@swarmclawai/swarmclaw 0.6.7 → 0.7.0

package/README.md

@@ -12,7 +12,7 @@ The orchestration dashboard for OpenClaw. Manage a swarm of OpenClaws + 14 other
 
 Inspired by [OpenClaw](https://github.com/openclaw).
 
-**[Documentation](https://swarmclaw.ai/docs)** | **[Website](https://swarmclaw.ai)**
+**[Documentation](https://swarmclaw.ai/docs)** | **[Plugin Tutorial](https://swarmclaw.ai/docs/plugin-tutorial)** | **[Website](https://swarmclaw.ai)**
 
 ![Dashboard](public/screenshots/dashboard.png)
 ![Agent Builder](public/screenshots/agents.png)
@@ -85,7 +85,7 @@ curl -fsSL https://raw.githubusercontent.com/swarmclawai/swarmclaw/main/install.
 ```
 
 The installer resolves the latest stable release tag and installs that version by default.
-To pin a version: `SWARMCLAW_VERSION=v0.6.6 curl ... | bash`
+To pin a version: `SWARMCLAW_VERSION=v0.7.0 curl ... | bash`
 
 Or run locally from the repo (friendly for non-technical users):
 
@@ -158,7 +158,7 @@ Notes:
 - **Agent Fleet Management** — Avatar seeds with generated avatars, running/approval fleet filters, soft-delete agent trash with restore/permanent delete, and approval counters in agent cards
 - **Agent Tools** — Shell, process control for long-running commands, files, edit file, send file, web search, web fetch, CLI delegation (Claude/Codex/OpenCode), Playwright browser automation, sub-agent spawning, canvas presentation, direct HTTP requests, git operations, persistent memory, and sandboxed code execution (JS/TS via Deno, Python)
 - **Platform Tools** — Agents can manage other agents, tasks, schedules, skills, connectors, sessions, and encrypted secrets via built-in platform tools
-- **Orchestration** — Multi-agent workflows powered by LangGraph with automatic sub-agent routing, checkpointed execution, and rich delegation cards that link to sub-agent chat threads
+- **Orchestration** — Multi-agent workflows powered by LangGraph with automatic sub-agent routing, checkpointed execution, checkpoint timeline with time-travel restore, and rich delegation cards that link to sub-agent chat threads
 - **Agentic Execution Policy** — Tool-first autonomous action loop with progress updates, evidence-driven answers, and better use of platform tools for long-lived work
 - **Runtime Date/Time Grounding** — Session, orchestrator, chatroom, and connector prompts include authoritative current timestamp context to reduce stale-date behavior
 - **Task Board** — Queue and track agent tasks with status, comments, structured result artifacts (`outputFiles`, uploads), completion reports, and archiving. Strict capability policy pauses tasks for human approval before tool execution
@@ -178,15 +178,21 @@ Notes:
 - **Skills System** — Discover local skills, import skills from URL, and load OpenClaw `SKILL.md` files (frontmatter-compatible)
 - **Execution Logging** — Structured audit trail for triggers, tool calls, file ops, commits, and errors in a dedicated `logs.db`
 - **Context Management** — Auto-compaction of conversation history when approaching context limits, with manual `context_status` and `context_summarize` tools for agents
-- **Memory** — Per-agent and per-session memory with hybrid FTS5 + vector embeddings search, relevance-based memory recall injected into runs, and periodic auto-journaling for durable execution context
-- **Cost Tracking** — Per-message token counting and cost estimation displayed in the chat header
-- **Provider Health Metrics** — Usage dashboard surfaces provider request volume, success rates, models used, and last-used timestamps
+- **Memory** — Per-agent and per-session memory with hybrid FTS5 + vector embeddings search, query expansion (LLM-generated semantic variants), MMR diversity ranking, cross-agent search (`scope: all`), pinned memories (always preloaded), memory sharing between agents, linked memory graph with interactive visualization, image attachments, and periodic auto-journaling for durable execution context
+- **Knowledge Base** — Shared knowledge store (`knowledge_store` / `knowledge_search` actions) with tags, source tracking, and provenance URLs — separate from per-agent memories
+- **Memory Graph Visualization** — Interactive force-directed graph view of linked memories with node details and relationship exploration
+- **Cost Tracking** — Per-message token counting and cost estimation displayed in the chat header, with per-agent monthly budget caps (`warn` or `block` enforcement)
+- **Provider Health Metrics** — Usage dashboard surfaces provider request volume, success rates, average latency, models used, and last-used timestamps
 - **Model Failover** — Automatic key rotation on rate limits and auth errors with configurable fallback credentials
-- **Plugin System** — Extend agent behavior with JS plugins (hooks: beforeAgentStart, afterAgentComplete, beforeToolExec, afterToolExec, onMessage)
+- **Plugin System** — Extend agent behavior with JS plugins (hooks: beforeAgentStart, afterAgentComplete, beforeToolExec, afterToolExec, onMessage, onTaskComplete, onAgentDelegation). Plugins can also define custom tools that agents can use
 - **Secrets Vault** — Encrypted storage for API keys and service tokens
 - **Custom Providers** — Add any OpenAI-compatible API as a provider
 - **MCP Servers** — Connect agents to any Model Context Protocol server. Per-agent server selection with tool discovery and per-tool disable toggles
 - **Sandboxed Code Execution** — Agents can write and run JS/TS (Deno) or Python scripts in an isolated sandbox with network access, scoped filesystem, and artifact output
+- **Eval Framework** — Built-in agent evaluation with scenario-based testing across categories (coding, research, companionship, multi-step, memory, planning, tool-usage), weighted scoring criteria, and LLM judge support
+- **Guardian Auto-Recovery** — Automatic workspace recovery when agents fail critically, rolling back to the last known good state via git reset
+- **Soul Library** — Browse and apply pre-built personality templates (archetypes) to agents, or create custom souls for reuse across your swarm
+- **Context Degradation Warnings** — Proactive alerts when context usage exceeds 85%, with strategy recommendations (save to memory, summarize, checkpoint)
 - **Real-Time Sync** — WebSocket push notifications for instant UI updates across tabs and devices (fallback to polling when WS is unavailable)
 - **Mobile-First UI** — Responsive glass-themed dark interface, works on phone and desktop
 
@@ -195,8 +201,9 @@ Notes:
 All config lives in `.env.local` (auto-generated):
 
