@swarmclawai/swarmclaw 0.6.6 → 0.6.8

package/README.md

@@ -8,7 +8,7 @@
   <img src="https://raw.githubusercontent.com/swarmclawai/swarmclaw/main/public/branding/swarmclaw-org-avatar.png" alt="SwarmClaw lobster logo" width="120" />
 </p>
 
-Self-hosted AI agent orchestration dashboard. Manage multiple AI providers, orchestrate agent swarms, schedule tasks, and bridge agents to chat platforms — all from a single mobile-friendly interface.
+The orchestration dashboard for OpenClaw. Manage a swarm of OpenClaws + 14 other AI providers, orchestrate LangGraph workflows, schedule tasks, and bridge agents to 10+ chat platforms — all from one self-hosted UI.
 
 Inspired by [OpenClaw](https://github.com/openclaw).
 
@@ -18,6 +18,44 @@ Inspired by [OpenClaw](https://github.com/openclaw).
 ![Agent Builder](public/screenshots/agents.png)
 ![Task Board](public/screenshots/tasks.png)
 
+## OpenClaw Integration
+
+SwarmClaw was built for OpenClaw users who outgrew a single agent. Connect each SwarmClaw agent to a different OpenClaw gateway (one local, several remote) and manage the whole swarm from one UI.
+
+SwarmClaw includes the `openclaw` CLI as a bundled dependency, so there is no separate OpenClaw CLI install step.
+
+The OpenClaw Control Plane in SwarmClaw adds:
+- Reload mode switching (`hot`, `hybrid`, `full`)
+- Config issue detection and guided repair
+- Remote history sync
+- Live execution approval handling
+
+The Agent Inspector Panel lets you edit OpenClaw files (`SOUL.md`, `IDENTITY.md`, `USER.md`), tune personality/system behavior, and manage OpenClaw-compatible skills. SwarmClaw also supports importing OpenClaw `SKILL.md` files from URL.
+
+To connect an agent to an OpenClaw gateway:
+
+1. Create or edit an agent
+2. Toggle **OpenClaw Gateway** ON
+3. Enter the gateway URL (e.g. `http://192.168.1.50:18789` or `https://my-vps:18789`)
+4. Add a gateway token if authentication is enabled on the remote gateway
+5. Click **Connect** — approve the device in your gateway's dashboard if prompted, then **Retry Connection**
+
+Each agent can point to a **different** OpenClaw gateway — one local, several remote. This is how you manage a **swarm of OpenClaws** from a single dashboard.
+
+URLs without a protocol are auto-prefixed with `http://`. For remote gateways with TLS, use `https://` explicitly.
+
+## SwarmClaw ClawHub Skill
+
+Use the `swarmclaw` ClawHub skill when you want an OpenClaw agent to operate your SwarmClaw control plane directly from chat: list agents, dispatch tasks, check sessions, run diagnostics, and coordinate multi-agent work.
+
+Install it from ClawHub:
+
+```bash
+clawhub install swarmclaw
+```
+
+Skill source and runbook: [`swarmclaw/SKILL.md`](swarmclaw/SKILL.md).
+
 - Always use the access key authentication (generated on first run)
 - Never expose port 3456 without a reverse proxy + TLS
 - Review agent system prompts before giving them shell or browser tools
@@ -47,7 +85,7 @@ curl -fsSL https://raw.githubusercontent.com/swarmclawai/swarmclaw/main/install.
 ```
 
 The installer resolves the latest stable release tag and installs that version by default.
-To pin a version: `SWARMCLAW_VERSION=v0.6.2 curl ... | bash`
+To pin a version: `SWARMCLAW_VERSION=v0.6.6 curl ... | bash`
 
 Or run locally from the repo (friendly for non-technical users):
 
@@ -80,11 +118,16 @@ You can complete first-time setup from terminal:
 # Start the app (if not already running)
 npm run dev
 
-# In another terminal, run setup with your provider
+# In another terminal, run interactive setup (walks you through provider selection)
+node ./bin/swarmclaw.js setup init
+
+# Or pass flags directly for non-interactive setup
 node ./bin/swarmclaw.js setup init --provider openai --api-key "$OPENAI_API_KEY"
 ```
 
