Add Support for Mac

[Bobyue0118]

变更说明

本 PR 在保留原有 Windows 优先路线的前提下，补充了一条 macOS + iPhone 的 mobile-first 使用路径，目标是让 Codex 继续运行在 Mac 上，而 iPhone 通过私有网页继续查看历史、发送消息和控制会话。

主要改动包括：

1. 新增 owner-admin 后端接口和本地 Owner Admin 面板，用于本地审批首次登录的新设备、查看受信设备和 Tailscale 状态。
2. 新增 macOS 运行脚本，包括启动/停止、本地运行环境检查、Tailscale 远程入口、以及可选的 launchd 自启动脚本。
3. 同步更新 README 和部署文档，明确说明这个 macOS 路线与原始 Windows 支持版的区别，并补充新手上手流程。

为什么要改：
当前仓库的默认文档和运行方式明显偏 Windows，Mac 用户虽然能理解目标，但缺少一条“Codex 跑在 Mac、iPhone 私有访问并继续控制”的完整落地路径。这个 PR 主要是在不改变默认公网暴露模型的前提下，把这条路径补齐。

变更类型

• Bug 修复
• 文档改进
• 部署脚本改进
• 安全加固
• 功能增强
• 重构

你做了哪些验证

• 本地手动验证过
• 运行过相关脚本语法检查
• 运行过 python -m py_compile mobile_codex_control.py
• 运行过 scripts/check-open-source-tree.ps1
• 运行过 scripts/smoke-test-override-flow.ps1

请补充必要的验证说明：

- 在 macOS 本地对 vendor/claudecodeui-1.25.2 执行 ./scripts/apply-upstream-overrides.sh，覆盖文件应用成功
- 执行 ./scripts/check-mobile-codex-runtime.sh 和 ./scripts/test-macos-runtime.sh，通过
- 在 vendor/claudecodeui-1.25.2 目录执行 npm run build，成功
- 运行 node --test upstream-overrides/claudecodeui-1.25.2/server/utils/__tests__/owner-admin.test.mjs，通过
- 运行 node --test upstream-overrides/claudecodeui-1.25.2/src/components/admin/utils/__tests__/ownerAdminAccess.test.mjs，通过
- 运行 python3 -m py_compile mobile_codex_control.py，通过
- 本地交互验证 ./scripts/start-mobile-codex.sh -> curl -sf http://127.0.0.1:3001/health -> ./scripts/stop-mobile-codex.sh，流程正常
- 在 Mac + iPhone + Tailscale 实机环境下验证过：Mac 本地注册账号、iPhone 通过私有 URL 访问、首次设备审批、审批后继续使用流程可用

[Copilot]

Pull request overview

This PR shifts the repo toward a macOS-hosted, iPhone-first workflow by adding macOS runtime scripts and a browser-based “Owner Admin” surface to manage first-time device approvals (replacing the Windows desktop helper dependency for that flow).

Changes:

• Add Owner Admin APIs + UI to view Tailscale/status, list pending/trusted devices, and approve/reject/revoke devices from the local Mac browser.
• Add macOS-oriented Bash scripts for applying overrides, starting/stopping the service, enabling Tailscale Serve, and optional launchd auto-start.
• Update READMEs and deployment docs to document the macOS mobile-first path alongside the existing Windows-first path.

