@swarmclawai/swarmclaw 0.3.0 → 0.4.0

package/src/lib/server/session-tools/delegate.ts

@@ -619,8 +619,8 @@ export function buildDelegateTools(bctx: ToolBuildContext): StructuredToolInterf
     }
   }
 
-  // delegate_to_agent: requires orchestrator capability to be enabled
-  if (bctx.activeTools.includes('orchestrator') && ctx?.agentId) {
+  // delegate_to_agent: requires "Assign to Other Agents" (platformAssignScope: 'all')
+  if (ctx?.platformAssignScope === 'all' && ctx?.agentId) {
     tools.push(
       tool(
         async ({ agentId: targetAgentId, task: taskPrompt, description: taskDesc, startImmediately }) => {

package/src/lib/server/session-tools/index.ts

@@ -14,6 +14,7 @@ import { buildCrudTools } from './crud'
 import { buildSessionInfoTools } from './session-info'
 import { buildConnectorTools } from './connector'
 import { buildContextTools } from './context-mgmt'
+import { buildSandboxTools } from './sandbox'
 
 export type { ToolContext, SessionToolsResult }
 export { sweepOrphanedBrowsers, cleanupSessionBrowser, getActiveBrowserCount, hasActiveBrowser }
@@ -93,6 +94,7 @@ export async function buildSessionTools(cwd: string, enabledTools: string[], ctx
     ...buildSessionInfoTools(bctx),
     ...buildConnectorTools(bctx),
     ...buildContextTools(bctx),
+    ...buildSandboxTools(bctx),
   )
 
