@swarmclawai/swarmclaw 0.7.1 → 0.7.3

package/src/lib/server/watch-jobs.ts

@@ -0,0 +1,532 @@
+import crypto from 'crypto'
+import fs from 'fs'
+import * as cheerio from 'cheerio'
+import { genId } from '@/lib/id'
+import type { MailboxEnvelope, WatchJob } from '@/types'
+import { requestHeartbeatNow } from './heartbeat-wake'
+import { enqueueSystemEvent } from './system-events'
+import { loadApprovals, loadTasks, loadWatchJobs, upsertWatchJob, upsertWatchJobs } from './storage'
+import { notify } from './ws-hub'
+import { fetchMailboxMessages, getMailboxHighwaterUid } from './mailbox-utils'
+
+export interface CreateWatchJobInput {
+  type: WatchJob['type']
+  sessionId?: string | null
+  agentId?: string | null
+  createdByAgentId?: string | null
+  browserProfileId?: string | null
+  description?: string | null
+  resumeMessage: string
+  target: Record<string, unknown>
+  condition: Record<string, unknown>
+  runAt?: number | null
+  intervalMs?: number | null
+  timeoutAt?: number | null
+}
+
+function now() {
+  return Date.now()
+}
+
+function hashContent(value: string): string {
+  return crypto.createHash('sha1').update(value).digest('hex')
+}
+
+function cleanHtmlToText(html: string): string {
+  const $ = cheerio.load(html)
+  $('script, style, noscript').remove()
+  return $('body').text().replace(/\s+/g, ' ').trim()
+}
+
+function matchesRegex(body: string, pattern: unknown): boolean {
+  if (typeof pattern !== 'string' || !pattern.trim()) return false
+  try {
+    return new RegExp(pattern, 'i').test(body)
+  } catch {
+    return false
+  }
+}
+
+function scheduleNextCheck(job: WatchJob, at = now()): WatchJob {
+  const intervalMs = typeof job.intervalMs === 'number' && job.intervalMs > 0 ? job.intervalMs : 60_000
+  return {
+    ...job,
+    nextCheckAt: at + intervalMs,
+    updatedAt: at,
+  }
+}
+
+function notifyWatchJobsChanged() {
+  notify('watch_jobs')
+}
+
+function finalizeWatchJob(job: WatchJob, status: WatchJob['status'], result?: Record<string, unknown> | null, error?: string | null): WatchJob {
+  const updated: WatchJob = {
+    ...job,
+    status,
+    result: result ?? job.result ?? null,
+    lastError: error ?? null,
+    lastTriggeredAt: status === 'triggered' ? now() : job.lastTriggeredAt ?? null,
+    updatedAt: now(),
+  }
+  upsertWatchJob(updated.id, updated)
+  notifyWatchJobsChanged()
+  return updated
+}
+
+function wakeFromWatch(job: WatchJob, result?: Record<string, unknown> | null) {
+  const summary = job.description || `Watch ${job.id}`
+  const detail = result ? JSON.stringify(result).slice(0, 1200) : ''
+  if (job.sessionId) {
+    enqueueSystemEvent(
+      job.sessionId,
+      `[Watch Triggered] ${summary}\n${job.resumeMessage}${detail ? `\n\nObserved:\n${detail}` : ''}`,
+    )
+    requestHeartbeatNow({ sessionId: job.sessionId, reason: 'watch_job' })
+  } else if (job.agentId) {
+    requestHeartbeatNow({ agentId: job.agentId, reason: 'watch_job' })
+  }
+}
+
+export async function createWatchJob(input: CreateWatchJobInput): Promise<WatchJob> {
+  if (input.type === 'time' && typeof input.runAt !== 'number') {
+    throw new Error('Time watches require runAt or delayMinutes.')
+  }
+  if ((input.type === 'http' || input.type === 'page') && typeof input.target?.url !== 'string') {
+    throw new Error(`${input.type} watches require a url target.`)
+  }
+  if (input.type === 'file' && typeof input.target?.path !== 'string') {
+    throw new Error('File watches require a path target.')
