@swarmclawai/swarmclaw 0.7.1 → 0.7.3

package/src/app/api/agents/[id]/thread/route.ts

@@ -15,28 +15,57 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   const user = body.user || 'default'
   const sessions = loadSessions()
 
-  // If agent already has a thread session that exists, return it
+  // If the agent already has a shortcut chat session, return it.
   if (agent.threadSessionId && sessions[agent.threadSessionId]) {
-    return NextResponse.json(sessions[agent.threadSessionId])
+    const existing = sessions[agent.threadSessionId] as Record<string, unknown>
+    let changed = false
+    if (existing.shortcutForAgentId !== agentId) {
+      existing.shortcutForAgentId = agentId
+      changed = true
+    }
+    if (existing.name !== agent.name) {
+      existing.name = agent.name
+      changed = true
+    }
+    if (changed) saveSessions(sessions)
+    return NextResponse.json(existing)
   }
 
-  // Check if an existing session is already linked to this agent as a thread
+  // Legacy fallback for older shortcut sessions that were named using the
+  // old agent-thread convention before the explicit link was persisted.
   const existing = Object.values(sessions).find(
-    (s: Record<string, unknown>) => s.name === `agent-thread:${agentId}` && s.user === user
+    (s: Record<string, unknown>) =>
+      (
+        s.shortcutForAgentId === agentId
+        || s.name === `agent-thread:${agentId}`
+      )
+      && s.user === user
   )
   if (existing) {
     agent.threadSessionId = (existing as Record<string, unknown>).id as string
     agent.updatedAt = Date.now()
     saveAgents(agents)
+    let changed = false
+    const existingRecord = existing as Record<string, unknown>
+    if (existingRecord.shortcutForAgentId !== agentId) {
+      existingRecord.shortcutForAgentId = agentId
+      changed = true
+    }
+    if (existingRecord.name !== agent.name) {
+      existingRecord.name = agent.name
+      changed = true
+    }
+    if (changed) saveSessions(sessions)
     return NextResponse.json(existing)
   }
 
-  // Create a new thread session
-  const sessionId = `agent-thread-${agentId}-${genId()}`
+  // Create a new shortcut chat session for this agent.
+  const sessionId = `agent-chat-${agentId}-${genId()}`
   const now = Date.now()
   const session = {
     id: sessionId,
-    name: `agent-thread:${agentId}`,
+    name: agent.name,
+    shortcutForAgentId: agentId,
     cwd: WORKSPACE_DIR,
     user: user,
     provider: agent.provider,
@@ -49,10 +78,9 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
     createdAt: now,
     lastActiveAt: now,
     active: false,
-    mainSession: true,
     sessionType: 'human' as const,
     agentId,
-    tools: agent.tools || [],
+    plugins: agent.plugins || agent.tools || [],
     heartbeatEnabled: agent.heartbeatEnabled || false,
     heartbeatIntervalSec: agent.heartbeatIntervalSec || null,
   }

