Peter Steinberger
7303f42917
fix(macos): fail fast during node lifecycle cleanup ( #105282 )
2026-07-12 11:41:21 +01:00
Peter Steinberger
ba9a04580b
fix(macos): unblock node transport reconnects ( #105091 )
...
* fix(macos): unblock node transport reconnects
* chore(macos): leave release notes to release flow
2026-07-12 08:17:59 +01:00
Peter Steinberger
ac89350327
feat(apps): review durable approvals on mobile ( #104913 )
...
* feat(apps): Android, iPhone, and Watch approval clients
Squash-rebased #103912 segment onto the deep-links tip on current main.
Native approval surfaces: iOS approval presentation with gateway-switch
lease preservation and resolution fencing, watchOS inbox + approval
actions with shipped-shape payload codec, Android approval notices with
publication-tokened dismissal. Native i18n inventory regenerated.
(cherry picked from commit 428a76670ffeede54248b7bd7aa4438e2589851b)
(cherry picked from commit 80225d5707c3645eeea5435f266131037b50ede6)
(cherry picked from commit 2a23b714dc30d773a294aa45adc617e46b80732e)
(cherry picked from commit 9ff1153827769e2cbab7c11c153f0f8634662c28)
(cherry picked from commit 5b25723525bd562e5f97478af492f7b46ad30fd1)
(cherry picked from commit 8c80e8467b5fe89aad0d4c74a0573f1600ed3af9)
(cherry picked from commit ad4037bc9846bf6f082b41c129ee68aa344576c3)
(cherry picked from commit fdf767dd662cff3c8a5a6d571f38f153410651ca)
(cherry picked from commit 00c120376ffd992ea68ce29254a9bc0a25ed1740)
(cherry picked from commit f36a95213e )
(cherry picked from commit e2c25cbe2baacab44d21871d8cb6734704f065ac)
(cherry picked from commit 7c4fda519080486d341a9f4df36d63f9e24b1235)
(cherry picked from commit 1b3d4eda3dc5988012124597f9454ae21fb187a1)
(cherry picked from commit 2a60619722 )
(cherry picked from commit 6f0c386567 )
(cherry picked from commit 784a5857b7 )
(cherry picked from commit cbf294e026841c9bc2799da0fc7db666a69c52db)
* fix(apps): harden approval reconciliation and watch states
2026-07-11 19:59:07 -07:00
Peter Steinberger
e0e67abfa9
fix: cancel expired macOS node approvals ( #104302 )
...
* fix: cancel expired macOS node approvals
* chore: keep node approval fix out of release notes
2026-07-11 01:25:36 -07:00
NianJiu
067edbcb2d
fix(ios): make Talk audio lifecycle-safe ( #103072 )
...
* fix(ios): cancel queued push-to-talk invokes
* fix(ios): make push-to-talk cancellation lifecycle-safe
* style(ios): use switch expression for PTT result
* fix(ios): bind audio capture to lifecycle owners
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
* style(ios): format rebased lifecycle changes
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
* fix(ios): preserve routing hydration across reconnects
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
* fix(ios): cancel routing hydration on target switch
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
* chore(ios): refresh native i18n inventory
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
* fix(i18n): preserve native localization IDs
* chore: leave changelog to release automation
* refactor(apple): split lifecycle and gateway helpers
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
* fix(ios): make lifecycle parsing nonisolated
* fix(ios): consume canonical Talk events
---------
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 15:03:40 +01:00
Peter Steinberger
62bd760c0e
chore(swift): enforce current formatting and lint rules ( #103313 )
...
* style: apply SwiftFormat 0.62.1 rules
Refs #103202
* ci: enforce deterministic Swift lint
Refs #103202
* refactor: keep gateway connect lint-clean
Refs #103202
* style: keep iOS typography checks warning-free
* ci: route MLX Swift changes through pre-push
* fix: preserve native i18n extraction after Swift cleanup
* refactor: keep rebased Swift surfaces lint-clean
* style: format latest Swift additions
* chore: refresh native i18n inventory
* style: keep generated Swift formatter-clean
* fix: preserve node route invalidation callbacks
* fix: keep native translation IDs stable
* fix: retain native translation identifiers
* fix: preserve translations across Swift source moves
2026-07-10 11:54:08 +01:00
Peter Steinberger
461772868d
fix(computer): prevent stale, replayed, and post-cancel desktop actions ( #103422 )
...
