Modules
Subscribes to Mob.Device events on the running app over Erlang
distribution and tracks ground-truth screen/app state for the bench.
Append-only CSV log of bench probe snapshots.
Pre-run checklist for the iOS battery bench.
Multi-source state probe for the battery bench.
Auto-reconnect logic for the bench's BEAM dist connection.
Post-run analysis of a bench CSV log.
Orchestrates device discovery, tunnel setup, app restart, and node connection.
Pushes compiled BEAM files from _build/dev/lib/*/ebin/ to connected devices.
Represents a connected or available device (physical or emulator/simulator).
Discovers Android devices and emulators via adb.
Discovers iOS simulators via xcrun simctl.
List, start, and stop Android emulators (AVDs) and iOS simulators.
Pure helpers for mix mob.enable — extracted for testability.
Igniter-aware feature handlers for mix mob.enable.
Google Play Developer API client for uploading Android App Bundles.
Google Cloud REST API operations for the Play Store setup wizard.
OAuth2 browser-based authorization for Google APIs.
Google Play Developer API operations for granting service account access.
Interactive wizard for the Google Play one-time setup.
Connects to already-running device nodes and hot-pushes BEAM modules via RPC.
Generates app icons for Android and iOS from either a random robot avatar (using Avatarz) or a provided source image (using Image).
Downloads and caches pre-built Apple MLX + EMLX NIF static archives so
iOS Mob apps can ship EMLX.Backend as an Nx backend without
cross-compiling MLX themselves.
Builds native binaries (APK for Android, .app bundle for iOS simulator) for the current Mob project.
Single source of truth for the Android NDK version Mob's bundled OTP runtime was cross-compiled against.
Network utilities for mob_dev.
Builds the assets/otp.zip that release-mode Android Mob apps extract on
first launch.
Reachability analysis for the bundled OTP runtime tree of a Mob app.
In-place strip pass for the per-app OTP bundle, called by
MobDev.NativeBuild when MOB_SLIM=1. Was an inline ~100-line
defp in native_build.ex; extracted here so it's testable and
has a place for per-app override hooks to live.
Downloads and caches pre-built OTP releases from GitHub for Android and iOS simulator.
Runtime call-tracing utility. Wraps :erlang.trace_pattern/3 and
:erlang.trace/3 to capture the set of {module, function, arity}
actually called during a function's execution.
Characterization harness: a curated set of Elixir features exercised
in tight blocks. Designed to be wrapped in MobDev.OtpTrace.capture/1
to record the runtime modules touched by typical Elixir code.
Resolution helpers for paths Mob writes to outside the project tree.
Downloads and caches a Chaquopy CPython distribution so Android builds can embed Python.
Downloads and caches BeeWare's Python-Apple-support bundle so iOS builds can embed CPython.
Renders QR codes in the terminal using Unicode half-block characters. Uses eqrcode for matrix generation.
Build a signed, App-Store-ready iOS .ipa for the current Mob project.
Typed error tags used across the MobDev.Release.* modules.
Replaces the two scripts/release/_lib.sh files. Pure functions where
possible; side-effectful ones are narrow + testable via tmpdir fixtures.
Replaces scripts/release/xcompile_*.sh × 3 + the misplaced
scripts/release/openssl/_build_otp_android_arm64.sh. Cross-compiles
the Erlang OTP runtime for one of four target ABIs and stages the
install tree at a release root.
Per-target OTP cross-compile description.
Replaces scripts/release/openssl/{android_arm64,android_arm32,ios_sim, ios_device}.sh. Cross-compiles OpenSSL 3.x for the four target
ABIs that Mob's bundled OTP tarballs link against, producing static
libcrypto.a + libssl.a + headers under a per-target --prefix.
Replaces scripts/release/openssl/build_crypto_static_*.sh (×4).