 ```
-ACCESS_KEY=<your-access-key>       # Auth key for the dashboard
-CREDENTIAL_SECRET=<auto-generated> # AES-256 encryption key for stored credentials
+ACCESS_KEY=<your-access-key>                # Auth key for the dashboard
+CREDENTIAL_SECRET=<auto-generated>          # AES-256 encryption key for stored credentials
+SWARMCLAW_PLUGIN_FAILURE_THRESHOLD=3        # Consecutive failures before auto-disabling a plugin
 ```
 
 Data is stored in `data/swarmclaw.db` (SQLite with WAL mode), `data/memory.db` (agent memory with FTS5 + vector embeddings), `data/logs.db` (execution audit trail), and `data/langgraph-checkpoints.db` (orchestrator checkpoints). Back the `data/` directory up if you care about your sessions, agents, and credentials. Existing JSON file data is auto-migrated to SQLite on first run.
@@ -329,6 +336,7 @@ Agents with platform tools enabled can manage the SwarmClaw instance:
 | Manage Agents | List, create, update, delete agents |
 | Manage Tasks | Create and manage task board items with agent assignment |
 | Manage Schedules | Create cron, interval, or one-time scheduled jobs |
+| Reminders | Schedule a conversational wake event in the current chat (`schedule_wake`) |
 | Manage Skills | List, create, update reusable skill definitions |
 | Manage Documents | Upload/search/get/delete indexed docs for lightweight RAG workflows |
 | Manage Webhooks | Register external webhook endpoints that trigger agent sessions |
@@ -442,43 +450,68 @@ When enabled, new memories get vector embeddings. Search uses both FTS5 keyword
 
 Agents and sessions can have **fallback credentials**. If the primary API key gets a 401, 429, or 500 error, SwarmClaw automatically retries with the next credential. Configure fallback keys in the agent builder UI.
 
-## Plugins
+## Plugin System
 
-Extend agent behavior with JS plugins. Three ways to install:
+SwarmClaw features a powerful, modular plugin system designed for both agent enhancement and application extensibility. It is fully compatible with the **OpenClaw** plugin format.
 
-1. **Marketplace** — Browse and install approved plugins from Settings → Plugins → Marketplace
-2. **URL** — Install from any HTTPS URL via Settings → Plugins → Install from URL
-3. **Manual** — Drop `.js` files into `data/plugins/`
+Plugins can be managed in **Settings → Plugins** and installed via the Marketplace, URL, or by dropping `.js` files into `data/plugins/`.
 
-### Plugin Format (SwarmClaw)
+Docs:
+- Full docs: https://swarmclaw.ai/docs
+- Plugin tutorial: https://swarmclaw.ai/docs/plugin-tutorial
+
+### Extension Points
+
+Unlike standard tool systems, SwarmClaw plugins can modify the application itself:
+
+- **Agent Tools**: Define custom tools that agents can autonomously discover and use.
+- **Lifecycle Hooks**: Intercept events like `beforeAgentStart`, `afterToolExec`, and `onMessage`.
+- **UI Extensions**:
+  - `sidebarItems`: Inject new navigation links into the main sidebar.
+  - `headerWidgets`: Add status badges or indicators to the chat header (e.g., Wallet Balance).
+  - `chatInputActions`: Add custom action buttons next to the chat input (e.g., "Quick Scan").
+  - `plugin-ui` Messages: Render rich, interactive React cards in the chat stream.
+- **Deep Chat Hooks**:
+  - `transformInboundMessage`: Modify user messages before they reach the agent.
+  - `transformOutboundMessage`: Modify agent responses before they are saved or displayed.
+- **Custom Providers**: Add new LLM backends (e.g., a specialized local model or a new API).
+- **Custom Connectors**: Build new chat platform bridges (e.g., a proprietary internal messenger).
+
+### Autonomous Capability Discovery
+
+Agents in SwarmClaw are "aware" of the plugin system. If an agent lacks a tool needed for a task, it can:
+1. **Discover**: Scan the system for all installed plugins.
+2. **Search Marketplace**: Autonomously search **ClawHub** and the **SwarmClaw Registry** for new capabilities.
+3. **Request Access**: Prompt the user in-chat to enable a specific installed plugin.
+4. **Install Request**: Suggest installing a new plugin from a marketplace URL to fill a capability gap (requires user approval).
+
+### Example Plugin (SwarmClaw Format)
 
