@swarmclawai/swarmclaw 0.4.0 → 0.4.5

package/src/app/api/skills/[id]/route.ts

@@ -1,40 +1,42 @@
 import { NextResponse } from 'next/server'
 import { loadSkills, saveSkills, deleteSkill } from '@/lib/server/storage'
 import { normalizeSkillPayload } from '@/lib/server/skills-normalize'
+import { mutateItem, deleteItem, notFound, type CollectionOps } from '@/lib/server/collection-helpers'
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const ops: CollectionOps<any> = { load: loadSkills, save: saveSkills, deleteFn: deleteSkill }
 
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const skills = loadSkills()
-  if (!skills[id]) return new NextResponse(null, { status: 404 })
+  if (!skills[id]) return notFound()
   return NextResponse.json(skills[id])
 }
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const body = await req.json()
-  const skills = loadSkills()
-  if (!skills[id]) return new NextResponse(null, { status: 404 })
-  const normalized = normalizeSkillPayload({ ...skills[id], ...body })
-  skills[id] = {
-    ...skills[id],
-    ...body,
-    name: normalized.name,
-    filename: normalized.filename,
-    description: normalized.description,
-    content: normalized.content,
-    sourceUrl: normalized.sourceUrl,
-    sourceFormat: normalized.sourceFormat,
-    id,
-    updatedAt: Date.now(),
-  }
-  saveSkills(skills)
-  return NextResponse.json(skills[id])
+  const result = mutateItem(ops, id, (skill) => {
+    const normalized = normalizeSkillPayload({ ...skill, ...body })
+    return {
+      ...skill,
+      ...body,
+      name: normalized.name,
+      filename: normalized.filename,
+      description: normalized.description,
+      content: normalized.content,
+      sourceUrl: normalized.sourceUrl,
+      sourceFormat: normalized.sourceFormat,
+      id,
+      updatedAt: Date.now(),
+    }
+  })
+  if (!result) return notFound()
+  return NextResponse.json(result)
 }
 
 export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const skills = loadSkills()
-  if (!skills[id]) return new NextResponse(null, { status: 404 })
-  deleteSkill(id)
+  if (!deleteItem(ops, id)) return notFound()
   return NextResponse.json({ deleted: id })
 }

package/src/app/api/skills/import/route.ts

@@ -1,4 +1,4 @@
-import crypto from 'crypto'
+import { genId } from '@/lib/id'
 import { NextResponse } from 'next/server'
 import { loadSkills, saveSkills } from '@/lib/server/storage'
 import { normalizeSkillPayload } from '@/lib/server/skills-normalize'
@@ -47,7 +47,7 @@ export async function POST(req: Request) {
     })
 
     const skills = loadSkills()
-    const id = crypto.randomBytes(4).toString('hex')
+    const id = genId()
     skills[id] = {
       id,
       name: normalized.name,

package/src/app/api/skills/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import crypto from 'crypto'
+import { genId } from '@/lib/id'
 import { loadSkills, saveSkills } from '@/lib/server/storage'
 import { normalizeSkillPayload } from '@/lib/server/skills-normalize'
 export const dynamic = 'force-dynamic'
@@ -12,7 +12,7 @@ export async function GET(_req: Request) {
 export async function POST(req: Request) {
   const body = await req.json()
   const skills = loadSkills()
-  const id = crypto.randomBytes(4).toString('hex')
+  const id = genId()
   const normalized = normalizeSkillPayload(body)
   skills[id] = {
     id,

package/src/app/api/tasks/[id]/approve/route.ts

@@ -1,5 +1,6 @@
 import { NextResponse } from 'next/server'
 import { loadTasks, saveTasks, loadAgents } from '@/lib/server/storage'
+import { notFound } from '@/lib/server/collection-helpers'
 import { notify } from '@/lib/server/ws-hub'
 import { getCheckpointSaver } from '@/lib/server/langgraph-checkpoint'
 
