@swarmclawai/swarmclaw 0.2.0

package/src/app/api/uploads/[filename]/route.ts

@@ -0,0 +1,59 @@
+import { NextResponse } from 'next/server'
+import fs from 'fs'
+import path from 'path'
+import { UPLOAD_DIR } from '@/lib/server/storage'
+
+const MIME_TYPES: Record<string, string> = {
+  '.png': 'image/png',
+  '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg',
+  '.gif': 'image/gif',
+  '.webp': 'image/webp',
+  '.svg': 'image/svg+xml',
+  '.bmp': 'image/bmp',
+  '.ico': 'image/x-icon',
+  '.mp4': 'video/mp4',
+  '.webm': 'video/webm',
+  '.mov': 'video/quicktime',
+  '.avi': 'video/x-msvideo',
+  '.mkv': 'video/x-matroska',
+  '.pdf': 'application/pdf',
+  '.json': 'application/json',
+  '.csv': 'text/csv',
+  '.txt': 'text/plain',
+  '.html': 'text/html',
+  '.xml': 'application/xml',
+  '.zip': 'application/zip',
+  '.tar': 'application/x-tar',
+  '.gz': 'application/gzip',
+  '.doc': 'application/msword',
+  '.docx': 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+  '.xls': 'application/vnd.ms-excel',
+  '.xlsx': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+  '.ppt': 'application/vnd.ms-powerpoint',
+  '.pptx': 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+  '.mp3': 'audio/mpeg',
+  '.wav': 'audio/wav',
+  '.ogg': 'audio/ogg',
+}
+
+export async function GET(_req: Request, { params }: { params: Promise<{ filename: string }> }) {
+  const { filename } = await params
+  const safeName = filename.replace(/[^a-zA-Z0-9._-]/g, '')
+  const filePath = path.join(UPLOAD_DIR, safeName)
+
+  if (!fs.existsSync(filePath)) {
+    return new NextResponse(null, { status: 404 })
+  }
+
+  const ext = path.extname(safeName).toLowerCase()
+  const contentType = MIME_TYPES[ext] || 'application/octet-stream'
+  const data = fs.readFileSync(filePath)
+
+  return new NextResponse(data, {
+    headers: {
+      'Content-Type': contentType,
+      'Cache-Control': 'public, max-age=86400',
+    },
+  })
+}

package/src/app/api/usage/route.ts

@@ -0,0 +1,35 @@
+import { NextResponse } from 'next/server'
+import { loadUsage } from '@/lib/server/storage'
+
+export async function GET() {
+  const usage = loadUsage()
+  // Compute summary
+  let totalTokens = 0
+  let totalCost = 0
+  const bySession: Record<string, { tokens: number; cost: number; count: number }> = {}
+  const byProvider: Record<string, { tokens: number; cost: number; count: number }> = {}
+
+  for (const [sessionId, records] of Object.entries(usage)) {
+    for (const r of records) {
+      totalTokens += r.totalTokens || 0
+      totalCost += r.estimatedCost || 0
+      if (!bySession[sessionId]) bySession[sessionId] = { tokens: 0, cost: 0, count: 0 }
+      bySession[sessionId].tokens += r.totalTokens || 0
+      bySession[sessionId].cost += r.estimatedCost || 0
+      bySession[sessionId].count++
+      const prov = r.provider || 'unknown'
+      if (!byProvider[prov]) byProvider[prov] = { tokens: 0, cost: 0, count: 0 }
+      byProvider[prov].tokens += r.totalTokens || 0
+      byProvider[prov].cost += r.estimatedCost || 0
+      byProvider[prov].count++
+    }
+  }
+
+  return NextResponse.json({
+    totalTokens,
+    totalCost: Math.round(totalCost * 10000) / 10000,
+    bySession,
+    byProvider,
+    raw: usage,
+  })
+}

