From 23f77c3576c63429a4816a8723a5c37561d07d35 Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 12:24:22 -0400
Subject: [PATCH 01/18] Add Rust-backed iOS PR preview workflow

---
 .gitignore                                   |   4 +-
 Cargo.lock                                   |   2 +
 apps/ios/DevOpsDefender/ContentView.swift    | 200 +++++++-
 apps/ios/DevOpsDefender/DDClientBridge.swift | 493 +++++++++++++++++++
 apps/ios/DevOpsDefender/DDClientFFI.h        |  16 +
 apps/ios/README.md                           | 118 +++--
 apps/ios/Scripts/build-rust.sh               |  81 +++
 apps/ios/project.yml                         |  15 +-
 apps/ios/run-designed-for-ipad-on-mac.sh     |  60 ++-
 crates/dd-client-core/Cargo.toml             |   3 +-
 crates/dd-client-core/src/lib.rs             |  41 ++
 crates/dd-client-ffi/Cargo.toml              |   3 +-
 crates/dd-client-ffi/src/lib.rs              | 330 ++++++++++++-
 13 files changed, 1312 insertions(+), 54 deletions(-)
 create mode 100644 apps/ios/DevOpsDefender/DDClientBridge.swift
 create mode 100644 apps/ios/DevOpsDefender/DDClientFFI.h
 create mode 100755 apps/ios/Scripts/build-rust.sh

diff --git a/.gitignore b/.gitignore
index 24f2189..efec3cc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,6 @@
 *.key
 *.key.tmp
 .DS_Store
-
+apps/ios/DevOpsDefender.xcodeproj/
+apps/ios/com.apple.DeveloperTools/
+apps/ios/err
diff --git a/Cargo.lock b/Cargo.lock
index ae2018c..b00d45a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -377,7 +377,9 @@ dependencies = [
 name = "dd-client-ffi"
 version = "0.1.0"
 dependencies = [
+ "base64",
  "dd-client-core",
+ "hex",
  "serde_json",
  "tempfile",
  "tokio",
diff --git a/apps/ios/DevOpsDefender/ContentView.swift b/apps/ios/DevOpsDefender/ContentView.swift
index aa47ed6..897dc4a 100644
--- a/apps/ios/DevOpsDefender/ContentView.swift
+++ b/apps/ios/DevOpsDefender/ContentView.swift
@@ -1,24 +1,202 @@
 import SwiftUI
 
 struct ContentView: View {
+    @StateObject private var viewModel = ClientViewModel()
+
     var body: some View {
         NavigationStack {
-            List {
-                Section("Pairing") {
-                    LabeledContent("Device key", value: "Not generated")
-                    Button("Generate enrollment URL") {}
+            Form {
+                Section("Connection") {
+                    TextField("Agent URL", text: $viewModel.agentURL)
+                        .textInputAutocapitalization(.never)
+                        .keyboardType(.URL)
+
+                    TextField("Noise key path", text: $viewModel.keyPath)
+                        .textInputAutocapitalization(.never)
+                        .font(.system(.body, design: .monospaced))
+
+                    Button("Use app support key path") {
+                        viewModel.useAppSupportKeyPath()
+                    }
+
+                    Toggle("Dev/test: skip TDX quote verification", isOn: $viewModel.insecureSkipQuoteVerify)
+
+                    if !viewModel.insecureSkipQuoteVerify {
+                        SecureField("Intel Trust Authority API key", text: $viewModel.itaAPIKey)
+                        TextField("ITA base URL", text: $viewModel.itaBaseURL)
+                            .textInputAutocapitalization(.never)
+                        TextField("ITA JWKS URL", text: $viewModel.itaJwksURL)
+                            .textInputAutocapitalization(.never)
+                        TextField("ITA issuer", text: $viewModel.itaIssuer)
+                            .textInputAutocapitalization(.never)
+                    }
+                }
+
+                Section("Key Content") {
+                    Text("Paste a 32-byte Noise key as hex or base64 when the app cannot read your host key path.")
+                        .font(.footnote)
+                        .foregroundStyle(.secondary)
+
+                    TextEditor(text: $viewModel.keyContent)
+                        .font(.system(.body, design: .monospaced))
+                        .frame(minHeight: 76)
+
+                    Button("Import pasted key to path") {
+                        viewModel.importPastedKey()
+                    }
+                    .disabled(viewModel.isBusy)
+                }
+
+                Section("Recipes") {
+                    Button("Load recipes") {
+                        viewModel.loadRecipes()
+                    }
+                    .disabled(viewModel.isBusy)
+
+                    if viewModel.recipes.isEmpty {
+                        Text("No recipes loaded")
+                            .foregroundStyle(.secondary)
+                    } else {
+                        ForEach(viewModel.recipes) { recipe in
+                            VStack(alignment: .leading, spacing: 4) {
+                                Text(recipe.title)
+                                Text(recipe.id)
+                                    .font(.caption.monospaced())
+                                    .foregroundStyle(.secondary)
+                                if !recipe.detail.isEmpty {
+                                    Text(recipe.detail)
+                                        .font(.caption)
+                                        .foregroundStyle(.secondary)
+                                }
+                            }
+                        }
+                    }
+                }
+
+                Section("Sessions") {
+                    HStack {
+                        Button("List sessions") {
+                            viewModel.loadSessions()
+                        }
+                        .disabled(viewModel.isBusy)
+
+                        Button("Create shell") {
+                            viewModel.createShellSession()
+                        }
+                        .disabled(viewModel.isBusy)
+                    }
+
+                    Toggle("Notify on session changes", isOn: $viewModel.notifyOnSessionChanges)
+
+                    TextField("Selected session id", text: $viewModel.selectedSessionID)
+                        .textInputAutocapitalization(.never)
+                        .font(.system(.body, design: .monospaced))
+
+                    if viewModel.sessions.isEmpty {
+                        Text("No sessions loaded")
+                            .foregroundStyle(.secondary)
+                    } else {
+                        ForEach(viewModel.sessions) { session in
+                            Button {
+                                viewModel.selectSession(session)
+                            } label: {
+                                VStack(alignment: .leading, spacing: 4) {
+                                    Text(session.title)
+                                    Text(session.id)
+                                        .font(.caption.monospaced())
+                                        .foregroundStyle(.secondary)
+                                    if !session.detail.isEmpty {
+                                        Text(session.detail)
+                                            .font(.caption)
+                                            .foregroundStyle(.secondary)
+                                    }
+                                }
+                            }
+                        }
+                    }
                 }
 
-                Section("Agents") {
-                    ContentUnavailableView("No agents", systemImage: "server.rack")
+                Section("Transcript") {
+                    HStack {
+                        Button("Replay") {
+                            viewModel.replaySelectedSession()
+                        }
+                        .disabled(viewModel.isBusy)
+
+                        Button("Attach / refresh output") {
+                            viewModel.attachSelectedSession()
+                        }
+                        .disabled(viewModel.isBusy)
+                    }
+
+                    Stepper(
+                        "Zoom \(Int(viewModel.transcriptFontSize)) pt",
+                        value: $viewModel.transcriptFontSize,
+                        in: 11...30,
+                        step: 1
+                    )
+
+                    ScrollView([.horizontal, .vertical]) {
+                        Text(viewModel.transcript.isEmpty ? "No transcript loaded" : viewModel.transcript)
+                            .font(.system(size: viewModel.transcriptFontSize, design: .monospaced))
+                            .textSelection(.enabled)
+                            .frame(maxWidth: .infinity, alignment: .leading)
+                            .padding(.vertical, 6)
+                    }
+                    .frame(minHeight: 240)
+                }
+
+                Section("Mobile Write Controls") {
+                    TextField("Short input, e.g. 1 or y", text: $viewModel.quickInput)
+                        .textInputAutocapitalization(.never)
+                        .font(.system(.body, design: .monospaced))
+
+                    HStack {
+                        Button("Send + Return") {
+                            viewModel.sendQuickInput()
+                        }
+                        .disabled(viewModel.isBusy)
+
+                        Button("1") {
+                            viewModel.sendQuickInput("1\n")
+                        }
+                        .disabled(viewModel.isBusy)
+
+                        Button("2") {
+                            viewModel.sendQuickInput("2\n")
+                        }
+                        .disabled(viewModel.isBusy)
+
+                        Button("Enter") {
+                            viewModel.sendQuickInput("\n")
+                        }
+                        .disabled(viewModel.isBusy)
+                    }
+
+                    Text("Each send attaches, writes bytes, waits briefly for output, then detaches without closing the remote session.")
+                        .font(.footnote)
+                        .foregroundStyle(.secondary)
+                }
+
+                Section("Status") {
+                    if viewModel.isBusy {
+                        ProgressView()
+                    }
+                    Text(viewModel.status)
+                        .font(.callout)
+
+                    DisclosureGroup("Last Rust response") {
+                        ScrollView([.horizontal, .vertical]) {
+                            Text(viewModel.rawResponse.isEmpty ? "{}" : viewModel.rawResponse)
+                                .font(.caption.monospaced())
+                                .textSelection(.enabled)
+                                .frame(maxWidth: .infinity, alignment: .leading)
+                        }
+                        .frame(minHeight: 120)
+                    }
                 }
             }
             .navigationTitle("DevOps Defender")
         }
     }
 }
-
-#Preview {
-    ContentView()
-}
-
diff --git a/apps/ios/DevOpsDefender/DDClientBridge.swift b/apps/ios/DevOpsDefender/DDClientBridge.swift
new file mode 100644
index 0000000..11d8983
--- /dev/null
+++ b/apps/ios/DevOpsDefender/DDClientBridge.swift
@@ -0,0 +1,493 @@
+import Foundation
+import UserNotifications
+
+struct AgentSettings: Sendable {
+    var agentURL: String
+    var keyPath: String
+    var insecureSkipQuoteVerify: Bool
+    var itaAPIKey: String
+    var itaBaseURL: String
+    var itaJwksURL: String
+    var itaIssuer: String
+}
+
+struct RecipeSummary: Identifiable, Sendable {
+    let id: String
+    let title: String
+    let detail: String
+}
+
+struct SessionSummary: Identifiable, Sendable {
+    let id: String
+    let title: String
+    let detail: String
+}
+
+struct DDClientError: LocalizedError {
+    let message: String
+
+    var errorDescription: String? {
+        message
+    }
+}
+
+enum DDClientBridge {
+    static func importKey(keyPath: String, keyContent: String) throws -> [String: Any] {
+        try request([
+            "operation": "import_key",
+            "key_path": keyPath,
+            "key_content": keyContent
+        ])
+    }
+
+    static func listRecipes(settings: AgentSettings) throws -> [String: Any] {
+        try request(basePayload("recipes", settings: settings))
+    }
+
+    static func listSessions(settings: AgentSettings) throws -> [String: Any] {
+        try request(basePayload("sessions", settings: settings))
+    }
+
+    static func createShellSession(settings: AgentSettings) throws -> [String: Any] {
+        var payload = basePayload("create_session", settings: settings)
+        payload["recipe"] = "shell"
+        payload["name"] = "iOS shell"
+        return try request(payload)
+    }
+
+    static func replaySession(id: String, settings: AgentSettings) throws -> [String: Any] {
+        var payload = basePayload("replay_session", settings: settings)
+        payload["id"] = id
+        return try request(payload)
+    }
+
+    static func attachExchange(
+        id: String,
+        input: String,
+        maxBytes: Int,
+        idleTimeoutMS: Int,
+        settings: AgentSettings
+    ) throws -> [String: Any] {
+        var payload = basePayload("attach_exchange", settings: settings)
+        payload["id"] = id
+        payload["input"] = input
+        payload["max_bytes"] = maxBytes
+        payload["idle_timeout_ms"] = idleTimeoutMS
+        return try request(payload)
+    }
+
+    private static func basePayload(_ operation: String, settings: AgentSettings) -> [String: Any] {
+        [
+            "operation": operation,
+            "agent_url": settings.agentURL,
+            "key_path": settings.keyPath,
+            "insecure_skip_quote_verify": settings.insecureSkipQuoteVerify,
+            "ita_api_key": settings.itaAPIKey,
+            "ita_base_url": settings.itaBaseURL,
+            "ita_jwks_url": settings.itaJwksURL,
+            "ita_issuer": settings.itaIssuer
+        ]
+    }
+
+    private static func request(_ payload: [String: Any]) throws -> [String: Any] {
+        let requestData = try JSONSerialization.data(withJSONObject: payload)
+        guard let requestJSON = String(data: requestData, encoding: .utf8) else {
+            throw DDClientError(message: "Failed to encode FFI request")
+        }
+
+        let responsePointer = requestJSON.withCString { requestCString in
+            dd_client_agent_request(requestCString)
+        }
+
+        guard let responsePointer else {
+            throw DDClientError(message: "Rust FFI returned a null response")
+        }
+        defer {
+            dd_client_string_free(responsePointer)
+        }
+
+        let responseJSON = String(cString: responsePointer)
+        guard let responseData = responseJSON.data(using: .utf8),
+              let response = try JSONSerialization.jsonObject(with: responseData) as? [String: Any] else {
+            throw DDClientError(message: "Failed to decode FFI response: \(responseJSON)")
+        }
+
+        if response["ok"] as? Bool == true {
+            return response
+        }
+        throw DDClientError(message: response["error"] as? String ?? responseJSON)
+    }
+}
+
+enum AppDefaults {
+    static let previewAgentURL = "https://dd-pr-261-api-23bf4739-7737-483f-9256-1d184cbb7fab.devopsdefender.com"
+    static let itaBaseURL = "https://api.trustauthority.intel.com"
+    static let itaJwksURL = "https://portal.trustauthority.intel.com/certs"
+    static let itaIssuer = "https://portal.trustauthority.intel.com"
+
+    static var defaultKeyPath: String {
+        #if targetEnvironment(simulator)
+        return hostNoiseKeyPath
+        #else
+        if ProcessInfo.processInfo.isiOSAppOnMac {
+            return hostNoiseKeyPath
+        }
+        return appSupportNoiseKeyPath
+        #endif
+    }
+
+    static var appSupportNoiseKeyPath: String {
+        let base = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask)
+            .first ?? URL(fileURLWithPath: NSHomeDirectory())
+        return base
+            .appendingPathComponent("devopsdefender", isDirectory: true)
+            .appendingPathComponent("noise.key")
+            .path
+    }
+
+    private static var hostNoiseKeyPath: String {
+        let userName = NSUserName()
+        if userName.isEmpty {
+            return appSupportNoiseKeyPath
+        }
+        return "/Users/\(userName)/.config/devopsdefender/noise.key"
+    }
+}
+
+@MainActor
+final class ClientViewModel: ObservableObject {
+    @Published var agentURL = AppDefaults.previewAgentURL
+    @Published var keyPath = AppDefaults.defaultKeyPath
+    @Published var keyContent = ""
+    @Published var insecureSkipQuoteVerify = true
+    @Published var itaAPIKey = ""
+    @Published var itaBaseURL = AppDefaults.itaBaseURL
+    @Published var itaJwksURL = AppDefaults.itaJwksURL
+    @Published var itaIssuer = AppDefaults.itaIssuer
+    @Published var recipes: [RecipeSummary] = []
+    @Published var sessions: [SessionSummary] = []
+    @Published var selectedSessionID = ""
+    @Published var quickInput = ""
+    @Published var transcript = ""
+    @Published var rawResponse = ""
+    @Published var status = "Ready"
+    @Published var isBusy = false
+    @Published var transcriptFontSize = 15.0
+    @Published var notifyOnSessionChanges = false {
+        didSet {
+            if notifyOnSessionChanges {
+                requestNotificationPermission()
+            }
+        }
+    }
+
+    private var lastSessionIDs = Set<String>()
+
+    var settings: AgentSettings {
+        AgentSettings(
+            agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
+            keyPath: keyPath.expandingTildePath,
+            insecureSkipQuoteVerify: insecureSkipQuoteVerify,
+            itaAPIKey: itaAPIKey.trimmingCharacters(in: .whitespacesAndNewlines),
+            itaBaseURL: itaBaseURL.trimmingCharacters(in: .whitespacesAndNewlines),
+            itaJwksURL: itaJwksURL.trimmingCharacters(in: .whitespacesAndNewlines),
+            itaIssuer: itaIssuer.trimmingCharacters(in: .whitespacesAndNewlines)
+        )
+    }
+
+    func useAppSupportKeyPath() {
+        keyPath = AppDefaults.appSupportNoiseKeyPath
+    }
+
+    func importPastedKey() {
+        let path = keyPath.expandingTildePath
+        let content = keyContent.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !content.isEmpty else {
+            status = "Paste a 32-byte key as hex or base64 first"
+            return
+        }
+        run("Importing key") {
+            let response = try DDClientBridge.importKey(keyPath: path, keyContent: content)
+            return ClientUpdate(
+                status: "Imported key to \(response["key_path"] as? String ?? path)",
+                rawResponse: prettyJSONString(response)
+            )
+        }
+    }
+
+    func loadRecipes() {
+        let settings = settings
+        run("Loading recipes") {
+            let response = try DDClientBridge.listRecipes(settings: settings)
+            return ClientUpdate(
+                status: "Loaded recipes",
+                recipes: extractRecipes(from: response["value"]),
+                rawResponse: prettyJSONString(response)
+            )
+        }
+    }
+
+    func loadSessions() {
+        let settings = settings
+        run("Loading sessions") {
+            let response = try DDClientBridge.listSessions(settings: settings)
+            let sessions = extractSessions(from: response["value"])
+            return ClientUpdate(
+                status: "Loaded \(sessions.count) sessions",
+                sessions: sessions,
+                rawResponse: prettyJSONString(response)
+            )
+        }
+    }
+
+    func createShellSession() {
+        let settings = settings
+        run("Creating shell session") {
+            let response = try DDClientBridge.createShellSession(settings: settings)
+            let id = response["session_id"] as? String ?? ""
+            return ClientUpdate(
+                status: id.isEmpty ? "Created shell session" : "Created shell session \(id)",
+                selectedSessionID: id,
+                rawResponse: prettyJSONString(response)
+            )
+        }
+    }
+
+    func replaySelectedSession() {
+        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !id.isEmpty else {
+            status = "Select or enter a session id first"
+            return
+        }
+        let settings = settings
+        run("Replaying session") {
+            let response = try DDClientBridge.replaySession(id: id, settings: settings)
+            return ClientUpdate(
+                status: "Replayed \(id)",
+                transcript: transcriptText(from: response["value"]),
+                rawResponse: prettyJSONString(response)
+            )
+        }
+    }
+
+    func attachSelectedSession() {
+        attach(input: "", statusText: "Attaching for output")
+    }
+
+    func sendQuickInput(_ input: String? = nil) {
+        let text = input ?? quickInput
+        guard !text.isEmpty else {
+            status = "Enter text or use a quick key"
+            return
+        }
+        let normalized = text.hasSuffix("\n") ? text : text + "\n"
+        attach(input: normalized, statusText: "Sending short input")
+        if input == nil {
+            quickInput = ""
+        }
+    }
+
+    func selectSession(_ session: SessionSummary) {
+        selectedSessionID = session.id
+        transcript = session.detail
+    }
+
+    private func attach(input: String, statusText: String) {
+        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !id.isEmpty else {
+            status = "Select or enter a session id first"
+            return
+        }
+        let settings = settings
+        run(statusText) {
+            let response = try DDClientBridge.attachExchange(
+                id: id,
+                input: input,
+                maxBytes: 128 * 1024,
+                idleTimeoutMS: 1200,
+                settings: settings
+            )
+            let text = response["text"] as? String ?? ""
+            return ClientUpdate(
+                status: input.isEmpty ? "Attached and detached without closing \(id)" : "Sent input and detached without closing \(id)",
+                transcript: text.isEmpty ? "(no new output before idle timeout)" : text,
+                rawResponse: prettyJSONString(response)
+            )
+        }
+    }
+
+    private func run(_ pendingStatus: String, work: @escaping @Sendable () throws -> ClientUpdate) {
+        guard !isBusy else {
+            status = "Another request is already running"
+            return
+        }
+        isBusy = true
+        status = pendingStatus
+        Task {
+            do {
+                let update = try await Task.detached(priority: .userInitiated) {
+                    try work()
+                }.value
+                apply(update)
+            } catch {
+                status = error.localizedDescription
+            }
+            isBusy = false
+        }
+    }
+
+    private func apply(_ update: ClientUpdate) {
+        status = update.status
+        rawResponse = update.rawResponse ?? rawResponse
+        if let recipes = update.recipes {
+            self.recipes = recipes
+        }
+        if let sessions = update.sessions {
+            handleSessionUpdate(sessions)
+        }
+        if let selectedSessionID = update.selectedSessionID, !selectedSessionID.isEmpty {
+            self.selectedSessionID = selectedSessionID
+        }
+        if let transcript = update.transcript {
+            self.transcript = transcript
+        }
+    }
+
+    private func handleSessionUpdate(_ sessions: [SessionSummary]) {
+        let newIDs = Set(sessions.map(\.id))
+        let added = newIDs.subtracting(lastSessionIDs)
+        self.sessions = sessions
+        if notifyOnSessionChanges, !lastSessionIDs.isEmpty, !added.isEmpty {
+            scheduleNotification(title: "DevOps Defender sessions changed", body: "New sessions: \(added.sorted().joined(separator: ", "))")
+        }
+        lastSessionIDs = newIDs
+    }
+
+    private func requestNotificationPermission() {
+        UNUserNotificationCenter.current().requestAuthorization(options: [.alert, .sound]) { _, _ in }
+    }
+
+    private func scheduleNotification(title: String, body: String) {
+        let content = UNMutableNotificationContent()
+        content.title = title
+        content.body = body
+        let request = UNNotificationRequest(
+            identifier: "dd-client-session-\(UUID().uuidString)",
+            content: content,
+            trigger: nil
+        )
+        UNUserNotificationCenter.current().add(request)
+    }
+}
+
+private struct ClientUpdate: Sendable {
+    var status: String
+    var recipes: [RecipeSummary]?
+    var sessions: [SessionSummary]?
+    var selectedSessionID: String?
+    var transcript: String?
+    var rawResponse: String?
+}
+
+private extension String {
+    var expandingTildePath: String {
+        (self as NSString).expandingTildeInPath
+    }
+}
+
+private func prettyJSONString(_ value: Any) -> String {
+    guard JSONSerialization.isValidJSONObject(value),
+          let data = try? JSONSerialization.data(withJSONObject: value, options: [.prettyPrinted, .sortedKeys]),
+          let text = String(data: data, encoding: .utf8) else {
+        return "\(value)"
+    }
+    return text
+}
+
+private func transcriptText(from value: Any?) -> String {
+    if let text = firstString(for: ["transcript", "output", "text", "stdout", "data"], in: value) {
+        return text
+    }
+    return prettyJSONString(value ?? [:])
+}
+
+private func firstString(for keys: [String], in value: Any?) -> String? {
+    if let dict = value as? [String: Any] {
+        for key in keys {
+            if let text = dict[key] as? String, !text.isEmpty {
+                return text
+            }
+        }
+        for nested in dict.values {
+            if let text = firstString(for: keys, in: nested) {
+                return text
+            }
+        }
+    }
+    if let array = value as? [Any] {
+        for item in array {
+            if let text = firstString(for: keys, in: item) {
+                return text
+            }
+        }
+    }
+    return nil
+}
+
+private func extractRecipes(from value: Any?) -> [RecipeSummary] {
+    extractDictionaries(from: value).compactMap { dict in
+        guard let id = stringValue(dict["id"]) ?? stringValue(dict["recipe_id"]) ?? stringValue(dict["name"]) else {
+            return nil
+        }
+        let title = stringValue(dict["name"]) ?? id
+        let detail = [stringValue(dict["description"]), stringValue(dict["command"])]
+            .compactMap { $0 }
+            .joined(separator: " ")
+        return RecipeSummary(id: id, title: title, detail: detail)
+    }
+}
+
+private func extractSessions(from value: Any?) -> [SessionSummary] {
+    extractDictionaries(from: value).compactMap { dict in
+        guard let id = stringValue(dict["id"]) ?? stringValue(dict["session_id"]) else {
+            return nil
+        }
+        let title = stringValue(dict["name"]) ?? stringValue(dict["recipe_id"]) ?? "Session"
+        let detail = [
+            stringValue(dict["status"]),
+            stringValue(dict["state"]),
+            stringValue(dict["recipe"]),
+            stringValue(dict["recipe_id"]),
+            stringValue(dict["created_at"]),
+            stringValue(dict["updated_at"])
+        ]
+        .compactMap { $0 }
+        .joined(separator: " · ")
+        return SessionSummary(id: id, title: title, detail: detail)
+    }
+}
+
+private func extractDictionaries(from value: Any?) -> [[String: Any]] {
+    if let dict = value as? [String: Any] {
+        var result = [dict]
+        for nested in dict.values {
+            result.append(contentsOf: extractDictionaries(from: nested))
+        }
+        return result
+    }
+    if let array = value as? [Any] {
+        return array.flatMap { extractDictionaries(from: $0) }
+    }
+    return []
+}
+
+private func stringValue(_ value: Any?) -> String? {
+    switch value {
+    case let value as String where !value.isEmpty:
+        return value
+    case let value as NSNumber:
+        return value.stringValue
+    default:
+        return nil
+    }
+}
diff --git a/apps/ios/DevOpsDefender/DDClientFFI.h b/apps/ios/DevOpsDefender/DDClientFFI.h
new file mode 100644
index 0000000..b55ce86
--- /dev/null
+++ b/apps/ios/DevOpsDefender/DDClientFFI.h
@@ -0,0 +1,16 @@
+#ifndef DD_CLIENT_FFI_H
+#define DD_CLIENT_FFI_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+char *dd_client_keygen(const char *key_path, const char *cp_url, const char *label);
+char *dd_client_agent_request(const char *request_json);
+void dd_client_string_free(char *value);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/apps/ios/README.md b/apps/ios/README.md
index 8e12b9e..868c1e6 100644
--- a/apps/ios/README.md
+++ b/apps/ios/README.md
@@ -1,37 +1,49 @@
 # iOS Client
 
-The iOS client should be a native SwiftUI app backed by the Rust client core.
+Native SwiftUI client backed by `dd-client-core` through `dd-client-ffi`.
+Swift owns the UI and lifecycle; Rust owns direct Noise transport, quote
+verification, recipes, sessions, replay, and attach/write/detach primitives.
 
-Initial split:
+The current vertical slice targets PR preview testing against:
 
-- SwiftUI owns screens, navigation, notifications, Keychain access, and iOS
-  lifecycle.
-- `dd-client-core` owns protocol behavior: pairing keys, quote verification,
-  direct agent Noise transport, session RPCs, and PTY bytes.
-- `dd-client-ffi` exposes a C-compatible bridge that can be linked into an
-  Xcode target as a static library.
+```bash
+https://dd-pr-261-api-23bf4739-7737-483f-9256-1d184cbb7fab.devopsdefender.com
+```
+
+The app defaults to that URL and, on simulator or "Designed for iPad on Mac",
+tries `~/.config/devopsdefender/noise.key`. On sandboxed installs, use the
+"Use app support key path" button and paste/import the Noise key content.
 
-First screen to build:
+## App Workflow
 
-1. Generate or load a device key from Keychain-backed storage.
-2. Display the public key and CP enrollment URL.
-3. Open the enrollment URL in an authenticated browser session.
-4. After enrollment, list routed agents and connect directly to the selected
-   agent over Noise.
+- Toggle "Dev/test: skip TDX quote verification" for PR previews. This maps to
+  the CLI `--insecure-skip-quote-verify` path.
+- Tap "Load recipes" to call Rust for the recipe list.
+- Tap "List sessions" to call Rust for current sessions.
+- Tap "Create shell session" to create a session with recipe `shell`.
+- Select a session, then use "Replay transcript" or "Attach / refresh output".
+- Use the zoom stepper for larger transcript text when reading output on mobile.
+- Use quick write controls for common agent prompts: `1`, `2`, `Enter`, or a
+  short custom line. Attach/write/detach does not close the remote session.
+- Enable session notifications to get a local notification when a newly listed
+  session appears while the app is active.
 
-The iOS app should not embed a browser shell or PWA. It should be a native
-client using the same core as the CLI.
+This app intentionally does not embed a browser shell or fallback web terminal.
+
+## Prerequisites
+
+```bash
+brew install xcodegen
+rustup target add aarch64-apple-ios aarch64-apple-ios-sim
+```
 
-macOS testing target:
+On Intel simulator hosts, also install:
 
-- The first app target should run on Apple Silicon Macs through iOS app
-  compatibility mode, shown by Xcode as "Designed for iPhone/iPad".
-- Do not fork the first slice into a Catalyst UI. Keep one iOS app surface and
-  make macOS compatibility a target setting.
-- The project should keep `SUPPORTS_MAC_DESIGNED_FOR_IPHONE_IPAD = YES` and
-  target both iPhone and iPad device families.
+```bash
+rustup target add x86_64-apple-ios
+```
 
-Generate/open the starter project with XcodeGen:
+## Generate Project
 
 ```bash
 cd apps/ios
@@ -39,17 +51,63 @@ xcodegen generate
 open DevOpsDefender.xcodeproj
 ```
 
-Run the iOS app on Apple Silicon macOS through iOS compatibility mode:
+The Xcode project is generated from `project.yml`. Keep
+`SUPPORTS_MAC_DESIGNED_FOR_IPHONE_IPAD = YES` and
+`SUPPORTS_MACCATALYST = NO`; this target is iOS compatibility mode, not
+Catalyst.
+
+## Build For iOS Simulator
+
+Use an available simulator destination from `xcodebuild -showdestinations`.
+Example compile command:
+
+```bash
+cd apps/ios
+xcodebuild \
+  -project DevOpsDefender.xcodeproj \
+  -scheme DevOpsDefender \
+  -configuration Debug \
+  -destination 'generic/platform=iOS Simulator' \
+  -derivedDataPath /private/tmp/dd-client-xcode-derived \
+  ARCHS=arm64 \
+  ONLY_ACTIVE_ARCH=YES \
+  CODE_SIGNING_ALLOWED=NO \
+  build
+```
+
+## Build For "Designed For iPad On Mac"
+
+Compile without signing:
+
+```bash
+cd apps/ios
+xcodebuild -project DevOpsDefender.xcodeproj -scheme DevOpsDefender -showdestinations
+xcodebuild \
+  -project DevOpsDefender.xcodeproj \
+  -scheme DevOpsDefender \
+  -configuration Debug \
+  -destination 'platform=macOS,id=<my-mac-designed-for-ipad-id>' \
+  -derivedDataPath /private/tmp/dd-client-xcode-derived \
+  CODE_SIGNING_ALLOWED=NO \
+  build
+```
+
+Build/sign for local "My Mac (Designed for iPad)":
 
 ```bash
 cd apps/ios
-chmod +x run-designed-for-ipad-on-mac.sh
-./run-designed-for-ipad-on-mac.sh
+DD_DEVELOPMENT_TEAM=<apple-team-id> ./run-designed-for-ipad-on-mac.sh
 ```
 
-If destination discovery fails, pass the `My Mac (Designed for iPad)` id from
-`xcodebuild -project DevOpsDefender.xcodeproj -scheme DevOpsDefender -showdestinations`:
+`xcodebuild` can build the local Mac compatibility destination, but
+`devicectl` does not list that destination. After the script builds the signed
+app, open `DevOpsDefender.xcodeproj`, select "My Mac (Designed for iPad)", and
+press Run.
+
+For a physical iPhone or iPad, install and launch with CoreDevice:
 
 ```bash
-DD_IOS_MAC_DEVICE_ID=00008122-000121C20AF1001C ./run-designed-for-ipad-on-mac.sh
+cd apps/ios
+xcrun devicectl list devices
+DD_DEVELOPMENT_TEAM=<apple-team-id> DD_COREDEVICE_ID=<device-id> ./run-designed-for-ipad-on-mac.sh
 ```
diff --git a/apps/ios/Scripts/build-rust.sh b/apps/ios/Scripts/build-rust.sh
new file mode 100755
index 0000000..9c661ef
--- /dev/null
+++ b/apps/ios/Scripts/build-rust.sh
@@ -0,0 +1,81 @@
+#!/bin/sh
+set -eu
+
+if [ -n "${SRCROOT:-}" ]; then
+  REPO_ROOT=$(cd "$SRCROOT/../.." && pwd)
+else
+  SCRIPT_DIR=$(cd "$(dirname "$0")" && pwd)
+  REPO_ROOT=$(cd "$SCRIPT_DIR/../../.." && pwd)
+fi
+
+PLATFORM="${PLATFORM_NAME:-iphonesimulator}"
+CONFIGURATION="${CONFIGURATION:-Debug}"
+ARCHS_TO_BUILD="${ARCHS:-${CURRENT_ARCH:-arm64}}"
+if [ -n "${TARGET_TEMP_DIR:-}" ]; then
+  OUT_DIR="$TARGET_TEMP_DIR/rust"
+else
+  OUT_DIR="$REPO_ROOT/target/ios-universal/$PLATFORM"
+fi
+
+if [ -z "${CARGO_TARGET_DIR:-}" ]; then
+  if [ -n "${DERIVED_FILE_DIR:-}" ]; then
+    CARGO_TARGET_DIR="$DERIVED_FILE_DIR/rust-cargo-target"
+  else
+    CARGO_TARGET_DIR="$REPO_ROOT/target"
+  fi
+  export CARGO_TARGET_DIR
+fi
+
+if [ "$CONFIGURATION" = "Release" ]; then
+  PROFILE_ARG="--release"
+  PROFILE_DIR="release"
+else
+  PROFILE_ARG=""
+  PROFILE_DIR="debug"
+fi
+
+mkdir -p "$OUT_DIR"
+
+# Xcode exports an iOS SDKROOT, but Cargo build scripts are host binaries.
+# Use the macOS SDK for those host links while Rust still targets iOS below.
+SDKROOT=$(xcrun --sdk macosx --show-sdk-path)
+export SDKROOT
+
+libs=""
+for arch in $ARCHS_TO_BUILD; do
+  case "$PLATFORM:$arch" in
+    iphoneos:arm64)
+      rust_target="aarch64-apple-ios"
+      ;;
+    iphonesimulator:arm64)
+      rust_target="aarch64-apple-ios-sim"
+      ;;
+    iphonesimulator:x86_64)
+      rust_target="x86_64-apple-ios"
+      ;;
+    *)
+      echo "Unsupported Rust target for PLATFORM_NAME=$PLATFORM arch=$arch" >&2
+      exit 1
+      ;;
+  esac
+
+  if ! rustup target list --installed | grep -qx "$rust_target"; then
+    echo "Missing Rust target $rust_target. Install it with: rustup target add $rust_target" >&2
+    exit 1
+  fi
+
+  cargo build -p dd-client-ffi --lib --target "$rust_target" $PROFILE_ARG
+  lib="$CARGO_TARGET_DIR/$rust_target/$PROFILE_DIR/libdd_client_ffi.a"
+  if [ ! -f "$lib" ]; then
+    echo "Rust library was not produced at $lib" >&2
+    exit 1
+  fi
+  libs="$libs $lib"
+done
+
+set -- $libs
+if [ "$#" -eq 1 ]; then
+  cp "$1" "$OUT_DIR/libdd_client_ffi.a"
+else
+  lipo -create "$@" -output "$OUT_DIR/libdd_client_ffi.a"
+fi
diff --git a/apps/ios/project.yml b/apps/ios/project.yml
index 3afecab..85092a2 100644
--- a/apps/ios/project.yml
+++ b/apps/ios/project.yml
@@ -12,6 +12,10 @@ targets:
     platform: iOS
     sources:
       - DevOpsDefender
+    preBuildScripts:
+      - name: Build Rust FFI
+        script: Scripts/build-rust.sh
+        basedOnDependencyAnalysis: false
     settings:
       base:
         PRODUCT_BUNDLE_IDENTIFIER: com.devopsdefender.client
@@ -20,4 +24,13 @@ targets:
         SUPPORTS_MAC_DESIGNED_FOR_IPHONE_IPAD: YES
         SUPPORTS_MACCATALYST: NO
         INFOPLIST_FILE: DevOpsDefender/Info.plist
-
+        ENABLE_USER_SCRIPT_SANDBOXING: NO
+        SWIFT_OBJC_BRIDGING_HEADER: DevOpsDefender/DDClientFFI.h
+        LIBRARY_SEARCH_PATHS:
+          - "$(inherited)"
+          - "$(TARGET_TEMP_DIR)/rust"
+        OTHER_LDFLAGS:
+          - "$(inherited)"
+          - "-ldd_client_ffi"
+          - "-framework"
+          - "Security"
diff --git a/apps/ios/run-designed-for-ipad-on-mac.sh b/apps/ios/run-designed-for-ipad-on-mac.sh
index e071681..843c10e 100755
--- a/apps/ios/run-designed-for-ipad-on-mac.sh
+++ b/apps/ios/run-designed-for-ipad-on-mac.sh
@@ -6,8 +6,10 @@ cd "$(dirname "$0")"
 PROJECT="DevOpsDefender.xcodeproj"
 SCHEME="DevOpsDefender"
 BUNDLE_ID="com.devopsdefender.client"
-DEVICE_ID="${DD_IOS_MAC_DEVICE_ID:-}"
+MAC_DESTINATION_ID="${DD_IOS_MAC_DEVICE_ID:-}"
+COREDEVICE_ID="${DD_COREDEVICE_ID:-}"
 CONFIGURATION="${CONFIGURATION:-Debug}"
+DEVELOPMENT_TEAM="${DD_DEVELOPMENT_TEAM:-}"
 
 if ! command -v xcodebuild >/dev/null 2>&1; then
   echo "error: xcodebuild not found. Install Xcode and select it with xcode-select." >&2
@@ -28,26 +30,47 @@ if [ ! -d "$PROJECT" ]; then
   xcodegen generate
 fi
 
-if [ -z "$DEVICE_ID" ]; then
-  DEVICE_ID="$(
+if [ -z "$MAC_DESTINATION_ID" ]; then
+  MAC_DESTINATION_ID="$(
     xcodebuild -project "$PROJECT" -scheme "$SCHEME" -showdestinations 2>/dev/null \
       | sed -n 's/.*platform:macOS.*variant:Designed for \[iPad,iPhone\].*id:\([^,}]*\).*/\1/p' \
       | head -n 1
   )"
 fi
 
-if [ -z "$DEVICE_ID" ]; then
+if [ -z "$MAC_DESTINATION_ID" ]; then
   echo "error: could not find a 'My Mac (Designed for iPad)' destination." >&2
   echo "run: xcodebuild -project $PROJECT -scheme $SCHEME -showdestinations" >&2
   echo "then retry with: DD_IOS_MAC_DEVICE_ID=<id> $0" >&2
   exit 1
 fi
 
+if [ -z "$DEVELOPMENT_TEAM" ]; then
+  DEVELOPMENT_TEAM="$(
+    xcodebuild \
+      -project "$PROJECT" \
+      -scheme "$SCHEME" \
+      -configuration "$CONFIGURATION" \
+      -destination "platform=macOS,id=$MAC_DESTINATION_ID" \
+      -showBuildSettings 2>/dev/null \
+      | sed -n 's/^[[:space:]]*DEVELOPMENT_TEAM = //p' \
+      | head -n 1
+  )"
+fi
+
+if [ -z "$DEVELOPMENT_TEAM" ]; then
+  echo "error: DEVELOPMENT_TEAM is required to install/run an iOS app on Mac." >&2
+  echo "retry: DD_DEVELOPMENT_TEAM=<apple-team-id> $0" >&2
+  echo "find team ids in Xcode Accounts or with: security find-identity -v -p codesigning" >&2
+  exit 1
+fi
+
 xcodebuild \
   -project "$PROJECT" \
   -scheme "$SCHEME" \
   -configuration "$CONFIGURATION" \
-  -destination "platform=macOS,id=$DEVICE_ID" \
+  -destination "platform=macOS,id=$MAC_DESTINATION_ID" \
+  DEVELOPMENT_TEAM="$DEVELOPMENT_TEAM" \
   build
 
 DERIVED_DATA_DIR="$(
@@ -66,5 +89,28 @@ if [ ! -d "$APP" ]; then
   exit 1
 fi
 
-xcrun devicectl device install app --device "$DEVICE_ID" "$APP"
-xcrun devicectl device process launch --device "$DEVICE_ID" "$BUNDLE_ID"
+if [ -n "$COREDEVICE_ID" ]; then
+  xcrun devicectl device install app --device "$COREDEVICE_ID" "$APP"
+  xcrun devicectl device process launch --device "$COREDEVICE_ID" "$BUNDLE_ID"
+  exit 0
+fi
+
+cat <<EOF
+Built signed iOS app for "My Mac (Designed for iPad)" at:
+$APP
+
+Xcode exposes the local Mac compatibility destination to xcodebuild, but it is
+not listed by CoreDevice/devicectl. To run it on this Mac, open:
+
+  $PROJECT
+
+Then select "My Mac (Designed for iPad)" and press Run.
+
+For a physical iPhone or iPad, pass a CoreDevice id from:
+
+  xcrun devicectl list devices
+
+Example:
+
+  DD_DEVELOPMENT_TEAM=$DEVELOPMENT_TEAM DD_COREDEVICE_ID=<device-id> $0
+EOF
diff --git a/crates/dd-client-core/Cargo.toml b/crates/dd-client-core/Cargo.toml
index d2a7a8d..9438fa3 100644
--- a/crates/dd-client-core/Cargo.toml
+++ b/crates/dd-client-core/Cargo.toml
@@ -18,8 +18,7 @@ reqwest = { version = "0.12", default-features = false, features = ["json", "rus
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 snow = { version = "0.9", default-features = false, features = ["default-resolver"] }
-tokio = { version = "1", features = ["fs", "io-std", "io-util", "macros", "net", "rt-multi-thread", "sync"] }
+tokio = { version = "1", features = ["fs", "io-std", "io-util", "macros", "net", "rt-multi-thread", "sync", "time"] }
 tokio-tungstenite = { version = "0.28", features = ["rustls-tls-webpki-roots"] }
 urlencoding = "2"
 x25519-dalek = { version = "2", features = ["static_secrets"] }
-
diff --git a/crates/dd-client-core/src/lib.rs b/crates/dd-client-core/src/lib.rs
index b23069d..aa905dc 100644
--- a/crates/dd-client-core/src/lib.rs
+++ b/crates/dd-client-core/src/lib.rs
@@ -11,6 +11,7 @@ use serde_json::Value;
 use snow::{Builder, TransportState};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::TcpStream;
+use tokio::time::{timeout, Duration};
 use tokio_tungstenite::tungstenite::Message as WsMessage;
 use tokio_tungstenite::{connect_async, MaybeTlsStream, WebSocketStream};
 use x25519_dalek::{PublicKey, StaticSecret};
@@ -234,6 +235,46 @@ pub async fn attach_session(mut conn: NoiseConnection, id: &str) -> anyhow::Resu
     Ok(())
 }
 
+pub async fn attach_session_exchange(
+    mut conn: NoiseConnection,
+    id: &str,
+    input: &[u8],
+    max_bytes: usize,
+    idle_timeout: Duration,
+) -> anyhow::Result<Vec<u8>> {
+    let ack = conn
+        .call(serde_json::json!({
+            "method": "shell.attach_session",
+            "id": id,
+            "tail": true,
+        }))
+        .await?;
+    if ack.get("error").is_some() {
+        anyhow::bail!("attach failed: {}", serde_json::to_string(&ack)?);
+    }
+
+    if !input.is_empty() {
+        send_encrypted(&mut conn.transport, &mut conn.sink, input).await?;
+    }
+
+    let mut output = Vec::new();
+    while output.len() < max_bytes {
+        let frame = match timeout(idle_timeout, next_binary(&mut conn.stream)).await {
+            Ok(frame) => frame?,
+            Err(_) => break,
+        };
+        let Some(cipher) = frame else {
+            break;
+        };
+        let mut plain = vec![0u8; cipher.len()];
+        let n = conn.transport.read_message(&cipher, &mut plain)?;
+        let remaining = max_bytes - output.len();
+        output.extend_from_slice(&plain[..n.min(remaining)]);
+    }
+
+    Ok(output)
+}
+
 #[derive(Debug, Eq, PartialEq)]
 enum AttachInputAction {
     Forward,
diff --git a/crates/dd-client-ffi/Cargo.toml b/crates/dd-client-ffi/Cargo.toml
index 4fc6283..8454b56 100644
--- a/crates/dd-client-ffi/Cargo.toml
+++ b/crates/dd-client-ffi/Cargo.toml
@@ -9,10 +9,11 @@ repository.workspace = true
 crate-type = ["cdylib", "staticlib", "rlib"]
 
 [dependencies]
+base64 = "0.22"
 dd-client-core = { path = "../dd-client-core" }
+hex = "0.4"
 serde_json = "1"
 tokio = { version = "1", features = ["fs", "rt"] }
 
 [dev-dependencies]
 tempfile = "3"
-
diff --git a/crates/dd-client-ffi/src/lib.rs b/crates/dd-client-ffi/src/lib.rs
index 9f2748d..1b921b5 100644
--- a/crates/dd-client-ffi/src/lib.rs
+++ b/crates/dd-client-ffi/src/lib.rs
@@ -1,6 +1,20 @@
 use std::ffi::{CStr, CString};
 use std::os::raw::c_char;
-use std::path::Path;
+use std::path::{Path, PathBuf};
+use std::time::Duration;
+
+use base64::Engine as _;
+use dd_client_core::{
+    attach_session_exchange, connect, create_session, list_recipes, list_sessions, replay_session,
+    session_id, ConnectionOptions, CreateSessionRequest, IntelTrustAuthority, QuoteVerification,
+};
+
+const DEFAULT_ITA_BASE_URL: &str = "https://api.trustauthority.intel.com";
+const DEFAULT_ITA_JWKS_URL: &str = "https://portal.trustauthority.intel.com/certs";
+const DEFAULT_ITA_ISSUER: &str = "https://portal.trustauthority.intel.com";
+const DEFAULT_ATTACH_MAX_BYTES: usize = 128 * 1024;
+const MAX_ATTACH_BYTES: usize = 1024 * 1024;
+const DEFAULT_ATTACH_IDLE_TIMEOUT_MS: u64 = 1200;
 
 #[no_mangle]
 pub extern "C" fn dd_client_keygen(
@@ -12,6 +26,12 @@ pub extern "C" fn dd_client_keygen(
     into_c_string(result)
 }
 
+#[no_mangle]
+pub extern "C" fn dd_client_agent_request(request_json: *const c_char) -> *mut c_char {
+    let result = agent_request_response(request_json);
+    into_c_string(result)
+}
+
 #[no_mangle]
 /// # Safety
 ///
@@ -68,6 +88,161 @@ fn keygen(
     }))
 }
 
+fn agent_request_response(request_json: *const c_char) -> serde_json::Value {
+    match agent_request(request_json) {
+        Ok(value) => value,
+        Err(error) => serde_json::json!({
+            "ok": false,
+            "error": error,
+        }),
+    }
+}
+
+fn agent_request(request_json: *const c_char) -> Result<serde_json::Value, String> {
+    let request_json = required_c_string(request_json, "request_json")?;
+    let request: serde_json::Value =
+        serde_json::from_str(&request_json).map_err(|e| format!("parse request_json: {e}"))?;
+    let operation = required_json_string(&request, "operation")?;
+
+    match operation.as_str() {
+        "import_key" => import_key_request(&request),
+        "recipes" | "list_recipes" => {
+            let opts = connection_options_from_request(&request)?;
+            let runtime = runtime()?;
+            let value = runtime
+                .block_on(async {
+                    let mut conn = connect(&opts).await?;
+                    list_recipes(&mut conn).await
+                })
+                .map_err(|e| e.to_string())?;
+            Ok(ok_value("recipes", value))
+        }
+        "sessions" | "list_sessions" => {
+            let opts = connection_options_from_request(&request)?;
+            let runtime = runtime()?;
+            let value = runtime
+                .block_on(async {
+                    let mut conn = connect(&opts).await?;
+                    list_sessions(&mut conn).await
+                })
+                .map_err(|e| e.to_string())?;
+            Ok(ok_value("sessions", value))
+        }
+        "create_session" => {
+            let opts = connection_options_from_request(&request)?;
+            let create_request = CreateSessionRequest {
+                recipe: optional_json_string(&request, "recipe")?,
+                name: optional_json_string(&request, "name")?,
+                command: optional_json_string(&request, "command")?,
+            };
+            let runtime = runtime()?;
+            let value = runtime
+                .block_on(async {
+                    let mut conn = connect(&opts).await?;
+                    create_session(&mut conn, &create_request).await
+                })
+                .map_err(|e| e.to_string())?;
+            let mut response = ok_map("create_session");
+            if let Ok(id) = session_id(&value) {
+                response.insert("session_id".to_string(), serde_json::Value::String(id));
+            }
+            response.insert("value".to_string(), value);
+            Ok(serde_json::Value::Object(response))
+        }
+        "replay_session" => {
+            let opts = connection_options_from_request(&request)?;
+            let id = required_json_string(&request, "id")?;
+            let runtime = runtime()?;
+            let value = runtime
+                .block_on(async {
+                    let mut conn = connect(&opts).await?;
+                    replay_session(&mut conn, &id).await
+                })
+                .map_err(|e| e.to_string())?;
+            Ok(ok_value("replay_session", value))
+        }
+        "attach_exchange" | "attach_snapshot" => {
+            let opts = connection_options_from_request(&request)?;
+            let id = required_json_string(&request, "id")?;
+            let input = optional_json_string(&request, "input")?.unwrap_or_default();
+            let max_bytes = usize_json_field(&request, "max_bytes")?
+                .unwrap_or(DEFAULT_ATTACH_MAX_BYTES)
+                .min(MAX_ATTACH_BYTES);
+            let idle_timeout_ms = u64_json_field(&request, "idle_timeout_ms")?
+                .unwrap_or(DEFAULT_ATTACH_IDLE_TIMEOUT_MS)
+                .clamp(100, 10_000);
+            let runtime = runtime()?;
+            let bytes = runtime
+                .block_on(async {
+                    let conn = connect(&opts).await?;
+                    attach_session_exchange(
+                        conn,
+                        &id,
+                        input.as_bytes(),
+                        max_bytes,
+                        Duration::from_millis(idle_timeout_ms),
+                    )
+                    .await
+                })
+                .map_err(|e| e.to_string())?;
+            let mut response = ok_map("attach_exchange");
+            response.insert(
+                "text".to_string(),
+                serde_json::Value::String(String::from_utf8_lossy(&bytes).into_owned()),
+            );
+            response.insert(
+                "bytes_base64".to_string(),
+                serde_json::Value::String(base64::engine::general_purpose::STANDARD.encode(&bytes)),
+            );
+            response.insert(
+                "truncated".to_string(),
+                serde_json::Value::Bool(bytes.len() >= max_bytes),
+            );
+            Ok(serde_json::Value::Object(response))
+        }
+        _ => Err(format!("unsupported operation: {operation}")),
+    }
+}
+
+fn import_key_request(request: &serde_json::Value) -> Result<serde_json::Value, String> {
+    let key_path = required_json_string(request, "key_path")?;
+    let key_content = required_json_string(request, "key_content")?;
+    let bytes = parse_key_content(&key_content)?;
+    persist_key(Path::new(&key_path), &bytes)?;
+    Ok(serde_json::json!({
+        "ok": true,
+        "operation": "import_key",
+        "key_path": key_path,
+    }))
+}
+
+fn connection_options_from_request(
+    request: &serde_json::Value,
+) -> Result<ConnectionOptions, String> {
+    let agent_url = required_json_string(request, "agent_url")?;
+    let key_path = required_json_string(request, "key_path")?;
+    let quote_verification =
+        if bool_json_field(request, "insecure_skip_quote_verify")?.unwrap_or(false) {
+            QuoteVerification::InsecureSkip
+        } else {
+            QuoteVerification::IntelTrustAuthority(IntelTrustAuthority {
+                api_key: required_json_string(request, "ita_api_key")?,
+                base_url: optional_json_string(request, "ita_base_url")?
+                    .unwrap_or_else(|| DEFAULT_ITA_BASE_URL.to_string()),
+                jwks_url: optional_json_string(request, "ita_jwks_url")?
+                    .unwrap_or_else(|| DEFAULT_ITA_JWKS_URL.to_string()),
+                issuer: optional_json_string(request, "ita_issuer")?
+                    .unwrap_or_else(|| DEFAULT_ITA_ISSUER.to_string()),
+            })
+        };
+
+    Ok(ConnectionOptions {
+        agent_url,
+        key_path: PathBuf::from(key_path),
+        quote_verification,
+    })
+}
+
 fn required_c_string(ptr: *const c_char, name: &str) -> Result<String, String> {
     optional_c_string(ptr)?.ok_or_else(|| format!("{name} is required"))
 }
@@ -83,6 +258,115 @@ fn optional_c_string(ptr: *const c_char) -> Result<Option<String>, String> {
     Ok(Some(s))
 }
 
+fn required_json_string(request: &serde_json::Value, name: &str) -> Result<String, String> {
+    optional_json_string(request, name)?.ok_or_else(|| format!("{name} is required"))
+}
+
+fn optional_json_string(request: &serde_json::Value, name: &str) -> Result<Option<String>, String> {
+    match request.get(name) {
+        None | Some(serde_json::Value::Null) => Ok(None),
+        Some(serde_json::Value::String(value)) if value.is_empty() => Ok(None),
+        Some(serde_json::Value::String(value)) => Ok(Some(value.to_owned())),
+        Some(_) => Err(format!("{name} must be a string")),
+    }
+}
+
+fn bool_json_field(request: &serde_json::Value, name: &str) -> Result<Option<bool>, String> {
+    match request.get(name) {
+        None | Some(serde_json::Value::Null) => Ok(None),
+        Some(serde_json::Value::Bool(value)) => Ok(Some(*value)),
+        Some(_) => Err(format!("{name} must be a boolean")),
+    }
+}
+
+fn u64_json_field(request: &serde_json::Value, name: &str) -> Result<Option<u64>, String> {
+    match request.get(name) {
+        None | Some(serde_json::Value::Null) => Ok(None),
+        Some(serde_json::Value::Number(value)) => value
+            .as_u64()
+            .ok_or_else(|| format!("{name} must be an unsigned integer"))
+            .map(Some),
+        Some(_) => Err(format!("{name} must be an unsigned integer")),
+    }
+}
+
+fn usize_json_field(request: &serde_json::Value, name: &str) -> Result<Option<usize>, String> {
+    Ok(u64_json_field(request, name)?.map(|value| value as usize))
+}
+
+fn runtime() -> Result<tokio::runtime::Runtime, String> {
+    tokio::runtime::Builder::new_current_thread()
+        .enable_all()
+        .build()
+        .map_err(|e| e.to_string())
+}
+
+fn ok_value(operation: &str, value: serde_json::Value) -> serde_json::Value {
+    let mut response = ok_map(operation);
+    response.insert("value".to_string(), value);
+    serde_json::Value::Object(response)
+}
+
+fn ok_map(operation: &str) -> serde_json::Map<String, serde_json::Value> {
+    serde_json::Map::from_iter([
+        ("ok".to_string(), serde_json::Value::Bool(true)),
+        (
+            "operation".to_string(),
+            serde_json::Value::String(operation.to_string()),
+        ),
+    ])
+}
+
+fn parse_key_content(content: &str) -> Result<[u8; 32], String> {
+    let compact: String = content.split_whitespace().collect();
+    let hexish = compact.strip_prefix("0x").unwrap_or(&compact);
+    let bytes = if hexish.len() == 64 && hexish.bytes().all(|b| b.is_ascii_hexdigit()) {
+        hex::decode(hexish).map_err(|e| format!("decode key hex: {e}"))?
+    } else {
+        let mut decoded = None;
+        for engine in [
+            &base64::engine::general_purpose::STANDARD,
+            &base64::engine::general_purpose::STANDARD_NO_PAD,
+            &base64::engine::general_purpose::URL_SAFE,
+            &base64::engine::general_purpose::URL_SAFE_NO_PAD,
+        ] {
+            if let Ok(bytes) = engine.decode(&compact) {
+                decoded = Some(bytes);
+                break;
+            }
+        }
+        decoded.ok_or_else(|| {
+            "key_content must be 32 raw bytes encoded as hex or base64".to_string()
+        })?
+    };
+
+    if bytes.len() != 32 {
+        return Err(format!(
+            "key_content decoded to {} bytes, expected 32",
+            bytes.len()
+        ));
+    }
+    let mut key = [0u8; 32];
+    key.copy_from_slice(&bytes);
+    Ok(key)
+}
+
+fn persist_key(path: &Path, bytes: &[u8; 32]) -> Result<(), String> {
+    if let Some(parent) = path.parent() {
+        std::fs::create_dir_all(parent).map_err(|e| format!("create {}: {e}", parent.display()))?;
+    }
+    let tmp = path.with_extension("key.tmp");
+    std::fs::write(&tmp, bytes).map_err(|e| format!("write {}: {e}", tmp.display()))?;
+    #[cfg(unix)]
+    {
+        use std::os::unix::fs::PermissionsExt;
+        std::fs::set_permissions(&tmp, std::fs::Permissions::from_mode(0o600))
+            .map_err(|e| format!("chmod {}: {e}", tmp.display()))?;
+    }
+    std::fs::rename(&tmp, path).map_err(|e| format!("rename {}: {e}", path.display()))?;
+    Ok(())
+}
+
 fn into_c_string(value: serde_json::Value) -> *mut c_char {
     let text = serde_json::to_string(&value)
         .unwrap_or_else(|e| format!(r#"{{"ok":false,"error":"serialize response: {e}"}}"#));
@@ -124,4 +408,48 @@ mod tests {
         assert_eq!(value["ok"], false);
         assert!(value["error"].as_str().unwrap().contains("key_path"));
     }
+
+    #[test]
+    fn agent_request_rejects_unknown_operation() {
+        let request = CString::new(r#"{"operation":"bogus"}"#).unwrap();
+
+        let value = agent_request_response(request.as_ptr());
+
+        assert_eq!(value["ok"], false);
+        assert!(value["error"]
+            .as_str()
+            .unwrap()
+            .contains("unsupported operation"));
+    }
+
+    #[test]
+    fn import_key_accepts_hex_content() {
+        let dir = tempfile::tempdir().unwrap();
+        let key_path = dir.path().join("noise.key");
+        let request = CString::new(format!(
+            r#"{{"operation":"import_key","key_path":"{}","key_content":"{}"}}"#,
+            key_path.display(),
+            "07".repeat(32)
+        ))
+        .unwrap();
+
+        let value = agent_request_response(request.as_ptr());
+
+        assert_eq!(value["ok"], true);
+        assert_eq!(std::fs::read(key_path).unwrap(), vec![7u8; 32]);
+    }
+
+    #[test]
+    fn connection_options_requires_ita_key_when_verification_enabled() {
+        let request: serde_json::Value = serde_json::json!({
+            "operation": "recipes",
+            "agent_url": "https://agent.example.com",
+            "key_path": "/tmp/noise.key",
+            "insecure_skip_quote_verify": false
+        });
+
+        let error = connection_options_from_request(&request).unwrap_err();
+
+        assert!(error.contains("ita_api_key"));
+    }
 }

From 4ae8a460f919008a5b04e54d64330fb6d0b24da8 Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 12:35:35 -0400
Subject: [PATCH 02/18] Use simulator host home for iOS key default

---
 apps/ios/DevOpsDefender/DDClientBridge.swift | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apps/ios/DevOpsDefender/DDClientBridge.swift b/apps/ios/DevOpsDefender/DDClientBridge.swift
index 11d8983..156398c 100644
--- a/apps/ios/DevOpsDefender/DDClientBridge.swift
+++ b/apps/ios/DevOpsDefender/DDClientBridge.swift
@@ -146,6 +146,16 @@ enum AppDefaults {
     }
 
     private static var hostNoiseKeyPath: String {
+        let environment = ProcessInfo.processInfo.environment
+        if let simulatorHostHome = environment["SIMULATOR_HOST_HOME"],
+           simulatorHostHome.hasPrefix("/Users/") {
+            return simulatorHostHome + "/.config/devopsdefender/noise.key"
+        }
+        if let hostHome = environment["HOME"],
+           hostHome.hasPrefix("/Users/"),
+           !hostHome.contains("/CoreSimulator/Devices/") {
+            return hostHome + "/.config/devopsdefender/noise.key"
+        }
         let userName = NSUserName()
         if userName.isEmpty {
             return appSupportNoiseKeyPath

From 622401ed87ad9441cd2be3c11befbc6e2141d740 Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 12:54:23 -0400
Subject: [PATCH 03/18] Make iOS Rust build script work from Xcode

---
 apps/ios/Scripts/build-rust.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/apps/ios/Scripts/build-rust.sh b/apps/ios/Scripts/build-rust.sh
index 9c661ef..7065c8d 100755
--- a/apps/ios/Scripts/build-rust.sh
+++ b/apps/ios/Scripts/build-rust.sh
@@ -1,6 +1,27 @@
 #!/bin/sh
 set -eu
 
+# Xcode launched from the GUI does not inherit the user's shell PATH. Make the
+# common Rust/Homebrew locations visible before invoking cargo/rustup.
+if [ -n "${HOME:-}" ]; then
+  PATH="$HOME/.cargo/bin:$PATH"
+fi
+PATH="/opt/homebrew/bin:/usr/local/bin:$PATH"
+export PATH
+
+require_command() {
+  if ! command -v "$1" >/dev/null 2>&1; then
+    echo "error: $1 not found while building Rust FFI." >&2
+    echo "hint: install Rust with rustup and ensure $HOME/.cargo/bin exists." >&2
+    echo "hint: current PATH is: $PATH" >&2
+    exit 1
+  fi
+}
+
+require_command cargo
+require_command rustup
+require_command xcrun
+
 if [ -n "${SRCROOT:-}" ]; then
   REPO_ROOT=$(cd "$SRCROOT/../.." && pwd)
 else

From 1fe3680bee5cf9809d8f487e92e1bb1318b0bc9e Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 13:05:53 -0400
Subject: [PATCH 04/18] Fix iOS local signing defaults

---
 .gitignore                               |  1 +
 apps/ios/Config/Signing.xcconfig         |  3 +++
 apps/ios/README.md                       | 12 +++++++++
 apps/ios/project.yml                     |  9 ++++---
 apps/ios/run-designed-for-ipad-on-mac.sh | 34 ++++++++++++++++++------
 5 files changed, 47 insertions(+), 12 deletions(-)
 create mode 100644 apps/ios/Config/Signing.xcconfig

