@swarmclawai/swarmclaw 0.2.0

package/src/app/api/connectors/route.ts

@@ -0,0 +1,60 @@
+import { NextResponse } from 'next/server'
+import crypto from 'crypto'
+import { loadConnectors, saveConnectors } from '@/lib/server/storage'
+import type { Connector } from '@/types'
+
+export async function GET() {
+  const connectors = loadConnectors()
+  // Merge runtime status from manager
+  try {
+    const { getConnectorStatus, isConnectorAuthenticated, hasConnectorCredentials, getConnectorQR } = await import('@/lib/server/connectors/manager')
+    for (const c of Object.values(connectors) as Connector[]) {
+      c.status = getConnectorStatus(c.id)
+      if (c.platform === 'whatsapp') {
+        c.authenticated = isConnectorAuthenticated(c.id)
+        c.hasCredentials = hasConnectorCredentials(c.id)
+        const qr = getConnectorQR(c.id)
+        if (qr) c.qrDataUrl = qr
+      }
+    }
+  } catch { /* manager not loaded yet */ }
+  return NextResponse.json(connectors)
+}
+
+export async function POST(req: Request) {
+  const body = await req.json()
+  const connectors = loadConnectors()
+  const id = crypto.randomBytes(4).toString('hex')
+
+  const connector: Connector = {
+    id,
+    name: body.name || `${body.platform} Connector`,
+    platform: body.platform,
+    agentId: body.agentId,
+    credentialId: body.credentialId || null,
+    config: body.config || {},
+    isEnabled: false,
+    status: 'stopped',
+    lastError: null,
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+  }
+
+  connectors[id] = connector
+  saveConnectors(connectors)
+
+  // Auto-start if connector has credentials (or is WhatsApp which uses QR)
+  const hasCredentials = connector.platform === 'whatsapp' || connector.platform === 'openclaw' || !!connector.credentialId
+  if (hasCredentials && body.autoStart !== false) {
+    try {
+      const { startConnector } = await import('@/lib/server/connectors/manager')
+      await startConnector(id)
+      connector.isEnabled = true
+      connector.status = 'running'
+      connectors[id] = connector
+      saveConnectors(connectors)
+    } catch { /* auto-start is best-effort */ }
+  }
+
+  return NextResponse.json(connector)
+}

package/src/app/api/credentials/[id]/route.ts

@@ -0,0 +1,14 @@
+import { NextResponse } from 'next/server'
+import { loadCredentials, saveCredentials } from '@/lib/server/storage'
+
+export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id: credId } = await params
+  const creds = loadCredentials()
+  if (!creds[credId]) {
+    return new NextResponse(null, { status: 404 })
+  }
+  delete creds[credId]
+  saveCredentials(creds)
+  console.log(`[credentials] deleted ${credId}`)
+  return new NextResponse('OK')
+}

package/src/app/api/credentials/route.ts

@@ -0,0 +1,31 @@
+import { NextResponse } from 'next/server'
+import crypto from 'crypto'
+import { loadCredentials, saveCredentials, encryptKey } from '@/lib/server/storage'
+
+export async function GET() {
+  const creds = loadCredentials()
+  const safe: Record<string, any> = {}
+  for (const [id, c] of Object.entries(creds) as [string, any][]) {
+    safe[id] = { id: c.id, provider: c.provider, name: c.name, createdAt: c.createdAt }
+  }
+  return NextResponse.json(safe)
+}
+
+export async function POST(req: Request) {
+  const { provider, name, apiKey } = await req.json()
+  if (!provider || !apiKey) {
+    return NextResponse.json({ error: 'provider and apiKey are required' }, { status: 400 })
+  }
+  const id = 'cred_' + crypto.randomBytes(6).toString('hex')
+  const creds = loadCredentials()
+  creds[id] = {
+    id,
+    provider,
+    name: name || `${provider} key`,
+    encryptedKey: encryptKey(apiKey),
+    createdAt: Date.now(),
+  }
+  saveCredentials(creds)
+  console.log(`[credentials] stored ${id} for ${provider}`)
+  return NextResponse.json({ id, provider, name: creds[id].name, createdAt: creds[id].createdAt })
+}

