 3128, or 1080 for SOCKS).
Username — Your corporate proxy username (optional if no authentication is required).
Password — Stored securely in the macOS Keychain. Never written to disk in plain text.
Bypass Domains — Comma-separated list of domains that should skip the proxy (e.g., localhost,127.0.0.1,.internal.corp).
HTTPS Proxy — Toggle to use a separate address for HTTPS traffic.
SOCKS Proxy — Toggle to configure a SOCKS5 proxy instead of or in addition to the HTTP proxy.

Switching Profiles

Select any profile from the list and click Activate. The active profile is indicated with a cyan badge. Switching profiles does not apply the settings to your system automatically — navigate to the Apply Settings view to push the active profile to your developer tools.

Apply Proxy Settings

This view shows toggle switches for every tool and system component that can be configured with proxy settings. Each toggle shows the current status (configured / not configured) so you can see at a glance which tools are aligned with your active proxy profile.

Supported Targets

System Network Preferences — Writes proxy settings to macOS network configuration via networksetup.
Shell Environment — Sets HTTP_PROXY, HTTPS_PROXY, and NO_PROXY in your shell profile (~/.zshrc or equivalent).
Git Global — Configures http.proxy and https.proxy in ~/.gitconfig.
npm — Sets proxy and https-proxy via npm config set.
CocoaPods — Configures proxy environment variables used by the pod command.
Homebrew — Sets HOMEBREW_PROXY and related environment variables.
curl — Writes proxy settings to ~/.curlrc.
pip — Configures the pip.conf proxy setting under ~/.config/pip/.

Diff Preview

Before any configuration file is modified, iEnterprise Buddy shows a side-by-side diff preview highlighting exactly what will change. Every original file is backed up to ~/.ieb_backups/ before the write occurs, so you can always revert.

Click Apply Selected to push the active proxy profile to all toggled-on targets. A progress indicator shows the status of each target as settings are written.

Proxy Diagnostics

The diagnostics view helps you verify that your proxy is working correctly and identify common misconfiguration issues.

Available Tests

Connectivity Test — Sends an HTTP request through the configured proxy and reports the response time, status code, and any errors.
Enterprise Endpoint Test — Tests access to your enterprise GitHub, GitLab, or Artifactory endpoints through the proxy to verify that internal services are reachable.
NO_PROXY Bypass Check — Verifies that domains listed in your bypass list are correctly excluded from proxy routing.
Inconsistency Detection — Scans all configured tools (git, npm, shell, curl) and flags any whose proxy settings differ from the active profile. This catches situations where you updated the proxy in one tool but forgot another.

Each test produces a pass, warning, or fail result. Failed tests include a description of the issue and a suggested fix that you can apply directly from the diagnostics view.

Enterprise VCS Proxy

Many enterprise environments host their own GitHub Enterprise, GitLab, or Bitbucket Server instances behind corporate firewalls. This view handles the specialized configuration needed to access these services through a proxy.

Features

Enterprise GitHub Configuration — Set the base URL for your GitHub Enterprise instance and configure proxy routing specifically for that host.
URL Rewrite Rules — Configure Git's url.*.insteadOf rules to automatically rewrite SSH URLs to HTTPS (or vice versa) for enterprise hosts. This is essential when your network blocks SSH but allows HTTPS through the proxy.
Personal Access Token (PAT) Support — Store PATs securely in the macOS Keychain and configure Git's credential helper to use them. No tokens are ever written to plain text files.
SSL Verification — Toggle http.sslVerify per-host for enterprise servers that use self-signed or corporate CA certificates.
Test Clone Access — Verify your full configuration by running a test git clone against a repository on your enterprise server. The test clones to a temporary directory and cleans up automatically.

Example Workflow

A typical setup for an enterprise GitHub behind a proxy might look like this:

# What iEnterprise Buddy configures in ~/.gitconfig:
[http "https://github.corporate.com"]
    proxy = http://proxy.corporate.com:8080
    sslVerify = false

[url "https://github.corporate.com/"]
    insteadOf = git@github.corporate.com:

[credential "https://github.corporate.com"]
    helper = osxkeychain

All of this is configured through the GUI — no manual file editing required. A diff preview is shown before any changes are saved.

SSH Key Management

The Key Management view provides a complete overview of all SSH keys in your ~/.ssh/ directory, along with tools to generate new keys and manage existing ones.

Key List

Each key is displayed with the following metadata:

Name — The filename (e.g., id_ed25519, github_enterprise).
Type — The algorithm used (ED25519, RSA, ECDSA).
Fingerprint — The SHA-256 fingerprint for identification.
Agent Status — Whether the key is currently loaded in the SSH agent.
File Permissions — Shows the current permissions and warns if they are too open (keys should be 600).