diff --git a/.gitignore b/.gitignore
index efec3cc..622d2bf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,5 +3,6 @@
 *.key.tmp
 .DS_Store
 apps/ios/DevOpsDefender.xcodeproj/
+apps/ios/Config/Signing.local.xcconfig
 apps/ios/com.apple.DeveloperTools/
 apps/ios/err
diff --git a/apps/ios/Config/Signing.xcconfig b/apps/ios/Config/Signing.xcconfig
new file mode 100644
index 0000000..61fe954
--- /dev/null
+++ b/apps/ios/Config/Signing.xcconfig
@@ -0,0 +1,3 @@
+DD_PRODUCT_BUNDLE_IDENTIFIER = dev.devopsdefender.client.team$(DEVELOPMENT_TEAM)
+
+#include? "Signing.local.xcconfig"
diff --git a/apps/ios/README.md b/apps/ios/README.md
index 868c1e6..f076707 100644
--- a/apps/ios/README.md
+++ b/apps/ios/README.md
@@ -99,6 +99,18 @@ cd apps/ios
 DD_DEVELOPMENT_TEAM=<apple-team-id> ./run-designed-for-ipad-on-mac.sh
 ```
 
+The script defaults the bundle identifier to
+`dev.devopsdefender.client.team<apple-team-id>` and passes
+`-allowProvisioningUpdates` so Xcode can create a local development profile.
+If Apple reports that a bundle identifier is unavailable, choose another unique
+one:
+
+```bash
+DD_DEVELOPMENT_TEAM=<apple-team-id> \
+DD_BUNDLE_ID=com.<your-name>.devopsdefender.client \
+./run-designed-for-ipad-on-mac.sh
+```
+
 `xcodebuild` can build the local Mac compatibility destination, but
 `devicectl` does not list that destination. After the script builds the signed
 app, open `DevOpsDefender.xcodeproj`, select "My Mac (Designed for iPad)", and
diff --git a/apps/ios/project.yml b/apps/ios/project.yml
index 85092a2..9280429 100644
--- a/apps/ios/project.yml
+++ b/apps/ios/project.yml
@@ -3,22 +3,23 @@ options:
   bundleIdPrefix: com.devopsdefender
   deploymentTarget:
     iOS: "17.0"
-settings:
-  base:
-    DEVELOPMENT_TEAM: ""
 targets:
   DevOpsDefender:
     type: application
     platform: iOS
     sources:
       - DevOpsDefender
+    configFiles:
+      Debug: Config/Signing.xcconfig
+      Release: Config/Signing.xcconfig
     preBuildScripts:
       - name: Build Rust FFI
         script: Scripts/build-rust.sh
         basedOnDependencyAnalysis: false
     settings:
       base:
-        PRODUCT_BUNDLE_IDENTIFIER: com.devopsdefender.client
+        DD_PRODUCT_BUNDLE_IDENTIFIER: dev.devopsdefender.client.team$(DEVELOPMENT_TEAM)
+        PRODUCT_BUNDLE_IDENTIFIER: "$(DD_PRODUCT_BUNDLE_IDENTIFIER)"
         PRODUCT_NAME: DevOpsDefender
         TARGETED_DEVICE_FAMILY: "1,2"
         SUPPORTS_MAC_DESIGNED_FOR_IPHONE_IPAD: YES
diff --git a/apps/ios/run-designed-for-ipad-on-mac.sh b/apps/ios/run-designed-for-ipad-on-mac.sh
index 843c10e..292f86c 100755
--- a/apps/ios/run-designed-for-ipad-on-mac.sh
+++ b/apps/ios/run-designed-for-ipad-on-mac.sh
@@ -5,7 +5,7 @@ cd "$(dirname "$0")"
 
 PROJECT="DevOpsDefender.xcodeproj"
 SCHEME="DevOpsDefender"
-BUNDLE_ID="com.devopsdefender.client"
+BUNDLE_ID="${DD_BUNDLE_ID:-}"
 MAC_DESTINATION_ID="${DD_IOS_MAC_DEVICE_ID:-}"
 COREDEVICE_ID="${DD_COREDEVICE_ID:-}"
 CONFIGURATION="${CONFIGURATION:-Debug}"
@@ -21,13 +21,12 @@ if ! command -v xcrun >/dev/null 2>&1; then
   exit 1
 fi
 
-if [ ! -d "$PROJECT" ]; then
-  if ! command -v xcodegen >/dev/null 2>&1; then
-    echo "error: $PROJECT is missing and xcodegen is not installed." >&2
-    echo "install: brew install xcodegen" >&2
-    exit 1
-  fi
+if command -v xcodegen >/dev/null 2>&1; then
   xcodegen generate
+elif [ ! -d "$PROJECT" ]; then
+  echo "error: $PROJECT is missing and xcodegen is not installed." >&2
+  echo "install: brew install xcodegen" >&2
+  exit 1
 fi
 
 if [ -z "$MAC_DESTINATION_ID" ]; then
@@ -65,12 +64,24 @@ if [ -z "$DEVELOPMENT_TEAM" ]; then
   exit 1
 fi
 
+if [ -z "$BUNDLE_ID" ]; then
+  BUNDLE_ID="dev.devopsdefender.client.team$DEVELOPMENT_TEAM"
+fi
+
+mkdir -p Config
+cat > Config/Signing.local.xcconfig <<EOF
+DEVELOPMENT_TEAM = $DEVELOPMENT_TEAM
+DD_PRODUCT_BUNDLE_IDENTIFIER = $BUNDLE_ID
+EOF
+
 xcodebuild \
+  -allowProvisioningUpdates \
   -project "$PROJECT" \
   -scheme "$SCHEME" \
   -configuration "$CONFIGURATION" \
   -destination "platform=macOS,id=$MAC_DESTINATION_ID" \
   DEVELOPMENT_TEAM="$DEVELOPMENT_TEAM" \
+  DD_PRODUCT_BUNDLE_IDENTIFIER="$BUNDLE_ID" \
   build
 
 DERIVED_DATA_DIR="$(
@@ -78,6 +89,8 @@ DERIVED_DATA_DIR="$(
     -project "$PROJECT" \
     -scheme "$SCHEME" \
     -configuration "$CONFIGURATION" \
+    DEVELOPMENT_TEAM="$DEVELOPMENT_TEAM" \
+    DD_PRODUCT_BUNDLE_IDENTIFIER="$BUNDLE_ID" \
     -showBuildSettings \
     -json \
     | plutil -extract 0.buildSettings.BUILT_PRODUCTS_DIR raw -o - -
@@ -106,11 +119,16 @@ not listed by CoreDevice/devicectl. To run it on this Mac, open:
 
 Then select "My Mac (Designed for iPad)" and press Run.
 
+The script also wrote Config/Signing.local.xcconfig so Xcode uses:
+
+  DEVELOPMENT_TEAM=$DEVELOPMENT_TEAM
+  DD_PRODUCT_BUNDLE_IDENTIFIER=$BUNDLE_ID
+
 For a physical iPhone or iPad, pass a CoreDevice id from:
 
   xcrun devicectl list devices
 
 Example:
 
-  DD_DEVELOPMENT_TEAM=$DEVELOPMENT_TEAM DD_COREDEVICE_ID=<device-id> $0
+  DD_DEVELOPMENT_TEAM=$DEVELOPMENT_TEAM DD_BUNDLE_ID=$BUNDLE_ID DD_COREDEVICE_ID=<device-id> $0
 EOF

From 52297e85c117e9fdd19b4fa2f659a6a67fe602fb Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 13:09:46 -0400
Subject: [PATCH 05/18] Restyle iOS app as transcript workspace

---
 apps/ios/DevOpsDefender/ContentView.swift | 711 +++++++++++++++++-----
 1 file changed, 574 insertions(+), 137 deletions(-)

diff --git a/apps/ios/DevOpsDefender/ContentView.swift b/apps/ios/DevOpsDefender/ContentView.swift
index 897dc4a..4a74ff6 100644
--- a/apps/ios/DevOpsDefender/ContentView.swift
+++ b/apps/ios/DevOpsDefender/ContentView.swift
@@ -2,201 +2,638 @@ import SwiftUI
 
 struct ContentView: View {
     @StateObject private var viewModel = ClientViewModel()
+    @State private var isConnectionExpanded = false
+    @State private var isDebugExpanded = false
+    @State private var showTranscriptReader = false
+
+    private let actionColumns = [
+        GridItem(.adaptive(minimum: 150), spacing: 10)
+    ]
 
     var body: some View {
         NavigationStack {
-            Form {
-                Section("Connection") {
+            ZStack {
+                Palette.page.ignoresSafeArea()
+
+                ScrollView {
+                    VStack(alignment: .leading, spacing: 14) {
+                        header
+                        statusStrip
+                        actionPanel
+                        transcriptPanel
+                        writePanel
+                        sessionsPanel
+                        recipesPanel
+                        connectionPanel
+                        debugPanel
+                    }
+                    .padding(.horizontal, 16)
+                    .padding(.vertical, 18)
+                    .frame(maxWidth: 980, alignment: .center)
+                    .frame(maxWidth: .infinity)
+                }
+            }
+            .navigationTitle("DevOps Defender")
+            .navigationBarTitleDisplayMode(.inline)
+            .sheet(isPresented: $showTranscriptReader) {
+                TranscriptReaderView(
+                    transcript: viewModel.transcript,
+                    fontSize: $viewModel.transcriptFontSize
+                )
+            }
+        }
+    }
+
+    private var header: some View {
+        Card {
+            VStack(alignment: .leading, spacing: 12) {
+                HStack(alignment: .firstTextBaseline) {
+                    VStack(alignment: .leading, spacing: 4) {
+                        Text("Agent workspace")
+                            .font(.title2.weight(.semibold))
+                            .foregroundStyle(Palette.text)
+                        Text(agentHost)
+                            .font(.callout)
+                            .foregroundStyle(Palette.muted)
+                            .lineLimit(1)
+                    }
+
+                    Spacer()
+
+                    Text(viewModel.insecureSkipQuoteVerify ? "PR preview" : "Quote verified")
+                        .font(.caption.weight(.semibold))
+                        .padding(.horizontal, 10)
+                        .padding(.vertical, 6)
+                        .background(Palette.chip)
+                        .clipShape(Capsule())
+                        .foregroundStyle(Palette.text)
+                }
+
+                HStack(spacing: 10) {
+                    Label(selectedSessionLabel, systemImage: "terminal")
+                        .font(.caption)
+                        .foregroundStyle(Palette.muted)
+                        .lineLimit(1)
+
+                    Spacer()
+
+                    if viewModel.isBusy {
+                        ProgressView()
+                            .controlSize(.small)
+                    }
+                }
+            }
+        }
+    }
+
+    private var statusStrip: some View {
+        HStack(spacing: 10) {
+            Circle()
+                .fill(viewModel.isBusy ? Palette.busy : Palette.ready)
+                .frame(width: 8, height: 8)
+
+            Text(viewModel.status)
+                .font(.callout)
+                .foregroundStyle(Palette.text)
+                .lineLimit(2)
+
+            Spacer()
+        }
+        .padding(.horizontal, 14)
+        .padding(.vertical, 10)
+        .background(Palette.status)
+        .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
+    }
+
+    private var actionPanel: some View {
+        Card {
+            VStack(alignment: .leading, spacing: 12) {
+                SectionHeader(title: "Runbook", subtitle: "Load, create, attach, detach")
+
+                LazyVGrid(columns: actionColumns, spacing: 10) {
+                    ActionButton("Load recipes", systemImage: "list.bullet.rectangle") {
+                        viewModel.loadRecipes()
+                    }
+                    .disabled(viewModel.isBusy)
+
+                    ActionButton("List sessions", systemImage: "rectangle.stack") {
+                        viewModel.loadSessions()
+                    }
+                    .disabled(viewModel.isBusy)
+
+                    ActionButton("Create shell", systemImage: "plus.app") {
+                        viewModel.createShellSession()
+                    }
+                    .disabled(viewModel.isBusy)
+
+                    ActionButton("Attach refresh", systemImage: "arrow.clockwise") {
+                        viewModel.attachSelectedSession()
+                    }
+                    .disabled(viewModel.isBusy)
+                }
+            }
+        }
+    }
+
+    private var transcriptPanel: some View {
+        Card {
+            VStack(alignment: .leading, spacing: 12) {
+                HStack(alignment: .firstTextBaseline) {
+                    SectionHeader(title: "Transcript", subtitle: selectedSessionLabel)
+
+                    Spacer()
+
+                    Button {
+                        showTranscriptReader = true
+                    } label: {
+                        Label("Reader", systemImage: "text.magnifyingglass")
+                            .labelStyle(.titleAndIcon)
+                    }
+                    .buttonStyle(QuietButtonStyle())
+                }
+
+                HStack(spacing: 10) {
+                    Button("Replay") {
+                        viewModel.replaySelectedSession()
+                    }
+                    .buttonStyle(PlainPillButtonStyle())
+                    .disabled(viewModel.isBusy)
+
+                    Stepper(
+                        "Text \(Int(viewModel.transcriptFontSize))",
+                        value: $viewModel.transcriptFontSize,
+                        in: 11...30,
+                        step: 1
+                    )
+                    .font(.caption)
+                    .foregroundStyle(Palette.muted)
+                }
+
+                ScrollView([.horizontal, .vertical]) {
+                    Text(transcriptText)
+                        .font(.system(size: viewModel.transcriptFontSize, design: .monospaced))
+                        .foregroundStyle(Palette.terminalText)
+                        .textSelection(.enabled)
+                        .frame(maxWidth: .infinity, alignment: .leading)
+                        .padding(14)
+                }
+                .frame(minHeight: 340)
+                .background(Palette.terminal)
+                .clipShape(RoundedRectangle(cornerRadius: 16, style: .continuous))
+                .overlay(
+                    RoundedRectangle(cornerRadius: 16, style: .continuous)
+                        .stroke(Palette.border, lineWidth: 1)
+                )
+            }
+        }
+    }
+
+    private var writePanel: some View {
+        Card {
+            VStack(alignment: .leading, spacing: 12) {
+                SectionHeader(
+                    title: "Mobile replies",
+                    subtitle: "Optimized for 1, 2, enter, and short prompts"
+                )
+
+                TextField("Type a short reply", text: $viewModel.quickInput, axis: .vertical)
+                    .textInputAutocapitalization(.never)
+                    .font(.body.monospaced())
+                    .lineLimit(1...3)
+                    .padding(12)
+                    .background(Palette.input)
+                    .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
+
+                HStack(spacing: 10) {
+                    Button("Send") {
+                        viewModel.sendQuickInput()
+                    }
+                    .buttonStyle(PrimaryPillButtonStyle())
+                    .disabled(viewModel.isBusy)
+
+                    Button("1") {
+                        viewModel.sendQuickInput("1\n")
+                    }
+                    .buttonStyle(PlainPillButtonStyle())
+                    .disabled(viewModel.isBusy)
+
+                    Button("2") {
+                        viewModel.sendQuickInput("2\n")
+                    }
+                    .buttonStyle(PlainPillButtonStyle())
+                    .disabled(viewModel.isBusy)
+
+                    Button("Enter") {
+                        viewModel.sendQuickInput("\n")
+                    }
+                    .buttonStyle(PlainPillButtonStyle())
+                    .disabled(viewModel.isBusy)
+                }
+
+                Text("Each send attaches, writes bytes, waits briefly, then detaches without closing the session.")
+                    .font(.footnote)
+                    .foregroundStyle(Palette.muted)
+            }
+        }
+    }
+
+    private var sessionsPanel: some View {
+        Card {
+            VStack(alignment: .leading, spacing: 12) {
+                SectionHeader(title: "Sessions", subtitle: "\(viewModel.sessions.count) loaded")
+
+                Toggle("Notify on session changes", isOn: $viewModel.notifyOnSessionChanges)
+                    .font(.callout)
+
+                TextField("Paste or edit selected session id", text: $viewModel.selectedSessionID)
+                    .textInputAutocapitalization(.never)
+                    .font(.caption.monospaced())
+                    .padding(12)
+                    .background(Palette.input)
+                    .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
+
+                if viewModel.sessions.isEmpty {
+                    EmptyState(text: "No sessions loaded")
+                } else {
+                    VStack(spacing: 8) {
+                        ForEach(viewModel.sessions) { session in
+                            SessionRow(
+                                session: session,
+                                isSelected: session.id == viewModel.selectedSessionID
+                            ) {
+                                viewModel.selectSession(session)
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    private var recipesPanel: some View {
+        Card {
+            VStack(alignment: .leading, spacing: 12) {
+                SectionHeader(title: "Recipes", subtitle: "\(viewModel.recipes.count) loaded")
+
+                if viewModel.recipes.isEmpty {
+                    EmptyState(text: "Load recipes to confirm the PR preview is reachable")
+                } else {
+                    VStack(spacing: 8) {
+                        ForEach(viewModel.recipes) { recipe in
+                            SummaryRow(title: recipe.title, id: recipe.id, detail: recipe.detail)
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    private var connectionPanel: some View {
+        Card {
+            DisclosureGroup(isExpanded: $isConnectionExpanded) {
+                VStack(alignment: .leading, spacing: 12) {
                     TextField("Agent URL", text: $viewModel.agentURL)
                         .textInputAutocapitalization(.never)
                         .keyboardType(.URL)
+                        .textFieldStyle(WorkspaceTextFieldStyle())
 
                     TextField("Noise key path", text: $viewModel.keyPath)
                         .textInputAutocapitalization(.never)
-                        .font(.system(.body, design: .monospaced))
+                        .font(.body.monospaced())
+                        .textFieldStyle(WorkspaceTextFieldStyle())
 
                     Button("Use app support key path") {
                         viewModel.useAppSupportKeyPath()
                     }
+                    .buttonStyle(PlainPillButtonStyle())
 
                     Toggle("Dev/test: skip TDX quote verification", isOn: $viewModel.insecureSkipQuoteVerify)
 
                     if !viewModel.insecureSkipQuoteVerify {
                         SecureField("Intel Trust Authority API key", text: $viewModel.itaAPIKey)
+                            .textFieldStyle(WorkspaceTextFieldStyle())
                         TextField("ITA base URL", text: $viewModel.itaBaseURL)
                             .textInputAutocapitalization(.never)
+                            .textFieldStyle(WorkspaceTextFieldStyle())
                         TextField("ITA JWKS URL", text: $viewModel.itaJwksURL)
                             .textInputAutocapitalization(.never)
+                            .textFieldStyle(WorkspaceTextFieldStyle())
                         TextField("ITA issuer", text: $viewModel.itaIssuer)
                             .textInputAutocapitalization(.never)
+                            .textFieldStyle(WorkspaceTextFieldStyle())
                     }
-                }
 
-                Section("Key Content") {
-                    Text("Paste a 32-byte Noise key as hex or base64 when the app cannot read your host key path.")
+                    Text("Paste a 32-byte Noise key as hex or base64 if the app cannot read your host key path.")
                         .font(.footnote)
-                        .foregroundStyle(.secondary)
+                        .foregroundStyle(Palette.muted)
 
                     TextEditor(text: $viewModel.keyContent)
-                        .font(.system(.body, design: .monospaced))
-                        .frame(minHeight: 76)
+                        .font(.body.monospaced())
+                        .scrollContentBackground(.hidden)
+                        .frame(minHeight: 88)
+                        .padding(8)
+                        .background(Palette.input)
+                        .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
 
-                    Button("Import pasted key to path") {
+                    Button("Import pasted key") {
                         viewModel.importPastedKey()
                     }
+                    .buttonStyle(PrimaryPillButtonStyle())
                     .disabled(viewModel.isBusy)
                 }
+                .padding(.top, 12)
+            } label: {
+                SectionHeader(title: "Connection", subtitle: viewModel.keyPath)
+            }
+        }
+    }
 
-                Section("Recipes") {
-                    Button("Load recipes") {
-                        viewModel.loadRecipes()
-                    }
-                    .disabled(viewModel.isBusy)
-
-                    if viewModel.recipes.isEmpty {
-                        Text("No recipes loaded")
-                            .foregroundStyle(.secondary)
-                    } else {
-                        ForEach(viewModel.recipes) { recipe in
-                            VStack(alignment: .leading, spacing: 4) {
-                                Text(recipe.title)
-                                Text(recipe.id)
-                                    .font(.caption.monospaced())
-                                    .foregroundStyle(.secondary)
-                                if !recipe.detail.isEmpty {
-                                    Text(recipe.detail)
-                                        .font(.caption)
-                                        .foregroundStyle(.secondary)
-                                }
-                            }
-                        }
-                    }
+    private var debugPanel: some View {
+        Card {
+            DisclosureGroup(isExpanded: $isDebugExpanded) {
+                ScrollView([.horizontal, .vertical]) {
+                    Text(viewModel.rawResponse.isEmpty ? "{}" : viewModel.rawResponse)
+                        .font(.caption.monospaced())
+                        .foregroundStyle(Palette.terminalText)
+                        .textSelection(.enabled)
+                        .frame(maxWidth: .infinity, alignment: .leading)
+                        .padding(12)
                 }
+                .frame(minHeight: 140)
+                .background(Palette.terminal)
+                .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
+                .padding(.top, 12)
+            } label: {
+                SectionHeader(title: "Debug", subtitle: "Last Rust response")
+            }
+        }
+    }
 
-                Section("Sessions") {
-                    HStack {
-                        Button("List sessions") {
-                            viewModel.loadSessions()
-                        }
-                        .disabled(viewModel.isBusy)
+    private var agentHost: String {
+        URL(string: viewModel.agentURL)?.host ?? viewModel.agentURL
+    }
 
-                        Button("Create shell") {
-                            viewModel.createShellSession()
-                        }
-                        .disabled(viewModel.isBusy)
-                    }
+    private var selectedSessionLabel: String {
+        let id = viewModel.selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        if id.isEmpty {
+            return "No session selected"
+        }
+        return "Session \(String(id.prefix(8)))"
+    }
+
+    private var transcriptText: String {
+        viewModel.transcript.isEmpty ? "No transcript loaded" : viewModel.transcript
+    }
+}
 
-                    Toggle("Notify on session changes", isOn: $viewModel.notifyOnSessionChanges)
+private enum Palette {
+    static let page = Color(red: 0.96, green: 0.94, blue: 0.90)
+    static let card = Color(red: 0.99, green: 0.98, blue: 0.94)
+    static let chip = Color(red: 0.91, green: 0.86, blue: 0.77)
+    static let input = Color(red: 0.94, green: 0.92, blue: 0.87)
+    static let status = Color(red: 0.90, green: 0.87, blue: 0.80)
+    static let border = Color.black.opacity(0.10)
+    static let text = Color(red: 0.14, green: 0.12, blue: 0.09)
+    static let muted = Color(red: 0.42, green: 0.37, blue: 0.30)
+    static let accent = Color(red: 0.54, green: 0.30, blue: 0.18)
+    static let accentText = Color(red: 0.99, green: 0.97, blue: 0.91)
+    static let ready = Color(red: 0.20, green: 0.48, blue: 0.31)
+    static let busy = Color(red: 0.70, green: 0.43, blue: 0.12)
+    static let terminal = Color(red: 0.13, green: 0.12, blue: 0.10)
+    static let terminalText = Color(red: 0.94, green: 0.91, blue: 0.82)
+}
 
-                    TextField("Selected session id", text: $viewModel.selectedSessionID)
-                        .textInputAutocapitalization(.never)
-                        .font(.system(.body, design: .monospaced))
+private struct Card<Content: View>: View {
+    @ViewBuilder var content: Content
 
-                    if viewModel.sessions.isEmpty {
-                        Text("No sessions loaded")
-                            .foregroundStyle(.secondary)
-                    } else {
-                        ForEach(viewModel.sessions) { session in
-                            Button {
-                                viewModel.selectSession(session)
-                            } label: {
-                                VStack(alignment: .leading, spacing: 4) {
-                                    Text(session.title)
-                                    Text(session.id)
-                                        .font(.caption.monospaced())
-                                        .foregroundStyle(.secondary)
-                                    if !session.detail.isEmpty {
-                                        Text(session.detail)
-                                            .font(.caption)
-                                            .foregroundStyle(.secondary)
-                                    }
-                                }
-                            }
-                        }
-                    }
-                }
+    var body: some View {
+        content
+            .padding(14)
+            .background(Palette.card)
+            .clipShape(RoundedRectangle(cornerRadius: 18, style: .continuous))
+            .overlay(
+                RoundedRectangle(cornerRadius: 18, style: .continuous)
+                    .stroke(Palette.border, lineWidth: 1)
+            )
+            .shadow(color: Color.black.opacity(0.04), radius: 12, x: 0, y: 6)
+    }
+}
 
-                Section("Transcript") {
-                    HStack {
-                        Button("Replay") {
-                            viewModel.replaySelectedSession()
-                        }
-                        .disabled(viewModel.isBusy)
+private struct SectionHeader: View {
+    let title: String
+    let subtitle: String
 
-                        Button("Attach / refresh output") {
-                            viewModel.attachSelectedSession()
-                        }
-                        .disabled(viewModel.isBusy)
-                    }
+    var body: some View {
+        VStack(alignment: .leading, spacing: 3) {
+            Text(title)
+                .font(.headline.weight(.semibold))
+                .foregroundStyle(Palette.text)
+            Text(subtitle)
+                .font(.caption)
+                .foregroundStyle(Palette.muted)
+                .lineLimit(1)
+        }
+    }
+}
 
-                    Stepper(
-                        "Zoom \(Int(viewModel.transcriptFontSize)) pt",
-                        value: $viewModel.transcriptFontSize,
-                        in: 11...30,
-                        step: 1
-                    )
+private struct ActionButton: View {
+    let title: String
+    let systemImage: String
+    let action: () -> Void
+
+    init(_ title: String, systemImage: String, action: @escaping () -> Void) {
+        self.title = title
+        self.systemImage = systemImage
+        self.action = action
+    }
+
+    var body: some View {
+        Button(action: action) {
+            HStack(spacing: 8) {
+                Image(systemName: systemImage)
+                Text(title)
+                    .lineLimit(1)
+                Spacer(minLength: 0)
+            }
+            .font(.callout.weight(.semibold))
+            .padding(.horizontal, 12)
+            .padding(.vertical, 12)
+            .foregroundStyle(Palette.text)
+            .background(Palette.input)
+            .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
+        }
+        .buttonStyle(.plain)
+    }
+}
 
-                    ScrollView([.horizontal, .vertical]) {
-                        Text(viewModel.transcript.isEmpty ? "No transcript loaded" : viewModel.transcript)
-                            .font(.system(size: viewModel.transcriptFontSize, design: .monospaced))
-                            .textSelection(.enabled)
-                            .frame(maxWidth: .infinity, alignment: .leading)
-                            .padding(.vertical, 6)
+private struct SessionRow: View {
+    let session: SessionSummary
+    let isSelected: Bool
+    let action: () -> Void
+
+    var body: some View {
+        Button(action: action) {
+            HStack(alignment: .top, spacing: 10) {
+                Circle()
+                    .fill(isSelected ? Palette.accent : Palette.border)
+                    .frame(width: 9, height: 9)
+                    .padding(.top, 5)
+
+                VStack(alignment: .leading, spacing: 4) {
+                    Text(session.title)
+                        .font(.callout.weight(.semibold))
+                        .foregroundStyle(Palette.text)
+                    Text(session.id)
+                        .font(.caption.monospaced())
+                        .foregroundStyle(Palette.muted)
+                        .lineLimit(1)
+                    if !session.detail.isEmpty {
+                        Text(session.detail)
+                            .font(.caption)
+                            .foregroundStyle(Palette.muted)
+                            .lineLimit(2)
                     }
-                    .frame(minHeight: 240)
                 }
 
-                Section("Mobile Write Controls") {
-                    TextField("Short input, e.g. 1 or y", text: $viewModel.quickInput)
-                        .textInputAutocapitalization(.never)
-                        .font(.system(.body, design: .monospaced))
+                Spacer()
+            }
+            .padding(12)
+            .background(isSelected ? Palette.chip : Palette.input)
+            .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
+        }
+        .buttonStyle(.plain)
+    }
+}
 
-                    HStack {
-                        Button("Send + Return") {
-                            viewModel.sendQuickInput()
-                        }
-                        .disabled(viewModel.isBusy)
+private struct SummaryRow: View {
+    let title: String
+    let id: String
+    let detail: String
 
-                        Button("1") {
-                            viewModel.sendQuickInput("1\n")
-                        }
-                        .disabled(viewModel.isBusy)
+    var body: some View {
+        VStack(alignment: .leading, spacing: 4) {
+            Text(title)
+                .font(.callout.weight(.semibold))
+                .foregroundStyle(Palette.text)
+            Text(id)
+                .font(.caption.monospaced())
+                .foregroundStyle(Palette.muted)
+            if !detail.isEmpty {
+                Text(detail)
+                    .font(.caption)
+                    .foregroundStyle(Palette.muted)
+                    .lineLimit(3)
+            }
+        }
+        .frame(maxWidth: .infinity, alignment: .leading)
+        .padding(12)
+        .background(Palette.input)
+        .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
+    }
+}
 
-                        Button("2") {
-                            viewModel.sendQuickInput("2\n")
-                        }
-                        .disabled(viewModel.isBusy)
+private struct EmptyState: View {
+    let text: String
 
-                        Button("Enter") {
-                            viewModel.sendQuickInput("\n")
-                        }
-                        .disabled(viewModel.isBusy)
-                    }
+    var body: some View {
+        Text(text)
+            .font(.callout)
+            .foregroundStyle(Palette.muted)
+            .frame(maxWidth: .infinity, alignment: .leading)
+            .padding(14)
+            .background(Palette.input)
+            .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
+    }
+}
 
-                    Text("Each send attaches, writes bytes, waits briefly for output, then detaches without closing the remote session.")
-                        .font(.footnote)
-                        .foregroundStyle(.secondary)
-                }
+private struct TranscriptReaderView: View {
+    @Environment(\.dismiss) private var dismiss
+    let transcript: String
+    @Binding var fontSize: Double
 
-                Section("Status") {
-                    if viewModel.isBusy {
-                        ProgressView()
-                    }
-                    Text(viewModel.status)
-                        .font(.callout)
+    var body: some View {
+        NavigationStack {
+            ZStack {
+                Palette.terminal.ignoresSafeArea()
 
-                    DisclosureGroup("Last Rust response") {
-                        ScrollView([.horizontal, .vertical]) {
-                            Text(viewModel.rawResponse.isEmpty ? "{}" : viewModel.rawResponse)
-                                .font(.caption.monospaced())
-                                .textSelection(.enabled)
-                                .frame(maxWidth: .infinity, alignment: .leading)
-                        }
-                        .frame(minHeight: 120)
+                ScrollView([.horizontal, .vertical]) {
+                    Text(transcript.isEmpty ? "No transcript loaded" : transcript)
+                        .font(.system(size: fontSize, design: .monospaced))
+                        .foregroundStyle(Palette.terminalText)
+                        .textSelection(.enabled)
+                        .frame(maxWidth: .infinity, alignment: .leading)
+                        .padding(18)
+                }
+            }
+            .navigationTitle("Reader")
+            .navigationBarTitleDisplayMode(.inline)
+            .toolbar {
+                ToolbarItem(placement: .topBarTrailing) {
+                    Button("Done") {
+                        dismiss()
                     }
                 }
             }
-            .navigationTitle("DevOps Defender")
+            .safeAreaInset(edge: .bottom) {
+                Stepper(
+                    "Text \(Int(fontSize)) pt",
+                    value: $fontSize,
+                    in: 11...34,
+                    step: 1
+                )
+                .font(.callout)
+                .foregroundStyle(Palette.terminalText)
+                .padding(14)
+                .background(Palette.terminal.opacity(0.92))
+            }
         }
     }
 }
+
+private struct WorkspaceTextFieldStyle: TextFieldStyle {
+    func _body(configuration: TextField<Self._Label>) -> some View {
+        configuration
+            .padding(12)
+            .background(Palette.input)
+            .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
+    }
+}
+
+private struct QuietButtonStyle: ButtonStyle {
+    func makeBody(configuration: Configuration) -> some View {
+        configuration.label
+            .font(.caption.weight(.semibold))
+            .padding(.horizontal, 10)
+            .padding(.vertical, 7)
+            .foregroundStyle(Palette.text)
+            .background(Palette.input)
+            .clipShape(Capsule())
+            .opacity(configuration.isPressed ? 0.65 : 1)
+    }
+}
+
+private struct PrimaryPillButtonStyle: ButtonStyle {
+    func makeBody(configuration: Configuration) -> some View {
+        configuration.label
+            .font(.callout.weight(.semibold))
+            .padding(.horizontal, 14)
+            .padding(.vertical, 10)
+            .foregroundStyle(Palette.accentText)
+            .background(Palette.accent)
+            .clipShape(Capsule())
+            .opacity(configuration.isPressed ? 0.75 : 1)
+    }
+}
+
+private struct PlainPillButtonStyle: ButtonStyle {
+    func makeBody(configuration: Configuration) -> some View {
+        configuration.label
+            .font(.callout.weight(.semibold))
+            .padding(.horizontal, 14)
+            .padding(.vertical, 10)
+            .foregroundStyle(Palette.text)
+            .background(Palette.input)
+            .clipShape(Capsule())
+            .opacity(configuration.isPressed ? 0.70 : 1)
+    }
+}

From 8e36b6fdb8a761c931f0e35b901de75d664c47ff Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 13:13:40 -0400
Subject: [PATCH 06/18] Simplify iOS app setup flow

---
 apps/ios/DevOpsDefender/ContentView.swift    | 111 ++++++++++++++++++-
 apps/ios/DevOpsDefender/DDClientBridge.swift |  31 ++++++
 apps/ios/README.md                           |  19 +++-
 3 files changed, 155 insertions(+), 6 deletions(-)

diff --git a/apps/ios/DevOpsDefender/ContentView.swift b/apps/ios/DevOpsDefender/ContentView.swift
index 4a74ff6..a95ad08 100644
--- a/apps/ios/DevOpsDefender/ContentView.swift
+++ b/apps/ios/DevOpsDefender/ContentView.swift
@@ -1,4 +1,5 @@
 import SwiftUI
+import UIKit
 
 struct ContentView: View {
     @StateObject private var viewModel = ClientViewModel()
@@ -18,6 +19,7 @@ struct ContentView: View {
                 ScrollView {
                     VStack(alignment: .leading, spacing: 14) {
                         header
+                        setupPanel
                         statusStrip
                         actionPanel
                         transcriptPanel
@@ -44,6 +46,58 @@ struct ContentView: View {
         }
     }
 
+    private var setupPanel: some View {
+        Card {
+            VStack(alignment: .leading, spacing: 12) {
+                SectionHeader(title: "Quick setup", subtitle: "Use defaults, confirm the key, start reading")
+
+                VStack(spacing: 8) {
+                    SetupChecklistRow(
+                        title: "Agent",
+                        detail: agentHost,
+                        state: .ready
+                    )
+                    SetupChecklistRow(
+                        title: "Noise key",
+                        detail: keyFileExists ? "Found at \(expandedKeyPath)" : "Not found. Paste the key or switch to app storage.",
+                        state: keyFileExists ? .ready : .needsAction
+                    )
+                    SetupChecklistRow(
+                        title: "Verification",
+                        detail: viewModel.insecureSkipQuoteVerify ? "TDX quote checks skipped for PR preview testing" : "Intel Trust Authority required",
+                        state: viewModel.insecureSkipQuoteVerify ? .preview : .ready
+                    )
+                }
+
+                LazyVGrid(columns: actionColumns, spacing: 10) {
+                    ActionButton("Load defaults", systemImage: "play.circle") {
+                        viewModel.usePreviewDefaultsAndLoad()
+                    }
+                    .disabled(viewModel.isBusy)
+
+                    ActionButton("Paste key", systemImage: "doc.on.clipboard") {
+                        guard let key = UIPasteboard.general.string else {
+                            viewModel.status = "Clipboard did not contain text"
+                            return
+                        }
+                        viewModel.keyContent = key
+                        viewModel.importPastedKey()
+                    }
+                    .disabled(viewModel.isBusy)
+
+                    ActionButton("App key", systemImage: "folder") {
+                        viewModel.useAppSupportKeyPath()
+                        isConnectionExpanded = true
+                    }
+
+                    ActionButton("Advanced", systemImage: "slider.horizontal.3") {
+                        isConnectionExpanded.toggle()
+                    }
+                }
+            }
+        }
+    }
+
     private var header: some View {
         Card {
             VStack(alignment: .leading, spacing: 12) {
@@ -343,7 +397,7 @@ struct ContentView: View {
                 }
                 .padding(.top, 12)
             } label: {
-                SectionHeader(title: "Connection", subtitle: viewModel.keyPath)
+                SectionHeader(title: "Advanced connection", subtitle: viewModel.keyPath)
             }
         }
     }
@@ -384,6 +438,14 @@ struct ContentView: View {
     private var transcriptText: String {
         viewModel.transcript.isEmpty ? "No transcript loaded" : viewModel.transcript
     }
+
+    private var expandedKeyPath: String {
+        (viewModel.keyPath as NSString).expandingTildeInPath
+    }
+
+    private var keyFileExists: Bool {
+        FileManager.default.fileExists(atPath: expandedKeyPath)
+    }
 }
 
 private enum Palette {
@@ -399,6 +461,7 @@ private enum Palette {
     static let accentText = Color(red: 0.99, green: 0.97, blue: 0.91)
     static let ready = Color(red: 0.20, green: 0.48, blue: 0.31)
     static let busy = Color(red: 0.70, green: 0.43, blue: 0.12)
+    static let warn = Color(red: 0.72, green: 0.49, blue: 0.16)
     static let terminal = Color(red: 0.13, green: 0.12, blue: 0.10)
     static let terminalText = Color(red: 0.94, green: 0.91, blue: 0.82)
 }
@@ -466,6 +529,52 @@ private struct ActionButton: View {
     }
 }
 
+private enum SetupState {
+    case ready
+    case preview
+    case needsAction
+
+    var color: Color {
+        switch self {
+        case .ready:
+            Palette.ready
+        case .preview:
+            Palette.warn
+        case .needsAction:
+            Palette.busy
+        }
+    }
+}
+
+private struct SetupChecklistRow: View {
+    let title: String
+    let detail: String
+    let state: SetupState
+
+    var body: some View {
+        HStack(alignment: .firstTextBaseline, spacing: 10) {
+            Circle()
+                .fill(state.color)
+                .frame(width: 8, height: 8)
+
+            Text(title)
+                .font(.callout.weight(.semibold))
+                .foregroundStyle(Palette.text)
+                .frame(width: 92, alignment: .leading)
+
+            Text(detail)
+                .font(.callout)
+                .foregroundStyle(Palette.muted)
+                .lineLimit(2)
+
+            Spacer(minLength: 0)
+        }
+        .padding(12)
+        .background(Palette.input)
+        .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
+    }
+}
+
 private struct SessionRow: View {
     let session: SessionSummary
     let isSelected: Bool
diff --git a/apps/ios/DevOpsDefender/DDClientBridge.swift b/apps/ios/DevOpsDefender/DDClientBridge.swift
index 156398c..24d25f1 100644
--- a/apps/ios/DevOpsDefender/DDClientBridge.swift
+++ b/apps/ios/DevOpsDefender/DDClientBridge.swift
@@ -205,6 +205,37 @@ final class ClientViewModel: ObservableObject {
         )
     }
 
+    func usePreviewDefaults() {
+        agentURL = AppDefaults.previewAgentURL
+        keyPath = AppDefaults.defaultKeyPath
+        insecureSkipQuoteVerify = true
+        itaAPIKey = ""
+        itaBaseURL = AppDefaults.itaBaseURL
+        itaJwksURL = AppDefaults.itaJwksURL
+        itaIssuer = AppDefaults.itaIssuer
+        status = "Using PR preview defaults"
+    }
+
+    func usePreviewDefaultsAndLoad() {
+        usePreviewDefaults()
+        let settings = settings
+        run("Checking setup") {
+            let recipesResponse = try DDClientBridge.listRecipes(settings: settings)
+            let sessionsResponse = try DDClientBridge.listSessions(settings: settings)
+            let recipes = extractRecipes(from: recipesResponse["value"])
+            let sessions = extractSessions(from: sessionsResponse["value"])
+            return ClientUpdate(
+                status: "Ready: \(recipes.count) recipes, \(sessions.count) sessions",
+                recipes: recipes,
+                sessions: sessions,
+                rawResponse: prettyJSONString([
+                    "recipes": recipesResponse,
+                    "sessions": sessionsResponse
+                ])
+            )
+        }
+    }
+
     func useAppSupportKeyPath() {
         keyPath = AppDefaults.appSupportNoiseKeyPath
     }
diff --git a/apps/ios/README.md b/apps/ios/README.md
index f076707..e889938 100644
--- a/apps/ios/README.md
+++ b/apps/ios/README.md
@@ -14,15 +14,24 @@ The app defaults to that URL and, on simulator or "Designed for iPad on Mac",
 tries `~/.config/devopsdefender/noise.key`. On sandboxed installs, use the
 "Use app support key path" button and paste/import the Noise key content.
 
+To copy the local key as hex for paste/import:
+
+```bash
+xxd -p -c 256 "$HOME/.config/devopsdefender/noise.key" | pbcopy
+```
+
 ## App Workflow
 
-- Toggle "Dev/test: skip TDX quote verification" for PR previews. This maps to
-  the CLI `--insecure-skip-quote-verify` path.
-- Tap "Load recipes" to call Rust for the recipe list.
-- Tap "List sessions" to call Rust for current sessions.
+- The first card is "Quick setup". Tap "Use defaults & load" for PR preview
+  testing; it restores the PR #261 URL, uses the default Noise key path, skips
+  quote verification, and loads recipes plus sessions.
+- If the key is not found, copy the 32-byte Noise key as hex/base64, then use
+  the app's paste/import control. "Use app key path" switches to app storage for
+  sandboxed installs.
 - Tap "Create shell session" to create a session with recipe `shell`.
 - Select a session, then use "Replay transcript" or "Attach / refresh output".
-- Use the zoom stepper for larger transcript text when reading output on mobile.
+- Use "Reader" and the zoom stepper for larger transcript text when reading
+  output on mobile.
 - Use quick write controls for common agent prompts: `1`, `2`, `Enter`, or a
   short custom line. Attach/write/detach does not close the remote session.
 - Enable session notifications to get a local notification when a newly listed

From f67c1641618eb9c78b997bc9b26a295b7c7571c9 Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 15:07:16 -0400
Subject: [PATCH 07/18] Simplify iOS session viewer

---
 README.md                                    |  16 +
 apps/ios/DevOpsDefender/ContentView.swift    | 756 +-----------------
 apps/ios/DevOpsDefender/DDClientBridge.swift | 798 +++++++++++--------
 apps/ios/DevOpsDefender/Info.plist           |  12 +-
 apps/ios/README.md                           | 143 ++--
 apps/ios/project.yml                         |   1 -
 crates/dd-client-cli/src/main.rs             | 104 ++-
 crates/dd-client-core/src/lib.rs             |  15 +-
 crates/dd-client-ffi/src/lib.rs              | 134 ++--
 9 files changed, 754 insertions(+), 1225 deletions(-)

diff --git a/README.md b/README.md
index de1d927..309fa56 100644
--- a/README.md
+++ b/README.md
@@ -52,5 +52,21 @@ During an attached shell, `Ctrl-]` detaches and leaves the remote session alive.
 `Ctrl-D` sends EOF to the remote shell and disconnects the local client. Use
 `dd-client close --id SESSION_ID ...` to terminate a session explicitly.
 
+Send a running session to the mobile companion app:
+
+```bash
+dd-client mobile-link \
+  --url https://agent.example.com \
+  --key ~/.config/devopsdefender/noise.key \
+  --id SESSION_ID \
+  --include-key
+```
+
+Open the printed `devopsdefender://session?...` link on iOS, or render it as a
+QR code with the printed `qrencode` command. `--include-key` puts the Noise
+private key in the handoff URL so the mobile app can import it before replaying;
+treat that link or QR code as secret. Omit `--include-key` to send only the
+agent URL and session id after the app already has the key.
+
 Quote verification is on by default. Local preview/dev runs without Intel Trust
 Authority credentials must pass `--insecure-skip-quote-verify` explicitly.
diff --git a/apps/ios/DevOpsDefender/ContentView.swift b/apps/ios/DevOpsDefender/ContentView.swift
index a95ad08..0e896aa 100644
--- a/apps/ios/DevOpsDefender/ContentView.swift
+++ b/apps/ios/DevOpsDefender/ContentView.swift
@@ -1,748 +1,66 @@
 import SwiftUI
-import UIKit
 
 struct ContentView: View {
     @StateObject private var viewModel = ClientViewModel()
-    @State private var isConnectionExpanded = false
-    @State private var isDebugExpanded = false
-    @State private var showTranscriptReader = false
-
-    private let actionColumns = [
-        GridItem(.adaptive(minimum: 150), spacing: 10)
-    ]
 
     var body: some View {
-        NavigationStack {
-            ZStack {
-                Palette.page.ignoresSafeArea()
-
-                ScrollView {
-                    VStack(alignment: .leading, spacing: 14) {
-                        header
-                        setupPanel
-                        statusStrip
-                        actionPanel
-                        transcriptPanel
-                        writePanel
-                        sessionsPanel
-                        recipesPanel
-                        connectionPanel
-                        debugPanel
-                    }
+        ZStack(alignment: .topLeading) {
+            Palette.background.ignoresSafeArea()
+
+            ScrollView(.vertical) {
+                Text(transcriptText)
+                    .font(.system(size: 15, design: .monospaced))
+                    .foregroundStyle(Palette.text)
+                    .textSelection(.enabled)
+                    .fixedSize(horizontal: false, vertical: true)
+                    .frame(maxWidth: .infinity, alignment: .topLeading)
                     .padding(.horizontal, 16)
-                    .padding(.vertical, 18)
-                    .frame(maxWidth: 980, alignment: .center)
-                    .frame(maxWidth: .infinity)
-                }
-            }
-            .navigationTitle("DevOps Defender")
-            .navigationBarTitleDisplayMode(.inline)
-            .sheet(isPresented: $showTranscriptReader) {
-                TranscriptReaderView(
-                    transcript: viewModel.transcript,
-                    fontSize: $viewModel.transcriptFontSize
-                )
-            }
-        }
-    }
-
-    private var setupPanel: some View {
-        Card {
-            VStack(alignment: .leading, spacing: 12) {
-                SectionHeader(title: "Quick setup", subtitle: "Use defaults, confirm the key, start reading")
-
-                VStack(spacing: 8) {
-                    SetupChecklistRow(
-                        title: "Agent",
-                        detail: agentHost,
-                        state: .ready
-                    )
-                    SetupChecklistRow(
-                        title: "Noise key",
-                        detail: keyFileExists ? "Found at \(expandedKeyPath)" : "Not found. Paste the key or switch to app storage.",
-                        state: keyFileExists ? .ready : .needsAction
-                    )
-                    SetupChecklistRow(
-                        title: "Verification",
-                        detail: viewModel.insecureSkipQuoteVerify ? "TDX quote checks skipped for PR preview testing" : "Intel Trust Authority required",
-                        state: viewModel.insecureSkipQuoteVerify ? .preview : .ready
-                    )
-                }
-
-                LazyVGrid(columns: actionColumns, spacing: 10) {
-                    ActionButton("Load defaults", systemImage: "play.circle") {
-                        viewModel.usePreviewDefaultsAndLoad()
-                    }
-                    .disabled(viewModel.isBusy)
-
-                    ActionButton("Paste key", systemImage: "doc.on.clipboard") {
-                        guard let key = UIPasteboard.general.string else {
-                            viewModel.status = "Clipboard did not contain text"
-                            return
-                        }
-                        viewModel.keyContent = key
-                        viewModel.importPastedKey()
-                    }
-                    .disabled(viewModel.isBusy)
-
-                    ActionButton("App key", systemImage: "folder") {
-                        viewModel.useAppSupportKeyPath()
-                        isConnectionExpanded = true
-                    }
-
-                    ActionButton("Advanced", systemImage: "slider.horizontal.3") {
-                        isConnectionExpanded.toggle()
-                    }
-                }
-            }
-        }
-    }
-
-    private var header: some View {
-        Card {
-            VStack(alignment: .leading, spacing: 12) {
-                HStack(alignment: .firstTextBaseline) {
-                    VStack(alignment: .leading, spacing: 4) {
-                        Text("Agent workspace")
-                            .font(.title2.weight(.semibold))
-                            .foregroundStyle(Palette.text)
-                        Text(agentHost)
-                            .font(.callout)
-                            .foregroundStyle(Palette.muted)
-                            .lineLimit(1)
-                    }
-
-                    Spacer()
-
-                    Text(viewModel.insecureSkipQuoteVerify ? "PR preview" : "Quote verified")
-                        .font(.caption.weight(.semibold))
-                        .padding(.horizontal, 10)
-                        .padding(.vertical, 6)
-                        .background(Palette.chip)
-                        .clipShape(Capsule())
-                        .foregroundStyle(Palette.text)
-                }
-
-                HStack(spacing: 10) {
-                    Label(selectedSessionLabel, systemImage: "terminal")
-                        .font(.caption)
-                        .foregroundStyle(Palette.muted)
-                        .lineLimit(1)
-
-                    Spacer()
-
-                    if viewModel.isBusy {
-                        ProgressView()
-                            .controlSize(.small)
-                    }
-                }
-            }
-        }
-    }
-
-    private var statusStrip: some View {
-        HStack(spacing: 10) {
-            Circle()
-                .fill(viewModel.isBusy ? Palette.busy : Palette.ready)
-                .frame(width: 8, height: 8)
-
-            Text(viewModel.status)
-                .font(.callout)
-                .foregroundStyle(Palette.text)
-                .lineLimit(2)
-
-            Spacer()
-        }
-        .padding(.horizontal, 14)
-        .padding(.vertical, 10)
-        .background(Palette.status)
-        .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
-    }
-
-    private var actionPanel: some View {
-        Card {
-            VStack(alignment: .leading, spacing: 12) {
-                SectionHeader(title: "Runbook", subtitle: "Load, create, attach, detach")
-
-                LazyVGrid(columns: actionColumns, spacing: 10) {
-                    ActionButton("Load recipes", systemImage: "list.bullet.rectangle") {
-                        viewModel.loadRecipes()
-                    }
-                    .disabled(viewModel.isBusy)
-
-                    ActionButton("List sessions", systemImage: "rectangle.stack") {
-                        viewModel.loadSessions()
-                    }
-                    .disabled(viewModel.isBusy)
-
-                    ActionButton("Create shell", systemImage: "plus.app") {
-                        viewModel.createShellSession()
-                    }
-                    .disabled(viewModel.isBusy)
-
-                    ActionButton("Attach refresh", systemImage: "arrow.clockwise") {
-                        viewModel.attachSelectedSession()
-                    }
-                    .disabled(viewModel.isBusy)
-                }
-            }
-        }
-    }
-
-    private var transcriptPanel: some View {
-        Card {
-            VStack(alignment: .leading, spacing: 12) {
-                HStack(alignment: .firstTextBaseline) {
-                    SectionHeader(title: "Transcript", subtitle: selectedSessionLabel)
-
-                    Spacer()
-
-                    Button {
-                        showTranscriptReader = true
-                    } label: {
-                        Label("Reader", systemImage: "text.magnifyingglass")
-                            .labelStyle(.titleAndIcon)
-                    }
-                    .buttonStyle(QuietButtonStyle())
-                }
-
-                HStack(spacing: 10) {
-                    Button("Replay") {
-                        viewModel.replaySelectedSession()
-                    }
-                    .buttonStyle(PlainPillButtonStyle())
-                    .disabled(viewModel.isBusy)
-
-                    Stepper(
-                        "Text \(Int(viewModel.transcriptFontSize))",
-                        value: $viewModel.transcriptFontSize,
-                        in: 11...30,
-                        step: 1
-                    )
-                    .font(.caption)
-                    .foregroundStyle(Palette.muted)
-                }
-
-                ScrollView([.horizontal, .vertical]) {
-                    Text(transcriptText)
-                        .font(.system(size: viewModel.transcriptFontSize, design: .monospaced))
-                        .foregroundStyle(Palette.terminalText)
-                        .textSelection(.enabled)
-                        .frame(maxWidth: .infinity, alignment: .leading)
-                        .padding(14)
-                }
-                .frame(minHeight: 340)
-                .background(Palette.terminal)
-                .clipShape(RoundedRectangle(cornerRadius: 16, style: .continuous))
-                .overlay(
-                    RoundedRectangle(cornerRadius: 16, style: .continuous)
-                        .stroke(Palette.border, lineWidth: 1)
-                )
+                    .padding(.top, 46)
+                    .padding(.bottom, 24)
             }
-        }
-    }
-
-    private var writePanel: some View {
-        Card {
-            VStack(alignment: .leading, spacing: 12) {
-                SectionHeader(
-                    title: "Mobile replies",
-                    subtitle: "Optimized for 1, 2, enter, and short prompts"
-                )
-
-                TextField("Type a short reply", text: $viewModel.quickInput, axis: .vertical)
-                    .textInputAutocapitalization(.never)
-                    .font(.body.monospaced())
-                    .lineLimit(1...3)
-                    .padding(12)
-                    .background(Palette.input)
-                    .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
-
-                HStack(spacing: 10) {
-                    Button("Send") {
-                        viewModel.sendQuickInput()
-                    }
-                    .buttonStyle(PrimaryPillButtonStyle())
-                    .disabled(viewModel.isBusy)
 
-                    Button("1") {
-                        viewModel.sendQuickInput("1\n")
-                    }
-                    .buttonStyle(PlainPillButtonStyle())
-                    .disabled(viewModel.isBusy)
-
-                    Button("2") {
-                        viewModel.sendQuickInput("2\n")
-                    }
-                    .buttonStyle(PlainPillButtonStyle())
-                    .disabled(viewModel.isBusy)
-
-                    Button("Enter") {
-                        viewModel.sendQuickInput("\n")
-                    }
-                    .buttonStyle(PlainPillButtonStyle())
-                    .disabled(viewModel.isBusy)
-                }
+            HStack(spacing: 8) {
+                Circle()
+                    .fill(viewModel.isBusy ? Palette.busy : Palette.ready)
+                    .frame(width: 7, height: 7)
 
-                Text("Each send attaches, writes bytes, waits briefly, then detaches without closing the session.")
-                    .font(.footnote)
+                Text(statusText)
+                    .font(.caption.monospaced())
                     .foregroundStyle(Palette.muted)
+                    .lineLimit(1)
+                    .truncationMode(.middle)
             }
+            .padding(.horizontal, 12)
+            .padding(.vertical, 8)
+            .background(Palette.background.opacity(0.94))
         }
-    }
-
-    private var sessionsPanel: some View {
-        Card {
-            VStack(alignment: .leading, spacing: 12) {
-                SectionHeader(title: "Sessions", subtitle: "\(viewModel.sessions.count) loaded")
-
-                Toggle("Notify on session changes", isOn: $viewModel.notifyOnSessionChanges)
-                    .font(.callout)
-
-                TextField("Paste or edit selected session id", text: $viewModel.selectedSessionID)
-                    .textInputAutocapitalization(.never)
-                    .font(.caption.monospaced())
-                    .padding(12)
-                    .background(Palette.input)
-                    .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
-
-                if viewModel.sessions.isEmpty {
-                    EmptyState(text: "No sessions loaded")
-                } else {
-                    VStack(spacing: 8) {
-                        ForEach(viewModel.sessions) { session in
-                            SessionRow(
-                                session: session,
-                                isSelected: session.id == viewModel.selectedSessionID
-                            ) {
-                                viewModel.selectSession(session)
-                            }
-                        }
-                    }
-                }
-            }
+        .onOpenURL { url in
+            viewModel.openMobileLink(url)
         }
     }
 
-    private var recipesPanel: some View {
-        Card {
-            VStack(alignment: .leading, spacing: 12) {
-                SectionHeader(title: "Recipes", subtitle: "\(viewModel.recipes.count) loaded")
-
-                if viewModel.recipes.isEmpty {
-                    EmptyState(text: "Load recipes to confirm the PR preview is reachable")
-                } else {
-                    VStack(spacing: 8) {
-                        ForEach(viewModel.recipes) { recipe in
-                            SummaryRow(title: recipe.title, id: recipe.id, detail: recipe.detail)
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-    private var connectionPanel: some View {
-        Card {
-            DisclosureGroup(isExpanded: $isConnectionExpanded) {
-                VStack(alignment: .leading, spacing: 12) {
-                    TextField("Agent URL", text: $viewModel.agentURL)
-                        .textInputAutocapitalization(.never)
-                        .keyboardType(.URL)
-                        .textFieldStyle(WorkspaceTextFieldStyle())
-
-                    TextField("Noise key path", text: $viewModel.keyPath)
-                        .textInputAutocapitalization(.never)
-                        .font(.body.monospaced())
-                        .textFieldStyle(WorkspaceTextFieldStyle())
-
-                    Button("Use app support key path") {
-                        viewModel.useAppSupportKeyPath()
-                    }
-                    .buttonStyle(PlainPillButtonStyle())
-
-                    Toggle("Dev/test: skip TDX quote verification", isOn: $viewModel.insecureSkipQuoteVerify)
-
-                    if !viewModel.insecureSkipQuoteVerify {
-                        SecureField("Intel Trust Authority API key", text: $viewModel.itaAPIKey)
-                            .textFieldStyle(WorkspaceTextFieldStyle())
-                        TextField("ITA base URL", text: $viewModel.itaBaseURL)
-                            .textInputAutocapitalization(.never)
-                            .textFieldStyle(WorkspaceTextFieldStyle())
-                        TextField("ITA JWKS URL", text: $viewModel.itaJwksURL)
-                            .textInputAutocapitalization(.never)
-                            .textFieldStyle(WorkspaceTextFieldStyle())
-                        TextField("ITA issuer", text: $viewModel.itaIssuer)
-                            .textInputAutocapitalization(.never)
-                            .textFieldStyle(WorkspaceTextFieldStyle())
-                    }
-
-                    Text("Paste a 32-byte Noise key as hex or base64 if the app cannot read your host key path.")
-                        .font(.footnote)
-                        .foregroundStyle(Palette.muted)
-
-                    TextEditor(text: $viewModel.keyContent)
-                        .font(.body.monospaced())
-                        .scrollContentBackground(.hidden)
-                        .frame(minHeight: 88)
-                        .padding(8)
-                        .background(Palette.input)
-                        .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
-
-                    Button("Import pasted key") {
-                        viewModel.importPastedKey()
-                    }
-                    .buttonStyle(PrimaryPillButtonStyle())
-                    .disabled(viewModel.isBusy)
-                }
-                .padding(.top, 12)
-            } label: {
-                SectionHeader(title: "Advanced connection", subtitle: viewModel.keyPath)
-            }
+    private var transcriptText: String {
+        if !viewModel.transcript.isEmpty {
+            return viewModel.transcript
         }
-    }
-
-    private var debugPanel: some View {
-        Card {
-            DisclosureGroup(isExpanded: $isDebugExpanded) {
-                ScrollView([.horizontal, .vertical]) {
-                    Text(viewModel.rawResponse.isEmpty ? "{}" : viewModel.rawResponse)
-                        .font(.caption.monospaced())
-                        .foregroundStyle(Palette.terminalText)
-                        .textSelection(.enabled)
-                        .frame(maxWidth: .infinity, alignment: .leading)
-                        .padding(12)
-                }
-                .frame(minHeight: 140)
-                .background(Palette.terminal)
-                .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
-                .padding(.top, 12)
-            } label: {
-                SectionHeader(title: "Debug", subtitle: "Last Rust response")
-            }
+        if viewModel.hasLinkedSession {
+            return viewModel.status
         }
+        return "Open a DevOps Defender session link."
     }
 
-    private var agentHost: String {
-        URL(string: viewModel.agentURL)?.host ?? viewModel.agentURL
-    }
-
-    private var selectedSessionLabel: String {
-        let id = viewModel.selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
-        if id.isEmpty {
-            return "No session selected"
+    private var statusText: String {
+        if viewModel.hasLinkedSession {
+            return "\(viewModel.linkedSessionTitle)  \(viewModel.status)"
         }
-        return "Session \(String(id.prefix(8)))"
-    }
-
-    private var transcriptText: String {
-        viewModel.transcript.isEmpty ? "No transcript loaded" : viewModel.transcript
-    }
-
-    private var expandedKeyPath: String {
-        (viewModel.keyPath as NSString).expandingTildeInPath
-    }
-
-    private var keyFileExists: Bool {
-        FileManager.default.fileExists(atPath: expandedKeyPath)
+        return viewModel.status
     }
 }
 
 private enum Palette {
-    static let page = Color(red: 0.96, green: 0.94, blue: 0.90)
-    static let card = Color(red: 0.99, green: 0.98, blue: 0.94)
-    static let chip = Color(red: 0.91, green: 0.86, blue: 0.77)
-    static let input = Color(red: 0.94, green: 0.92, blue: 0.87)
-    static let status = Color(red: 0.90, green: 0.87, blue: 0.80)
-    static let border = Color.black.opacity(0.10)
-    static let text = Color(red: 0.14, green: 0.12, blue: 0.09)
+    static let background = Color(red: 0.96, green: 0.94, blue: 0.90)
+    static let text = Color(red: 0.16, green: 0.14, blue: 0.11)
     static let muted = Color(red: 0.42, green: 0.37, blue: 0.30)
-    static let accent = Color(red: 0.54, green: 0.30, blue: 0.18)
-    static let accentText = Color(red: 0.99, green: 0.97, blue: 0.91)
     static let ready = Color(red: 0.20, green: 0.48, blue: 0.31)
     static let busy = Color(red: 0.70, green: 0.43, blue: 0.12)
-    static let warn = Color(red: 0.72, green: 0.49, blue: 0.16)
-    static let terminal = Color(red: 0.13, green: 0.12, blue: 0.10)
-    static let terminalText = Color(red: 0.94, green: 0.91, blue: 0.82)
-}
-
-private struct Card<Content: View>: View {
-    @ViewBuilder var content: Content
-
-    var body: some View {
-        content
-            .padding(14)
-            .background(Palette.card)
-            .clipShape(RoundedRectangle(cornerRadius: 18, style: .continuous))
-            .overlay(
-                RoundedRectangle(cornerRadius: 18, style: .continuous)
-                    .stroke(Palette.border, lineWidth: 1)
-            )
-            .shadow(color: Color.black.opacity(0.04), radius: 12, x: 0, y: 6)
-    }
-}
-
-private struct SectionHeader: View {
-    let title: String
-    let subtitle: String
-
-    var body: some View {
-        VStack(alignment: .leading, spacing: 3) {
-            Text(title)
-                .font(.headline.weight(.semibold))
-                .foregroundStyle(Palette.text)
-            Text(subtitle)
-                .font(.caption)
-                .foregroundStyle(Palette.muted)
-                .lineLimit(1)
-        }
-    }
-}
-
-private struct ActionButton: View {
-    let title: String
-    let systemImage: String
-    let action: () -> Void
-
-    init(_ title: String, systemImage: String, action: @escaping () -> Void) {
-        self.title = title
-        self.systemImage = systemImage
-        self.action = action
-    }
-
-    var body: some View {
-        Button(action: action) {
-            HStack(spacing: 8) {
-                Image(systemName: systemImage)
-                Text(title)
-                    .lineLimit(1)
-                Spacer(minLength: 0)
-            }
-            .font(.callout.weight(.semibold))
-            .padding(.horizontal, 12)
-            .padding(.vertical, 12)
-            .foregroundStyle(Palette.text)
-            .background(Palette.input)
-            .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
-        }
-        .buttonStyle(.plain)
-    }
-}
-
-private enum SetupState {
-    case ready
-    case preview
-    case needsAction
-
-    var color: Color {
-        switch self {
-        case .ready:
-            Palette.ready
-        case .preview:
-            Palette.warn
-        case .needsAction:
-            Palette.busy
-        }
-    }
-}
-
-private struct SetupChecklistRow: View {
-    let title: String
-    let detail: String
-    let state: SetupState
-
-    var body: some View {
-        HStack(alignment: .firstTextBaseline, spacing: 10) {
-            Circle()
-                .fill(state.color)
-                .frame(width: 8, height: 8)
-
-            Text(title)
-                .font(.callout.weight(.semibold))
-                .foregroundStyle(Palette.text)
-                .frame(width: 92, alignment: .leading)
-
-            Text(detail)
-                .font(.callout)
-                .foregroundStyle(Palette.muted)
-                .lineLimit(2)
-
-            Spacer(minLength: 0)
-        }
-        .padding(12)
-        .background(Palette.input)
-        .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
-    }
-}
-
-private struct SessionRow: View {
-    let session: SessionSummary
-    let isSelected: Bool
-    let action: () -> Void
-
-    var body: some View {
-        Button(action: action) {
-            HStack(alignment: .top, spacing: 10) {
-                Circle()
-                    .fill(isSelected ? Palette.accent : Palette.border)
-                    .frame(width: 9, height: 9)
-                    .padding(.top, 5)
-
-                VStack(alignment: .leading, spacing: 4) {
-                    Text(session.title)
-                        .font(.callout.weight(.semibold))
-                        .foregroundStyle(Palette.text)
-                    Text(session.id)
-                        .font(.caption.monospaced())
-                        .foregroundStyle(Palette.muted)
-                        .lineLimit(1)
-                    if !session.detail.isEmpty {
-                        Text(session.detail)
-                            .font(.caption)
-                            .foregroundStyle(Palette.muted)
-                            .lineLimit(2)
-                    }
-                }
-
-                Spacer()
-            }
-            .padding(12)
-            .background(isSelected ? Palette.chip : Palette.input)
-            .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
-        }
-        .buttonStyle(.plain)
-    }
-}
-
-private struct SummaryRow: View {
-    let title: String
-    let id: String
-    let detail: String
-
-    var body: some View {
-        VStack(alignment: .leading, spacing: 4) {
-            Text(title)
-                .font(.callout.weight(.semibold))
-                .foregroundStyle(Palette.text)
-            Text(id)
-                .font(.caption.monospaced())
-                .foregroundStyle(Palette.muted)
-            if !detail.isEmpty {
-                Text(detail)
-                    .font(.caption)
-                    .foregroundStyle(Palette.muted)
-                    .lineLimit(3)
-            }
-        }
-        .frame(maxWidth: .infinity, alignment: .leading)
-        .padding(12)
-        .background(Palette.input)
-        .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
-    }
-}
-
-private struct EmptyState: View {
-    let text: String
-
-    var body: some View {
-        Text(text)
-            .font(.callout)
-            .foregroundStyle(Palette.muted)
-            .frame(maxWidth: .infinity, alignment: .leading)
-            .padding(14)
-            .background(Palette.input)
-            .clipShape(RoundedRectangle(cornerRadius: 14, style: .continuous))
-    }
-}
-
-private struct TranscriptReaderView: View {
-    @Environment(\.dismiss) private var dismiss
-    let transcript: String
-    @Binding var fontSize: Double
-
-    var body: some View {
-        NavigationStack {
-            ZStack {
-                Palette.terminal.ignoresSafeArea()
-
-                ScrollView([.horizontal, .vertical]) {
-                    Text(transcript.isEmpty ? "No transcript loaded" : transcript)
-                        .font(.system(size: fontSize, design: .monospaced))
-                        .foregroundStyle(Palette.terminalText)
-                        .textSelection(.enabled)
-                        .frame(maxWidth: .infinity, alignment: .leading)
-                        .padding(18)
-                }
-            }
-            .navigationTitle("Reader")
-            .navigationBarTitleDisplayMode(.inline)
-            .toolbar {
-                ToolbarItem(placement: .topBarTrailing) {
-                    Button("Done") {
-                        dismiss()
-                    }
-                }
-            }
-            .safeAreaInset(edge: .bottom) {
-                Stepper(
-                    "Text \(Int(fontSize)) pt",
-                    value: $fontSize,
-                    in: 11...34,
-                    step: 1
-                )
-                .font(.callout)
-                .foregroundStyle(Palette.terminalText)
-                .padding(14)
-                .background(Palette.terminal.opacity(0.92))
-            }
-        }
-    }
-}
-
-private struct WorkspaceTextFieldStyle: TextFieldStyle {
-    func _body(configuration: TextField<Self._Label>) -> some View {
-        configuration
-            .padding(12)
-            .background(Palette.input)
-            .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
-    }
-}
-
-private struct QuietButtonStyle: ButtonStyle {
-    func makeBody(configuration: Configuration) -> some View {
-        configuration.label
-            .font(.caption.weight(.semibold))
-            .padding(.horizontal, 10)
-            .padding(.vertical, 7)
-            .foregroundStyle(Palette.text)
-            .background(Palette.input)
-            .clipShape(Capsule())
-            .opacity(configuration.isPressed ? 0.65 : 1)
-    }
-}
-
-private struct PrimaryPillButtonStyle: ButtonStyle {
-    func makeBody(configuration: Configuration) -> some View {
-        configuration.label
-            .font(.callout.weight(.semibold))
-            .padding(.horizontal, 14)
-            .padding(.vertical, 10)
-            .foregroundStyle(Palette.accentText)
-            .background(Palette.accent)
-            .clipShape(Capsule())
-            .opacity(configuration.isPressed ? 0.75 : 1)
-    }
-}
-
-private struct PlainPillButtonStyle: ButtonStyle {
-    func makeBody(configuration: Configuration) -> some View {
-        configuration.label
-            .font(.callout.weight(.semibold))
-            .padding(.horizontal, 14)
-            .padding(.vertical, 10)
-            .foregroundStyle(Palette.text)
-            .background(Palette.input)
-            .clipShape(Capsule())
-            .opacity(configuration.isPressed ? 0.70 : 1)
-    }
 }
diff --git a/apps/ios/DevOpsDefender/DDClientBridge.swift b/apps/ios/DevOpsDefender/DDClientBridge.swift
index 24d25f1..570fce8 100644
--- a/apps/ios/DevOpsDefender/DDClientBridge.swift
+++ b/apps/ios/DevOpsDefender/DDClientBridge.swift
@@ -1,26 +1,8 @@
 import Foundation
-import UserNotifications
 
 struct AgentSettings: Sendable {
     var agentURL: String
     var keyPath: String
-    var insecureSkipQuoteVerify: Bool
-    var itaAPIKey: String
-    var itaBaseURL: String
-    var itaJwksURL: String
-    var itaIssuer: String
-}
-
-struct RecipeSummary: Identifiable, Sendable {
-    let id: String
-    let title: String
-    let detail: String
-}
-
-struct SessionSummary: Identifiable, Sendable {
-    let id: String
-    let title: String
-    let detail: String
 }
 
 struct DDClientError: LocalizedError {
@@ -32,61 +14,44 @@ struct DDClientError: LocalizedError {
 }
 
 enum DDClientBridge {
-    static func importKey(keyPath: String, keyContent: String) throws -> [String: Any] {
-        try request([
+    static func importKey(keyPath: String, keyContent: String) throws {
+        _ = try request([
             "operation": "import_key",
             "key_path": keyPath,
             "key_content": keyContent
         ])
     }
 
-    static func listRecipes(settings: AgentSettings) throws -> [String: Any] {
-        try request(basePayload("recipes", settings: settings))
-    }
-
-    static func listSessions(settings: AgentSettings) throws -> [String: Any] {
-        try request(basePayload("sessions", settings: settings))
-    }
-
-    static func createShellSession(settings: AgentSettings) throws -> [String: Any] {
-        var payload = basePayload("create_session", settings: settings)
-        payload["recipe"] = "shell"
-        payload["name"] = "iOS shell"
-        return try request(payload)
-    }
-
-    static func replaySession(id: String, settings: AgentSettings) throws -> [String: Any] {
-        var payload = basePayload("replay_session", settings: settings)
-        payload["id"] = id
-        return try request(payload)
-    }
-
-    static func attachExchange(
-        id: String,
-        input: String,
-        maxBytes: Int,
-        idleTimeoutMS: Int,
-        settings: AgentSettings
-    ) throws -> [String: Any] {
-        var payload = basePayload("attach_exchange", settings: settings)
-        payload["id"] = id
-        payload["input"] = input
-        payload["max_bytes"] = maxBytes
-        payload["idle_timeout_ms"] = idleTimeoutMS
-        return try request(payload)
+    static func transcriptSnapshot(id: String, settings: AgentSettings) throws -> [String: Any] {
+        try request([
+            "operation": "attach_exchange",
+            "agent_url": settings.agentURL,
+            "key_path": settings.keyPath,
+            "insecure_skip_quote_verify": true,
+            "ita_api_key": "",
+            "ita_base_url": "",
+            "ita_jwks_url": "",
+            "ita_issuer": "",
+            "id": id,
+            "input": "",
+            "max_bytes": 131072,
+            "idle_timeout_ms": 250
+        ])
     }
 
-    private static func basePayload(_ operation: String, settings: AgentSettings) -> [String: Any] {
-        [
-            "operation": operation,
+    static func transcriptHistory(id: String, settings: AgentSettings) throws -> [String: Any] {
+        try request([
+            "operation": "replay_session",
             "agent_url": settings.agentURL,
             "key_path": settings.keyPath,
-            "insecure_skip_quote_verify": settings.insecureSkipQuoteVerify,
-            "ita_api_key": settings.itaAPIKey,
-            "ita_base_url": settings.itaBaseURL,
-            "ita_jwks_url": settings.itaJwksURL,
-            "ita_issuer": settings.itaIssuer
-        ]
+            "insecure_skip_quote_verify": true,
+            "ita_api_key": "",
+            "ita_base_url": "",
+            "ita_jwks_url": "",
+            "ita_issuer": "",
+            "id": id,
+            "max_bytes": 49152
+        ])
     }
 
     private static func request(_ payload: [String: Any]) throws -> [String: Any] {
@@ -98,7 +63,6 @@ enum DDClientBridge {
         let responsePointer = requestJSON.withCString { requestCString in
             dd_client_agent_request(requestCString)
         }
-
         guard let responsePointer else {
             throw DDClientError(message: "Rust FFI returned a null response")
         }
@@ -120,22 +84,6 @@ enum DDClientBridge {
 }
 
 enum AppDefaults {
-    static let previewAgentURL = "https://dd-pr-261-api-23bf4739-7737-483f-9256-1d184cbb7fab.devopsdefender.com"
-    static let itaBaseURL = "https://api.trustauthority.intel.com"
-    static let itaJwksURL = "https://portal.trustauthority.intel.com/certs"
-    static let itaIssuer = "https://portal.trustauthority.intel.com"
-
-    static var defaultKeyPath: String {
-        #if targetEnvironment(simulator)
-        return hostNoiseKeyPath
-        #else
-        if ProcessInfo.processInfo.isiOSAppOnMac {
-            return hostNoiseKeyPath
-        }
-        return appSupportNoiseKeyPath
-        #endif
-    }
-
     static var appSupportNoiseKeyPath: String {
         let base = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask)
             .first ?? URL(fileURLWithPath: NSHomeDirectory())
@@ -144,222 +92,105 @@ enum AppDefaults {
             .appendingPathComponent("noise.key")
             .path
     }
-
-    private static var hostNoiseKeyPath: String {
-        let environment = ProcessInfo.processInfo.environment
-        if let simulatorHostHome = environment["SIMULATOR_HOST_HOME"],
-           simulatorHostHome.hasPrefix("/Users/") {
-            return simulatorHostHome + "/.config/devopsdefender/noise.key"
-        }
-        if let hostHome = environment["HOME"],
-           hostHome.hasPrefix("/Users/"),
-           !hostHome.contains("/CoreSimulator/Devices/") {
-            return hostHome + "/.config/devopsdefender/noise.key"
-        }
-        let userName = NSUserName()
-        if userName.isEmpty {
-            return appSupportNoiseKeyPath
-        }
-        return "/Users/\(userName)/.config/devopsdefender/noise.key"
-    }
 }
 
 @MainActor
 final class ClientViewModel: ObservableObject {
-    @Published var agentURL = AppDefaults.previewAgentURL
-    @Published var keyPath = AppDefaults.defaultKeyPath
-    @Published var keyContent = ""
-    @Published var insecureSkipQuoteVerify = true
-    @Published var itaAPIKey = ""
-    @Published var itaBaseURL = AppDefaults.itaBaseURL
-    @Published var itaJwksURL = AppDefaults.itaJwksURL
-    @Published var itaIssuer = AppDefaults.itaIssuer
-    @Published var recipes: [RecipeSummary] = []
-    @Published var sessions: [SessionSummary] = []
     @Published var selectedSessionID = ""
-    @Published var quickInput = ""
     @Published var transcript = ""
-    @Published var rawResponse = ""
-    @Published var status = "Ready"
+    @Published var status = "Open a mobile link from desktop"
     @Published var isBusy = false
-    @Published var transcriptFontSize = 15.0
-    @Published var notifyOnSessionChanges = false {
-        didSet {
-            if notifyOnSessionChanges {
-                requestNotificationPermission()
-            }
-        }
-    }
-
-    private var lastSessionIDs = Set<String>()
-
-    var settings: AgentSettings {
-        AgentSettings(
-            agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
-            keyPath: keyPath.expandingTildePath,
-            insecureSkipQuoteVerify: insecureSkipQuoteVerify,
-            itaAPIKey: itaAPIKey.trimmingCharacters(in: .whitespacesAndNewlines),
-            itaBaseURL: itaBaseURL.trimmingCharacters(in: .whitespacesAndNewlines),
-            itaJwksURL: itaJwksURL.trimmingCharacters(in: .whitespacesAndNewlines),
-            itaIssuer: itaIssuer.trimmingCharacters(in: .whitespacesAndNewlines)
-        )
-    }
 
-    func usePreviewDefaults() {
-        agentURL = AppDefaults.previewAgentURL
-        keyPath = AppDefaults.defaultKeyPath
-        insecureSkipQuoteVerify = true
-        itaAPIKey = ""
-        itaBaseURL = AppDefaults.itaBaseURL
-        itaJwksURL = AppDefaults.itaJwksURL
-        itaIssuer = AppDefaults.itaIssuer
-        status = "Using PR preview defaults"
-    }
-
-    func usePreviewDefaultsAndLoad() {
-        usePreviewDefaults()
-        let settings = settings
-        run("Checking setup") {
-            let recipesResponse = try DDClientBridge.listRecipes(settings: settings)
-            let sessionsResponse = try DDClientBridge.listSessions(settings: settings)
-            let recipes = extractRecipes(from: recipesResponse["value"])
-            let sessions = extractSessions(from: sessionsResponse["value"])
-            return ClientUpdate(
-                status: "Ready: \(recipes.count) recipes, \(sessions.count) sessions",
-                recipes: recipes,
-                sessions: sessions,
-                rawResponse: prettyJSONString([
-                    "recipes": recipesResponse,
-                    "sessions": sessionsResponse
-                ])
-            )
-        }
-    }
-
-    func useAppSupportKeyPath() {
-        keyPath = AppDefaults.appSupportNoiseKeyPath
-    }
+    private var agentURL = ""
+    private var keyPath = AppDefaults.appSupportNoiseKeyPath
+    private var refreshTask: Task<Void, Never>?
+    private var terminalRenderer = TerminalScreenRenderer(width: 96, maxRows: 160)
 
-    func importPastedKey() {
-        let path = keyPath.expandingTildePath
-        let content = keyContent.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !content.isEmpty else {
-            status = "Paste a 32-byte key as hex or base64 first"
-            return
-        }
-        run("Importing key") {
-            let response = try DDClientBridge.importKey(keyPath: path, keyContent: content)
-            return ClientUpdate(
-                status: "Imported key to \(response["key_path"] as? String ?? path)",
-                rawResponse: prettyJSONString(response)
-            )
-        }
+    var hasLinkedSession: Bool {
+        !selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
     }
 
-    func loadRecipes() {
-        let settings = settings
-        run("Loading recipes") {
-            let response = try DDClientBridge.listRecipes(settings: settings)
-            return ClientUpdate(
-                status: "Loaded recipes",
-                recipes: extractRecipes(from: response["value"]),
-                rawResponse: prettyJSONString(response)
-            )
+    var linkedSessionTitle: String {
+        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        if id.isEmpty {
+            return "No linked session"
         }
+        return "Session \(String(id.prefix(8)))"
     }
 
-    func loadSessions() {
-        let settings = settings
-        run("Loading sessions") {
-            let response = try DDClientBridge.listSessions(settings: settings)
-            let sessions = extractSessions(from: response["value"])
-            return ClientUpdate(
-                status: "Loaded \(sessions.count) sessions",
-                sessions: sessions,
-                rawResponse: prettyJSONString(response)
-            )
+    func openMobileLink(_ url: URL) {
+        guard url.scheme == "devopsdefender",
+              url.host == "session",
+              let components = URLComponents(url: url, resolvingAgainstBaseURL: false) else {
+            status = "Unsupported mobile link"
+            return
         }
-    }
 
-    func createShellSession() {
-        let settings = settings
-        run("Creating shell session") {
-            let response = try DDClientBridge.createShellSession(settings: settings)
-            let id = response["session_id"] as? String ?? ""
-            return ClientUpdate(
-                status: id.isEmpty ? "Created shell session" : "Created shell session \(id)",
-                selectedSessionID: id,
-                rawResponse: prettyJSONString(response)
-            )
+        var query: [String: String] = [:]
+        for item in components.queryItems ?? [] {
+            query[item.name] = item.value
         }
-    }
 
-    func replaySelectedSession() {
-        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !id.isEmpty else {
-            status = "Select or enter a session id first"
+        guard let agent = query["agent"], !agent.isEmpty,
+              let id = query["id"], !id.isEmpty else {
+            status = "Mobile link missing agent or session"
             return
         }
-        let settings = settings
-        run("Replaying session") {
-            let response = try DDClientBridge.replaySession(id: id, settings: settings)
-            return ClientUpdate(
-                status: "Replayed \(id)",
-                transcript: transcriptText(from: response["value"]),
-                rawResponse: prettyJSONString(response)
-            )
-        }
-    }
 
-    func attachSelectedSession() {
-        attach(input: "", statusText: "Attaching for output")
-    }
+        refreshTask?.cancel()
+        agentURL = agent
+        selectedSessionID = id
+        keyPath = AppDefaults.appSupportNoiseKeyPath
+        transcript = ""
+        terminalRenderer = TerminalScreenRenderer(width: 96, maxRows: 160)
 
-    func sendQuickInput(_ input: String? = nil) {
-        let text = input ?? quickInput
-        guard !text.isEmpty else {
-            status = "Enter text or use a quick key"
+        if let key = query["key"], !key.isEmpty {
+            importKeyAndLoadTranscript(key)
             return
         }
-        let normalized = text.hasSuffix("\n") ? text : text + "\n"
-        attach(input: normalized, statusText: "Sending short input")
-        if input == nil {
-            quickInput = ""
+
+        if FileManager.default.fileExists(atPath: keyPath.expandingTildePath) {
+            loadTranscript()
+        } else {
+            status = "Linked \(linkedSessionTitle); link did not include key"
         }
     }
 
-    func selectSession(_ session: SessionSummary) {
-        selectedSessionID = session.id
-        transcript = session.detail
+    private func importKeyAndLoadTranscript(_ key: String) {
+        let path = keyPath.expandingTildePath
+        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        let settings = AgentSettings(
+            agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
+            keyPath: path
+        )
+        run("Importing key", keepRefreshing: true) {
+            try DDClientBridge.importKey(keyPath: path, keyContent: key)
+            return initialTranscriptUpdate(id: id, settings: settings)
+        }
     }
 
-    private func attach(input: String, statusText: String) {
+    private func loadTranscript() {
         let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
         guard !id.isEmpty else {
-            status = "Select or enter a session id first"
+            status = "No linked session"
             return
         }
-        let settings = settings
-        run(statusText) {
-            let response = try DDClientBridge.attachExchange(
-                id: id,
-                input: input,
-                maxBytes: 128 * 1024,
-                idleTimeoutMS: 1200,
-                settings: settings
-            )
-            let text = response["text"] as? String ?? ""
-            return ClientUpdate(
-                status: input.isEmpty ? "Attached and detached without closing \(id)" : "Sent input and detached without closing \(id)",
-                transcript: text.isEmpty ? "(no new output before idle timeout)" : text,
-                rawResponse: prettyJSONString(response)
-            )
-        }
-    }
-
-    private func run(_ pendingStatus: String, work: @escaping @Sendable () throws -> ClientUpdate) {
+        let settings = AgentSettings(
+            agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
+            keyPath: keyPath.expandingTildePath
+        )
+        run("Loading transcript", keepRefreshing: true) {
+            initialTranscriptUpdate(id: id, settings: settings)
+        }
+    }
+
+    private func run(
+        _ pendingStatus: String,
+        keepRefreshing: Bool = false,
+        work: @escaping @Sendable () throws -> ClientUpdate
+    ) {
         guard !isBusy else {
-            status = "Another request is already running"
+            status = "Already loading"
             return
         }
         isBusy = true
@@ -369,7 +200,11 @@ final class ClientViewModel: ObservableObject {
                 let update = try await Task.detached(priority: .userInitiated) {
                     try work()
                 }.value
+                status = update.status
                 apply(update)
+                if keepRefreshing {
+                    startRefreshing()
+                }
             } catch {
                 status = error.localizedDescription
             }
@@ -377,57 +212,53 @@ final class ClientViewModel: ObservableObject {
         }
     }
 
-    private func apply(_ update: ClientUpdate) {
-        status = update.status
-        rawResponse = update.rawResponse ?? rawResponse
-        if let recipes = update.recipes {
-            self.recipes = recipes
-        }
-        if let sessions = update.sessions {
-            handleSessionUpdate(sessions)
-        }
-        if let selectedSessionID = update.selectedSessionID, !selectedSessionID.isEmpty {
-            self.selectedSessionID = selectedSessionID
-        }
-        if let transcript = update.transcript {
-            self.transcript = transcript
+    private func startRefreshing() {
+        refreshTask?.cancel()
+        refreshTask = Task { [weak self] in
+            while !Task.isCancelled {
+                try? await Task.sleep(nanoseconds: 650_000_000)
+                self?.refreshTranscript()
+            }
         }
     }
 
-    private func handleSessionUpdate(_ sessions: [SessionSummary]) {
-        let newIDs = Set(sessions.map(\.id))
-        let added = newIDs.subtracting(lastSessionIDs)
-        self.sessions = sessions
-        if notifyOnSessionChanges, !lastSessionIDs.isEmpty, !added.isEmpty {
-            scheduleNotification(title: "DevOps Defender sessions changed", body: "New sessions: \(added.sorted().joined(separator: ", "))")
+    private func refreshTranscript() {
+        guard hasLinkedSession, !isBusy else {
+            return
+        }
+        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        let settings = AgentSettings(
+            agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
+            keyPath: keyPath.expandingTildePath
+        )
+        isBusy = true
+        Task {
+            do {
+                let update = try await Task.detached(priority: .utility) {
+                    try transcriptUpdate(id: id, settings: settings)
+                }.value
+                status = update.status
+                apply(update)
+            } catch {
+                status = error.localizedDescription
+            }
+            isBusy = false
         }
-        lastSessionIDs = newIDs
-    }
-
-    private func requestNotificationPermission() {
-        UNUserNotificationCenter.current().requestAuthorization(options: [.alert, .sound]) { _, _ in }
     }
 
-    private func scheduleNotification(title: String, body: String) {
-        let content = UNMutableNotificationContent()
-        content.title = title
-        content.body = body
-        let request = UNNotificationRequest(
-            identifier: "dd-client-session-\(UUID().uuidString)",
-            content: content,
-            trigger: nil
-        )
-        UNUserNotificationCenter.current().add(request)
+    private func apply(_ update: ClientUpdate) {
+        guard !update.terminalText.isEmpty else {
+            return
+        }
+        terminalRenderer.feed(update.terminalText.unicodeScalars)
+        let rendered = terminalRenderer.renderedText()
+        transcript = rendered.isEmpty ? "(no transcript output before idle timeout)" : rendered
     }
 }
 
 private struct ClientUpdate: Sendable {
     var status: String
-    var recipes: [RecipeSummary]?
-    var sessions: [SessionSummary]?
-    var selectedSessionID: String?
-    var transcript: String?
-    var rawResponse: String?
+    var terminalText: String
 }
 
 private extension String {
@@ -436,13 +267,23 @@ private extension String {
     }
 }
 
-private func prettyJSONString(_ value: Any) -> String {
-    guard JSONSerialization.isValidJSONObject(value),
-          let data = try? JSONSerialization.data(withJSONObject: value, options: [.prettyPrinted, .sortedKeys]),
-          let text = String(data: data, encoding: .utf8) else {
-        return "\(value)"
+private func transcriptUpdate(id: String, settings: AgentSettings) throws -> ClientUpdate {
+    let response = try DDClientBridge.transcriptSnapshot(id: id, settings: settings)
+    return ClientUpdate(
+        status: "Loaded \(id)",
+        terminalText: transcriptText(from: response)
+    )
+}
+
+private func initialTranscriptUpdate(id: String, settings: AgentSettings) -> ClientUpdate {
+    if let response = try? DDClientBridge.transcriptHistory(id: id, settings: settings) {
+        let history = historyText(from: response)
+        if !history.isEmpty {
+            return ClientUpdate(status: "Loaded \(id)", terminalText: history)
+        }
     }
-    return text
+    return (try? transcriptUpdate(id: id, settings: settings))
+        ?? ClientUpdate(status: "Loaded \(id)", terminalText: "")
 }
 
 private func transcriptText(from value: Any?) -> String {
@@ -452,6 +293,24 @@ private func transcriptText(from value: Any?) -> String {
     return prettyJSONString(value ?? [:])
 }
 
+private func historyText(from value: Any?) -> String {
+    guard let encoded = firstString(for: ["bytes_b64"], in: value),
+          let data = Data(base64Encoded: encoded),
+          let text = String(data: data, encoding: .utf8) else {
+        return transcriptText(from: value)
+    }
+    return text
+}
+
+private func prettyJSONString(_ value: Any) -> String {
+    guard JSONSerialization.isValidJSONObject(value),
+          let data = try? JSONSerialization.data(withJSONObject: value, options: [.prettyPrinted, .sortedKeys]),
+          let text = String(data: data, encoding: .utf8) else {
+        return "\(value)"
+    }
+    return text
+}
+
 private func firstString(for keys: [String], in value: Any?) -> String? {
     if let dict = value as? [String: Any] {
         for key in keys {
@@ -475,60 +334,297 @@ private func firstString(for keys: [String], in value: Any?) -> String? {
     return nil
 }
 
-private func extractRecipes(from value: Any?) -> [RecipeSummary] {
-    extractDictionaries(from: value).compactMap { dict in
-        guard let id = stringValue(dict["id"]) ?? stringValue(dict["recipe_id"]) ?? stringValue(dict["name"]) else {
-            return nil
+private final class TerminalScreenRenderer {
+    private let width: Int
+    private let maxRows: Int
+    private var rows: [[UnicodeScalar]]
+    private var row = 0
+    private var column = 0
+
+    init(width: Int, maxRows: Int) {
+        self.width = width
+        self.maxRows = maxRows
+        self.rows = [Self.blankRow(width: width)]
+    }
+
+    func feed(_ scalars: String.UnicodeScalarView) {
+        feed(Array(scalars))
+    }
+
+    func renderedText() -> String {
+        rows
+            .map { trimTrailingSpaces(String(String.UnicodeScalarView($0))) }
+            .joined(separator: "\n")
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
+    private func feed(_ scalars: [UnicodeScalar]) {
+    var index = 0
+
+    while index < scalars.count {
+        let scalar = scalars[index]
+        let value = scalar.value
+
+        if value == 0x1B {
+                index = handleEscapeSequence(in: scalars, from: index)
+                continue
+            }
+
+            if value == 0x9B {
+                index = handleCSISequence(in: scalars, from: index + 1)
+                continue
+            }
+
+            if value == 0x9D {
+                index = skipOSCSequence(in: scalars, from: index + 1)
+            continue
+        }
+
+            if let next = skipOrphanCSIFragmentIfPresent(in: scalars, from: index) {
+                index = next
+                continue
+            }
+
+        if value == 0x08 {
+                column = max(0, column - 1)
+            index += 1
+            continue
+        }
+
+        if value == 0x0D {
+                column = 0
+            index += 1
+            continue
         }
-        let title = stringValue(dict["name"]) ?? id
-        let detail = [stringValue(dict["description"]), stringValue(dict["command"])]
-            .compactMap { $0 }
-            .joined(separator: " ")
-        return RecipeSummary(id: id, title: title, detail: detail)
+
+            if value == 0x0A {
+                row += 1
+                column = 0
+                clampCursor()
+                index += 1
+                continue
+            }
+
+            if value == 0x09 {
+                let spaces = max(1, 4 - (column % 4))
+                for _ in 0..<spaces {
+                    put(" ")
+                }
+                index += 1
+                continue
+            }
+
+            if value >= 0x20 {
+                put(scalar)
+        }
+        index += 1
     }
-}
+    }
+
+    private func put(_ scalar: UnicodeScalar) {
+        clampCursor()
+        rows[row][column] = scalar
+        column += 1
+        if column >= width {
+            column = 0
+            row += 1
+            clampCursor()
+            }
+        }
 
-private func extractSessions(from value: Any?) -> [SessionSummary] {
-    extractDictionaries(from: value).compactMap { dict in
-        guard let id = stringValue(dict["id"]) ?? stringValue(dict["session_id"]) else {
+    private func clampCursor() {
+        row = max(0, row)
+        column = max(0, min(column, width - 1))
+        while rows.count <= row {
+            rows.append(Self.blankRow(width: width))
+        }
+        while rows.count > maxRows {
+            rows.removeFirst()
+            row = max(0, row - 1)
+        }
+    }
+
+    private func handleEscapeSequence(in scalars: [UnicodeScalar], from start: Int) -> Int {
+        let index = start + 1
+        guard index < scalars.count else {
+            return index
+        }
+
+        let introducer = scalars[index].value
+        if introducer == 0x5B {
+            return handleCSISequence(in: scalars, from: index + 1)
+        }
+        if introducer == 0x5D {
+            return skipOSCSequence(in: scalars, from: index + 1)
+        }
+
+        return min(index + 1, scalars.count)
+    }
+
+    private func skipOSCSequence(in scalars: [UnicodeScalar], from start: Int) -> Int {
+        var index = start
+        while index < scalars.count {
+            let value = scalars[index].value
+            if value == 0x07 {
+                return index + 1
+            }
+            if value == 0x1B, index + 1 < scalars.count, scalars[index + 1].value == 0x5C {
+                return index + 2
+        }
+            index += 1
+        }
+        return index
+    }
+
+    private func skipOrphanCSIFragmentIfPresent(in scalars: [UnicodeScalar], from start: Int) -> Int? {
+        guard start < scalars.count else {
             return nil
         }
-        let title = stringValue(dict["name"]) ?? stringValue(dict["recipe_id"]) ?? "Session"
-        let detail = [
-            stringValue(dict["status"]),
-            stringValue(dict["state"]),
-            stringValue(dict["recipe"]),
-            stringValue(dict["recipe_id"]),
-            stringValue(dict["created_at"]),
-            stringValue(dict["updated_at"])
-        ]
-        .compactMap { $0 }
-        .joined(separator: " · ")
-        return SessionSummary(id: id, title: title, detail: detail)
+        let first = scalars[start].value
+        guard first == 0x3B || first == 0x3F || first == 0x5B else {
+            return nil
+        }
+
+        var index = start
+        if first == 0x5B {
+            index += 1
+        }
+
+        let scanLimit = min(index + 20, scalars.count)
+        while index < scanLimit {
+            let value = scalars[index].value
+            if value >= 0x30, value <= 0x39
+                || value == 0x3B
+                || value == 0x3F
+                || value == 0x3D
+                || value == 0x3E
+                || value == 0x3C {
+                index += 1
+                continue
+            }
+
+            if isCSIControlFinal(value) {
+                return index + 1
+            }
+            return nil
+        }
+        return nil
     }
-}
 
-private func extractDictionaries(from value: Any?) -> [[String: Any]] {
-    if let dict = value as? [String: Any] {
-        var result = [dict]
-        for nested in dict.values {
-            result.append(contentsOf: extractDictionaries(from: nested))
+    private func isCSIControlFinal(_ value: UInt32) -> Bool {
+        switch value {
+        case 0x41, 0x42, 0x43, 0x44, 0x47, 0x48, 0x4A, 0x4B, 0x66, 0x68, 0x6C, 0x6D:
+            return true
+        default:
+            return false
         }
-        return result
     }
-    if let array = value as? [Any] {
-        return array.flatMap { extractDictionaries(from: $0) }
+
+    private func handleCSISequence(in scalars: [UnicodeScalar], from start: Int) -> Int {
+        var index = start
+        var raw = ""
+        while index < scalars.count {
+            let value = scalars[index].value
+            if value >= 0x40, value <= 0x7E {
+                applyCSI(raw, final: Character(UnicodeScalar(value)!))
+            index += 1
+                return index
+            }
+            raw.unicodeScalars.append(scalars[index])
+            index += 1
+        }
+        return index
+    }
+
+    private func applyCSI(_ raw: String, final: Character) {
+        let params = parseCSIParams(raw)
+        let amount = max(1, params.first ?? 1)
+
+        switch final {
+        case "A":
+            row -= amount
+        case "B":
+            row += amount
+        case "C":
+            column += amount
+        case "D":
+            column -= amount
+        case "G":
+            column = max(0, amount - 1)
+        case "H", "f":
+            row = max(0, (params.first ?? 1) - 1)
+            column = max(0, (params.dropFirst().first ?? 1) - 1)
+        case "J":
+            eraseDisplay(mode: params.first ?? 0)
+        case "K":
+            eraseLine(mode: params.first ?? 0)
+        default:
+            break
+        }
+        clampCursor()
+    }
+
+    private func eraseDisplay(mode: Int) {
+        clampCursor()
+        switch mode {
+        case 2, 3:
+            rows = [Self.blankRow(width: width)]
+            row = 0
+            column = 0
+        case 1:
+            for y in 0...row {
+                let end = y == row ? column : width - 1
+                guard end >= 0 else { continue }
+                for x in 0...end {
+                    rows[y][x] = " "
+                }
+            }
+        default:
+            for y in row..<rows.count {
+                let start = y == row ? column : 0
+                guard start < width else { continue }
+                for x in start..<width {
+                    rows[y][x] = " "
+                }
+            }
+        }
+    }
+
+    private func eraseLine(mode: Int) {
+        clampCursor()
+        switch mode {
+        case 1:
+            for x in 0...column {
+                rows[row][x] = " "
+            }
+        case 2:
+            rows[row] = Self.blankRow(width: width)
+        default:
+            for x in column..<width {
+                rows[row][x] = " "
+            }
+        }
+    }
+
+    private func parseCSIParams(_ raw: String) -> [Int] {
+        let cleaned = raw.trimmingCharacters(in: CharacterSet(charactersIn: "?=><"))
+        if cleaned.isEmpty {
+            return []
+        }
+        return cleaned.split(separator: ";", omittingEmptySubsequences: false).map {
+            Int($0) ?? 0
+        }
+    }
+
+    private static func blankRow(width: Int) -> [UnicodeScalar] {
+        Array(repeating: " ", count: width)
     }
-    return []
 }
 
-private func stringValue(_ value: Any?) -> String? {
-    switch value {
-    case let value as String where !value.isEmpty:
-        return value
-    case let value as NSNumber:
-        return value.stringValue
-    default:
-        return nil
+private func trimTrailingSpaces(_ line: String) -> String {
+    var line = line
+    while line.last == " " || line.last == "\t" {
+        line.removeLast()
     }
+    return line
 }
diff --git a/apps/ios/DevOpsDefender/Info.plist b/apps/ios/DevOpsDefender/Info.plist
index 397d9c9..7312964 100644
--- a/apps/ios/DevOpsDefender/Info.plist
+++ b/apps/ios/DevOpsDefender/Info.plist
@@ -17,6 +17,17 @@
   <string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
   <key>CFBundleShortVersionString</key>
   <string>0.1</string>
+  <key>CFBundleURLTypes</key>
+  <array>
+    <dict>
+      <key>CFBundleURLName</key>
+      <string>DevOps Defender Session</string>
+      <key>CFBundleURLSchemes</key>
+      <array>
+        <string>devopsdefender</string>
+      </array>
+    </dict>
+  </array>
   <key>CFBundleVersion</key>
   <string>1</string>
   <key>LSRequiresIPhoneOS</key>
@@ -28,4 +39,3 @@
   </dict>
 </dict>
 </plist>
-
diff --git a/apps/ios/README.md b/apps/ios/README.md
index e889938..4aa6760 100644
--- a/apps/ios/README.md
+++ b/apps/ios/README.md
@@ -1,20 +1,55 @@
 # iOS Client
 
-Native SwiftUI client backed by `dd-client-core` through `dd-client-ffi`.
-Swift owns the UI and lifecycle; Rust owns direct Noise transport, quote
-verification, recipes, sessions, replay, and attach/write/detach primitives.
+Native SwiftUI companion for `dd-client` CLI sessions.
 
-The current vertical slice targets PR preview testing against:
+The desktop CLI owns agent selection, session creation, enrollment, and full
+terminal attach. The iOS app only opens a desktop-generated session link and
+shows the replayed transcript.
+
+## Desktop Flow
+
+Start or reattach a CLI session first:
+
+```bash
+cd ~/src/dd-client
+
+cargo run -p dd-client -- shell \
+  --url "$AGENT_URL" \
+  --key "$HOME/.config/devopsdefender/noise.key" \
+  --insecure-skip-quote-verify \
+  --recipe codex-podman \
+  --name "dogfood codex"
+```
+
+Detach without closing the session with `Ctrl-]`, then list sessions if needed:
+
+```bash
+cargo run -p dd-client -- sessions \
+  --url "$AGENT_URL" \
+  --key "$HOME/.config/devopsdefender/noise.key" \
+  --insecure-skip-quote-verify
+```
+
+Generate the iOS link:
 
 ```bash
-https://dd-pr-261-api-23bf4739-7737-483f-9256-1d184cbb7fab.devopsdefender.com
+cargo run -p dd-client -- mobile-link \
+  --url "$AGENT_URL" \
+  --key "$HOME/.config/devopsdefender/noise.key" \
+  --id "$SESSION_ID" \
+  --include-key
 ```
 
-The app defaults to that URL and, on simulator or "Designed for iPad on Mac",
-tries `~/.config/devopsdefender/noise.key`. On sandboxed installs, use the
-"Use app support key path" button and paste/import the Noise key content.
+Open the printed `devopsdefender://session?...` link on iOS, or render the QR
+with the printed `qrencode` command. With `--include-key`, the link contains the
+Noise private key and the app imports it before replaying; treat the link or QR
+as secret.
 
-To copy the local key as hex for paste/import:
+## Key Import Fallback
+
+Prefer `--include-key` so the link is self-contained. If you omit it, the app
+can only replay after a key has already been imported into its Application
+Support directory.
 
 ```bash
 xxd -p -c 256 "$HOME/.config/devopsdefender/noise.key" | pbcopy
@@ -22,22 +57,12 @@ xxd -p -c 256 "$HOME/.config/devopsdefender/noise.key" | pbcopy
 
 ## App Workflow
 
-- The first card is "Quick setup". Tap "Use defaults & load" for PR preview
-  testing; it restores the PR #261 URL, uses the default Noise key path, skips
-  quote verification, and loads recipes plus sessions.
-- If the key is not found, copy the 32-byte Noise key as hex/base64, then use
-  the app's paste/import control. "Use app key path" switches to app storage for
-  sandboxed installs.
-- Tap "Create shell session" to create a session with recipe `shell`.
-- Select a session, then use "Replay transcript" or "Attach / refresh output".
-- Use "Reader" and the zoom stepper for larger transcript text when reading
-  output on mobile.
-- Use quick write controls for common agent prompts: `1`, `2`, `Enter`, or a
-  short custom line. Attach/write/detach does not close the remote session.
-- Enable session notifications to get a local notification when a newly listed
-  session appears while the app is active.
-
-This app intentionally does not embed a browser shell or fallback web terminal.
+- Open a `devopsdefender://session?...` link or scan its QR code.
+- The app imports the embedded key when present.
+- The app replays the linked session transcript.
+
+The app intentionally does not create sessions, list recipes, browse agents,
+attach for live I/O, or send input.
 
 ## Prerequisites
 
@@ -64,71 +89,3 @@ The Xcode project is generated from `project.yml`. Keep
 `SUPPORTS_MAC_DESIGNED_FOR_IPHONE_IPAD = YES` and
 `SUPPORTS_MACCATALYST = NO`; this target is iOS compatibility mode, not
 Catalyst.
-
-## Build For iOS Simulator
-
-Use an available simulator destination from `xcodebuild -showdestinations`.
-Example compile command:
-
-```bash
-cd apps/ios
-xcodebuild \
-  -project DevOpsDefender.xcodeproj \
-  -scheme DevOpsDefender \
-  -configuration Debug \
-  -destination 'generic/platform=iOS Simulator' \
-  -derivedDataPath /private/tmp/dd-client-xcode-derived \
-  ARCHS=arm64 \
-  ONLY_ACTIVE_ARCH=YES \
-  CODE_SIGNING_ALLOWED=NO \
-  build
-```
-
-## Build For "Designed For iPad On Mac"
-
-Compile without signing:
-
-```bash
-cd apps/ios
-xcodebuild -project DevOpsDefender.xcodeproj -scheme DevOpsDefender -showdestinations
-xcodebuild \
-  -project DevOpsDefender.xcodeproj \
-  -scheme DevOpsDefender \
-  -configuration Debug \
-  -destination 'platform=macOS,id=<my-mac-designed-for-ipad-id>' \
-  -derivedDataPath /private/tmp/dd-client-xcode-derived \
-  CODE_SIGNING_ALLOWED=NO \
-  build
-```
-
-Build/sign for local "My Mac (Designed for iPad)":
-
-```bash
-cd apps/ios
-DD_DEVELOPMENT_TEAM=<apple-team-id> ./run-designed-for-ipad-on-mac.sh
-```
-
-The script defaults the bundle identifier to
-`dev.devopsdefender.client.team<apple-team-id>` and passes
-`-allowProvisioningUpdates` so Xcode can create a local development profile.
-If Apple reports that a bundle identifier is unavailable, choose another unique
-one:
-
-```bash
-DD_DEVELOPMENT_TEAM=<apple-team-id> \
-DD_BUNDLE_ID=com.<your-name>.devopsdefender.client \
-./run-designed-for-ipad-on-mac.sh
-```
-
-`xcodebuild` can build the local Mac compatibility destination, but
-`devicectl` does not list that destination. After the script builds the signed
-app, open `DevOpsDefender.xcodeproj`, select "My Mac (Designed for iPad)", and
-press Run.
-
-For a physical iPhone or iPad, install and launch with CoreDevice:
-
-```bash
-cd apps/ios
-xcrun devicectl list devices
-DD_DEVELOPMENT_TEAM=<apple-team-id> DD_COREDEVICE_ID=<device-id> ./run-designed-for-ipad-on-mac.sh
-```
diff --git a/apps/ios/project.yml b/apps/ios/project.yml
index 9280429..2d9cf9c 100644
--- a/apps/ios/project.yml
+++ b/apps/ios/project.yml
@@ -18,7 +18,6 @@ targets:
         basedOnDependencyAnalysis: false
     settings:
       base:
-        DD_PRODUCT_BUNDLE_IDENTIFIER: dev.devopsdefender.client.team$(DEVELOPMENT_TEAM)
         PRODUCT_BUNDLE_IDENTIFIER: "$(DD_PRODUCT_BUNDLE_IDENTIFIER)"
         PRODUCT_NAME: DevOpsDefender
         TARGETED_DEVICE_FAMILY: "1,2"
diff --git a/crates/dd-client-cli/src/main.rs b/crates/dd-client-cli/src/main.rs
index 6778815..774088d 100644
--- a/crates/dd-client-cli/src/main.rs
+++ b/crates/dd-client-cli/src/main.rs
@@ -1,4 +1,4 @@
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 
 use anyhow::{anyhow, Context};
 use clap::{Args, Parser, Subcommand};
@@ -24,6 +24,7 @@ struct Cli {
 enum Command {
     Keygen(KeygenArgs),
     Pubkey(KeyOnlyArgs),
+    MobileLink(MobileLinkArgs),
     Recipes(ConnectArgs),
     Sessions(ConnectArgs),
     Create(CreateArgs),
@@ -51,6 +52,18 @@ struct KeygenArgs {
     label: Option<String>,
 }
 
+#[derive(Args)]
+struct MobileLinkArgs {
+    #[arg(long)]
+    url: String,
+    #[arg(long)]
+    id: String,
+    #[arg(long)]
+    key: Option<PathBuf>,
+    #[arg(long)]
+    include_key: bool,
+}
+
 #[derive(Args, Clone)]
 struct ConnectArgs {
     #[arg(long)]
@@ -87,6 +100,8 @@ struct SessionArgs {
     connect: ConnectArgs,
     #[arg(long)]
     id: String,
+    #[arg(long)]
+    max_bytes: Option<usize>,
 }
 
 #[derive(Args)]
@@ -129,6 +144,9 @@ async fn main() -> anyhow::Result<()> {
         Command::Pubkey(args) => {
             println!("{}", public_key_hex(&args.key).await?);
         }
+        Command::MobileLink(args) => {
+            print_mobile_link(args).await?;
+        }
         Command::Recipes(args) => {
             let mut conn = connect(&connection_options(args)?).await?;
             print_json(list_recipes(&mut conn).await?)?;
@@ -143,7 +161,7 @@ async fn main() -> anyhow::Result<()> {
         }
         Command::Replay(args) => {
             let mut conn = connect(&connection_options(args.connect)?).await?;
-            print_json(replay_session(&mut conn, &args.id).await?)?;
+            print_json(replay_session(&mut conn, &args.id, args.max_bytes).await?)?;
         }
         Command::Resize(args) => {
             let mut conn = connect(&connection_options(args.connect)?).await?;
@@ -180,6 +198,88 @@ async fn main() -> anyhow::Result<()> {
     Ok(())
 }
 
+async fn print_mobile_link(args: MobileLinkArgs) -> anyhow::Result<()> {
+    let key_hex = if args.include_key {
+        let key = args
+            .key
+            .as_deref()
+            .ok_or_else(|| anyhow!("--key is required with --include-key"))?;
+        Some(load_key_hex(key).await?)
+    } else {
+        None
+    };
+    let link = mobile_session_url(&args.url, &args.id, key_hex.as_deref());
+    println!("{link}");
+
+    if let Some(key) = args.key {
+        println!();
+        println!("pubkey: {}", public_key_hex(&key).await?);
+        println!(
+            "key import: xxd -p -c 256 {} | pbcopy",
+            shell_quote_path(&key)
+        );
+    }
+
+    println!();
+    if args.include_key {
+        println!();
+        println!("warning: this link contains the Noise private key; treat the QR as secret");
+    }
+
+    println!();
+    println!("Open this link on iPhone, or make a QR with:");
+    println!("qrencode -t ansiutf8 '{}'", shell_escape_single(&link));
+    Ok(())
+}
+
+fn mobile_session_url(agent_url: &str, session_id: &str, key_hex: Option<&str>) -> String {
+    let mut url = format!(
+        "devopsdefender://session?agent={}&id={}&skip_quote_verify=1",
+        percent_encode(agent_url),
+        percent_encode(session_id)
+    );
+    if let Some(key_hex) = key_hex {
+        url.push_str("&key=");
+        url.push_str(&percent_encode(key_hex));
+    }
+    url
+}
+
+async fn load_key_hex(path: &Path) -> anyhow::Result<String> {
+    let bytes = tokio::fs::read(path)
+        .await
+        .with_context(|| format!("read {}", path.display()))?;
+    if bytes.len() != 32 {
+        anyhow::bail!("{} is {} bytes, expected 32", path.display(), bytes.len());
+    }
+    Ok(bytes.iter().map(|byte| format!("{byte:02x}")).collect())
+}
+
+fn percent_encode(value: &str) -> String {
+    let mut out = String::new();
+    for byte in value.bytes() {
+        match byte {
+            b'A'..=b'Z' | b'a'..=b'z' | b'0'..=b'9' | b'-' | b'_' | b'.' | b'~' => {
+                out.push(byte as char)
+            }
+            _ => out.push_str(&format!("%{byte:02X}")),
+        }
+    }
+    out
+}
+
+fn shell_quote_path(path: &std::path::Path) -> String {
+    shell_quote(&path.to_string_lossy())
+}
+
+fn shell_quote(value: &str) -> String {
+    format!("'{}'", shell_escape_single(value))
+}
+
+fn shell_escape_single(value: &str) -> String {
+    value.replace('\'', "'\\''")
+}
+
 fn create_request(args: &CreateArgs) -> CreateSessionRequest {
     CreateSessionRequest {
         recipe: args.recipe.clone(),
diff --git a/crates/dd-client-core/src/lib.rs b/crates/dd-client-core/src/lib.rs
index aa905dc..8334dbe 100644
--- a/crates/dd-client-core/src/lib.rs
+++ b/crates/dd-client-core/src/lib.rs
@@ -144,12 +144,19 @@ pub async fn create_session(
     conn.call(Value::Object(body)).await
 }
 
-pub async fn replay_session(conn: &mut NoiseConnection, id: &str) -> anyhow::Result<Value> {
-    conn.call(serde_json::json!({
+pub async fn replay_session(
+    conn: &mut NoiseConnection,
+    id: &str,
+    max_bytes: Option<usize>,
+) -> anyhow::Result<Value> {
+    let mut request = serde_json::json!({
         "method": "shell.replay_session",
         "id": id,
-    }))
-    .await
+    });
+    if let Some(max_bytes) = max_bytes {
+        request["max_bytes"] = serde_json::json!(max_bytes);
+    }
+    conn.call(request).await
 }
 
 pub async fn resize_session(
diff --git a/crates/dd-client-ffi/src/lib.rs b/crates/dd-client-ffi/src/lib.rs
index 1b921b5..717e64e 100644
--- a/crates/dd-client-ffi/src/lib.rs
+++ b/crates/dd-client-ffi/src/lib.rs
@@ -1,6 +1,9 @@
 use std::ffi::{CStr, CString};
+use std::future::Future;
 use std::os::raw::c_char;
 use std::path::{Path, PathBuf};
+use std::sync::OnceLock;
+use std::thread;
 use std::time::Duration;
 
 use base64::Engine as _;
@@ -15,6 +18,8 @@ const DEFAULT_ITA_ISSUER: &str = "https://portal.trustauthority.intel.com";
 const DEFAULT_ATTACH_MAX_BYTES: usize = 128 * 1024;
 const MAX_ATTACH_BYTES: usize = 1024 * 1024;
 const DEFAULT_ATTACH_IDLE_TIMEOUT_MS: u64 = 1200;
+const DEFAULT_REPLAY_MAX_BYTES: usize = 48 * 1024;
+const MAX_REPLAY_BYTES: usize = 48 * 1024;
 
 #[no_mangle]
 pub extern "C" fn dd_client_keygen(
@@ -67,13 +72,11 @@ fn keygen(
     let cp_url = optional_c_string(cp_url)?;
     let label = optional_c_string(label)?;
 
-    let runtime = tokio::runtime::Builder::new_current_thread()
-        .enable_all()
-        .build()
-        .map_err(|e| e.to_string())?;
-    let pubkey_hex = runtime
-        .block_on(dd_client_core::public_key_hex(Path::new(&key_path)))
-        .map_err(|e| e.to_string())?;
+    let key_path = PathBuf::from(key_path);
+    let pubkey_hex =
+        block_on_ffi_result(
+            move || async move { dd_client_core::public_key_hex(&key_path).await },
+        )?;
     let enrollment_url = match (cp_url.as_deref(), label.as_deref()) {
         (Some(cp_url), Some(label)) => {
             Some(dd_client_core::enrollment_url(cp_url, &pubkey_hex, label))
@@ -108,24 +111,18 @@ fn agent_request(request_json: *const c_char) -> Result<serde_json::Value, Strin
         "import_key" => import_key_request(&request),
         "recipes" | "list_recipes" => {
             let opts = connection_options_from_request(&request)?;
-            let runtime = runtime()?;
-            let value = runtime
-                .block_on(async {
-                    let mut conn = connect(&opts).await?;
-                    list_recipes(&mut conn).await
-                })
-                .map_err(|e| e.to_string())?;
+            let value = block_on_ffi_result(move || async move {
+                let mut conn = connect(&opts).await?;
+                list_recipes(&mut conn).await
+            })?;
             Ok(ok_value("recipes", value))
         }
         "sessions" | "list_sessions" => {
             let opts = connection_options_from_request(&request)?;
-            let runtime = runtime()?;
-            let value = runtime
-                .block_on(async {
-                    let mut conn = connect(&opts).await?;
-                    list_sessions(&mut conn).await
-                })
-                .map_err(|e| e.to_string())?;
+            let value = block_on_ffi_result(move || async move {
+                let mut conn = connect(&opts).await?;
+                list_sessions(&mut conn).await
+            })?;
             Ok(ok_value("sessions", value))
         }
         "create_session" => {
@@ -135,13 +132,10 @@ fn agent_request(request_json: *const c_char) -> Result<serde_json::Value, Strin
                 name: optional_json_string(&request, "name")?,
                 command: optional_json_string(&request, "command")?,
             };
-            let runtime = runtime()?;
-            let value = runtime
-                .block_on(async {
-                    let mut conn = connect(&opts).await?;
-                    create_session(&mut conn, &create_request).await
-                })
-                .map_err(|e| e.to_string())?;
+            let value = block_on_ffi_result(move || async move {
+                let mut conn = connect(&opts).await?;
+                create_session(&mut conn, &create_request).await
+            })?;
             let mut response = ok_map("create_session");
             if let Ok(id) = session_id(&value) {
                 response.insert("session_id".to_string(), serde_json::Value::String(id));
@@ -152,13 +146,13 @@ fn agent_request(request_json: *const c_char) -> Result<serde_json::Value, Strin
         "replay_session" => {
             let opts = connection_options_from_request(&request)?;
             let id = required_json_string(&request, "id")?;
-            let runtime = runtime()?;
-            let value = runtime
-                .block_on(async {
-                    let mut conn = connect(&opts).await?;
-                    replay_session(&mut conn, &id).await
-                })
-                .map_err(|e| e.to_string())?;
+            let max_bytes = usize_json_field(&request, "max_bytes")?
+                .unwrap_or(DEFAULT_REPLAY_MAX_BYTES)
+                .min(MAX_REPLAY_BYTES);
+            let value = block_on_ffi_result(move || async move {
+                let mut conn = connect(&opts).await?;
+                replay_session(&mut conn, &id, Some(max_bytes)).await
+            })?;
             Ok(ok_value("replay_session", value))
         }
         "attach_exchange" | "attach_snapshot" => {
@@ -171,20 +165,17 @@ fn agent_request(request_json: *const c_char) -> Result<serde_json::Value, Strin
             let idle_timeout_ms = u64_json_field(&request, "idle_timeout_ms")?
                 .unwrap_or(DEFAULT_ATTACH_IDLE_TIMEOUT_MS)
                 .clamp(100, 10_000);
-            let runtime = runtime()?;
-            let bytes = runtime
-                .block_on(async {
-                    let conn = connect(&opts).await?;
-                    attach_session_exchange(
-                        conn,
-                        &id,
-                        input.as_bytes(),
-                        max_bytes,
-                        Duration::from_millis(idle_timeout_ms),
-                    )
-                    .await
-                })
-                .map_err(|e| e.to_string())?;
+            let bytes = block_on_ffi_result(move || async move {
+                let conn = connect(&opts).await?;
+                attach_session_exchange(
+                    conn,
+                    &id,
+                    input.as_bytes(),
+                    max_bytes,
+                    Duration::from_millis(idle_timeout_ms),
+                )
+                .await
+            })?;
             let mut response = ok_map("attach_exchange");
             response.insert(
                 "text".to_string(),
@@ -294,11 +285,46 @@ fn usize_json_field(request: &serde_json::Value, name: &str) -> Result<Option<us
     Ok(u64_json_field(request, name)?.map(|value| value as usize))
 }
 
-fn runtime() -> Result<tokio::runtime::Runtime, String> {
-    tokio::runtime::Builder::new_current_thread()
-        .enable_all()
-        .build()
-        .map_err(|e| e.to_string())
+fn block_on_ffi<M, F, T>(make_future: M) -> Result<T, String>
+where
+    M: FnOnce() -> F + Send + 'static,
+    F: Future<Output = T> + Send + 'static,
+    T: Send + 'static,
+{
+    let runtime = runtime()?;
+    let worker = thread::Builder::new()
+        .name("dd-client-ffi".to_string())
+        .stack_size(16 * 1024 * 1024)
+        .spawn(move || runtime.block_on(make_future()))
+        .map_err(|e| format!("spawn async worker: {e}"))?;
+
+    worker
+        .join()
+        .map_err(|_| "dd-client async worker panicked".to_string())
+}
+
+fn block_on_ffi_result<M, F, T, E>(make_future: M) -> Result<T, String>
+where
+    M: FnOnce() -> F + Send + 'static,
+    F: Future<Output = Result<T, E>> + Send + 'static,
+    T: Send + 'static,
+    E: ToString + Send + 'static,
+{
+    block_on_ffi(make_future)?.map_err(|e| e.to_string())
+}
+
+fn runtime() -> Result<&'static tokio::runtime::Runtime, String> {
+    static RUNTIME: OnceLock<Result<tokio::runtime::Runtime, String>> = OnceLock::new();
+
+    RUNTIME
+        .get_or_init(|| {
+            tokio::runtime::Builder::new_current_thread()
+                .enable_all()
+                .build()
+                .map_err(|e| e.to_string())
+        })
+        .as_ref()
+        .map_err(|e| e.to_owned())
 }
 
 fn ok_value(operation: &str, value: serde_json::Value) -> serde_json::Value {

From fdd95fd854d41d67afcc93f686d599feb121612d Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 15:21:39 -0400
Subject: [PATCH 08/18] Stream iOS session transcripts

---
 README.md                                    |   7 +-
 apps/ios/DevOpsDefender/DDClientBridge.swift | 164 +++++++++++++++----
 apps/ios/DevOpsDefender/DDClientFFI.h        |   6 +
 apps/ios/README.md                           |  14 +-
 crates/dd-client-core/src/lib.rs             |  45 +++++
 crates/dd-client-ffi/src/lib.rs              | 154 ++++++++++++++++-
 6 files changed, 342 insertions(+), 48 deletions(-)

diff --git a/README.md b/README.md
index 309fa56..36945ff 100644
--- a/README.md
+++ b/README.md
@@ -64,9 +64,10 @@ dd-client mobile-link \
 
 Open the printed `devopsdefender://session?...` link on iOS, or render it as a
 QR code with the printed `qrencode` command. `--include-key` puts the Noise
-private key in the handoff URL so the mobile app can import it before replaying;
-treat that link or QR code as secret. Omit `--include-key` to send only the
-agent URL and session id after the app already has the key.
+private key in the handoff URL so the mobile app can import it before loading
+history and following the live transcript; treat that link or QR code as secret.
+Omit `--include-key` to send only the agent URL and session id after the app
+already has the key.
 
 Quote verification is on by default. Local preview/dev runs without Intel Trust
 Authority credentials must pass `--insecure-skip-quote-verify` explicitly.
diff --git a/apps/ios/DevOpsDefender/DDClientBridge.swift b/apps/ios/DevOpsDefender/DDClientBridge.swift
index 570fce8..39bec68 100644
--- a/apps/ios/DevOpsDefender/DDClientBridge.swift
+++ b/apps/ios/DevOpsDefender/DDClientBridge.swift
@@ -50,10 +50,36 @@ enum DDClientBridge {
             "ita_jwks_url": "",
             "ita_issuer": "",
             "id": id,
-            "max_bytes": 49152
+            "max_bytes": 32768
         ])
     }
 
+    static func startAttachStream(
+        id: String,
+        settings: AgentSettings,
+        onEvent: @escaping @Sendable (AttachStreamEvent) -> Void
+    ) throws -> AttachStream {
+        let payload: [String: Any] = [
+            "agent_url": settings.agentURL,
+            "key_path": settings.keyPath,
+            "insecure_skip_quote_verify": true,
+            "ita_api_key": "",
+            "ita_base_url": "",
+            "ita_jwks_url": "",
+            "ita_issuer": "",
+            "id": id,
+            "tail": true
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        guard let requestJSON = String(data: data, encoding: .utf8) else {
+            throw DDClientError(message: "Failed to encode stream request")
+        }
+        guard let stream = AttachStream(requestJSON: requestJSON, onEvent: onEvent) else {
+            throw DDClientError(message: "Failed to start attach stream")
+        }
+        return stream
+    }
+
     private static func request(_ payload: [String: Any]) throws -> [String: Any] {
         let requestData = try JSONSerialization.data(withJSONObject: payload)
         guard let requestJSON = String(data: requestData, encoding: .utf8) else {
@@ -83,6 +109,61 @@ enum DDClientBridge {
     }
 }
 
+struct AttachStreamEvent: Sendable {
+    var type: String
+    var data: Data?
+    var message: String?
+}
+
+final class AttachStream {
+    private let handle: UInt64
+
+    init?(requestJSON: String, onEvent: @escaping @Sendable (AttachStreamEvent) -> Void) {
+        let context = Unmanaged.passRetained(AttachStreamContext(onEvent: onEvent)).toOpaque()
+        let handle = requestJSON.withCString { requestCString in
+            dd_client_attach_stream_start(requestCString, attachStreamCallback, context)
+        }
+        if handle == 0 {
+            Unmanaged<AttachStreamContext>.fromOpaque(context).release()
+            return nil
+        }
+        self.handle = handle
+    }
+
+    func stop() {
+        dd_client_attach_stream_stop(handle)
+    }
+
+    deinit {
+        stop()
+    }
+}
+
+private final class AttachStreamContext {
+    let onEvent: @Sendable (AttachStreamEvent) -> Void
+
+    init(onEvent: @escaping @Sendable (AttachStreamEvent) -> Void) {
+        self.onEvent = onEvent
+    }
+}
+
+private let attachStreamCallback: @convention(c) (
+    UInt64,
+    UnsafePointer<CChar>?,
+    UnsafeMutableRawPointer?
+) -> Void = { _, eventPointer, contextPointer in
+    guard let eventPointer, let contextPointer else {
+        return
+    }
+    let eventJSON = String(cString: eventPointer)
+    let event = parseAttachStreamEvent(eventJSON)
+    let context = Unmanaged<AttachStreamContext>.fromOpaque(contextPointer).takeUnretainedValue()
+    context.onEvent(event)
+    if event.type == "close" {
+        Unmanaged<AttachStreamContext>.fromOpaque(contextPointer).release()
+    }
+}
+
 enum AppDefaults {
     static var appSupportNoiseKeyPath: String {
         let base = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask)
@@ -103,7 +184,7 @@ final class ClientViewModel: ObservableObject {
 
     private var agentURL = ""
     private var keyPath = AppDefaults.appSupportNoiseKeyPath
-    private var refreshTask: Task<Void, Never>?
+    private var attachStream: AttachStream?
     private var terminalRenderer = TerminalScreenRenderer(width: 96, maxRows: 160)
 
     var hasLinkedSession: Bool {
@@ -137,7 +218,8 @@ final class ClientViewModel: ObservableObject {
             return
         }
 
-        refreshTask?.cancel()
+        attachStream?.stop()
+        attachStream = nil
         agentURL = agent
         selectedSessionID = id
         keyPath = AppDefaults.appSupportNoiseKeyPath
@@ -163,7 +245,7 @@ final class ClientViewModel: ObservableObject {
             agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
             keyPath: path
         )
-        run("Importing key", keepRefreshing: true) {
+        run("Importing key", startStreamAfterInitialLoad: true) {
             try DDClientBridge.importKey(keyPath: path, keyContent: key)
             return initialTranscriptUpdate(id: id, settings: settings)
         }
@@ -179,14 +261,14 @@ final class ClientViewModel: ObservableObject {
             agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
             keyPath: keyPath.expandingTildePath
         )
-        run("Loading transcript", keepRefreshing: true) {
+        run("Loading transcript", startStreamAfterInitialLoad: true) {
             initialTranscriptUpdate(id: id, settings: settings)
         }
     }
 
     private func run(
         _ pendingStatus: String,
-        keepRefreshing: Bool = false,
+        startStreamAfterInitialLoad: Bool = false,
         work: @escaping @Sendable () throws -> ClientUpdate
     ) {
         guard !isBusy else {
@@ -202,8 +284,8 @@ final class ClientViewModel: ObservableObject {
                 }.value
                 status = update.status
                 apply(update)
-                if keepRefreshing {
-                    startRefreshing()
+                if startStreamAfterInitialLoad {
+                    startAttachStream()
                 }
             } catch {
                 status = error.localizedDescription
@@ -212,37 +294,43 @@ final class ClientViewModel: ObservableObject {
         }
     }
 
-    private func startRefreshing() {
-        refreshTask?.cancel()
-        refreshTask = Task { [weak self] in
-            while !Task.isCancelled {
-                try? await Task.sleep(nanoseconds: 650_000_000)
-                self?.refreshTranscript()
-            }
-        }
-    }
-
-    private func refreshTranscript() {
-        guard hasLinkedSession, !isBusy else {
+    private func startAttachStream() {
+        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !id.isEmpty else {
             return
         }
-        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        attachStream?.stop()
         let settings = AgentSettings(
             agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
             keyPath: keyPath.expandingTildePath
         )
-        isBusy = true
-        Task {
-            do {
-                let update = try await Task.detached(priority: .utility) {
-                    try transcriptUpdate(id: id, settings: settings)
-                }.value
-                status = update.status
-                apply(update)
-            } catch {
-                status = error.localizedDescription
+        do {
+            attachStream = try DDClientBridge.startAttachStream(id: id, settings: settings) { [weak self] event in
+                Task { @MainActor in
+                    self?.handleStreamEvent(event, id: id)
+                }
             }
-            isBusy = false
+        } catch {
+            status = error.localizedDescription
+        }
+    }
+
+    private func handleStreamEvent(_ event: AttachStreamEvent, id: String) {
+        switch event.type {
+        case "open":
+            status = "Connected \(id)"
+        case "bytes":
+            guard let data = event.data,
+                  let text = String(data: data, encoding: .utf8) else {
+                return
+            }
+            apply(ClientUpdate(status: "Connected \(id)", terminalText: text))
+        case "error":
+            status = event.message ?? "Stream error"
+        case "close":
+            status = "Disconnected \(id)"
+        default:
+            break
         }
     }
 
@@ -267,6 +355,18 @@ private extension String {
     }
 }
 
+private func parseAttachStreamEvent(_ eventJSON: String) -> AttachStreamEvent {
+    guard let data = eventJSON.data(using: .utf8),
+          let object = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+        return AttachStreamEvent(type: "error", data: nil, message: "Invalid stream event")
+    }
+
+    let type = object["type"] as? String ?? "unknown"
+    let payload = (object["data_b64"] as? String).flatMap { Data(base64Encoded: $0) }
+    let message = object["message"] as? String
+    return AttachStreamEvent(type: type, data: payload, message: message)
+}
+
 private func transcriptUpdate(id: String, settings: AgentSettings) throws -> ClientUpdate {
     let response = try DDClientBridge.transcriptSnapshot(id: id, settings: settings)
     return ClientUpdate(
diff --git a/apps/ios/DevOpsDefender/DDClientFFI.h b/apps/ios/DevOpsDefender/DDClientFFI.h
index b55ce86..ab3c00e 100644
--- a/apps/ios/DevOpsDefender/DDClientFFI.h
+++ b/apps/ios/DevOpsDefender/DDClientFFI.h
@@ -5,8 +5,14 @@
 extern "C" {
 #endif
 
+#include <stdint.h>
+
+typedef void (*dd_client_stream_callback)(uint64_t handle, const char *event_json, void *context);
+
 char *dd_client_keygen(const char *key_path, const char *cp_url, const char *label);
 char *dd_client_agent_request(const char *request_json);
+uint64_t dd_client_attach_stream_start(const char *request_json, dd_client_stream_callback callback, void *context);
+void dd_client_attach_stream_stop(uint64_t handle);
 void dd_client_string_free(char *value);
 
 #ifdef __cplusplus
diff --git a/apps/ios/README.md b/apps/ios/README.md
index 4aa6760..3ca3788 100644
--- a/apps/ios/README.md
+++ b/apps/ios/README.md
@@ -3,8 +3,8 @@
 Native SwiftUI companion for `dd-client` CLI sessions.
 
 The desktop CLI owns agent selection, session creation, enrollment, and full
-terminal attach. The iOS app only opens a desktop-generated session link and
-shows the replayed transcript.
+terminal attach. The iOS app only opens a desktop-generated session link, loads
+bounded transcript history, and follows the live transcript.
 
 ## Desktop Flow
 
@@ -42,13 +42,13 @@ cargo run -p dd-client -- mobile-link \
 
 Open the printed `devopsdefender://session?...` link on iOS, or render the QR
 with the printed `qrencode` command. With `--include-key`, the link contains the
-Noise private key and the app imports it before replaying; treat the link or QR
-as secret.
+Noise private key and the app imports it before loading history and following
+the transcript; treat the link or QR as secret.
 
