diff --git a/.github/actions/build-for-testing/action.yml b/.github/actions/build-for-testing/action.yml
index 084ba81d..185c4ab3 100644
--- a/.github/actions/build-for-testing/action.yml
+++ b/.github/actions/build-for-testing/action.yml
@@ -27,7 +27,9 @@ runs:
         Apple/DerivedData
       key: ${{ runner.os }}-${{ inputs.scheme }}-${{ hashFiles('**/Package.resolved') }}
       restore-keys: |
+        ${{ runner.os }}-${{ inputs.scheme }}-${{ hashFiles('**/Package.resolved') }}
         ${{ runner.os }}-${{ inputs.scheme }}-
+        ${{ runner.os }}-
   - name: Build
     shell: bash
     working-directory: Apple
diff --git a/.github/actions/download-profiles/action.yml b/.github/actions/download-profiles/action.yml
index 98961aad..32b615c7 100644
--- a/.github/actions/download-profiles/action.yml
+++ b/.github/actions/download-profiles/action.yml
@@ -13,15 +13,18 @@ runs:
   using: composite
   steps:
   - shell: bash
+    env:
+      FASTLANE_OPT_OUT_USAGE: 'YES'
     run: |
+      APP_STORE_KEY=$(echo "${{ inputs.app-store-key }}" | jq -sR .)
       cat << EOF > api-key.json
       {
         "key_id": "${{ inputs.app-store-key-id }}",
         "issuer_id": "${{ inputs.app-store-key-issuer-id }}",
-        "key": "${{ inputs.app-store-key }}"
+        "key": $APP_STORE_KEY
       }
       EOF
 
-      fastlane sigh download_all --api_key_path api-key.json --download_xcode_profiles
+      fastlane sigh download_all --api_key_path api-key.json
 
       rm -rf api-key.json
diff --git a/.github/actions/export/action.yml b/.github/actions/export/action.yml
index 8f891bed..75b748ff 100644
--- a/.github/actions/export/action.yml
+++ b/.github/actions/export/action.yml
@@ -12,11 +12,8 @@ inputs:
   archive-path:
     description: Xcode archive path
     required: true
-  destination:
-    description: The Xcode export destination. This can either be "export" or "upload"
-    required: true
-  method:
-    description: The Xcode export method. This can be one of app-store, validation, ad-hoc, package, enterprise, development, developer-id, or mac-application.
+  export-options:
+    description: The export options in JSON format
     required: true
   export-path:
     description: The path to export the archive to
@@ -29,8 +26,7 @@ runs:
     run: |
       echo "${{ inputs.app-store-key }}" > AuthKey_${{ inputs.app-store-key-id }}.p8
 
-      echo '{"destination":"${{ inputs.destination }}","method":"${{ inputs.method }}"}' \
-        | plutil -convert xml1 -o ExportOptions.plist -
+      echo '${{ inputs.export-options }}' | plutil -convert xml1 -o ExportOptions.plist -
 
       xcodebuild \
         -exportArchive \
diff --git a/.github/workflows/build-rust.yml b/.github/workflows/build-rust.yml
index 11ff60de..84ac9d87 100644
--- a/.github/workflows/build-rust.yml
+++ b/.github/workflows/build-rust.yml
@@ -21,14 +21,16 @@ jobs:
           - x86_64-unknown-linux-gnu
           targets:
           - aarch64-unknown-linux-gnu
-        - os: macos-12
+        - os: macos-13
           platform: macOS (Intel)
+          xcode: /Applications/Xcode_15.2.app
           test-targets:
           - x86_64-apple-darwin
           targets:
           - x86_64-apple-ios
         - os: macos-14
           platform: macOS
+          xcode: /Applications/Xcode_16.0.app
           test-targets:
           - aarch64-apple-darwin
           targets:
@@ -42,7 +44,7 @@ jobs:
           - aarch64-pc-windows-msvc
     runs-on: ${{ matrix.os }}
     env:
-      DEVELOPER_DIR: /Applications/Xcode_15.4.app/Contents/Developer
+      DEVELOPER_DIR: ${{ matrix.xcode }}/Contents/Developer
       CARGO_INCREMENTAL: 0
       CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
       RUST_BACKTRACE: short
diff --git a/.github/workflows/release-apple.yml b/.github/workflows/release-apple.yml
index f1ee5dd2..bb9c15a1 100644
--- a/.github/workflows/release-apple.yml
+++ b/.github/workflows/release-apple.yml
@@ -13,13 +13,10 @@ jobs:
       fail-fast: false
       matrix:
         include:
-        - 
-          destination: generic/platform=iOS
-          platform: iOS
+        - platform: iOS
           rust-targets:
           - aarch64-apple-ios
-        - destination: generic/platform=macOS
-          platform: macOS
+        - platform: macOS
           rust-targets:
           - x86_64-apple-darwin
           - aarch64-apple-darwin
@@ -35,6 +32,12 @@ jobs:
       with:
         certificate: ${{ secrets.DEVELOPER_CERT }}
         password: ${{ secrets.DEVELOPER_CERT_PASSWORD }}
+    - name: Download Provisioning Profiles
+      uses: ./.github/actions/download-profiles
+      with:
+        app-store-key: ${{ secrets.APPSTORE_KEY }}
+        app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }}
+        app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }}
     - name: Install Rust
       uses: dtolnay/rust-toolchain@stable
       with:
@@ -47,7 +50,7 @@ jobs:
       uses: ./.github/actions/archive
       with:
         scheme: App
-        destination: ${{ matrix.destination }}
+        destination: generic/platform=${{ matrix.platform }}
         app-store-key: ${{ secrets.APPSTORE_KEY }}
         app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }}
         app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }}
@@ -61,6 +64,8 @@ jobs:
         app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }}
         app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }}
         archive-path: Burrow.xcarchive
+        export-options: |
+          {"teamID":"P6PV2R9443","destination":"export","method":"developer-id","provisioningProfiles":{"com.hackclub.burrow":"Burrow Developer ID","com.hackclub.burrow.network":"Burrow Network Developer ID"},"signingCertificate":"Developer ID Application","signingStyle":"manual"}
         export-path: Release
     - name: Notarize
       if: ${{ matrix.platform == 'macOS' }}
@@ -96,10 +101,10 @@ jobs:
       if: ${{ matrix.platform == 'iOS' }}
       uses: ./.github/actions/export
       with:
-        method: app-store
-        destination: upload
         app-store-key: ${{ secrets.APPSTORE_KEY }}
         app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }}
         app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }}
         archive-path: Burrow.xcarchive
+        export-options: |
+          {"method": "app-store", "destination": "upload"}
         export-path: Release
diff --git a/Apple/App/AppDelegate.swift b/Apple/App/AppDelegate.swift
index bd76a2f3..b0c5546f 100644
--- a/Apple/App/AppDelegate.swift
+++ b/Apple/App/AppDelegate.swift
@@ -2,7 +2,8 @@
 import AppKit
 import SwiftUI
 
