@swarmclawai/swarmclaw 0.5.1 → 0.5.3

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 SwarmClaw Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -20,6 +20,7 @@ Inspired by [OpenClaw](https://github.com/openclaw).
 - Always use the access key authentication (generated on first run)
 - Never expose port 3456 without a reverse proxy + TLS
 - Review agent system prompts before giving them shell or browser tools
+- Repeated failed access key attempts are rate-limited to slow brute-force attacks
 
 ## Features
 
@@ -40,6 +41,8 @@ Inspired by [OpenClaw](https://github.com/openclaw).
 - **Session Run Queue** — Per-session queued runs with followup/steer/collect modes, collect coalescing for bursty inputs, and run-state APIs
 - **Chat Iteration Workflow** — Edit-and-resend user turns, fork a new session from any message, bookmark key messages, use contextual follow-up suggestion chips, and auto-continue after tool access grants
 - **Live Chat Telemetry** — Thinking/tool/responding stream phases, live main-loop status badges, connector activity presence, tone indicator, and optional sound notifications
+- **Global Search Palette** — `Cmd/Ctrl+K` search across agents, tasks, sessions, schedules, webhooks, and skills from anywhere in the app
+- **Notification Center** — Real-time in-app notifications for task/schedule/daemon events with unread tracking and quick actions
 - **Preview-Rich Chat UI** — Side preview panel for tool outputs (image/browser/html/code), inline code/PDF previews for attachments, and image lightbox support
 - **Voice Settings** — Per-instance ElevenLabs API key + voice ID for TTS replies, plus configurable speech recognition language for chat input
 - **Chat Connectors** — Bridge agents to Discord, Slack, Telegram, WhatsApp, BlueBubbles (iMessage), Signal, Microsoft Teams, Google Chat, Matrix, and OpenClaw with media-aware inbound handling
@@ -48,6 +51,7 @@ Inspired by [OpenClaw](https://github.com/openclaw).
 - **Context Management** — Auto-compaction of conversation history when approaching context limits, with manual `context_status` and `context_summarize` tools for agents
 - **Memory** — Per-agent and per-session memory with hybrid FTS5 + vector embeddings search, relevance-based memory recall injected into runs, and periodic auto-journaling for durable execution context
 - **Cost Tracking** — Per-message token counting and cost estimation displayed in the chat header
+- **Provider Health Metrics** — Usage dashboard surfaces provider request volume, success rates, models used, and last-used timestamps
 - **Model Failover** — Automatic key rotation on rate limits and auth errors with configurable fallback credentials
 - **Plugin System** — Extend agent behavior with JS plugins (hooks: beforeAgentStart, afterAgentComplete, beforeToolExec, afterToolExec, onMessage)
 - **Secrets Vault** — Encrypted storage for API keys and service tokens
@@ -81,7 +85,7 @@ curl -fsSL https://raw.githubusercontent.com/swarmclawai/swarmclaw/main/install.
 ```
 
 The installer resolves the latest stable release tag and installs that version by default.
-To pin a version: `SWARMCLAW_VERSION=v0.5.1 curl ... | bash`
+To pin a version: `SWARMCLAW_VERSION=v0.5.3 curl ... | bash`
 
 Or run locally from the repo (friendly for non-technical users):
 
@@ -600,4 +604,4 @@ swarmclaw memory maintenance
 
 ## License
 
-MIT
+[MIT](./LICENSE)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "0.5.1",
+  "version": "0.5.3",
   "description": "Self-hosted AI agent orchestration dashboard — manage LLM providers, orchestrate agent swarms, schedule tasks, and bridge agents to chat platforms.",
   "license": "MIT",
   "repository": {
@@ -84,6 +84,7 @@
     "react-dom": "19.2.3",
     "react-icons": "^5.5.0",
     "react-markdown": "^10.1.0",
+    "recharts": "^3.7.0",
     "rehype-highlight": "^7.0.2",
     "remark-gfm": "^4.0.1",
     "sonner": "^2.0.7",

package/src/app/api/activity/route.ts

@@ -0,0 +1,30 @@
+import { NextResponse } from 'next/server'
+import { loadActivity } from '@/lib/server/storage'
+export const dynamic = 'force-dynamic'
+
+export async function GET(req: Request) {
+  const { searchParams } = new URL(req.url)
+  const entityType = searchParams.get('entityType')
+  const entityId = searchParams.get('entityId')
+  const action = searchParams.get('action')
+  const since = searchParams.get('since')