 ```js
 module.exports = {
-  name: 'my-plugin',
-  description: 'What it does',
-  hooks: {
-    beforeAgentStart: async ({ session, message }) => { /* ... */ },
-    afterAgentComplete: async ({ session, response }) => { /* ... */ },
-    beforeToolExec: async ({ toolName, input }) => { /* ... */ },
-    afterToolExec: async ({ toolName, input, output }) => { /* ... */ },
-    onMessage: async ({ session, message }) => { /* ... */ },
+  name: 'my-custom-extension',
+  ui: {
+    sidebarItems: [{ id: 'dashboard', label: 'My View', href: '/custom-view' }],
+    headerWidgets: [{ id: 'status', label: '🟢 Active' }]
   },
-}
+  tools: [{
+    name: 'custom_action',
+    description: 'Perform a specialized task',
+    parameters: { type: 'object', properties: { input: { type: 'string' } } },
+    execute: async (args) => {
+      // Logic here
+      return { kind: 'plugin-ui', text: 'Rich result card content' };
+    }
+  }]
+};
 ```
 
-### OpenClaw Plugin Compatibility
+### Lifecycle Management
 
-SwarmClaw natively supports the OpenClaw plugin format. Drop an OpenClaw plugin into `data/plugins/` and it works automatically — lifecycle hooks are mapped:
-
-| OpenClaw Hook | SwarmClaw Hook |
-|-|-|
-| `onAgentStart` | `beforeAgentStart` |
-| `onAgentComplete` | `afterAgentComplete` |
-| `onToolCall` | `beforeToolExec` |
-| `onToolResult` | `afterToolExec` |
-| `onMessage` | `onMessage` |
-
-Plugin API: `GET /api/plugins`, `POST /api/plugins`, `GET /api/plugins/marketplace`, `POST /api/plugins/install`.
+- **Versioning**: All plugins support semantic versioning (e.g., `v1.2.3`).
+- **Updates**: Plugins can be updated individually or in bulk via the Plugins manager.
+- **Hot-Reload**: The system automatically reloads plugin logic when a file is updated or a new plugin is installed.
+- **Stability Guardrails**: Consecutive plugin failures are tracked in `data/plugin-failures.json`; failing plugins are auto-disabled, a warning notification is emitted in-app, and users can re-enable manually from the Plugins manager.
 
 ## Deploy to a VPS
 
@@ -568,7 +601,7 @@ npm run dev:webpack
 ### First-Run Helpers
 
