From 759523b9848d0fe692cfc5f4b40be62bacc82a5a Mon Sep 17 00:00:00 2001
From: Matt Bruce <mbrucedogs@gmail.com>
Date: Wed, 14 Jan 2026 10:24:11 -0600
Subject: [PATCH] Signed-off-by: Matt Bruce <mbrucedogs@gmail.com>

---
 README.md                                     |  1 +
 .../SecureStorgageSampleApp.swift             |  4 +++
 .../Services/AppStorageCatalog.swift          | 28 +++++++++++++++++++
 3 files changed, 33 insertions(+)
 create mode 100644 SecureStorgageSample/Services/AppStorageCatalog.swift

diff --git a/README.md b/README.md
index 56d3664..bb2ee76 100644
--- a/README.md
+++ b/README.md
@@ -112,6 +112,7 @@ The app demonstrates various storage configurations:
 - Storage keys are now split into one file per key and grouped by domain; platform-focused keys live in `StorageKeys/Platform` with comments calling out availability/sync focus.
 - The shared model/constants live in `SharedPackage` (`SharedKit`) to keep the watch/iOS data contract centralized.
 - The watch app uses a handler-based WatchConnectivity layer so new payload types can be added in `Services/Handlers` without bloating the main service.
+- A `StorageKeyCatalog` sample is included to generate a security audit report of all storage keys.
 
 ## License
 
diff --git a/SecureStorgageSample/SecureStorgageSampleApp.swift b/SecureStorgageSample/SecureStorgageSampleApp.swift
index 6077ed6..1f07d15 100644
--- a/SecureStorgageSample/SecureStorgageSampleApp.swift
+++ b/SecureStorgageSample/SecureStorgageSampleApp.swift
@@ -18,6 +18,10 @@ struct SecureStorgageSampleApp: App {
                 for: SampleKeyMaterialSources.external
             )
         }
+#if DEBUG
+        let report = StorageAuditReport.renderText(for: AppStorageCatalog.self)
+        print(report)
+#endif
     }
 
     var body: some Scene {
diff --git a/SecureStorgageSample/Services/AppStorageCatalog.swift b/SecureStorgageSample/Services/AppStorageCatalog.swift
new file mode 100644
index 0000000..842731b
--- /dev/null
+++ b/SecureStorgageSample/Services/AppStorageCatalog.swift
@@ -0,0 +1,28 @@
+import Foundation
+import LocalData
+import SharedKit
+
+struct AppStorageCatalog: StorageKeyCatalog {
+    static var allKeys: [StorageKeyDescriptor] {
+        [
+            .from(StorageKeys.AppVersionKey(), serializer: "json"),
+            .from(StorageKeys.UserPreferencesKey(), serializer: "json"),
+            .from(StorageKeys.CredentialsKey(), serializer: "json"),
+            .from(StorageKeys.LastLocationKey(), serializer: "json"),
+            .from(StorageKeys.APITokenKey(), serializer: "json"),
+            .from(StorageKeys.UserProfileFileKey(), serializer: "json"),
+            .from(StorageKeys.CachedDataKey(), serializer: "data"),
+            .from(StorageKeys.SettingsPlistKey(), serializer: "plist"),
+            .from(StorageKeys.SessionLogsKey(), serializer: "json"),
+            .from(StorageKeys.PrivateNotesKey(), serializer: "json"),
+            .from(StorageKeys.ExternalSessionLogsKey(), serializer: "json"),
+            .from(StorageKeys.WatchVibrationKey(), serializer: "json"),
+            .from(StorageKeys.SyncableSettingKey(), serializer: "json"),
+            .from(
+                StorageKeys.ExternalKeyMaterialKey(keyName: "<dynamic>"),
+                serializer: "data",
+                notes: "Key name is dynamic per external source."
+            )
+        ]
+    }
+}