@swarmclawai/swarmclaw 0.2.0

package/src/app/api/setup/doctor/route.ts

@@ -0,0 +1,250 @@
+import fs from 'node:fs'
+import path from 'node:path'
+import { spawnSync } from 'node:child_process'
+import { NextResponse } from 'next/server'
+import { loadAgents, loadCredentials, loadSettings } from '@/lib/server/storage'
+
+type CheckStatus = 'pass' | 'warn' | 'fail'
+
+interface SetupCheck {
+  id: string
+  label: string
+  status: CheckStatus
+  detail: string
+  required?: boolean
+}
+
+interface CommandResult {
+  ok: boolean
+  output: string
+  error?: string
+}
+
+const RELEASE_TAG_RE = /^v\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/
+
+function run(command: string, args: string[], timeoutMs = 8_000): CommandResult {
+  try {
+    const result = spawnSync(command, args, {
+      cwd: process.cwd(),
+      encoding: 'utf8',
+      timeout: timeoutMs,
+    })
+    if (result.error) {
+      return { ok: false, output: '', error: result.error.message }
+    }
+    if (typeof result.status === 'number' && result.status !== 0) {
+      const err = (result.stderr || result.stdout || `exit ${result.status}`).trim()
+      return { ok: false, output: '', error: err || `exit ${result.status}` }
+    }
+    return { ok: true, output: (result.stdout || '').trim() }
+  } catch (err: any) {
+    return { ok: false, output: '', error: err?.message || String(err) }
+  }
+}
+
+function getLatestStableTag(): string | null {
+  const listed = run('git', ['tag', '--list', 'v*', '--sort=-v:refname'], 4_000)
+  if (!listed.ok) return null
+  const tags = listed.output
+    .split('\n')
+    .map((line) => line.trim())
+    .filter(Boolean)
+  return tags.find((tag) => RELEASE_TAG_RE.test(tag)) || null
+}
+
+function commandExists(name: string): boolean {
+  const lookup = process.platform === 'win32' ? 'where' : 'which'
+  return run(lookup, [name], 3_000).ok
+}
+
+function pushCheck(
+  checks: SetupCheck[],
+  id: string,
+  label: string,
+  status: CheckStatus,
+  detail: string,
+  required = false,
+) {
+  checks.push({ id, label, status, detail, required })
+}
+
+function testDataWriteAccess(dataDir: string): { ok: boolean; error?: string } {
+  try {
+    fs.mkdirSync(dataDir, { recursive: true })
+    const probe = path.join(dataDir, `.doctor-write-${Date.now()}.tmp`)
+    fs.writeFileSync(probe, 'ok', 'utf8')
+    fs.unlinkSync(probe)
+    return { ok: true }
+  } catch (err: any) {
+    return { ok: false, error: err?.message || String(err) }
+  }
+}
+
+export async function GET(req: Request) {
+  const url = new URL(req.url)
+  const includeRemote = url.searchParams.get('remote') === '1'
+  const checks: SetupCheck[] = []
+  const actions: string[] = []
+  const checkedAt = Date.now()
+
+  const nodeVersion = process.versions.node
+  const nodeMajor = Number.parseInt(String(nodeVersion).split('.')[0] || '0', 10)
+  if (nodeMajor >= 20) {
+    pushCheck(checks, 'node-version', 'Node.js version', 'pass', `Detected Node ${nodeVersion}.`, true)
+  } else {
+    pushCheck(checks, 'node-version', 'Node.js version', 'fail', `Detected Node ${nodeVersion}. Node 20+ is required.`, true)
+    actions.push('Install Node.js 20 or newer from https://nodejs.org and rerun setup.')
+  }
+
+  const npmCheck = run('npm', ['--version'], 5_000)
+  if (npmCheck.ok) {
+    pushCheck(checks, 'npm', 'npm availability', 'pass', `npm ${npmCheck.output} is available.`, true)