 ```bash
-npm run setup:easy      # setup only (does not start server)
+npm run setup:easy      # setup only (installs Deno if missing; does not start server)
 npm run quickstart      # setup + start dev server
 npm run quickstart:prod # setup + build + start production server
 npm run update:easy     # safe update helper for local installs
@@ -579,8 +612,8 @@ npm run update:easy     # safe update helper for local installs
 SwarmClaw uses tag-based releases (`vX.Y.Z`) as the stable channel.
 
 ```bash
-# example patch release
-npm version patch
+# example minor release (v0.7.0 style)
+npm version minor
 git push origin main --follow-tags
 ```
 
@@ -589,6 +622,16 @@ On `v*` tags, GitHub Actions will:
 2. Create a GitHub Release
 3. Build and publish Docker images to `ghcr.io/swarmclawai/swarmclaw` (`:vX.Y.Z`, `:latest`, `:sha-*`)
 
+#### v0.7.0 Release Readiness Notes
+
+Before shipping `v0.7.0`, confirm the following user-facing changes are reflected in docs:
+
+1. Plugins UI now shows richer installed plugin details (description fallback, source/status, capability badges, and clearer detail sheet metadata).
+2. Marketplace plugin installs normalize legacy URLs from `swarmclawai/plugins` to `swarmclawai/swarmforge` to avoid 404 installs.
+3. Hydration fixes removed nested `<button>` structures in list-card UIs (Plugins, Providers, Secrets, MCP Servers).
+4. Clipboard actions now use a browser-safe fallback when `navigator.clipboard` is unavailable.
+5. Site docs/release notes are updated in `swarmclaw-site` (especially `content/docs/plugins.md`, `content/docs/release-notes.md`, and `public/registry/plugins.json`).
+
 ## CLI
 
 SwarmClaw ships a built-in CLI for core operational workflows:

package/next.config.ts

@@ -1,5 +1,7 @@
 import type { NextConfig } from "next";
 import { execSync } from "child_process";
+import { networkInterfaces } from "os";
+import { DIRECT_NAV_SEGMENTS } from "./view-route-paths";
 
 function getGitSha(): string {
   try {
@@ -9,6 +11,33 @@ function getGitSha(): string {
   }
 }
 
