docs: update README + docs site for public readiness

Refresh the README and documentation for public visitors:

- README: public-facing rewrite with accurate status for all four native
  clients (macOS, Linux, Windows, Android) and the Windows host.
- docs site: fix stale client status (Android is a full client, not a
  scaffold; Windows client is stage-1 complete + signed MSIX), add the
  missing Android client section, correct "which client" guidance.
- Windows host: corrected from "deferred/scoped" to implemented & shipping
  (NVIDIA-only, x64-only) across windows-host, roadmap, status,
  requirements, running-as-a-service, and the README.
- Remove internal infrastructure from public docs (box names, private IPs,
  SSH/token commands, deploy topology); rewrite status.md as a public
  project-status page; sanitize ci.md and implementation-plan.md.
- Update clients/android and clients/apple READMEs to current state.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

docs-site/content/docs/ci.md

@@ -3,17 +3,19 @@ title: "CI & Docker"
 description: "Gitea Actions setup — workflows, the dockerized pieces, and the runners."
 ---
 
-CI runs on **Gitea Actions** (`git.unom.io`, org `unom`). Three workflows in
-`.gitea/workflows/`, two runners, three images in the Gitea container registry.
+CI runs on **Gitea Actions** (`git.unom.io`, org `unom`). The workflows live in
+`.gitea/workflows/`; they run across Linux and macOS runners and push a few images to the
+Gitea container registry.
 
 ## Workflows
 
 | Workflow | Trigger | Runner | What it does |
 |---|---|---|---|
-| `ci.yml` | push to `main`, PRs | `ubuntu-24.04` | Rust workspace (fmt · clippy `-D warnings` · build · test · C-ABI harness · generated-header drift) inside the `punktfunk-rust-ci` image; `web/` and `docs-site/` build + typecheck in `oven/bun:1` |
-| `docker.yml` | push to `main`, `v*` tags, manual | `ubuntu-24.04` | Builds + pushes the three images below (`latest` + `sha-<short>` tags) |
-| `apple.yml` | push to `main`, PRs, manual | `macos-arm64` | Rust core → `PunktfunkCore.xcframework` → `swift build` + `swift test` in `clients/apple` |
-| `release.yml` | `v*` tags, manual | `macos-arm64` | Production Apple builds: sandboxed macOS `.dmg` (Developer ID, notarized, stapled) attached to the Gitea release + macOS/iOS/tvOS archives uploaded to TestFlight |
+| `ci.yml` | push to `main`, PRs | Linux | Rust workspace (fmt · clippy `-D warnings` · build · test · C-ABI harness · generated-header drift) inside the `punktfunk-rust-ci` image; `web/` and `docs-site/` build + typecheck in `oven/bun:1` |
+| `docker.yml` | push to `main`, `v*` tags, manual | Linux | Builds + pushes the images below (`latest` + `sha-<short>` tags) |
+| `apple.yml` | push to `main`, PRs, manual | macOS | Rust core → `PunktfunkCore.xcframework` → `swift build` + `swift test` in `clients/apple` |
+| `release.yml` | `v*` tags, manual | macOS | Production Apple builds: sandboxed macOS `.dmg` (Developer ID, notarized, stapled) attached to the Gitea release + macOS/iOS/tvOS archives uploaded to TestFlight |
+| `windows-msix.yml` | push to `main`, `v*` tags, manual | Windows | Builds the Windows client for `x86_64`/`aarch64` and packages signed MSIX artifacts |
 
 ## Dockerized pieces
 
@@ -26,20 +28,20 @@ the GPU/compositor stack of the box it runs on). What is:
 | `git.unom.io/unom/punktfunk-docs` | `docs-site/Dockerfile` | This site; `PORT` (3000) |
 | `git.unom.io/unom/punktfunk-rust-ci` | `ci/rust-ci.Dockerfile` | Ubuntu 26.04 + FFmpeg 8/PipeWire/GL/GBM dev libs + a libcuda **link stub** (driver userspace, no kernel module) + pinned rustup — the container `ci.yml`'s Rust job runs in |
 
-Registry pushes authenticate with the repo Actions secret **`REGISTRY_TOKEN`** (a PAT
+Registry pushes authenticate with a repo Actions secret holding a registry token (a PAT
 with `write:package`; the login username in `docker.yml` is the token owner, not the
 push actor).
 