+  const limit = Math.min(200, Math.max(1, Number(searchParams.get('limit')) || 50))
+
+  const all = loadActivity()
+  let entries = Object.values(all) as Array<Record<string, unknown>>
+
+  if (entityType) entries = entries.filter((e) => e.entityType === entityType)
+  if (entityId) entries = entries.filter((e) => e.entityId === entityId)
+  if (action) entries = entries.filter((e) => e.action === action)
+  if (since) {
+    const sinceMs = Number(since)
+    if (Number.isFinite(sinceMs)) {
+      entries = entries.filter((e) => typeof e.timestamp === 'number' && e.timestamp >= sinceMs)
+    }
+  }
+
+  entries.sort((a, b) => (b.timestamp as number) - (a.timestamp as number))
+  entries = entries.slice(0, limit)
+
+  return NextResponse.json(entries)
+}

package/src/app/api/agents/[id]/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import { loadAgents, saveAgents, loadSessions, saveSessions } from '@/lib/server/storage'
+import { loadAgents, saveAgents, loadSessions, saveSessions, logActivity } from '@/lib/server/storage'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 import { mutateItem, notFound, type CollectionOps } from '@/lib/server/collection-helpers'
 
@@ -22,6 +22,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
     return agent
   })
   if (!result) return notFound()
+  logActivity({ entityType: 'agent', entityId: id, action: 'updated', actor: 'user', summary: `Agent updated: "${result.name}"` })
   return NextResponse.json(result)
 }
 
@@ -33,6 +34,7 @@ export async function DELETE(_req: Request, { params }: { params: Promise<{ id:
     return agent
   })
   if (!result) return notFound()
+  logActivity({ entityType: 'agent', entityId: id, action: 'deleted', actor: 'user', summary: `Agent trashed: "${result.name}"` })
 
   // Detach sessions from the trashed agent
   const sessions = loadSessions()

package/src/app/api/agents/route.ts

@@ -1,6 +1,6 @@
 import { NextResponse } from 'next/server'
 import { genId } from '@/lib/id'
-import { loadAgents, saveAgents } from '@/lib/server/storage'
+import { loadAgents, saveAgents, logActivity } from '@/lib/server/storage'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 import { notify } from '@/lib/server/ws-hub'
 export const dynamic = 'force-dynamic'
@@ -33,6 +33,7 @@ export async function POST(req: Request) {
     updatedAt: now,
   }
   saveAgents(agents)
+  logActivity({ entityType: 'agent', entityId: id, action: 'created', actor: 'user', summary: `Agent created: "${agents[id].name}"` })
   notify('agents')
   return NextResponse.json(agents[id])
 }

package/src/app/api/connectors/[id]/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import { loadConnectors, saveConnectors } from '@/lib/server/storage'
+import { loadConnectors, saveConnectors, logActivity } from '@/lib/server/storage'
 import { notify } from '@/lib/server/ws-hub'
 import { notFound } from '@/lib/server/collection-helpers'
 
@@ -39,10 +39,13 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
       const manager = await import('@/lib/server/connectors/manager')
       if (body.action === 'start') {
         await manager.startConnector(id)
+        logActivity({ entityType: 'connector', entityId: id, action: 'started', actor: 'user', summary: `Connector started: "${connector.name}"` })
       } else if (body.action === 'stop') {
         await manager.stopConnector(id)
+        logActivity({ entityType: 'connector', entityId: id, action: 'stopped', actor: 'user', summary: `Connector stopped: "${connector.name}"` })
       } else {
         await manager.repairConnector(id)
+        logActivity({ entityType: 'connector', entityId: id, action: 'started', actor: 'user', summary: `Connector repaired: "${connector.name}"` })
       }
     } catch (err: unknown) {
       // Re-read to get the error state saved by startConnector

package/src/app/api/notifications/[id]/route.ts

@@ -0,0 +1,27 @@
+import { NextResponse } from 'next/server'
+import { loadNotifications, markNotificationRead, deleteNotification } from '@/lib/server/storage'
+import { notify } from '@/lib/server/ws-hub'
+
+export async function PUT(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const all = loadNotifications()
+  if (!all[id]) {
+    return NextResponse.json({ error: 'Not found' }, { status: 404 })
+  }
+
+  markNotificationRead(id)
+  notify('notifications')