+function getAllowedDevOrigins(): string[] {
+  const allowed = new Set<string>([
+    'localhost',
+    '127.0.0.1',
+    '0.0.0.0',
+  ])
+
+  // Include all active local IPv4 interfaces so LAN devices can load /_next assets in dev.
+  for (const interfaces of Object.values(networkInterfaces())) {
+    for (const iface of interfaces ?? []) {
+      if ((iface.family === 'IPv4' || (iface.family as string | number) === 4) && !iface.internal) {
+        allowed.add(iface.address)
+      }
+    }
+  }
+
+  // Optional override for custom origins/hosts, e.g. `NEXT_ALLOWED_DEV_ORIGINS=host1,host2`.
+  const extra = (process.env.NEXT_ALLOWED_DEV_ORIGINS ?? '')
+    .split(',')
+    .map((v) => v.trim())
+    .filter(Boolean)
+    .map((v) => v.replace(/^https?:\/\//, '').replace(/\/$/, ''))
+  for (const host of extra) allowed.add(host)
+
+  return [...allowed]
+}
+
 const nextConfig: NextConfig = {
   output: 'standalone',
   turbopack: {
@@ -35,13 +64,9 @@ const nextConfig: NextConfig = {
     '@whiskeysockets/baileys',
     'qrcode',
   ],
-  allowedDevOrigins: [
-    'localhost',
-    '127.0.0.1',
-    '0.0.0.0',
-  ],
+  allowedDevOrigins: getAllowedDevOrigins(),
   async rewrites() {
-    const views = 'agents|chatrooms|schedules|memory|tasks|secrets|providers|skills|connectors|webhooks|mcp-servers|knowledge|plugins|usage|runs|logs|settings|projects|activity'
+    const views = DIRECT_NAV_SEGMENTS.join('|')
     return [
       {
         source: `/:view(${views})`,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "0.6.7",
+  "version": "0.7.0",
   "description": "Self-hosted AI agent orchestration dashboard — manage LLM providers, orchestrate agent swarms, schedule tasks, and bridge agents to chat platforms.",
   "license": "MIT",
   "repository": {
@@ -52,7 +52,8 @@
     "lint:baseline:update": "node ./scripts/lint-baseline.mjs update",
     "cli": "node ./bin/swarmclaw.js",
     "test:cli": "node --test src/cli/index.test.js",
-    "test:openclaw": "tsx --test src/lib/server/connectors/openclaw.test.ts src/lib/openclaw-endpoint.test.ts src/lib/server/gateway/protocol.test.ts src/lib/server/tool-capability-policy.test.ts",
+    "test:openclaw": "tsx --test src/lib/server/connectors/openclaw.test.ts src/lib/openclaw-endpoint.test.ts src/lib/server/gateway/protocol.test.ts src/lib/server/tool-capability-policy.test.ts src/lib/server/task-validation.test.ts src/lib/server/task-quality-gate.test.ts src/lib/server/llm-response-cache.test.ts src/lib/server/mcp-conformance.test.ts",
+    "test:mcp:conformance": "node --import tsx ./scripts/mcp-conformance-check.ts",
     "postinstall": "node ./scripts/postinstall.mjs"
   },
   "dependencies": {

package/src/app/api/agents/[id]/thread/route.ts

@@ -49,6 +49,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
     createdAt: now,
     lastActiveAt: now,
     active: false,
+    mainSession: true,
     sessionType: 'human' as const,
     agentId,
     tools: agent.tools || [],

package/src/app/api/agents/route.ts

@@ -1,9 +1,9 @@
 import { NextResponse } from 'next/server'
 import { genId } from '@/lib/id'
-import { loadAgents, saveAgents, logActivity } from '@/lib/server/storage'
+import { loadAgents, loadSessions, loadUsage, saveAgents, logActivity } from '@/lib/server/storage'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 import { notify } from '@/lib/server/ws-hub'
-import { getAgentMonthlySpend } from '@/lib/server/cost'
+import { getAgentSpendWindows } from '@/lib/server/cost'
 import { AgentCreateSchema, formatZodError } from '@/lib/validation/schemas'
 import { z } from 'zod'
 export const dynamic = 'force-dynamic'
@@ -11,10 +11,19 @@ export const dynamic = 'force-dynamic'
 
 export async function GET(req: Request) {
   const agents = loadAgents()
-  // Enrich agents that have a monthly budget with current spend
+  const sessions = loadSessions()
+  const usage = loadUsage()
+  // Enrich agents that have spend limits with current spend windows
   for (const agent of Object.values(agents)) {
-    if (typeof agent.monthlyBudget === 'number' && agent.monthlyBudget > 0) {
-      agent.monthlySpend = getAgentMonthlySpend(agent.id)
+    if (
+      (typeof agent.monthlyBudget === 'number' && agent.monthlyBudget > 0)
+      || (typeof agent.dailyBudget === 'number' && agent.dailyBudget > 0)
+      || (typeof agent.hourlyBudget === 'number' && agent.hourlyBudget > 0)
+    ) {
+      const spend = getAgentSpendWindows(agent.id, Date.now(), { sessions, usage })
+      if (typeof agent.monthlyBudget === 'number' && agent.monthlyBudget > 0) agent.monthlySpend = spend.monthly
+      if (typeof agent.dailyBudget === 'number' && agent.dailyBudget > 0) agent.dailySpend = spend.daily
+      if (typeof agent.hourlyBudget === 'number' && agent.hourlyBudget > 0) agent.hourlySpend = spend.hourly
     }
   }
 
