openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎apps/ios/Sources/Gateway/GatewayConnectionController.swift‎
Lines changed: 46 additions & 29 deletions b/‎apps/ios/Sources/Gateway/GatewayConnectionController.swift‎
Lines changed: 46 additions & 29 deletions
diff --git a/‎apps/ios/Sources/Info.plist‎
Lines changed: 10 additions & 0 deletions b/‎apps/ios/Sources/Info.plist‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎apps/ios/Sources/Model/NodeAppModel+Permissions.swift‎
Lines changed: 22 additions & 0 deletions b/‎apps/ios/Sources/Model/NodeAppModel+Permissions.swift‎
Lines changed: 22 additions & 0 deletions
@@ -9,6 +9,7 @@ Docs: https://docs.openclaw.ai
 - Channels/CLI: add per-account/channel `defaultTo` outbound routing fallback so `openclaw agent --deliver` can send without explicit `--reply-to` when a default target is configured. (#16985) Thanks @KirillShchetinin.
 - iOS/Chat: clean chat UI noise by stripping inbound untrusted metadata/timestamp prefixes, formatting tool outputs into concise summaries/errors, compacting the composer while typing, and supporting tap-to-dismiss keyboard in chat view. (#22122) thanks @mbelinky.
 - iOS/Watch: bridge mirrored watch prompt notification actions into iOS quick-reply handling, including queued action handoff until app model initialization. (#22123) thanks @mbelinky.
+- iOS/Permissions: gate advertised iOS node capabilities/commands by live OS permission state (photos/contacts/calendar/reminders/motion), add Settings permission controls and disclosure, and refresh active gateway registration after permission-driven settings changes. (#22135) thanks @mbelinky.
 - iOS/Tests: cover IPv4-mapped IPv6 loopback in manual TLS policy tests for connect validation paths. (#22045) Thanks @mbelinky.
 - iOS/Gateway: stabilize background wake and reconnect behavior with background reconnect suppression/lease windows, BGAppRefresh wake fallback, location wake hook throttling, and APNs wake retry+nudge instrumentation. (#21226) thanks @mbelinky.
 - Auto-reply/UI: add model fallback lifecycle visibility in verbose logs, /status active-model context with fallback reason, and cohesive WebUI fallback indicators. (#20704) Thanks @joshavant.
 
@@ -1,15 +1,12 @@
 import AVFoundation
-import Contacts
 import CoreLocation
 import CoreMotion
 import CryptoKit
-import EventKit
 import Foundation
 import Darwin
 import OpenClawKit
 import Network
 import Observation
-import Photos
 import ReplayKit
 import Security
 import Speech
@@ -704,7 +701,7 @@ final class GatewayConnectionController {
         var addr = in_addr()
         let parsed = host.withCString { inet_pton(AF_INET, $0, &addr) == 1 }
         guard parsed else { return false }
-        let value = ntohl(addr.s_addr)
+        let value = UInt32(bigEndian: addr.s_addr)
         let firstOctet = UInt8((value >> 24) & 0xFF)
         return firstOctet == 127
     }
@@ -783,6 +780,7 @@ final class GatewayConnectionController {
     }
 
     private func currentCaps() -> [String] {
+        let permissionSnapshot = IOSPermissionCenter.statusSnapshot()
         var caps = [OpenClawCapability.canvas.rawValue, OpenClawCapability.screen.rawValue]
 