* fix(ai): preserve streamed tool-call identity
* fix(computer): bind actions to current tool authority
* fix(macos): serialize computer control lifecycle
* docs(computer): document hardened control contract
* chore: follow release-owned changelog policy
* test(agents): cover node list cancellation
2026-07-10 06:47:56 +01:00
Peter Steinberger
54f45a950b
feat(watchos): connect directly to Gateway as a node ( #102893 )
...
* feat(watchos): add direct gateway node
* docs: refresh watch node docs map
* chore: leave release notes to release workflow
* chore(ios): refresh native localization inventory
* fix(watchos): keep direct node policy bounded
2026-07-09 15:53:02 +01:00
Peter Steinberger
b5f67ac4c7
fix(shared): skip app-group identity migration when OPENCLAW_STATE_DIR is overridden ( #101779 )
...
* fix(shared): skip app-group identity migration when OPENCLAW_STATE_DIR is overridden
An unentitled process (mac app, swift test runners) with a fresh state dir
imported the machine's real app-group device identity and auth tokens into
any explicitly overridden state dir, violating the documented legacy-fallback
contract. On developer Macs this leaked real operator/node device tokens into
per-test temp state dirs, breaking the nil-token expectations in
GatewayNodeSessionTests (non bootstrap hello / untrusted bootstrap hello)
for local swift test runs while clean CI passed.
Migration now requires no OPENCLAW_STATE_DIR override, with a regression
test. StateDirectoryIsolationTrait owns per-test state-dir pinning (fresh
temp dir per gated test, env restored to launch value or a run-scoped
quarantine dir, never unset), replacing the hand-rolled setenv/defer
boilerplate in every gated test.
* test(shared): remove redundant throws annotations
2026-07-07 18:48:21 +01:00
Peter Steinberger
06789ca4c2
fix(ios): keep offline chat sends on their original route ( #100942 )
2026-07-06 17:53:05 +01:00
Peter Steinberger
7853aa35a4
feat(ios): per-gateway custom headers for gateways behind authenticating proxies ( #100768 )
...
* feat(ios): support per-gateway custom headers for proxied gateway connections
Per-gateway custom request headers (Cloudflare Access-style service tokens)
for gateways behind authenticating reverse proxies. Headers are credentials:
Keychain-stored per gateway stableID, masked in settings UI, injected on the
WebSocket upgrade at connect time via a provider so edits apply on the next
reconnect without re-pairing. Reserved handshake headers and control chars
are sanitized out. TLS pinning and pairing flows unchanged. Push relay and
other non-gateway destinations proven header-free by regression test.
Related: #100698
* chore(ios): sync native i18n inventory for custom header strings
* fix(ios): harden gateway custom headers
* chore(ios): resync native i18n inventory
* fix(ios): validate custom header names
2026-07-06 17:17:07 +01:00
Peter Steinberger
8af88e2fcc
fix(tests): restore shared-kit test module compilation after NSNull coalesce ( #100903 )
2026-07-06 14:56:34 +01:00
Vincent Koc
8b86645f5c
fix(macos): keep node invokes responsive during system.run ( #100842 )
...
* fix(macos): keep app node connected after system.run invoke
* fix(macos): document node invoke receive isolation
---------
Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
2026-07-06 05:06:34 -07:00
Ben.Li
b170c08e6d
fix(ios): reject loopback-prefix hosts for auth retry ( #99859 )
...
* fix(ios): require parsed loopback hosts for auth retry
* fix(ios): narrow device token retry loopback trust
* test(ios): cover trusted auth retry hosts
* docs(changelog): position iOS auth retry fix
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-06 02:05:21 +01:00
PollyBot13
a320f775f0
fix(ios): defer QR pairing after scanner dismissal ( #99572 )
...
* fix(ios): defer QR pairing after scanner dismissal
* fix(ios): process QR pairing after scanner dismissal
* fix(ios): harden QR scanner handoff
* fix(ios): give QR scanner dismissal more time
* fix(ios): keep onboarding open for QR trust prompt
* fix(ios): keep QR trust prompt owned by onboarding
* fix(ios): recover operator pairing after QR bootstrap
* fix(ios): cancel stale QR scanner handoffs
Co-authored-by: PollyBot13 <pollybot13@gmail.com >
* fix(ios): defer QR setup until onboarding closes
* fix(ios): keep QR setup links with visible settings
* fix(ios): consume setup links during onboarding
* fix(ios): handle setup links during onboarding launch
* fix(ios): route setup links through active onboarding
* fix(ios): harden QR gateway handoff
* fix(ios): cancel superseded gateway attempts
* fix(ios): serialize scanner result delivery
* fix(ios): prevent stale gateway reconnects
* fix(ios): serialize gateway target handoff
* fix(ios): disable stale gateway relaunch route
* fix(ios): await staged bootstrap reset
* test(ios): bound gateway reset handoff
* fix(ios): preserve explicit gateway handoff
* fix(ios): harden gateway lifecycle ownership
* chore(ios): sync native i18n inventory
* test(ios): align gateway ownership assertions
* refactor(ios): remove superseded gateway helpers
* fix(ios): keep gateway auth route scoped
* fix(ios): restore gateway target review state
* fix(protocol): refresh Swift plugin approval model
* test(ios): isolate state directory overrides
* fix(ios): preserve watch alerts across gateway switches
* fix(ios): bind deferred work to gateway ownership
* docs(changelog): credit iOS gateway handoff fix
* chore(i18n): sync native app inventory
* test(ios): remove unused Watch approval hooks
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-05 12:31:53 -07:00
Peter Steinberger
6df0fb818d
feat: add session thread management ( #98510 )
...