 ## Key Import Fallback
 
 Prefer `--include-key` so the link is self-contained. If you omit it, the app
-can only replay after a key has already been imported into its Application
+can only connect after a key has already been imported into its Application
 Support directory.
 
 ```bash
@@ -59,10 +59,10 @@ xxd -p -c 256 "$HOME/.config/devopsdefender/noise.key" | pbcopy
 
 - Open a `devopsdefender://session?...` link or scan its QR code.
 - The app imports the embedded key when present.
-- The app replays the linked session transcript.
+- The app loads recent transcript history, then keeps following live output.
 
 The app intentionally does not create sessions, list recipes, browse agents,
-attach for live I/O, or send input.
+send input, or take over terminal control.
 
 ## Prerequisites
 
diff --git a/crates/dd-client-core/src/lib.rs b/crates/dd-client-core/src/lib.rs
index 8334dbe..57f6306 100644
--- a/crates/dd-client-core/src/lib.rs
+++ b/crates/dd-client-core/src/lib.rs
@@ -11,6 +11,7 @@ use serde_json::Value;
 use snow::{Builder, TransportState};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::TcpStream;
+use tokio::sync::watch;
 use tokio::time::{timeout, Duration};
 use tokio_tungstenite::tungstenite::Message as WsMessage;
 use tokio_tungstenite::{connect_async, MaybeTlsStream, WebSocketStream};
@@ -282,6 +283,50 @@ pub async fn attach_session_exchange(
     Ok(output)
 }
 
+pub async fn attach_session_stream<F>(
+    mut conn: NoiseConnection,
+    id: &str,
+    tail: bool,
+    mut shutdown: watch::Receiver<bool>,
+    mut on_open: impl FnMut() -> anyhow::Result<()> + Send,
+    mut on_bytes: F,
+) -> anyhow::Result<()>
+where
+    F: FnMut(&[u8]) -> anyhow::Result<()> + Send,
+{
+    let ack = conn
+        .call(serde_json::json!({
+            "method": "shell.attach_session",
+            "id": id,
+            "tail": tail,
+        }))
+        .await?;
+    if ack.get("error").is_some() {
+        anyhow::bail!("attach failed: {}", serde_json::to_string(&ack)?);
+    }
+    on_open()?;
+
+    loop {
+        tokio::select! {
+            changed = shutdown.changed() => {
+                if changed.is_err() || *shutdown.borrow() {
+                    break;
+                }
+            }
+            frame = next_binary(&mut conn.stream) => {
+                let Some(cipher) = frame? else {
+                    break;
+                };
+                let mut plain = vec![0u8; cipher.len()];
+                let n = conn.transport.read_message(&cipher, &mut plain)?;
+                on_bytes(&plain[..n])?;
+            }
+        }
+    }
+
+    Ok(())
+}
+
 #[derive(Debug, Eq, PartialEq)]
 enum AttachInputAction {
     Forward,
diff --git a/crates/dd-client-ffi/src/lib.rs b/crates/dd-client-ffi/src/lib.rs
index 717e64e..0b1be8f 100644
--- a/crates/dd-client-ffi/src/lib.rs
+++ b/crates/dd-client-ffi/src/lib.rs
@@ -1,16 +1,20 @@
 use std::ffi::{CStr, CString};
 use std::future::Future;
-use std::os::raw::c_char;
+use std::os::raw::{c_char, c_void};
 use std::path::{Path, PathBuf};
-use std::sync::OnceLock;
+use std::sync::atomic::{AtomicU64, Ordering};
+use std::sync::{Mutex, OnceLock};
 use std::thread;
 use std::time::Duration;
 
 use base64::Engine as _;
 use dd_client_core::{
-    attach_session_exchange, connect, create_session, list_recipes, list_sessions, replay_session,
-    session_id, ConnectionOptions, CreateSessionRequest, IntelTrustAuthority, QuoteVerification,
+    attach_session_exchange, attach_session_stream, connect, create_session, list_recipes,
+    list_sessions, replay_session, session_id, ConnectionOptions, CreateSessionRequest,
+    IntelTrustAuthority, QuoteVerification,
 };
+use std::collections::HashMap;
+use tokio::sync::watch;
 
 const DEFAULT_ITA_BASE_URL: &str = "https://api.trustauthority.intel.com";
 const DEFAULT_ITA_JWKS_URL: &str = "https://portal.trustauthority.intel.com/certs";
@@ -18,8 +22,17 @@ const DEFAULT_ITA_ISSUER: &str = "https://portal.trustauthority.intel.com";
 const DEFAULT_ATTACH_MAX_BYTES: usize = 128 * 1024;
 const MAX_ATTACH_BYTES: usize = 1024 * 1024;
 const DEFAULT_ATTACH_IDLE_TIMEOUT_MS: u64 = 1200;
-const DEFAULT_REPLAY_MAX_BYTES: usize = 48 * 1024;
-const MAX_REPLAY_BYTES: usize = 48 * 1024;
+const DEFAULT_REPLAY_MAX_BYTES: usize = 32 * 1024;
+const MAX_REPLAY_BYTES: usize = 32 * 1024;
+
+type StreamCallback = extern "C" fn(u64, *const c_char, *mut c_void);
+
+struct StreamControl {
+    shutdown: watch::Sender<bool>,
+}
+
+static NEXT_STREAM_ID: AtomicU64 = AtomicU64::new(1);
+static STREAMS: OnceLock<Mutex<HashMap<u64, StreamControl>>> = OnceLock::new();
 
 #[no_mangle]
 pub extern "C" fn dd_client_keygen(
@@ -37,6 +50,29 @@ pub extern "C" fn dd_client_agent_request(request_json: *const c_char) -> *mut c
     into_c_string(result)
 }
 
+#[no_mangle]
+pub extern "C" fn dd_client_attach_stream_start(
+    request_json: *const c_char,
+    callback: Option<StreamCallback>,
+    context: *mut c_void,
+) -> u64 {
+    attach_stream_start(request_json, callback, context).unwrap_or(0)
+}
+
+#[no_mangle]
+pub extern "C" fn dd_client_attach_stream_stop(handle: u64) {
+    if handle == 0 {
+        return;
+    }
+    if let Some(control) = streams()
+        .lock()
+        .ok()
+        .and_then(|mut map| map.remove(&handle))
+    {
+        let _ = control.shutdown.send(true);
+    }
+}
+
 #[no_mangle]
 /// # Safety
 ///
@@ -49,6 +85,112 @@ pub unsafe extern "C" fn dd_client_string_free(value: *mut c_char) {
     let _ = unsafe { CString::from_raw(value) };
 }
 
+fn attach_stream_start(
+    request_json: *const c_char,
+    callback: Option<StreamCallback>,
+    context: *mut c_void,
+) -> Result<u64, String> {
+    let callback = callback.ok_or_else(|| "callback is required".to_string())?;
+    let request_json = required_c_string(request_json, "request_json")?;
+    let request: serde_json::Value =
+        serde_json::from_str(&request_json).map_err(|e| format!("parse request_json: {e}"))?;
+    let opts = connection_options_from_request(&request)?;
+    let id = required_json_string(&request, "id")?;
+    let tail = bool_json_field(&request, "tail")?.unwrap_or(true);
+    let (shutdown, shutdown_rx) = watch::channel(false);
+    let handle = NEXT_STREAM_ID.fetch_add(1, Ordering::Relaxed);
+
+    streams()
+        .lock()
+        .map_err(|_| "stream registry lock poisoned".to_string())?
+        .insert(handle, StreamControl { shutdown });
+
+    let context_addr = context as usize;
+    let worker = thread::Builder::new()
+        .name(format!("dd-client-attach-{handle}"))
+        .stack_size(16 * 1024 * 1024)
+        .spawn(move || {
+            let result = runtime().and_then(|runtime| {
+                runtime
+                    .block_on(async move {
+                        let conn = connect(&opts).await?;
+                        attach_session_stream(
+                            conn,
+                            &id,
+                            tail,
+                            shutdown_rx,
+                            || {
+                                emit_stream_event(
+                                    callback,
+                                    context_addr,
+                                    handle,
+                                    serde_json::json!({"type": "open", "id": id}),
+                                );
+                                Ok(())
+                            },
+                            |bytes| {
+                                emit_stream_event(
+                                    callback,
+                                    context_addr,
+                                    handle,
+                                    serde_json::json!({
+                                        "type": "bytes",
+                                        "data_b64": base64::engine::general_purpose::STANDARD.encode(bytes),
+                                    }),
+                                );
+                                Ok(())
+                            },
+                        )
+                        .await
+                    })
+                    .map_err(|e| e.to_string())
+            });
+            if let Err(error) = result {
+                emit_stream_event(
+                    callback,
+                    context_addr,
+                    handle,
+                    serde_json::json!({"type": "error", "message": error}),
+                );
+            }
+            if let Ok(mut map) = streams().lock() {
+                map.remove(&handle);
+            }
+            emit_stream_event(
+                callback,
+                context_addr,
+                handle,
+                serde_json::json!({"type": "close"}),
+            );
+        });
+
+    if let Err(error) = worker {
+        if let Ok(mut map) = streams().lock() {
+            map.remove(&handle);
+        }
+        return Err(format!("spawn attach stream: {error}"));
+    }
+
+    Ok(handle)
+}
+
+fn emit_stream_event(
+    callback: StreamCallback,
+    context_addr: usize,
+    handle: u64,
+    event: serde_json::Value,
+) {
+    if let Ok(event_json) = serde_json::to_string(&event) {
+        if let Ok(c_event) = CString::new(event_json) {
+            callback(handle, c_event.as_ptr(), context_addr as *mut c_void);
+        }
+    }
+}
+
+fn streams() -> &'static Mutex<HashMap<u64, StreamControl>> {
+    STREAMS.get_or_init(|| Mutex::new(HashMap::new()))
+}
+
 fn keygen_response(
     key_path: *const c_char,
     cp_url: *const c_char,

From a33d480448233cb8490a820fef0eaa84a0cc7b44 Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 15:38:46 -0400
Subject: [PATCH 09/18] Prevent iOS transcript wrapping

---
 apps/ios/DevOpsDefender/ContentView.swift | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/apps/ios/DevOpsDefender/ContentView.swift b/apps/ios/DevOpsDefender/ContentView.swift
index 0e896aa..83371a9 100644
--- a/apps/ios/DevOpsDefender/ContentView.swift
+++ b/apps/ios/DevOpsDefender/ContentView.swift
@@ -7,17 +7,18 @@ struct ContentView: View {
         ZStack(alignment: .topLeading) {
             Palette.background.ignoresSafeArea()
 
-            ScrollView(.vertical) {
+            ScrollView([.horizontal, .vertical]) {
                 Text(transcriptText)
                     .font(.system(size: 15, design: .monospaced))
                     .foregroundStyle(Palette.text)
                     .textSelection(.enabled)
-                    .fixedSize(horizontal: false, vertical: true)
-                    .frame(maxWidth: .infinity, alignment: .topLeading)
+                    .fixedSize(horizontal: true, vertical: true)
+                    .frame(alignment: .topLeading)
                     .padding(.horizontal, 16)
                     .padding(.top, 46)
                     .padding(.bottom, 24)
             }
+            .frame(maxWidth: .infinity, maxHeight: .infinity, alignment: .topLeading)
 
             HStack(spacing: 8) {
                 Circle()

From 869d153cc8ad3845759bb8a48206ad2794eecc5a Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 15:51:12 -0400
Subject: [PATCH 10/18] Resize CLI sessions with terminal window

---
 Cargo.lock                       |  11 ++++
 crates/dd-client-cli/src/main.rs |  10 +--
 crates/dd-client-core/Cargo.toml |   2 +-
 crates/dd-client-core/src/lib.rs | 102 ++++++++++++++++++++++++++++++-
 4 files changed, 119 insertions(+), 6 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index b00d45a..5fe8073 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1365,6 +1365,16 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
 
+[[package]]
+name = "signal-hook-registry"
+version = "1.4.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b"
+dependencies = [
+ "errno",
+ "libc",
+]
+
 [[package]]
 name = "simple_asn1"
 version = "0.6.4"
@@ -1563,6 +1573,7 @@ dependencies = [
  "libc",
  "mio",
  "pin-project-lite",
+ "signal-hook-registry",
  "socket2",
  "tokio-macros",
  "windows-sys 0.61.2",
diff --git a/crates/dd-client-cli/src/main.rs b/crates/dd-client-cli/src/main.rs
index 774088d..f42181c 100644
--- a/crates/dd-client-cli/src/main.rs
+++ b/crates/dd-client-cli/src/main.rs
@@ -172,14 +172,16 @@ async fn main() -> anyhow::Result<()> {
             print_json(close_session(&mut conn, &args.id).await?)?;
         }
         Command::Attach(args) => {
-            let conn = connect(&connection_options(args.connect)?).await?;
-            attach_session(conn, &args.id).await?;
+            let opts = connection_options(args.connect)?;
+            let conn = connect(&opts).await?;
+            attach_session(conn, &args.id, Some(opts)).await?;
         }
         Command::Shell(args) => {
-            let mut conn = connect(&connection_options(args.connect.clone())?).await?;
+            let opts = connection_options(args.connect.clone())?;
+            let mut conn = connect(&opts).await?;
             let session = create_session(&mut conn, &create_request(&args)).await?;
             let id = session_id(&session)?;
-            attach_session(conn, &id).await?;
+            attach_session(conn, &id, Some(opts)).await?;
         }
         Command::Exec(args) => {
             let mut conn = connect(&connection_options(args.connect)?).await?;
diff --git a/crates/dd-client-core/Cargo.toml b/crates/dd-client-core/Cargo.toml
index 9438fa3..662657e 100644
--- a/crates/dd-client-core/Cargo.toml
+++ b/crates/dd-client-core/Cargo.toml
@@ -18,7 +18,7 @@ reqwest = { version = "0.12", default-features = false, features = ["json", "rus
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 snow = { version = "0.9", default-features = false, features = ["default-resolver"] }
-tokio = { version = "1", features = ["fs", "io-std", "io-util", "macros", "net", "rt-multi-thread", "sync", "time"] }
+tokio = { version = "1", features = ["fs", "io-std", "io-util", "macros", "net", "rt-multi-thread", "signal", "sync", "time"] }
 tokio-tungstenite = { version = "0.28", features = ["rustls-tls-webpki-roots"] }
 urlencoding = "2"
 x25519-dalek = { version = "2", features = ["static_secrets"] }
diff --git a/crates/dd-client-core/src/lib.rs b/crates/dd-client-core/src/lib.rs
index 57f6306..906b9ee 100644
--- a/crates/dd-client-core/src/lib.rs
+++ b/crates/dd-client-core/src/lib.rs
@@ -192,7 +192,18 @@ pub async fn exec(conn: &mut NoiseConnection, request: &ExecRequest) -> anyhow::
     .await
 }
 
-pub async fn attach_session(mut conn: NoiseConnection, id: &str) -> anyhow::Result<()> {
+pub async fn attach_session(
+    mut conn: NoiseConnection,
+    id: &str,
+    resize_opts: Option<ConnectionOptions>,
+) -> anyhow::Result<()> {
+    let initial_size = current_terminal_size();
+    if let Some(size) = initial_size {
+        if let Err(error) = resize_session(&mut conn, id, size.cols, size.rows).await {
+            eprintln!("warning: initial terminal resize failed: {error}");
+        }
+    }
+
     let ack = conn
         .call(serde_json::json!({
             "method": "shell.attach_session",
@@ -207,6 +218,13 @@ pub async fn attach_session(mut conn: NoiseConnection, id: &str) -> anyhow::Resu
     eprintln!("attached; Ctrl-] detaches, Ctrl-D sends EOF and disconnects");
 
     let _raw = RawMode::enter()?;
+    let resize_task = resize_opts.map(|opts| {
+        tokio::spawn(resize_on_terminal_change(
+            opts,
+            id.to_string(),
+            initial_size,
+        ))
+    });
     let mut stdin = tokio::io::stdin();
     let mut stdout = tokio::io::stdout();
     let mut in_buf = [0u8; ATTACH_CHUNK];
@@ -240,6 +258,9 @@ pub async fn attach_session(mut conn: NoiseConnection, id: &str) -> anyhow::Resu
             }
         }
     }
+    if let Some(task) = resize_task {
+        task.abort();
+    }
     Ok(())
 }
 
@@ -334,6 +355,85 @@ enum AttachInputAction {
     Disconnect,
 }
 
+#[derive(Debug, Clone, Copy, Eq, PartialEq)]
+struct TerminalSize {
+    cols: u64,
+    rows: u64,
+}
+
+#[cfg(unix)]
+async fn resize_on_terminal_change(
+    opts: ConnectionOptions,
+    id: String,
+    mut last_size: Option<TerminalSize>,
+) {
+    let mut signals =
+        match tokio::signal::unix::signal(tokio::signal::unix::SignalKind::window_change()) {
+            Ok(signals) => signals,
+            Err(error) => {
+                eprintln!("warning: could not watch terminal resize events: {error}");
+                return;
+            }
+        };
+
+    while signals.recv().await.is_some() {
+        let Some(size) = current_terminal_size() else {
+            continue;
+        };
+        if Some(size) == last_size {
+            continue;
+        }
+        match connect(&opts).await {
+            Ok(mut conn) => match resize_session(&mut conn, &id, size.cols, size.rows).await {
+                Ok(_) => last_size = Some(size),
+                Err(error) => eprintln!("warning: terminal resize failed: {error}"),
+            },
+            Err(error) => eprintln!("warning: terminal resize connect failed: {error}"),
+        }
+    }
+}
+
+#[cfg(not(unix))]
+async fn resize_on_terminal_change(
+    _opts: ConnectionOptions,
+    _id: String,
+    _last_size: Option<TerminalSize>,
+) {
+}
+
+fn current_terminal_size() -> Option<TerminalSize> {
+    #[cfg(unix)]
+    {
+        terminal_size_for_fd(libc::STDOUT_FILENO)
+            .or_else(|| terminal_size_for_fd(libc::STDIN_FILENO))
+            .or_else(|| terminal_size_for_fd(libc::STDERR_FILENO))
+    }
+    #[cfg(not(unix))]
+    {
+        None
+    }
+}
+
+#[cfg(unix)]
+fn terminal_size_for_fd(fd: libc::c_int) -> Option<TerminalSize> {
+    if unsafe { libc::isatty(fd) } != 1 {
+        return None;
+    }
+
+    let mut winsize = std::mem::MaybeUninit::<libc::winsize>::uninit();
+    if unsafe { libc::ioctl(fd, libc::TIOCGWINSZ, winsize.as_mut_ptr()) } != 0 {
+        return None;
+    }
+    let winsize = unsafe { winsize.assume_init() };
+    if winsize.ws_col == 0 || winsize.ws_row == 0 {
+        return None;
+    }
+    Some(TerminalSize {
+        cols: winsize.ws_col.into(),
+        rows: winsize.ws_row.into(),
+    })
+}
+
 fn attach_input_action(bytes: &[u8]) -> AttachInputAction {
     match bytes {
         [CTRL_D] => AttachInputAction::ForwardThenDisconnect,

From b6bf155387e1b841e913a71f480a6f3f0c64b37b Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 16:16:41 -0400
Subject: [PATCH 11/18] Remove legacy mobile preview controls

---
 README.md                                    |  12 +-
 apps/ios/DevOpsDefender/DDClientBridge.swift |  28 +---
 apps/ios/DevOpsDefender/DDClientFFI.h        |   1 -
 crates/dd-client-cli/src/main.rs             |  74 +--------
 crates/dd-client-core/src/lib.rs             |  61 -------
 crates/dd-client-ffi/src/lib.rs              | 161 +------------------
 6 files changed, 9 insertions(+), 328 deletions(-)

diff --git a/README.md b/README.md
index 36945ff..5f20d41 100644
--- a/README.md
+++ b/README.md
@@ -8,8 +8,8 @@ This repo owns client-side code that should not live in
 - `dd-client-core`: reusable Rust client core for pairing, quote verification,
   direct agent Noise transport, session RPCs, and PTY streaming.
 - `dd-client`: CLI binary using `dd-client-core`.
-- `dd-client-ffi`: C-compatible bridge for native mobile shells.
-- `apps/ios`: iOS client workspace notes; it will use the same core.
+- `dd-client-ffi`: C-compatible bridge for mobile transcript viewing.
+- `apps/ios`: iOS companion that opens desktop-generated session links.
 
 The control plane is only for enrollment and route discovery. Shell, log, and
 session bytes go directly between the paired client and the selected agent over
@@ -31,14 +31,6 @@ dd-client keygen --key ~/.config/devopsdefender/noise.key \
   --label laptop
 ```
 
-List recipes on an enrolled agent:
-
-```bash
-DD_ITA_API_KEY=... dd-client recipes \
-  --url https://agent.example.com \
-  --key ~/.config/devopsdefender/noise.key
-```
-
 Open a shell:
 
 ```bash
diff --git a/apps/ios/DevOpsDefender/DDClientBridge.swift b/apps/ios/DevOpsDefender/DDClientBridge.swift
index 39bec68..d4efe45 100644
--- a/apps/ios/DevOpsDefender/DDClientBridge.swift
+++ b/apps/ios/DevOpsDefender/DDClientBridge.swift
@@ -22,23 +22,6 @@ enum DDClientBridge {
         ])
     }
 
-    static func transcriptSnapshot(id: String, settings: AgentSettings) throws -> [String: Any] {
-        try request([
-            "operation": "attach_exchange",
-            "agent_url": settings.agentURL,
-            "key_path": settings.keyPath,
-            "insecure_skip_quote_verify": true,
-            "ita_api_key": "",
-            "ita_base_url": "",
-            "ita_jwks_url": "",
-            "ita_issuer": "",
-            "id": id,
-            "input": "",
-            "max_bytes": 131072,
-            "idle_timeout_ms": 250
-        ])
-    }
-
     static func transcriptHistory(id: String, settings: AgentSettings) throws -> [String: Any] {
         try request([
             "operation": "replay_session",
@@ -367,14 +350,6 @@ private func parseAttachStreamEvent(_ eventJSON: String) -> AttachStreamEvent {
     return AttachStreamEvent(type: type, data: payload, message: message)
 }
 
-private func transcriptUpdate(id: String, settings: AgentSettings) throws -> ClientUpdate {
-    let response = try DDClientBridge.transcriptSnapshot(id: id, settings: settings)
-    return ClientUpdate(
-        status: "Loaded \(id)",
-        terminalText: transcriptText(from: response)
-    )
-}
-
 private func initialTranscriptUpdate(id: String, settings: AgentSettings) -> ClientUpdate {
     if let response = try? DDClientBridge.transcriptHistory(id: id, settings: settings) {
         let history = historyText(from: response)
@@ -382,8 +357,7 @@ private func initialTranscriptUpdate(id: String, settings: AgentSettings) -> Cli
             return ClientUpdate(status: "Loaded \(id)", terminalText: history)
         }
     }
-    return (try? transcriptUpdate(id: id, settings: settings))
-        ?? ClientUpdate(status: "Loaded \(id)", terminalText: "")
+    return ClientUpdate(status: "Loaded \(id)", terminalText: "")
 }
 
 private func transcriptText(from value: Any?) -> String {
diff --git a/apps/ios/DevOpsDefender/DDClientFFI.h b/apps/ios/DevOpsDefender/DDClientFFI.h
index ab3c00e..6cd7afa 100644
--- a/apps/ios/DevOpsDefender/DDClientFFI.h
+++ b/apps/ios/DevOpsDefender/DDClientFFI.h
@@ -9,7 +9,6 @@ extern "C" {
 
 typedef void (*dd_client_stream_callback)(uint64_t handle, const char *event_json, void *context);
 
-char *dd_client_keygen(const char *key_path, const char *cp_url, const char *label);
 char *dd_client_agent_request(const char *request_json);
 uint64_t dd_client_attach_stream_start(const char *request_json, dd_client_stream_callback callback, void *context);
 void dd_client_attach_stream_stop(uint64_t handle);
diff --git a/crates/dd-client-cli/src/main.rs b/crates/dd-client-cli/src/main.rs
index f42181c..24e4bef 100644
--- a/crates/dd-client-cli/src/main.rs
+++ b/crates/dd-client-cli/src/main.rs
@@ -3,9 +3,9 @@ use std::path::{Path, PathBuf};
 use anyhow::{anyhow, Context};
 use clap::{Args, Parser, Subcommand};
 use dd_client_core::{
-    attach_session, close_session, connect, create_session, enrollment_url, exec, list_recipes,
-    list_sessions, public_key_hex, replay_session, resize_session, session_id, ConnectionOptions,
-    CreateSessionRequest, ExecRequest, IntelTrustAuthority, QuoteVerification,
+    attach_session, close_session, connect, create_session, enrollment_url, list_sessions,
+    public_key_hex, session_id, ConnectionOptions, CreateSessionRequest, IntelTrustAuthority,
+    QuoteVerification,
 };
 
 const DEFAULT_ITA_BASE_URL: &str = "https://api.trustauthority.intel.com";
@@ -23,23 +23,11 @@ struct Cli {
 #[derive(Subcommand)]
 enum Command {
     Keygen(KeygenArgs),
-    Pubkey(KeyOnlyArgs),
     MobileLink(MobileLinkArgs),
-    Recipes(ConnectArgs),
     Sessions(ConnectArgs),
-    Create(CreateArgs),
-    Replay(SessionArgs),
-    Resize(ResizeArgs),
     Close(SessionArgs),
     Attach(SessionArgs),
     Shell(CreateArgs),
-    Exec(ExecArgs),
-}
-
-#[derive(Args)]
-struct KeyOnlyArgs {
-    #[arg(long)]
-    key: PathBuf,
 }
 
 #[derive(Args)]
@@ -100,30 +88,6 @@ struct SessionArgs {
     connect: ConnectArgs,
     #[arg(long)]
     id: String,
-    #[arg(long)]
-    max_bytes: Option<usize>,
-}
-
-#[derive(Args)]
-struct ResizeArgs {
-    #[command(flatten)]
-    connect: ConnectArgs,
-    #[arg(long)]
-    id: String,
-    #[arg(long)]
-    cols: u64,
-    #[arg(long)]
-    rows: u64,
-}
-
-#[derive(Args)]
-struct ExecArgs {
-    #[command(flatten)]
-    connect: ConnectArgs,
-    #[arg(long, default_value_t = 60)]
-    timeout: u64,
-    #[arg(last = true, required = true)]
-    cmd: Vec<String>,
 }
 
 #[tokio::main]
@@ -141,32 +105,13 @@ async fn main() -> anyhow::Result<()> {
                 println!("{}", enrollment_url(cp_url, &pubkey, label));
             }
         }
-        Command::Pubkey(args) => {
-            println!("{}", public_key_hex(&args.key).await?);
-        }
         Command::MobileLink(args) => {
             print_mobile_link(args).await?;
         }
-        Command::Recipes(args) => {
-            let mut conn = connect(&connection_options(args)?).await?;
-            print_json(list_recipes(&mut conn).await?)?;
-        }
         Command::Sessions(args) => {
             let mut conn = connect(&connection_options(args)?).await?;
             print_json(list_sessions(&mut conn).await?)?;
         }
-        Command::Create(args) => {
-            let mut conn = connect(&connection_options(args.connect.clone())?).await?;
-            print_json(create_session(&mut conn, &create_request(&args)).await?)?;
-        }
-        Command::Replay(args) => {
-            let mut conn = connect(&connection_options(args.connect)?).await?;
-            print_json(replay_session(&mut conn, &args.id, args.max_bytes).await?)?;
-        }
-        Command::Resize(args) => {
-            let mut conn = connect(&connection_options(args.connect)?).await?;
-            print_json(resize_session(&mut conn, &args.id, args.cols, args.rows).await?)?;
-        }
         Command::Close(args) => {
             let mut conn = connect(&connection_options(args.connect)?).await?;
             print_json(close_session(&mut conn, &args.id).await?)?;
@@ -183,19 +128,6 @@ async fn main() -> anyhow::Result<()> {
             let id = session_id(&session)?;
             attach_session(conn, &id, Some(opts)).await?;
         }
-        Command::Exec(args) => {
-            let mut conn = connect(&connection_options(args.connect)?).await?;
-            print_json(
-                exec(
-                    &mut conn,
-                    &ExecRequest {
-                        cmd: args.cmd,
-                        timeout_secs: args.timeout,
-                    },
-                )
-                .await?,
-            )?;
-        }
     }
     Ok(())
 }
diff --git a/crates/dd-client-core/src/lib.rs b/crates/dd-client-core/src/lib.rs
index 906b9ee..2c82d17 100644
--- a/crates/dd-client-core/src/lib.rs
+++ b/crates/dd-client-core/src/lib.rs
@@ -12,7 +12,6 @@ use snow::{Builder, TransportState};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::TcpStream;
 use tokio::sync::watch;
-use tokio::time::{timeout, Duration};
 use tokio_tungstenite::tungstenite::Message as WsMessage;
 use tokio_tungstenite::{connect_async, MaybeTlsStream, WebSocketStream};
 use x25519_dalek::{PublicKey, StaticSecret};
@@ -55,12 +54,6 @@ pub struct CreateSessionRequest {
     pub command: Option<String>,
 }
 
-#[derive(Debug, Clone)]
-pub struct ExecRequest {
-    pub cmd: Vec<String>,
-    pub timeout_secs: u64,
-}
-
 pub struct NoiseConnection {
     transport: TransportState,
     sink: WsSink,
@@ -115,11 +108,6 @@ pub async fn connect(opts: &ConnectionOptions) -> anyhow::Result<NoiseConnection
     })
 }
 
-pub async fn list_recipes(conn: &mut NoiseConnection) -> anyhow::Result<Value> {
-    conn.call(serde_json::json!({"method": "shell.list_recipes"}))
-        .await
-}
-
 pub async fn list_sessions(conn: &mut NoiseConnection) -> anyhow::Result<Value> {
     conn.call(serde_json::json!({"method": "shell.list_sessions"}))
         .await
@@ -183,15 +171,6 @@ pub async fn close_session(conn: &mut NoiseConnection, id: &str) -> anyhow::Resu
     .await
 }
 
-pub async fn exec(conn: &mut NoiseConnection, request: &ExecRequest) -> anyhow::Result<Value> {
-    conn.call(serde_json::json!({
-        "method": "exec",
-        "cmd": request.cmd,
-        "timeout_secs": request.timeout_secs,
-    }))
-    .await
-}
-
 pub async fn attach_session(
     mut conn: NoiseConnection,
     id: &str,
@@ -264,46 +243,6 @@ pub async fn attach_session(
     Ok(())
 }
 
-pub async fn attach_session_exchange(
-    mut conn: NoiseConnection,
-    id: &str,
-    input: &[u8],
-    max_bytes: usize,
-    idle_timeout: Duration,
-) -> anyhow::Result<Vec<u8>> {
-    let ack = conn
-        .call(serde_json::json!({
-            "method": "shell.attach_session",
-            "id": id,
-            "tail": true,
-        }))
-        .await?;
-    if ack.get("error").is_some() {
-        anyhow::bail!("attach failed: {}", serde_json::to_string(&ack)?);
-    }
-
-    if !input.is_empty() {
-        send_encrypted(&mut conn.transport, &mut conn.sink, input).await?;
-    }
-
-    let mut output = Vec::new();
-    while output.len() < max_bytes {
-        let frame = match timeout(idle_timeout, next_binary(&mut conn.stream)).await {
-            Ok(frame) => frame?,
-            Err(_) => break,
-        };
-        let Some(cipher) = frame else {
-            break;
-        };
-        let mut plain = vec![0u8; cipher.len()];
-        let n = conn.transport.read_message(&cipher, &mut plain)?;
-        let remaining = max_bytes - output.len();
-        output.extend_from_slice(&plain[..n.min(remaining)]);
-    }
-
-    Ok(output)
-}
-
 pub async fn attach_session_stream<F>(
     mut conn: NoiseConnection,
     id: &str,
diff --git a/crates/dd-client-ffi/src/lib.rs b/crates/dd-client-ffi/src/lib.rs
index 0b1be8f..0f2dae7 100644
--- a/crates/dd-client-ffi/src/lib.rs
+++ b/crates/dd-client-ffi/src/lib.rs
@@ -5,13 +5,11 @@ use std::path::{Path, PathBuf};
 use std::sync::atomic::{AtomicU64, Ordering};
 use std::sync::{Mutex, OnceLock};
 use std::thread;
-use std::time::Duration;
 
 use base64::Engine as _;
 use dd_client_core::{
-    attach_session_exchange, attach_session_stream, connect, create_session, list_recipes,
-    list_sessions, replay_session, session_id, ConnectionOptions, CreateSessionRequest,
-    IntelTrustAuthority, QuoteVerification,
+    attach_session_stream, connect, replay_session, ConnectionOptions, IntelTrustAuthority,
+    QuoteVerification,
 };
 use std::collections::HashMap;
 use tokio::sync::watch;
@@ -19,9 +17,6 @@ use tokio::sync::watch;
 const DEFAULT_ITA_BASE_URL: &str = "https://api.trustauthority.intel.com";
 const DEFAULT_ITA_JWKS_URL: &str = "https://portal.trustauthority.intel.com/certs";
 const DEFAULT_ITA_ISSUER: &str = "https://portal.trustauthority.intel.com";
-const DEFAULT_ATTACH_MAX_BYTES: usize = 128 * 1024;
-const MAX_ATTACH_BYTES: usize = 1024 * 1024;
-const DEFAULT_ATTACH_IDLE_TIMEOUT_MS: u64 = 1200;
 const DEFAULT_REPLAY_MAX_BYTES: usize = 32 * 1024;
 const MAX_REPLAY_BYTES: usize = 32 * 1024;
 
@@ -34,16 +29,6 @@ struct StreamControl {
 static NEXT_STREAM_ID: AtomicU64 = AtomicU64::new(1);
 static STREAMS: OnceLock<Mutex<HashMap<u64, StreamControl>>> = OnceLock::new();
 
-#[no_mangle]
-pub extern "C" fn dd_client_keygen(
-    key_path: *const c_char,
-    cp_url: *const c_char,
-    label: *const c_char,
-) -> *mut c_char {
-    let result = keygen_response(key_path, cp_url, label);
-    into_c_string(result)
-}
-
 #[no_mangle]
 pub extern "C" fn dd_client_agent_request(request_json: *const c_char) -> *mut c_char {
     let result = agent_request_response(request_json);
@@ -191,48 +176,6 @@ fn streams() -> &'static Mutex<HashMap<u64, StreamControl>> {
     STREAMS.get_or_init(|| Mutex::new(HashMap::new()))
 }
 
-fn keygen_response(
-    key_path: *const c_char,
-    cp_url: *const c_char,
-    label: *const c_char,
-) -> serde_json::Value {
-    match keygen(key_path, cp_url, label) {
-        Ok(value) => value,
-        Err(error) => serde_json::json!({
-            "ok": false,
-            "error": error,
-        }),
-    }
-}
-
-fn keygen(
-    key_path: *const c_char,
-    cp_url: *const c_char,
-    label: *const c_char,
-) -> Result<serde_json::Value, String> {
-    let key_path = required_c_string(key_path, "key_path")?;
-    let cp_url = optional_c_string(cp_url)?;
-    let label = optional_c_string(label)?;
-
-    let key_path = PathBuf::from(key_path);
-    let pubkey_hex =
-        block_on_ffi_result(
-            move || async move { dd_client_core::public_key_hex(&key_path).await },
-        )?;
-    let enrollment_url = match (cp_url.as_deref(), label.as_deref()) {
-        (Some(cp_url), Some(label)) => {
-            Some(dd_client_core::enrollment_url(cp_url, &pubkey_hex, label))
-        }
-        _ => None,
-    };
-
-    Ok(serde_json::json!({
-        "ok": true,
-        "pubkey_hex": pubkey_hex,
-        "enrollment_url": enrollment_url,
-    }))
-}
-
 fn agent_request_response(request_json: *const c_char) -> serde_json::Value {
     match agent_request(request_json) {
         Ok(value) => value,
@@ -251,40 +194,6 @@ fn agent_request(request_json: *const c_char) -> Result<serde_json::Value, Strin
 
     match operation.as_str() {
         "import_key" => import_key_request(&request),
-        "recipes" | "list_recipes" => {
-            let opts = connection_options_from_request(&request)?;
-            let value = block_on_ffi_result(move || async move {
-                let mut conn = connect(&opts).await?;
-                list_recipes(&mut conn).await
-            })?;
-            Ok(ok_value("recipes", value))
-        }
-        "sessions" | "list_sessions" => {
-            let opts = connection_options_from_request(&request)?;
-            let value = block_on_ffi_result(move || async move {
-                let mut conn = connect(&opts).await?;
-                list_sessions(&mut conn).await
-            })?;
-            Ok(ok_value("sessions", value))
-        }
-        "create_session" => {
-            let opts = connection_options_from_request(&request)?;
-            let create_request = CreateSessionRequest {
-                recipe: optional_json_string(&request, "recipe")?,
-                name: optional_json_string(&request, "name")?,
-                command: optional_json_string(&request, "command")?,
-            };
-            let value = block_on_ffi_result(move || async move {
-                let mut conn = connect(&opts).await?;
-                create_session(&mut conn, &create_request).await
-            })?;
-            let mut response = ok_map("create_session");
-            if let Ok(id) = session_id(&value) {
-                response.insert("session_id".to_string(), serde_json::Value::String(id));
-            }
-            response.insert("value".to_string(), value);
-            Ok(serde_json::Value::Object(response))
-        }
         "replay_session" => {
             let opts = connection_options_from_request(&request)?;
             let id = required_json_string(&request, "id")?;
@@ -297,42 +206,6 @@ fn agent_request(request_json: *const c_char) -> Result<serde_json::Value, Strin
             })?;
             Ok(ok_value("replay_session", value))
         }
-        "attach_exchange" | "attach_snapshot" => {
-            let opts = connection_options_from_request(&request)?;
-            let id = required_json_string(&request, "id")?;
-            let input = optional_json_string(&request, "input")?.unwrap_or_default();
-            let max_bytes = usize_json_field(&request, "max_bytes")?
-                .unwrap_or(DEFAULT_ATTACH_MAX_BYTES)
-                .min(MAX_ATTACH_BYTES);
-            let idle_timeout_ms = u64_json_field(&request, "idle_timeout_ms")?
-                .unwrap_or(DEFAULT_ATTACH_IDLE_TIMEOUT_MS)
-                .clamp(100, 10_000);
-            let bytes = block_on_ffi_result(move || async move {
-                let conn = connect(&opts).await?;
-                attach_session_exchange(
-                    conn,
-                    &id,
-                    input.as_bytes(),
-                    max_bytes,
-                    Duration::from_millis(idle_timeout_ms),
-                )
-                .await
-            })?;
-            let mut response = ok_map("attach_exchange");
-            response.insert(
-                "text".to_string(),
-                serde_json::Value::String(String::from_utf8_lossy(&bytes).into_owned()),
-            );
-            response.insert(
-                "bytes_base64".to_string(),
-                serde_json::Value::String(base64::engine::general_purpose::STANDARD.encode(&bytes)),
-            );
-            response.insert(
-                "truncated".to_string(),
-                serde_json::Value::Bool(bytes.len() >= max_bytes),
-            );
-            Ok(serde_json::Value::Object(response))
-        }
         _ => Err(format!("unsupported operation: {operation}")),
     }
 }
@@ -549,34 +422,6 @@ fn into_c_string(value: serde_json::Value) -> *mut c_char {
 mod tests {
     use super::*;
 
-    #[test]
-    fn keygen_returns_enrollment_url() {
-        let dir = tempfile::tempdir().unwrap();
-        let key_path =
-            CString::new(dir.path().join("noise.key").to_string_lossy().as_ref()).unwrap();
-        let cp_url = CString::new("https://cp.example.com").unwrap();
-        let label = CString::new("ios phone").unwrap();
-
-        let value = keygen_response(key_path.as_ptr(), cp_url.as_ptr(), label.as_ptr());
-
-        assert_eq!(value["ok"], true);
-        assert!(value["pubkey_hex"].as_str().unwrap().len() == 64);
-        assert_eq!(
-            value["enrollment_url"],
-            "https://cp.example.com/admin/enroll?pubkey=".to_string()
-                + value["pubkey_hex"].as_str().unwrap()
-                + "&label=ios%20phone"
-        );
-    }
-
-    #[test]
-    fn keygen_rejects_missing_key_path() {
-        let value = keygen_response(std::ptr::null(), std::ptr::null(), std::ptr::null());
-
-        assert_eq!(value["ok"], false);
-        assert!(value["error"].as_str().unwrap().contains("key_path"));
-    }
-
     #[test]
     fn agent_request_rejects_unknown_operation() {
         let request = CString::new(r#"{"operation":"bogus"}"#).unwrap();
@@ -610,7 +455,7 @@ mod tests {
     #[test]
     fn connection_options_requires_ita_key_when_verification_enabled() {
         let request: serde_json::Value = serde_json::json!({
-            "operation": "recipes",
+            "operation": "replay_session",
             "agent_url": "https://agent.example.com",
             "key_path": "/tmp/noise.key",
             "insecure_skip_quote_verify": false

From 793d45515e9ae837b3fab5b802f12fb0494d9db4 Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 16:23:57 -0400
Subject: [PATCH 12/18] Simplify mobile handoff surface

---
 Cargo.lock                                   | 107 -------------------
 README.md                                    |  11 +-
 apps/ios/DevOpsDefender/DDClientBridge.swift |  53 ++++-----
 apps/ios/DevOpsDefender/DDClientFFI.h        |   3 +-
 apps/ios/README.md                           |  21 +---
 crates/dd-client-cli/src/main.rs             |  55 +++-------
 crates/dd-client-core/Cargo.toml             |   1 -
 crates/dd-client-core/src/lib.rs             |  15 ++-
 crates/dd-client-ffi/src/lib.rs              | 102 ++++++++----------
 9 files changed, 97 insertions(+), 271 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 5fe8073..0c069d3 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -37,15 +37,6 @@ dependencies = [
  "subtle",
 ]
 
-[[package]]
-name = "android_system_properties"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "anstream"
 version = "1.0.0"
@@ -202,20 +193,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "chrono"
-version = "0.4.44"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0"
-dependencies = [
- "iana-time-zone",
- "js-sys",
- "num-traits",
- "serde",
- "wasm-bindgen",
- "windows-link",
-]
-
 [[package]]
 name = "cipher"
 version = "0.4.4"
@@ -273,12 +250,6 @@ version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1d07550c9036bf2ae0c684c4297d503f838287c83c53686d05370d0e139ae570"
 
-[[package]]
-name = "core-foundation-sys"
-version = "0.8.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
-
 [[package]]
 name = "cpufeatures"
 version = "0.2.17"
@@ -357,7 +328,6 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "base64",
- "chrono",
  "futures-util",
  "hex",
  "jsonwebtoken",
@@ -662,30 +632,6 @@ dependencies = [
  "tracing",
 ]
 
-[[package]]
-name = "iana-time-zone"
-version = "0.1.65"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470"
-dependencies = [
- "android_system_properties",
- "core-foundation-sys",
- "iana-time-zone-haiku",
- "js-sys",
- "log",
- "wasm-bindgen",
- "windows-core",
-]
-
-[[package]]
-name = "iana-time-zone-haiku"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
-dependencies = [
- "cc",
-]
-
 [[package]]
 name = "icu_collections"
 version = "2.2.0"
@@ -1892,65 +1838,12 @@ dependencies = [
  "rustls-pki-types",
 ]
 
-[[package]]
-name = "windows-core"
-version = "0.62.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb"
-dependencies = [
- "windows-implement",
- "windows-interface",
- "windows-link",
- "windows-result",
- "windows-strings",
-]
-
-[[package]]
-name = "windows-implement"
-version = "0.60.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "windows-interface"
-version = "0.59.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
 [[package]]
 name = "windows-link"
 version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
 
-[[package]]
-name = "windows-result"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5"
-dependencies = [
- "windows-link",
-]
-
-[[package]]
-name = "windows-strings"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091"
-dependencies = [
- "windows-link",
-]
-
 [[package]]
 name = "windows-sys"
 version = "0.52.0"
diff --git a/README.md b/README.md
index 5f20d41..e54e101 100644
--- a/README.md
+++ b/README.md
@@ -50,16 +50,13 @@ Send a running session to the mobile companion app:
 dd-client mobile-link \
   --url https://agent.example.com \
   --key ~/.config/devopsdefender/noise.key \
-  --id SESSION_ID \
-  --include-key
+  --id SESSION_ID
 ```
 
 Open the printed `devopsdefender://session?...` link on iOS, or render it as a
-QR code with the printed `qrencode` command. `--include-key` puts the Noise
-private key in the handoff URL so the mobile app can import it before loading
-history and following the live transcript; treat that link or QR code as secret.
-Omit `--include-key` to send only the agent URL and session id after the app
-already has the key.
+QR code with the printed `qrencode` command. The link includes the Noise private
+key so the mobile app can import it before loading history and following the
+live transcript; treat that link or QR code as secret.
 
 Quote verification is on by default. Local preview/dev runs without Intel Trust
 Authority credentials must pass `--insecure-skip-quote-verify` explicitly.
diff --git a/apps/ios/DevOpsDefender/DDClientBridge.swift b/apps/ios/DevOpsDefender/DDClientBridge.swift
index d4efe45..2cfd6e5 100644
--- a/apps/ios/DevOpsDefender/DDClientBridge.swift
+++ b/apps/ios/DevOpsDefender/DDClientBridge.swift
@@ -15,16 +15,16 @@ struct DDClientError: LocalizedError {
 
 enum DDClientBridge {
     static func importKey(keyPath: String, keyContent: String) throws {
-        _ = try request([
-            "operation": "import_key",
-            "key_path": keyPath,
-            "key_content": keyContent
-        ])
+        let responsePointer = keyPath.withCString { keyPathCString in
+            keyContent.withCString { keyContentCString in
+                dd_client_import_key(keyPathCString, keyContentCString)
+            }
+        }
+        _ = try decodeResponse(responsePointer)
     }
 
     static func transcriptHistory(id: String, settings: AgentSettings) throws -> [String: Any] {
         try request([
-            "operation": "replay_session",
             "agent_url": settings.agentURL,
             "key_path": settings.keyPath,
             "insecure_skip_quote_verify": true,
@@ -34,7 +34,7 @@ enum DDClientBridge {
             "ita_issuer": "",
             "id": id,
             "max_bytes": 32768
-        ])
+        ], using: dd_client_replay_session)
     }
 
     static func startAttachStream(
@@ -50,8 +50,7 @@ enum DDClientBridge {
             "ita_base_url": "",
             "ita_jwks_url": "",
             "ita_issuer": "",
-            "id": id,
-            "tail": true
+            "id": id
         ]
         let data = try JSONSerialization.data(withJSONObject: payload)
         guard let requestJSON = String(data: data, encoding: .utf8) else {
@@ -63,15 +62,22 @@ enum DDClientBridge {
         return stream
     }
 
-    private static func request(_ payload: [String: Any]) throws -> [String: Any] {
+    private static func request(
+        _ payload: [String: Any],
+        using call: (UnsafePointer<CChar>?) -> UnsafeMutablePointer<CChar>?
+    ) throws -> [String: Any] {
         let requestData = try JSONSerialization.data(withJSONObject: payload)
         guard let requestJSON = String(data: requestData, encoding: .utf8) else {
             throw DDClientError(message: "Failed to encode FFI request")
         }
 
         let responsePointer = requestJSON.withCString { requestCString in
-            dd_client_agent_request(requestCString)
+            call(requestCString)
         }
+        return try decodeResponse(responsePointer)
+    }
+
+    private static func decodeResponse(_ responsePointer: UnsafeMutablePointer<CChar>?) throws -> [String: Any] {
         guard let responsePointer else {
             throw DDClientError(message: "Rust FFI returned a null response")
         }
@@ -209,16 +215,12 @@ final class ClientViewModel: ObservableObject {
         transcript = ""
         terminalRenderer = TerminalScreenRenderer(width: 96, maxRows: 160)
 
-        if let key = query["key"], !key.isEmpty {
-            importKeyAndLoadTranscript(key)
+        guard let key = query["key"], !key.isEmpty else {
+            status = "Mobile link missing key"
             return
         }
 
-        if FileManager.default.fileExists(atPath: keyPath.expandingTildePath) {
-            loadTranscript()
-        } else {
-            status = "Linked \(linkedSessionTitle); link did not include key"
-        }
+        importKeyAndLoadTranscript(key)
     }
 
     private func importKeyAndLoadTranscript(_ key: String) {
@@ -234,21 +236,6 @@ final class ClientViewModel: ObservableObject {
         }
     }
 
-    private func loadTranscript() {
-        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !id.isEmpty else {
-            status = "No linked session"
-            return
-        }
-        let settings = AgentSettings(
-            agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
-            keyPath: keyPath.expandingTildePath
-        )
-        run("Loading transcript", startStreamAfterInitialLoad: true) {
-            initialTranscriptUpdate(id: id, settings: settings)
-        }
-    }
-
     private func run(
         _ pendingStatus: String,
         startStreamAfterInitialLoad: Bool = false,
diff --git a/apps/ios/DevOpsDefender/DDClientFFI.h b/apps/ios/DevOpsDefender/DDClientFFI.h
index 6cd7afa..4db8997 100644
--- a/apps/ios/DevOpsDefender/DDClientFFI.h
+++ b/apps/ios/DevOpsDefender/DDClientFFI.h
@@ -9,7 +9,8 @@ extern "C" {
 
 typedef void (*dd_client_stream_callback)(uint64_t handle, const char *event_json, void *context);
 