@@ -53,6 +62,11 @@ export async function POST(req: Request) {
     tools: body.tools,
     capabilities: body.capabilities,
     thinkingLevel: body.thinkingLevel || undefined,
+    autoRecovery: body.autoRecovery || false,
+    monthlyBudget: body.monthlyBudget ?? null,
+    dailyBudget: body.dailyBudget ?? null,
+    hourlyBudget: body.hourlyBudget ?? null,
+    budgetAction: body.budgetAction || 'warn',
     soul: body.soul || undefined,
     createdAt: now,
     updatedAt: now,

package/src/app/api/approvals/route.ts

@@ -0,0 +1,22 @@
+import { NextResponse } from 'next/server'
+import { listPendingApprovals, submitDecision } from '@/lib/server/approvals'
+
+export const dynamic = 'force-dynamic'
+
+export async function GET() {
+  return NextResponse.json(listPendingApprovals())
+}
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json()
+    const { id, approved } = body
+    if (!id || typeof approved !== 'boolean') {
+      return NextResponse.json({ error: 'id and approved required' }, { status: 400 })
+    }
+    await submitDecision(id, approved)
+    return NextResponse.json({ ok: true })
+  } catch (err: unknown) {
+    return NextResponse.json({ error: err instanceof Error ? err.message : String(err) }, { status: 500 })
+  }
+}

package/src/app/api/chatrooms/[id]/chat/route.ts

@@ -18,6 +18,7 @@ import {
 import { filterHealthyChatroomAgents } from '@/lib/server/chatroom-health'
 import { evaluateRoutingRules } from '@/lib/server/chatroom-routing'
 import { markProviderFailure, markProviderSuccess } from '@/lib/server/provider-health'
+import { applyAgentReactionsFromText } from '@/lib/server/chatroom-orchestration'
 import type { Chatroom, ChatroomMessage, Agent } from '@/types'
 
 export const dynamic = 'force-dynamic'
@@ -250,6 +251,9 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
               saveChatrooms(latestChatrooms)
               notify(`chatroom:${id}`)
 
+              // Extract and apply reactions (e.g. [REACTION]{"emoji":"👍","to":"..."})
+              applyAgentReactionsFromText(responseText, id, agent.id)
+
               markProviderSuccess(agent.provider)
               writeEvent({ t: 'cr_agent_done', agentId: agent.id, agentName: agent.name })
 

package/src/app/api/clawhub/install/route.ts

@@ -11,9 +11,9 @@ export async function POST(req: Request) {
   if (!content) {
     try {
       content = await fetchSkillContent(url)
-    } catch (err: any) {
+    } catch (err: unknown) {
       return NextResponse.json(
-        { error: err.message || 'Failed to fetch skill content' },
+        { error: err instanceof Error ? err.message : 'Failed to fetch skill content' },
         { status: 502 }
       )
     }

package/src/app/api/eval/run/route.ts

@@ -0,0 +1,37 @@
+import { NextResponse } from 'next/server'
+import { z } from 'zod'
+import { runEvalScenario } from '@/lib/server/eval/runner'
+import { listEvalRuns } from '@/lib/server/eval/store'
+
+const RunSchema = z.object({
+  scenarioId: z.string().min(1),
+  agentId: z.string().min(1),
+})
+
+export async function POST(req: Request) {
+  try {
+    const body: unknown = await req.json()
+    const parsed = RunSchema.safeParse(body)
+    if (!parsed.success) {
+      return NextResponse.json(
+        { error: parsed.error.issues.map((i) => i.message).join(', ') },
+        { status: 400 },
+      )
+    }
+
+    const result = await runEvalScenario(parsed.data.scenarioId, parsed.data.agentId)
+    return NextResponse.json(result)
+  } catch (err: unknown) {
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : String(err) },
+      { status: 500 },
+    )
+  }
+}
+
+export async function GET(req: Request) {
+  const { searchParams } = new URL(req.url)
+  const limit = Math.min(parseInt(searchParams.get('limit') || '50', 10), 200)
+  const runs = listEvalRuns(limit)
+  return NextResponse.json(runs)
+}

package/src/app/api/eval/scenarios/route.ts

@@ -0,0 +1,24 @@
+import { NextResponse } from 'next/server'
+import { EVAL_SCENARIOS } from '@/lib/server/eval/scenarios'
+
+export async function GET(req: Request) {
+  const { searchParams } = new URL(req.url)
+  const category = searchParams.get('category')
+
+  const scenarios = category
+    ? EVAL_SCENARIOS.filter((s) => s.category === category)
+    : EVAL_SCENARIOS
+
+  return NextResponse.json(
+    scenarios.map((s) => ({
+      id: s.id,
+      name: s.name,
+      category: s.category,
+      description: s.description,
+      tools: s.tools,
+      timeoutMs: s.timeoutMs,
+      criteriaCount: s.scoringCriteria.length,
+      maxScore: s.scoringCriteria.reduce((sum, c) => sum + c.weight, 0),
+    })),
+  )
+}

package/src/app/api/eval/suite/route.ts

@@ -0,0 +1,29 @@
+import { NextResponse } from 'next/server'
+import { z } from 'zod'
+import { runEvalSuite } from '@/lib/server/eval/runner'
+
+const SuiteSchema = z.object({
+  agentId: z.string().min(1),
+  categories: z.array(z.string()).optional(),
+})
+
+export async function POST(req: Request) {
+  try {
+    const body: unknown = await req.json()
+    const parsed = SuiteSchema.safeParse(body)
+    if (!parsed.success) {
+      return NextResponse.json(
+        { error: parsed.error.issues.map((i) => i.message).join(', ') },
+        { status: 400 },
+      )
+    }
+
+    const result = await runEvalSuite(parsed.data.agentId, parsed.data.categories)
+    return NextResponse.json(result)
+  } catch (err: unknown) {
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : String(err) },
+      { status: 500 },
+    )
+  }
+}

package/src/app/api/mcp-servers/[id]/conformance/route.ts

@@ -0,0 +1,26 @@
+import { NextResponse } from 'next/server'
+import { loadMcpServers } from '@/lib/server/storage'
+import { notFound } from '@/lib/server/collection-helpers'
+import { runMcpConformanceCheck } from '@/lib/server/mcp-conformance'
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const servers = loadMcpServers()
+  const server = servers[id]
+  if (!server) return notFound()
+
+  const body = await req.json().catch(() => ({}))
+  const timeoutMs = typeof body?.timeoutMs === 'number' ? body.timeoutMs : undefined
+  const smokeToolName = typeof body?.smokeToolName === 'string' ? body.smokeToolName : undefined
+  const smokeToolArgs = body?.smokeToolArgs && typeof body.smokeToolArgs === 'object' && !Array.isArray(body.smokeToolArgs)
+    ? body.smokeToolArgs
+    : undefined
+
+  const result = await runMcpConformanceCheck(server, {
+    timeoutMs,
+    smokeToolName,
+    smokeToolArgs,
+  })
+
+  return NextResponse.json(result, { status: result.ok ? 200 : 502 })
+}