Reviewed changes

Copilot reviewed 28 out of 29 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
upstream-overrides/claudecodeui-1.25.2/src/utils/api.js	Adds client wrappers for new Owner Admin auth endpoints.
upstream-overrides/claudecodeui-1.25.2/src/components/app/AppContent.tsx	Adds Owner Admin launcher button + modal panel wiring.
upstream-overrides/claudecodeui-1.25.2/src/components/admin/utils/ownerAdminAccess.js	Adds loopback-host gating logic for showing the Owner Admin launcher.
upstream-overrides/claudecodeui-1.25.2/src/components/admin/utils/tests/ownerAdminAccess.test.mjs	Adds unit tests for Owner Admin launcher gating.
upstream-overrides/claudecodeui-1.25.2/src/components/admin/useOwnerAdminState.ts	Adds polling state hook for Owner Admin status/devices and actions.
upstream-overrides/claudecodeui-1.25.2/src/components/admin/OwnerAdminPanel.tsx	Adds the Owner Admin modal UI (status, pending, trusted devices).
upstream-overrides/claudecodeui-1.25.2/server/utils/owner-admin.js	Adds server utilities for loopback detection and Tailscale status parsing.
upstream-overrides/claudecodeui-1.25.2/server/utils/tests/owner-admin.test.mjs	Adds unit tests for owner-admin utilities.
upstream-overrides/claudecodeui-1.25.2/server/routes/auth.js	Adds Owner Admin routes + local-session restriction middleware.
upstream-overrides/claudecodeui-1.25.2/server/database/db.js	Adds DB helper to list pending approval requests scoped to a user.
scripts/uninstall-mobile-codex-launchd.sh	Adds uninstall helper for macOS launchd agent.
scripts/test-macos-runtime.sh	Adds basic macOS script sanity + path anchoring checks.
scripts/stop-mobile-codex.sh	Adds stop script for the macOS-run local service.
scripts/stop-mobile-codex-stack.sh	Adds wrapper stop script for the “stack”.
scripts/start-mobile-codex.sh	Adds start script for the macOS-run local service (localhost-bound).
scripts/start-mobile-codex-stack.sh	Adds wrapper start script for the “stack”.
scripts/lib-mobile-codex.sh	Adds shared macOS script helpers (paths, node/tailscale resolution, logs).
scripts/install-mobile-codex-launchd.sh	Adds installer for a per-user launchd agent to auto-start service.
scripts/enable-mobile-codex-remote.sh	Adds Tailscale Serve helper to expose the localhost service privately.
scripts/check-mobile-codex-runtime.sh	Adds runtime diagnostic script for macOS workflow.
scripts/apply-upstream-overrides.sh	Adds Bash override-applier to copy override layer into upstream checkout.
README.md	Reframes docs toward macOS+iPhone workflow; keeps Windows docs pointers.
README.en.md	English version of macOS+iPhone workflow docs and commands.
docs/superpowers/specs/2026-04-10-macos-mobile-codex-design.md	Adds macOS mobile-first design/spec doc for the new workflow.
docs/DEPLOYMENT.zh-CN.md	Adds note that this remains the Windows-first deployment path.
docs/DEPLOYMENT.md	Adds note that this remains the Windows-first deployment path.
docs/DEPLOYMENT-macos.zh-CN.md	Adds macOS mobile-first deployment guide (CN).
docs/DEPLOYMENT-macos.md	Adds macOS mobile-first deployment guide (EN).
.gitignore	Ignores .worktrees/ alongside local runtime/output directories.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

requireLocalOwnerSession currently allows access if any of x-forwarded-for, req.ip, or req.socket.remoteAddress is loopback. In a proxied setup (e.g., Tailscale Serve), req.socket.remoteAddress will be loopback even for remote iPhone requests, which defeats the “local Mac browser only” restriction. Prefer checking the client IP only (e.g., req.ip with app.set('trust proxy', 1) already in use) and/or explicitly rejecting proxied requests instead of accepting loopback proxy addresses.

[Copilot]

The Owner Admin UI refresh runs on a fixed setInterval without guarding against an in-flight refresh() call. If any of the 3 requests takes >3s, multiple concurrent refreshes can stack up and cause extra load / out-of-order state updates. Consider using a self-scheduling setTimeout loop, tracking an inFlight flag, or cancelling/ignoring overlapping refreshes.

[Copilot]

This script assumes python3 is available for JSON parsing, but it doesn’t check for it or fail with a targeted message. On many macOS setups python3 is not installed by default. Add an explicit command -v python3 check (with a clear install hint) or switch the JSON parsing to a tool you already require (e.g., Node).

[Copilot]

require_path only checks -e (exists), but it’s used for both directories and executables (e.g., Node). This can allow non-executable files or the wrong path type to pass validation and fail later with less clear errors. Consider adding require_executable / require_directory helpers (or parameterizing the check) so scripts fail fast with accurate diagnostics.

[Copilot]

This spec uses absolute local filesystem paths (e.g., /Users/.../mobileCodexHelper/...) in links, which won’t work for other contributors and leaks local environment details. Replace these with repo-relative links (e.g., ./upstream-overrides/claudecodeui-1.25.2/...) so the document renders correctly on GitHub.

[Copilot]

These bullets also link to absolute local paths (e.g., /Users/...) instead of repo-relative links, which breaks on GitHub and exposes local directory structure. Update them to relative links within the repository.

[Copilot]

The test data includes what looks like a personal machine DNS name (bobyue-mac.tail123.ts.net). Even if it’s not a secret, it’s better to avoid embedding personal identifiers in tests; use a clearly fake placeholder domain (e.g., example-mac.tailnet.ts.net).

[Copilot]

This test hardcodes what appears to be a personal home directory (/Users/bobyue/Code) and a specific device DNS name. To keep the repo generic and avoid leaking identifiers, switch these to neutral placeholder values (e.g., /Users/example/Code, example-mac.tailnet.ts.net).