package/src/app/api/agents/route.ts

@@ -13,6 +13,9 @@ export async function GET(req: Request) {
   const agents = loadAgents()
   const sessions = loadSessions()
   const usage = loadUsage()
+  for (const agent of Object.values(agents)) {
+    agent.isOrchestrator = agent.platformAssignScope === 'all'
+  }
   // Enrich agents that have spend limits with current spend windows
   for (const agent of Object.values(agents)) {
     if (
@@ -48,6 +51,7 @@ export async function POST(req: Request) {
   const id = genId()
   const now = Date.now()
   const agents = loadAgents()
+  const platformAssignScope = body.platformAssignScope
   agents[id] = {
     id,
     name: body.name,
@@ -57,9 +61,10 @@ export async function POST(req: Request) {
     model: body.model,
     credentialId: body.credentialId,
     apiEndpoint: normalizeProviderEndpoint(body.provider, body.apiEndpoint || null),
-    isOrchestrator: body.isOrchestrator,
+    isOrchestrator: platformAssignScope === 'all',
+    platformAssignScope,
     subAgentIds: body.subAgentIds,
-    tools: body.tools,
+    plugins: body.plugins?.length ? body.plugins : (body.tools || []),
     capabilities: body.capabilities,
     thinkingLevel: body.thinkingLevel || undefined,
     autoRecovery: body.autoRecovery || false,
@@ -68,6 +73,12 @@ export async function POST(req: Request) {
     hourlyBudget: body.hourlyBudget ?? null,
     budgetAction: body.budgetAction || 'warn',
     soul: body.soul || undefined,
+    identityState: body.identityState ?? null,
+    sessionResetMode: body.sessionResetMode ?? null,
+    sessionIdleTimeoutSec: body.sessionIdleTimeoutSec ?? null,
+    sessionMaxAgeSec: body.sessionMaxAgeSec ?? null,
+    sessionDailyResetAt: body.sessionDailyResetAt ?? null,
+    sessionResetTimezone: body.sessionResetTimezone ?? null,
     createdAt: now,
     updatedAt: now,
   }

package/src/app/api/auth/route.ts

@@ -1,27 +1,96 @@
 import { NextResponse } from 'next/server'
 import { validateAccessKey, getAccessKey, isFirstTimeSetup, markSetupComplete } from '@/lib/server/storage'
 import { ensureDaemonStarted } from '@/lib/server/daemon-state'
+import { AUTH_COOKIE_NAME, getCookieValue } from '@/lib/auth'
 export const dynamic = 'force-dynamic'
 
+interface AuthAttemptEntry {
+  count: number
+  lockedUntil: number
+}
 
-/** GET /api/auth — check if this is a first-time setup (returns key for initial display) */
-export async function GET(_req: Request) {
-  if (isFirstTimeSetup()) {
-    return NextResponse.json({ firstTime: true, key: getAccessKey() })
+const authRateLimitMap = (
+  (globalThis as Record<string, unknown>).__swarmclaw_auth_rate_limit__ ??= new Map()
+) as Map<string, AuthAttemptEntry>
+
+const MAX_ATTEMPTS = 5
+const LOCKOUT_MS = 15 * 60 * 1000
+
+function getClientIp(req: Request): string {
+  const forwarded = req.headers.get('x-forwarded-for')
+  if (forwarded) {
+    const first = forwarded.split(',')[0]?.trim()
+    if (first) return first
   }
-  return NextResponse.json({ firstTime: false })
+  const realIp = req.headers.get('x-real-ip')?.trim()
+  return realIp || 'unknown'
+}
+
+function clearAuthCookie(response: NextResponse): NextResponse {
+  response.cookies.set(AUTH_COOKIE_NAME, '', {
+    httpOnly: true,
+    sameSite: 'lax',
+    secure: false,
+    path: '/',
+    maxAge: 0,
+  })
+  return response
+}
+
+function setAuthCookie(response: NextResponse, req: Request, key: string): NextResponse {
+  response.cookies.set(AUTH_COOKIE_NAME, key, {
+    httpOnly: true,
+    sameSite: 'lax',
+    secure: new URL(req.url).protocol === 'https:',
+    path: '/',
+    maxAge: 60 * 60 * 24 * 30,
+  })
+  return response
+}
+
+/** GET /api/auth — returns setup state and whether the auth cookie is currently valid */
+export async function GET(req: Request) {
+  const cookieKey = getCookieValue(req.headers.get('cookie'), AUTH_COOKIE_NAME)
+  return NextResponse.json({
+    firstTime: isFirstTimeSetup(),
+    authenticated: !!cookieKey && validateAccessKey(cookieKey),
+  })
 }
 