+  } else {
+    pushCheck(checks, 'npm', 'npm availability', 'fail', npmCheck.error || 'npm was not found in PATH.', true)
+    actions.push('Install npm and rerun `npm run setup:easy`.')
+  }
+
+  const dataDir = path.join(process.cwd(), 'data')
+  const dataWrite = testDataWriteAccess(dataDir)
+  if (dataWrite.ok) {
+    pushCheck(checks, 'data-dir', 'Data directory permissions', 'pass', `Writable: ${dataDir}`, true)
+  } else {
+    pushCheck(checks, 'data-dir', 'Data directory permissions', 'fail', dataWrite.error || `Cannot write to ${dataDir}`, true)
+    actions.push(`Fix filesystem permissions for ${dataDir}.`)
+  }
+
+  const envFile = path.join(process.cwd(), '.env.local')
+  if (fs.existsSync(envFile)) {
+    pushCheck(checks, 'env-file', '.env.local', 'pass', '.env.local is present.')
+  } else {
+    pushCheck(checks, 'env-file', '.env.local', 'warn', '.env.local was not found yet. It will be created automatically on first run.')
+    actions.push('Run `npm run dev` once to auto-generate ACCESS_KEY and CREDENTIAL_SECRET.')
+  }
+
+  const hasAccessKey = !!process.env.ACCESS_KEY?.trim()
+  if (hasAccessKey) {
+    pushCheck(checks, 'access-key', 'Access key', 'pass', 'ACCESS_KEY is configured.', true)
+  } else {
+    pushCheck(checks, 'access-key', 'Access key', 'fail', 'ACCESS_KEY is missing.', true)
+    actions.push('Start the app once so SwarmClaw can generate ACCESS_KEY automatically.')
+  }
+
+  const hasCredentialSecret = !!process.env.CREDENTIAL_SECRET?.trim()
+  if (hasCredentialSecret) {
+    pushCheck(checks, 'credential-secret', 'Credential secret', 'pass', 'CREDENTIAL_SECRET is configured.', true)
+  } else {
+    pushCheck(checks, 'credential-secret', 'Credential secret', 'fail', 'CREDENTIAL_SECRET is missing.', true)
+    actions.push('Start the app once so SwarmClaw can generate CREDENTIAL_SECRET automatically.')
+  }
+
+  const settings = loadSettings()
+  if (settings?.setupCompleted === true) {
+    pushCheck(checks, 'setup-wizard', 'Setup wizard', 'pass', 'Initial setup has been completed.')
+  } else {
+    pushCheck(checks, 'setup-wizard', 'Setup wizard', 'warn', 'Initial setup is not marked complete yet.')
+    actions.push('Open the UI and finish the setup wizard at least once.')
+  }
+
+  const agents = Object.values(loadAgents() || {})
+  if (agents.length > 0) {
+    pushCheck(checks, 'agents', 'Agents', 'pass', `${agents.length} agent(s) configured.`)
+  } else {
+    pushCheck(checks, 'agents', 'Agents', 'warn', 'No agents found.')
+    actions.push('Create a starter agent from the setup wizard.')
+  }
+
+  const credentials = Object.values(loadCredentials() || {})
+  if (credentials.length > 0) {
+    pushCheck(checks, 'credentials', 'Credentials', 'pass', `${credentials.length} credential(s) saved.`)
+  } else {
+    pushCheck(checks, 'credentials', 'Credentials', 'warn', 'No API credentials saved (OK for local-only Ollama).')
+    actions.push('If using cloud providers, add an API key in the setup wizard or Settings → Providers.')
+  }
+
+  const optionalBinaries: Array<{ id: string; label: string; command: string }> = [
+    { id: 'claude-cli', label: 'Claude Code CLI', command: 'claude' },
+    { id: 'codex-cli', label: 'OpenAI Codex CLI', command: 'codex' },
+    { id: 'opencode-cli', label: 'OpenCode CLI', command: 'opencode' },
+  ]
+