package/src/app/api/version/route.ts

@@ -0,0 +1,81 @@
+import { NextResponse } from 'next/server'
+import { execSync } from 'child_process'
+
+let cachedRemote: {
+  sha: string
+  behindBy: number
+  channel: 'stable' | 'main'
+  remoteTag: string | null
+  checkedAt: number
+} | null = null
+const CACHE_TTL = 60_000 // 60s
+const RELEASE_TAG_RE = /^v\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/
+
+function run(cmd: string): string {
+  return execSync(cmd, { encoding: 'utf-8', cwd: process.cwd(), timeout: 15_000 }).trim()
+}
+
+function getLatestStableTag(): string | null {
+  const tags = run(`git tag --list 'v*' --sort=-v:refname`)
+    .split('\n')
+    .map((line) => line.trim())
+    .filter(Boolean)
+  return tags.find((tag) => RELEASE_TAG_RE.test(tag)) || null
+}
+
+function getHeadStableTag(): string | null {
+  const tags = run(`git tag --points-at HEAD --list 'v*' --sort=-v:refname`)
+    .split('\n')
+    .map((line) => line.trim())
+    .filter(Boolean)
+  return tags.find((tag) => RELEASE_TAG_RE.test(tag)) || null
+}
+
+export async function GET() {
+  try {
+    const localSha = run('git rev-parse --short HEAD')
+    const localTag = getHeadStableTag()
+
+    let remoteSha = cachedRemote?.sha ?? localSha
+    let behindBy = cachedRemote?.behindBy ?? 0
+    let channel: 'stable' | 'main' = cachedRemote?.channel ?? 'main'
+    let remoteTag = cachedRemote?.remoteTag ?? null
+
+    if (!cachedRemote || Date.now() - cachedRemote.checkedAt > CACHE_TTL) {
+      try {
+        run('git fetch --tags origin --quiet')
+        const latestTag = getLatestStableTag()
+        if (latestTag) {
+          channel = 'stable'
+          remoteTag = latestTag
+          remoteSha = run(`git rev-parse --short ${latestTag}^{commit}`)
+          behindBy = parseInt(run(`git rev-list HEAD..${latestTag}^{commit} --count`), 10) || 0
+        } else {
+          // Fallback for repos without release tags yet.
+          channel = 'main'
+          remoteTag = null
+          run('git fetch origin main --quiet')
+          behindBy = parseInt(run('git rev-list HEAD..origin/main --count'), 10) || 0
+          remoteSha = behindBy > 0
+            ? run('git rev-parse --short origin/main')
+            : localSha
+        }
+        cachedRemote = { sha: remoteSha, behindBy, channel, remoteTag, checkedAt: Date.now() }
+      } catch {
+        // fetch failed (no network, no remote, etc.) — use stale cache or defaults
+      }
+    }
+
+    return NextResponse.json({
+      localSha,
+      localTag,
+      remoteSha,
+      remoteTag,
+      channel,
+      updateAvailable: behindBy > 0,
+      behindBy,
+    })
+  } catch {
+    return NextResponse.json({ error: 'Not a git repository' }, { status: 500 })
+  }
+}