* feat: add session thread management
Squash of codex/thread-management (025aefc3ad1) onto origin/main:
pin/archive/rename sessions via sessions.patch, archived-aware
sessions.list, lifecycle fencing, read-only archived chat, SDK +
Swift protocol support, Control UI session management.
* refactor(ui): minimal session rows with hover-revealed management
Chat picker and sidebar recents share session-row primitives: single-line
rows, relative timestamps, rename/archive/pin revealed on hover or focus,
accent pin badge for pinned rows, and an active-run spinner in the trail
slot. Sidebar floats pinned sessions above recency via the shared
comparator and gains archive/pin actions through the unified sessions-view
patch fallback. Archive eligibility is one shared policy
(canArchiveSessionRow); the sidebar/picker active-run tooltip now uses the
real sessionsView.activeRun locale key.
* fix: align session admission with mailbox-era main
Integration fixes after rebasing onto current main: sessions_list mailbox
test expectations learn the archived/pinned row fields and archived:false
list param; gateway agent admission treats a session as deleted only when
both the requested and canonical alias sets miss it (legacy bare-main
stores and exec-approval followups read under different spellings); cron
persist tests keep a consistent store across claim-guarded persist calls;
the ACP abort hook test asserts abort propagation instead of signal
identity; drop dead lifecycle writes flagged by no-useless-assignment and
fix the promise-executor return in the codex compact test.
* fix(qa): align UI e2e and shard fixtures with redesigned session rows
Sidebar session rows are wrapper divs with an inner link now: update the
navigation browser tests and chat-flow Playwright selectors. Seed a real
per-test session store for the auto-fallback admission guard instead of
depending on leftover host files at /tmp/sessions.json. Teach the
test-projects routing fixture about the suites that newly import the
shared temp-dir helper. Document the Codex thread-format contract for
archivedAt/pinnedAt (flag derived from server-stamped timestamp, epoch ms
here vs Codex epoch seconds) at the type and in the session docs.
* test: route auto-fallback suite through temp-dir helper plans
The auto-fallback suite now imports the shared temp-dir helper for its
seeded session store, so the top-level helper routing fixture must list
it in the auto-reply plan.
2026-07-04 14:30:47 -04:00
ooiuuii
155c2f4e7e
fix: keep iOS LAN QR pairing authenticated after bootstrap ( #98066 )
...
* Persist iOS LAN bootstrap handoff tokens
* test: cover iOS LAN bootstrap reconnect auth
* test(ios): consolidate LAN bootstrap reconnect proof
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-02 14:13:19 -07:00
Josh Avant
ad59492d3c
fix: show actionable mobile protocol mismatch recovery ( #98385 )
...
* Fix mobile protocol mismatch recovery
* Test iOS protocol mismatch connect failures
* Fix iOS protocol mismatch problem actions
2026-07-01 00:11:03 -05:00
joshavant
f13dc76ba1
fix ios share extension device identity
2026-06-19 14:16:48 +02:00
Nimrod Gutman
b352cb2d8e
fix(ios): guard websocket ping continuation ( #88231 )
...
Merged via squash.
Prepared head SHA: b4cee97b8a
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Reviewed-by: @ngutman
2026-05-30 07:56:34 +03:00
Nimrod Gutman
9ca52ce3d9
[codex] improve iOS realtime talk mode ( #86355 )
...
Merged via squash.
Prepared head SHA: 3f5aedb265
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Reviewed-by: @ngutman
2026-05-25 13:27:37 +03:00
Nimrod Gutman
94d8391c03
[codex] restore QR bootstrap operator handoff ( #83684 )
...
Merged via squash.