@@ -10,7 +11,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
 
   const tasks = loadTasks()
   const task = tasks[id]
-  if (!task) return new NextResponse(null, { status: 404 })
+  if (!task) return notFound()
   if (!task.pendingApproval) {
     return NextResponse.json({ error: 'No pending approval on this task' }, { status: 400 })
   }

package/src/app/api/tasks/[id]/route.ts

@@ -1,6 +1,7 @@
-import crypto from 'crypto'
+import { genId } from '@/lib/id'
 import { NextResponse } from 'next/server'
 import { loadTasks, saveTasks } from '@/lib/server/storage'
+import { notFound } from '@/lib/server/collection-helpers'
 import { disableSessionHeartbeat, enqueueTask, validateCompletedTasksQueue } from '@/lib/server/queue'
 import { ensureTaskCompletionReport } from '@/lib/server/task-reports'
 import { formatValidationFailure, validateTaskCompletion } from '@/lib/server/task-validation'
@@ -13,7 +14,7 @@ export async function GET(_req: Request, { params }: { params: Promise<{ id: str
 
   const { id } = await params
   const tasks = loadTasks()
-  if (!tasks[id]) return new NextResponse(null, { status: 404 })
+  if (!tasks[id]) return notFound()
   return NextResponse.json(tasks[id])
 }
 
@@ -21,7 +22,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   const { id } = await params
   const body = await req.json()
   const tasks = loadTasks()
-  if (!tasks[id]) return new NextResponse(null, { status: 404 })
+  if (!tasks[id]) return notFound()
 
   const prevStatus = tasks[id].status
 
@@ -55,7 +56,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
       tasks[id].error = formatValidationFailure(validation.reasons).slice(0, 500)
       if (!tasks[id].comments) tasks[id].comments = []
       tasks[id].comments.push({
-        id: crypto.randomBytes(4).toString('hex'),
+        id: genId(),
         author: 'System',
         text: `Completion validation failed.\n\n${validation.reasons.map((r) => `- ${r}`).join('\n')}`,
         createdAt: Date.now(),
@@ -88,7 +89,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
 export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const tasks = loadTasks()
-  if (!tasks[id]) return new NextResponse(null, { status: 404 })
+  if (!tasks[id]) return notFound()
 
   // Soft delete: move to archived status instead of hard delete
   tasks[id].status = 'archived'

package/src/app/api/tasks/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import crypto from 'crypto'
+import { genId } from '@/lib/id'
 import { loadTasks, saveTasks, loadSettings } from '@/lib/server/storage'
 import { enqueueTask, validateCompletedTasksQueue } from '@/lib/server/queue'
 import { ensureTaskCompletionReport } from '@/lib/server/task-reports'
@@ -54,7 +54,7 @@ export async function DELETE(req: Request) {
 
 export async function POST(req: Request) {
   const body = await req.json()
-  const id = crypto.randomBytes(4).toString('hex')
+  const id = genId()
   const now = Date.now()
   const tasks = loadTasks()
   const settings = loadSettings()

package/src/app/api/tts/stream/route.ts

@@ -0,0 +1,48 @@
+import { loadSettings } from '@/lib/server/storage'
+
+export async function POST(req: Request) {
+  const settings = loadSettings()
+  const ELEVENLABS_KEY = settings.elevenLabsApiKey || process.env.ELEVENLABS_API_KEY
+  const ELEVENLABS_VOICE = settings.elevenLabsVoiceId || process.env.ELEVENLABS_VOICE || 'JBFqnCBsd6RMkjVDRZzb'
+
+  if (!ELEVENLABS_KEY) {
+    return new Response('No ElevenLabs API key. Set one in Settings > Voice.', { status: 500 })
+  }
+
+  const { text } = await req.json()
+  if (!text?.trim()) {
+    return new Response('No text provided', { status: 400 })
+  }
+
+  const apiRes = await fetch(
+    `https://api.elevenlabs.io/v1/text-to-speech/${ELEVENLABS_VOICE}/stream`,
+    {
+      method: 'POST',
+      headers: {
+        'xi-api-key': ELEVENLABS_KEY,
+        'Content-Type': 'application/json',
+        'Accept': 'audio/mpeg',
+      },
+      body: JSON.stringify({
+        text: text.slice(0, 2000),
+        model_id: 'eleven_multilingual_v2',
+        voice_settings: { stability: 0.5, similarity_boost: 0.75 },
+        output_format: 'mp3_22050_32',
+      }),
+    },
+  )
+
+  if (!apiRes.ok) {
+    const err = await apiRes.text()
+    return new Response(err, { status: apiRes.status })
+  }
+
+  // Pipe the streaming response directly
+  return new Response(apiRes.body, {
+    headers: {
+      'Content-Type': 'audio/mpeg',
+      'Transfer-Encoding': 'chunked',
+      'Cache-Control': 'no-cache',
+    },
+  })
+}