package/src/app/api/mcp-servers/[id]/invoke/route.ts

@@ -0,0 +1,81 @@
+import { NextResponse } from 'next/server'
+import { loadMcpServers } from '@/lib/server/storage'
+import { notFound } from '@/lib/server/collection-helpers'
+import { connectMcpServer, disconnectMcpServer } from '@/lib/server/mcp-client'
+
+function parseArgs(value: unknown): Record<string, unknown> {
+  if (value && typeof value === 'object' && !Array.isArray(value)) {
+    return value as Record<string, unknown>
+  }
+  if (typeof value === 'string' && value.trim()) {
+    try {
+      const parsed = JSON.parse(value)
+      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+        return parsed as Record<string, unknown>
+      }
+    } catch {
+      // Handled by caller via fallback validation error.
+    }
+  }
+  return {}
+}
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const servers = loadMcpServers()
+  const server = servers[id]
+  if (!server) return notFound()
+
+  const body = await req.json().catch(() => null)
+  const toolName = typeof body?.toolName === 'string' ? body.toolName.trim() : ''
+  if (!toolName) {
+    return NextResponse.json({ error: 'toolName is required' }, { status: 400 })
+  }
+
+  const argsRaw = body?.args
+  if (
+    argsRaw !== undefined
+    && typeof argsRaw !== 'string'
+    && (typeof argsRaw !== 'object' || Array.isArray(argsRaw))
+  ) {
+    return NextResponse.json({ error: 'args must be an object or JSON string' }, { status: 400 })
+  }
+  const args = parseArgs(argsRaw)
+
+  let client: unknown
+  let transport: unknown
+  try {
+    const conn = await connectMcpServer(server)
+    client = conn.client
+    transport = conn.transport
+    const result = await (client as { callTool: (opts: { name: string; arguments: Record<string, unknown> }) => Promise<Record<string, unknown>> }).callTool({
+      name: toolName,
+      arguments: args,
+    })
+    const textParts = Array.isArray(result?.content)
+      ? (result.content as Array<Record<string, unknown>>)
+          .filter((part) => part?.type === 'text' && typeof part?.text === 'string')
+          .map((part) => part.text as string)
+      : []
+    const text = textParts.join('\n').trim() || '(no text output)'
+
+    return NextResponse.json({
+      ok: true,
+      toolName,
+      args,
+      text,
+      result,
+      isError: result?.isError === true,
+    })
+  } catch (err: unknown) {
+    return NextResponse.json(
+      { ok: false, error: err instanceof Error ? err.message : 'MCP tool invocation failed' },
+      { status: 500 },
+    )
+  } finally {
+    if (client && transport) {
+      await disconnectMcpServer(client, transport)
+    }
+  }
+}
+

package/src/app/api/memory/graph/route.ts

@@ -0,0 +1,46 @@
+import { NextResponse } from 'next/server'
+import { getMemoryDb } from '@/lib/server/memory-db'
+import type { MemoryEntry } from '@/types'
+
+export const dynamic = 'force-dynamic'
+
+/** GET /api/memory/graph — returns a node-link structure of the memory graph */
+export async function GET(req: Request) {
+  const { searchParams } = new URL(req.url)
+  const agentId = searchParams.get('agentId')
+  const limit = Math.min(1000, Math.max(1, Number(searchParams.get('limit')) || 200))
+  
+  const db = getMemoryDb()
+  const entries: MemoryEntry[] = db.list(agentId || undefined, limit)
+  
+  const nodes = entries.map(e => ({
+    id: e.id,
+    title: e.title,
+    category: e.category,
+    agentId: e.agentId,
+    contentPreview: e.content.slice(0, 100) + (e.content.length > 100 ? '...' : ''),
+    createdAt: e.createdAt,
+    updatedAt: e.updatedAt,
+    pinned: e.pinned
+  }))
+
+  const links: Array<{ source: string; target: string; type: string }> = []
+  const entryIds = new Set(entries.map(e => e.id))
+
+  for (const entry of entries) {
+    if (entry.linkedMemoryIds && Array.isArray(entry.linkedMemoryIds)) {
+      for (const targetId of entry.linkedMemoryIds) {
+        // Only include links where both nodes are in the current set (or could fetch more if needed)
+        if (entryIds.has(targetId)) {
+          links.push({
+            source: entry.id,
+            target: targetId,
+            type: 'linked'
+          })
+        }
+      }
+    }
+  }
+
+  return NextResponse.json({ nodes, links })
+}