Goal
Make the iOS app join an existing desktop-owned session through a link or QR code instead of requiring full mobile setup/enrollment.
The first mobile product should be a session companion: desktop dd-client creates or owns the shell/session, then grants iOS a scoped capability for that session.
Proposed flow
- Desktop
dd-client creates or attaches to a session.
- Desktop exposes a
pair mobile action for that session.
- The action shows a QR code and/or universal link.
- iOS opens the link and redeems a one-time pairing token with the agent over Noise.
- iOS stores the resulting scoped session capability in Keychain.
- iOS can stay attached to that session even if the desktop disconnects, as long as the agent/session remains alive.
Capability scope
The mobile capability should be constrained to one session and should not be equivalent to account enrollment.
Allowed operations for v1:
- read session metadata
- stream transcript/output
- send terminal input or prompt responses
- detach from the session
- optionally receive notifications for prompts/session events
Denied for v1:
- fleet discovery
- creating arbitrary new sessions
- deploy/admin actions
- changing agent configuration
- full GitHub enrollment from iOS
Token shape
Prefer a one-time pairing token over embedding all secret material in the QR code. The QR/link should be small, revocable, and short lived. After redemption, iOS receives/stores only a scoped session credential.
The redeemed credential should include or bind to:
- agent URL
- session id
- allowed operations
- expiry or revocation handle
- Noise peer/bootstrap material as needed
UX
Desktop should expose this from the active session workflow, not as separate mobile setup. Example command shape:
dd-client session pair-mobile <session-id>
The iOS app first screen can be "Join Session" with QR scan/link handling. It should not require users to configure CP, GitHub auth, or fleet enrollment for v1.
Acceptance criteria
- Desktop can generate a QR/link for an active session.
- iOS can redeem the QR/link and attach to that session.
- iOS can view output and send input/prompt responses.
- Desktop can disconnect while iOS remains attached if the agent session is still running.
- Capability is session-scoped and cannot perform deploy/admin/fleet operations.
- Revocation/expiry behavior is documented and testable.
- Works in iOS simulator and as Designed for iPad on macOS.
Non-goals
- Standalone iOS onboarding
- CP-backed mobile mailbox/push service
- Browser/PWA repair path
- Full account enrollment on mobile
- General-purpose mobile agent discovery
Follow-up direction
After this works, consider allowing iOS to reopen recent paired sessions or request a new session through a previously paired desktop/agent relationship. Keep that separate from v1.
Goal
Make the iOS app join an existing desktop-owned session through a link or QR code instead of requiring full mobile setup/enrollment.
The first mobile product should be a session companion: desktop
dd-clientcreates or owns the shell/session, then grants iOS a scoped capability for that session.Proposed flow
dd-clientcreates or attaches to a session.pair mobileaction for that session.Capability scope
The mobile capability should be constrained to one session and should not be equivalent to account enrollment.
Allowed operations for v1:
Denied for v1:
Token shape
Prefer a one-time pairing token over embedding all secret material in the QR code. The QR/link should be small, revocable, and short lived. After redemption, iOS receives/stores only a scoped session credential.
The redeemed credential should include or bind to:
UX
Desktop should expose this from the active session workflow, not as separate mobile setup. Example command shape:
The iOS app first screen can be "Join Session" with QR scan/link handling. It should not require users to configure CP, GitHub auth, or fleet enrollment for v1.
Acceptance criteria
Non-goals
Follow-up direction
After this works, consider allowing iOS to reopen recent paired sessions or request a new session through a previously paired desktop/agent relationship. Keep that separate from v1.