   // ---------------------------------------------------------------------------

package/src/lib/server/session-tools/sandbox.ts

@@ -0,0 +1,164 @@
+import { z } from 'zod'
+import { tool, type StructuredToolInterface } from '@langchain/core/tools'
+import fs from 'fs'
+import path from 'path'
+import { spawnSync } from 'child_process'
+import { UPLOAD_DIR } from '../storage'
+import { findBinaryOnPath, truncate, MAX_OUTPUT } from './context'
+import type { ToolBuildContext } from './context'
+
+function getDenoPath(): string | null {
+  return findBinaryOnPath('deno')
+}
+
+function getPythonPath(): string | null {
+  return findBinaryOnPath('python3') ?? findBinaryOnPath('python')
+}
+
+const EXT_MAP: Record<string, string> = {
+  javascript: 'js',
+  typescript: 'ts',
+  python: 'py',
+}
+
+export function buildSandboxTools(bctx: ToolBuildContext): StructuredToolInterface[] {
+  if (!bctx.hasTool('sandbox')) return []
+
+  const tools: StructuredToolInterface[] = []
+
+  tools.push(
+    tool(
+      async ({ language, code, timeoutSec }) => {
+        const timeout = Math.min(Math.max(timeoutSec ?? 60, 5), 300) * 1000
+        const ext = EXT_MAP[language]
+        const sessionId = bctx.ctx?.sessionId ?? 'unknown'
+        const sandboxDir = path.join('/tmp', `swarmclaw-sandbox-${sessionId}-${Date.now()}`)
+
+        // Check runtime availability
+        if ((language === 'javascript' || language === 'typescript') && !getDenoPath()) {
+          return JSON.stringify({ error: 'Deno is not installed. Install it with: curl -fsSL https://deno.land/install.sh | sh' })
+        }
+        if (language === 'python' && !getPythonPath()) {
+          return JSON.stringify({ error: 'Python is not installed. Install python3 to use Python sandbox.' })
+        }
+
+        try {
+          fs.mkdirSync(sandboxDir, { recursive: true })
+          const scriptFile = `script.${ext}`
+          const scriptPath = path.join(sandboxDir, scriptFile)
+          fs.writeFileSync(scriptPath, code, 'utf-8')
+
+          let result: ReturnType<typeof spawnSync>
+
+          if (language === 'javascript' || language === 'typescript') {
+            const denoPath = getDenoPath()!
+            result = spawnSync(denoPath, [
+              'run',
+              '--allow-read=.',
+              '--allow-write=.',
+              '--allow-net',
+              '--deny-env',
+              '--no-prompt',
+              scriptFile,
+            ], {
+              cwd: sandboxDir,
+              encoding: 'utf-8',
+              timeout,
+              maxBuffer: MAX_OUTPUT,
+            })
+          } else {
+            const pythonPath = getPythonPath()!
+            result = spawnSync(pythonPath, [scriptPath], {
+              cwd: sandboxDir,
+              encoding: 'utf-8',
+              timeout,
+              maxBuffer: MAX_OUTPUT,
+              env: { PATH: process.env.PATH || '/usr/bin:/bin' } as unknown as NodeJS.ProcessEnv,
+            })
+          }
+
+          const stdout = truncate((result.stdout || '').toString(), MAX_OUTPUT)
+          const stderr = truncate((result.stderr || '').toString(), MAX_OUTPUT)
+          const exitCode = result.status ?? (result.error ? 1 : 0)
+          const timedOut = result.error?.message?.includes('ETIMEDOUT') || result.signal === 'SIGTERM'
+
+          // Scan for created files (exclude the script itself)
+          const artifacts: { name: string; url: string }[] = []
+          try {
+            const files = fs.readdirSync(sandboxDir)
+            for (const file of files) {
+              if (file === scriptFile) continue
+              const src = path.join(sandboxDir, file)
+              const stat = fs.statSync(src)
+              if (!stat.isFile()) continue
+              // Copy to upload dir
+              fs.mkdirSync(UPLOAD_DIR, { recursive: true })
+              const destName = `sandbox-${Date.now()}-${file}`
+              const dest = path.join(UPLOAD_DIR, destName)
+              fs.copyFileSync(src, dest)
+              artifacts.push({
+                name: file,
+                url: `/api/uploads/${encodeURIComponent(destName)}`,
+              })
+            }
+          } catch {
+            // ignore scan errors
+          }
+
+          return JSON.stringify({
+            exitCode,
+            timedOut,
+            stdout,
+            stderr,
+            artifacts,
+          })
+        } catch (err: unknown) {
+          return JSON.stringify({ error: err instanceof Error ? err.message : String(err) })
+        } finally {
+          try { fs.rmSync(sandboxDir, { recursive: true, force: true }) } catch { /* ignore */ }
+        }
+      },
+      {
+        name: 'sandbox_exec',
+        description:
+          'Execute code in an isolated sandbox. JS/TS runs via Deno with network access but no env vars. Python runs with a stripped environment. ' +
+          'Files created in the sandbox directory are returned as downloadable artifact URLs. Use this for data processing, API calls, calculations, and file generation.',
+        schema: z.object({
+          language: z.enum(['javascript', 'typescript', 'python']).describe('Programming language to execute'),
+          code: z.string().describe('Source code to run'),
+          timeoutSec: z.number().optional().describe('Execution timeout in seconds (default 60, max 300)'),
+        }),
+      },
+    ),
+  )
+
+  tools.push(
+    tool(
+      async () => {
+        const denoPath = getDenoPath()
+        const pythonPath = getPythonPath()
+
+        const runtimes: Record<string, { available: boolean; path: string | null; version: string | null }> = {}
+
+        for (const [name, bin] of [['deno', denoPath], ['python', pythonPath]] as const) {
+          if (bin) {
+            const ver = spawnSync(bin, ['--version'], { encoding: 'utf-8', timeout: 3000 })
+            const version = (ver.stdout || '').split('\n')[0]?.trim() || null
+            runtimes[name] = { available: true, path: bin, version }
+          } else {
+            runtimes[name] = { available: false, path: null, version: null }
+          }
+        }
+
+        return JSON.stringify(runtimes)
+      },
+      {
+        name: 'sandbox_list_runtimes',
+        description: 'List available sandbox runtimes (Deno for JS/TS, Python) and their versions. Use this to check what languages are available before running code.',
+        schema: z.object({}),
+      },
+    ),
+  )
+
+  return tools
+}