package/src/app/api/upload/route.ts

@@ -1,13 +1,13 @@
 import { NextResponse } from 'next/server'
 import fs from 'fs'
 import path from 'path'
-import crypto from 'crypto'
+import { genId } from '@/lib/id'
 import { UPLOAD_DIR } from '@/lib/server/storage'
 
 export async function POST(req: Request) {
   const filename = req.headers.get('x-filename') || 'image.png'
   const buf = Buffer.from(await req.arrayBuffer())
-  const name = crypto.randomBytes(4).toString('hex') + '-' + filename.replace(/[^a-zA-Z0-9._-]/g, '_')
+  const name = genId() + '-' + filename.replace(/[^a-zA-Z0-9._-]/g, '_')
   const filePath = path.join(UPLOAD_DIR, name)
 
   if (!fs.existsSync(UPLOAD_DIR)) fs.mkdirSync(UPLOAD_DIR, { recursive: true })

package/src/app/api/uploads/[filename]/route.ts

@@ -1,4 +1,5 @@
 import { NextResponse } from 'next/server'
+import { notFound } from '@/lib/server/collection-helpers'
 import fs from 'fs'
 import path from 'path'
 import { UPLOAD_DIR } from '@/lib/server/storage'
@@ -43,16 +44,18 @@ export async function GET(_req: Request, { params }: { params: Promise<{ filenam
   const filePath = path.join(UPLOAD_DIR, safeName)
 
   if (!fs.existsSync(filePath)) {
-    return new NextResponse(null, { status: 404 })
+    return notFound()
   }
 
   const ext = path.extname(safeName).toLowerCase()
   const contentType = MIME_TYPES[ext] || 'application/octet-stream'
   const data = fs.readFileSync(filePath)
 
+  const inline = contentType.startsWith('image/') || contentType.startsWith('video/') || contentType.startsWith('text/') || contentType === 'application/pdf'
   return new NextResponse(data, {
     headers: {
       'Content-Type': contentType,
+      'Content-Disposition': inline ? 'inline' : `attachment; filename="${path.basename(safeName)}"`,
       'Cache-Control': 'public, max-age=86400',
     },
   })

package/src/app/api/webhooks/[id]/route.ts

@@ -1,8 +1,12 @@
-import crypto from 'crypto'
+import { genId } from '@/lib/id'
 import { NextResponse } from 'next/server'
 import { loadAgents, loadSessions, loadWebhooks, saveSessions, saveWebhooks, appendWebhookLog } from '@/lib/server/storage'
 import { WORKSPACE_DIR } from '@/lib/server/data-dir'
 import { enqueueSessionRun } from '@/lib/server/session-run-manager'
+import { mutateItem, deleteItem, notFound, type CollectionOps } from '@/lib/server/collection-helpers'
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const ops: CollectionOps<any> = { load: loadWebhooks, save: saveWebhooks }
 
 function normalizeEvents(value: unknown): string[] {
   if (!Array.isArray(value)) return []
@@ -22,36 +26,30 @@ export async function GET(_req: Request, { params }: { params: Promise<{ id: str
   const { id } = await params
   const webhooks = loadWebhooks()
   const webhook = webhooks[id]
-  if (!webhook) return NextResponse.json({ error: 'Webhook not found' }, { status: 404 })
+  if (!webhook) return notFound('Webhook not found')
   return NextResponse.json(webhook)
 }
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const body = await req.json().catch(() => ({}))
-  const webhooks = loadWebhooks()
-  const webhook = webhooks[id]
-  if (!webhook) return NextResponse.json({ error: 'Webhook not found' }, { status: 404 })
-
-  if (body.name !== undefined) webhook.name = body.name
-  if (body.source !== undefined) webhook.source = body.source
-  if (body.events !== undefined) webhook.events = normalizeEvents(body.events)
-  if (body.agentId !== undefined) webhook.agentId = body.agentId
-  if (body.secret !== undefined) webhook.secret = body.secret
-  if (body.isEnabled !== undefined) webhook.isEnabled = !!body.isEnabled
-  webhook.updatedAt = Date.now()
-
-  webhooks[id] = webhook
-  saveWebhooks(webhooks)
-  return NextResponse.json(webhook)
+  const result = mutateItem(ops, id, (webhook) => {
+    if (body.name !== undefined) webhook.name = body.name
+    if (body.source !== undefined) webhook.source = body.source
+    if (body.events !== undefined) webhook.events = normalizeEvents(body.events)
+    if (body.agentId !== undefined) webhook.agentId = body.agentId
+    if (body.secret !== undefined) webhook.secret = body.secret
+    if (body.isEnabled !== undefined) webhook.isEnabled = !!body.isEnabled
+    webhook.updatedAt = Date.now()
+    return webhook
+  })
+  if (!result) return notFound('Webhook not found')
+  return NextResponse.json(result)
 }
 