 Notes:
+- When run with no flags in a TTY, `setup init` enters interactive mode — pick providers, enter keys, name agents, and add multiple providers in one session.
+- Use `--no-interactive` to force flag-only mode.
 - On a fresh instance, `setup init` can auto-discover and claim the first-run access key from `/api/auth`.
 - For existing installs, pass `--key <ACCESS_KEY>` (or set `SWARMCLAW_ACCESS_KEY`).
 - `setup init` performs provider validation, stores credentials, creates a starter agent, and marks setup complete.
@@ -94,28 +137,28 @@ Notes:
 
 After login, SwarmClaw opens a guided wizard designed for non-technical users:
 
-1. Choose a provider: **OpenAI**, **Anthropic**, or **Ollama**
-2. Add only required fields (API key and/or endpoint)
-3. Click **Check Connection** for live validation before continuing
-4. (Optional) click **Run System Check** for setup diagnostics
-5. Create a starter assistant (advanced settings are optional)
+1. **Choose a provider** — Pick from all 11 supported providers (OpenAI, Anthropic, Google Gemini, DeepSeek, Groq, Together AI, Mistral, xAI, Fireworks, OpenClaw, Ollama)
+2. **Connect provider** — Enter only required fields (API key and/or endpoint), then click **Check Connection** for live validation
+3. **Create your agent** — Each provider gets a unique default name (e.g. Atlas for OpenAI, Claude for Anthropic, Bolt for Groq). Choose **Create & Add Another** to set up multiple providers, or **Create & Finish** to continue
+4. **Summary** — Review all created agents and discover connectors (Discord, Slack, Telegram, WhatsApp)
 
 Notes:
+- You can add multiple providers in a single wizard session — configured providers are dimmed and shown as chips.
 - Ollama checks can auto-suggest a model from the connected endpoint.
-- OpenClaw is configured per-agent via the **OpenClaw Gateway** toggle (not in the setup wizard).
-- You can skip setup and configure everything later in the sidebar.
+- You can skip setup at any step and configure everything later in the sidebar.
 