+  return NextResponse.json({ ok: true })
+}
+
+export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const all = loadNotifications()
+  if (!all[id]) {
+    return NextResponse.json({ error: 'Not found' }, { status: 404 })
+  }
+
+  deleteNotification(id)
+  notify('notifications')
+  return NextResponse.json({ ok: true })
+}

package/src/app/api/notifications/route.ts

@@ -0,0 +1,64 @@
+import { NextResponse } from 'next/server'
+import { genId } from '@/lib/id'
+import { loadNotifications, saveNotification, deleteNotification } from '@/lib/server/storage'
+import { notify } from '@/lib/server/ws-hub'
+import type { AppNotification } from '@/types'
+export const dynamic = 'force-dynamic'
+
+export async function GET(req: Request) {
+  const { searchParams } = new URL(req.url)
+  const unreadOnly = searchParams.get('unreadOnly') === 'true'
+  const limit = Math.min(200, Math.max(1, Number(searchParams.get('limit')) || 100))
+
+  const all = loadNotifications()
+  let entries = Object.values(all) as AppNotification[]
+
+  if (unreadOnly) {
+    entries = entries.filter((e) => !e.read)
+  }
+
+  entries.sort((a, b) => b.createdAt - a.createdAt)
+  entries = entries.slice(0, limit)
+
+  return NextResponse.json(entries)
+}
+
+export async function POST(req: Request) {
+  const body = (await req.json()) as Record<string, unknown>
+  const id = genId()
+  const notification: AppNotification = {
+    id,
+    type: (['info', 'success', 'warning', 'error'].includes(body.type as string) ? body.type : 'info') as AppNotification['type'],
+    title: typeof body.title === 'string' ? body.title : 'Notification',
+    message: typeof body.message === 'string' ? body.message : undefined,
+    entityType: typeof body.entityType === 'string' ? body.entityType : undefined,
+    entityId: typeof body.entityId === 'string' ? body.entityId : undefined,
+    read: false,
+    createdAt: Date.now(),
+  }
+
+  saveNotification(id, notification)
+  notify('notifications')
+  return NextResponse.json(notification, { status: 201 })
+}
+
+export async function DELETE(req: Request) {
+  const { searchParams } = new URL(req.url)
+  const specificId = searchParams.get('id')
+
+  if (specificId) {
+    deleteNotification(specificId)
+  } else {
+    // Clear all read notifications
+    const all = loadNotifications()
+    for (const raw of Object.values(all)) {
+      const entry = raw as AppNotification
+      if (entry.read) {
+        deleteNotification(entry.id)
+      }
+    }
+  }
+
+  notify('notifications')
+  return NextResponse.json({ ok: true })
+}

package/src/app/api/openclaw/approvals/route.ts

@@ -17,6 +17,19 @@ export async function GET() {
   }
 }
 
+/* ── Conflict-detection: track recently resolved approval IDs in-process ── */
+const resolvedKey = '__swarmclaw_resolved_approvals__'
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const resolved: Map<string, number> = (globalThis as any)[resolvedKey] ?? ((globalThis as any)[resolvedKey] = new Map<string, number>())
+const RESOLVED_TTL_MS = 5 * 60 * 1000
+
+function pruneResolved() {
+  const cutoff = Date.now() - RESOLVED_TTL_MS
+  for (const [k, ts] of resolved) {
+    if (ts < cutoff) resolved.delete(k)
+  }
+}
+
 /** POST { id, decision } — resolve an execution approval */
 export async function POST(req: Request) {
   const body = await req.json()
@@ -31,6 +44,12 @@ export async function POST(req: Request) {
     return NextResponse.json({ error: 'Invalid decision' }, { status: 400 })
   }
 
+  // Conflict detection — prevent duplicate resolution
+  pruneResolved()
+  if (resolved.has(id)) {
+    return NextResponse.json({ error: 'Already resolved' }, { status: 409 })
+  }
+
   const gw = await ensureGatewayConnected()
   if (!gw) {
     return NextResponse.json({ error: 'OpenClaw gateway not connected' }, { status: 503 })
@@ -38,6 +57,7 @@ export async function POST(req: Request) {
 
   try {
     await gw.rpc('exec.approvals.resolve', { id, decision })
+    resolved.set(id, Date.now())
     return NextResponse.json({ ok: true })
   } catch (err: unknown) {
     const message = err instanceof Error ? err.message : String(err)

package/src/app/api/search/route.ts

@@ -0,0 +1,105 @@
+import { NextResponse } from 'next/server'
+import {
+  loadTasks,
+  loadAgents,
+  loadSessions,
+  loadSchedules,
+  loadWebhooks,
+  loadSkills,