         // Default-on: if the key doesn't exist yet, treat it as enabled.
@@ -803,18 +801,27 @@ final class GatewayConnectionController {
         if WatchMessagingService.isSupportedOnDevice() {
             caps.append(OpenClawCapability.watch.rawValue)
         }
-        caps.append(OpenClawCapability.photos.rawValue)
-        caps.append(OpenClawCapability.contacts.rawValue)
-        caps.append(OpenClawCapability.calendar.rawValue)
-        caps.append(OpenClawCapability.reminders.rawValue)
-        if Self.motionAvailable() {
+        if permissionSnapshot.photosAllowed {
+            caps.append(OpenClawCapability.photos.rawValue)
+        }
+        if permissionSnapshot.contactsAllowed {
+            caps.append(OpenClawCapability.contacts.rawValue)
+        }
+        if permissionSnapshot.calendarReadAllowed || permissionSnapshot.calendarWriteAllowed {
+            caps.append(OpenClawCapability.calendar.rawValue)
+        }
+        if permissionSnapshot.remindersReadAllowed || permissionSnapshot.remindersWriteAllowed {
+            caps.append(OpenClawCapability.reminders.rawValue)
+        }
+        if Self.motionAvailable() && permissionSnapshot.motionAllowed {
             caps.append(OpenClawCapability.motion.rawValue)
         }
 
         return caps
     }
 
     private func currentCommands() -> [String] {
+        let permissionSnapshot = IOSPermissionCenter.statusSnapshot()
         var commands: [String] = [
             OpenClawCanvasCommand.present.rawValue,
             OpenClawCanvasCommand.hide.rawValue,
@@ -858,12 +865,20 @@ final class GatewayConnectionController {
             commands.append(OpenClawContactsCommand.add.rawValue)
         }
         if caps.contains(OpenClawCapability.calendar.rawValue) {
-            commands.append(OpenClawCalendarCommand.events.rawValue)
-            commands.append(OpenClawCalendarCommand.add.rawValue)
+            if permissionSnapshot.calendarReadAllowed {
+                commands.append(OpenClawCalendarCommand.events.rawValue)
+            }
+            if permissionSnapshot.calendarWriteAllowed {
+                commands.append(OpenClawCalendarCommand.add.rawValue)
+            }
         }
         if caps.contains(OpenClawCapability.reminders.rawValue) {
-            commands.append(OpenClawRemindersCommand.list.rawValue)
-            commands.append(OpenClawRemindersCommand.add.rawValue)
+            if permissionSnapshot.remindersReadAllowed {
+                commands.append(OpenClawRemindersCommand.list.rawValue)
+            }
+            if permissionSnapshot.remindersWriteAllowed {
+                commands.append(OpenClawRemindersCommand.add.rawValue)
+            }
         }
         if caps.contains(OpenClawCapability.motion.rawValue) {
             commands.append(OpenClawMotionCommand.activity.rawValue)
@@ -874,6 +889,7 @@ final class GatewayConnectionController {
     }
 
     private func currentPermissions() -> [String: Bool] {
+        let permissionSnapshot = IOSPermissionCenter.statusSnapshot()
         var permissions: [String: Bool] = [:]
         permissions["camera"] = AVCaptureDevice.authorizationStatus(for: .video) == .authorized
         permissions["microphone"] = AVCaptureDevice.authorizationStatus(for: .audio) == .authorized
@@ -883,22 +899,23 @@ final class GatewayConnectionController {
             && CLLocationManager.locationServicesEnabled()
         permissions["screenRecording"] = RPScreenRecorder.shared().isAvailable
 
