Add LOB (Managed PKG) app deployment visibility via native MDM channel

Intune LOB apps deployed via Apple's native MDM InstallApplication command
are invisible in IntuneMDMDaemon logs. This adds monitoring by reading from
the macOS unified log, /var/log/install.log, and InstallHistory.plist.

New data pipeline:
- UnifiedLogReader: queries unified log via `log show --style json` with
  InstallApplication category predicate
- InstallLogParser: parses /var/log/install.log for install records
- InstallHistoryParser: parses InstallHistory.plist, detecting MDM installs
  via appstored process, mdmclient, and GUID-named installer entries
- LOBCorrelationEngine: merges all three sources into LOBAppEvent objects,
  grouping by MDM command UUID

New UI:
- Three-tab source selector: Agent Apps | LOB Apps | All Apps
- LOBSidebarView: event list with status/search filtering
- LOBDetailView: lifecycle timeline, receipt info, combined log view
- DeploymentLifecycleView: visual MDM Command > Download > Install > Verify
- AllAppsOverviewView: combined timeline of both channels
- Channel badges on all policy rows (Agent vs Managed LOB)

Existing changes:
- Models.swift: DeploymentChannel enum, deploymentChannel on PolicyExecution
- LogParser.swift: removed AppPolicyResultsReporter filter, added channel
- ClipLibrary.swift: deploymentChannel in snapshot persistence
- ViewController.swift: source selector, LOB engine, conditional rendering

Resolves #34

Author: houstontxguy

IntuneLogWatch.xcodeproj/project.pbxproj

@@ -106,6 +106,7 @@
 		1B35FC812EDD379500F4EE46 /* Exceptions for "IntuneLogWatch" folder in "IntuneLogWatchQuickLook" target */ = {
 			isa = PBXFileSystemSynchronizedBuildFileExceptionSet;
 			membershipExceptions = (
+				AllAppsOverviewView.swift,
 				AllLogEntriesView.swift,
 				AppIconHelper.swift,
 				AppIconProvider.swift,
@@ -115,18 +116,27 @@
 				CertificateInspector.swift,
 				ClipLibrary.swift,
 				ClipLibraryView.swift,
+				DeploymentLifecycleView.swift,
 				ErrorCodeDetailView.swift,
 				ErrorCodesReferenceViewSimple.swift,
+				InstallHistoryParser.swift,
+				InstallLogParser.swift,
 				IntuneErrorCodes.swift,
 				IntuneLogWatchApp.swift,
+				LOBCorrelationEngine.swift,
+				LOBDetailView.swift,
+				LOBModels.swift,
+				LOBSidebarView.swift,
 				LogEntryDetailView.swift,
 				LogParser.swift,
+				LogSourceSelector.swift,
 				Models.swift,
 				PackageInspectorHelper.swift,
 				PolicyDetailView.swift,
 				PolicyExportHelper.swift,
 				SyncEventDetailView.swift,
 				TooltipView.swift,
+				UnifiedLogReader.swift,
 				ViewController.swift,
 			);
 			target = 1B35FC5B2EDD0A0200F4EE46 /* IntuneLogWatchQuickLook */;