-char *dd_client_agent_request(const char *request_json);
+char *dd_client_import_key(const char *key_path, const char *key_content);
+char *dd_client_replay_session(const char *request_json);
 uint64_t dd_client_attach_stream_start(const char *request_json, dd_client_stream_callback callback, void *context);
 void dd_client_attach_stream_stop(uint64_t handle);
 void dd_client_string_free(char *value);
diff --git a/apps/ios/README.md b/apps/ios/README.md
index 3ca3788..7950b91 100644
--- a/apps/ios/README.md
+++ b/apps/ios/README.md
@@ -36,29 +36,18 @@ Generate the iOS link:
 cargo run -p dd-client -- mobile-link \
   --url "$AGENT_URL" \
   --key "$HOME/.config/devopsdefender/noise.key" \
-  --id "$SESSION_ID" \
-  --include-key
+  --id "$SESSION_ID"
 ```
 
 Open the printed `devopsdefender://session?...` link on iOS, or render the QR
-with the printed `qrencode` command. With `--include-key`, the link contains the
-Noise private key and the app imports it before loading history and following
-the transcript; treat the link or QR as secret.
-
-## Key Import Fallback
-
-Prefer `--include-key` so the link is self-contained. If you omit it, the app
-can only connect after a key has already been imported into its Application
-Support directory.
-
-```bash
-xxd -p -c 256 "$HOME/.config/devopsdefender/noise.key" | pbcopy
-```
+with the printed `qrencode` command. The link contains the Noise private key and
+the app imports it before loading history and following the transcript; treat
+the link or QR as secret.
 
 ## App Workflow
 
 - Open a `devopsdefender://session?...` link or scan its QR code.
-- The app imports the embedded key when present.
+- The app imports the embedded key.
 - The app loads recent transcript history, then keeps following live output.
 
 The app intentionally does not create sessions, list recipes, browse agents,
diff --git a/crates/dd-client-cli/src/main.rs b/crates/dd-client-cli/src/main.rs
index 24e4bef..991a7b3 100644
--- a/crates/dd-client-cli/src/main.rs
+++ b/crates/dd-client-cli/src/main.rs
@@ -47,9 +47,7 @@ struct MobileLinkArgs {
     #[arg(long)]
     id: String,
     #[arg(long)]
-    key: Option<PathBuf>,
-    #[arg(long)]
-    include_key: bool,
+    key: PathBuf,
 }
 
 #[derive(Args, Clone)]
@@ -133,32 +131,15 @@ async fn main() -> anyhow::Result<()> {
 }
 
 async fn print_mobile_link(args: MobileLinkArgs) -> anyhow::Result<()> {
-    let key_hex = if args.include_key {
-        let key = args
-            .key
-            .as_deref()
-            .ok_or_else(|| anyhow!("--key is required with --include-key"))?;
-        Some(load_key_hex(key).await?)
-    } else {
-        None
-    };
-    let link = mobile_session_url(&args.url, &args.id, key_hex.as_deref());
+    let key_hex = load_key_hex(&args.key).await?;
+    let link = mobile_session_url(&args.url, &args.id, &key_hex);
     println!("{link}");
 
-    if let Some(key) = args.key {
-        println!();
-        println!("pubkey: {}", public_key_hex(&key).await?);
-        println!(
-            "key import: xxd -p -c 256 {} | pbcopy",
-            shell_quote_path(&key)
-        );
-    }
+    println!();
+    println!("pubkey: {}", public_key_hex(&args.key).await?);
 
     println!();
-    if args.include_key {
-        println!();
-        println!("warning: this link contains the Noise private key; treat the QR as secret");
-    }
+    println!("warning: this link contains the Noise private key; treat the QR as secret");
 
     println!();
     println!("Open this link on iPhone, or make a QR with:");
@@ -166,17 +147,13 @@ async fn print_mobile_link(args: MobileLinkArgs) -> anyhow::Result<()> {
     Ok(())
 }
 
-fn mobile_session_url(agent_url: &str, session_id: &str, key_hex: Option<&str>) -> String {
-    let mut url = format!(
-        "devopsdefender://session?agent={}&id={}&skip_quote_verify=1",
+fn mobile_session_url(agent_url: &str, session_id: &str, key_hex: &str) -> String {
+    format!(
+        "devopsdefender://session?agent={}&id={}&skip_quote_verify=1&key={}",
         percent_encode(agent_url),
-        percent_encode(session_id)
-    );
-    if let Some(key_hex) = key_hex {
-        url.push_str("&key=");
-        url.push_str(&percent_encode(key_hex));
-    }
-    url
+        percent_encode(session_id),
+        percent_encode(key_hex)
+    )
 }
 
 async fn load_key_hex(path: &Path) -> anyhow::Result<String> {
@@ -202,14 +179,6 @@ fn percent_encode(value: &str) -> String {
     out
 }
 
-fn shell_quote_path(path: &std::path::Path) -> String {
-    shell_quote(&path.to_string_lossy())
-}
-
-fn shell_quote(value: &str) -> String {
-    format!("'{}'", shell_escape_single(value))
-}
-
 fn shell_escape_single(value: &str) -> String {
     value.replace('\'', "'\\''")
 }
diff --git a/crates/dd-client-core/Cargo.toml b/crates/dd-client-core/Cargo.toml
index 662657e..5933c41 100644
--- a/crates/dd-client-core/Cargo.toml
+++ b/crates/dd-client-core/Cargo.toml
@@ -8,7 +8,6 @@ repository.workspace = true
 [dependencies]
 anyhow = "1"
 base64 = "0.22"
-chrono = { version = "0.4", features = ["serde"] }
 futures-util = "0.3"
 hex = "0.4"
 jsonwebtoken = "9"
diff --git a/crates/dd-client-core/src/lib.rs b/crates/dd-client-core/src/lib.rs
index 2c82d17..c1efa13 100644
--- a/crates/dd-client-core/src/lib.rs
+++ b/crates/dd-client-core/src/lib.rs
@@ -61,7 +61,7 @@ pub struct NoiseConnection {
 }
 
 impl NoiseConnection {
-    pub async fn call(&mut self, request: Value) -> anyhow::Result<Value> {
+    async fn call(&mut self, request: Value) -> anyhow::Result<Value> {
         let plain = serde_json::to_vec(&request)?;
         send_encrypted(&mut self.transport, &mut self.sink, &plain).await?;
         let cipher = next_binary(&mut self.stream)
@@ -148,7 +148,7 @@ pub async fn replay_session(
     conn.call(request).await
 }
 
-pub async fn resize_session(
+async fn resize_session(
     conn: &mut NoiseConnection,
     id: &str,
     cols: u64,
@@ -246,7 +246,6 @@ pub async fn attach_session(
 pub async fn attach_session_stream<F>(
     mut conn: NoiseConnection,
     id: &str,
-    tail: bool,
     mut shutdown: watch::Receiver<bool>,
     mut on_open: impl FnMut() -> anyhow::Result<()> + Send,
     mut on_bytes: F,
@@ -258,7 +257,7 @@ where
         .call(serde_json::json!({
             "method": "shell.attach_session",
             "id": id,
-            "tail": tail,
+            "tail": true,
         }))
         .await?;
     if ack.get("error").is_some() {
@@ -393,7 +392,7 @@ pub fn session_id(value: &Value) -> anyhow::Result<String> {
         .ok_or_else(|| anyhow!("create response did not include a session id: {value}"))
 }
 
-pub async fn load_or_create_key(path: &Path) -> anyhow::Result<StaticSecret> {
+async fn load_or_create_key(path: &Path) -> anyhow::Result<StaticSecret> {
     match tokio::fs::read(path).await {
         Ok(bytes) if bytes.len() == 32 => {
             let mut key = [0u8; 32];
@@ -415,7 +414,7 @@ pub async fn public_key_hex(path: &Path) -> anyhow::Result<String> {
     Ok(public_hex(&secret))
 }
 
-pub fn public_hex(secret: &StaticSecret) -> String {
+fn public_hex(secret: &StaticSecret) -> String {
     hex::encode(PublicKey::from(secret).as_bytes())
 }
 
@@ -428,11 +427,11 @@ pub fn enrollment_url(cp_url: &str, pubkey_hex: &str, label: &str) -> String {
     )
 }
 
-pub fn health_url(base_url: &str) -> String {
+fn health_url(base_url: &str) -> String {
     format!("{}/health", normalize_http_base(base_url))
 }
 
-pub fn noise_ws_url(base_url: &str) -> String {
+fn noise_ws_url(base_url: &str) -> String {
     let base = normalize_http_base(base_url);
     let ws_base = if let Some(rest) = base.strip_prefix("https://") {
         format!("wss://{rest}")
diff --git a/crates/dd-client-ffi/src/lib.rs b/crates/dd-client-ffi/src/lib.rs
index 0f2dae7..4be905d 100644
--- a/crates/dd-client-ffi/src/lib.rs
+++ b/crates/dd-client-ffi/src/lib.rs
@@ -30,9 +30,16 @@ static NEXT_STREAM_ID: AtomicU64 = AtomicU64::new(1);
 static STREAMS: OnceLock<Mutex<HashMap<u64, StreamControl>>> = OnceLock::new();
 
 #[no_mangle]
-pub extern "C" fn dd_client_agent_request(request_json: *const c_char) -> *mut c_char {
-    let result = agent_request_response(request_json);
-    into_c_string(result)
+pub extern "C" fn dd_client_import_key(
+    key_path: *const c_char,
+    key_content: *const c_char,
+) -> *mut c_char {
+    into_c_string(import_key_response(key_path, key_content))
+}
+
+#[no_mangle]
+pub extern "C" fn dd_client_replay_session(request_json: *const c_char) -> *mut c_char {
+    into_c_string(replay_session_response(request_json))
 }
 
 #[no_mangle]
@@ -81,7 +88,6 @@ fn attach_stream_start(
         serde_json::from_str(&request_json).map_err(|e| format!("parse request_json: {e}"))?;
     let opts = connection_options_from_request(&request)?;
     let id = required_json_string(&request, "id")?;
-    let tail = bool_json_field(&request, "tail")?.unwrap_or(true);
     let (shutdown, shutdown_rx) = watch::channel(false);
     let handle = NEXT_STREAM_ID.fetch_add(1, Ordering::Relaxed);
 
@@ -102,7 +108,6 @@ fn attach_stream_start(
                         attach_session_stream(
                             conn,
                             &id,
-                            tail,
                             shutdown_rx,
                             || {
                                 emit_stream_event(
@@ -176,8 +181,8 @@ fn streams() -> &'static Mutex<HashMap<u64, StreamControl>> {
     STREAMS.get_or_init(|| Mutex::new(HashMap::new()))
 }
 
-fn agent_request_response(request_json: *const c_char) -> serde_json::Value {
-    match agent_request(request_json) {
+fn import_key_response(key_path: *const c_char, key_content: *const c_char) -> serde_json::Value {
+    match import_key(key_path, key_content) {
         Ok(value) => value,
         Err(error) => serde_json::json!({
             "ok": false,
@@ -186,33 +191,12 @@ fn agent_request_response(request_json: *const c_char) -> serde_json::Value {
     }
 }
 
-fn agent_request(request_json: *const c_char) -> Result<serde_json::Value, String> {
-    let request_json = required_c_string(request_json, "request_json")?;
-    let request: serde_json::Value =
-        serde_json::from_str(&request_json).map_err(|e| format!("parse request_json: {e}"))?;
-    let operation = required_json_string(&request, "operation")?;
-
-    match operation.as_str() {
-        "import_key" => import_key_request(&request),
-        "replay_session" => {
-            let opts = connection_options_from_request(&request)?;
-            let id = required_json_string(&request, "id")?;
-            let max_bytes = usize_json_field(&request, "max_bytes")?
-                .unwrap_or(DEFAULT_REPLAY_MAX_BYTES)
-                .min(MAX_REPLAY_BYTES);
-            let value = block_on_ffi_result(move || async move {
-                let mut conn = connect(&opts).await?;
-                replay_session(&mut conn, &id, Some(max_bytes)).await
-            })?;
-            Ok(ok_value("replay_session", value))
-        }
-        _ => Err(format!("unsupported operation: {operation}")),
-    }
-}
-
-fn import_key_request(request: &serde_json::Value) -> Result<serde_json::Value, String> {
-    let key_path = required_json_string(request, "key_path")?;
-    let key_content = required_json_string(request, "key_content")?;
+fn import_key(
+    key_path: *const c_char,
+    key_content: *const c_char,
+) -> Result<serde_json::Value, String> {
+    let key_path = required_c_string(key_path, "key_path")?;
+    let key_content = required_c_string(key_content, "key_content")?;
     let bytes = parse_key_content(&key_content)?;
     persist_key(Path::new(&key_path), &bytes)?;
     Ok(serde_json::json!({
@@ -222,6 +206,32 @@ fn import_key_request(request: &serde_json::Value) -> Result<serde_json::Value,
     }))
 }
 
+fn replay_session_response(request_json: *const c_char) -> serde_json::Value {
+    match replay_session_request(request_json) {
+        Ok(value) => value,
+        Err(error) => serde_json::json!({
+            "ok": false,
+            "error": error,
+        }),
+    }
+}
+
+fn replay_session_request(request_json: *const c_char) -> Result<serde_json::Value, String> {
+    let request_json = required_c_string(request_json, "request_json")?;
+    let request: serde_json::Value =
+        serde_json::from_str(&request_json).map_err(|e| format!("parse request_json: {e}"))?;
+    let opts = connection_options_from_request(&request)?;
+    let id = required_json_string(&request, "id")?;
+    let max_bytes = usize_json_field(&request, "max_bytes")?
+        .unwrap_or(DEFAULT_REPLAY_MAX_BYTES)
+        .min(MAX_REPLAY_BYTES);
+    let value = block_on_ffi_result(move || async move {
+        let mut conn = connect(&opts).await?;
+        replay_session(&mut conn, &id, Some(max_bytes)).await
+    })?;
+    Ok(ok_value("replay_session", value))
+}
+
 fn connection_options_from_request(
     request: &serde_json::Value,
 ) -> Result<ConnectionOptions, String> {
@@ -422,31 +432,14 @@ fn into_c_string(value: serde_json::Value) -> *mut c_char {
 mod tests {
     use super::*;
 
-    #[test]
-    fn agent_request_rejects_unknown_operation() {
-        let request = CString::new(r#"{"operation":"bogus"}"#).unwrap();
-
-        let value = agent_request_response(request.as_ptr());
-
-        assert_eq!(value["ok"], false);
-        assert!(value["error"]
-            .as_str()
-            .unwrap()
-            .contains("unsupported operation"));
-    }
-
     #[test]
     fn import_key_accepts_hex_content() {
         let dir = tempfile::tempdir().unwrap();
         let key_path = dir.path().join("noise.key");
-        let request = CString::new(format!(
-            r#"{{"operation":"import_key","key_path":"{}","key_content":"{}"}}"#,
-            key_path.display(),
-            "07".repeat(32)
-        ))
-        .unwrap();
+        let key_path_c = CString::new(key_path.to_string_lossy().as_ref()).unwrap();
+        let key_content_c = CString::new("07".repeat(32)).unwrap();
 
-        let value = agent_request_response(request.as_ptr());
+        let value = import_key_response(key_path_c.as_ptr(), key_content_c.as_ptr());
 
         assert_eq!(value["ok"], true);
         assert_eq!(std::fs::read(key_path).unwrap(), vec![7u8; 32]);
@@ -455,7 +448,6 @@ mod tests {
     #[test]
     fn connection_options_requires_ita_key_when_verification_enabled() {
         let request: serde_json::Value = serde_json::json!({
-            "operation": "replay_session",
             "agent_url": "https://agent.example.com",
             "key_path": "/tmp/noise.key",
             "insecure_skip_quote_verify": false

From 1992afc418f392928e98a62d0f0f7d1def64749a Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 16:30:03 -0400
Subject: [PATCH 13/18] Add iOS CI and TestFlight upload workflow

---
 .github/workflows/ios.yml                     |  35 ++++++
 .github/workflows/testflight.yml              |  57 +++++++++
 apps/ios/Config/Signing.xcconfig              |   2 +
 .../AppIcon.appiconset/AppIcon-1024.png       | Bin 0 -> 31872 bytes
 .../AppIcon.appiconset/AppIcon-120.png        | Bin 0 -> 10827 bytes
 .../AppIcon.appiconset/AppIcon-152.png        | Bin 0 -> 13000 bytes
 .../AppIcon.appiconset/AppIcon-167.png        | Bin 0 -> 14136 bytes
 .../AppIcon.appiconset/AppIcon-180.png        | Bin 0 -> 15242 bytes
 .../AppIcon.appiconset/AppIcon-20.png         | Bin 0 -> 1970 bytes
 .../AppIcon.appiconset/AppIcon-29.png         | Bin 0 -> 2890 bytes
 .../AppIcon.appiconset/AppIcon-40.png         | Bin 0 -> 3914 bytes
 .../AppIcon.appiconset/AppIcon-58.png         | Bin 0 -> 5403 bytes
 .../AppIcon.appiconset/AppIcon-60.png         | Bin 0 -> 5667 bytes
 .../AppIcon.appiconset/AppIcon-76.png         | Bin 0 -> 7203 bytes
 .../AppIcon.appiconset/AppIcon-80.png         | Bin 0 -> 6447 bytes
 .../AppIcon.appiconset/AppIcon-87.png         | Bin 0 -> 8043 bytes
 .../AppIcon.appiconset/Contents.json          | 116 ++++++++++++++++++
 .../Assets.xcassets/Contents.json             |   6 +
 apps/ios/DevOpsDefender/Info.plist            |   4 +-
 apps/ios/README.md                            |  19 +++
 apps/ios/Scripts/archive-testflight.sh        | 113 +++++++++++++++++
 apps/ios/project.yml                          |   4 +
 22 files changed, 354 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/ios.yml
 create mode 100644 .github/workflows/testflight.yml
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-1024.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-120.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-152.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-167.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-180.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-20.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-29.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-40.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-58.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-60.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-76.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-80.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-87.png
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/Contents.json
 create mode 100644 apps/ios/DevOpsDefender/Assets.xcassets/Contents.json
 create mode 100755 apps/ios/Scripts/archive-testflight.sh

diff --git a/.github/workflows/ios.yml b/.github/workflows/ios.yml
new file mode 100644
index 0000000..3ea3074
--- /dev/null
+++ b/.github/workflows/ios.yml
@@ -0,0 +1,35 @@
+name: iOS
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  simulator-build:
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: aarch64-apple-ios-sim,x86_64-apple-ios
+
+      - name: Install XcodeGen
+        run: brew install xcodegen
+
+      - name: Generate Xcode project
+        working-directory: apps/ios
+        run: xcodegen generate
+
+      - name: Build iOS simulator app
+        working-directory: apps/ios
+        run: |
+          xcodebuild \
+            -project DevOpsDefender.xcodeproj \
+            -scheme DevOpsDefender \
+            -configuration Debug \
+            -destination 'generic/platform=iOS Simulator' \
+            DD_PRODUCT_BUNDLE_IDENTIFIER=com.devopsdefender.client.ci \
+            CODE_SIGNING_ALLOWED=NO \
+            build
diff --git a/.github/workflows/testflight.yml b/.github/workflows/testflight.yml
new file mode 100644
index 0000000..00a2c83
--- /dev/null
+++ b/.github/workflows/testflight.yml
@@ -0,0 +1,57 @@
+name: TestFlight
+
+on:
+  workflow_dispatch:
+    inputs:
+      bundle_id:
+        description: App Store Connect bundle identifier
+        required: true
+        default: com.posix4e.devopsdefender.client
+      marketing_version:
+        description: CFBundleShortVersionString
+        required: true
+        default: "0.1"
+      internal_only:
+        description: Restrict uploaded build to internal TestFlight testing
+        required: true
+        type: boolean
+        default: true
+
+jobs:
+  upload:
+    runs-on: macos-latest
+    environment: testflight
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: aarch64-apple-ios
+
+      - name: Install XcodeGen
+        run: brew install xcodegen
+
+      - name: Write App Store Connect API key
+        env:
+          ASC_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          ASC_PRIVATE_KEY: ${{ secrets.APP_STORE_CONNECT_API_PRIVATE_KEY }}
+        run: |
+          test -n "$ASC_KEY_ID"
+          test -n "$ASC_PRIVATE_KEY"
+          mkdir -p "$RUNNER_TEMP/appstoreconnect"
+          KEY_PATH="$RUNNER_TEMP/appstoreconnect/AuthKey_${ASC_KEY_ID}.p8"
+          printf '%s' "$ASC_PRIVATE_KEY" | perl -pe 's/\\n/\n/g' > "$KEY_PATH"
+          chmod 600 "$KEY_PATH"
+          echo "ASC_KEY_PATH=$KEY_PATH" >> "$GITHUB_ENV"
+
+      - name: Archive and upload to TestFlight
+        env:
+          DD_DEVELOPMENT_TEAM: ${{ secrets.APPLE_TEAM_ID }}
+          DD_BUNDLE_ID: ${{ inputs.bundle_id }}
+          DD_MARKETING_VERSION: ${{ inputs.marketing_version }}
+          DD_BUILD_NUMBER: ${{ github.run_number }}
+          DD_TESTFLIGHT_INTERNAL_ONLY: ${{ inputs.internal_only }}
+          APP_STORE_CONNECT_API_KEY_PATH: ${{ env.ASC_KEY_PATH }}
+          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          APP_STORE_CONNECT_API_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_ISSUER_ID }}
+        run: apps/ios/Scripts/archive-testflight.sh
diff --git a/apps/ios/Config/Signing.xcconfig b/apps/ios/Config/Signing.xcconfig
index 61fe954..3b6c453 100644
--- a/apps/ios/Config/Signing.xcconfig
+++ b/apps/ios/Config/Signing.xcconfig
@@ -1,3 +1,5 @@
 DD_PRODUCT_BUNDLE_IDENTIFIER = dev.devopsdefender.client.team$(DEVELOPMENT_TEAM)
+DD_MARKETING_VERSION = 0.1
+DD_BUILD_NUMBER = 1
 
 #include? "Signing.local.xcconfig"
diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-1024.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-1024.png
new file mode 100644
index 0000000000000000000000000000000000000000..443b26c6649bf8bcbb8807c18ba8a59f434e56f1
GIT binary patch
literal 31872
zcmeFZc|6o>`#AnCr#vU&%#jo^#VLi7B4ryLqLM9&h>?mAlNdWQosLW?bP8op+4t=0
zC`%$+_HBf0gBkmn{d<q0=XpNg=e&OZ{J!5me!u7bgZIq)eqZ->UH7$L_j?{28R+uw
z5ZwVm5dVeq+Ls~dCvf=_^vibePyQLD8vNUT^ZaFf2=X}uLD)Ybhz7pGPC*d*I0O-G
zAV}pE1c}^>DKl0BH@4gA>1wmr$Is@JLGTT)`vv`Tyu@ugc8T%-!a6$uzB=fB&fNXh
z4foqBH}BsD|DY4cPn<e>T<NI7anlpWRZb|YD4di%eq81F@f$<iWB=^|XVfhRJMX`L
z;1_Jw0r0@#A1k;!INx@2zu|oE@1M~Pk7q%UugwMRv!-7CvqMz;gc}nvKZ%a@e|^Tj
z{`KpQr$cwnd%VAL{!h8^mtj$dcYXbsGJoSA!bhK=e$#^=_<gUR+~f1Bv9-4{Z$7&A
z<#c}h8Mg@<tNONI<B6u%OJ&&<dH|bO&8|d3xwvP>wKDs6Ute8ad;7Fq08`G;?2<_q
z;9f$I9D--_vH|+<C5IRP<pWnD{>z8|fAIm^-?;_C1{_z@sec4>HDV}c2OqwE{gwGX
zVPmiNxd9`*u)xa;8Fh529T~d<u0F+md{oyI>~wBd(J_Mgpj=|E{z&p@1T3&Q*sLd0
z#CYG8iiBR6@zmiMbHAgBxe04YABQD(jPXSaV}6Ax3p?)c)!x-2qjvqyV_ePX?8iA+
z;2a-aIOGZLO`b*O3!3~kz<k>0mtF_z&%I<>l)ZDe(2fyC$~%i0t5g)YI=E=hnp&8b
z9ZFPuzg(S2)_F-3u`;Ed*LJX&UOP7j3$8y(YfN;2CDBFv(<zT}Ut^OD<;tWJ-Fp&a
zMbv*W_Hl2Y6j2v4jxwUHCgKhY?`GPyPr#DUdZCdl)x-jfLv5lf%+=aY+9McuK|w=8
zpBcFo%KS&*>S{<xOUvaW=wG03R_^stdDhz3ufDSAJ)T%{WrQ}G3=0%<5=h&-+xU8U
zvJw4~cC(;kfRX1#?PjUMoUTIM&YhV<r7oAWN76>O*O^>qbDRhEqLGDt`_15xXH&7I
z^Yw8Guu8F`cgfyI6DfFKcKKv4?wlbdVt2^X!*hea24q=SFzMJ_+0+MIZ;Il(<vZFH
zzqZy3rLlKG)dLCu+AhMHPQVSv8<8KAV1c|&23gEI+RZsm0cP}1xG2LOtLq5)L=U?m
zK`|Ze&ZpVTyF)E$S{%Ety=+}F|0GUKYPZ1bnPgvEZF0QNDza@?yYD@+h)BSp!~zGh
z0v~&~vFPQpHw7p!SFk<Lw?NQx(v_P-y=sZMH%0{O3MHTLc9BfVEw$$s&_bdfk5kp(
z1Qgd(&UJ=lmzM^dC+2cgN|x}E&)4JnaV6W4$9&n*?EAGJU-(>|u2QgV_vVwg^m5jo
zZvQ&DTU`hyU;n}tLo9%dhIT@bjl(|p&6~e#=ao)O_sdE-8m9Rc29R-OKl2+ZsqZl^
zw_py7;p0?(11o5*Tw5FcL$H;7MZ2|eXy(g+qU}hYy6n*sN!#{8LZL{&DM^DT>NmqX
zk8DYJzZZh4Eyab*YS(b15=xdmm54--aoT`rm8dZWIfk34k#yAQA<Z2L0D!Tq9^a9V
zvc4`)&F9}x<(t)IZAbL@ie^~)wTVtXWFpl}J4V#^Qv(3J|0rPVV$#X(rz?^>D8ipQ
z@9s5LEoT)xx*|o?d&XNh2sbWA4;@(%OcD4QK(793;bqpE$9F2k+~^gC5YsHRyXe^I
zGI|~EYtZgz)0NVa){pJS9s|HObtgcS6ix6-$4~V2N72wy#MQfMiPQEleqN<!M|B1C
zX#fwRSyH^0wzp^;NVK12AivN(w8>F?z9MRS11uoyB_JvZWkc7d4)5DzOdl(|wt{?`
zI-Ir;*KH+53~}yFb2TE~<3KSji!&)>t6_9%|3I`3-(OvU@v$@PtN$22S9>bSA!*4Z
zg$J8-6L1_|lH6w1dn|Fatc+ib^-KFb-40A)!0|+n%glCubXpA%6(~%JFG&7$R=IQ{
zU1}*njSh$LdCqtj(A{8px@m9REs5^X{3_V#R5{-|<An@dRP0PkHs)aB2r*f{=+wDR
zX5~m@a{lEYj=b(C`)CX@`@DnBxnmp&WV_bjsmi>`wr#O6*DEm+NW)kGY{f}1?U`+-
zwzIbD+o;w4y|5KGF^U6APrIh68MEh}IhVv-_p)JSid%lm6Z1AT_WM$JsQL1FvJ)Tg
zx!T03XMt%QTf#&@e7YPew!^shV4}+<Ch3`!q^O}|>|l|-_JUj8q@%zE@%4y`)}4ru
zvv^C1!BIc8N^~ooO0@s-hts6tQ=HXB<FW&273h5<5F+8k5_EHVVI7V(tmOY5ZKqvx
zNZ+jJ>BU%1U<`dF2HYXoPd*JcpRe;~tNPm1CYJjkua_J~%Ruixg2%^~MtWtdV8-;z
zL!P2fV9yXvR&A?=xTy9*-=4V`m3<r_rbPrk5$is;o3#v7Yxazavh7HtI%3Xx7Yq}c
zG0ILd;MFVyGGH@3cy*6auX17l<xx$PLGT?JfzznA-Dz5!?b0mzVyQTju$Q7ES5idJ
z^w!m_^+>vwq-T<{HQ_7Jn)&P<<suUDBq3vrxe2PNRZ0}m^M0(l`Etru@HE!%H9P2x
za;x8d+Yi^494Gu_6WyI1nCBvs47O<|fwjM}4_`M^%eA|wUDMs1u@i@Tq!h(M>X{Ht
zIRsQ&q7lkuF}I0x?!!u+A2V@>=ZdBngy}SsEn!hxAk7wG))lpKJ2I{wQ8cJAzks8`
zPZ7SV$pR*UVdEgT#$t$12;g3^U!NIhxsFI&W}ORKwSKN53^AL5T-Y}b&!Z~dj=z4e
zBuQ*_@JsZ*$6Z(xX>qTCu`*#0`ilMhj8pU7#or-K>pc*3>-r7K$FVwpNztml`}0_N
zUB%h1W%ro}03*(l%rttsw^OSIB9SiQ7N9;;3`=s-n~^V*0~pab7<X^5dgMuRYvFE5
zQF)hAyKl~1Rzu;pSS+{ISEW|k6v7hgc=;~aK)7A_G5y#b*zwyCWHhI-&$mull2|pg
zHZZ{}6{Ra^?$-8a=Nrz-SjQ8TkJnmT%nv3`+ArbNJUeh}zSo7>@?hnN2(WT^I#q9|
zdqr8N;HhJI!dt1t`41m;clah7aGWe;n*SAX(eq`!&X>JCE8z|ul0FE6ThAY{V4H0&
zfNeH?{4uyL*iqo=9ab%taJEOM(;yvD_U0Iu)BBrt3n1@VcpBCYM%#6L=~YiGASUwo
zv>F1;J#7KzX(6F`3I`HL`X-im{S*=x`XkDDHDXoPvym|SCC~W$t}oAFLryK~_qyv~
zu9s)`X1oIu@*3bBnC6{C!i$PZTId!c+uEP2@N@93R*hCC74~3c67nZM4GpDrKsLa%
zn2!hr(w~%{Q|uBb$@P!MmEo1I_qku??kS{~Jy|mpAM0seTM?MAgZHr4o=ygK)hbd&
zSd#_zcDcCz&f^C#G~8wFZpR3$nIc#bFpn|`;s`P{rRt^}Upliaue;2sq&Iro>(nw{
z37rJ|Y0%&S5!2<8+>)EkFL4t^545)D>@!v^BTdi_Y=}kXX+HVcKGzSOxKgW=DF&D$
ziHbh$&6Qf5r;mZBg_DknCLT#7Iq@S<WeSPZ(Ff8y3CifhoQ1LO6C}h^?R2Eha?AiT
z%Ue}f+tB?}MQ0lHz6RLuP+<+@lAIDt?WJIz_&t6|?YVcfw_-%D`a!AtHjJ$;Dg9(m
zH0urStA3K;(K4`aSfV`ywdp!iQc-tGjwX(;7CjKBCmC?eDrBTSad$w;t^Xj5FXvj@
zP^A@75$ei#r2^7M6^;7(KXLW;7J|<4bE9z1Y@2K0t!7P=S>sD)P(;WUsQR)D37M}u
z=K<p>CcQerP=@hGD_ZrPkl_jomT0DdIvS6UXuY|`{6xT3$mZuR|F<J%`o+46NVWMt
zKhTr8ScJjdDDmE-%X(5iEF`68(m7g%UvnJzJuhkLx|P5qFnzb}G2K-b+RQW03>5_p
z#Mdq7e*ErzCoq+z9a0m8UsPy?B9fzPy@iU3fa1mxX$WHJ=Vf@^Z2lR>L!Rk<yW}du
z=Fk9zC;C~d&R2z~tHP0faeUP?6~MMV>hGE%Ii6Naysblz6USVN<&-EO>_H{_Hm92@
z{)cQwmeegh<6i^3RIGuc&rq<iwb5qk=|>hw%yOBNU=iNx*)&->zJ$b90E4$Uxwc14
zNHU6d=XHmB_SzjjS-M3)0=ap4Q-&YGQiFXoo|or);1(!MEbw9Q(i6nfJ;(1PS*aR^
zq*}He&v7u=kmu#XMJkG_R^q3zGYtJNQ7I6owelz@M^x~hd%fRyg61N*Is>JBQE{SC
zU&uc;U#=sl?{)#-YYqedcp}5&{Ll(NUAsW;4*T*aaiC3{VRU4o6Tgb+(D*g)o?~nF
z5HQ+2ZJvyups+J&yt7x8H+qA26_txrSE}0H{jz{*rg+<3Zx1EjU`}*zF_9FFM>*^%
zIZHHJhiDp1&1jvDqnc||#@y^%MMYu3w#LiA1m!Msp3E6hIC1Lfor((dv!Z+}#=0ox
z-ff(0dKOunP4Muj@Mi5aa^4AHiAxJ>m-h*^t9gIpdl>)p&goPKyP3xuR@7)tRKPK+
z%V%_SX>!q9QL_*fjnY4PjutN%X*bmt&8f5mr#d;`L5cpg!S!n<8kl48x{<9ZTV!Il
zKt|L6p|Kq`k`}E_?B1|QDM#rp_>j@&7F{#b2t5{W7}=V!MJ60fE_FGqeIpXr9lpI%
z?Ylfo$+*~o*>jm|GxnnzCp*TMh>KJu&7>m*#h&i&9uXJQ9zqq<MIW&rt6)4u;svX1
z6F6Jn=0E$zHlD)v9QDca3=b^V{!->&-(fPL^TXrLZ-tC55X>)?t?_dBnebP5YfjT-
zpY>0W3`blDV))mcDml!e11Y5&GgMx-<~L0aj4!!hO*uQ)!sWw^_Z(boadC9mXx+GB
z9XrL;1&^Ipwp~4&Go-TO4_oM1yMOmD72z;xAlJ0vPh)znm$aK!oRdOgH#R1We|(9w
zNcE(u?MuLWZGol`H8*eF-LttT|IXsfJ?i=8$Y^CHTT<@p41J`s<e|DXFQAkAo503r
zdet4)(bpc6w-71xuc<?<%L>&<LlDI{=ae=lwlLv+ruxa~HpnK>sW;dA8`ex}Q?3-(
z=Z4iYx+dLQ{p1qq?WHH}vtFw3hn)k6Uwu_Jd`fM&qAVD*J`ZQ^XKk&4;GJ^X4r#_`
zh+p>fuhD=t5AQ3XCd73*tj|e!|FX5UX>uC!uLD;9WZiJrbrWAp?WR9g<<Wy1-Umch
zi{3s|KXDsx;r;<t6%|#zq|UQg;+4}Sr*qb7a1SE03W)TUi(GpFrFVSsxAtEcuaUfn
zx9%*Mq5}o%YT$#a->a@$({A+kE&+cHH1I)Sq`IKuit(;2f!qSX8@bALr_{`|JzKHl
zWTMO2nu_Ez8<MVhYPr)>x!LLQD^;h7j1J^u992Qu4ycnUk30nFWd-<klx89CEeNi|
zmHnN{sPvN%%zXzm=-}0IpCK#$AYH|*9-mtS=na+EEDCQOYnohw$bfh+!@BIzXG+rA
z1z+wA=Z}SM&Z&CYI@vV20+DOM9DA-Q&Z6@Z{HJtHg4V+zte?{mYTiW)A&QC{=3%Jv
zK;Oibn)lwbpgY0>Rd>wQ@mx;Xm?%4FyvJ0{W`U|+jR&TPr8T518qnqLyJ^%nSm>3p
zNcE?x!4opu2!!_bzH2f`0$bmi4dU%W`{yLLUsqit-7rky`VC0#@wIZpVaLUOSnx4Y
zrQL`#!2F2!76^Bm%Wfv`oW}CoG~hltLvO5kiK*N|f52GW3jOk|wLqd@LpAZni)2|#
zoeh5o$pw>wCj32GN^n%CW(|5_cc%k(7ucOMSIc$%wQ8J?vDV4i&(}D~9ACoh$Lxgm
z2knSIJZLufKU^!wl^3ZPss_{`$OARJD7%A8#!ZOuYACE#b>3LV2P-_?Ovfsdc(Jo5
zA?&_1x<yTEw9C`fSW}F<7RM8FM)ecZD#63Uf>58?9Ta(LYE~}%GVhkFF&_i##GR70
zcdFe_(p6D5*x=sz8xwnTT$USaU`g%4E+p|N75-dFptJ8Y*BzGIK=px#W(MNx-VHhr
zmj6SUB#50=fUr9===W;uqXj}!#jQNum|+`Af_>RY*)~q++3yPoeYi;|mGz)UkmbCA
zqUOOP!|<16A?)mN0LL+1{N4@vsWg*y^r7%C{#$PuzNxHy`!+w{^rHAr<^f7MolG+=
zE$x}qRX!D!4FQ4DKg_!3_}}g?z!6&F;GUjfkL3jAA<f;KI=~+rdTldZ>5ZSS_vbOH
z1o-fX#yM+Xs#%+Bb!BeEo#-7l-g_WTVc81viqwf}T)mSeN#e8yT67(!geWEJf%}x|
z6p>*B)b$BC4f7@G?aKmXr_k$x1+-sp5TUtp0>a9eE=87Q&7l6ro@hqAB*PmiFwGS}
zu;b!-e%5{>eeREtkj<@?^Ig&yeMbK|Vewz>2IVT{Q~kAOOC7~fiQI{VpEnc@@;?3}
zq(8aD`=wGEE&6Q;Y+L#V=fEw2{u_oEVv?KbkCjQX*hY{fTuI=j7MD}Fj9&cWzs(dx
zsHrxALwunkl*e}}O2(re6mLrQ_iNOuL_f?HQwh!-{^7f4ys9HjHXb(r!rW$h4BXHR
zoO#0Ay))!aZ^ra=H;)Nddm-~oKa6ozD<lKd-ZY_J)go^1Y55IqVLc}_cw|Dsjj)gS
zC-yzF;>H+*F`?$&ZtI9?Zj&9he@RxxF7JdA{!nD)jjuikO)*$kBPjR#AWCx_aB+tb
z>sicZQpepU>_M}t;lsn8&@|Y}ZFhRhyu-JoX>o~_<E4m)#chFpGwrRM_i~N@kxg=y
z25QRo8#b<DL$r9#9B#t8N$Zp<39(<C2Rc8(_07-Xo%&qA*=<^h<yd7hf>0v3g$79a
z%?R&Xb3;ERX%pYk62S*7dyxN4*W{V`NhPM8{#J3;@}0nX2m|GgR(Qh~>zV(^9o-9Q
zBGUcSNUHoAXf7W@O5hJzV{f-JQy1*B)SZ!fvFk1wN?<FpGSLs{uqpVz#C8quN4u3W
zx_3)$S5xpJ<We@bv5jq)rCjN-*aRwrM1R+j#7>9((ZE146Ih=5@pofitE{JakfsVr
z&!!I872)Yezwh#Re5d!_bYq0^CYA4&Cj38(QKUIxAyzn*TjtmlrPO^SLz_Ba6olXG
zQ8E^5_qsguy-0n-<bzZLMToC(jo-Q)yV-1dsq&9o7hGRNg*)1x+v#O@&$U-&Q?yOv
zt~u!=6{%^sbAl^XW%o3RiedcL0CYlt%a}$p=E5cy?w1-qr~;hzcgQ&{6Cm6^e}4(S
zeP4tMs1SjnIqtKhG5(A$Y(oW{g{SwGl4faUKM<B6nI({cn7|!N%BF*}^fxVnsUStR
z%@YWo{B@J5V|PW2DU?UD(JdD@EMS69g*Se&-k&db7R(Xsv^FcgQ3L-0)tY3<UG7fF
z+iAQ7;?*W^SMCpQZEA&}h)=PBAs-*W3SSUIT~hUaK&|v122#M63q;=LOed?v<tkHT
zQ~VkPDDs@;zzuSzm*GtICa$-F=pyDG+o4=JZVpZAeH1Ioo3tTXVd5wPzQPsGBX@=e
zGT*M$+TGom6TOL$M``GTB*46;1eex&)G4Oirf$xr59BZWgQAe@zGH4qTs$^5=`wM@
zk+90mW^?&OXF}LDDeFzN_tVRwk_BG%O2Bez^B1&<ibj1vuJqpAL%LpSj@ZQVdk}rE
z`F()pE=T*G`0iXsA~&Ofs3QT}BVx8da)GqVV`q<2HdQ<fPO`W8yceqe>-3>)+ybo7
zvM2U3`yLSl>zqMdm|%VpqbOCY0zo`zH2BtTrtF{3B1ul)D#5eArdpM<iXP=8Z|Gsz
zKX2f3T*oJBHutO{hej9GEy;P{3AjO?SWm$~K{uetWpcwbgXGQ5eU5-u{S-}6uEqc>
z?`eED+q-PFvGWKQrNeF*9`Y9mBAlB$g3jqC$8K;Lx=liTiv`$}r~0Oiq$TriZfQcM
z%O7+xFX?|#-_*ky^<{b9+Lk?G4pN6UH?bN&;~3qq;OeDavB$8Unbx6sJ5^sCk}<wf
z^AY~U>0Isb=*=6Dra_lFVUb=hCD~teeLPyL<>?-^``@J>p~Mu{-a5gR8BQ?g@@${(
zwl1ltAdkCkt24NMxKcq^R*Z@ghXT{$z)$Gbnb-RiDB%vF9{xuYXD~=L_r`o!2g=vy
z%e#E3<WM+!@<Oq$`;hX;m$c!hQ`B!U{u69TwBz}=e(@$gc?B#<9tigjdC+D^-)mWH
z%{&Op;w>=Td*7X?m}{#v*tPm1VovfZY4H9S8UxQGys8|NlGaiDBDUtZbP?20IcSiR
z%UvfDN=>BVPES7>6_-9&p*S7K8_&3|O*v(y+e!rm;9T40s;R;^CYXKg<@T*Ye5;1B
z+hrbZfhwLo;*aJP@KQ=#phi4;Aok9H$KR>iP0D3%&%V45#&msVZzZe-beFn85Ms(%
zOcNPp>XopzY$hq8I`>zIWijqmA+2^USzj-92d(?xk_PJUV%mR#HL@ZQMP$`?8i^k6
zL(MB%ms1{$cigidm_9n7bJve*rcv4P29{A#(WM3VQsWjh5)k@(JSdOY*X2h?<gXuJ
zZJqQwfW2$(b)z+eFIndc^@~%afmN6azv*@!$SZ@J<3^u+=k({n->$fX=iK$5<TZHQ
zd%yd+5JFv<8;m6UHF$FVDGcNI_|-j@)c|AZRi}du)xGeNb965Z_QKXr4TNy-u3Q2_
za)I0DNi(T_f5hc7y(@}e@)TlHOl*#2!cEVsRR``*a9~T@F1c0ZjgSylepUbIYG4Y;
z*+CG>*eiFUvp*E5kY0+5%TmFk6)6wK$aEGj^N{U|Ws$nwLr%Gs!^|!l&S#H@(=gRI
zKcBI)lX4oUKOIK{cy|LGEl#DPo5_xBU<~D6FS2pu`wjANDy<vF(<+vC<&)ATj62@~
zr8K@S;DcMm__w4UB6-><0ImdYbfwTcygbKKN;EtMjz|Ykdtm%a+YL~p^W2(v!yk*@
zW1mQ;$6w0FPo`{171(^Z|1~=0)YJ2^TM0wSNY%9}D|~_1b3P8rZ9R?hAuhDShveZE
zy|j+%@{HJP6fKJCeA&PFsNcHwI@SBYoR=Pb5nZq#9-m*mdgk7YD&n4FZN$mYn6>FM
z8(z!%ek=B*4kPW1?Z<7N&P%N~O;R2d_jD<ut7}(rUI*izNdsw71lAD-ixf`Yed?0<
zR)Td+taD1CUne)K4Qq+W4*?KMVf>y&v4r;^R-P9aq+qu|+S<E{Wv(L!6#)x;#n>!a
zUy}Rz4I>H@L$bmR$?kWEyXIFnW^0esM`<~#n51CYPSs0NE;Ca&^V^G8Lj$T!&T%N$
z+-5#Lo+Ux69)t13iMcv``qt_2jV&{1?smR8xAO?6F@?j8_A3SUF96YD7k+4`>(hHH
zH|#khg+HVpmA<4WqwhKw_50k(G!spW?a(hUB}6Lq?9dVL$c!lIu4>l!TUd==^id1?
z9~+qgt7HD7U0@+bto@$ZfT2Z^UhH=3$tqqDmP<-HN~HN`Wvc@UhZ<{&2i=Dd@3@A0
zp0Hsv;#Ia)wD=1Gm#wY6(I*8om#u^h`?l+b7;=MxZ<SffcI35&#~duy+2O6c-meZ!
zc_Ow;{bwy(H2Y3z=0Y?OAKsQb5`S%!jD4M6DbIIJgi8`7P*ndhSXxJzCyGF+aAos&
z--0x&#CIW{&0G$`_7wWx39kuaNOHX;HmRp*TxNLReLH~4b_(MAt1VFJ)sm9qd8cJK
zq<niW<tbX_ys=k$sQHHH@%O4OB;8|c#qEW{oC2l!W<&zQ0A()o9!{Zq1Hd+Nb_fDf
zb$c{i)_N|dV0%j02U>SR4TZm_t#yquIh6HlloI>2dM<H^wwW%RD<fXhG6PJoo@527
zorL!HaGLNFTAE3BNVC1UbAub6D#CiHErh>6063_M7N(&01m6FCR_=|3#Ze0mTt`Ef
zJLzH(T<=x=HG^raWjWNi&P#Tf{dVZP#f_QKXLX>1vyLT{kW;dO+s9LZ(N8QlovkL)
zb(6yNc7NoiKlHByi`qe&*}}TQ@`pV(_88dWAM-;#UZ?|9Z^GZDvO~IzeISQJ|HnT@
zw*;#G%e~#Z@TO~)#9d*JIBeg8?9E(zvFVbhWJ#EYlRVJkTx($eM~Tfepv~SzrV}8|
z1^7BJh_87wPH8jSVJ|FktN<Y8um=i51=Z#3C{7XJrX8B`XXIKu*jm=>+qQlb!C)f}
z#a3PJt;$7?qyp992Mapi$=v<+a?l0^tvjD}*~WGr;N036|CbKVV0Yxr`wm&D%WtG2
zxy!pHden35?*kbF<s?&FsY$YWH~QWWkt4}=NX*eJHg9LoAl2?RE^V+!t}>hLztDE1
z73?vvNt%JLSj8!ZaqccZ9;Z1QhQ4<9*nE6??9;H~^y;SI5tbLm*t32@`_(~HV@Er>
z^-ts_b+sRAgdYC$WJ<tE@EJt!GTN;)x2ogpNZ646NwX-r<3`zloV5`j_-LHAkEi0#
zgBk`0+EVQ++0hW84ax9A8OFGuTL^gpJ|}>nEa79ta-+H+f*QDi3t>R-1<8B<b1PsB
zw~sVUD4QvFa|wQB>XWd%407D{O<yy7u|sfIJnQ0*@Iw)L$!U0{eloz{YRIzOG*R)K
z2tr^o5(@tWmixWg;^ye5Wc|=r^Ht@_)JfWgi_pHb5enFL6NQSSPaOsRoCS)?nt{G+
zOCpTvR{M<r_?Lxwkz;%4lWu^3Z?T-MDj_+Sg+#ge)~fTg>{&>e;2Kn{TABT~y;7{s
zU)wA7d)nPt5x|;pDsKrFFO_`Dc4m3stzA+b3?SZoxIxk4H>$V`Vm$8yOsEC#6pfL1
z!FdAI^AZ}>yhu69cos&|PC{{k<lqYeD2}+^YX8zMM1HmU8OPhoTnWl%$Ah)aFN1Q>
z6}xsVK1>JQyfzDdX0>-%Vpsc+qTBqS!-hM*W~70tK$qV%T$}q4+$sfpGUuW66mJ(@
z${0*J#;sNdU*@zRDZ*LC#vvTJ?`XVoL@Rtt>M_p5YzAUf8SdH1SQ5C#h`!F51d+!%
z=&u0ul`-tpzDfVCI)rAS>_4mLnme4GwH`g)^IT<H=AMjwB`dM;(@M5YuXPO=%P|{F
zyZ9eGweZ^vCt~MgA>cAu<J%zY)2NNm3g;BUATHSt!W3@w4vDecDnV}z4D7B$6=ae=
zt2CfiNjG36@Fa^g3g4em0Sue>7Oa}+JOekNq9S?fv=80^UaoBG<&b~Q2^j`@%V4xc
z9txK@tj-+AZHSTf7p}m7mMAS!1Zt4tf$oDAwB)82l@%Pm-+^ZTl1EtZm8Uf<{P11k
z9B}h4Wzlxoij*##bp3UhXUs1PUu7w3jPD|nWyK^KDQ4hu%EJO+J~yBet_>k9jyW;x
zv<HH&p7Cptm)st@ue4*{S!z3~c=gptkWPXB{jU6=?7i)SeR($qN@0c4%8Fh5da>&@
zmh^#-WVGi>#V!TU#)3~}0wGgnth$<HHMjy3Wf-qEJ&4=TdtA2fA%-n+1g1XIO8v+{
zCL8dFe}=GXCxCC_Cg>3Kp7X_j51Vp!@xRAPxm@@!AO0Wsz&(Y@Nb5_qGio-0iBocx
zKPCuCT_szrOobyv^Hyc0bhErK)~3R9m_15nPt2WWMQg5>%h=WuYIxBB$8Fn29v-`+
z`dea^5oNMW-GqH)%88HY<1tgJVOuY6|CFSnYC8%)q>mYg!&+xqgR=5|Dz<~|hA8@M
z0WKvd1hd#j)>Ru`9d(dr9<}Y?os+F_^O81My|Tl%=K?bY+n9{;R;7u&H)Jn)EF&Pz
zQ~y%U-XB<0bU;golaB2#f0Ws+aDV;^%yNkGM(}Rg?OJQT)$4AN^5^a<*e~&%(l~`y
zc|Q^Nh%WE9_6~<Adg?#&C|HU_U{ql=ybNnQMUtPzSD6vr+wjZs%nR(_$J^M;(o8{3
zr72>R3VO7*^GE`Q6RQDV;{SI1dqms>zof?+vB=liO{><^K*csTCremicK!|BeK1T#
z+*_IY<w&IAz`@ZJX~yDbxA?~;<2}Vl@5y5@H<qsfbMO-|qvLNeX}4%1SNAau4|cF2
z(_cZf*8pL!gXWa^shS;H$eA_2+6QorZ=?P$!Kc3|(_JciZl{@i_*y#kO^;maIE-6j
z2eh*yokbK%JsYbX@WA2|Vp#|ImgVKtnTETkFwo`W(Ed<ht(8DrbMWL;%&KpHfQ0MX
zqo8aJ+A_|ccTU}*Rqt}jA64k-Wm$r<2Of74u1=@&;l&ij+IotJG!LTbcK}jwS)L)y
zG?V}!X`npfZ3^lEP^wy8$CDu8;%95WyOMwQWuR(@28Jv!D>?!apNsr?$;`#LNbSK&
zW){C0YTrWOS3)b<RbP8yd32=C*(60uep%l89p)_ig&_?N+0=2$afE_?Rz}r{(Fq*h
zpd#SgxS&qVd@I?IdDV?*8dm@FSQUb4$s@_4F;?^=hsE;xMa*K=M&;8?o?oGf?C!vS
zf6NN1<4DQyyb$y~DjqZqha_@l%jhBU=VDg-KTAt2f%1`2Ux@W|iIAbVuxoSJ%qN1H
z8d@|xmKAs~1@rk=rl6hyn<rNdbg;d@gF<%0o2a9X+q=|+T^Uxx7;3|afW!@lm{sCu
z>3t`Ujjs9P5#tS4Bpr+Vm`gwD{m%aQz5{Q1k}22(fIxEM@<3uZr!|rt48|OunMk!D
zXUtmTG*oS044k6%^TvY>OCQjJ`+twYWQw|eb3-EOsYN*Nqf4Pt!{F#xxDNaGVE~Ya
zDd=wqumTCcrUX|CHLVL62}vp54{;d?*FKp^b$DK5HLM4Zx(hgURLJhqAa#65Qe!33
z|Byt%)!G<#oQX0euQTnuKKtX76ik{n4SrRPDOmj%M?e6v&@J<hnEDQ}lylda3r#vP
zl&24M&7WW0t2kOuu_|6mz%!m97J*){+wrD=NlaZpUj>N0p@xJ-lw=&fJ||A2(rMuX
zXgq`q(wYpJ5tyY&zczeW2<zZMrr<OX94xyDZ1IVyUgSP?(!99TDe8bukl%bA=pV#4
z;um~pTSHlsBXGUgN32B50d=O{4jTL`&<iLBC<JzA-%Vn+FX{9V+u@>0Wd9OqJ794@
zg1J&QyU>_jPF}lARLnd~6OjpJB_XCTscJy58p{8r{_?J^`_!!l91J8Oa`>*Q65@9l
z=5fh%Z-%t>br8GGyJ)yBraU6!kB<fhBWGhuZW0yc<e7Y3TI{cp%Lr3JreGM#%E~0g
zAO;klmgPa~8?^Z1tko(?oNLeVv@)mnmV-8l+~eS@DwIfjKb1r;i-p|LqO^|O%w>5~
zI8zVV#y0W?5*ns#4FVTXzcDSBf4LeE5b7jpu!q8&9u@`FyIe&BMzvrN!_TFbEMk?{
zs1$!G_EAz2=8exZG9ri-L`-6DS^UfgeFq1kOYH!RjI;K|!$Yh2xbk9r;Rx{=2+t!v
zT`l&%`yoZ*@hjH`Crb~1S+po2m=!qNhL_`K3iiDLAnHK4v?v5l-vkN_&$o5yvVTMG
zNRZ!GHS#7SR0GsbB3}O6d~7CXA7oBs+D&~4k=LG8^&&@7Dt<$YCdkjK-XUM`wf<Eh
z^Z0UMNNb8gjcPkSOq~{a@D2NbFNa<<Fq}r`1Q_#MM96L+$F6?zZON*SL4Pp2NSzp3
zBlEm(niPW?(*N^jRTM|S!HFTl{?QMW<h4(1mLyu#=3M`BV`wJ(GfL;n85e^gj!8Ys
z{yks{Nw~<?3YfxR@6P<wc7vWglwK{si=y{Ay8wqVC8+9$9;oyq$Of?j8EyEAa8?kb
zjSY@Xf&@uZc&+8JZYI635Ts1B8jg7vkEb-g!5ly=%cGLm;2$7Ki9^zdO}|qk0H;v}
zhR<WK@9|h`^H*^(XHcd2nS9i@n8$7GFkOx)iUNH}wXqyxuX`xsF3la5Lz7GKe*p}>
z;;G5(19%Qx;dQtgC+%CiJo*sm9s2_-ch8ni97A4=l?2}DdnBt_nJGvGLV(Q#MiaZk
zH2-$<x2P1!qFI99a{VXJw|<vf7t<`*yVi^2TCZ>weZUt@_QVSo?~f%OsF19tOV8c}
zG|HU)#FVW(J_X#|q85AWZJIK28DW$RR&cZjIxBo<CHqRKHT5mfn{Z9|vOH#3^R-5U
z2)pXR34b7e;M4_Z+&UTVEhR-EKou$VCnx-g`<+oK?+l*9X(ER^@YF>1gA+`_&8cq<
zEa|ICoZ5@bhmFVr5C@oRl#E$A$L6^WxRnYzQIOGt?lO;OEnTdaD%*^H?iMYt&+W?o
zyQw;UE^FUf1VKf?^beS?ApD&mEtIvbaT!%Lg-N&s3|3bQAV#JwL2A2IuLr1&X&&6;
zzLvn(FL2>+7AN`=voi*ifLi?8DMDmjFSaM{qQ1cZQljN)@Wa43X%+&d;12B0jgAt>
zTK!+R<TP%e{cdqjQ*5u-ejhfJIDOl?wg&I_eg4yGaEV*}kQK#6bfH>Ukg@n?Nvb}F
z{-v_j`4<J>l)g``Br6)`(u`8pr-D`Or~8V#uR1ZLZ1eq3(Yp`v>fSwhD<izf>o?o6
z9F%+gc9C;C2Qa;}Z;rz9Tr!2;US^L&nVK|_{qaDOpo+AAIVE$Xppbv>30rMYvtduC
zrAYWp<zVz<|2U{bsVJqi4*WLS&zBSJR`UmLEWqt!u(WRNthgOq)%PsX9hRkB6yk7H
zJI1f}@!JrmC%sI)awXDbp>{_2M01qHrPz>zg)J)4ci%Ht(@bu~v$BrSB3TKTrL$}^
z5vCyqC~jX{mlB#-3o5mmY;IDBy*LiNe}6QlJU7qtElzK>+<jtPTGx*pce6)yX|6LZ
zf)J|V-iWVf{AP=9S`}kZg(MxL9VfcfVpN35wOekn+wkG~?7#kCHS;o&eana=9FxLv
zmrv4wyqg9u)O;FVoTb5Ls&ZMVQ{*hd!%y$YL!PtrPkzd_Lz5a_Efai_^@4EBOg`uz
zZJUo@me<sn2FJt9eSl;`<dOOZ%KkL@8EwCJ1<XiKQphW2Uf-uLB!k#=@)yF5Ro8r9
zNsY_>EIrlM(2~6IWOdde3)Bk$6zg>;9Q}aE-xdYgBddsPxI)=@0&i8-VRRJhq|djr
zf*9seOaPXZj9HNnGo&Gb_~$Y>nKDbCDt1~|V=0!2k9>m?J({%`k7w}9VTJYCRR-*>
z-f!8+6gD_y$HxJWI?Uc~59U{7Gx#$XQMp@}m6-I^W%)2PjXlS~A_APpfWmzFCRa|a
zxa`YoLVCo{_YpcBWO|Mj&uUEP!}9KtKGqYSfkQU$HQC4ZGWl*jV<Arf{l?zD0T%d9
zI7q*Kg1IOpWk)_vFX>ZH>oCpkgGc*+nI&!R88B$K9<Z!V&_o(UnfO~Av1|GWo^8k~
z75U<CLr8`Vmy>%bp;Q;5V%L~2WnX#sE0pdRbrgxYbm~Iv_Ea63XWtYup?{iv`z;{N
zTojO|>0(7k^fco?ym;F*yCIjIN3f3XFp<D$q=&PR8XP1Kt|Qs{V!`xj@M%({^ix%D
zYvS>)nUdj{`O(iX6w7~Wg*0<O8kjEhGA14fA|&@S5Rd(yhmdNe=*AdapK7bb$?}&f
z`YTbDHM2ME<#DeV^v^sgryI6KU|DlwG?CO(G&~9fNKgdm3PNG3f^6b*DY)u>^pjby
zwaCzYtlj`%c)K*&t4Eo9rhLrdVh#()^&A$&s-_T_#7eOwgXiL&EhXhM1bxsHPJh6f
zvjl*51HhbJB0S>)zP?)B3a6ooyZScm!rxCG(^Yq)xWO;QN~&(y4$xRI;$KD$f5mGS
zwz2*7fJn`|0FlBDzOMW<YhvHSK_cHX%AYYy;IJ|QLyrKg3}lflIjr=&2@vLvy*8Uy
z(0?!g%aZ>J!G=2gR~i1R4F6}9;k&_1yrrRI7KnINEpi;xlMAImbSpYFT$O}*;P{3O
zEH*FnZHRL|y!7Pa=fWcMvAoVB?{9uDDJ-%Wga5rBYF;JG;`9YL?&8#deLl+hKIjB$
zDz)K(pV-><JDYM8g#Xp$;Jp;+zJ2sr%R=V`8{miXn!~cL_K!aQJAd)LrC#^0`^5H0
zkV=S)Vf^2oJO$oN{9BA?`D*M0oS)pOOj>!_P3v?>H=B8ub<=_mR<jB}<$FhusJM<2
z$Z@)K*c6ZmgHvIgP<_#U$Xr_ITnwX2$V~khIzq-{5hfj?l6{20p#S7$NGmo3@dI&+
ztpW08$o$v!_+d`Nr#QmOkH_Kl94l!^)H4m7B;<q|R4~<InmxWAYH+72!8<FwJG5Yk
z{>7K}^$a<56mj9LVC-U!0^;!<*2N_|eUP>Am`X9r?}9*LZkheQofAlKdc6B7tL3+b
zAH*Y$C9ZULn^=lnPD#6-Ra_7^Xd#j}e4EbCVsK9JUQ574K4ootufvw#%c1H$hpPKI
zMWr4A%~CMs*?V*IvL-=kHp+gC{wvv;k5iq~Uz;u61N_)MHGJ?b=0RpVTTh1*B+7Au
zM8fg=UmL``{nSQ3o|$xBm1RdRC-d3I6))sS+J1lc9B#Rk2kI|!U-2kI_SS1D?BO^d
zHa6aCNGAx3$zS?n$e128JQtJKZ79z&4vGKmD4XgTxAfRagOvlGQ)|QLbl^1!Q|um2
zbVB<BL?_j%Ym8w;@tnN`lEEKSaTvps!I<QoLeb3FTdD8ZD<I<G9C(DjslUWOaMK;h
zVY}VDsXcQvOS-r_$)L;A0_Ch;Sa@JG<RcQ}d$VQ~WwYg7GG+^?S@8gFaFR6h-^Yi)
z`Q3kp*>@k~U%MImqtkCw-X1mdw)@g58FzhdA%}p>UsE>UBJ+&3tpQYk!QlzcvNlJ$
zPIZ0B@IF1NcT@0Azh@}U-e4~!MVD7QW`PyYV(B(-q%iLcO3eXQDFxlSF?kb)7|L53
z&OYEcDKxZ5$8Xw@x04KBS9f-sV?^m*PWj0TwV6oCmHy|_2O}jV&S&Zko&~bdh`#kW
z^p)Sj_wFNZk`k;gDP0W@&DvNKa=;4VnWRL?ED)6C8Qj9#xKetlpw1V<&DFI0$dL;j
z-H772P75K04VA`isO!^SySA&&mTG(Q7GPqrr5_H$YO0RkooGwOnJafcHcn&TH@`ZQ
zng99F04iSP-0JkOObX`OmSvR26k8^R4XzNHr`*x{u_~^%#9eK8ZlyWl@)_(;tXQ4~
z7D$ybDV!{ghYbp%w>XvK@6v#q>tjF9X5$VVr2oHjnXvWf;g#9Wli-|v!mo0vGksZ;
zw7)BP)W1Gi^%ZTvsS><eXxjU>yv5*essx9u6&&hi*`TVF`jZg*xI>x76yiTsJz8g}
zgWp9~FLLH>_CnB4K=DcQHLF>KDfkj7Lqb0|5umwEl!7!wv1c<l1s9u*cFEr$IyK$0
zFczo2PLi6sJL5%b0OD_;`c%!;by(9t`Azd+8!xkISlK99aIp@LO1K0Ehwix5k%DHV
zm2>^i>nm^cWBy~&1G}Ts7e#(bKueOGOWBD*h9J{AKeE|jA^7^FP_keAr@GUJ>~uJN
zmY@AXWn0)sxMh9Sy_&i-6HwOr4^=P{tIeP7Hy;Pw!!8nGa1wD4RMe6%OZuR~2e`Fg
z7RXJ)ANu|``q!p?&t1}RYrNgz0T7uIe9;<npITtG8^gMw#r~Z&g_K-Ie18tC)O$|e
zlwNHZ${shF)Bs4d!2^6g%EvEz=j@}2fb!SkRT>=p<AJVm5|%69B8CS8x?-yy{8W0c
zDF=oBI$3#t3fUmYY_gojfPaF}Elzf2`ryo`=Co*Ve&HOlaydI=6<}cwJEpSs)i=9e
z*|r7KnifwtCn~<2MmA_Ln+Dq1Vg4X1YLEdoK2>s(%}iv<4;(}9usJtR&A!WGYI;!p
zmRuN=Eq&ul{Ln4%0w84i{BzQgxsGF@CGPdYHJ?b}rOGyuW3d5s^m@`iTR@LILG|2s
zSsrvFv{pe@xqpVkqaCr-slHaEmnqnL<msjM{CNC)d74S?yJh)XL9E*jQ<w$;4k_RO
z31s?aZ%{?i?Ve)E%{nwuvHJaK*G@rRw%^s-r&`E?^qB!r)CLcmBA89@K~bB@DJyb*
zx4@|G7`y!nqKZ_2`)qGmdcU6pypx{o;%k#*(M5W-<A_pXN)J;JEgBKd3M9V8O!Lv;
z>7ig>7L)&TC8-Hj$Tai6UE2&(7WZ6v7wiP8+k|Fm18OIZ=__TuHWXZQC;+r@B7gu9
z-(aTo0K6a;Z$oi5IM^<20Lqb^QxL$!SeLBTwLDhU**6q0_;X5jEU5Q;Y;=OgzbQBY
zTEM<MNnpQO<VY4c(FN_-%AT%Z^+%h9l(^G`$ztV5;4ignldQ}#)mE`Mr$^Tjs}m!D
z5s6bs&};w|Dey3d<z&vo4-Kf@4)D`U-MFA4-|vH%%s3VP?;St7J&nqSV(5wHw2n69
zvi!Rg%!RXTEgv8e-#Df6u(Oqv)s`tM>CtNYs;UX&ESQj;!Qjfcx=G3(ey@(-9Bq*&
z@BYy+BKTUf)&3HsiF|FxzkA0%AP#nN9<(bV%}32nuQAJv1F-lqhxng)v#Qo?ewy+f
zf5<Xq-j09F3tE;rw^_zZpb{%7%;W=Ioy!-N5zBDS^Q-@IUO()2%Ym>1Qaa#-QX3{}
zLNShT`sgS_DPU!J+6orUaDJ<$v1Us&H5zIJjUW7inZ{aB@mG8sWmz6nEwqL~omB4G
z|JV-Q#$nvrXcV$?v>^_sSDtO|J-a2%<Se>ugVVJlW_04Xu7|4E_n~RzlqxOKF_Ha-
z%;_T?9NPv?w188$IRhI#q0s^}LyeJFuAKAis%6X)Ap<Mb(WsW0oJ#NUPKQ(vnn*+p
z>!98;LhcOcc`bsMTi2U=`?L4nXZA)1>H3YnG<?>JSKbs;K+4`j@#^D^4&~t9cSHVR
z%$tY0v<Oz9XENq9C}fj4<zzWH(A{tP@(fbl4IzX?9+Oz!LTBs-fg^3?TYM|{eT}cD
z7kCi+7MDt41EIa>iAm*WUL&I-s?wxaD#F*2FgFyKdT~=2a}Ka&e#92dZ0gVJecIX8
z@_~Te8+}@77+rusA6J*Zz&S~tbTWI7#*aR2=#wAq9hpS~_Fud-5!MTqv>?z%<_AM4
zOcxxo1V08*{eJJ&lkRq(L?kymFtuCo1ka{Q&M!Vhv}{<c$EVq3kvUAC2keEONq>q}
zoQiOTDpPOw6w=&>7B2^CTkmXsG$1)`aNeVQQOda9k#Ek3@@9V6@R<c18eep^Hn%1y
zpla+<=X68)B8tdbUPEf2Nhe{&jEU6@(%?bc7FRdoghqslxEyGS9qhp8j!t1@UbA=;
z{sIRjH&K3~bgMAr`NNziy+oFvzfH$csm+#%Z4;?k7v<+ibidVHd6a@&o<9OJ>k9Q>
zeZ+oTLf4`&mp=GPCRZJIW-M2NHajZ`Gi?Z(f<del1kmjC2OtUohj6oje!Mf@Xq{}d
zLL~or?&0P0nQUqe&NwB@pB^O+bFwPenRLWF*|ShO@=z7AM_~$gR-{N=)Ogs$(`qOi
z{2<bD;kKl>Sf6^GFQ?t=&B|IHzw)Ykw>O6&HTqgTKAQ2-8aBq7nVyUHR~p^$*rU`U
z5kuc;6s+SE23@#UT6>u=p!(J`wiB}>^)4;4_$}rDeHnoQt=2GJu#X$vzV+BCOdot<
ztiXM-3w*<QOK4+gZs#O#>*K$d{~zE(=f<xmzV6<gQQwBEciZmVOKZk`5PQa0#2M=D
zRJW<bXR0XKCe7(GZN}}Tw%=7`G|BQmPNkc4Y~lAz5#TrdE3UPrJd-X3%a@3AAIUJ0
zw5~)CD#&NS6vm4U@3KcP!aCsM?DEHEx?d2t>TB{_aky+Rh2(bz{Lnk2f4=nlU{`<t
zqn&#dxTn?k>p4oGO5TxlVHtjyjB7J4yYt#bbddQS6}YmD=&HechD3MGh!sCOLfw$1
zuG(TbpC`@Ds`gL#&=BkUL-4C(?&RSmX6H0SLz?w;rU^-dz8$lPd;A4#TZGw2Nfc?6
zF4bM(5QK7O*wh}%fENt4Ab?r5$qTYRO-3mPAV&LQU8tXHqP1TdkeshC=YammRkeQ}
zqv62m!shE_=6_9ssqR!kKWoo|q0N+^xs)h_U+M7dUP|-E&k;_HM(q8h<~EXvyB4Is
zk3y^hXHGLub2QAExGq6P`i~HW)Oa0r;k;%HylbgX8uT;F?~lhz_MHik2-2>N9Wy|c
z+`nG?&X__z<6;VaSxOUmcw^(h%PfX2o~zrH@vaN(a&T-kV))c2@h)ax@NSA2WW)rq
z0vO+{cEXFPy~bmbr%)`~#qwcr`c`vTmSRZ_6oL|bxawU!u;*Sk&REu}Y)$Mvbj>Va
z<W}`HsqSmjUjbNdLj{0B8K2I!3s_*TQ=HY#c>{h5vq^p6m}6Nm8NBAiZG(X6^Shl`
z-a%v+hLQGAmp;;^1ibu<Wtn-RJEk7_{$M{iGhO|a+ttM4QoS=rM$6zjci;D)g%44K
zK#2FQ_%o5$xp*lQynC@O7Mx?sdYm>57?QT(WapLsvS_f!M&4JctgHFmL!4IxZ7y()
zRT#=S&vECo-l^cX><SY@@NQnX{ag8`Rdy-f3wFq@P&nu42<S9icT%%&tIyKa>15_P
zupgBJ(o)sHhWeL|#BHhuhZWpjLp2*kwjQ3%obe6C^z1u%Mxk0$cfTp@C;2D1T|fQw
zIP3f^x361oOL;x8*_IS(IivGjl2^Fcys-0*@x!wQNmvU3NA07BMV-(7CL^K)gPpIv
zbw8>j3SB|r$^SL|H-o=kGr9+7R%m=0^ZR$=$*L5npdeOYke)eYXi&K|fjYOmSlLQo
z@~4?WP_)!K{s~EQKC3LsT&c{;4(vqnOf-ev9Vcs&13{;B*C%M|4N!AdD;-0TDb`!s
z7@&Al1s?=I!zK%1n_=rS+P>O}7Yv+HB}e&e(_D&PSsZF1ct`%*1QqhsnM(Qt@Ld#g
z(#(f2$b9%O_W=}5fq$&S0)O`Ng0nx|5yr!P9T<FS*aFf3?)Z+~xB%rO%^#O%_HSNd
z_x-YY`5(X*6f}xGQGO|4$YID8gChhB6+k*<<HlXJpx}*e1QPFfn<xx5qozJJiDX+m
z_t^&Jp5dZm(VtF_u%>;n20T>6UtyOnGg~VT{~G{dWi?uVipK@c0$C-j_8zrDHvp}A
zf=l8ZhYYwkgLWIqonXDV_N<8|^=}aJmU`s&Rvk*be}94Y^+s9`q!`~Q7OWf|g4?5t
zX$}oypIH(8C&oqS1=CEN*Z1Mwap27Wq5{-B`CLq-ibQDXou51iwN-E_`vqo*`Ocd!
z;R~?EPAo06>1W9|5f>}BLVE<cyw%p8!+wpHAqRV{ecncq_dybsplNkR^tNFucUSGX
z+es&7MN+JJpr=7x{>F_xzKLgkhQs$6pD8WLU2g1jf{O5spX+Ayg3hTel%d!ip~&Yx
z{7~*eE(-Je`hpyXR*>3$zRh$@<-OA@qS!g|fD?h85vT<N_d1C9^Of77-e0-Q_L9&N
zIYy_ZpOma(e+WerT(1I*UXbZ<nmI)r6|$%7Uf<U%_U`~nclo&_+^t_^O8C`$WlBoy
zV}405pG>yqIldr@sX97L`S2ow6wSfrC>NXK0)_!AEWUvIU+VD(_>OleRo(l#1~S`M
zH17S}ZK4=0kM?$Q*>XQqN=8~FM_xR_N4PrvDwkT^IbHk=PY(&dz$Xo92JG_jrPFBi
ze7Tih&ff?U_vpJ#8RF;>1SP-!h$spzto+S3$Cpi0=T+ag@C1P%cP(lB1;FVDB1*rp
z&H=8E_M$M0pLlg|!PC(_nCIZ$cgtdz@y6RtmvgXldXT1`&^qIVvY66C%IJXKY+L98
zNcz`@Qq}?8XDC(KzqV7y<4%@?P2&B2Z7le=P{zPVA@bZ~FPaqM)k?1xtdQp-D!oE}
zMFl%&2x-dx3blP*r?vXsz=74LR#M4U<zr`0vJGnucuD@<Bx&8*4dY-tiSMVRs|ScH
z%p?r8^m+H-T2y@u$N~FT?j*c6B^Xt_ardfilWNLA7M`%}^4F91x68q8D8gfNX2V#I
zJpE#AFV!hxCsGJDGn!`p+(${%XDej!9KuE%;>r`$AiV|3N<F%=@e#5a;QTP;`uIO=
z6~G$*uNa#<&a$J*3rn3`;|jex4nF27uKeS?7TCQeQj<%IMg*`X>qF>ZxqSJVa+Q@G
zoV!lZaFJWODH2>cuKx2i9OcP=bLD5~jzeEy-`T$Nz=W)iOD|{1`48W>cgpSuLZ3C)
zn;9__?!y&XNN56mt&16S^&pgxblcZnuxt3mkLBvX_lG#&Tdm03<p77U4i5YHFLW2G
zAp{tLufG6!c>iGby$|Z2i{0H%$I=C}E&}{B<g@Te8e#uCK*4UqY;|D$xd;mVSZKI4
zB#V6<n6~wC=m~&xiNlB8J(FE<j^*JD?Bh|EmaGtG>4PiyEH=j)uaAGuk82@V8LDqg
z|9Nb4`tQso@Q(7jih+D1v4q{$_!IDWvq^o1`FdQ{`?v4E+@;XI0>869UL7VO3f}*Y
zLLreDOhl5z)(f+{eLp>bsXm>3??QRdd6PS>_v(yY=HQKMNNu^$Pd6_Rm2&;5TcIpx
zCY;e1uoB-Xe?c7-N5H^l6^;<b<_-CT!26q>+cSb?B7wtPzg69RpA6iWHn6YbU4+K|
zO%!@9Nb36`aAq{s%A&kr6gcJeap~IT*X;KZSCBEAe6`GAHCbF8QU&s&2VS#%-kf1&
zNw?bEsk>Qst>^mt^V7^UEw+N!TWNyt$B66ZodXn`HBJD|bgi-@-|GFrG_Grha=Qk7
zH92qWF5Fdvh3a(fzDiD&ySPcvLi*86g7vjsVkC7AW9RpE^@RuP0b8_=C1g{Po-a%G
z9DXn?1Xa6rR$V@mKlnq~#>T67#D0dpopD5E#9r~gxryb|NV>q?-yrN{gFtpAo;I|}
ziaqia@!s<g)cSnxFMoAajyqf*^-cb~r+x+Sk8-%LjlMDdYO(Rh-n`_e#H>)n0ST=c
zKIf=$dBe$@EKe?(tcC-`mQt;+y*8owY$9;?;!0y<%-6(D*@V)6K;OJOMNCmygdccE
zUq%{L7W#M+h1;$JlGWZH>~mN_CjD<vy=5eVd8N|vN5Gq5uQ&0zld4h33dm>0@o-3N
zPW^IZ&P?s}CMlvaz9qxe$^U?CPNqkidK?>$+uT@wl5(!YR;c$W?T&Li@dzh6<BYa%
z0X)%%0HD$n22akw3In?aWP>k*Utr;kJ67Pcs!XtL4Rib2P2j_W7T?@#(wW?pxwf*#
zpb+&jYo2In2<w`vVG?Ia^V?)XR#WA6mf{xZsTMQ4f3#74b4%}7k(B0Beuiw+vY(jT
zB;$yqjR(gc{#a66jC68_tW=#0X7Ih_yUC{`0AiSRbP~`dt<`Is?@jF^<Ym;uH)zwG
zxflOn0qn!>27xT3HT}j96l(mp*Be5R<!GOmq{OqsM-R7%R>`e!V{a@&27H#Nk~=kM
zk45N%S#R!7_TqO9$8LfRxI)@jUa!8r=qUsh{qCIOn8h&P1Wg^6;IT9S4~;dRJ~E+g
zs&T!{^R7OKi`EA<Z-n)pCBgGF9z1!LO315ugx@sDngJ#F>TZDTsnn|C6B&L##Fje3
z+G+`~9T>gRr|Ds(jV@m7O1iiS(xm5+ZxfBqmplFwbbQN2U15X@BY#t}laEn$_j+uF
zUO`=BvU(R&Hf8BJy0o~u2&|=jT4APz6q>s4no5$_jUO;SJ)$?#eED)$0L%v$rA1Kt
zj%^C}adb&ebuA34{we)`wRhc7O=jEvvkfyi%8d;a15R>nAZ<WEVhE!#I2M?Qh=33T
zlt^Geg-}9BW_V~Qf$>QY3q^{6(xgiXD9sTOP>>EnXeNY62|+^Oosckh{(kGOx7J(h
zp1)Y+lzsO8?fQM$(RzC6mq`%Hu3XKD>rMDA3<)giY})+A3Uu=9@2wwhji!U{M$*wz
zVc2W+alnS|2_W(FFA1h(-Z*L1OcEU@59&^Vv%cd-w|%_e2bv*YpyB!5Af#Iv56n5i
z?@QC6t-y5LeXLfLfs3R%%{PDSyB{da7R_cly)m{l%QgF=AZQ<cWO};K<u6-7RGZwd
z8vu5{@0fUEPRMv)Q)h*XeIh69k9W5ye=dl>lb)Xkk7?Ej_Vp*PO7nB+z3O4WCh{+Y
zOO&T}(HSd7DF(!G(osEUWq+|UC7;NtTpxE7=ulLBKf1SQ^5&`%d0<=wYLh<dzwwU)
z@!@@=-!z<lW4N+5DYP^itRLs|c|1XLe%tXRmQT|I^3<#wBCz|aR_7E8MBXdoOocOb
zyyEckcD&jy@#}H5%nmcsmkrR#q#(a*!BfDN$foU!rhMx`TMM1M{HtM1-xfV`&ub$E
z^;LW7G~`iA%c{B!^+ZF^7L8_|;^+!ZxpAO}ahBG6{ubKvcw%ybzK{(|BPb8(ojU_!
zVd-$<9iD_U#R_?n@1UgbVs?Oc;bY_;zuM4SK%ZR?wXDzQ@H*Nrn8)a-iFvKItE5K~
zIPBI^&@k#-C@Czm^7`=j%XO>ju7VM5BC4&0h={J!T;;Z3qYorvikCBvZC*K)=**<x
zIP5j404@6r$ZfA96ez1JI}JqN6HUR&W6Xg&Rtx8@Cl2z?<;pBmXU6p^Vy`}Z^arr+
zLfO^fg5w>lRw?g}c!Pn?8pz<e{GKjuQICv`jX*jh9Z9UiliQi%4J|<cDjQ-fwE7Jn
zt?EnRk0M1PXqXzOIC}MXmliB#<L!it`upV;BZ=ivYME7K12qBHXmxUAtBYH-+U`4&
zLzF$``tsfPH185I>Zxm2b~(jXCWKp>M;>wz#s0SH?deB*yrVDD5+Ugqb)F=3lQbh5
zXAn=zS-INQtJj-Oy-p+cBI(la+go*x8{O*ec(fW4{jq;iN!J%xLB+<otg07ehuY5X
zkhhg4@5<4t%VNgs-kAT?uPRWg1~DRi_W}Olz{wWoDq5{<ujRJhy!|VPjXHOP_V=^d
zOG}4Nqt|zm`ORc@Njb`SlwC;}=be@VBTn(wy&P&|wHY?MYP$8@LE$bZ`}wud@JSBl
zEem-%eVfiIgosy}l;3MG!yt9Lk#P}j;>H)Ps{Vufl(oYElQ#~Cab%(-fzf*Wn`nC~
z8RS~hVWxkrS811M{T>Wxq3OaBuqF=#Yb2ND-8d6)Wp&CaCgmqiFeKe&+T#$;S=ZU8
z@6((1=2W?crxp%6<}Jx4*qM<nBoB)mkhtdE70yDfRiyS<aZFoEm7%ZJ|I$c0KS{qV
zWxsQMKk8DCk!G?>K*x!`_)K#d((XPkv;WFHx7T@i%6ClZ`xDr`r|@Sg730pZAt>8b
zLhCda?e3)sA7?hKTm-s%tp;5^sBU))g6w{oV@|XzpkYY!T-DvB(tKJvoDhfmmsLej
zk}pt~P-}t4y;C=lr<9Z}ciKLX%P>!Cmq5Z4(UOGULUa}J(3grL5+a}0ob%@0S-Dg?
zw=hMLdJ3kcY&~RF%esE<ZI}xCT2r4U`=Q)e=Iu4C5aiMX3U>D(s52?pil4)kz*5{c
zJ3e2Cm7838)3u5*qkhpE#mY)5RU)yC4g9txD6k(znv6oj96Bs0J_{DB%!9#3W*X+y
z9pL!I@fHaw9Q?njRvDt7)p(~;M&x@T@>B8;3svPHrhkluv$C@X@}?wepOnA@p0i@J
z-S_yr^nzx%lnX&da-|}A))?ioDRq7>HDYwN`W6VHoul4fsOa7fL!xpjZ+>FRk2fP-
zt7tar=dCe30YQ=W!av`@(kxGGQ-?2&`8G%^2Ga5MqkptlMf1AFgMR~d+_5Khk#TT6
z>c@$AKW_B+AwOjb?p*YWKcfd__^<-Q^%1z+-`He>Uo5D1{^vJVxoe-SB>>mmyP$4>
z(@|M$<9eC5>E!C<enqSt19{x7r%*VOzCrcQbD+O6&td2Ox<`z`#N5oBzuc>Ck*B{G
zVHva;O<NDVeWR(pAd|3L&wwWMttwvyL!8|%0govn)3f&ik9J0q)g9LU0)})TRT+Dq
zmm|NWcbDKZQ{+qcl+L;2du62beKstm<9pN6C#!acsLd43)Kg5Vu?J`8=7d6#n=SVT
zvtVC!W9nR%HS9yeqgJ%|$|@^&x#;XZxM}I1$%U>y-o&vs68J_GX#V=16>MU1w2*|o
z_S5ybFRQbw=dA61d2~3at6p@2{wH9-J_4GHk5HkEd0*~JM{3lh71goi>QX)IUU56R
z@@A=LU%E>T<w&(FDBtxoPx~K@#e%Ztm&kTOSjOZ9cG>x#(X!}!-vy4Od`hj~UtJ;2
z1F%voz7V9B6RvXPSBJ|^c&wHNMuVm;Txrw|bs927ll5Xh4tlo}<?r|0C=NQLwP;)W
zHr{WMuRRb>#H4fD-UX}@H4l;wuiQi7Dvm{?8#D>3FfS&xU?9zLLm>i4`Mv#eNQ-xK
z_X|y(@QmE-rcAc!>UkCQ6f%d}GpK$N#D@ma9d381Xy<VhDfor+d0C;&?52AK!KlAL
zRnP-v0+5gD8>zneHB7~>aCC5cqhYX#thjK_y~4(*KUY=I1vMQ5TjdJtTseOG+LNbK
zrpM$^OlmjiPgfPRFV$mOvVc<0*e|2*-fFfNCu$P@f$z%>^3DA3Kv`p(fDZrYUn?w)
z`k$?Nz=EJS6H_&}22BKxOz>N-4uG)+--C#|EoB9(uOHTnZ*tIOQ>L3*CIArIX0qp<
zFKyRba0{Wa7t&y98|rLp?xm@%B-YjEZGf!NQdy7HQw*xl<NswRp<+Ax!V?s%Xw3(=
zcXlv6{+~Ph3J9@slC0`FH=3Uc!Gs-<`1tq}I~W<}X!lH;H6BL*i=VKC7zQgga`R^X
zZoR;!Paz}|E1CW!bsg@%t14*Ryj*>LKX4D}H^`quQ!H_jKG~9?YP=k<EgriB4NQ?M
zy#iESUsyZX9?9_`)wV3QcSt5j<)-Xp_LO6<Kjxd)5C4{L>vk!6ku-~`|8yP=Mv*5L
zT(LbPp5;ZLU?D4X+)WD(pa$^gS5+4~*A-|f8ESh5?TgldAgz?CkiM1&)&$C&I#R<S
zEnz4Ud?X!lM5bt<o|0FCY0&_(;>psdl;a`KE?`vgK|b?|9q>dsYkHne_4oKMdsZl{
zD^#ok7_W>{CTmYFi5WXdftFnH4Y{62cD#-v33mItU}eTF&2ilyQGkl9j`^3~<C)e*
zrW8jk`FwG4@Nus73KffwCo(+FN^UU)FE%ejRe*u>>x6LbjJpl?do>g9u>u8bOtX3q
z&Bs^1z@VR`pad`Fb*(dGkFEVe3Eluz8~d_T#QNxgu(;q46OCjOq|8szKk5aJe%k)b
zD=Z_ZY<6y_70ALs2MALoy<REy`2H-@ML#jtbveO-75`AiPO~M0euAptIiQ7u1U~1O
z@S(e(wIEvM($PHLbO|m-O*`Sod;_6|lz4h(?o@xbKh3kEVXdyIl#unGjh{a&7cVh(
z4s=~64?L7Rk~kAwl%tWc_f4!Y=SHRhh~wy)jmp3bo#ZHdcv<red!Z-fulQ-js1r?@
zq7Rz{nShS1ucR|iyZM+~V#fx2Y58vW+S!L!3B@0F%B@4H{$JP3navrhU}Rtqh6CVA
zqZlXD!9yOXC)5+Qv+%2e{10j{_?S;{0qLF`1^X;z#R5jFZ-}N1X6v1JtL3Yn9pKYx
z5F+MPo{iY4hf1D#J!uuVWa_*SQczX=K`1}>%p-XSgdL%zp~4fx8P8S1UP_l*f;!>F
z!OmB-61aNn2R+hd!83$ORR`6)c~O3DeeMm{&oM)xusUwb5mJ@<9V!x47;FiIoNW$r
zFxT!xevp@+U+r5erK+Xlo-C@UezHl&K@0*>h8=Ar1@xml3>BuSLDkD`^FIajp=`7-
z&ebrUZ^dm^??uT)Bowg39zj(;^9n?55bx-o*p}d4{#XLqlQg`0%J=ufHcaP4l%asX
zluC3uOCBoCsvhT)EEun4@hPCnBOLHD+<p1N7|bC8ado1+MtNZYp-96UKlMH*gJ$*l
zSXm(L?E1NEfY!ZS#Ht$!0CLcElwxCB`}|AF7n;(g{GiLV<F6j?|M>Rj$`ub17rsjn
z!4%<c)99Ih0%1>&F1^ZnwG-A?B6?(4@DDxylbwD|Y>dpLC*6;XKXPN}Q!nFvW?j#%
z0!G}!O;<`%9XC`LgUDm}(%^r+vh1;l9uFRiENL=9C5ycRgOAMg%GgflXU?V#nbvfi
zh{@Ucb)rQG>+0)TBeVzCcS;6!-tNp`Lh;QWzwo%Z>PSM9HqOTZ#c%zL0**$?o-?V_
zUtPq}IZ-Mo_u;w_G^}e%$a8-tU7asoeQ8kHbGbX%y|z%NdH&r*BF=~E+Fg>aBwy|k
zHeKgJLz`$iPcV_@N^1YOQ<)n46MqiS*4Ym#vx`bho%KHIdenDWjPYQ6bGq9sxR><c
zqc)#A>ii<NAx}k^C#osZYSihVoCf9DhHh2Fc%snByjKa`k(RhKD9?Jmg5@7&!Y69E
zlrV#CetFE8UUU|}E=S~-7p&u!JaOD$RsfuO-jzw6w;GRNt-i-Zp=cZP*}^8fJdUQ!
ztkZ)Ie!Tt8eue-WDL*|Ep?spY*W*C>Ua;|lc%b>7H(eLcRv?o(_utXRLBFWEu=_0d
zl6JD>QIwU*SelxGl<KDJ;=Dl06?|=H`R($LRPE$4^AS#3AT~&cy)DtAax*;>2U7D?
zA}X2M997K7QKc+(ynV@-w3+SIa~Y6HY)`hV2!NC4`&jCAex^Gb&@r8?B?MT>oWf|k
z=%_7q6zL;B_L=0}_}YlTiBykz2zf|uNju?uxuNisl$yBROi^w<<syfgHRU+^MXA~q
z<mS+OV#M4ygGdRWcr`p=<g{K(w_Lt}6?vr(81i1Vaij~K8e<%F1G`%m8Pl`R?ac|Q
zcv@<4ahVIYEoDc08xJCG2fFj1aiDgY*^Di0<}G&QxFO4yQ^vCHqhav_Ja&p(F!#E2
zr^2!~chaoFm2oi^+Wp3tA~RO%GSLj3x`rWsX2+TqE<nMVO@7-?g}wkCO?=cksrFdW
zI<z4Et1=AUSgy^TJcE{|-Smpgl@KiK0Ni?U{7W<9X@gB{j70=vYr*8i5}@f5cpnRj
z>t++iH6N+APPM*!oKt`(b2Q@L){l-DuSga9ejv-Yx@z;)`*Z*E!>|!b!)DbbJFKvh
zWjmsZl-01fz5pkHs^Jd`L+|`ek|kkLb2;~LJ_!c=cyuCT+%(tCdvtqdgEZC3t7Pri
z=C+Bj1OMXY1R-1ymBF{pW~oOoG&!kpcLU+jneV~0>@>_=xCE)V+(!-&UxvYJ9Bljq
zJ6l<2QC{^SFu1u-a4D}L(_Ctg^3tA0Xx@ua3O}G+zaw(@7JR%dJ7e}d7Nnok-Ac%n
zn&8>WEzmxY9zh8_$#u$6wN|pT7#6P+Hr|=STbeAv`A9^C=qCh~)?kZ<gYh%xqNR^O
zh-g`v6alKATB`Btc<Pg*C9_`{3l1O<CSYr=ue(pg2kwPZ_X1vPJzuifSa{ZJ`AP#E
z23McF)b8t!9n<f_2)^R64G9hd59j9EkWvObN#J_DF^{6|Oa3vvkTCU$!QIP>Z!9ry
zGbf49TYi_wRiIx7;ZHTTTi<clZS1zqhk8HG4Ka#mOe_S(KO}S3#asF{M~s(d@#e4T
zFvgA3XC69~r>boPTkC#(x>2(s#s+sj_rQSuTn~fGVjW4#HJ25px8BkE)8g5(1|lK6
zVd!NWX^oRRFb`&m<#qknov@d$3<^W-5sDc1s;8WG7(dao>N%$o#`hYp$b6>Ks@EA{
zEt-V!$9x`fZIr-SP*W06T=Oe<tS@<F=zTt;+eX7JmV%HM>9J&QzNB4%b1iozG{0jo
zMyC7^{am>VvI~*2;P<6Y&ADiX{YK4=3b;bJ<GfwZOIYX${#c2~ypaFFaoqoCvLuAB
zKC$SH6(iv!6b0Gs=J%FYaWwhMO!2)Us<9AM5P%E(K3~GcWD>UERkO68UQ)wT0*XrV
z4U@^&`0wBBg$W5C^SKeo{D2}7sVX94c@HXQDTQH-?%8X<1qOcTZ;HsJDFQVBF@Dna
ztmPrIN6PBa6ojJD_Sho6D&9ZK+iWld7MjJ+_Ef@c8{KBwx&s!vu4k!|Uk3|CcJC;X
zT)_@nhk6ylci@dv`Iv4|G_j|IztNKl3uV7zd6JNdBgIC_YK#L%9p@X1Y2ggYMtJB}
zq++7RVyP|~p&i-0jlC7`e|GR}XavH!V}7R7NLVF}{W~o#)Orn#!MdnjO<fHL=ip0!
zz~Ofs;@~k%Z0&Pft#VC74~mkpl)%V(wp2IK4g;lR+e)KkcHvU&f*E$sNiy7>0_zeL
zxbQHMuUDRtg};t%TP|LD#+dj#(I;fQRundOD22Utd>}C>H$b5Ddn(xmh#j?<+NnXW
z;dN$FvWy1MvPYr&+=|4(-%v3y?DFxycwqvp{I@(Bl~eHl<U#I#sQo{CBj-N=lY#Bu
ct7S`=#E18kh8fSK#vA(igatO|nA7k714z_C5&!@I

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-120.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-120.png
new file mode 100644
index 0000000000000000000000000000000000000000..dde7e636feec5fcc8e363cf193407b4d953f2a1e
GIT binary patch
literal 10827
zcmb8Vbx<5p_xCx&;O-D441_>%NC<9&26qYW1PvOTFbshS?h+h=yE_a40)gNzfx%r8
z+=k_Oe(!GW*4A6K+g;tK>h?X={YT&X{nk03uNrC!1h_P~004kM@tv&JQ}p@IMU44$
zw?E&He+po$cUr0dfFBD05F82s+&&Ej?*af`ya2$yIRGG%1^`gGX0~aHJw3p*R929E
z{O^HdaJBq2g5{~GDu=a?flE$HK#YPcJq^9|lr!+Ow(ztOv2wS03V_$VuLZbx-*WNs
z>b&L^c`Ycy_nL#3SA>^$pp1a+|B>MQ(c0eD_kW+zbk&&rl<?~RdV{CEvyF$Rg|qAb
zK4)z`NeKX8<4}}^==dxiWqJGP$XyLczVTLOSKQ6R$)lC|FzLIc+ZGb6q)99rn#08N
z$(KZ~77w?B-5jJtt|Kc|h=V<elc$K275YvYEWY5>dUj{!O_s!MPkXZC>yyH|@H<=7
zzuVh(G}A*qG%SV3thG*ynwt8WuC9fEmzVeYjv7sX_tXL(NK1Xq8x~A}A3!aGz{He@
zVl)SV7=9AhK%qod*z*WPI3GnbP!28)6cOP@e8JnnkQ6*MK?hHai&e8ofr<N_4c4^%
z&=0|>bQ-KP7LBw*JwcY-*MaokCV{fr6Ys?UvL2#WXwXot=ZLu4*tL}6Xq8E*c!d>7
zi9w_B2#~NY*$ja7$w^9gf0A1Et)>}2r~;i>XF1h%<2pMy*}qSxct*1kOXw%}ER33!
z621XeU38gp8fQrl`-T}DU`%WK9NoQ9z|bSafJq|N3Q|F0v-u#^(2~^^{4eS^W*1Z{
zAE+>+76f{$9X+8B6DiG}c&ou>TwtQ+I^rI<bB}SZU<{)3hDl6b<Q?d1^y&n9(UeF#
z(?CnOX(Eiok8a0*Xk9CDdaew9Qx(~f3d-}E(&{0%M$J~!rkT~RZ0O@PI1~Z5pMif4
zyE^m11^blZ38$GOW;fMqjfGs1LEzo~KrhVCv?n_6dqcn6pPVs=FAz8+_-V+&zLo3G
ztzzj@*p*q42}w4b)M3D^Iy*Cu7{_~!|72AIpJndg!@n^pHLx8=wucS#K+!&ZW)yg>
z2=bD0)*OZe6<&<jA;hL{)ex37Dwj*-fI<BRoFW|XbCQ#<g;HYv3;3Da*#5!B?t}jt
zj1#IRb3gD}^)r+Vs`3LINK{45F>?OmwyYZy+7Y-`)QtSj23-0(GcNGu=6HM&74<7x
zR)v}mX?^W@X0DjGi9LVDd=b;IZu++(4YTNk^W<6_Hz*l2id7A&%xn$ca?WLR-X)|v
zt?<gsZj6EUH0E0Tz?UUf^<RF|eunfL5+341b3fP-OSusjN?DW`eU9bO;*gslHBA~V
zYortv7ioqtU3;#>=kRjy(!Fq&vLYHS1eVaFHT4JsOA=$rS^Z_H$#@$;)Z)7S>iGE0
ztG7OLT?F>3-WpcA3c8qdkHhrYe=wb{?Ea)r5S~+3{T&?vGs%fg6tqNhs{#GLw3|6=
zDMMK7@l?lxA2T4Oj8`z<cCXe){b0$SP_!MPUwkOOB@kwRn7=gvQ&fbM4HF#QE-f(N
zSa{Gr`9|Bp%9X(NlXt^k>{h$K&y3DdP2Djq&(|>daU@7ZNPh2BvOdJFKesqS_^P?l
z$+Td~eYukuW=>{CmiVXkZq}*P3!ps~!<NGAbGi7O->?QR7R;8)kuN>GPeMaY(aeeJ
zUdFT(#iST_pFm-KHMliaFWPrS`w&R=-R$5T`U-RIv}3-pdZC_2*VEH+&$wTUOj91Y
zF(vd4Tyor-`Ab-rKFOV<Y>oxNq9F<5+FRV4u`Mh5AXq}Ex4#2cH!qRO`|Y6F7$g;a
znsyQHCf#7o_e)GI#mPs2^edh+@~-!C0%-otuntq3Y7h30(T-6qm|el%vTEiGMm@`m
zi%Xx;4J59Vu}cWp<+50^nId^!c>;G-)5Y&vR*rJTs_W*2ZOoC%)`>rbiF^P2#hSeU
zT7|d(k8q|6w!<OxdbRs=KLiU-i^f+1U#o8>2?Av9`j&g^2<DI6mS{)WK&yR$tIw@z
z%cYuT7Sq~ba#siREf`Mm?~kVZ61xBF{qg2D$8|=({K@Vw^Sm=&+ZRavQ=$s8hY;7W
zam}tbC#+4ms>XGP&kjuQq3!4~YWlpWVf}^p&l){pjEl9OQ4NQ_TlDZ=Gl_#jYUAF~
z)q?34(JLv^VhtoN4hX6=N6%uSe%#H6P}Q(jj%CnWuh^Pw>*Mu_Oqg-@WBc;I%JRw5
zd)tyuY2G$Mv*wK^n@|}r%MI2pEUDkbf|C<ta3jTvlLafQ6WM-?f#7yTX7|yUa;EMw
z?CH582Pb7J8s6pUO2AUO9nND7AuBFt*Giv2eqho|>OTC5&==rOLkq8Qv0sF^F54H)
zZKz79aCV0@soX7R0vBbEoV5vDe~P9o&cQw~i@+r?yq{r6qWP2Vb>6gCb_8hN(NXs^
zT^j2vy9l#*1j}mdOhb~fdroxN%&NFUM=R5f_s~Dsaki^+1#eVXctg#iA@+srTqQ(p
z+x+b=Ar1Dd`z)OVduQr&O5boCGV97krKYLGWtEquyHbKTbVgm#WP=0bi-L_Ee=Gxp
zPK0cDLjR;l8-e`E_WGwR3qSPaOx;#tP_+s{0(1Av!}AQgQ}Ae1pu1bJ?86UVf-xur
z!vfGP!#;2l0)s*)TWYF)=1#9Eyn^O->153q)btmlQf7dcO{mMg#=td$9bF62aNx81
z9$_%tb;wkveI-Ga{@HJXaTbT@5hBnO+?qem>_@58Co^0vgiEhjp<@RHZ^^IDU4&bZ
z-G&#xfTpfSV9&?*gNe{)#E9FKnzJNY$dPVXYBWfE_M*0ns^yD^&V?r&+T+Dk1P9cT
zq0yv#F8ke`Ymp=2vB(AcPIVO%(~bA~Smb8nCK)_Cm|A^+dA7+oEWW5<C`sJeCuoUF
z<-(C(yWH}C!D>F1IAG*4WYmWFi*)op`cl5!s*L2i+r%Xxossxjxj!@RMefHLNsVTp
z$KJ1NwE7ifjuQ8tHB4#t>OejCakr)bq5wWESMm<)m%eS4Y|4rR)MCnRdo^aLV#0a(
zOj$sI*rbtAE>1lW3>IX_(<0aNJtvPGE*IY7GV$pAUQ&>WscCjedIn9;uY89-c>~)-
zt6xMQq7??kI0e44f$!`k2l>IU#LPR|qlG~x(6!okxGf@UU2~<+#G0oV`I~!Citvhj
z(P)dW+hBP$8po^I?k5qRxmWdj-XR1HIi_iKLo)athzGside}Z`DBeJKd*j@S_exo)
zaamFygZhODb-V%l37X6Ip^ZvQX7Qd2_bSitP>H#T-V46*gvarNkTE{qSJ)0y@A*L&
zX^yd|H$p`7luKT@B(RnZ%*9Su07s~3(`HKYgW5Tnz#xs!C;KvtgwYdGI!T~|r+qUr
zr7G89_vrizD*k&zU&;s9pO)Gf50^?rBTHZzpXohein^3mXD^EN^OuG;9B&q9^jeuw
z@<8#=^?5DPU1_8o<`ZgSJhvepHO`F%q=zo|GjTH`Jr<)l4R<m(#rtC=m*j)I+FT<T
znbx#ekxLGsoIJGnW%S$jDpzr0EvuMrFF(@5>RO~3?K;?7_crZt2O`F8Mw~<5T$@_l
zhf7V*%1!KHP31=TI;)tn_&j|6IyT6t4xcjzbKrWF(7kCELI@~x<w%ZL`T)vd4BgiO
zT)?}eKLZZ$UXwXNkoz_#yA_0%$%n6`-F6;RkZo%(^%16Yn{gRD)?PmvHHpxTil>`j
zF9AvRz4XjOwP=hPRtC%T*4YTrWagDv;J0<*A4V?1H7LnmKB;F1y`gGDJ`hd?xyJ{8
zqiD9rlu!jLKm}V8Q~I5UE;eL}5l{Z_p5p)I@-{@(Drn{WB6eTK4Kn1aPfE_DhM+?I
zbVtyFG$iZr$E!$*6LPSRV<q9M{gisaV%%1ng5VVRNxu_fZw0g6<#!q{)K8|fTmro_
zFDQcspIwGcmr$tpeFAq&_Hf?D4-9^a=&xwPQl4b0QUR>CgSFtrNPz|feQ(eU5|5P-
zyglnUoLlz53?;yfHo=S;=7r?jtoL)~)q>WVy`h-vMt?D;q@KqeY^H)o;RTkWFSj*n
z6QuX3TmisqSXr)%Rx~u)iIPD&IdBb+V+Q8XUe<*78Boz|@UcD!(D!6ABZtE~lM6WW
za?x;hY~N+2(PRtY$LPoAWK-ik6Rj_@dy8IKM*a_5WA*`6zT#v1I}JiKd$4PQIKgpr
zK9FuHb&3`&`zdw9w`Inok74cn46FuFnC2s`8aKt8P?3e5b;n$c`Up|Di`@T~eOGa%
za9YZUG+w*aeA1-QLykqzGiy`*t|kf&N{tuOpQk@Vyz~R9@hPbE4Roq7rgz^5nk6qH
z&3d}?R&BwMm+qwAvx|jIc49=bwtwHAF^Y?9SZ|XHp{#!_$clb{tLpK64n3ava<Ct4
z2rrTaaj(uFvvDd_2df^(>nKuGxP%1H0Gn@O!y#68Cx=tdj&WMr)vqu$*y=4K|9L};
z?8O^-kwlc`nED^)7$n!Qeiu|4;tOXvtuD3wIF|P}jr0c=(cf&=^04+a{aG3~<i`4^
z_g>v#&_B*NQ~}#h=E3aNyu`od6U>mI=iS@;0j$+8dSlJw87?8YzY$hYdZ~byma;-|
zLzc;(FhsriOhQ9eG^<OA!jei$VN*1Sx-T3=l?xa-o|%P#S?G#6Eb0<Dc<v!|Tqhu>
z%>@51pE~V~2y|o1?0Wt+wMO0$wd{<T&a`DgvGy;-SMOewP--+<UNiBI2rj6~Ks`9M
z*o;vS+n>xTQY?!5<eT3P&kkb|J=@`J&qqRH%g1gX4iamMhTB91ilK`~5?F?^lW~6i
zf%Oy&g?b2wtVLP;K~LXzUAVCU{F}wVh0_mL77$oI;=HP~la1uu)=!@v9A-d+%-(;v
z!zCyNRzlU%($Q0dQ<#;#c99>tyBo<I@XL$z7w`(oC9fuiacXu3QHQXPFiI|%H7-@O
z)U82af&|qMBYncEX);sVhsh?ps~?qoBZl(TXb)<E-%&Uvt`x=JHnPhEdbqxGETl)|
zGscY&Wrng(^<wGz5j+oi>`{Ekkl8JbBVlYrZl!+|dss0TY!$SNJ9?D*O_CE)s{cXo
z3%M3FJ)lR>)oey$?9UBu)WWT2Wc(`ZQLp>s17S#)vihVWP}xB3MQkU1)xW|<EVTG@
zEM@)S<`m8Ge5bRI-=d%y`?EeBi+VmqTX=Y8M9>Q(0hXWWAuNsDTJAUTok`jb7!`KA
zP(S|Z&-usS7Ax~k6axLuKM*bIIVaAN7@M`uwu~kSdUa}Mve>=ZF@XD2&30sjK^`;x
zm(Bw)Opj0HXMX+7J<;wip90fp#ENWI#_QIUsmQcAnlz_)Plwrdev68xL96ns@;7-S
zMXwW{d}lC2E4`<rF9K(j{>r<%eJEBaqic}Q_1Wtp_Vl2=J9?EG-LR0O9dLeiQGGr`
zoUP}p-2a-l#`n=MPyqU<(oGXokC>VBDn8)IWeYNZhF?o&cR_=qUFC(BAcav82kcQ$
zEXn8Nf3q)$ms|#ZuX+szzVOyM#sdF@7x!5SqQq}$3TN>uB{a<T%JU$@ephqp_*+=X
zv}Af@(=QyNZsW@F<_>=U>pF2@edm+OzaJ-3?g@7wdp02zjue38U~;3OD%;9YRP)Vp
z&f21gx{-fHtt|XFE)8t%*n<(1FE^y<HLzw#s<@34m-f7LcQWR>1ojDMXwhhIdCtA1
zJ*B4;!o~o9_I@1cpXhgH?N?@p8fH15w5*tQoONHeyT2dz-nYBpMU1^zE}wTBdDwqX
zd$4q_?Z?Z1U9^(DxRoot>K>cq6=GOuIh`B;EX>s6FxOIiNgv{Z`;D{(-#UqtH4&1f
zskpC2A@1qzRG|mKOAyYDo_#)Xj3%r@m?RFFYH)IvgeP0J8sJ+e2L9@umoF`zQ6?TA
zdu(_-GG8$F?Kj4lw%hmEHaYDI>~q6zpfoILVhH((UW73Xw0)xxIM8ouB>L$P9QHMD
z9Wp-pL80L-xH~Rq&|8Y5{AO5Xd}aElJrS&gy$tTkoo(ocA^E=JrD+I~0@4U`!E%#2
zBzLUJGqWpEpGhUAX5gLwOqr&o>Zoc3ovG-w9;xT78^pXx%;b>-I_C)}_|sb3EkFdY
zMv7kA*MfVk<A|lgmNEiK9&I}OXe(e9w!`Q(sN<{5EzS}u-)Qg10~U@Tr6Y2YlV90N
z?DoL~v_RuevWWyX^zWZtUash~xL|TRHI_V%HG;iN9HbTlJ}mS5c}#<Mg^Lu9j%~oM
zcIHmOk|nccS^GXcJH7*n9+|8du1JJ0hNzckVX$>V`j@4<KpfUs9~Ck7=RgGx1@(c*
z8p|yni*gT(UOU=1g3TDi8z~>TlyeVuxkp4t!c#g8@tr6^Ova&+L%E|RZ}tx{2t>qR
z#w7@k`Q|QrU6$J|!By%8fqiC%t}V)JzlyhB-GJ$KuKjUpPXo`1a=0R3Q$<s;Ie`@W
zbCuq0YGUWD)mN$FtD$ul!}6gh{9Bxds3G)*Zm~fzB3mb+!NOn%(Od4qC%e&cSDQ)_
zmI*eCi|s9)E#A&X;b-5UrbDb&!_%;=C<h2Zw^OlK2pSg?t3X_>Rh7UuN1{FzBLydf
z83dk18T$n6+BPWrO;_K^@$>Q|@_&9dS*Z)L7t6WsQFJd)zHDjhF;^}UJU&Bh{@byW
zGQ4W2X|PAg2W=DIH@N-k+nTYsq|b@Ykiek%LpH-z_v>Y||BT#&hqw=IhsrNzH)%Su
zJH|k7zYn)6)OV;z$!=1@;gA%`j<VOTZ|suLM!wrPy1A}r^#y)D3{6G7t-3qwg*3&D
zY|&`cI<zk;qF}x4&YSED_Ca!Tds)(Ej#%i5sznIMqf8{>D%xG!QT?$QdJ%WgHp^$;
z$AN(ER+3HBoW!3lhS_g(x<-;1?x~x{BbC7OZ5KCvMw$;jAr#Yz4pDx1v(c-(_ET){
zjFM8)FS*l-(^=C_FwP9m0?vfq&1a6E_2JbN%*5cfbAoN*rIyls=LhVqvZGKkZ88~k
zdFjKCOWljYSp1(y7-K_xb6d+>MM_4?ifQl<+~<r0V}j4w_a5Gm29G$I>rN~kIo@wz
zs3;pw($U?~?a(z!nH4@3eF8+onG)_Bckm_5Ukm-9yP$u7d@S~!zC%kcHIB3Ub5D_n
z(|lH1uwUU9vLWCvIiO>n=>rkN+l-STyiv<@?yDm^jE@<;{M%CgWXAH$MBPQ{5jTY%
zUtc^wH@o1vbtArlOXRa2$FJga^k#J6sukBqmA`BeY4vNDhr%hN`?&hen`14o=S3+F
z<@G0UWJBS(EK~~DyV<2K41QmqOUbcoLVpk)oi!cBN(LbSw;nvlQWR4;D?3duqIjjD
zUCS^0v;ztsI~)%`HBeMSf69{e_j~w$6kg}{+$MagY{;NL&IkTE=>NZ$A<>=8k-h)l
ztCs(3`X$TgKuz=!;+a=ieek_<QK?{-^NWmm-0yx4GA5PzebMXAqN&D*2%6ct>`1FG
zou91z%9K$*{TkzGx%<zWC*nRJo?q562>s-X@o>vS+bd<R%c4I-S94F$&PE9ykCt0{
zYKjdg0=SgQ^Y#$@f1znnqCF_On?i@KO^$77lhM+vZlI>REIeY93jY;zQWd!fJhfjr
z3V38O)oG}0UUe%!!dhKslg%p@j<BzG9Q$^QR0}!nW+X#BznfR5`!Kv2AWR|qy@aO>
z&3|D4g?DJu#}tIQU@DL}13|H;3{^vYl5^F_VSglkN}3}4l2)Woa7kV;eVV@KnRYTf
z8>W%z`5WH51;-rtq|osOuxanB;{r3<$gmR>$Cw?RZJT|8K%@L;#YnUJ%(ov>Yg7f@
zp2=u*A|*gc-gNJ*lF}v8)zd8@EZlTF&VzB^a#V2S;A%F$2<Oklb4YeCR-oi_NTVr@
zg|Q!%I}w^;5ispbYMuxQp*GTx2G}v$qsDgVyXyN^=Yo0mGet)Q?J};b$TG;3RAT|i
zBx1$Itl(UK^E8|G@ZpL|$MNFh!}F5ArWapl*3H*{Hjj3;(QI?wupHlM#<g)DO*Fjv
zkV#Fyw9AhlLw9}|%m;R%dSoFvw-%SnYTw+6;0Qd<S@B)F<9R)v#ZvP4y?XXaT7Aic
z=Mw{-FvAXAQ)9T-)?6t;F`~jq-f*brkFH<EUe~j41{wSj$LP1(ZPQ~QKF^(a<pv&}
znzP&6i-@`6oXJF8fh2l^rjPRsr+(@Bj@=C;UH8^%$IBmt0`H?PoL-iE&Rw|{LGf;0
z^rS#ff_>|JD||6_mCp-rBZdQxlWz|g<o76Q1c{nnj@aWf*JW!PCovpweR(kyQP+X*
z{H@VtzK*WpaNbh+Yzc8u$046Xw4J;?QWOi7mCyk}B#T(fJX$_}N8-_(SE&}jzXM%^
zhw_<@1J)7U1|`9-(IdgJS>0O?=j+3J<(MTs$nNn+e@Q(2BYx{e1eL`&5=-RL2-~v6
z6<0K^EhDqYeEe#+$B(5X*&#WiRTjqbJ1tnCAz#=vsZ+ng;b!i@QKbQn&aRQY-BNr^
zrRFP+Hq|}8v!@Ima*sUNeskJ%X*+`xjaV4IY4s3KEB-c+UXIp19xssFUEW<ehFoXQ
zSP@%qn=Yb+V>{(z5{Ij0F?F{q;XetD9;X3#XDU-_DK@t|x4UE@1e?T0mbZjFxomP!
z(jF{VSTcQoC#yp>Blni~g3oK(0k&9txkm&Y(p$)8a`{YImCD-xjt}46dr5E$g%(qs
zr9hV~wai60K6aLEC57JDf^(jI>tB@|=Ml@r+zislI?fkyVf;ASJl39~3!0XCOKwcm
z_S`)hP?<NYQLb)kLpW#gbZT;&eLxt2hP5AFx67ynjJj*YmsRiM2K*}L?3C`l+*F%*
z=0xVq;ZzNin49@QLAYFsbEJi_CN4dl)i&J=dB^w#ead>uX9|?NK5g+pUZTpL;>j&p
zM`%~#1E5nE3G(bfZyh*{U6KUwrG>jv9T*Ly_6JT;h!=h$;LPt+WdabQPF%+diowo)
zez8$KV8gFr`C|H95k+bxWb7n56%o3kQd=dNVr!-mbWZb9V%(S!ON_@b*o&B1Xw=cO
zSerjsPUeNzD73r9uLA3OHLMF6!nQrxD|ff_)c8YXLuDf15V>(P`9sN#(%X_x<$oNA
zN@Skw>W{522RE(MJU=5?5dtfeb`0qLFRtb!4alZ@#fIviOy^B{fI?KrhBg`J*O9f~
z4fXYj1rV1+<^J=4c5alk7?F~?mrA2<e~E#{9(xu(H_x)u6--etp-l{+0E-<_s_AWI
z*(ocG0!={pNp$f}B-r<o41vS8uZ@d(pe3;F7e>f|cx4a0PZ%rfx<7;ISQ!$%VI{2l
z5!hFQD!gzF5~d;JwYPm|G%P=4vEc*#*nHF~>KSd0J+5WH_bBbA)|U40iXMgN=`>?V
zMw7vd@D%=Tgwz;5)RvzSH^|S%9ytUh7Cb_Dgo}ox6gt1|#J5aIV_d<|gd|bfR1d3N
z-IaYUW1<U{oA0+DZ*zFtn0RWGPVmcU5mB^gB<N&@xd^`b_<nEyf!%iK>p#g;h3>?9
zHTBS&7nGN#ljxaaqIT^uP?dN$cN}<8er?N^$l=3*BhQ44C-A7HNht%{{%&eTF$ZWi
zhI0ACL~G4G=#X6ryMA}C-l4nfZS+^up?KU9PW|c_bVoYiup@D8J{sj)FNyV_Fh}^{
z+rm+|v?h8SUel*x_l^)AXc;?C^gS+Lz$DM2-tMR+E9(&Wr0D~M^n``<sBHtZfa{+F
z)qxVgCh^9=laodWrakmEfLd-uIr`eY+n7T#+)8F6HR}T=5BKMzTE+O&zT<cze19yO
zN1B<(ZNTZlx_7e|@hOwlJjRpNmlKu2v0x~X)M@Jiy)L$G9CpET+?eZkalzM4DAv6@
zw0k!<8EzK^N@q?TB&yCcb8Ih0m3?zB)wsTIuLf<aV>zcZDXkC&re5(~V29#T3^%ij
z0ymr8q01oaxV_q|N!>Pne&#rNnrF!S1>eO5I@0H&6G&^S>+e&CtJ~Zmx{0&DSCQy9
z`G-tRKBy*tw-x*TNNfTwvo3cVuZ_Yny3GU-zByezBeFJ*X!rql`&UX{P%~QhUjprj
zHCz}r6Y)95Eqf!??}y)wje#2ea<Z-8-heF?NBrJ4!B&M2$jdP+?8x|xgV+t@|0RKv
z^E7PMmV3_1wT6D6N<bFj>e7>Yo7Wy7sQ|X3!D2`Qu?y?sRz!nuam@SU#OI#v&x@La
z<6LYc@Pi0w+V=G;{AqPewe4Lnq$D`o2OXs7u!P-zT`o5i5O5*l*P=dk5a7gS&wIM_
z(4C4lob1Zhh}$oHq$O~#zt`+iU%|nhi@KVhHP?Or7X3+=Q#|svYiPdCY)fUuH-0W%
zphJ74(qJ?PxRPJFm2jUc&vp|s#Q`+lT&s*g8!qje&UxXE-Zjhdfv*2<w9T^U_k?3_
zsE7;t9=|dM_iF#C`#upGa}JuL9N@Uri}QVT6u+sH8+B{ijrU5%S99y9WYKgC!q<l>
z(b{`KZyLBmG)kR{amf(L;c@LT-)!|b30s271bn?CuI2cs&g@P;c$F|peiC6P6$YpC
zrL*>5csGjXQuu7bxarjQ`DbBX<FI$d%S3yuuUAF`=mm}zztM>Tbf~<V{Q&bLugAWk
z>)TQ&Xh>nK{J>rJsx_7MiAnRN*c7?xq{Ex%skiN<S+Gt7G3ob3n&dLfBqoKtXpCu$
zc*G&RVeq~2;W6jon2vGWog*J}lr&@tcEcz2hKg}{M}7ep*l;~VM<@FY#_gsliPgBp
zIPBLBH#jH$BdgGil1;nQ{})61p_%nU{LxW`Vi1q~zFjcQPL|~BdhR@~q41c?kbtep
zglIq|CwmFu1=4LP@)e09h!}#_3ffe;;U5t@d3Gtd7#LBF^Y8vM*!K;aOv~q@X^~od
zd=$>ThrBr~q(78_QsZMOuNP4XZ)eIa4cv~a9k}MEL?JL#Pj3LbTt-{(5M#m&rsjCv
zM-)u9v}(w7js4VfuOcGAv(+F=QuM;=ehmALbsYLno2F=52ruOfqHxaw#F~zE!hF@h
zR_(9)N9z3h+xZMT2?ryzUnfV^*+`-$9DC)uHkgm5K|d)%&c&X*j?o-;ARYMqTWP%c
z5&3z_XKMaCKiSx0A_#@Phkqx76n{L?@LVu<k!uk)KJFT$9!#X*WR~?uDOW8X5q)^t
zw7qzcAIQDfrsQxBEDt|gr)l~XK=4#Ap8HZ()vToq_Js814s9?7=p?@J3WKJxE)5DH
zS>H+rq9GNT*aAGs;Z^Qs0p#q>_V-Rlc8rIzePKh1NSzt_KQZ_CXwLrjzXN&Eom>MC
zEuK5}Oi!NRD8D53R!S7Zye~o(c3~RRZFus{H=1@9ZbMsC@!}bvd!ef=!&2r9W9#Ck
zjq+~ZraezY0<w+x>K~UC<JDRN!Gc#$;~$AXd^ErJfL~`>a^=e&_?f#W<t+;Qn`(>T
z8S^-!4hu$y)xk%98v@_624i>G;-Au)T(`COS0nlU^DWH759<=|ggu?6_I8k`+QZUK
zHc}((^e)j=IE$FWGDUm{9D$nDAEGPMq6}4PMoc|3%T=PHy?^%|mkuS+*%%dAvoHM$
zyZ?5~5!duc(oaZ>ar=ch<^|SR2_O2N(6)YJpgZZ_M*aC^?yw{H^B>SP!FiupW8QRE
zhg4SF_2&ZRJbj$-&hOKt_qjRlKii}s=OiAoC+o+JKMHu!4=dBak=D328VxNqPtBL+
zw3peK4{;t}yC^0LNFNekp2GYzqOrbH4=pp*DCn!1qM^8AzG6W|@;Qz<>)U0OrLHz5
zsi@XN)&ssE<v0w0cnEoxJ%nas;wqqLx+6{mHVIRp&Tra1L<NcGjZ$12wvgQ&P{h9!
z1l3@Dz?`;N$(a<0#2W(?k<Jh3fxn)ix3??$V3^!IZ5&8Tn+~<e|6&}^hw`g2`Be-e
zx*qZIBPcjf=s==ULw2A+p6zQOuSHKaQlbbcZ~iq5N2kKDYCHJ92!@pA--rbvOw2+O
z4rmgvaGKT614&D&`^x-hY^mV<B?kF2_Ms}3=%8K@(5v3D;eZwS#7&qq1lpNv9PYNb
zhODT49&W^%zIq}lqR?{UDFa$sL81cxMLLXe|BF|EY%BV;%$E_luSl{(C%Ntii*vj8
z0tSR}gx=wozdChq!QerbO&9X*l9?pZGX(z+jKS_sMi5a%M1UU={W_`eb&1j~ZXj{X
zH=*7`d#Ptb6rof5)#NR~a{t9tIy(=z=1!1h>ndJOXiq>z`;QYz5X`brKy?pLwNQ04
zN|DRsTIq%&%%_}a;JJ?FxDGVu0HQ-_iuTK=kcT#_Hh7q4!UuLi)qtL)LQ>?9_cT-O
z_^4VR$BaTZ!c4wPho%9DWc6xkDo9gV=QOFCYfbwDk8X+T3)hO~)OvCBDxuWg_aOMI
zOxF0P#<o`aH-7X7uZPS730KbsqS|PX`ylv>v?y-TxHOxb*M!D0?yc_}+YX;=fMZ5_
zCqcs@B6c_cg0eI-DKad8LU}Z!G5N9Vs+W(Oe&y<W?8g{_FX1WqZ_K&pAIx~Z2%`C8
zeCzQY4Sp~+diM#xCEGp5JqkcGxu`uh_e#qa**=Z5H4I)Ey$Exp+Wff?X8RImn9EWc
zPyWrdlib*3xBST<+cx5JDx&_N?Sy=G7%$JGfZXS#u?GQPE50nPspRE-1?Ida0Wc>H
zTGYr{w@yCw+`K=@+xjAMz|w<wuI!u<73_s2Ec=l~NCSsEA%8j{RH~?0JAp<zHWS{X
zGyy&?_LZSP1mQVwfVQ>V>6!VX_ztSVM`MBAB&&GvcqgBO<KVAE`C1uN3GE5J@V0FL
z{SV@iTic%SkW(j!kFP|E`$69B7%TNx>o6a!)7SSNlVPyu)sG6^AtkRI;Q2}$xvww|
z#p$b4J}@tato(Sp()!HZ&<2&XNS%pC2RgLPWix4Eu#y#c#nz&*Z0l(OZdq~b+6iEA
zcd!Xa+sCR>$daK8gz%F)%X&w2oCd^KLV3a$%V*2`{}&kYxQ1NI+cRIZKeiJ`^O>rx
z`*Y_=ek$<|+Vk>nm7BP>%?bQ~qUww-{N<Gu@kL){KG}`h5>wGUYdMov1DSZw%*euT
zP5L^l@7+oNgy*rA9IP2I8f62&n*#PHLe!2WpY}YB4?Z13raMUm+Q%|YRE+H|erIRi
z!5&F6TWVZEYkq8(BtomCW598RX~IUzKAs;;{;(~N?$F>xa}x$$mR-s?=f-a=WXDIP
z^-@f3eeM@BeNRFd<qtkZH}|=6>s*3d3OBK*C!S?#`#Kt*=(L7vxT9y<X_{6RFkfJm
zkb8ae8PDbwcL<{9Y+J2CaQ&b7M!5jQQ4W=O##?)j``tZ^tR?n>b2Nb+vp>>1^ql#b
zk5zIfW9-Tx+tUv^(e&%)uEp>D4%-0Fjp>%yjt-8faph*~*A9B}bqPt`WoD*{9<TXl
z2iFw;Ly?38!YkEhkIW@3Z>FmS(_HH1ud@Ko>6fj-p#Sm>fd5bi|E8XK{9*ys#LHnG
zzpF{`>8j{yT&wKdt_)sN{C>5);Wu@w1Mkx4rZrAnR>WK}uu<T;BVO9QA7o3eN-0l;
zTt^C6a=>x(+e(a<seHc-^SHe@ojGNO_!KXiLL!(Kbb|;C-&E$aVOdwO{h|Xb$~xEG
zfa1a%VjF_MKl*&q@dH@3WZw`APNlT-79qRB?ArONx08xJqe+i(saItEK1x&x{s&L_
zo-=1QI~-3{&bd$FGH7L?`A;5Mo@epn(2dEn1G$s_#OPqyby$@Kio3434F%z+$uk!~
z&Pi9{Y*Gv%eU@MoF=Zkoc+EFl`EJzeH(*(gyt98@q%1u^-E@!U?Yk^Jbs*PQMjCI4
zV?AQLmYho}Yb@VXCkdA24(`)dlIvSH^<SNPk%aEQdQ60wu{3svsC@&eJ|-)CtQC3_
zbe(9{Ruoqktc2Soh-M~v%%jm8wH2Z-3GO=!WAAs)?;+5{PUa5yV!4VX@c#=!y!otx
XABEjQiFkNIEdh#hYO+<*<{|$F)HSNi

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-152.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-152.png
new file mode 100644
index 0000000000000000000000000000000000000000..d57d9a42560800e66e0e4a38df676ab843e68b30
GIT binary patch
literal 13000
zcmbumbx>SU)9^Xy;2PW^xXa)K2m`?-xVyVM4DJ%aog^^0Td;xP8f=hY!GpWY$MZh5
zTeW|DyH(%bs@q+4ZuLD{r%reOPMo^x2W$*-3;+OttsoEn_^LDi^WvetO8JkE7O#rd
zQvRa~01&_g06-!Efcw`X$Q}UT%>w}Jn*ji#uLdM;xj!|;Uq7H)D189G{Lh1~ceDIj
z0`yW)kp=FfV7#Hg#(S3j^IF8{C9CIUW$tAyYUyG9ssMaEe1e=jAWmK$Ej}JmJ|R(F
zes&%nQ63)i71X@{hk>)JmA#Gs|K0!((na@b!190B;AQV@?dfIi?DoI6`H)ud3;^&#
z6~NM3eoIFyzJ6N$y@O{bV~Z-d=$vm6z5vka-u&xiD-K7CzYh;b>4e61TFQdK>Xo!?
zKFBC_-{@ukP6yT$0pDXHd=xaC$ht{c!8Rg7C;04?IeFpN89jbHrhnbS?^zPNx5uV!
zVVU-RMt~DGG|dGmv0v)`fuuas2>Cyg*6c@!$dpl0=$V;*K`+i}K1GcXMm%{bi(jbn
zZ{_Ss*xdF27oMpyg3w@x90MduGqD4}D2X0O{s(KUz?7U9Fxvw~2%&EFI|6O$Pl<{=
zlqkgdg-IMUqJ~?7SyYhe6WXB-k`e$D*M&A3ydMsw`zWhPn`>9Tfi0!6q|GWpVglLr
z4F6Wx4E^E2WX7C{hu4iRbB(--YDi+JnR=C^&Om5IC9~8VVZ>zG2twplho=eRwS&Ds
zVPO%tCg@Ay(M2MS+@zE|5n>V&W|qs9hZP2t<AF$KOUuizF!Xe@PqMSjj`-RA48lR9
z%j?64j%C^_9k^P~j#*bcZmGsj$Qrth8;XU9+F&Dl-RiAakIuYgfVY-)c^*tKou8tQ
zhW`C3+JMs^CPTr6;)pKHHdLqXr5s=|&?D77r;|Gt?(x$J(IPgJz8PUypoo995Cchh
zP3YVEe_Y?MYwiry2`GGEeMy)Lqc%E_05yq1E}%D9!d5n-X;yr_F6=H=YypI@9B4#^
zv5GRYoplmI_0_u55rn#-P=p^Vtf3^pa-^6)II5eBIQBq7m*RvIu~bQ1VJa<{u4&D;
z5CDvd;Xr;kqWjj{1^grRXStA^mSBrw8c?ntVb!5>(+|VvlLs!pNlg)gj{MS|MvQ^|
zkwHUcBTynpl}9o_V&cjzB$!2X<jG7Aj0@ywB@yoS?!Y{*FuoBsL2xV-nXg39D#cNe
z(jsuDkMp>=5jjN~yOD#cIDEP%>(kwcwZpm=iU3A8M;GSE;6_Sf45&1pM7)>6B9u&!
zfiV%E^QVqWUlYH}C_za_V<SMC{l>WxRzN!V#Z2%*%Y8S@F~-uZ8p$XpFM+Z<T-2e{
zOdEAd-HTuzF}h}(q!7^)OBsN&<xV+k(xku%v`lvXB0&*egPxG^$i1)`{t#IberrHU
z0t_=*o)mz^MdWJcf0#kk=USvhOy|o}gZO>6N0yT{6noIdtEb!8*$Xxs#eQbI#1rlw
zRvN#<SB_yGOvBd896>IIvTdNZrt7aa!h$SO*p!ZR#iSdF=HuIYOvG9h>}=7pD4&(0
zqG$ujj-1M1#OZv5t{La*fBEf}qGS+yA_>q1iZO*C-tC~#L=;=O5I<E-H)}DIu>=H=
z9_XV;>GC#KDlPki(DPGIT3K_2H|;w-Ln{zkmw2Uy6-T5_;v?Npp`p>F1ZQ5DVu&R{
z>L4!;$-9UWV?X3o>JMDCku-N`Tch>OyukNMk+>-a=yXD0<+zWu6e9|9h)}Plk5AGt
z<w=%y&RR*}Jd=MNB@P|tFJIkSTBz?3{1kz<n)oJu3P$JCkOgTw&DK%u;H;2mBgAa&
z5Gpe=#7N(ogoHDn)2D>uzzKJB8jxbGrnJ0D#+rvlY#@1jPd#fJ7-wLCN;h_7NosQZ
zGgkF4a*aR_;rAscEnaT+ON;1CU(slz-%i6i$J>^9DJVf61C*L(Pv+i&yW#S9_QfLB
zTtg!!B-28|Cp4QFt0aOV7Qcsy=UIEwencqEOnmB2_?Ls{SVLeW(I^;6iB_XmL=}4i
z?sCGlsz7p3vnRQ(8JRGafAK<FGwv@0%Dlre#OV3(D<pOgd&8m5XgSHn-G1qAy;qug
z)!(+r%oP9gn`<6D_Z>PlM>idx#<40CVfRgBrv-GbqxTs}#F@U8qe3a8l2pB+x*FdT
zY&_mD54QfNA9tHMXj}maG5v;kTWAjw9&Z;^7d{{lMi`Xtl)JL>TaN#rF?+_`$$^kB
z^Ko!Z2akBgs&H(OjEteoG<r-th>V(HR!Cic$vQVj3!x2C-#VfN4smSSs{`k_n#vjz
z43>=L-93iY)H6~Ie;E|yLPm(wJ-#<`r<52MK4M4DjqR}4jyLIItOBp+=pKIkgf!4f
za_=HD&m%sxps<<$fFoY4Szp#@Uvl5!n<i`)GnT4K%?VUB`gJ&R*}vCyiKNxt<NSL8
zgE~>xjw3c1R_P`v)%g9GkGed<`D<!*WLhy~5MoPSIQUbb>QLSm#S^yY?9~iH4*Zs?
z^uA^{)YqCd>K_p!jak=I>*JrLTi+NKBdg$j16h@s5!9D~{JAn2&DudAa|{UaE)z@W
z9fG&sk%pmSmmVXv*>e&y=FR50v!iCK81kMhJX=S{*_w=B8b?TO!31?PI8g8Rj9;LZ
zr(%~dqh##KAB4H?PlfWS(aK28dG%FECHB@|T)Q$!8F$c`7d#`{V>nPI4RjrP>{NYN
zmF#lzKV$N&<zGBk<v9Om-#r2@d1T_UQWCNYKDV<B4zKe-?aONd$n=IkjIq=iI2tI_
zsY_w3*dr8kOU9Bw9E#}_{BR3cCwR+$9h$R~J~@2}FAtMX7aB$|>$I}T5`sXPK7*I;
zYP{l5GGA&FdnI;(WJ-s@VKl8tLl#vUXwro)O(D8-QXHu@v4VKZLg$;m<!F7E<`<qP
z4d1T4>}y6fN-^Ql(#H{|!IqD+w*7I99y~LMDgmH{ps{<DzV{-EM&L8-<`ZlFQR!+v
zK~foM6Pxc#U8s&NZ9N=4?VlOv5ij!2Hzhe_8q;UC_0}2qZktH+*Jw$_pcGX!+HWFL
zk`xktqJAv*Qgggx>}zyzGo8k(bw+>U-D8Bw;^1_|u<rq85Ys|Cg!7`EkUS$C%Xe*r
zMeY791-sW?_5YJrs^~duTuHz+M&6KFG_eBgQ@*V3dggwkwTX|fCn0rA(mldCO{5$2
zw;k5*-a;JnCHWOPqW0IE>{()W@>75eW4R%%p8|^7f`i@t84PDdR3->~u^>7a=D+`r
z3Bi|NeLG#R3RGpq(%e90*Z*q+7n-SgF|xoBoB!ofx{0tB`f#w)C4$;EZxfOoED`H!
z73$7~uu}kAimbjw(O+v_5Tt@8DU|kpfcfX+XnP>+i0Mv+ijxg<Sc<1Ah&oO_{nM`Z
z{*jGYmzQHTAA)EhBv`E($N+7E@4~O7n(uKzkYw>qL#%51?au);vrlkA`l8Q@&E+j&
z$hHp|<XTZl>?K{2CnT_52Cn`<^656p@9ey_5xMrujz-89=~5jNWf6Bi;S;9DlP>}o
zYYOmZBy-u~Af+W?e{p?YeBb!(4(uty&jz{_K)wN;wORzj*&B}cH9uy#IB@EP5yY8r
z&WOO=YLup&R9p0$piPx^WU~Hxt;y|`<PW49)NRDAVa$Dj5DMnx3)Arn8Z#y)Y7Dh{
z;&!khZ~7N>V<Yn4AG}cg+m5uqiQ&o8^Fm-ONJ?-})p!5y+F)r$!lS&T5t!vhZ6;!?
z_PYrSKO&$AB@(YLIPO_WlJ{#IBmpta_nBRvkCO*8_6HL-<e@*%;$43zZRN}NO)TOD
zGIhVp^^TIeL*3B@jMm|A0I4@>p?ygSi0i~>#kUw>B++<BsjPB83YJn04`;$K@Wzp7
zbV1DS&7|kqN)p&&hLig!oH-Q@CdVS3+YL&1rlX6~_&l?z^vqB#ED0P6`My*Z0|RmH
zG7S=&p{AU^GyB`aac1CP@UPy@GQ2g`XBL>jE;KlWJxlG_<qgDB)h>=dyHdp-ATXLW
z4q0OPTTD*$SG@+C<~Scv{lSCp;sZqQ?O^O%uT*;y)R(mjW^nT@xp<C|Y2a~G#3o!|
z;S&IE)sR7i9;xv|52^C&*F1@{$xlQ058KYESBL3hHxn@`!ChI+JlNB#t%7w&xOf7!
z@7rr>Ak>MwAzp>{+X;Qi*m{F+Lx7V~A3i(sI??d)+gg(z272l5z-gopzhd^kUpomh
zS&Dk+yUhfXC&+6ft*jZ}tz@gc+AqjAdStbdsPi@&(18Z1Jf#r2Le>R8r9@IA8+G+4
zQ&}0%UZ~;zjBTDpx<UI8=}2TH>r(bf1Bi39#N#sGZsy~0bT)?M-nKxi=vMN0rxSuW
zMgra-;8k8mbZ8OLt%~>+C<tG8Vx=T+Hs3tvq~#)h>UWcJUHX>BJS}7l1>%;U6<$N{
zoB)46Gsp_Z>TDpKQJZb_YA!`_zT0MoJw9@lCxFHF!=&Dh=t_P6U3JPk{KHsYMNF+&
zf#92zk@8D#feQE0`#i~QTRhX5M$BX!9+ery^#50>bC(13=~6h^519iuX|MFeH<9bl
zhnE)<Xfv2`lO0OlwbC~PwcF1!sC<V&S)3?=ZKl<q*C4lA9oz$ed<zp1vy0=QG8f&5
zSxd8iLzT+a!uqdY<js(BX5pStHSBUi;6~~Kt4`S1SI4auT6lcF1?uh#*!JHa6vl{P
zt8frJ+v*7i?!B)Hq9iRgQU4Y+KPNL)D)cbQ5%hw!Az3Ur^y%Dv3b*gU;yWc)ahqLl
zzu!&&4EwwIJe*qoI`dzs`+*?iCsa88Xvs8fxos3T{ZFZJHU(}bfw0We^6QbwF!zM1
zX*UE%y~&aWzdRj*QuJ2MWst<xUzjd1gE|{WEao^puwBOFpo50$ChX8@_7ice)<<ZR
z5X*$k8vh#5z}ZqvtmppMvV#JeB>uCyo%n2!@L5hme&m8}`N|tj{KN6X3ui(|KZoU<
ze#b=rY$;bJ|Cq6jxA0fDRvY-+g?~#|>-kx3j}3$j9+D_zj8qn!v8%<UdjrF?BD#Mg
z2~pu}O~!eEGhjC##YX!eyyE)pTa#S93ONofQgSj1^Dt7TeEbx|wk@K6iKt>ehcNTx
zRFt-+3#Q%O-u%&PxswO(LyC@<0i?X1prN3tAnYw+5u;U<tuLkoVreEUUXZ-xmx$+|
z0UuNVccvmL$zfc1qAkvb*e*HCp-Wd)w48!XzKUvShD1x;TV!~{^m6irf{T>g)9n7;
z7Zo3~6btXm1GUk%d?pOjUxX_aOxm3-`ILvAoMtm<eti}h-KkbYZOW7@Mu^oZ7D*EE
zR2pcpQRUQR*GE#`A^}k>B|2xVHexPMJ;K-DaoJHWx><B)&~4PkzWe)^HUy7mxJXJ|
zpAC~`--eZ_O#Tg2*qc&p%XIU$W)opy*)xGTm?h}*S^riUyIHb`koRA&S~){ky-jIx
z`ePDbkL#X85;@W$GYPX!vtTqLF<IB7d;ELsf0pe&l$RY%4{_BMbjMK(VwO&3CsvX+
z?bxmHxMaAk?j)>IPn=>xF3am#8wxxp;S4u6D*;}Dk3Qpv8W*Ur!3(B$l8i`vgg63{
zm!Y&bL)#u0qC@d<IJGm2YD~be?Me&I%jecz8eN?T=61=?pj!*5u!Lyid!Edj9Hgoq
znBnq!@>CVULE#69+b0CAJiT)1{xXdRwy|g>W*_R+;{YhhmurI&Bfsi_Q~R2u82z|z
zQ^6N(yb_-6nA}IHyySn_$a99+jV6&?IifGCE<#xCPgxW+B53ZM76)1fIB;eg?F&bB
zk}rdA)|o^<F6tJ{hH4bVgEa}+1QH(KZeZAbS>FF!k|Dh$R5tTDqj!kV(u8z3yezn@
z)9c<HqdlOH@IzCBpG2tCE}NEh?0wUFz3<rhZCi0gHz$$#!1nG15USPBAk9jYinKYI
z6=347VfDruuq4GjZfeR76C|iZLoW2@`1TSmbe|mdHGX(j98E2l_p-Z2AYv>Kw<Bl|
zDYa&}beq$!Jw0G|JyZp_V4oSonUjWU&$)jHT|qm}^Sw#@Q%`#z2d%_VgV<K?2710(
zb$t|seQr3k$P4Rzm|ybnqdtE`u9F*+(I)AM7)NbsW55^es`r<=pQ{a3+_46Rpo+-7
z<8&2!y3n6|T@;#hA$rSKa|5slT^!X;OWHn_>T8QJj8pNy!xurgl>M@3fR}A?O7(rR
ze|Hn&7#b~L@3P<2$DJ3|=q(bc2l)%9*E^&Ot-c9aCYXsj1pb17<-4EM-a#p5Irn{9
zkNs+xR!$-+8h)+>>9d(#pnkh+XdCcAKt**0{30Eu=)djKANh#U=T#?{7@3^WTruN7
zynJo&!Y0&#@-08)>Brf4kAZ!a&L3$30&LbW!pc$hV3PC6M@t^DSydmI`EMB$$Eld0
zckw5LzTBAwIo&xxmc#N~-=atYM4QYx*iWi`qb%`CxX#|G+aCo^YJ`f4pBfVWJEe8m
z6)p~VjfN{smHj62O+Ol;PvV)=ighlcccQy_CqJ{+GL^<Cp&=a4?F&u6ukw|0yeR<-
zotDYZ)%qG`dfG~$h`pTR!4DFs5+z<0^V_tfYGj>BBZbtulhBM))cH0_1|O#99C6H9
z`X;PdnSBKi7FU7Kzi(8Mk++NPG8HPw-UZ|i!Rm<f?YT1u*US!C2Eztu0o>3O3E(t=
zreWzN@Y7p1blIsv`S^At!&$*5DyQCNxFGp-^gLAoA5|iCeH~U&Ey_6w4&@t&a;i@o
z=DtL}sHi{2g6I;xlc%(^`f7V3<G8P`s&KzX9o4i`8Tzm>on1_DM<*{-)*;S7|FX1U
zwf>!MLy>`AV#7$4da%OdMV)K7L-kMn2$l{qO^ZiM=&xC^eG2H$!jTch7OCFrg#79d
zAw9Knjr|0IuAS{voLb30eZ)=Ji2>0n)sWcBQ^($Xl#q2>&=>v`=evOraAYhk;+Ew(
zf<MKAg;UW09gp&6W*xB==As^xr^n&Ga>VKLAfsl^+gKxlska>@v8)@$yvVNVPb<9o
zuO4bRCA-NR-}hTTV}0<0A#wt=N&G2!cS_rVxlZ&4qi=bZ2Q(}}3l`4i1LmnRTMXxt
zwDhuX@nxYYFQTfOfmfJd4h&ZkAKZm%9tZM=uq!8vQT-0rl#5Do1aqqQIxzx}^?d2(
zLf;M{^Gx-~wVS3}FwI%$hA59H8D}DLt#>V`UN-Ek@~qaKAvU8gVM8Alg{h05?<*Ku
z3vdEC4?2IL>yTRrG(UjU?FU~i>d&e@7>dH4M;_`L2qURtixG*0FU;R|`KuNGu%pXH
z7!>C4`4y%OT%xYTRhs912;Mf(<8|L2tuT#d$V=|XnWNd_xohko0TXHHYrRYOsPi_P
z<+(-aQf-?*NP7FFlYXL;APvljkL~e2NctVt2RZAbiF+&^4g(SEE8SYJfqHJ83CI`;
zt`*HP=An7a0-!j_j?=(nr^h|?w=BLa3hj`P#NV|JR}3gbNGbxIYnoNuf7PCl{$nHt
zrZ}c}js#*e^`fX?Cq0J`_prVWreH{&J8Z|yt?T#^{twYVgOaue=rKfBiuR+ye~nq=
z6ZE{6Bv`))c&0WOns1FiXz@P{N0j5q-8H*!kmN4l1<JJqS4|jp_pC0Gnc83>nWL5N
zVX>|;bsIg<`2`H8#-&t6;hY_9E{S6(vX#Akx$L<Kp*8OEAo8Y%N<xffDGkq?Qu~C@
ze)>`GnEqTZ@2B~7dc=U55&&$@lc#CfbWo?5GdK{Qg&J<EUoD+3e8J`J4&}XUeJrom
zHNhw@hq9GJMn3BA@7bHgXjV6PCleYzS!TjneQ%zN`Z;`Joh`7plE+rk=4nhYLpqQD
z4D(dYv}8QuVYMlF4pSl0S-u~Ll;2z0t4GZ+LYZ{(+ixG7rrUWbr-m+}R2Ed}!>2X(
zFKoL4SX)k{c7YQ`$p&;Qi0n)o%)BbfkWOs=k|RR|2Bs9F+a>ne<NK>K3L%+ewYHdx
z<H%e!k7-XJY<hFlr|J|oTKA1SWfAwoujJLQROt1^iEpgejX%-#;;9ZjGyU;CR3i2N
z1?{mUF#l&gYEZR@De}#Oc;^zbeAhP7@xeTJ=e{iG7=kaEWOT8lx8OOtDnV96`;6Be
z|9Z~N>Hdppw<)@*xcH_-=+Sy8QEa_46W1rGg92wvRQ<+`a?3dX#_!oh*yD1DNMD1;
zeq(D#(-ubJs;roG&d-zVONvCV{B=x)>L_%NSdaHp#TNY?;h~@1Zi#VO?M-u{=z}1{
zxzss|7rl>?S996@{Hz(#FihorfX@Ac*tyw@?SmyhVbM8r+Mq7^zu?3>yMJ>ZI+)ke
zf0@19kNNTs_B7|rh`9*CT9+0a4-n{0w1~`MOmKt+mu61BE=VUC8PYXX7!{#!<)15#
z*~ZVrOg3S2za7ktHR4@=7c6#`-s;8alsh1?<JLU7tH`>A?DScObtZJyaZ=r8qB|j)
zqp`mAQ&#(0N>q7kW!*hD2~ld>Sk8m34y-Qi{3$mYXFnP-79N5528&E3+6W-1ao>cB
zyGD4YT%}$irh*CLLN9K08o!I^o#@eIbwdVibgsMrqSIl`Ka9x=8IJ6M`HJ~VHomnc
zd~3B`$WsQ5#r<pI@4}F|5U(NwRFe>Htn(>WY5?PQir=QI$JX%B-a-xMs2uQG*L>96
zPY?-Y5ka>Hzr$SVd2~HcGQz}`j0b0cvsR$-d+gZjBu)oLMWCMh88`f>m(dIH6PO-7
zH-uyK<ra088QV^UeJXszv@)3M>P(%qQ2-AcI{A-;@!=qA51Y@O%y<vHSYS{6o~K93
zwfYCMZ9el(_vrE$YA+-<jktKX{EY98rA7ZgG9>?Bd6ml6TeTbgNmRjb(J}mFw|mXR
z$CNcC)CY+3_lhIGn{RBGC-Gnlz@LQ)95e2~;q}W>(z^+nEi`?rFoVee!Tj@!`jJrO
z)sN|Q;l;VXk0cO+P}udcw>~RTfBh$#ZfX7Z+sAi@7x|AIrXZ74-v~XHowzKRyQ<rU
zK*}2K>xN7JQA+SLtK6H~h`d9tqmkQ@I!r6$ELs^UF9K&U674U;<8I*zbPuUVE}L@(
zQr8jufnZq3wP#@?`-RYBOwqD(=zVzIj2?3+Do&XU<xUL+#eH|IU_(}wSt7{f6K;4W
z_f9;S)H@u?AI4>vDLAzj#nI3rIH~-ej-^J@WYK;hn?_nYWN~WW1{=9a+gbZxp-$PH
z1E*heHgF6N`cCXQ{`OkE%C>2Y6lEV9q@%)dv;+zG&{@+J>F{6~t&<0s)7<Eedm$Ci
z5r0sofTlU586Y`SER{_6{OtWX@sp;!l|9r%go>cV<g0;9Sb$<@;VR3~(j)d-`jnhC
zgVv6;fx`+=Qz#tYN_bmPy{<f35h1ONPXw?Za#a{WISU5G)zBVo{*2Ll!3`Hg9>)qm
z(Cf2EPxtx3B`yk!k0Y{>t+0ZMblQB}U~6?f>Wn#lrrgjv%$XaA(3pu$BS<705ZL5|
zDoj7cv7VZpKJi9`L}f;nH<TYDU*+8|-n-h*qs}UW<_*w!BP{958^eLWsAH)F2py7Y
ztlvH(4<K4bpV5)J^C|wM^8q^<HN9y)Neh(he$atlIaDow$A$4#(Xw|nI$rn^T{goi
z-&7RsBTJb6TdWO4ynMc18V%Hm_-*?>FlGmG$iz)pMSI(_jxH_KYyHqZwr7NLPjlca
zQ&13gmbmGyJ~+$k-O<SI{dcOAATPgVly=gMpe4ni3J&$AEl8Ky3U)hK&1rB+41@C<
zuC6>f%ZG+Mlu%8EHx8@&6U`>67^|03%`Ta+)7!uOoyNY0vfnD&)6q+iYl1)Ot>}C@
zx4T6OmrT5ZQf^DsHZf4y0VN(T_2!(hXG1GZq8dreJ*zlzovBdZv<=NoXb!qHE44eq
z&<DT$a?yFnA-&92Org%}^m^lu?AA=SB{SwxdU8zj>vtP?R{l`Gs$;{|A_LUK>n>qS
z;s}Y|bMAX`Q&xN3PBGZyb&A|qL9u_^t@mS69EU67>ME8C6IMRM8R6e@@A`Z+Ze5FV
zu=_s%7YgoDY+`A1c{*ZTzCTYEJW8x(#*tUcL8oZ{j0n~<&UTkQKiIqfHdBwt*grz3
z7wO|w_W{8~QFW-;<@+O+zFn7N#h*)`KKnCpl~B9&`i9?TEd(>02oYnK0p;ZaalsF}
z^BSIW;vgC@wuX!r<m=7n3&*1{(TI=4%r97p-}%y{B+9Vn2suVa8u+9nYE0BMS<dOm
z1n{opQFeGD+@wDF>YU_6^&&dNy(It)zqJ7LSBFx5O`#1(t2JpEFes4eD~Y}OJ6g2K
zPxa1ao}`a}%T^Ey%<366>$DAa*@1ZHH2o0`zd=4-r=R7{wqt|HGo)D+VkV4UnlmH3
ze;okEPg2;m`7I&!%@N-WrGss4VX74P8-Zgxp|`;lf>`QGb9_x3t~h69idcX^VWZoI
zr`)WU2)EQ<ln8^!A3}Nt3-_Un`)qhU^m>mgK-M7&H;1yN%6i%tnGZfaF|d<EMs)cr
zi4(Hp^ztW%?vYFQV8ND7jV85Fw!7CY$$UHEk*uSe(Y7Cak#wva&J1@iB))N*(ifl1
z!z!c^4s{!7+X;U#m<-JSCFMHcu7n>V8Hx8^3ZyZv9eApI^Em(IZ<UQXb~i%4xqwJl
z0W!&7e~Q3vJ7sHly$kXn?nF6CJ0#EPjd7SMX_aKuOTNq4bDSNsLBh^@`ANV~C)u=w
z7}JR&%DWv;P}&R)yHD3B5oa+J0H-~$zOY@;v3~fRClu~qdiD8=f!Q!Ilvs|X$gImb
z*w#7Xvi#qu&oxp*lm8bHaxkNY0yv{L>UzBgX>7w6L^I93ROdEty)L@vuz!yRW}cF6
z6iGPn{Bp>Z(_7T{tErypm-K~t6vG$kE~bLdEg!%B!|xvreKa7{Fw}w^j;6>`yCOVr
zt={y7iAi5)NPrvuFRucVF49c>O51Y|#b)x!a_~{ZZL7HQ_hFz^2<PBvDS%nkh*3R1
z=+*N%WELaSHlOUn;*&9d-ir#(NJ3pS`W|bix)y%^WMsm)l<+3g)O)JgT5v%#bt?4b
z7wyUC6)Sp1A#9lM$`<oE=njwaj@L2BM{um`A|+$D1z}r9nvK}?H2Texy|p$zy$2op
zGnBnuZ0!8e<f8kJ)KkGv*%hSXCOg(_k9x+y{5W}h1>_;4EUwUqJ0b4M?n|GA3yo;U
zZmK?xvmd0||Ml;D$j?O=4di;VsSl{vE(wFYCT$l@Re<xt^VIX$W*tsgd`l5~^r8tq
zx&D=<(4Y^i3D3nft;ATP3l2dDBAp&LyIj#{gv?lXL8ymzU5?NB2~svgY3B#@v$i=#
zw9LJ#mN(GO1M^33!u`-^+O5iQf7%;4p72D80Rg<0*qlCZ=27>Fpm|v%HqrQIGjZ2t
zmqx%mudd_G?rB}%Mk*_(`Bf;qtA&@)%5+g$=b5C2@B_#~YEG9^izG8wtZ5(D*zEaC
zmOtGZ;;zN@<s|%&g<@D3Zw{OY{fKpSfv-UyFOT=3&!vt$ad=>+*{9ZJAi61sil=D2
zG^fi5a7?mtvBFC0f;S(3+<$XV!nX484tq+Wk)#UdVAIr69j+Fwwk&w1GIW$GBzB_T
zdS|yLJKrzUn?^Do`+{|-bSSyFhQO=X!IF<i`34%^;Mc>`3ub}B_X*}Ojn>+de^y6d
z%KkAt-p3*gx#PI25V&od!rILZfiW(R)2_2l>qoaFT&i&<jA*?jC+$bek8%xtIO`;f
zC|oDn_0q+A+-)%Yb<ZSqp3^k{78JFPFP(zCf@aZ{$z6hUw^h+#Ulc_^A1*ENBf4B;
zy=(lbJW%BD-`BIV=M%GyantL2Ce#v_+ve#@GBYAQ&8j3?c-#lsKcQ#Q`m5<_L5et^
zJJ-#cWUz79uqQ9c;oe?Ct)*wMi59Q$(PA$5CRdcHh~m{UH!;$qr0i)Ftr9*W)&Sj^
zwT&x@)qMx!a?$q_qatN(gl5ta{k~iUfD`4wmkPCAsrwbNu0Ph{UZYqd|2RxOJbVy^
zsSZW}3H!+F<i`NJ#?{%?VLWI5YJ7s{$wRu$O-5x`3VUMgB}<yaS|i-4Eb@{6P;VMD
z5YBq&@U`r5GmB2=JGmL}n{3--kqzE>Pa2^ecnT&j@Dbyzgtkt9!l#Xn9qpT=Jtp$S
zd|6P{_zCX9Z6&3r#=n8wRg3gIB8D7ZUu0&P_I~ah^{GAtVy~8y<YZ%lqP1`OS|Ej{
zM+{Djg*$vNmHRV^OjhBx>36vzxO^GZLlRyjl`XD^4cmeX-Fyw_J#<nZP(6XM1%2}t
z6T=73HQQfOkhY}TbV6{+YK|)M^a-PN$mj+R!xa8$W(VKA`EK+5`)mkVal0H1ln1|$
zLVQeJU1aOc_H*g!8l}h(9gd7k!?LwMdM&44;CLQNZP{FU$v+=A0ryDaN`SrsSL(rJ
zk;&2;!PJy?dEY?!g%I2NKpfKEFU=q{^BdVtUH^9rrnuyI)0CN`8674|8AU9*BR5Hb
ziI%wl$JncK5PGFwMchxEg<hQ|Dm2Df-<ETyL4%IT0;TE^r0VY#dsuu1qFV;3E7oG4
z#)kjl?TV&v)}**{7GC8vfsc?6phQj}K!{CrHWC<*u6MHN^*C7$fXdWE(LGX(xJtq)
zIb()$!s5Y%+E`a2RHnLmD(VI0+&xQ{ZCWbo2XiK)2;lpD-{y<`$4Bc4CPOM<o$2=k
zYg)tM1S{&;x(yI7rJKL)bA}l9-Vn%)DF9>Hk@jTXk~2977w&W5!cPL0#b+m&TpK+g
z*3-C?G}8d%qkH5AX{>JNSwliOex#kOB~6?)Eg^pK`+3@Zu#uPV?jRCh@vh6B<{9!;
z9xHTyel1OG{{FT`De+`2BFwHBs-F0thDs$E_N#0JoTTQy92Yp91S)^A2&hsmeSC@9
zty49ilZdUcH-Jqel>A2;%U1=7irBQp$P^M+%+CqI(D{NM8q<=3M;^D8Hv>c=@`Us8
zKGx76>s%b3s-QYTMII;uJV=`goW4w-4|q5+*F`x&u9FU8%trEG1(p4fyBDk;+vFL9
zIUTqh=wsPv?(*j+(RPuvU_#zbeTs%em6aMlrv2w%sa+r_Qq>PO{N8pg3j7tMkKEn&
zbMU94kDXhuIfaN!2VpCL+O>9G^D<tv0i4V?>!`a(gMquUy%T>zLqo@nQ+Y$&zl~=}
z6*n0@q4vcy&2k+j7+t^SokvhWx}Akg;YSgvNYYhBQw>6aKRd9|KOH#=K+zlu4a$qd
zZsyp<(b2Lq97x7PcjrhtED|a?;nF{{S?6`Tsg|kE^VwQSalqB9ZJjh|U~Q4g#u|^s
zZ%E4QG}SsZESU6s7OpAzxZ1w(7l|@lz4XOj`>0sDbmc%mmXYyN)D!#M+C7R;q*u-F
zx0NJ))vo8(=S^<w5p$frV+dV^VoXtCrT+igQw`b*iOc5iP!q{|UiUnN0jUSRO$9TA
zZ&?_p+|1?aZ%i{j-nsB0gRo!JPL*J2_^dlcgD_PYV5SaNEO;sm)l5Wu(dG@*8%|OV
z#8dO!|LXHE9@d+LP9Ltv7QQ%sRZ>cSO4U-PJLSu$CgV%jbZ-86k1kpIIW1<8G7vSn
zyHV)zcMRTz%~OwpE95HMfB7C&7)I{1jvdK&dBtf$RA<5J=V3IJpRqpVor8PQNj*CU
z_uED|OPx~LQ#&x-Qz}lw+>o@W^CQev%NO2}hcsO=zY{OT6bRZGpb+y7$1n%kXd7eD
zEBkyV4Ey%IqWCZ}u#2>-j$`eW?9zNDnJ}+){JX60_|V%$u2i$~5gi<D^s)75Vr#l<
z#5(15i5TIZ43}7lQ4X&Oc%Go^rM`?fYBENuR_BuHBlUgZGwg!+f)Cq1azOw7aUB<$
zf_E~6>PV{%O-}BA)ufrtgJT>7;u-f@@qTZtaaeqHnb}Q)BK}%@?l7Q4nxB5`Lg9`$
z2<teYOoH6lPxy?el1xiBgHjncMDT=$-r~PTu=JRzfm(oL3Y~CEZ$>h+Rbyb~^rEIo
z`#KB2J+B)@v)T3ixri=6Jxa>~&#&i4EzeoVh*ItH?u*z^D2@s7!y<yRHp86ML{L!X
zD^OB^EhY_{bm#~mpT*HB^QV0)ry!6r5eiXQQ`M=+?9V9tILmhR{bW~GWKw;mv7S8=
ztys#q#Au(wte$+rSt=C`-+cFWSyr6@fr(ejS^Z)zrI2zTR3T`#!SzWqSU^QA^gS8_
zfff;HWgkh|`uk79T0-SEG@kAiCo}Z_GKVk|!G_)&+n?-Z_F+np*F`#<2)Jqr(8eAJ
z%mD2@c6$w@WJUpn^d81A^3w}fHF2S%XH4E2s>1MBK<6~Y-1U{9c})n|_|u1}aI7;c
zIwiJmA#(f&p=|0E-$4H_M2JKb$5_^<SY&VDjz*V@QRt%Eq>ZYV5<q>qEECt%@u<iF
z17m+;%MPDg447NSfPcJz45GfBhQJwh%~fXNrNvnVP!Dh%lgWTPx;t2tAJ^%p?KC|4
zS=xy8gr~GnwEq~`NMP+S9GlG}!}_8cw%97|4S1odRM`-Jn8cj7B=j#F{~`dduDArM
z`yVsF#Z4S;eL~Xu>gK-sDHjyE2}X_uR<Ao<;C$tXm?(V0rGsCi2L~|z8KT2O?0skN
z3<ux>8vXaJc+HIjR<Q9@JbRCq|4zFpaK?k%Jq2ZdD*br(@iMz4PYq-b4y<j?iPk3(
zzgj5}*$hM8&lpfwAFe^IkRrkdj?}L<kw*lET^J6w!_*Qt6)*@*W*YhW|3vV0@E=N4
z8A(tgNj23+XD3K&k$8hQKXYsS<Frj;j*?sNTJlcWB;v{OFK@ko1T=24tyxa&#*Jr}
z5E&zS+vDiST;N~mx^?RF@N{FpQm_>UDt{xdKI=HNYy1zO32^KbnS8`Cq7e=m^OhQl
zj?MXY6K2Pl9=ir$#_>?9_?qn#b^-kIC$M4sDzd>dghj7Od1eOp)$Kv+80<@XpZ)bY
zn!c-@ta^MxHrcdi(`{`l7yCa%;kxlkwV_3}PW@v+JF3?fIS-*Y&JCLzm791L2?m>t
zvj#hB)A~946@V}eoGXv$JsZ$djy1u35i+ii2tR^z@Dt0k<uaE<D9<P=T5pu0mv=3F
zHv#OP+~s&AhY?x(Two!6V%bm7`C&Z7hiCTuodjE!*_|^pC9v1H0K(58DPGD7b>BDf
zX2nymwoq!X&DNP%M5n_V`pXgnYg(P+7D8I)%>B=>&f;@|Gp4z=6kZv*kZ9LHDoo9+
z^%0+rOcJE()9{+}YJkz3R9s|2MX)`I&ddl|s4h=di5IG`&~9F``TBCU>oy!2q>`j_
zv%d0<`DY_$phMkgHcNTDpL&EgLmJWqm;aR~TbQF#&*w)nDJ+HW2-1-RuY|^2BVZS|
zdSI2;R?U09LKTyedzXpk1*!55zP)3CcSf&og!Q$qD7T)(?3wFF=+PEmMMfJnM*dKO
z__IiBi%5o;4U%-%Q*>`!iQ->ZhisiU&(#)eRjribX+|=6i|a$fozDwiwaGc?`4v*%
z<I{`Tt*>ni7BP7wLsJ<ON{adQ)G`gnan_-q_;)f9=XnQDI~)pkpm7dw)bq5m)or*N
zOVZe0c8dwzyH-r!K*ahN$J|-By0aQM{-Ew0<kubFNY9c`fw@N>cgqe@GuH|t4sk0Q
zL`WzZJT;Rik!+1juH&N2#_N_08z979yE+|?^_PhuNAGtF2IpdxTB&D=Mm|c0HMl&l
z=eojp83u)YKzesJ@w=#a*g-u+v=Z6%ue0$?tMnfR)2*T0#Tmtx@k7co{(7vq#+@C9
zpTo~VQ5nc4r3H<846)abSsM&T1M~~7JB8C%k}oNH7RW!_FeiaRNwecLo*aS5?z$M~
zZdO%ypDi{TqI>pwZb`2G$SA0TqW<ZnFM@&@>g`Z{PrL=lvKGg_j(cSoKhg~m1t{H$
z^8`@jIb)xx<~l3>RsG!Rma4my_Pa53xZ7u;WoW5er_OCS#dW766w%?YIM<6;>=$1m
zB(_#n9m(H!t5UBlDv?mQ_wOZZ7erg>5R(b?Q!Srr_c6r(f{Va*{9GD1+LnN2<B>Jq
zw?6T|$T$r#Rem@7rZ`)#jN8{+5#Q`<$;UtHcRo^Au5b5Ddp6eKC2qcGYxIt~-QiVt
z460mr8f5##P3K?Hp>&aiD9CnhcPJr{ySw&GUV4q$A3T0zzjgv9EqKN|=0vjA1IF<4
z*GLiru4@aa%_gyrsq5b)hBPZk&q@6k?i+hUWX)ZOZu~Fd#;1YGHGz}lHMYXr;n;_v
z*nVyRJ1?l%6U!e99l?c_1x}E-tOUh?2E`F~5N<B21x}S;FEpqv!sYU6L-<Vr-faON
zs@}Ef)K!k<a=V1BMRBm1!peR*q%0viS&Dc{8F3yHev`gTH{1fGW{{RO%kvD7o-C{Z
z7w1|Rh><)>+-uzN(PWkx=EF1Di@~AmI=n{8J%PdsEC@o;g=qvY|AV>(@3P&eFkck>
zhd}(*z1tCbVDo|ljiNxmzush9hVLMfU39u39(pOC*emSEj;R0hO9?d`8z$Cq&i;+w
z2YN-2MBR|oVs9WJ7A%C)0)^jNqhE|?1OA$*RIwmONg%)05(VtNpU~zI|4+A5UTU#k
zY0fA^p^Q@;sCCjSq;t^>4U&$bV8(&ThK(Ruvz<(Wj!f~Mx!?V_flp!D?+3r2uu++1
vm!MR_vVbM_+1JdXFaZ@zz5g@$g4;w><JIK#{Pp#o2S7nq6<qz^Ec|}~zB{+T

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-167.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-167.png
new file mode 100644
index 0000000000000000000000000000000000000000..fa8762865070ac51a2ab3b4262d0b3e954372af2
GIT binary patch
literal 14136
zcmb`uWl&tvv*<f841>D{8{D1X?hqs-1Pj46*x(L>6Wk>@K|*kM7~Gu@9D=(`@XP<4
zdav&LaBkfXZ>DCiskN*3UcG9s-QBBy{q4P)0w&rUGynjAsiY|T;k7OP&kqOr^+*>Q
zSNYmNOcg(<0svkN001l)0Jwkcg6#nSu3P}Xfe`>8oCW|8Lo-`6L|;!Jo4iwyefh5s
zs?P25YY*5(NmUMf074@m!^C-(T6*oGcahU^F*9~C7dCY=e{BFfTs-{jTyNRAxiopW
zgn0ynxp`T+xP-a5j8~Ae{yzeC4rbOCp8vA|4y=RvRe<ULy@QLjow>7%u^se(mQhH~
zc?JOZNt9%zG(8rNSKNIx`xfEnYniq5V$`#fA`wZG-T)9sAc0&&cy2z-NRFTy1_HIw
zAQJT&;35<X?6=>>xF}jt7dVJrK3BJ*R^A$nNe?n`txXJs4rQnFwoZ(v--Q4CNh7D6
z6o)6LK|rriCrK=+K~R{h5%5uipii9z$`X<PPYI;<dQzeUUcwZy!AK}bD5vpQfLNT*
z6p^F3u1O$wo`{wik<aA!;eQtTn2Y{?y$NapPG`a2_JqWH!~m5tclnGMgEZj*(JpX!
z2>Sb7b!JZ`83iz#4k|)fFb=ZphoosqV`U9o*#agOWkie931*>u#9c!rI^;oC9)oP8
znCiq&9;@LDIO-ADebSS|Hi@pR;Vg@q?1-{uX?dRz9Cd7HR)LQ1XJ;7zPb6a)@ZjY2
zG8?AhF=}ouSf5XqV%+t%wJFWufm0_r=;9|gToJi>ZO^7R$Valn$_LRY>WI1&ky)RC
z@~0#lyCebeb}xll`wL<0(t{QXT>g!=6lD_GHcc+Ur*EM0>ITV5;Nor3LJ^@+%fMCj
zHpZUYrQV4C<jHJfS{bCp#<D&D(h$M1LAq`&j{h-WPIOcn$GkTyUpzN258To{%&zYB
z(lW^GiL&MGBus^Hd6#q!5gE?vr-{Rr$2A3#V7Zr-f||5jutZ`5y{m2Fe(*FMwxEf`
z!s<x6<e3JqF9hyL!w>RH_E3WHRnH~0`JugbE^*b808+X{6sH`0*4@B=TA2jfQWJci
zYOes7Du+$EQbrLCqqX8Fdfx37%>?1)`E?%1Og$8{;EFgn>N=jKAX-7fpeH;a3j-dF
z4>mGdN7j`1I7HU{;2waS#$}42qJx6i%_Pg6i&9v!^<+s1Nsr6~EvTm?4s=Z}N9)VL
z2@fBC8<6TBAH^=L0{&oE#KdUEP4$cZAPfJ+m&=Yr9}&p|+f6@CaX$pB32=}@Zin7F
zVTI@PfgFj`)O53}g}a;tnfP5W(#F%nbl>8*Tdi63orzvFos0geM3@#sAbwB%zS$Lo
ztBmwM<_#Zm{<l2DK^CW0AJSz*;m=DGfj^qrxi>#U)tqb_b)_sws7MGUXK~nNwc*N4
zf8p$J6dl^(%%WoNJf*Uez)}R4QB!+js<mvwI=i7)=;+{?A1P>3j8d5ds=a3G5Hj6h
z%Y<FcT-H3MI~5WQ0?<i5C`+n?ZnJ=J`Bun%sWqtGd8g5ud0lujyjC4_7fH@e1=28>
z#T$ctW`nIN2YjTFI!Qd-5}o{R{q8E%Xdl-{)CHo`0;0k^#$F85Q}rc-!mioim*H9K
z&BUu=<Z>F%F}*Xq(MVrszJsOST=3Eokq6nn<w<~3CQnh@@sac`-?oYa98;~RTL8ig
zqX8B0Xx4uLGux!^k`%W2n=!7?i>%%`qtt}<$+aQvXr;{N<^(9uQez1Y7`u5LR3H}S
zFGKc^m57Sy2w^B__`r(o@m+F4cuGo#==K+Ah=~0BcpwTcF3lShhA3&>N{w}bWzZQG
zkJ2RvnJ~i6pEA23G^z0L$$V8Kzp-f!rii13PG@ps;#|a{{4L7UNfK?vbvo#Gpe@2j
z_e%_PoEqVcRB3#8jYyNz9;@WrH`7>()EfPk?a~21z@U)e;E?t^i(K>s(^c61XKjlG
z5*L0X6hA>xY8KKf?5oY9ML0(aHw71T6U`-$aGU?{VL<;SqqihEp=-Sn*ORqU6&C0&
z{%ArPn&bS*)d1jDEB%b7gGxw++;S$Q4Mi+IjTcqQPA#rPO^fV4P#8l#PS}~IJ&XD>
z&iIh=UL&dPHZ}X_Ai?im1g>PBFx?f1VX~bWQd4RRhe#*lxKp^DhZ`4YZNBhQT1p3S
zntpX2WBeVgdy3YAC<W{Zq#X%@TJe`tK!eNKWI!r%L+U;`3WnHMrqpt(D2t>mY>${m
zjkZ?gh~Nf7Qr^ME=_pj*IZ5JY|B+79%noz8Ro#m+rJP-9clqDQ$M4GPDPz&nB0k{!
z6VE{<H{}ec$Zz8(C<~LOz%_@@E@s+iVO``dLx_=Es$SUEkk!_NRn}@~*4Ub#Q}*p<
zKEo-sc+d&C2n!+Sz6P<i8LqkQx#`!;IGTKAHd~!i4kg;$A+X1f_NlBjeza>t{sA+s
zGXss#l}0RH8{K$LBbJB{&^yFEdo3>DmF&l;W_F#7FfEkEKoVB12$h-!#a)3rX6QZT
z*q=e61rc8#^gp$8#=_N!q<i@+5eck5wP%)sgZx|q^=_D?C_9E_r^ph>7gft_smLvH
zFU&7UYNrB`4xG&nHfD2bIY%Lf5&6qsKZuI_>%}w1%j&A(^ML9oO@@Be@?{x}yhsuy
z*ps#xp$hnDmZP;L;?vWZDr#e6CQfnqo`9bCALYtzRm2)xbLp|h{O)aO;<$4lFo46X
z0S;C>^-Sy7T=6L;G^gl@Z%@_NNcx<G4(4AsKt99Lu>hL~*8$2qQ_5nIJe9KJ6@Xs`
zeQ*SQ!6*;oJy#T`DXx0)2i7dZ$GZ?R9h60lL_TfA#5x~~a^T~Tn-)?FGyo%Wm4L7V
z|Ie$4WmZ^8jQhu=rBngSR1*4~ZysDZ)s$$f$QxqSDg|aQFOsM_>sQ-XQ~z1`@(YX=
zmK2aOrU<9ZtTJTZaO>K_H&z<=q%$;ejN1my+|WKW{n(idq_NbQfz*7O!(P`{<9k{V
zck|sqCkNqPW@nAvVqMyZF%q#+d&RpYo)h)^Pa5QJmawY~0>QT`dyv>ckQ48F9j%m3
zm_CET8736`#R{*g_4T!t6$((R4Q-c1J$O$l+u|lAij`mQp>PFS7IeDi<5}CcxV=Qg
z@4Bk74yVV@RFKPx(yqLF@yrb2Jp~rK<9Bk7RdCwSnUlb+M8(E`H|xo;TErO+hF<7S
zcJRHOrV8FWWo=|9MGsN<6kqr&z*A?>Qpy{qxuMiM1Ch^OqmUai^ue#)4*$W>^m*RU
z`4LIUH-=NlpOnK;EXjibUw>jgR`3+@{M%0sECe;4s$CPI528aj^`1r1JCQIsJ|g@8
zE}@<#;_!lSrgZm4`UzmMO7gc0A2$Oh!|y9)W%13v?Lsx3nSi1!sWqL|fCGh=F$Zxx
zmS~4tvz1UIX8aTaACk#nB{rmP=8~EZEW?HcII*N8kVXwseQ&!Na#E<pdjB!FBUJ3r
zU#HdwGH;-Ck}i(lYlX|EwUJ&s7_FXg3&pVu5dTt%wdhlxB96CA{Dm?40`e>T-qTa$
zqGKRkQFK5`bE@bo?t<sgU4Mp!KqE;L6i8bb>7BdG>X>CCj`F*~twDekW0Cs_yIgGW
zAsT4`paV-Hym+){Qtry9O-H#G(Mt40(j-}H`F!jR=imNnaqnH_KCMosRR^wkACm)<
z)}&(~t~gXRWUB~&sC$C++u$w|t@G@*k(pg+uBv0vJ7&*7O!_d&hu_`}`+5#Je_MtO
zjOZG@!SjJ%&?S{j)oEYL=U($x&gKB`0!8T$<Jz^gG?FsU%1X1DsS->F4|0=Y?5;fO
z!yx~RuFB5XA%?s>W~KUVzg80Oq}tg0h#sWKDnbq=5Yr3dl5Pd4U!RREj1N-eb6+EG
zVJ8^G9}&QAJWl7r&YqdrU2Pm5W!L1vd@PT)9_~hIqMT%aHx^f-mF@Y<Z-Omr6gwDZ
z!htqE|59+kI%KjKSe`^A>PibD#Fe|Bi#!-r_W(2>ujW$ltIE<nsRVt|KVwIHUtE&3
zq1>T|A1g)2+wdsTfqEbGG^$B;Xyt9VC0S7Qhc5M4hs&9RMhXC?vPnAFChh!ctiXby
z%jSEbOEJ=v0<>yKg;iEvIxNIU`m$s3^}?9?O)$SG3*>N~4K)oaE+@~wt*4WKj5g&r
zamsBfvJ^gLOwA*;D$Fx88q}ETa02O8=A2q6ng)hPL~L`pS7yh#Y~t-aKIYiNU}h_A
zbce%FE{#B|TqgI3nypo~oP4J2i9`h1h#CT5eu;{b<Z#Bd(4~vds17Qsem&58a9|9>
zD7iTmc|FG6-nlr)J7<%4*C<y!NOk}=r>9|0;Xaim$fYH;=28i0T#4U!ME=QsKXp@N
zAe5Wff*?V$Z-LvM#x5UFYjH1=o(N$+@VE>9BjrQ85&mk~K4=iUG*|rv#P2K!B~2e4
zjijQ>^gDkW_;>;+3SXq5B7bqKB?!KP|6!D$&BG%x*LOT=fF4!!i8W{k<#)Lgv3$np
zE>3Zga{%iOTS16n`m6(I=r1ogB5#R)F=aE#d?Q2Mz&Zzv!Awm`tUx!G3B1!me+QS)
z{Z>TLGG(UUEkp#&SNfKS;p_#ji8k7=U&WY5&@PIWlhScK&j{Wk*gpGByE|tG{yG+p
zcHqN6dt3HTbJUZozOKV~Rd&v{?I4~7Eqgo&fc7zZdR+}_@9YaIF`wxB(t)C2$#GD9
zOsbexYdSnt4M~YW*Q3uR=={Jw8Pe%#zXIPkr4PixY3~y~C(`fOjPtvvqf-@GWj5wQ
zDi4pq_zbv5v5Byz%noTF{TXr|;Z)vT@DVSnI4f+0D$s84H}C#hpiR>;_k$kJXSsYW
zOeXd>P{wS71NP<frfXm^CqVBT9YL>>UHu%<GB}g>iw*VDSfu_F@fp3Und+<)z1*Ec
z!R=(mFOm(B+{UyCJe(Y>jQSW!4A+uTb}BAk`zQFF_NoHZvDibBFUSVWBbOmbtfq0%
zoLI&{u7l=+?P83$o09cOn?SBv_y01;DqeD+urzR9hojO#10o?5^X*`M!&4q_R7e?;
zG022TO#>b!gtLohp+q0;5=Y$JYhE#i=Owd*DvR_t7}&?8Y<#hX9Fp;;LyJukRrx(e
z6;hLL@{0m!eA%Qg5VQrjEAs(GO+<tGmDZc)skH*F3!al!k?OKdGIX%a;=UaVSKv!?
zNkP0v@@rU{<eU7UImpQ8ndE4TiHq%eLO4JA6uG00u-)vr^L_+X&&{(=1jVxjMd{@V
z{2sR9pOmRHvtyoATc*_ms5wlxWnP5Hol;tFD*Z@5$7!-`zHR;i17<%Ihgg>^s^NSp
zQ31hy6DNqOJeF>Cg;ZjYHl0oL9PxA*pK&?^_Sv5_#E4!8);SN4Zal@W$&3R1IXuZ(
zwuIT&#F8T|N|py{Vf8+k)Old4KkQiSAkiymuD5AW2jgJ$Q^=$L;6%#7_LCTdd5Ih*
zm0zRt)%<=Dy#X_QDW8R<;Tl!gFPhyG=}gEsBwX?;`97rzexE`ikIt+VnShhtE__05
zH<}494|BH-%yMkaUT!3{RbR@f>cm`>J{CEqfJ9#%4)1Rr{>|Fpv+T;U4JN72+Y9Ul
z=Tn7Pq-MPDq?;Aj=56spBxu%eGQR@mJ~1&wIKoNC<JSkSN7K0CfA=WA2)4V(Ba-WS
z+V-NNmwCJQ9F;ReUH(=Rt7(E46!{a5C690p`=sHa?An)}VO~p(6;rDuNK)!xLezVd
zgX>DuN?nvUw_lA)e#q>nB~<p8ft=l6UmmzR1IP{f3J(oub(PLd&egR9nI+Ki^eP;F
z-x}A6@ipTCht``@UvyhLTkM6fpa#8+l4$UBWvy@W;cHlaeE}L({1GulIXuhM-nhl@
zA#OKV@{G4wP+zg&gB#q4Vn^HpPGbrUmj(D4(LvW-si-d)FJVEN2)T)6EdDUR6)*J@
zH%cOkXIkS=cq)sJx_bh*Qr*>;>>NIbi&A#cHxzMF$mxFi>;aehNImpHW=d9GB~zUT
z^?}6FVZEZ<=wH*nmbIC_(dlS-G_pq1ED$vh(9z;03~xX2@{(3!bu)!I&NeOmL_n3J
zdcMp@?I`^>W63K3SDz_1yc5H)JwDPt9(xTZTKm4jw=LCg{p%exeuPeelo^xmc`O)2
z8_mw{28tzHL)>FyA8@-H!w9kMP<*Jxi8k9hALKdeP6<x^uM_aMW+ra~R)H;J0rd4L
zePyU2-&`fiU+Pge)EP2GUpTB7>&q9f4y_EgTYkd#IUTS^|E;F6HcC!4MnrM?psq%E
zsABmd={-$~7CPcX-MLf9F1zY`vUW~T(mX;J1oA|OnjB@UOsp&hDfb+=0upbZP&6!Q
z(G`}lEBU>g2b&n6*Ns~_ABzH+IML9%Byyh3`lC>nGnOr*aICmGSDouq;A!~|YNUST
z!)lx}KevpaIZmIW1flG1Pk$HD_Occ3^fy^8t9Ehu89I6^Ogg(FBeS3Ghj!s@)1pI~
zz@myri{BGDf#-$i)zzr7yi>A#O#wGqHf1Scd5S-}SMmqo8MmE!yCJuKPaZZ_ty&P4
z$)Xbbv(~--eCb^|V`w-Pa(Ku_^%OJX7M-uNaSGF>J}@!U?A0PU|M%0;^fZ*!u7c=Y
zHijOBhLY@7u5U6~zQymS<Uzs&Nj_p#D-<y=@v}+ac4~W*S~*NZfV;+z>T|xq(3-*{
zq%^LTS-##?N&3ja3m&2<^{D24?xtehQm3)dt|xYp&edm}L9Lpgqi>c+>|imx1;vJh
zFOZGZGtxX(<FiG^*lS<nVS5hVpPJZE-wnMJx4=i4ia490C)j>svdhFJihb}K!srI0
z6O$O8iI9QNE2Tq6?Ah_M=I!xY_`l!tR{GobjPVr-Drh+Bfo%Y6`;M217&oiC_m^GK
zs_XV9SNzYIHKDdlOHP+de?*GdMn(>5m`T)0O`|~2+js0ac3y8<vi9-j@@ToV{Fo#_
z)1rwk!()Yr#W_)Q`w8(l?RAqm8u;smS&M@y#t;J{U|kGEd#K)t)>Go4)U$%oKW=7=
zZL)Ol!y3x%SG!IdF$5Yixi$)J3^U9H$sGuBRQ0l;8Q`sSY2;Vt_m!qu@7_`&yBoX9
z+#10J4m19=B|_!>H_c7)2v9jcR7`%b5?Ie3X8#<tSL{0V24Scm?%-wQ-52@63mmb+
z$)cawc~8y!iF#_t?5ZLa?4V{vj^xt8hns5y_3@<IZRttzDTBGio_5ov-?pDn^G~AR
zkO|?KMU}A~?ix4Se`JB)E5-1L^H@l#tdQ88`%5W(9=+d4H*(>-f8($|v`9MGdhi<F
z57|30CEew^B&G>6iRaDlb(a|VaQG+NIK7|nABjyv{6tlGA=hVy^2AQZZ^kqjX6}Dy
z3pm_0y-=eeWcV%(Rp|S5%+ij~wOz(qRxjyC-<dk|<gdFaw#jRXm9(cVS~2gzRA0CS
zrnd;1n)4VW`P<%km*@L==%k;Ess7j28Qx~D?2AcO<RfxF(xyl=A8fl-^>xuQ-jS$t
zV|332^P`ah=HyZWQs|7x@oSK;oUf#_xtVZjq*0L19k{jHfE!VQ)L1Z&&uz>Gz`!b#
zzEf^iA^i^O0m(_k!=AYnoD0jr9_k#R?-u?=v;VX2dDGrI^>81-jpFd3+%dcyOLqTr
zOV7l=<(41~sU%>v;wW*gBsmed*A3@3vLb&5vu=RZiNKVahW~N1YTpQp`;-e4xKjf=
zM1j<B0!h$}D?^GxHG!plJQLG69$}6uSGyr?*H}bdNI@j5tN0FIW;#wI+<O%v;gG<y
zPG7@Rhf4<(ujx1TzEsksp?<_p1RlYRTbF<QC6Y5W0%i==G6kis3I$eRUinz{00Db_
zp?^;pJcEGhkGA-Sl4Zmr_33e>nYxUZzKUw9)^RnMwllU%w%d}<R?LfzIJJFj=e%+0
zJ=XyoukQ8^Uy*otc0O5F+xCQ#P`jy(Nw7yewPYF!{cP;R7KP1>h1Hr(qU1A8@rZ7m
z8%w#zJ(A)bow@%(;yU?p=7t{l9?%}Uirh<)|NSQ-iI9Hke(A0x<*xC%+AocC8{+kc
zr4EivNvf&Dhk($0%4*mMuTtWVn=zzngEHKAQse|8_2zL4e3#ryCW>lGuVW?TF|1Lo
zrw?#b5-C4Ms+MIV==5F^V65Hf_ykn7k`-I0ZkY)wyDfHdF41-Mzw2-CK{#3zI9QAJ
z^aKV7a*ltKpcWHtm+P-QtG!NDw;%}XGf$D_c)<K{UvQ=73CO=!kW&x?-~K*?UKkEd
znmWX4VC#ph3rSH+QA3u7yv?<rJ<G=avKtn;`<kjT^7yn<t=+3L7v8R1+!`;%P>5Jv
z){!o13X0vk?4?_r_03oQ^3_Ifpjtk^t`J|Z6CM#1ky#iwuSlBv8$a%QazKdSIPy8l
zCIu-!;U^snOq5!E@Z-xo!@>x(CYAcj8cG4DkS+ti!-I0BkjGoY2TJ^~K90fp?7xFP
z1Vwh4;?N>=B6htaJujSu!~`nk1*G^=TEo~fGzy9R$&N3&d#(ivxAsIRSlC$T2Iw^<
zQHgdh4Zb0bz7)F0HX~gRQbU9+&>dV2DNUShsqA>mE!}@L7k|3e%;EDtP7Slq$OXY7
zIZ!_kjiNq*KkQNMBr(gl=O%i>)*k3q`()XQk8CEc`%wJ`LL*C!i+K^DlAsh&vGVr1
z?i-&YZUQ3%m7*V(!Iw+<)<#+*<H3z-|5>0$x<sEi&KEgie)x@=$jREZpzVW`_gxlZ
zk)L3nXbCExU-eWj@)t3RJ2KsvbjxcFTII+Ok~Vs{U_;;gv9r@kcpBA!>(dz_6lK6-
zfEW_k=je!F_IbfDw5$I^MueR;a)a5DM=NIbFu6|giy%&)9JdC+mYk=O0hY^gQs;*N
z-q`Sq{G{;Ukr|FwywsjkbBow)37~%R7gc>XE+Lg~MPJMu@@l>M`H$Zng&qGenrm3N
z9koFhd$>tk9D@yR#w*a?Ahl?{DEaI8tDFK_4Hqtto-eB!t`_yk7-0LjuP!ZCug{cZ
z<^XR|BkGmVed@iMVD0%)=s$uq374*xK11mrNudu1IY_t+-6+6xh8ab4m*ZyvTo$%&
z(6=!BQbQqxPJamz7e5)O=&{ehKJtv<N9vDgFP*;ZMlbyx<G9$Js`pQ^&EQ<^%WTsY
zbLqUKpR5|YfX@N{R-2B0a*vDBxYdNz$2Bmr3qIL3d2M|SDYcOlWxoIRa5o_~(4nwu
zS%;v<spz#a+*U9^-LBr>$;%@-ieKC3I{Ieq%Imqy#G+^WZ>qcDGx8B`%$t}zc&ZNv
z!(~n)q=P-7URL#2&z%PGxZyJTNyN$G$pg#^?b}buKP+JWsuT%G`MX7t{q(rmmxIw#
zY}ifG9w+5iXJaL>uDBi{pOKD2<(G>qV?mB`?6?PdFHg1XD5gtc(u*8uye;25b;8z|
zbxA7wFPr5#8|PiCU*}M5P}nB<E>e}uNmA?3_qHK-pF>RIs&IM_i{H*%O0;cawpuk2
zZ{dU$(7uNVP=JHytX9Jig~!cJPS=cD5&7dPs+tqp{5Y1I<0bJNtAOn5eYS>9?Yoq3
zcnH>VUY;C08_1CpU6s|vSJig+H9|MiLvBH#nMvA!zrncj>wkI-)XRO3Z4d%0t=IfJ
zKI?u~e*N>f)U6!gW%HVH+d}{UE%Ww&O4spL-c7IW@I95sE@hl(-QRf!KnBNac0|?%
zig%k@+pJU2SEV|#-`p?$KDHDw@8tAh+#!xiJau?A;5&q>9%_6NJ-VJLM+B&E7T1at
zCnu*Q?O!Jv<}vQP`rv(c{-Y3;0&{+t-wh_pI5C7I`RMCe$SHA;rd5TkzG!Y3ll`bO
z@$ypu5mRtPXd}SR){^nXC!yU>^}!yz@r|+T!3&hP+Q>{Oco}}g2|nXP(ne_j`(x(q
zO!`s-C5ck{%snMvM!+h!TLcMRJo-doRr$t@GGM7V`aPFPGb2G-64E`rr&O;Fb_HH6
znlHHTXjp>oK3xKwP1lKwMs#1ciG7%*p5sQgl$ow%G*1UTbL)S9xBdhp_@IdDQtq_Q
zoNd8`WQX?5(F6>>L2c(X;~rGhl}({86|4QXD4;1nM1t}eUs${j3F#XBt4TCCdsj{#
zspZ4)Oa3%)7q?l>J_Ve+H=e&ntP8f&TYIY1dRVvG{$WUoj&O@~t9dJmqqI>Yh{>bD
z@Qye<>otf59}725ol>HNoUqr?e&tiF#fX<f{8IX2#>PKK5|*cBHrC?q8myNy``yr#
z(w3#hdL<=Cva)ckun{0U74O|8Xh}yZOz>Unr^76b)q_ulhPygqd5o4W8Q`S!^}8kc
z=OAaO=c1_%Ajd%D$8&FPbvY}R(@+5jqs0~wy~k`)Xk~2jNBB!Xy1}EE;qs1kGG{>6
z&`P9kENyNq_pEB~-=0n!5i{DNPT%qC120PRXV}#VxF>e~aLs>q^jv&O;zGW)bfMbN
zb8*f}R9+)<-*J_8l?t)-`uAX5GWo31%DAW>BGre?=hG%)l~^yncxXh<9YeDFUrIij
zJX){?neawF>A3K;HQr`5D!2usI^r8XZ($rg85t%5jo0mWA{>*0H&T^V*u_yPvlg^Z
zeL3rXt<`8;f{ZZUhLRiy>^~|m{g<BXPNmCOUf}lVRg&!VxBtE&yp>!vP2ycXQ)u6w
zD8~rA^0Q8yVU^N3=JKA;nB=HCo@<o|>yiWaiB%)kbuUgVT5$1`EJeu#R3u+?zB+vp
z>I(4Nz2q6&sMQ>S4t_tL9qFloNOAoF-ZoMZo=ZXzj60*VG)7a%W!R`)x+R2;<<%$U
zC9r!>*K$Ujt3FFLlY?wpTiqjgFyQJdQEX^Ar)Zd>9PH4`eo1v$5->I5G3!BTvQj_u
zH9MF&OQM7;4^JPh<<WNoef?znV4V_Cqw>{*SVagKC%PB?Dm)l{LD5XQ6??(BufFQB
zlA)%(ygpxf^_;xY5o&lWGLvRg2BQ&+aAEhsj{1JnFHqSA4l2exc#*Xm+{;>Ez9b2j
zMan_*14h`h-W$Y&a!=>}9M*RI>(Q}08q|0g?yRdUZu^z-ol$fBD)ltTyelyMC1*{P
z(P0s#8x?HYa^6~vah2kg=||kV{3YM>yjAKEg2e?gizw@of&3Z4-Xb%y6}Wjba5qt1
z)5*$c1{OE;JocLt7|b};moZbF+d2|gq9d6`;Zc^EOwKKrs+3un<(Ww70QbhqUc4c(
zu1V$#z=+R^-hg~GXR$Whw!AIPB&v8p->76uYd=1`VTFWvFS&PA&(5RhIhUu;At~3f
zI97PDgy+aIIZL^vI!qC7X*DaI08JCC7v>elm;MYKJ$0WYH$o~Dm|(9;C3=JqlOm?)
zHKf|g!Apc5TEv5L4d&G50{q(I9Gr}@^f?90D;NLT^_xG9){!y2x|Tl#1m#6qh1SAG
z0~!);)?nLhZ1O<PGl=`+=~`;-woi)Wcg52bT#SCpernQ;FDGT&@<QdiD0km|F28#f
zts@N{Occh;w^W|_%{s^JP4vWZ^Viy2*g=zBPaQk4>(&|dfTg;l7!n4jpF+?1%x+$7
z7H^Pq$R)M54T>M#Ph!KnDL{vpLsG_8ip_yoD0Z#ij`z#b+mTICX>6!YW@#p47m-b5
zV<$q}_(&U~$~tIg8Ggv>|8DHpgAxXwm>hYgyJ2{99VJJ3Ya2^7s+CN=LSJXo4n7_P
z85yrv(5`6?JdWLQHeUD(T5?$UfPV{{duPLG;(R8&EvKv8Q$4$xsBUe<X-8!&5agkU
zLGXmABS8hm%7i;(5Iz0Xx!xpG{}VJ?!k_Ak7jD@LIsf^>$(oIW{dH`;yF2nT2X<g&
z%DcQ&#=x6jH%W8p@W#s9`$dt(_vMWGWnR@?+vQN>i@r*ZKY%Ii!?L$1MtAo3|A`Wp
z%YV-d!}}al`x(9)y*=cxKLGd)XmTUSCWX_{z_wXAhrfM*TitbJBC%Rl>Q?2^>z5>$
zbuOX=bMVMvF(hB<>EW{D-e|7+Pjux$*B4~4siJ|tLC=Z&7=w^aDtQqHEC=;J+Oe}k
zCD+p|@QdowqVhuodGFhgCldj91jX~N%bkmQp15eKy9|E*^aNUObw8WVyfOe3*5Leb
zCboRwdk4ci<p{idL1>J}c+ar7jkkj+$~S6l4*Ivi@+K7A0ISrcD6~vJJoop>%0`bS
zWxN$|b-SWY9&fQDu{w$U_tcXTvpHO!5O5j4f0N&OjKA?}ZVM=gY*McSK7DyIZpW}a
zt+jdXVBmV{(rw?lMbOn+r6vRRG0S76aDPjn(HDeN&nHKf9vdCBuaV5q{2e|j5J=dC
ziL3eR#nO5oU0K}rwuz}2hZ8uW$<pBl_mpuvd$C7^j<Ghnt?Gj6y7Vl|r>|2LGz$>7
z;Xl9DaZv_XS5Ex1A2*)=V(pL$r1D(UuEf}&oKoi7+-a;ljm!_SV$=(I?s!f!z;)|C
zI;nMd``A6&?QAMFo?N<ZoXc0p<cL4=1MoF!#(%Zk@pb2}{)RpCz@_DAq4jU{(+^@l
zE;RXBs{5X}`u8ugD|hv3uzl<qq>qeonC9;mQ0IHZu@WwI&pR*dwrv!}Or&h_So>_D
z2Cm3LHr=5^8KJh`xc#>GXL;(o(mr=chj*K~a#o~^=v$(>|0q!_BYI45%RIiiwqDm8
zU&Wq=sU9FsbUbNpZARwl-}0y`%LV*oia<lC$#~rZ0=({OM7$)5`ZH&cj3$aAVi5QA
z87XFEEee%0k1mQePUM?#d9EjEcUq&|SjSY1Kj(_&x3eAWN<Y}o?tD#LuX8NgZqDYq
zD4yz!Hbkzh^K`shcb#0HX}PqqF*2~vwmQM6$+M*w0k+PMJ(F1(uFZ{j&E^q>kC_yv
z0mq5P?Z@+~s&`UWL^?vNiTek9K46Wj38ltEL3KFCWXJ3^p<k0S-hsvsx4T2g_%hsN
zKO=cZ`EFxT1X^wy@W>|z@J}>mPx_$n`8G^dczNgce#7G=at^q&`AC?EK0l0gqd(wE
zrjerq_1kw5d60UH2_8hhHeUIwTHH7mLRhHP-smT&&zzLx_?D#Z!*^8?<oQa6*w#Hd
z;c$K<AL~aewlE>pU5TbEjd_V9_z~@`^h0<9Rf8}_{q3y2*Deav)qBm6pBlOCg<@<c
z$aqa~ISG!v&xJ-eqj;9RW=Ru|6ft&!xL#kG*vM*Xo?8y8nkVM|Wf8;0`yA&MfOXG{
zz<lQHZ0i=PKM#hPf{p<eR+jajs%}Ssj958=yB3{w=VKzdV-Dq(eClCE`BSFXT9PW~
zX*GQhuvZP$6G8LCZf>s{wi||zi;W9ce8XA$_Zao6V9)Jqv?c-=X(?N5vFF$Kyd1tS
zjSbS$o2lPi{}Tb;4lRLu{%9NVy%MR%IY!hsh@Tg+CQ~^S-uxyMZM;KOOJ%5o5vYdz
zrG^N2EN<7(KyIayZ#bgn6XBHXY-C3AIqDX!wXF5011s}w=BKQ7$#-)p)`ya%KMAJ*
zw(|~q?{Q9vgFW=G2*m(dDhca*VFSXMg6Ikq1LTatLDv*Et|O&Jc1CyIAF%)F9O0Y-
z(#`HasT*Q{lIg*$F#1EHO;&|jOVQ8?IKe+LyS17$I2TQ@iM8sH13GaUJtsHr{?wkK
zsY6m+&eXg)!1=d5mX1A6fn2+qf#0xahms)mrR-R$RsD0(lZVW4Mz0W8cNBiVQI%bN
zed8&TWz}U`EnT?Y_sI>((t;4HF4)Q`$U>RpeE@IcyyH5cJYDM}0hsQ?3(2y^No@3&
zxaZTWdeR)A<-R=Yqkr)Ax!70jTyk^Rlqe@dK*#&o-xQKc-3aRNQPmCwxD^^M=*@ST
zrP$q|Lx2MB0F$Mt;Jr|X`w4h%G8L;Cx{|`jND?fAfr~Y%epq^S4u@*(?9-MsX6u#x
zWa>sJarjdVYwdVIH^naSkIRnZ1_`P<>N#y5e~zgk02yp}a-&}<d6oGQ{8ZsS#et!v
zBNQO+j%_@xhs)<9xVHK8(Gwf`C*J1F{7ZR*P*(iA_Do-t%`2ip;P16SP2hsrL;~1L
zC@!|rmn_0-_U3uYviaYA$4%C_`|O2*`jEhES<C-MGkR%iCuMR$H;~7N$H<Y=M@c<V
zCvGNv9&y;wKB^`mDu?T^IB$mKGQnQ4$BVUelzzkuvIXf56qPu052QNUosoN~$&o#G
z8`A)linup>-Om!)RaOintR$w(YCmvE)<jMnRS}6IEM;-Ri8ek>p+h&}gnKl^qOURE
za6RAYUvjD;ry5Qj1MGS*z06%#xqs!;8v-h=TB#8AE=~5Ik)C|eD0*AQ7xLYmLyi9T
zsl)3`34YxvXy?Bh-6TxHW-R|W2)`#=en-J6^e4!Qb`?K1-k)Iw4dpcy+<tSBrr(b>
zDbABT^CR~jyb?A*FZnx!VwW!yW5ez#jtKP#zyJumxx1Ruu0oa->9B<KKI$}nNsch`
zWIbA4SNMAt<>|`*3GqLPcNB)j);QH6g#TPuk7Bzx6xe-0B=O;&FOx|ALhu2F6!{;$
z$S26hWeJj0gy=j?bQj~7be|a0M+C2y?SvAsq|U_y*>ZX4ucPlf-Xa0Vms>6SK&dvS
zjlPKh4!f>Ai{JkluQTb0QI))c7M3;gPH<e-93EsX(YS_HS62ZYg94o)PMsvfOt*^i
zn+}c>?r6Qtz3v)f(FoW>WHN-!18w@Vq=vnCPex}4IeQ66_JfuO(Q50ZulPgeY^mVe
z5<oA`JNna{wb7X@dyW50|65tA>NNK*Zr*x@9Rw&v)mV*)q-d7~H*Os0=!&|>dk$`8
zOvnn?U?^`s#)OK;-PQgeos{z#i+qKSx_<QkXCmJ9ap59c|DKRYy8>jgwiMpS)BV(J
zUO9Bd4r)?w%^ySJA3T4xmne#U-^mmF?;1}`gewF8y4ks_hs>n7(%!CN-#8A%76>4n
z7tgbGfV-KM0N7R>R<B9mB%AP7S?npiWe4GqQi-Eu-s9U(5;8kc1(YQNc^<{zGgy7F
z?nUMt#^eI<oj|Ry#~O%|#{>eq8XIAkkTC7MMd-iZORM4uhyySBtM-3X;_S>^(~<I9
z=NZ*LoOw+n6umON`m7IA{IX>LZ>wS2ef6&Agw8obXHu*e;l`t)l-%}T#n#C%zU(61
zT=XYm#40>BE)p#5mItn;mW3iAe}tRJ^eE8OyHO&Ce8e5s|M0-iWQ?TqQW*H@Cc;L$
z0@GdfEBwE!asGW5%Ur*Yjcr}1i7k%&!4R&er+p6MN`z$JKFf9yO}0`t!I|3`6CN&-
zEZ4#VS96EU`|x39vN(wOB_s@#7%uUT8%ol)-QSblpR^#AoIj-OhaPlYPgD4bE<v;b
zk(mi$XFkrQLVm9dr5ZyC9YXD0_%7<a)2}w{Pef(Gurf|{GJL6u_?bHtF5~`$TLDRp
zBt*CX9o|IF(W{45@fH~Y%T|Eid{|=e0d7qn%oX>0+fN8BZKAjhF|7*c6?^$Ffm>Ox
z%r9jKq}Gr2E(n=|RolLf7vfO)S8f>+`vw?g7DqwXPXmdPCK!1j%VknVFk%SDiTk)!
zTZ1{s8O3Evha<~`>uH$ThMgJ0EGHND5Zxg!I#@6N*%bIbcv^G#zlCt5j7=ox;=-cb
z;T}`-yA{~7_%e5GoNC!%HC*P1hy)1wkWfF+NO0M``F<TW^V7vMGE>9{KvFJ^dw|dC
zym@b6rcqN=F>E8L*lU%T@zguh;&f}0WI;v?<ZhnoLJ3M}9$aYaM2N^I0E93r$w9H*
zF`YXAJc`d|b>k=D+x2jEfbw6S^L2xxH(N{yH92gIvG`To=yDnt)N4f3W22j_Q2*n$
z0Y}O$^$Yeplw4D^-mjT(&^TJ}G~%-BmyoOyBdZhn3TjEAuakmCg&zp$CC+d7qA~m1
z`}v{K?!Te7KpJN05;!5Nkw}=VqlVft!n6qzS>F2M!Q<}^sw=Bk1W|h3K0Kf4PVv*5
zN#x~J{Z5fzLDkFk-EWC{(eq=%fq|&S?^lUgp<-&76!`zmLN_fgP}R00)I=<E7$SFv
z=Uc&*i<y)mca&Yb=ct@Pr6o@Rqg{~GcsElb1oSj<gtaZEUy()mw6ENPt4l%P!#hix
z2i<iJy~%|Kna2JTJvj}hUp&`Vm?zd1A>)|qk7Mx`4v0zlX!XD^O|Rr2D&zMJ$d71G
zc>yS2BfW(W`UO2HW4Q-IBn|M3;_FlehlXP5uOmHl-DN%1kDeIKI(HuEVdf|OWH~@;
ziM!j=5z<ITt^-*HZW1o(R`m*_FSG`g6c)P1Va{)*e;R2V@L-N`GNpST-T#Qb9NSFk
z(g0S-JpS5$3nL@uxEM2*yvs!~(8zCM0`m0ygZ~8FjHj;^6~g$oEalm<7v8?LE?{b8
zV5OFYJ!-@xU<Ym1s=T{@XS8?HUr{WTg#TNvN0ON5^D}DZsx!76=9IJx=nttvrZ0;i
z^1@d$y7>BSmQvPArr~la#Coef;QIHSCZkSta>Io%OBYbYhq;VSaYHfdonrXDF?|v=
zu5)neLZeE-+(nTL^S_~Dn9ky4;t_rYp&YY^PmbX!PFDOu#rgr_%^zNacb<d=egDR-
z5NPz0aJCV@%)cbPAQo5d>i&nFhBNJStX(6_Pfw>7x1sm{=>Oo3o6F;B9fFn{@uA8?
zys}SJOljeL|A;#L#^`>f#1-zkco+1e^LD5f{qE*6iwamA%LrTDZVsq`4xqeFZL*TO
z`T|x>{<5toc2WUP{a~Yjjs^iIs_gq<k~rsWvpbskNHZ5DU#d)rg|*>5V1AmVsmh$z
zh>x<Y93k_E{NT|SYQ{vq3dG-5iXv5`C?}N2NOq`VRK^JB)${by0k2gF#BU!enC^nw
z_>C?YMRY(n+@wR+?OjBfeuCTDaq7cg`#o`{@(X@?jGb<Oyb~;Xk>fHZK)k8e8b=ri
zA2qcu?{f3^(jWc;$ru{x*Orv~Iz#>&_$f*9!uPo?QN-!nqjHC<D%>_+gSrpxbv4?M
z12vkAkW_L4XExi4Mo}Ok?=HyS$KGt<Rvlse!s9{wZ*Ex9TZ;GaBW$J22$?00McJU)
zVtPOzbl;n<G0dz^jm%LM9)+7MtBSU~TMI!RFRP)2VI(MxKFfTxac*%HMk2&Kd~@e8
ziLc7N(*P&Ms=-vGjz^mP(U!kOq<+7JLo=wSwUt4Ct9t*hpKBZK?gzQMDt0Xl^g1eX
z!50Z)wIc}jFs2jr9{V**5l$69b~%nc$oZqqpSS=>3QFQ0#*r~$Cqf0B&ig|W;#gz$
z;{QV=&oq`X*`zEB>?isPDg<DpE&T5M^jdlV()d_Ma2w<uDbi&gI%-mKYM>f6I#u#6
zF#&#EQQNkOz0L=oN1WZUZvheoqF}nv6VT^eWNB$e%Rfez4N<PmDJ}(BD<o2dMPZew
ze<1}{_>QB-U_pi>MC4>doe4A~5wO$58`WYjJ7<p<6+At4>{H%Jk^R!WF3HBA?1GuQ
zy_Z)+pN#ol(2N(ZVUisVj;T%j4fj-o0@OFWwR1}gm;}-tNaJn+#%uqDA=jv}UQl-Y
zO|vCSn_}~}DRAInvia+U;7jl_u;hXc9)D3bNGjf<u0hP7GkiCv5U8XlUOR_yNqU&K
zZkLPAZP%a)Jbv3=B@S%LAx;aojJgtC7|Hf&PB=14Kvu+9UaoN<DTJLzZ$DrSoE0sM
zEp{KN2Br`)wKKE$Fjlm3Hv73_jEQ5<xVL4T*3qo}CHr$k-^sp%buqTD=t*x=);H2*
zmgz_Z8pvsoB4vf&W&7${uusMu097I-4Nd0QZUgqsXK>yzSY4`+jS)+I&Q<?Y8q`E{
zGIJB;q5H^o19YDb#*$R}g@Yb!xgFWbzWQESJYI=KNmA6m1}r$vF{huHx}0I5E$(2;
zWzw}Wk%%;Q>^APE2~M5))Ds`?yV0@?IhF^C?iw3-w|%~`mTUa|@X&DR_)H7tpMEXQ
z@ZOde-9@AXOvzv2S0WC`nR4U4Mv$L;>B7(TFzwK-dg`H13OMQcjSb|zgyo6+_^)85
zu9}vcx_vx1CH>lYF#ERvgwY+^Z18^>_kbuqKY<q5V>b$~yu~j4ZQ;VTdGx4q;Lg}S
zEenWWPR_3o(NgWMU+|++0<n}q5~C1`{to#7Oyz@OH*dH-G8+=U*O))6vH=ftlcAIr
zHq+|Wn<~fuon$yMIaQQ(%pO)FPsI1%DV+T|-IxNVh=f<d?EkJ*>i?9m`QM7N_Fn*n
YF=n*Wv!6U(>&gI1a%!>_(nf**3m|RaG5`Po

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-180.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-180.png
new file mode 100644
index 0000000000000000000000000000000000000000..b0c9afcb9a26e19e308985c980cee1a224641479
GIT binary patch
literal 15242
zcmcJ$bx@p3^!LdyxVy{X?gS?c1PN{l?iM7t`yjz(a1tB>f#B{M9D)Z3?hu@T;Ieb?
z{k>bYwe|k9TkllObXE6r`swbP?mpe;^NrR}Q^3Zcz(7Diz*c-Ks|8OR{`umez<(W$
zmt5fq$nve0DguHZGXer690B1To&`BTK=9;6KsYo*KoHABKp=I=Zqt;27ob=uE6Be5
z`$5;cS%K%EdMK*Op&lY*5K&^|JxedcvzR>O^gOK0J*>qn-K^mW0zWUm5Et(&E<WCO
z{JdiP!eV>^9K5_@yu9YCC^`QR14m~oI~(8sy#XGiiw<tU`hUN{!_Lv#-NW3`<$rIZ
zke2rh?}ojitn@pdrIS_ffRtZbLl=|2xfQ2c7}lwXh;=t>l-c>LF?IMzuA7MO`a>YB
zp?*2T?^5aVA;TmZ*K7W7eoy5H9f@{JB@<P3m&>p*_V{+2+|29RCA;S`u4iYn6&6`q
zViG|K<TQzxN^L{9A%(0lu<kO54v`$X7JELioMvb$hOL}tDySII0RGI||6fHVVA72y
z20mT{)X!hT#-SrH2{V>7#`Vcq2vGbFBqW4o>XS}tHyxfW<P)Auhz9)#W;lVgV3bRe
z!VYRhI03-+fc?E&Vq5CMXc#5wFeWTq0)fh!#Q}j-tqwd#>^LyngGb^5Xdqc)?<77i
zUZkU!Rw0Ql6r56zBRmSxi_yS9h+axFM5jRnd`;>1-4GXj`x>RLo|E$iC~58a8Qm>e
zg8K{+WlA<8)QE9t>;^%Yn+lA$TZ&u=VdZ8=u&G!?G;TDE#5m|?NFoDGjug4^xIlk$
zqF&_tm;@j#wfl9v#%)Nr2bRd^SHH^P1^UrFdAs9Iy`IiE5R3ZOK-Bp<>a>q>36VDD
zFFmHL;~oYJG%}QEEJ#)kon#HtlrqW$?dCOTLJ=DqtivAWcKarQ1=B4`Hb>m{Eo%Ef
zLl(cnWJI@7wjJ&LyGLM7a%B~0#jx!<84FSv<*wt$Q@8sb!b(3HMNyi5vyOKtOH2#I
zb%LVq+O%S!F~sOitu4eJ#`at#{dPLRDVZlp^yEHJ&$Kc8n1Aw1N>~!hB8fLz2&{kT
zDz!n6DGu$|PXKypwV*93GN8L8E28|SMT#N#+9B=OtAvIpgXDYe<=Kxg-LHv+Mwe~7
z!T7L<R99WWsx5sjnC_1e_K@w6erfGe?Mdt+0X#jN&`+2FZO13%@_~fM<X{STyRwq5
zv}@^Jnbk<%E@G>#0Ip6h9pAT3NgUu*y!UdJQzr9yul^!luFf0KarJieit$*{+e%*H
zl%RqGK<P1p8xkxc2-#-1l*3MTw`aPVr?x_UQAik?$x1$k<G(`Ku!_aW=yC^7pEvIN
zTVIbMRh8+#Ia%%9cCGdd1h^#!XurlN%r51jLGVz?1R9rRolT(IZaSh5E5qU>P#9e!
zEc4etd^cyuNS8HCsd4UI>09FRz_X3~>*}Y#jT=K{ML34QqHl%N#vkJrJHuxVh|$Vj
z@-f^%H&fw<k^krotls`Je$(5^QSL5J@AK8a=*R*3ZI`YUC`+fQ^bT+e<?daU%75b8
zU3E*##-!KxfBS&UNvoIfX{i_HYI}E%oiA0@Ec6R$Ma0#m)w;r<KgMl)mm#G60*8Gb
zrKpo{)e<tBEy`B}5Ye@19M=QNOHB%?6XOxfF<kKGTMiN&^sS3De`xOLSsuzlft9YX
zErbU35!siaH1U~t(%XdCH4IpD0JhLC@@oJJi#=NJ@@fi^`g{}WUtsDd6*}70C{3~E
z&ax9g?O<i?BgWy;EIyt}6rUCDj2{3iC_4|LW`B&#iWm0x<uc?G>hZU`9TLby-;zsl
z_hRR@=^}g6sYqyjd2COvm`jv;)Sj(`*6xPOe&6J?D)C<2Na_|KCx%^wByIgcOF+Kn
zvWwo3ND<}zf#O!vp}Pmv)JVl6ZgmX3pEp%JI5X^GRUdr=7LJJhZ1$OY=9L7N4Ev|E
zL>iPONk30*iJIt7Dua~ccE4{5;B~_)#myKl?`Rrm4C-E!eSFo2B3Fr&C0b$fP705F
zX?sZqs<4aG8gXpY@@sXJ>)-{$hEJ&ipP&L;CRQ%9*N@J_OEwtqN557Q24h`b<%*Dc
zcHv6WBiFVqj1V{5jEA!K?xT*iznIle^|PF0+PGqQ;G_lKfSjCWqG6L<phHuB^}#4!
zXFu!3GI1{zsUMpKQ&g`-f=D!mja+Na?fMW~_C6z?g63$bbrY9B1OB341WznG7QL3g
zu`<$U)|;`)mAbPRLucre@a_JYWm5;01v)P9C~4|9K8N(xU*t<B0?~1<hkp1H&4UD0
z6dUm&t$$n7;qdV4N^sbMe^3NlA9WVDL<l8$N1p*RisVi%2~7HUxGKhF`{E(GUJ-ZP
z+uc>L%8=Vq$gy3>ld0KT!Rj5yIim=$i2lZ?r?fm6F#svneJj8C00y{blp?gaK*<mK
zOgcAkZC^n7&NS}V|5Ss8|Gl$>TH4c^H3renXa_4QVT+oN{3Ch+Ieu2}TrYvcDvDdP
z5!XI)8&sF)0Jzi*o9yoC7h?YC)?dL<GInDAs=FXmUz6xO*j;T0VHrI4YtP|TuMmre
z>JDHk`R}?)SipM!g4H^`EwVHCLBTjsx$cSMMdc0Gi6c{sL?YaBxB3yg>4eh~<>1rL
zM8htGqf}^QUk>O?w3-FN8aJ+gKIX$ss26mqJ6iMFgxp<*dXutB@9rB(CVb?aA5kr=
z{2ofV2tO*w5cV`qeP+2dc2N-16}g9$G8@DufT1TB_yJtD>rHvjtGka`WY%YCu073+
zl<#;sV%$6@+_M8gUu?%3OUzCvx6oej`mvJe?OlDvH$a3QfRpt^QU7K2^;5UsS!89M
z{6uoCUTfTms})w<ncoc)^cBMXkh+T=-GIDD(%jVYV{c!O)k!0zd;%$VA8st?gBFJV
zjQDtG7*Za{u*bM5EAP^O0~_JtI?VP;On8ABcw5#ze!5ca!MyrNKK@2ULDHCN$bV8$
zzEkJDa8AwZq`l;7d#4TGtr^Z~%$u=PoW}O&Vfpbwflf3)7-WSt!{mlx=Sx1i?aSxj
z=c3|AmP{+>)N0n4WW#{KnI(ZQ+AnD1iF$<<M`&#kW*hAy0qyVaa4rAl-LbsJQy%c0
zLuZaD+<6_0NBR|sxR=P{c}57YU$atW&=+J}GU5&v@g1gZu|VlS=HeM9gds%XEb&#I
z?f%fKpM2DYkAx<UZ+EK$p^DUJ(oh{uT;Uv4Us<P&azx`6Gh1m|_(l#sDwQ&`M_M9!
za@UsIK(d=_^&Nonj1ksR41bX~ZKZ9A)p-Y`k7micQ4jr7o>;g-LiN=GwMpP}F^D;a
zc?&D*ZV8hfsRmz;Ot|WZF1nry$Yt`NcM0iQemAfJlu)b^n6M1#66wX8;?A}T>6-WG
z!-|rlS83?=SGr!Kghj3Wp7r8}V$^l=sV;%OI;_=1O+&j??!4q!z_*0RG>M`}OWq}7
z1`f~<J3=_f_ZDoUC(^Q7nR-yq-EtV&;t45taYERos+X?VDWt(v&Aa^;StI2`KM<r8
zH9v>IC|{*k|LS}LU@#Rgo!_p4qfCnTs=w0<JseM3a81z<aNvx#67lqmd1Cm7P>c2P
z=77emjF6wFf}$pymfROev(OWdy2AlWtpK<-DNPU1eo{gfdvEv5Asa~?8(WUOWH&1x
zD4Jn7gTlQc{KO7#oML_vV1#OybJ#k!SDyH7@bR&_B6>~xn7Z=wN6ewqr|o*`B8cl;
zF)cJ>rhgp*n=9s04-@}=2i+ze_Tew?888O(D2=%r;T&dhx^UUTy*A(*y&mNMJem#q
z*b(7Vb8837RFz1yPM3@h@dEoNnkU0x49z=2_MJq4=*aB&lyvUpv0xwM1kf%M<Mx3S
zD?BCRZIqtAt?Zg`J}jz=%di6YaE!^K1?y{V$w^BjLEfCFTEYZ7d5fBCFrrGU%w-)$
zgKTV>2C#UOCHLdo!9-V%x_&9hAE6pH!&bgD{my+wjffYi>4mt1%Pby`C=&T0sK87G
z(>u}rn`+O3E3GKM#^KKa`{1B0Hk)kJiP{v<fxlL&cuY?0*HD$KidTLiCm{#bKVGql
zwba(nd;>)s78rPfqTgh90TR!~sLcr`9onUdh-mG(LD92R*ellPE1WpuWsCsR7;1Wg
zetL5P$5vN|Eddb){;0&iG6oD$6vmu%r-5c|wmkd*QgSQgV|(~gnQu9O6;~|8BlGTv
zK5r)rhq;_<v<`EJLeyZQ4Ul-Wd~Vvo6tu@0<ye?{Ew+~3M$|HfzX<6<v#5JZR2+gk
zfRTg@_r?C8NaSXzWP{d-+w`#R$uEVpReKb_oP{Gd<~0-|#TL0CFH0Xezpf5Oq&F$A
zj0bSLLi#DseV$WvmM-dUsrsENJA6=w>BCZcj3auG8{mF7Sc*@r0(Clm(}H<T0M&WC
zkI4D4t!5h`;R01W;H9u+l1<6w0+&8FnQ~F#TG$L}3ES>%tLrAx;RSDJ$mAkpg%9Z{
zvP<^?ytd%H`G36Z;WvO7*KP0e*#Px`Qg00z&D8uIYNUpwNEdGJz?IUyR4H$nXnG!v
zOs#hV;>(;6>=sBh;||RBINlg-OUitcb6FGv7D!G{+y4+vg{3R4nL0KeZUO8n!3Yeg
zjQfDEi}E+#O*B5#%y3(r<%>)-6G5D4Zmzt9mAtXi+gRpyXM>;aI;kK~V11=nG&0tw
z3X~Dx><d!j=2c4&68r4uy%6r5pYHoe4WC?Oz(TwzqbV*;2Tk&krYPP;<IPlZ5CFa6
zct7P_E|^qD^OX15tcu;w4R<(E5;<Pm#cwhF{EaE(L)*5dE;3%RoS~-h)Td5g#O}EV
zW<t9qwrT8%`L*Yjq!1UExjy<VDi`mZhlgK&I1R{qK_yl_&BCapqHpQHbI5ACWo#Z<
zCeTrlfw-gcz)NukFgcNnzhAz$`}bWC1UD`5k=?4K64XQXc?(e64umIjNT*)OI=f2w
zba}k@xQQ?}Rck*>RD!1S)IJVqu)>TwC3pKk4d%y`Nz34ObK>@>A<9%c@A8$aS(~FZ
zETR!j(mAYN4g0;iJB_1uIgD3D#a%&F2zu^3n*Y9Wkk&?b$%OaR(6%L;j~RHm>I#S-
zT3+D1k1@8uY6*6KJT=0J3^t_~-jCcC*Hv2;1&nt`c39^CDrUaNB7tJ)^$?AH<XTnr
zqCiMK8baSFTXe0kU1^XOxF0+efcbR?eXsGh8~nDAHkdI#{QCl5z{!4Z2&Sw9pTQN%
zSKe@>8?_;i1sRu@t<pdDWO~Z<<*gE!vYM$!EP*fOqqu^|DEu*OAPRfc0YXSLUde}-
zUFxF=?1OHYDunb`zxEal<T$q~989XJ>Eut#8~z@Go^_UWNKHK+WWT8V|K;RL@_psw
z^RFm7D>GEl_Y+Wei0S7^f}SuIf8oyT3Ztv)DGa7?ynI4xAF}?=!eU#*OuqGvCy$q^
zwY8<MP#KEhv)y;1n0ozM&prN-u%xGE(Q0p`&2Yf#pMFcYr!rVbW7bEMT76BJy+bt2
zv#WO}Sre9XynC-(rL_KhC>Qk&G?ige$PtB6NaelX_rxJA$J=G)%wyxsJFM?kWrQ%8
zI7mB)jQ3LxI|-pF@#C)wsgU1R29`8Pa|EwS5nGDI6&|!BWAJ3aUP<a>89lANqQ8Hk
zP?hH><OqQx$O@$=i>&R$Ly%%LGGB0pSIU~n1%{n>L`2Esoa2!PU8hJKr0i)SuLj%3
zmx#vMN^(miz<fzyiH)ROD#sfN?mjf2zUF*7SMTpZ(WzEsDq3-&R<E!F9+N^`Tg4@l
z6Jbz#$IivC2b&80dh-Dce(Cfy&t5%;Y+e~~UUBf(g%Id09mB^z`J}&^4>2L{J}WJG
zN|>17zoFs9p!^l5(4#psJ?TndB&6$p(+t{+x>yp=Z=C%Sivh{X?p#ZyR6@RrCy*yA
zFsn#w-$mxF{H6ORPx`OY`+ePGl%JP^cSXID8g05|`)7w3Nxt+jSu#);!Q>??RGw$X
z{k%nv3@pw2%quob<6>tyv$Hc>v%Oel=T93kaFX76`2llL>Zm6eClN`g?(+$#BwBF`
zvnS-TO{f_CrpYXxCyqAG+U$=xxA`;hJ8k8?p&YJY`QmNky&CJU=KjC|HSq0H)b~wC
zu*Zfz4bt(|==7gMCZCi-GZo%zazyT{HW98r+KYROnpQVndI4tojcGSOHbWIAXgB~J
zW4vo97r8#l9T+Vxn{9w<V2ZcD3d1y19zAN2T2rC}Ur@rRTC0+J>b%pBcFvECfb(LV
zm;${CZJE<S-Hb=w9q+6pTl5a0?5E3jh(kO__k*=a<AX|Zy|0<^VMMRtI>g%Z*|yf6
zG<((m^~IJz{*YZn6E3R?9fnIQaurf)R6;^Lmj-z4>YI#Hn)0s4RP2{_y+LW8_|iPf
zu`n0A)rK@M#=i6LpHAT~#2h5NHk4z#CQ(@N$K-3Ie!+8=Z-&UvZ#TUjXcjT}A}wW#
zgn_?GWssp^JN^MkB7xFLv(<Ue&F=-LWkWL=yYP#^&veb?-{@+m%Y-Li<E)pcKb{WJ
znj2Jp{u|_oQKed?q3et{J8-k5++obMFjI)r8-X47JczdKA0?X1!s#a<@$hqYwp}nX
zQn%T4eHo?DH1VEc>jNm3lL{0$mUtKXa=J8P*U1D;)Psd)9zON(eW6UGeA>KCAoL`p
zji|1$R9C4&lG4reck1Om|9Jk@XEe-5p@Z%|$)C&q<*3I=mf}~z95lH+HX~AZ*7UaS
z2F*58tJ=1b(2T>u(4i9hD&=Wc9JGJi*4A)z9D4ri&AVd$-4N6McYGu(iLFvzw4WR$
zy#iYNu>(4`>Rb3+YrIw>lng8L8)xieEx;xg!zq{xn>qyrmWZvURT;6p+**yw6fI4n
zL6g~l!qx+Nl(k2TG7=B&6rN$--DR_K3rVv(Vw06w@8CqOsk?fd$Yn?12~B0L4&n;s
zYFTa$Bq8@n{x}$jaYf<jgF_aMj7x;WlZn4Ti_-C|b=SouEne7J7>K^Ep63>%Lkso)
zJxPaG%qo51Q0g7{TdOIo=7S8+r}^-Oh^wsM-|!l$&(8-R@{sN8R8J9aT)mSOek|9;
zov+@?cbw-Hpag=$V_o|4ZI{CjFU)ya3tuw#O%Y<Wa(K+-UrY~w#-bh@F``G&;Z84H
zw1|m`k^PNp8jRKWYW>(MGh}89+u*r>LA9r<xK=7A+~D(7@)rwhPxH_8C#s=+X}>Tz
z+}ZLRzIwWvN)!T(M%xuKzmt0Zw<v}J>*0D86X<w;i0S+l=QC>7ykqUzF|MCsXN1k(
zU|_vQRm_)xBtyZoXpTXC%kBc{lzoc7<yq*7)(!5j^Fu_qucI5y#s$;Kp3S<*S>D{D
zh6QlBPqO{sRSG?^%W?_?<eE$w2lEq;=J0HDrlH2E=FZA9E=WXKtvCwuioH3i<XX3X
z<ZcK&33*ldCG42{VOY0E#GFw%CremwpQC#mO1{`DFi}6{j@YN&=N}P>IH~8Kb{2r7
zM8y4UGtJ9OAFnkix$sg0!);Zn0?x`lz3)Wv5cZ~cUPLK1DLHJ5!S1=t`OrCp=oUpq
zC)F9f@Z-iW#bL*<m3$>-l~PiNwTXUn?N-l6=w)`GeIjJ|9)J7CUT6gy<p`>iOlxZJ
zS46Rl;aa!kY{Vv{<+J&iDX)pAB(Cnzn&JZNH>hE8>7T5S>mC?^gAv%}JWzu-A$+b+
zm(>vey@r4WMF+h7e*7lHvaiOfv@OS6rqJp)x6S6heP7-zU)+crcH%ZgR^W^wKpl6s
zVQfxos59&6bV!tB?(siq#2Lef)VZ$68zh!LO8;PlnvOc(B^=RkrZnz6!SvtieV(H0
zLTR9yJ1#&elFo&WXrX>)RUZ*R3L^RBjJH6zUAFlL_)6+~?l(8o(tv`Q>fQE`i~8EN
zmRxBiCf!oV1e05q1ib*rxiM47m&)a)U#nd?6{V<hde$fL`1MFWJ@|^q_zyywknU~k
zaXX%tl$G{deQ426@J?oV=}m@Pj1i8j0?awS5|ink$W*@po9t8E_d04b^r?ofZVu<R
zX1U6rGlRBa`E?a7oyV*-YIRKlv`DRb&)hHLcTbeg<VCw4E$y1o1p~>T>u(+1yN<{(
zfxAv4rH!z=>V=|m_+UlUxE9F0$qS8%9IfV&1hUF&ZUK$O<d8kMljN-I?BDE!M2X?6
z(iK|WM%AE$2(8HV#ixoNXao4@l*hgchGe4n`pJ<-LaT(D|JvnCIrBZTALf{nWW1+4
zJSr_pI-+~5t*I=~fi_wb{$`#^d(85~geHzA)Zy+>lM3*Z0QGDP+Vs?b+qVgJ3$8B?
zzd_C5u8vyd%OKo6o^fMUe9*#JyqiNl$IH#a8$sgta^_J-d1t>D!$51KJh3>Xzo`Hv
zh+@r*Zc4cT$6O&zEWnB5iD)IYOU!I`d&I-VPX&?zIaf`ht8~A>PR7g`)gjf`UMfd^
zmG<6-*{g4MRJNFnzn5g|_6<!hDcO@|vym&KN*p4=vKVy95XR)UT`|jfj7hWkIlr1>
ze}hi(J^PJ&^e0?5DMmN52I#&=jTX`$@cilgD`e*OdE$$Xk>=U^65o>P{P?*D`)Xs&
zb%)9uQEnIf2LG#=FXa8NYvn2sW~!<j_Gu3{2eFsXp7bl}&Pjki_%6nl3(-JS9K0U`
z8W%#DutS?CqRcm{`X!ZS34*Pv;=NaeWm#qTQQBKAi;>=5DrzNc%uulTRLK$TAL@`V
z?+DYXw#8UmWsp6bE~q~b*iE?Lh;U4fVd_3Uuiu8<p-)RUpo%I?q+Oa%_H+_ob4AiB
zsIpzp;-3Euv$SOC?;C%x;mX0z&U7if9ns16ToAK!1n&^m(qB`Ip5#q<rf$O+p>f_J
z{l9{UZ?F^Y!@gh|?aUB&zX(5@1!;G1n;=^j*RCyMi<2G)xO;PDO1un3e#`mfyhiOm
z*`I!X*=71=`~>q`p<1W6AFC~4Lv_QZ&%?aq!c~Cpk+&YrCK*&sjQsbDn`B4x`XnF$
zL4Pg3)86ZNQJSN2wRj+8JN%9N3MvO~)$6V*jJReMBVJ#mfMw5sBt^O!pONIR>nzd+
zcMY%Y%JNm=vw;@T?yKo6YJ70Pj7e+W8>0t7<=qI4+2hb~R`!?}`W|HNVP#&1k9*MH
z7rY&Zk+BNoE{BQQm1?>O+xeP{2N?I9Pc(rDspLj}@5>5#J$^vb!Y*Z=u>b1Jf5z5Q
zVq=nC*uQ%@G}fLY`qg_om}xd1K4KlLCwjt0ChB_C|H9bw8}?y8*8y19-Jzfc&=#LH
zn|0T?h{RABC63%2IZO0y2fjOdFWGsB&nppO(~o~EJ(6vbC~5I+5$#XXpP#d&z2^(B
zsf634RLG?~C)E`|j)qG^f6RNnU2SpHc-C7lGQSy%B6-M44=b2m=eW|rX7%~Hv4O}F
z%C~a6NTxj1jg$JK+L#{}ZZl)FB}kR+SGt=-YbM*8<f%XlfyXkcMO<-q&S2g;ki8kL
zMg}t?!5GR{=KfFA^Tvi|vX2V8uYaQ{@{Q!AaDl$M#O#0<4%rW%qUH_C5!+4IjP1^7
zZV!HF7QK!Qn`KZFpR@vW;c|1Sihnx+sI#ckPWso>9+#AI)t*nc7exe;VE^eZ$s0RB
z-V)~19Y^!1bn79__v5JS(jnLj6n^O|JmKv+5C6HI7}<bgS6%!qOvkvqlo<6y!LdUK
zgGzxaqKJ6>RMh*<+0eYtKZX4XiUo7M3qMAoSKA@ILo^m;`t}ZtiVmMv^LxDsLgJR*
z&XN7les8rzq|UForjtncEL+2qyH!w%!iZ9gk~7u3&nDrL_qm@QmU?Sx6W>ctlQu9c
z(KuS?J9rZR4bqX|qKV`>b2_T&e4U-;qb3zhb@l6BCXgzM3}$uq*&Jfa4L<<o-^}_S
z#G4Oo=185M0;8?fRV7{l8|;=CPiDaj?5GQLIy=O^y@BH?JJI34tmjkpZ?Hrr#6C_m
z<u@)Y+5c?m_?;H);@p(URD#ew+zJ!cTlO=q{|lrm%6?LOus36*g$3n1eA`LIH~`Vv
z$9#DQ^v{ZGKK|C5X)(?>Z%o7aXsA9L>$EZI64_26JzxHL-O3n|?`;R238qJ7Rms*`
z{>WkmzI`xt+_$(7@xmc*>7ySbvpVTeqI7%8#A8MB5QZ4^tHpE>!hFIE3)X^(m00OO
zd8w<rW6)Y=hOsqNRwgB_&~DS|{g(|2Hu<QV-q%yl#w94H8r~i4$Wu`fbGRP6so7cp
zYR<<n!JPgS4+IR&sL;m;8&R4SABa8Nmvl+ARaNf5<gWVQ9Gf*{*zV*}Ot@ye2ZNo}
z^RIMuiXUobEP)B9!y}9yK1Q1nN+aQe{9r`J;Ddt&{>9PlExu_SS=X2(@adUW>B>9y
z{IH)dw4<$UBbHk{FP`N;jep+Zr4K*9EIZ<Hvi#Ky3uz`Mo{A}Cl~zJ-C}dTFY5^))
z;UT|wV2+qVB)0$4Mbw;vNEGKO*&{qXq7!a3Q&Z0uXbjZU)Qi2`Ucm0Lb$vi)KsRpC
z+LEd{g+K^nvf|!)q7!VvnSt^*Vnu4XJ}{GamHzMZ`ivqA^$xCzx!9Tja`oOV|I3kC
zQ#QkXh{T|)+E(CGsrMb1vZSZ9OfHl~5orwUz@lu9cOqvvjb%lk$oTRDTem*lGv9P3
z;gF-(XiRG^faX?pA|n>jxV+q~FC4uhmTQ|+Jye7%A@&JE$TAV!ViLPca3_A?eDrjM
z+ABCDG4Y7Vo9N4l<x%X`vsqb<MohAaa#TIf!<h(?;8J)0G6s0m?ZV|3Rem0)stItu
zo0`G70xY@TGxV5TyMm_DwB3}DJ)qFMk?P$<jlIs9W#v^&zQn-;UmAoTycP21Ju$>b
z#KOFmgIKwJx%|25&?yOXyQFEnZq6>n%`LMPmgSLe|FpKWS#ik<EA>d<Nr@bwxlJ#w
zP=#7le$l|!qw9>Bft&WX5lvEuVZIc_o80>^Hw`ATHYQH=16o{0+(JAqyaFnt$V*s9
z2g1GW6LlxyJ3IYW(_&3Cb_e!~cIhsT$YI=;N9<m2>K%Zu1`T4Xfs^31%m6M2H_usk
zjiY&ri~}OiIl&XqSp2`GW&49=K`r*^AL}!&ONOi5IfvkzC%kEX3I1bu7hxBvgCKIF
zp%uGRAD7^>+><o`au>S>cNMe5%aVKERS?3~;of@6BmjQxVOxO#pPhwk)fCQ@>)=MU
z_v_`4$X7n44~r8HbYB(U8Vy^xWOy#Pd!sJ!dAErJR!~<yND95Z?Rs15gW56m=Qp6!
z0i1hvU^h+hRW4$5@t>7O!si@v%<Mk~IM?VFn!fqa8)$s?bNxF;)M;Un58ev5cX&HV
z%S5~6X}fd~_t3DNM!D?I!&h7RLyJ|UVoZ?hdLeyEfLq=Q%X`fGbZZO`01=O<?nKI^
zv}wUh)nsIs`jv0lezQiI%YgmvI^@^(LO_#A<Q4s&)2n^Ze3WChH<94y86Vj<gzx;T
zzn8-lp_=@OoLKzEB`KTj?ykmi?X`cO^%Bxw0GDQ$a+iuet>)cTlM|4`1pC16$B~`_
zLY%9&M2pMT0rt+gcT%I>^uZjqU7h-Gi~efZc@89U5TV?qW;3t<bDi-J);{slpJ_hM
zmoD9P28)k=!h5ZD=klmQ*zjEUzF_aHw@SPHY%L2*-cema-I=wk#b?u^z2NVK&gvKM
zu<*#36+%-qthfnziI=sEYNS`hQ>}9JNnl3&aKI+LN;shAQ~4jv>%Rk|D0R^vvG>&W
z()W<3wj%c|zwCtV)n~=q@{{b~)-_gO6n^n}KZin611&aVB;Sv>1Z9jkx}oa645oI`
zl}gCQvi3y8zlM8V_D9rmjQEgPUYWq|$&Q$1!x}RH`R0>Z?R9Na6NSs!%?*|<ANnbN
z<#MwR(hdiI-bc*Bm{R5-WY`o$&1^AFKZ1A%rB%~u&mi=-;VBvZ8$oDqm|oq>?)_U(
zx}F7s0JECO562(q3|Mhh^3IkBJC$k8N-By6iwDs*iA<2VjBfJa&=p3OI^qVWrTQg~
zF7AS7vj$-r!8YiVUz`2&f^v|>2&R>JsTr;Wd@u%X29tm80Ac7*+~E!w2v451V8KO7
z$J8u7Id7P!M{@Kjdg#Tu=y_;eYGhXM>M4K)br<In<$GM3oHaU>fqY!JhoD06`YC>!
z_J~@IY#5`ClS^8tL@EO!`fk6`fi)7FQV069!{G*Md1y7gXbE@``Ww?d2796!{HAjA
zG#-s7QxihOFGGUdl_JGYSi>8aAljzDv;L9FSE)piqb42uBY>s^<K%o|l(*{87oCYH
z&Ui3rdyZK6;V`DV41MsOWmoNu*yvG)68j$z&xq_FguW@oizmYZqn2PMg?F?b-1y4<
zMi&fUyWxA|I`F#s*jGRplF4Ed6CJ|6DwXO_Bk&omtW(=^cB^O8MdCmYwL@O&-e`cD
zle9b94oZ^u>~Jp(B~QEa(*fXZ4=h+%<vZNq{(Uxzvq1YQsOnlg7+PQMkUWOf@QoVR
zXoz}U&XoXUCpR<1Hr8`l^`UJaE2>>i(N#C!;YsQ?*_3&hzYfR9AW4w<5AQI!TUjmP
zFF67;_I&r~QjXEs02kN(;vmJNjo}?jCiN?%6H><tGOQMtZ5$7_>W%(r%mb#jXcjZ)
zfv3GUM?DFFU>kjS^k3Yfr+YpAI?hK%Fr=P%;#YSKwi>6T{`osTys-gw3&!7JrqVwa
zm>AZR&-e(uUK(y<fz^<0_aS5jDZG<`H(Sry>z$<xqxQ8fE_+Fl36<eH^lT4Wv(h{G
zHc82s51pE_!qbWks6)aDL__5@A9lOQQKgW6n|SSg24|>g0&<l5hb%J5kjOvr4=#%T
zc>F4d%X5Z4VLtKdv<_rK$P=?>bXt#1)O-^r<M93c>=xbK?2dvqN?+e?ai@+1)}X>5
zktM1IL<D9m*C`w$)n5%=V*P7jK*3pBYqbcY+nAOpmQWA%0k3cvAW3)Tw77&^#|s%9
zVeZdz8+F_gaq4#*?~E#fC`acdl)M%c)a;zNG%FxKoT*0qk3ID|{Z5W3BO&u9<>hkt
z60~|=$5x?TsxSKfm|l(Rv)5qd#W{<yTWTih@`@q*3`FC%@Ds4pMIiAUvn{OyPv7IG
zSi<yQ5GJmS&ifC>Qzi>y_V2-1q-QYz2<C#SqvivNjBRZnJAaSQ`t8gud5OJ%#s0fb
zs)S9$CwZashV7;tgTGL}SD$6Rw}{R}?(TnT3!1h(-<K>`t_r5Pa(RjqqLg)>e&fOT
z0Ng5BXwR8f;lMp@Iu({s-t;eN_}oa~#l6&NvmP{MU~k=Mbj!|TLKHZl4ShA^I&+5=
zM=e!0F=yf8vy~(^G#FZzR+brrAq&7~fw}(;oLLxq39w&VD0_}r)33(JnBlHe#`)x2
z5+7^_Lu#42(;EAF2Ik<xK)+OF&44A&fy}uH)m#;+Lg!k`sAt9c&ij+Xx-!vn6=^of
z(JGsSOlNEXdPDlAO*+VT#n~2|sCP91q2B<gIP3XF6Zg-I1i;~a>Uh$jey3U#S)it7
zzqCPRL&Tq5v%}iYfqNa;rWuqszpXf0(%Vub{z{j#ibXk)&s}w1G~O46MujOSC^vmY
zHG5l&D-^thYUJFKy!s<Qy1k%y0`7BI{c(y0+_heW)nZwB-=AaXqIjzvonW{15tV?V
zh+LJ95jEe+qM<V0DAj(o>Ahk2CL!d`sFE$xdZ`}R!)mt}?+>0MY?Sj{4>VTCT+qes
ztV>r{4l{N>Ra^<CTD#wV@}xZrU7+krUTYRirPQ+NSv`@iE{wEW?#(pkOc#gLs#vfu
zbjvQEH_lPcLfb&>v0L<5XPiZ7BAUB9HQH}BQxHvwsDyEYf?Ws1%kuyyp+3f(0LGuT
zKGccTI~ed~mMcZ24lG_+Ia>nW0)CScxg_ei+wuQQ`-CxO|0wDlA3pz(6+GX9Lu6{e
zS@M=YJO}%P&;VIBcsg+njB<TUj=4ae5U_)6nVHSn3_d)ZBb{yju?Bl+42#`dn8y_3
zT*WG9sR*>v)^_1`lib4qRJN6JZ^0wEi}2uq7yk$nm+TuuTm{0!8xgxuKzHXW*IP2%
zU+r=u@~HXNX(g7F5i)#S=31L?(a34UxV{obkq8z8pr5w$(tTbk`-tdq;<V)7+);d0
zQFhD|Bk`hLtl#Y+$gFn_T3}K(TivD{{Md>q;VyCGe+Y3w?>Fzs88gQ1`pviGu%x{d
zSYtEXrj=#zX1&_f&vy#PR^Xt^lFM7>DdSLn-sMfNkZUZA7D<^p_Ll^y$e=3$V4I>n
z;*r*Am-P*s3y)i*&ssQUCwEuy2s-8Ol@I>xkFcSReNyU>z{(pIDlrT}YYAhp1XEko
z5jo>~w=|3cN~Tpx4|qTa_e6ZyhpFg$C*LFIzK4kh?cSuZo`t?#lmXEzsXFdO=B0E)
zmQY@SG^C#N)#NUrFW#@~KQh%@iCE3myx0dLYk7TjQanPfBCZOmQp^84WnhOX?EvzM
zT7w8g_CD%9<Cfx`WH(W01uHq^U9+l4NnWnDKABDA`{oXu$#^`MD&m)!#Wqefr=!|y
z<{<Sf-=&24#p)%I#^DTx4Pp$7<nm1hk!f|QtE!gcoZ_w|wq=FQD=5#$gw>!oi(oD~
zYv`tQD;MA)M*~%7kC(heT3^?0{2AIDLtJMLx?xn|fAYDBlf-*3>h@lijn{I`iW^C9
zSKl`w`(~B0urvxd$$!H-xeC1xFnG99hNkDfX77|D`^4nNbilU6c7isQGtsbrDEvXo
z2?L*+n$j>I((y+<dWAh>6dvMw<y{*Wc21!wHI$CJIn!px5kfSPLUu6b4m^_jC$I>X
z9}P_f=I&aHqB-Z4#b#HBUv?K*M$u99)AJcVB2axu)Z2bySNE*ywDwvhzW$j@#=<gE
z2Kr$|WeovzFh#nzB4^F|JsfFIiMOx?1a2K$mg@luzm%%@BGQ7N?HszK#qL4_RJ%?(
zY3i_e<3EpY!cHSZch8oqR8_x+iZI|rtAh4o^7@fL-8We}J*duMpCS^_cY<0?xKY~Q
z{^GXVSlYXlbVrHWD~u)cxs3fE5*TRkb4%m@jS1VhvW~_x22dV3r={%Bn?c9Fvejgf
z!_>j~sJ;Rt;!(DA*?9SpdQ9?RK03z)mJkgXK{Un34r%x?b2Od~!Af8|&=>zIuQEqv
zsQ23ZYI4(E`ph|K?n=ldca;jYDky9rYfOf*poi!#p9*VYmAtWjUV45am5qEXgfYQ|
zqQ7%XYD>Q-j6q?RG3`YWev;i`HjUNu;v*RgfPT0ze!`SMvtIYviATu*?JXxaV#K2a
zhKd@$AnuU2ro9Q_zLKgTP$WCY!xf;QdeW{SPuo0r7<<#i6Y_?TRI=U<v!z*txn(fa
zmN_D(s^{<7_sV=Y7wwi7U|cecg2ykucN8^QVDKjwcdeZS_LsGp(VS`6QodsvxPva5
z+XbOi(C~I`5sgGT-PD!=?R-?JkNT-$2M#D&Z11_OyZkCnj1$zju`;*@QLx%X^r$H9
zl&H#r^VcJCbq&+<RS}D^*4G1Pp_%+lwCr=laqtUsi98_7j=dM~2c#*4`{WfL!q*`I
z(>7^C>*pVg1;a`AoujWl6=CaOEw16LOj^ggq$5o0VUaAjpNAlp>Qluex2x4fNSgTz
zsO!jbOr?KDarn_fHQp>nEx>FR)iC_fyTl5MuUY67?C~3^06LKWtN@e3t_$FOb_!pT
zP&e#RB3i3w3v<Wg{f3p@BArT{IEBFa)>CP7Rqo8@W1e562K*ACmF-JAE5d}6-PlQ>
zbk$`5GbO;cB{npK+lU+5g>XtAM9R=3%3lQ5k?{H6?$@RbQSvD9&Bye8&<LE0NsjGz
zyGR(uC1pNSmi!YkR}!sm0>yjEvk>1t1#GiS7Rh6|L=ALl4?D;EPBDMf19xx;)}mQ)
z6s0~=sJ&XfJq`J?v1Il#s!1%1$!CPsEB>%;a80cH%mTmAfY<%*gf0n%{MEz&(+i@Z
zSe$9yIY((t(~pBeb(yb~Q39sSw$b+}PsX6=uxt#EvX_w0ydQhyyS8*)f^uD7k0G-R
zR(<bu08ts#^9F4r<iA!6+POZNLC5>2@+=R|Oz92~P87OJ)AF^Y0*18P;k5P#(@*D4
z$X@$)SbqA-CbJ*F^hb-z=Mxk-bh!8+g|Whlhzg7mo{~vOT<wQoRd!_g_v*OY4tRmG
zg|`5W-t2PtJW)D@p}dRoMsLV0kz}0dy-+p4et7F5k;%{U1L#JgO^$~4Wu3s7%BIf_
zV~g)1r4)6GblUhW9%VmiA)>v@ISP6N<T_6}qrU!th^Yk~VcPH`fhoeLt1pOnm59a_
zM;auoea#SWud5T{@r+qkG#IN3fGdDS{vT$(M~yuL!QI7(OiuF@^bGcbgW=FmIf95Z
zb0H6I)^y<-|3URIQu#4b0H%%%qPH|0`~&{U<OLe)k9wGqC5{q6&^elVh&fyU)JlxL
z(q8GGc7yV}KXO)r(eQWBSCHX&Cyv#i5-V>?5=<YuyTg5lW5y6y3b%j)sHFwZJ1V#Z
zq`i{RVZ3V_3IFSPrc{>=hdV?r@I2qdaP@@{SrJgT0`gZn_FwIQs3J{<cgW+fQmage
z?N$qi3n?5d5!WEPi$*19`au3yIydbojsdK>#!TljfMJBWq{NEfgYacogLjmY$9E4v
z7mf-eRQ|_=^CA_=vNUPOm&&R%+oAy>NufWQK7>PO!^ZVCQPlJw)j*H!4)-PofE|W$
z3H-13pYY{4$;u@ZR=LffSQ+IZcq<{tZrG1RzHoiPzc{}lG|*b^b4;`QYyPQE+C;le
zdwHkrX~il)b-)eN0y{KzNA~XZTEthHmM!Gh`Gl+rT<2JxxZa5fzi0JM*|3NT8PgDr
zMdUP{9PoFTaI659Nz=#@c2xsabV#bY4n05vA~>at46P>jm+<TjoOm^M_pe$2wap`@
zaAp3q5F@@vV61+nlR8c@SHEhYYh4)2V>8setogS%zEMJ|vDN<~`P12&uBK>1kVdsI
z&o>6)Y%m;BHB2HS+lY4S+!eu;|6bd}8}<))ERoR;Mr7RJI{0{zT0+rMF8)DODGYzh
z?)Vg!s92&A_-|`Dp6xsp2ixU2Tja&(tpM4ZyzOW{ybs9I_#LwNn(}i9<jx*faexJu
ziNE^KzSDs0$Wqo(M|rp+W9Vsv=9qgU8#@>8CTKw&G#b^mwFV|Vuggb2IJWc7+NHl^
zXeqJ5ZuCaAOir34!`Xqu^Fa7%MAONxt9TjatFLMkdX!et<^>i?9U1gST2<QHK)0pU
zRGTBb2^rcpIl4z&xe?2q2%tUti2Lgo94?>mxoNDD)usVVBIt%+in}~*#!Va|778}n
zk{{4N2TPMqW!4g){3k7#FxJlzAn3JqR=FXwx_J-3KQ(GZgJ~gHz4^@84IJ7T5B&oV
zg9@+l(}&pNvxL@gyt+lC0Ee=&9LA#dFsxD<n}+>|_q!y?;<)?zgW&?4VC@(RK~!C9
zh1qe19?213&T^3`SYe0{9@<P%Tc|)joj7FI&iCyp!v1JQI=Ms7>N@dhCek}NYQNoC
zA?;&MEQbyX=3Y@%HGtIiy3aczD}3qnF))O7T9NzWpfSaCgm53PW3EB2@juD3X(Go3
z<vQlFLw~(4vNpixea)*SK|Nv;T^eejnfh_M%g$rf+SM1UZf{Zd8#RKuq_<`UPT|Mv
zkMa2v@%gy60i+u5h~oQyY>b@wttX-U2l<1fQmL(d>+<l{x!_9zp?(cMhDe8kjwqpk
