Tailnet — bluehighlightedtext.com

A 7-device personal WireGuard mesh owned by jordan@. Four Macs share an identical dev surface via iCloud Drive (113 project directories, 28 Claude Code skills, 14 MCP servers, 6 agents). A Pi 5 acts as the always-on services hub. An iPhone rounds out the mesh. The whole thing is ACL-gated — no public ports — and functions as a distributed, agentic dev workstation.

devices

Pi services hub

113

dev projects

Claude skills

MCP servers

25+

CF Pages sites

What you can build with it

Ship a docs site in minutes

Write content on any Mac → docs-site-builder skill renders a terminal-aesthetic SPA → wrangler pages deploy pushes to Cloudflare. 25+ sites already live.

Start a new project anywhere

project-bootstrap + phased-planning scaffold a phased build. iCloud Drive sync means the repo appears on every Mac in the mesh within seconds.

Call mesh-local LLMs

Any device can curl http://100.86.166.122:11434 to reach Ollama on pi5-dev (qwen3.5:4b, nomic-embed-text). Zero public surface area.

Orchestrate long-running agents

The long-runner skill + Paperclip on pi5-dev keep multi-session agent work alive across sleep/wake cycles on the Macs.

Run autoresearch loops

The gtm-autoresearch and Autoresearch Engine projects run Karpathy-style exploration loops — Sonnet drafts, Opus 4.6 escalates at 0.92 confidence.

Reach home automation from anywhere

Home Assistant + Hermes gateway on pi5-dev are reachable from every mesh device via Tailscale SSH — no VPN config needed.

At a glance

Tailnet name: bluehighlightedtext.com
Owner: jordan@
Transport: WireGuard mesh · Tailscale SSH (Linux) · key-auth SSH (Macs)
Daily driver: macbook-pro-6 · 100.116.140.93 · M1 Pro / 16GB / macOS 26.2
Services hub: pi5-dev · 100.86.166.122 · see pi5-setup-guide
Shared dev state: iCloud Drive replicates ~/Library/…/Windsurf/, ~/.claude/, ~/.codex/ across all Macs

Devices

Seven peers on the mesh. Four Macs share the same dev surface via iCloud. One Pi hosts always-on services. One iPhone rounds it out.

macbook-pro-6 self

Tailscale IP: 100.116.140.93
OS: macOS 26.2
Chip: Apple M1 Pro · 16 GB
Role: Daily driver · primary dev workstation
Status: online

claws-mac-mini

Tailscale IP: 100.82.244.127
OS: macOS
Role: Online dev Mac · secondary workstation
Status: online

jordans-mac-mini

Tailscale IP: 100.86.248.8
OS: macOS
Role: Online dev Mac
Status: online

openclaws-mac-mini

Tailscale IP: 100.66.145.48
OS: macOS
Role: Online dev Mac
Status: online

openclaws-macbook-air

Tailscale IP: 100.111.147.124
OS: macOS
Role: Mobile Mac
Status: offline 15m ago

pi5-dev services hub

Tailscale IP: 100.86.166.122
OS: Raspberry Pi 5 · Debian 13 (trixie)
Role: Services hub · always-on · mesh LLM endpoint
Stack: Home Assistant, Hermes, Ollama, Paperclip, 4 pi-* agents, Red Button, Autoresearch, hybrid renderer
Full detail: pi5-setup-guide.pages.dev
Status: online

iphone-15-pro-max

Tailscale IP: 100.103.178.55
OS: iOS
Role: Phone · mobile mesh client
Status: offline 7d

Mesh access pattern. Macs reach each other over standard SSH with key auth (ssh user@100.x.y.z). The Pi accepts Tailscale SSH (ssh pi5 once the short-name is in ~/.ssh/config). The iPhone uses the Tailscale iOS app as a pure client — it doesn't host services.

Architecture

One mesh. Four identical Mac dev workstations (thanks to iCloud Drive). One services hub on the Pi. One mobile peer. All deploy targets live in Cloudflare + GitHub.

