npm - @swarmclawai/swarmclaw - Versions diffs - 0.2.0 - Mend

@swarmclawai/swarmclaw 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (319) hide show

package/README.md +577 -0
package/bin/server-cmd.js +359 -0
package/bin/swarmclaw.js +29 -0
package/bin/swarmclaw.mjs +1504 -0
package/next.config.ts +33 -0
package/package.json +112 -0
package/postcss.config.mjs +7 -0
package/public/branding/swarmclaw-org-avatar.png +0 -0
package/public/branding/swarmclaw-org-avatar.svg +58 -0
package/public/file.svg +1 -0
package/public/globe.svg +1 -0
package/public/next.svg +1 -0
package/public/screenshots/agents.png +0 -0
package/public/screenshots/connectors.png +0 -0
package/public/screenshots/dashboard.png +0 -0
package/public/screenshots/new-session-openclaw.png +0 -0
package/public/screenshots/providers.png +0 -0
package/public/screenshots/schedules.png +0 -0
package/public/screenshots/tasks.png +0 -0
package/public/vercel.svg +1 -0
package/public/window.svg +1 -0
package/src/app/api/agents/[id]/route.ts +30 -0
package/src/app/api/agents/[id]/thread/route.ts +66 -0
package/src/app/api/agents/generate/route.ts +42 -0
package/src/app/api/agents/route.ts +33 -0
package/src/app/api/auth/route.ts +25 -0
package/src/app/api/claude-skills/route.ts +42 -0
package/src/app/api/clawhub/install/route.ts +39 -0
package/src/app/api/clawhub/search/route.ts +11 -0
package/src/app/api/connectors/[id]/route.ts +79 -0
package/src/app/api/connectors/route.ts +60 -0
package/src/app/api/credentials/[id]/route.ts +14 -0
package/src/app/api/credentials/route.ts +31 -0
package/src/app/api/daemon/health-check/route.ts +11 -0
package/src/app/api/daemon/route.ts +22 -0
package/src/app/api/dirs/pick/route.ts +60 -0
package/src/app/api/dirs/route.ts +29 -0
package/src/app/api/documents/[id]/route.ts +47 -0
package/src/app/api/documents/route.ts +93 -0
package/src/app/api/files/serve/route.ts +69 -0
package/src/app/api/generate/info/route.ts +12 -0
package/src/app/api/generate/route.ts +106 -0
package/src/app/api/ip/route.ts +6 -0
package/src/app/api/knowledge/[id]/route.ts +61 -0
package/src/app/api/knowledge/route.ts +48 -0
package/src/app/api/knowledge/upload/route.ts +86 -0
package/src/app/api/logs/route.ts +65 -0
package/src/app/api/mcp-servers/[id]/route.ts +32 -0
package/src/app/api/mcp-servers/[id]/test/route.ts +23 -0
package/src/app/api/mcp-servers/[id]/tools/route.ts +32 -0
package/src/app/api/mcp-servers/route.ts +27 -0
package/src/app/api/memory/[id]/route.ts +126 -0
package/src/app/api/memory/maintenance/route.ts +63 -0
package/src/app/api/memory/route.ts +111 -0
package/src/app/api/memory-images/[filename]/route.ts +36 -0
package/src/app/api/orchestrator/run/route.ts +43 -0
package/src/app/api/plugins/install/route.ts +58 -0
package/src/app/api/plugins/marketplace/route.ts +33 -0
package/src/app/api/plugins/route.ts +21 -0
package/src/app/api/preview-server/route.ts +339 -0
package/src/app/api/providers/[id]/models/route.ts +29 -0
package/src/app/api/providers/[id]/route.ts +34 -0
package/src/app/api/providers/configs/route.ts +7 -0
package/src/app/api/providers/ollama/route.ts +30 -0
package/src/app/api/providers/openclaw/health/route.ts +23 -0
package/src/app/api/providers/route.ts +28 -0
package/src/app/api/runs/[id]/route.ts +9 -0
package/src/app/api/runs/route.ts +13 -0
package/src/app/api/schedules/[id]/route.ts +28 -0
package/src/app/api/schedules/[id]/run/route.ts +104 -0
package/src/app/api/schedules/route.ts +78 -0
package/src/app/api/secrets/[id]/route.ts +29 -0
package/src/app/api/secrets/route.ts +42 -0
package/src/app/api/sessions/[id]/browser/route.ts +13 -0
package/src/app/api/sessions/[id]/chat/route.ts +96 -0
package/src/app/api/sessions/[id]/clear/route.ts +19 -0
package/src/app/api/sessions/[id]/deploy/route.ts +34 -0
package/src/app/api/sessions/[id]/devserver/route.ts +69 -0
package/src/app/api/sessions/[id]/mailbox/route.ts +70 -0
package/src/app/api/sessions/[id]/main-loop/route.ts +94 -0
package/src/app/api/sessions/[id]/messages/route.ts +9 -0
package/src/app/api/sessions/[id]/retry/route.ts +28 -0