z=@@UwQF+Dw$xm>9v_&D6w7}%u`U;}l)ij?afXZsr!zFiwD$^Xe-#2bR-i^qzI40lW
zaPTXd6AqMKBq}obkT$ili%?iMArE<9=gp>vKEAt7Z4BWpjK=mbuQu7p@G~uEwUDEO
zhV6E`p;}ol(yE^z_7%OK&jpNqG_<irThnPks(Z`A1eYHX?M9rVx+7D}kgP=Jcv9ub
z?0x&Quf-mkv~Ihhk5yRHV)za@v_pBj+9`*mA+NexpNNP_Ru0N+8LCNJxA*NvZ3K6s
zOF!+z4i3tQpv&UDF}mg=mTRTHZRd~C{*0oFRIhTD)<6?SHW_xh2~vtRC}e6rCi_*n
z5PE%y>dB|6IfuL*Rr{l!f}de_pNS=uli4zE){M>Zfs+$OR^cKc6N}Le;)wJp;wh(D
z6(VK!WU1Qq+D5m5A=u`Tm}`%0((9&`qhxZmu=m*es4@R#ly>ePfdZ~oI^QTOGF%@p
z^wkSeAwzCgb|g*1e^2%Y{N7*+Fg1nPir-wwy3o@+qmGlRYRxL*x0LaXG-CY8?tO{^
zBx(IJ%Kz$wa6G8l3G=@CQQBB<h3h+lBCH|_d7|L6cQHKZr>I`xK)JXVUKK5Y;MZ~I
zI%W=<T~G+j-983ta5=#Lea<!aI?s2cnYa6VAJS^o-;N<J)K$3n3qX&o)J0)2ulJT2
zGoNHVJU)I5L4*l?pD~5Y577Tr5`?5zyx346&9l+reiHBH@AYC71jrIPw$2kR{#4pS
zEHm0kePKs#BZzUMOtEsd*jeZJ(apI0ukL`+pQb*zZDm)Vy!k!v!|F5OiS%DR48)dM
zEE<rXD7;^b1#no$Q@D*Z`|c!aLyf%^+G3i8LuDl}*0R#q_49QBF%u}@f$yRD>FSJo
zf4zUWTQ?$Du_<`h^cpe6(2C~rZ`(HFlA%KfmxK5)wcDph@_!WpA^(B?W;7qf@eIiR
zhs2jG68)P92~EwXcZq@v$C5?H_<G<-;S{lUDrgf|WBq?o`M1KOH)lh~>({g0?b*SE
zMaQpq$CT^NN>OHV$ftr^QP6tSFi53OlR0*&@SJ1Fw|H%fRP(ZiAb0r6sh-rCr$WxP
z*hr3{e^@SMrnVXrU*S%LI$<FiS(&49yCjGC03Ss%_AMXUj9j++qHlI>knRasN7v6M
zy<n5VLY7QKH3Ui`8HRne{n`ZoD97s5M<!m!{qo++d$DDEL1%uBhdn*;eQ<v8_4RHQ
zXNSJPalCccWI2>!pj(mA=&tl|k%94vRQ~(9AFBJ(!Yc2_CBfdG*$vttYjVyG_9zw=
zYwy&N{^P3uWuB)JG6wd+k~Ag4FRT0-sT-TrzOHc3Vy!0!XWZ&*0LiUE7Z?+&>6Si?
z5?3Ifyzk1Z<D1ZCyur57wPWCUm-_L=ykgL<sN0<R!M5y}P$l$Z(W6-b;=Ms}O1~&n
zVaKZ#<LwsK5O@ynCWgC5?>ZI{#BGNgLk_}-!F@&gA8{SEYT$c;b55QWPRy#p_E<Fe
zov9KDGk8q&^CctV51)7G2>NQL$!CxX%j_i6FbNJ*VHxR&Q8szZ{2ch6F3p`xxclJK
zY!b!%ka}z;8uwSH01i~#0)=8dw4|BGF5!Xye!B!jFRfN2t0ZZRHIg=J=e+E;d!-r}
zY9l&_5cgyg8eOO@DDh@o<6ozuYkg=#vQMp2pvCEbbeQ+a1^)-*ab+(+l6rZBJ$IUH
RxKb5CQBF;^O2#bo{{j|xu-O0r

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-20.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-20.png
new file mode 100644
index 0000000000000000000000000000000000000000..a2ddd2d24a720268420af03ea5b80ea567da10e8
GIT binary patch
literal 1970
zcmZ{ldo<IJ8^=Fp<2TGGx5->m?w7gW#wcp@Wud9Lg<PgGCPUPisier{F0|?>l*`JZ
z+(tJgEVrTDQd)ERs;sXcT7LWf{`j5q`{VnZ^E~f!-p_eG&-34t=Z8NClhc#~004%=
zdIm^T<?mFIk<?j4A6_E5QP==q0LU-^0Qz|V*pygw0RW_+06-W40L~QvpiZfN;*XXz
zWRCxF&~y900VS@#mpHOioUfOx5F)3tOM$eJBpC$krFs#m(UH^`=cv;$5&^7H*7oKo
zJ98@(!5Zak?ci)>ZHhuUqfjp!VaERlkQ1X%#HRl<@MxV=DgliCw}E<s9Ft6qBvbyG
zS^QAqExG&}&eMZ{eOXg>){nqPzQpu)cDA<a?h2|^bn{aJ7u9Fi+v+L%e$a1Ia7OGT
z$2a2duutl+IYXyLU+po#kJ+Epx^2TAj=P@kk6WpS6tu`ym>8KDFm}U>(xzg9QdeEY
zIboMISC(9om**<iI_8sm=99C++3%27r-*eOs>e13kiff*1Y;gvpF`jG78Bfo0mni?
zXiqJDj|14MXlXSD^fB#P`hu^Lt)IhqV2bib|5xR8tP^)^md$mOW=1&j^a4GF?mR)a
zp8FeLhZ>e`)RiKb$<u)ed3Rb}Y9og6YygY+96k>~t63-gQ-nL>f`W@qfWV}SGf!Rm
zMpb?_adv#HLN}8^J{4@VQs3`b){=DT{b7w>NMac&b@j@E)A-?8F;c_p#Tl9*wk@AY
zQ0g4A+B4a#VjR6@OEi2pcgaz~12;(s(W{T=?4wCj-yRVA9(S!D5U=&KcftcKbi7SO
zUg@J@ih^0;xm))jj?dlPAj#Y)DdV9)kC;hRYq-wO(>{8R_60P%NL8LYf<uSH=eG9P
zYZ#bSWJArORoVhWgZ(jTGk;}<j8Y(N6T$Z%0;1sAFCj9^^bKk4V)ZE>RnLh!Esa_!
z<C_@oiW!hFDC(gch`K3*xA@joJU-7~H8k4dgnPRX4F9Z2{XydO2!4#e2+~!a0g-p`
znl1aG%TksbLzb}MN_+L@3V30|6bxpAZ>q=3Ea8?A9JOzY&*f)MlJnk3sov5ufsV@x
zN8&;0VVO_8nS~$C$xw}p%48p@<}n{rY{~h{@@)oRFQMTy_3F;EhV)DE#Xj8O-aOIS
z_plkRo3!Ux#YhydeV#TImCIXtK^apch8{+J$j!P?m-r^Dw-v0tSsD{5kY^TGDc`6B
zn-+F=L@e&Dcwi@9`wnAWb>e4OxZg}W5O_?{Ec^*Y#292&=x_{{4SC{(wbHAp-^x1q
zXRESpD_=%!cXms~wZFQx^j!8pTX1uxRKo@123#cb;dlQnPg$QI(Ft07=;6@mx5b)^
z)1=tqG}RB<d9`+;MCSJTbjzD+I27Y+RFH*?rP<lIrCH_=>o_G5t$lR1p8c*q9-*v=
z&-wT|<be{eRDJ%d#p9X?0NI#>M>W~BSbyrTymNUc36oQN*W2{aG&kV*bc6+%Pihv{
zR{DunEU*6+)YtuvHe91v7XR?+FW7iscu2sum6q8?`A?n`t3><&IS>u{lGb~8ChVX<
zAmG9hcp%%PnpkcwTxX%*3tsOmB)IbS!xP+Jx=SIcJg89fr!7DeYxf*|U%8-!*ykwt
zl+mp%h2Sg=ooHZkR*FUpd!TbUJ(}TKQ?=~{@~%L#b!^QUq3(Gz`B$(8*?H7FVg59h
zcs)YF1(qIkC>7(TI>o&!lxH!#8~?=f&fQfs_pmu-NBMs4XYHWn{^^2kLbWMmkY9#e
zw({G|{qgTH*9C>-%&!?xgI*i9h5k-&QrTx@%lT7_KO1}p7wL6pL~P=v!9p5l)1)Nd
z?bp)IHTMkMH41n5Fj$<$a8OUm8e1NK??D9LZ_;V^>bo%+Pi&unMq8JgFu%`GpxIB@
zeC-76g{)dM_vY?}YLg=q5wluzsu|jNi{ut^{KbXp$uyT<=|?0tbq84gkw<~{tB~@R
z$1OHH9QS<KzR~4OJi6B8h4wT3a%Y!1wtIZQA7yU;3HOWD1kL-G((bU+aszvz5aA_n
z0y3g{azD&LB(m$}J3+gwW)IGe^=T~4-d+WFPd%J<ktOc6REDVB`@Q-k9a6r{y|1g>
zRFq<+UOL+EQ$EzG8=u|X$KKJVIEHz1imo|K5zYA)<msBRUQfsbf*U7|{IAgE9wjMJ
znEezc);wr3yUUn-S|Q&|oR)#;NTn(!ZpaJjGIB=7b=3N!^h<W<gvxQN65pvUG8S&%
zy!UhzFsx|<k!=H{(Ps!9i2Yk@x<${d<k0utlWK}@u9Hdo_-+f1ol}mE2^+~Q`=c(W
zG87q~r|;w*0u4^H^!38&gh6n+EGiF^(6E&sl39ol2Q=me7Hk4tht|zgdSSJPLS3G$
z)7jIlUs|%C4H)5ec~W#+?eCci(E|!WW-ZxAnwlI`>7H@D{3@wk%F>+C4md;9Qg}VV
z**!fUUJ#9Xq49?Z$?74jOq^sAaV69Q`2BV>$T4(>`$VI63S;%kFZe}n7;?t4DZfOa
kQU)CPd|AgPPP`40*&KYa{rZZc<f8#NFT7{-z6i#D0JIu#PXGV_

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-29.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-29.png
new file mode 100644
index 0000000000000000000000000000000000000000..4c2d595fbca9ba3070b52478f32e26507b9c4263
GIT binary patch
literal 2890
zcmZ{mc{J1u8^?cUFk@@1V~^}AV#qRCMv<j3<l2&TEZLV4G2O<N#?}<!QVbzWWS4#4
z*Fn+X8e2_>Le}uQ?;r0u?;rO$=XpNoe9!qj&%X}=ZKBV{EWiu^0GpwKuK5{-|7mu{
zv&jf<ynO~y7Xx!+00@%;0DLq69G*pZ8UO?<0Klpv03g!=fY<+3gPF!Zit{af-P8XT
zll9*0SpvZt8tXw;8JM{RS=|o;&K3cZSUqbj#tG|+bP04l1AtIKsK_Z?l~Yu(Kqw#)
zsz^n|B?Seff<kXGo9zDyK7N?{ZV&%msNJi1c_zsG?*jI|k82Rt$;bcSorT2|BLHB&
zXsD}WVcj{G9&Yi+ALo0uk6s1U7iyH@@nH`O3hu|j5H+~FZk}3FN}WR){Wg02j%+6C
z>PSk$sO;OycNMr4*+KJ(7|Xb#qJ5N^GK#2Q2;FMJ2X1P*kBZE)DBI+CRo5Jz1Wjpr
zZ9W=t-<)?j{j<ZF2?{-z`eOb=wOb-5O74%8$f4)bD_W$4_+=0$xVits-3v@mZi}{O
zjvXl7xGZP(F=hu)Mna<#nxGpwlp-4_{j_v30|B)VnE)5mlf2OzR@->G+f;Q_FJTFe
zD)vani?36~iB$>MW*BYlHN%Jj@dl>mr|i>_-1nhlH5ZJ6P;+=**V@})pXzVmX9$J)
zneo*}?A7cOfk7HXF$zHvA0zs1GJCz$ABczqK;`3f)?y_qZ>h>cCXL`#_|&KAf{3c=
z=MHIfV(4hXh&JP=6L<0xE-bj#V9RDj6*6i43r4XZfg69&-3*G+D=SqL_&U$o&xnC?
zo`~_?4j+bv$uk7Erk1FaKGk`e9B}))shO`nh@gob63h~}1$FLe(NxTWT2piWjzuM!
z#d^W;vt_-4Jfib1a@PPZImLOg^6ca&XA^vSj}j~03db*3W5_nm@=>!m%CzJ%c8IaK
zh}ezig;SL2f+75MuwwfH>un7CTncvuE9m@Mllr=7wanh=wibYs*>wN(9ym-<8|M75
zdby<3o+*FS?c9}FC<P<ev-A)><FQ?HKplD@RM*NZX2i;soRL*{DXt+ZL2Xc6j8|i0
zcgxod)Eu9sspu(gZ5a!LQdlcrlP9Jh9I1D6uDs)9c-h?IV2fbiwf&-1QwFmWw*BIC
z1nm-X%|*gxRzL@d+X6as_dA63t`S0Hz+Y3n!0VkPh4mlA%_lk^i&@B4BjBYKq|La(
zo{AZ$fAPH-hxax4p42~Ck{GPqC)pUz#Xsu@0<xzsJ4eVh8P5Jf&9T%^bTxM=o`2=C
zrt#WRZNg__>4*_j)g?xTW0Gc_yYLmG2FYnCR<0<1!02hNY<*jrH`kg@tx|3RlcUhf
zzbb{g3=|{VNzs?wBt^OucM0D`k1<cz&)v-TzK?}Gyj>8;oFY3QLuTpntuV7;4PA)m
zEjLLb#)!J)zs0ffb$|{*$V_W;^w$QGu`5*<LN?RTRrV)nRN|klSZ!T^t~nd~_(ilW
z_#nVpV11Te_1;FJaIzq=mDO{jkl!{O-ZApTqz)<Sk7=_$t#X{-uwFKZeMSCSvgO=f
zTh~zOc42>H`{2`&@@$2)vx7BfA>1bl$t8c}p!G1HjXUW>=zRWpl$6af&_cfe$*tm(
zK8(_kem1D7?ZZ0U$WPZ3=n_>SNO{0o3t_`Q){`qvp8<DB#}wQhMpaJB-0U1E+I(+w
z#DL?-OgRjuZ>o2y_<dI>I?qP6b`V@)DDhLGN!+TrT7|`u?a04Jdb53pSags)^kXu}
zR4CK}eDDNkD<Adlwfa(!)phTw{k~Q$Hp#!N#s?x%{DnL0r5=4ptr9C~v6HuKUG;O@
zL+VVu{6wHaT<jYnutBf+>ED)8dH0M2Lp*t-9}B9;=80F^yYz1#3xIIHuhjj?mnvti
zh3PIKYHjb3mD<@AHJj9Sl+eu|2Uk^|3URkcW8rzx!k@#iQopYqeOKRXVfCqFY-ZnA
z34Q%jV0P7z1lt=VtI}pvL2(c_4LqW_Fs7kwmk=z{-aap!@oGzJd3W&EAdF!_nnExj
zWt2?kY*aNQG?e-O=*vl#^|`RQ@w=HpfL&MZHC<=$n}Nmf0nu;^lZP7^wOLuo#c5st
z%YhO|BRmVY87P!W#$9XTN7rGoSgL%(82_ZiRkKIn6nEVO1RSHjQVH^>wlVFHuFaw5
z-uT|JicFX2k?q6>4#>V&h3Bn3W{`>R(%^utKAz+;0y*Yuey0OBFEBpfY6w8{@bIV^
zBi&Ki1={bg(AS&zD!)Kkms43hJUmbrr47K3Do?_XuM)Edg?qHxA{khyNr^4LwiBk7
zuOGl^OozB7uxK`@1;Ra<xlhRiYVO1emvbg)hYoG=E#>I!bkOR;M<d4aa}W{?3WYh`
z9{QrC?KradXCc^LdhT(U)s4OaBGl_DT3=ER&#&Z0QoRR_>2u;BINc$cx^2c~={c@?
zdgkXx(okxaZAr&&#d&T~ahtjq`_U_2GoCYmYwVz@RZ>Ls)hogYnas^sb~46;c$a&5
zgqn!VJm8BZ#Y5<gdkc5f1>GR0^?o?S4({^Bs$Si`Q5o7DHBPMYW?nDK9@D-SBS<<u
zInmmyjoCL2NXwcBbtfBf4p5@xs={s#AGfKla}!k0QM~IcPs+MvlS#C(6-~*zR8vW&
zkdbha$lNH#S{s%mBqWKi&o*G==e9|CaFNOsjxIn#Vx%OdjXz=y1ZoTDYw6)&_zQ;F
zL$*S@-Z+;SM1PE*;u92ka{LxXpC=IsfB%P933WVEPp{j|zkAaN_f3@jRyWHcAIVvY
zk*JoLY@Z?0`uj&GXvbY`=|XRc*RTlv*Pd+c7go&9@=<EcM%pV+1KGMb0_^g1YQN)d
z+Qa%PSMt7oiRfEoVvMLX<j>iU*tbiM=C}3TwC1ipUv{oF=<TT|@pzf>8~tXX$wI2=
z2c^%uVSTE^nc$GoWP+nMI{c8bCMp&8tlPnt+hW|B+{j|T7Zl=LOO1!g$f&H)%Pi4A
zcv!bLWCYEMm(EJp`DuZbeAE8{ZbuEG@~KbjSPp0p*ie<mkgB2pMJo8Q<T(8nUeUY^
z0*^<TQ#~KtPyencgNCJ#XVaN`b$<R9#)U_T7Q#{sq~?#s(IKWiA1gfyX>$ylr*{Ri
zLh(=@u%4>g-g=UY{xDH#dGK4&y?cJm;OUr`ygIgtEIrH$NVW6hOFBcmHo5F$?CErZ
zuG~?#pU<p#lAdnoIlv}AVgvUuvvMpUdZzqoeT@ulC)hmAzL1^91UvsPtEZFm#}O|-
zI>_Ld#MyNt`NUTz5}z=Kk~2__xjU(`IvI(jhmKUajhxB=e)8DHyPOy1j%*BKoVEg5
zCfbnn-3;xYcFef$*vlRYFB}|vtprAt?df`%k1D**qr;0m{XV<5p=>Tpsrc%?F>9ba
z*(kG}`$;j+<mEg1W%m}$H-h~Fz(Gtof2U~{nl4j(_Je!RIZ(!0IL6Aqag6Ab<m**B
zEtwD<YTivW5NpHV1eL2iU`)kO8b9f{)8c*>=!;otZgVFpvnW3d3wc5B%uT%kv@18p
zeQ>IeN*IL9Nv+N<zVh@VLuo>;rlpxcZjHyK4!UlhAiMFhs`AM3X%%e9$DQhd_@vLI
z+~KJ#Mzj3e7FQx^@{I9Jlk*XN#tv59lYE$2t-|c_JtP-uw@AA^8}$1dSMy2P^{YJG
zQA4S{t_ZXV$3a<glkj(wg}4)VB$SS9wgbO$kV80O)!Rlr1|ME|%&%#GDJ0_g*{2B@
M>Y3=4U3ZN954ChOlK=n!

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-40.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-40.png
new file mode 100644
index 0000000000000000000000000000000000000000..df6131bf5db165366f6bdd405843d8173b7939aa
GIT binary patch
literal 3914
zcmZ{nX*3j$*T=_<8H2%~EZL(;*0GQ6$Jm$bOLk)?yBSfonIZH`l0BqJc0#h2m`T}V
zgzQVUgj6H4`}aIAo^zfT|9j58-*dkAe7^Vfy=Q4|$ij4q2><}F7#rzX|5fq-X*lHX
zoD1=m`76R+M%HEkz#RktfKLJdj{aKs4FDh#2>@(j006ao0DwEJ=(Ux`-vz|e)KKsI
ze~Z!K&)i>!0cUKc&#(z*y1)nXI}HCD1h|6Jcffgj;C$4)B7FV|KprWtER9r>mP6Xg
zBh}<p)a2wPkw`TpvbUP$+W!NBL%johZ~u3o<xg|YUqJl-F5m)!eXux>;IRMBd|A#m
z0RUJfjP=mA{tMp=ZsTn2T6z+W7pjwNlTD2Jw1r_huq>!f209!4ff4-39`4K!FTGn%
zS%2mk1=rJe9v4SZy6N<^V}<8|@~M4rVIG6-BDju`F!oAL_3J;sg{m%FX<vTN9b4bk
z+}L<?LbGD$aJYDQ`e{<Kfu5eB<cEYXW9sG+IQ~b23(e@R4q@QN^rm=5f4nu`nyC+b
z0paT^TYrfj4FWPgr-K_xswF0w)+*NTpN1NcgrSvLo2fIP=rAifCzbDkZx#G~j-2Au
zjM}b`7HKoLr@P_r5v)?)2l#JjC(m^ITAC}3!9WUA$TShmdI7J28fJ+C=8%+La~i(X
zryo#-hSiGg;7zP*&@txssoaT+!}#?UMojb3F_<1-9uSbLO1|JI(ypBmRS|e_xr?`h
z&w}^EDoD2a*wz%um;Z-Hfjr+(;&VGDObJ&PsR3NK^m^<8x|gTdez-j5EVJJ&@ir56
z$}$+V#Sfhl8dt}OI?TlfpGMKK1n6=viG!w~8t7~KZp(Fw++3vMAujceGbi;IS{sH^
zy|pRih*tOZF3`ZAoHnKv3TnwXydKi-^tw;lg$kGPCrB6y*u|jvo<HjXx15R;Zk}^W
znVl*hYk`B7nHT6Z+QKK4)br>BnC(dni3gm~Az=wNqXGjb_k#~9n1w(o<eczJ4q1U=
zf%rP`QT~1ps_O|IV+-SiR0!wc5Rhhc6=a)kVq>^jaMv_N&%`-^Dac!{AJgB^LR(~t
zU)j>Uh~khS@_T$>)J|2o#^ki;jb$Zt)^3`z+ShcslVwP9lb-~}r6TiQ3zZrTjwcg}
zJ>v#B0OHqu?zAoqBm*!X5NDWTS}E^CqJ-kZ#|dEGYv<V(l!EUGC=7QSLM;><1XAel
zllz1&DXnTc0t4gLQe|sy?hmYz7OV=#EgSZkqvyLcoBDZ+J}WTkR46g0rUQzRHg-4a
zI%sPyM-pBhjh~%1(N^KU_941c$M4?>EOtWba?-U_Qxf+H|ColdIWfPTlNTI<dDXMW
z?clz0Y`j<*&J`UQ%*$j>y8#h+<`%p0gfL6$Ur`AOj)Dexy|YL<VXKr|7m2iUeYGoz
zbl~cbfNsrhuWhI-8U2_Tvz{bwz5KMc_K2+WSaKG<-`DB{ury$=2-G2s5Mv`<;O9&3
z<nG4&8{|F5Z^B<i!`2`CUU$?bA7IDEH|9w@c26r$7k=Gn;S7WtW&Y055O<1<)p7Hx
zba0h_)*%#j-?lFc{{RjFNq@U8L`qUv9Z%90iUl{QRP|*w8ZIRMD`e^>b<S#iB<9{4
zB<}EacIT%MNDQ07*(C(L=b<W1o^RBc-$S<b<_JdR5)^Y~8iBT2W#e%!zlAM#vr;GJ
z%i8C348x>xFq{D)(D7T|Z~{R8f(>v}wE21&{$^>Ny(?hMbR&kwB}-7&MFe!?&2c1w
zhNn2z#KWk)@^&5`($3d#GWT{=UsNq1I8CE;5A2zGnWMq;1F)J|rRoj(qvF@932jJk
zKX8WnZ*+!OaP1sJW4?vAvL%6;n}kFX0>vJ;qCHC!uY)hdcloNwtVz`ZR@oZ$5FmZ|
zJPs1*djQDFgN0RZC?zA8GM4BE2v@wqHQ+heo87BDTu>C>?o8(KJHx1<)yqGQ_ULwx
zln|eP5^iXf9_FG$g;_$bxM#P>ykM)?8TzQI364%ZO9M@q&exp*D9#`)wmXoL0>fmz
zGzMvh!Ldd%k2k9#LU(xE#_@Kjj-$u4<eCaT=utE6%F??BeEDqGcSG_|?#RoW%2SxV
z+8^D_?T%zthxx1Xm3N%ZxnG4PRW|iCvxD#pzsppz<K1Q!9x>LN$L|*WN$zeuxwvJ2
zl`Q=$ZsyjxAYxw5<D0+A)Tz!s{X<}5KZ0-Ado95g$(Nb-t->!Jv{(@;*Ls!sR;*MC
z#dLOdsBqfDlEP<?Q-9J1Z;H4^WhI8c-wuie*AzRw^6kd{^xUZlMKC13x{vkz&@8Or
zU9Az*UQ>T}ODfXkq69NeVgq?vpg={GP1GH9TdK8`I^GkY5qITj1-do`8jF=ze;3UJ
zTP;JWS$kbKTXp^{ZT<L;(`;&cHoc9wfj&D>P+5J5FNwT6!ew?h>7KOKTM35Ou<fR2
zx`O%TyaBfo^GhpJE_0(tAoFjct^v>M;>T)tg}rY1M)(>+f4_=kF~YksYN|)hL)o7u
z)mLl5#<`j;o^;OHO<pD_R`7<Cu55Ac%~Ik%1!ET>W0x!b#45ph1o>4wJuh5Pmf&~h
zXPya(D?7W?XEiNZsC{nmw8ji?Js<u`6kObLGC7uoT{_$|ZVC9cv~4d}y{t~vnsEP|
zOviFhgh{a?S0oU<SW-W#MO5mU3G6y$-*H#O4gb`e8sa(+j=~F;Jom%5pgS`r3D?uH
z%O;npQNIU8^2RVB$kxKg8AA5R4q<*;g1EnZ1KV81e8C$|YTCLBINQDlMSRK0v~%5}
zszPqHV!e0mNAd~h;S=TvilsruC`7#XFiYW&oO~bfXzZ!_vo_QIu`7^Ot?aHgjCi)W
zjH}fQJI@CrK~N)#Vk}YLdh^$%_Wg1i`*f<odm_(rHV}SaJRA^Ls-i+Cs1aTLKtW=V
z-ndj@lCa_VFG%mb=m+w|`!V7`P<$t6dX0R|z$N>B+RYWNU%b13tL73nA2uwelg}$E
zHGy${L)#`dtX@ngRWn!GS3lW=1z9fs(!`(*>y^#xPin2FjW1QwPnbtmEAPNlRNvio
z9r^d7WF<qir6v<j%xaI`K)xUxuXWZ{*Lb{$pc=Zw>AXy|x3F=NnG)Dv6L~->7NEVH
zXZ>9DIXt(MY?U5yp@Cgnla#8%M5f*S$M7lrt?tf&1&(d5<K&DMQbL(D)eThZ5Kn7)
z`JRKN)=!g9SX?wL9ODONWLw~j;G5b954T2wxEk>K+KN_+r0RzHD=xPLHkj9aiPKZt
zjGyUi2IUzLdxg=n2YDoo`jcteb?C>|uFwR|p}lp<^5@lX<<>&Kp(FUJP?KsUTSslz
zfroVh)z86=8k2Zlv$sC^hI1&V{9`Ov-?~@;Cf&|>Qx`eIqmVXD^)vdxsIrr6krG>U
zOkfP|41BBnCDd}R#`}>j!!Ej6I}Xrcp~!+yn-TfhC~cXYZ3Nja%53qnU_()NEkBI5
zKBHV^ch`p{qfA}gTntfPqG-iMbq(K^a(QR7C~cz$&s8~Frdr~fcENpfu^rv_-iX`^
zdp_%_m9lX-%KUtW@@O)>r7xPX<$;OW;+_gMKAUC6Fax_%#X!3dWNyZrb%d;Rt=2jw
zP0TVzxz7vEEk;9l_Ao0kg$%*R3Pt?`i?&qws#AcBNVBfsI1#+ry;s=mF!d7ml{hcG
zG-_<Iu=jfqW5KE_NRxv1GI>7R9;N+kG!Kilwx<|#JLEd;Zz*_~eYrE+qjwNKL$~`g
z1)j~<b|s8uiIhe!&U($!tr6N7s_7UzK$jbtyM9MG8z=eAp#YNgP)z#qD7)vnfl7K1
ztibI4sCnY(fNeRSxzvbY1nsuC^EV#b1rG1>&w952KUN-IL{^erQ|LKXBJUAk9`xQ1
z)PB+WqrMyr)S6AdK+U>jT9myNBcx@A-4<8{-*$VQ__7;S^+|Z8XNcidF<oR0?Z#FI
zmbs74I4cxwA9&3PVnlBb)czdsBang_W(ry1hN-4#VELU1`WheAwfSboE}neWuYcvI
z?T~pG*|%l+TDGDVgNSZXTMUy1e-jg38-6WD<<1rj(5Ck{ZHj7kSM%B@@ja>e$0R1e
zP%_j#<{I*$Vs5dYi%kI)IxdVYmq;XejBe>FZOHj9w^4rREKwn{)0!lM8VxtPC1-1b
zpcoQrYlv-9gI1{uZJ$hDK;<^aZ`H92Z{$U!Sb~6YECKCJ&i^jLqWWXfz)|LhY!?x$
zXFgGrUTnmVTJHpD&`R+M^RgQ;opSSKN|kzEO~1HMM@0p0KY5G@{3S!jL(*SQ%LXC?
zwItujn2;=%m%gvs^l;GX`7isV@n^PMKC(Vp^clo_{h}%-S%@$74>e`RaNX5vztig3
zaB-ZyIk$?$?^`#`y^07fR^IMtvO80~Rt87)$aFHi3(&h?0N<EMKM;d=RGyXKhLuah
zzi7O{M$&<}1v9q1ljc}aeP!_MF)3?SlwVeylDh`>C6V5=Rs-PgFdXO@KLrIYcqqQr
zZno1ZupyvwExQo(cl1^KnngX<H4Q@Su0D0G^)nXWIKa|#82dM$=iNs%l{4pSrdbt7
zQRe(kMzcULl9KdD+)0rdwZdLLuYj?qL*hHMLX{#?t#)`mxpe;!fq=BVc>_^1B;4uI
z@Z1O9I|<M_Akr5<Ah<PWTHsdNXWzCiqlZm|snkG`lu6Cl_j^nK6az>2ql9j-wz1|s
z#AOrJUZmF~P81*W$`}zW)_uzPoFCZPl@#KCF7@gb60UU5%p^#{Q=fz_@w}Oa*;*Pf
z=DhrBvN?R1nJC+H+jYV(y!hKrjms99*Zm0X!IR&c)?Vx={GhB^?Cf2WQqDnfPHWtY
zho8L2vP}zELPfP0e1<MAH(m&t-ro3Rp!22=^@a28!g~H+K6arI$QT~k+xxcd)g#M8
z20fr+N2R>hiG1>_h*qhbI%_l$D$3zqB3PRMb1HHRnP&WSJ+m25ed$xAY(s7BO2=C2
zfK8T}dj53sJT}fQZMXfV()}7G!rI}N@0>L*IaQwsu>Hmy2}V6vX33FP_Vm!-cMSMn
z7}w_V%fMG;l1(i@ZjUENCQQ22T`q^)b)P2=zU!hB<b-7KIRGpEewqMdeRI7!9Sre5
D6ZbN9

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-58.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-58.png
new file mode 100644
index 0000000000000000000000000000000000000000..3b80efdd9e194fc5519556944dbdc7fbe628bdc6
GIT binary patch
literal 5403
zcmZ{oXHXMBw}wL+H4p*mB_c%>A<{dcgD4=q2n6XJr1wxnK@?D`w9rErMLLE6Vvs6G
zktV%^NR=RP`R>fUGxx{cnca8h>^|q5nce;K#_Q{9!l>A&0000?TT9L0N@f2u;n1tK
z?oPVfl_2c23?2diA^ZRUCKdo7U4<~~0DwOd0N6xdoy`OQn7wma9?4&AK%eMns$Kr~
zpfo#~xr&hcX+Kma--J*xveP)7`dlRf@cF5m`Ptk0Imp^Qb+{6MC{k4NE>hy|J*1H+
zQdU$-_MYe+BvKZM{8|AM{6Bz)m%WQ)@c$1qoP0{V0&e|p1wR)L2VXy15AXk<Sy)WH
z4*)QnX{#w41x@Yb1P7(6H}pi7eYXCP456o#BbL6{wwwg>5;5C6MYlwkns|h7@jPxM
zG-E)UO&x$jo);*vhEcMyc_-V?I5+}KOuLIxq0kn{J=`BVFKT6|F@1nSyjuw8%3IbB
z%&(R9G98mC(`~0`W#zOgNf@6&HDhjXk<E0BeSxX;v3kNS2GPxq>ABKP0Md)Ok_ixN
z4&pjR5&b=s^dln(BUMq=toQYT@0lptHR+wpELyckud<alb#ykMv2fjz%FDl%$~Xk-
zM({Fbu8iT(6!GVc;N1>nRb7J;CdIb*qX{&vn2B`=6DHtf9Eym}#zmyujHrc!A<HQb
zq3g;m(aqQUHCFrPtk9AtYOP6_z&NM;GM;r|*{?a|PqY0}TchTAq9yP=YH4>~KmDRv
ztXM*~)sCR+{bhf{jP2(!q@7mMZJ3xGj!tagdf!NHtQn4V@8G0aFh^t}Z!=8`N)2B`
zLOx$l@CX~w#2)nbI(qC??aA*ZkeN35`dEAI^?UD#ynvodDd<lC%lTdv!xSxQF_V1)
z;wbxfbCr#l1VhWjJTy0#=q({ycg^VOxPKsC!;s3Ld4Q!Et-Vizct>})<+wHeHJp(O
zr$zG#Grg{5GtB8<dO<N`N8PgWT!pZ7O1CltS~c^kXnYyzvir?}Ayg)o^y0zEfYz9K
zwS=t7Fx_>MCT~==zkY4<bASlf42o&vAKi)<^uhv6LFF#-{RdXD>G$oh$x}9IY7W(p
zc#v;>Aij}P>u&SIDFfFhI{4?L6Jp1R>s6b4S8Z0u>{10&5cyt?qHdf@Hz_Zd!1r`$
zvvPnr%TKwg+;)7U1uy}btpo4o8Na5xGZ2@6S%0H(xHkhCvL2LRIrY%uNSC|sQpk9`
z=J)4I;R4=q;<T8fFWBH4+UQ)n%i8%+W$qu-hZQ5)cY@<cqe-YAY!m^!h7tOIP)vW6
zTI)k@b;F$7@LTIguBu3V420d}(gyG}eB+f+3I{92)qRN-P!n=@H?5KE-s>FUOgNPK
zZJVjE_*m#ZvGDNb2&v*+XgL0E_u}*+#Cr(~@FVxFSA-^}s)o^wWYgJ$zkn~xI`^*O
z7&5WUfXK072K&|!y-i?&5kLK;CeSA8`><?p3q_)XMuI;uh_>06dID3Qnz!Fk!fm)u
zbHofz*eBX<g3@5Ia1FNk8{Ew6=OOWP;CsKNsv~{ne>l%XcopgE_ol1&I3r$t+7@)H
zO}|kw`q~mTba*U*fBv>8A~XF1xo*<W*$rZ42W7+C#Yit%BI`!^YLrj*r>rBrd7q|?
z>yD}aGT%@hnFatMWV>kUauiQr7A&NMtHcT8uS1+Z7V|#)aW?KBkIBySYHJwu8zwmN
z9dIJv#nIgQPr-k8vgAwY$7c0io}RZ>${@A~U8;JYqB@~6?faoo@_c6wOv5jZ4}obV
z8kQPlV=gF_-Xy^+{mA$l+y{mSEMmeT3TZ36(SMr!8yz5KO0+xhL)mracBg>>Y*+v0
zsxs<*+9$m}me0j@MRQnYjK8;YTRT4sd3B#qC0W^Sw-jK6YHz1b8BzI#AB0j&nVO0A
zigppsQcr#0j2&kqW()u8*4OOu771cw4%=|0dELD6>O+O9n)5*7x1Sw`Pf`42&mJT2
zRpAzK@2}m5CwF;klWDe&-dkfJ%yyp!+iGGzY?nwP8G<efht%N@CFU99z>^7|5AE*f
zKesL%zwNQYx<QxM{A_mC&UWZj=FWs#XK!x27#$?a!n6E|J0!wBX71|S-BmRzk$@4x
zhO%8eqkN^xgk-GgW`3<E3C+-q=sEV@%GbFZif!&^I~lt*=mrQjqhI#$o_YIu@1GIT
zBfu4v&WZekCaWOh?3=2@lXah+k69`v-$sCbNS9N1`%~RB{r$H;KV7Sh?UrY9P;!XF
z(#Kzv)<UG6+v5$jv%%|n*HkD7*irwQhL{tp-}rvUd7H2jQvj2Y89>Ck4aF?0ErdHW
zcDfGP)E&F;3OJP(yw%{eJLV!w*Ka<Twt5fE=XMm*5gi5DoBskjEPU<<I>LR|83T@~
zx$00P>nRSt>~ZOegY{4J2M&mI%sAzV6-6-`$RvoA>SNfYJkc~o%i72}aShxcLX%Hh
z^7QM5P_=J_UhGtz9Z1ZadsG)EE-9+`1Y94`kTYFR6&uO+S=ya{uizpT((!hmnG3A>
zri+*jlhfR`&J*VnZOEI>PovzVbrBxxn5lT{4^?w8PDq%csP=NHD|Zo%g~76|7H*>B
zE;5HO0%6BbCst)SKiX>U@BV9tEzG>GQvG>?aTPq`<v@mqrZwwvkDlt^ZP?t)%o=`T
z@zJ`GJ9eH#xD(?ER2(}n10SZ%bt{kmsgnCx+4&l0Wp{D`dTPj-Bn!oueYvS*trix1
z!>Do8%3q11m9O5Hs1;PbHMu$TtcyG3@UJ1W0E=oOccM?nwK!XdiT+zKayrxcBW2Y~
zy&$hGEf(gJscEm4`7pKP25Q|GFJO_pRj@>x<NZh_ZYl+?4W?hG+*nT&<FR{)SGJRw
zu^*1qnS!gLVzBYHi}ShIvV|4eC8b<>wx?6eTz=c&^PC86JejeZ>4teQ+k;@A&W#L9
z<?IYgF1K`=#nf*fu1R;rm|<S|Ei(quhLi?D355(c{33w_@YhsxLsi02THg*yfOxQ9
zFCTJF(Y~sn?uav=*d~*jC>Lut@mk+kFN+P(i(X;Xq0>PUZ?Ot?DT^+PyCB}$w<SW4
z-nZzCVP4yOZLus<?NWx#RfN*Whsu8&CEwh^S>gwQ>upWv3k?U#B^Ac5^u#-&CVBhQ
za#Z^XZM-*8oTltQ<c5Qt$n~bdIH|Il%E2I{Z@>OWnN00f8BWN<U-)pfqSE0I+m}tH
zI;h=LNdxv}yDZ^I^4^TcG9Y?^*<zR(zE05%7PYGsU^U$f9g{VVuabu!IxA=owMVE~
zOQ~dag{5Q8V|T(Wuj>o;P)S^y)S(YWk9uTVdY#F&?X6_Kt9=mj+qGt^d4YxKyWf@w
zG}ePuGQh=qtVb_ytVfX|xSnB|j=LIc(TQSl<*Nv4`-1-GFhj|~X(I;fOqrgGZ$Xpq
zU6#H-Jc$;1^JO1`n|Sry*z&zp9e4dKU5MfzA;|H2Qvp@|N^JXa4dRGTgJ#&uFK3tB
zhTEL!%!8vXXjG^6^BdaM+|c7~D_CJS51Wu}dQp$~`;woE^$h?8&B(#UeJvb>8oKUK
zg}&?k#%~ZKGx6A+zvG`ZwE;c|?8rNibI_ZCT$^q7SaXUB#hg7lF~S0EV`HqVGB#IG
zaOFv5krj56r~m^Dd)rd`@8ArA6Xn50+c1W;Tx?0noHE}bOi}Q{WKZ{K@W8W&xrz~}
zW8PD-_{a7y^)26{FeXsa0ZS6bH|IdCjO?Q|33r}Tid67)JQR2}Z!;)zxqqaj{KQ3*
z9SzE!qzzG^bT5%6whlH$B+=wFkY7`SJ2z@P$J`-=6L%neUFkP_?7dF{1ATtcguJ^j
z(gQ;oPIc0*m7^dk1bK(u@6QQVz3rpn<Yx3j2Z@axR$ZLS7w|*j+~T)U`ks9Cj7!xI
z@47~3xvXY=B`p0h+N%dHJ?xXdN%OdT*ZU-Fm~gl%jWAmNv$Z;)Q|L~5DgoDJu|;$R
zVb1nSKtP(62v!=kYwGHkt^Snb;&8zfH6YzLeOBPDNai^ZjROT-oA+ADhqV}`%@Tfz
za@v_L6v<Hhz+SqGg=(_SR)j(1Lda9xB13EjQJ=E_Em)y(P{jdg_lcnPXyd99X=jTr
zwsu<LDo}>G{W7D9GP%;X7h<v@5vJ+Wb#U9{fHV2!@1qeW0%+}3nM{{CT7g}wW5U!u
z`XW883i`OoCoP^il4&A;SmiNeG)FS;DVb2MWu62Hv&OFn^0Gm?vR;2hjqooiH3D-;
zN0evlpSjg7rT}|^Mfj4+N96Kp@<(lfG53fs#5SXvc=bfd*7RH(Gdf*#eWCURB%^lf
z%|}O=P1-r(yo)?$!W#z}cXQgr1xVgXg4}GaWKH<g;+GiaVu9IaklEJ|9zu}bL;ah!
zTK)6gQSqom&t9YT#s-mgJb3HImi?B|E%~)?ezUN{G;4Ztp#_*l%;BPNOB9C#C%>7a
zxuRrGXZR)8$XXsNTF$fmi!3X2jEiN|OM-=)%`ovRS=V_Td&gz4ygLH2M{?vk`Gz6^
z7;pqPxPjo`jd>&smqOLnaAUzZ^{2UtEbzI(S=;w5J8TrbvW~Obh1MY7E-0!bXfIV$
z<!mIIYrbOrqBT@3Q}aPt4H;YYp>oqlk4B=fi0Z^Es}O%hTG#3pD`Tj_BfTG9(GflJ
z_O#>^ex`+$kiFLr7EQco7v8N|Q##%p{qZY$w^(j7aG|C|A^le~(;}@u_nbcu4pdQ6
zK}mX~U>*py`X!G&i{8Rk)}1jWb4{|+hEN>gKsCb8+O3{pzixVv=&-uD*-agm4}a$z
zL5AqP=un|^w<uTa;#fA8bE-ftx-q`7`4rq_HxnbD6h)J)cnI#C50U(8<*PDgo>rW$
zGBv|}hnpKbt-&w(a|P4nIU5p4x=Fm#Mg(CwZrjL2A-2uPsIM7Cb1w!O&$Ut+lyOE#
z4?xo6(^Jw}y?LcQ7Lqv8XEU5T$IGe{*K<w3M$ol=8>NAy)lwPVfG<`G)ulRA#qJme
z7|rAYH7!ebNIvwq`<wOm0i5NzEeyO4e3k~gamA3{ExOmwS7F(Xl5=Da)*foa?B6zY
zK_n!oVSY}vP2_+n3E7Qak-!nloEo17xP5A3N<jzM8lM-N9@MDLJuY`7OTlHc@W4Lu
z{aS2Q)t)I@fjX#_QSbfP5Od?^xh&{*nFe<v8x7~k6U+J*PM)V-ziD1VN;k9m$@0>!
z$<s8S$b8rj=xT_IpAM*wGYr)W9jt+jsat6IBPTX;Nzz8aW&1kcdxtOT0)9140TzBe
zGp-zl2ifR3N$w@e_vYUy3*J@y8Zb$kJEoPJCTs)_Mx?WnR}{?%-}^iGupP_E#tHeP
zSjlRs0G(3!P6|3;gUicK(jOv_eUbfAX3$~wLGur~d0y1n`Lp9_CpltGYHkRD)<CuM
z%PSG*mN!cucjddKz4>I%R?gXT$T<f-2mlMz-~)Ww-8BjYWMJCjj7+y9MI`=SV3zK@
zxRW0g{a5bW`6J$fSbAVZe1gFms=ZXBLK*WGcu5wBB%pPrnBQ#?W}Laco6O7qBmqB9
zRTTz#RjC!LMYpJqF-zeDesCKzC(spwU`x+(1nAm+g_4JuVzTUoC49-UBTLCSSf$t8
z)u~;8Jvy5aV~o58G`&z#pGr@(yx^JrY6)f2RID}LqDG0$xZQ}n{N(M+>Dd}$9)kdG
zp#tx^_EEEse)|(Z5jb_x@1{GLLM`8;TdJ~Ng-d*~fX;Hwf8qg@P4m)ji=8#;u)Gk_
z7k}jp+cn*{7B-`+dE4xtD~N){uZ+9>UKN$5`|F{i`Od$8s9@v;^sHjyndFdCaN!U+
zT8<?Exh#XeMz`sLM|VWh8I|5w)sCa)=J3jVL{88CV0Pc%-#g^P<K|$5mv$m=y5|Ga
zX!clA!DZ>rVbt(Int-MvB&9|++%6A#I+uwn1qkQ%U8Z&p-{?(VLDPH+w;KS4-Z!(}
zyYC$`)a?6)jQ6}z*%_sZ%~7E;el1Uy<wlz*qsV@YZ{@WgHKRy){jZ_(5n33=dPWUR
z6@exvJk1IAE*Pz=WA!EYOl&lMjEP!X$>ab|9dxe1w)g*8ixxy_*x*^z9%)zSDEGX)
z;ns1wa0+W?K)CF#{jOrC+HVPRfXv&PQt~POf(6n+x`8*3l*8Hg-sCK?Xvwh(oY$h!
z!S-({*GIHjQy<`L^7ycu1P+d>_6u74s`pz>GGe|%OdBL~gi%DFmCpaZmxk+U<h^eG
z&!ti^t+i-*t{KK?uBw}UJnMC&CS6GRoq^(m5+xH^mC=_g=93!2)O&aDK|g!x2Dc4Y
zzJK!g@PI_fc+KG`u+_0`Uvu0I5(tjrEMX1M-lOKvs#f^E`|n9`I*)M@ds7R=!R+vO
z<3{+Z+dS-`xEbFWxFzyoIVnTS8Fl*YEPYL3Na>}20B~OjpJo{M6p+u&J{lh}|Ec-y
z>_Nvg!LY9y#de=PB-OomnRPP*Icnwi`ZTx>ZGdtrTYt9z`zISqdbe=sJZo;*aouXq
zV=f%~(6{9$4TXS3MY?<G4>BKArw}&mI{X3E`ZoHDuD5yUN+1P@S`y23cY|t|;hEr|
z)qIW3WCfO83*^EVm_GM-LyQB@Wc5E-p=2Y&%inQ6*XK=L$J6Zo{-eJSeuT1<9c7l^
zdVB*C85>;@yyn}0*{!TzJz;!ll}>Le3=5nrdtEpuWx=KmuNSos{M-8^m(!d_hF&M7
zLKD@nqU1evq+Wf27I?1-O&{+_q=CDPA6<MAqg!TjxuYQb%LZ@V_9t_$mO*(g{q7Sc
zYW|;9%0scc<V6KXlv{;QjFT`dYFBS>rZZm?I+9d~8{^&vA7A+&Y?&zrrth=`YKnrE
zE<es+LP>o6z;C8+YFa9PqJ_j7EJr)`NXzC%>7*Xf8Z(+gEmf?1Z>1v>Gq|6$x|H{K
z@$e@66Er%vP(k#4{l&NI+Y<~Sg3{7M=EKkZ3avrX|4O<x#j!HPhY`kf{wXYK!5F++
znOImFr|z3h&nr`*@USTL(bmf1)HRF!$hNTGB@VpS<^jG-aTaS5$})=Zv!U+)SZ){0
YCaLaXE9M)HSJojwTU}SJMg<-HU$J!<v;Y7A

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-60.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-60.png
new file mode 100644
index 0000000000000000000000000000000000000000..6423c258935b186a55dc713dd2f491949808afa3
GIT binary patch
literal 5667
zcmZ{oS5Oncx5g6^2rU$8LXalC7XgWsfFMmF(wh<t9Vr5W1d#*;L|OppEec5Qy&6QS
zbO^ml6$C**q<a0|hkNHf+@0C;&77Iv`5w;M*`19<8fZhQIj8{u0902;)99Zn|7SB$
z{EMzn$z}ct4_e3Q0RVsz1OTwF0f4iADeM*i@LU=I*hT>W@KgYR%`3C{;eSAiC;Hl&
zfB$<?S)9!O%Rqc}A80|g$*GxPv`(kb{uKfU_-a}B+S~a$z|r0g{{$c_Evq0QEiWM>
zZ6YfTmsNzz$cjlz!=<HrilHL^2XObacX15(|AG3Gx}<-A@c%gYy0|;|_}aO9{r}9$
zw|9B~01HT0Q{Cjn>~3bj3lpu$?%>VEJzsw^-qPwY0lNsqv^kK9teX0vnL4BYLrrFO
z2n(aVFSCt0goTAX1;~gGS_1P@1IaXaV6WxzVd7bPfjj59Es4=NsxJ60yI-pGN8Cl$
zrVWeMrkk1YV?7<6FzO^RF)b<&J!i#ckU(R-Fz+8hZK@7MCGn}&FdNBuI#I2zq6MPM
zwMdZ7TD(uL?O*ukw@?T&GW`~yh&Lt=%Ag~?UjC@YJPxJKfMlC+NdkXi>b!?{_?93%
zVp}s%t4hX!iN2D;>zrEAL(aZ3wE~6j54hdwo?;1!r7Jbgk-cFOf|(xxjeGd|sev|x
zx@B_Vg}=9>Po)T~jJ1#=9#TFX0ck@%elpBdicBTY6_>dx>BK6SSc4`9ffcv+KyK!N
zhCP%chE{r(Eg|!K6|O$&6gq5Gpz)&Kr=AZK*}zzFt9W|X{4-=5pg(_69u_*&6*N)D
z`pY=$ps8xPeCJ0t8<}Hi)66vWm<3!<4RQEN*nBop%rB94z7dgMc-K|Y0%Nra&Lo?A
zOHk?1MLn}zs*)#5<H`B@m?vB1DPZij7TL03jxx67F#jrymlD<S7Amao;7az~MOP7N
zTbMH8B~8&3yS79haOnfLpCmuozhD{?iW+dH0ZvyC4!#ObE20x8fOSlzH{D6Q+8xgt
zCoXw6)!oX>tJi>m7JZx8M4M{r$93ROVV<5I4?OqCYwBfY|Im7C+vq*urZ0yNB{wY~
zMD+?My5w@D&<n>os3opIg!{v#PzU^TJ1h;E6gWpTh0=;?!A^<%Vt|8{S@|JZ@XDM|
z##oX%%1`<u>=VMErSyu83+%se(KN(>r~J+bqRAF!ebu6?x~i*D%T`wtrvI!XT7viY
zaK|0o8waK+^(fNPNFX-IX`~MYtv#=!IkQJPnI^!01lL`icRVhcZXQ7^pZ=Z>$!~l;
zT>|1BZL#cdLIo_OJHV(WQP$+zrpwF+U(ReF9h5Xp#T_@@Q7y3$>}{(~`K&Uz$(s2v
zP>HTM3)8Pmx4q;lEC-0e?kqq5dqU*rR@9LS$k0}QvSw=qB7F1}B#UF*24kedMNnlf
zalTvlobR-QmUQ+-G~2Yubnp3JJ%h}5*4hDK!~Ze)QWGJ+s6m!jtinlNRB@6}!TZ8I
zsV<3&Y-h!2c;*}sVKLxmn55W5`oYa1mnylOo;W_C#8mB<KWVr_zJcDe@L|`HXo_(p
zGWyl99>tvTl~A0)&S;Vuyo8#b95&!?C6!;h{O71v&>CM50tlOm6NnMvXJ$1{GR-@^
zVY0Kh{WYB8*3uopx+w|NrIK`SJ(X8Nhmqmv-)A8z`jzUcX((F1tGT*szw=-D`R?-S
zTzDTQR`~z~^md^3-q|M0?=<`1BYa0i$v8y%j{ViaH<(y9%2Q{QEkKkKIZc_z95!hy
zcTdm1a39sVAP-j`xn%j8<O13Npd(JXkXe2L`o4^r>wqN$F-tvX#tG3C6q8fZL~%`R
zVazSqZP~1T`SYQYGf&o<Bs-0FN$EHo@OJm=KJ(v*c{ZaXt?XZon)l*A<!n~!0gpqK
zmM&mk4Yc0^@C5>)u~<S9r#mz5a}4mM*qt>Q=^dD1Mig%MBC(B`!#cY<OlIfKx<~+Q
z<of6HF2z-~j<Bk4e=j^<-l$^IV92AJt2uJMW>QSrs!y*#AiVc~6Kzm8m`>l6u%a)e
z!kt>-a%pzU7@4`GDSCtUE91`<&xo+%>Sp?pE<w5AO_#99m0+~F`{+B{x_m3`+qPnR
zq&3ayv7oc)umeI$O-wx<5PrxP)b>c6_j>W@TTxW>K+d;q&}ml9H}4!s-$+936aca=
ze7Om0!L)ox;`xCPh$OJy&gtJyJ-j6?F+Mbf9eHmbDM=QV(S~r-y~)h4Z=lDqOi=Dv
zycQfep7-IA8I}d2fR9*r3gAXyF6>;$*H%B1r!Gn$_Pa_|{z6b))XuN=RwU;efej}O
zm8wfH>&h3wQk(C(iA1o?;uULq#AeQ34Cv3<j?@O|5CH1{v$FS;yxwt|f>)v;&vP)E
z4*+sQt<GlPQ<FgBKx%u=IGJ#bCkFU_5$QV_qZ?rS)tF@oy;Uu%zys`4?_OYn&I<o^
zw`kBum_2S_RRxb?Yyzw$L@-q{Vp%3ck8|O4+kj^m)R;m?(lzRH^Zk{XDm193Y^H~k
z#x(&G8H`oX&k#Rh<DIZJSonx3;U)Yo%oV*+YiA`?rmUm(U7~?4pkgO_=U!#AwhEye
z7gW075zMhS5?J~jPQ&M<)k@lOA4%CB-cmtym7ql#ZyWIS;k~CK*NYDA`o6ErxXpVx
zl4iJvxj|*wW?H4hTxFt;vw7Lz#6}h&aA!_+&zFL%L5Tv+8iFw&e0Ycu>>vLnZ2#(=
z>6MXSX|$zW@TyN`@N$QIL?WU+rD7e;gGc;8Nh(a0gfehF3VbwJHu6c|vq^<h)VFY7
zzlofnYEDDq!vn{(F^E@n7jus)h`;e!2Q8~8<GL~le-AQrSk>$_VC?RPyu(4AN*oTj
zas4<G!$y(3n=y)}Z$)Jstu$Jqq}-#bN#LX}vVu4hfvlhEyEh|)5UPn2$ilWFGsKqc
zi>j{L*0j|QrA4K$r_ftN&M%6xnH~q9C9Q38hjTo9?{B(5=9<pY$A$L;Gl8}t6pYl>
z*7dzcTQ=>h)%E@zxjAvLUkzX#u4kX)t)TXar3s!q{9<_z_61(JY#k0A_^eE3($!e!
zkR1~+A-X*A7Bh6NY~x#?Uxl;|w~v0#7yQ_TqArGqRZf0UPb>S+srm0oX6{eHrsjV<
z?91d~5w|`*Id*oQt31{o3<d{U&KX%>Z?u&&V?V_&sr}_XE#RHX^0!_Tl^%=P?v_US
znLZ}rl1Jk$AM_w}Hf5zK;=qTdKJBM8x434#ye^#!n=AX#4Xw~UhrRK8FfUKPf|fb;
z-xHasna<K@u*4YX^5gHSJ01`_-8zcbj(4-_R_bSiA#$IijnG6+hgd}?4f(SE<bK_e
zMoi}jMxJ>2;aqH$`MMfM+C87%zJcA;7CIZ44STt;7o??yqvGz&8Sl;hTOrB%>GUyg
z$R)jSM=;`#W4=@y?><mp!nil(kwCKfk?^u*n((m3#+|ftS?x|5^kXaOpc~4}mxY0u
zOtG{|AG!=dmZDL$0fdF(2$xfWTKUP;XZ1@xWhxX^UEX(F>;#_UbqGiPo_QRRZSE82
z>2rnXLb&L8$7rRAt-_P8P#*cb;@8;w$&tUn7O~dJTX7(fOk@GJ?aMVta(i;~tR<dq
zOj8uMF;QKsIlcHod#!xa&ZK5^FXEgy=kk*)ZJgPr#U`?x8XL}X$70*ET4ISTbjz?J
zBMrq}-75&2F08Kx)n3keSVH?cjbn2tv7Ty{ChILisPEwpre+gik23s&xew)>aU8P&
zsEW6y&zOG<Zapr+Fj=26HbyYYf`9d|)p@nkMtPiibdO0?p8b}uD1`y^>BXaLMj4~o
zyE)PF$aGW)?#2&$dM>d?`=$9Dg>9nAw|Q`yMhJ|Ke{)B3#N_beG}P?KO37_EaeuJL
zllzayO`Dg$zl9&k@aWkj087y~=Ku{(QO&1RR}!wqQRyfyS*F3K_%kDGQCv2mXIqST
zk)bsB=X!5v<apd!KQbJJWFraWBi6-?l@LqCQgy9V8^Zs_m~{dmkA!xiO(B0s#)g7l
zWsgB(9n(+u6cRgRJAY-qV#BKorV+T1XwnkS)g*Tt3M2iEfN58*90zt%rAQM*O^ZT$
zb}K=Hk$LRPp7r^|fwTt<4~+So@2k_XOE??wFB5T{Kdor&4%Reu-K<74KQp+i6lvce
zP$v})*h*eD@Ynk$=DuFe;1mEatu;OapO;RW7!(^LI9zOqOc_Iv*lWWw#HFXMOW(f>
zNXA1sg>ahGbOSWoK4&hqm#m9e=qK;jFQ`xU6Su)d2oAPJVsQ5A6}i_crD~7mP^hxl
zYVA3Z)5*YOyu;bWSLPme053B8g69oS$VH*l+}+Y22{)bsijA{eQ7@feI$VHd<Kj}G
z11PxhJ}1W?Hkg?(UUDogmghk}?sZ6D%{kjDUm<TaGFSa`e)v1cP@vkxC(80AySogy
zY}!{Yy8Njug9Q`23>fWW6;do>=`@J$<bvJE|KlsaGau)G+Ai~Wvf|vCi67MB_}Oc8
zCIvDzz(nR)pu4j!|2{K)i5<$*(Xfg>to<NJ;rGQg8?z}3bIGIVpG_s_s+Fxz8NU`R
zw{NvCmy_KRdaFu&SaD-dg_J;HlmjQS?!A}wGRs=$^qpClAr<j`vAIxk`AO;gsdWLb
z;IHw9t2*z#G1BjOLqBMCJe+mD@%sAno71sSSYd2&3kTRy@#aD%G_S~6{<_9S*q3)A
zpo*W_qtA;$(NfV`-Av1c%e}tB(l<oEltQ<k`FuR(P0boWI|dUtC~UD+iwwCc_<UJi
zpvcWot&Y^(+?(19&`t>bF8nqt8H`+YtrFL4eQf>+QD(L?L)#5RM>f$F>I5i3w_ew9
zN8jtd?{lNjQ510uzB#Il<`|JD=+77!6Wr$%a;;v0fIq>?O#9a?K8Qobxygz$dDx@D
zoli7@o72QenD)NB?T37d_a@}Ikun2+u0NsJy>txbU;DIi)<*)1uO55A8Ey|gD?!t|
zixpF;o6sGJ_|Ayoa4xGWo)vgAcn5imwAJ~UyfRb_z^IjlIY!(KioF%XcKfii3F_jH
zT?gtLe|=WzQ8!duA0{i*KOh{$AYPR`EIx_~824__ig<UF*k*LzQME@!rQ3$E{y3N@
zLTJlxBgBMHuoiIL9%qgX?-t_BA)A!eZ*~A$7+9EDWrr^>cChLDL(YY*Q{5#jhAhpt
z4K*ecEgd9*=dnNhzd!*)-m!;@vCD31p>2>K-Z@9{ewA+oD#|lyHhgamMu+$IWN6(|
zC7ZQy$C^Rj6aa03fdO1>c~5m`QqH7bqHRm1{Bbq0HP2tco!yQo&d>}~%g8^Y1<OC#
zY+tR`F>f8HoA{>m@K(0nT;zgoKSFWn1k1hv%d$Bg5AFfJ=2$8@J@U~>PkgF$z~T(4
z%eGP^P<Olwrzw-9u-EMPTITdF*o{e(o2#<;#2ooPFd%T|-}TP>Mp2!$CUuVYQ<B(#
zLs%Kw|LI~DrM1)U?PKHX&T%eswbVo%g+<DcsJ53MCrgG&w3L+o15~2qxLv&*$#WoH
zTY>#gjwajIOsFY@C7&WhsXMc95vXFJRw4mO6Z_fchK+h@Lwp#UNO`YubRiY&yQu)j
zDQE>6MNxS73N%PNKJ88|7(k71xbV(ej$9R~NabS1s~cbUP*8$vKFoai0oe$04Z*;U
zFjg)SEW(CL{j34pp4}1bPr}pMu*WaOa&T9Li{>=B(w+Qoc*xWrnRu8|L}zz*c5{yO
zyPVFd<Av5_JVOxDe&zH1bOlO}c>F&LSa;ianSEtXJ_hQTvr95v{i)h<vR}vFmF$IE
z3eq5K%cSC~Uz85D6KwkP-+ui30)m{Y5O9?u6HEIWScQ(nci$4eeG}_DMn(2q*P(=z
z&A0f08WAF3;TLj+o4^|(lz8$etKbTy1cj2KZGF7`j37k)Nu9{72J&R&b?)NX%kOXi
zT~!qH$U8YSxf~l~bQ_D?c9W+vc|_872c?OS_&1tk&Y<_TPApRzkdf5p|BkALu<_c7
z?0d74gKbcypZA3X5AC+cmR!^BJ<7;prM58`VbO$ioi25;)sg#G>nApx34!a<8RA%2
zk{bx%l={@ZC-u;4FFSNeAdccxV~01p?KJ&tP{1GhDyn>2;5n<_^K#{;dH)d<5gV|Z
z$h+J!c0yr5p^6-w&{W&D+&RuE*xISBL&f^~%h-5%c+AJHHDCkQWKu);yWGOAg#<?l
z-4@Nk`gm>>C`qh5`LxQN9UHn__uh`hF*M!%W3d@?pew&=Uf2YX#qGDW;$2Mcmo2#h
z+==ORda`D)joI&Yme0W<`9!<FH00mPRqg9pd9`^?zJ>iMeXzg!CCw%32@g;8Q5zlk
z%dRYbP=Cg~bL~F~i~Kmumua_G^h%7I5l-2_k8hKXi49x6tqF7=9vLiu2@YxVMyQgm
zmrl2S;8C1<K%SFio$OVNcw81eSG}pRSbJ2T(hbyb<1oH(^1!HJ6{3?;unl>vB0Mn;
zy(|vqn4c~+;bE?#UQ(f#eas@+s0y7ohMRpt5dKj6kXA^eS3;l)d!xbr<K)D?1hKCG
z`^3!?+4x>TR{(V7tz)U7@48U(0aYQwr}30F+lA%Z@M>2_$-oBF{;%)KEWN;_<ypSe
zUnUf!k$KN{fMYe|RxG&xVVG5y+GFt!)jk!uFI(=dWR7h9H_Um+;f4Z@-G%yMABd^0
z_k9c@=z?csWudQi<=`xTUmVCy2TGBInl_Cc52;?TY$+!#Z)@~~uuOM~ZiIgIZT7Jt
z{2EAeyv=Z*{NQHO@ZU~~isTP>#%5GJz23`a7!pg?7Jr(Ccyd~gMa3^KZlu5C29{sn
zOrMv+d7B6f{N26~oE9o_@=$1Dx26#|dD;I|6<BfYLj^<oGdG<;4DK`}?dcI<^Tv#X
z+})0s^V2R9pd!ANYb(KZDN+v37$fru%cMLy+;QqITaTmHOWR`I-VhC-RL+nwjuT1s
zin~33`VKni%SKyJQNTU%MpgfI{2g#5lV)W@Yw+njF-fz!b-SRQeOJ%t<AxyCwE&Z@
zj_S!BaI|z7tiF+p_)kYn2pnkUCWF&Y(yKvxu~VYI*$vxOCRM(YZmCgZ`rF41DbwtA
zmOBo8$0h+dZ4|0hZJK6F=>;h~kPwnzT`SUixM08$TB8kz<F1O@dz&fZI7bS?ie;v(
z7|z2x*$DfmRge99oLJ7Ig_gLiE14DF(T!z@2~I|+8G6Mx<N2)KKJHWLoA^+-PEaK2
zTaO{!2-Xt1T5H&s#WE=(lD|?Sr1BcW4JS;H=YuPb-tW10eEg|PpHv)}*vGYr)(?>Q
z|D42kkq=?@kX5cQe7A0_v9pPD3Y+z1MW}`yQYS?b@o>54?E9XLNV!UfK;wJirWvpQ
deSrN@D+nXu;iokQ|GrQGx>^RB<r=7v{{k9uncn~a

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-76.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-76.png
new file mode 100644
index 0000000000000000000000000000000000000000..79894706a78b9501077c5ebe2b17f7d2c3695a5f
GIT binary patch
literal 7203
zcmZ`;bxa(<vp(cFINXZEVa45w9~3*R6mN?hP~6=eN=uQ$rNA9l91bh4ZSmq>v`}1%
zQ}p%yUh<On$J=E0OJ?`mnN22{nVk<h+Ny+LS}*_rAcUzY>Hb5_|DGf`|JDppyxl*5
zSgGl10RRC{0f4Y50O01IC~OA+@D>CB_TT`3R3-pG<(AX>Qs&<Vj-`gG(&K*yp7GVv
zKMBYSrlkzp1A-~&2yFkl|GNml?xk$(_1416TFT19`X2y<1%<`=1jYD-1oedlrGzD<
zgoJqn1*HT9`^yQr{tv;~^{u^)|Nl?;a@CmjkHGoA8ocbCtv$UgoZbF^&ib!ZbpU`4
z3#O!?@3(lE>+7fg{VHbF)3<&XFN#Ht5E}t`uZZB*%I1XVrk*y20eQHUm1-e|N`Fcw
zl@z`uh$@g^VC=GVL}}YiG7moev>a#~5_;ewUciZA8F6$gBU7}T)#58BEwY`{;#s7V
zU!bg!I-U(tI0dkF(UEMfYU#igPE%3c5u02J;lM$?gTKpRPNKAgnazXPbpzda#*5QO
zcP=IveNTPxFzBPmfl(yt&mg$TtMS9c;an6?cAf{sn1K$gS%<^arweEXtb`5IF%pOD
zUSaC$9c9dPf^5#xNE`g?k>M+9lsH(07gnv3J4vk>)mTmzT=ijfY{}TVhGfM=aQH1p
z;61Wby-?wJcK?D5k(>+>>sG7P`f`O6h(xd_)WIDcAIDE9sTrJK{2U9*d^fBHf~Drm
z90dw8cZD`Ty0?$be2%HdIL8WzIt_bm7wq&oqH#oI-jukqNml!cTW6hnG8WhY6PTTX
za%&_n5#Xwr@u#v8-@#Y%B~$dZ!{v&6_Xy#Rwl%gd0R4Sv?xe_`5J6GNJ0n5C*~Px_
zYZYGX9)NKBoYk*BWjL7dH1OaVE*8ssW+K6$h^)$(9T!x2MM<UP+HU4W!~SD8!*=%X
z0|G<WGyXAWh>)(5I_AVTcgl==NprdIzgt1UicFJj3R1%W8hqwlMUYb5yYZVO>jIz?
z@nXQ@F@RT7rrS)smY@bvcbXshP&JR<fCR>}rT<FB@m}J#5f86K#Nq4)_XMZxH+Yim
zY<uyTVi!f}BOFY`^G%7u{iD4nIV#=jW;nt5jV!Usw$Po{_Ywu!;hGr)_SjBVlJx?s
zgxG`ZX{A~s<2Aedt>9)`+m*E(aCJ2epKc1YzrtV-50R{^Q2jgkc6V|P-dUz2H4LS}
z&mU7d|2P^p9!tv2O|!|oz&(b=@oaz>9Or$8wB~R$225&P4*THBQq;0Ki0Ei0yreNH
z+vORfg>rK|!&K6XBBL^2F6KRM|ERf2%TuIh_xOH7Ql;{VM~w_|&L*S{7hJKnb{JDn
zzfIyMmex!}|D!iuNgOLiq}_4TWZdO&lIHE3d#Yh&{1I2m8>-_6F~duJzg`aBh+b|q
zE@H@?C{l*^c=!cLHm#h*jWYVMVM7hjVOlfoDUcs)Qqyx6>$A>A*-M{9XnCV(7x}(!
zLL8Dca|d;c_b%3r`Lcxn3Tcz>)k#>rxH~nf&kB!Qz+*n|{WyGqyXA`*lG^ZoGZogx
z{F9piyg#%h*ftMf{>t!(UxBCM`9>^|ey1ZK@<H<I`|psX<Foc#hN3<vt14#_bcUhV
zV@ek>bB@k<iZ{<a?+&hkW+-kH*>h|&d2O|$Y!WsqPEFo5UeGflkLh_xQ{;Kt{VCoW
z^M>zH{?~)ISkz35*^Af*>&!2rk1#8mTE?dMuV&1fyYE<21d2AU+J_5It9jSQ?u^Z@
zzQ0}8CC2Pe9T2zp;C8_WW71~?kzN*9)IJZx;<dtuulJ1{uUu0x&kKg_c@@$$tK{)#
zgb)yQbbfX?l|@{b?Zpv*2A<cM$pJ*cT5!DSR7L{8n_a{heTTwgv+i3?6k4!l4KWps
zKSC9C*$=*FX87_~=6E}K5T>g@ds4ZCmnPp;6};@od~z?HE$W0jIdvIn0m`9geFAyb
zXlB#iH^bk#&AH<{<7SF&nUN9LcCBM<?rquscQ}0GMkE)L;y3NkX0ueJNDhE?)aRQx
z6Lr6jKcn4?%#~OP51q|pI`?(VvtyS(p#0$4-UGy_<PODs{R+VsR|dXAE}e$ZwDZa5
z3h4{UaS13@<HH$JOk@MZ|7!>Zm~DD??wTf+qQa!={1(1SerYwp{iky98nREIM(1zD
zIO=XnTOx^LIT+jrMo3uKHbbq;MZIx~-lrzVhMM0;`&POBjGHc!%vE^cc>XsTTKUIB
z)5I@qww;w26RGYf2|TdI*vAF$BYT-fv@N(kDX6H~hX8lE&NjumwQi7?$QWMXaP3KR
z6)eIcR^pU>gxL|*-v?)rhh@U;TH4|w69GJwcsBBt7&GhNZ|C(*;Y;u(R~gV!4~5y~
zGTbKQs<(@pE<Y+PRpK*^Epy@C;9!|`x705e8y65+OXNF1(0R!m-8`C<#DPCUh>D7P
za{KPl_S?%WU6g#|>oP$#Ga0Lk*xqiNU=cnDOOf5%kssYQa<-)K^%jamcZ8>4kcbi)
zu_s;gY#z<_0kL$*gUi+sQ#b9Vw#0@4H_c43_KFy*z*VHZ=zvn;hdUhGW7sRNI}zh4
zi*t@u28^$DZO-ukY2`-;HUf{N>*t>0Hm6cMNwXERJgA#Yx|uf+tN49(*5gk}S9C;L
zCd~?RqI<&_Yg!!|OqlznfgQHQlFt2bC>JrQ#*!}4CVpXLYRma4e`=`5aD$P$yZ)vF
zqTC}!^bX|sSmRku_lv1ut^M3xPI&MeuzBD{W1l@ous2Mw*MppAxG(x6FNAy!`Pv|)
z7nhv^mm>$Q(JVmBsM!s}p~(sTKoY?qO#)*hHF0m#1t)YX;xc2OE8UkpfTvaWK;F1<
zyM5RjK*Z6cnFD}EuIDe4XKB;dnU4;s4>;%20R`FMzIzqALIO2MduA;Ra&mHXptR=L
zl>FXzR9{64H*iyE*F_Y|s`Mn)3s@Hvap@ZvWu$XM*8z3KnbBXadKc!7oS5VUPHF_G
z8+FHnUL@R};`d%*yyQqVH30r9gVG2l$MyCJK@xf?diP;-Z}E+N$9?x!P%0J2(`JI&
zv~S{%q1v!mCpO49rg}JOCS$SuIC*#V!Tv$b^Nk_GDVHD`TCwWY>QO8bA=Y+{>unUr
zndEBnvioFi^%Bvpku;S}QO}Fw48zw#4Cx*9r-SA;VHZ_mUvC(TavRc~pi1^%1@O=3
zHC~`+qCO>vmbzQH+j%r38A#9+Y$;#H9pD9k&4qFgl9U5Hs2G?xsz;(mn9=7azX|7L
z@IGFQbyYcGZQ-8Ddddt~og$W=Lo;8!UB@vs$(Wma{%hRPtXdRrk;s8^(TRg%U(d-S
zDHh6GOGfw>q40D(^W8LXO7vrvx5d;rpT?KOu!X|yXue9I{f|lEDOM=>gXvOO{}l!|
ze6y>2sre-AL33=POR;U=b$8K{lED8q%j!i#c;@>Zjsiv;*?3nBK^Q7HVc!=0FF8`7
zQc-AIcW!H>29CMXw|ZQYW}3RJ+(n!A*r?|iqttiy&kx62&Fe$r8N-d_n1l;fzmiB)
z=&0w9DU7Z05OhCR_Q3HisU?C+O~oIMTU=G`zcGl(4_wU@FBb}$f(MjI4np_`$s|Z(
zu|TD~lqJciA=$J(0~s9F%MLSJHTlxJH@)rPm)+ufXgW3a_;iHqVf8vECfm#GALC_j
zVi=p2@F}Nw+F$b1uEbH-I(r5F3350RCs$}4V(@qq;=9E(=xg4}SP-+@#H`4&Lh#}p
z(TAoBM{hs@l~P7rIYFMe=CBi?p};<aBUb5YdGsELTi>)IAYx`AVDL3KkJ2XHU*wyt
zk)6W<)b7#n=Q3X#bjQ9QTUBPqtTpinl>d?b#WRy}i}5PQ*I%NVk>Ffz(J9|xPqfr4
zf!7)e(WOc=4En$sT|z)bli1`UZeHVO;h)g+j}x~AqtF=ICL$+qYL-3aI|@dO0CWhf
z3wAkBQZwc4&C~pM_cH@s5IAk_>9=q4M4vO~K1Fs{TKb6hM+7|AGKx`<FJ7Jd*mJX@
zUON=&-^c4JhpnQ_+WQRG*~PB5dRK<?-g<Y`$QQV*?mIWO<tvbf45Fg8x<(9=NPVA}
zsU^1D|K3g}3pm&8P~wPOVsS2FH^!>Ws5(IlcsypN9wLMvp;M7B!W>FkOF;^IgYn7O
z4)NNvB`CLk#X`$GfNBP!LUAkN=xYkWJH%&Z@mmVcX&xWl0}>s_3+-T>qU!0SMN~kk
z*`B=`OwR49XB~Zf{=m$I-yJX>Fhon_QPGfQh_c=JE=6NWZi$TBCCtaCPn68*2E}cV
zW9m6dejo?Bi~RaR5yG(Z+;unHche`5AoXFADuJDz&gaf${^VrzN!wOrMO=mbtTe=Y
zm`WJ0LF1>l`+GZzPX0<-rLhm(RQ}{UpS&EGCA*|g?*94xog?L{W$q6rR>@mmYCIJ#
zR_snk5!;dW^>Lw=vphzmLJ3u?%v`-VZ)Tg|?~;seze&GtJCL!larcuiwOBPXR5+Z6
zrZTrxBUPQNZ;UwwZ)k$!ep)Dej7}6Fiq<A?i#uK*mEu2Yuk4rpvwT(0x<w056_2In
zR=t&|H{jT|du*9SeRXU{o0qtesIjMc2_C%be}>t1ypYm(Mbx~VWF~ea12}YT>DV@P
zhHpwAcb-3Bpe-wP4NXy`@ukFU^(nG`@fgbCSBzW#9>a+gyxR)QoI6CV=&(*>8~-w+
z?Qnt|Fw{x7tahM1*Q&|dVtU4g(`#NCfQ^U7Dk1Pj|8~bVd9SF)z^=yaCY2_1nlpN&
z!=$F2(noy3+s#*XUfS99ESS||u(cSJ?hBYPBGj)Tb<?~4xlbj2*E!XAjCB2W`f+SP
zRGUuPVt=pd>lcpR#g?uFb9thWeZTYmLi6qjMf`of6@pQt+_Rjy2+bszu$-!Fo|9uE
zw2kjHG$~Y$U^SAiANy&9wjq|c@PNsN;a5TrtlPho=Uy|07XYHu{1BWli&Ja<eKNS5
zd>!sI?(%D2EUWkKX%pDzV8c4vY3ZBF04(a~wsM%&?3c-Md2*rIiqRF55a;6JX{^Ge
zi3vZNbL@`nDU|en+c^i6)PZcf?b0vAcQjhhO$F_F@<K%Jk$R>j-2oC#{YfJ8P2`^b
zS+HwcRBO<j#s&Rv8f+CM^ZNxovr%y~liZcEbJ`Y_a=?TVxiVbUo*jn5)VZdAoTpUj
zp)^K>0{>I<MPTA5mtX^*u)V+o^Qz_P{sG$Dn9(nfh3G<Ws|30X8pm$WoE~StLnNzL
zk%cl{#2VYzEm^FkL0k_UUETqRNP0{YNuLkY-J~HKoCs|x?doP{sSt2A(}+Nkc*8Fn
z2uu$3bmy-_tv0r7O8K+!f@C&YJ5|1{wKflU^?t<bC8*Y#)n_3(edWXPAK^?FIO5?!
z-BOa+=c*?Z=nQ0*8|(@cMv+8a8*WxSx0{P1-rrcnbDE}Gz!*t-eJb{c2UdhdlDle}
zLI)njee%cEf7R^786et6cTD#c<q|2ymooHxP=URmnj53|O~z{@57KG83e&B3oNIWD
zznL+6W#$qu`UBcSL_*;u9J0;i$(PgGUF(q4kS`QQ$cSWTjRU?AGM5AQjmSp2$dlZY
zc%jibxw+##p}PHvu8PEi8;_uz3$50F*}1_}eQhm2vT~nNsV}j>+OfW;-{WF#z67Y`
zDwEhN-;tfjk6-QHUa(5;3Gw$FUlAuivSx;YPbF!KX|$Rd{lY0LvC=-vl#?tybP>@s
zRY&Y4>OVFv7Q%BxiD<r~e%*j0hmNr?>H=Ojf(mO-^4yumBW(N<lTP1xi6WHY+m875
z>d&F`*r<19NqZW0vgHOpJ~2fP1#|yUBSHI==9bH_X;xmpzEefXIMhlJyt6j$lS9$O
z7h|AfIG>)VZdaK9`B98V7?!*ALr$k+=IK7QexAXuaj($z=Fh}Wafdi10my*AUe2Z0
zdO+VhT6D=G@gft3O?~)AH{tZ!YZS}Bc>7866=Jn-C^Y<HQ~L;TW#WrJMy*zn!Fa?=
zsH?BY&TtM2sLTT}UqvsGPcoD<sPTqsy@W(#>0>m$&@yZa%geXjm4py2@K`}EiW~fF
zE&hy%#AJoFKc%F`+p<5?IO8mGhVdl3fUG*2HwBIR&qZa)4-OBS7WaF_oU6GEC9$bB
zWE!E)F9T=jP#imn7bOtAw}|QJbBQSp>E*SMCC?gLN;ir79qc#@ikgVgX>n8f(J!)e
z$$Nk!3)VN#l3lM!1xvPfWI8_XS^mXLVII5Ig+sWdx_jty{MOIag>(@@L)4b%m~*9-
zoL44pN27icR?LFRb(;n#9Obh%p2xT#s?2uwnt}SYAn8KOK9kHJ?KAku@cndsS41<2
zWd*k>`Umiymr_y_uJpcyKCG&YZ^b68A>Fd_UBjh)OwKF8?R$SD?=#$2S+73T-9(bw
z^GftVX9sy>0`W$Uq<tS0>880199@4Lk}N;Hxf!5EF-<3KY+b2*^+A9C$vux<^rZI+
zF(Gg!WF$ILEmt!Y(YRLm>rUn?U?ZfkeuCsZTZG#hyT5i`MD&RUi{TwkQ<vAzs97u2
z-N)aH>6c-7rMG%?^SvWEZ;<t@=GL%6xzdO7ngHA<{HAxqbz5#wh69fxI%;{C^a&%$
zTuk6uo5Z79C;rHzaAXeRz7FGar&z~S4tR}zhc{P<o_5UX*>2wrNvB-9&Na=NNay5K
z@EmwNesq#C=VWw)X2W8A`g?yy2f-N~-|Gf_Xuwe5spxoy>JCuYKxNodFmS&8(-XS^
z+T)OsdrHx+rV|0eyqE!V))LhmOu21G*(sw$oYo0tDX2~DNLp4d+`Y+q!$>T$#ry$%
zQBnqJ`%TV;q4d{m^iME}lUV$(KKprL@BO&V=<%B4wN#6%=P{E_NA{BRvC$N=PbAX2
z#aSNHcU7iKh%!rlc+AeBg&aJy4s$K`l4#nt2qG(E>Q_8|cH3E+2oP`ja^xZL<=6jI
z%2gAG!)4%im`O8WE&kVFC(45kdL$;D@xWZhIN53l_p&+hY)#mZer>t<eBwfA12KSg
zNKIrG!xqLqvl;-&=44R_t}v_+6>R%dlg-oJ-1lBA1k2y#W}xG(>yN&5*+k8*lKwpy
z>Pz`l`LlVBMbLao_m1VX1en~7ILruM`;7#PTZ7UN2Jg$#`eD@LMqLs&192U86prd1
zW(m1#Q%vy4NrB&6G8j(4ztPh4si28#eQPN}>N+`=*eauT1@AErCoEdoG6k|cH9>1h
zB6U=8w7O<2WA@v>i^v-7iDt3)@jahBlb0d)yi?YRtO_>7N05;Td<Zqyd`N_c1TnDI
z43O*+i#tz=6FMNZCqN1e5{Yj(!sU-bPmkysc#U2XIQ2WdSj_ee=}LNGcN(_Dvy6GM
zgLQ+_2AzRCiyN=*E_5_w>!_T5JFhOLpItq0MH``_J0gTk`rZhWUFSVc>Gi~&(~A;g
z*iJ0y)dB1~Z&<!d_a<gwe*k@U6Z?Py?Pykokxf6v*woJA7XZ|z7E_0xb)IHLu>Omf
zU1Ah3B#-e6b#DdC>G=YaYSM0iy6M8Hm}RVuTo)NesaK}H7T4M|lW)%F0`Q*wV&Q)0
zjbYWny2J>g{~bc~XpJXZ*R`0kQKDR`#5G=HyzU^?3@Q#ymL#OE6tN>P;e+X8oc>*E
zjNn0s;<dK6YTSdrryB+~=DefDTP7Bx!%moZS@VtxXG<iSxFa;XB7)~-ESrw)NL4z6
z&x2seYW5L&dnDp^mH}8c@TyFCt#mSog%jQ0>w4&LocE}klHyW*`h?<>d6nPa8U=Zq
zs=6(VnVsH`R0f?NF#Q*7M8FCy0<I3a_Y7(u9$OZ+=DL@XE^=)p2fR<^TO=PDpX<Q=
zqeH>VL;C58vpEf_BCA-rl{V$7;S(Mu2biOE$U>@@oy&pE!m8I=iwd*d4SF>45dkYV
zQ2+R358b7!Cb83FA#7l}uiu<cVNrxrM6dvFo%q{`FR#2SRUuxQPMSqP-naDl!A6@l
z$(0Jk*^!MCvJ1QfpjBhirb7iC-%t3Jw@{bl9^J2V2|;XEm{XFS+yFy$1y!6O*k4*<
zb7@(QL;v|%_r=ZMDNx!W5ig+V%x*9#kj|+G#|e`55=u-vQ~`;Mvlm`|b79>Qo>Q~F
zyOa^I9)k8d&PO|?atl+lIM)Wpx&Urb2-yUi?$=wwf9sZX5fM;>y{RXaJ~py1*xg2@
z^ftaxp=`=%XEPwm#SLtC!9rA>pL&txi^$fws#Svz*kl$se|<@nEn>s@3v4S!QOM%x
z1R!1pCzsdyca!GspuxU-$^02tLyLO3aDobj2U8`z%wH&aL#%xmDnolbCfu#ye~yaY
z5y8ys+#R!Q(QQu`$^z>}DsfusPLNOU@mED?D%rOHzGCB37i#y|E!y13TjfpxWmliN
zlf6AIM^<Y0FG_)A3oUUGCiy1H{$vV-2K|*kdq&&@hGIcry<e7JinaqhQtFa9y`j++
zPiIBK-)=nQj4M<dx6fJvs|%Skr<Sv-RZtIOw65AXFa%u@><ItI{obI2(w<g8ZQhds
z%i|Z~M`L(e<MHmrYlkJmD_O7$UHq!#wUyL`A6b|I1&l?~$sIUjd{jsZv%sdb9oB%v
z73_TH-Z_<JB8#tu!j{KayX>xm1ej%k`Q1!n=g4o{!0}HPy0YYTL(g){9GQ9eMC6u3
zdke2}F>k*YnYR1gjx|xIQggAe|Id%LF65(Z%zRG(<XwRYA+~BmL_`zQ-4Q#;LMdWf
z+(@l25phvg5q0J~UUm~D*Q<;_JXRbNTkv6ndwguyuobuY^6gS)wvx}2K-GG*E6XRK
zhhlxq1@GXo?HzK{S1;eJvTK|btJmYuEdh3jDFtKDZG-+QDoX7-R~ImaKNPZPr~%7x
zZr(2zibwK@1^<49HBC{GD@mnT5i=H_ho$oJr_q=G0qy1eF?2xL!eL}i<m&QTJ^23P
z)q$8{7J==}>(%!cFNrMD(#n&+S!*16o;ae<Rx_{b7LaSWc1=FJanOIJ1ziUw<x6@f
zhT1tgNE3)|@#nEflYW*rxA1x00troE09m{ZT)8LG?PAjCsH&@6!KfJT@@ty?<Qk9-
z`rLa!x-YyP*Lv5+bw?QY8J8Uj)_`$=W_>)11FI!Ic5DOPB$^J<svr-=TfM6rk;)r#
zi%Hnc@V1GNK=y;xHS&yJR)v@-%IhxAw*t|!v@EsOuRA#FcP2KD+`VjNRV!%c!qhcZ
zS8Hi^-1^Pb^FTyS{7SNJp2?c&Cv<TDOPIoSZ{^oNFJJf|$WEPngGGC-96GiMtsG~X
z9K39&`i%YC^SYLQa@no+?hI3!>EZ1Le@+fCw`}U129w6{tScIb-!<H?f}23EU>8~`
zn8BPY<7g93`mg9<?}2fs<&jYsBV^b)(GY+2|FobUK|dU$ebX63{=1V0fGKM$RV%_H
F{tNABs0IK4

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-80.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-80.png
new file mode 100644
index 0000000000000000000000000000000000000000..4e3fb684447112280bc6feba52d17e7e178fc4de
GIT binary patch
literal 6447
zcmZ`;1yB^;_TFGwY60m|7U@_(V(C)4r3Haidg(^WT|h*oBqd$xkWlH+T~SJ;k&+NW
zT5{?5^L}sUKl9$qyEFGYcg~&f-kE#uoH_Tq&x{SVU=(Z=0001{qpfaoWsU#UX-The
z7AyMq%D^48O$-2lP(A<v69WL8T)8kS06?HP0I-Gv0OVf*0L(tQEq4{KCP*LZX{lfS
z)5xt3e_nZ@0Xha6&@~7J13Q(=vG3JF0Nwx%s{qFb0Z#G`eoj{gAR#V+M2JfxZi$;o
zh|5dJ$lsC>78jQn7w@Wo3H}Gc)7#O_`O*I-G#u8aUl9cUe}@1!PbdF?2cACvoAYZS
zO&0)Qq0v!SGYgs8%zJd-%>1%zZcafGFYY1qiZU(**8~@0Lzh@(J3D1HSYN#F<287F
zmepW`HnO(PnygMY%0eigq*=Q;H!WtgHou@GD`={vkvz<w<Lm<rh}o#3YX6)Mv<)gO
zhxNC=mRk=0bTvp%P97W#C8m9T!AygD)B>`*m<@rfd@cMhc%@_u49JyLb*gYcbNb{e
zd64XO^HFXSXmZv^=7`sK0*b}J920_o4TfZ}6*-(F4xT{`C-Uf81D!>VLaMXJ1Xa~A
zAU|0sx>46cPc^jnd{@eKPrqH?MRncdxws7E`@^XRc3^9ndsTr@z8*_Iy4v{{WBxL4
zI~{PpNt`QA%|R^FW1F2^;%`HPBS0)YC(QjI<6D|hk%%$~x}t@%DE&S{28={sBgGW3
zMfsa7`Kms_0@s-9?GTVG#Pk==zM6Yfb9YhXhn`-Z&=Mm=LiilOvw4-v)HXTT@pTLk
z(VU$FU?;>djW@4(e{(X}`OqhJ@x~ux@D?C#7<iY@xFaDjl-|cMNSz@9oH%koe+(r|
zessNi*WXx2XuyhWShuD3J0`YVsI|P}8V(S&+Y<z<IwhDnx~=-t9R0cXi6#UnGH`sb
zM+trR4ZaDTXV99YEPDUCN)_0gTdIz?6N-boVmOf?EU7v@jTBF818%Ck5KSt3$ncd(
znKEdX-tQ^)BA>e_lCCzc#tO*JRZWdE3G3`-!~q`NpO>P&0~*IVVYW!tr{^1IgA}!)
zRSl~}k07;~f#I<G^Hgq5AGeBI1ei<!^<|V_UVZ_HpRjGMy5KKNW`*TGyeaej72BqT
zxh%Vf=Aab`<ZbIa6noiAkIM`9!w5_bGKP~{Cr#V{ed<6W%2>5a_J1e?58h#yyw-0t
z@7RgP`jM~cE;N&lq8Q5)G3Ou7(&bd5XH-6g^^>5;Yjy;j!oKJ&40nkCmCJW8tEUPe
zhIsud)-FI&PJA=6`!$C8vcz-4S)m8+?^sHL-D<y(fd)Z2Q|Gj&4WBQ^@aYyXXZ9A8
z87G@8e^%<+v$0eh&Dam=n*8=h0=94R!B?e}%H#;Lh?wNACj`IsbespHLg(lf_QKs5
zz@nSY7WXmLKF_Bs0~MHg{S^<5*BNJ*o}D%q*QN&Iz7J331VwunJyx5iPNu3VJ>W|I
z&KmfB!C6Q|^-v7Qle@5s*2{gdpc&Hq)0fhhUHF)x?@>l(ID52Q@B5)(k+OF5bv<Fb
z@MFjd+vyC@F_@!<C)eah<+;DWR;iZCB?rXOpL)?jC(~-%ZGC*?QZ!j-x4sCh!H{BK
zO^2m;8`G58_fwd;L|u=2t^rSyDA5@>^fgqOo~aKP$|`9_y`A5pn*j7m33d{}4Yu!m
zM5}kilOHAStl8rD#d@OQD(+j_BFs7RjF%Bb6FRqMye@ufsh$pvb_6J_l=nyUd%^G0
ziH)BfqtjG6H?1oX_atnr+x*mo_$NbOu0vozX@e&fSXu^#ox3ZWv^#bS=I@pX5{js&
z(zFu=vu1zaOy|6|ttT6_i0vlME82>G$p^dTAivK(=FYWA^E2wCO~&qKDeCm>2@~p3
z@H_R2o)WI(StV8_QTb~>w>&H_D$?vR)jYsM>#8<xXL5h@{j(Y|OaHMkG{?~>wJUlC
zu=$=-e_fJlt=@AFH7aLZH5##|2hZls-P=z+W`FR@iz(W5x2g?59H^U_mb&pnG`HdK
z1M?fyLUW_Pe6)V5{H|%%R&xr6V_M%!$H7@~-fS8GwG>^ieZnr~V0xZO3XczCYAq<t
z>YF8V^Tn<7VmiW9;}3squ-bM<!oipUi9@*;O9FOPNI&mjf8;191-eGw^YS}w6ThNB
z0PKhcHqD^Ov5UCp{$V{zUy|5bCU!4Lz&h%O-ZajZ+ylpacd6#~aUN~3b((@gv6Rky
zBU=_hF4?=@mk!|fqR)ZDC*Q#_bfG%zSZud@Q85|sa}wn-@<+E);_||#=|jp@rc3GP
zT%VUIv&xS)Mj~_tj`G~S=V7dnL_UbpMg)GSV7{TCXMP;9xQcPW-Hz{!h0u-{P3RGE
zJ_TTIry>z(d+E7T7s}^;x=f3YVz+PBw}fhU%QHhcr$A$DtxftexL3hCsz~*M+2wEF
zEcCQRG}7-}#P!5{D=uaRHM`k}FXgP&im3i!7U<cQM#~+sN){SAgk08<&2B)CB)&`@
z5megPa7;E@#2g@Kd!*|w^87}Nd3ntuZlkY1B!iB1yn5&n#ocb%)(}Wi#OoarITt#Z
z60zHdz*y@S1?v>HnMnsWzvx804bTsWq&!%atKZuK1UA0Yhe5Lhl@>Mefc=U}&9SR!
zy@d}AYsmxT9DSH5RKCxq%TOF?p1;@v64X<LY7&@b{x-SC-|xDg{L+NS8{3!mz~uG9
zvIXqA8nJk>wRH_pjbrLAOcCM)YagO3qcdN8U?F=$PAo(IYTo(#d~e~d;wRz1jkPEO
zXiZt#ECIqj)O0U_G#{0cP5sLDk(*b5<yxfP!)K(AbT!e9Q9m@?5rIJA$fKR7sm|$@
z#({X2hl<X9AdA#KBh2dMq<=vnm`382f|^Y^V$hCcl5c&99si7e`L%a-=|*UFHa{NV
zaTL9SxkU)Mex`7Ii6TDLH0>~tE<|lQD!EmG&-#${sl!~{`5D6;`>CO^`6R0<j&%cV
z^oCpA@_q*@aAX<>#0`OPGc2bS^TB$E-;l9GGO2E6)muDi1Hf)nKh|rvs+ARaomGX`
zL{@rY!irm=dBxll1JnLjF@45AA~Af<<zm-A|I<a)rX-@sfRsa4G`ne4uvI!fn_HEh
zjg2LkwJ;$QHxx(4R`S`Qvh$;qB1nEVM_f6Q=}7-Q)jKLseO}%f&DR?rK+kYojZr%p
z)@3PN(uxQrB_?OBkAZ)pwXJSlJk4_F11~qjQ?YOmIpDXGL-h`fr!z2j=C2;h;UCxO
z!3$dR2}g7h%_}B1urzEGIJKja#$&C`QPl*?{hk+*t5)m2EXI9s2`$O7Up@a5QQLTa
zG5a(Y+n`}n(yrq+utXPGKV9`^^pzaWx-jyg<SWVV!hOFVSal~W{56dFSQ&b_dY2Qe
zV&m?+tzN6-)jH1!1KLj%oSojmXEq32PUDdy&O1gi_!gkigtJ;@1L9%!7<MNqaV(Y-
z6F0b>4$Hs}jk9<t!aCIgbytl`?{13L4?j4IyQSRGf9Es(CTNQ4DV%$|A45RpJRCXy
zt+z=M{_Fi=5u)o8E6HQlT>1dAmVv+WrKWd6iU#7ExJ(Jzjx(FgH0ZWaT?2$?Y3arf
zGju$_O^Z1YOyUHcWe}&GDyp*^^aHSPX-bYk<B6SK>EyWrc2km7x2mKfKqc(@Iwh{j
z9e(Q6QRtGXioZDf!lY4VwWGCI`gMb+CD#i}q#H0plPjg2m^Du-iToJN^Uwb5xv|1V
z(yQ!Qpnmb?z<xK}S{WH5bk``0Zv@Za@*H^_-Q(4Qnxc^^ma9_DGc{x+IiZXAWCyiA
z=_36?a%W{GFm~JmXHkJz3vrWFa%wCwaUdx}mVNhtm==^bxT#p>OW1ph0{%$YBS;>Z
zI)4*39&APF|B|<2YutF|%^CA}=G2$)c`_NT6Ct{Z7_>&;vIfHwQj4PFQ^Ja%M~lZI
z@ApZ9_FhcUpdpo3;Ea4G&TqE|y?#u&S)eFwCdsWM$QgxmgK|Ia=~EsBbbhWCvyXW^
zVE6X%7>A$T_sNuLPRAsVOc?%VMlDC*NME#p0e<+ihm08L<L|JPZ*?Pgg4~6qU8u_#
z2Y_;4t|fwc7~Z|46C14S+s|_26Y)OZv=Nr?Q2CQ2Y0yT!d%ml{z!5cF2z8zn+D5--
zy<->7ECLhBb`nlDB+bGHS-hljRm8)Jm)^$`JwWot>JBKt%YDFacVgZNxm^vhbFtC#
zb53I8<46_8KE1xK??!~80+$rd8fb@%@~C(BLt`eVyG$tI=}CxCf^8AVV2Dg~#L#H+
z>KbzZFRmdyCg!(yItopw)$CknOU`)l;aU9lgf}sFf;q^aMCCo1WA4Nh5ANnUiHK*8
zE$K3PYbko-uWh#dI2PfMeZ1Y;F%UJ>&*CKoJgq#qcOd8E(?`JHk;4TL-(RENFRA=u
zfBRI?X}n|f71t4s?-K+|FPMrn-z7znoX&vC5>)9_ECP{`)!^f`3xxdD-Z>mLCoNS~
z&NMnEYl^K7Abq6zH!}?TSVAKol3x5?)`om@FU^+5|Cnr$F^)E8VmtWUoFiL+TKKdX
z^!<;n?z$i4#PiD<!{2mx`!ic&*-y{X{P*izqWr+nW6A|a9COltfu9_?F|h3BbKUof
zy(Q+&Bgyf)x@A)LCnXFyKIwX!q&epZ2nADOukvWzH!Y0CTPy78STveP{B_dUZFmlc
z9|l>`z6M%+sWr<x;j3b08Fz=bOuYptSmZ-BiY9Wqs}U_^DyCJ#cfK~#O)U$y-uSb7
zkDQ!4-Z(BqtRV6TvON@`c_j7pbLmFvrZVkL4O!Tc=yuMk!qj0T{JC5k<<W3%YwrUW
zeuYVJMlgcD?=G#JjD*5X>QN((2lTJr>vK&#a^;v=nbEukzpPC7A&-$S%3U+r-TLRq
zIe=`{@qap{ZgQ*`w@H2NT=*_|5^<s(A@TEQ6sFN$LyFKybVGKdLmQ?iNt!O6<jWj}
zK*DoQKW<F3jZ!#S@}VR+cf|+e`|m?U{3nNQ4Pp~{21(=QNq~4Rqz_4*;%0mUji#1L
z_<5~t)2`KMhd~P7yRK&DP;TYaf6l$y9;A84;lo|#MXyzU9R?T2E=(Ox&O&urSfaOX
z#5BlVKw1+stZO|;MfKsD%Ufu>Drd0_N$jv*OY~Y%H4>=?0J?ih&R4%xD5ZKuT{lm9
zn_%Ux&R$7y_41H9z})B88D?bYEn&m@r}=-BWM=6JCx`0b5FZGug<A67Bo4XHC9Q$0
zR8Gn)b8M9f2wLTqU-U3d!uHYAewuO!k3_WoU?EZI#MRhk6tV<Z70N3DuW*GH>`2SD
zu6ONU;5&GXX=L%%LCqVT=AUM=brY_^ZLB&>x-Z}^;a;GP)uyd;uq3=8a?fk%FzTg8
zxJx*B-x4=dRP}1M9pzE{(gu*>+XReGC~(nVJW%|JYZ%vNX)1I;AH%II=*>w(>Y0C#
z5)V{f0<%(<a~9S2#>M=8$1k7T2DVOe8*08M>EkuVImRC)|HiQ51Fm#!HFUBg^<*e%
zTD3*ba+RdyV~MLNABRV9nNx32cMDQ@Cl^xmK_pE<fC&WW?EaPw{dcl2uGzmTJb7fj
zeDpEFZ2fs>J$_`A<ax%+)~*WNq7_SQ;{4fKS;62_*)nRdmwl~hATL9j>2bwL@{abO
zx)B+|2Fx3FGVd(g@+)L{R7`cc>bzhRdNP<L(EZaV)Z2ooO@1SRYb)W2?`5Rpa;>au
zfZ{?bX`z}8&z7q_fM5H(rqH#}O~^oXoG2Pfw?U~m@yCawZT7e4r$>}<qk&JzOaDRT
z;UDOlj7Wp^!aydPiK_BZ7GO(oy_-TE<5a6pE%8@|pjgMNm@Wyv2r2{4B<qnQ_wB8X
z%fd0zx2Ei7qQ(AQL3Cos!DU&?RhRiM4RuTWt*UEdZe1f=q%AwF(W)o9-pv^)?X1Jb
zlqollxa69D8J(lHxKEQfvw<(SWY}o)DKnT6V)vr3oMYDM25xk!Myp%|)RwL6+(!sC
zjUrm*fZCDR6MBB1$#tZztL{+HFi{{Z({|SVpK72@i0NS$_0-cT{mr}G7r{a2xmFV<
zP3hN1)Y@@Od!(p8QW0->_MF&-T}h}?v~Q|~Y2;^E4c_=M<-Vh;R1J?eA+#iys1LE!
z>R@xR`vlfhNd>iR-t$D$B%n$KA_m0wzNuVa>5~%>2+wf@_`-=&tv{f3mUX34_K`LK
zuV0ppGi<ue_GX31@|rQlZ5yX)_5kX$kB#Sa0ZbEL#{2dH{6&QsC`LUyK}+B@CL(qi
zzz<;nGAb?1_*`$kra`lyX6V*hq|yyP)+_-TQrIrpv+4Zo2&p|32$4P{W7z*T>3?w}
zS=&v}^8EOrXyIJ1J;}JTbG=POg~c6J{dRVD4YhfGSXn#l6&GyL1)gcjD1QqXyI@-5
z_rg$aoNz2-x*)N3duaI)_KB(L$+s?vH+47iJB9IRO_(&YTzlJ|{lM6Vfrm5!_DLFa
z8;N{WHEV+}-M1V78t%Tc#H-3r^MF{YgUV)oLROx`Y*e0J2P=EjFQ^%_o&*JwG~Hf6
ze|}(W2egn}1J>JVU_3pn8s`bLX90_ZmhWl`Xgkkruxz*aA&~KUl;q@B`Q)0q$*Biq
z*M~)riY)rxCrtO&qPcHgMx4sPBUCj*PP{@OR-4_jI++k-mcWlL`ScVL{fWJ-AnYW}
zWL=8Xxtt{kOqxiM=ZfNvN8yZN59JrFj4u3wU@KKGLS@H+L|1NGU`RrU(HyJ>P<j1c
zxj`~*cRRns>SRyt>dZKO#wgZ$rXaukHPj<Rd=jvjtZ4!1_2vyuCFyq!v+rV%tq<-3
z3%27Y*20bE$R%_SbZy4Jrr(0LeTficWX7G2Z9jfighPLsxf7vppC2npIK64q_jE+*
zz);DTzxFxa-cwVEW^bieLf6g=fpEm^Ls=^gQj?k%xdR_Ru`7tC5PWk63TWq#%36y|
z2S_>a*jqe|zF2F5%o_=)!Ko2OVJwa}2U+HW2TE$lswV6qn?5G$T-(pt3g|HFJ=NXF
zp{w_-Ay5wGVcE$36w|=*08(5NYbmfL+;~Ci=$8vdc_3q1vhcuRq221HUH&5LD-n*W
za@O`W0G+#5p#LvnNh!jz%}mZYd>cZ<hTbPax%Fzc+7cHstt{Yp+en}$tsYc7h1hYW
ztNkN&;ebQZgvwo$uQAuusLGZq+TXFnm+tfDCV^qDx;eYdmR>+zrDrJ?xK7sAed_t#
zjW~f5Qde!Nue0V$hJNj%91MeL2Rzu113Q{SRVb46_PhbCR0`AZyEBc9Pf#fb0(2B4
zZ9YTuZ!Jx&-c)Oh3XZWJCGO|#nyelz7{SY2%s9=NIl4B&D3DQXB@f54hA+j$7-!RX
zsut1Btht*nm>8v@%lQQppIxxBDJ-f>t*3U1(Wi0^#r(n83(W7^Lm%d?jMMH-u*JRM
zZWpo({~G*tvP^@ej3?bighb((ytxCv;@(#J8d%Mf@4ij3vs--BEX@-eVqBTv)k%X=
z$$P9}NLNPRY1IKJ=OyyKU(oE$OC$>a1g?6d7fawv69Uy#9kx%k@cr{a|A<#W)}n37
z$62O%7oQm@YnX`7NQh6et2Hr7%3?gHiW7Gzyt?y1xyuY)f(Osfg}gR~4<YWa#KBBE
zjKU1kqCb-l$tG03*=OxZmOU<0FUIhF8G?8xS(*B(WRh0j7~pLysHD8eYNg+xr=(sA
z0uPS@>l5^t@^gBpUwLuI7|*MqGuWU(muG+F=y5*2e{qx+;&xJ^E5Tsfl>sumE}V<k
z;BbMQ;cNdLz~D2R5VFy04lyq+r+zag_OfS3h?PAP(wW52mJ9z%w|t_<86{@I2U_$^
z9AP+2<`ZxCCf|8<Bb@u35)_P)8`w?pc1TX*wS9=?_TXog{d)Jnq-Alr*v|)&Jmaev
zEc<nHtR;`~kYgZgoyFDO&@E}1$&NP(WzL1a)a-f&9`#Cpn}Kn3RjQ{Ua5zn_C@_Uj
zoe=jwQR+A5s2pBPeq)`FWc^3g(Y1rw|M}W&cR}^H-g-PGD{SfWb=9D*ou9uL8ZB)W
z?$@Qb7jdQ|M=zMnUne?!j)xQ_+!qF8Jpwyr$rIZTQXzVT$$D4RFW13HDWdoc^;BSq
zU`9Ev{ei9&C!i{`L9I1q!Lp;&SV(>A{_ZDVg`mG143;UFu&N*3!_uXsouTbX{*o+&
zmXSx?Wj$+5V`PIX-RAHe(VB+mPb^I~g|>i~aW^S?py?F{<p@=w(@BcB^|y=iQgDje
zYx-sD7Gdoxb6UXT>Wws!VcFZO)>ZC3ZylEkqJWFNpZ7rfyN!Q#<?_FOv!|;8w1+VK
dC!}41Qwl!t7@GC9UVSG3bTkart8b&C{tuKB1&#m!

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-87.png b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/AppIcon-87.png
new file mode 100644
index 0000000000000000000000000000000000000000..03b560347cc4376bf3f3954c171f2f0ce4d9a34b
GIT binary patch
literal 8043
zcmZ{JcTf|+yKO=U5PBCPQlv^K0qG!8r5EX)AV?@mZ&E`LQ0W~6A}9#brS~FAhbX;+
zK<K@9p1=F<yf^R8yq($oX1<-X<)7W}obz5+TZN1mN(=x1$kbGo^!`QT|8z=%e<Pa-
zSnyw9wN=&A0s#EE007im0O0ap3bhUZc*6mJO#}cSl@0*hbIWRcF7t1K;Dv^Y(%pYG
zh{@UPzYL+5nwB!*CYYG^J}L6T{og_WPA_E>FFPBrmr}MKFaHIAFkD!SA1=x-1UC?d
zO9_ih2?@jCa49&vyNK-3{{wjKYUgPG=Kl|<J*!Fi2jKZXJ9s(1e(C9D^V;qIkNLZl
ztPTJ$Yp5y78~9D{WCvtvja_vwVCUDQ&KT{Zx8j?6MeBM*6ZT``KPV`j1!|~2VjDB&
zeXC2APuo{&k+gD~)a2fOGeqk7$#XTUYGN<Wb13@qD?BWtb?wIgP4)y+dCSDKbI{N<
z)*pi`<)orgj_T^-RYn2AiFWLbS>;g9Y^<|@@I;gwh*ll%2bnGpgh*U2_or7CY`>0&
zme?&RhQ{qL2Mv6Gv2`ltiZCbF7H`1hJBW+V1Sn5@SYhP$c8eoPL^pC&tOhE9bteam
z)rXO@#`U;mfM>CY3kDv+8pqWpqrgwVg839Szi^0~0cQmyy}xM_f{-frcv@KM6#fyc
zq!%sBN|zT~4cLB5?Ow&QxJooJW5;N*!c;it6k|ptY*nj9v_7NtXqD&p{g2%yUcV<Y
zpM4Y$8`r$=d@0_;T-rDQE)vq^n%!Q7{XAD0?G!Pvm7hbF=wner^S@;{I~-QEeOkzO
zYj(M-oY4odSKP)@g+A)~{c^k-in|04-=!w5v@*IHoVc0*6l@Tv>C*8cW!C<mdENkh
z$9|_R8U&;53~gSR>~NOd2C<p+>&$tu!!LHyQ&Cb>7^xnBLZH&sLh;7-kB|*P2|ms0
z)eL?KQkEs`d-wXwEHL)r#FwdrMgNgE*7lNaL5V@_R3yB!=R@`P@)|`_Vpl#gPh@Pt
zEZ8RSC5mGU@!`tpGiDKCH7>fEg&<8GGp9*Cd82oRQlP8JpTewvkh}~Geq|ww_~#&W
z1cB1?tV%gU=rH|gRS~9-pl)Vtrhz%jS(v;)vg4={HXum@k22hrqx?$?te0g!IH4*7
zWaK5{Cx0fc3vFmP0bU&;q^X#oMikYmH+hbbilk2$<mDS~^S(7Jx!ZsVl5)Un+52^3
zrG9{DmoBC_f}yp?7_9)NN|<!*OHzW=!*5W6w^y3)1L@svNhZ{|HssuSbsz8@)NXYA
z>R5%8F^=E=`Q_w~7$9J({Y41Bi&7I|kMXtG>o-n+Xbp_%zKMl-TC66IGA@>+PYK?@
z5RgxBS|YBj&lkplw~z_fPG;kPG5ZSAiXiH0s%@l#Rcu9Qo}*>WulDCYRlvP^DCMia
z-GYlIE^N#OA%=#WXj|<|&?70kaxaly6QD^2m1db%w#s3rKDX*_UcYPSr4~AiN{n?f
zgzNTJrjyMlY#@GF4_LB?A4eQSaV)xOl<J-1^KHzD`C|O;&Al>gDejE=oZC`TtYm?M
zi0JfFOj`&=Rai|<OMc2k2%dRej+o7feAGynqrI-$X0lY)+0r4OMH|cb-uPhv#DmLn
zK9YF94Q<_SZqk*O;|i~<dj%Tt*b=!STBMx0;N1IV(c~87A`r6Jz85*@?u_$?;9UzQ
zYSC}7VtY7DL8*16PYLovEq+fsd!j@H+)k%mLk7!UggA(C57RkY*=!KYbUl9tFkT<m
z+Zwxa5~xT=UJ&gs{=_xO%E`A&yWjH?$>C(*01qof^s@Wiw4`l40#cjwKl}|#@6Lz}
zYt_~f!s4F=Pmr&9#Luj_Y`CAKG@dd<3Z}KQd>mV<d2$JFN2lb#9Aa*}$~WoZWOb#Y
z_rOQU(<kE}<;XU)HQHm?DH&ma^>iVi8q*?2{iR(^j}Q7vQU$vWW!+PQOp&HTeq3@-
z6eRv+jHlhm;|GkuRuxlI7hAh=K8<B9X2yaRZC9OX*GpK=9>`$X5^Vl%1O}G#e!N<Q
z;1RAFe!!{E+In-7lqtpL_xyV|djZI&4}PzQ>p^$S&KE!kI+pIS?%UO5RLPrr{slL9
z5X;rTlYTb|<n-9pJMhYr@4fc7f%rypOa~%>*NKm&n23i>t&-oP2*m};rnP)dew^gr
zyR53Y?iJ)|#eM0w{z_h`>_oFp#)r+=luz-MQWm=;S63Rl%G2X0JbU8ag_IL>w8NvM
zhtm^NN+IF$epum+KZ5A$1Pb`#i|q~-?Kbi<oT+!#h`d?9!<%iLGAwI`(r@~$n-k)8
zo?3N!H$kx!VtlGq5-Mw|e^(EYEfH*ibDQ_e8<SuE@}5Z_^7x%;J`d+d=cFoU{|%7S
zIyNu{$r}pA7RrlPA@MAzSP~oz@B<<Xk)87Z{nr748We8)gC94tNaYTmwg_});;{zg
zHHzWcRcfY{A|#?o*~vK6KWI$B%Dct_=&m8Nw}F#Gt;avw`p1R$7l9w1TlR$}=g6i&
zCM(0q#HZ>*8Qyb~^C&A8;Ssn*w>1nws`FXcQBaYB$5#4(p_flxAr8hzyyXfi(6E9+
z=hQ2DHxZq=Pm)Y_Ew`9vP|>H4u%v@qz^rl58DN5<%~&3=Qa!E-BboX#65R6<gwY$a
zEu(JdAQ%Rpqspfa)6V)&#BjNhM_jYTJ#O*PVM{ag8r#}g*;2*bcje1255x>qR@6^m
zvY+;X)k|dYVbrU3E&3suF#);Y#WP+dPuR;2NA(6+)&1?_`kb4~llU96XSKGRswx=*
zARvtxpRwPbj9t%cJsoB1)K|?hXg@^aXtDMl#d!FNaAZ^V24I}grW+j$g6@}i;ak`d
zG!ugX4@m40>{p}iJ>=RtzF7p_T~W3puHcP_RMezO&l9NI$;{-um(zA9A1N^OJQ0@1
z5Ojy=*}wDxc2}+tZ?vEqWPWP1B6w+OJwTKj?O!U*plDjEq&$!qFZB;H>qgJV<5_Q5
ze!nGq+*6#$b_BF*I(sY^y82YMAcc--HG*VZ2WW+2Vr|F$*C(8}xLxcfIgl<CcBwF^
zw}3wQDl|8V$Mlz>JJh`y)(NP?>TGv^vPx5;z9(;p6C0zhc0Y_b2JWc5P8B2G&lCs=
zoHK1sq82sMGSKhvn>(MJTr7@*F!bua={4TXzn|pL>Y?Kv;hD2!Xz9)Epiz@?NbjIu
z^L)ArMRI2C;;>YHr<|w;#F{ET<_%Lfa-joOW?0)%A%3BM8Q(n(cv<(QY7?ya@^dsn
zY1O<O3AiD}uLyv7T5ZmjyGU%TqC$9*2hFhpj#!O|e+|}k-G8m&1l6tc+^OCSYH#hB
z|A`?AEM6`Cwc>-IdiWlHEXnu{^N<oI+h3M0c>YFX=A?9Sox8gUvrRPp#f-a@twBNP
zO&YS;r>JU^Z1wYM%j!h#-&%j9(_X}MsZ--}H~Mv0>H8fSxbdLzQwzPl7e6V<cq6_R
z(PuUKHDVi}6`Q{WGbgZbX%w}C-7cMfKXbSn-zA)_zcY~NmKajgbuB&{#V@>c${(h~
zyyd!^=rP<wzVlF$V)qBylMbLj+}d&~iiA)N#Z84xtfT418lvTuOto@HY>DOj04w~H
zFpok+d=pN<aY(Dmusj71W>I6g!vU;*X4ZVlB-4D_;c_+@iKLg^-8F>%aD`|<o<Q>c
zD7})SA#lfXitm%SvvlBxQn?^x$RJ;1PiF80SpsjOe7#inw_{}8q#fvY(6v;faZV{_
zpv##{8h@Jg03^1Cf+_6Q`gm&kMxQ8~nVQ-HtePJ&iTX<Vd5#lzsWOY0rorzL?2`S$
z@Jf8|)%aI}=H}azLf>aULMOvSDSYvE@@kbcHOkxqPsBbjj75{XsT}T{Y^8)!J#7&S
zKuGh9<a_D$GP9a`Sdjx5?c#ew;_5r9yU2?^`Wwc)^~_kaRC~Nw%J{`OP=b<v{-U#%
z#a3RJGfAR7_QA~H?g^}5k+`n9$k{8rGHmIz+dFbz!(XH!gyStgktMW|Xf|qYOGf3O
zby(+SET$P9|ALxbIoBV1ZeDyG$?VOd+UiQ(Eas=w{pUI2SOjAn&@pMBrC%qPVh(H3
z9fHKkT>jo43S+DH{9P_DRX@|%DI;&JTNWCM_ec<zM>_hxq+x%Y(yu~uBJNHUGA{#n
z8jKW0+3Bf*KhS8978Z;hZHf}{QXOYMp}pid4qOdA%X#HBi_z0TZGk7$d>?pNAB5C#
z^dS>zGigVf)}4Q!HDENDEx=na*Fd`{GU_-h)kdBi!z8`%-a8WnH?oVtw$Y3{|FMQP
z>;OV*O5@G@LYM*BT#IR2wyO-}u<aO~7#;JvpI)00EUZP)(loEu_Fzx-1);Z5w*GrW
zv<O$xh3<jZ#We0~SWDcKxpAOhSluXLj(zdVF7kIIu*Wqktnb$8W!bL5y122OBI$YK
zru!=armR&R$CVrI`p)pzLZu>Fcr6&_a+PIK@Bb9!RNkZpj73Eex{vY{X3SdwTRhIM
z`(No=7nYCtHegG2*@{GzvWUu==<#0qroO2#0Pja155Q~j1T5<1iqs9ikzPIv3YUGL
zIippqso!oeOIyN?_Da24vA#7&BT;K0EHRI1zMt8556b0t+OR{?LcwU|uGP%B8DpJL
zIstBpUdP`78)V+%Jwj8ktx#G$HPD5HY|^86(I?LOMs(*cznY0j_QEOpwcuJVkeSw*
z)798p)(3gnvt-nK^7z2asUJSSDb_V=>f{29t;U(Vq%)*QINTHL;4!~hhBeRwNv46M
zb_vS#Jvx;Z^zvOR(SwXyHm9hDg0->G101(-zQ8t9%U0`K-T0})ngLd%M{l_kOj@2|
z1iKL>C#6pEjhG{`CtL#)AV?^IZ$?sDX^)~WS9V+reX#vPrwkEe_3Y^~r^(UI^vkWN
z_IkpnuS7Q#O)hsT^<hs5CnC!P=cMHu)r=b`BnGHr!vb^2{`iO0>YL|KfKMyV1gkEI
zdBEcaJ>Ti-Dq<}CT0p%G3tKeD&!+(<qZ?Oq8kwC(IP0uqbtb!^zUFvFyqc~FK7Cv2
z0j9^xWpUDS2R6T)yJf)+t)=0$mD%{LSxSilkFaOo#Hzv{w6i9@XG3Z{Ed6ez0t0)(
z0_%Kiv>2{$i}U9lNMk?5lBzg5z{`Wp=49cv+elZPUBDl$53w*P1rh9m@;s$<8(+XL
zgq7$|TfmretI{?*6Ar(ELOK$qj{h83t!?I9O3yLdxVAXY{dc4L(`!jLF{TH;uTBp5
zbvcT9b{`7Cy%)RhcVXY!-~U+VFbk0RxaMt3=$1v3g?Cz^a}(iPUapW%qvxhF+a}Mi
zOJYiTl}%`WZ3L~v^gutQ5PWt2O7#`v7C3vbP7|{jm~e#UtOYo-^XFM%%=%ysNtMMs
zlW7fiN1&9BKOF~Ip5XPElTCjfCPsge^GQp$T-V{HD3IJz{^#VLwzX8N!}#h*nhx%H
zSy8&7*e7Yh!Q$ylTHn7$#WxF2eY_TB!uXyKeX*6Bl~_^0MDe@Pn*H^_9Ay!He)o{t
z4+E6Z+U>b`ueqwI+g1_by;47MIPgf@9m=C(x+Hh0@zft=RAM5>)vv?|+C&E1lS%H@
z1a|K4GW-<qNdgEfbM=~dXl0z?EEyrZ2^@(iP2t|gga@9sJk38&*1RKVv?Us<oKvbK
zGwEQe6%!9qU1inpS}Q~N#C`Q8q{ZS{(H?z+I(LP47YY#0WQ+ULajRFM5j4*xy<gpA
zYTD4dpzdt`FCpjnA1wXR^$+jG^Ulxe<pF)4_C9Kf2^{)@GcPS08a7aP^(_tfyfarD
z()xUN`_c<pts>8sDK4t}GG~vtcMjt|?-Pr^MW92!N9(fy7lh-&SGbJMp2r=~7J9bI
zg+Cq5G**DH;rnT{e3=K;81N%G=Ud9XbSaAGi=M`>4u0!7+bJ1L{|+#p?DNqL8%2oH
zmRpPCk6t-NLn-(W31*tP8ph3f#HDVyM{o3)!|Ipa=ayb{%ytGANRnD;S)4UQC=SpF
zrLOns<|!L^*s<$&k2<D&jKm|e_RrJOOeDi~rHTG3J+^<jq2GR!7?2zQp>5+n)%~vY
z?%MdRXfp**fpGGZJB;~`A>kO~JF@rL%#T?fLRIp@eeot_jVqh*@VUWv46{_~-uyKM
zE5y1nj_O;PbLJO19a@zKkZ@ju&oY!l_6nh1)*t7aFc6IE-+2{jj@c1Vv<OyChl%N_
z_vgFb$ei%vi^p0K3h${nZw+Tjiy}933D5&+--k&GmB4+#DJ4pB4jkX#1LA64!$N?J
zDgkD8kF3r{?1N&OttDpL0l4#S-in17IXskynIkM+U6?Appnb>4{Fu$3vk*IGZwsSj
zTRzzfEt14mMd{uK;6m>Vt+Px%0Nvj{r-n<!0lOTQ*=?DBvXuC=ZtD4koHiXTOoK9~
zZx$M?n-s67on98nkjBK#$>z!P`SAw$1V|;`=M{KHsvKJR^Enhg$=E~Quk*prlQP<|
zi+Gu~aBY+|0#DI2oXmieuG}T;cX008KwyjX3Ga9deId>XoY4MiRhS~$>Y2`RfVJ$d
zB<p*vK>TOugx9lVPEqPc>>mB>Gxr~!Hroz})PjP}-)qT5`<7-@79r@!sHXmsbb^_i
z>U6Hz7f_dKr7uL`iFJ&SF8gI;tdZ_F-WZWZ?MKR{@F8eb3~!Et0iWSPL@d(ca5kSu
z&0RNWOy7x*p=tEB6J5neq#ymL`bp9y<FS~(a|>PdgMc$sQ<s8y_grifQ#<V@6+xFq
z7m+Pf;onWI6P9=pN%jEwmyeP@06|~Uo$!;t()PRfAg!PLdwS!WY9jQ=wS&C;w=y!~
zg{4l0Mz7@Ud;Q+LpH)uwHV7J{omH8;_rzxL+e*Wrr=XwJNi!~kU^7~(cqk#s?n_HS
z3-6P^s)yeTv;!fg39)RkiS3jGy;ZDZdC8NDKO>Ta3KZE+W~xs&V&rc5pX7_q+d*N4
z4~x=yNp=-?m2}{KOEPu-(`e)e<kvM7-EV!)%hTU&K#v~TETKE^e5?BpupJHKravUX
zeyWY?-5MBaLv0PbJOj0<OdovhGTE0>LG;xGW{&(cu6QlLO_dtGQao%aCITa{_-)H^
zcLT^A$33Y}my9Jii(B(I<X4a;S<}NJImyF+a;jNdzr%B6^RCttZ>lTD;7KnzsSov-
zNl2{hn|C*M7-u4lF?Y<zZCigf=8`&E`{w6mNhkOE1--59Yl=dIMbUSK-}h%mBKcGZ
zf24J`HAw6|avO9P^b!QLq}Dz!CYw&17B_=#-){(6@0j_UX|^C+zizv3S=>Ey_6grS
z^>vsxL&Zc>`axx}T_=Q{cD;~UH?Cuz_^S57HIsb{9NC42AgYC!#ks<a^kBs)1cB5^
zu67ZcZ;#(a$1t9?ALnF%R;P0U_dLRuyX3yByqJFG3s%?7dSNjifH>e>cuT1O=O|aZ
zVDsi4C_KW2HhgnyHD7AX!{oH&wy;Kq_MqLkE>rXo;V@q{4M#l8CB_~@4$r@;?h#x@
z+(j>}GVPL_ST~e9mhK>2ZJyc}LjpB+d96`A4>|Eh^*0xsh_W&~PScJQZA^dkt&bT^
zrd76$bvWjvjrcfpqu{i;|Kv@@VXy^m&VBbI+~#xzThOiW0~x^0%tPXh9COjPWuE-}
z%DLp<$@p}m1i$$Sea`18JS=K#1Zkg0^CML{hZSK(*A`6VG9eDX6WDTsN>WBkP=`B%
zxbC%^c-&#iDfxB1)7X;eLVNhvdr?-efc(bdne%?aN)KX4$*eb=VL&E{l#rBi0+HN=
z(a7qFVfBK@AA&Yp+nGh}m!+Al^TR|E=nSrQe<R_zcHV`+&bC_TsFDPh_NkweJWb4e
zvdw(Bf-4)fGaRQ;5Jc}Ew*#GvXG;Y2o<N~jDEwFt(&#5$!DIM&Y03F8hv#PK+Njy%
zry<=J6JD0dG?gTkW|H<27?iTsy}N}ENBcKx8ja;L1TPXJCjm0ppf;GX3R1ix3jZ`T
z;RQaUsJu~+hA?q8*o<+I+$88tV;WVoNFu=~uqHC-IDBy7m1)z_!&kx1&J)>Z=vsxZ
zeX^`X(kg*x7t2Rj!Z8c2=TUOX#pVY5zeP$DjmTEOj)JdwywHP=pNeIvMdt!oS<G?t
zZ>Z3ve?cF1K_iGG*VNT^`_%mlvciU^6^n=2Y;IHB$2V0ro$B*94O4bWgDI}-fBQ*>
z#Gh6!aCj^YOi^Bx`(u}moHLIkb8no!Df|<Ju}QlsmJ|wI#=ZH}-Ju5!R9lQ>)cpDR
z!zl}8i?Q_~k*)<9S=jrgWw=D_RwSNoO-!qk_<oqbUJPN;l{TmFVLd43F48N@n*)%W
z{F$c*yn`AiBPt*jT4`J(W(YU_M>|PBO(1eNi)B%TK6G64bqeqAMgvMc?*ASc;MOWd
z%?<R9Kw`d+uF&h6N9)9lyY0@FWvieUx8t*8JEKqun;d6&xwPDy_TqgZG?Xqt#X*DD
zW5tLmsPNz|{wQ=-I{(D!T?0c%<2J4CS@BdKdA<7~f|-~)SQ+$2nYSm9=f-7u{k*f{
zaw!wnDg$=(#k|V$0@@{sS^cXy_Urg`gBU^fbGLbhVL7|XAw&znqT)Z}6=CW^T(I)@
ztQX(U^-toF=>)Zme-*=KLU%0AcM&vsvC_{44yfX1<j3c>pIx}({or>vj^}KKOuc6e
zs9a**IY`3f&9M484LqQ7MQaZG9O5sshDXaJ+a5k>Hr90N@#|Ul4mLbQ#*c0ND5@T3
zb?sL@xPucT(l@)Z8)+6l#0R|mNQyr(Iv|~e?MyxRWMp#4OIvL6WsYAEE&HQ#L4;*;
z+1w|jl=ce&POenw>-`h9?-%nn-I?+cSxGAl@siVF9>f)t3bI@f+`S0_i;zZ4NP`dR
z`p13w08Ozz6V;}*l}<Hn)z?8wCqGTvwK<Uc%)A~N%<5_{1Oe_MIF)$W%2YPid(~mn
zj_vA&u5W^FFW=yN`x@-atm>gsT#JS32pYHa2q(Ur5%k!_IqGi9ubJ>~uR`gkbygDj
zhh_Svx4p*5X7-Yp>w6`;{p`0HrqRIDKX2(!+T2|hH#=p)B_g)J$OmwiC-{YxT~a5c
z2+s3Q%|K<847C!&^Bid5NSBhX?M5*aZNh1yP=4$4Pe!DnFKPF(!Ue<4pe%mDolSVG
z@G%lMNriW;Py<2RZ&YAXy}@L<3d<Rk??1(Js@kd8EZ08t&w%A0I@14`6iHRZHYh;b
zGM~yM2qU&@R<@L5Uu3gs(+rvyRbnl-e33x=g|vR6(Ym(`(#8BG&7J<;XNi}tJ}@v3
z9RKRs^rlle6uA4mtZ%61`X(0_(kV(}%&Ypq5!i))W-yVqXu9GrB28VWt~iZHJ5=%o
zaG@y*b*JzvYS@`7=+OU>y*Z7qmqGBxl*D(3y)0Yzp<IprM>B#l@$9pgsi2dRqJm0b
z=Gh(SI_|{}G?~dyB`bmn?$}V%9r<kW2!>p_dL@ls=e8hB>GN-VWDWN%KH0Ij{Y1~~
zZ0=Z4jDDq~&~-R^0<vJgy)7HGlmYBImKhCsE>=qIn6k-1c=aCd{aOiv(#cmR<I}kW
zB4<g4L>VJTvJhU6SN%kCWNIAL<=XE8n{UjAVVX4~emxQdLoYL=hlkJy->7yO38>lK
z^*Hy!ErT9j;NXGWd|$tjZ1S1(O?O9{bez6WRq#`c$F3A6gNEGR&0XIJsQ`&dtU8|g
zbK{&+q2HLn$j<1*Zv+zTmD67-2!}kgKr3CqL)BZ!vTG{QDwAL2Qz;K-gbDuJBFVWd
zF5;!)Q6YoUFocpw-`*azT;8Au%Ti8WTza^X_e`f+kw_Hz6vwP&B5qdNx<%i)eE?`&
z7?6RGzXpOgtV92|H^Q(?ihBdC&yGC?@l8U89HRl?2X}eJvO61On`of{o{!Q$q^yP*
zk}vTJ*@|L#@sw1fEh2Gy7f9ag-WDp>FuR3$ODV436Y1ur<DsSIx|tQ1|LttNdB)WX
zWeu(2!_!k+ir&)($}h+S2Ai~*_wRA;>oi`Am0T5UBaq@ADkg1+@{!CFf8w(<zvd|D
zm_Uu$Ac$Z4enCb@^{mvOEFPb$c?hXG=*jHtxC|4AvXmnUN@B?obw(IZWEZbay~x!B
z$6yT?_qp57Js{V)rXhL#EE4-yHa9N(ZE38?VLCxyRl>tLj(R3>?RrVh%OMgCy@FAj
z|F|yT74*1OCg@V?CVlF^{fL~`k2y0t<;_dZCZa;O6E>%ba`<l;5<I&B#!(?2+x_Ex
zYQYCM>T|`aTh+9uZt=^JCsVa)eh`=SEL<1KnMa;`XjRT>v6hphBzv`2>b;i_;U7M6
zlB|F;1k6MK$>*Nh+>6eQ0OQy@uZtMI{=xA>?zWW`>T`uE$%HZ)0`kMsL-4cuv`%hB
zmR%xoU#_sh$Gt0=pN*jN-+zRx6Rp;<<BeS_Y4?>o?zx}<AquQOA-UZD$q4^TGG4g@
Z7R<@!fAG|={%1u4)ReWA$`laj{{=}0G0Xq}

literal 0
HcmV?d00001

diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/Contents.json b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/Contents.json
new file mode 100644
index 0000000..5420ff7
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Assets.xcassets/AppIcon.appiconset/Contents.json
@@ -0,0 +1,116 @@
+{
+  "images" : [
+    {
+      "filename" : "AppIcon-20.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "AppIcon-40.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "AppIcon-40.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "AppIcon-60.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "AppIcon-29.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "AppIcon-58.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "AppIcon-58.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "AppIcon-87.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "AppIcon-40.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "AppIcon-80.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "AppIcon-80.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "AppIcon-120.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "AppIcon-120.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "60x60"
+    },
+    {
+      "filename" : "AppIcon-180.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "60x60"
+    },
+    {
+      "filename" : "AppIcon-76.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "76x76"
+    },
+    {
+      "filename" : "AppIcon-152.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "76x76"
+    },
+    {
+      "filename" : "AppIcon-167.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "83.5x83.5"
+    },
+    {
+      "filename" : "AppIcon-1024.png",
+      "idiom" : "ios-marketing",
+      "scale" : "1x",
+      "size" : "1024x1024"
+    }
+  ],
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}
diff --git a/apps/ios/DevOpsDefender/Assets.xcassets/Contents.json b/apps/ios/DevOpsDefender/Assets.xcassets/Contents.json
new file mode 100644
index 0000000..73c0059
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Assets.xcassets/Contents.json
@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}
diff --git a/apps/ios/DevOpsDefender/Info.plist b/apps/ios/DevOpsDefender/Info.plist
index 7312964..fa2476d 100644
--- a/apps/ios/DevOpsDefender/Info.plist
+++ b/apps/ios/DevOpsDefender/Info.plist
@@ -16,7 +16,7 @@
   <key>CFBundlePackageType</key>
   <string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
   <key>CFBundleShortVersionString</key>
-  <string>0.1</string>
+  <string>$(MARKETING_VERSION)</string>
   <key>CFBundleURLTypes</key>
   <array>
     <dict>
@@ -29,7 +29,7 @@
     </dict>
   </array>
   <key>CFBundleVersion</key>
-  <string>1</string>
+  <string>$(CURRENT_PROJECT_VERSION)</string>
   <key>LSRequiresIPhoneOS</key>
   <true/>
   <key>UIApplicationSceneManifest</key>
diff --git a/apps/ios/README.md b/apps/ios/README.md
index 7950b91..4cac50d 100644
--- a/apps/ios/README.md
+++ b/apps/ios/README.md
@@ -78,3 +78,22 @@ The Xcode project is generated from `project.yml`. Keep
 `SUPPORTS_MAC_DESIGNED_FOR_IPHONE_IPAD = YES` and
 `SUPPORTS_MACCATALYST = NO`; this target is iOS compatibility mode, not
 Catalyst.
+
+## CI And TestFlight
+
+Pull requests run `.github/workflows/ios.yml`, which generates the project and
+builds the iOS simulator app without code signing.
+
+TestFlight uploads are manual from `.github/workflows/testflight.yml`. Configure
+the `testflight` GitHub environment with:
+
+```bash
+gh secret set APPLE_TEAM_ID --env testflight
+gh secret set APP_STORE_CONNECT_API_KEY_ID --env testflight
+gh secret set APP_STORE_CONNECT_API_ISSUER_ID --env testflight
+gh secret set APP_STORE_CONNECT_API_PRIVATE_KEY --env testflight < AuthKey_XXXX.p8
+```
+
+Then run the `TestFlight` workflow and set the App Store Connect bundle id. The
+workflow uses the GitHub run number as `CFBundleVersion` and uploads as an
+internal-only TestFlight build by default.
diff --git a/apps/ios/Scripts/archive-testflight.sh b/apps/ios/Scripts/archive-testflight.sh
new file mode 100755
index 0000000..4ef6c28
--- /dev/null
+++ b/apps/ios/Scripts/archive-testflight.sh
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+cd "$(dirname "$0")/.."
+
+PROJECT="DevOpsDefender.xcodeproj"
+SCHEME="DevOpsDefender"
+CONFIGURATION="${CONFIGURATION:-Release}"
+DEVELOPMENT_TEAM="${DD_DEVELOPMENT_TEAM:-}"
+BUNDLE_ID="${DD_BUNDLE_ID:-}"
+MARKETING_VERSION="${DD_MARKETING_VERSION:-0.1}"
+BUILD_NUMBER="${DD_BUILD_NUMBER:-1}"
+BUILD_DIR="${DD_IOS_BUILD_DIR:-$PWD/build}"
+ARCHIVE_PATH="${DD_ARCHIVE_PATH:-$BUILD_DIR/DevOpsDefender.xcarchive}"
+EXPORT_PATH="${DD_EXPORT_PATH:-$BUILD_DIR/TestFlight}"
+ASC_KEY_PATH="${APP_STORE_CONNECT_API_KEY_PATH:-${DD_APP_STORE_CONNECT_API_KEY_PATH:-}}"
+ASC_KEY_ID="${APP_STORE_CONNECT_API_KEY_ID:-${DD_APP_STORE_CONNECT_API_KEY_ID:-}}"
+ASC_ISSUER_ID="${APP_STORE_CONNECT_API_ISSUER_ID:-${DD_APP_STORE_CONNECT_API_ISSUER_ID:-}}"
+INTERNAL_ONLY="${DD_TESTFLIGHT_INTERNAL_ONLY:-true}"
+
+require_env() {
+  if [ -z "${!1:-}" ]; then
+    echo "error: $1 is required" >&2
+    exit 1
+  fi
+}
+
+require_command() {
+  if ! command -v "$1" >/dev/null 2>&1; then
+    echo "error: $1 not found" >&2
+    exit 1
+  fi
+}
+
+require_env DEVELOPMENT_TEAM
+require_env BUNDLE_ID
+require_command xcodebuild
+require_command xcodegen
+
+AUTH_ARGS=()
+if [ -n "$ASC_KEY_PATH$ASC_KEY_ID$ASC_ISSUER_ID" ]; then
+  require_env ASC_KEY_PATH
+  require_env ASC_KEY_ID
+  require_env ASC_ISSUER_ID
+  AUTH_ARGS=(
+    -authenticationKeyPath "$ASC_KEY_PATH"
+    -authenticationKeyID "$ASC_KEY_ID"
+    -authenticationKeyIssuerID "$ASC_ISSUER_ID"
+  )
+fi
+
+if [ "$INTERNAL_ONLY" = "true" ] || [ "$INTERNAL_ONLY" = "YES" ] || [ "$INTERNAL_ONLY" = "1" ]; then
+  INTERNAL_ONLY_PLIST=true
+else
+  INTERNAL_ONLY_PLIST=false
+fi
+
+xcodegen generate
+
+mkdir -p Config "$BUILD_DIR" "$EXPORT_PATH"
+cat > Config/Signing.local.xcconfig <<EOF
+DEVELOPMENT_TEAM = $DEVELOPMENT_TEAM
+DD_PRODUCT_BUNDLE_IDENTIFIER = $BUNDLE_ID
+DD_MARKETING_VERSION = $MARKETING_VERSION
+DD_BUILD_NUMBER = $BUILD_NUMBER
+EOF
+
+xcodebuild \
+  -allowProvisioningUpdates \
+  "${AUTH_ARGS[@]}" \
+  -project "$PROJECT" \
+  -scheme "$SCHEME" \
+  -configuration "$CONFIGURATION" \
+  -destination "generic/platform=iOS" \
+  -archivePath "$ARCHIVE_PATH" \
+  DEVELOPMENT_TEAM="$DEVELOPMENT_TEAM" \
+  DD_PRODUCT_BUNDLE_IDENTIFIER="$BUNDLE_ID" \
+  DD_MARKETING_VERSION="$MARKETING_VERSION" \
+  DD_BUILD_NUMBER="$BUILD_NUMBER" \
+  archive
+
+EXPORT_OPTIONS="$BUILD_DIR/ExportOptions.TestFlight.plist"
+cat > "$EXPORT_OPTIONS" <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
+  "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>destination</key>
+  <string>upload</string>
+  <key>method</key>
+  <string>app-store-connect</string>
+  <key>teamID</key>
+  <string>$DEVELOPMENT_TEAM</string>
+  <key>signingStyle</key>
+  <string>automatic</string>
+  <key>manageAppVersionAndBuildNumber</key>
+  <false/>
+  <key>testFlightInternalTestingOnly</key>
+  <$INTERNAL_ONLY_PLIST/>
+  <key>uploadSymbols</key>
+  <true/>
+</dict>
+</plist>
+EOF
+
+xcodebuild \
+  -allowProvisioningUpdates \
+  "${AUTH_ARGS[@]}" \
+  -exportArchive \
+  -archivePath "$ARCHIVE_PATH" \
+  -exportPath "$EXPORT_PATH" \
+  -exportOptionsPlist "$EXPORT_OPTIONS"
diff --git a/apps/ios/project.yml b/apps/ios/project.yml
index 2d9cf9c..381085e 100644
--- a/apps/ios/project.yml
+++ b/apps/ios/project.yml
@@ -20,10 +20,14 @@ targets:
       base:
         PRODUCT_BUNDLE_IDENTIFIER: "$(DD_PRODUCT_BUNDLE_IDENTIFIER)"
         PRODUCT_NAME: DevOpsDefender
+        MARKETING_VERSION: "$(DD_MARKETING_VERSION)"
+        CURRENT_PROJECT_VERSION: "$(DD_BUILD_NUMBER)"
+        VERSIONING_SYSTEM: apple-generic
         TARGETED_DEVICE_FAMILY: "1,2"
         SUPPORTS_MAC_DESIGNED_FOR_IPHONE_IPAD: YES
         SUPPORTS_MACCATALYST: NO
         INFOPLIST_FILE: DevOpsDefender/Info.plist
+        ASSETCATALOG_COMPILER_APPICON_NAME: AppIcon
         ENABLE_USER_SCRIPT_SANDBOXING: NO
         SWIFT_OBJC_BRIDGING_HEADER: DevOpsDefender/DDClientFFI.h
         LIBRARY_SEARCH_PATHS:

From a805c6284077e57f1bb1f6b43fd3ce66456bf76b Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Sun, 10 May 2026 16:43:26 -0400
Subject: [PATCH 14/18] Keep attached sessions alive while idle

---
 crates/dd-client-core/src/lib.rs | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/crates/dd-client-core/src/lib.rs b/crates/dd-client-core/src/lib.rs
index c1efa13..07df743 100644
--- a/crates/dd-client-core/src/lib.rs
+++ b/crates/dd-client-core/src/lib.rs
@@ -1,6 +1,7 @@
 mod ita;
 
 use std::path::{Path, PathBuf};
+use std::time::Duration;
 
 use anyhow::{anyhow, Context};
 use base64::Engine as _;
@@ -19,6 +20,7 @@ use x25519_dalek::{PublicKey, StaticSecret};
 const NOISE_PATTERN: &str = "Noise_IK_25519_ChaChaPoly_BLAKE2s";
 const MAX_NOISE_MSG: usize = 65535;
 const ATTACH_CHUNK: usize = 4096;
+const ATTACH_KEEPALIVE_INTERVAL: Duration = Duration::from_secs(25);
 const CTRL_D: u8 = 0x04;
 const CTRL_RIGHT_BRACKET: u8 = 0x1d;
 
@@ -207,9 +209,13 @@ pub async fn attach_session(
     let mut stdin = tokio::io::stdin();
     let mut stdout = tokio::io::stdout();
     let mut in_buf = [0u8; ATTACH_CHUNK];
+    let mut keepalive = attach_keepalive();
 
     loop {
         tokio::select! {
+            _ = keepalive.tick() => {
+                conn.sink.send(WsMessage::Ping(Vec::new().into())).await?;
+            }
             n = stdin.read(&mut in_buf) => {
                 let n = n?;
                 if n == 0 {
@@ -264,9 +270,13 @@ where
         anyhow::bail!("attach failed: {}", serde_json::to_string(&ack)?);
     }
     on_open()?;
+    let mut keepalive = attach_keepalive();
 
     loop {
         tokio::select! {
+            _ = keepalive.tick() => {
+                conn.sink.send(WsMessage::Ping(Vec::new().into())).await?;
+            }
             changed = shutdown.changed() => {
                 if changed.is_err() || *shutdown.borrow() {
                     break;
@@ -286,6 +296,15 @@ where
     Ok(())
 }
 
+fn attach_keepalive() -> tokio::time::Interval {
+    let mut interval = tokio::time::interval_at(
+        tokio::time::Instant::now() + ATTACH_KEEPALIVE_INTERVAL,
+        ATTACH_KEEPALIVE_INTERVAL,
+    );
+    interval.set_missed_tick_behavior(tokio::time::MissedTickBehavior::Delay);
+    interval
+}
+
 #[derive(Debug, Eq, PartialEq)]
 enum AttachInputAction {
     Forward,

From f3418765fd3e7a045ba86c18011be137a18759eb Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Mon, 11 May 2026 10:01:03 -0400
Subject: [PATCH 15/18] Make iOS an interactive Claude Code client
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reverses the passive-viewer invariant from this PR's initial scope so
mobile can drive a live Claude Code session, per issue #2. Bytes flow
both directions over the same Noise channel, and the UI adapts to what
the agent is doing.

Rust + FFI
- attach_session_stream now takes an Option<mpsc::UnboundedReceiver<Vec<u8>>>
  for input; the select loop writes incoming bytes via send_encrypted on
  the existing transport.
- dd_client_attach_stream_send(handle, bytes, len) FFI exposes the input
  channel; stream registry holds the sender alongside the shutdown watch.
- Header updates: <stdbool.h>, <stddef.h>, the new send signature.

iOS terminal pipeline
- TerminalScreenRenderer stores StyledCell instead of UnicodeScalar.
  Full SGR parser: bold/dim/italic/underline/inverse, 30-37/90-97 fg,
  40-47/100-107 bg, 38;5;n / 48;5;n indexed-256, 38;2;r;g;b / 48;2;r;g;b
  truecolor, 39/49 default. Resolved against a SwiftUI Color palette.
- Dual buffer: main scrollback + alternate screen (CSI ?1049h/l, ?47,
  ?1047). The alt buffer is discarded on exit; rendered output never
  exposes it, so TUI redraws no longer pollute the iOS transcript.
- ESC 7 / ESC 8 / CSI s / CSI u cursor save+restore. CSI L / CSI M
  insert/delete lines. CSI ?1048h/l mapped to save/restore.
- renderedAttributedString runs through main only and accepts a
  lastRows cap so per-frame work is bounded.

Detection + keyboard surface
- OSCSniffer extracts OSC and bare-BEL payloads from the raw byte
  stream before the renderer strips them. Handles 7-bit and 8-bit
  variants plus split-across-chunk parsing.
- TitleClassifier turns OSC 0 titles into typed events (.generating,
  .working, .ready, .unknown), strips decorative leading glyphs from
  the dingbat / geometric / misc-symbols blocks, and processes events
  incrementally via byteOffset so replay + idle ticks don't double-count.
- AppDetector picks Claude Code / Codex / OpenClaw / raw shell from
  transcript markers; EffectiveAppResolver fuses that with OSC title
  evidence so a quiet transcript can still classify as Claude Code.
- KeyboardModeResolver collapses everything to one mode:
  .disconnected | .generating(label) | .choose(options) | .confirm
  | .idle(latest) | .rawShell. Title freshness beats transcript
  heuristics for distinguishing generating vs idle; explicit
  awaitingChoice / awaitingYesNo menus still win.

Keyboard UI
- Replaces the single action-row with mode-driven panels:
  .generating shows a single full-width Interrupt button; .choose
  mirrors Claude's numbered list as full-width tappable rows;
  .confirm shows Claude's actual 3-row menu (Yes / Yes-don't-ask /
  No-tell-me-different); .idle shows an integrated composer.
- Menu rail under the contextual panel: Commands (searchable slash
  catalog), History (sent-input recall), Mode (Normal/Plan/Auto with
  Shift+Tab cycler), Keys (Tab, Shift+Tab, Esc Esc, Ctrl-R, Ctrl-L,
  Ctrl-C, Ctrl-D, arrows, Backspace, Newline). Persistent nav strip
  (↑ ↓ ⏎ Esc · ⌃C) below.
- SpecialKey covers Claude Code chords: newline (0x0A), shiftTab
  (ESC [ Z), escEsc, ctrlR, ctrlL.
- Transcript pane runs on a terminal-dark background so the ANSI
  palette has the contrast it was designed for; the rest of the
  chrome stays cream.

Reliability
- apply() feeds bytes into renderer + OSC sniffer immediately but
  schedules UI state updates at most every 80ms; every @Published
  assignment is gated by an equality check so identical menu options
  don't force SwiftUI to rebuild every row.
- 1s idle tick keeps refreshKeyboardMode() running while the PTY is
  silent so the UI can transition out of .generating without new
  bytes arriving.
- Auto-reconnect with 1/2/4/8/16/30s exponential backoff on stream
  close/error; manual "Reconnect" button surfaced when disconnected.
- Events debug sheet exposes captured OSC 0 titles + raw OSC/BEL
  payloads so the schema can be iterated against live agents.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 apps/ios/DevOpsDefender/AppDetector.swift     |  228 ++++
 apps/ios/DevOpsDefender/ContentView.swift     | 1121 ++++++++++++++++-
 apps/ios/DevOpsDefender/DDClientBridge.swift  |  702 +++++++++--
 apps/ios/DevOpsDefender/DDClientFFI.h         |    3 +
 apps/ios/DevOpsDefender/KeyboardMode.swift    |  105 ++
 apps/ios/DevOpsDefender/Menus.swift           |   74 ++
 apps/ios/DevOpsDefender/OSCSniffer.swift      |  134 ++
 apps/ios/DevOpsDefender/TerminalStyle.swift   |  102 ++
 apps/ios/DevOpsDefender/TitleClassifier.swift |  144 +++
 crates/dd-client-core/src/lib.rs              |   18 +-
 crates/dd-client-ffi/src/lib.rs               |   37 +-
 11 files changed, 2554 insertions(+), 114 deletions(-)
 create mode 100644 apps/ios/DevOpsDefender/AppDetector.swift
 create mode 100644 apps/ios/DevOpsDefender/KeyboardMode.swift
 create mode 100644 apps/ios/DevOpsDefender/Menus.swift
 create mode 100644 apps/ios/DevOpsDefender/OSCSniffer.swift
 create mode 100644 apps/ios/DevOpsDefender/TerminalStyle.swift
 create mode 100644 apps/ios/DevOpsDefender/TitleClassifier.swift

diff --git a/apps/ios/DevOpsDefender/AppDetector.swift b/apps/ios/DevOpsDefender/AppDetector.swift
new file mode 100644
index 0000000..35b3605
--- /dev/null
+++ b/apps/ios/DevOpsDefender/AppDetector.swift
@@ -0,0 +1,228 @@
+import Foundation
+
+enum DetectedApp: Equatable {
+    case claudeCode
+    case codex
+    case openClaw
+    case rawShell
+
+    var displayName: String {
+        switch self {
+        case .claudeCode: return "Claude Code"
+        case .codex: return "Codex"
+        case .openClaw: return "OpenClaw"
+        case .rawShell: return "Shell"
+        }
+    }
+
+    var isFancy: Bool {
+        switch self {
+        case .claudeCode, .codex, .openClaw: return true
+        case .rawShell: return false
+        }
+    }
+}
+
+enum DetectedActivity: Equatable {
+    case idle
+    case running
+    case awaitingYesNo
+    case awaitingChoice(options: [String])
+    case awaitingInput
+
+    var summary: String {
+        switch self {
+        case .idle: return "Idle"
+        case .running: return "Running"
+        case .awaitingYesNo: return "Needs y/n"
+        case .awaitingChoice(let options):
+            return "Needs choice (\(options.count))"
+        case .awaitingInput: return "Awaiting input"
+        }
+    }
+
+    var needsAttention: Bool {
+        switch self {
+        case .idle, .running: return false
+        case .awaitingYesNo, .awaitingChoice, .awaitingInput: return true
+        }
+    }
+}
+
+struct DetectionResult: Equatable {
+    var app: DetectedApp
+    var activity: DetectedActivity
+
+    static let empty = DetectionResult(app: .rawShell, activity: .idle)
+}
+
+enum AppDetector {
+    /// Inspect the rendered transcript and infer which agent is running plus
+    /// what (if anything) it is currently waiting on.
+    static func detect(transcript: String) -> DetectionResult {
+        let lines = transcript
+            .components(separatedBy: CharacterSet.newlines)
+            .map { line -> String in
+                line.trimmingCharacters(in: .whitespaces)
+            }
+        let nonEmpty = lines.filter { !$0.isEmpty }
+        let tail = Array(nonEmpty.suffix(60))
+        let haystack = tail.joined(separator: "\n").lowercased()
+
+        let app: DetectedApp
+        if haystack.contains("claude code") || haystack.contains("anthropic") || haystack.contains("bypassing permissions") {
+            app = .claudeCode
+        } else if haystack.contains("openclaw") {
+            app = .openClaw
+        } else if haystack.contains("codex") || haystack.contains("openai codex") {
+            app = .codex
+        } else if looksLikeFancyTui(tail: tail) {
+            app = .claudeCode
+        } else {
+            app = .rawShell
+        }
+
+        let activity = detectActivity(tail: tail, app: app)
+        return DetectionResult(app: app, activity: activity)
+    }
+
+    private static func looksLikeFancyTui(tail: [String]) -> Bool {
+        let arrowMarkers = tail.filter { line in
+            line.contains("❯") || line.contains("▌") || line.contains("▎")
+        }
+        return arrowMarkers.count >= 1
+    }
+
+    private static func detectActivity(tail: [String], app: DetectedApp) -> DetectedActivity {
+        guard !tail.isEmpty else { return .idle }
+        let recent = Array(tail.suffix(30))
+
+        if let options = numberedOptions(in: tail), options.count >= 2 {
+            return .awaitingChoice(options: options)
+        }
+
+        let recentJoined = recent.joined(separator: "\n").lowercased()
+        if recentJoined.contains("(y/n)")
+            || recentJoined.contains("[y/n]")
+            || recentJoined.contains("yes/no")
+            || recentJoined.contains("proceed?") {
+            return .awaitingYesNo
+        }
+
+        if let last = recent.last, endsWithPromptGlyph(last) {
+            return app.isFancy ? .awaitingInput : .idle
+        }
+        if app.isFancy && looksLikeFancyPrompt(in: recent) {
+            return .awaitingInput
+        }
+        if let last = recent.last, endsWithShellPrompt(last) {
+            return .idle
+        }
+        if recentJoined.contains("press enter") || recentJoined.contains("continue?") {
+            return .awaitingInput
+        }
+        return .running
+    }
+
+    private static func looksLikeFancyPrompt(in lines: [String]) -> Bool {
+        let tail = lines.suffix(8)
+        let joined = tail.joined(separator: "\n").lowercased()
+        if joined.contains("? for shortcuts") || joined.contains("for shortcuts") {
+            return true
+        }
+        return tail.contains { line in
+            let stripped = line.trimmingCharacters(in: .whitespaces)
+            return stripped == ">" || stripped == "❯" || stripped == "│ >" || stripped == "│ ❯"
+        }
+    }
+
+    private static func numberedOptions(in lines: [String]) -> [String]? {
+        var bestRun: [(Int, String)] = []
+        var current: [(Int, String)] = []
+        for line in lines.suffix(60) {
+            guard let match = numberedOptionMatch(line) else {
+                if current.count > bestRun.count { bestRun = current }
+                current.removeAll()
+                continue
+            }
+            if let last = current.last, match.0 != last.0 + 1 {
+                if current.count > bestRun.count { bestRun = current }
+                current.removeAll()
+            }
+            current.append(match)
+        }
+        if current.count > bestRun.count { bestRun = current }
+        guard bestRun.count >= 2, bestRun.first?.0 == 1 else { return nil }
+        return bestRun.map { $0.1 }
+    }
+
+    /// Match lines like "1. label", "─2.─Run …", "  3) label", "▎ 4: label".
+    /// Tolerates leading whitespace, box-drawing glyphs, bullets, and the
+    /// "─" runs Claude Code uses for option separators.
+    private static func numberedOptionMatch(_ line: String) -> (Int, String)? {
+        let scalars = Array(line.unicodeScalars)
+        var i = 0
+        while i < scalars.count, !CharacterSet.decimalDigits.contains(scalars[i]) {
+            let value = scalars[i].value
+            // Only skip benign prefix glyphs; bail on letters so "abc 1." is rejected.
+            let isWhitespace = (value == 0x20 || value == 0x09)
+            let isBoxOrSeparator = (value >= 0x2500 && value <= 0x257F)
+                || value == 0x2022 // •
+                || value == 0x00B7 // ·
+                || value == 0x002A // *
+                || value == 0x003E // >
+                || value == 0x276F // ❯
+                || value == 0x258E // ▎
+                || value == 0x258C // ▌
+                || value == 0x002D // -
+                || value == 0x2013 // –
+                || value == 0x2014 // —
+            guard isWhitespace || isBoxOrSeparator else { return nil }
+            i += 1
+        }
+        guard i < scalars.count else { return nil }
+
+        var digits = ""
+        while i < scalars.count, CharacterSet.decimalDigits.contains(scalars[i]) {
+            digits.unicodeScalars.append(scalars[i])
+            i += 1
+        }
+        guard let value = Int(digits), value >= 1, value <= 9 else { return nil }
+
+        guard i < scalars.count else { return nil }
+        let punct = scalars[i].value
+        guard punct == 0x2E || punct == 0x29 || punct == 0x3A else { return nil } // . ) :
+        i += 1
+
+        // After the punctuation we expect a separator before the label content.
+        // Tolerate runs of whitespace and box-drawing dashes.
+        while i < scalars.count {
+            let v = scalars[i].value
+            let isSep = (v == 0x20 || v == 0x09)
+                || (v >= 0x2500 && v <= 0x257F)
+                || v == 0x002D || v == 0x2013 || v == 0x2014
+            if !isSep { break }
+            i += 1
+        }
+
+        var rest = ""
+        while i < scalars.count {
+            rest.unicodeScalars.append(scalars[i])
+            i += 1
+        }
+        let label = rest.trimmingCharacters(in: .whitespaces)
+        guard !label.isEmpty else { return nil }
+        return (value, label)
+    }
+
+    private static func endsWithPromptGlyph(_ line: String) -> Bool {
+        let stripped = line.trimmingCharacters(in: .whitespaces)
+        return stripped.hasSuffix("❯") || stripped.hasSuffix("▌") || stripped.hasSuffix("▎")
+            || stripped.contains("│ >") || stripped.contains("│ ❯")
+    }
+
+    private static func endsWithShellPrompt(_ line: String) -> Bool {
+        let stripped = line.trimmingCharacters(in: .whitespaces)
+        return stripped.hasSuffix("$") || stripped.hasSuffix("#") || stripped.hasSuffix("%") || stripped.hasSuffix(">")
+    }
+}
diff --git a/apps/ios/DevOpsDefender/ContentView.swift b/apps/ios/DevOpsDefender/ContentView.swift
index 83371a9..5c0e7b5 100644
--- a/apps/ios/DevOpsDefender/ContentView.swift
+++ b/apps/ios/DevOpsDefender/ContentView.swift
@@ -1,67 +1,1128 @@
 import SwiftUI
 
+enum ActiveSheet: Identifiable {
+    case events
+    case commands
+    case history
+    case mode
+    case keys
+
+    var id: String {
+        switch self {
+        case .events: return "events"
+        case .commands: return "commands"
+        case .history: return "history"
+        case .mode: return "mode"
+        case .keys: return "keys"
+        }
+    }
+}
+
 struct ContentView: View {
     @StateObject private var viewModel = ClientViewModel()
+    @State private var activeSheet: ActiveSheet?
 
     var body: some View {
-        ZStack(alignment: .topLeading) {
+        ZStack(alignment: .top) {
             Palette.background.ignoresSafeArea()
 
-            ScrollView([.horizontal, .vertical]) {
-                Text(transcriptText)
-                    .font(.system(size: 15, design: .monospaced))
+            VStack(spacing: 0) {
+                statusBar
+                transcriptArea
+                KeyboardSurface(viewModel: viewModel, activeSheet: $activeSheet)
+            }
+        }
+        .sheet(item: $activeSheet) { sheet in
+            switch sheet {
+            case .events:
+                EventsSheet(viewModel: viewModel, onDismiss: { activeSheet = nil })
+            case .commands:
+                CommandsSheet(viewModel: viewModel, onDismiss: { activeSheet = nil })
+            case .history:
+                HistorySheet(viewModel: viewModel, onDismiss: { activeSheet = nil })
+            case .mode:
+                ModeSheet(viewModel: viewModel, onDismiss: { activeSheet = nil })
+            case .keys:
+                KeysSheet(viewModel: viewModel, onDismiss: { activeSheet = nil })
+            }
+        }
+        .onOpenURL { url in
+            viewModel.openMobileLink(url)
+        }
+        .onChange(of: viewModel.debugAutoOpenEvents) { _, newValue in
+            if newValue {
+                activeSheet = .events
+            }
+        }
+        .onChange(of: viewModel.debugAutoOpenSheet) { _, sheet in
+            switch sheet {
+            case "commands": activeSheet = .commands
+            case "history": activeSheet = .history
+            case "mode": activeSheet = .mode
+            case "keys": activeSheet = .keys
+            case "events": activeSheet = .events
+            default: break
+            }
+        }
+    }
+
+    // MARK: - Status bar
+
+    private var statusBar: some View {
+        VStack(spacing: 4) {
+            HStack(spacing: 10) {
+                Circle()
+                    .fill(statusDotColor)
+                    .frame(width: 8, height: 8)
+
+                Text(primaryLabel)
+                    .font(.callout.weight(.semibold))
                     .foregroundStyle(Palette.text)
+                    .lineLimit(1)
+                    .truncationMode(.tail)
+
+                Spacer(minLength: 8)
+
+                Button {
+                    activeSheet = .events
+                } label: {
+                    HStack(spacing: 4) {
+                        Image(systemName: "bell.badge")
+                            .font(.caption2)
+                        Text("\(viewModel.oscEvents.count)")
+                            .font(.caption.monospacedDigit())
+                    }
+                    .padding(.horizontal, 8)
+                    .padding(.vertical, 3)
+                    .background(Capsule().fill(Palette.muted.opacity(0.18)))
+                }
+                .buttonStyle(.plain)
+                .foregroundStyle(Palette.text)
+                .accessibilityLabel("Events")
+
+                if viewModel.hasLinkedSession {
+                    Text(shortSessionLabel)
+                        .font(.caption.monospaced())
+                        .foregroundStyle(Palette.muted)
+                }
+            }
+
+            HStack(spacing: 6) {
+                Text(secondaryLabel)
+                    .font(.caption2.monospaced())
+                    .foregroundStyle(secondaryLabelColor)
+                    .lineLimit(1)
+                    .truncationMode(.tail)
+                    .frame(maxWidth: .infinity, alignment: .leading)
+
+                if let error = viewModel.lastSendError {
+                    Text(error)
+                        .font(.caption2)
+                        .foregroundStyle(Palette.error)
+                }
+            }
+        }
+        .padding(.horizontal, 14)
+        .padding(.vertical, 10)
+        .background(Palette.surface)
+        .overlay(Rectangle().frame(height: 0.5).foregroundStyle(Palette.divider), alignment: .bottom)
+    }
+
+    private var transcriptArea: some View {
+        ScrollViewReader { proxy in
+            ScrollView([.horizontal, .vertical]) {
+                Text(transcriptDisplay)
+                    .font(transcriptFont)
+                    .foregroundStyle(Palette.transcriptDefaultText)
                     .textSelection(.enabled)
                     .fixedSize(horizontal: true, vertical: true)
-                    .frame(alignment: .topLeading)
-                    .padding(.horizontal, 16)
-                    .padding(.top, 46)
-                    .padding(.bottom, 24)
+                    .padding(.horizontal, 14)
+                    .padding(.vertical, 12)
+                    .id("transcriptBottom")
+            }
+            .frame(maxWidth: .infinity, maxHeight: .infinity)
+            .background(Palette.transcriptBackground)
+            .onChange(of: viewModel.transcript) { _, _ in
+                withAnimation(.easeOut(duration: 0.12)) {
+                    proxy.scrollTo("transcriptBottom", anchor: .bottomLeading)
+                }
+            }
+        }
+    }
+
+    private var transcriptDisplay: AttributedString {
+        if !viewModel.transcript.isEmpty {
+            return viewModel.attributedTranscript
+        }
+        if viewModel.hasLinkedSession {
+            return AttributedString(viewModel.status)
+        }
+        return AttributedString("Open a DevOps Defender session link from the desktop CLI.")
+    }
+
+    private var transcriptFont: Font {
+        viewModel.effectiveApp.isFancy
+            ? .system(size: 14, design: .monospaced)
+            : .system(size: 13, design: .monospaced)
+    }
+
+    // MARK: - Status text
+
+    private var primaryLabel: String {
+        guard viewModel.hasLinkedSession else { return "DevOps Defender" }
+        switch viewModel.keyboardMode {
+        case .generating(let label):
+            return label.isEmpty ? "Working" : label
+        case .choose:
+            return "Choose one"
+        case .confirm:
+            return "Confirm"
+        case .idle(let latest):
+            return latest?.nonEmpty ?? viewModel.effectiveApp.displayName
+        case .rawShell:
+            return "Shell"
+        case .disconnected:
+            return viewModel.effectiveApp.displayName
+        }
+    }
+
+    private var secondaryLabel: String {
+        switch viewModel.keyboardMode {
+        case .generating:
+            return "Tap Interrupt to send Esc"
+        case .choose(let options):
+            return "\(options.count) options · tap one or use ↑↓⏎"
+        case .confirm:
+            return "Yes / No"
+        case .idle(let latest):
+            if let latest, !latest.isEmpty { return "Last: \(latest)" }
+            return viewModel.status
+        case .rawShell:
+            return viewModel.status
+        case .disconnected:
+            return viewModel.status
+        }
+    }
+
+    private var secondaryLabelColor: Color {
+        switch viewModel.keyboardMode {
+        case .choose, .confirm: return Palette.attention
+        case .generating: return Palette.busy
+        default: return Palette.muted
+        }
+    }
+
+    private var statusDotColor: Color {
+        if viewModel.isBusy { return Palette.busy }
+        if !viewModel.hasLinkedSession { return Palette.muted }
+        if !viewModel.isStreamConnected { return Palette.busy }
+        switch viewModel.keyboardMode {
+        case .generating: return Palette.busy
+        case .choose, .confirm: return Palette.attention
+        default: return Palette.ready
+        }
+    }
+
+    private var shortSessionLabel: String {
+        guard viewModel.hasLinkedSession else { return "" }
+        return String(viewModel.selectedSessionID.prefix(8))
+    }
+}
+
+// MARK: - Keyboard surface
+
+private struct KeyboardSurface: View {
+    @ObservedObject var viewModel: ClientViewModel
+    @Binding var activeSheet: ActiveSheet?
+
+    var body: some View {
+        VStack(spacing: 10) {
+            content
+            if showMenuRail {
+                MenuRail(viewModel: viewModel, activeSheet: $activeSheet)
             }
-            .frame(maxWidth: .infinity, maxHeight: .infinity, alignment: .topLeading)
+            navStrip
+        }
+        .padding(.horizontal, 14)
+        .padding(.vertical, 12)
+        .background(Palette.surface)
+        .overlay(Rectangle().frame(height: 0.5).foregroundStyle(Palette.divider), alignment: .top)
+    }
+
+    private var showMenuRail: Bool {
+        switch viewModel.keyboardMode {
+        case .disconnected, .generating: return false
+        case .choose, .confirm, .idle, .rawShell: return true
+        }
+    }
+
+    @ViewBuilder
+    private var content: some View {
+        switch viewModel.keyboardMode {
+        case .disconnected:
+            disconnectedContent
+        case .generating(let label):
+            InterruptPanel(label: label) {
+                viewModel.sendKey(.escape)
+            }
+        case .choose(let options):
+            ChoosePanel(options: options) { index in
+                viewModel.sendText("\(index)\n")
+            }
+        case .confirm:
+            ConfirmPanel(viewModel: viewModel)
+        case .idle(let latest):
+            IdleComposer(viewModel: viewModel, hint: latest)
+        case .rawShell:
+            RawShellPanel(viewModel: viewModel)
+        }
+    }
 
+    @ViewBuilder
+    private var disconnectedContent: some View {
+        if viewModel.canReconnect {
+            VStack(spacing: 8) {
+                HStack(spacing: 8) {
+                    Image(systemName: "wifi.exclamationmark")
+                        .foregroundStyle(Palette.busy)
+                    Text("Stream disconnected")
+                        .font(.callout.weight(.semibold))
+                        .foregroundStyle(Palette.text)
+                    Spacer()
+                }
+                Button {
+                    viewModel.manualReconnect()
+                } label: {
+                    HStack(spacing: 8) {
+                        Image(systemName: "arrow.clockwise.circle.fill")
+                        Text("Reconnect")
+                            .font(.callout.weight(.semibold))
+                    }
+                    .frame(maxWidth: .infinity)
+                    .padding(.vertical, 12)
+                }
+                .buttonStyle(.borderedProminent)
+                .tint(Palette.accent)
+            }
+        } else {
+            HStack {
+                Image(systemName: "link.badge.plus")
+                Text("Open a DevOps Defender session link to begin.")
+                    .font(.callout)
+            }
+            .foregroundStyle(Palette.muted)
+            .frame(maxWidth: .infinity, alignment: .center)
+            .padding(.vertical, 8)
+        }
+    }
+
+    @ViewBuilder
+    private var navStrip: some View {
+        if showNavStrip {
             HStack(spacing: 8) {
-                Circle()
-                    .fill(viewModel.isBusy ? Palette.busy : Palette.ready)
-                    .frame(width: 7, height: 7)
+                NavChip(label: "↑") { viewModel.sendKey(.arrowUp) }
+                NavChip(label: "↓") { viewModel.sendKey(.arrowDown) }
+                NavChip(label: "⏎") { viewModel.sendKey(.enter) }
+                NavChip(label: "Esc") { viewModel.sendKey(.escape) }
+                Spacer()
+                NavChip(label: "⌃C", destructive: true) { viewModel.sendKey(.ctrlC) }
+            }
+            .disabled(!viewModel.isStreamConnected)
+            .opacity(viewModel.isStreamConnected ? 1.0 : 0.4)
+        }
+    }
+
+    private var showNavStrip: Bool {
+        switch viewModel.keyboardMode {
+        case .disconnected, .generating: return false
+        case .choose, .confirm, .idle, .rawShell: return true
+        }
+    }
+}
+
+// MARK: - Panels
+
+private struct InterruptPanel: View {
+    let label: String
+    let action: () -> Void
+
+    var body: some View {
+        VStack(spacing: 6) {
+            Text(label)
+                .font(.callout.monospaced())
+                .foregroundStyle(Palette.busy)
+                .lineLimit(1)
+                .truncationMode(.tail)
+            Button(role: .destructive, action: action) {
+                HStack(spacing: 8) {
+                    Image(systemName: "stop.circle.fill")
+                    Text("Interrupt")
+                        .font(.title3.weight(.bold))
+                }
+                .frame(maxWidth: .infinity)
+                .padding(.vertical, 14)
+            }
+            .buttonStyle(.borderedProminent)
+            .tint(Palette.error)
+        }
+    }
+}
+
+private struct ChoosePanel: View {
+    let options: [String]
+    let onChoose: (Int) -> Void
+
+    var body: some View {
+        VStack(spacing: 6) {
+            ForEach(Array(options.prefix(9).enumerated()), id: \.offset) { entry in
+                let index = entry.offset + 1
+                Button {
+                    onChoose(index)
+                } label: {
+                    HStack(spacing: 10) {
+                        Text("\(index).")
+                            .font(.body.monospaced().weight(.semibold))
+                            .foregroundStyle(Palette.accent)
+                            .frame(width: 26, alignment: .leading)
+                        Text(entry.element)
+                            .font(.body)
+                            .foregroundStyle(Palette.text)
+                            .multilineTextAlignment(.leading)
+                        Spacer(minLength: 0)
+                    }
+                    .padding(.horizontal, 12)
+                    .padding(.vertical, 10)
+                    .frame(maxWidth: .infinity, alignment: .leading)
+                    .background(
+                        RoundedRectangle(cornerRadius: 10)
+                            .fill(Palette.background)
+                    )
+                    .overlay(
+                        RoundedRectangle(cornerRadius: 10)
+                            .stroke(Palette.divider.opacity(0.6), lineWidth: 0.5)
+                    )
+                }
+                .buttonStyle(.plain)
+            }
+        }
+    }
+}
+
+private struct ConfirmPanel: View {
+    @ObservedObject var viewModel: ClientViewModel
+
+    var body: some View {
+        VStack(spacing: 6) {
+            ConfirmRow(
+                index: 1,
+                title: "Yes",
+                systemImage: "checkmark.circle.fill",
+                tint: Palette.ready
+            ) {
+                viewModel.sendText("1\n")
+            }
+            ConfirmRow(
+                index: 2,
+                title: "Yes, don't ask again this session",
+                systemImage: "checkmark.circle.fill",
+                tint: Palette.accent
+            ) {
+                viewModel.sendText("2\n")
+            }
+            ConfirmRow(
+                index: 3,
+                title: "No, tell me what to do differently",
+                systemImage: "arrow.uturn.left.circle.fill",
+                tint: Palette.error
+            ) {
+                viewModel.sendText("3\n")
+            }
+        }
+    }
+}
+
+private struct ConfirmRow: View {
+    let index: Int
+    let title: String
+    let systemImage: String
+    let tint: Color
+    let action: () -> Void
+
+    var body: some View {
+        Button(action: action) {
+            HStack(spacing: 10) {
+                Text("\(index).")
+                    .font(.body.monospaced().weight(.semibold))
+                    .foregroundStyle(tint)
+                    .frame(width: 26, alignment: .leading)
+                Image(systemName: systemImage)
+                    .foregroundStyle(tint)
+                Text(title)
+                    .font(.body)
+                    .foregroundStyle(Palette.text)
+                    .multilineTextAlignment(.leading)
+                Spacer(minLength: 0)
+            }
+            .padding(.horizontal, 12)
+            .padding(.vertical, 10)
+            .frame(maxWidth: .infinity, alignment: .leading)
+            .background(
+                RoundedRectangle(cornerRadius: 10).fill(Palette.background)
+            )
+            .overlay(
+                RoundedRectangle(cornerRadius: 10).stroke(tint.opacity(0.3), lineWidth: 0.5)
+            )
+        }
+        .buttonStyle(.plain)
+    }
+}
+
+private struct IdleComposer: View {
+    @ObservedObject var viewModel: ClientViewModel
+    let hint: String?
+    @FocusState private var focused: Bool
+
+    var body: some View {
+        HStack(alignment: .bottom, spacing: 8) {
+            TextField(placeholder, text: $viewModel.inputDraft, axis: .vertical)
+                .focused($focused)
+                .lineLimit(1...5)
+                .font(.body)
+                .padding(.horizontal, 12)
+                .padding(.vertical, 10)
+                .background(
+                    RoundedRectangle(cornerRadius: 18)
+                        .fill(Palette.background)
+                )
+                .overlay(
+                    RoundedRectangle(cornerRadius: 18)
+                        .stroke(Palette.divider.opacity(0.6), lineWidth: 0.5)
+                )
+                .disabled(!viewModel.isStreamConnected)
+
+            Button {
+                viewModel.submitDraft(appendNewline: true)
+            } label: {
+                Image(systemName: "arrow.up.circle.fill")
+                    .font(.title)
+            }
+            .buttonStyle(.plain)
+            .foregroundStyle(canSend ? Palette.accent : Palette.muted.opacity(0.5))
+            .disabled(!canSend)
+            .accessibilityLabel("Send")
+        }
+    }
+
+    private var canSend: Bool {
+        viewModel.isStreamConnected && !viewModel.inputDraft.isEmpty
+    }
+
+    private var placeholder: String {
+        if let hint, !hint.isEmpty {
+            return "Reply to Claude…"
+        }
+        return "Type a message…"
+    }
+}
 
-                Text(statusText)
-                    .font(.caption.monospaced())
+private struct SlashChip: View {
+    let label: String
+    let action: () -> Void
+
+    var body: some View {
+        Button(action: action) {
+            Text(label)
+                .font(.footnote.monospaced().weight(.semibold))
+                .foregroundStyle(Palette.accent)
+                .padding(.horizontal, 12)
+                .padding(.vertical, 6)
+                .background(Capsule().fill(Palette.accent.opacity(0.12)))
+        }
+        .buttonStyle(.plain)
+    }
+}
+
+private struct RawShellPanel: View {
+    @ObservedObject var viewModel: ClientViewModel
+
+    var body: some View {
+        VStack(spacing: 8) {
+            HStack(alignment: .bottom, spacing: 8) {
+                TextField("Type a command…", text: $viewModel.inputDraft, axis: .vertical)
+                    .lineLimit(1...4)
+                    .font(.system(.body, design: .monospaced))
+                    .padding(.horizontal, 12)
+                    .padding(.vertical, 10)
+                    .background(
+                        RoundedRectangle(cornerRadius: 18)
+                            .fill(Palette.background)
+                    )
+                    .overlay(
+                        RoundedRectangle(cornerRadius: 18)
+                            .stroke(Palette.divider.opacity(0.6), lineWidth: 0.5)
+                    )
+                    .disabled(!viewModel.isStreamConnected)
+
+                Button {
+                    viewModel.submitDraft(appendNewline: true)
+                } label: {
+                    Image(systemName: "arrow.up.circle.fill")
+                        .font(.title)
+                }
+                .buttonStyle(.plain)
+                .foregroundStyle(canSend ? Palette.accent : Palette.muted.opacity(0.5))
+                .disabled(!canSend)
+                .accessibilityLabel("Send")
+            }
+
+            ScrollView(.horizontal, showsIndicators: false) {
+                HStack(spacing: 8) {
+                    NavChip(label: "Tab") { viewModel.sendKey(.tab) }
+                    NavChip(label: "←") { viewModel.sendKey(.arrowLeft) }
+                    NavChip(label: "→") { viewModel.sendKey(.arrowRight) }
+                    NavChip(label: "⌃D", destructive: true) { viewModel.sendKey(.ctrlD) }
+                    SlashChip(label: "clear") { viewModel.sendText("clear\n") }
+                    SlashChip(label: "ls") { viewModel.sendText("ls\n") }
+                    SlashChip(label: "pwd") { viewModel.sendText("pwd\n") }
+                }
+            }
+            .disabled(!viewModel.isStreamConnected)
+        }
+    }
+
+    private var canSend: Bool {
+        viewModel.isStreamConnected && !viewModel.inputDraft.isEmpty
+    }
+}
+
+// MARK: - Menu rail
+
+private struct MenuRail: View {
+    @ObservedObject var viewModel: ClientViewModel
+    @Binding var activeSheet: ActiveSheet?
+
+    var body: some View {
+        ScrollView(.horizontal, showsIndicators: false) {
+            HStack(spacing: 8) {
+                MenuLauncher(
+                    label: "Commands",
+                    systemImage: "command.square",
+                    badge: nil
+                ) { activeSheet = .commands }
+
+                MenuLauncher(
+                    label: "History",
+                    systemImage: "clock.arrow.circlepath",
+                    badge: viewModel.sentHistory.isEmpty ? nil : "\(viewModel.sentHistory.count)"
+                ) { activeSheet = .history }
+
+                MenuLauncher(
+                    label: "Mode",
+                    systemImage: "rectangle.stack",
+                    badge: nil
+                ) { activeSheet = .mode }
+
+                MenuLauncher(
+                    label: "Keys",
+                    systemImage: "keyboard.chevron.compact.left",
+                    badge: nil
+                ) { activeSheet = .keys }
+            }
+            .padding(.horizontal, 2)
+        }
+        .disabled(!viewModel.isStreamConnected)
+        .opacity(viewModel.isStreamConnected ? 1.0 : 0.4)
+    }
+}
+
+private struct MenuLauncher: View {
+    let label: String
+    let systemImage: String
+    let badge: String?
+    let action: () -> Void
+
+    var body: some View {
+        Button(action: action) {
+            HStack(spacing: 6) {
+                Image(systemName: systemImage)
+                    .font(.callout)
+                Text(label)
+                    .font(.callout.weight(.semibold))
+                if let badge {
+                    Text(badge)
+                        .font(.caption2.monospacedDigit())
+                        .padding(.horizontal, 5)
+                        .padding(.vertical, 1)
+                        .background(Capsule().fill(Palette.accent.opacity(0.22)))
+                }
+            }
+            .foregroundStyle(Palette.text)
+            .padding(.horizontal, 12)
+            .padding(.vertical, 7)
+            .background(Capsule().fill(Palette.muted.opacity(0.16)))
+        }
+        .buttonStyle(.plain)
+    }
+}
+
+// MARK: - Menu sheets
+
+private struct CommandsSheet: View {
+    @ObservedObject var viewModel: ClientViewModel
+    let onDismiss: () -> Void
+    @State private var query: String = ""
+
+    var body: some View {
+        NavigationStack {
+            List {
+                ForEach(SlashCatalog.filtered(by: query)) { command in
+                    Button {
+                        if command.takesArgument {
+                            viewModel.inputDraft = "\(command.name) "
+                            onDismiss()
+                        } else {
+                            viewModel.sendText("\(command.name)\n")
+                            onDismiss()
+                        }
+                    } label: {
+                        HStack(spacing: 12) {
+                            Text(command.name)
+                                .font(.system(.body, design: .monospaced).weight(.semibold))
+                                .foregroundStyle(Palette.accent)
+                                .frame(width: 110, alignment: .leading)
+                            VStack(alignment: .leading, spacing: 2) {
+                                Text(command.summary)
+                                    .font(.body)
+                                    .foregroundStyle(Palette.text)
+                                if command.takesArgument {
+                                    Text("takes an argument — fills the composer")
+                                        .font(.caption2)
+                                        .foregroundStyle(.secondary)
+                                }
+                            }
+                            Spacer()
+                            Image(systemName: "arrow.up.forward.circle")
+                                .foregroundStyle(.tertiary)
+                        }
+                        .contentShape(Rectangle())
+                    }
+                    .buttonStyle(.plain)
+                }
+            }
+            .listStyle(.insetGrouped)
+            .searchable(text: $query, placement: .navigationBarDrawer(displayMode: .always))
+            .navigationTitle("Slash commands")
+            .navigationBarTitleDisplayMode(.inline)
+            .toolbar {
+                ToolbarItem(placement: .confirmationAction) {
+                    Button("Done") { onDismiss() }
+                }
+            }
+        }
+    }
+}
+
+private struct HistorySheet: View {
+    @ObservedObject var viewModel: ClientViewModel
+    let onDismiss: () -> Void
+
+    var body: some View {
+        NavigationStack {
+            Group {
+                if viewModel.sentHistory.isEmpty {
+                    ContentUnavailableView(
+                        "No messages sent yet",
+                        systemImage: "clock.arrow.circlepath",
+                        description: Text("Anything you send to the linked session will appear here so you can recall and resend it.")
+                    )
+                } else {
+                    List {
+                        ForEach(Array(viewModel.sentHistory.enumerated().reversed()), id: \.offset) { entry in
+                            Button {
+                                viewModel.inputDraft = entry.element.text
+                                onDismiss()
+                            } label: {
+                                VStack(alignment: .leading, spacing: 4) {
+                                    Text(entry.element.text)
+                                        .font(.system(.body, design: .monospaced))
+                                        .foregroundStyle(Palette.text)
+                                        .lineLimit(4)
+                                    Text(entry.element.at, style: .time)
+                                        .font(.caption2.monospacedDigit())
+                                        .foregroundStyle(.secondary)
+                                }
+                                .frame(maxWidth: .infinity, alignment: .leading)
+                                .contentShape(Rectangle())
+                            }
+                            .buttonStyle(.plain)
+                        }
+                    }
+                    .listStyle(.insetGrouped)
+                }
+            }
+            .navigationTitle("History")
+            .navigationBarTitleDisplayMode(.inline)
+            .toolbar {
+                ToolbarItem(placement: .confirmationAction) {
+                    Button("Done") { onDismiss() }
+                }
+            }
+        }
+    }
+}
+
+private struct ModeSheet: View {
+    @ObservedObject var viewModel: ClientViewModel
+    let onDismiss: () -> Void
+
+    var body: some View {
+        NavigationStack {
+            VStack(alignment: .leading, spacing: 14) {
+                Text("Claude Code cycles modes with Shift+Tab. Tap to send Shift+Tab once.")
+                    .font(.footnote)
                     .foregroundStyle(Palette.muted)
+                    .padding(.horizontal, 4)
+
+                ForEach(ClaudeMode.allCases) { mode in
+                    Button {
+                        viewModel.sendKey(.shiftTab)
+                        onDismiss()
+                    } label: {
+                        HStack(spacing: 14) {
+                            Image(systemName: mode.systemImage)
+                                .font(.title3)
+                                .foregroundStyle(Palette.accent)
+                                .frame(width: 28)
+                            VStack(alignment: .leading, spacing: 2) {
+                                Text(mode.displayName)
+                                    .font(.body.weight(.semibold))
+                                    .foregroundStyle(Palette.text)
+                                Text(mode.subtitle)
+                                    .font(.caption)
+                                    .foregroundStyle(.secondary)
+                            }
+                            Spacer()
+                            Image(systemName: "arrow.up.forward.circle")
+                                .foregroundStyle(.tertiary)
+                        }
+                        .padding(.horizontal, 14)
+                        .padding(.vertical, 12)
+                        .frame(maxWidth: .infinity, alignment: .leading)
+                        .background(
+                            RoundedRectangle(cornerRadius: 12).fill(Palette.background)
+                        )
+                        .overlay(
+                            RoundedRectangle(cornerRadius: 12).stroke(Palette.divider.opacity(0.5), lineWidth: 0.5)
+                        )
+                    }
+                    .buttonStyle(.plain)
+                }
+
+                Button {
+                    viewModel.sendKey(.shiftTab)
+                } label: {
+                    Label("Send Shift+Tab again", systemImage: "arrow.triangle.2.circlepath")
+                        .font(.callout.weight(.semibold))
+                        .frame(maxWidth: .infinity)
+                        .padding(.vertical, 10)
+                }
+                .buttonStyle(.borderedProminent)
+                .tint(Palette.muted.opacity(0.35))
+                .padding(.top, 6)
+
+                Spacer()
+            }
+            .padding(16)
+            .navigationTitle("Mode")
+            .navigationBarTitleDisplayMode(.inline)
+            .toolbar {
+                ToolbarItem(placement: .confirmationAction) {
+                    Button("Done") { onDismiss() }
+                }
+            }
+        }
+    }
+}
+
+private struct KeysSheet: View {
+    @ObservedObject var viewModel: ClientViewModel
+    let onDismiss: () -> Void
+
+    private let cols = [GridItem(.flexible()), GridItem(.flexible()), GridItem(.flexible())]
+
+    var body: some View {
+        NavigationStack {
+            ScrollView {
+                LazyVGrid(columns: cols, spacing: 10) {
+                    KeyTile(label: "Tab", systemImage: "arrow.right.to.line") { viewModel.sendKey(.tab) }
+                    KeyTile(label: "Shift+Tab", systemImage: "arrow.left.to.line") { viewModel.sendKey(.shiftTab) }
+                    KeyTile(label: "Esc", systemImage: "escape") { viewModel.sendKey(.escape) }
+                    KeyTile(label: "Esc Esc", systemImage: "escape") { viewModel.sendKey(.escEsc) }
+                    KeyTile(label: "Enter", systemImage: "return") { viewModel.sendKey(.enter) }
+                    KeyTile(label: "Newline", systemImage: "text.insert") { viewModel.sendKey(.newline) }
+                    KeyTile(label: "↑", systemImage: "arrow.up") { viewModel.sendKey(.arrowUp) }
+                    KeyTile(label: "↓", systemImage: "arrow.down") { viewModel.sendKey(.arrowDown) }
+                    KeyTile(label: "←", systemImage: "arrow.left") { viewModel.sendKey(.arrowLeft) }
+                    KeyTile(label: "→", systemImage: "arrow.right") { viewModel.sendKey(.arrowRight) }
+                    KeyTile(label: "Ctrl-R", systemImage: "doc.text.magnifyingglass") { viewModel.sendKey(.ctrlR) }
+                    KeyTile(label: "Ctrl-L", systemImage: "eraser") { viewModel.sendKey(.ctrlL) }
+                    KeyTile(label: "Ctrl-C", systemImage: "stop.circle", destructive: true) { viewModel.sendKey(.ctrlC) }
+                    KeyTile(label: "Ctrl-D", systemImage: "power", destructive: true) { viewModel.sendKey(.ctrlD) }
+                    KeyTile(label: "Backspace", systemImage: "delete.left") { viewModel.sendKey(.backspace) }
+                }
+                .padding(16)
+            }
+            .navigationTitle("Keys")
+            .navigationBarTitleDisplayMode(.inline)
+            .toolbar {
+                ToolbarItem(placement: .confirmationAction) {
+                    Button("Done") { onDismiss() }
+                }
+            }
+        }
+    }
+}
+
+private struct KeyTile: View {
+    let label: String
+    let systemImage: String
+    var destructive: Bool = false
+    let action: () -> Void
+
+    var body: some View {
+        Button(action: action) {
+            VStack(spacing: 4) {
+                Image(systemName: systemImage)
+                    .font(.title3)
+                Text(label)
+                    .font(.caption.weight(.semibold))
                     .lineLimit(1)
-                    .truncationMode(.middle)
+                    .minimumScaleFactor(0.7)
             }
-            .padding(.horizontal, 12)
-            .padding(.vertical, 8)
-            .background(Palette.background.opacity(0.94))
+            .frame(maxWidth: .infinity)
+            .padding(.vertical, 14)
+            .background(
+                RoundedRectangle(cornerRadius: 10).fill(tile)
+            )
+            .foregroundStyle(foreground)
         }
-        .onOpenURL { url in
-            viewModel.openMobileLink(url)
+        .buttonStyle(.plain)
+    }
+
+    private var tile: Color {
+        destructive ? Palette.error.opacity(0.14) : Palette.muted.opacity(0.18)
+    }
+
+    private var foreground: Color {
+        destructive ? Palette.error : Palette.text
+    }
+}
+
+// MARK: - Shared chips
+
+private struct NavChip: View {
+    let label: String
+    var destructive: Bool = false
+    let action: () -> Void
+
+    var body: some View {
+        Button(action: action) {
+            Text(label)
+                .font(.callout.monospaced().weight(.semibold))
+                .padding(.horizontal, 14)
+                .padding(.vertical, 8)
+                .background(
+                    Capsule().fill(background)
+                )
+                .foregroundStyle(foreground)
         }
+        .buttonStyle(.plain)
     }
 
-    private var transcriptText: String {
-        if !viewModel.transcript.isEmpty {