 ## Features
 
 - **15 Built-in Providers** — Claude Code CLI, OpenAI Codex CLI, OpenCode CLI, Anthropic, OpenAI, Google Gemini, DeepSeek, Groq, Together AI, Mistral AI, xAI (Grok), Fireworks AI, Ollama, plus custom OpenAI-compatible endpoints
 - **OpenClaw Gateway** — Per-agent toggle to connect any agent to a local or remote OpenClaw gateway. Each agent gets its own gateway URL and token — run a swarm of OpenClaws from one dashboard. The `openclaw` CLI ships as a bundled dependency (no separate install needed)
 - **OpenClaw Control Plane** — Built-in gateway connection controls, reload mode switching (hot/hybrid/full), config issue detection/repair, remote history sync, and live execution approval handling
+- **Gateway Watchdog** — Proactive gateway health monitoring with auto-repair via `openclaw doctor`, outbound ops alerts to Discord/Slack/custom webhooks, workspace backup/rollback/history tools for agents, and connector liveness detection
 - **Agent Builder** — Create agents with custom personalities (soul), system prompts, tools, and skills. AI-powered generation from a description
 - **Agent Inspector Panel** — Per-agent side panel for OpenClaw file editing (`SOUL.md`, `IDENTITY.md`, `USER.md`, etc.), guided personality editing, skill install/enable/remove, permission presets, sandbox env allowlist, and cron automations
 - **Agent Fleet Management** — Avatar seeds with generated avatars, running/approval fleet filters, soft-delete agent trash with restore/permanent delete, and approval counters in agent cards
 - **Agent Tools** — Shell, process control for long-running commands, files, edit file, send file, web search, web fetch, CLI delegation (Claude/Codex/OpenCode), Playwright browser automation, sub-agent spawning, canvas presentation, direct HTTP requests, git operations, persistent memory, and sandboxed code execution (JS/TS via Deno, Python)
 - **Platform Tools** — Agents can manage other agents, tasks, schedules, skills, connectors, sessions, and encrypted secrets via built-in platform tools
-- **Orchestration** — Multi-agent workflows powered by LangGraph with automatic sub-agent routing, checkpointed execution, and rich delegation cards that link to sub-agent chat threads
+- **Orchestration** — Multi-agent workflows powered by LangGraph with automatic sub-agent routing, checkpointed execution, checkpoint timeline with time-travel restore, and rich delegation cards that link to sub-agent chat threads
 - **Agentic Execution Policy** — Tool-first autonomous action loop with progress updates, evidence-driven answers, and better use of platform tools for long-lived work
 - **Runtime Date/Time Grounding** — Session, orchestrator, chatroom, and connector prompts include authoritative current timestamp context to reduce stale-date behavior
 - **Task Board** — Queue and track agent tasks with status, comments, structured result artifacts (`outputFiles`, uploads), completion reports, and archiving. Strict capability policy pauses tasks for human approval before tool execution
@@ -135,15 +178,21 @@ Notes:
 - **Skills System** — Discover local skills, import skills from URL, and load OpenClaw `SKILL.md` files (frontmatter-compatible)
 - **Execution Logging** — Structured audit trail for triggers, tool calls, file ops, commits, and errors in a dedicated `logs.db`
 - **Context Management** — Auto-compaction of conversation history when approaching context limits, with manual `context_status` and `context_summarize` tools for agents
-- **Memory** — Per-agent and per-session memory with hybrid FTS5 + vector embeddings search, relevance-based memory recall injected into runs, and periodic auto-journaling for durable execution context
-- **Cost Tracking** — Per-message token counting and cost estimation displayed in the chat header
-- **Provider Health Metrics** — Usage dashboard surfaces provider request volume, success rates, models used, and last-used timestamps
+- **Memory** — Per-agent and per-session memory with hybrid FTS5 + vector embeddings search, query expansion (LLM-generated semantic variants), MMR diversity ranking, cross-agent search (`scope: all`), pinned memories (always preloaded), memory sharing between agents, linked memory graph with interactive visualization, image attachments, and periodic auto-journaling for durable execution context
+- **Knowledge Base** — Shared knowledge store (`knowledge_store` / `knowledge_search` actions) with tags, source tracking, and provenance URLs — separate from per-agent memories
+- **Memory Graph Visualization** — Interactive force-directed graph view of linked memories with node details and relationship exploration
+- **Cost Tracking** — Per-message token counting and cost estimation displayed in the chat header, with per-agent monthly budget caps (`warn` or `block` enforcement)
+- **Provider Health Metrics** — Usage dashboard surfaces provider request volume, success rates, average latency, models used, and last-used timestamps
 - **Model Failover** — Automatic key rotation on rate limits and auth errors with configurable fallback credentials
-- **Plugin System** — Extend agent behavior with JS plugins (hooks: beforeAgentStart, afterAgentComplete, beforeToolExec, afterToolExec, onMessage)
+- **Plugin System** — Extend agent behavior with JS plugins (hooks: beforeAgentStart, afterAgentComplete, beforeToolExec, afterToolExec, onMessage, onTaskComplete, onAgentDelegation). Plugins can also define custom tools that agents can use
 - **Secrets Vault** — Encrypted storage for API keys and service tokens
 - **Custom Providers** — Add any OpenAI-compatible API as a provider
 - **MCP Servers** — Connect agents to any Model Context Protocol server. Per-agent server selection with tool discovery and per-tool disable toggles
 - **Sandboxed Code Execution** — Agents can write and run JS/TS (Deno) or Python scripts in an isolated sandbox with network access, scoped filesystem, and artifact output
+- **Eval Framework** — Built-in agent evaluation with scenario-based testing across categories (coding, research, companionship, multi-step, memory, planning, tool-usage), weighted scoring criteria, and LLM judge support
+- **Guardian Auto-Recovery** — Automatic workspace recovery when agents fail critically, rolling back to the last known good state via git reset
+- **Soul Library** — Browse and apply pre-built personality templates (archetypes) to agents, or create custom souls for reuse across your swarm
+- **Context Degradation Warnings** — Proactive alerts when context usage exceeds 85%, with strategy recommendations (save to memory, summarize, checkpoint)
 - **Real-Time Sync** — WebSocket push notifications for instant UI updates across tabs and devices (fallback to polling when WS is unavailable)
 - **Mobile-First UI** — Responsive glass-themed dark interface, works on phone and desktop
 