package/src/app/api/daemon/health-check/route.ts

@@ -0,0 +1,11 @@
+import { NextResponse } from 'next/server'
+import { ensureDaemonStarted, getDaemonStatus, runDaemonHealthCheckNow } from '@/lib/server/daemon-state'
+
+export async function POST() {
+  ensureDaemonStarted('api/daemon/health-check:post')
+  await runDaemonHealthCheckNow()
+  return NextResponse.json({
+    ok: true,
+    status: getDaemonStatus(),
+  })
+}

package/src/app/api/daemon/route.ts

@@ -0,0 +1,22 @@
+import { NextResponse } from 'next/server'
+import { ensureDaemonStarted, getDaemonStatus, startDaemon, stopDaemon } from '@/lib/server/daemon-state'
+
+export async function GET() {
+  ensureDaemonStarted('api/daemon:get')
+  return NextResponse.json(getDaemonStatus())
+}
+
+export async function POST(req: Request) {
+  const body = await req.json().catch(() => ({}))
+  const action = body.action
+
+  if (action === 'start') {
+    startDaemon({ source: 'api/daemon:post:start', manualStart: true })
+    return NextResponse.json({ ok: true, status: 'running' })
+  } else if (action === 'stop') {
+    stopDaemon({ source: 'api/daemon:post:stop', manualStop: true })
+    return NextResponse.json({ ok: true, status: 'stopped' })
+  }
+
+  return NextResponse.json({ error: 'Invalid action. Use "start" or "stop".' }, { status: 400 })
+}

package/src/app/api/dirs/pick/route.ts

@@ -0,0 +1,60 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { execSync } from 'child_process'
+import path from 'path'
+import os from 'os'
+
+function pickMacOS(mode: 'file' | 'folder'): string | null {
+  const script = mode === 'folder'
+    ? `osascript -e 'POSIX path of (choose folder with prompt "Select a directory")'`
+    : `osascript -e 'POSIX path of (choose file with prompt "Select a file")'`
+  try {
+    return execSync(script, { timeout: 60000, encoding: 'utf-8' }).trim().replace(/\/$/, '')
+  } catch {
+    return null
+  }
+}
+
+function pickLinux(mode: 'file' | 'folder'): string | null {
+  // Try zenity first (GTK), then kdialog (KDE)
+  const zenityFlag = mode === 'folder' ? '--file-selection --directory' : '--file-selection'
+  const kdialogFlag = mode === 'folder' ? '--getexistingdirectory ~' : '--getopenfilename ~'
+  for (const cmd of [
+    `zenity ${zenityFlag} --title="Select a ${mode}"`,
+    `kdialog ${kdialogFlag}`,
+  ]) {
+    try {
+      return execSync(cmd, { timeout: 60000, encoding: 'utf-8' }).trim()
+    } catch { /* try next */ }
+  }
+  return null
+}
+
+function pickWindows(mode: 'file' | 'folder'): string | null {
+  if (mode === 'folder') {
+    const ps = `Add-Type -AssemblyName System.Windows.Forms; $d = New-Object System.Windows.Forms.FolderBrowserDialog; if($d.ShowDialog() -eq 'OK'){$d.SelectedPath}`
+    try {
+      return execSync(`powershell -NoProfile -Command "${ps}"`, { timeout: 60000, encoding: 'utf-8' }).trim() || null
+    } catch { return null }
+  }
+  const ps = `Add-Type -AssemblyName System.Windows.Forms; $d = New-Object System.Windows.Forms.OpenFileDialog; if($d.ShowDialog() -eq 'OK'){$d.FileName}`
+  try {
+    return execSync(`powershell -NoProfile -Command "${ps}"`, { timeout: 60000, encoding: 'utf-8' }).trim() || null
+  } catch { return null }
+}
+
+export async function POST(req: NextRequest) {
+  const { mode = 'folder' } = (await req.json().catch(() => ({}))) as { mode?: 'file' | 'folder' }
+  const platform = os.platform()
+
+  let picked: string | null = null
+  if (platform === 'darwin') picked = pickMacOS(mode)
+  else if (platform === 'win32') picked = pickWindows(mode)
+  else picked = pickLinux(mode)
+
+  if (!picked) return NextResponse.json({ directory: null, file: null })
+
+  const directory = mode === 'folder' ? picked : path.dirname(picked)
+  const file = mode === 'file' ? picked : null
+
+  return NextResponse.json({ directory, file })
+}