+  for (const binary of optionalBinaries) {
+    const exists = commandExists(binary.command)
+    pushCheck(
+      checks,
+      binary.id,
+      binary.label,
+      exists ? 'pass' : 'warn',
+      exists
+        ? `${binary.command} is installed.`
+        : `${binary.command} is not installed (optional, only needed for ${binary.label} provider).`,
+    )
+  }
+
+  const gitRootCheck = run('git', ['rev-parse', '--is-inside-work-tree'], 4_000)
+  let localSha: string | null = null
+  let remoteSha: string | null = null
+  let behindBy = 0
+  let workingTreeDirty = false
+
+  if (!gitRootCheck.ok) {
+    pushCheck(checks, 'git-repo', 'Git repository', 'warn', 'This directory is not a git repository. Auto-update checks are disabled.')
+  } else {
+    pushCheck(checks, 'git-repo', 'Git repository', 'pass', 'Git repository detected.')
+
+    localSha = run('git', ['rev-parse', '--short', 'HEAD'], 4_000).output || null
+    const dirty = run('git', ['status', '--porcelain'], 4_000)
+    workingTreeDirty = !!dirty.output
+    if (workingTreeDirty) {
+      pushCheck(checks, 'git-dirty', 'Working tree cleanliness', 'warn', 'Uncommitted local changes detected.')
+      actions.push('Commit or stash local changes before running automatic updates.')
+    } else {
+      pushCheck(checks, 'git-dirty', 'Working tree cleanliness', 'pass', 'Working tree is clean.')
+    }
+
+    if (includeRemote) {
+      const fetch = run('git', ['fetch', '--tags', 'origin', '--quiet'], 12_000)
+      if (!fetch.ok) {
+        pushCheck(checks, 'git-remote', 'Remote update check', 'warn', fetch.error || 'Could not check remote release tags.')
+      } else {
+        const latestTag = getLatestStableTag()
+        if (!latestTag) {
+          pushCheck(checks, 'git-update', 'Update availability', 'warn', 'No stable release tags found yet; updater will fallback to main.')
+        } else {
+          const behind = run('git', ['rev-list', `HEAD..${latestTag}^{commit}`, '--count'], 4_000)
+          behindBy = Number.parseInt(behind.output || '0', 10) || 0
+          remoteSha = run('git', ['rev-parse', '--short', `${latestTag}^{commit}`], 4_000).output || localSha
+
+          if (behindBy > 0) {
+            pushCheck(checks, 'git-update', 'Update availability', 'warn', `${behindBy} commit(s) available to stable release ${latestTag}.`)
+            actions.push('Run `npm run update:easy` or use the in-app update banner.')
+          } else {
+            pushCheck(checks, 'git-update', 'Update availability', 'pass', `Already on stable release ${latestTag} or newer.`)
+          }
+        }
+      }
+    } else {
+      pushCheck(checks, 'git-remote', 'Remote update check', 'warn', 'Skipped (pass ?remote=1 to include remote stable-tag check).')
+    }
+  }
+
+  const failedRequired = checks.filter((c) => c.required && c.status === 'fail').length
+  const warnings = checks.filter((c) => c.status === 'warn').length
+  const ok = failedRequired === 0
+  const summary = ok
+    ? (warnings > 0 ? `Setup mostly healthy with ${warnings} warning(s).` : 'Setup looks healthy.')
+    : `Setup has ${failedRequired} required failure(s).`
+
+  return NextResponse.json({
+    ok,
+    checkedAt,
+    summary,
+    checks,
+    actions: Array.from(new Set(actions)),
+    git: {
+      localSha,
+      remoteSha,
+      behindBy,
+      dirty: workingTreeDirty,
+    },
+  })
+}