package/src/app/api/version/update/route.ts

@@ -0,0 +1,95 @@
+import { NextResponse } from 'next/server'
+import { execSync } from 'child_process'
+
+const RELEASE_TAG_RE = /^v\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/
+
+function run(cmd: string): string {
+  return execSync(cmd, { encoding: 'utf-8', cwd: process.cwd(), timeout: 60_000 }).trim()
+}
+
+function getLatestStableTag(): string | null {
+  const tags = run(`git tag --list 'v*' --sort=-v:refname`)
+    .split('\n')
+    .map((line) => line.trim())
+    .filter(Boolean)
+  return tags.find((tag) => RELEASE_TAG_RE.test(tag)) || null
+}
+
+function ensureCleanWorkingTree() {
+  const dirty = run('git status --porcelain')
+  if (dirty) {
+    throw new Error('Local changes detected. Commit/stash them first, then retry update.')
+  }
+}
+
+export async function POST() {
+  try {
+    const beforeSha = run('git rev-parse --short HEAD')
+    const beforeRef = run('git rev-parse HEAD')
+    const currentBranch = run('git rev-parse --abbrev-ref HEAD')
+    let pullOutput = ''
+    let channel: 'stable' | 'main' = 'main'
+    let targetTag: string | null = null
+    let switchedToStable = false
+
+    // Prefer latest stable release tags when available.
+    try {
+      run('git fetch --tags origin --quiet')
+      const latestTag = getLatestStableTag()
+      if (latestTag) {
+        channel = 'stable'
+        targetTag = latestTag
+        const targetRef = `${latestTag}^{commit}`
+        const targetSha = run(`git rev-parse ${targetRef}`)
+        if (targetSha !== beforeRef) {
+          ensureCleanWorkingTree()
+          // Keep end-user installs on a predictable "stable" branch that tracks release tags.
+          run(`git checkout -B stable ${targetRef}`)
+          switchedToStable = currentBranch !== 'stable'
+          pullOutput = `Updated to stable release ${latestTag}.`
+        } else {
+          pullOutput = `Already on latest stable release ${latestTag}.`
+        }
+      }
+    } catch {
+      // If stable-tag flow fails, fallback to main.
+      channel = 'main'
+      targetTag = null
+    }
+
+    if (channel === 'main') {
+      // Fallback for repos without release tags.
+      pullOutput = run('git pull --ff-only origin main')
+    }
+
+    // Check if package-lock.json changed in the pull
+    let installedDeps = false
+    try {
+      const diff = run(`git diff --name-only ${beforeSha}..HEAD`)
+      if (diff.includes('package-lock.json') || diff.includes('package.json')) {
+        run('npm install --omit=dev')
+        installedDeps = true
+      }
+    } catch {
+      // If diff fails (e.g. first commit), skip install check
+    }
+
+    const newSha = run('git rev-parse --short HEAD')
+
+    return NextResponse.json({
+      success: true,
+      newSha,
+      pullOutput,
+      installedDeps,
+      channel,
+      targetTag,
+      switchedToStable,
+      needsRestart: true,
+    })
+  } catch (e) {
+    return NextResponse.json(
+      { success: false, error: e instanceof Error ? e.message : 'Update failed' },
+      { status: 500 }
+    )
+  }
+}

package/src/app/api/webhooks/[id]/history/route.ts

@@ -0,0 +1,13 @@
+import { NextResponse } from 'next/server'
+import { loadWebhookLogs } from '@/lib/server/storage'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const allLogs = loadWebhookLogs()
+  const entries = Object.values(allLogs)
+    .filter((entry: any) => entry.webhookId === id)
+    .sort((a: any, b: any) => (b.timestamp || 0) - (a.timestamp || 0))
+    .slice(0, 100)
+
+  return NextResponse.json(entries)
+}