-            return viewModel.transcript
+    private var background: Color {
+        destructive ? Palette.error.opacity(0.14) : Palette.muted.opacity(0.18)
+    }
+
+    private var foreground: Color {
+        destructive ? Palette.error : Palette.text
+    }
+}
+
+// MARK: - Events sheet
+
+private struct EventsSheet: View {
+    @ObservedObject var viewModel: ClientViewModel
+    let onDismiss: () -> Void
+
+    var body: some View {
+        NavigationStack {
+            Group {
+                if viewModel.oscEvents.isEmpty {
+                    ContentUnavailableView(
+                        "No events yet",
+                        systemImage: "bell.slash",
+                        description: Text(
+                            "OSC and BEL escapes captured from the live PTY stream will appear here. Drive the agent through a state change to see what it emits."
+                        )
+                    )
+                } else {
+                    List {
+                        if !viewModel.titles.isEmpty {
+                            Section("Title timeline (\(viewModel.titles.count))") {
+                                ForEach(Array(viewModel.titles.enumerated().reversed()), id: \.offset) { entry in
+                                    TitleRow(event: entry.element)
+                                }
+                            }
+                        }
+                        Section("Raw events (\(viewModel.oscEvents.count))") {
+                            ForEach(viewModel.oscEvents.reversed()) { event in
+                                EventRow(event: event)
+                            }
+                        }
+                    }
+                    .listStyle(.insetGrouped)
+                }
+            }
+            .navigationTitle("Captured events")
+            .navigationBarTitleDisplayMode(.inline)
+            .toolbar {
+                ToolbarItem(placement: .confirmationAction) {
+                    Button("Done") { onDismiss() }
+                }
+            }
         }
-        if viewModel.hasLinkedSession {
-            return viewModel.status
+    }
+}
+
+private struct TitleRow: View {
+    let event: TitleEvent
+
+    private static let timeFormatter: DateFormatter = {
+        let f = DateFormatter()
+        f.dateFormat = "HH:mm:ss.SSS"
+        return f
+    }()
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 4) {
+            HStack(spacing: 8) {
+                Text(kindLabel)
+                    .font(.caption2.weight(.semibold))
+                    .padding(.horizontal, 6)
+                    .padding(.vertical, 2)
+                    .background(Capsule().fill(kindColor.opacity(0.18)))
+                    .foregroundStyle(kindColor)
+                Text(TitleRow.timeFormatter.string(from: event.at))
+                    .font(.caption.monospacedDigit())
+                    .foregroundStyle(.secondary)
+            }
+            Text(event.display)
+                .font(.system(.body, design: .monospaced))
+                .textSelection(.enabled)
         }
-        return "Open a DevOps Defender session link."
+        .padding(.vertical, 2)
     }
 
-    private var statusText: String {
-        if viewModel.hasLinkedSession {
-            return "\(viewModel.linkedSessionTitle)  \(viewModel.status)"
+    private var kindLabel: String {
+        switch event.kind {
+        case .generating: return "WORK"
+        case .ready: return "READY"
+        case .working: return "TITLE"
+        case .unknown: return "?"
+        }
+    }
+
+    private var kindColor: Color {
+        switch event.kind {
+        case .generating: return Color(red: 0.70, green: 0.43, blue: 0.12)
+        case .ready: return Color(red: 0.20, green: 0.48, blue: 0.31)
+        case .working: return Color(red: 0.32, green: 0.30, blue: 0.62)
+        case .unknown: return .gray
+        }
+    }
+}
+
+private struct EventRow: View {
+    let event: OSCEvent
+
+    private static let timeFormatter: DateFormatter = {
+        let f = DateFormatter()
+        f.dateFormat = "HH:mm:ss.SSS"
+        return f
+    }()
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 4) {
+            HStack(spacing: 8) {
+                Text(badgeText)
+                    .font(.caption2.weight(.semibold))
+                    .padding(.horizontal, 6)
+                    .padding(.vertical, 2)
+                    .background(Capsule().fill(badgeColor.opacity(0.18)))
+                    .foregroundStyle(badgeColor)
+                Text(EventRow.timeFormatter.string(from: event.at))
+                    .font(.caption.monospacedDigit())
+                    .foregroundStyle(.secondary)
+                Spacer()
+                Text("@\(event.byteOffset)")
+                    .font(.caption2.monospacedDigit())
+                    .foregroundStyle(.tertiary)
+            }
+
+            if event.kind == .osc {
+                Text(displayPayload)
+                    .font(.system(.footnote, design: .monospaced))
+                    .textSelection(.enabled)
+                    .frame(maxWidth: .infinity, alignment: .leading)
+            }
+        }
+        .padding(.vertical, 4)
+    }
+
+    private var badgeText: String {
+        switch event.kind {
+        case .osc:
+            if let ps = event.oscPs { return "OSC \(ps)" }
+            return "OSC"
+        case .bell: return "BEL"
         }
-        return viewModel.status
+    }
+
+    private var badgeColor: Color {
+        switch event.kind {
+        case .osc: return Color(red: 0.32, green: 0.30, blue: 0.62)
+        case .bell: return Color(red: 0.85, green: 0.39, blue: 0.10)
+        }
+    }
+
+    private var displayPayload: String {
+        let raw = event.raw
+        guard !raw.isEmpty else { return "(empty)" }
+        return raw
+            .replacingOccurrences(of: "\u{1B}", with: "\\e")
+            .replacingOccurrences(of: "\n", with: "\\n")
+            .replacingOccurrences(of: "\r", with: "\\r")
+            .replacingOccurrences(of: "\t", with: "\\t")
     }
 }
 
+// MARK: - Palette
+
 private enum Palette {
     static let background = Color(red: 0.96, green: 0.94, blue: 0.90)
+    static let surface = Color(red: 0.99, green: 0.97, blue: 0.93)
     static let text = Color(red: 0.16, green: 0.14, blue: 0.11)
     static let muted = Color(red: 0.42, green: 0.37, blue: 0.30)
+    static let divider = Color(red: 0.70, green: 0.63, blue: 0.52)
     static let ready = Color(red: 0.20, green: 0.48, blue: 0.31)
     static let busy = Color(red: 0.70, green: 0.43, blue: 0.12)
+    static let attention = Color(red: 0.85, green: 0.39, blue: 0.10)
+    static let error = Color(red: 0.78, green: 0.18, blue: 0.18)
+    static let accent = Color(red: 0.32, green: 0.30, blue: 0.62)
+    static let transcriptBackground = Color(red: 0.10, green: 0.10, blue: 0.11)
+    static let transcriptDefaultText = Color(red: 0.91, green: 0.89, blue: 0.84)
+}
+
+private extension String {
+    var nonEmpty: String? { isEmpty ? nil : self }
 }
diff --git a/apps/ios/DevOpsDefender/DDClientBridge.swift b/apps/ios/DevOpsDefender/DDClientBridge.swift
index 2cfd6e5..0029980 100644
--- a/apps/ios/DevOpsDefender/DDClientBridge.swift
+++ b/apps/ios/DevOpsDefender/DDClientBridge.swift
@@ -1,4 +1,5 @@
 import Foundation
+import SwiftUI
 
 struct AgentSettings: Sendable {
     var agentURL: String
@@ -119,6 +120,23 @@ final class AttachStream {
         self.handle = handle
     }
 
+    @discardableResult
+    func send(_ data: Data) -> Bool {
+        guard !data.isEmpty else { return true }
+        return data.withUnsafeBytes { raw -> Bool in
+            guard let base = raw.bindMemory(to: UInt8.self).baseAddress else {
+                return false
+            }
+            return dd_client_attach_stream_send(handle, base, raw.count)
+        }
+    }
+
+    @discardableResult
+    func send(_ text: String) -> Bool {
+        guard let data = text.data(using: .utf8) else { return false }
+        return send(data)
+    }
+
     func stop() {
         dd_client_attach_stream_stop(handle)
     }
@@ -168,18 +186,54 @@ enum AppDefaults {
 final class ClientViewModel: ObservableObject {
     @Published var selectedSessionID = ""
     @Published var transcript = ""
+    @Published var attributedTranscript = AttributedString("")
     @Published var status = "Open a mobile link from desktop"
     @Published var isBusy = false
+    @Published var detection: DetectionResult = .empty
+    @Published var inputDraft = ""
+    @Published var isStreamConnected = false
+    @Published var lastSendError: String?
+    @Published var oscEvents: [OSCEvent] = []
+    @Published var debugAutoOpenEvents = false
+    @Published var debugAutoOpenSheet: String? = nil
+    @Published var keyboardMode: KeyboardMode = .disconnected
+    @Published var titles: [TitleEvent] = []
+    @Published var effectiveApp: DetectedApp = .rawShell
+    @Published var sentHistory: [SentInput] = []
 
     private var agentURL = ""
     private var keyPath = AppDefaults.appSupportNoiseKeyPath
     private var attachStream: AttachStream?
     private var terminalRenderer = TerminalScreenRenderer(width: 96, maxRows: 160)
+    private var oscSniffer = OSCSniffer()
+    private var titleClassifier = TitleClassifier()
+    private var refreshScheduled = false
+    private var lastRenderedText = ""
+    private let refreshInterval: TimeInterval = 0.08
+    private let visibleTailRows: Int = 80
+    private var idleTickTimer: Timer?
+    private let idleTickInterval: TimeInterval = 1.0
+    private var reconnectAttempts = 0
+    private var reconnectWorkItem: DispatchWorkItem?
+    private let reconnectMaxDelay: TimeInterval = 30
 
     var hasLinkedSession: Bool {
         !selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
     }
 
+    /// We have enough state to reattach the same Noise stream without
+    /// requiring the user to re-tap the desktop link.
+    var canReconnect: Bool {
+        hasLinkedSession
+            && !agentURL.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+    }
+
+    func manualReconnect() {
+        cancelScheduledReconnect()
+        reconnectAttempts = 0
+        startAttachStream()
+    }
+
     var linkedSessionTitle: String {
         let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
         if id.isEmpty {
@@ -209,17 +263,35 @@ final class ClientViewModel: ObservableObject {
 
         attachStream?.stop()
         attachStream = nil
+        isStreamConnected = false
+        stopIdleTick()
+        cancelScheduledReconnect()
+        reconnectAttempts = 0
         agentURL = agent
         selectedSessionID = id
         keyPath = AppDefaults.appSupportNoiseKeyPath
         transcript = ""
+        attributedTranscript = AttributedString("")
+        detection = .empty
+        inputDraft = ""
+        lastSendError = nil
         terminalRenderer = TerminalScreenRenderer(width: 96, maxRows: 160)
+        oscSniffer.reset()
+        oscEvents = []
+        lastRenderedText = ""
+        refreshScheduled = false
+        titleClassifier.reset()
+        titles = []
+        keyboardMode = .disconnected
+        sentHistory = []
 
         guard let key = query["key"], !key.isEmpty else {
             status = "Mobile link missing key"
             return
         }
 
+        debugAutoOpenEvents = (query["debug_events"] == "1")
+        debugAutoOpenSheet = query["debug_sheet"]
         importKeyAndLoadTranscript(key)
     }
 
@@ -289,6 +361,11 @@ final class ClientViewModel: ObservableObject {
         switch event.type {
         case "open":
             status = "Connected \(id)"
+            isStreamConnected = true
+            reconnectAttempts = 0
+            cancelScheduledReconnect()
+            startIdleTick()
+            refreshKeyboardMode()
         case "bytes":
             guard let data = event.data,
                   let text = String(data: data, encoding: .utf8) else {
@@ -297,20 +374,233 @@ final class ClientViewModel: ObservableObject {
             apply(ClientUpdate(status: "Connected \(id)", terminalText: text))
         case "error":
             status = event.message ?? "Stream error"
+            isStreamConnected = false
+            attachStream = nil
+            stopIdleTick()
+            refreshKeyboardMode()
+            scheduleReconnectIfPossible()
         case "close":
             status = "Disconnected \(id)"
+            isStreamConnected = false
+            attachStream = nil
+            stopIdleTick()
+            refreshKeyboardMode()
+            scheduleReconnectIfPossible()
         default:
             break
         }
     }
 
+    /// Pick the next reconnect delay (1, 2, 4, 8, 16, 30 seconds, then
+    /// capped). Returns nil when we shouldn't auto-reconnect — e.g. no
+    /// linked session yet.
+    private func scheduleReconnectIfPossible() {
+        guard canReconnect else { return }
+        cancelScheduledReconnect()
+        let delay = min(pow(2.0, Double(reconnectAttempts)), reconnectMaxDelay)
+        reconnectAttempts += 1
+        status = "Reconnecting in \(Int(delay))s · attempt \(reconnectAttempts)"
+        let workItem = DispatchWorkItem { [weak self] in
+            Task { @MainActor in
+                self?.attemptReconnect()
+            }
+        }
+        reconnectWorkItem = workItem
+        DispatchQueue.main.asyncAfter(deadline: .now() + delay, execute: workItem)
+    }
+
+    private func cancelScheduledReconnect() {
+        reconnectWorkItem?.cancel()
+        reconnectWorkItem = nil
+    }
+
+    private func attemptReconnect() {
+        reconnectWorkItem = nil
+        guard canReconnect else { return }
+        guard !isStreamConnected else { return }
+        status = "Reconnecting…"
+        startAttachStream()
+    }
+
+    private func startIdleTick() {
+        stopIdleTick()
+        let timer = Timer.scheduledTimer(withTimeInterval: idleTickInterval, repeats: true) { [weak self] _ in
+            Task { @MainActor in
+                self?.refreshKeyboardMode()
+            }
+        }
+        idleTickTimer = timer
+    }
+
+    private func stopIdleTick() {
+        idleTickTimer?.invalidate()
+        idleTickTimer = nil
+    }
+
+    /// Feed bytes into the renderer + sniffer immediately, but defer the
+    /// expensive UI updates (AttributedString construction, detection,
+    /// keyboard-mode resolution, @Published assignments) to a coalesced
+    /// refresh that fires at most ~12fps. Claude can emit dozens of PTY
+    /// chunks per second; rendering on every one of them is the lag.
     private func apply(_ update: ClientUpdate) {
-        guard !update.terminalText.isEmpty else {
-            return
+        guard !update.terminalText.isEmpty else { return }
+        let scalars = update.terminalText.unicodeScalars
+        terminalRenderer.feed(scalars)
+        oscSniffer.feed(scalars)
+        scheduleRefresh()
+    }
+
+    private func scheduleRefresh() {
+        guard !refreshScheduled else { return }
+        refreshScheduled = true
+        DispatchQueue.main.asyncAfter(deadline: .now() + refreshInterval) { [weak self] in
+            guard let self else { return }
+            self.refreshScheduled = false
+            self.performRefresh()
         }
-        terminalRenderer.feed(update.terminalText.unicodeScalars)
+    }
+
+    private func performRefresh() {
         let rendered = terminalRenderer.renderedText()
-        transcript = rendered.isEmpty ? "(no transcript output before idle timeout)" : rendered
+        let textChanged = rendered != lastRenderedText
+        if textChanged {
+            lastRenderedText = rendered
+            let plain = rendered.isEmpty
+                ? "(no transcript output before idle timeout)"
+                : rendered
+            if plain != transcript {
+                transcript = plain
+            }
+            attributedTranscript = rendered.isEmpty
+                ? AttributedString("(no transcript output before idle timeout)")
+                : terminalRenderer.renderedAttributedString(
+                    defaultForeground: Color(red: 0.91, green: 0.89, blue: 0.84),
+                    lastRows: visibleTailRows
+                )
+            let newDetection = AppDetector.detect(transcript: rendered)
+            if newDetection != detection {
+                detection = newDetection
+            }
+        }
+        if oscEvents.count != oscSniffer.events.count
+            || oscEvents.last?.id != oscSniffer.events.last?.id {
+            oscEvents = oscSniffer.events
+        }
+        titleClassifier.feed(oscSniffer.events)
+        if titles.count != titleClassifier.titles.count
+            || titles.last?.display != titleClassifier.titles.last?.display {
+            titles = titleClassifier.titles
+        }
+        refreshKeyboardMode()
+    }
+
+    private func refreshKeyboardMode() {
+        let resolvedApp = EffectiveAppResolver.resolve(
+            detection: detection.app,
+            titles: titleClassifier.titles
+        )
+        if resolvedApp != effectiveApp {
+            effectiveApp = resolvedApp
+        }
+        let newMode = KeyboardModeResolver.resolve(
+            detection: detection,
+            effectiveApp: resolvedApp,
+            latestTitle: titleClassifier.latest,
+            isStreamConnected: isStreamConnected,
+            quietSeconds: titleClassifier.quietSeconds()
+        )
+        if newMode != keyboardMode {
+            keyboardMode = newMode
+        }
+    }
+
+    func sendBytes(_ data: Data) {
+        guard let stream = attachStream else {
+            lastSendError = "Not connected"
+            return
+        }
+        if !stream.send(data) {
+            lastSendError = "Send failed"
+        } else {
+            lastSendError = nil
+        }
+    }
+
+    func sendText(_ text: String) {
+        guard let data = text.data(using: .utf8) else {
+            lastSendError = "Could not encode text"
+            return
+        }
+        recordSent(text)
+        sendBytes(data)
+    }
+
+    private func recordSent(_ text: String) {
+        let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return }
+        let entry = SentInput(text: trimmed, at: Date())
+        if sentHistory.last?.text == trimmed { return }
+        sentHistory.append(entry)
+        if sentHistory.count > 200 {
+            sentHistory.removeFirst(sentHistory.count - 200)
+        }
+    }
+
+    func sendKey(_ key: SpecialKey) {
+        sendBytes(key.bytes)
+    }
+
+    func submitDraft(appendNewline: Bool = true) {
+        let payload = appendNewline ? inputDraft + "\n" : inputDraft
+        guard !payload.isEmpty else { return }
+        sendText(payload)
+        inputDraft = ""
+    }
+}
+
+struct SentInput: Identifiable, Equatable {
+    let id = UUID()
+    let text: String
+    let at: Date
+}
+
+enum SpecialKey {
+    case enter
+    case newline
+    case escape
+    case escEsc
+    case tab
+    case shiftTab
+    case backspace
+    case ctrlC
+    case ctrlD
+    case ctrlL
+    case ctrlR
+    case arrowUp
+    case arrowDown
+    case arrowLeft
+    case arrowRight
+    case raw(Data)
+
+    var bytes: Data {
+        switch self {
+        case .enter: return Data([0x0D])
+        case .newline: return Data([0x0A])
+        case .escape: return Data([0x1B])
+        case .escEsc: return Data([0x1B, 0x1B])
+        case .tab: return Data([0x09])
+        case .shiftTab: return Data([0x1B, 0x5B, 0x5A])
+        case .backspace: return Data([0x7F])
+        case .ctrlC: return Data([0x03])
+        case .ctrlD: return Data([0x04])
+        case .ctrlL: return Data([0x0C])
+        case .ctrlR: return Data([0x12])
+        case .arrowUp: return Data([0x1B, 0x5B, 0x41])
+        case .arrowDown: return Data([0x1B, 0x5B, 0x42])
+        case .arrowRight: return Data([0x1B, 0x5B, 0x43])
+        case .arrowLeft: return Data([0x1B, 0x5B, 0x44])
+        case .raw(let data): return data
+        }
     }
 }
 
@@ -395,12 +685,32 @@ private func firstString(for keys: [String], in value: Any?) -> String? {
     return nil
 }
 
-private final class TerminalScreenRenderer {
+final class TerminalScreenRenderer {
+    /// Snapshot of the main (scrollback) screen state taken when we
+    /// enter the alternate buffer. The alternate buffer is for TUI-only
+    /// content (Claude's prompt redraws) which we intentionally do not
+    /// surface to the iOS transcript pane.
+    private struct AltBackup {
+        var rows: [[StyledCell]]
+        var row: Int
+        var column: Int
+        var style: CellStyle
+        var savedRow: Int
+        var savedColumn: Int
+        var savedStyle: CellStyle
+    }
+
     private let width: Int
     private let maxRows: Int
-    private var rows: [[UnicodeScalar]]
+    private var rows: [[StyledCell]]
     private var row = 0
     private var column = 0
+    private var currentStyle = CellStyle.plain
+    private var savedRow = 0
+    private var savedColumn = 0
+    private var savedStyle = CellStyle.plain
+    private var inAltScreen = false
+    private var altBackup: AltBackup?
 
     init(width: Int, maxRows: Int) {
         self.width = width
@@ -408,56 +718,117 @@ private final class TerminalScreenRenderer {
         self.rows = [Self.blankRow(width: width)]
     }
 
+    /// What we expose to the UI: the main scrollback contents, *not* the
+    /// alt-screen TUI grid. While we're inside an alt screen, scrollback
+    /// is frozen at whatever it was on entry (matches how real terminals
+    /// behave — scrollback doesn't update during a TUI session).
+    private var renderableRows: [[StyledCell]] {
+        if inAltScreen { return altBackup?.rows ?? [] }
+        return rows
+    }
+
     func feed(_ scalars: String.UnicodeScalarView) {
         feed(Array(scalars))
     }
 
     func renderedText() -> String {
-        rows
-            .map { trimTrailingSpaces(String(String.UnicodeScalarView($0))) }
+        renderableRows
+            .map { row -> String in
+                let scalars = String.UnicodeScalarView(row.map { $0.scalar })
+                return trimTrailingSpaces(String(scalars))
+            }
             .joined(separator: "\n")
             .trimmingCharacters(in: .whitespacesAndNewlines)
     }
 
-    private func feed(_ scalars: [UnicodeScalar]) {
-    var index = 0
+    /// Build an AttributedString from the styled grid, grouping runs of
+    /// adjacent cells that share the same style. `lastRows` caps the
+    /// number of rows included from the bottom — the buffer itself
+    /// stays large for detection, but per-frame work shrinks to a
+    /// fixed visible window so rapid PTY streams stay responsive.
+    func renderedAttributedString(defaultForeground: Color, lastRows: Int = .max) -> AttributedString {
+        let source = renderableRows
+        let start = max(0, source.count - max(1, lastRows))
+        var output = AttributedString("")
+        for rowIndex in start..<source.count {
+            let row = source[rowIndex]
+            let trimmed = trimTrailingBlanks(row)
+            if !trimmed.isEmpty {
+                var runStart = 0
+                while runStart < trimmed.count {
+                    var runEnd = runStart + 1
+                    while runEnd < trimmed.count, trimmed[runEnd].style == trimmed[runStart].style {
+                        runEnd += 1
+                    }
+                    let scalars = String.UnicodeScalarView(trimmed[runStart..<runEnd].map { $0.scalar })
+                    var piece = AttributedString(String(scalars))
+                    apply(style: trimmed[runStart].style, to: &piece, defaultForeground: defaultForeground)
+                    output += piece
+                    runStart = runEnd
+                }
+            }
+            if rowIndex < source.count - 1 {
+                output += AttributedString("\n")
+            }
+        }
+        return output
+    }
 
-    while index < scalars.count {
-        let scalar = scalars[index]
-        let value = scalar.value
+    private func apply(style: CellStyle, to piece: inout AttributedString, defaultForeground: Color) {
+        let effectiveFg = style.inverse
+            ? style.bg.resolved(default: Palette.transcriptBackground)
+            : style.fg.resolved(default: defaultForeground)
+        let effectiveBg: Color? = style.inverse
+            ? style.fg.resolved(default: defaultForeground)
+            : (style.bg == .default ? nil : style.bg.resolved(default: Palette.transcriptBackground))
+
+        piece.foregroundColor = style.dim ? effectiveFg.opacity(0.55) : effectiveFg
+        if let bg = effectiveBg {
+            piece.backgroundColor = bg
+        }
+        var traits: InlinePresentationIntent = []
+        if style.bold { traits.insert(.stronglyEmphasized) }
+        if style.italic { traits.insert(.emphasized) }
+        if !traits.isEmpty {
+            piece.inlinePresentationIntent = traits
+        }
+        if style.underline {
+            piece.underlineStyle = .single
+        }
+    }
 
-        if value == 0x1B {
+    private func feed(_ scalars: [UnicodeScalar]) {
+        var index = 0
+        while index < scalars.count {
+            let scalar = scalars[index]
+            let value = scalar.value
+
+            if value == 0x1B {
                 index = handleEscapeSequence(in: scalars, from: index)
                 continue
             }
-
             if value == 0x9B {
                 index = handleCSISequence(in: scalars, from: index + 1)
                 continue
             }
-
             if value == 0x9D {
                 index = skipOSCSequence(in: scalars, from: index + 1)
-            continue
-        }
-
+                continue
+            }
             if let next = skipOrphanCSIFragmentIfPresent(in: scalars, from: index) {
                 index = next
                 continue
             }
-
-        if value == 0x08 {
+            if value == 0x08 {
                 column = max(0, column - 1)
-            index += 1
-            continue
-        }
-
-        if value == 0x0D {
+                index += 1
+                continue
+            }
+            if value == 0x0D {
                 column = 0
-            index += 1
-            continue
-        }
-
+                index += 1
+                continue
+            }
             if value == 0x0A {
                 row += 1
                 column = 0
@@ -465,7 +836,6 @@ private final class TerminalScreenRenderer {
                 index += 1
                 continue
             }
-
             if value == 0x09 {
                 let spaces = max(1, 4 - (column % 4))
                 for _ in 0..<spaces {
@@ -474,24 +844,23 @@ private final class TerminalScreenRenderer {
                 index += 1
                 continue
             }
-
             if value >= 0x20 {
                 put(scalar)
+            }
+            index += 1
         }
-        index += 1
-    }
     }
 
     private func put(_ scalar: UnicodeScalar) {
         clampCursor()
-        rows[row][column] = scalar
+        rows[row][column] = StyledCell(scalar: scalar, style: currentStyle)
         column += 1
         if column >= width {
             column = 0
             row += 1
             clampCursor()
-            }
         }
+    }
 
     private func clampCursor() {
         row = max(0, row)
@@ -507,10 +876,7 @@ private final class TerminalScreenRenderer {
 
     private func handleEscapeSequence(in scalars: [UnicodeScalar], from start: Int) -> Int {
         let index = start + 1
-        guard index < scalars.count else {
-            return index
-        }
-
+        guard index < scalars.count else { return index }
         let introducer = scalars[index].value
         if introducer == 0x5B {
             return handleCSISequence(in: scalars, from: index + 1)
@@ -518,38 +884,97 @@ private final class TerminalScreenRenderer {
         if introducer == 0x5D {
             return skipOSCSequence(in: scalars, from: index + 1)
         }
-
+        if introducer == 0x37 { // ESC 7 — DECSC, save cursor + style
+            saveCursor()
+            return index + 1
+        }
+        if introducer == 0x38 { // ESC 8 — DECRC, restore cursor + style
+            restoreCursor()
+            return index + 1
+        }
         return min(index + 1, scalars.count)
     }
 
+    private func saveCursor() {
+        savedRow = row
+        savedColumn = column
+        savedStyle = currentStyle
+    }
+
+    private func restoreCursor() {
+        row = savedRow
+        column = savedColumn
+        currentStyle = savedStyle
+        clampCursor()
+    }
+
+    private func clearScreen() {
+        rows = [Self.blankRow(width: width)]
+        row = 0
+        column = 0
+    }
+
+    /// Switch the active write target to a fresh alternate screen
+    /// buffer. The main scrollback (and its cursor / saved cursor) is
+    /// stashed so it can be restored unmodified when the alt screen
+    /// exits. While in the alt buffer, every write goes there — and the
+    /// rendered output exposed to the UI ignores it.
+    private func enterAltScreen() {
+        if inAltScreen { return }
+        altBackup = AltBackup(
+            rows: rows,
+            row: row,
+            column: column,
+            style: currentStyle,
+            savedRow: savedRow,
+            savedColumn: savedColumn,
+            savedStyle: savedStyle
+        )
+        inAltScreen = true
+        rows = [Self.blankRow(width: width)]
+        row = 0
+        column = 0
+        currentStyle = .plain
+        savedRow = 0
+        savedColumn = 0
+        savedStyle = .plain
+    }
+
+    private func exitAltScreen() {
+        if !inAltScreen { return }
+        inAltScreen = false
+        if let backup = altBackup {
+            rows = backup.rows
+            row = backup.row
+            column = backup.column
+            currentStyle = backup.style
+            savedRow = backup.savedRow
+            savedColumn = backup.savedColumn
+            savedStyle = backup.savedStyle
+        }
+        altBackup = nil
+    }
+
     private func skipOSCSequence(in scalars: [UnicodeScalar], from start: Int) -> Int {
         var index = start
         while index < scalars.count {
             let value = scalars[index].value
-            if value == 0x07 {
-                return index + 1
-            }
+            if value == 0x07 { return index + 1 }
             if value == 0x1B, index + 1 < scalars.count, scalars[index + 1].value == 0x5C {
                 return index + 2
-        }
+            }
             index += 1
         }
         return index
     }
 
     private func skipOrphanCSIFragmentIfPresent(in scalars: [UnicodeScalar], from start: Int) -> Int? {
-        guard start < scalars.count else {
-            return nil
-        }
+        guard start < scalars.count else { return nil }
         let first = scalars[start].value
-        guard first == 0x3B || first == 0x3F || first == 0x5B else {
-            return nil
-        }
+        guard first == 0x3B || first == 0x3F || first == 0x5B else { return nil }
 
         var index = start
-        if first == 0x5B {
-            index += 1
-        }
+        if first == 0x5B { index += 1 }
 
         let scanLimit = min(index + 20, scalars.count)
         while index < scanLimit {
@@ -563,7 +988,6 @@ private final class TerminalScreenRenderer {
                 index += 1
                 continue
             }
-
             if isCSIControlFinal(value) {
                 return index + 1
             }
@@ -588,7 +1012,7 @@ private final class TerminalScreenRenderer {
             let value = scalars[index].value
             if value >= 0x40, value <= 0x7E {
                 applyCSI(raw, final: Character(UnicodeScalar(value)!))
-            index += 1
+                index += 1
                 return index
             }
             raw.unicodeScalars.append(scalars[index])
@@ -598,31 +1022,135 @@ private final class TerminalScreenRenderer {
     }
 
     private func applyCSI(_ raw: String, final: Character) {
+        let isPrivate = raw.hasPrefix("?")
         let params = parseCSIParams(raw)
         let amount = max(1, params.first ?? 1)
 
+        if isPrivate, final == "h" || final == "l" {
+            applyPrivateMode(params: params, set: final == "h")
+            clampCursor()
+            return
+        }
+
         switch final {
-        case "A":
-            row -= amount
-        case "B":
-            row += amount
-        case "C":
-            column += amount
-        case "D":
-            column -= amount
-        case "G":
-            column = max(0, amount - 1)
+        case "A": row -= amount
+        case "B": row += amount
+        case "C": column += amount
+        case "D": column -= amount
+        case "G": column = max(0, amount - 1)
         case "H", "f":
             row = max(0, (params.first ?? 1) - 1)
             column = max(0, (params.dropFirst().first ?? 1) - 1)
-        case "J":
-            eraseDisplay(mode: params.first ?? 0)
-        case "K":
-            eraseLine(mode: params.first ?? 0)
-        default:
-            break
+        case "J": eraseDisplay(mode: params.first ?? 0)
+        case "K": eraseLine(mode: params.first ?? 0)
+        case "L": insertLines(amount)
+        case "M": deleteLines(amount)
+        case "s": saveCursor()
+        case "u": restoreCursor()
+        case "m": applySGR(params)
+        default: break
+        }
+        clampCursor()
+    }
+
+    /// DEC private modes. The ones that matter for Claude Code:
+    ///   1049 / 1047 / 47 — alternate screen buffer enter (h) / exit (l).
+    ///                       We don't keep two grids; we just blank the
+    ///                       screen on both transitions so frames don't
+    ///                       layer on top of each other.
+    ///   1048             — save/restore cursor (paired with 1049).
+    ///   25               — show/hide cursor (we don't render a cursor).
+    private func applyPrivateMode(params: [Int], set: Bool) {
+        for code in params {
+            switch code {
+            case 47, 1047, 1049:
+                if set { enterAltScreen() } else { exitAltScreen() }
+            case 1048:
+                if set { saveCursor() } else { restoreCursor() }
+            default:
+                break
+            }
+        }
+    }
+
+    private func insertLines(_ count: Int) {
+        clampCursor()
+        for _ in 0..<count {
+            rows.insert(Self.blankRow(width: width), at: row)
+        }
+        if rows.count > maxRows {
+            rows.removeLast(rows.count - maxRows)
         }
+    }
+
+    private func deleteLines(_ count: Int) {
         clampCursor()
+        let n = min(count, rows.count - row)
+        guard n > 0 else { return }
+        rows.removeSubrange(row..<(row + n))
+        while rows.count < row + 1 {
+            rows.append(Self.blankRow(width: width))
+        }
+    }
+
+    /// Walk SGR params and update `currentStyle`. Handles 16-color,
+    /// 256-color (`38;5;n` / `48;5;n`), and truecolor (`38;2;r;g;b` /
+    /// `48;2;r;g;b`). An empty parameter list resets, per spec.
+    private func applySGR(_ params: [Int]) {
+        if params.isEmpty {
+            currentStyle.reset()
+            return
+        }
+        var i = 0
+        while i < params.count {
+            let code = params[i]
+            switch code {
+            case 0: currentStyle.reset()
+            case 1: currentStyle.bold = true
+            case 2: currentStyle.dim = true
+            case 3: currentStyle.italic = true
+            case 4: currentStyle.underline = true
+            case 7: currentStyle.inverse = true
+            case 22:
+                currentStyle.bold = false
+                currentStyle.dim = false
+            case 23: currentStyle.italic = false
+            case 24: currentStyle.underline = false
+            case 27: currentStyle.inverse = false
+            case 30...37: currentStyle.fg = .named(code - 30)
+            case 38:
+                if i + 1 < params.count, params[i + 1] == 5, i + 2 < params.count {
+                    currentStyle.fg = .indexed(params[i + 2])
+                    i += 2
+                } else if i + 1 < params.count, params[i + 1] == 2, i + 4 < params.count {
+                    currentStyle.fg = .rgb(
+                        UInt8(clamping: params[i + 2]),
+                        UInt8(clamping: params[i + 3]),
+                        UInt8(clamping: params[i + 4])
+                    )
+                    i += 4
+                }
+            case 39: currentStyle.fg = .default
+            case 40...47: currentStyle.bg = .named(code - 40)
+            case 48:
+                if i + 1 < params.count, params[i + 1] == 5, i + 2 < params.count {
+                    currentStyle.bg = .indexed(params[i + 2])
+                    i += 2
+                } else if i + 1 < params.count, params[i + 1] == 2, i + 4 < params.count {
+                    currentStyle.bg = .rgb(
+                        UInt8(clamping: params[i + 2]),
+                        UInt8(clamping: params[i + 3]),
+                        UInt8(clamping: params[i + 4])
+                    )
+                    i += 4
+                }
+            case 49: currentStyle.bg = .default
+            case 90...97: currentStyle.fg = .named(code - 90 + 8)
+            case 100...107: currentStyle.bg = .named(code - 100 + 8)
+            default: break
+            }
+            i += 1
+        }
     }
 
     private func eraseDisplay(mode: Int) {
@@ -637,7 +1165,7 @@ private final class TerminalScreenRenderer {
                 let end = y == row ? column : width - 1
                 guard end >= 0 else { continue }
                 for x in 0...end {
-                    rows[y][x] = " "
+                    rows[y][x] = StyledCell.blank
                 }
             }
         default:
@@ -645,7 +1173,7 @@ private final class TerminalScreenRenderer {
                 let start = y == row ? column : 0
                 guard start < width else { continue }
                 for x in start..<width {
-                    rows[y][x] = " "
+                    rows[y][x] = StyledCell.blank
                 }
             }
         }
@@ -656,29 +1184,35 @@ private final class TerminalScreenRenderer {
         switch mode {
         case 1:
             for x in 0...column {
-                rows[row][x] = " "
+                rows[row][x] = StyledCell.blank
             }
         case 2:
             rows[row] = Self.blankRow(width: width)
         default:
             for x in column..<width {
-                rows[row][x] = " "
+                rows[row][x] = StyledCell.blank
             }
         }
     }
 
     private func parseCSIParams(_ raw: String) -> [Int] {
         let cleaned = raw.trimmingCharacters(in: CharacterSet(charactersIn: "?=><"))
-        if cleaned.isEmpty {
-            return []
-        }
+        if cleaned.isEmpty { return [] }
         return cleaned.split(separator: ";", omittingEmptySubsequences: false).map {
             Int($0) ?? 0
         }
     }
 
-    private static func blankRow(width: Int) -> [UnicodeScalar] {
-        Array(repeating: " ", count: width)
+    private static func blankRow(width: Int) -> [StyledCell] {
+        Array(repeating: StyledCell.blank, count: width)
+    }
+
+    private func trimTrailingBlanks(_ row: [StyledCell]) -> [StyledCell] {
+        var end = row.count
+        while end > 0, row[end - 1].scalar == " ", row[end - 1].style == .plain {
+            end -= 1
+        }
+        return Array(row[0..<end])
     }
 }
 
@@ -689,3 +1223,9 @@ private func trimTrailingSpaces(_ line: String) -> String {
     }
     return line
 }
+
+/// Palette colors that the renderer needs to reach. Mirrors the values in
+/// ContentView's private Palette enum.
+private enum Palette {
+    static let transcriptBackground = Color(red: 0.10, green: 0.10, blue: 0.11)
+}
diff --git a/apps/ios/DevOpsDefender/DDClientFFI.h b/apps/ios/DevOpsDefender/DDClientFFI.h
index 4db8997..587bfb5 100644
--- a/apps/ios/DevOpsDefender/DDClientFFI.h
+++ b/apps/ios/DevOpsDefender/DDClientFFI.h
@@ -5,6 +5,8 @@
 extern "C" {
 #endif
 
+#include <stdbool.h>
+#include <stddef.h>
 #include <stdint.h>
 
 typedef void (*dd_client_stream_callback)(uint64_t handle, const char *event_json, void *context);
@@ -13,6 +15,7 @@ char *dd_client_import_key(const char *key_path, const char *key_content);
 char *dd_client_replay_session(const char *request_json);
 uint64_t dd_client_attach_stream_start(const char *request_json, dd_client_stream_callback callback, void *context);
 void dd_client_attach_stream_stop(uint64_t handle);
+bool dd_client_attach_stream_send(uint64_t handle, const uint8_t *bytes, size_t len);
 void dd_client_string_free(char *value);
 
 #ifdef __cplusplus
diff --git a/apps/ios/DevOpsDefender/KeyboardMode.swift b/apps/ios/DevOpsDefender/KeyboardMode.swift
new file mode 100644
index 0000000..3f63733
--- /dev/null
+++ b/apps/ios/DevOpsDefender/KeyboardMode.swift
@@ -0,0 +1,105 @@
+import Foundation
+
+/// What surface the keyboard should present right now. Fused from the
+/// transcript-based AppDetector + OSC-0 TitleClassifier.
+enum KeyboardMode: Equatable {
+    /// Claude is busy. The only useful action is interrupt.
+    case generating(label: String)
+
+    /// Claude is showing a numbered list of options. We replicate them as
+    /// full-width tappable rows.
+    case choose(options: [String])
+
+    /// Claude is asking a yes/no question.
+    case confirm
+
+    /// Claude is at its idle prompt — show a composer.
+    case idle(latest: String?)
+
+    /// Raw shell (no fancy TUI detected) — show terminal-style chips.
+    case rawShell
+
+    /// We don't have a connected session yet.
+    case disconnected
+}
+
+enum KeyboardModeResolver {
+    /// Pick a single KeyboardMode from the transcript-based detection
+    /// and the most recent OSC-0 title. The detector's awaitingChoice /
+    /// awaitingYesNo signals are authoritative because they come from
+    /// the actual prompt on screen; the title is used to distinguish
+    /// "generating" from "idle" and to refine the app classification.
+    /// Time we'll trust a "generating" title for before treating Claude
+    /// as idle. Claude refreshes its OSC 0 title roughly every second
+    /// while working; if we've gone this long without one, the agent has
+    /// almost certainly gone quiet.
+    static let staleTitleThreshold: TimeInterval = 2.5
+
+    static func resolve(
+        detection: DetectionResult,
+        effectiveApp: DetectedApp,
+        latestTitle: TitleEvent?,
+        isStreamConnected: Bool,
+        quietSeconds: TimeInterval?
+    ) -> KeyboardMode {
+        guard isStreamConnected else { return .disconnected }
+
+        if !effectiveApp.isFancy {
+            return .rawShell
+        }
+
+        // Explicit menus from the transcript always win — Claude is
+        // waiting on a specific answer.
+        switch detection.activity {
+        case .awaitingChoice(let options):
+            return .choose(options: options)
+        case .awaitingYesNo:
+            return .confirm
+        default:
+            break
+        }
+
+        // Fresh OSC 0 title with a "working" classification is the most
+        // reliable "agent is busy" signal. Claude keeps re-emitting its
+        // status title every ~1s while generating; in steady state on a
+        // prompt, titles stop changing. This beats transcript heuristics
+        // which can be fooled by a `>` cursor still being on screen
+        // while output continues to stream in below it.
+        let titleIsFresh = (quietSeconds ?? .greatestFiniteMagnitude) <= staleTitleThreshold
+        if titleIsFresh, let kind = latestTitle?.kind {
+            switch kind {
+            case .generating, .working:
+                return .generating(label: latestTitle?.display ?? "Working")
+            case .ready, .unknown:
+                break
+            }
+        }
+
+        return .idle(latest: latestTitle?.display)
+    }
+}
+
+/// Combine the transcript-based detector with OSC-0 title evidence.
+/// Heavy title traffic with Claude-typical phrasing is enough evidence
+/// to call this a Claude Code session even when the prompt block isn't
+/// currently on screen.
+enum EffectiveAppResolver {
+    static func resolve(detection: DetectedApp, titles: [TitleEvent]) -> DetectedApp {
+        if detection != .rawShell { return detection }
+        guard !titles.isEmpty else { return detection }
+        let recent = titles.suffix(40)
+        let generatingCount = recent.filter { $0.kind == .generating }.count
+        let combined = recent.map { $0.display.lowercased() }.joined(separator: "\n")
+        let claudeMarkers = [
+            "tokens", "claude", "thinking", "cogitating", "generating",
+            "sautéed", "sauteed", "brewing", "noodling", "esc to interrupt"
+        ]
+        let hits = claudeMarkers.reduce(0) { acc, m in
+            acc + (combined.contains(m) ? 1 : 0)
+        }
+        if generatingCount >= 2 || hits >= 1 {
+            return .claudeCode
+        }
+        return detection
+    }
+}
diff --git a/apps/ios/DevOpsDefender/Menus.swift b/apps/ios/DevOpsDefender/Menus.swift
new file mode 100644
index 0000000..ba26db3
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Menus.swift
@@ -0,0 +1,74 @@
+import Foundation
+
+/// A single entry in the slash-command palette. Mirrors what Claude Code
+/// itself exposes via `/`.
+struct SlashCommand: Identifiable, Hashable {
+    let name: String
+    let summary: String
+    /// True if the command takes an argument and should land in the
+    /// composer ("/save <name>") rather than firing immediately.
+    let takesArgument: Bool
+
+    var id: String { name }
+}
+
+enum SlashCatalog {
+    /// Curated to match Claude Code's documented commands. Order roughly
+    /// reflects how often they get used.
+    static let all: [SlashCommand] = [
+        .init(name: "/help", summary: "Show available commands", takesArgument: false),
+        .init(name: "/clear", summary: "Clear conversation history", takesArgument: false),
+        .init(name: "/compact", summary: "Summarize and compress context", takesArgument: false),
+        .init(name: "/cost", summary: "Show session token + cost usage", takesArgument: false),
+        .init(name: "/model", summary: "Switch the active model", takesArgument: true),
+        .init(name: "/permissions", summary: "Edit tool permissions", takesArgument: false),
+        .init(name: "/agents", summary: "Pick a subagent for this turn", takesArgument: false),
+        .init(name: "/mcp", summary: "Manage MCP server connections", takesArgument: false),
+        .init(name: "/resume", summary: "Resume a previous session", takesArgument: true),
+        .init(name: "/save", summary: "Save the current session", takesArgument: true),
+        .init(name: "/init", summary: "Bootstrap CLAUDE.md for this repo", takesArgument: false),
+        .init(name: "/review", summary: "Review a PR", takesArgument: true),
+        .init(name: "/exit", summary: "Exit Claude Code", takesArgument: false)
+    ]
+
+    static func filtered(by query: String) -> [SlashCommand] {
+        let q = query.trimmingCharacters(in: .whitespaces).lowercased()
+        guard !q.isEmpty else { return all }
+        return all.filter { cmd in
+            cmd.name.lowercased().contains(q) || cmd.summary.lowercased().contains(q)
+        }
+    }
+}
+
+/// Claude Code modes. Cycling order matches Shift+Tab.
+enum ClaudeMode: String, CaseIterable, Identifiable {
+    case normal
+    case plan
+    case autoAccept
+
+    var id: String { rawValue }
+
+    var displayName: String {
+        switch self {
+        case .normal: return "Normal"
+        case .plan: return "Plan"
+        case .autoAccept: return "Auto-accept"
+        }
+    }
+
+    var subtitle: String {
+        switch self {
+        case .normal: return "Confirm each action"
+        case .plan: return "Propose a plan first, no edits"
+        case .autoAccept: return "Auto-approve safe edits"
+        }
+    }
+
+    var systemImage: String {
+        switch self {
+        case .normal: return "person.fill.questionmark"
+        case .plan: return "list.bullet.rectangle"
+        case .autoAccept: return "bolt.circle.fill"
+        }
+    }
+}
diff --git a/apps/ios/DevOpsDefender/OSCSniffer.swift b/apps/ios/DevOpsDefender/OSCSniffer.swift
new file mode 100644
index 0000000..b9eb6ef
--- /dev/null
+++ b/apps/ios/DevOpsDefender/OSCSniffer.swift
@@ -0,0 +1,134 @@
+import Foundation
+
+/// One captured terminal "notification-class" event. We keep the schema
+/// deliberately raw for the observation pass: enough to see what arrives,
+/// not yet a typed Claude Code event.
+struct OSCEvent: Identifiable, Equatable {
+    enum Kind: String, Equatable {
+        case osc
+        case bell
+    }
+
+    let id: UUID
+    let kind: Kind
+    /// For `.osc`, the payload between `ESC ]` and the terminator (BEL or ST),
+    /// not including either delimiter. For `.bell`, the empty string.
+    let raw: String
+    let at: Date
+    let byteOffset: Int
+
+    init(kind: Kind, raw: String, at: Date = Date(), byteOffset: Int) {
+        self.id = UUID()
+        self.kind = kind
+        self.raw = raw
+        self.at = at
+        self.byteOffset = byteOffset
+    }
+
+    /// Parsed `Ps` (OSC command number) when the payload starts with digits
+    /// followed by a semicolon. Returns nil for malformed OSC or bell.
+    var oscPs: Int? {
+        guard kind == .osc else { return nil }
+        var digits = ""
+        for scalar in raw.unicodeScalars {
+            if CharacterSet.decimalDigits.contains(scalar) {
+                digits.unicodeScalars.append(scalar)
+                continue
+            }
+            break
+        }
+        return Int(digits)
+    }
+}
+
+/// Streaming parser that watches a PTY byte stream and emits OSC + bell
+/// notifications. Stateful so it can be fed in chunks: a sequence that
+/// spans two `feed(_:)` calls is still parsed correctly.
+///
+/// Recognizes the standard openings:
+///   - 7-bit `ESC ]` (0x1B 0x5D) ... `BEL` (0x07) or `ESC \` (ST)
+///   - 8-bit `OSC`  (0x9D) ... `BEL` or `0x9C` (ST)
+///
+/// Bare BEL outside an OSC sequence is captured as a `.bell` event.
+final class OSCSniffer {
+    private enum State {
+        case idle
+        case afterEsc
+        case inOSC
+        case inOSCAfterEsc
+    }
+
+    private var state: State = .idle
+    private var buffer = String.UnicodeScalarView()
+    private var bytesSeen: Int = 0
+
+    private(set) var events: [OSCEvent] = []
+    var maxEvents: Int = 500
+
+    func reset() {
+        state = .idle
+        buffer.removeAll()
+        bytesSeen = 0
+        events.removeAll()
+    }
+
+    func feed(_ scalars: String.UnicodeScalarView) {
+        for scalar in scalars {
+            consume(scalar)
+            bytesSeen += 1
+        }
+    }
+
+    private func consume(_ scalar: UnicodeScalar) {
+        let v = scalar.value
+        switch state {
+        case .idle:
+            if v == 0x1B {
+                state = .afterEsc
+            } else if v == 0x9D {
+                state = .inOSC
+                buffer.removeAll()
+            } else if v == 0x07 {
+                append(.init(kind: .bell, raw: "", byteOffset: bytesSeen))
+            }
+        case .afterEsc:
+            if v == 0x5D {
+                state = .inOSC
+                buffer.removeAll()
+            } else {
+                state = .idle
+            }
+        case .inOSC:
+            if v == 0x07 || v == 0x9C {
+                flushOSC()
+                state = .idle
+            } else if v == 0x1B {
+                state = .inOSCAfterEsc
+            } else {
+                buffer.append(scalar)
+            }
+        case .inOSCAfterEsc:
+            if v == 0x5C {
+                flushOSC()
+                state = .idle
+            } else {
+                buffer.append(UnicodeScalar(0x1B)!)
+                buffer.append(scalar)
+                state = .inOSC
+            }
+        }
+    }
+
+    private func flushOSC() {
+        let raw = String(buffer)
+        buffer.removeAll()
+        append(.init(kind: .osc, raw: raw, byteOffset: bytesSeen))
+    }
+
+    private func append(_ event: OSCEvent) {
+        events.append(event)
+        if events.count > maxEvents {
+            events.removeFirst(events.count - maxEvents)
+        }
+    }
+}
diff --git a/apps/ios/DevOpsDefender/TerminalStyle.swift b/apps/ios/DevOpsDefender/TerminalStyle.swift
new file mode 100644
index 0000000..0870c1e
--- /dev/null
+++ b/apps/ios/DevOpsDefender/TerminalStyle.swift
@@ -0,0 +1,102 @@
+import SwiftUI
+
+/// One ANSI color slot. `default` means "use the terminal's default
+/// foreground/background", which lets the renderer pick a theme color
+/// rather than baking one in.
+enum ANSIColor: Equatable, Hashable {
+    case `default`
+    /// Named palette index 0–15. 0–7 are the standard CGA colors, 8–15
+    /// are the bright variants (selected via SGR 90–97 / 100–107).
+    case named(Int)
+    /// Indexed xterm 256-color palette entry (0–255).
+    case indexed(Int)
+    /// 24-bit truecolor (SGR 38;2;r;g;b / 48;2;r;g;b).
+    case rgb(UInt8, UInt8, UInt8)
+
+    /// Resolve to a SwiftUI Color against a dark terminal theme. Named
+    /// colors are picked to match common terminal palettes (close to
+    /// Apple Terminal "Basic" / iTerm2 default) so output looks normal.
+    func resolved(default fallback: Color) -> Color {
+        switch self {
+        case .default:
+            return fallback
+        case .named(let i):
+            return ANSIColor.namedPalette[max(0, min(15, i))]
+        case .indexed(let i):
+            return ANSIColor.indexedColor(i)
+        case .rgb(let r, let g, let b):
+            return Color(
+                red: Double(r) / 255.0,
+                green: Double(g) / 255.0,
+                blue: Double(b) / 255.0
+            )
+        }
+    }
+
+    // MARK: - Palette
+
+    private static let namedPalette: [Color] = [
+        Color(red: 0.00, green: 0.00, blue: 0.00), // 0  black
+        Color(red: 0.80, green: 0.18, blue: 0.18), // 1  red
+        Color(red: 0.30, green: 0.69, blue: 0.31), // 2  green
+        Color(red: 0.83, green: 0.68, blue: 0.21), // 3  yellow
+        Color(red: 0.30, green: 0.55, blue: 0.86), // 4  blue
+        Color(red: 0.77, green: 0.33, blue: 0.79), // 5  magenta
+        Color(red: 0.31, green: 0.73, blue: 0.76), // 6  cyan
+        Color(red: 0.85, green: 0.85, blue: 0.85), // 7  white (light gray)
+        Color(red: 0.50, green: 0.50, blue: 0.50), // 8  bright black (gray)
+        Color(red: 0.95, green: 0.36, blue: 0.36), // 9  bright red
+        Color(red: 0.55, green: 0.89, blue: 0.47), // 10 bright green
+        Color(red: 0.98, green: 0.84, blue: 0.36), // 11 bright yellow
+        Color(red: 0.51, green: 0.72, blue: 0.99), // 12 bright blue
+        Color(red: 0.93, green: 0.54, blue: 0.96), // 13 bright magenta
+        Color(red: 0.51, green: 0.93, blue: 0.95), // 14 bright cyan
+        Color(red: 1.00, green: 1.00, blue: 1.00)  // 15 bright white
+    ]
+
+    private static func indexedColor(_ i: Int) -> Color {
+        let i = max(0, min(255, i))
+        if i < 16 {
+            return namedPalette[i]
+        }
+        if i < 232 {
+            // 6×6×6 color cube: index 16 + 36r + 6g + b
+            let n = i - 16
+            let r = (n / 36) % 6
+            let g = (n / 6) % 6
+            let b = n % 6
+            let steps: [Double] = [0.0, 0.37, 0.53, 0.69, 0.84, 1.0]
+            return Color(red: steps[r], green: steps[g], blue: steps[b])
+        }
+        // 232–255: 24-step grayscale ramp
+        let step = Double(i - 232)
+        let value = (step * 10.0 + 8.0) / 255.0
+        return Color(red: value, green: value, blue: value)
+    }
+}
+
+/// Visual attributes for a single terminal cell.
+struct CellStyle: Equatable {
+    var fg: ANSIColor = .default
+    var bg: ANSIColor = .default
+    var bold: Bool = false
+    var dim: Bool = false
+    var italic: Bool = false
+    var underline: Bool = false
+    var inverse: Bool = false
+
+    static let plain = CellStyle()
+
+    mutating func reset() {
+        self = .plain
+    }
+}
+
+/// One cell on the terminal screen — a printable scalar plus its visual
+/// style at the moment it was written.
+struct StyledCell: Equatable {
+    var scalar: UnicodeScalar
+    var style: CellStyle
+
+    static let blank = StyledCell(scalar: " ", style: .plain)
+}
diff --git a/apps/ios/DevOpsDefender/TitleClassifier.swift b/apps/ios/DevOpsDefender/TitleClassifier.swift
new file mode 100644
index 0000000..5e5ce21
--- /dev/null
+++ b/apps/ios/DevOpsDefender/TitleClassifier.swift
@@ -0,0 +1,144 @@
+import Foundation
+
+/// One OSC-0 title, cleaned for display and classified.
+struct TitleEvent: Equatable {
+    enum Kind: Equatable {
+        case generating
+        case working
+        case ready
+        case unknown
+    }
+
+    var raw: String
+    /// `raw` with the leading status glyph + whitespace stripped.
+    var display: String
+    var kind: Kind
+    var at: Date
+}
+
+/// Stateful classifier that turns the OSC-0 firehose into a deduped
+/// sequence of TitleEvents. Consecutive identical titles are coalesced.
+///
+/// The classifier is called repeatedly with a growing buffer of OSC
+/// events, so it tracks the last `byteOffset` it processed and skips
+/// anything at or before that. Without this, replays and idle ticks
+/// re-process the same events and inflate the timeline.
+final class TitleClassifier {
+    private(set) var titles: [TitleEvent] = []
+    var maxTitles: Int = 200
+    private var lastProcessedOffset: Int = -1
+
+    func reset() {
+        titles.removeAll()
+        lastProcessedOffset = -1
+    }
+
+    /// Feed the cumulative captured OSC event buffer. Only events whose
+    /// `byteOffset` is past the last seen one are actually classified.
+    func feed(_ events: [OSCEvent]) {
+        for event in events {
+            guard event.byteOffset > lastProcessedOffset else { continue }
+            lastProcessedOffset = event.byteOffset
+            guard event.kind == .osc else { continue }
+            guard let body = oscZeroBody(event.raw) else { continue }
+            let display = cleanDisplay(body)
+            if display.isEmpty { continue }
+            if titles.last?.display == display { continue }
+            let kind = classify(display)
+            titles.append(TitleEvent(raw: body, display: display, kind: kind, at: event.at))
+            if titles.count > maxTitles {
+                titles.removeFirst(titles.count - maxTitles)
+            }
+        }
+    }
+
+    var latest: TitleEvent? { titles.last }
+
+    /// Time since the most recent title — used to detect "the agent went
+    /// quiet, probably awaiting input."
+    func quietSeconds(now: Date = Date()) -> TimeInterval? {
+        guard let last = latest else { return nil }
+        return now.timeIntervalSince(last.at)
+    }
+
+    private func oscZeroBody(_ raw: String) -> String? {
+        // OSC 0 payload is `0;<title>`. Some terminals also use `1;` or
+        // `2;` for icon name / window title separately — accept all three
+        // because they all describe the running app's state.
+        for prefix in ["0;", "1;", "2;"] {
+            if raw.hasPrefix(prefix) {
+                return String(raw.dropFirst(prefix.count))
+            }
+        }
+        return nil
+    }
+
+    /// Strip Claude Code's leading status glyphs (✻, ●, ⏺, ▌, ▎, dingbats…)
+    /// so the display string is just the human-readable label. We strip
+    /// any leading whitespace plus characters in the dingbat / geometric /
+    /// misc-symbols / arrows blocks — basically "any decorative glyph that
+    /// appears before the first letter or digit". Caps the strip so we
+    /// don't eat real content.
+    private func cleanDisplay(_ body: String) -> String {
+        var scalars = Array(body.unicodeScalars)
+        var stripped = 0
+        while let first = scalars.first, stripped < 8 {
+            let v = first.value
+            let isWhitespace = v == 0x20 || v == 0x09
+            let isLetter = (v >= 0x41 && v <= 0x5A) || (v >= 0x61 && v <= 0x7A)
+            let isDigit = v >= 0x30 && v <= 0x39
+            if isLetter || isDigit { break }
+            let isDecorativeBlock =
+                (v >= 0x2190 && v <= 0x21FF)    // Arrows
+                || (v >= 0x2200 && v <= 0x22FF) // Math operators (∗ etc.)
+                || (v >= 0x2300 && v <= 0x23FF) // Misc technical (⏺ etc.)
+                || (v >= 0x2500 && v <= 0x259F) // Box drawing + block elements
+                || (v >= 0x25A0 && v <= 0x25FF) // Geometric shapes (●, ▎, etc.)
+                || (v >= 0x2600 && v <= 0x26FF) // Misc symbols
+                || (v >= 0x2700 && v <= 0x27BF) // Dingbats (✻, ❯, ★, etc.)
+                || v == 0x2022                  // •
+                || v == 0x00B7                  // ·
+                || v == 0x002A                  // *
+                || v == 0x002D                  // -
+                || v == 0x2013                  // –
+                || v == 0x2014                  // —
+                || v == 0x003E                  // > (rare prompt glyph)
+            if isWhitespace || isDecorativeBlock {
+                scalars.removeFirst()
+                stripped += 1
+                continue
+            }
+            break
+        }
+        return String(String.UnicodeScalarView(scalars))
+            .trimmingCharacters(in: .whitespaces)
+    }
+
+    private func classify(_ text: String) -> TitleEvent.Kind {
+        let lower = text.lowercased()
+        let workingPhrases = [
+            "generating", "cogitating", "thinking", "brewing", "sautéing",
+            "sauteed", "sautéed", "considering", "pondering", "noodling",
+            "investigating", "exploring", "reading", "scanning", "spinning",
+            "running", "executing", "tooling", "fetching", "compiling",
+            "writing", "applying", "patching", "diffing", "planning",
+            "noodling", "deliberating", "musing"
+        ]
+        if workingPhrases.contains(where: { lower.contains($0) }) {
+            return .generating
+        }
+        let readyPhrases = ["ready", "awaiting", "done", "complete", "finished"]
+        if readyPhrases.contains(where: { lower.contains($0) }) {
+            return .ready
+        }
+        if lower.contains("for ") && lower.range(of: #" for \d+"#, options: .regularExpression) != nil {
+            // "Cogitated for 32s" / "Sautéed for 9s" — a verb-past + "for Ns".
+            // These appear right after Claude finishes a phase; treat as
+            // ".generating" still because more output usually follows. The
+            // hint that we're idle comes from the "no new title for N
+            // seconds" check, not from any single title.
+            return .generating
+        }
+        return .working
+    }
+}
diff --git a/crates/dd-client-core/src/lib.rs b/crates/dd-client-core/src/lib.rs
index 07df743..0e898fa 100644
--- a/crates/dd-client-core/src/lib.rs
+++ b/crates/dd-client-core/src/lib.rs
@@ -12,7 +12,7 @@ use serde_json::Value;
 use snow::{Builder, TransportState};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::TcpStream;
-use tokio::sync::watch;
+use tokio::sync::{mpsc, watch};
 use tokio_tungstenite::tungstenite::Message as WsMessage;
 use tokio_tungstenite::{connect_async, MaybeTlsStream, WebSocketStream};
 use x25519_dalek::{PublicKey, StaticSecret};
@@ -253,6 +253,7 @@ pub async fn attach_session_stream<F>(
     mut conn: NoiseConnection,
     id: &str,
     mut shutdown: watch::Receiver<bool>,
+    mut input: Option<mpsc::UnboundedReceiver<Vec<u8>>>,
     mut on_open: impl FnMut() -> anyhow::Result<()> + Send,
     mut on_bytes: F,
 ) -> anyhow::Result<()>
@@ -282,6 +283,21 @@ where
                     break;
                 }
             }
+            maybe_bytes = async {
+                match input.as_mut() {
+                    Some(rx) => rx.recv().await,
+                    None => std::future::pending().await,
+                }
+            } => {
+                let Some(bytes) = maybe_bytes else {
+                    input = None;
+                    continue;
+                };
+                if bytes.is_empty() {
+                    continue;
+                }
+                send_encrypted(&mut conn.transport, &mut conn.sink, &bytes).await?;
+            }
             frame = next_binary(&mut conn.stream) => {
                 let Some(cipher) = frame? else {
                     break;
diff --git a/crates/dd-client-ffi/src/lib.rs b/crates/dd-client-ffi/src/lib.rs
index 4be905d..955a8cc 100644
--- a/crates/dd-client-ffi/src/lib.rs
+++ b/crates/dd-client-ffi/src/lib.rs
@@ -12,7 +12,8 @@ use dd_client_core::{
     QuoteVerification,
 };
 use std::collections::HashMap;
-use tokio::sync::watch;
+use std::slice;
+use tokio::sync::{mpsc, watch};
 
 const DEFAULT_ITA_BASE_URL: &str = "https://api.trustauthority.intel.com";
 const DEFAULT_ITA_JWKS_URL: &str = "https://portal.trustauthority.intel.com/certs";
@@ -24,6 +25,7 @@ type StreamCallback = extern "C" fn(u64, *const c_char, *mut c_void);
 
 struct StreamControl {
     shutdown: watch::Sender<bool>,
+    input: mpsc::UnboundedSender<Vec<u8>>,
 }
 
 static NEXT_STREAM_ID: AtomicU64 = AtomicU64::new(1);
@@ -65,6 +67,29 @@ pub extern "C" fn dd_client_attach_stream_stop(handle: u64) {
     }
 }
 
+#[no_mangle]
+/// # Safety
+///
+/// `bytes` must point to a buffer of at least `len` bytes. Pass a null
+/// pointer with `len == 0` to send an empty payload (no-op).
+pub unsafe extern "C" fn dd_client_attach_stream_send(
+    handle: u64,
+    bytes: *const u8,
+    len: usize,
+) -> bool {
+    if handle == 0 || len == 0 || bytes.is_null() {
+        return false;
+    }
+    let payload = unsafe { slice::from_raw_parts(bytes, len) }.to_vec();
+    let Ok(map) = streams().lock() else {
+        return false;
+    };
+    match map.get(&handle) {
+        Some(control) => control.input.send(payload).is_ok(),
+        None => false,
+    }
+}
+
 #[no_mangle]
 /// # Safety
 ///
@@ -89,12 +114,19 @@ fn attach_stream_start(
     let opts = connection_options_from_request(&request)?;
     let id = required_json_string(&request, "id")?;
     let (shutdown, shutdown_rx) = watch::channel(false);
+    let (input_tx, input_rx) = mpsc::unbounded_channel::<Vec<u8>>();
     let handle = NEXT_STREAM_ID.fetch_add(1, Ordering::Relaxed);
 
     streams()
         .lock()
         .map_err(|_| "stream registry lock poisoned".to_string())?
-        .insert(handle, StreamControl { shutdown });
+        .insert(
+            handle,
+            StreamControl {
+                shutdown,
+                input: input_tx,
+            },
+        );
 
     let context_addr = context as usize;
     let worker = thread::Builder::new()
@@ -109,6 +141,7 @@ fn attach_stream_start(
                             conn,
                             &id,
                             shutdown_rx,
+                            Some(input_rx),
                             || {
                                 emit_stream_event(
                                     callback,

From 6bf998be064c48f29f4e3d58fb2341b0ae817a51 Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Mon, 11 May 2026 10:22:04 -0400
Subject: [PATCH 16/18] Add GitHub-auth fleet flow alongside mobile-link
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a second way into the iOS app: sign in with GitHub on the device,
browse the control plane's agents, list sessions per agent, attach.
The mobile-link path is preserved — a launch chooser routes between
the two on cold start.

FFI
- dd_client_ensure_key(path): generate the iOS device's persistent
  Noise key on demand, return the pubkey hex. Lets Swift avoid spelling
  X25519 in CryptoKit. Idempotent.
- dd_client_list_sessions(request_json): wraps the existing
  shell.list_sessions Noise RPC behind a one-shot FFI call so the
  SessionListView doesn't reimplement the Noise stack in Swift.
- DDClientFFI.h updated with both signatures.

iOS services
- KeychainStore: bearer token + CP URL override under a single service
  identifier; reset() wipes everything on sign-out.
- AppKeyStore: owns Application Support/devopsdefender/ios.key, separate
  from the mobile-link key (noise.key) so the two flows don't overwrite
  each other.
- OAuthService: ASWebAuthenticationSession wrapper that opens
  {cp}/oauth/ios/start?pubkey=&label= and parses the bearer token from
  the devopsdefender://oauth/callback?token=... redirect. Reuses the
  existing custom URL scheme.
- FleetAPIClient: URLSession client for GET {cp}/api/v1/agents with
  Bearer auth. Stubbed under DEBUG_FAKE_FLEET so the UI is exercisable
  before the CP endpoint exists. Throws typed FleetError; 401 triggers
  signOutOfFleet() in the caller.

iOS models / views
- AgentSummary: decodable matching {id, label, agent_url, last_seen_at}.
- SessionSummary: best-effort parser for the agent's list_sessions
  response (accepts {sessions: [...]} or a bare array, multiple field
  name variants for id/name/recipe/started_at).
- LaunchView: cold-start chooser with "Sign in with GitHub" and a
  description of the mobile-link fallback. Drives the OAuth flow.
- AgentListView: lists agents from FleetAPIClient.agents(). Sign-out
  button in the nav bar. Tap → SessionListView.
- SessionListView: calls dd_client_list_sessions for the picked agent
  off the main actor; tap → viewModel.attachToFleetSession() which
  reuses the iOS device key (not the mobile-link key).

Routing
- ClientViewModel.appMode: .chooser | .fleet | .session. ContentView
  switches on it. openMobileLink advances to .session; enterFleet to
  .fleet; returnToChooser / signOutOfFleet back to .chooser.
- Back-to-chooser chevron on the session status bar.

Plan + CP dependencies
- Plan file: .claude/plans/pure-watching-lamport.md.
- Out of scope for this commit (depends on devopsdefender/dd):
  /oauth/ios/start endpoint (GitHub OAuth start),
  /oauth/ios/callback (302 to devopsdefender://oauth/callback?token=),
  /api/v1/agents (list authorized agents),
  agent-side polling of authorized pubkeys from the CP,
  rebuilding /admin/enroll as the dashboard.
- Until those exist, set DEBUG_FAKE_FLEET to exercise the UI with
  stubbed agents.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 apps/ios/DevOpsDefender/ContentView.swift     |  32 ++++-
 apps/ios/DevOpsDefender/DDClientBridge.swift  | 101 +++++++++++++++
 apps/ios/DevOpsDefender/DDClientFFI.h         |   2 +
 .../DevOpsDefender/Models/AgentSummary.swift  |  63 ++++++++++
 .../DevOpsDefender/Services/AppKeyStore.swift |  57 +++++++++
 .../Services/FleetAPIClient.swift             |  83 +++++++++++++
 .../Services/KeychainStore.swift              |  67 ++++++++++
 .../Services/OAuthService.swift               |  88 +++++++++++++
 .../DevOpsDefender/Views/AgentListView.swift  | 113 +++++++++++++++++
 .../ios/DevOpsDefender/Views/LaunchView.swift | 114 +++++++++++++++++
 .../Views/SessionListView.swift               | 116 ++++++++++++++++++
 crates/dd-client-ffi/src/lib.rs               |  58 ++++++++-
 12 files changed, 888 insertions(+), 6 deletions(-)
 create mode 100644 apps/ios/DevOpsDefender/Models/AgentSummary.swift
 create mode 100644 apps/ios/DevOpsDefender/Services/AppKeyStore.swift
 create mode 100644 apps/ios/DevOpsDefender/Services/FleetAPIClient.swift
 create mode 100644 apps/ios/DevOpsDefender/Services/KeychainStore.swift
 create mode 100644 apps/ios/DevOpsDefender/Services/OAuthService.swift
 create mode 100644 apps/ios/DevOpsDefender/Views/AgentListView.swift
 create mode 100644 apps/ios/DevOpsDefender/Views/LaunchView.swift
 create mode 100644 apps/ios/DevOpsDefender/Views/SessionListView.swift

diff --git a/apps/ios/DevOpsDefender/ContentView.swift b/apps/ios/DevOpsDefender/ContentView.swift
index 5c0e7b5..67acb97 100644
--- a/apps/ios/DevOpsDefender/ContentView.swift
+++ b/apps/ios/DevOpsDefender/ContentView.swift
@@ -26,10 +26,13 @@ struct ContentView: View {
         ZStack(alignment: .top) {
             Palette.background.ignoresSafeArea()
 
-            VStack(spacing: 0) {
-                statusBar
-                transcriptArea
-                KeyboardSurface(viewModel: viewModel, activeSheet: $activeSheet)
+            switch viewModel.appMode {
+            case .chooser:
+                LaunchView(viewModel: viewModel)
+            case .fleet:
+                AgentListView(viewModel: viewModel)
+            case .session:
+                sessionView
             }
         }
         .sheet(item: $activeSheet) { sheet in
@@ -66,11 +69,32 @@ struct ContentView: View {
         }
     }
 
+    /// The existing session UI (status bar + transcript + keyboard).
+    /// Kept as a subview so the top-level `body` can switch between it
+    /// and the fleet/launch screens.
+    private var sessionView: some View {
+        VStack(spacing: 0) {
+            statusBar
+            transcriptArea
+            KeyboardSurface(viewModel: viewModel, activeSheet: $activeSheet)
+        }
+    }
+
     // MARK: - Status bar
 
     private var statusBar: some View {
         VStack(spacing: 4) {
             HStack(spacing: 10) {
+                Button {
+                    viewModel.returnToChooser()
+                } label: {
+                    Image(systemName: "chevron.backward.circle")
+                        .font(.callout)
+                        .foregroundStyle(Palette.muted)
+                }
+                .buttonStyle(.plain)
+                .accessibilityLabel("Back to home")
+
                 Circle()
                     .fill(statusDotColor)
                     .frame(width: 8, height: 8)
diff --git a/apps/ios/DevOpsDefender/DDClientBridge.swift b/apps/ios/DevOpsDefender/DDClientBridge.swift
index 0029980..7eac9db 100644
--- a/apps/ios/DevOpsDefender/DDClientBridge.swift
+++ b/apps/ios/DevOpsDefender/DDClientBridge.swift
@@ -38,6 +38,18 @@ enum DDClientBridge {
         ], using: dd_client_replay_session)
     }
 
+    static func listSessions(settings: AgentSettings) throws -> [String: Any] {
+        try request([
+            "agent_url": settings.agentURL,
+            "key_path": settings.keyPath,
+            "insecure_skip_quote_verify": true,
+            "ita_api_key": "",
+            "ita_base_url": "",
+            "ita_jwks_url": "",
+            "ita_issuer": ""
+        ], using: dd_client_list_sessions)
+    }
+
     static func startAttachStream(
         id: String,
         settings: AgentSettings,
@@ -182,8 +194,15 @@ enum AppDefaults {
     }
 }
 
+enum AppMode: Equatable {
+    case chooser
+    case fleet
+    case session
+}
+
 @MainActor
 final class ClientViewModel: ObservableObject {
+    @Published var appMode: AppMode = .chooser
     @Published var selectedSessionID = ""
     @Published var transcript = ""
     @Published var attributedTranscript = AttributedString("")
@@ -234,6 +253,87 @@ final class ClientViewModel: ObservableObject {
         startAttachStream()
     }
 
+    /// Switch to the fleet flow. Called from the LaunchView's
+    /// "Sign in with GitHub" button.
+    func enterFleet() {
+        appMode = .fleet
+    }
+
+    /// Return to the launch chooser. Called when sign-out happens or
+    /// the user explicitly backs out of a session.
+    func returnToChooser() {
+        attachStream?.stop()
+        attachStream = nil
+        isStreamConnected = false
+        stopIdleTick()
+        cancelScheduledReconnect()
+        reconnectAttempts = 0
+        selectedSessionID = ""
+        agentURL = ""
+        transcript = ""
+        attributedTranscript = AttributedString("")
+        detection = .empty
+        titles = []
+        sentHistory = []
+        inputDraft = ""
+        status = "Open a session link or sign in with GitHub"
+        appMode = .chooser
+    }
+
+    /// Wipe the CP-issued bearer token and return to the chooser.
+    func signOutOfFleet(keychain: KeychainStore = KeychainStore()) {
+        keychain.reset()
+        returnToChooser()
+    }
+
+    /// Begin a session that was picked from the fleet flow. Uses the
+    /// iOS device's own Noise key (`AppKeyStore`), not the mobile-link
+    /// imported key.
+    func attachToFleetSession(agentURL: String, sessionID: String) {
+        let id = sessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        let agent = agentURL.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !id.isEmpty, !agent.isEmpty else {
+            status = "Missing agent or session"
+            return
+        }
+        attachStream?.stop()
+        attachStream = nil
+        isStreamConnected = false
+        stopIdleTick()
+        cancelScheduledReconnect()
+        reconnectAttempts = 0
+
+        self.agentURL = agent
+        self.selectedSessionID = id
+        self.keyPath = AppKeyStore.shared.keyPath
+        self.transcript = ""
+        self.attributedTranscript = AttributedString("")
+        self.detection = .empty
+        self.titles = []
+        self.sentHistory = []
+        self.inputDraft = ""
+        self.lastSendError = nil
+        self.terminalRenderer = TerminalScreenRenderer(width: 96, maxRows: 160)
+        self.oscSniffer.reset()
+        self.oscEvents = []
+        self.titleClassifier.reset()
+        self.keyboardMode = .disconnected
+        self.appMode = .session
+
+        loadFleetTranscript()
+    }
+
+    private func loadFleetTranscript() {
+        let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
+        let settings = AgentSettings(
+            agentURL: agentURL.trimmingCharacters(in: .whitespacesAndNewlines),
+            keyPath: keyPath.expandingTildePath
+        )
+        run("Loading \(id)", startStreamAfterInitialLoad: true) {
+            initialTranscriptUpdate(id: id, settings: settings)
+        }
+    }
+
     var linkedSessionTitle: String {
         let id = selectedSessionID.trimmingCharacters(in: .whitespacesAndNewlines)
         if id.isEmpty {
@@ -284,6 +384,7 @@ final class ClientViewModel: ObservableObject {
         titles = []
         keyboardMode = .disconnected
         sentHistory = []
+        appMode = .session
 
         guard let key = query["key"], !key.isEmpty else {
             status = "Mobile link missing key"
diff --git a/apps/ios/DevOpsDefender/DDClientFFI.h b/apps/ios/DevOpsDefender/DDClientFFI.h
index 587bfb5..a6f1997 100644
--- a/apps/ios/DevOpsDefender/DDClientFFI.h
+++ b/apps/ios/DevOpsDefender/DDClientFFI.h
@@ -12,7 +12,9 @@ extern "C" {
 typedef void (*dd_client_stream_callback)(uint64_t handle, const char *event_json, void *context);
 
 char *dd_client_import_key(const char *key_path, const char *key_content);
+char *dd_client_ensure_key(const char *key_path);
 char *dd_client_replay_session(const char *request_json);
+char *dd_client_list_sessions(const char *request_json);
 uint64_t dd_client_attach_stream_start(const char *request_json, dd_client_stream_callback callback, void *context);
 void dd_client_attach_stream_stop(uint64_t handle);
 bool dd_client_attach_stream_send(uint64_t handle, const uint8_t *bytes, size_t len);
diff --git a/apps/ios/DevOpsDefender/Models/AgentSummary.swift b/apps/ios/DevOpsDefender/Models/AgentSummary.swift
new file mode 100644
index 0000000..6f79b45
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Models/AgentSummary.swift
@@ -0,0 +1,63 @@
+import Foundation
+
+/// One agent the CP says this user has access to. Returned by
+/// `GET /api/v1/agents`.
+struct AgentSummary: Identifiable, Decodable, Equatable, Hashable {
+    let id: String
+    let label: String
+    let agentURL: String
+    let lastSeenAt: Date?
+
+    enum CodingKeys: String, CodingKey {
+        case id
+        case label
+        case agentURL = "agent_url"
+        case lastSeenAt = "last_seen_at"
+    }
+}
+
+/// One shell session on an agent. Returned by `shell.list_sessions`
+/// over Noise — we don't strictly know the agent's response schema,
+/// so this is best-effort decoding from a flexible JSON shape.
+struct SessionSummary: Identifiable, Equatable {
+    let id: String
+    let name: String?
+    let recipe: String?
+    let startedAt: Date?
+
+    /// Parse the agent's `list_sessions` response into a typed list.
+    /// We accept either `{ sessions: [...] }` or a top-level array, and
+    /// individual entries with any of: `id`, `session_id`, `uuid` for the
+    /// id field; `name` / `label` for the label; `recipe` / `recipe_id`
+    /// for the recipe; `started_at` / `created_at` for the timestamp.
+    static func parse(value: Any?) -> [SessionSummary] {
+        let array: [[String: Any]] = {
+            if let dict = value as? [String: Any], let nested = dict["sessions"] as? [[String: Any]] {
+                return nested
+            }
+            if let array = value as? [[String: Any]] {
+                return array
+            }
+            return []
+        }()
+        return array.compactMap(parseEntry)
+    }
+
+    private static func parseEntry(_ dict: [String: Any]) -> SessionSummary? {
+        let id = (dict["id"] as? String)
+            ?? (dict["session_id"] as? String)
+            ?? (dict["uuid"] as? String)
+        guard let id, !id.isEmpty else { return nil }
+        let name = (dict["name"] as? String) ?? (dict["label"] as? String)
+        let recipe = (dict["recipe"] as? String) ?? (dict["recipe_id"] as? String)
+        let timestamp = (dict["started_at"] as? String) ?? (dict["created_at"] as? String)
+        let date = timestamp.flatMap(SessionSummary.iso8601.date(from:))
+        return SessionSummary(id: id, name: name, recipe: recipe, startedAt: date)
+    }
+
+    private static let iso8601: ISO8601DateFormatter = {
+        let f = ISO8601DateFormatter()
+        f.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        return f
+    }()
+}
diff --git a/apps/ios/DevOpsDefender/Services/AppKeyStore.swift b/apps/ios/DevOpsDefender/Services/AppKeyStore.swift
new file mode 100644
index 0000000..4b8c9cd
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Services/AppKeyStore.swift
@@ -0,0 +1,57 @@
+import Foundation
+
+/// Owns the iOS device's persistent Noise key — distinct from the
+/// mobile-link key (`noise.key`) so the desktop-handoff flow and the
+/// fleet flow never overwrite each other's material.
+///
+/// On first use, calls `dd_client_ensure_key` (FFI) which generates a
+/// fresh X25519 keypair if the file is missing. Subsequent calls just
+/// re-derive the public key from the existing private key, so it's
+/// idempotent.
+struct AppKeyStore {
+    static let shared = AppKeyStore()
+
+    /// File path the iOS device's own Noise private key lives at.
+    var keyPath: String {
+        let base = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask)
+            .first ?? URL(fileURLWithPath: NSHomeDirectory())
+        return base
+            .appendingPathComponent("devopsdefender", isDirectory: true)
+            .appendingPathComponent("ios.key")
+            .path
+    }
+
+    /// Ensure the iOS device key exists and return its hex-encoded public key.
+    @discardableResult
+    func ensurePubkeyHex() throws -> String {
+        let path = keyPath
+        let response = keyPath.withCString { _ in
+            dd_client_ensure_key(path)
+        }
+        guard let response else {
+            throw AppKeyStoreError.message("ensure_key returned null")
+        }
+        defer { dd_client_string_free(response) }
+        let json = String(cString: response)
+        guard let data = json.data(using: .utf8),
+              let object = try JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+            throw AppKeyStoreError.message("failed to decode ensure_key response: \(json)")
+        }
+        if let ok = object["ok"] as? Bool, ok,
+           let pubkey = object["pubkey_hex"] as? String, !pubkey.isEmpty {
+            return pubkey
+        }
+        let detail = object["error"] as? String ?? json
+        throw AppKeyStoreError.message(detail)
+    }
+}
+
+enum AppKeyStoreError: LocalizedError {
+    case message(String)
+
+    var errorDescription: String? {
+        switch self {
+        case .message(let text): return text
+        }
+    }
+}
diff --git a/apps/ios/DevOpsDefender/Services/FleetAPIClient.swift b/apps/ios/DevOpsDefender/Services/FleetAPIClient.swift
new file mode 100644
index 0000000..760e9e0
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Services/FleetAPIClient.swift
@@ -0,0 +1,83 @@
+import Foundation
+
+enum FleetError: LocalizedError {
+    case missingToken
+    case unauthorized
+    case transport(String)
+    case decode(String)
+    case http(Int, String)
+
+    var errorDescription: String? {
+        switch self {
+        case .missingToken: return "Not signed in"
+        case .unauthorized: return "Sign-in expired"
+        case .transport(let m): return "Network error: \(m)"
+        case .decode(let m): return "Bad response: \(m)"
+        case .http(let code, let body): return "HTTP \(code): \(body.prefix(120))"
+        }
+    }
+}
+
+/// Talks to the control plane on behalf of the signed-in iOS user.
+/// Today: list the agents this user is authorized for. Per-agent
+/// session listing happens via the agent's Noise RPC, not via the CP.
+struct FleetAPIClient {
+    /// Default CP base URL. The README points at this host.
+    static let defaultCPBaseURL = URL(string: "https://app.devopsdefender.com")!
+
+    var baseURL: URL
+    var keychain: KeychainStore
+    var session: URLSession
+
+    init(
+        baseURL: URL = FleetAPIClient.defaultCPBaseURL,
+        keychain: KeychainStore = KeychainStore(),
+        session: URLSession = .shared
+    ) {
+        self.baseURL = baseURL
+        self.keychain = keychain
+        self.session = session
+    }
+
+    func agents() async throws -> [AgentSummary] {
+        #if DEBUG_FAKE_FLEET
+        return [
+            AgentSummary(id: "fake-a", label: "Laptop · macbook-pro", agentURL: "https://agent-a.example.com", lastSeenAt: Date()),
+            AgentSummary(id: "fake-b", label: "Workstation · linux-dev", agentURL: "https://agent-b.example.com", lastSeenAt: Date(timeIntervalSinceNow: -3600))
+        ]
+        #else
+        guard let token = keychain.string(for: .bearerToken), !token.isEmpty else {
+            throw FleetError.missingToken
+        }
+        let url = baseURL.appendingPathComponent("/api/v1/agents")
+        var request = URLRequest(url: url)
+        request.setValue("Bearer \(token)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let (data, response): (Data, URLResponse)
+        do {
+            (data, response) = try await session.data(for: request)
+        } catch {
+            throw FleetError.transport(error.localizedDescription)
+        }
+        guard let http = response as? HTTPURLResponse else {
+            throw FleetError.decode("non-HTTP response")
+        }
+        switch http.statusCode {
+        case 200:
+            do {
+                let decoder = JSONDecoder()
+                decoder.dateDecodingStrategy = .iso8601
+                return try decoder.decode([AgentSummary].self, from: data)
+            } catch {
+                throw FleetError.decode(error.localizedDescription)
+            }
+        case 401, 403:
+            throw FleetError.unauthorized
+        default:
+            let body = String(data: data, encoding: .utf8) ?? ""
+            throw FleetError.http(http.statusCode, body)
+        }
+        #endif
+    }
+}
diff --git a/apps/ios/DevOpsDefender/Services/KeychainStore.swift b/apps/ios/DevOpsDefender/Services/KeychainStore.swift
new file mode 100644
index 0000000..3fe814d
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Services/KeychainStore.swift
@@ -0,0 +1,67 @@
+import Foundation
+import Security
+
+/// Thin wrapper over the iOS Keychain for the small handful of secrets
+/// the fleet flow needs: the CP-issued bearer token and the (optional)
+/// CP URL override the user has configured. All entries live under one
+/// service identifier so they wipe together on sign-out.
+struct KeychainStore {
+    private let service = "com.devopsdefender.client.fleet"
+
+    enum Key: String {
+        case bearerToken = "fleet.bearer_token"
+        case cpURL = "fleet.cp_url"
+    }
+
+    func setString(_ value: String, for key: Key) {
+        let data = Data(value.utf8)
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: service,
+            kSecAttrAccount as String: key.rawValue
+        ]
+        let attributes: [String: Any] = [
+            kSecValueData as String: data,
+            kSecAttrAccessible as String: kSecAttrAccessibleAfterFirstUnlock
+        ]
+
+        let status = SecItemUpdate(query as CFDictionary, attributes as CFDictionary)
+        if status == errSecItemNotFound {
+            var insert = query
+            insert.merge(attributes) { _, new in new }
+            SecItemAdd(insert as CFDictionary, nil)
+        }
+    }
+
+    func string(for key: Key) -> String? {
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: service,
+            kSecAttrAccount as String: key.rawValue,
+            kSecReturnData as String: true,
+            kSecMatchLimit as String: kSecMatchLimitOne
+        ]
+        var item: CFTypeRef?
+        let status = SecItemCopyMatching(query as CFDictionary, &item)
+        guard status == errSecSuccess, let data = item as? Data else { return nil }
+        return String(data: data, encoding: .utf8)
+    }
+
+    func remove(_ key: Key) {
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: service,
+            kSecAttrAccount as String: key.rawValue
+        ]
+        SecItemDelete(query as CFDictionary)
+    }
+
+    /// Wipe every entry in this service. Called on sign-out.
+    func reset() {
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: service
+        ]
+        SecItemDelete(query as CFDictionary)
+    }
+}
diff --git a/apps/ios/DevOpsDefender/Services/OAuthService.swift b/apps/ios/DevOpsDefender/Services/OAuthService.swift
new file mode 100644
index 0000000..cafd510
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Services/OAuthService.swift
@@ -0,0 +1,88 @@
+import AuthenticationServices
+import Foundation
+import UIKit
+
+enum OAuthError: LocalizedError {
+    case cancelled
+    case missingToken
+    case underlying(String)
+
+    var errorDescription: String? {
+        switch self {
+        case .cancelled: return "Sign in cancelled"
+        case .missingToken: return "Sign-in did not return a token"
+        case .underlying(let m): return m
+        }
+    }
+}
+
+/// Wraps `ASWebAuthenticationSession` for the iOS-side GitHub OAuth
+/// dance. The CP at `<baseURL>/oauth/ios/start?pubkey=&label=` runs the
+/// usual GitHub flow then 302s back to `devopsdefender://oauth/callback?token=<jwt>`
+/// — we parse the token from the callback URL and hand it back.
+@MainActor
+final class OAuthService: NSObject {
+    static let callbackScheme = "devopsdefender"
+    static let callbackHost = "oauth"
+    static let callbackPath = "/callback"
+
+    private var session: ASWebAuthenticationSession?
+
+    /// Open the OAuth flow. Returns the bearer token from the callback.
+    func signIn(baseURL: URL, pubkey: String, label: String) async throws -> String {
+        let start = baseURL
+            .appendingPathComponent("/oauth/ios/start")
+        var components = URLComponents(url: start, resolvingAgainstBaseURL: false)
+        components?.queryItems = [
+            URLQueryItem(name: "pubkey", value: pubkey),
+            URLQueryItem(name: "label", value: label)
+        ]
+        guard let url = components?.url else {
+            throw OAuthError.underlying("Could not build OAuth start URL")
+        }
+
+        return try await withCheckedThrowingContinuation { (continuation: CheckedContinuation<String, Error>) in
+            let session = ASWebAuthenticationSession(
+                url: url,
+                callbackURLScheme: OAuthService.callbackScheme
+            ) { callbackURL, error in
+                if let error {
+                    if let auth = error as? ASWebAuthenticationSessionError,
+                       auth.code == .canceledLogin {
+                        continuation.resume(throwing: OAuthError.cancelled)
+                    } else {
+                        continuation.resume(throwing: OAuthError.underlying(error.localizedDescription))
+                    }
+                    return
+                }
+                guard let callbackURL,
+                      let components = URLComponents(url: callbackURL, resolvingAgainstBaseURL: false),
+                      let token = components.queryItems?.first(where: { $0.name == "token" })?.value,
+                      !token.isEmpty else {
+                    continuation.resume(throwing: OAuthError.missingToken)
+                    return
+                }
+                continuation.resume(returning: token)
+            }
+            session.presentationContextProvider = self
+            session.prefersEphemeralWebBrowserSession = false
+            self.session = session
+            if !session.start() {
+                continuation.resume(throwing: OAuthError.underlying("ASWebAuthenticationSession refused to start"))
+            }
+        }
+    }
+}
+
+extension OAuthService: ASWebAuthenticationPresentationContextProviding {
+    nonisolated func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {
+        // The session presentation needs a UIWindow on iOS.
+        DispatchQueue.main.sync {
+            UIApplication.shared.connectedScenes
+                .compactMap { $0 as? UIWindowScene }
+                .flatMap { $0.windows }
+                .first { $0.isKeyWindow }
+                ?? UIWindow()
+        }
+    }
+}
diff --git a/apps/ios/DevOpsDefender/Views/AgentListView.swift b/apps/ios/DevOpsDefender/Views/AgentListView.swift
new file mode 100644
index 0000000..840a8fe
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Views/AgentListView.swift
@@ -0,0 +1,113 @@
+import SwiftUI
+
+/// First screen after fleet sign-in. Lists the agents the CP says
+/// this user has access to. Tap → navigate to SessionListView for
+/// that agent.
+struct AgentListView: View {
+    @ObservedObject var viewModel: ClientViewModel
+    @State private var agents: [AgentSummary] = []
+    @State private var loadError: String?
+    @State private var isLoading = false
+    @State private var selectedAgent: AgentSummary?
+
+    private let api: FleetAPIClient
+
+    init(viewModel: ClientViewModel, api: FleetAPIClient = FleetAPIClient()) {
+        self.viewModel = viewModel
+        self.api = api
+    }
+
+    var body: some View {
+        NavigationStack {
+            Group {
+                if isLoading && agents.isEmpty {
+                    ProgressView("Loading agents…")
+                        .progressViewStyle(.circular)
+                } else if agents.isEmpty {
+                    ContentUnavailableView(
+                        "No agents",
+                        systemImage: "server.rack",
+                        description: Text(loadError ?? "Your account has no enrolled agents yet.")
+                    )
+                } else {
+                    List {
+                        ForEach(agents) { agent in
+                            Button {
+                                selectedAgent = agent
+                            } label: {
+                                AgentRow(agent: agent)
+                            }
+                            .buttonStyle(.plain)
+                        }
+                    }
+                    .listStyle(.insetGrouped)
+                }
+            }
+            .navigationTitle("Agents")
+            .navigationBarTitleDisplayMode(.inline)
+            .toolbar {
+                ToolbarItem(placement: .navigationBarLeading) {
+                    Button("Sign out") {
+                        viewModel.signOutOfFleet()
+                    }
+                }
+                ToolbarItem(placement: .navigationBarTrailing) {
+                    Button {
+                        Task { await load() }
+                    } label: {
+                        Image(systemName: "arrow.clockwise")
+                    }
+                    .disabled(isLoading)
+                }
+            }
+            .navigationDestination(item: $selectedAgent) { agent in
+                SessionListView(viewModel: viewModel, agent: agent)
+            }
+        }
+        .task {
+            await load()
+        }
+    }
+
+    private func load() async {
+        isLoading = true
+        loadError = nil
+        defer { isLoading = false }
+        do {
+            agents = try await api.agents()
+        } catch FleetError.unauthorized {
+            viewModel.signOutOfFleet()
+        } catch {
+            loadError = error.localizedDescription
+        }
+    }
+}
+
+private struct AgentRow: View {
+    let agent: AgentSummary
+
+    var body: some View {
+        HStack(spacing: 12) {
+            Image(systemName: "server.rack")
+                .foregroundStyle(.secondary)
+            VStack(alignment: .leading, spacing: 2) {
+                Text(agent.label)
+                    .font(.body.weight(.semibold))
+                Text(agent.agentURL)
+                    .font(.caption.monospaced())
+                    .foregroundStyle(.secondary)
+                    .lineLimit(1)
+                    .truncationMode(.middle)
+                if let last = agent.lastSeenAt {
+                    Text("Last seen \(last.formatted(.relative(presentation: .named)))")
+                        .font(.caption2)
+                        .foregroundStyle(.tertiary)
+                }
+            }
+            Spacer()
+            Image(systemName: "chevron.right")
+                .foregroundStyle(.tertiary)
+        }
+        .contentShape(Rectangle())
+    }
+}
diff --git a/apps/ios/DevOpsDefender/Views/LaunchView.swift b/apps/ios/DevOpsDefender/Views/LaunchView.swift
new file mode 100644
index 0000000..685de54
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Views/LaunchView.swift
@@ -0,0 +1,114 @@
+import SwiftUI
+import UIKit
+
+/// Initial screen when no session is linked. Two clear paths:
+/// (1) sign in with GitHub and pick from the fleet, or (2) wait for a
+/// desktop-generated `devopsdefender://session?...` deep link.
+struct LaunchView: View {
+    @ObservedObject var viewModel: ClientViewModel
+    @State private var isAuthenticating = false
+    @State private var authError: String?
+
+    var body: some View {
+        VStack(spacing: 24) {
+            Spacer()
+
+            VStack(spacing: 8) {
+                Image(systemName: "shield.lefthalf.filled")
+                    .font(.system(size: 56, weight: .semibold))
+                    .foregroundStyle(LaunchPalette.accent)
+                Text("DevOps Defender")
+                    .font(.title.weight(.semibold))
+                    .foregroundStyle(LaunchPalette.text)
+                Text("Mobile client for live Claude Code sessions")
+                    .font(.subheadline)
+                    .foregroundStyle(LaunchPalette.muted)
+            }
+
+            Spacer()
+
+            VStack(spacing: 14) {
+                Button {
+                    Task { await signIn() }
+                } label: {
+                    HStack(spacing: 10) {
+                        if isAuthenticating {
+                            ProgressView()
+                                .progressViewStyle(.circular)
+                                .tint(.white)
+                        } else {
+                            Image(systemName: "logo.github")
+                                .renderingMode(.template)
+                        }
+                        Text(isAuthenticating ? "Signing in…" : "Sign in with GitHub")
+                            .font(.body.weight(.semibold))
+                    }
+                    .frame(maxWidth: .infinity)
+                    .padding(.vertical, 14)
+                }
+                .buttonStyle(.borderedProminent)
+                .tint(LaunchPalette.accent)
+                .disabled(isAuthenticating)
+
+                Text("or")
+                    .font(.caption)
+                    .foregroundStyle(LaunchPalette.muted)
+
+                VStack(spacing: 6) {
+                    Image(systemName: "link")
+                        .font(.callout)
+                        .foregroundStyle(LaunchPalette.muted)
+                    Text("Open a devopsdefender:// link from your desktop CLI to attach to a specific session.")
+                        .font(.footnote)
+                        .multilineTextAlignment(.center)
+                        .foregroundStyle(LaunchPalette.muted)
+                }
+                .padding(.horizontal, 16)
+            }
+            .padding(.horizontal, 24)
+
+            if let authError {
+                Text(authError)
+                    .font(.footnote)
+                    .foregroundStyle(.red)
+                    .multilineTextAlignment(.center)
+                    .padding(.horizontal, 24)
+            }
+
+            Spacer()
+        }
+        .frame(maxWidth: .infinity, maxHeight: .infinity)
+        .background(LaunchPalette.background)
+    }
+
+    private func signIn() async {
+        guard !isAuthenticating else { return }
+        isAuthenticating = true
+        authError = nil
+        defer { isAuthenticating = false }
+        do {
+            let pubkey = try AppKeyStore.shared.ensurePubkeyHex()
+            let label = await MainActor.run { UIDevice.current.name }
+            let service = await MainActor.run { OAuthService() }
+            let token = try await service.signIn(
+                baseURL: FleetAPIClient.defaultCPBaseURL,
+                pubkey: pubkey,
+                label: label
+            )
+            KeychainStore().setString(token, for: .bearerToken)
+            viewModel.enterFleet()
+        } catch let error as OAuthError {
+            if case .cancelled = error { return }
+            authError = error.localizedDescription
+        } catch {
+            authError = error.localizedDescription
+        }
+    }
+}
+
+private enum LaunchPalette {
+    static let background = Color(red: 0.96, green: 0.94, blue: 0.90)
+    static let text = Color(red: 0.16, green: 0.14, blue: 0.11)
+    static let muted = Color(red: 0.42, green: 0.37, blue: 0.30)
+    static let accent = Color(red: 0.32, green: 0.30, blue: 0.62)
+}
diff --git a/apps/ios/DevOpsDefender/Views/SessionListView.swift b/apps/ios/DevOpsDefender/Views/SessionListView.swift
new file mode 100644
index 0000000..89a7f97
--- /dev/null
+++ b/apps/ios/DevOpsDefender/Views/SessionListView.swift
@@ -0,0 +1,116 @@
+import SwiftUI
+
+/// Second fleet screen: sessions on the picked agent. Calls
+/// `shell.list_sessions` over Noise via the new FFI helper. Tap → route
+/// into the existing keyboard/transcript surface.
+struct SessionListView: View {
+    @ObservedObject var viewModel: ClientViewModel
+    let agent: AgentSummary
+
+    @State private var sessions: [SessionSummary] = []
+    @State private var loadError: String?
+    @State private var isLoading = false
+
+    var body: some View {
+        Group {
+            if isLoading && sessions.isEmpty {
+                ProgressView("Loading sessions…")
+            } else if sessions.isEmpty {
+                ContentUnavailableView(
+                    "No sessions",
+                    systemImage: "terminal",
+                    description: Text(loadError ?? "This agent has no live sessions. Start one from your laptop with `dd-client shell …`.")
+                )
+            } else {
+                List {
+                    ForEach(sessions) { session in
+                        Button {
+                            viewModel.attachToFleetSession(
+                                agentURL: agent.agentURL,
+                                sessionID: session.id
+                            )
+                        } label: {
+                            SessionRow(session: session)
+                        }
+                        .buttonStyle(.plain)
+                    }
+                }
+                .listStyle(.insetGrouped)
+            }
+        }
+        .navigationTitle(agent.label)
+        .navigationBarTitleDisplayMode(.inline)
+        .toolbar {
+            ToolbarItem(placement: .navigationBarTrailing) {
+                Button {
+                    Task { await load() }
+                } label: {
+                    Image(systemName: "arrow.clockwise")
+                }
+                .disabled(isLoading)
+            }
+        }
+        .task {
+            await load()
+        }
+    }
+
+    /// Calls `shell.list_sessions` via the FFI helper. Runs off the
+    /// main actor so the synchronous Noise round-trip doesn't block
+    /// the UI.
+    private func load() async {
+        isLoading = true
+        loadError = nil
+        defer { isLoading = false }
+        do {
+            let agentURL = agent.agentURL
+            let result = try await Task.detached(priority: .userInitiated) { () throws -> [SessionSummary] in
+                let settings = AgentSettings(
+                    agentURL: agentURL,
+                    keyPath: AppKeyStore.shared.keyPath
+                )
+                let response = try DDClientBridge.listSessions(settings: settings)
+                return SessionSummary.parse(value: response["value"] ?? response)
+            }.value
+            sessions = result
+        } catch {
+            loadError = error.localizedDescription
+            sessions = []
+        }
+    }
+}
+
+private struct SessionRow: View {
+    let session: SessionSummary
+
+    var body: some View {
+        HStack(spacing: 12) {
+            Image(systemName: "terminal")
+                .foregroundStyle(.secondary)
+            VStack(alignment: .leading, spacing: 2) {
+                Text(session.name ?? session.id)
+                    .font(.body.weight(.semibold))
+                    .lineLimit(1)
+                Text(session.id)
+                    .font(.caption.monospaced())
+                    .foregroundStyle(.secondary)
+                    .lineLimit(1)
+                    .truncationMode(.middle)
+                if let recipe = session.recipe {
+                    Text("recipe · \(recipe)")
+                        .font(.caption2)
+                        .foregroundStyle(.tertiary)
+                }
+                if let started = session.startedAt {
+                    Text("started \(started.formatted(.relative(presentation: .named)))")
+                        .font(.caption2)
+                        .foregroundStyle(.tertiary)
+                }
+            }
+            Spacer()
+            Image(systemName: "chevron.right")
+                .foregroundStyle(.tertiary)
+        }
+        .contentShape(Rectangle())
+    }
+}
diff --git a/crates/dd-client-ffi/src/lib.rs b/crates/dd-client-ffi/src/lib.rs
index 955a8cc..b34b546 100644
--- a/crates/dd-client-ffi/src/lib.rs
+++ b/crates/dd-client-ffi/src/lib.rs
@@ -8,8 +8,8 @@ use std::thread;
 
 use base64::Engine as _;
 use dd_client_core::{
-    attach_session_stream, connect, replay_session, ConnectionOptions, IntelTrustAuthority,
-    QuoteVerification,
+    attach_session_stream, connect, list_sessions, public_key_hex, replay_session,
+    ConnectionOptions, IntelTrustAuthority, QuoteVerification,
 };
 use std::collections::HashMap;
 use std::slice;
@@ -44,6 +44,16 @@ pub extern "C" fn dd_client_replay_session(request_json: *const c_char) -> *mut
     into_c_string(replay_session_response(request_json))
 }
 
+#[no_mangle]
+pub extern "C" fn dd_client_ensure_key(key_path: *const c_char) -> *mut c_char {
+    into_c_string(ensure_key_response(key_path))
+}
+
+#[no_mangle]
+pub extern "C" fn dd_client_list_sessions(request_json: *const c_char) -> *mut c_char {
+    into_c_string(list_sessions_response(request_json))
+}
+
 #[no_mangle]
 pub extern "C" fn dd_client_attach_stream_start(
     request_json: *const c_char,
@@ -249,6 +259,50 @@ fn replay_session_response(request_json: *const c_char) -> serde_json::Value {
     }
 }
 
+fn ensure_key_response(key_path: *const c_char) -> serde_json::Value {
+    match ensure_key_request(key_path) {
+        Ok(value) => value,
+        Err(error) => serde_json::json!({
+            "ok": false,
+            "error": error,
+        }),
+    }
+}
+
+fn ensure_key_request(key_path: *const c_char) -> Result<serde_json::Value, String> {
+    let key_path = required_c_string(key_path, "key_path")?;
+    let path = PathBuf::from(&key_path);
+    let pubkey = block_on_ffi_result(move || async move { public_key_hex(&path).await })?;
+    Ok(serde_json::json!({
+        "ok": true,
+        "operation": "ensure_key",
+        "key_path": key_path,
+        "pubkey_hex": pubkey,
+    }))
+}
+
+fn list_sessions_response(request_json: *const c_char) -> serde_json::Value {
+    match list_sessions_request(request_json) {
+        Ok(value) => value,
+        Err(error) => serde_json::json!({
+            "ok": false,
+            "error": error,
+        }),
+    }
+}
+
+fn list_sessions_request(request_json: *const c_char) -> Result<serde_json::Value, String> {
+    let request_json = required_c_string(request_json, "request_json")?;
+    let request: serde_json::Value =
+        serde_json::from_str(&request_json).map_err(|e| format!("parse request_json: {e}"))?;
+    let opts = connection_options_from_request(&request)?;
+    let value = block_on_ffi_result(move || async move {
+        let mut conn = connect(&opts).await?;
+        list_sessions(&mut conn).await
+    })?;
+    Ok(ok_value("list_sessions", value))
+}
+
 fn replay_session_request(request_json: *const c_char) -> Result<serde_json::Value, String> {
     let request_json = required_c_string(request_json, "request_json")?;
     let request: serde_json::Value =

From f4f6dabba8f551273c49c40b4991cf1a17b661e6 Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Mon, 11 May 2026 10:26:29 -0400
Subject: [PATCH 17/18] Fix OAuth crash: replace DispatchQueue.main.sync with
 MainActor.assumeIsolated
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The presentationAnchor delegate from ASWebAuthenticationSession is invoked
on the main thread. The previous implementation called DispatchQueue.main.sync
inside it, which is a re-entrant wait on the same queue and traps with
EXC_BREAKPOINT (__DISPATCH_WAIT_FOR_QUEUE__) the moment the user taps
"Sign in with GitHub".

Use MainActor.assumeIsolated instead — it asserts we're on the main
actor and provides synchronous access to main-actor-isolated UIKit state
without dispatching. Same effect as accessing UIApplication.shared
directly, without the compile error from a nonisolated context.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 apps/ios/DevOpsDefender/Services/OAuthService.swift | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/apps/ios/DevOpsDefender/Services/OAuthService.swift b/apps/ios/DevOpsDefender/Services/OAuthService.swift
index cafd510..cfc9bf8 100644
--- a/apps/ios/DevOpsDefender/Services/OAuthService.swift
+++ b/apps/ios/DevOpsDefender/Services/OAuthService.swift
@@ -75,14 +75,18 @@ final class OAuthService: NSObject {
 }
 
 extension OAuthService: ASWebAuthenticationPresentationContextProviding {
+    /// ASWebAuthenticationSession calls this delegate on the main thread.
+    /// Using `DispatchQueue.main.sync` here deadlocks (re-entrant wait on
+    /// the same queue) — that's the EXC_BREAKPOINT we hit. Use
+    /// `MainActor.assumeIsolated` to access main-actor-isolated UIKit
+    /// state without an async hop.
     nonisolated func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {
-        // The session presentation needs a UIWindow on iOS.
-        DispatchQueue.main.sync {
-            UIApplication.shared.connectedScenes
+        MainActor.assumeIsolated {
+            let keyWindow = UIApplication.shared.connectedScenes
                 .compactMap { $0 as? UIWindowScene }
                 .flatMap { $0.windows }
                 .first { $0.isKeyWindow }
-                ?? UIWindow()
+            return keyWindow ?? ASPresentationAnchor()
         }
     }
 }

From eb3f825f0c4745d80f65f1de075dbdac1cd7f34d Mon Sep 17 00:00:00 2001
From: alex newman <posix4e@gmail.com>
Date: Mon, 11 May 2026 10:55:00 -0400
Subject: [PATCH 18/18] Drop fleet stub, refresh iOS README, gitignore .claude/
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- FleetAPIClient: remove the DEBUG_FAKE_FLEET compile-flagged fake-agents
  branch. Real CP only; when the endpoint isn't there (currently the case),
  iOS surfaces the actual error from the API call.
- apps/ios/README.md: replace the stale "intentionally does not create
  sessions, list recipes, browse agents, send input" paragraph (which
  described the pre-PR-#1 surface) with the current state — two paths
  (mobile-link and fleet sign-in), interactive client with keystroke
  forwarding, mode-driven keyboard. Document the planned Xcode Cloud
  migration path so the GH Actions ios.yml + testflight.yml workflows
  can be retired once the Xcode Cloud workflows are up.
- .gitignore: ignore the .claude/ runtime scratch directory.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .gitignore                                    |  1 +
 .../Services/FleetAPIClient.swift             |  7 --
 apps/ios/README.md                            | 98 ++++++++++++++-----
 3 files changed, 75 insertions(+), 31 deletions(-)

diff --git a/.gitignore b/.gitignore
index 622d2bf..a2055a1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ apps/ios/DevOpsDefender.xcodeproj/
 apps/ios/Config/Signing.local.xcconfig
 apps/ios/com.apple.DeveloperTools/
 apps/ios/err
+.claude/
diff --git a/apps/ios/DevOpsDefender/Services/FleetAPIClient.swift b/apps/ios/DevOpsDefender/Services/FleetAPIClient.swift
index 760e9e0..0f703ba 100644
--- a/apps/ios/DevOpsDefender/Services/FleetAPIClient.swift
+++ b/apps/ios/DevOpsDefender/Services/FleetAPIClient.swift
@@ -40,12 +40,6 @@ struct FleetAPIClient {
     }
 
     func agents() async throws -> [AgentSummary] {
-        #if DEBUG_FAKE_FLEET
-        return [
-            AgentSummary(id: "fake-a", label: "Laptop · macbook-pro", agentURL: "https://agent-a.example.com", lastSeenAt: Date()),
-            AgentSummary(id: "fake-b", label: "Workstation · linux-dev", agentURL: "https://agent-b.example.com", lastSeenAt: Date(timeIntervalSinceNow: -3600))
-        ]
-        #else
         guard let token = keychain.string(for: .bearerToken), !token.isEmpty else {
             throw FleetError.missingToken
         }
@@ -78,6 +72,5 @@ struct FleetAPIClient {
             let body = String(data: data, encoding: .utf8) ?? ""
             throw FleetError.http(http.statusCode, body)
         }
-        #endif
     }
 }
diff --git a/apps/ios/README.md b/apps/ios/README.md
index 4cac50d..ebced8f 100644
--- a/apps/ios/README.md
+++ b/apps/ios/README.md
@@ -1,12 +1,21 @@
 # iOS Client
 
-Native SwiftUI companion for `dd-client` CLI sessions.
+Native SwiftUI companion for `dd-client` CLI sessions. Two entry paths:
 
-The desktop CLI owns agent selection, session creation, enrollment, and full
-terminal attach. The iOS app only opens a desktop-generated session link, loads
-bounded transcript history, and follows the live transcript.
+1. **Mobile link from desktop CLI** — desktop generates a one-shot
+   `devopsdefender://session?...` link with an embedded Noise key.
+2. **Fleet discovery on device** — sign in with GitHub against the control
+   plane at `app.devopsdefender.com`, browse the agents and sessions the
+   authenticated user has access to. The iOS device holds its own Noise key
+   distinct from the mobile-link key.
 
-## Desktop Flow
+The app is an interactive client, not a passive viewer: keystrokes flow back
+through the existing Noise channel, the keyboard surface adapts to the running
+agent (Claude Code option menus, yes/no confirmations, raw shell), and ANSI
+colors render with a proper SGR parser. The mobile-link and fleet paths
+coexist; the launch screen routes between them.
+
+## Desktop Flow (mobile-link path)
 
 Start or reattach a CLI session first:
 
@@ -40,18 +49,30 @@ cargo run -p dd-client -- mobile-link \
 ```
 