 /** POST /api/auth — validate an access key */
 export async function POST(req: Request) {
+  const clientIp = getClientIp(req)
+  const entry = authRateLimitMap.get(clientIp)
+  if (entry && entry.lockedUntil > Date.now()) {
+    const retryAfter = Math.ceil((entry.lockedUntil - Date.now()) / 1000)
+    return clearAuthCookie(NextResponse.json(
+      { error: 'Too many failed attempts. Try again later.', retryAfter },
+      { status: 429, headers: { 'Retry-After': String(retryAfter) } },
+    ))
+  }
+
   const { key } = await req.json()
   if (!key || !validateAccessKey(key)) {
-    return NextResponse.json({ error: 'Invalid access key' }, { status: 401 })
+    const current = authRateLimitMap.get(clientIp) ?? { count: 0, lockedUntil: 0 }
+    current.count += 1
+    if (current.count >= MAX_ATTEMPTS) {
+      current.lockedUntil = Date.now() + LOCKOUT_MS
+    }
+    authRateLimitMap.set(clientIp, current)
+    return clearAuthCookie(NextResponse.json(
+      { error: 'Invalid access key' },
+      {
+        status: 401,
+        headers: { 'X-RateLimit-Remaining': String(Math.max(0, MAX_ATTEMPTS - current.count)) },
+      },
+    ))
   }
+
+  authRateLimitMap.delete(clientIp)
   // If this was first-time setup, mark it as claimed
   if (isFirstTimeSetup()) {
     markSetupComplete()
   }
   ensureDaemonStarted('api/auth:post')
-  return NextResponse.json({ ok: true })
+  return setAuthCookie(NextResponse.json({ ok: true }), req, key)
 }

package/src/app/api/chatrooms/[id]/chat/route.ts

@@ -8,6 +8,8 @@ import { getProvider } from '@/lib/providers'
 import {
   resolveApiKey,
   parseMentions,
+  resolveReplyTargetAgentId,
+  resolveAgentApiEndpoint,
   compactChatroomMessages,
   buildChatroomSystemPrompt,
   buildSyntheticSession,
@@ -50,7 +52,8 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
 
   // Persist incoming message
   const senderName = senderId === 'user' ? 'You' : (agents[senderId]?.name || senderId)
-  let mentions = parseMentions(text, agents, chatroom.agentIds)
+  const replyTargetAgentId = resolveReplyTargetAgentId(replyToId, chatroom.messages, chatroom.agentIds)
+  let mentions = parseMentions(text, agents, chatroom.agentIds, { replyTargetAgentId })
   // Routing rules: if no explicit mentions, evaluate keyword/capability rules
   if (mentions.length === 0 && chatroom.routingRules?.length) {
     const agentList = chatroom.agentIds.map((aid) => agents[aid]).filter(Boolean)
@@ -149,13 +152,14 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
           // Pre-flight: check if the agent's provider is usable before attempting to stream
           const providerInfo = getProvider(agent.provider)
           const apiKey = resolveApiKey(agent.credentialId)
+          const resolvedEndpoint = resolveAgentApiEndpoint(agent)
           if (providerInfo?.requiresApiKey && !apiKey) {
             writeEvent({ t: 'cr_agent_start', agentId: agent.id, agentName: agent.name })
             writeEvent({ t: 'err', text: `${agent.name} has no API credentials configured`, agentId: agent.id, agentName: agent.name })
             writeEvent({ t: 'cr_agent_done', agentId: agent.id, agentName: agent.name })
             return []
           }
-          if (providerInfo?.requiresEndpoint && !agent.apiEndpoint) {
+          if (providerInfo?.requiresEndpoint && !resolvedEndpoint) {
             writeEvent({ t: 'cr_agent_start', agentId: agent.id, agentName: agent.name })
             writeEvent({ t: 'err', text: `${agent.name} has no endpoint configured`, agentId: agent.id, agentName: agent.name })
             writeEvent({ t: 'cr_agent_done', agentId: agent.id, agentName: agent.name })
@@ -174,6 +178,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
             }
 
