Native Apps

One-line summary

Three native client apps (macOS, iOS, Android) act as thin node clients that expose device capabilities (camera, microphone, screen, location, contacts, etc.) to the Gateway over WebSocket, while providing a local chat UI and voice interaction.

Responsibilities

Connect to the Gateway over WebSocket with Ed25519 device authentication and TLS certificate pinning
Advertise device capabilities (camera, screen, location, voice, contacts, calendar, etc.) to the Gateway
Execute Gateway-invoked commands (camera.snap, location.get, screen.record, canvas.navigate, etc.)
Provide local chat interface with streaming responses and markdown rendering
Support voice interaction: wake word detection and push-to-talk
Display the A2UI canvas via embedded WebView with JavaScript bridge

Architecture diagram

Key source files

Shared (Apple platforms)

File	Role
`apps/shared/OpenClawKit/`	Shared Swift package: Protocol, session management, device identity, command definitions, A2UI
`apps/shared/OpenClawChatUI/`	Shared chat UI: ChatViewModel, ChatView, ChatTransport protocol, Markdown rendering
`apps/shared/OpenClawProtocol/`	Protocol models: GatewayModels, AnyCodable for JSON handling

macOS

File	Role
`apps/macos/Sources/AppState.swift`	Global state: `@Observable` singleton managing connection, settings, capabilities
`apps/macos/Sources/CanvasWindowController.swift`	Canvas window: WKWebView management, A2UI bridge, file watching
`apps/macos/Sources/VoiceWakeRuntime.swift`	Voice wake: Configurable trigger words ("Claude", "Computer", "Jarvis"), SwabbleKit engine
`apps/macos/Sources/ExecApprovalsGatewayPrompter.swift`	Exec approvals: Operator approval prompts for tool execution
`apps/macos/Package.swift`	Dependencies: OpenClawKit, Sparkle 2.8, MenuBarExtraAccess, swift-subprocess

iOS

File	Role
`apps/ios/Sources/OpenClawApp.swift`	Entry point: SwiftUI `@main`, AppDelegate for push notifications + background tasks
`apps/ios/Sources/GatewayConnectionController.swift`	Connection: Bonjour/mDNS discovery, TLS pinning, WebSocket lifecycle
`apps/ios/Sources/IOSGatewayChatTransport.swift`	Chat transport: `chat.send`, `chat.history`, event subscriptions
`apps/ios/Sources/CanvasController.swift`	Canvas: WKWebView with JavaScript bridge for A2UI
`apps/ios/Sources/VoiceWakeManager.swift`	Voice wake: Speech framework, wake word detection

Android

File	Role
`apps/android/.../MainActivity.kt`	Entry point: Single `ComponentActivity` with Jetpack Compose
`apps/android/.../NodeApp.kt`	Application: Initializes `NodeRuntime`
`apps/android/.../NodeRuntime.kt`	Core runtime: GatewaySession, ChatController, voice, camera, screen, location handlers
`apps/android/.../GatewaySession.kt`	WebSocket: OkHttp WebSocket, protocol v3, auto-reconnect (350ms * 1.7^n, max 8s)
`apps/android/.../InvokeDispatcher.kt`	Command router: Routes Gateway invokes to platform handlers with permission/foreground checks
`apps/android/.../DeviceIdentityStore.kt`	Device identity: Ed25519 key pair in encrypted SharedPreferences

WebSocket protocol (shared across all platforms)

Protocol version

All apps use protocol v3 (min=3, max=3).

Connect handshake

1. Client opens WebSocket to ws://host:port or wss://host:port
2. Server sends { type: "event", event: "connect.challenge", payload: { nonce } }
3. Client constructs signature payload:
   "v2|deviceId|clientId|clientMode|role|scopes|signedAtMs|token|nonce"
4. Client signs with Ed25519 private key
5. Client sends "connect" RPC with:
   {
     proto: { min: 3, max: 3 },
     client: { id, displayName, version, platform, mode },
     caps: ["canvas", "camera", "screen", "voiceWake", "location", ...],
     commands: [...list of supported commands...],
     permissions: { camera, microphone, location, ... },
     role: "node",
     auth: { device: { deviceId, publicKey, signedAtMs, signature, token } }
   }
6. Server responds with:
   {
     ok: true,
     server: { host },
     auth: { deviceToken },
     canvasHostUrl,
     snapshot: { sessionDefaults: { mainSessionKey } }
   }

Node invoke flow

Gateway → Client:
  { type: "event", event: "node.invoke.request",
    payload: { invokeId, command, params } }

Client executes command (e.g., camera.snap, location.get)

Client → Gateway:
  { type: "req", method: "node.invoke.result",
    params: { invokeId, result: {...} } }
  OR
  { type: "req", method: "node.invoke.result",
    params: { invokeId, error: { code, message } } }

Device capabilities by platform

Capability	iOS	Android	macOS
`canvas`	WKWebView	Android WebView	WKWebView
`camera`	AVFoundation	CameraX	-
`screen`	ReplayKit	MediaProjection	-
`location`	CoreLocation	FusedLocation	-
`voiceWake`	Speech framework	Android SpeechRecognizer	SwabbleKit
`device`	UIDevice info	Build info	-
`contacts`	Contacts framework	-	-
`calendar`	EventKit	-	-
`reminders`	EventKit	-	-
`photos`	Photos framework	-	-
`watch`	WatchConnectivity	-	-
`sms`	-	SmsManager	-