package/src/lib/server/storage-mcp.test.ts

@@ -33,8 +33,15 @@ function loadMcpServers(): Record<string, any> {
 }
 
 function saveMcpServers(m: Record<string, any>) {
+  const existingRows = db.prepare(`SELECT id FROM ${TABLE}`).all() as { id: string }[]
+  const nextIds = new Set(Object.keys(m))
+  const toDelete = existingRows.map((r) => r.id).filter((id) => !nextIds.has(id))
   const upsert = db.prepare(`INSERT OR REPLACE INTO ${TABLE} (id, data) VALUES (?, ?)`)
+  const del = db.prepare(`DELETE FROM ${TABLE} WHERE id = ?`)
   const transaction = db.transaction(() => {
+    for (const id of toDelete) {
+      del.run(id)
+    }
     for (const [id, val] of Object.entries(m)) {
       upsert.run(id, JSON.stringify(val))
     }
@@ -75,8 +82,10 @@ describe('MCP server storage', () => {
   })
 
   it('loadMcpServers returns all saved configs', () => {
-    // srv-1 already exists from previous test
-    saveMcpServers({ 'srv-2': { id: 'srv-2', name: 'Second' } })
+    saveMcpServers({
+      'srv-1': { id: 'srv-1', name: 'First' },
+      'srv-2': { id: 'srv-2', name: 'Second' },
+    })
 
     const all = loadMcpServers()
     assert.ok('srv-1' in all)
@@ -102,6 +111,20 @@ describe('MCP server storage', () => {
     assert.equal(count, 1)
   })
 
+  it('saveMcpServers removes records omitted from the next save payload', () => {
+    saveMcpServers({
+      'srv-a': { id: 'srv-a', name: 'A' },
+      'srv-b': { id: 'srv-b', name: 'B' },
+    })
+    saveMcpServers({
+      'srv-b': { id: 'srv-b', name: 'B2' },
+    })
+
+    const all = loadMcpServers()
+    assert.equal('srv-a' in all, false)
+    assert.equal(all['srv-b'].name, 'B2')
+  })
+
   it('deleteMcpServer removes the record', () => {
     saveMcpServers({ 'srv-d': { id: 'srv-d', name: 'ToDelete' } })
     deleteMcpServer('srv-d')

package/src/lib/server/storage.ts

@@ -4,11 +4,11 @@ import crypto from 'crypto'
 import os from 'os'
 import Database from 'better-sqlite3'
 
-import { DATA_DIR } from './data-dir'
-export const UPLOAD_DIR = path.join(os.tmpdir(), 'swarmclaw-uploads')
+import { DATA_DIR, WORKSPACE_DIR } from './data-dir'
+export const UPLOAD_DIR = path.join(DATA_DIR, 'uploads')
 
 // Ensure directories exist
-for (const dir of [DATA_DIR, UPLOAD_DIR]) {
+for (const dir of [DATA_DIR, UPLOAD_DIR, WORKSPACE_DIR]) {
   if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true })
 }
 
@@ -65,8 +65,8 @@ function readCollectionRaw(table: string): Map<string, string> {
 }
 
 function getCollectionRawCache(table: string): Map<string, string> {
-  const cached = collectionCache.get(table)
-  if (cached) return cached
+  // Always reload from SQLite so concurrent Next.js workers/processes
+  // observe each other's writes immediately.
   const loaded = readCollectionRaw(table)
   collectionCache.set(table, loaded)
   return loaded
@@ -87,26 +87,43 @@ function loadCollection(table: string): Record<string, any> {
 
 function saveCollection(table: string, data: Record<string, any>) {
   const current = getCollectionRawCache(table)
+  const next = new Map<string, string>()
   const toUpsert: Array<[string, string]> = []
+  const toDelete: string[] = []
 
   for (const [id, val] of Object.entries(data)) {
     const serialized = JSON.stringify(val)
     if (typeof serialized !== 'string') continue
+    next.set(id, serialized)
     if (current.get(id) !== serialized) {
       toUpsert.push([id, serialized])
     }
-    current.set(id, serialized)
   }
 