             const syntheticSession = buildSyntheticSession(agent, id)
+            syntheticSession.apiEndpoint = resolvedEndpoint
             const agentSystemPrompt = buildAgentSystemPromptForChatroom(agent)
             const chatroomContext = buildChatroomSystemPrompt(freshChatroom, agents, agent.id)
             const fullSystemPrompt = [agentSystemPrompt, chatroomContext].filter(Boolean).join('\n\n')

package/src/app/api/{sessions → chats}/[id]/browser/route.ts

@@ -1,9 +1,13 @@
 import { NextResponse } from 'next/server'
 import { hasActiveBrowser, cleanupSessionBrowser } from '@/lib/server/session-tools'
+import { loadBrowserSessionRecord } from '@/lib/server/browser-state'
 
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  return NextResponse.json({ active: hasActiveBrowser(id) })
+  return NextResponse.json({
+    active: hasActiveBrowser(id),
+    state: loadBrowserSessionRecord(id),
+  })
 }
 
 export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {

package/src/app/api/{sessions → chats}/[id]/chat/route.ts

@@ -49,7 +49,9 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
         mode: queueMode,
         onEvent: (ev) => writeEvent(ev as unknown as Record<string, unknown>),
         replyToId,
-        callerSignal: req.signal,
+        // Keep user-initiated runs alive even if the SSE transport drops so
+        // long-lived tasks can finish and be observed later via polling/history.
+        callerSignal: internal ? req.signal : undefined,
       })
       abortRun = run.abort
 
@@ -89,8 +91,10 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
         })
     },
     cancel() {
-      // Client disconnected — abort the run so the LLM stream is cancelled.
-      abortRun?.()
+      // Client disconnected. User-facing runs continue in the background so
+      // they can persist results even when the transport drops. Explicit stop
+      // controls still cancel the run through the session run manager.
+      if (internal) abortRun?.()
     },
   })
 

package/src/app/api/{sessions → chats}/[id]/checkpoints/route.ts

@@ -3,7 +3,7 @@ import { getCheckpointSaver } from '@/lib/server/langgraph-checkpoint'
 
 export const dynamic = 'force-dynamic'
 
-/** GET /api/sessions/[id]/checkpoints — returns checkpoint history for a thread */
+/** GET /api/chats/[id]/checkpoints — returns checkpoint history for a thread */
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id: threadId } = await params
   if (!threadId) return NextResponse.json({ error: 'Thread ID is required' }, { status: 400 })

package/src/app/api/chats/[id]/main-loop/route.ts

@@ -0,0 +1,13 @@
+import { NextResponse } from 'next/server'
+
+function retiredResponse() {
+  return new NextResponse('Mission controls are no longer supported.', { status: 410 })
+}
+
+export async function GET() {
+  return retiredResponse()
+}
+
+export async function POST() {
+  return retiredResponse()
+}

package/src/app/api/{sessions → chats}/[id]/messages/route.ts

@@ -1,17 +1,26 @@
 import { NextResponse } from 'next/server'
-import { loadSessions, saveSessions } from '@/lib/server/storage'
+import { active, loadStoredItem, upsertStoredItem } from '@/lib/server/storage'
 import { notFound } from '@/lib/server/collection-helpers'
+import { getSessionRunState } from '@/lib/server/session-run-manager'
+import { pruneStreamingAssistantArtifacts } from '@/lib/chat-streaming-state'
 
 export async function GET(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const sessions = loadSessions()
-  if (!sessions[id]) return notFound()
+  const session = loadStoredItem('sessions', id)
+  if (!session) return notFound()
+  session.messages = Array.isArray(session.messages) ? session.messages : []
+
+  const run = getSessionRunState(id)
+  const hasLiveRun = active.has(id) || !!run.runningRunId
+  if (!hasLiveRun && pruneStreamingAssistantArtifacts(session.messages)) {
+    upsertStoredItem('sessions', id, session)
+  }
 
   const url = new URL(req.url)
   const limitParam = url.searchParams.get('limit')
   const beforeParam = url.searchParams.get('before')
 