Compiles OTP's crypto NIF C sources with -DSTATIC_ERLANG_NIF for one
target ABI and archives the result as crypto.a. Pairs with
MobDev.Release.OpenSSL (the OpenSSL build itself) to produce the
two .a files that get static-linked into the user app's main
native binary
Per-target description: arch path layout, toolchain factory, extra CFLAGS, expected nm symbol.
One cross-compile target. env_fn is invoked at build time so it
can read live :code.lib_dir(:elixir) / NDK version / etc.
Replaces scripts/release/publish.sh — uploads built tarballs to a
GitHub release tagged otp-<hash>. The release is created if it
doesn't exist; existing assets with matching names are deleted before
upload (gh release upload won't replace by default).
The I/O surface for MobDev.Release.* modules — every external command,
every env-var read, every filesystem inspection that crosses out of
Elixir's BEAM happens through a function declared here.
Production implementation of MobDev.Release.Shell — uses the real
System, File, and OS to do work. Pure passthrough; the
intelligence is in the callers.
Replaces scripts/release/tarball_*.sh × 4 — the staging + tar czf
step that produces the otp-<target>-<hash>.tar.gz archive
MobDev.OtpDownloader later fetches.
Per-target tarball staging description.
Builds the signed release AAB for a Mob Android app.
Top-level API for mix mob.security_scan.
Extracts versions from ~/.mob/cache/otp-*-{hash}/ and from exqlite
C sources in a project's deps/.
Loads priv/security/bundled_versions.exs — the source-of-truth
manifest of what versions ship inside the OTP tarballs that
MobDev.OtpDownloader distributes.
Computes the delta between the previous scan state and the current report
A single normalized security finding.
Render a Report for human or machine consumers.
Render a single changelog entry for SECURITY_HISTORY.md.
Behaviour every scan layer implements.
Result of running a single scan layer (Hex deps, Gradle deps, bundled runtime, C source, etc).
Audits the OpenSSL, ERTS, Elixir, exqlite, and SQLite versions
baked into Mob's pre-built OTP tarballs and into the project's
deps/exqlite/c_src/sqlite3.c.
Static analysis of every C source file Mob actually compiles into
the app: Mob's own NIF shims (mob/android/jni/, mob/ios/), the
exqlite NIF wrapper (deps/exqlite/c_src/sqlite3_nif.c), and any
C the project itself ships.
Audits Android dependencies via osv-scanner recursively over
the android/ directory.
Audits Hex dependencies in mix.lock against two complementary
advisory sources
Static analysis of Kotlin/Java source under android/app/src/main/
using detekt.
Audits iOS dependencies via osv-scanner recursively over the
ios/ directory.
Static analysis of Swift source under ios/ using
swiftlint.
Wrapper around the osv-scanner CLI (https://google.github.io/osv-scanner/).
Pure parser: osv-scanner JSON → [Finding.t()].
Aggregate result of a security scan: every layer's LayerResult
plus run metadata. The report is the single object handed to
formatters (terminal, JSON, markdown) and the value returned
from MobDev.SecurityScan.run/1.
Orchestrates the scan: invokes each enabled layer in turn,
collects LayerResults, and returns a Report.
Read/write the state sidecar for mix mob.security_scan.log.
Polls adb and simctl every 2 seconds, broadcasting device state changes via PubSub.
Holds the last 200 server-side Elixir log lines in memory so the dashboard
can restore them on reconnect. Fed by MobDev.Server.ElixirLogger.
OTP logger handler that captures Elixir Logger output and forwards it
to the Mob dev server dashboard.
Holds the last 500 log lines in memory so the LiveView can restore them on reconnect without losing context from before a crash or page refresh.
Pure filter functions for the log stream. Extracted here so they can be unit-tested without mounting a LiveView.
Streams logcat from connected Android devices and iOS simulator console, broadcasting parsed lines via PubSub.
Isolated supervisor for LogStreamer.
GenServer that runs the mob.watch loop inside the mob.server process.
Schema, defaults, and C-source generation for the static NIF table.
