chore: mobile android default, Email shipping, stub READMEs

ralyodio · claude · ralyodio · commit 89cbc5971dc4 · 2026-04-19T15:17:17.000Z
- mobile-release.yml: tag pushes default to --platform android so iOS
  credential setup doesn't stall every release
- SURFACES.md: Email channel promoted alpha → shipping now that
  apps/cli/src/daemon/alerts/smtp.ts ships a real nodemailer backend
- apps/mobile/README.md: Expo / EAS dev + iOS/Android setup notes
- apps/extension/README.md: sideload + per-browser build instructions

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/mobile-release.yml b/.github/workflows/mobile-release.yml
@@ -77,12 +77,12 @@ jobs:
             PROFILE="production"
           fi
 
+          # Default to Android on tag pushes so releases don't stall on
+          # iOS credentials setup. Override with workflow_dispatch.
           if [ -n "${{ github.event.inputs.platform }}" ]; then
             PLATFORM="${{ github.event.inputs.platform }}"
-          elif [ "$PROFILE" = "preview" ]; then
-            PLATFORM="android"
           else
-            PLATFORM="all"
+            PLATFORM="android"
           fi
 
           if [ "${{ github.event.inputs.auto_submit }}" = "true" ] && [ "$PROFILE" = "production" ]; then
diff --git a/apps/extension/README.md b/apps/extension/README.md
@@ -0,0 +1,67 @@
+# ThreatCrush Browser Extension
+
+MV3 extension built with Vite + React 19 + Tailwind. **Status:** dev preview. Sideload-from-source works today; store submissions happen post-launch.
+
+## Dev
+
+```bash
+# from repo root
+pnpm install
+cd apps/extension
+pnpm dev                   # vite dev server for popup/options
+```
+
+## Build
+
+Per-browser builds via `scripts/build.js`:
+
+```bash
+pnpm build                 # → dist/chrome, dist/firefox, dist/safari
+node scripts/build.js chrome
+node scripts/build.js firefox
+node scripts/build.js safari
+node scripts/build.js all
+```
+
+## Sideload (while stores are pending)
+
+**Chrome / Edge:**
+1. `pnpm build` and open `chrome://extensions`
+2. Enable *Developer mode*
+3. *Load unpacked* → select `apps/extension/dist/chrome/`
+
+**Firefox:**
+1. Open `about:debugging#/runtime/this-firefox`
+2. *Load Temporary Add-on* → select `apps/extension/dist/firefox/manifest.json`
+
+**Safari:**
+Requires Xcode to convert to a Safari Web Extension bundle. See Apple's [Safari Web Extensions docs](https://developer.apple.com/documentation/safariservices/safari_web_extensions).
+
+## Features
+
+- Scan any site (security headers, mixed content, basic checks)
+- Real-time alert popup when a ThreatCrush server emits a critical event
+- Dashboard popup — recent events + module status
+
+## Structure
+
+```
+apps/extension/
+├── manifest.json         MV3 manifest (per-browser variants in src/manifests/)
+├── src/
+│   ├── background/       Service worker
+│   ├── popup/            React popup UI
+│   ├── options/          React options page
+│   ├── content/          Content scripts
+│   └── store/            Zustand stores (shared)
+└── scripts/build.js      Per-browser packager
+```
+
+## Store submission (post-launch)
+
+Each store has its own review process:
+- **Chrome Web Store** — requires dev fee, screenshots, privacy policy, scope justification
+- **Firefox AMO** — free; source review if minified
+- **Safari** — App Store Connect, Apple Developer membership required
+
+None submitted yet.
diff --git a/apps/mobile/README.md b/apps/mobile/README.md
@@ -0,0 +1,58 @@
+# ThreatCrush Mobile
+
+Expo / React Native app. **Status:** deferred from v0.1.0. The Android pipeline builds cleanly on a tag push; iOS requires an Apple Developer account + one-time credentials setup.
+
+## Dev
+
+```bash
+# from repo root
+pnpm install
+cd apps/mobile
+pnpm expo start            # dev client (needs expo-dev-client)
+```
+
+App config lives in `app.config.ts` (code) — `app.json` is unused.
+
+## EAS Build
+
+Uses `eas.json` profiles:
+
+- `development` — internal dev-client builds, loads `http://localhost:3000`
+- `preview` — internal testers (TestFlight / internal track)
+- `production` — app store submission, auto-increments build number
+
+```bash
+eas build --profile preview --platform android
+eas build --profile preview --platform ios
+```
+
+## GitHub Actions — mobile-release.yml
+
+Triggers on every `v*` tag. Defaults to `--platform android` because iOS needs interactive credential setup (see below). Override via `workflow_dispatch` → `platform: ios | all`.
+
+Requires these repo secrets:
+- `EXPO_TOKEN` — create at https://expo.dev/settings/access-tokens
+- `ENV_FILE` — full contents of `.env` dumped as a single secret
+
+## iOS setup (one-time, interactive)
+
+```bash
+cd apps/mobile
+eas credentials
+```
+
+Pick `iOS → Set up a new Distribution Certificate`. Expo stores the cert + provisioning profile in their vault; future CI builds then work non-interactively.
+
+Requires:
+- Apple Developer account ($99/yr)
+- App Store Connect app record with bundle `com.threatcrush.mobile`
+
+## Android setup
+
+Expo can auto-generate a keystore on first build — no pre-work needed. For Play Console submission later, add a Google Service Account JSON at `apps/mobile/google-service-account.json` (gitignored) and reference it in `eas.json → submit.production.android.serviceAccountKeyPath`.
+
+## Not wired up yet
+
+- Push notifications (`expo-notifications`)
+- Real event stream — `src/stores/events.ts` still returns demo data
+- E2E encryption integration — `src/lib/crypto.ts` is standalone
diff --git a/docs/SURFACES.md b/docs/SURFACES.md
@@ -26,7 +26,7 @@ Status values:
 | **TUI** | `shipping` | `apps/cli/src/tui/` | Bundled with CLI | react-blessed dashboard. `threatcrush tui`. |
 | **API** | `shipping` | `apps/web/src/app/api/` | Same origin as web | REST, bearer-token auth. Used by CLI, desktop, extension. |
 | **Webhooks (outbound)** | `shipping` | `apps/cli/src/daemon/alerts/` | Slack, generic webhook | Threat alerts emit when severity ≥ high. |
-| **Email (outbound)** | `alpha` | Planned in `alerts/` | SMTP via module | Wire real SMTP before promoting. |
+| **Email (outbound)** | `shipping` | `apps/cli/src/daemon/alerts/smtp.ts` | SMTP via `nodemailer` | Configure `[alerts.email]` in `threatcrushd.conf`. |
 | **Desktop** | `preview` | `apps/desktop/` | GitHub Releases (unsigned) | Electron. IPC bridge to local `threatcrushd` via Unix socket. macOS/Windows CI still untested. |
 | **Browser extension** | `preview` | `apps/extension/` | Sideload from source | Vite + React 19 + MV3. Store submissions post-v0.1.0. |
 | **SDK** | `alpha` | `apps/sdk/` | npm (`@threatcrush/sdk`) — not yet published | Types for module authors. Publish ties to marketplace readiness. |