package/src/app/api/sessions/[id]/route.ts +103 -0
package/src/app/api/sessions/[id]/stop/route.ts +13 -0
package/src/app/api/sessions/heartbeat/route.ts +26 -0
package/src/app/api/sessions/route.ts +85 -0
package/src/app/api/settings/route.ts +58 -0
package/src/app/api/setup/check-provider/route.ts +326 -0
package/src/app/api/setup/doctor/route.ts +250 -0
package/src/app/api/skills/[id]/route.ts +40 -0
package/src/app/api/skills/import/route.ts +69 -0
package/src/app/api/skills/route.ts +28 -0
package/src/app/api/tasks/[id]/route.ts +102 -0
package/src/app/api/tasks/route.ts +115 -0
package/src/app/api/tts/route.ts +40 -0
package/src/app/api/upload/route.ts +18 -0
package/src/app/api/uploads/[filename]/route.ts +59 -0
package/src/app/api/usage/route.ts +35 -0
package/src/app/api/version/route.ts +81 -0
package/src/app/api/version/update/route.ts +95 -0
package/src/app/api/webhooks/[id]/history/route.ts +13 -0
package/src/app/api/webhooks/[id]/route.ts +204 -0
package/src/app/api/webhooks/route.ts +37 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +370 -0
package/src/app/layout.tsx +52 -0
package/src/app/page.tsx +172 -0
package/src/cli/index.js +1232 -0
package/src/cli/index.test.js +281 -0
package/src/cli/index.ts +1158 -0
package/src/cli/spec.js +284 -0
package/src/components/agents/agent-card.tsx +219 -0
package/src/components/agents/agent-chat-list.tsx +165 -0
package/src/components/agents/agent-list.tsx +110 -0
package/src/components/agents/agent-sheet.tsx +1220 -0
package/src/components/auth/access-key-gate.tsx +248 -0
package/src/components/auth/setup-wizard.tsx +940 -0
package/src/components/auth/user-picker.tsx +88 -0
package/src/components/chat/chat-area.tsx +406 -0
package/src/components/chat/chat-header.tsx +491 -0
package/src/components/chat/chat-tool-toggles.tsx +161 -0
package/src/components/chat/code-block.tsx +146 -0
package/src/components/chat/dev-server-bar.tsx +39 -0
package/src/components/chat/message-bubble.tsx +486 -0
package/src/components/chat/message-list.tsx +299 -0
package/src/components/chat/session-debug-panel.tsx +196 -0
package/src/components/chat/streaming-bubble.tsx +85 -0
package/src/components/chat/thinking-indicator.tsx +26 -0
package/src/components/chat/tool-call-bubble.tsx +438 -0
package/src/components/chat/tool-request-banner.tsx +103 -0
package/src/components/connectors/connector-list.tsx +196 -0
package/src/components/connectors/connector-sheet.tsx +804 -0
package/src/components/input/chat-input.tsx +235 -0
package/src/components/knowledge/knowledge-list.tsx +206 -0
package/src/components/knowledge/knowledge-sheet.tsx +316 -0
package/src/components/layout/app-layout.tsx +1016 -0
package/src/components/layout/daemon-indicator.tsx +56 -0
package/src/components/layout/mobile-header.tsx +31 -0
package/src/components/layout/network-banner.tsx +17 -0
package/src/components/layout/update-banner.tsx +130 -0
package/src/components/logs/log-list.tsx +358 -0
package/src/components/mcp-servers/mcp-server-list.tsx +122 -0
package/src/components/mcp-servers/mcp-server-sheet.tsx +243 -0
package/src/components/memory/memory-card.tsx +63 -0
package/src/components/memory/memory-detail.tsx +339 -0
package/src/components/memory/memory-list.tsx +198 -0
package/src/components/memory/memory-sheet.tsx +70 -0
package/src/components/plugins/plugin-list.tsx +60 -0
package/src/components/plugins/plugin-sheet.tsx +311 -0
package/src/components/providers/provider-list.tsx +96 -0
package/src/components/providers/provider-sheet.tsx +542 -0
package/src/components/runs/run-list.tsx +231 -0
package/src/components/schedules/schedule-card.tsx +63 -0
package/src/components/schedules/schedule-list.tsx +76 -0
package/src/components/schedules/schedule-sheet.tsx +336 -0
package/src/components/secrets/secret-sheet.tsx +180 -0
package/src/components/secrets/secrets-list.tsx +91 -0
package/src/components/sessions/new-session-sheet.tsx +478 -0
package/src/components/sessions/session-card.tsx +144 -0
package/src/components/sessions/session-list.tsx +202 -0
package/src/components/shared/ai-gen-block.tsx +77 -0
package/src/components/shared/avatar.tsx +48 -0
