@swarmclawai/swarmclaw 0.6.3 → 0.6.6

package/README.md

@@ -118,20 +118,20 @@ Notes:
 - **Orchestration** — Multi-agent workflows powered by LangGraph with automatic sub-agent routing, checkpointed execution, and rich delegation cards that link to sub-agent chat threads
 - **Agentic Execution Policy** — Tool-first autonomous action loop with progress updates, evidence-driven answers, and better use of platform tools for long-lived work
 - **Runtime Date/Time Grounding** — Session, orchestrator, chatroom, and connector prompts include authoritative current timestamp context to reduce stale-date behavior
-- **Task Board** — Queue and track agent tasks with status, comments, results, and archiving. Strict capability policy pauses tasks for human approval before tool execution
+- **Task Board** — Queue and track agent tasks with status, comments, structured result artifacts (`outputFiles`, uploads), completion reports, and archiving. Strict capability policy pauses tasks for human approval before tool execution
 - **Task Metrics API** — Built-in analytics endpoint for WIP, cycle times, throughput velocity, completion/failure by agent, and priority distribution
 - **Background Daemon** — Auto-processes queued tasks and scheduled jobs with a 30s heartbeat plus recurring health monitoring
 - **Scheduling** — Cron-based agent scheduling with human-friendly presets
 - **Loop Runtime Controls** — Switch between bounded and ongoing loops with configurable step caps, runtime guards, heartbeat cadence, and timeout budgets
 - **Session Run Queue** — Per-session queued runs with followup/steer/collect modes, collect coalescing for bursty inputs, and run-state APIs
 - **Chat Iteration Workflow** — Edit-and-resend user turns, fork a new session from any message, bookmark key messages, use contextual follow-up suggestion chips, and auto-continue after tool access grants
-- **Agent Chatrooms** — Multi-agent room conversations with `@mention` routing, chained agent replies, reactions, and file/image-aware chat context
+- **Agent Chatrooms** — Multi-agent room conversations with `@mention` routing, chained agent replies, reactions, file/image-aware context, health-aware member filtering, and persistent context compaction for long-lived rooms
 - **Live Chat Telemetry** — Thinking/tool/responding stream phases, live main-loop status badges, connector activity presence, tone indicator, and optional sound notifications
 - **Global Search Palette** — `Cmd/Ctrl+K` search across agents, tasks, sessions, schedules, webhooks, and skills from anywhere in the app
 - **Notification Center** — Real-time in-app notifications for task/schedule/daemon events with unread tracking, mark-all/clear-read controls, and optional action links
 - **Preview-Rich Chat UI** — Side preview panel for tool outputs (image/browser/html/code), inline code/PDF previews for attachments, and image lightbox support
 - **Voice Settings** — Per-instance ElevenLabs API key + voice ID for TTS replies, plus configurable speech recognition language for chat input
-- **Chat Connectors** — Bridge agents to Discord, Slack, Telegram, WhatsApp, BlueBubbles (iMessage), Signal, Microsoft Teams, Google Chat, Matrix, and OpenClaw with media-aware inbound handling
+- **Chat Connectors** — Bridge agents to Discord, Slack, Telegram, WhatsApp, BlueBubbles (iMessage), Signal, Microsoft Teams, Google Chat, Matrix, and OpenClaw with media-aware inbound handling, inbound voice-note transcription (ElevenLabs/OpenAI fallback), and WhatsApp-friendly plain-text formatting
 - **Skills System** — Discover local skills, import skills from URL, and load OpenClaw `SKILL.md` files (frontmatter-compatible)
 - **Execution Logging** — Structured audit trail for triggers, tool calls, file ops, commits, and errors in a dedicated `logs.db`
 - **Context Management** — Auto-compaction of conversation history when approaching context limits, with manual `context_status` and `context_summarize` tools for agents
@@ -157,6 +157,7 @@ CREDENTIAL_SECRET=<auto-generated> # AES-256 encryption key for stored credentia
 ```
 
 Data is stored in `data/swarmclaw.db` (SQLite with WAL mode), `data/memory.db` (agent memory with FTS5 + vector embeddings), `data/logs.db` (execution audit trail), and `data/langgraph-checkpoints.db` (orchestrator checkpoints). Back the `data/` directory up if you care about your sessions, agents, and credentials. Existing JSON file data is auto-migrated to SQLite on first run.