@@ -222,22 +271,6 @@ src/
 | OpenClaw | Per-Agent Gateway | Toggle in agent editor connects to any OpenClaw gateway via the bundled CLI. |
 | Custom | API | Any OpenAI-compatible endpoint. Add via Providers sidebar. |
 
-### OpenClaw
-
-[OpenClaw](https://github.com/openclaw/openclaw) is an open-source autonomous AI agent that runs on your own devices. SwarmClaw includes the `openclaw` CLI as a bundled dependency — no separate install needed.
-
-To connect an agent to an OpenClaw gateway:
-
-1. Create or edit an agent
-2. Toggle **OpenClaw Gateway** ON
-3. Enter the gateway URL (e.g. `http://192.168.1.50:18789` or `https://my-vps:18789`)
-4. Add a gateway token if authentication is enabled on the remote gateway
-5. Click **Connect** — approve the device in your gateway's dashboard if prompted, then **Retry Connection**
-
-Each agent can point to a **different** OpenClaw gateway — one local, several remote. This is how you manage a **swarm of OpenClaws** from a single dashboard.
-
-URLs without a protocol are auto-prefixed with `http://`. For remote gateways with TLS, use `https://` explicitly.
-
 ## Chat Connectors
 
 Bridge any agent to a chat platform:
@@ -302,6 +335,7 @@ Agents with platform tools enabled can manage the SwarmClaw instance:
 | Manage Agents | List, create, update, delete agents |
 | Manage Tasks | Create and manage task board items with agent assignment |
 | Manage Schedules | Create cron, interval, or one-time scheduled jobs |
+| Reminders | Schedule a conversational wake event in the current chat (`schedule_wake`) |
 | Manage Skills | List, create, update reusable skill definitions |
 | Manage Documents | Upload/search/get/delete indexed docs for lightweight RAG workflows |
 | Manage Webhooks | Register external webhook endpoints that trigger agent sessions |
@@ -432,10 +466,21 @@ module.exports = {
   hooks: {
     beforeAgentStart: async ({ session, message }) => { /* ... */ },
     afterAgentComplete: async ({ session, response }) => { /* ... */ },
-    beforeToolExec: async ({ toolName, input }) => { /* ... */ },
+    beforeToolExec: async ({ toolName, input }) => { /* return { abort: true } to cancel */ },
     afterToolExec: async ({ toolName, input, output }) => { /* ... */ },
     onMessage: async ({ session, message }) => { /* ... */ },
+    onTaskComplete: async ({ taskId, result }) => { /* ... */ },
+    onAgentDelegation: async ({ sourceAgentId, targetAgentId, task }) => { /* ... */ },
   },
+  // Plugins can also define custom tools that agents can use
+  tools: [
+    {
+      name: 'my_custom_tool',
+      description: 'Does something amazing',
+      parameters: { type: 'object', properties: { query: { type: 'string' } }, required: ['query'] },
+      execute: async (args, ctx) => 'Result: ' + args.query,
+    },
+  ],
 }
 ```
 
@@ -626,7 +671,10 @@ swarmclaw tasks create --title "Fix flaky CI test" --description "Stabilize retr
 # run setup diagnostics
 swarmclaw setup doctor
 
-# complete setup from CLI (example: OpenAI)
+# interactive setup (walks through provider selection, supports multiple providers)
+swarmclaw setup init
+
+# or non-interactive setup with flags
 swarmclaw setup init --provider openai --api-key "$OPENAI_API_KEY"
 
 # run memory maintenance analysis

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "0.6.6",
+  "version": "0.6.8",
   "description": "Self-hosted AI agent orchestration dashboard — manage LLM providers, orchestrate agent swarms, schedule tasks, and bridge agents to chat platforms.",
   "license": "MIT",
   "repository": {
@@ -78,9 +78,12 @@
     "exceljs": "^4.4.0",
     "grammy": "^1.40.0",
     "highlight.js": "^11.11.1",
+    "imapflow": "^1.2.11",
     "lucide-react": "^0.574.0",
+    "mailparser": "^3.9.3",
     "next": "16.1.6",
     "next-themes": "^0.4.6",
+    "nodemailer": "^8.0.1",
     "openclaw": "^2026.2.26",
     "pdf-parse": "^2.4.5",
