docs: per-integration iOS quick-connect guides for managed app users

[Copilot]

Adds dean/ios-quick-connect/ — 17 markdown files covering how iOS app developers should implement channel quick-connect screens when users run OpenClaw through the managed iOS app (Supabase JWT auth → file-api → AKS container config).

What's included

Index (index.md) — architecture overview, PATCH /config/channels contract, auth-method glossary, and integration complexity table.

Per-integration docs (one file each): Discord, Telegram, Slack, WhatsApp, Signal, iMessage/BlueBubbles, Microsoft Teams, Matrix, Feishu/Lark, Nostr, Twitch, Zalo, Mattermost, IRC, LINE, Tlon/Urbit.

Each doc covers:

• Auth method (token paste / OAuth-in-app / QR scan / guided form / phone registration)
• SwiftUI UI sketch for the connect screen
• Pre-flight token validation against the service's API
• Exact JSON5 config block written to the container
• Plugin installation steps where required
• Security notes (token scope, CSRF state param, storage boundaries)

Auth methods by integration

Method	Integrations
Token paste	Discord, Telegram, Feishu, Zalo, Mattermost, IRC, LINE
OAuth (ASWebAuthenticationSession)	Slack, Twitch, Teams (opt B), Matrix (opt B)
QR scan	WhatsApp (Baileys), Signal (device-link)
Multi-step guided form	Teams, BlueBubbles, Signal (phone reg), Tlon
In-app keygen / key import	Nostr

Summary

• Problem: No guidance on how to implement channel connection UI in the iOS app — devs would need to reverse-engineer each service's auth model independently.
• Why it matters: Managed app users can't run openclaw channels login from a terminal; the iOS app must own the full credential-collection and config-patch flow.
• What changed: New dean/ios-quick-connect/ directory, 17 new docs, no code changes.
• What did NOT change: No runtime code, no existing channel implementations, no config schema changes.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Related #

User-visible / Behavior Changes

None — docs only.

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

Repro + Verification

Environment

• OS: N/A (docs only)
• Runtime/container: N/A
• Model/provider: N/A
• Integration/channel (if any): All channels documented
• Relevant config (redacted): N/A

Steps

1. Read dean/ios-quick-connect/index.md for architecture overview.
2. Open any per-integration file (e.g., dean/ios-quick-connect/discord.md) to review structure and completeness.

Expected

• Each doc describes the full credential-collection + config-patch flow for its integration.

Actual

• All 17 integration docs present and structurally consistent under dean/ios-quick-connect/.

Evidence

• Trace/log snippets — N/A (docs only)

Human Verification (required)

• Verified scenarios: All SwiftUI code snippets reviewed for correctness; try! force-unwraps replaced with safe try?/guard patterns; undefined helper functions annotated with library references.
• Edge cases checked: OAuth CSRF state token called out in Slack/Teams/Twitch; QR expiry handling documented for WhatsApp and Signal; private-network SSRF opt-in documented for Tlon.
• What you did not verify: Actual compilation of SwiftUI sketches; live API responses from each service.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No

Failure Recovery (if this breaks)

• How to disable/revert this change quickly: Delete dean/ios-quick-connect/ directory.
• Files/config to restore: None.
• Known bad symptoms reviewers should watch for: N/A.

Risks and Mitigations

• Risk: SwiftUI sketches are illustrative and not compiled — subtle API misuse could mislead implementors.
  • Mitigation: Each snippet is annotated with library recommendations and caveats; force-unwraps removed in favor of safe patterns.

Original prompt

Can you write a markdown per integration on how you would implement a quick connect of thr integration (options from tokens to full e2e flows to quick auth if we build an app to using your app) assuming users are running OpenClaw through a managed iOS app. See details on the arch below

OpenClaw iOS App

OpenClaw is a premium iOS application that provides users with their own personal AI assistant powered by Claude, running in dedicated containers in the cloud.

What is OpenClaw?

