Skip to content

feat(ios): distinguish debug app builds#100222

Merged
steipete merged 4 commits into
mainfrom
codex/ios-debug-identity
Jul 5, 2026
Merged

feat(ios): distinguish debug app builds#100222
steipete merged 4 commits into
mainfrom
codex/ios-debug-identity

Conversation

@steipete

@steipete steipete commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

What Problem This Solves

Debug iOS and Watch builds currently reuse Release identifiers and icon, so development installs replace or are indistinguishable from Release installations.

Why This Change Was Made

Debug builds now derive .debug app, extension, widget, and Watch identifiers; use a separate app group and openclaw-debug URL scheme; select automatic signing; and compile imagegen-created debug icon sets. Release settings stay unchanged.

User Impact

Developers can keep Debug and Release OpenClaw installations side by side and identify the Debug app visually.

Evidence

  • swift test --package-path apps/shared/OpenClawKit --filter DeepLinksSecurityTests — 18 passed.
  • Full Debug iOS app, share extension, activity widget, and Watch graph built successfully with xcodebuild.
  • Generated build settings proved Debug identifiers, display name, URL scheme, app group, and icon selection while Release remained unchanged.
  • .agents/skills/autoreview/scripts/autoreview --mode local --stream-engine-output — clean after addressing both initial findings.

Known Proof Gap

A focused Xcode simulator test launch stalled while CoreSimulator waited for a test worker. The canonical shared-package deep-link suite passed, and the full simulator build succeeded.

@steipete steipete self-assigned this Jul 5, 2026
@openclaw-barnacle openclaw-barnacle Bot added app: ios App: ios size: M maintainer Maintainer-authored PR labels Jul 5, 2026
@clawsweeper

clawsweeper Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Codex review: found issues before merge. Reviewed July 5, 2026, 4:29 AM ET / 08:29 UTC.

Summary
The PR gives iOS and Watch Debug builds separate bundle identifiers, app group, URL scheme, debug icon sets, and Debug deep-link handling while intending Release settings to remain unchanged.

PR surface: Source -1, Docs +2, Other +201. Total +202 across 64 files.

Reproducibility: not applicable. as a feature PR. The behavior can be verified through generated Debug/Release build settings and an installed simulator/device comparison; the PR body reports build-setting and xcodebuild proof but not a completed simulator launch.

Review metrics: 1 noteworthy metric.

  • Debug identity defaults: 4 bundle IDs added, 1 app group added, 1 URL scheme changed for Debug. These build-setting surfaces affect developer installs, app-group state, and URL routing even though Release is intended to stay unchanged.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🐚 platinum hermit
Patch quality: 🦐 gold shrimp
Result: needs maintainer review before merge.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P2] Run pnpm native:i18n:sync or the equivalent generated-inventory path and commit the required native i18n update.
  • Remove the apps/ios/CHANGELOG.md edit and keep the release-note context in the PR body or squash message.
  • [P2] Add or link a simulator/device proof that Debug and Release install side by side with the expected visible identity.

Risk before merge

  • [P1] Changing Debug bundle IDs and app-group storage intentionally isolates Debug data; maintainers should confirm that losing shared Debug state with existing Release-style installs is acceptable.
  • [P1] The PR body reports build-setting and xcodebuild proof, but also states that a focused simulator launch test stalled, so the visible side-by-side install path is not fully proven.
  • [P2] The current PR head fails native-i18n drift checking, and the localized InfoPlist display-name surface still needs explicit handling for the new Debug name.

Maintainer options:

  1. Fix inventory and verify identities before merge (recommended)
    Update native i18n/localized display-name handling, remove the release-owned changelog line, and keep generated build-setting proof for both Debug and Release.
  2. Accept Debug state separation
    Maintainers can intentionally accept that existing Debug installs move to a separate bundle/app group and no longer share release app-group data.
  3. Pause for signing-policy rethink
    If default Debug isolation is not the intended developer workflow, pause this PR and redesign it as an opt-in local signing mode.

Next step before merge

  • The remaining blockers combine a mechanical inventory/changelog cleanup with maintainer confirmation of the Debug signing and state-isolation policy.