package/src/app/api/skills/[id]/route.ts

@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server'
+import { loadSkills, saveSkills, deleteSkill } from '@/lib/server/storage'
+import { normalizeSkillPayload } from '@/lib/server/skills-normalize'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const skills = loadSkills()
+  if (!skills[id]) return new NextResponse(null, { status: 404 })
+  return NextResponse.json(skills[id])
+}
+
+export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const body = await req.json()
+  const skills = loadSkills()
+  if (!skills[id]) return new NextResponse(null, { status: 404 })
+  const normalized = normalizeSkillPayload({ ...skills[id], ...body })
+  skills[id] = {
+    ...skills[id],
+    ...body,
+    name: normalized.name,
+    filename: normalized.filename,
+    description: normalized.description,
+    content: normalized.content,
+    sourceUrl: normalized.sourceUrl,
+    sourceFormat: normalized.sourceFormat,
+    id,
+    updatedAt: Date.now(),
+  }
+  saveSkills(skills)
+  return NextResponse.json(skills[id])
+}
+
+export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const skills = loadSkills()
+  if (!skills[id]) return new NextResponse(null, { status: 404 })
+  deleteSkill(id)
+  return NextResponse.json({ deleted: id })
+}

package/src/app/api/skills/import/route.ts

@@ -0,0 +1,69 @@
+import crypto from 'crypto'
+import { NextResponse } from 'next/server'
+import { loadSkills, saveSkills } from '@/lib/server/storage'
+import { normalizeSkillPayload } from '@/lib/server/skills-normalize'
+
+const MAX_SKILL_BYTES = 2 * 1024 * 1024
+
+function validateHttpUrl(value: unknown): string {
+  if (typeof value !== 'string' || !value.trim()) {
+    throw new Error('url is required')
+  }
+  const parsed = new URL(value.trim())
+  if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+    throw new Error('Only http/https URLs are supported')
+  }
+  return parsed.toString()
+}
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json()
+    const url = validateHttpUrl(body.url)
+
+    const res = await fetch(url, {
+      signal: AbortSignal.timeout(20_000),
+      headers: {
+        'User-Agent': 'SwarmClaw/1.0 skill-import',
+      },
+    })
+
+    if (!res.ok) {
+      throw new Error(`Failed to fetch skill (${res.status})`)
+    }
+
+    const content = await res.text()
+    if (!content.trim()) {
+      throw new Error('Fetched skill file is empty')
+    }
+    if (Buffer.byteLength(content, 'utf8') > MAX_SKILL_BYTES) {
+      throw new Error('Skill file too large (max 2MB)')
+    }
+
+    const normalized = normalizeSkillPayload({
+      ...body,
+      content,
+      sourceUrl: url,
+    })
+
+    const skills = loadSkills()
+    const id = crypto.randomBytes(4).toString('hex')
+    skills[id] = {
+      id,
+      name: normalized.name,
+      filename: normalized.filename,
+      description: normalized.description,
+      content: normalized.content,
+      sourceUrl: normalized.sourceUrl,
+      sourceFormat: normalized.sourceFormat,
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+    }
+    saveSkills(skills)
+
+    return NextResponse.json(skills[id])
+  } catch (err: unknown) {
+    const message = err instanceof Error ? err.message : 'Failed to import skill'
+    return NextResponse.json({ error: message }, { status: 400 })
+  }
+}

package/src/app/api/skills/route.ts

@@ -0,0 +1,28 @@
+import { NextResponse } from 'next/server'
+import crypto from 'crypto'
+import { loadSkills, saveSkills } from '@/lib/server/storage'
+import { normalizeSkillPayload } from '@/lib/server/skills-normalize'
+
+export async function GET() {
+  return NextResponse.json(loadSkills())
+}
+
+export async function POST(req: Request) {
+  const body = await req.json()
+  const skills = loadSkills()
+  const id = crypto.randomBytes(4).toString('hex')
+  const normalized = normalizeSkillPayload(body)
+  skills[id] = {
+    id,
+    name: normalized.name,
+    filename: normalized.filename || `skill-${id}.md`,
+    content: normalized.content || '',
+    description: normalized.description || '',
+    sourceUrl: normalized.sourceUrl,
+    sourceFormat: normalized.sourceFormat,
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+  }
+  saveSkills(skills)
+  return NextResponse.json(skills[id])
+}