+} from '@/lib/server/storage'
+
+interface SearchResult {
+  type: 'task' | 'agent' | 'session' | 'schedule' | 'webhook' | 'skill'
+  id: string
+  title: string
+  description?: string
+  status?: string
+}
+
+const MAX_RESULTS = 20
+
+function matches(haystack: string | undefined | null, needle: string): boolean {
+  if (!haystack) return false
+  return haystack.toLowerCase().includes(needle)
+}
+
+function searchCollection(
+  collection: Record<string, Record<string, unknown>>,
+  type: SearchResult['type'],
+  needle: string,
+  titleKey: string,
+  descKey: string,
+  statusKey?: string,
+): SearchResult[] {
+  const results: SearchResult[] = []
+  for (const [id, item] of Object.entries(collection)) {
+    const title = item[titleKey] as string | undefined
+    const desc = item[descKey] as string | undefined
+    const idStr = typeof item.id === 'string' ? item.id : id
+    if (matches(title, needle) || matches(desc, needle) || matches(idStr, needle)) {
+      results.push({
+        type,
+        id,
+        title: title || idStr || id,
+        description: desc ? desc.slice(0, 120) : undefined,
+        status: statusKey ? (item[statusKey] as string | undefined) : undefined,
+      })
+    }
+  }
+  return results
+}
+
+export async function GET(req: Request) {
+  const { searchParams } = new URL(req.url)
+  const q = (searchParams.get('q') || '').trim().toLowerCase()
+
+  if (q.length < 2) {
+    return NextResponse.json({ results: [] })
+  }
+
+  const tasks = loadTasks() as Record<string, Record<string, unknown>>
+  const agents = loadAgents() as Record<string, Record<string, unknown>>
+  const sessions = loadSessions() as Record<string, Record<string, unknown>>
+  const schedules = loadSchedules() as Record<string, Record<string, unknown>>
+  const webhooks = loadWebhooks() as Record<string, Record<string, unknown>>
+  const skills = loadSkills() as Record<string, Record<string, unknown>>
+
+  const buckets: SearchResult[][] = [
+    searchCollection(agents, 'agent', q, 'name', 'description'),
+    searchCollection(tasks, 'task', q, 'title', 'description', 'status'),
+    searchCollection(sessions, 'session', q, 'name', 'cwd'),
+    searchCollection(schedules, 'schedule', q, 'name', 'taskPrompt', 'status'),
+    searchCollection(webhooks, 'webhook', q, 'name', 'source'),
+    searchCollection(skills, 'skill', q, 'name', 'description'),
+  ]
+
+  // Proportional allocation across types
+  const totalRaw = buckets.reduce((s, b) => s + b.length, 0)
+  if (totalRaw === 0) {
+    return NextResponse.json({ results: [] })
+  }
+
+  const results: SearchResult[] = []
+  if (totalRaw <= MAX_RESULTS) {
+    for (const bucket of buckets) results.push(...bucket)
+  } else {
+    // Give each bucket a fair share, round-robin leftover slots
+    const perBucket = Math.floor(MAX_RESULTS / buckets.length)
+    let remaining = MAX_RESULTS
+    for (const bucket of buckets) {
+      const take = Math.min(bucket.length, perBucket)
+      results.push(...bucket.slice(0, take))
+      remaining -= take
+    }
+    // Fill remaining slots from buckets that had more
+    for (const bucket of buckets) {
+      if (remaining <= 0) break
+      const alreadyTaken = Math.min(bucket.length, perBucket)
+      const extra = bucket.slice(alreadyTaken, alreadyTaken + remaining)
+      results.push(...extra)
+      remaining -= extra.length
+    }
+  }
+
+  return NextResponse.json({ results })
+}

package/src/app/api/tasks/[id]/route.ts

@@ -1,12 +1,13 @@
 import { genId } from '@/lib/id'
 import { NextResponse } from 'next/server'
-import { loadTasks, saveTasks } from '@/lib/server/storage'
+import { loadTasks, saveTasks, logActivity } from '@/lib/server/storage'
 import { notFound } from '@/lib/server/collection-helpers'
 import { disableSessionHeartbeat, enqueueTask, validateCompletedTasksQueue } from '@/lib/server/queue'
 import { ensureTaskCompletionReport } from '@/lib/server/task-reports'
 import { formatValidationFailure, validateTaskCompletion } from '@/lib/server/task-validation'
 import { pushMainLoopEventToMainSessions } from '@/lib/server/main-agent-loop'
 import { notify } from '@/lib/server/ws-hub'
+import { createNotification } from '@/lib/server/create-notification'
 
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   // Keep completed queue integrity even if daemon is not running.