package/src/app/api/dirs/route.ts

@@ -0,0 +1,29 @@
+import { NextRequest, NextResponse } from 'next/server'
+import fs from 'fs'
+import path from 'path'
+import os from 'os'
+
+export async function GET(req: NextRequest) {
+  const rawPath = req.nextUrl.searchParams.get('path')
+  const targetDir = rawPath || path.join(os.homedir(), 'Dev')
+
+  // Resolve ~ to home dir
+  const resolved = targetDir.startsWith('~')
+    ? path.join(os.homedir(), targetDir.slice(1))
+    : path.resolve(targetDir)
+
+  let dirs: Array<{ name: string; path: string }> = []
+  try {
+    dirs = fs.readdirSync(resolved)
+      .filter(d => {
+        if (d.startsWith('.')) return false
+        try { return fs.statSync(path.join(resolved, d)).isDirectory() } catch { return false }
+      })
+      .sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()))
+      .map(d => ({ name: d, path: path.join(resolved, d) }))
+  } catch {}
+
+  const parentPath = resolved === '/' ? null : path.dirname(resolved)
+
+  return NextResponse.json({ dirs, currentPath: resolved, parentPath })
+}

package/src/app/api/documents/[id]/route.ts

@@ -0,0 +1,47 @@
+import { NextResponse } from 'next/server'
+import { loadDocuments, saveDocuments } from '@/lib/server/storage'
+
+function normalizeObject(value: unknown): Record<string, unknown> {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) return {}
+  return value as Record<string, unknown>
+}
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const docs = loadDocuments()
+  const doc = docs[id]
+  if (!doc) return NextResponse.json({ error: 'Document not found' }, { status: 404 })
+  return NextResponse.json(doc)
+}
+
+export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const body = await req.json().catch(() => ({}))
+  const docs = loadDocuments()
+  const doc = docs[id]
+  if (!doc) return NextResponse.json({ error: 'Document not found' }, { status: 404 })
+
+  if (body.title !== undefined) doc.title = body.title
+  if (body.fileName !== undefined) doc.fileName = body.fileName
+  if (body.sourcePath !== undefined) doc.sourcePath = body.sourcePath
+  if (body.content !== undefined) doc.content = body.content
+  if (body.method !== undefined) doc.method = body.method
+  if (body.metadata !== undefined) doc.metadata = normalizeObject(body.metadata)
+  doc.textLength = typeof body.textLength === 'number'
+    ? body.textLength
+    : String(doc.content || '').length
+  doc.updatedAt = Date.now()
+
+  docs[id] = doc
+  saveDocuments(docs)
+  return NextResponse.json(doc)
+}
+
+export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const docs = loadDocuments()
+  if (!docs[id]) return NextResponse.json({ error: 'Document not found' }, { status: 404 })
+  delete docs[id]
+  saveDocuments(docs)
+  return NextResponse.json({ ok: true })
+}