+  }
+  if (input.type === 'task' && typeof input.target?.taskId !== 'string') {
+    throw new Error('Task watches require a taskId target.')
+  }
+  if (input.type === 'webhook' && typeof input.target?.webhookId !== 'string') {
+    throw new Error('Webhook watches require a webhookId target.')
+  }
+  if (input.type === 'email' && typeof input.target?.folder !== 'string' && typeof input.target?.folder !== 'undefined') {
+    throw new Error('Email watches expect a string folder when provided.')
+  }
+  if (input.type === 'mailbox' && typeof input.target?.sessionId !== 'string') {
+    throw new Error('Mailbox watches require a sessionId target.')
+  }
+  if (input.type === 'approval' && typeof input.target?.approvalId !== 'string') {
+    throw new Error('Approval watches require an approvalId target.')
+  }
+  const createdAt = now()
+  const job: WatchJob = {
+    id: genId(10),
+    type: input.type,
+    status: 'active',
+    description: input.description || null,
+    sessionId: input.sessionId || null,
+    agentId: input.agentId || null,
+    createdByAgentId: input.createdByAgentId || null,
+    browserProfileId: input.browserProfileId || null,
+    resumeMessage: input.resumeMessage,
+    target: { ...(input.target || {}) },
+    condition: { ...(input.condition || {}) },
+    runAt: input.runAt ?? null,
+    nextCheckAt: input.runAt ?? createdAt,
+    intervalMs: input.intervalMs ?? (input.type === 'time' ? null : 60_000),
+    timeoutAt: input.timeoutAt ?? null,
+    lastCheckedAt: null,
+    lastTriggeredAt: null,
+    lastError: null,
+    result: null,
+    createdAt,
+    updatedAt: createdAt,
+  }
+
+  // Capture initial baselines for change watches.
+  if ((job.type === 'http' || job.type === 'page') && typeof job.target.url === 'string' && job.condition.changed === true) {
+    try {
+      const res = await fetch(job.target.url, { signal: AbortSignal.timeout(15_000) })
+      if (res.ok) {
+        const text = job.type === 'page'
+          ? cleanHtmlToText(await res.text())
+          : await res.text()
+        job.target = { ...job.target, baselineHash: hashContent(text) }
+      }
+    } catch {
+      // Baseline creation is best-effort; the watch can still run later.
+    }
+  }
+
+  if (job.type === 'file' && typeof job.target.path === 'string' && job.condition.changed === true) {
+    try {
+      if (fs.existsSync(job.target.path)) {
+        const text = fs.readFileSync(job.target.path, 'utf8')
+        job.target = { ...job.target, baselineHash: hashContent(text) }
+      }
+    } catch {
+      // Best-effort baseline only.
+    }
+  }
+
+  if (job.type === 'email') {
+    try {
+      const baselineUid = await getMailboxHighwaterUid(undefined, typeof job.target.folder === 'string' ? job.target.folder : undefined)
+      job.target = {
+        ...job.target,
+        baselineUid,
+      }
+    } catch {
+      // best-effort baseline only
+    }
+  }
+
+  upsertWatchJob(job.id, job)
+  notifyWatchJobsChanged()
+  return job
+}
+
+export function cancelWatchJob(id: string): WatchJob | null {
+  const all = loadWatchJobs()
+  const current = all[id]
+  if (!current || typeof current !== 'object') return null
+  return finalizeWatchJob(current as WatchJob, 'cancelled', null, null)
+}
+
+export function getWatchJob(id: string): WatchJob | null {
+  const all = loadWatchJobs()
+  const current = all[id]
+  if (!current || typeof current !== 'object') return null
+  return current as WatchJob
+}
+
+export function listWatchJobs(filter?: { sessionId?: string | null; status?: WatchJob['status'] | null }): WatchJob[] {
+  return Object.values(loadWatchJobs())
+    .filter((job): job is WatchJob => !!job && typeof job === 'object')
+    .filter((job) => !filter?.sessionId || job.sessionId === filter.sessionId)
+    .filter((job) => !filter?.status || job.status === filter.status)
+    .sort((a, b) => (b.updatedAt || 0) - (a.updatedAt || 0))
+}
+