Prepared head SHA: 2dc955cfb7
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Reviewed-by: @ngutman
2026-05-19 20:59:09 +03:00
Nimrod Gutman
00a0858fd9
fix(ios): recover rotated gateway certificates
...
## Summary
- allow iOS to trust system-valid rotated gateway certificates
- rebuild active gateway sessions after replacing the stored TLS pin
- expose certificate trust recovery from gateway problem banners
## Verification
- swift test --filter 'GatewayErrorsTests|GatewayNodeSessionTests/changedSessionBoxRebuildsExistingGatewayChannel'
- xcodebuild build -scheme OpenClaw -destination 'platform=iOS,id=00008140-000848A92EE3001C'
- installed and launched OpenClaw on attached iPhone with devicectl
- verified iOS gateway log connected to wss://gutsy-home.tail06a72.ts.net:443 after trust/pairing recovery
2026-05-10 21:10:35 +03:00
Val Alexander
36df0d93b9
fix: repair iOS LAN pairing
...
Fix iOS LAN/setup-code pairing policy for #47887 .
- Allow explicit private LAN and .local plaintext ws:// setup/manual connects where policy allows it.
- Keep public hosts, .ts.net, and Tailscale CGNAT plaintext fail-closed.
- Prefer explicit passwords over stale bootstrap tokens in Swift and TypeScript gateway clients.
- Update setup-code/device-pair coverage, docs, and changelog with source credit for #65185 .
Verification:
- pnpm install
- git diff --check origin/main..HEAD
- pnpm exec oxfmt --check --threads=1 src/gateway/client.ts src/gateway/client.test.ts src/pairing/setup-code.ts src/pairing/setup-code.test.ts extensions/device-pair/index.ts extensions/device-pair/index.test.ts
- pnpm format:docs:check
- pnpm test src/gateway/client.test.ts src/pairing/setup-code.test.ts extensions/device-pair/index.test.ts
- cd apps/shared/OpenClawKit && swift test --filter 'DeepLinksSecurityTests|GatewayNodeSessionTests'
- pnpm lint:swift passes with the existing TalkModeRuntime.swift type-body-length warning
Blocked locally:
- iOS app-target xcodebuild tests require unavailable watchOS 26.4 runtime here.
- Testbox check:changed previously failed because the image lacks swiftlint; local swiftlint passes.
2026-05-05 21:07:19 -05:00
Peter Steinberger
8db21cdcde
chore: update app Swift package releases
2026-04-28 02:28:05 +01:00
Peter Steinberger
7d22a16adb
fix: bound bootstrap handoff token scopes
2026-04-04 22:29:52 +09:00
Peter Steinberger
20266ff7dd
fix: preserve mobile bootstrap auth fallback ( #60238 ) (thanks @ngutman)
2026-04-04 15:57:38 +09:00
Nimrod Gutman
226ca1f324
fix(auth): address qr bootstrap review feedback
2026-04-04 15:57:38 +09:00
Nimrod Gutman
a9140abea6
fix(auth): hand off qr bootstrap to bounded device tokens
2026-04-04 15:57:38 +09:00
Val Alexander
2fd372836e
iOS: improve QR pairing flow ( #51359 )
...
- improve QR pairing UX and bootstrap token handling
- preserve repeated optimistic user messages during refresh
- add regression coverage for refresh reconciliation
Thanks @ImLukeF
2026-03-21 01:10:29 -05:00
Peter Steinberger
bf89947a8e
fix: switch pairing setup codes to bootstrap tokens
2026-03-12 22:23:07 +00:00
Mariano
abb8f63107
iOS: auto-load the scoped gateway canvas with safe fallback ( #40282 )
...
Merged via squash.
- mb-server validation: `swift test --package-path apps/shared/OpenClawKit --filter GatewayNodeSessionTests`
- mb-server validation: `pnpm build`
- Scope note: top-level `RootTabs` shell change was intentionally removed from this PR before merge
2026-03-08 22:47:39 +01:00
Peter Steinberger
7d44b753ff
refactor(tests): dedupe openclawkit chat test helpers
2026-03-02 09:55:46 +00:00
Peter Steinberger
fd7774a79e
refactor(tests): dedupe swift gateway and chat fixtures
2026-03-02 09:39:45 +00:00
Mariano
e98ccc8e17
iOS/Gateway: stabilize background wake and reconnect behavior ( #21226 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7705a7741e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-02-19 20:20:28 +00:00
Mariano
42d11a3ec5
iOS: auto-resync chat after reconnect gaps ( #21135 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 1beca3a76d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-02-19 18:37:13 +00:00
Peter Steinberger
9a7160786a
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00