Maintainer decision needed

  • Question: Should iOS and Watch Debug builds use separate bundle identifiers, app group storage, URL scheme, and icon/name by default once the i18n and changelog cleanup is fixed?
  • Rationale: This changes developer build identity, signing, and local Debug state separation; that is a maintainer-owned app/release workflow choice, not only a code-style fix.
  • Likely owner: steipete — The PR is assigned to steipete, and prior iOS app history shows steipete as a recurring owner of the app identity and UX surface.
  • Options:
    • Adopt default Debug isolation (recommended): Keep the separate Debug identifiers and storage as the default, after fixing generated inventory/localization and release-note ownership.
    • Make Debug isolation opt-in: Require an explicit local signing/build setting for the separate Debug identity so existing developer installs keep current behavior by default.
    • Keep shared Debug/Release identity: Do not merge the identity split and rely only on build artifacts or visual cues that do not alter bundle IDs or app groups.

Security
Cleared: No concrete security or supply-chain regression was found; the security-sensitive part is Debug app-group/signing isolation, which is tracked as compatibility risk rather than a credential or sandbox bypass.

Review findings

  • [P2] Sync the native i18n inventory — apps/ios/project.yml:137
  • [P3] Remove the release-owned changelog entry — apps/ios/CHANGELOG.md:5
Review details

Best possible solution:

Land the debug-only identity split after native i18n/localized display-name handling is synced, the release-owned changelog line is removed, Release settings remain proven unchanged, and maintainers accept the Debug data-isolation behavior.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a feature PR. The behavior can be verified through generated Debug/Release build settings and an installed simulator/device comparison; the PR body reports build-setting and xcodebuild proof but not a completed simulator launch.

Is this the best way to solve the issue?

Unclear until maintainer direction is confirmed. The implementation is in the right XcodeGen/xcconfig and deep-link layers, but it needs native i18n/localized display-name cleanup and release-note ownership cleanup before it is the best merge shape.

Full review comments:

  • [P2] Sync the native i18n inventory — apps/ios/project.yml:137
    The PR head currently fails pnpm native:i18n:check with an inventory drift error. Since this branch changes native Apple plist/build identity surfaces, update the generated native inventory and any localized display-name handling together so the merge is not left red or inconsistent across locales.
    Confidence: 0.83
  • [P3] Remove the release-owned changelog entry — apps/ios/CHANGELOG.md:5
    Root policy keeps changelog edits release-owned for normal PRs, and this PR already has the right release-note context in its body. Please drop this changelog line and let release generation pick up the PR metadata.
    Confidence: 0.86

Overall correctness: patch is incorrect
Overall confidence: 0.84

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 4deb63c9791c.

Label changes

Label changes:

  • add P3: This is a low-urgency developer ergonomics feature with limited production-user blast radius.
  • add merge-risk: 🚨 compatibility: The PR changes Debug signing identifiers, app-group storage, and URL scheme defaults, which can affect existing developer Debug installs and local state.
  • add proof: sufficient: Contributor real behavior proof is sufficient. The PR body reports focused Swift tests, full Debug xcodebuild coverage, and generated build-setting verification, though it also notes a simulator launch proof gap.
  • add rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🐚 platinum hermit and patch quality is 🦐 gold shrimp.
  • add status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (terminal): The PR body reports focused Swift tests, full Debug xcodebuild coverage, and generated build-setting verification, though it also notes a simulator launch proof gap.

Label justifications:

  • P3: This is a low-urgency developer ergonomics feature with limited production-user blast radius.
  • merge-risk: 🚨 compatibility: The PR changes Debug signing identifiers, app-group storage, and URL scheme defaults, which can affect existing developer Debug installs and local state.
  • rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🐚 platinum hermit and patch quality is 🦐 gold shrimp.
  • status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (terminal): The PR body reports focused Swift tests, full Debug xcodebuild coverage, and generated build-setting verification, though it also notes a simulator launch proof gap.
  • proof: sufficient: Contributor real behavior proof is sufficient. The PR body reports focused Swift tests, full Debug xcodebuild coverage, and generated build-setting verification, though it also notes a simulator launch proof gap.
Evidence reviewed

PR surface:

Source -1, Docs +2, Other +201. Total +202 across 64 files.

View PR surface stats
Area Files Added Removed Net
Source 1 2 3 -1
Tests 0 0 0 0
Docs 3 9 7 +2
Config 0 0 0 0
Generated 0 0 0 0
Other 60 301 100 +201
Total 64 312 110 +202

Acceptance criteria:

  • [P1] pnpm native:i18n:check.
  • [P1] swift test --package-path apps/shared/OpenClawKit --filter DeepLinksSecurityTests.
  • [P1] xcodebuild build for Debug iOS app, share extension, activity widget, and Watch graph with generated build-setting proof for Debug and Release identifiers.