+async function evaluateHttpLikeJob(job: WatchJob, asPage: boolean): Promise<{ triggered: boolean; result: Record<string, unknown> }> {
+  const url = typeof job.target.url === 'string' ? job.target.url : ''
+  if (!url) return { triggered: false, result: { error: 'Missing url' } }
+  const startedAt = Date.now()
+  const res = await fetch(url, { signal: AbortSignal.timeout(15_000) })
+  const latencyMs = Date.now() - startedAt
+  const raw = await res.text()
+  const body = asPage ? cleanHtmlToText(raw) : raw
+  const bodyHash = hashContent(body)
+  const containsText = typeof job.condition.containsText === 'string' ? job.condition.containsText : ''
+  const textGone = typeof job.condition.textGone === 'string' ? job.condition.textGone : ''
+  const statusEquals = typeof job.condition.status === 'number' ? job.condition.status : null
+  const statusIn = Array.isArray(job.condition.statusIn)
+    ? job.condition.statusIn.filter((value): value is number => typeof value === 'number')
+    : []
+  const changed = job.condition.changed === true
+  const latencyThreshold = typeof job.condition.threshold === 'number' ? job.condition.threshold : null
+  const baselineHash = typeof job.target.baselineHash === 'string' ? job.target.baselineHash : ''
+  const regexMatched = matchesRegex(body, job.condition.regex)
+  const triggered =
+    (statusEquals !== null && res.status === statusEquals)
+    || (statusIn.length > 0 && statusIn.includes(res.status))
+    || (!!containsText && body.includes(containsText))
+    || (!!textGone && !body.includes(textGone))
+    || regexMatched
+    || (!!changed && !!baselineHash && baselineHash !== bodyHash)
+    || (latencyThreshold !== null && latencyMs >= latencyThreshold)
+  return {
+    triggered,
+    result: {
+      url,
+      status: res.status,
+      latencyMs,
+      containsText: containsText || undefined,
+      regex: typeof job.condition.regex === 'string' ? job.condition.regex : undefined,
+      changed: changed || undefined,
+      bodyHash,
+      preview: body.slice(0, 1200),
+    },
+  }
+}
+
+function evaluateFileJob(job: WatchJob): { triggered: boolean; result: Record<string, unknown> } {
+  const targetPath = typeof job.target.path === 'string' ? job.target.path : ''
+  if (!targetPath) return { triggered: false, result: { error: 'Missing path' } }
+  const exists = fs.existsSync(targetPath)
+  const expectExists = job.condition.exists !== false
+  const containsText = typeof job.condition.containsText === 'string' ? job.condition.containsText : ''
+  const changed = job.condition.changed === true
+  let text = ''
+  let bodyHash = ''
+  try {
+    if (exists) {
+      text = fs.readFileSync(targetPath, 'utf8')
+      bodyHash = hashContent(text)
+    }
+  } catch {
+    text = ''
+  }
+  const baselineHash = typeof job.target.baselineHash === 'string' ? job.target.baselineHash : ''
+  const triggered =
+    exists === expectExists
+    && (!containsText || text.includes(containsText))
+    && (!job.condition.regex || matchesRegex(text, job.condition.regex))
+    && (!changed || (!!baselineHash && baselineHash !== bodyHash))
+  return {
+    triggered,
+    result: {
+      path: targetPath,
+      exists,
+      regex: typeof job.condition.regex === 'string' ? job.condition.regex : undefined,
+      bodyHash: bodyHash || undefined,
+      preview: text.slice(0, 1200),
+    },
+  }
+}
+
+function evaluateTaskJob(job: WatchJob): { triggered: boolean; result: Record<string, unknown> } {
+  const taskId = typeof job.target.taskId === 'string' ? job.target.taskId : ''
+  if (!taskId) return { triggered: false, result: { error: 'Missing taskId' } }
+  const tasks = loadTasks()
+  const task = tasks[taskId] as Record<string, unknown> | undefined
+  const statuses = Array.isArray(job.condition.statusIn)
+    ? job.condition.statusIn.filter((value): value is string => typeof value === 'string')
+    : ['completed', 'failed']