 Open the printed `devopsdefender://session?...` link on iOS, or render the QR
-with the printed `qrencode` command. The link contains the Noise private key and
-the app imports it before loading history and following the transcript; treat
-the link or QR as secret.
-
-## App Workflow
-
-- Open a `devopsdefender://session?...` link or scan its QR code.
-- The app imports the embedded key.
-- The app loads recent transcript history, then keeps following live output.
-
-The app intentionally does not create sessions, list recipes, browse agents,
-send input, or take over terminal control.
+with the printed `qrencode` command. The link contains the Noise private key
+and the app imports it; treat the link or QR as secret.
+
+## Fleet Flow (GitHub sign-in path)
+
+Cold-launch the iOS app and tap **Sign in with GitHub**. The app:
+
+1. Ensures a persistent iOS device key exists at
+   `Application Support/devopsdefender/ios.key` (X25519, generated via the
+   `dd_client_ensure_key` FFI on first launch).
+2. Opens an `ASWebAuthenticationSession` against
+   `https://app.devopsdefender.com/oauth/ios/start?pubkey=<hex>&label=<device>`.
+3. The control plane runs the GitHub OAuth dance, records the
+   user ↔ pubkey ↔ label binding, mints a bearer token, and 302s back to
+   `devopsdefender://oauth/callback?token=<token>`.
+4. The app stores the bearer in Keychain and calls
+   `GET /api/v1/agents` for the user's agent list.
+5. Tap an agent → `dd_client_list_sessions` enumerates sessions on that agent
+   over Noise. Tap a session → the existing keyboard/transcript surface
+   engages.
+
+The fleet flow depends on three CP endpoints that live in `devopsdefender/dd`
+(tracked at https://github.com/devopsdefender/dd/issues/266) plus agent-side
+polling of authorized pubkeys from the CP.
 
