CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-06-28 20:50:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into garrytan/colombo-v3

Browse Source 
Resolves VERSION conflict (kept 1.43.0.0 — already ahead of main's
1.42.2.0 browse launch hardening wave). Picks up main's
browser-manager + server hardening cleanly (no conflicts there).

Also strips "device farm" / "DIY device farm" framing from the iOS
docs per Garry's direction. This isn't a device farm — it's full iOS
app QA, with agents able to control real iOS apps either locally over
USB or remotely over Tailscale.

Files touched in the farm sweep:
- CHANGELOG.md (1.43.0.0 entry headline + AGENTS subsection title)
- README.md (ios-qa row + gstack-ios-qa-daemon row)
- AGENTS.md (section header reframed to "iOS QA — drive real iPhones
  over USB or Tailscale")
- ios-qa/SKILL.md.tmpl + regenerated SKILL.md (description)
- ios-qa/docs/tailscale-acl-example.md (intro + sample ACL host name)
- docs/howto-ios-testing-with-gstack.md (intro + closing)
- docs/skills.md (section header + body)
- test/helpers/touchfiles.ts (touchfile comment)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-05-21 08:33:04 -07:00
parent e22de6025d 029356e1f0
commit fcb491d5f4
12 changed files with 388 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ios-qa/docs/tailscale-acl-example.md
+5 -5
View File
@@ -2,7 +2,7 @@
The Mac-side daemon binds the Tailscale interface only when you pass
`--tailnet`. By default the daemon is local-USB-only. This doc walks through
the steps to expose your device farm to remote agents safely.
the steps to expose your iPhone to remote agents safely so they can run iOS QA over the tailnet.
## Threat model recap
@@ -97,23 +97,23 @@ restrict the tailnet ACL to limit who can even *reach* the daemon port.
// In your tailscale admin console:
{
"acls": [
// Allow CI runner to reach the device farm Mac on port 9999 only.
// Allow CI runner to reach the iOS QA Mac on port 9999 only.
{
"action": "accept",
"src": ["ci@example.com"],
"dst": ["device-farm-mac:9999"]
"dst": ["ios-qa-mac:9999"]
},
// Tagged Claude agents — observe tier only (enforced by daemon, not ACL).
{
"action": "accept",
"src": ["tag:claude-readonly"],
"dst": ["device-farm-mac:9999"]
"dst": ["ios-qa-mac:9999"]
},
// Default deny.
{
"action": "drop",
"src": ["*"],
"dst": ["device-farm-mac:9999"]
"dst": ["ios-qa-mac:9999"]
}
]
}