Node commands by platform

Command	iOS	Android	macOS
`canvas.present` / `canvas.hide`	Yes	Yes	Yes
`canvas.navigate` / `canvas.evalJS`	Yes	Yes	Yes
`canvas.a2ui.push` / `a2ui.reset`	Yes	Yes	Yes
`canvas.snapshot`	Yes	Yes	Yes
`camera.snap` / `camera.clip`	Yes	Yes	-
`screen.record`	Yes	Yes	-
`location.get`	Yes	Yes	-
`system.notify`	Yes	-	-
`chat.push`	Yes	-	-
`talk.pttStart` / `pttStop`	Yes	Yes	Yes
`contacts.search` / `contacts.add`	Yes	-	-
`calendar.events` / `calendar.add`	Yes	-	-
`reminders.list` / `reminders.add`	Yes	-	-
`photos.latest`	Yes	-	-
`watch.status` / `watch.notify`	Yes	-	-
`motion.activity` / `motion.pedometer`	Yes	-	-
`device.status` / `device.info`	Yes	Yes	-
`sms.send`	-	Yes	-

Platform differences

Aspect	iOS	Android	macOS
Language	Swift 6	Kotlin	Swift 6
UI Framework	SwiftUI	Jetpack Compose (Material 3)	SwiftUI + AppKit
Min Version	iOS 18+	API 31 (Android 12)	macOS 15+
App Type	Full-screen app	Full-screen app	Menu bar app
WebSocket	URLSessionWebSocketTask (via OpenClawKit)	OkHttp 5.3	URLSessionWebSocketTask (via OpenClawKit)
Crypto	CryptoKit (Ed25519)	BouncyCastle (Ed25519)	CryptoKit (Ed25519)
Background	BGAppRefreshTask + silent push	Foreground Service	Always running
Discovery	Bonjour/mDNS	mDNS + dnsjava (Tailscale)	Bonjour + wide-area DNS-SD
Auto-Update	App Store / TestFlight	APK auto-update	Sparkle 2.8
Architecture	MVVM + Observation	MVVM + StateFlow	MVVM + Observation
WebView	WKWebView	Android WebView	WKWebView

TLS and security

Certificate pinning:
  - SHA256 fingerprint of server TLS certificate
  - Trust-on-first-use (user must approve fingerprint once)
  - Stored per-gateway in device auth store

Loopback exception:
  - No TLS required for localhost/127.0.0.1 connections

Tailscale domains:
  - .ts.net domains enforce TLS
  - Wide-area DNS-SD discovery supported

Device identity:
  - Ed25519 key pair generated on first launch
  - Private key stored in:
    - iOS: Keychain
    - Android: EncryptedSharedPreferences (BouncyCastle)
    - macOS: Keychain
  - Public key sent during connect handshake
  - Device token returned by server, stored for subsequent connects

A2UI Canvas integration

All three platforms embed a WebView for the A2UI canvas:

Gateway → Node: "canvas.a2ui.push" { messages: [...] }
Node → WebView: JavaScript injection
WebView → Node: window.openclawCanvasA2UIAction.postMessage(json)
Node → Gateway: "node.invoke.result" { ... }

Canvas lifecycle:
  - canvas.present → show WebView
  - canvas.navigate → load URL
  - canvas.a2ui.push → inject A2UI messages
  - canvas.snapshot → capture screenshot (base64)
  - canvas.hide → hide WebView

How it connects to other modules

Depends on:
- gateway/ — WebSocket server handles all communication, serves canvas host, manages device auth
- apps/shared/OpenClawKit/ — shared Swift package for iOS + macOS (protocol, session, identity, commands)
- apps/shared/OpenClawChatUI/ — shared chat UI components for iOS + macOS
Depended by:
- None — native apps are leaf clients

Exact SwabbleKit wake word engine internals — third-party dependency, not OpenClaw source
How PeekabooBridgeHostCoordinator on macOS handles UI automation — seems like a significant capability
APK auto-update mechanism on Android (AppUpdateHandler) — how does it discover and apply updates?
Watch app features — WatchConnectivity is referenced but the actual watchOS app was not found in the source tree
Whether Android supports the full set of iOS commands (contacts, calendar, reminders, photos) or if these are iOS-only
How screen recording results are encoded and transmitted — size constraints for WebSocket frames
Voice wake accuracy and battery impact across platforms

Change frequency

iOS: High — most feature-rich platform, new commands and capabilities added regularly
Android: Medium — follows iOS features with some platform-specific additions (SMS, foreground service)
macOS: Medium — menu bar app with focused feature set, Peekaboo integration evolving
Shared (OpenClawKit): Medium — protocol changes propagate here first, then to platform code
Protocol (v3): Low — wire protocol is stable; capability additions don't require protocol changes

#Native Apps

#One-line summary

#Responsibilities

#Architecture diagram

#Key source files

#Shared (Apple platforms)

#macOS

#iOS

#Android

#WebSocket protocol (shared across all platforms)

#Protocol version

#Connect handshake

#Node invoke flow

#Device capabilities by platform

#Node commands by platform

#Platform differences

#TLS and security

#A2UI Canvas integration

#How it connects to other modules

#My blind spots

#Change frequency