package/src/components/shared/bottom-sheet.tsx +30 -0
package/src/components/shared/confirm-dialog.tsx +47 -0
package/src/components/shared/connector-platform-icon.tsx +113 -0
package/src/components/shared/dir-browser.tsx +285 -0
package/src/components/shared/dropdown.tsx +55 -0
package/src/components/shared/icon-button.tsx +25 -0
package/src/components/shared/settings/plugin-manager.tsx +207 -0
package/src/components/shared/settings/section-capability-policy.tsx +93 -0
package/src/components/shared/settings/section-embedding.tsx +99 -0
package/src/components/shared/settings/section-heartbeat.tsx +168 -0
package/src/components/shared/settings/section-memory.tsx +77 -0
package/src/components/shared/settings/section-orchestrator.tsx +108 -0
package/src/components/shared/settings/section-providers.tsx +181 -0
package/src/components/shared/settings/section-runtime-loop.tsx +183 -0
package/src/components/shared/settings/section-secrets.tsx +132 -0
package/src/components/shared/settings/section-user-preferences.tsx +24 -0
package/src/components/shared/settings/section-voice.tsx +53 -0
package/src/components/shared/settings/settings-sheet.tsx +88 -0
package/src/components/shared/settings/types.ts +7 -0
package/src/components/shared/settings/utils.ts +13 -0
package/src/components/shared/settings-sheet.tsx +1 -0
package/src/components/shared/skeleton.tsx +19 -0
package/src/components/shared/usage-badge.tsx +28 -0
package/src/components/skills/clawhub-browser.tsx +225 -0
package/src/components/skills/skill-list.tsx +70 -0
package/src/components/skills/skill-sheet.tsx +254 -0
package/src/components/tasks/task-board.tsx +96 -0
package/src/components/tasks/task-card.tsx +179 -0
package/src/components/tasks/task-column.tsx +73 -0
package/src/components/tasks/task-list.tsx +118 -0
package/src/components/tasks/task-sheet.tsx +415 -0
package/src/components/ui/avatar.tsx +109 -0
package/src/components/ui/badge.tsx +48 -0
package/src/components/ui/button.tsx +64 -0
package/src/components/ui/card.tsx +92 -0
package/src/components/ui/dialog.tsx +158 -0
package/src/components/ui/dropdown-menu.tsx +257 -0
package/src/components/ui/input.tsx +21 -0
package/src/components/ui/scroll-area.tsx +58 -0
package/src/components/ui/select.tsx +190 -0
package/src/components/ui/separator.tsx +28 -0
package/src/components/ui/sheet.tsx +143 -0
package/src/components/ui/sonner.tsx +22 -0
package/src/components/ui/textarea.tsx +18 -0
package/src/components/ui/tooltip.tsx +56 -0
package/src/components/usage/usage-list.tsx +105 -0
package/src/components/webhooks/webhook-list.tsx +166 -0
package/src/components/webhooks/webhook-sheet.tsx +402 -0
package/src/hooks/use-auto-resize.ts +20 -0
package/src/hooks/use-media-query.ts +21 -0
package/src/hooks/use-speech-recognition.ts +83 -0
package/src/instrumentation.ts +8 -0
package/src/lib/agents.ts +13 -0
package/src/lib/api-client.ts +100 -0
package/src/lib/chat.ts +60 -0
package/src/lib/memory.ts +42 -0
package/src/lib/openclaw-endpoint.test.ts +48 -0
package/src/lib/openclaw-endpoint.ts +67 -0
package/src/lib/provider-config.ts +13 -0
package/src/lib/providers/anthropic.ts +135 -0
package/src/lib/providers/claude-cli.ts +202 -0
package/src/lib/providers/codex-cli.ts +260 -0
package/src/lib/providers/index.ts +351 -0
package/src/lib/providers/ollama.ts +131 -0
package/src/lib/providers/openai.ts +164 -0
package/src/lib/providers/openclaw.ts +330 -0
package/src/lib/providers/opencode-cli.ts +164 -0
package/src/lib/runtime-loop.ts +15 -0
package/src/lib/schedule-dedupe.test.ts +84 -0
package/src/lib/schedule-dedupe.ts +174 -0
package/src/lib/schedule-name.ts +62 -0
package/src/lib/schedules.ts +16 -0
package/src/lib/server/agent-registry.ts +70 -0
package/src/lib/server/api-routes.test.ts +362 -0
package/src/lib/server/autonomy-contract.ts +200 -0
package/src/lib/server/build-llm.ts +155 -0
package/src/lib/server/capability-router.test.ts +21 -0
package/src/lib/server/capability-router.ts +172 -0
package/src/lib/server/chat-execution.ts +894 -0
package/src/lib/server/clawhub-client.test.ts +161 -0