┌───────────────────────────────────────────────────────────────────────────────┐
│          TAILNET: bluehighlightedtext.com  (owner jordan@ · 7 devices)       │
│          WireGuard mesh  ·  Tailscale SSH + key SSH  ·  ACL-gated            │
└────────────────────────────────────┬──────────────────────────────────────────┘
                                       │
      ┌────────────────────────────────┬────────────────────────────────┐
      │                                │                                │
      ▼                                ▼                                ▼
┌───────────────────┐     ┌───────────────────────┐      ┌───────────────────┐
│  DEV WORKSTATIONS  │     │    SERVICES HUB        │      │      MOBILE      │
│  ────────────────  │     │    ─────────────       │      │    ──────────      │
│  macbook-pro-6     │     │  pi5-dev               │      │  iphone-15-pro-max │
│  100.116.140.93    │     │  100.86.166.122        │      │  100.103.178.55    │
│  M1 Pro · 16GB     │     │  Pi 5 · Debian 13      │      │  iOS · offline 7d  │
│  macOS 26.2 SELF    │     │                        │      │                    │
│  ──────────────    │     │  9-pillar stack:       │      └───────────────────┘
│  claws-mac-mini    │     │   • Home Assistant     │
│  100.82.244.127    │     │   • 4× pi-* agents     │
│                    │     │   • Hermes gateway     │
│  jordans-mac-mini  │     │   • Red Button         │
│  100.86.248.8      │◄───►│   • Autoresearch       │
│                    │     │   • Paperclip + PG     │
│  openclaws-mac-mini│     │   • Hybrid renderer    │
│  100.66.145.48     │     │   • Ollama LLM         │
│                    │     │   • Docker / HA compose│
│  openclaws-        │     │                        │
│    macbook-air     │     │  → full detail at      │
│  100.111.147.124   │     │    pi5-setup-guide     │
│  (offline 15m)     │     └────────────────────────┘
└─────────┬──────────┘
          │ iCloud Drive sync
          ▼
┌──────────────────────────────────────────────────────────────────────────────┐
│                        SHARED DEV STATE  (iCloud Drive)                     │
│  ───────────────────────────────────────────────────────────────      │
│  Windsurf/               113 project directories                            │
│  ~/.claude/              28 skills · 6 agents · 5 commands · 14 MCPs        │
│  ~/.codex/               Codex config + session history                     │
│  → every Mac in the mesh has the same dev surface on login                  │
└────────────────────────────────┬────────────────────────────────────────────────┘
                                 │
                                 ▼
┌─────────────────────────────────────────────────────────────────────────────┐
│                          CLOUD DEPLOY TARGETS                               │
│  ───────────────────────────────────────────────────────────────      │
│  Cloudflare Pages   25+ docs/guide/app sites (organizedai-vip, *-guide)     │
│  Cloudflare Workers + R2 / KV / D1                                          │
│  GitHub (via gh)    repo management, PRs, issues                        │
│                                                                             │
│  Tools used: wrangler · gh · docs-site-builder · github-docs-deploy         │
└─────────────────────────────────────────────────────────────────────────────┘

Diagram key

Seven peers form a flat WireGuard mesh — every device reaches every other device directly without hairpinning through a central gateway. The four Mac workstations are interchangeable: iCloud Drive replicates the Windsurf project tree, ~/.claude/, and ~/.codex/, so sitting down at any Mac loads the same skills, agents, MCP configs, and project state. pi5-dev is the always-on services hub — any Mac can curl its Ollama, Hermes, and Home Assistant endpoints. All deploy flows exit the mesh northbound into Cloudflare Pages/Workers and GitHub via wrangler and gh.

Tailnet banner Mac workstations Self / daily driver Services hub / cloud deploy Mobile Offline markers iCloud shared state

Tools

The CLI surface area available on every Mac in the mesh (and, for Pi-native tools, reachable from every Mac via Tailscale).

CLIs installed on the Mac workstations

Tool	Path	Purpose
`claude`	`~/.local/bin/claude`	Claude Code — the primary agentic dev CLI; loads skills/agents/MCPs from `~/.claude/`.
`codex`	`/opt/homebrew/bin/codex`	Codex CLI — secondary agent runtime; config synced via `~/.codex/`.
`wrangler`	`~/.npm-global/bin/wrangler`	Cloudflare deploy CLI — ships Pages sites and Workers.
`gh`	`/opt/homebrew/bin/gh`	GitHub CLI — repo create/clone, PRs, issues, releases.
`tailscale`	system	Mesh client · `tailscale status`, `tailscale ssh pi5-dev`.
`docker`	system	Local containers on Mac; Docker on pi5-dev hosts HA + Matter.
`node`	homebrew	Node.js 20 — runtime for `tsx`, `wrangler`, tooling.
`python3`	system	Python 3 — scripts, MCPs, audit tooling.

Mesh-accessible services on pi5-dev

Ollama — mesh LLM

Local inference hosted on pi5-dev. Any Mac in the mesh can hit it directly:

$ curl http://100.86.166.122:11434/api/tags
$ curl http://100.86.166.122:11434/api/generate \
    -d '{"model":"qwen3.5:4b","prompt":"hello"}'

Models: qwen3.5:4b (3.4GB chat) · nomic-embed-text (274MB embeddings).