-  if (!toUpsert.length) return
+  for (const id of current.keys()) {
+    if (!next.has(id)) toDelete.push(id)
+  }
+
+  if (!toUpsert.length && !toDelete.length) return
 
   const transaction = db.transaction(() => {
+    if (toDelete.length) {
+      const del = db.prepare(`DELETE FROM ${table} WHERE id = ?`)
+      for (const id of toDelete) del.run(id)
+    }
     const upsert = db.prepare(`INSERT OR REPLACE INTO ${table} (id, data) VALUES (?, ?)`)
     for (const [id, serialized] of toUpsert) {
       upsert.run(id, serialized)
     }
   })
   transaction()
+
+  for (const id of toDelete) {
+    current.delete(id)
+  }
+  for (const [id, serialized] of next.entries()) {
+    current.set(id, serialized)
+  }
 }
 
 function deleteCollectionItem(table: string, id: string) {

package/src/lib/server/stream-agent-chat.ts

@@ -15,6 +15,7 @@ interface StreamAgentChatOpts {
   session: Session
   message: string
   imagePath?: string
+  attachedFiles?: string[]
   apiKey: string | null
   systemPrompt?: string
   write: (data: string) => void
@@ -38,6 +39,7 @@ function buildToolCapabilityLines(enabledTools: string[]): string[] {
   if (enabledTools.includes('codex_cli')) lines.push('- Codex delegation is available (`delegate_to_codex_cli`) for deep coding/refactor tasks. Resume IDs may be returned via `[delegate_meta]`.')
   if (enabledTools.includes('opencode_cli')) lines.push('- OpenCode delegation is available (`delegate_to_opencode_cli`) for deep coding/refactor tasks. Resume IDs may be returned via `[delegate_meta]`.')
   if (enabledTools.includes('memory')) lines.push('- Long-term memory is available (`memory_tool`) to store and recall durable context.')
+  if (enabledTools.includes('sandbox')) lines.push('- Sandboxed code execution is available (`sandbox_exec`). Write and run JS/TS (Deno) or Python scripts in an isolated environment. Output includes stdout, stderr, and any files created as downloadable artifacts.')
   if (enabledTools.includes('manage_agents')) lines.push('- Agent management is available (`manage_agents`) to create or adjust specialist agents.')
   if (enabledTools.includes('manage_tasks')) lines.push('- Task management is available (`manage_tasks`) to create and track execution plans.')
   if (enabledTools.includes('manage_schedules')) lines.push('- Schedule management is available (`manage_schedules`) for recurring/ongoing runs.')
@@ -162,7 +164,7 @@ export interface StreamAgentChatResult {
 }
 
 export async function streamAgentChat(opts: StreamAgentChatOpts): Promise<StreamAgentChatResult> {
-  const { session, message, imagePath, apiKey, systemPrompt, write, history, fallbackCredentialIds, signal } = opts
+  const { session, message, imagePath, attachedFiles, apiKey, systemPrompt, write, history, fallbackCredentialIds, signal } = opts
 