-  const allMessages = sessions[id].messages
+  const allMessages = Array.isArray(session.messages) ? session.messages : []
   const total = allMessages.length
 
   // If no limit param, return all messages (backward compatible)
@@ -41,8 +50,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   if (body.kind !== 'context-clear') {
     return NextResponse.json({ error: 'Only context-clear kind is supported' }, { status: 400 })
   }
-  const sessions = loadSessions()
-  const session = sessions[id]
+  const session = loadStoredItem('sessions', id)
   if (!session) return notFound()
 
   session.messages.push({
@@ -51,15 +59,14 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
     kind: 'context-clear',
     time: Date.now(),
   })
-  saveSessions(sessions)
+  upsertStoredItem('sessions', id, session)
   return NextResponse.json({ ok: true })
 }
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const body = await req.json() as { messageIndex: number; bookmarked: boolean }
-  const sessions = loadSessions()
-  const session = sessions[id]
+  const session = loadStoredItem('sessions', id)
   if (!session) return notFound()
 
   const { messageIndex, bookmarked } = body
@@ -68,15 +75,14 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   }
 
   session.messages[messageIndex].bookmarked = bookmarked
-  saveSessions(sessions)
+  upsertStoredItem('sessions', id, session)
   return NextResponse.json(session.messages[messageIndex])
 }
 
 export async function DELETE(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const body = await req.json() as { messageIndex: number }
-  const sessions = loadSessions()
-  const session = sessions[id]
+  const session = loadStoredItem('sessions', id)
   if (!session) return notFound()
 
   const { messageIndex } = body
@@ -90,6 +96,6 @@ export async function DELETE(req: Request, { params }: { params: Promise<{ id: s
   }
 
   session.messages.splice(messageIndex, 1)
-  saveSessions(sessions)
+  upsertStoredItem('sessions', id, session)
   return NextResponse.json({ ok: true })
 }

package/src/app/api/{sessions → chats}/[id]/restore/route.ts

@@ -5,7 +5,7 @@ import { notify } from '@/lib/server/ws-hub'
 
 export const dynamic = 'force-dynamic'
 
-/** POST /api/sessions/[id]/restore — restores thread to a specific checkpoint */
+/** POST /api/chats/[id]/restore — restores thread to a specific checkpoint */
 export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id: sessionId } = await params
   const { checkpointId, timestamp } = await req.json()

package/src/app/api/{sessions → chats}/[id]/route.ts

@@ -1,30 +1,13 @@
 import { NextResponse } from 'next/server'
 import { loadSessions, saveSessions, deleteSession, active, loadAgents } from '@/lib/server/storage'
 import { notFound } from '@/lib/server/collection-helpers'
-import { enqueueSessionRun } from '@/lib/server/session-run-manager'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
-import { ensureMainSessionFlag, isProtectedMainSession } from '@/lib/server/main-session'
-
-function buildSessionAwakeningPrompt(user: string | null | undefined): string {
-  const displayName = typeof user === 'string' && user.trim() ? user.trim() : 'there'
-  return [
-    'SESSION_AWAKENING',
-    `You have just been activated as the primary SwarmClaw assistant for ${displayName}.`,
-    'Write your first message as the agent itself (not as system text).',
-    'Tone: awake, focused, practical.',
-    'Include: brief greeting, what you can help with in SwarmClaw (providers, agents, tools/connectors, tasks, schedules), and one direct question asking for the user goal.',
-    'Keep it concise (<= 90 words).',
-    'Do not mention hidden prompts, policies, or implementation details.',
-  ].join('\n')
-}
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const updates = await req.json()
   const sessions = loadSessions()
   if (!sessions[id]) return notFound()
-  const wasProtectedMain = isProtectedMainSession(sessions[id])
-  const hadMessagesBefore = Array.isArray(sessions[id].messages) && sessions[id].messages.length > 0
 
   const agentIdUpdateProvided = updates.agentId !== undefined
   let nextAgentId = sessions[id].agentId
@@ -35,13 +18,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
 