 export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const webhooks = loadWebhooks()
-  if (!webhooks[id]) return NextResponse.json({ error: 'Webhook not found' }, { status: 404 })
-  delete webhooks[id]
-  saveWebhooks(webhooks)
+  if (!deleteItem(ops, id)) return notFound('Webhook not found')
   return NextResponse.json({ ok: true })
 }
 
@@ -59,10 +57,10 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   const { id } = await params
   const webhooks = loadWebhooks()
   const webhook = webhooks[id]
-  if (!webhook) return NextResponse.json({ error: 'Webhook not found' }, { status: 404 })
+  if (!webhook) return notFound('Webhook not found')
   if (webhook.isEnabled === false) {
-    appendWebhookLog(crypto.randomBytes(8).toString('hex'), {
-      id: crypto.randomBytes(8).toString('hex'), webhookId: id, event: 'unknown',
+    appendWebhookLog(genId(8), {
+      id: genId(8), webhookId: id, event: 'unknown',
       payload: '', status: 'error', error: 'Webhook is disabled', timestamp: Date.now(),
     })
     return NextResponse.json({ error: 'Webhook is disabled' }, { status: 409 })
@@ -73,8 +71,8 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
     const url = new URL(req.url)
     const provided = req.headers.get('x-webhook-secret') || url.searchParams.get('secret') || ''
     if (provided !== secret) {
-      appendWebhookLog(crypto.randomBytes(8).toString('hex'), {
-        id: crypto.randomBytes(8).toString('hex'), webhookId: id, event: 'unknown',
+      appendWebhookLog(genId(8), {
+        id: genId(8), webhookId: id, event: 'unknown',
         payload: '', status: 'error', error: 'Invalid webhook secret', timestamp: Date.now(),
       })
       return NextResponse.json({ error: 'Invalid webhook secret' }, { status: 401 })
@@ -122,8 +120,8 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   const agents = loadAgents()
   const agent = webhook.agentId ? agents[webhook.agentId] : null
   if (!agent) {
-    appendWebhookLog(crypto.randomBytes(8).toString('hex'), {
-      id: crypto.randomBytes(8).toString('hex'), webhookId: id, event: incomingEvent,
+    appendWebhookLog(genId(8), {
+      id: genId(8), webhookId: id, event: incomingEvent,
       payload: (rawBody || '').slice(0, 2000), status: 'error', error: 'Webhook agent is not configured or missing', timestamp: Date.now(),
     })
     return NextResponse.json({ error: 'Webhook agent is not configured or missing' }, { status: 400 })
@@ -133,7 +131,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   const sessionName = `webhook:${id}`
   let session = Object.values(sessions).find((s: any) => s.name === sessionName && s.agentId === agent.id) as any
   if (!session) {
-    const sessionId = crypto.randomBytes(4).toString('hex')
+    const sessionId = genId()
     const now = Date.now()
     session = {
       id: sessionId,
@@ -189,8 +187,8 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
     mode: 'followup',
   })
 
-  appendWebhookLog(crypto.randomBytes(8).toString('hex'), {
-    id: crypto.randomBytes(8).toString('hex'), webhookId: id, event: incomingEvent,
+  appendWebhookLog(genId(8), {
+    id: genId(8), webhookId: id, event: incomingEvent,
     payload: (rawBody || '').slice(0, 2000), status: 'success',
     sessionId: session.id, runId: run.runId, timestamp: Date.now(),
   })

package/src/app/api/webhooks/route.ts

@@ -1,4 +1,4 @@
-import crypto from 'crypto'
+import { genId } from '@/lib/id'
 import { NextResponse } from 'next/server'
 import { loadWebhooks, saveWebhooks } from '@/lib/server/storage'
 export const dynamic = 'force-dynamic'
@@ -19,7 +19,7 @@ export async function GET(_req: Request) {
 export async function POST(req: Request) {
   const body = await req.json().catch(() => ({}))
   const webhooks = loadWebhooks()
-  const id = crypto.randomBytes(4).toString('hex')
+  const id = genId()
   const now = Date.now()
 