   // fallbackCredentialIds is intentionally accepted for compatibility with caller signatures.
   void fallbackCredentialIds
@@ -310,7 +312,6 @@ export async function streamAgentChat(opts: StreamAgentChatOpts): Promise<Stream
     const allToolIds = [
       'shell', 'files', 'edit_file', 'process', 'web_search', 'web_fetch', 'browser', 'memory',
       'claude_code', 'codex_cli', 'opencode_cli',
-      'orchestrator',
       'manage_agents', 'manage_tasks', 'manage_schedules', 'manage_skills',
       'manage_documents', 'manage_webhooks', 'manage_connectors', 'manage_sessions', 'manage_secrets',
     ]
@@ -318,13 +319,9 @@ export async function streamAgentChat(opts: StreamAgentChatOpts): Promise<Stream
     const mcpDisabled = agentMcpDisabledTools ?? []
     const allDisabled = [...disabled, ...mcpDisabled]
     if (allDisabled.length > 0) {
-      const delegateNote = disabled.includes('orchestrator')
-        ? '\n\nIMPORTANT: The `delegate_to_agent` tool requires the `orchestrator` capability to be enabled. You must request access to `orchestrator` before you can delegate work to other agents.'
-        : ''
       stateModifierParts.push(
         `## Disabled Tools\nThe following tools exist but are not enabled for you: ${allDisabled.join(', ')}.\n` +
-        'If you need one of these to complete a task, use the `request_tool_access` tool to ask the user for permission.' +
-        delegateNote,
+        'If you need one of these to complete a task, use the `request_tool_access` tool to ask the user for permission.',
       )
     }
   }
@@ -354,25 +351,82 @@ export async function streamAgentChat(opts: StreamAgentChatOpts): Promise<Stream
   const IMAGE_EXTS = /\.(png|jpg|jpeg|gif|webp|bmp)$/i
   const TEXT_EXTS = /\.(txt|md|csv|json|xml|html|js|ts|tsx|jsx|py|go|rs|java|c|cpp|h|yml|yaml|toml|env|log|sh|sql|css|scss)$/i
 
-  function buildLangChainContent(text: string, filePath?: string): any {
-    if (!filePath || !fs.existsSync(filePath)) return text
+  async function buildContentForFile(filePath: string): Promise<{ type: string; [k: string]: any } | string | null> {
+    if (!fs.existsSync(filePath)) {
+      console.log(`[stream-agent-chat] FILE NOT FOUND: ${filePath}`)
+      return null
+    }
+    const name = filePath.split('/').pop() || 'file'
     if (IMAGE_EXTS.test(filePath)) {
-      const data = fs.readFileSync(filePath).toString('base64')
+      const buf = fs.readFileSync(filePath)
+      if (buf.length === 0) {
+        console.warn(`[stream-agent-chat] Image file is empty: ${filePath}`)
+        return `[Attached image: ${name} — file is empty]`
+      }
+      const data = buf.toString('base64')
       const ext = filePath.split('.').pop()?.toLowerCase() || 'png'
-      const mimeType = ext === 'jpg' ? 'image/jpeg' : `image/${ext}`
-      return [
-        { type: 'image_url', image_url: { url: `data:${mimeType};base64,${data}` } },
-        { type: 'text', text },
-      ]
+      // Detect actual MIME from magic bytes (fall back to extension-based)
+      let mimeType = ext === 'jpg' ? 'image/jpeg' : `image/${ext}`
+      if (buf[0] === 0xFF && buf[1] === 0xD8) mimeType = 'image/jpeg'
+      else if (buf[0] === 0x89 && buf[1] === 0x50) mimeType = 'image/png'
+      else if (buf[0] === 0x47 && buf[1] === 0x49) mimeType = 'image/gif'
+      else if (buf[0] === 0x52 && buf[1] === 0x49) mimeType = 'image/webp'
+      return { type: 'image_url', image_url: { url: `data:${mimeType};base64,${data}`, detail: 'auto' } }
     }
-    if (TEXT_EXTS.test(filePath) || filePath.endsWith('.pdf')) {
+    if (filePath.endsWith('.pdf')) {
+      try {
+        // @ts-ignore — pdf-parse types
+        const pdfParse = (await import(/* webpackIgnore: true */ 'pdf-parse')).default
+        const buf = fs.readFileSync(filePath)
+        const result = await pdfParse(buf)
+        const pdfText = (result.text || '').trim()
+        if (!pdfText) return `[Attached PDF: ${name} — no extractable text]`
+        // Truncate very large PDFs to avoid token limits
+        const maxChars = 100_000
+        const truncated = pdfText.length > maxChars ? pdfText.slice(0, maxChars) + '\n\n[... truncated]' : pdfText
+        return `[Attached PDF: ${name} (${result.numpages} pages)]\n\n${truncated}`
+      } catch {
+        return `[Attached PDF: ${name} — could not extract text]`
+      }
+    }
+    if (TEXT_EXTS.test(filePath)) {
       try {
         const fileContent = fs.readFileSync(filePath, 'utf-8')
-        const name = filePath.split('/').pop() || 'file'
-        return `[Attached file: ${name}]\n\n${fileContent}\n\n${text}`
-      } catch { return text }
+        return `[Attached file: ${name}]\n\n${fileContent}`
+      } catch { return `[Attached file: ${name} — read error]` }
     }
-    return `[Attached file: ${filePath.split('/').pop()}]\n\n${text}`
+    return `[Attached file: ${name}]`
+  }
+
+  async function buildLangChainContent(text: string, filePath?: string, extraFiles?: string[]): Promise<any> {
+    const filePaths: string[] = []
+    if (filePath) filePaths.push(filePath)
+    if (extraFiles?.length) {
+      for (const f of extraFiles) {
+        if (f && !filePaths.includes(f)) filePaths.push(f)
+      }
+    }
+    if (!filePaths.length) return text
+
+    const parts: any[] = []
+    const textParts: string[] = []
+    for (const fp of filePaths) {
+      const content = await buildContentForFile(fp)
+      if (!content) continue
+      if (typeof content === 'string') {
+        textParts.push(content)
+      } else {
+        parts.push(content)
+      }
+    }
+
+    const combinedText = textParts.length
+      ? `${textParts.join('\n\n')}\n\n${text}`
+      : text
+
+    if (parts.length === 0) return combinedText
+    parts.push({ type: 'text', text: combinedText })
+    return parts
   }
 