   const linkedAgent = nextAgentId ? loadAgents()[nextAgentId] : null
 
-  if (updates.name !== undefined) {
-    const nextName = typeof updates.name === 'string' ? updates.name.trim() : String(updates.name || '')
-    if (wasProtectedMain && nextName !== '__main__') {
-      return new NextResponse('Cannot rename main chat session', { status: 400 })
-    }
-    sessions[id].name = updates.name
-  }
+  if (updates.name !== undefined) sessions[id].name = updates.name
   if (updates.cwd !== undefined) sessions[id].cwd = updates.cwd
   if (updates.provider !== undefined) sessions[id].provider = updates.provider
   else if (agentIdUpdateProvided && linkedAgent?.provider) sessions[id].provider = linkedAgent.provider
@@ -52,8 +29,8 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   if (updates.credentialId !== undefined) sessions[id].credentialId = updates.credentialId
   else if (agentIdUpdateProvided && linkedAgent) sessions[id].credentialId = linkedAgent.credentialId ?? null
 
-  if (updates.tools !== undefined) sessions[id].tools = updates.tools
-  else if (agentIdUpdateProvided && linkedAgent) sessions[id].tools = Array.isArray(linkedAgent.tools) ? linkedAgent.tools : []
+  if (updates.plugins !== undefined) sessions[id].plugins = updates.plugins
+  else if (agentIdUpdateProvided && linkedAgent) sessions[id].plugins = Array.isArray(linkedAgent.plugins) ? linkedAgent.plugins : []
 
   if (updates.apiEndpoint !== undefined) {
     sessions[id].apiEndpoint = normalizeProviderEndpoint(
@@ -68,46 +45,39 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   }
   if (updates.heartbeatEnabled !== undefined) sessions[id].heartbeatEnabled = updates.heartbeatEnabled
   if (updates.heartbeatIntervalSec !== undefined) sessions[id].heartbeatIntervalSec = updates.heartbeatIntervalSec
+  if (updates.sessionResetMode !== undefined) sessions[id].sessionResetMode = updates.sessionResetMode
+  if (updates.sessionIdleTimeoutSec !== undefined) sessions[id].sessionIdleTimeoutSec = updates.sessionIdleTimeoutSec
+  if (updates.sessionMaxAgeSec !== undefined) sessions[id].sessionMaxAgeSec = updates.sessionMaxAgeSec
+  if (updates.sessionDailyResetAt !== undefined) sessions[id].sessionDailyResetAt = updates.sessionDailyResetAt
+  if (updates.sessionResetTimezone !== undefined) sessions[id].sessionResetTimezone = updates.sessionResetTimezone
+  if (updates.thinkingLevel !== undefined) sessions[id].thinkingLevel = updates.thinkingLevel
+  if (updates.connectorThinkLevel !== undefined) sessions[id].connectorThinkLevel = updates.connectorThinkLevel
+  if (updates.connectorSessionScope !== undefined) sessions[id].connectorSessionScope = updates.connectorSessionScope
+  if (updates.connectorReplyMode !== undefined) sessions[id].connectorReplyMode = updates.connectorReplyMode
+  if (updates.connectorThreadBinding !== undefined) sessions[id].connectorThreadBinding = updates.connectorThreadBinding
+  if (updates.connectorGroupPolicy !== undefined) sessions[id].connectorGroupPolicy = updates.connectorGroupPolicy
+  if (updates.connectorIdleTimeoutSec !== undefined) sessions[id].connectorIdleTimeoutSec = updates.connectorIdleTimeoutSec
+  if (updates.connectorMaxAgeSec !== undefined) sessions[id].connectorMaxAgeSec = updates.connectorMaxAgeSec
+  if (updates.connectorContext !== undefined) sessions[id].connectorContext = updates.connectorContext
+  if (updates.identityState !== undefined) sessions[id].identityState = updates.identityState
+  if (updates.sessionArchiveState !== undefined) sessions[id].sessionArchiveState = updates.sessionArchiveState
+  if (updates.lastSessionResetAt !== undefined) sessions[id].lastSessionResetAt = updates.lastSessionResetAt
+  if (updates.lastSessionResetReason !== undefined) sessions[id].lastSessionResetReason = updates.lastSessionResetReason
   if (updates.pinned !== undefined) sessions[id].pinned = !!updates.pinned
   if (updates.claudeSessionId !== undefined) sessions[id].claudeSessionId = updates.claudeSessionId
   if (updates.codexThreadId !== undefined) sessions[id].codexThreadId = updates.codexThreadId
   if (updates.opencodeSessionId !== undefined) sessions[id].opencodeSessionId = updates.opencodeSessionId
   if (updates.delegateResumeIds !== undefined) sessions[id].delegateResumeIds = updates.delegateResumeIds
   if (!Array.isArray(sessions[id].messages)) sessions[id].messages = []
-  ensureMainSessionFlag(sessions[id])
-
-  const shouldKickoffAwakening = isProtectedMainSession(sessions[id])
-    && agentIdUpdateProvided
-    && !!sessions[id].agentId
-    && !hadMessagesBefore
-    && sessions[id].messages.length === 0
 