Generating New Keys

Click Generate Key to open the key generation form. Choose from three algorithms:

ED25519 (recommended) — Modern, fast, and secure. Produces compact keys.
RSA — Classic algorithm. The app defaults to 4096-bit keys for maximum compatibility with older systems.
ECDSA — Elliptic-curve alternative. Useful when ED25519 is not supported by the server.

Provide a filename, an optional comment (typically your email), and an optional passphrase. The app runs ssh-keygen under the hood:

ssh-keygen -t ed25519 -C "your.email@corp.com" -f ~/.ssh/github_enterprise

Deleting Keys

Select a key and click Delete. A confirmation dialog shows the key name and fingerprint. Both the private and public key files are removed. If the key is loaded in the agent, it is removed from the agent first.

SSH Config Editor

The Config Editor provides a visual interface for managing your ~/.ssh/config file. Instead of manually editing the config file in a text editor, you can add, edit, and delete Host entries through a structured form.

Host Entry Fields

Each Host entry supports the following fields:

Host — The alias you type in SSH commands (e.g., github-enterprise).
HostName — The actual hostname or IP to connect to.
User — The SSH username.
Port — The port (default 22).
IdentityFile — Path to the private key file.
ProxyJump — A jump host to tunnel through (essential for enterprise bastion hosts).
AddKeysToAgent — Automatically add the key to the agent on first use.
UseKeychain — Store the passphrase in macOS Keychain (macOS-specific).
ForwardAgent — Whether to forward the SSH agent to the remote host.

ProxyJump Builder

For enterprise environments that require connecting through bastion hosts, the ProxyJump builder lets you chain multiple jump hosts visually. Instead of manually writing nested ProxyJump directives, select hosts from your existing config entries to build the chain.

Diff Preview

Before saving, the editor displays a diff of the changes that will be written to ~/.ssh/config. The original file is backed up to ~/.ieb_backups/ before any modifications are applied.

SSH Services

The Services view helps you register your SSH public keys with popular Git hosting services. Instead of manually copying keys and navigating to each service's settings page, iEnterprise Buddy handles the API calls for you.

Supported Services

GitHub / GitHub Enterprise — Adds the public key via the GitHub API. Supports both github.com and enterprise instances.
GitLab / GitLab Self-Managed — Registers the key through the GitLab API.
Bitbucket / Bitbucket Server — Uploads the key to your Bitbucket account.
Custom Enterprise Services — Configure any service with a base URL and API token.

Registration Workflow

Select a key from your key list, choose the target service, provide an API token or PAT (stored in Keychain), and click Register. The app uploads the public key and confirms the registration was successful. You can then test the connection directly from this view.

# What happens behind the scenes for GitHub:
ssh -T git@github.com
# Expected: "Hi username! You've successfully authenticated..."

SSH Diagnostics

When SSH connections fail in enterprise environments, the error messages are often cryptic. The SSH Diagnostics view runs verbose connection tests and translates the output into actionable information.

Diagnostic Capabilities

Connection Test — Runs ssh -vvv against a target host and parses the verbose output to identify where the connection fails (DNS resolution, TCP connect, key exchange, authentication).
Key Not in Agent — Detects when the correct key exists on disk but is not loaded in the SSH agent, preventing authentication.
Wrong Permissions — Flags keys and config files with permissions that are too open. SSH refuses to use keys that are readable by other users.
Known Hosts Conflicts — Identifies known_hosts entries that conflict with the current server fingerprint, which happens when enterprise servers are rebuilt or IP addresses change.
ProxyJump Failures — Traces multi-hop connections and identifies which hop in the chain is failing.

Each diagnostic finding includes a severity level (pass, warning, or fail) and a one-click fix button where applicable. For example, fixing permissions is a single click that runs chmod 600 on the offending file.

SSH Agent

The Agent view gives you full control over the macOS SSH agent, which holds your private keys in memory so you do not have to enter passphrases on every connection.

Agent Operations

View Status — Shows whether the SSH agent is running and its PID.
List Loaded Keys — Displays all keys currently held by the agent, with fingerprints and comments.
Add Key — Load a private key into the agent. If the key has a passphrase, you will be prompted to enter it.
Remove Key — Unload a specific key from the agent without deleting the key file from disk.
Configure Auto-Start — Ensure the SSH agent starts automatically when you open a terminal session.

macOS Keychain Integration

On macOS, the SSH agent can store passphrases in the system Keychain so you never have to re-enter them. The Agent view lets you configure two important SSH options:

AddKeysToAgent yes — Automatically adds keys to the agent when first used.
UseKeychain yes — Stores the passphrase in the macOS Keychain.

These settings are applied to your ~/.ssh/config under a Host * block so they apply to all connections.

Project Selector

The Project Selector is the starting point for all Xcode-related operations. It lets you pick the Xcode project or workspace you want to work with, and remembers your recent selections for quick access.

