feat: native SwiftUI Crabbox iOS app (crabbox.sh client + on-device/sandbox LLM + islo)

[zozo123]

Summary

Evolves mobile/ into a genuinely native SwiftUI iOS app whose first screen is a Crabbox command runner, not the website. The app now links Crabbox's Go CLI package as an in-process CrabboxMobile static library and can run commands such as:

crabbox run --provider islo --no-sync -- uname -a

That calls islo.dev from the iPhone using the user's islo key stored in Keychain. iOS cannot spawn a separate desktop-style CLI binary, so this PR compiles the Go command engine into the app and calls it through a tiny C/Swift bridge.

Architecture

• Run tab — default tab. Parses crabbox ... command lines, executes them through the linked Go CrabboxMobile core when present, and falls back to coordinator /v1/workspaces terminal sessions for builds that omit the Go core.
• CrabboxMobile Go core — mobile/go/crabboxmobile exports CrabboxMobileRun / CrabboxMobileFree, imports internal/cli plus the mobile-safe islo provider, and is compiled by Xcode via scripts/build-crabbox-mobile-core.sh.
• CrabboxKit — pure Swift logic: command-line parsing, coordinator workspace client, URL/navigation policy, LLM/sandbox clients, and the testable app reducer.
• Sandboxes / Assistant / Portal tabs — existing native sandbox management, provider-agnostic LLM chat, and WKWebView portal/OAuth support remain available but are no longer the primary app experience.

Validation

• swift build
• swift run crabbox-sim — 18 scenarios, 74 steps, 0 invariant violations
• CGO_ENABLED=1 GOOS=ios GOARCH=arm64 go build -buildmode=c-archive -o /tmp/crabboxmobile-final/libcrabboxmobile.a ./mobile/go/crabboxmobile
• go test ./mobile/go/crabboxmobile
• git diff --check

Local swift test is currently blocked on this Mac because the active toolchain is /Library/Developer/CommandLineTools and XCTest is unavailable without full Xcode selected.

Install

Full Xcode is still required for a physical iPhone install. The install script now also checks for Go because Xcode builds the embedded CrabboxMobile core before compiling the Swift app:

cd mobile
DEVELOPMENT_TEAM=XXXXXXXXXX ./scripts/install-on-device.sh

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 15, 2026, 1:04 PM ET / 17:04 UTC.

Summary
The PR adds a native SwiftUI iOS app under mobile/ with a Crabbox command runner, CrabboxKit, an embedded Go CLI bridge, sandbox/LLM clients, docs/scripts/assets, and two mobile CI jobs.

Reproducibility: not applicable. for a bug as a whole; the blocking coordinator endpoint and credential-boundary issues are source-reproducible from PR-head code and current main routes.

Review metrics: 3 noteworthy metrics.

• Changed surface: 63 files, 7,096 additions, 0 deletions. This is a new mobile app, docs, assets, scripts, and workflow surface rather than a contained repair.
• CI jobs added: 2 mobile jobs added. The PR adds Ubuntu Swift and macOS iOS workflow jobs with new setup dependencies.
• Credential clients added: 2 credential-bearing clients. The coordinator and islo Swift clients send session/API credentials, making endpoint validation merge-critical.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🧂 unranked krab
Result: blocked until real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Add redacted simulator/device proof for portal load, login persistence, coordinator switching, sandbox launch, and chat.
• Align the mobile coordinator provisioner with the supported workspace/lease lifecycle API.
• Normalize and constrain credential-bearing endpoints and replace or pin the sandbox bootstrap installer.

Proof guidance:

• [P1] Needs real behavior proof before merge: The PR has headless/CI validation claims, but no redacted real simulator/device proof for the native iOS flows and the contributor says that proof remains outstanding. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Mantis proof suggestion
A visual simulator or device recording would materially help verify the new native iOS portal, settings, and sandbox flows. A maintainer can ask Mantis to capture proof by posting a new PR comment that starts with the OpenClaw Mantis account mention, followed by:

visual task: capture redacted iOS simulator/device proof for portal load, login persistence, coordinator switching, and sandbox launch/chat.