   saveSessions(sessions)
-
-  if (shouldKickoffAwakening) {
-    try {
-      enqueueSessionRun({
-        sessionId: id,
-        message: buildSessionAwakeningPrompt(sessions[id].user),
-        internal: true,
-        source: 'session-awakening',
-        mode: 'steer',
-        dedupeKey: `session-awakening:${id}`,
-      })
-    } catch {
-      // Best-effort kickoff only.
-    }
-  }
-
   return NextResponse.json(sessions[id])
 }
 
 export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const sessions = loadSessions()
-  if (isProtectedMainSession(sessions[id])) {
-    return new NextResponse('Cannot delete main chat session', { status: 403 })
-  }
+  if (!sessions[id]) return notFound()
   if (active.has(id)) {
     try { active.get(id).kill() } catch {}
     active.delete(id)

package/src/app/api/{sessions → chats}/[id]/stop/route.ts

@@ -1,10 +1,15 @@
 import { NextResponse } from 'next/server'
-import { active } from '@/lib/server/storage'
+import { pruneStreamingAssistantArtifacts } from '@/lib/chat-streaming-state'
+import { active, loadStoredItem, upsertStoredItem } from '@/lib/server/storage'
 import { cancelSessionRuns } from '@/lib/server/session-run-manager'
 
 export async function POST(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const cancel = cancelSessionRuns(id, 'Stopped by user')
+  const session = loadStoredItem('sessions', id)
+  if (session && Array.isArray(session.messages) && pruneStreamingAssistantArtifacts(session.messages)) {
+    upsertStoredItem('sessions', id, session)
+  }
   if (active.has(id)) {
     try { active.get(id).kill() } catch {}
     active.delete(id)

package/src/app/api/{sessions → chats}/route.ts

@@ -7,7 +7,6 @@ import { WORKSPACE_DIR } from '@/lib/server/data-dir'
 import { notify } from '@/lib/server/ws-hub'
 import { getSessionRunState } from '@/lib/server/session-run-manager'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
-import { ensureMainSessionFlag, isProtectedMainSession } from '@/lib/server/main-session'
 export const dynamic = 'force-dynamic'
 
 
@@ -39,7 +38,7 @@ export async function DELETE(req: Request) {
   const sessions = loadSessions()
   let deleted = 0
   for (const id of ids) {
-    if (isProtectedMainSession(sessions[id])) continue
+    if (!sessions[id]) continue
     if (active.has(id)) {
       try { active.get(id).kill() } catch {}
       active.delete(id)
@@ -61,15 +60,15 @@ export async function POST(req: Request) {
   const id = body.id || genId()
   const sessions = loadSessions()
   const agent = body.agentId ? loadAgents()[body.agentId] : null
-  const requestedTools = Array.isArray(body.tools) ? body.tools : null
-  const resolvedTools = requestedTools ?? (Array.isArray(agent?.tools) ? agent.tools : [])
+  const requestedPlugins = Array.isArray(body.plugins) ? body.plugins : (Array.isArray(body.tools) ? body.tools : null)
+  const resolvedPlugins = requestedPlugins ?? (Array.isArray(agent?.plugins) ? agent.plugins : (Array.isArray(agent?.tools) ? agent.tools : []))
 