Supported Project Types

.xcodeproj — Standard Xcode project bundles.
.xcworkspace — Xcode workspaces (used with CocoaPods and multi-project setups).

Click Browse to open a file picker or drag and drop a project folder onto the view. The recent projects list shows your last 10 selections with the project name, path, and last-modified date. Click any recent project to select it instantly.

Once a project is selected, all other Xcode Tools views (Build Runner, Cache Manager, etc.) operate in the context of that project.

Build Runner

The Build Runner executes Xcode build operations with live streaming output, so you can watch build progress and errors in real time without leaving iEnterprise Buddy.

Build Operations

Clean — Removes build products and intermediate files.
Build for Simulator — Builds the selected scheme for the iOS Simulator.
Build for Device — Builds the selected scheme for a physical device.
Test — Runs the project's test suite and reports results.
Archive — Creates an archive suitable for distribution.

Configuration

Before building, select a scheme and a destination from the dropdown menus. The app reads available schemes and destinations from the project using xcodebuild -list and xcodebuild -showdestinations.

Build output streams live into a terminal-style log view. Errors and warnings are highlighted in red and yellow respectively. You can scroll through the output, search for text, and copy the full log to your clipboard.

# Example of the command iEnterprise Buddy runs:
xcodebuild -workspace MyApp.xcworkspace \
  -scheme MyApp \
  -destination 'platform=iOS Simulator,name=iPhone 15,OS=17.2' \
  build

Cache Manager

Xcode generates a significant amount of cached data over time. The Cache Manager shows the size of each cache category and lets you reclaim disk space safely.

Cache Categories

DerivedData — Build products, indexes, and logs. Located at ~/Library/Developer/Xcode/DerivedData/. This is often the largest cache and is safe to delete (Xcode rebuilds it on the next build).
Module Cache — Precompiled module files. Located at ~/Library/Developer/Xcode/ModuleCache.noindex/.
Archives — Previously created archives at ~/Library/Developer/Xcode/Archives/.
Device Support — Symbol files for connected devices at ~/Library/Developer/Xcode/iOS DeviceSupport/. Older device versions can be safely removed.
Simulators — Simulator runtime data. Each simulator can use several gigabytes.

Each category shows its total size. Click Delete on individual categories or use Delete All Caches to clear everything at once. A confirmation dialog shows the total space that will be reclaimed.

On enterprise machines with limited disk space, regularly clearing DerivedData and old device support files can free tens of gigabytes.

Xcode Versions

Enterprise teams often need multiple Xcode versions installed simultaneously to support different projects. The Versions view detects all installed Xcode copies and lets you switch between them.

Features

Detect Installed Versions — Scans /Applications/ for all Xcode installations and shows their version numbers, build identifiers, and paths.
Switch Active Version — Changes the active Xcode used by xcodebuild by running xcode-select -s. This requires administrator privileges; the app prompts for your password via the standard macOS authorization dialog.
Install Command Line Tools — If CLT is missing, triggers installation with xcode-select --install.
Verify xcrun — Tests that xcrun is working correctly by running xcrun --find swift and reporting the result.

# Switch the active Xcode version:
sudo xcode-select -s /Applications/Xcode-15.2.app/Contents/Developer

# Verify the switch:
xcodebuild -version
# Xcode 15.2
# Build version 15C500b

Simulator Manager

The Simulator Manager gives you control over all iOS, iPadOS, watchOS, and tvOS simulators installed on your Mac without needing to open Xcode or use simctl from the command line.

Operations

List All Simulators — Shows every simulator grouped by runtime (e.g., iOS 17.2, iOS 16.4) with its name, UDID, and state (booted/shutdown).
Boot — Start a simulator. Equivalent to xcrun simctl boot <UDID>.
Shutdown — Stop a running simulator.
Erase — Reset a simulator to factory state, removing all apps and data.
Delete Unavailable — Remove simulators whose runtimes are no longer installed. This is a common cleanup action after removing old Xcode versions.

# What runs behind the scenes:
xcrun simctl list devices
xcrun simctl boot "iPhone 15 Pro"
xcrun simctl shutdown "iPhone 15 Pro"
xcrun simctl erase "iPhone 15 Pro"
xcrun simctl delete unavailable

Code Signing

Code signing is one of the most frustrating aspects of iOS and macOS development, especially in enterprise environments with multiple distribution certificates and provisioning profiles. The Code Signing view makes it manageable.

Certificates

The view lists all code signing certificates in your Keychain with color-coded expiry indicators:

Green — Valid, more than 30 days until expiry.
Yellow — Expiring within 30 days.
Red — Expired or invalid.

Provisioning Profiles

Lists all provisioning profiles installed at ~/Library/MobileDevice/Provisioning Profiles/. Shows the profile name, team, app ID, expiry date, and associated certificates. Expired profiles can be deleted directly from this view.

Cleanup

Click Delete Expired to remove all expired provisioning profiles at once. This is safe and recommended — expired profiles serve no purpose and can sometimes cause Xcode to select the wrong profile during automatic signing.

Package Inspector

The Package Inspector reads your project's Package.resolved file and presents all resolved dependencies in a visual list with health indicators.

Getting Started

Click the folder icon to open a file picker (NSOpenPanel) and navigate to your project directory. The app looks for Package.resolved in the root or inside .xcworkspace/xcshareddata/swiftpm/. Once loaded, every resolved package is displayed in a scrollable list.

Health Badges

Green — Package is at a stable version, resolved correctly, and no issues detected.
Amber — Minor issues such as being pinned to an old version or using a branch instead of a tag.
Red — Critical issues such as version conflicts, unreachable repositories, or broken hashes.

Package Detail

Click any package to expand its detail panel, which shows the repository URL, resolved version, revision hash, and any detected issues. This makes it easy to identify which dependency is causing problems in a large dependency graph.

Issue Detector

The Issue Detector scans your package dependencies for common problems that are especially prevalent in enterprise environments where network restrictions and private repositories add complexity.

Detected Issues

Version Conflicts — Two or more packages require incompatible versions of the same dependency. The detector identifies the conflicting constraints and the packages that impose them.
Stale Hashes — The revision hash in Package.resolved does not match the expected commit for the specified version, indicating the resolution file is out of date.
SSH URL Issues — Packages using git@ SSH URLs that may fail behind a corporate proxy that only allows HTTPS. The suggested fix converts SSH URLs to HTTPS equivalents.
Private Repository Problems — Dependencies hosted on enterprise servers that require authentication. The detector checks whether credentials are configured for each private repository.

Issue Cards

Each issue is displayed as a card sorted by severity (critical first). Every card includes a description of the problem, the affected packages, and a suggested fix. Where possible, a Fix button is available that applies the suggested change with a diff preview before writing.

Package Commands

The Commands view provides one-click access to the most common Swift Package Manager operations, with live terminal output so you can see exactly what is happening.

Available Commands

Eight command buttons are laid out in a grid:

Button	Command
Resolve	`swift package resolve`
Update	`swift package update`
Show Dependencies	`swift package show-dependencies`
Reset	`swift package reset`
Clean	`swift package clean`
Purge Cache	`swift package purge-cache`
Generate Xcodeproj	`swift package generate-xcodeproj`
Open Package.swift	`open Package.swift`

The terminal output area below the grid shows the live stdout and stderr from each command. Errors are highlighted and the exit code is displayed when the command completes.

Version Alignment

When your project has multiple modules or targets that depend on different versions of the same package, the Version Alignment tool helps you unify those versions to resolve conflicts.

How It Works

The tool scans your Package.swift and Package.resolved to identify packages that appear with different version constraints.
For each conflict, it suggests a unified version that satisfies all constraints (typically the highest version that is compatible with all dependents).
It generates an updated Package.swift with the suggested changes.
A full diff preview is displayed so you can review every change before applying it.

This is particularly useful in enterprise monorepos or multi-module projects where different teams may have pinned different versions of shared dependencies. The alignment tool brings everything into sync in a single operation.

Registry Configuration

Swift Package Manager supports private package registries for enterprise use. The Registry view lets you configure and manage connections to these registries.

Features

Add Registry — Enter the registry URL and an optional scope (e.g., a company name). The app registers it with swift package-registry set.
Remove Registry — Unregister a previously configured registry.
Authentication — Store registry auth tokens securely in the macOS Keychain. Tokens are never written to configuration files in plain text.
Test Access — Verify that the registry is reachable and that your authentication token is valid by querying the registry's API.

# What iEnterprise Buddy runs behind the scenes:
swift package-registry set https://packages.corporate.com --scope corporate
swift package-registry login https://packages.corporate.com --token <stored-in-keychain>

Certificate Trust

Enterprise networks often use SSL inspection proxies that intercept HTTPS traffic with their own CA certificates. This causes SSL errors across developer tools unless the corporate CA is explicitly trusted. The Certificate Trust view manages this for you.

Capabilities

List Root CAs — Shows all root CA certificates installed in your Keychain, with their names, issuers, and expiry dates.
Detect Corporate SSL Inspection CA — Automatically identifies CA certificates that appear to be from SSL inspection proxies (based on common naming patterns used by ZScaler, BlueCoat, Palo Alto, etc.).
Add CA to Keychain — Import a corporate CA certificate (.pem or .cer file) into the macOS Keychain and mark it as trusted.
Configure Git SSL — Set http.sslCAInfo in Git's config to point to the corporate CA bundle so that git clone and git fetch work through the SSL inspection proxy.
Configure curl — Set the CURL_CA_BUNDLE environment variable so that curl-based tools (including CocoaPods and Homebrew) trust the corporate CA.

Example Workflow

If you receive an error like SSL certificate problem: unable to get local issuer certificate when running git clone, navigate to Certificate Trust, detect the corporate CA, and click Trust for All Tools. The app will:

Add the CA to your Keychain as a trusted root.
Export the CA bundle and set http.sslCAInfo in ~/.gitconfig.
Set CURL_CA_BUNDLE in your shell profile.
Verify the fix by testing a connection to your enterprise server.

.netrc Manager

The ~/.netrc file stores credentials for network services. Many developer tools (curl, Homebrew, Swift Package Manager, CocoaPods) read this file for authentication. The .netrc Manager provides a safe, visual way to manage it.

Features

Form Editor — Add new machine entries with a form that prompts for the hostname, login, and password. No need to remember the .netrc file format.
Edit Existing Entries — Modify the login or password for any existing machine entry.
Delete Entries — Remove entries with confirmation. The file is backed up before any deletion.
Keychain Storage — Passwords are stored in the macOS Keychain and injected into the .netrc at runtime. The on-disk file uses a Keychain reference rather than the plain-text password.
Permission Check — Verifies that ~/.netrc has 600 permissions. If permissions are too open, a one-click fix button sets them correctly.

# Correct .netrc format:
machine github.corporate.com
  login your-username
  password ghp_xxxxxxxxxxxxxxxxxxxx

# Required permissions:
chmod 600 ~/.netrc

Environment Variables

Many developer tools rely on environment variables for configuration. The Environment Variables view lets you manage development-related variables in your shell profile (~/.zshrc or equivalent) without manually editing the file.

Operations

View All — Lists all environment variables currently defined in your shell profile, with their values.
Add — Create a new environment variable with a name and value. The app appends an export line to your shell profile.
Edit — Change the value of an existing variable. The app modifies the corresponding line in your shell profile.
Remove — Delete an environment variable. The corresponding export line is removed from the shell profile.

Tool Usage Indicators

Each variable shows which developer tools use it. For example:

HTTP_PROXY — Used by curl, git, npm, pip, Homebrew
CURL_CA_BUNDLE — Used by curl, CocoaPods, Homebrew
JAVA_HOME — Used by Gradle, Maven, Android Studio
DEVELOPER_DIR — Used by xcodebuild, xcrun

All changes show a diff preview before writing. The shell profile is backed up before any modification.

Git Config Manager

The Git Config Manager provides a visual editor for your ~/.gitconfig file, focusing on the settings that matter most in enterprise environments.

Managed Settings

user.name and user.email — Your identity for commits. The editor warns if these do not match your corporate email.
http.proxy and https.proxy — Global proxy settings for Git. Can also be set per-host.
http.sslVerify — Toggle SSL verification globally or for specific hosts.
credential.helper — Configure Git to use macOS Keychain (osxkeychain) for credential storage.
url.*.insteadOf — URL rewrite rules for converting SSH URLs to HTTPS or mapping public URLs to enterprise mirrors.
includeIf — Conditional includes that load different configs based on the repository directory. Useful when you have personal projects and work projects on the same machine with different identities.

Conditional Includes Example

# In ~/.gitconfig:
[includeIf "gitdir:~/Work/"]
    path = ~/.gitconfig-work

[includeIf "gitdir:~/Personal/"]
    path = ~/.gitconfig-personal

The Git Config Manager can set up these conditional includes through its GUI, creating the referenced config files with the appropriate per-directory settings.

Homebrew Helper

Homebrew is the most popular package manager for macOS, but it can be tricky to use behind a corporate proxy. The Homebrew Helper diagnoses and fixes common issues.

Features

Check Installation — Verifies that Homebrew is installed and accessible in your PATH. If not found, provides installation instructions.
Configure Through Proxy — Sets HOMEBREW_PROXY, HOMEBREW_CURL_PROXY, and related environment variables in your shell profile so Homebrew can download packages through the corporate proxy.
Disable Analytics — Enterprise environments often require disabling telemetry. One click runs brew analytics off.
Manage Taps — List, add, and remove Homebrew taps. Enterprise teams often use private taps for internal tools.
Fix Permissions — Repairs common permission issues in the Homebrew prefix directory that prevent package installation.

# Environment variables configured for proxy:
export HOMEBREW_PROXY=http://proxy.corporate.com:8080
export HOMEBREW_HTTPS_PROXY=http://proxy.corporate.com:8080
export HOMEBREW_NO_ANALYTICS=1
export HOMEBREW_NO_AUTO_UPDATE=1

VPN & Network

The VPN & Network view provides real-time visibility into your network configuration, helping you understand whether you need to enable or disable proxy settings based on your current connection.

Information Displayed

Active VPN Connections — Detects running VPN tunnels (Cisco AnyConnect, GlobalProtect, WireGuard, OpenVPN, built-in macOS VPN) and shows their connection status.
Network Interfaces — Lists all active network interfaces (Wi-Fi, Ethernet, VPN tunnel) with their IP addresses and DNS servers.
External IP — Shows your public IP address as seen by external servers. This helps you verify whether traffic is routing through the VPN or the proxy.
Proxy Detection — Based on your network configuration, the app advises whether proxy settings should be enabled. For example, if you are connected to the office VPN, the proxy may not be needed because the VPN tunnel provides direct access to internal resources.

This view is informational and does not modify any settings. Use it as a reference when deciding whether to activate or deactivate your proxy profile.

One-Click Fixes

The One-Click Fixes view contains ten pre-built solutions for the most common enterprise development problems. Each fix is a button that runs a series of diagnostic checks and applies the appropriate remediation automatically.

Available Fixes

SSL Certificate Failed — Detects the corporate CA, adds it to the Keychain, configures Git and curl to trust it. Fixes errors like SSL certificate problem: unable to get local issuer certificate.
SPM Clone Fails — Configures Git's insteadOf rules to convert SSH URLs to HTTPS, sets the proxy for HTTPS, and adds credentials to .netrc.
Xcode Organizer Broken — Clears the Organizer cache, resets the Xcode developer account session, and removes stale preferences.
Pod Install Fails — Configures CocoaPods proxy settings, clears the pod cache, updates the repo index, and sets CURL_CA_BUNDLE for SSL.
xcrun Error — Resets xcode-select to the correct Xcode path, accepts the Xcode license, and installs command line tools if missing.
Code Signing Error — Lists certificates, identifies expired ones, clears provisioning profile caches, and resets Xcode's signing preferences.
Simulator Not Working — Shuts down all simulators, deletes unavailable runtimes, resets CoreSimulator services, and reboots the target simulator.
Package Graph Stuck — Runs swift package reset, purges the SPM cache, removes Package.resolved, and re-resolves dependencies from scratch.
Git Auth Fails — Verifies SSH keys are loaded in the agent, checks .netrc credentials, tests the Git credential helper, and configures PAT-based authentication if needed.
Private Package Unreachable — Tests network connectivity to the package host, configures proxy and SSL settings for the host, adds .netrc credentials, and tests a clone.

Each fix shows a progress log as it works through the steps. If a fix modifies any configuration files, a diff preview is shown and the original files are backed up.

Running Diagnostics

The Diagnostics Dashboard runs automated checks across all modules and presents the results in a single view. This is the fastest way to get an overview of your development environment's health.

Check Categories

Checks are grouped by module:

Proxy — Proxy connectivity, configuration consistency, bypass list validation.
SSH — Key permissions, agent status, config file syntax, known_hosts integrity.
Xcode — Active version, CLT installation, xcrun functionality, code signing certificates.
SPM — Package resolution status, registry access, version conflicts.
Enterprise — CA trust, .netrc permissions, Git config completeness, VPN status.
System — macOS version, disk space, shell configuration, developer tool paths.

Result Indicators

Pass — The check passed with no issues.
Warning — A non-critical issue was detected that may cause problems in some scenarios.
Fail — A critical issue was detected that will likely cause errors. Click the check to see details and a suggested fix.

Click Run All Checks to execute the full diagnostic suite. Each check shows a spinning indicator while running and transitions to its result once complete. The dashboard remembers the last run's results so you can compare before and after fixing issues.

Exporting Reports

Diagnostic results can be exported as a Markdown report for sharing with your IT or DevOps team. This is particularly useful when you need help from a team that does not have access to your machine.

Export Options

Export as Markdown — Generates a structured Markdown document with all check results, grouped by module, including details and suggested fixes for any failures.
Copy to Clipboard — Copies the full diagnostic report to your clipboard so you can paste it directly into a Slack message, email, or Jira ticket.

The exported report includes:

Machine information (macOS version, hardware, Xcode version)
A summary count of passed, warning, and failed checks
Detailed results for each check with timestamps
Suggested remediation steps for any failures

Storage Cleanup

The Storage Cleanup module scans your Mac for caches, temporary files, old downloads, and build artifacts that accumulate over time. On a typical developer Mac, these files can consume tens of gigabytes. This tool helps you reclaim that space safely.

What It Scans

The scanner checks 12 categories of cleanable data:

Xcode DerivedData — Build products and index caches generated by Xcode projects. Often the largest category, growing to 20 GB+ on active projects. Safe to delete; Xcode rebuilds as needed.
Xcode Archives — Old .xcarchive bundles from previous distribution builds. Each archive can be several hundred MB. Review before deleting in case you need to symbolicate past crash reports.
Xcode Device Support — iOS/watchOS device support files downloaded when you connect physical devices. Older versions for devices you no longer test on can be removed.
Simulator Data — Data, caches, and runtime files for iOS Simulator runtimes. Can reach several GB per installed runtime.
SPM Caches — Swift Package Manager build artifacts and resolved package caches. Safe to delete; packages re-resolve on next build.
CocoaPods Cache — Downloaded pod specs and source archives. Safe to delete; pods re-download on next install.
Carthage Artifacts — Pre-built framework binaries and checkout directories from Carthage. Safe to delete; frameworks rebuild on next bootstrap.
System Caches — macOS system-level and per-user Library caches. Use moderate caution; some apps rely on their caches for performance.
Log Files — System logs, diagnostic reports, and crash logs that grow over time. Generally safe to remove old entries.
Old Downloads — Files in your Downloads folder that have not been accessed for over 90 days. Always review before deleting as these may contain important documents.
Homebrew Cache — Downloaded package bottles and source tarballs. Safe to delete; Homebrew re-downloads on next install.
Temporary Files — Items in system and user temp directories that have not been cleaned up by their originating processes.

How to Use

The cleanup workflow follows four steps:

Scan — Click Start Scan to analyze your disk. The scanner checks each category in parallel and reports progress as it goes. A typical scan takes 10–30 seconds.
Review — Once complete, results are grouped by category with a size breakdown. Each item shows its path, size, and how old it is. Items are color-coded by risk level.
Select — Choose which items to remove. You can select individual items, select all items in a category, or use the Select All Safe button to auto-select only items with a Safe risk level.
Clean — Click Delete Selected to remove the chosen items. A confirmation dialog shows the total size that will be freed. After deletion, a results summary shows what was removed and reports any items that could not be deleted.

Risk Levels

Every scannable category is assigned a risk level to help you decide what to remove:

Safe — These items are caches and build artifacts that will be regenerated automatically. Deleting them has no lasting impact. Examples: Xcode DerivedData, SPM caches, CocoaPods cache, Homebrew cache.
Moderate — These items are generally safe to remove, but deletion may cause a temporary slowdown or require re-downloading data. Examples: system caches, simulator data, Carthage artifacts.
Review — These items may contain files you want to keep. Always inspect the list before deleting. Examples: old downloads, Xcode archives (which contain dSYM files for crash symbolication).

Disk Usage Overview

After a scan completes, the top of the cleanup view shows an overview bar displaying total reclaimable space, the number of items found, and a per-category size breakdown. This gives you an at-a-glance summary before diving into individual items.

Typical Sizes on Developer Macs

Depending on how many projects you work on, expect these rough numbers:

Xcode DerivedData — 5–40 GB (grows with each project and scheme)
Xcode Archives — 1–10 GB (one archive per release build)
Simulator Data — 2–15 GB (depends on installed runtimes)
SPM / CocoaPods / Carthage — 500 MB–5 GB combined
System Caches + Logs — 1–5 GB
Homebrew Cache — 500 MB–3 GB

It is not unusual for a first cleanup to reclaim 20–50 GB of disk space.

Selection Controls

Select All Safe — Selects every item in categories marked as Safe risk, leaving Moderate and Review items untouched.
Per-category Select — Each category header has a checkbox that toggles all items in that category.
Individual Select — Click any item row to toggle its selection. The running total at the bottom updates in real time.
Deselect All — Clears the entire selection so you can start over.

Deletion Confirmation and Results

Before any files are removed, a confirmation dialog displays the total number of items and the total size to be freed. After deletion completes, a results view lists each item with a success or failure indicator. Items that could not be deleted (due to permission issues or file locks) are flagged so you can address them manually.

Tips

Run monthly — Scheduling a cleanup once a month prevents caches from growing unchecked and keeps your disk in good shape.
Xcode DerivedData is usually the biggest win — If you are short on time, just clearing DerivedData alone often frees 10+ GB.
Check archives before deleting — If you need to symbolicate crash reports from a production release, keep the corresponding archive.
Safe items are always safe — When in doubt, start with the Select All Safe button. You can always come back for Moderate and Review items later.
Scan after Xcode updates — Major Xcode updates often leave behind old device support files and simulator runtimes that are no longer needed.

Notifications

iEnterprise Buddy uses macOS native notifications to alert you when long-running operations complete, so you can focus on other work instead of watching progress bars.

