diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 0909e2d..2c44cbe 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -116,6 +116,35 @@ jobs:
       - name: build sqlite-sync
         run: ${{ matrix.name == 'linux-musl' && matrix.arch == 'arm64' && 'docker exec alpine' || '' }} make extension ${{ matrix.make && matrix.make || ''}}
 
+      - name: create keychain for codesign
+        if: matrix.os == 'macos-15'
+        run: |
+          echo "${{ secrets.APPLE_CERTIFICATE }}" | base64 --decode > certificate.p12
+          security create-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain
+          security import certificate.p12 -k build.keychain -P "${{ secrets.CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain
+
+      - name: codesign dylib
+        if: matrix.os == 'macos-15' && matrix.name != 'apple-xcframework'
+        run: codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib
+
+      - name: codesign and notarize xcframework
+        if: matrix.name == 'apple-xcframework'
+        run: |
+          find dist/CloudSync.xcframework -name "*.framework" -exec echo "Signing: {}" \; -exec codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime {} \; # Sign each individual framework FIRST
+          codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework # Then sign the xcframework wrapper
+          ditto -c -k --keepParent dist/CloudSync.xcframework dist/CloudSync.xcframework.zip
+          xcrun notarytool submit dist/CloudSync.xcframework.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait
+          rm dist/CloudSync.xcframework.zip
+
+      - name: cleanup keychain for codesign
+        if: matrix.os == 'macos-15'
+        run: |
+          rm certificate.p12
+          security delete-keychain build.keychain
+
       - name: android setup test environment
         if: matrix.name == 'android' && matrix.arch != 'arm64-v8a'
         run: |
diff --git a/src/cloudsync.c b/src/cloudsync.c
index aa63675..2f0bd04 100644
--- a/src/cloudsync.c
+++ b/src/cloudsync.c
@@ -3245,10 +3245,6 @@ void cloudsync_commit_alter (sqlite3_context *context, int argc, sqlite3_value *
     
 // MARK: - Main Entrypoint -
 
-int cloudsync_autoinit (void) {
-    return sqlite3_auto_extension((void *)sqlite3_cloudsync_init);
-}
-
 int cloudsync_register (sqlite3 *db, char **pzErrMsg) {
     int rc = SQLITE_OK;
     
diff --git a/src/cloudsync.h b/src/cloudsync.h
index a9aab5f..c5f722a 100644
--- a/src/cloudsync.h
+++ b/src/cloudsync.h
@@ -20,10 +20,9 @@
 extern "C" {
 #endif
 
-#define CLOUDSYNC_VERSION                       "0.8.26"
+#define CLOUDSYNC_VERSION                       "0.8.27"
 
 int sqlite3_cloudsync_init (sqlite3 *db, char **pzErrMsg, const sqlite3_api_routines *pApi);
-int cloudsync_autoinit (void);
 
 #ifdef __cplusplus
 }