   // Auto-compaction: prune old history if approaching context window limit
@@ -397,14 +451,15 @@ export async function streamAgentChat(opts: StreamAgentChatOpts): Promise<Stream
   const langchainMessages: Array<HumanMessage | AIMessage> = []
   for (const m of effectiveHistory.slice(-20)) {
     if (m.role === 'user') {
-      langchainMessages.push(new HumanMessage({ content: buildLangChainContent(m.text, m.imagePath) }))
+      langchainMessages.push(new HumanMessage({ content: await buildLangChainContent(m.text, m.imagePath, m.attachedFiles) }))
     } else {
       langchainMessages.push(new AIMessage({ content: m.text }))
     }
   }
 
   // Add current message
-  langchainMessages.push(new HumanMessage({ content: buildLangChainContent(message, imagePath) }))
+  const currentContent = await buildLangChainContent(message, imagePath, attachedFiles)
+  langchainMessages.push(new HumanMessage({ content: currentContent }))
 
   let fullText = ''
   let lastSegment = ''

package/src/lib/server/task-validation.test.ts

@@ -25,3 +25,26 @@ test('validateTaskCompletion accepts screenshot delivery tasks with upload artif
 
   assert.equal(validation.ok, true)
 })
+
+test('validateTaskCompletion accepts concise non-implementation result summaries', () => {
+  const validation = validateTaskCompletion({
+    title: 'Answer greeting',
+    description: 'Respond to a basic hello prompt.',
+    result: 'Hello! How can I help you today?',
+    error: null,
+  } as Partial<BoardTask>)
+
+  assert.equal(validation.ok, true)
+})
+
+test('validateTaskCompletion still enforces stricter minimum for implementation tasks', () => {
+  const validation = validateTaskCompletion({
+    title: 'Fix retry bug',
+    description: 'Implement queue retry fixes and verify.',
+    result: 'Patched queue retry bug.',
+    error: null,
+  } as Partial<BoardTask>)
+
+  assert.equal(validation.ok, false)
+  assert.ok(validation.reasons.some((reason) => reason.includes('Result summary is too short')))
+})

package/src/lib/server/task-validation.ts

@@ -11,7 +11,8 @@ interface TaskCompletionValidationOptions {
   report?: TaskReportArtifact | null
 }
 