+Agent wallet private keys are stored encrypted (AES-256 via `CREDENTIAL_SECRET`) in `data/swarmclaw.db` and are never returned by wallet API responses; keep `data/` out of version control.
 
 The app listens on two ports: `PORT` (default 3456) for the HTTP/SSE API, and `PORT + 1` (default 3457) for WebSocket push notifications. The WS port can be customized with `--ws-port`.
 
@@ -288,6 +289,7 @@ Agents can use the following tools when enabled:
 | HTTP Request | Make direct API calls with method, headers, body, redirect control, and timeout |
 | Git | Run structured git subcommands (`status`, `diff`, `log`, `add`, `commit`, `push`, etc.) with repo safety checks |
 | Memory | Store and retrieve long-term memories with FTS5 + vector search, file references, image attachments, and linked memory graph traversal |
+| Wallet | Manage an agent-linked Solana wallet (`wallet_tool`) to check balance/address, send SOL (limits + approval), and review transaction history |
 | Sandbox | Run JS/TS (Deno) or Python code in an isolated sandbox. Created files are returned as downloadable artifacts |
 | MCP Servers | Connect to external Model Context Protocol servers. Tools from MCP servers are injected as first-class agent tools |
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "0.6.3",
+  "version": "0.6.6",
   "description": "Self-hosted AI agent orchestration dashboard — manage LLM providers, orchestrate agent swarms, schedule tasks, and bridge agents to chat platforms.",
   "license": "MIT",
   "repository": {
@@ -45,6 +45,7 @@
     "build:ci": "NEXT_DISABLE_ESLINT=1 next build",
     "start": "next start",
     "start:standalone": "node .next/standalone/server.js",
+    "benchmark:autonomy": "node ./scripts/benchmark-autonomy-harness.mjs",
     "lint": "eslint",
     "lint:fix": "eslint --fix",
     "lint:baseline": "node ./scripts/lint-baseline.mjs check",
@@ -63,8 +64,10 @@
     "@multiavatar/multiavatar": "^1.0.7",
     "@playwright/mcp": "^0.0.68",
     "@slack/bolt": "^4.6.0",
+    "@solana/web3.js": "^1.98.4",
     "@whiskeysockets/baileys": "^7.0.0-rc.9",
     "better-sqlite3": "^12.6.2",
+    "bs58": "^5.0.0",
     "cheerio": "^1.2.0",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
@@ -90,6 +93,7 @@
     "recharts": "^3.7.0",
     "rehype-highlight": "^7.0.2",
     "remark-gfm": "^4.0.1",
+    "remove-markdown": "^0.6.3",
     "sonner": "^2.0.7",
     "tailwind-merge": "^3.4.1",
     "ws": "^8.19.0",

package/src/app/api/chatrooms/[id]/chat/route.ts

@@ -8,11 +8,14 @@ import { getProvider } from '@/lib/providers'
 import {
   resolveApiKey,
   parseMentions,
+  compactChatroomMessages,
   buildChatroomSystemPrompt,
   buildSyntheticSession,
   buildAgentSystemPromptForChatroom,
   buildHistoryForAgent,
 } from '@/lib/server/chatroom-helpers'
+import { filterHealthyChatroomAgents } from '@/lib/server/chatroom-health'
+import { markProviderFailure, markProviderSuccess } from '@/lib/server/provider-health'
 import type { Chatroom, ChatroomMessage, Agent } from '@/types'
 
 export const dynamic = 'force-dynamic'
@@ -49,6 +52,8 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   if (chatroom.autoAddress && mentions.length === 0) {
     mentions = [...chatroom.agentIds]
   }
+  const mentionHealth = filterHealthyChatroomAgents(mentions, agents)
+  mentions = mentionHealth.healthyAgentIds
   const userMessage: ChatroomMessage = {
     id: genId(),
     senderId,
@@ -63,6 +68,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
     ...(replyToId ? { replyToId } : {}),
   }
   chatroom.messages.push(userMessage)
+  compactChatroomMessages(chatroom)
   chatroom.updatedAt = Date.now()
   chatrooms[id] = chatroom
   saveChatrooms(chatrooms)
@@ -94,6 +100,22 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
       }
 
       const processAgents = async () => {
+        if (mentionHealth.skipped.length > 0) {
+          const detail = mentionHealth.skipped
+            .map((row) => `${agents[row.agentId]?.name || row.agentId}: ${row.reason}`)
+            .join(', ')
+          writeEvent({ t: 'err', text: `Skipped agents: ${detail}` })
+        }