+  const currentStatus = typeof task?.status === 'string' ? task.status : 'missing'
+  return {
+    triggered: statuses.includes(currentStatus),
+    result: {
+      taskId,
+      status: currentStatus,
+      title: typeof task?.title === 'string' ? task.title : null,
+      result: typeof task?.result === 'string' ? task.result.slice(0, 1000) : null,
+      error: typeof task?.error === 'string' ? task.error : null,
+    },
+  }
+}
+
+async function evaluateWatchJob(job: WatchJob): Promise<{ triggered: boolean; result: Record<string, unknown> }> {
+  if (job.type === 'time') {
+    const runAt = typeof job.runAt === 'number' ? job.runAt : 0
+    return { triggered: runAt > 0 && runAt <= now(), result: { runAt } }
+  }
+  if (job.type === 'http') return evaluateHttpLikeJob(job, false)
+  if (job.type === 'page') return evaluateHttpLikeJob(job, true)
+  if (job.type === 'file') return evaluateFileJob(job)
+  if (job.type === 'task') return evaluateTaskJob(job)
+  if (job.type === 'email') {
+    const folder = typeof job.target.folder === 'string' ? job.target.folder : undefined
+    const messages = await fetchMailboxMessages({
+      folder,
+      from: typeof job.condition.from === 'string' ? job.condition.from : undefined,
+      subjectContains: typeof job.condition.subjectContains === 'string' ? job.condition.subjectContains : undefined,
+      bodyContains: typeof job.condition.containsText === 'string' ? job.condition.containsText : undefined,
+      query: typeof job.condition.query === 'string' ? job.condition.query : undefined,
+      unreadOnly: job.condition.unreadOnly === true,
+      hasAttachments: job.condition.hasAttachments === true,
+      uidGreaterThan: typeof job.target.baselineUid === 'number' ? job.target.baselineUid : undefined,
+      limit: 20,
+    })
+    const match = messages[0]
+    return {
+      triggered: !!match,
+      result: match
+        ? {
+            uid: match.uid,
+            from: match.from,
+            subject: match.subject,
+            snippet: match.snippet,
+            attachmentCount: match.attachments.length,
+            messageId: match.messageId,
+          }
+        : {
+            folder: folder || 'INBOX',
+            baselineUid: typeof job.target.baselineUid === 'number' ? job.target.baselineUid : null,
+          },
+    }
+  }
+  return { triggered: false, result: { note: 'Webhook waits are triggered by inbound webhook delivery.' } }
+}
+
+export async function processDueWatchJobs(timestamp = now()): Promise<{ checked: number; triggered: number; failed: number }> {
+  const all = listWatchJobs({ status: 'active' })
+  let checked = 0
+  let triggered = 0
+  let failed = 0
+  const updates: Array<[string, WatchJob]> = []
+
+  for (const job of all) {
+    if (typeof job.timeoutAt === 'number' && job.timeoutAt > 0 && job.timeoutAt <= timestamp) {
+      failed += 1
+      updates.push([job.id, {
+        ...job,
+        status: 'failed',
+        lastError: 'Watch timed out before condition was met.',
+        updatedAt: timestamp,
+      }])
+      continue
+    }
+    if (typeof job.nextCheckAt === 'number' && job.nextCheckAt > timestamp) continue
+    if (job.type === 'webhook' || job.type === 'mailbox' || job.type === 'approval') continue
+
+    checked += 1
+    try {
+      const evaluation = await evaluateWatchJob(job)
+      if (evaluation.triggered) {
+        triggered += 1
+        const completed = {
+          ...job,
+          status: 'triggered' as const,
+          result: evaluation.result,
+          lastError: null,
+          lastCheckedAt: timestamp,
+          lastTriggeredAt: timestamp,
+          updatedAt: timestamp,
+        }
+        updates.push([job.id, completed])
+        wakeFromWatch(completed, evaluation.result)
+      } else {
+        updates.push([job.id, scheduleNextCheck({
+          ...job,
+          lastCheckedAt: timestamp,
+          result: evaluation.result,
+        }, timestamp)])
+      }