-const MIN_RESULT_CHARS = 40
+const MIN_RESULT_CHARS_IMPLEMENTATION = 40
+const MIN_RESULT_CHARS_GENERIC = 20
 
 const WEAK_RESULT_PATTERNS: RegExp[] = [
   /what can i help you with/i,
@@ -45,12 +46,14 @@ export function validateTaskCompletion(
   const result = normalizeText(task.result)
   const error = normalizeText(task.error)
   const report = options.report || null
+  const implementationTask = IMPLEMENTATION_HINT.test(title) || IMPLEMENTATION_HINT.test(description)
 
   if (error) reasons.push('Task has a non-empty error field.')
 
   if (!result) reasons.push('Result summary is empty.')
   else {
-    if (result.length < MIN_RESULT_CHARS) reasons.push(`Result summary is too short (${result.length} chars).`)
+    const minChars = implementationTask ? MIN_RESULT_CHARS_IMPLEMENTATION : MIN_RESULT_CHARS_GENERIC
+    if (result.length < minChars) reasons.push(`Result summary is too short (${result.length} chars; min ${minChars}).`)
     if (WEAK_RESULT_PATTERNS.some((rx) => rx.test(result))) {
       reasons.push('Result contains placeholder/planning language instead of completion evidence.')
     }
@@ -58,7 +61,6 @@ export function validateTaskCompletion(
 
   // If task description/title suggests implementation work, require concrete evidence in
   // the result summary OR task report.
-  const implementationTask = IMPLEMENTATION_HINT.test(title) || IMPLEMENTATION_HINT.test(description)
   const hasResultEvidence = EXECUTION_EVIDENCE.test(result)
   const hasReportEvidence = report?.evidence.hasEvidence === true
   if (implementationTask && !hasResultEvidence && !hasReportEvidence) {

package/src/lib/server/ws-hub.ts

@@ -0,0 +1,85 @@
+import { WebSocketServer, WebSocket } from 'ws'
+import type { IncomingMessage } from 'http'
+import { validateAccessKey } from './storage'
+
+interface WsClient {
+  ws: WebSocket
+  topics: Set<string>
+}
+
+interface WsHub {
+  wss: WebSocketServer
+  clients: Set<WsClient>
+}
+
+const GK = '__swarmclaw_ws__' as const
+
+function getHub(): WsHub | null {
+  return (globalThis as any)[GK] ?? null
+}
+
+export function initWsServer() {
+  if (getHub()) return
+
+  const port = Number(process.env.WS_PORT) || (Number(process.env.PORT) || 3456) + 1
+  const wss = new WebSocketServer({ port, path: '/ws' })
+  const clients = new Set<WsClient>()
+
+  const hub: WsHub = { wss, clients }
+  ;(globalThis as any)[GK] = hub
+
+  wss.on('connection', (ws: WebSocket, req: IncomingMessage) => {
+    // Auth: validate ?key= from upgrade URL
+    const url = new URL(req.url || '/', `http://${req.headers.host || 'localhost'}`)
+    const key = url.searchParams.get('key') || ''
+    if (!validateAccessKey(key)) {
+      ws.close(4001, 'Unauthorized')
+      return
+    }
+
+    const client: WsClient = { ws, topics: new Set() }
+    clients.add(client)
+
+    ws.on('message', (raw) => {
+      try {
+        const msg = JSON.parse(String(raw))
+        if (msg.type === 'subscribe' && Array.isArray(msg.topics)) {
+          for (const t of msg.topics) {
+            if (typeof t === 'string') client.topics.add(t)
+          }
+        } else if (msg.type === 'unsubscribe' && Array.isArray(msg.topics)) {
+          for (const t of msg.topics) client.topics.delete(t)
+        }
+      } catch {
+        // ignore malformed messages
+      }
+    })
+
+    ws.on('close', () => {
+      clients.delete(client)
+    })
+
+    ws.on('error', () => {
+      clients.delete(client)
+    })
+  })
+
+  wss.on('error', (err) => {
+    console.error('[ws-hub] WebSocket server error:', err.message)
+  })
+
+  console.log(`[ws-hub] WebSocket server listening on port ${port}`)
+}
+
+export function notify(topic: string, action = 'update', id?: string) {
+  const hub = getHub()
+  if (!hub) return
+
+  const payload = JSON.stringify(id ? { topic, action, id } : { topic, action })
+
+  for (const client of hub.clients) {
+    if (client.topics.has(topic) && client.ws.readyState === WebSocket.OPEN) {
+      client.ws.send(payload)
+    }
+  }
+}