 ## Prerequisites
 
@@ -81,11 +102,40 @@ Catalyst.
 
 ## CI And TestFlight
 
-Pull requests run `.github/workflows/ios.yml`, which generates the project and
-builds the iOS simulator app without code signing.
+### Xcode Cloud (planned)
+
+Xcode Cloud is the target CI/CD for this app. It runs on Apple infrastructure,
+integrates directly with App Store Connect, automates signing, and removes the
+need to manage App Store Connect API keys as repo secrets. The existing
+`Build Rust FFI` script phase in `project.yml` runs unchanged under Xcode
+Cloud.
+
+To set it up:
+
+1. Open `DevOpsDefender.xcodeproj` in Xcode.
+2. **Product → Xcode Cloud → Create Workflow**.
+3. Create two workflows:
+   - **PR build** — start condition: pull request to `main`. Actions: Build
+     (Any iOS Device, no archive). No post-actions.
+   - **TestFlight build** — start condition: tag matching `ios-v*`. Actions:
+     Archive (iOS), TestFlight Internal Distribution.
+4. Environment variables on both: `DD_PRODUCT_BUNDLE_IDENTIFIER`,
+   `DD_DEVELOPMENT_TEAM`, `DD_MARKETING_VERSION`. Rust toolchain installs
+   in the `Scripts/build-rust.sh` prebuild script so no extra Xcode Cloud
+   env is needed.
+
+Once Xcode Cloud is green, retire `.github/workflows/ios.yml` and
+`.github/workflows/testflight.yml`. Rust-side CI (cargo test/fmt/clippy on
+the workspace) stays on GitHub Actions because Xcode Cloud only runs Apple
+builds.
+
+### Legacy GitHub Actions (currently active)
+
+Pull requests run `.github/workflows/ios.yml`, which generates the project
+and builds the iOS simulator app without code signing.
 
-TestFlight uploads are manual from `.github/workflows/testflight.yml`. Configure
-the `testflight` GitHub environment with:
+TestFlight uploads are manual from `.github/workflows/testflight.yml`.
+Configure the `testflight` GitHub environment with:
 
 ```bash
 gh secret set APPLE_TEAM_ID --env testflight
@@ -94,6 +144,6 @@ gh secret set APP_STORE_CONNECT_API_ISSUER_ID --env testflight
 gh secret set APP_STORE_CONNECT_API_PRIVATE_KEY --env testflight < AuthKey_XXXX.p8
 ```
 
-Then run the `TestFlight` workflow and set the App Store Connect bundle id. The
-workflow uses the GitHub run number as `CFBundleVersion` and uploads as an
-internal-only TestFlight build by default.
+Then run the `TestFlight` workflow and set the App Store Connect bundle id.
+The workflow uses the GitHub run number as `CFBundleVersion` and uploads as
+an internal-only TestFlight build by default.