Peter Steinberger
|
ac89350327
|
feat(apps): review durable approvals on mobile (#104913)
* feat(apps): Android, iPhone, and Watch approval clients
Squash-rebased #103912 segment onto the deep-links tip on current main.
Native approval surfaces: iOS approval presentation with gateway-switch
lease preservation and resolution fencing, watchOS inbox + approval
actions with shipped-shape payload codec, Android approval notices with
publication-tokened dismissal. Native i18n inventory regenerated.
(cherry picked from commit 428a76670ffeede54248b7bd7aa4438e2589851b)
(cherry picked from commit 80225d5707c3645eeea5435f266131037b50ede6)
(cherry picked from commit 2a23b714dc30d773a294aa45adc617e46b80732e)
(cherry picked from commit 9ff1153827769e2cbab7c11c153f0f8634662c28)
(cherry picked from commit 5b25723525bd562e5f97478af492f7b46ad30fd1)
(cherry picked from commit 8c80e8467b5fe89aad0d4c74a0573f1600ed3af9)
(cherry picked from commit ad4037bc9846bf6f082b41c129ee68aa344576c3)
(cherry picked from commit fdf767dd662cff3c8a5a6d571f38f153410651ca)
(cherry picked from commit 00c120376ffd992ea68ce29254a9bc0a25ed1740)
(cherry picked from commit f36a95213e)
(cherry picked from commit e2c25cbe2baacab44d21871d8cb6734704f065ac)
(cherry picked from commit 7c4fda519080486d341a9f4df36d63f9e24b1235)
(cherry picked from commit 1b3d4eda3dc5988012124597f9454ae21fb187a1)
(cherry picked from commit 2a60619722)
(cherry picked from commit 6f0c386567)
(cherry picked from commit 784a5857b7)
(cherry picked from commit cbf294e026841c9bc2799da0fc7db666a69c52db)
* fix(apps): harden approval reconciliation and watch states
|
2026-07-11 19:59:07 -07:00 |
|
Peter Steinberger
|
1f12e7fc87
|
fix(ios): replace dead-end discovered gateway connects (#103289)
* fix(ios): clarify insecure discovered gateways
* fix(ios): finish discovered gateway guidance
* fix(ios): preserve gateway failure expression
|
2026-07-10 05:08:58 +01:00 |
|
Josh Avant
|
6438c89f05
|
fix(mobile): clarify gateway connection security setup (#101325)
* fix(mobile): clarify gateway connection setup
* chore(i18n): sync native mobile strings
* fix(mobile): align manual gateway previews
* chore(i18n): refresh native source inventory
* chore(android): remove unused connect tab strings
* test(i18n): drop removed connect tab sentinel
* fix(ios): brand connection security picker labels
* fix(mobile): hide gateway endpoint previews
* chore(i18n): sync native source inventory
* fix(mobile): remove redundant TLS helper copy
|
2026-07-07 14:43:11 -05:00 |
|
PollyBot13
|
a320f775f0
|
fix(ios): defer QR pairing after scanner dismissal (#99572)
* fix(ios): defer QR pairing after scanner dismissal
* fix(ios): process QR pairing after scanner dismissal
* fix(ios): harden QR scanner handoff
* fix(ios): give QR scanner dismissal more time
* fix(ios): keep onboarding open for QR trust prompt
* fix(ios): keep QR trust prompt owned by onboarding
* fix(ios): recover operator pairing after QR bootstrap
* fix(ios): cancel stale QR scanner handoffs
Co-authored-by: PollyBot13 <pollybot13@gmail.com>
* fix(ios): defer QR setup until onboarding closes
* fix(ios): keep QR setup links with visible settings
* fix(ios): consume setup links during onboarding
* fix(ios): handle setup links during onboarding launch
* fix(ios): route setup links through active onboarding
* fix(ios): harden QR gateway handoff
* fix(ios): cancel superseded gateway attempts
* fix(ios): serialize scanner result delivery
* fix(ios): prevent stale gateway reconnects
* fix(ios): serialize gateway target handoff
* fix(ios): disable stale gateway relaunch route
* fix(ios): await staged bootstrap reset
* test(ios): bound gateway reset handoff
* fix(ios): preserve explicit gateway handoff
* fix(ios): harden gateway lifecycle ownership
* chore(ios): sync native i18n inventory
* test(ios): align gateway ownership assertions
* refactor(ios): remove superseded gateway helpers
* fix(ios): keep gateway auth route scoped
* fix(ios): restore gateway target review state
* fix(protocol): refresh Swift plugin approval model
* test(ios): isolate state directory overrides
* fix(ios): preserve watch alerts across gateway switches
* fix(ios): bind deferred work to gateway ownership
* docs(changelog): credit iOS gateway handoff fix
* chore(i18n): sync native app inventory
* test(ios): remove unused Watch approval hooks
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
|
2026-07-05 12:31:53 -07:00 |
|
Peter Steinberger
|
862de9f1a1
|
fix(pairing): advertise reachable Tailnet routes (#100317)
* fix(pairing): advertise reachable tailnet routes
* fix(pairing): satisfy native and SDK checks
* fix(ios): cancel stale pairing route probes
* test(pairing): document LAN-only Serve fallback
* fix(ios): preserve pairing result initializer
|
2026-07-05 07:43:43 -07:00 |
|
Josh Avant
|
0c7bac34ae
|
fix(ios): classify TLS fingerprint timeouts (#98429)
* fix(ios): classify gateway TLS fingerprint timeouts
* Add discovered TLS trust regression test
|
2026-07-01 01:06:13 -05:00 |
|
Sash Zats
|
233b48daaa
|
refactor: prune unused iOS code (#91996)
Prune unused iOS surfaces and regenerate the Xcode project. Add a scoped Periphery PR gate with hardened artifact handling and stale-status cleanup.