package/src/lib/tool-definitions.ts

@@ -0,0 +1,42 @@
+export interface ToolDefinition {
+  id: string
+  label: string
+  description: string
+}
+
+export const AVAILABLE_TOOLS: ToolDefinition[] = [
+  { id: 'shell', label: 'Shell', description: 'Execute commands in the working directory' },
+  { id: 'files', label: 'Files', description: 'Read, write, list, move, copy, and send files' },
+  { id: 'copy_file', label: 'Copy File', description: 'Copy files within the working directory' },
+  { id: 'move_file', label: 'Move File', description: 'Move/rename files within the working directory' },
+  { id: 'delete_file', label: 'Delete File', description: 'Delete files/directories (disabled by default)' },
+  { id: 'edit_file', label: 'Edit File', description: 'Search-and-replace editing within files' },
+  { id: 'process', label: 'Process', description: 'Monitor and control long-running shell commands' },
+  { id: 'web_search', label: 'Web Search', description: 'Search the web via DuckDuckGo' },
+  { id: 'web_fetch', label: 'Web Fetch', description: 'Fetch and extract text from URLs' },
+  { id: 'claude_code', label: 'Claude Code', description: 'Delegate complex tasks to Claude Code CLI' },
+  { id: 'codex_cli', label: 'Codex CLI', description: 'Delegate complex tasks to OpenAI Codex CLI' },
+  { id: 'opencode_cli', label: 'OpenCode CLI', description: 'Delegate complex tasks to OpenCode CLI' },
+  { id: 'browser', label: 'Browser', description: 'Playwright — browse, scrape, interact with web pages' },
+  { id: 'memory', label: 'Memory', description: 'Store and retrieve long-term memories across sessions' },
+  { id: 'sandbox', label: 'Sandbox', description: 'Run JS/TS/Python code in an isolated Deno sandbox' },
+]
+
+export const PLATFORM_TOOLS: ToolDefinition[] = [
+  { id: 'manage_agents', label: 'Agents', description: 'Create, edit, and delete agents' },
+  { id: 'manage_tasks', label: 'Tasks', description: 'Create, edit, and delete tasks' },
+  { id: 'manage_schedules', label: 'Schedules', description: 'Create, edit, and delete schedules' },
+  { id: 'manage_skills', label: 'Skills', description: 'Create, edit, and delete skills' },
+  { id: 'manage_documents', label: 'Documents', description: 'Upload, search, and delete indexed documents' },
+  { id: 'manage_webhooks', label: 'Webhooks', description: 'Register webhooks that trigger agent sessions' },
+  { id: 'manage_connectors', label: 'Connectors', description: 'Create, edit, and delete connectors' },
+  { id: 'manage_sessions', label: 'Sessions', description: 'List sessions, send messages, and spawn session work' },
+  { id: 'manage_secrets', label: 'Secrets', description: 'Store and retrieve encrypted service secrets' },
+]
+
+export const ALL_TOOLS: ToolDefinition[] = [...AVAILABLE_TOOLS, ...PLATFORM_TOOLS]
+
+/** Flat id→label lookup for display */
+export const TOOL_LABELS: Record<string, string> = Object.fromEntries(
+  ALL_TOOLS.map((t) => [t.id, t.label]),
+)