+        if (mentions.length === 0) {
+          writeEvent({ t: 'err', text: 'No healthy agents available in this chatroom. Check provider credentials/endpoints and retry.' })
+          writeEvent({ t: 'done' })
+          if (!closed) {
+            try { controller.close() } catch { /* already closed */ }
+            closed = true
+          }
+          return
+        }
+
         // Build agent queue: start with mentioned agents, then chain
         const initialQueue: Array<{ agentId: string; depth: number; contextMessage?: string }> = mentions.map((aid) => ({ agentId: aid, depth: 0 }))
         const processed = new Set<string>()
@@ -128,6 +150,11 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
           try {
             const freshChatrooms = loadChatrooms()
             const freshChatroom = freshChatrooms[id] as Chatroom
+            if (compactChatroomMessages(freshChatroom)) {
+              freshChatrooms[id] = freshChatroom
+              saveChatrooms(freshChatrooms)
+              notify(`chatroom:${id}`)
+            }
 
             const syntheticSession = buildSyntheticSession(agent, id)
             const agentSystemPrompt = buildAgentSystemPromptForChatroom(agent)
@@ -170,16 +197,25 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
               history,
             })
 
-            const responseText = result.fullText || fullText
+            const responseText = result.finalResponse || result.fullText || fullText
 
             // Don't persist empty or error-only messages — they pollute chat history
             if (!responseText.trim() && agentError) {
+              markProviderFailure(agent.provider, agentError)
               writeEvent({ t: 'cr_agent_done', agentId: agent.id, agentName: agent.name })
               return []
             }
 
             if (responseText.trim()) {
-              const newMentions = parseMentions(responseText, agents, freshChatroom.agentIds)
+              const parsedMentions = parseMentions(responseText, agents, freshChatroom.agentIds)
+              const chainedHealth = filterHealthyChatroomAgents(parsedMentions, agents)
+              const newMentions = chainedHealth.healthyAgentIds
+              if (chainedHealth.skipped.length > 0) {
+                const detail = chainedHealth.skipped
+                  .map((row) => `${agents[row.agentId]?.name || row.agentId}: ${row.reason}`)
+                  .join(', ')
+                writeEvent({ t: 'err', text: `Mentioned agents skipped: ${detail}`, agentId: agent.id, agentName: agent.name })
+              }
               const agentMessage: ChatroomMessage = {
                 id: genId(),
                 senderId: agent.id,
@@ -198,16 +234,19 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
               saveChatrooms(latestChatrooms)
               notify(`chatroom:${id}`)
 
+              markProviderSuccess(agent.provider)
               writeEvent({ t: 'cr_agent_done', agentId: agent.id, agentName: agent.name })
 
               // Return chained agent IDs — enriched context is built below when queuing
               return newMentions.filter((mid) => !processed.has(mid) && freshChatroom.agentIds.includes(mid))
             }
 
+            markProviderSuccess(agent.provider)
             writeEvent({ t: 'cr_agent_done', agentId: agent.id, agentName: agent.name })
             return []
           } catch (err: unknown) {
             const msg = err instanceof Error ? err.message : String(err)
+            markProviderFailure(agent.provider, msg)
             writeEvent({ t: 'err', text: `Agent ${agent.name} error: ${msg}`, agentId: agent.id })
             writeEvent({ t: 'cr_agent_done', agentId: agent.id, agentName: agent.name })
             return []

package/src/app/api/chatrooms/[id]/route.ts

@@ -21,16 +21,30 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
 
   if (body.name !== undefined) chatroom.name = body.name
   if (body.description !== undefined) chatroom.description = body.description
+  if (body.chatMode !== undefined) {
+    chatroom.chatMode = body.chatMode === 'parallel' ? 'parallel' : 'sequential'
+  }