     "qrcode": "^1.5.4",
@@ -103,7 +106,9 @@
   "devDependencies": {
     "@tailwindcss/postcss": "^4",
     "@types/better-sqlite3": "^7.6.13",
+    "@types/mailparser": "^3.4.6",
     "@types/node": "^20",
+    "@types/nodemailer": "^7.0.11",
     "@types/qrcode": "^1.5.6",
     "@types/react": "^19",
     "@types/react-dom": "^19",

package/src/app/api/agents/[id]/clone/route.ts

@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server'
+import { loadAgents, saveAgents, logActivity } from '@/lib/server/storage'
+import { notify } from '@/lib/server/ws-hub'
+
+export async function POST(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const agents = loadAgents({ includeTrashed: true })
+  const source = agents[id]
+  if (!source) {
+    return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
+  }
+
+  const newId = crypto.randomUUID()
+  const now = Date.now()
+
+  // Deep-copy the source agent, then override clone-specific fields
+  const cloned = JSON.parse(JSON.stringify(source)) as Record<string, unknown>
+  cloned.id = newId
+  cloned.name = `${source.name} (Copy)`
+  cloned.createdAt = now
+  cloned.updatedAt = now
+  cloned.totalCost = 0
+  cloned.lastUsedAt = undefined
+  cloned.threadSessionId = null
+  cloned.pinned = false
+  cloned.trashedAt = undefined
+
+  agents[newId] = cloned
+  saveAgents(agents)
+  logActivity({
+    entityType: 'agent',
+    entityId: newId,
+    action: 'created',
+    actor: 'user',
+    summary: `Agent cloned from "${source.name}": "${cloned.name}"`,
+  })
+  notify('agents')
+
+  return NextResponse.json(cloned)
+}

package/src/app/api/agents/route.ts

@@ -3,32 +3,58 @@ import { genId } from '@/lib/id'
 import { loadAgents, saveAgents, logActivity } from '@/lib/server/storage'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 import { notify } from '@/lib/server/ws-hub'
+import { getAgentMonthlySpend } from '@/lib/server/cost'
+import { AgentCreateSchema, formatZodError } from '@/lib/validation/schemas'
+import { z } from 'zod'
 export const dynamic = 'force-dynamic'
 
 
-export async function GET(_req: Request) {
-  return NextResponse.json(loadAgents())
+export async function GET(req: Request) {
+  const agents = loadAgents()
+  // Enrich agents that have a monthly budget with current spend
+  for (const agent of Object.values(agents)) {
+    if (typeof agent.monthlyBudget === 'number' && agent.monthlyBudget > 0) {
+      agent.monthlySpend = getAgentMonthlySpend(agent.id)
+    }
+  }
+
+  const { searchParams } = new URL(req.url)
+  const limitParam = searchParams.get('limit')
+  if (!limitParam) return NextResponse.json(agents)
+
+  const limit = Math.max(1, Number(limitParam) || 50)
+  const offset = Math.max(0, Number(searchParams.get('offset')) || 0)
+  const all = Object.values(agents).sort((a, b) => b.updatedAt - a.updatedAt)
+  const items = all.slice(offset, offset + limit)
+  return NextResponse.json({ items, total: all.length, hasMore: offset + limit < all.length })
 }
 
 export async function POST(req: Request) {
-  const body = await req.json()
+  const raw = await req.json()
+  const parsed = AgentCreateSchema.safeParse(raw)
+  if (!parsed.success) {
+    return NextResponse.json(formatZodError(parsed.error as z.ZodError), { status: 400 })
+  }
+  const body = parsed.data
   const id = genId()
   const now = Date.now()
   const agents = loadAgents()
   agents[id] = {
     id,
-    name: body.name || 'Unnamed Agent',
-    description: body.description || '',
-    systemPrompt: body.systemPrompt || '',
-    provider: body.provider || 'claude-cli',
-    model: body.model || '',
-    credentialId: body.credentialId || null,
-    apiEndpoint: normalizeProviderEndpoint(body.provider || 'claude-cli', body.apiEndpoint || null),
-    isOrchestrator: body.isOrchestrator || false,
-    subAgentIds: body.subAgentIds || [],