package/src/lib/server/clawhub-client.ts +26 -0
package/src/lib/server/connectors/connector-routing.test.ts +243 -0
package/src/lib/server/connectors/discord.ts +116 -0
package/src/lib/server/connectors/googlechat.ts +66 -0
package/src/lib/server/connectors/manager.ts +559 -0
package/src/lib/server/connectors/matrix.ts +78 -0
package/src/lib/server/connectors/media.ts +149 -0
package/src/lib/server/connectors/openclaw.test.ts +375 -0
package/src/lib/server/connectors/openclaw.ts +1132 -0
package/src/lib/server/connectors/signal.ts +183 -0
package/src/lib/server/connectors/slack.ts +258 -0
package/src/lib/server/connectors/teams.ts +94 -0
package/src/lib/server/connectors/telegram.ts +221 -0
package/src/lib/server/connectors/types.ts +62 -0
package/src/lib/server/connectors/whatsapp.ts +349 -0
package/src/lib/server/context-manager.ts +232 -0
package/src/lib/server/cost.ts +31 -0
package/src/lib/server/daemon-state.ts +354 -0
package/src/lib/server/data-dir.ts +3 -0
package/src/lib/server/embeddings.ts +111 -0
package/src/lib/server/execution-log.ts +257 -0
package/src/lib/server/gateway/protocol.test.ts +54 -0
package/src/lib/server/gateway/protocol.ts +114 -0
package/src/lib/server/heartbeat-service.ts +366 -0
package/src/lib/server/knowledge-db.test.ts +441 -0
package/src/lib/server/logger.ts +47 -0
package/src/lib/server/main-agent-loop.ts +1017 -0
package/src/lib/server/mcp-client.test.ts +342 -0
package/src/lib/server/mcp-client.ts +130 -0
package/src/lib/server/memory-db.ts +1078 -0
package/src/lib/server/memory-graph.test.ts +153 -0
package/src/lib/server/memory-graph.ts +138 -0
package/src/lib/server/openclaw-health.ts +245 -0
package/src/lib/server/orchestrator-lg.ts +431 -0
package/src/lib/server/orchestrator.ts +364 -0
package/src/lib/server/playwright-proxy.mjs +70 -0
package/src/lib/server/plugins.ts +229 -0
package/src/lib/server/process-manager.ts +327 -0
package/src/lib/server/provider-health.ts +113 -0
package/src/lib/server/queue.ts +859 -0
package/src/lib/server/runtime-settings.ts +119 -0
package/src/lib/server/scheduler.ts +196 -0
package/src/lib/server/session-mailbox.ts +129 -0
package/src/lib/server/session-run-manager.ts +512 -0
package/src/lib/server/session-tools/connector.ts +124 -0
package/src/lib/server/session-tools/context-mgmt.ts +103 -0
package/src/lib/server/session-tools/context.ts +114 -0
package/src/lib/server/session-tools/crud.ts +673 -0
package/src/lib/server/session-tools/delegate.ts +708 -0
package/src/lib/server/session-tools/file.ts +264 -0
package/src/lib/server/session-tools/index.ts +164 -0
package/src/lib/server/session-tools/memory.ts +230 -0
package/src/lib/server/session-tools/session-info.ts +422 -0
package/src/lib/server/session-tools/session-tools-wiring.test.ts +166 -0
package/src/lib/server/session-tools/shell.ts +171 -0
package/src/lib/server/session-tools/web.ts +408 -0
package/src/lib/server/session-tools.ts +9 -0
package/src/lib/server/skills-normalize.ts +130 -0
package/src/lib/server/storage-mcp.test.ts +161 -0
package/src/lib/server/storage.ts +670 -0
package/src/lib/server/stream-agent-chat.ts +571 -0
package/src/lib/server/task-reports.ts +122 -0
package/src/lib/server/task-result.ts +161 -0
package/src/lib/server/task-validation.test.ts +27 -0
package/src/lib/server/task-validation.ts +90 -0
package/src/lib/server/tool-capability-policy.test.ts +58 -0
package/src/lib/server/tool-capability-policy.ts +262 -0
package/src/lib/sessions.ts +68 -0
package/src/lib/tasks.ts +20 -0
package/src/lib/tts.ts +42 -0
package/src/lib/upload.ts +10 -0
package/src/lib/utils.ts +6 -0
package/src/proxy.ts +43 -0
package/src/stores/use-app-store.ts +468 -0
package/src/stores/use-chat-store.ts +323 -0
package/src/types/index.ts +621 -0
package/tsconfig.json +34 -0

package/src/lib/server/tool-capability-policy.ts ADDED Viewed

@@ -0,0 +1,262 @@
+import type { AppSettings } from '@/types'
+export type CapabilityPolicyMode = 'permissive' | 'balanced' | 'strict'
+export interface CapabilityPolicyBlock {
+  tool: string
+  reason: string
+  source: 'safety' | 'policy'
+}