Co-authored-by: Sash Zats <sash@zats.io>
|
2026-06-15 02:07:15 -07:00 |
|
Nimrod Gutman
|
00a0858fd9
|
fix(ios): recover rotated gateway certificates
## Summary
- allow iOS to trust system-valid rotated gateway certificates
- rebuild active gateway sessions after replacing the stored TLS pin
- expose certificate trust recovery from gateway problem banners
## Verification
- swift test --filter 'GatewayErrorsTests|GatewayNodeSessionTests/changedSessionBoxRebuildsExistingGatewayChannel'
- xcodebuild build -scheme OpenClaw -destination 'platform=iOS,id=00008140-000848A92EE3001C'
- installed and launched OpenClaw on attached iPhone with devicectl
- verified iOS gateway log connected to wss://gutsy-home.tail06a72.ts.net:443 after trust/pairing recovery
|
2026-05-10 21:10:35 +03:00 |
|
Val Alexander
|
36df0d93b9
|
fix: repair iOS LAN pairing
Fix iOS LAN/setup-code pairing policy for #47887.
- Allow explicit private LAN and .local plaintext ws:// setup/manual connects where policy allows it.
- Keep public hosts, .ts.net, and Tailscale CGNAT plaintext fail-closed.
- Prefer explicit passwords over stale bootstrap tokens in Swift and TypeScript gateway clients.
- Update setup-code/device-pair coverage, docs, and changelog with source credit for #65185.
Verification:
- pnpm install
- git diff --check origin/main..HEAD
- pnpm exec oxfmt --check --threads=1 src/gateway/client.ts src/gateway/client.test.ts src/pairing/setup-code.ts src/pairing/setup-code.test.ts extensions/device-pair/index.ts extensions/device-pair/index.test.ts
- pnpm format:docs:check
- pnpm test src/gateway/client.test.ts src/pairing/setup-code.test.ts extensions/device-pair/index.test.ts
- cd apps/shared/OpenClawKit && swift test --filter 'DeepLinksSecurityTests|GatewayNodeSessionTests'
- pnpm lint:swift passes with the existing TalkModeRuntime.swift type-body-length warning
Blocked locally:
- iOS app-target xcodebuild tests require unavailable watchOS 26.4 runtime here.
- Testbox check:changed previously failed because the image lacks swiftlint; local swiftlint passes.
|
2026-05-05 21:07:19 -05:00 |
|
Nimrod Gutman
|
69fe999373
|
fix(pairing): restore qr bootstrap onboarding handoff (#58382) (thanks @ngutman)
* fix(pairing): restore qr bootstrap onboarding handoff
* fix(pairing): tighten bootstrap handoff follow-ups
* fix(pairing): migrate legacy gateway device auth
* fix(pairing): narrow qr bootstrap handoff scope
* fix(pairing): clear ios tls trust on onboarding reset
* fix(pairing): restore qr bootstrap onboarding handoff (#58382) (thanks @ngutman)
|
2026-03-31 21:11:35 +03:00 |
|
Peter Steinberger
|
8553d22428
|
refactor(tests): dedupe ios gateway and deeplink fixtures
|
2026-03-02 09:55:46 +00:00 |
|
Mariano Belinky
|
d06d8701fd
|
iOS: normalize watch quick actions and fix test signing
|
2026-02-24 15:16:11 +00:00 |
|
Mariano
|
fe3215092c
|
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (#22045)
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: ec952f0a80
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
|
2026-02-20 17:23:33 +00:00 |
|
Mariano
|
8fa46d709a
|
fix(ios): force tls for non-loopback manual gateway hosts (#21969)
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 9fb39f566e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
|
2026-02-20 16:28:47 +00:00 |
|
Peter Steinberger
|
054366dea4
|
fix(security): require explicit trust for first-time TLS pins
|
2026-02-14 17:55:20 +01:00 |
|
Peter Steinberger
|
d583782ee3
|
fix(security): harden discovery routing and TLS pins
|
2026-02-14 17:18:14 +01:00 |
|