+  if (body.autoAddress !== undefined) {
+    chatroom.autoAddress = Boolean(body.autoAddress)
+  }
 
   // Diff agentIds and inject join/leave system messages
   if (Array.isArray(body.agentIds)) {
+    const agents = loadAgents()
+    const invalidAgentIds = (body.agentIds as string[]).filter((agentId) => !agents[agentId])
+    if (invalidAgentIds.length > 0) {
+      return NextResponse.json(
+        { error: `Unknown chatroom member(s): ${invalidAgentIds.join(', ')}` },
+        { status: 400 },
+      )
+    }
+
     const oldIds = new Set(chatroom.agentIds)
     const newIds = new Set(body.agentIds as string[])
     const added = (body.agentIds as string[]).filter((aid: string) => !oldIds.has(aid))
     const removed = chatroom.agentIds.filter((aid: string) => !newIds.has(aid))
 
     if (added.length > 0 || removed.length > 0) {
-      const agents = loadAgents()
       if (!Array.isArray(chatroom.messages)) chatroom.messages = []
       const now = Date.now()
       let offset = 0

package/src/app/api/chatrooms/route.ts

@@ -16,11 +16,22 @@ export async function POST(req: Request) {
   const chatrooms = loadChatrooms()
   const id = genId()
 
-  const agentIds: string[] = Array.isArray(body.agentIds) ? body.agentIds : []
+  const requestedAgentIds: string[] = Array.isArray(body.agentIds) ? body.agentIds : []
+  const knownAgents = loadAgents()
+  const invalidAgentIds = requestedAgentIds.filter((agentId) => !knownAgents[agentId])
+  if (invalidAgentIds.length > 0) {
+    return NextResponse.json(
+      { error: `Unknown chatroom member(s): ${invalidAgentIds.join(', ')}` },
+      { status: 400 },
+    )
+  }
+  const agentIds: string[] = requestedAgentIds
+  const chatMode = body.chatMode === 'parallel' ? 'parallel' : 'sequential'
+  const autoAddress = Boolean(body.autoAddress)
   const now = Date.now()
 
   // Generate join messages for initial agents
-  const agents = agentIds.length > 0 ? loadAgents() : {}
+  const agents = agentIds.length > 0 ? knownAgents : {}
   const joinMessages: ChatroomMessage[] = agentIds.map((agentId: string, i: number) => ({
     id: genId(),
     senderId: 'system',
@@ -38,6 +49,8 @@ export async function POST(req: Request) {
     description: body.description || '',
     agentIds,
     messages: joinMessages,
+    chatMode,
+    autoAddress,
     createdAt: now,
     updatedAt: now,
   }

package/src/app/api/schedules/[id]/run/route.ts

@@ -53,7 +53,10 @@ export async function POST(_req: Request, { params }: { params: Promise<{ id: st
     existingTask.title = `[Sched] ${schedule.name} (run #${schedule.runNumber})`
     existingTask.result = null
     existingTask.error = null
+    existingTask.outputFiles = []
+    existingTask.artifacts = []
     existingTask.sessionId = null
+    existingTask.completionReportPath = null
     existingTask.updatedAt = now
     existingTask.queuedAt = null
     existingTask.startedAt = null

package/src/app/api/tasks/route.ts

@@ -84,6 +84,30 @@ export async function POST(req: Request) {
     sessionId: typeof body.sessionId === 'string' ? body.sessionId : null,
     result: typeof body.result === 'string' ? body.result : null,
     error: typeof body.error === 'string' ? body.error : null,
+    outputFiles: Array.isArray(body.outputFiles)
+      ? body.outputFiles.filter((entry: unknown) => typeof entry === 'string').slice(0, 24)
+      : [],
+    artifacts: Array.isArray(body.artifacts)
+      ? body.artifacts
+          .filter((artifact: unknown) => artifact && typeof artifact === 'object')
+          .map((artifact: unknown) => {
+            const row = artifact as {
+              url?: unknown
+              type?: unknown
+              filename?: unknown
+            }
+            const normalizedType = String(row.type || '')
+            return {
+              url: String(row.url || ''),
+              type: ['image', 'video', 'pdf', 'file'].includes(normalizedType)
+                ? (normalizedType as 'image' | 'video' | 'pdf' | 'file')
+                : 'file',
+              filename: String(row.filename || ''),
+            }
+          })
