The NSAppleEventsUsageDescription usage string was dead — the app has no AppleEvents/AppleScript code path (Meet detection reads window titles), so the permission prompt never fired; remove it. Rephrase the leftover "Phase N" build-plan references in source comments (one of which falsely claimed "no audio, capture, or call detection yet"), and complete the AGENTS.md Audio/Detection layout listings.
Create .claude/settings.json so shared project config is committable, add the deny-by-default .claude/* and .env.* allow-list block to .gitignore, and add the portable inbox-check line to AGENTS.md. Track Jitsi support in ROADMAP.
The backend host and LAN IPs are kept out of source by convention; the prior
commit committed the real primary/fallback IPs into AGENTS.md and the new test.
Swap them for neutral wording and the RFC 5737 documentation IP (192.0.2.1).
These IPs remain in commit 3629dbd (already pushed); purging them from history
is a separate filter-repo + force-push decision.
The app shipped with certificate validation bypassed globally and on by
default — InsecureTrustDelegate trusted any cert from any host. That was
the evaluation's P1: anyone on the LAN could MITM call audio, transcripts,
and voiceprints.
The backend's Start9 cert already validates under normal system trust when
the StartOS Root CA is installed in the keychain (confirmed: URLSession
default validation returns 200 against the backend and its fallback), so the
bypass is unnecessary:
- skip-TLS now defaults to off
- when explicitly enabled, the bypass is scoped to the configured host via
InsecureTrustDelegate.allowsTrustOverride, never "trust any server"
- the host gate is pure and unit-tested (InsecureTrustDelegateTests)
Docs reconciled: AGENTS.md backend/TLS line and Current state.
The remote is now set (origin → self-hosted Gitea over SSH), so update
the commit convention, clear the "decide a git remote" Next/ROADMAP
items, and keep the remote URL out of source (it lives in .git/config).
- Add AGENTS.md (canonical) + CLAUDE.md symlink + ROADMAP.md
- Move Apple Team ID from project.yml into a gitignored
Config/Signing.xcconfig via configFiles; commit the .example template
- Replace hardcoded backend host in AppSettings with a neutral
placeholder + SPARK_BACKEND_URL env-var fallback
- Scrub the Team ID, .local host, and raw LAN IP from README/docs
- Ignore Config/Signing.xcconfig and .env
Grant Gilliam