   webhooks[id] = {

package/src/app/page.tsx

@@ -10,6 +10,7 @@ import { AccessKeyGate } from '@/components/auth/access-key-gate'
 import { UserPicker } from '@/components/auth/user-picker'
 import { SetupWizard } from '@/components/auth/setup-wizard'
 import { AppLayout } from '@/components/layout/app-layout'
+import { useViewRouter } from '@/hooks/use-view-router'
 
 export default function Home() {
   const currentUser = useAppStore((s) => s.currentUser)
@@ -17,7 +18,6 @@ export default function Home() {
   const hydrated = useAppStore((s) => s._hydrated)
   const hydrate = useAppStore((s) => s.hydrate)
   const loadNetworkInfo = useAppStore((s) => s.loadNetworkInfo)
-  const sessions = useAppStore((s) => s.sessions)
   const loadSessions = useAppStore((s) => s.loadSessions)
   const loadSettings = useAppStore((s) => s.loadSettings)
 
@@ -107,29 +107,6 @@ export default function Home() {
     return () => { cancelled = true }
   }, [authenticated, currentUser])
 
-  // Keep __main__ session for backward compat — create if missing
-  useEffect(() => {
-    if (!authenticated || !currentUser) return
-    const sessionList = Object.values(sessions)
-    const mainSession = sessionList.find((s: any) => s.name === '__main__' && s.user === currentUser)
-    if (mainSession) return
-    let cancelled = false
-    ;(async () => {
-      try {
-        const mainId = `main-${currentUser}`
-        await api<any>('POST', '/sessions', {
-          id: mainId,
-          name: '__main__',
-          user: currentUser,
-          agentId: 'default',
-          heartbeatEnabled: true,
-        })
-        if (!cancelled) await loadSessions()
-      } catch { /* ignore */ }
-    })()
-    return () => { cancelled = true }
-  }, [authenticated, currentUser, sessions, loadSessions])
-
   // Check if first-run setup is needed
   useEffect(() => {
     if (!authenticated || !currentUser) return
@@ -169,6 +146,8 @@ export default function Home() {
     return () => window.removeEventListener('sc_auth_required', handler)
   }, [])
 
+  useViewRouter()
+
   if (!hydrated || !authChecked) return null
   if (!authenticated) return <AccessKeyGate onAuthenticated={() => setAuthenticated(true)} />
   if (!currentUser) return <UserPicker />

package/src/cli/index.js

@@ -55,6 +55,7 @@ const COMMAND_GROUPS = [
       cmd('create', 'POST', '/connectors', 'Create connector', { expectsJsonBody: true }),
       cmd('update', 'PUT', '/connectors/:id', 'Update connector', { expectsJsonBody: true }),
       cmd('delete', 'DELETE', '/connectors/:id', 'Delete connector'),
+      cmd('webhook', 'POST', '/connectors/:id/webhook', 'Trigger connector webhook ingress', { expectsJsonBody: true }),
       cmd('start', 'PUT', '/connectors/:id', 'Start connector', {
         expectsJsonBody: true,
         defaultBody: { action: 'start' },
@@ -199,6 +200,16 @@ const COMMAND_GROUPS = [
         expectsJsonBody: true,
         waitEntityFrom: 'taskId',
       }),
+      cmd('graph', 'GET', '/orchestrator/graph', 'Get orchestrator graph structure'),
+    ],
+  },
+  {
+    name: 'openclaw',
+    description: 'OpenClaw discovery and sync',
+    commands: [
+      cmd('discover', 'GET', '/openclaw/discover', 'Discover OpenClaw gateways'),
+      cmd('directory', 'GET', '/openclaw/directory', 'List directory entries from running OpenClaw connectors'),
+      cmd('sync', 'POST', '/openclaw/sync', 'Run OpenClaw sync action', { expectsJsonBody: true }),
     ],
   },
   {
@@ -208,6 +219,17 @@ const COMMAND_GROUPS = [
       cmd('manage', 'POST', '/preview-server', 'Start/stop/status/detect preview server', { expectsJsonBody: true }),
     ],
   },
+  {
+    name: 'projects',
+    description: 'Manage projects',
+    commands: [
+      cmd('list', 'GET', '/projects', 'List projects'),
+      cmd('get', 'GET', '/projects/:id', 'Get project by id'),
+      cmd('create', 'POST', '/projects', 'Create project', { expectsJsonBody: true }),
+      cmd('update', 'PUT', '/projects/:id', 'Update project', { expectsJsonBody: true }),
+      cmd('delete', 'DELETE', '/projects/:id', 'Delete project'),
+    ],
+  },
   {
     name: 'plugins',
     description: 'Manage plugins and marketplace',
@@ -351,6 +373,7 @@ const COMMAND_GROUPS = [
       cmd('update', 'PUT', '/tasks/:id', 'Update task', { expectsJsonBody: true }),
       cmd('delete', 'DELETE', '/tasks/:id', 'Delete task'),
       cmd('purge', 'DELETE', '/tasks', 'Bulk delete tasks', { expectsJsonBody: true }),
+      cmd('approve', 'POST', '/tasks/:id/approve', 'Approve or reject a pending tool execution', { expectsJsonBody: true }),
     ],
   },
   {
@@ -362,6 +385,11 @@ const COMMAND_GROUPS = [
         responseType: 'binary',
         bodyFlagMap: { text: 'text' },
       }),
+      cmd('stream', 'POST', '/tts/stream', 'Generate streaming TTS audio', {
+        expectsJsonBody: true,
+        responseType: 'binary',
+        bodyFlagMap: { text: 'text' },
+      }),
     ],
   },
   {