package/src/app/api/tasks/[id]/route.ts

@@ -0,0 +1,102 @@
+import crypto from 'crypto'
+import { NextResponse } from 'next/server'
+import { loadTasks, saveTasks } from '@/lib/server/storage'
+import { disableSessionHeartbeat, enqueueTask, validateCompletedTasksQueue } from '@/lib/server/queue'
+import { ensureTaskCompletionReport } from '@/lib/server/task-reports'
+import { formatValidationFailure, validateTaskCompletion } from '@/lib/server/task-validation'
+import { pushMainLoopEventToMainSessions } from '@/lib/server/main-agent-loop'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  // Keep completed queue integrity even if daemon is not running.
+  validateCompletedTasksQueue()
+
+  const { id } = await params
+  const tasks = loadTasks()
+  if (!tasks[id]) return new NextResponse(null, { status: 404 })
+  return NextResponse.json(tasks[id])
+}
+
+export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const body = await req.json()
+  const tasks = loadTasks()
+  if (!tasks[id]) return new NextResponse(null, { status: 404 })
+
+  const prevStatus = tasks[id].status
+
+  // Support atomic comment append to avoid race conditions
+  if (body.appendComment) {
+    if (!tasks[id].comments) tasks[id].comments = []
+    tasks[id].comments.push(body.appendComment)
+    tasks[id].updatedAt = Date.now()
+  } else {
+    Object.assign(tasks[id], body, { updatedAt: Date.now() })
+  }
+  tasks[id].id = id // prevent id overwrite
+
+  // Set archivedAt when transitioning to archived
+  if (prevStatus !== 'archived' && tasks[id].status === 'archived') {
+    tasks[id].archivedAt = Date.now()
+  }
+
+  // Re-validate any completed task updates so "completed" always means actually done.
+  if (tasks[id].status === 'completed') {
+    const report = ensureTaskCompletionReport(tasks[id])
+    if (report?.relativePath) tasks[id].completionReportPath = report.relativePath
+    const validation = validateTaskCompletion(tasks[id], { report })
+    tasks[id].validation = validation
+    if (validation.ok) {
+      tasks[id].completedAt = tasks[id].completedAt || Date.now()
+      tasks[id].error = null
+    } else {
+      tasks[id].status = 'failed'
+      tasks[id].completedAt = null
+      tasks[id].error = formatValidationFailure(validation.reasons).slice(0, 500)
+      if (!tasks[id].comments) tasks[id].comments = []
+      tasks[id].comments.push({
+        id: crypto.randomBytes(4).toString('hex'),
+        author: 'System',
+        text: `Completion validation failed.\n\n${validation.reasons.map((r) => `- ${r}`).join('\n')}`,
+        createdAt: Date.now(),
+      })
+    }
+  }
+
+  saveTasks(tasks)
+  if (prevStatus !== tasks[id].status) {
+    pushMainLoopEventToMainSessions({
+      type: 'task_status_changed',
+      text: `Task "${tasks[id].title}" (${id}) moved ${prevStatus} → ${tasks[id].status}.`,
+    })
+  }
+
+  // If task is manually transitioned to a terminal status, disable session heartbeat.
+  if (prevStatus !== tasks[id].status && (tasks[id].status === 'completed' || tasks[id].status === 'failed')) {
+    disableSessionHeartbeat(tasks[id].sessionId)
+  }
+
+  // If status changed to 'queued', enqueue it
+  if (prevStatus !== 'queued' && tasks[id].status === 'queued') {
+    enqueueTask(id)
+  }
+
+  return NextResponse.json(tasks[id])
+}
+
+export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const tasks = loadTasks()
+  if (!tasks[id]) return new NextResponse(null, { status: 404 })
+
+  // Soft delete: move to archived status instead of hard delete
+  tasks[id].status = 'archived'
+  tasks[id].archivedAt = Date.now()
+  tasks[id].updatedAt = Date.now()
+  saveTasks(tasks)
+  pushMainLoopEventToMainSessions({
+    type: 'task_archived',
+    text: `Task archived: "${tasks[id].title}" (${id}).`,
+  })
+
+  return NextResponse.json(tasks[id])
+}