OpenClaw gives each user their own private AI assistant with:

• Personal AI Container: Each user gets an exclusive OpenClaw instance running in Azure Kubernetes Service
• Secure & Private: Your conversations and data stay private in your dedicated container
• File Storage: Store and access files in your personal workspace
• Real-time Chat: WebSocket-based chat interface with typing indicators
• Mobile-First: Native iOS app built with SwiftUI

Architecture

┌─────────────────┐    ┌──────────────┐    ┌──────────────────────────┐
│                 │    │              │    │  Azure Cloud (AKS)       │
│   iOS App       │◄──►│  Supabase    │    │                          │
│  (SwiftUI)      │    │  (Auth + DB) │    │  ┌────────────────────┐  │
│                 │    │              │    │  │  OpenClaw Pods 1-N  │  │
│ • Authentication│    │ • Users      │    │  │  (ClusterIP only)   │  │
│ • Subscription  │    │ • Containers │    │  └─────────┬──────────┘  │
│ • Chat UI       │    │ • RLS        │    │            │ Azure Files │
│ • File Browser  │    │              │    │  ┌─────────┴──────────┐  │
│                 │    │              │    │  │  file-api pod       │  │
└────────┬────────┘    └──────────────┘    │  │  (Cloudflare Tunnel)│  │
         │                                 │  └────────────────────┘  │
         │  HTTPS + Supabase JWT           │                          │
         └──▶ files.spark.ooo ─────────────┘                          │
                                           └──────────────────────────┘

The file-api pod is a dedicated Node.js server exposed via Cloudflare Tunnel
(files.spark.ooo) that handles all file operations (browse, read, write, delete) for the
iOS app. It authenticates using the user's Supabase JWT and mounts the same Azure Files
share as the OpenClaw pods. See docs/ for full documentation.

Prerequisites

Development Tools

• Xcode 15.0+ with iOS 17+ SDK
• Azure CLI (brew install azure-cli)
• kubectl (brew install kubectl)
• Git (for version control)

Accounts Required

• Apple Developer Account (for App Store Connect, StoreKit testing)
• Azure Subscription (for cloud infrastructure)
• Supabase Account (for authentication and database)
• Anthropic Account (for Claude API access)

Local Setup

# Install dependencies
brew install azure-cli kubectl jq
npm install -g @supabase/cli

# Clone the repository
git clone https://github.com/deankroker/claw.git
cd claw

Setup Instructions

1. Deploy Azure Infrastructure

# Login to Azure
az login

# Create resource group
az group create --name openclaw-dev --location "East US 2"

# Deploy infrastructure
az deployment group create \
  --resource-group openclaw-dev \
  --template-file infra/main.bicep \
  --parameters @infra/parameters.json

# Get deployment outputs
az deployment group show \
  --resource-group openclaw-dev \
  --name main \
  --query properties.outputs

2. Set Up Supabase

# Initialize Supabase project
supabase init

# Link to your Supabase project
supabase link --project-ref YOUR_PROJECT_REF

# Run database migrations
supabase db push

# Seed database (development only)
psql -h YOUR_DB_HOST -d postgres -U postgres -f supabase/seed.sql

3. Configure the iOS App

Create Claw/Config.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>SupabaseURL</key>
    <string>https://your-project.supabase.co</string>
    <key>SupabaseAnonKey</key>
    <string>your-anon-key</string>
    <key>FileAPIURL</key>
    <string>https://files.spark.ooo</string>
</dict>
</plist>

FileAPIURL is the Cloudflare Tunnel endpoint for the file-api pod. See step 5b below.

4. Configure StoreKit

1. In App Store Connect, create your app
2. Add the subscription product: com.openclaw.monthly ($19.99/month)
3. Create a StoreKit configuration file in Xcode
4. Add the product to your configuration

5a. Provision Container Pool

# Set environment variables
export RESOURCE_GROUP="openclaw-dev"
export AKS_CLUSTER="openclaw-dev-aks"
export SUPABASE_URL="https://your-project.supabase.co"
export SUPABASE_SERVICE_ROLE_KEY="your-service-role-key"

# Provision containers
./infra/scripts/provision-pool.sh --count 10

5b. Deploy File API

The file-api pod ...

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[deankroker]

Add to /dean folder instead of docs please @copilot

[deankroker]

Add to /dean folder instead of docs please @copilot

[Copilot]

Add to /dean folder instead of docs please @copilot

Done — all 17 files have been moved to dean/ios-quick-connect/ and removed from docs/. Commit: 6ed50a1

[Copilot]

Add to /dean folder instead of docs please @copilot

Already done in commit 6ed50a1 — all 17 files are now under dean/ios-quick-connect/.