package/src/cli/index.ts

@@ -928,7 +928,7 @@ export function buildProgram(): Command {
   connectors
     .command('create')
     .description('Create connector')
-    .requiredOption('--platform <platform>', 'Connector platform (discord|telegram|slack|whatsapp|openclaw)')
+    .requiredOption('--platform <platform>', 'Connector platform (discord|telegram|slack|whatsapp|openclaw|bluebubbles|signal|teams|googlechat|matrix)')
     .requiredOption('--agent-id <agentId>', 'Agent id')
     .option('--name <name>', 'Connector name')
     .option('--credential-id <credentialId>', 'Credential id')

package/src/cli/spec.js

@@ -127,6 +127,7 @@ const COMMAND_GROUPS = {
       run: { description: 'Run orchestrator task now', method: 'POST', path: '/orchestrator/run', waitable: true },
       runs: { description: 'List queued/running/completed runs', method: 'GET', path: '/runs' },
       'run-get': { description: 'Get run by id', method: 'GET', path: '/runs/:id', params: ['id'] },
+      graph: { description: 'Get orchestrator graph structure', method: 'GET', path: '/orchestrator/graph' },
     },
   },
   plugins: {
@@ -243,6 +244,7 @@ const COMMAND_GROUPS = {
       update: { description: 'Update task', method: 'PUT', path: '/tasks/:id', params: ['id'] },
       delete: { description: 'Archive task', method: 'DELETE', path: '/tasks/:id', params: ['id'] },
       archive: { description: 'Archive task', method: 'DELETE', path: '/tasks/:id', params: ['id'] },
+      approve: { description: 'Approve or reject a pending tool execution', method: 'POST', path: '/tasks/:id/approve', params: ['id'] },
     },
   },
   webhooks: {

package/src/components/agents/agent-list.tsx

@@ -16,6 +16,7 @@ export function AgentList({ inSidebar }: Props) {
   const currentUser = useAppStore((s) => s.currentUser)
   const loadSessions = useAppStore((s) => s.loadSessions)
   const setAgentSheetOpen = useAppStore((s) => s.setAgentSheetOpen)
+  const activeProjectFilter = useAppStore((s) => s.activeProjectFilter)
   const [search, setSearch] = useState('')
   const [filter, setFilter] = useState<'all' | 'orchestrator' | 'agent'>('all')
 
@@ -41,10 +42,11 @@ export function AgentList({ inSidebar }: Props) {
         if (search && !p.name.toLowerCase().includes(search.toLowerCase())) return false
         if (filter === 'orchestrator' && !p.isOrchestrator) return false
         if (filter === 'agent' && p.isOrchestrator) return false
+        if (activeProjectFilter && p.projectId !== activeProjectFilter) return false
         return true
       })
       .sort((a, b) => b.updatedAt - a.updatedAt)
-  }, [agents, search, filter])
+  }, [agents, search, filter, activeProjectFilter])
 
   if (!filtered.length && !search) {
     return (