-        let photoStatus = PHPhotoLibrary.authorizationStatus(for: .readWrite)
-        permissions["photos"] = photoStatus == .authorized || photoStatus == .limited
-        let contactsStatus = CNContactStore.authorizationStatus(for: .contacts)
-        permissions["contacts"] = contactsStatus == .authorized || contactsStatus == .limited
-
-        let calendarStatus = EKEventStore.authorizationStatus(for: .event)
-        permissions["calendar"] =
-            calendarStatus == .authorized || calendarStatus == .fullAccess || calendarStatus == .writeOnly
-        let remindersStatus = EKEventStore.authorizationStatus(for: .reminder)
-        permissions["reminders"] =
-            remindersStatus == .authorized || remindersStatus == .fullAccess || remindersStatus == .writeOnly
-
-        let motionStatus = CMMotionActivityManager.authorizationStatus()
-        let pedometerStatus = CMPedometer.authorizationStatus()
-        permissions["motion"] =
-            motionStatus == .authorized || pedometerStatus == .authorized
+        permissions["photos"] = permissionSnapshot.photosAllowed
+        permissions["photosDenied"] = permissionSnapshot.photos.isDeniedOrRestricted
+        permissions["contacts"] = permissionSnapshot.contactsAllowed
+        permissions["contactsDenied"] = permissionSnapshot.contacts.isDeniedOrRestricted
+
+        permissions["calendar"] = permissionSnapshot.calendarReadAllowed || permissionSnapshot.calendarWriteAllowed
+        permissions["calendarRead"] = permissionSnapshot.calendarReadAllowed
+        permissions["calendarWrite"] = permissionSnapshot.calendarWriteAllowed
+        permissions["calendarDenied"] = permissionSnapshot.calendar.isDeniedOrRestricted
+
+        permissions["reminders"] = permissionSnapshot.remindersReadAllowed || permissionSnapshot.remindersWriteAllowed
+        permissions["remindersRead"] = permissionSnapshot.remindersReadAllowed
+        permissions["remindersWrite"] = permissionSnapshot.remindersWriteAllowed
+        permissions["remindersDenied"] = permissionSnapshot.reminders.isDeniedOrRestricted
+
+        permissions["motion"] = permissionSnapshot.motionAllowed
+        permissions["motionDenied"] = permissionSnapshot.motion.isDeniedOrRestricted
 
         let watchStatus = WatchMessagingService.currentStatusSnapshot()
         permissions["watchSupported"] = watchStatus.supported
 
@@ -44,12 +44,22 @@
 	</array>
 	<key>NSCameraUsageDescription</key>
 	<string>OpenClaw can capture photos or short video clips when requested via the gateway.</string>
+	<key>NSPhotoLibraryUsageDescription</key>
+	<string>OpenClaw can read your photo library when you ask it to share recent photos.</string>
+	<key>NSContactsUsageDescription</key>
+	<string>OpenClaw can read and create contacts when requested via the gateway.</string>
 	<key>NSLocalNetworkUsageDescription</key>
 	<string>OpenClaw discovers and connects to your OpenClaw gateway on the local network.</string>
 	<key>NSLocationAlwaysAndWhenInUseUsageDescription</key>
 	<string>OpenClaw can share your location in the background when you enable Always.</string>
 	<key>NSLocationWhenInUseUsageDescription</key>
 	<string>OpenClaw uses your location when you allow location sharing.</string>
+	<key>NSCalendarsFullAccessUsageDescription</key>
+	<string>OpenClaw can read and add calendar events when requested via the gateway.</string>
+	<key>NSRemindersFullAccessUsageDescription</key>
+	<string>OpenClaw can read and add reminders when requested via the gateway.</string>
+	<key>NSMotionUsageDescription</key>
+	<string>OpenClaw uses Motion &amp; Fitness data for activity and pedometer commands.</string>
 	<key>NSMicrophoneUsageDescription</key>
 	<string>OpenClaw needs microphone access for voice wake.</string>
 	<key>NSSpeechRecognitionUsageDescription</key>
 
@@ -0,0 +1,22 @@
+import Foundation
+import UIKit
+
+@MainActor
+extension NodeAppModel {
+    func permissionSnapshot() -> IOSPermissionSnapshot {
+        IOSPermissionCenter.statusSnapshot()
+    }
+
+    @discardableResult
+    func requestPermission(_ permission: IOSPermissionKind) async -> IOSPermissionSnapshot {
+        _ = await IOSPermissionCenter.request(permission)
+        return IOSPermissionCenter.statusSnapshot()
+    }
+
+    func openSystemSettings() {
+        guard let url = URL(string: UIApplication.openSettingsURLString) else {
+            return
+        }
+        UIApplication.shared.open(url)
+    }
+}