Supported Operations

Notifications are triggered when any of the following operations finish:

Builds — Xcode project builds, archive builds, and clean builds
Tests — Unit test and UI test suite runs
Archives — Full archive operations for distribution
Package Resolution — Swift Package Manager resolve and update operations
Diagnostics — Full diagnostic suite runs across all modules
Password Rotation — Credential and token rotation operations

Notification Content

Each notification includes:

Operation result — Success or failure status at a glance
Duration — How long the operation took to complete
Summary — Brief description of what happened (e.g., number of tests passed, build warnings)

Configuration

Toggle notifications on or off in Settings → Notifications. Notifications are delivered through macOS Notification Center and appear as both banners and in the notification panel. You can further customize notification behavior (sounds, grouping) through macOS System Settings.

Menu Bar Item

A persistent status icon in the macOS menu bar gives you quick access to key information and actions without opening the full app.

At-a-Glance Status

Click the menu bar icon to see:

Active Proxy Profile — Which proxy configuration is currently applied
VPN Status — Whether a VPN connection is active and which endpoint it uses
Last Diagnostic Summary — Pass/warn/fail counts from your most recent diagnostic run

Quick Actions

The menu bar dropdown also provides quick actions:

Toggle Proxy — Enable or disable your active proxy profile with one click
Run Diagnostics — Trigger a full diagnostic check without opening the main app
Open iEnterprise Buddy — Launch or bring the main app window to the front

Configuration

Toggle the menu bar icon visibility in Settings → General. When disabled, the icon is removed from the menu bar entirely. The main app continues to work normally regardless of this setting.

Clipboard Detection

Clipboard Detection automatically identifies tokens and personal access tokens (PATs) copied to your clipboard and offers to store them securely in macOS Keychain.

Recognized Token Patterns

The feature recognizes the following token formats:

GitHub PATs — Tokens starting with github_pat_ or ghp_
GitLab Tokens — Tokens starting with glpat-
npm Tokens — Tokens starting with npm_

How It Works

When a recognized token is copied to your clipboard, a non-intrusive banner appears at the top of the app window:

The banner displays the token type (e.g., “GitHub PAT detected — Store in Keychain?”)
Click the banner to securely store the token in macOS Keychain with a descriptive service label
Dismiss the banner if you do not want to store the token

Privacy

Clipboard Detection is designed with privacy as a priority. The app never reads or stores clipboard content unless it matches one of the known token patterns listed above. No clipboard data is transmitted over the network. Toggle this feature on or off in Settings → Privacy.

Preferences

The Settings view lets you customize how iEnterprise Buddy behaves.

Available Preferences

Default Shell — Choose which shell profile the app reads and writes (zsh, bash, or fish). The app auto-detects your default shell, but you can override it here.
Terminal Log Settings — Configure how many lines of terminal output to retain, whether to auto-scroll, and the font size for the terminal log view.
Appearance — Follow system appearance or force light/dark mode.
Startup Behavior — Choose whether to show the Welcome view, the last-used module, or the Diagnostics dashboard on launch.

Subscription

iEnterprise Buddy uses a subscription model powered by Lemon Squeezy.

Plan Details

Price — $4.99 per month.
Free Trial — 7 days, no credit card required.
Seat Limit — 2 machines per license. The app uses a hardware UUID (via IOKit) for machine fingerprinting — no MAC addresses or IP addresses are collected.
Offline Grace Period — After activation, the app continues to work offline for a configurable grace period. This ensures you can use the app on a flight or in areas without internet access.

License Management

From the Subscription section, you can enter a license key, view your current subscription status, see which machines are activated, and deactivate a machine to free up a seat.

Backups

Every time iEnterprise Buddy modifies a configuration file, the original is backed up to ~/.ieb_backups/. The Backups view lets you browse and manage these backups.

Features

Browse Backups — Lists all backup files with their original path, backup date, and file size.
Restore — Copies the backup file back to its original location, replacing the current version. A diff is shown before restoring so you can see what will change.
Delete Backup — Remove individual backups that are no longer needed to free disk space.
Export / Import Settings — Export all iEnterprise Buddy settings (including proxy profiles, SSH service configurations, and preferences) to a JSON file. Import on another machine to replicate your setup. Credentials are not exported — they remain in the Keychain.

Revert System

iEnterprise Buddy maintains a complete operation history so that every change can be undone. This is one of the app's most important safety features — you can experiment with configurations knowing that nothing is permanent.

How It Works

Every time the app modifies a file or runs a configuration command, it records the operation in its internal history. The record includes:

The file that was modified and its full path
A backup of the original file contents
The timestamp of the change
Which module and action triggered the change
Any Git config commands that were run (e.g., git config --global)

Revert Banner

After any configuration change, a Revert Banner appears at the top of the detail view. This banner shows what was changed and provides a Revert button. Clicking Revert:

Restores the backed-up file to its original location.
Undoes any Git config commands that were run (e.g., removes the proxy setting that was added).
Verifies the revert was successful by comparing the file contents.
Dismisses the banner once the revert is confirmed.

You can also access the full operation history from Settings > Backups to revert changes from earlier sessions, not just the most recent one.