-@MainActor @main
+@main
+@MainActor
 class AppDelegate: NSObject, NSApplicationDelegate {
     private let quitItem: NSMenuItem = {
         let quitItem = NSMenuItem(
diff --git a/Apple/App/BurrowView.swift b/Apple/App/BurrowView.swift
index 84475925..3a53762d 100644
--- a/Apple/App/BurrowView.swift
+++ b/Apple/App/BurrowView.swift
@@ -42,7 +42,6 @@ struct BurrowView: View {
     }
 
     private func addWireGuardNetwork() {
-        
     }
 
     private func authenticateWithSlack() async throws {
diff --git a/Apple/App/OAuth2.swift b/Apple/App/OAuth2.swift
index dc8c62b6..9a930c9c 100644
--- a/Apple/App/OAuth2.swift
+++ b/Apple/App/OAuth2.swift
@@ -1,6 +1,6 @@
 import AuthenticationServices
-import SwiftUI
 import Foundation
+import SwiftUI
 
 enum OAuth2 {
     enum Error: Swift.Error {
@@ -35,7 +35,7 @@ enum OAuth2 {
             }
         }
 
-        public init(
+        init(
             authorizationEndpoint: URL,
             tokenEndpoint: URL,
             redirectURI: URL,
@@ -125,7 +125,11 @@ enum OAuth2 {
         var refreshToken: String?
 
         var credential: Credential {
-            .init(accessToken: accessToken, refreshToken: refreshToken, expirationDate: expiresIn.map { Date.init(timeIntervalSinceNow: $0) })
+            .init(
+                accessToken: accessToken,
+                refreshToken: refreshToken,
+                expirationDate: expiresIn.map { Date(timeIntervalSinceNow: $0) }
+            )
         }
     }
 
@@ -203,7 +207,24 @@ enum OAuth2 {
 }
 
 extension WebAuthenticationSession {
-    func start(url: URL, redirectURI: URL) async throws -> URL {
+#if canImport(BrowserEngineKit)
+    @available(iOS 17.4, macOS 14.4, tvOS 17.4, watchOS 10.4, *)
+    fileprivate static func callback(for redirectURI: URL) throws -> ASWebAuthenticationSession.Callback {
+        switch redirectURI.scheme {
+        case "https":
+            guard let host = redirectURI.host else { throw OAuth2.Error.invalidRedirectURI }
+            return .https(host: host, path: redirectURI.path)
+        case "http":
+            throw OAuth2.Error.invalidRedirectURI
+        case .some(let scheme):
+            return .customScheme(scheme)
+        case .none:
+            throw OAuth2.Error.invalidRedirectURI
+        }
+    }
+#endif
+
+    fileprivate func start(url: URL, redirectURI: URL) async throws -> URL {
         #if canImport(BrowserEngineKit)
         if #available(iOS 17.4, macOS 14.4, tvOS 17.4, watchOS 10.4, *) {
             return try await authenticate(
@@ -231,23 +252,6 @@ extension WebAuthenticationSession {
             return url
         }
     }
-
-    #if canImport(BrowserEngineKit)
-    @available(iOS 17.4, macOS 14.4, tvOS 17.4, watchOS 10.4, *)
-    fileprivate static func callback(for redirectURI: URL) throws -> ASWebAuthenticationSession.Callback {
-        switch redirectURI.scheme {
-        case "https":
-            guard let host = redirectURI.host else { throw OAuth2.Error.invalidRedirectURI }
-            return .https(host: host, path: redirectURI.path)
-        case "http":
-            throw OAuth2.Error.invalidRedirectURI
-        case .some(let scheme):
-            return .customScheme(scheme)
-        case .none:
-            throw OAuth2.Error.invalidRedirectURI
-        }
-    }
-    #endif
 }
 
 extension View {