package/src/app/api/documents/route.ts

@@ -0,0 +1,93 @@
+import crypto from 'crypto'
+import { NextResponse } from 'next/server'
+import { loadDocuments, saveDocuments } from '@/lib/server/storage'
+
+function normalizeLimit(raw: string | null, fallback = 10, max = 200): number {
+  if (!raw) return fallback
+  const parsed = Number.parseInt(raw, 10)
+  if (!Number.isFinite(parsed) || parsed <= 0) return fallback
+  return Math.min(parsed, max)
+}
+
+function normalizeObject(value: unknown): Record<string, unknown> {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) return {}
+  return value as Record<string, unknown>
+}
+
+export async function GET(req: Request) {
+  const docs = loadDocuments()
+  const { searchParams } = new URL(req.url)
+  const q = (searchParams.get('q') || '').trim().toLowerCase()
+
+  if (!q) {
+    return NextResponse.json(docs)
+  }
+
+  const terms = q.split(/\s+/).filter(Boolean)
+  const limit = normalizeLimit(searchParams.get('limit'), 10, 100)
+  const rows = Object.values(docs)
+    .map((doc: any) => {
+      const title = String(doc.title || '')
+      const content = String(doc.content || '')
+      const hay = `${title}\n${content}`.toLowerCase()
+      if (!terms.every((term) => hay.includes(term))) return null
+
+      let score = hay.includes(q) ? 10 : 0
+      for (const term of terms) {
+        let idx = hay.indexOf(term)
+        while (idx !== -1) {
+          score += 1
+          idx = hay.indexOf(term, idx + term.length)
+        }
+      }
+
+      const first = terms[0] || q
+      const at = hay.indexOf(first)
+      const snippetStart = at >= 0 ? Math.max(0, at - 120) : 0
+      const snippetEnd = Math.min(content.length, snippetStart + 320)
+      const snippet = content.slice(snippetStart, snippetEnd).replace(/\s+/g, ' ').trim()
+
+      return {
+        id: doc.id,
+        title: doc.title,
+        fileName: doc.fileName,
+        sourcePath: doc.sourcePath,
+        textLength: doc.textLength || content.length,
+        updatedAt: doc.updatedAt,
+        score,
+        snippet,
+      }
+    })
+    .filter(Boolean)
+    .sort((a: any, b: any) => b.score - a.score)
+    .slice(0, limit)
+
+  return NextResponse.json(rows)
+}
+
+export async function POST(req: Request) {
+  const body = await req.json().catch(() => ({}))
+  const now = Date.now()
+  const docs = loadDocuments()
+  const id = body.id || crypto.randomBytes(6).toString('hex')
+  const fileName = body.fileName || body.filename || ''
+  const title = body.title || fileName || 'Untitled Document'
+  const content = typeof body.content === 'string' ? body.content : ''
+  const metadata = normalizeObject(body.metadata)
+
+  docs[id] = {
+    id,
+    title,
+    fileName,
+    sourcePath: body.sourcePath || body.path || '',
+    method: body.method || 'manual',
+    textLength: body.textLength || content.length,
+    content,
+    metadata,
+    createdAt: body.createdAt || now,
+    updatedAt: now,
+  }
+
+  saveDocuments(docs)
+  return NextResponse.json(docs[id])
+}

package/src/app/api/files/serve/route.ts

@@ -0,0 +1,69 @@
+import { NextResponse } from 'next/server'
+import fs from 'fs'
+import path from 'path'
+
+const MIME_MAP: Record<string, string> = {
+  '.html': 'text/html',
+  '.htm': 'text/html',
+  '.css': 'text/css',
+  '.js': 'application/javascript',
+  '.json': 'application/json',
+  '.svg': 'image/svg+xml',
+  '.png': 'image/png',
+  '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg',
+  '.gif': 'image/gif',
+  '.webp': 'image/webp',
+  '.txt': 'text/plain',
+  '.md': 'text/markdown',
+  '.ts': 'text/plain',
+  '.tsx': 'text/plain',
+  '.jsx': 'text/plain',
+  '.py': 'text/plain',
+  '.sh': 'text/plain',
+}
+
+const MAX_SIZE = 10 * 1024 * 1024 // 10MB
+
+export async function GET(req: Request) {
+  const url = new URL(req.url)
+  const filePath = url.searchParams.get('path')
+
+  if (!filePath) {
+    return NextResponse.json({ error: 'Missing path parameter' }, { status: 400 })
+  }
+
+  // Resolve and normalize the path
+  const resolved = path.resolve(filePath)
+
+  // Block access to sensitive paths
+  const blocked = ['.env', 'credentials', '.ssh', '.gnupg', '.aws']
+  if (blocked.some((b) => resolved.includes(b))) {
+    return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+  }
+
+  if (!fs.existsSync(resolved)) {
+    return NextResponse.json({ error: 'File not found' }, { status: 404 })
+  }
+
+  const stat = fs.statSync(resolved)
+  if (!stat.isFile()) {
+    return NextResponse.json({ error: 'Not a file' }, { status: 400 })
+  }
+  if (stat.size > MAX_SIZE) {
+    return NextResponse.json({ error: 'File too large' }, { status: 413 })
+  }
+
+  const ext = path.extname(resolved).toLowerCase()
+  const contentType = MIME_MAP[ext] || 'application/octet-stream'
+  const content = fs.readFileSync(resolved)
+
+  return new NextResponse(content, {
+    headers: {
+      'Content-Type': contentType,
+      'Content-Disposition': contentType.startsWith('text/') || contentType.startsWith('image/')
+        ? 'inline'
+        : `attachment; filename="${path.basename(resolved)}"`,
+    },
+  })
+}