Risk before merge

• [P1] The contributor explicitly says the branch is WIP and should not merge.
• [P1] No redacted simulator/device proof is present for the native iOS portal, settings, sandbox launch, or chat flows.
• [P1] The default coordinator sandbox provisioner targets unsupported /v1/sandboxes routes, so the primary crabbox.sh path would fail against current main.
• [P1] The PR adds mobile credential storage and configurable credential-bearing coordinator/islo endpoints, which needs a clear security boundary before merge.
• [P1] The direct islo LLM path executes a mutable root installer script from ollama.com in each sandbox bootstrap.
• [P1] The PR adds Swift/macOS mobile CI jobs, and current GitHub checks show Go and Mobile iOS app build failing.

Maintainer options:

1. Pause for mobile ownership (recommended)
   Maintainers can pause this branch until they decide whether Crabbox should own a first-party iOS app, App Store/TestFlight path, mobile LLM UX, and direct islo key handling.
2. Repair and prove before merge
   Fix the coordinator API mismatch, credential endpoint validation, mutable bootstrap path, and failing mobile checks, then add redacted simulator/device proof for the user-facing flows.
3. Accept the surface intentionally
   If maintainers want this direction now, they should explicitly accept the new mobile/security/automation surface and require operational proof before merge.

Next step before merge

• [P1] Human review is required because the branch is WIP and the remaining blockers include product/security ownership decisions plus contributor real-device proof that automation cannot supply.

Security
Needs attention: The diff introduces credential-bearing mobile clients and root sandbox bootstrap code with concrete security-boundary concerns before merge.

Review findings

• [P1] Use the existing coordinator lifecycle API — mobile/Sources/CrabboxKit/CoordinatorClient.swift:42
• [P1] Validate provider URLs before sending credentials — mobile/App/Settings/AppSettings.swift:111-119
• [P2] Pin or replace the root bootstrap installer — mobile/Sources/CrabboxKit/IsloClient.swift:276

Review details

Best possible solution:

Land only after maintainers approve the mobile product and security boundary, align the coordinator client with the supported workspace/lease API, constrain credential endpoints, replace or pin the bootstrap path, add real simulator/device proof, and get CI green.

Do we have a high-confidence way to reproduce the issue?

Not applicable for a bug as a whole; the blocking coordinator endpoint and credential-boundary issues are source-reproducible from PR-head code and current main routes.

Is this the best way to solve the issue?

No; the branch remains too broad and WIP to merge before the coordinator API, credential boundary, proof, CI, and mobile ownership questions are resolved.

Full review comments:

• [P1] Use the existing coordinator lifecycle API — mobile/Sources/CrabboxKit/CoordinatorClient.swift:42
  The primary crabbox.sh provisioner posts to /v1/sandboxes, but current main exposes coordinator lifecycle through /v1/leases and /v1/workspaces, so this default sandbox launch/list/stop path will fail against the current coordinator.
  Confidence: 0.94
• [P1] Validate provider URLs before sending credentials — mobile/App/Settings/AppSettings.swift:111-119
  makeProvisioner() passes saved coordinator and islo URLs directly into clients that attach Bearer/session/API credentials. Normalize and require trusted HTTPS endpoints before constructing either provisioner so a mistyped or hostile URL cannot receive secrets.
  Confidence: 0.92
• [P2] Pin or replace the root bootstrap installer — mobile/Sources/CrabboxKit/IsloClient.swift:276
  Each direct islo LLM launch runs curl https://ollama.com/install.sh | sh as root and ignores installer failure. Use a pinned or verified artifact, maintained image, or existing bootstrap path before shipping this runtime path.
  Confidence: 0.78

Overall correctness: patch is incorrect
Overall confidence: 0.88

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against d45ca8a916d9.

Label changes

Label changes:

• add merge-risk: 🚨 compatibility: The mobile coordinator sandbox provisioner calls /v1/sandboxes even though current main exposes /v1/leases and /v1/workspaces for coordinator-managed lifecycle.
• remove merge-risk: 🚨 other: Current PR review merge-risk labels are merge-risk: 🚨 compatibility, merge-risk: 🚨 security-boundary, merge-risk: 🚨 automation.

