Nanoclaw for iPhone

Your phone guards the keys.

API keys and credentials are stored in the iPhone's Secure Enclave — hardware-isolated, biometric-protected, never uploaded. When an agent needs to make an authenticated API call, it proxies the request through your phone. The secret is injected at the device. It never reaches the cloud.

Secrets that never leave your device

Agent VM → request proxy → your iPhone → authenticated HTTP → API endpoint
                                ↓
                        secret injected here
                        (never transmitted)

When you add a credential, it's stored in the iPhone's Secure Enclave using a P-256 key pair. Accessing it requires Face ID or Touch ID. No one else — not the server, not the agent — can read it.

Live Activities on your lock screen

Nanoclaw uses iOS Live Activities to show running agents on your lock screen and in the Dynamic Island. You can see at a glance which agents are active, what state they're in, and whether any approvals are waiting.

Agents can push Live Activity updates from the server side — no app open required.

Biometric approval for sensitive actions

When an agent requests:

• A destructive action (deleting files, stopping services)
• Permission escalation (a lower-profile agent asking for higher access)
• External access to a new network destination
• A secret from your vault

…a push notification arrives on your iPhone. Open it to see the full request: which agent, what action, why. Approve or deny with Face ID.

Fleet visibility

The iPhone app shows your full fleet: agents, hosts, active sessions. Same data as the macOS app, optimized for a phone screen. Swipe between agents. Tap into logs. Check host capacity.

Get the app

Nanoclaw for iPhone is in TestFlight beta. Apply for early access →