81802a7c72
The App Store export re-sign (xcodebuild -exportArchive, automatic signing) stripped com.apple.security.application-groups from the ReadestWidget and ShareExtension binaries because both targets set CODE_SIGN_ALLOW_ENTITLEMENTS_MODIFICATION: YES. The provisioning profiles and source entitlements both grant the group, but the signed extension binaries did not, so the widget read an empty snapshot from the shared App Group container and showed only the placeholder book icon. Dev builds were unaffected. Remove the flag from both extension targets (the main app already ships the group correctly without it) so signing uses the exact CODE_SIGN_ENTITLEMENTS content. Add scripts/verify-ios-appstore-entitlements.sh and run it from release-ios-appstore.sh before upload so a stripped App Group fails the release instead of shipping a dead widget. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>