+export interface SessionToolPolicyDecision {
+  mode: CapabilityPolicyMode
+  requestedTools: string[]
+  enabledTools: string[]
+  blockedTools: CapabilityPolicyBlock[]
+}
+type CapabilityCategory =
+  | 'filesystem'
+  | 'execution'
+  | 'network'
+  | 'browser'
+  | 'memory'
+  | 'delegation'
+  | 'platform'
+  | 'outbound'
+interface ToolDescriptor {
+  categories: CapabilityCategory[]
+  concreteTools: string[]
+  destructive?: boolean
+}
+const TOOL_DESCRIPTORS: Record<string, ToolDescriptor> = {
+  shell: { categories: ['execution'], concreteTools: ['execute_command'] },
+  process: { categories: ['execution'], concreteTools: ['process_tool'] },
+  files: { categories: ['filesystem'], concreteTools: ['read_file', 'write_file', 'list_files', 'send_file'] },
+  read_file: { categories: ['filesystem'], concreteTools: ['read_file'] },
+  write_file: { categories: ['filesystem'], concreteTools: ['write_file'] },
+  list_files: { categories: ['filesystem'], concreteTools: ['list_files'] },
+  send_file: { categories: ['filesystem'], concreteTools: ['send_file'] },
+  copy_file: { categories: ['filesystem'], concreteTools: ['copy_file'] },
+  move_file: { categories: ['filesystem'], concreteTools: ['move_file'] },
+  edit_file: { categories: ['filesystem'], concreteTools: ['edit_file'] },
+  delete_file: { categories: ['filesystem'], concreteTools: ['delete_file'], destructive: true },
+  web_search: { categories: ['network'], concreteTools: ['web_search'] },
+  web_fetch: { categories: ['network'], concreteTools: ['web_fetch'] },
+  browser: { categories: ['browser', 'network'], concreteTools: ['browser'] },
+  claude_code: { categories: ['delegation', 'execution'], concreteTools: ['delegate_to_claude_code'] },
+  codex_cli: { categories: ['delegation', 'execution'], concreteTools: ['delegate_to_codex_cli'] },
+  opencode_cli: { categories: ['delegation', 'execution'], concreteTools: ['delegate_to_opencode_cli'] },
+  memory: { categories: ['memory'], concreteTools: ['memory_tool', 'context_status', 'context_summarize'] },
+  manage_agents: { categories: ['platform'], concreteTools: ['manage_agents'] },
+  manage_tasks: { categories: ['platform'], concreteTools: ['manage_tasks'] },
+  manage_schedules: { categories: ['platform'], concreteTools: ['manage_schedules'] },
+  manage_skills: { categories: ['platform'], concreteTools: ['manage_skills'] },
+  manage_documents: { categories: ['platform'], concreteTools: ['manage_documents'] },
+  manage_webhooks: { categories: ['platform', 'network'], concreteTools: ['manage_webhooks'] },
+  manage_connectors: { categories: ['platform', 'outbound'], concreteTools: ['manage_connectors', 'connector_message_tool'] },
+  manage_sessions: { categories: ['platform'], concreteTools: ['manage_sessions', 'sessions_tool', 'search_history_tool', 'whoami_tool'] },
+  manage_secrets: { categories: ['platform'], concreteTools: ['manage_secrets'] },
+}
+const CONCRETE_TOOL_TO_SESSION_TOOL = new Map<string, string>()
+for (const [sessionTool, descriptor] of Object.entries(TOOL_DESCRIPTORS)) {
+  for (const concreteName of descriptor.concreteTools) {
+    CONCRETE_TOOL_TO_SESSION_TOOL.set(concreteName, sessionTool)
+  }
+}
+function normalizeName(value: unknown): string {
+  return typeof value === 'string' ? value.trim().toLowerCase() : ''
+}
+function normalizeMode(value: unknown): CapabilityPolicyMode {
+  const mode = normalizeName(value)
+  if (mode === 'strict') return 'strict'
+  if (mode === 'balanced') return 'balanced'
+  return 'permissive'
+}
+function normalizeList(value: unknown): string[] {
+  if (!Array.isArray(value)) return []
+  const names: string[] = []
+  for (const entry of value) {
+    const normalized = normalizeName(entry)
+    if (!normalized) continue
+    names.push(normalized)
+  }
+  return Array.from(new Set(names))
+}
+function getSettingsList(settings: Record<string, unknown>, key: string): string[] {
+  return normalizeList(settings[key])
+}
+function modeBlocksTool(mode: CapabilityPolicyMode, toolName: string, descriptor?: ToolDescriptor): string | null {