Hermes gateway

hermes-gateway runs as a user systemd unit on pi5-dev and is reachable from every peer in the mesh. Bridges Home Assistant ↔ Hermes CLI ↔ voice pipeline.

Use ssh pi5 "journalctl --user -u hermes-gateway -n 50" to inspect live.

Mesh rule of thumb. If you can see pi5-dev in tailscale status, you can curl http://100.86.166.122:<port> for Ollama, Hermes, or any other service it exposes — no VPN setup, no port forwarding, no public DNS.

Skills & Agents

28 Claude Code skills, 6 agents, and 5 slash commands live in ~/.claude/ on macbook-pro-6. iCloud sync mirrors them to every other Mac. Grouped by theme below.

Deployment & docs

Ship a Cloudflare Pages site or GitHub docs page from a single prompt.

docs-site-builder github-docs-deploy cloudflare-webhook-handler /deploy

Project scaffolding

Bootstrap and plan new projects from a template, then drive a phased build.

phase-0-bootstrap phase-0-template phased-build phased-planning project-bootstrap organized-codebase-applicator /new-project

Skill authoring

Author, package, and install new skills into ~/.claude/skills/.

skill-creator skill-creator-enhanced tech-stack-orchestrator

Repo & workflow

Day-to-day repo ops, worktree parallelism, long-running session handoff.

git-worktree-master repo-manager repo-scout contribution-assessor changelog-tracker long-runner /status

Ad / tracking domain

The specialist skills that power the GTM / Google Ads / GHL work.

gads-conversion-flow gtm-debug-agent data-audit ghl-contact-processor

Browser / web

Headless browser automation for scraping, form-filling, QA.

agent-browser

Comms

Mesh-agnostic messaging integrations.

slack-assistant

Misc

Utility and workspace helpers that don't fit the other groups.

elephant openclaw-workspace-builder /add-tool /test-tool

Agents (`~/.claude/agents/`)

Delegate-to sub-agents invoked during Claude Code sessions.

auth-specialist google-api-expert google-hub-orchestrator master-orchestrator mcp-builder qa-tester

Full skill inventory (28)

agent-browser · changelog-tracker · cloudflare-webhook-handler · contribution-assessor · data-audit · docs-site-builder · elephant · gads-conversion-flow · ghl-contact-processor · git-worktree-master · github-docs-deploy · gtm-debug-agent · long-runner · openclaw-workspace-builder · organized-codebase-applicator · phase-0-bootstrap · phase-0-template · phased-build · phased-planning · project-bootstrap · repo-manager · repo-scout · skill-creator · skill-creator-enhanced · slack-assistant · tech-stack-orchestrator

iCloud propagation. Author a skill on macbook-pro-6, and within seconds it's usable on jordans-mac-mini, claws-mac-mini, and openclaws-mac-mini. The same goes for MCP config changes in ~/.claude/settings.json.

MCP Servers

14 MCP servers configured in ~/.claude/ — replicated across all Macs via iCloud.

Name	Purpose
`21st-dev`	21st.dev UI component / design MCP — custom, see user config.
`mcp-git-ingest`	Pull a GitHub repo into the session as structured context.
`repomix`	Pack a repo into a single file for LLM ingestion.
`pocket-pick`	Snippet / pocket picker — surfaces saved code fragments.
`BHT_server`	BHT Promo internal MCP — custom, see user config.
`docker-mcp`	Docker control: list/run/stop containers, inspect images.
`website-downloader`	Mirror a site to disk for offline ingestion.
`llm-context.py`	Local project-context extractor — custom Python MCP.
`graphlit-mcp-server`	Graphlit knowledge graph / RAG server.
`firecrawl-mcp-server`	Web scraping — map, crawl, extract, search via Firecrawl.
`consult7`	"Consult" multi-model planning MCP — custom, see user config.
`prod-ghl-mcp`	GoHighLevel production MCP — contacts, opportunities, conversations, blogs.
`MCP_DOCKER`	Docker-Desktop-integrated MCP (companion to `docker-mcp`).
`granola`	Granola meeting notes MCP.

Heads up. A few of these are custom/internal (21st-dev, BHT_server, llm-context.py, consult7) — exact capabilities depend on the user's local config.

Projects

113 project directories live under ~/Library/Mobile Documents/com~apple~CloudDocs/BHT Promo iCloud/Organized AI/Windsurf/. Shown below: the currently active stack, then the categorized structure.

