romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cbbe9dd0a2
openclaw/apps/android
History
VihariKanukollu cbbe9dd0a2 security: harden credential handling, API auth, and archive extraction 
- Control UI: switch token/password from query params to URL fragments (#token=...)
  - Auto-strips after first load, never logged in server access logs
  - Added defense-in-depth headers (Referrer-Policy, X-Frame-Options, CSP, nosniff)
- macOS: "Open Dashboard" now uses fragments instead of query params
- CLI/onboarding: emit fragment links instead of query param links
- Plugin HTTP: /api/** now requires Gateway auth (fixes unauthenticated Nostr API)
  - Added config toggle gateway.plugins.http.protectApiPaths (default: true)
- Control UI: sends Authorization header for Nostr profile save/import
- Android hardening:
  - WebView: disabled mixed content, multi-window, reduced file URL privileges
  - A2UI bridge: origin validation + 64KB payload cap
  - TLS: enabled hostname verification for DNS names
- Archive extraction: block path traversal + symlink/hardlink entries
- Dependencies: upgraded tar 7.5.7, hono 4.11.7, added overrides for vulnerabilities

Breaking: Old ?token=... dashboard links no longer auto-auth; use #token=... instead
2026-01-29 16:05:38 +05:30
..
app security: harden credential handling, API auth, and archive extraction 2026-01-29 16:05:38 +05:30
gradle/wrapper chore(android): update toolchain and deps 2025-12-14 02:37:47 +00:00
.gitignore feat(android): add Compose node app (bridge+canvas+chat+camera) 2025-12-14 01:55:40 +00:00
build.gradle.kts chore(android): update toolchain and deps 2025-12-14 02:37:47 +00:00
gradle.properties Android: add Voice Wake (foreground/always) 2025-12-18 02:08:57 +01:00
gradlew Android: add Voice Wake (foreground/always) 2025-12-18 02:08:57 +01:00
gradlew.bat Android: add Voice Wake (foreground/always) 2025-12-18 02:08:57 +01:00
README.md fix: shorten bonjour gateway service type 2026-01-20 15:10:06 +00:00
settings.gradle.kts refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00

README.md

Clawdbot Node (Android) (internal)

Modern Android node app: connects to the Gateway WebSocket (_clawdbot-gw._tcp) and exposes Canvas + Chat + Camera.

Notes:

  • The node keeps the connection alive via a foreground service (persistent notification with a Disconnect action).
  • Chat always uses the shared session key main (same session across iOS/macOS/WebChat/Android).
  • Supports modern Android only (minSdk 31, Kotlin + Jetpack Compose).

Open in Android Studio

  • Open the folder apps/android.

Build / Run

cd apps/android
./gradlew :app:assembleDebug
./gradlew :app:installDebug
./gradlew :app:testDebugUnitTest

gradlew auto-detects the Android SDK at ~/Library/Android/sdk (macOS default) if ANDROID_SDK_ROOT / ANDROID_HOME are unset.

Connect / Pair

  1. Start the gateway (on your “master” machine):
pnpm clawdbot gateway --port 18789 --verbose
  1. In the Android app:
  • Open Settings
  • Either select a discovered gateway under Discovered Gateways, or use Advanced → Manual Gateway (host + port).
  1. Approve pairing (on the gateway machine):
clawdbot nodes pending
clawdbot nodes approve <requestId>

More details: docs/platforms/android.md.

Permissions

  • Discovery:
    • Android 13+ (API 33+): NEARBY_WIFI_DEVICES
    • Android 12 and below: ACCESS_FINE_LOCATION (required for NSD scanning)
  • Foreground service notification (Android 13+): POST_NOTIFICATIONS
  • Camera:
    • CAMERA for camera.snap and camera.clip
    • RECORD_AUDIO for camera.clip when includeAudio=true