+  if (!descriptor) return null
+  if (mode === 'permissive') return null
+  if (mode === 'balanced' && descriptor.destructive) {
+    return 'blocked by balanced policy (destructive tool)'
+  }
+  if (mode !== 'strict') return null
+  if (descriptor.destructive) return 'blocked by strict policy (destructive tool)'
+  if (descriptor.categories.some((c) => ['execution', 'delegation', 'platform', 'outbound', 'filesystem'].includes(c))) {
+    return 'blocked by strict policy'
+  }
+  if (toolName === 'manage_connectors') return 'blocked by strict policy'
+  return null
+}
+function safetyMatchesTool(safetyBlocked: Set<string>, toolName: string, descriptor?: ToolDescriptor): boolean {
+  if (safetyBlocked.has(toolName)) return true
+  if (!descriptor) return false
+  for (const concreteName of descriptor.concreteTools) {
+    if (safetyBlocked.has(concreteName)) return true
+  }
+  if (toolName === 'memory' && safetyBlocked.has('memory_tool')) return true
+  if (toolName === 'manage_connectors' && safetyBlocked.has('connector_message_tool')) return true
+  if (toolName === 'manage_sessions' && (
+    safetyBlocked.has('sessions_tool')
+    || safetyBlocked.has('search_history_tool')
+    || safetyBlocked.has('whoami_tool')
+  )) return true
+  if (toolName === 'claude_code' && safetyBlocked.has('delegate_to_claude_code')) return true
+  if (toolName === 'codex_cli' && safetyBlocked.has('delegate_to_codex_cli')) return true
+  if (toolName === 'opencode_cli' && safetyBlocked.has('delegate_to_opencode_cli')) return true
+  return false
+}
+function policyMatchesTool(blockedNames: Set<string>, toolName: string, descriptor?: ToolDescriptor): boolean {
+  if (blockedNames.has(toolName)) return true
+  if (!descriptor) return false
+  return descriptor.concreteTools.some((concreteName) => blockedNames.has(concreteName))
+}
+function categoryBlockReason(blockedCategories: Set<string>, descriptor?: ToolDescriptor): string | null {
+  if (!descriptor || !blockedCategories.size) return null
+  for (const category of descriptor.categories) {
+    if (blockedCategories.has(category)) {
+      return `blocked by policy category "${category}"`
+    }
+  }
+  return null
+}
+function ensureSettings(settings?: AppSettings | Record<string, unknown> | null): Record<string, unknown> {
+  if (!settings || typeof settings !== 'object') return {}
+  return settings as Record<string, unknown>
+}
+function parsePolicyConfig(settings: Record<string, unknown>) {
+  const mode = normalizeMode(settings.capabilityPolicyMode)
+  const safetyBlocked = new Set(getSettingsList(settings, 'safetyBlockedTools'))
+  const policyBlockedNames = new Set(getSettingsList(settings, 'capabilityBlockedTools'))
+  const policyAllowedNames = new Set(getSettingsList(settings, 'capabilityAllowedTools'))
+  const blockedCategories = new Set(getSettingsList(settings, 'capabilityBlockedCategories'))
+  return {
+    mode,
+    safetyBlocked,
+    policyBlockedNames,
+    policyAllowedNames,
+    blockedCategories,
+  }
+}
+export function resolveSessionToolPolicy(
+  sessionTools: string[] | undefined,
+  settings?: AppSettings | Record<string, unknown> | null,
+): SessionToolPolicyDecision {
+  const normalizedSettings = ensureSettings(settings)
+  const {
+    mode,
+    safetyBlocked,
+    policyBlockedNames,
+    policyAllowedNames,
+    blockedCategories,
+  } = parsePolicyConfig(normalizedSettings)
+  const requestedTools = Array.isArray(sessionTools)
+    ? Array.from(new Set(sessionTools.map((tool) => normalizeName(tool)).filter(Boolean)))
+    : []
+  const enabledTools: string[] = []
+  const blockedTools: CapabilityPolicyBlock[] = []
+  for (const toolName of requestedTools) {
+    const descriptor = TOOL_DESCRIPTORS[toolName]
+    if (safetyMatchesTool(safetyBlocked, toolName, descriptor)) {
+      blockedTools.push({ tool: toolName, reason: 'blocked by safety policy', source: 'safety' })
+      continue
+    }
+    if (policyAllowedNames.has(toolName)) {
+      enabledTools.push(toolName)
+      continue
+    }
+    if (policyMatchesTool(policyBlockedNames, toolName, descriptor)) {