package/src/app/api/tasks/route.ts

@@ -0,0 +1,115 @@
+import { NextResponse } from 'next/server'
+import crypto from 'crypto'
+import { loadTasks, saveTasks, loadSettings } from '@/lib/server/storage'
+import { enqueueTask, validateCompletedTasksQueue } from '@/lib/server/queue'
+import { ensureTaskCompletionReport } from '@/lib/server/task-reports'
+import { formatValidationFailure, validateTaskCompletion } from '@/lib/server/task-validation'
+import { pushMainLoopEventToMainSessions } from '@/lib/server/main-agent-loop'
+
+export async function GET(req: Request) {
+  // Keep completed queue integrity even if daemon is not running.
+  validateCompletedTasksQueue()
+
+  const { searchParams } = new URL(req.url)
+  const includeArchived = searchParams.get('includeArchived') === 'true'
+  const allTasks = loadTasks()
+
+  if (includeArchived) {
+    return NextResponse.json(allTasks)
+  }
+
+  // Exclude archived tasks by default
+  const filtered: Record<string, typeof allTasks[string]> = {}
+  for (const [id, task] of Object.entries(allTasks)) {
+    if (task.status !== 'archived') {
+      filtered[id] = task
+    }
+  }
+  return NextResponse.json(filtered)
+}
+
+export async function DELETE(req: Request) {
+  const { searchParams } = new URL(req.url)
+  const filter = searchParams.get('filter') // 'all' | 'schedule' | 'done' | null
+  const tasks = loadTasks()
+  let removed = 0
+
+  const shouldRemove = (task: { status: string; sourceType?: string }) =>
+    filter === 'all' ||
+    (filter === 'schedule' && task.sourceType === 'schedule') ||
+    (filter === 'done' && (task.status === 'completed' || task.status === 'failed')) ||
+    (!filter && task.status === 'archived')
+
+  const { deleteTask } = await import('@/lib/server/storage')
+  for (const [id, task] of Object.entries(tasks)) {
+    if (shouldRemove(task as { status: string; sourceType?: string })) {
+      deleteTask(id)
+      removed++
+    }
+  }
+  return NextResponse.json({ removed, remaining: Object.keys(tasks).length - removed })
+}
+
+export async function POST(req: Request) {
+  const body = await req.json()
+  const id = crypto.randomBytes(4).toString('hex')
+  const now = Date.now()
+  const tasks = loadTasks()
+  const settings = loadSettings()
+  const maxAttempts = Number.isFinite(Number(body.maxAttempts))
+    ? Math.max(1, Math.min(20, Math.trunc(Number(body.maxAttempts))))
+    : Math.max(1, Math.min(20, Math.trunc(Number(settings.defaultTaskMaxAttempts ?? 3))))
+  const retryBackoffSec = Number.isFinite(Number(body.retryBackoffSec))
+    ? Math.max(1, Math.min(3600, Math.trunc(Number(body.retryBackoffSec))))
+    : Math.max(1, Math.min(3600, Math.trunc(Number(settings.taskRetryBackoffSec ?? 30))))
+  tasks[id] = {
+    id,
+    title: body.title || 'Untitled Task',
+    description: body.description || '',
+    status: body.status || 'backlog',
+    agentId: body.agentId || '',
+    goalContract: body.goalContract || null,
+    cwd: typeof body.cwd === 'string' ? body.cwd : null,
+    file: typeof body.file === 'string' ? body.file : null,
+    sessionId: typeof body.sessionId === 'string' ? body.sessionId : null,
+    result: typeof body.result === 'string' ? body.result : null,
+    error: typeof body.error === 'string' ? body.error : null,
+    createdAt: now,
+    updatedAt: now,
+    queuedAt: null,
+    startedAt: null,
+    completedAt: null,
+    archivedAt: null,
+    attempts: 0,
+    maxAttempts,
+    retryBackoffSec,
+    retryScheduledAt: null,
+    deadLetteredAt: null,
+    checkpoint: null,
+  }
+
+  if (tasks[id].status === 'completed') {
+    const report = ensureTaskCompletionReport(tasks[id])
+    if (report?.relativePath) tasks[id].completionReportPath = report.relativePath
+    const validation = validateTaskCompletion(tasks[id], { report })
+    tasks[id].validation = validation
+    if (validation.ok) {
+      tasks[id].completedAt = Date.now()
+      tasks[id].error = null
+    } else {
+      tasks[id].status = 'failed'
+      tasks[id].completedAt = null
+      tasks[id].error = formatValidationFailure(validation.reasons).slice(0, 500)
+    }
+  }
+
+  saveTasks(tasks)
+  pushMainLoopEventToMainSessions({
+    type: 'task_created',
+    text: `Task created: "${tasks[id].title}" (${id}) with status ${tasks[id].status}.`,
+  })
+  if (tasks[id].status === 'queued') {
+    enqueueTask(id)
+  }
+  return NextResponse.json(tasks[id])
+}