   // If session with this ID already exists, return it as-is
   if (body.id && sessions[id]) {
     return NextResponse.json(sessions[id])
   }
 
-  const sessionName = body.name || 'New Session'
+  const sessionName = body.name || 'New Chat'
 
   sessions[id] = {
     id, name: sessionName, cwd,
@@ -94,11 +93,26 @@ export async function POST(req: Request) {
     sessionType: body.sessionType || 'human',
     agentId: body.agentId || null,
     parentSessionId: body.parentSessionId || null,
-    tools: resolvedTools,
+    plugins: resolvedPlugins,
     heartbeatEnabled: body.heartbeatEnabled ?? null,
     heartbeatIntervalSec: body.heartbeatIntervalSec ?? null,
+    sessionResetMode: body.sessionResetMode ?? agent?.sessionResetMode ?? null,
+    sessionIdleTimeoutSec: body.sessionIdleTimeoutSec ?? agent?.sessionIdleTimeoutSec ?? null,
+    sessionMaxAgeSec: body.sessionMaxAgeSec ?? agent?.sessionMaxAgeSec ?? null,
+    sessionDailyResetAt: body.sessionDailyResetAt ?? agent?.sessionDailyResetAt ?? null,
+    sessionResetTimezone: body.sessionResetTimezone ?? agent?.sessionResetTimezone ?? null,
+    thinkingLevel: body.thinkingLevel ?? null,
+    connectorThinkLevel: body.connectorThinkLevel ?? null,
+    connectorSessionScope: body.connectorSessionScope ?? null,
+    connectorReplyMode: body.connectorReplyMode ?? null,
+    connectorThreadBinding: body.connectorThreadBinding ?? null,
+    connectorGroupPolicy: body.connectorGroupPolicy ?? null,
+    connectorIdleTimeoutSec: body.connectorIdleTimeoutSec ?? null,
+    connectorMaxAgeSec: body.connectorMaxAgeSec ?? null,
+    connectorContext: body.connectorContext ?? null,
+    identityState: body.identityState ?? agent?.identityState ?? null,
+    sessionArchiveState: body.sessionArchiveState ?? null,
   }
-  ensureMainSessionFlag(sessions[id])
   saveSessions(sessions)
   notify('sessions')
   return NextResponse.json(sessions[id])

package/src/app/api/connectors/[id]/doctor/route.ts

@@ -0,0 +1,26 @@
+import { NextResponse } from 'next/server'
+import { loadConnectors } from '@/lib/server/storage'
+import { notFound } from '@/lib/server/collection-helpers'
+import { buildConnectorDoctorPreview, buildConnectorDoctorReport, type ConnectorDoctorPreviewInput } from '@/lib/server/connectors/doctor'
+
+export const dynamic = 'force-dynamic'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const connectors = loadConnectors()
+  const connector = connectors[id]
+  if (!connector) return notFound()
+
+  return NextResponse.json(buildConnectorDoctorReport(connector, null, { baseConnector: connector }))
+}
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const connectors = loadConnectors()
+  const baseConnector = connectors[id]
+  if (!baseConnector) return notFound()
+
+  const body = await req.json().catch(() => ({})) as ConnectorDoctorPreviewInput
+  const connector = buildConnectorDoctorPreview({ baseConnector, input: body, fallbackId: id })
+  return NextResponse.json(buildConnectorDoctorReport(connector, body.sampleMsg, { baseConnector }))
+}