+      blockedTools.push({ tool: toolName, reason: 'blocked by explicit policy rule', source: 'policy' })
+      continue
+    }
+    const categoryReason = categoryBlockReason(blockedCategories, descriptor)
+    if (categoryReason) {
+      blockedTools.push({ tool: toolName, reason: categoryReason, source: 'policy' })
+      continue
+    }
+    const modeReason = modeBlocksTool(mode, toolName, descriptor)
+    if (modeReason) {
+      blockedTools.push({ tool: toolName, reason: modeReason, source: 'policy' })
+      continue
+    }
+    enabledTools.push(toolName)
+  }
+  return {
+    mode,
+    requestedTools,
+    enabledTools,
+    blockedTools,
+  }
+}
+export function resolveConcreteToolPolicyBlock(
+  concreteToolName: string,
+  decision: SessionToolPolicyDecision,
+  settings?: AppSettings | Record<string, unknown> | null,
+): string | null {
+  const name = normalizeName(concreteToolName)
+  if (!name) return 'invalid tool name'
+  const normalizedSettings = ensureSettings(settings)
+  const {
+    safetyBlocked,
+    policyBlockedNames,
+    policyAllowedNames,
+  } = parsePolicyConfig(normalizedSettings)
+  if (safetyBlocked.has(name)) return 'blocked by safety policy'
+  const mappedTool = CONCRETE_TOOL_TO_SESSION_TOOL.get(name)
+  if (mappedTool && safetyBlocked.has(mappedTool)) return `blocked because "${mappedTool}" is safety-blocked`
+  if (policyBlockedNames.has(name)) return 'blocked by explicit policy rule'
+  if (mappedTool && policyBlockedNames.has(mappedTool) && !policyAllowedNames.has(mappedTool)) {
+    return `blocked because "${mappedTool}" is policy-blocked`
+  }
+  if (mappedTool) {
+    const blockedRoot = decision.blockedTools.find((entry) => entry.tool === mappedTool)
+    if (blockedRoot) return blockedRoot.reason
+    const enabledRoot = decision.enabledTools.includes(mappedTool)
+    if (!enabledRoot) return `tool family "${mappedTool}" is not enabled for this session`
+  }
+  return null
+}

package/src/lib/sessions.ts ADDED Viewed

@@ -0,0 +1,68 @@
+import { api } from './api-client'
+import type {
+  Sessions, Session, Message, Directory, DevServerStatus, DeployResult,
+  ProviderInfo, Credential, Credentials, ProviderType, SessionType,
+} from '../types'
+export const fetchSessions = () => api<Sessions>('GET', '/sessions')
+export const createSession = (
+  name: string,
+  cwd: string,
+  user: string,
+  provider?: ProviderType,
+  model?: string,
+  credentialId?: string | null,
+  apiEndpoint?: string | null,
+  sessionType?: SessionType,
+  agentId?: string | null,
+  tools?: string[],
+  file?: string | null,
+) =>
+  api<Session>('POST', '/sessions', {
+    name, cwd: cwd || undefined, user,
+    provider, model, credentialId, apiEndpoint,
+    sessionType, agentId, tools, file: file || undefined,
+  })
+export const updateSession = (id: string, updates: Partial<Pick<Session, 'name' | 'cwd'>>) =>
+  api<Session>('PUT', `/sessions/${id}`, updates)
+export const deleteSession = (id: string) =>
+  api<string>('DELETE', `/sessions/${id}`)
+export const fetchMessages = (id: string) =>
+  api<Message[]>('GET', `/sessions/${id}/messages`)
+export const clearMessages = (id: string) =>
+  api<string>('POST', `/sessions/${id}/clear`)
+export const stopSession = (id: string) =>
+  api<string>('POST', `/sessions/${id}/stop`)
+export const fetchDirs = async () => {
+  const data = await api<{ dirs: Directory[] }>('GET', '/dirs')
+  return data.dirs
+}
+export const devServer = (id: string, action: 'start' | 'stop' | 'status') =>
+  api<DevServerStatus>('POST', `/sessions/${id}/devserver`, { action })
+export const checkBrowser = (id: string) =>
+  api<{ active: boolean }>('GET', `/sessions/${id}/browser`)
+export const stopBrowser = (id: string) =>
+  api<string>('DELETE', `/sessions/${id}/browser`)
+export const deploy = (id: string, message: string) =>
+  api<DeployResult>('POST', `/sessions/${id}/deploy`, { message })
+export const fetchProviders = () => api<ProviderInfo[]>('GET', '/providers')
+export const fetchCredentials = () => api<Credentials>('GET', '/credentials')