package/src/app/api/webhooks/[id]/route.ts

@@ -0,0 +1,204 @@
+import crypto from 'crypto'
+import { NextResponse } from 'next/server'
+import { loadAgents, loadSessions, loadWebhooks, saveSessions, saveWebhooks, appendWebhookLog } from '@/lib/server/storage'
+import { enqueueSessionRun } from '@/lib/server/session-run-manager'
+
+function normalizeEvents(value: unknown): string[] {
+  if (!Array.isArray(value)) return []
+  return value
+    .filter((v): v is string => typeof v === 'string')
+    .map((v) => v.trim())
+    .filter(Boolean)
+}
+
+function eventMatches(registered: string[], incoming: string): boolean {
+  if (registered.length === 0) return true
+  if (registered.includes('*')) return true
+  return registered.includes(incoming)
+}
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const webhooks = loadWebhooks()
+  const webhook = webhooks[id]
+  if (!webhook) return NextResponse.json({ error: 'Webhook not found' }, { status: 404 })
+  return NextResponse.json(webhook)
+}
+
+export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const body = await req.json().catch(() => ({}))
+  const webhooks = loadWebhooks()
+  const webhook = webhooks[id]
+  if (!webhook) return NextResponse.json({ error: 'Webhook not found' }, { status: 404 })
+
+  if (body.name !== undefined) webhook.name = body.name
+  if (body.source !== undefined) webhook.source = body.source
+  if (body.events !== undefined) webhook.events = normalizeEvents(body.events)
+  if (body.agentId !== undefined) webhook.agentId = body.agentId
+  if (body.secret !== undefined) webhook.secret = body.secret
+  if (body.isEnabled !== undefined) webhook.isEnabled = !!body.isEnabled
+  webhook.updatedAt = Date.now()
+
+  webhooks[id] = webhook
+  saveWebhooks(webhooks)
+  return NextResponse.json(webhook)
+}
+
+export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const webhooks = loadWebhooks()
+  if (!webhooks[id]) return NextResponse.json({ error: 'Webhook not found' }, { status: 404 })
+  delete webhooks[id]
+  saveWebhooks(webhooks)
+  return NextResponse.json({ ok: true })
+}
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const webhooks = loadWebhooks()
+  const webhook = webhooks[id]
+  if (!webhook) return NextResponse.json({ error: 'Webhook not found' }, { status: 404 })
+  if (webhook.isEnabled === false) {
+    appendWebhookLog(crypto.randomBytes(8).toString('hex'), {
+      id: crypto.randomBytes(8).toString('hex'), webhookId: id, event: 'unknown',
+      payload: '', status: 'error', error: 'Webhook is disabled', timestamp: Date.now(),
+    })
+    return NextResponse.json({ error: 'Webhook is disabled' }, { status: 409 })
+  }
+
+  const secret = typeof webhook.secret === 'string' ? webhook.secret.trim() : ''
+  if (secret) {
+    const url = new URL(req.url)
+    const provided = req.headers.get('x-webhook-secret') || url.searchParams.get('secret') || ''
+    if (provided !== secret) {
+      appendWebhookLog(crypto.randomBytes(8).toString('hex'), {
+        id: crypto.randomBytes(8).toString('hex'), webhookId: id, event: 'unknown',
+        payload: '', status: 'error', error: 'Invalid webhook secret', timestamp: Date.now(),
+      })
+      return NextResponse.json({ error: 'Invalid webhook secret' }, { status: 401 })
+    }
+  }
+
+  let payload: unknown = null
+  let rawBody = ''
+  const contentType = req.headers.get('content-type') || ''
+  if (contentType.includes('application/json')) {
+    try {
+      payload = await req.json()
+      rawBody = JSON.stringify(payload)
+    } catch {
+      payload = {}
+      rawBody = '{}'
+    }
+  } else {
+    rawBody = await req.text()
+    try {
+      payload = JSON.parse(rawBody)
+    } catch {
+      payload = { raw: rawBody }
+    }
+  }
+
+  const url = new URL(req.url)
+  const incomingEvent = String(
+    (payload as Record<string, unknown> | null)?.type
+      || (payload as Record<string, unknown> | null)?.event
+      || req.headers.get('x-event-type')
+      || url.searchParams.get('event')
+      || 'unknown',
+  )
+  const registeredEvents = normalizeEvents(webhook.events)
+  if (!eventMatches(registeredEvents, incomingEvent)) {
+    return NextResponse.json({
+      ok: true,
+      ignored: true,
+      reason: 'Event does not match webhook filters',
+      event: incomingEvent,
+    })
+  }
+
+  const agents = loadAgents()
+  const agent = webhook.agentId ? agents[webhook.agentId] : null
+  if (!agent) {
+    appendWebhookLog(crypto.randomBytes(8).toString('hex'), {
+      id: crypto.randomBytes(8).toString('hex'), webhookId: id, event: incomingEvent,
+      payload: (rawBody || '').slice(0, 2000), status: 'error', error: 'Webhook agent is not configured or missing', timestamp: Date.now(),
+    })
+    return NextResponse.json({ error: 'Webhook agent is not configured or missing' }, { status: 400 })
+  }
+
+  const sessions = loadSessions()
+  const sessionName = `webhook:${id}`
+  let session = Object.values(sessions).find((s: any) => s.name === sessionName && s.agentId === agent.id) as any
+  if (!session) {
+    const sessionId = crypto.randomBytes(4).toString('hex')
+    const now = Date.now()
+    session = {
+      id: sessionId,
+      name: sessionName,
+      cwd: process.cwd(),
+      user: 'system',
+      provider: agent.provider || 'claude-cli',
+      model: agent.model || '',
+      credentialId: agent.credentialId || null,
+      apiEndpoint: agent.apiEndpoint || null,
+      claudeSessionId: null,
+      codexThreadId: null,
+      opencodeSessionId: null,
+      delegateResumeIds: {
+        claudeCode: null,
+        codex: null,
+        opencode: null,
+      },
+      messages: [],
+      createdAt: now,
+      lastActiveAt: now,
+      sessionType: 'orchestrated',
+      agentId: agent.id,
+      parentSessionId: null,
+      tools: agent.tools || [],
+      heartbeatEnabled: agent.heartbeatEnabled ?? true,
+      heartbeatIntervalSec: agent.heartbeatIntervalSec ?? null,
+    }
+    sessions[session.id] = session
+    saveSessions(sessions)
+  }
+
+  const payloadPreview = (rawBody || '').slice(0, 12_000)
+  const prompt = [
+    'Webhook event received.',
+    `Webhook ID: ${id}`,
+    `Webhook Name: ${webhook.name || id}`,
+    `Source: ${webhook.source || 'custom'}`,
+    `Event: ${incomingEvent}`,
+    `Received At: ${new Date().toISOString()}`,
+    '',
+    'Payload:',
+    payloadPreview || '(empty payload)',
+    '',
+    'Handle this event now. If this requires notifying the user, use configured connector tools.',
+  ].join('\n')
+
+  const run = enqueueSessionRun({
+    sessionId: session.id,
+    message: prompt,
+    source: 'webhook',
+    internal: false,
+    mode: 'followup',
+  })
+
+  appendWebhookLog(crypto.randomBytes(8).toString('hex'), {
+    id: crypto.randomBytes(8).toString('hex'), webhookId: id, event: incomingEvent,
+    payload: (rawBody || '').slice(0, 2000), status: 'success',
+    sessionId: session.id, runId: run.runId, timestamp: Date.now(),
+  })
+
+  return NextResponse.json({
+    ok: true,
+    webhookId: id,
+    event: incomingEvent,
+    sessionId: session.id,
+    runId: run.runId,
+  })
+}