-    tools: body.tools || [],
-    capabilities: body.capabilities || [],
+    name: body.name,
+    description: body.description,
+    systemPrompt: body.systemPrompt,
+    provider: body.provider,
+    model: body.model,
+    credentialId: body.credentialId,
+    apiEndpoint: normalizeProviderEndpoint(body.provider, body.apiEndpoint || null),
+    isOrchestrator: body.isOrchestrator,
+    subAgentIds: body.subAgentIds,
+    tools: body.tools,
+    capabilities: body.capabilities,
     thinkingLevel: body.thinkingLevel || undefined,
+    autoRecovery: body.autoRecovery || false,
+    soul: body.soul || undefined,
     createdAt: now,
     updatedAt: now,
   }

package/src/app/api/chatrooms/[id]/chat/route.ts

@@ -13,9 +13,12 @@ import {
   buildSyntheticSession,
   buildAgentSystemPromptForChatroom,
   buildHistoryForAgent,
+  isMuted,
 } from '@/lib/server/chatroom-helpers'
 import { filterHealthyChatroomAgents } from '@/lib/server/chatroom-health'
+import { evaluateRoutingRules } from '@/lib/server/chatroom-routing'
 import { markProviderFailure, markProviderSuccess } from '@/lib/server/provider-health'
+import { applyAgentReactionsFromText } from '@/lib/server/chatroom-orchestration'
 import type { Chatroom, ChatroomMessage, Agent } from '@/types'
 
 export const dynamic = 'force-dynamic'
@@ -48,7 +51,12 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   // Persist incoming message
   const senderName = senderId === 'user' ? 'You' : (agents[senderId]?.name || senderId)
   let mentions = parseMentions(text, agents, chatroom.agentIds)
-  // Auto-address: if enabled and no explicit mentions, address all agents
+  // Routing rules: if no explicit mentions, evaluate keyword/capability rules
+  if (mentions.length === 0 && chatroom.routingRules?.length) {
+    const agentList = chatroom.agentIds.map((aid) => agents[aid]).filter(Boolean)
+    mentions = evaluateRoutingRules(text, chatroom.routingRules, agentList)
+  }
+  // Auto-address: if enabled and still no mentions, address all agents
   if (chatroom.autoAddress && mentions.length === 0) {
     mentions = [...chatroom.agentIds]
   }
@@ -129,6 +137,15 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
           const agent = agents[item.agentId]
           if (!agent) return []
 
+          // Skip muted agents
+          const freshForMuteCheck = loadChatrooms()[id] as Chatroom | undefined
+          if (freshForMuteCheck && isMuted(freshForMuteCheck, item.agentId)) {
+            writeEvent({ t: 'cr_agent_start', agentId: agent.id, agentName: agent.name })
+            writeEvent({ t: 'err', text: `${agent.name} is muted`, agentId: agent.id, agentName: agent.name })
+            writeEvent({ t: 'cr_agent_done', agentId: agent.id, agentName: agent.name })
+            return []
+          }
+
           // Pre-flight: check if the agent's provider is usable before attempting to stream
           const providerInfo = getProvider(agent.provider)
           const apiKey = resolveApiKey(agent.credentialId)
@@ -234,6 +251,9 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
               saveChatrooms(latestChatrooms)
               notify(`chatroom:${id}`)
 
+              // Extract and apply reactions (e.g. [REACTION]{"emoji":"👍","to":"..."})
+              applyAgentReactionsFromText(responseText, id, agent.id)
+
               markProviderSuccess(agent.provider)
               writeEvent({ t: 'cr_agent_done', agentId: agent.id, agentName: agent.name })
 

package/src/app/api/chatrooms/[id]/moderate/route.ts

@@ -0,0 +1,150 @@
+import { NextResponse } from 'next/server'
+import crypto from 'crypto'
+import { loadChatrooms, saveChatrooms, appendModerationLog } from '@/lib/server/storage'
+import { notify } from '@/lib/server/ws-hub'
+import { notFound } from '@/lib/server/collection-helpers'
+import { getMembers } from '@/lib/server/chatroom-helpers'