@@ -65,6 +66,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   }
 
   saveTasks(tasks)
+  logActivity({ entityType: 'task', entityId: id, action: 'updated', actor: 'user', summary: `Task updated: "${tasks[id].title}" (${prevStatus} → ${tasks[id].status})` })
   if (prevStatus !== tasks[id].status) {
     pushMainLoopEventToMainSessions({
       type: 'task_status_changed',
@@ -75,6 +77,47 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   // If task is manually transitioned to a terminal status, disable session heartbeat.
   if (prevStatus !== tasks[id].status && (tasks[id].status === 'completed' || tasks[id].status === 'failed')) {
     disableSessionHeartbeat(tasks[id].sessionId)
+    createNotification({
+      type: tasks[id].status === 'completed' ? 'success' : 'error',
+      title: `Task ${tasks[id].status}: "${tasks[id].title}"`,
+      message: tasks[id].status === 'failed' ? tasks[id].error?.slice(0, 200) : undefined,
+      entityType: 'task',
+      entityId: id,
+    })
+  }
+
+  // Dependency check: cannot queue a task if any blocker is incomplete
+  if (tasks[id].status === 'queued') {
+    const blockers = Array.isArray(tasks[id].blockedBy) ? tasks[id].blockedBy : []
+    const incompleteBlocker = blockers.find((bid: string) => tasks[bid] && tasks[bid].status !== 'completed')
+    if (incompleteBlocker) {
+      // Revert status change and reject
+      tasks[id].status = prevStatus
+      tasks[id].updatedAt = Date.now()
+      saveTasks(tasks)
+      return NextResponse.json(
+        { error: 'Cannot queue: blocked by incomplete tasks', blockedBy: incompleteBlocker },
+        { status: 409 },
+      )
+    }
+  }
+
+  // When a task is completed, auto-unblock dependent tasks
+  if (tasks[id].status === 'completed') {
+    const blockedIds = Array.isArray(tasks[id].blocks) ? tasks[id].blocks as string[] : []
+    for (const blockedId of blockedIds) {
+      const blocked = tasks[blockedId]
+      if (!blocked) continue
+      const deps = Array.isArray(blocked.blockedBy) ? blocked.blockedBy as string[] : []
+      const allDone = deps.every((depId: string) => tasks[depId]?.status === 'completed')
+      if (allDone && (blocked.status === 'backlog' || blocked.status === 'todo')) {
+        blocked.status = 'queued'
+        blocked.queuedAt = Date.now()
+        blocked.updatedAt = Date.now()
+        saveTasks(tasks)
+        enqueueTask(blockedId)
+      }
+    }
   }
 
   // If status changed to 'queued', enqueue it
@@ -96,6 +139,7 @@ export async function DELETE(_req: Request, { params }: { params: Promise<{ id:
   tasks[id].archivedAt = Date.now()
   tasks[id].updatedAt = Date.now()
   saveTasks(tasks)
+  logActivity({ entityType: 'task', entityId: id, action: 'deleted', actor: 'user', summary: `Task archived: "${tasks[id].title}"` })
   pushMainLoopEventToMainSessions({
     type: 'task_archived',
     text: `Task archived: "${tasks[id].title}" (${id}).`,

package/src/app/api/tasks/route.ts

@@ -1,6 +1,6 @@
 import { NextResponse } from 'next/server'
 import { genId } from '@/lib/id'
-import { loadTasks, saveTasks, loadSettings } from '@/lib/server/storage'
+import { loadTasks, saveTasks, loadSettings, logActivity } from '@/lib/server/storage'
 import { enqueueTask, validateCompletedTasksQueue } from '@/lib/server/queue'
 import { ensureTaskCompletionReport } from '@/lib/server/task-reports'
 import { formatValidationFailure, validateTaskCompletion } from '@/lib/server/task-validation'
@@ -88,6 +88,11 @@ export async function POST(req: Request) {
     retryScheduledAt: null,
     deadLetteredAt: null,
     checkpoint: null,
+    blockedBy: Array.isArray(body.blockedBy) ? body.blockedBy.filter((s: unknown) => typeof s === 'string') : [],
+    blocks: Array.isArray(body.blocks) ? body.blocks.filter((s: unknown) => typeof s === 'string') : [],
+    tags: Array.isArray(body.tags) ? body.tags.filter((s: unknown) => typeof s === 'string') : [],
+    dueAt: typeof body.dueAt === 'number' ? body.dueAt : null,
+    customFields: body.customFields && typeof body.customFields === 'object' ? body.customFields : undefined,
   }
 
   if (tasks[id].status === 'completed') {
@@ -106,6 +111,7 @@ export async function POST(req: Request) {
   }
 
   saveTasks(tasks)
+  logActivity({ entityType: 'task', entityId: id, action: 'created', actor: 'user', summary: `Task created: "${tasks[id].title}"` })
   pushMainLoopEventToMainSessions({
     type: 'task_created',
     text: `Task created: "${tasks[id].title}" (${id}) with status ${tasks[id].status}.`,