IntuneLogWatch/AllAppsOverviewView.swift

@@ -0,0 +1,242 @@
+//
+//  AllAppsOverviewView.swift
+//  IntuneLogWatch
+//
+//  Combined view showing both LOB and Agent-deployed apps in a unified timeline.
+//
+
+import SwiftUI
+
+struct AllAppsOverviewView: View {
+    let agentAnalysis: LogAnalysis?
+    let lobAnalysis: LOBAnalysis?
+    @State private var searchText = ""
+
+    var body: some View {
+        VStack(spacing: 0) {
+            overviewHeader
+            Divider()
+
+            if combinedEntries.isEmpty {
+                emptyState
+            } else {
+                searchBar
+                entryList
+            }
+        }
+    }
+
+    // MARK: - Header
+
+    private var overviewHeader: some View {
+        VStack(alignment: .leading, spacing: 8) {
+            HStack {
+                Image(systemName: "apps.iphone.badge.plus")
+                    .foregroundColor(.blue)
+                Text("All App Deployments")
+                    .font(.title3)
+                    .fontWeight(.semibold)
+                Spacer()
+            }
+
+            HStack(spacing: 24) {
+                if let agent = agentAnalysis {
+                    let appPolicies = agent.syncEvents.flatMap { $0.policies }.filter { $0.type == .app }
+                    VStack(spacing: 2) {
+                        HStack(spacing: 4) {
+                            ChannelBadge(channel: .agent)
+                            Text("\(appPolicies.count)")
+                                .fontWeight(.semibold)
+                        }
+                        Text("Agent Apps")
+                            .font(.caption2)
+                            .foregroundColor(.secondary)
+                    }
+                }
+
+                if let lob = lobAnalysis {
+                    VStack(spacing: 2) {
+                        HStack(spacing: 4) {
+                            ChannelBadge(channel: .managedLOB)
+                            Text("\(lob.totalEvents)")
+                                .fontWeight(.semibold)
+                        }
+                        Text("LOB Apps")
+                            .font(.caption2)
+                            .foregroundColor(.secondary)
+                    }
+                }
+
+                Spacer()
+            }
+        }
+        .padding()
+        .background(Color(NSColor.controlBackgroundColor))
+    }
+
+    // MARK: - Search
+
+    private var searchBar: some View {
+        TextField("Search all apps...", text: $searchText)
+            .textFieldStyle(RoundedBorderTextFieldStyle())
+            .padding(.horizontal)
+            .padding(.vertical, 8)
+    }
+
+    // MARK: - Entry List
+
+    private var combinedEntries: [AllAppEntry] {
+        var entries: [AllAppEntry] = []
+
+        // Add agent app policies
+        if let agent = agentAnalysis {
+            for syncEvent in agent.syncEvents {
+                for policy in syncEvent.policies where policy.type == .app {
+                    entries.append(AllAppEntry(
+                        id: policy.id,
+                        name: policy.displayName,
+                        channel: .agent,
+                        status: policy.status.displayName,
+                        statusColor: agentStatusColor(policy.status),
+                        timestamp: policy.startTime ?? syncEvent.startTime,
+                        detail: [policy.appType, policy.appIntent].compactMap { $0 }.joined(separator: " / "),
+                        bundleId: policy.bundleId
+                    ))
+                }
+            }
+        }
+
+        // Add LOB events
+        if let lob = lobAnalysis {
+            for event in lob.events {
+                entries.append(AllAppEntry(
+                    id: event.id,
+                    name: event.displayName,
+                    channel: .managedLOB,
+                    status: event.status.displayName,
+                    statusColor: lobStatusColor(event.status),
+                    timestamp: event.timestamp,
+                    detail: event.packageVersion.map { "v\($0)" },
+                    bundleId: event.packageId
+                ))
+            }
+        }
+
+        // Sort by timestamp (newest first)
+        entries.sort { $0.timestamp > $1.timestamp }
+
+        // Filter
+        if !searchText.isEmpty {
+            entries = entries.filter {
+                $0.name.localizedCaseInsensitiveContains(searchText) ||
+                ($0.bundleId?.localizedCaseInsensitiveContains(searchText) ?? false) ||
+                ($0.detail?.localizedCaseInsensitiveContains(searchText) ?? false)
+            }
+        }
+
+        return entries
+    }
+
+    private var entryList: some View {
+        List(combinedEntries) { entry in
+            HStack {
+                ChannelBadge(channel: entry.channel)
+
+                VStack(alignment: .leading, spacing: 2) {
+                    Text(entry.name)
+                        .font(.headline)
+                        .lineLimit(1)
+                    if let bundleId = entry.bundleId {
+                        Text(bundleId)
+                            .font(.caption)
+                            .foregroundColor(.secondary)
+                            .lineLimit(1)
+                    }
+                }
+
+                Spacer()
+
+                if let detail = entry.detail {
+                    Text(detail)
+                        .font(.caption)
+                        .foregroundColor(.secondary)
+                }
+
+                Text(entry.status)
+                    .font(.caption2)
+                    .padding(.horizontal, 6)
+                    .padding(.vertical, 2)
+                    .background(entry.statusColor.opacity(0.2))
+                    .foregroundColor(entry.statusColor)
+                    .cornerRadius(4)
+
+                Text(formatDateTime(entry.timestamp))
+                    .font(.caption)
+                    .foregroundColor(.secondary)
+            }
+            .padding(.vertical, 2)
+        }
+    }
+
+    // MARK: - Empty State
+
+    private var emptyState: some View {
+        VStack(spacing: 12) {
+            Spacer()
+            Image(systemName: "apps.iphone")
+                .font(.system(size: 40))
+                .foregroundColor(.secondary)
+            Text("No App Deployments Found")
+                .font(.headline)
+                .foregroundColor(.secondary)
+            Text("Load Agent logs and/or LOB data to see a combined view of all app deployments.")
+                .font(.caption)
+                .foregroundColor(.secondary)
+                .multilineTextAlignment(.center)
+            Spacer()
+        }
+        .padding()
+    }
+
+    // MARK: - Helpers
+
+    private func agentStatusColor(_ status: PolicyStatus) -> Color {
+        switch status {
+        case .completed: return .green
+        case .failed: return .red
+        case .warning: return .orange
+        case .running: return .blue
+        case .pending: return .secondary
+        }
+    }
+
+    private func lobStatusColor(_ status: LOBDeploymentStatus) -> Color {
+        switch status {
+        case .completed: return .green
+        case .failed: return .red
+        case .installing, .downloading: return .blue
+        case .pending: return .orange
+        case .unknown: return .secondary
+        }
+    }
+
+    private func formatDateTime(_ date: Date) -> String {
+        let formatter = DateFormatter()
+        formatter.dateStyle = .short
+        formatter.timeStyle = .short
+        return formatter.string(from: date)
+    }
+}
+
+// MARK: - All App Entry Model
+
+struct AllAppEntry: Identifiable {
+    let id: UUID
+    let name: String
+    let channel: DeploymentChannel
+    let status: String
+    let statusColor: Color
+    let timestamp: Date
+    let detail: String?
+    let bundleId: String?
+}

IntuneLogWatch/ClipLibrary.swift

@@ -62,6 +62,7 @@ struct PolicyExecutionSnapshot: Codable, Hashable {
     let scriptType: String?
     let executionContext: String?
     let healthDomain: String?
+    let deploymentChannel: String?
 
     init(from policy: PolicyExecution) {
         self.policyId = policy.policyId
@@ -83,6 +84,7 @@ struct PolicyExecutionSnapshot: Codable, Hashable {
         self.scriptType = policy.scriptType
         self.executionContext = policy.executionContext
         self.healthDomain = policy.healthDomain
+        self.deploymentChannel = policy.deploymentChannel.rawValue
     }
 
     // Convert back to PolicyExecution for viewing
@@ -97,6 +99,7 @@ struct PolicyExecutionSnapshot: Codable, Hashable {
             scriptType: scriptType,
             executionContext: executionContext,
             healthDomain: healthDomain,
+            deploymentChannel: DeploymentChannel(rawValue: deploymentChannel ?? "Agent") ?? .agent,
             status: status.toPolicyStatus(),
             startTime: startTime,
             endTime: endTime,