Label justifications:

• P2: The PR is a substantial new feature with concrete blockers, but it is not an emergency or current-user regression.
• merge-risk: 🚨 compatibility: The mobile coordinator sandbox provisioner calls /v1/sandboxes even though current main exposes /v1/leases and /v1/workspaces for coordinator-managed lifecycle.
• merge-risk: 🚨 security-boundary: The diff adds mobile credential storage and sends tokens/API keys through new coordinator and islo clients with configurable endpoints.
• merge-risk: 🚨 automation: The diff adds Swift and macOS mobile CI jobs with new toolchain and XcodeGen setup, and the current PR checks show mobile app build failure.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🧂 unranked krab.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR has headless/CI validation claims, but no redacted real simulator/device proof for the native iOS flows and the contributor says that proof remains outstanding. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

Security concerns:

• [high] Configurable endpoints can receive secrets — mobile/App/Settings/AppSettings.swift:111
  Coordinator and islo URLs are saved raw and passed into clients that send Bearer/session/API credentials, allowing accidental or malicious endpoint substitution unless the app validates and constrains those URLs first.
  Confidence: 0.92
• [medium] Mutable root bootstrap script — mobile/Sources/CrabboxKit/IsloClient.swift:276
  The direct islo path executes a remote installer script as root in the sandbox on each launch without pinning or integrity verification, making the mobile runtime path depend on mutable third-party shell code.
  Confidence: 0.78

Acceptance criteria:

• [P1] swift build from mobile/.
• [P1] swift test from mobile/.
• [P1] swift run crabbox-sim --json from mobile/.
• [P1] xcodebuild unsigned iOS simulator build from generated mobile project.
• [P1] redacted simulator/device proof for portal load, login persistence, coordinator switching, sandbox launch, and chat.

What I checked:

• Repository policy read: AGENTS.md was read fully; its generic product positioning, provider-boundary, testing, and secret-handling guidance applies to this mobile/provider/credential PR. (AGENTS.md:1, d45ca8a916d9)
• PR state and discussion: GitHub reports this PR open, mergeable but blocked, head c9ffd40; comments include missing simulator/device proof and a contributor note saying the branch is WIP and should not merge. (c9ffd400b018)
• PR scope: The three-dot PR diff adds 63 files with 7,096 insertions and no deletions. (c9ffd400b018)
• Current main has no mobile tree: No mobile/ paths were present on current main, so this PR is not already implemented there. (d45ca8a916d9)
• Latest release has no mobile tree: v0.31.0 also produced no mobile/ paths; the tag peels to f6b4a97 from 2026-06-14. (f6b4a9765285)
• Current coordinator routes: Current main exposes coordinator lease and workspace routes at /v1/leases and /v1/workspaces, not a public /v1/sandboxes route in this route table. (worker/src/fleet.ts:786, d45ca8a916d9)

Likely related people:

• Peter Steinberger: Blame shows current-main workspace/lease route table and workspace lease request logic, and recent history includes coordinator and CI changes. (role: recent coordinator/workflow contributor; confidence: high; commits: f6b4a9765285, 57440dad819d, 699a79f887f6; files: worker/src/fleet.ts, internal/cli/coordinator.go, .github/workflows/ci.yml)
• Yossi Eliaz: Merged history includes islo API contract and pause/resume work, separate from merely authoring this PR. (role: prior islo/provider contributor; confidence: high; commits: 03a20315b0d6, b2356e0f5173, 309cc434d3d8; files: internal/providers/islo, docs/providers/islo.md, internal/providers/cloudflare)
• Vincent Koc: Recent current-main history touches workspace/coordinator-adjacent behavior relevant to the mobile sandbox and workflow surface. (role: recent adjacent contributor; confidence: medium; commits: 4fccd01713b3; files: worker/src/fleet.ts, internal/cli/coordinator.go)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[zozo123]

@clawsweeper re-review

Implemented the review blockers that can be handled from this environment:

• Production coordinator URLs now require HTTPS.
• Development HTTP is limited to loopback coordinators, with focused URL policy coverage.
• The WebView no longer whitelists arbitrary http://* origins.
• Added Mobile CI for npm ci, coordinator URL policy tests, TypeScript, and iOS bundle export.
• Updated the PR body with local validation and green CI: https://github.com/openclaw/crabbox/actions/runs/27529710307

Remaining proof caveat is documented in the PR body: this machine does not have full Xcode/simctl, so redacted real simulator/device proof for login persistence and coordinator switching still needs a full Xcode Mac or test device.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27530391971
• Updated: 2026-06-15T07:24:31.827Z

[zozo123]

WIP don't merge... but fix extensively.