package/src/app/api/webhooks/route.ts

@@ -0,0 +1,37 @@
+import crypto from 'crypto'
+import { NextResponse } from 'next/server'
+import { loadWebhooks, saveWebhooks } from '@/lib/server/storage'
+
+function normalizeEvents(value: unknown): string[] {
+  if (!Array.isArray(value)) return []
+  return value
+    .filter((v): v is string => typeof v === 'string')
+    .map((v) => v.trim())
+    .filter(Boolean)
+}
+
+export async function GET() {
+  return NextResponse.json(loadWebhooks())
+}
+
+export async function POST(req: Request) {
+  const body = await req.json().catch(() => ({}))
+  const webhooks = loadWebhooks()
+  const id = crypto.randomBytes(4).toString('hex')
+  const now = Date.now()
+
+  webhooks[id] = {
+    id,
+    name: typeof body.name === 'string' ? body.name : 'Unnamed Webhook',
+    source: typeof body.source === 'string' ? body.source : 'custom',
+    events: normalizeEvents(body.events),
+    agentId: typeof body.agentId === 'string' ? body.agentId : null,
+    secret: typeof body.secret === 'string' ? body.secret : '',
+    isEnabled: body.isEnabled !== false,
+    createdAt: now,
+    updatedAt: now,
+  }
+
+  saveWebhooks(webhooks)
+  return NextResponse.json(webhooks[id])
+}