package/src/app/api/tts/route.ts

@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server'
+import { loadSettings } from '@/lib/server/storage'
+
+export async function POST(req: Request) {
+  const settings = loadSettings()
+  const ELEVENLABS_KEY = settings.elevenLabsApiKey || process.env.ELEVENLABS_API_KEY
+  const ELEVENLABS_VOICE = settings.elevenLabsVoiceId || process.env.ELEVENLABS_VOICE || 'JBFqnCBsd6RMkjVDRZzb'
+
+  if (!ELEVENLABS_KEY) {
+    return new NextResponse('No ElevenLabs API key. Set one in Settings > Voice.', { status: 500 })
+  }
+
+  const { text } = await req.json()
+  const apiRes = await fetch(`https://api.elevenlabs.io/v1/text-to-speech/${ELEVENLABS_VOICE}`, {
+    method: 'POST',
+    headers: {
+      'xi-api-key': ELEVENLABS_KEY,
+      'Content-Type': 'application/json',
+      'Accept': 'audio/mpeg',
+    },
+    body: JSON.stringify({
+      text,
+      model_id: 'eleven_multilingual_v2',
+      voice_settings: { stability: 0.5, similarity_boost: 0.75 },
+    }),
+  })
+
+  if (!apiRes.ok) {
+    const err = await apiRes.text()
+    return new NextResponse(err, { status: apiRes.status })
+  }
+
+  const audioBuffer = await apiRes.arrayBuffer()
+  return new NextResponse(audioBuffer, {
+    headers: {
+      'Content-Type': 'audio/mpeg',
+      'Cache-Control': 'no-cache',
+    },
+  })
+}

package/src/app/api/upload/route.ts

@@ -0,0 +1,18 @@
+import { NextResponse } from 'next/server'
+import fs from 'fs'
+import path from 'path'
+import crypto from 'crypto'
+import { UPLOAD_DIR } from '@/lib/server/storage'
+
+export async function POST(req: Request) {
+  const filename = req.headers.get('x-filename') || 'image.png'
+  const buf = Buffer.from(await req.arrayBuffer())
+  const name = crypto.randomBytes(4).toString('hex') + '-' + filename.replace(/[^a-zA-Z0-9._-]/g, '_')
+  const filePath = path.join(UPLOAD_DIR, name)
+
+  if (!fs.existsSync(UPLOAD_DIR)) fs.mkdirSync(UPLOAD_DIR, { recursive: true })
+  fs.writeFileSync(filePath, buf)
+  console.log(`[upload] saved ${buf.length} bytes to ${filePath}`)
+
+  return NextResponse.json({ path: filePath, size: buf.length, url: `/api/uploads/${name}` })
+}