+          .filter((artifact: { url: string; filename: string }) => artifact.url && artifact.filename)
+          .slice(0, 24)
+      : [],
     createdAt: now,
     updatedAt: now,
     queuedAt: null,

package/src/app/api/wallets/[id]/approve/route.ts

@@ -0,0 +1,62 @@
+import { NextResponse } from 'next/server'
+import { loadWallets, loadWalletTransactions, upsertWalletTransaction } from '@/lib/server/storage'
+import { sendSol } from '@/lib/server/solana'
+import { notify } from '@/lib/server/ws-hub'
+import type { AgentWallet, WalletTransaction } from '@/types'
+export const dynamic = 'force-dynamic'
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const wallets = loadWallets() as Record<string, AgentWallet>
+  const wallet = wallets[id]
+  if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+
+  const body = await req.json()
+  const transactionId = typeof body.transactionId === 'string' ? body.transactionId.trim() : ''
+  const decision = body.decision as 'approve' | 'deny'
+
+  if (!transactionId) {
+    return NextResponse.json({ error: 'transactionId is required' }, { status: 400 })
+  }
+  if (decision !== 'approve' && decision !== 'deny') {
+    return NextResponse.json({ error: 'decision must be "approve" or "deny"' }, { status: 400 })
+  }
+
+  const allTxs = loadWalletTransactions() as Record<string, WalletTransaction>
+  const tx = allTxs[transactionId]
+  if (!tx || tx.walletId !== id) {
+    return NextResponse.json({ error: 'Transaction not found' }, { status: 404 })
+  }
+  if (tx.status !== 'pending_approval') {
+    return NextResponse.json({ error: `Transaction is already ${tx.status}` }, { status: 409 })
+  }
+
+  if (decision === 'deny') {
+    tx.status = 'denied'
+    tx.approvedBy = 'user'
+    upsertWalletTransaction(transactionId, tx)
+    notify('wallets')
+    return NextResponse.json({ status: 'denied', transactionId })
+  }
+
+  // Approve — sign and submit
+  try {
+    const { signature, fee } = await sendSol(wallet.encryptedPrivateKey, tx.toAddress, tx.amountLamports)
+    tx.status = 'confirmed'
+    tx.signature = signature
+    tx.feeLamports = fee
+    tx.approvedBy = 'user'
+    upsertWalletTransaction(transactionId, tx)
+    notify('wallets')
+    return NextResponse.json({ status: 'confirmed', transactionId, signature })
+  } catch (err: unknown) {
+    tx.status = 'failed'
+    upsertWalletTransaction(transactionId, tx)
+    notify('wallets')
+    return NextResponse.json({
+      error: err instanceof Error ? err.message : String(err),
+      transactionId,
+      status: 'failed',
+    }, { status: 500 })
+  }
+}

package/src/app/api/wallets/[id]/balance-history/route.ts

@@ -0,0 +1,18 @@
+import { NextResponse } from 'next/server'
+import { loadWallets, loadWalletBalanceHistory } from '@/lib/server/storage'
+import type { AgentWallet, WalletBalanceSnapshot } from '@/types'
+export const dynamic = 'force-dynamic'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const wallets = loadWallets() as Record<string, AgentWallet>
+  const wallet = wallets[id]
+  if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+
+  const allSnapshots = loadWalletBalanceHistory() as Record<string, WalletBalanceSnapshot>
+  const walletSnapshots = Object.values(allSnapshots)
+    .filter((s) => s.walletId === id)
+    .sort((a, b) => a.timestamp - b.timestamp)
+
+  return NextResponse.json(walletSnapshots)
+}

package/src/app/api/wallets/[id]/route.ts

@@ -0,0 +1,118 @@
+import { NextResponse } from 'next/server'
+import { loadWallets, upsertWallet, deleteWallet as deleteWalletFromStore, loadAgents, saveAgents } from '@/lib/server/storage'
+import { getBalance, lamportsToSol } from '@/lib/server/solana'
+import { notify } from '@/lib/server/ws-hub'
+import type { AgentWallet } from '@/types'
+export const dynamic = 'force-dynamic'
+
+function stripPrivateKey(wallet: Record<string, unknown>): Record<string, unknown> {
+  return Object.fromEntries(Object.entries(wallet).filter(([k]) => k !== 'encryptedPrivateKey'))
+}
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const wallets = loadWallets() as Record<string, AgentWallet>
+  const wallet = wallets[id]