+import type { Chatroom, ChatroomMember } from '@/types'
+
+export const dynamic = 'force-dynamic'
+
+interface ModerationBody {
+  action: 'delete-message' | 'mute' | 'unmute' | 'set-role'
+  targetAgentId: string
+  messageId?: string
+  role?: 'admin' | 'moderator' | 'member'
+  muteDurationMinutes?: number
+}
+
+function isValidAction(action: unknown): action is ModerationBody['action'] {
+  return typeof action === 'string' && ['delete-message', 'mute', 'unmute', 'set-role'].includes(action)
+}
+
+function isValidRole(role: unknown): role is ChatroomMember['role'] {
+  return typeof role === 'string' && ['admin', 'moderator', 'member'].includes(role)
+}
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const body = await req.json() as Record<string, unknown>
+
+  const chatrooms = loadChatrooms()
+  const chatroom = chatrooms[id] as Chatroom | undefined
+  if (!chatroom) return notFound()
+
+  const action = body.action
+  const targetAgentId = typeof body.targetAgentId === 'string' ? body.targetAgentId : ''
+
+  if (!isValidAction(action)) {
+    return NextResponse.json({ error: 'Invalid action. Must be: delete-message, mute, unmute, or set-role' }, { status: 400 })
+  }
+  if (!targetAgentId) {
+    return NextResponse.json({ error: 'targetAgentId is required' }, { status: 400 })
+  }
+  if (!chatroom.agentIds.includes(targetAgentId)) {
+    return NextResponse.json({ error: 'Agent is not a member of this chatroom' }, { status: 400 })
+  }
+
+  // Ensure members array exists (backward compat)
+  if (!chatroom.members) {
+    chatroom.members = getMembers(chatroom)
+  }
+
+  const logId = crypto.randomBytes(8).toString('hex')
+
+  switch (action) {
+    case 'delete-message': {
+      const messageId = typeof body.messageId === 'string' ? body.messageId : ''
+      if (!messageId) {
+        return NextResponse.json({ error: 'messageId is required for delete-message' }, { status: 400 })
+      }
+      const msgIndex = chatroom.messages.findIndex((m) => m.id === messageId)
+      if (msgIndex === -1) {
+        return NextResponse.json({ error: 'Message not found' }, { status: 404 })
+      }
+      const deleted = chatroom.messages.splice(msgIndex, 1)[0]
+      // Also remove from pinned if it was pinned
+      if (chatroom.pinnedMessageIds) {
+        chatroom.pinnedMessageIds = chatroom.pinnedMessageIds.filter((pid) => pid !== messageId)
+      }
+      appendModerationLog(logId, {
+        id: logId,
+        chatroomId: id,
+        action: 'delete-message',
+        targetAgentId,
+        messageId,
+        messagePreview: deleted.text.slice(0, 100),
+        timestamp: Date.now(),
+      })
+      break
+    }
+
+    case 'mute': {
+      const minutes = typeof body.muteDurationMinutes === 'number' && body.muteDurationMinutes > 0
+        ? body.muteDurationMinutes
+        : 30
+      const mutedUntil = new Date(Date.now() + minutes * 60 * 1000).toISOString()
+      const memberIdx = chatroom.members.findIndex((m) => m.agentId === targetAgentId)
+      if (memberIdx >= 0) {
+        chatroom.members[memberIdx].mutedUntil = mutedUntil
+      } else {
+        chatroom.members.push({ agentId: targetAgentId, role: 'member', mutedUntil })
+      }
+      appendModerationLog(logId, {
+        id: logId,
+        chatroomId: id,
+        action: 'mute',
+        targetAgentId,
+        muteDurationMinutes: minutes,
+        mutedUntil,
+        timestamp: Date.now(),
+      })
+      break
+    }
+
+    case 'unmute': {
+      const memberIdx = chatroom.members.findIndex((m) => m.agentId === targetAgentId)
+      if (memberIdx >= 0) {
+        delete chatroom.members[memberIdx].mutedUntil
+      }
+      appendModerationLog(logId, {
+        id: logId,
+        chatroomId: id,
+        action: 'unmute',
+        targetAgentId,
+        timestamp: Date.now(),
+      })
+      break
+    }
+
+    case 'set-role': {
