Simplify iOS as linked session transcript viewer

.github/workflows/ios.yml

@@ -0,0 +1,35 @@
+name: iOS
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  simulator-build:
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: aarch64-apple-ios-sim,x86_64-apple-ios
+
+      - name: Install XcodeGen
+        run: brew install xcodegen
+
+      - name: Generate Xcode project
+        working-directory: apps/ios
+        run: xcodegen generate
+
+      - name: Build iOS simulator app
+        working-directory: apps/ios
+        run: |
+          xcodebuild \
+            -project DevOpsDefender.xcodeproj \
+            -scheme DevOpsDefender \
+            -configuration Debug \
+            -destination 'generic/platform=iOS Simulator' \
+            DD_PRODUCT_BUNDLE_IDENTIFIER=com.devopsdefender.client.ci \
+            CODE_SIGNING_ALLOWED=NO \
+            build

.github/workflows/testflight.yml

@@ -0,0 +1,57 @@
+name: TestFlight
+
+on:
+  workflow_dispatch:
+    inputs:
+      bundle_id:
+        description: App Store Connect bundle identifier
+        required: true
+        default: com.posix4e.devopsdefender.client
+      marketing_version:
+        description: CFBundleShortVersionString
+        required: true
+        default: "0.1"
+      internal_only:
+        description: Restrict uploaded build to internal TestFlight testing
+        required: true
+        type: boolean
+        default: true
+
+jobs:
+  upload:
+    runs-on: macos-latest
+    environment: testflight
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: aarch64-apple-ios
+
+      - name: Install XcodeGen
+        run: brew install xcodegen
+
+      - name: Write App Store Connect API key
+        env:
+          ASC_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          ASC_PRIVATE_KEY: ${{ secrets.APP_STORE_CONNECT_API_PRIVATE_KEY }}
+        run: |
+          test -n "$ASC_KEY_ID"
+          test -n "$ASC_PRIVATE_KEY"
+          mkdir -p "$RUNNER_TEMP/appstoreconnect"
+          KEY_PATH="$RUNNER_TEMP/appstoreconnect/AuthKey_${ASC_KEY_ID}.p8"
+          printf '%s' "$ASC_PRIVATE_KEY" | perl -pe 's/\\n/\n/g' > "$KEY_PATH"
+          chmod 600 "$KEY_PATH"
+          echo "ASC_KEY_PATH=$KEY_PATH" >> "$GITHUB_ENV"
+
+      - name: Archive and upload to TestFlight
+        env:
+          DD_DEVELOPMENT_TEAM: ${{ secrets.APPLE_TEAM_ID }}
+          DD_BUNDLE_ID: ${{ inputs.bundle_id }}
+          DD_MARKETING_VERSION: ${{ inputs.marketing_version }}
+          DD_BUILD_NUMBER: ${{ github.run_number }}
+          DD_TESTFLIGHT_INTERNAL_ONLY: ${{ inputs.internal_only }}
+          APP_STORE_CONNECT_API_KEY_PATH: ${{ env.ASC_KEY_PATH }}
+          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          APP_STORE_CONNECT_API_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_ISSUER_ID }}
+        run: apps/ios/Scripts/archive-testflight.sh

.gitignore

@@ -2,4 +2,8 @@
 *.key
 *.key.tmp
 .DS_Store
-
+apps/ios/DevOpsDefender.xcodeproj/
+apps/ios/Config/Signing.local.xcconfig
+apps/ios/com.apple.DeveloperTools/
+apps/ios/err
+.claude/

README.md

@@ -8,8 +8,8 @@ This repo owns client-side code that should not live in
 - `dd-client-core`: reusable Rust client core for pairing, quote verification,
   direct agent Noise transport, session RPCs, and PTY streaming.
 - `dd-client`: CLI binary using `dd-client-core`.
-- `dd-client-ffi`: C-compatible bridge for native mobile shells.
-- `apps/ios`: iOS client workspace notes; it will use the same core.
+- `dd-client-ffi`: C-compatible bridge for mobile transcript viewing.
+- `apps/ios`: iOS companion that opens desktop-generated session links.
 
 The control plane is only for enrollment and route discovery. Shell, log, and
 session bytes go directly between the paired client and the selected agent over
@@ -31,14 +31,6 @@ dd-client keygen --key ~/.config/devopsdefender/noise.key \
   --label laptop
 ```
 
-List recipes on an enrolled agent:
-
-```bash
-DD_ITA_API_KEY=... dd-client recipes \
-  --url https://agent.example.com \
-  --key ~/.config/devopsdefender/noise.key
-```
-
 Open a shell:
 
 ```bash
@@ -52,5 +44,19 @@ During an attached shell, `Ctrl-]` detaches and leaves the remote session alive.
 `Ctrl-D` sends EOF to the remote shell and disconnects the local client. Use
 `dd-client close --id SESSION_ID ...` to terminate a session explicitly.
 
+Send a running session to the mobile companion app:
+
+```bash
+dd-client mobile-link \
+  --url https://agent.example.com \
+  --key ~/.config/devopsdefender/noise.key \
+  --id SESSION_ID
+```
+
+Open the printed `devopsdefender://session?...` link on iOS, or render it as a
+QR code with the printed `qrencode` command. The link includes the Noise private
+key so the mobile app can import it before loading history and following the
+live transcript; treat that link or QR code as secret.
+
 Quote verification is on by default. Local preview/dev runs without Intel Trust
 Authority credentials must pass `--insecure-skip-quote-verify` explicitly.

apps/ios/Config/Signing.xcconfig

@@ -0,0 +1,5 @@
+DD_PRODUCT_BUNDLE_IDENTIFIER = dev.devopsdefender.client.team$(DEVELOPMENT_TEAM)
+DD_MARKETING_VERSION = 0.1
+DD_BUILD_NUMBER = 1
+
+#include? "Signing.local.xcconfig"