+  if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+
+  // Fetch live on-chain balance
+  let balanceLamports = 0
+  let balanceSol = 0
+  try {
+    balanceLamports = await getBalance(wallet.publicKey)
+    balanceSol = lamportsToSol(balanceLamports)
+  } catch {
+    // RPC failure — return 0
+  }
+
+  return NextResponse.json({
+    ...stripPrivateKey(wallet as unknown as Record<string, unknown>),
+    balanceLamports,
+    balanceSol,
+  })
+}
+
+export async function PATCH(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const wallets = loadWallets() as Record<string, AgentWallet>
+  const wallet = wallets[id]
+  if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+
+  const body = await req.json()
+
+  // Reassign wallet to a different agent
+  if (typeof body.agentId === 'string' && body.agentId !== wallet.agentId) {
+    const agents = loadAgents()
+    const newAgent = agents[body.agentId]
+    if (!newAgent) return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
+
+    // Check new agent doesn't already have a wallet
+    const allWallets = loadWallets() as Record<string, AgentWallet>
+    const conflict = Object.values(allWallets).find((w) => w.agentId === body.agentId && w.id !== id)
+    if (conflict) return NextResponse.json({ error: 'Target agent already has a wallet' }, { status: 409 })
+
+    // Unlink old agent
+    const oldAgent = agents[wallet.agentId]
+    if (oldAgent) {
+      oldAgent.walletId = null
+      oldAgent.updatedAt = Date.now()
+      agents[wallet.agentId] = oldAgent
+    }
+
+    // Link new agent
+    newAgent.walletId = id
+    newAgent.updatedAt = Date.now()
+    agents[body.agentId] = newAgent
+    saveAgents(agents)
+    notify('agents')
+
+    wallet.agentId = body.agentId
+  }
+
+  if (body.label !== undefined) wallet.label = body.label
+  if (typeof body.spendingLimitLamports === 'number') wallet.spendingLimitLamports = body.spendingLimitLamports
+  if (typeof body.dailyLimitLamports === 'number') wallet.dailyLimitLamports = body.dailyLimitLamports
+  if (typeof body.requireApproval === 'boolean') wallet.requireApproval = body.requireApproval
+  wallet.updatedAt = Date.now()
+
+  upsertWallet(id, wallet)
+  notify('wallets')
+
+  return NextResponse.json(stripPrivateKey(wallet as unknown as Record<string, unknown>))
+}
+
+export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const wallets = loadWallets() as Record<string, AgentWallet>
+  const wallet = wallets[id]
+  if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+
+  // Check if balance > 0 and warn
+  let balanceLamports = 0
+  try {
+    balanceLamports = await getBalance(wallet.publicKey)
+  } catch { /* ignore */ }
+
+  if (balanceLamports > 0) {
+    // Still delete, but include warning
+  }
+
+  // Unlink from agent
+  const agents = loadAgents()
+  const agent = agents[wallet.agentId]
+  if (agent) {
+    agent.walletId = null
+    agent.updatedAt = Date.now()
+    agents[wallet.agentId] = agent
+    saveAgents(agents)
+    notify('agents')
+  }
+
+  deleteWalletFromStore(id)
+  notify('wallets')
+
+  return NextResponse.json({
+    ok: true,
+    warning: balanceLamports > 0 ? `Wallet had ${lamportsToSol(balanceLamports)} SOL remaining` : undefined,
+  })
+}

package/src/app/api/wallets/[id]/send/route.ts

@@ -0,0 +1,118 @@
+import { NextResponse } from 'next/server'
+import { genId } from '@/lib/id'
+import { loadWallets, loadWalletTransactions, upsertWalletTransaction } from '@/lib/server/storage'
+import { sendSol, isValidSolanaAddress, lamportsToSol } from '@/lib/server/solana'
+import { notify } from '@/lib/server/ws-hub'
+import type { AgentWallet, WalletTransaction } from '@/types'
+export const dynamic = 'force-dynamic'
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const wallets = loadWallets() as Record<string, AgentWallet>
+  const wallet = wallets[id]
+  if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+
+  const body = await req.json()
+  const toAddress = typeof body.toAddress === 'string' ? body.toAddress.trim() : ''
+  const amountLamports = typeof body.amountLamports === 'number' ? Math.floor(body.amountLamports) : 0