+      const role = body.role
+      if (!isValidRole(role)) {
+        return NextResponse.json({ error: 'role must be: admin, moderator, or member' }, { status: 400 })
+      }
+      const memberIdx = chatroom.members.findIndex((m) => m.agentId === targetAgentId)
+      if (memberIdx >= 0) {
+        chatroom.members[memberIdx].role = role
+      } else {
+        chatroom.members.push({ agentId: targetAgentId, role })
+      }
+      appendModerationLog(logId, {
+        id: logId,
+        chatroomId: id,
+        action: 'set-role',
+        targetAgentId,
+        role,
+        timestamp: Date.now(),
+      })
+      break
+    }
+  }
+
+  chatroom.updatedAt = Date.now()
+  chatrooms[id] = chatroom
+  saveChatrooms(chatrooms)
+  notify('chatrooms')
+  notify(`chatroom:${id}`)
+
+  return NextResponse.json(chatroom)
+}

package/src/app/api/chatrooms/[id]/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import { loadChatrooms, saveChatrooms, loadAgents } from '@/lib/server/storage'
+import { loadChatrooms, saveChatrooms, loadAgents, loadConnectors, saveConnectors } from '@/lib/server/storage'
 import { notify } from '@/lib/server/ws-hub'
 import { notFound } from '@/lib/server/collection-helpers'
 import { genId } from '@/lib/id'
@@ -27,6 +27,9 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   if (body.autoAddress !== undefined) {
     chatroom.autoAddress = Boolean(body.autoAddress)
   }
+  if (body.routingRules !== undefined) {
+    chatroom.routingRules = Array.isArray(body.routingRules) ? body.routingRules : undefined
+  }
 
   // Diff agentIds and inject join/leave system messages
   if (Array.isArray(body.agentIds)) {
@@ -91,6 +94,21 @@ export async function DELETE(_req: Request, { params }: { params: Promise<{ id:
   const chatrooms = loadChatrooms()
   if (!chatrooms[id]) return notFound()
 
+  // Cascade: null out chatroomId on any connectors that reference this chatroom
+  const connectors = loadConnectors()
+  let connectorsDirty = false
+  for (const connector of Object.values(connectors)) {
+    if (connector.chatroomId === id) {
+      connector.chatroomId = null
+      connector.updatedAt = Date.now()
+      connectorsDirty = true
+    }
+  }
+  if (connectorsDirty) {
+    saveConnectors(connectors)
+    notify('connectors')
+  }
+
   delete chatrooms[id]
   saveChatrooms(chatrooms)
   notify('chatrooms')

package/src/app/api/chatrooms/route.ts

@@ -2,6 +2,8 @@ import { NextResponse } from 'next/server'
 import { genId } from '@/lib/id'
 import { loadChatrooms, saveChatrooms, loadAgents } from '@/lib/server/storage'
 import { notify } from '@/lib/server/ws-hub'
+import { ChatroomCreateSchema, formatZodError } from '@/lib/validation/schemas'
+import { z } from 'zod'
 import type { Chatroom, ChatroomMessage } from '@/types'
 
 export const dynamic = 'force-dynamic'
@@ -12,11 +14,16 @@ export async function GET() {
 }
 
 export async function POST(req: Request) {
-  const body = await req.json()
+  const raw = await req.json()
+  const parsed = ChatroomCreateSchema.safeParse(raw)
+  if (!parsed.success) {
+    return NextResponse.json(formatZodError(parsed.error as z.ZodError), { status: 400 })
+  }
+  const body = parsed.data
   const chatrooms = loadChatrooms()
   const id = genId()
 
-  const requestedAgentIds: string[] = Array.isArray(body.agentIds) ? body.agentIds : []
+  const requestedAgentIds: string[] = body.agentIds
   const knownAgents = loadAgents()
   const invalidAgentIds = requestedAgentIds.filter((agentId) => !knownAgents[agentId])
   if (invalidAgentIds.length > 0) {
@@ -51,6 +58,9 @@ export async function POST(req: Request) {
     messages: joinMessages,
     chatMode,
     autoAddress,
+    ...(Array.isArray(body.routingRules) && body.routingRules.length > 0
+      ? { routingRules: body.routingRules }
+      : {}),
     createdAt: now,
     updatedAt: now,
   }