Per-feature device requirements + the validation that runs before
mix mob.deploy builds anything.
Helpers for --help / -h handling in mob_dev Mix tasks.
Manages port tunnels for Android and physical iOS devices.
Uninstall a Mob app (or every Mob-prefixed app) from one or more connected devices.
Mix Tasks
Scaffolds a new statically-linked NIF in the current Mob project.
Walks an OTP runtime tree and tells you which libraries are dead weight.
Builds a benchmark APK, deploys it, and measures battery drain over time.
Builds a benchmark app, deploys it to a physical iPhone/iPad, and measures battery drain over time.
Inspects every cache mix mob.* writes to outside the project tree, and
(with --clear) deletes them. Distinct from mix clean (build artifacts
in _build/) and mix deps.clean (deps in deps/) — this targets caches
in your home directory that survive across projects.
Discovers connected Android and iOS devices, sets up USB tunnels, restarts the app on each device, waits for Erlang nodes to come online, then drops into an IEx session connected to all of them.
Compiles the project then pushes BEAM files to all connected Android devices and iOS simulators.
Scans for connected Android devices (via adb) and iOS simulators/physical devices (via xcrun simctl / ideviceinfo) and prints their status.
Checks your environment, project configuration, OTP caches, and connected devices, reporting any issues with specific fix instructions.
Manage virtual devices: Android emulators (AVDs) and iOS simulators.
Enables one or more optional Mob features by patching mix.exs, manifest
files, and generating any required source files.
Generates a paired Mob.Screen and Phoenix LiveView for LiveView mode apps.
Generates platform icons for the current Mob project.
Runs first-time setup for a Mob project generated by mix mob.new.
Registers your app's bundle ID with Apple and downloads an iOS provisioning profile.
Uploads a release-signed artifact to the platform's app store.
Compiles the project and hot-pushes updated BEAM modules to all running Android and iOS devices — no app restart.
Regenerates the per-app static-NIF table source files in
priv/generated/driver_tab_ios.zig and priv/generated/driver_tab_android.zig.
Builds a release-signed artifact ready to upload to the app store.
Drives the OpenSSL cross-compile + the OTP crypto NIF static archive
for one target — replaces running scripts/release/openssl/<plat>.sh
and scripts/release/openssl/build_crypto_static_<plat>.sh in
sequence.
Drives MobDev.Release.OTP.build/2 from the CLI. Replaces the
three scripts/release/xcompile_*.sh scripts plus the misplaced
scripts/release/openssl/_build_otp_android_arm64.sh.
Drives MobDev.Release.Publish.publish/1 from the CLI. Replaces
scripts/release/publish.sh.
Drives MobDev.Release.Tarball.build/2 from the CLI. Replaces the
four scripts/release/tarball_*.sh scripts.
Convenience wrapper around the per-release flow. Bumps the platform's build number, rebuilds the release artifact, and uploads to the store.
Walks all lib/**/*.ex files and checks that every module passed to
push_screen/2, reset_to/2, or pop_to/2 resolves to a loadable module.
Audits the project for known vulnerabilities and unsafe code across every surface a Mob app actually ships
Scheduled-run helper for the security scan. Designed to be invoked by cron, GitHub Actions, or any other recurring trigger.
Starts the Mob dev server and opens it in the browser.
Interactive wizard that automates the Google Cloud steps required before
mix mob.publish --android can work.
Asks a connected device's BEAM what modules it has loaded right now. In interactive mode (Mob's default), a module is loaded only when something calls into it — so the loaded set after a real user session is the empirical "actually used" set.
Runs MobDev.OtpTrace.Harness under full call tracing and reports
the runtime modules + MFAs actually exercised.
Uninstall a Mob app from one or more connected devices.
Boot-safety verification for stripped Mob app builds.
Watches lib/ for source changes and automatically compiles + hot-pushes
updated modules to all running Android and iOS devices.
Stops a running mix mob.watch process.