+  const memo = typeof body.memo === 'string' ? body.memo.slice(0, 500) : undefined
+
+  if (!toAddress || !isValidSolanaAddress(toAddress)) {
+    return NextResponse.json({ error: 'Invalid recipient address' }, { status: 400 })
+  }
+  if (amountLamports <= 0) {
+    return NextResponse.json({ error: 'Amount must be positive' }, { status: 400 })
+  }
+
+  // Per-tx spending limit
+  const perTxLimit = wallet.spendingLimitLamports ?? 100_000_000
+  if (amountLamports > perTxLimit) {
+    return NextResponse.json({
+      error: `Amount ${lamportsToSol(amountLamports)} SOL exceeds per-transaction limit of ${lamportsToSol(perTxLimit)} SOL`,
+    }, { status: 403 })
+  }
+
+  // 24h rolling daily limit
+  const dailyLimit = wallet.dailyLimitLamports ?? 1_000_000_000
+  const oneDayAgo = Date.now() - 24 * 60 * 60 * 1000
+  const allTxs = loadWalletTransactions() as Record<string, WalletTransaction>
+  const recentSends = Object.values(allTxs).filter(
+    (tx) => tx.walletId === id && tx.type === 'send' && tx.status === 'confirmed' && tx.timestamp > oneDayAgo,
+  )
+  const dailySpent = recentSends.reduce((sum, tx) => sum + tx.amountLamports, 0)
+  if (dailySpent + amountLamports > dailyLimit) {
+    return NextResponse.json({
+      error: `Daily limit exceeded. Spent ${lamportsToSol(dailySpent)} SOL in last 24h, limit is ${lamportsToSol(dailyLimit)} SOL`,
+    }, { status: 403 })
+  }
+
+  const txId = genId(8)
+  const now = Date.now()
+
+  // If requireApproval, create pending tx and return it
+  if (wallet.requireApproval) {
+    const pendingTx: WalletTransaction = {
+      id: txId,
+      walletId: id,
+      agentId: wallet.agentId,
+      chain: wallet.chain,
+      type: 'send',
+      signature: '',
+      fromAddress: wallet.publicKey,
+      toAddress,
+      amountLamports,
+      status: 'pending_approval',
+      memo,
+      timestamp: now,
+    }
+    upsertWalletTransaction(txId, pendingTx)
+    notify('wallets')
+    return NextResponse.json({ status: 'pending_approval', transactionId: txId, message: 'Transaction requires user approval' })
+  }
+
+  // Auto-approved — sign and submit
+  try {
+    const { signature, fee } = await sendSol(wallet.encryptedPrivateKey, toAddress, amountLamports)
+    const confirmedTx: WalletTransaction = {
+      id: txId,
+      walletId: id,
+      agentId: wallet.agentId,
+      chain: wallet.chain,
+      type: 'send',
+      signature,
+      fromAddress: wallet.publicKey,
+      toAddress,
+      amountLamports,
+      feeLamports: fee,
+      status: 'confirmed',
+      memo,
+      approvedBy: 'auto',
+      timestamp: now,
+    }
+    upsertWalletTransaction(txId, confirmedTx)
+    notify('wallets')
+    return NextResponse.json({ status: 'confirmed', transactionId: txId, signature })
+  } catch (err: unknown) {
+    const failedTx: WalletTransaction = {
+      id: txId,
+      walletId: id,
+      agentId: wallet.agentId,
+      chain: wallet.chain,
+      type: 'send',
+      signature: '',
+      fromAddress: wallet.publicKey,
+      toAddress,
+      amountLamports,
+      status: 'failed',
+      memo,
+      timestamp: now,
+    }
+    upsertWalletTransaction(txId, failedTx)
+    notify('wallets')
+    return NextResponse.json({
+      error: err instanceof Error ? err.message : String(err),
+      transactionId: txId,
+      status: 'failed',
+    }, { status: 500 })
+  }
+}

package/src/app/api/wallets/[id]/transactions/route.ts

@@ -0,0 +1,18 @@
+import { NextResponse } from 'next/server'
+import { loadWallets, loadWalletTransactions } from '@/lib/server/storage'
+import type { AgentWallet, WalletTransaction } from '@/types'
+export const dynamic = 'force-dynamic'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const wallets = loadWallets() as Record<string, AgentWallet>
+  const wallet = wallets[id]
+  if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+
+  const allTxs = loadWalletTransactions() as Record<string, WalletTransaction>
+  const walletTxs = Object.values(allTxs)
+    .filter((tx) => tx.walletId === id)
+    .sort((a, b) => b.timestamp - a.timestamp)
+
+  return NextResponse.json(walletTxs)
+}