What I checked:

  • Repository policy read: Root AGENTS.md and the scoped apps/ios and docs guides were read; the changelog guidance affected this review. (AGENTS.md:236, 4deb63c9791c)
  • Live PR state: The live PR is open, mergeable but unstable, labeled maintainer, and current CI has a failed native-i18n job on the PR head. (4c5ce044e058)
  • Debug identity implementation: Debug sets a separate display name, URL scheme, bundle identifier, app group, and provisioning profile behavior in the XcodeGen target settings. (apps/ios/project.yml:137, 4c5ce044e058)
  • Debug signing variables: The PR derives Debug app, share, activity-widget, Watch, and app-group identifiers from the configured base identifiers. (apps/ios/Signing.xcconfig:29, 4c5ce044e058)
  • Debug scheme runtime handling: The shared deep-link parser and iOS WebView navigation delegate accept both openclaw and openclaw-debug schemes. (apps/shared/OpenClawKit/Sources/OpenClawKit/DeepLinks.swift:218, 4c5ce044e058)
  • Native i18n failure: The PR head's native-i18n job fails with the repository's drift error asking to run pnpm native:i18n:sync and commit apps/.i18n/native-source.json. (scripts/native-app-i18n.ts:955, 4deb63c9791c)

Likely related people:

  • steipete: Prior main history includes iOS app modernization, native dashboard/deep-link work, and this maintainer-labeled PR is assigned to steipete. (role: feature owner and recent area contributor; confidence: high; commits: 8502ef6c598b, 5b383af73604, 0e68c5013974; files: apps/ios/project.yml, apps/shared/OpenClawKit/Sources/OpenClawKit/DeepLinks.swift)
  • joshavant: Recent main history on iOS signing and release artifact generation directly overlaps the xcconfig and release-build surfaces touched here. (role: recent signing and release-config contributor; confidence: high; commits: 8e95e56e2dac, 760f86453e0b, f7f415f26b8e; files: apps/ios/Signing.xcconfig, apps/ios/Config/Signing.xcconfig, apps/ios/project.yml)
  • BunsDev: Recent path history shows BunsDev carrying iOS DeepLinks and setup-code security behavior that this PR extends with the debug scheme. (role: deep-link and iOS pairing contributor; confidence: medium; commits: 36df0d93b93a, b2efd1964800; files: apps/shared/OpenClawKit/Sources/OpenClawKit/DeepLinks.swift)
  • mbelinky: Earlier merged history on iOS onboarding and deep-link security established adjacent behavior now being extended. (role: earlier iOS onboarding/deep-link contributor; confidence: medium; commits: ebae6f918e18, 130e59a9c096; files: apps/shared/OpenClawKit/Sources/OpenClawKit/DeepLinks.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@openclaw-barnacle openclaw-barnacle Bot added docs Improvements or additions to documentation app: macos App: macos labels Jul 5, 2026
@clawsweeper clawsweeper Bot added proof: sufficient ClawSweeper judged the real behavior proof convincing. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. P3 Low-priority cleanup, docs, polish, ergonomics, or speculative work. merge-risk: 🚨 compatibility 🚨 May break existing users, config, migrations, defaults, or upgrade paths. labels Jul 5, 2026
@openclaw-barnacle openclaw-barnacle Bot added channel: slack Channel integration: slack channel: voice-call Channel integration: voice-call app: web-ui App: web-ui gateway Gateway runtime cli CLI command changes commands Command implementations agents Agent runtime and tooling extensions: anthropic extensions: memory-wiki size: XL and removed size: M labels Jul 5, 2026
@steipete steipete merged commit e60c510 into main Jul 5, 2026
137 of 143 checks passed
@steipete steipete deleted the codex/ios-debug-identity branch July 5, 2026 09:01
@steipete

steipete commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Merged via squash.

github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request Jul 6, 2026
* feat(ios): distinguish debug app builds

* feat(ios): distinguish debug app builds

* feat(ios): emphasize debug app icons

* feat(ios): emphasize debug app icons
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agents Agent runtime and tooling app: ios App: ios app: macos App: macos app: web-ui App: web-ui channel: slack Channel integration: slack channel: voice-call Channel integration: voice-call cli CLI command changes commands Command implementations docs Improvements or additions to documentation extensions: anthropic extensions: memory-wiki gateway Gateway runtime maintainer Maintainer-authored PR merge-risk: 🚨 compatibility 🚨 May break existing users, config, migrations, defaults, or upgrade paths. P3 Low-priority cleanup, docs, polish, ergonomics, or speculative work. proof: sufficient ClawSweeper judged the real behavior proof convincing. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. size: XL status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant