Description
## What was built
### hydraapplepipeline (running at hydrapipelineapple.experiencenet.com)
- Go service + CLI on Hetzner cx11 VPS (49.13.228.177), systemd, self-updates via hydrarelease every 6h
- App Store Connect API client (ES256 JWT, .p8 key): testers, builds, certificates, profiles
- Admin web UI: /admin/testers (enroll/unenroll iPad fleet), /admin/builds (build history + state)
- `ci-setup` CLI command: generates RSA-2048 key locally, creates iOS/macOS Distribution certificate + App Store provisioning profile via API, prints 4 base64 secrets for GitHub Actions
- `builds list` CLI command: list recent builds with processingState
- Environment: HYDRAAPPLEPIPELINE_KEY_ID=AL455L4854, HYDRAAPPLEPIPELINE_ISSUER_ID=56c0e03c-4317-43ed-bbf3-5674bcc6c648, HYDRAAPPLEPIPELINE_APP_ID=6769830962 (hydraheadipad), Team ID YNF589PKUK
### hydraheadipad (github.com/cederikdotcom/hydraheadipad)
- iPadOS 17.0+ SwiftUI app, App Store Connect app ID 6769830962, bundle ID com.experiencenet.hydraheadipad
- XcodeGen-based: project.yml -> .xcodeproj, never committed
- GitHub Actions pipeline: git tag v* -> macos-latest runner -> Xcode 26 -> TestFlight (~90 seconds CI)
- Builds confirmed VALID in TestFlight