Active now (top 14 by recent mtime)

gtm-autoresearch — Karpathy-style autonomous GTM container optimization loop. Two-tier model (Sonnet → Opus 4.6 at 0.92).
map-leads — mapping / lead-gen project.
Problem-Solved
organized-ai-marketplace
organizedai-vip — main site.
BLADE LinkedIn CAPI
Clawdbot Ready
Organized Codebase — template/standard.
Pi Agent For Clients
sharon-slides
Autoresearch Engine
phalanx-matcher
trending-watch
whop-clipping-agency

Categorized

Ad / tracking optimization

GTM, GA4, Meta CAPI, Google Ads, Triple Whale integrations.

gtm-autoresearch Fix Your Tracking BLADE LinkedIn CAPI GTM-Preview gtm-unified-monitor Launch Analytics meta-media-buyer mcp-google-ads gads-gtm-plugin bladeaudit 3-day-think-tank 3DTT Tracking amour-de-moi-tracking carevalidate-teleios GHL-to-TW ghl-triplewhale-integration

Agent frameworks / orchestration

Agent runners, hooks, claw-family tooling.

ClaudeClaw Clawdbot Ready clawbox ClawBox w Remote Control claw-deployment-wizard claude-skills-worth-using Claude Code Hooks Claude Code Optimizer cc-session-manager CC Usage

Infra / MCP servers

MCP server projects and platform integrations.

google-marketing-hub-mcp prod-ghl-mcp mcp-git-ingest docker-mcp ad-platform-change-monitor Apify Actor Plugin Watcher

Courses / content

Educational material and presentations.

Claude-Code-Mastery-Course ai-opportunities-presentation sharon-slides bht-enterprise-ai AI Development Meta-Framework

Autoresearch loops

Self-improving experiment harnesses.

Autoresearch Engine auto-research-engine gtm-autoresearch

Pi-related

Code that talks to or runs on pi5-dev.

Pi Agent For Clients Raspberry Pi 5

See pi5-setup-guide for the deployed stack.

Not exhaustive. These categories cover the notable projects; the Windsurf folder holds 113 directories in total. New work usually starts as a project-bootstrap under Windsurf, which means the new project is instantly available on every Mac in the mesh.

Workflows

Six recipes for the dev work the mesh enables. Each one leverages at least two of: shared dev state (iCloud), mesh-local services (pi5-dev), or cloud deploy (Cloudflare + GitHub).

1. Ship a new docs site

Draft content (markdown or a brief).
Invoke docs-site-builder or github-docs-deploy.
Skill produces a single-file HTML SPA (terminal aesthetic).
wrangler pages deploy ./out --project-name=<name>.
Cloudflare Pages URL returned; site is live.

This site was built with exactly this flow.

2. Start a new project

Run project-bootstrap skill on any Mac.
iCloud Drive mirrors it to every other Mac within seconds.
phased-planning drafts PHASE-X-PROMPT.md files.
phased-build executes phases with verification gates.
Each phase ends with a git commit.

3. Run an autoresearch loop

Edit program.md in gtm-autoresearch.
npx tsx scripts/run-gtm-loop.ts.
Sonnet explores candidate variants at low cost.
At eval score ≥ 0.92, escalate to Opus 4.6 (1M ctx).
Results append to DOCUMENTATION/loops/…/loop-results/.

4. Build / install a skill

Invoke skill-creator-enhanced with a one-liner brief.
Skill is packaged into ~/.claude/skills/<name>/SKILL.md.
iCloud replicates it to every Mac.
Next Claude Code session on any Mac has it available.

5. Reach pi5 services from any device

$ ssh pi5                         # Tailscale SSH
$ curl http://100.86.166.122:11434 # Ollama
$ curl http://100.86.166.122:8123  # Home Assistant
$ journalctl --user -u hermes-gateway -f

No VPN config, no port forwarding — the mesh handles it.

6. Orchestrate a remote agent task

Kick off with long-runner skill for multi-session work.
Or delegate to Paperclip on pi5-dev (Postgres-backed gateway).
Mac can sleep / power off; pi5-dev keeps running.
Rejoin from any other Mac via iCloud-synced state + Tailscale SSH.

Putting it together

The core pattern: shared dev state via iCloud means every Mac is interchangeable. Mesh-local services on pi5-dev provide always-on compute (Ollama, Paperclip, HA) without leaving the WireGuard boundary. Cloudflare + GitHub handle everything that needs to be public. The whole system is ACL-gated, agentic, and operated from a single prompt surface: claude.