package/src/app/api/generate/info/route.ts

@@ -0,0 +1,12 @@
+import { NextResponse } from 'next/server'
+import { buildLLM } from '@/lib/server/build-llm'
+
+/** Returns which provider/model the generate endpoints will use */
+export async function GET() {
+  try {
+    const { provider, model } = await buildLLM()
+    return NextResponse.json({ provider, model })
+  } catch (err: any) {
+    return NextResponse.json({ provider: 'none', model: '', error: err.message })
+  }
+}

package/src/app/api/generate/route.ts

@@ -0,0 +1,106 @@
+import { NextResponse } from 'next/server'
+import { z } from 'zod'
+import { buildLLM } from '@/lib/server/build-llm'
+
+const scheduleSchema = z.object({
+  name: z.string().describe('Short descriptive name for the schedule'),
+  taskPrompt: z.string().describe('The prompt/instructions the agent should execute when the schedule fires'),
+  scheduleType: z.enum(['cron', 'interval', 'once']).describe('Type of schedule'),
+  cron: z.string().optional().describe('Cron expression if scheduleType is cron, e.g. "0 9 * * 1" for every Monday at 9am'),
+  intervalMs: z.number().optional().describe('Interval in milliseconds if scheduleType is interval'),
+})
+
+const taskSchema = z.object({
+  title: z.string().describe('Short descriptive title for the task'),
+  description: z.string().describe('Detailed description of what needs to be done'),
+})
+
+const skillSchema = z.object({
+  name: z.string().describe('Short name for the skill'),
+  description: z.string().describe('One sentence describing what this skill does'),
+  content: z.string().describe('Full markdown content of the skill — detailed instructions, at least 3-4 paragraphs'),
+})
+
+const providerSchema = z.object({
+  name: z.string().describe('Display name for the provider, e.g. "Together AI", "Groq", "z.ai"'),
+  baseUrl: z.string().describe('The OpenAI-compatible API base URL, e.g. "https://api.together.xyz/v1" or "https://api.groq.com/openai/v1"'),
+  models: z.string().describe('Comma-separated list of available model IDs, e.g. "llama-3-70b,mixtral-8x7b"'),
+  requiresApiKey: z.boolean().describe('Whether this provider requires an API key'),
+})
+
+const SCHEMAS: Record<string, { schema: z.ZodObject<any>; prompt: string }> = {
+  schedule: {
+    schema: scheduleSchema,
+    prompt: `You are a schedule generator for SwarmClaw, an AI agent orchestration platform. The user will describe what they want scheduled. Generate a complete schedule definition.
+
+Choose the appropriate scheduleType:
+- "cron" for recurring schedules (provide a cron expression)
+- "interval" for periodic execution (provide intervalMs in milliseconds)
+- "once" for one-time execution
+
+Make the taskPrompt detailed and specific — it should contain everything the agent needs to know to complete the task.`,
+  },
+  task: {
+    schema: taskSchema,
+    prompt: `You are a task generator for SwarmClaw, an AI agent orchestration platform. The user will describe a task they want to create. Generate a clear task definition.
+
+Make the description thorough and actionable — include specific goals, acceptance criteria, and any relevant context. The description should give an AI agent enough information to complete the task autonomously.`,
+  },
+  skill: {
+    schema: skillSchema,
+    prompt: `You are a skill generator for SwarmClaw, an AI agent orchestration platform. Skills are reusable markdown instruction sets that get injected into agent system prompts.
+
+The user will describe what skill they want. Generate a comprehensive skill definition with detailed markdown content. The content should be:
+- Written as instructions/guidelines for an AI agent
+- Thorough and specific (at least 3-4 paragraphs)
+- Structured with markdown headings, lists, and examples
+- Focused on actionable guidance the agent can follow`,
+  },
+  provider: {
+    schema: providerSchema,
+    prompt: `You are a provider configuration generator for SwarmClaw, an AI agent orchestration platform. The user will name an LLM provider they want to add.
+
+Generate the correct OpenAI-compatible API configuration. You should know the base URLs and model names for popular providers:
+- Together AI: https://api.together.xyz/v1
+- Groq: https://api.groq.com/openai/v1
+- Fireworks: https://api.fireworks.ai/inference/v1
+- Perplexity: https://api.perplexity.ai
+- Mistral: https://api.mistral.ai/v1
+- DeepSeek: https://api.deepseek.com/v1
+- OpenRouter: https://openrouter.ai/api/v1
+- xAI/Grok: https://api.x.ai/v1
+- z.ai: https://api.z.ai/v1
+
+List the most popular/recommended models for the provider as comma-separated values. Most providers require an API key.
+If you don't know the exact URL, make your best guess based on common patterns (provider domain + /v1).`,
+  },
+}
+
+export async function POST(req: Request) {
+  const { type, prompt } = await req.json()
+  if (!prompt?.trim()) {
+    return NextResponse.json({ error: 'prompt is required' }, { status: 400 })
+  }
+  const config = SCHEMAS[type]
+  if (!config) {
+    return NextResponse.json({ error: `Invalid type: ${type}. Must be one of: ${Object.keys(SCHEMAS).join(', ')}` }, { status: 400 })
+  }
+
+  try {
+    const { llm, provider } = await buildLLM()
+    const structured = provider === 'anthropic'
+      ? llm.withStructuredOutput(config.schema)
+      : (llm as any).withStructuredOutput(config.schema, {
+          name: `${type}_definition`,
+          method: 'functionCalling',
+        })
+    const result = await structured.invoke([
+      { role: 'system' as const, content: config.prompt },
+      { role: 'user' as const, content: prompt },
+    ], { signal: AbortSignal.timeout(60_000) })
+    return NextResponse.json(result)
+  } catch (err: unknown) {
+    const message = err instanceof Error ? err.message : 'Generation failed'
+    return NextResponse.json({ error: message }, { status: 500 })
+  }
+}