 ## Runners
 
-- **`ubuntu-24.04`** — the pre-existing Linux runner; runs the Rust/web/docs jobs (as
-  docker containers) and the image build+push jobs.
-- **`macos-arm64`** — `home-mac-mini-1` (M-series, macOS 26), a **host-mode**
-  `act_runner` (upstream now ships it as `gitea-runner`) provisioned by
+- **Linux runner** — runs the Rust/web/docs jobs (as docker containers) and the image
+  build+push jobs.
+- **macOS runner** — an Apple-silicon Mac running macOS, a **host-mode** `act_runner`
+  (upstream now ships it as `gitea-runner`) provisioned by
   [`scripts/ci/setup-macos-runner.sh`](https://git.unom.io/unom/punktfunk/src/branch/main/scripts/ci/setup-macos-runner.sh):
   rustup (+ both darwin targets for the universal xcframework), Node.js (host-mode runners
   execute JS actions via `node` from PATH — nothing auto-provisions it), the runner binary
-  in `~/.local/bin`, state in `~/ci/act-runner/` (config, `.runner` registration,
+  in `~/.local/bin`, state under `~/ci/act-runner/` (config, `.runner` registration,
   `runner.log`), kept alive by the `io.gitea.act_runner` **root LaunchDaemon** — it cannot
   be a user LaunchAgent: macOS Local Network privacy silently blocks LAN dials
   ("no route to host") from unbundled CLI binaries in gui/user launchd domains, while
@@ -47,14 +49,12 @@ push actor).
   (CLT alone only covers `swift build/test`); if `xcode-select` still points at CLT, the
   script auto-detects `/Applications/Xcode*.app` and bakes a `DEVELOPER_DIR` override into
   the daemon environment — no `xcode-select -s` required.
+- **Windows runner** — builds and packages the native Windows client (MSIX) for the
+  release matrix.
 
-Re-provisioning (idempotent) or first-time registration from a dev box:
-
-```sh
-# token: org unom → Settings → Actions → Runners → Create new runner
-ssh enricobuehler@192.168.1.135 GITEA_RUNNER_TOKEN=<token> bash -s \
-    < scripts/ci/setup-macos-runner.sh
-```
+Re-provisioning is idempotent — re-running `scripts/ci/setup-macos-runner.sh` on the macOS
+runner with a fresh `GITEA_RUNNER_TOKEN` (org `unom` → Settings → Actions → Runners →
+Create new runner) re-registers it without manual cleanup.
 
 ## Apple releases
 
@@ -97,18 +97,16 @@ linking) and **refuses iOS/tvOS slices** (CLT has no iOS SDK).
 ## Deployment
 
 `docker.yml`'s `deploy-docs` job ships this docs site after every image push: it syncs
-`compose.production.yml` to `~/punktfunk-docs` on **unom-1** (the DMZ services VM
-website and cms deploy to) and runs `docker compose pull && up -d` there over SSH (same
-pattern and secret set as `unom/website`: `DEPLOY_HOST` / `DEPLOY_USER` / `DEPLOY_PORT` /
-`DEPLOY_SSH_KEY`, the `unom-ci-deploy` key). The container binds host port **3220**;
-Caddy on `home-reverse-proxy-1` serves it as <https://docs.punktfunk.unom.io> (vhost in
-`unom/reverse-proxy`, UniFi firewall allowlist Caddy→unom-1:3220 in `unom/infra`
-`proxmox/unom-1`). The host and the web console are NOT deployed — the console
-fronts a punktfunk host's management API on whatever box runs the host.
+`compose.production.yml` to the docs server and runs `docker compose pull && up -d` there
+over SSH, driven by a small set of deploy secrets (`DEPLOY_HOST` / `DEPLOY_USER` /
+`DEPLOY_PORT` / `DEPLOY_SSH_KEY`). A reverse proxy in front of that server serves the
+container as <https://docs.punktfunk.unom.io>. The host and the web console are NOT
+deployed — the console fronts a punktfunk host's management API on whatever box runs the
+host.
 
 ## Troubleshooting
 
-- **Mac runner offline** — `ssh <mac> tail -50 '~/ci/act-runner/runner.log'`; restart with
+- **macOS runner offline** — check `~/ci/act-runner/runner.log` on the runner; restart with
   `sudo launchctl kickstart -k system/io.gitea.act_runner`. "no route to host" in the log
   means the daemon is running in a gui/user domain again — see the Local Network note
   above.