+export const createCredential = (provider: string, name: string, apiKey: string) =>
+  api<Credential>('POST', '/credentials', { provider, name, apiKey })
+export const deleteCredential = (id: string) =>
+  api<string>('DELETE', `/credentials/${id}`)

package/src/lib/tasks.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { api } from './api-client'
+import type { BoardTask } from '../types'
+export const fetchTasks = (includeArchived = false) =>
+  api<Record<string, BoardTask>>('GET', `/tasks${includeArchived ? '?includeArchived=true' : ''}`)
+export const createTask = (data: { title: string; description: string; agentId: string }) =>
+  api<BoardTask>('POST', '/tasks', data)
+export const updateTask = (id: string, data: Partial<BoardTask>) =>
+  api<BoardTask>('PUT', `/tasks/${id}`, data)
+export const deleteTask = (id: string) =>
+  api<BoardTask>('DELETE', `/tasks/${id}`)
+export const archiveTask = (id: string) =>
+  api<BoardTask>('PUT', `/tasks/${id}`, { status: 'archived' })
+export const unarchiveTask = (id: string) =>
+  api<BoardTask>('PUT', `/tasks/${id}`, { status: 'backlog' })

package/src/lib/tts.ts ADDED Viewed

@@ -0,0 +1,42 @@
+let audioCtx: AudioContext | null = null
+let currentSource: AudioBufferSourceNode | null = null
+function ensureContext() {
+  if (!audioCtx) audioCtx = new AudioContext()
+  if (audioCtx.state === 'suspended') audioCtx.resume()
+}
+export function initAudioContext() {
+  ensureContext()
+}
+export async function speak(text: string) {
+  if (currentSource) {
+    try { currentSource.stop() } catch { /* noop */ }
+    currentSource = null
+  }
+  ensureContext()
+  if (!audioCtx) return
+  const res = await fetch('/api/tts', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ text: text.slice(0, 2000) }),
+  })
+  if (!res.ok) return
+  const buf = await res.arrayBuffer()
+  const audio = await audioCtx.decodeAudioData(buf)
+  currentSource = audioCtx.createBufferSource()
+  currentSource.buffer = audio
+  currentSource.connect(audioCtx.destination)
+  currentSource.onended = () => { currentSource = null }
+  currentSource.start()
+}
+export function stopSpeaking() {
+  if (currentSource) {
+    try { currentSource.stop() } catch { /* noop */ }
+    currentSource = null
+  }
+}

package/src/lib/upload.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { UploadResult } from '../types'
+export async function uploadImage(file: File): Promise<UploadResult> {
+  const res = await fetch('/api/upload', {
+    method: 'POST',
+    headers: { 'X-Filename': file.name },
+    body: file,
+  })
+  return res.json()
+}

package/src/lib/utils.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { clsx, type ClassValue } from "clsx"
+import { twMerge } from "tailwind-merge"
+export function cn(...inputs: ClassValue[]) {
+  return twMerge(clsx(inputs))
+}

package/src/proxy.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { NextResponse } from 'next/server'
+import type { NextRequest } from 'next/server'
+/** Simple access key auth proxy.
+ *  Checks X-Access-Key header or ?key= param on all /api/ routes except /api/auth.
+ *  The key is validated against the ACCESS_KEY env var.
+ */
+export function proxy(request: NextRequest) {
+  const { pathname } = request.nextUrl
+  const isWebhookTrigger = request.method === 'POST'
+    && /^\/api\/webhooks\/[^/]+\/?$/.test(pathname)
+  // Only protect API routes (not auth, uploads served as static assets, or inbound webhooks)
+  if (
+    !pathname.startsWith('/api/')
+    || pathname === '/api/auth'
+    || pathname.startsWith('/api/uploads/')
+    || isWebhookTrigger
+  ) {
+    return NextResponse.next()
+  }
+  const accessKey = process.env.ACCESS_KEY
+  if (!accessKey) {
+    // No key configured — allow all (dev mode)
+    return NextResponse.next()
+  }
+  const providedKey =
+    request.headers.get('x-access-key')
+    || request.nextUrl.searchParams.get('key')
+    || ''
+  if (providedKey !== accessKey) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+  return NextResponse.next()
+}
+export const config = {
+  matcher: '/api/:path*',
+}