package/src/app/api/ip/route.ts

@@ -0,0 +1,6 @@
+import { NextResponse } from 'next/server'
+import { localIP } from '@/lib/server/storage'
+
+export async function GET() {
+  return NextResponse.json({ ip: localIP(), port: parseInt(process.env.PORT || '3000') })
+}

package/src/app/api/knowledge/[id]/route.ts

@@ -0,0 +1,61 @@
+import { NextResponse } from 'next/server'
+import { getMemoryDb } from '@/lib/server/memory-db'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const db = getMemoryDb()
+  const entry = db.get(id)
+  if (!entry || entry.category !== 'knowledge') {
+    return new NextResponse(null, { status: 404 })
+  }
+  return NextResponse.json(entry)
+}
+
+export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const db = getMemoryDb()
+  const existing = db.get(id)
+  if (!existing || existing.category !== 'knowledge') {
+    return new NextResponse(null, { status: 404 })
+  }
+
+  const body = await req.json().catch(() => null)
+  if (!body || typeof body !== 'object' || Array.isArray(body)) {
+    return NextResponse.json({ error: 'Invalid JSON body.' }, { status: 400 })
+  }
+
+  const { title, content, tags } = body as Record<string, unknown>
+
+  const updates: Record<string, unknown> = {}
+  if (typeof title === 'string' && title.trim()) {
+    updates.title = title.trim()
+  }
+  if (typeof content === 'string') {
+    updates.content = content
+  }
+
+  const existingMeta = (existing.metadata || {}) as Record<string, unknown>
+  if (Array.isArray(tags)) {
+    const normalizedTags = (tags as unknown[]).filter(
+      (t): t is string => typeof t === 'string' && t.trim().length > 0,
+    )
+    updates.metadata = { ...existingMeta, tags: normalizedTags }
+  }
+
+  const updated = db.update(id, updates)
+  if (!updated) {
+    return new NextResponse(null, { status: 404 })
+  }
+  return NextResponse.json(updated)
+}
+
+export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const db = getMemoryDb()
+  const existing = db.get(id)
+  if (!existing || existing.category !== 'knowledge') {
+    return new NextResponse(null, { status: 404 })
+  }
+  db.delete(id)
+  return NextResponse.json({ deleted: id })
+}