+    } catch (err: unknown) {
+      failed += 1
+      updates.push([job.id, scheduleNextCheck({
+        ...job,
+        lastCheckedAt: timestamp,
+        lastError: err instanceof Error ? err.message : String(err),
+      }, timestamp)])
+    }
+  }
+
+  if (updates.length > 0) {
+    upsertWatchJobs(updates)
+    notifyWatchJobsChanged()
+  }
+
+  return { checked, triggered, failed }
+}
+
+export function triggerWebhookWatchJobs(params: {
+  webhookId: string
+  event: string
+  payloadPreview?: string
+}): WatchJob[] {
+  const matches = listWatchJobs({ status: 'active' }).filter((job) => {
+    if (job.type !== 'webhook') return false
+    const watchWebhookId = typeof job.target.webhookId === 'string' ? job.target.webhookId : ''
+    if (watchWebhookId !== params.webhookId) return false
+    const expectedEvent = typeof job.condition.event === 'string' ? job.condition.event.trim() : ''
+    return !expectedEvent || expectedEvent === params.event
+  })
+
+  const updated = matches.map((job) => {
+    const next: WatchJob = {
+      ...job,
+      status: 'triggered',
+      result: {
+        webhookId: params.webhookId,
+        event: params.event,
+        payloadPreview: params.payloadPreview?.slice(0, 1200) || '',
+      },
+      lastTriggeredAt: now(),
+      updatedAt: now(),
+    }
+    wakeFromWatch(next, next.result || null)
+    return [next.id, next] as [string, WatchJob]
+  })
+
+  if (updated.length > 0) {
+    upsertWatchJobs(updated)
+    notifyWatchJobsChanged()
+  }
+
+  return updated.map(([, job]) => job)
+}
+
+export function triggerMailboxWatchJobs(params: {
+  sessionId: string
+  envelope: MailboxEnvelope
+}): WatchJob[] {
+  const matches = listWatchJobs({ status: 'active' }).filter((job) => {
+    if (job.type !== 'mailbox') return false
+    const targetSessionId = typeof job.target.sessionId === 'string' ? job.target.sessionId : ''
+    if (targetSessionId !== params.sessionId) return false
+    const expectedType = typeof job.condition.type === 'string' ? job.condition.type.trim() : ''
+    const correlationId = typeof job.condition.correlationId === 'string' ? job.condition.correlationId.trim() : ''
+    const fromSessionId = typeof job.condition.fromSessionId === 'string' ? job.condition.fromSessionId.trim() : ''
+    const payloadContains = typeof job.condition.containsText === 'string' ? job.condition.containsText.trim() : ''
+    if (expectedType && params.envelope.type !== expectedType) return false
+    if (correlationId && params.envelope.correlationId !== correlationId) return false
+    if (fromSessionId && params.envelope.fromSessionId !== fromSessionId) return false
+    if (payloadContains && !params.envelope.payload.includes(payloadContains)) return false
+    return true
+  })
+
+  const updated = matches.map((job) => {
+    const next: WatchJob = {
+      ...job,
+      status: 'triggered',
+      result: {
+        envelopeId: params.envelope.id,
+        type: params.envelope.type,
+        correlationId: params.envelope.correlationId || null,
+        payload: params.envelope.payload.slice(0, 1200),
+        fromSessionId: params.envelope.fromSessionId || null,
+      },
+      lastTriggeredAt: now(),
+      updatedAt: now(),
+    }
+    wakeFromWatch(next, next.result || null)
+    return [next.id, next] as [string, WatchJob]
+  })
+
+  if (updated.length > 0) {
+    upsertWatchJobs(updated)
+    notifyWatchJobsChanged()
+  }
+
+  return updated.map(([, job]) => job)
+}
+
+export function triggerApprovalWatchJobs(params: {
+  approvalId: string
+  status: 'approved' | 'rejected'
+  title?: string
+  description?: string
+}): WatchJob[] {
+  const approvals = loadApprovals()
+  const approval = approvals[params.approvalId] as Record<string, unknown> | undefined
+  const matches = listWatchJobs({ status: 'active' }).filter((job) => {
+    if (job.type !== 'approval') return false
+    const targetApprovalId = typeof job.target.approvalId === 'string' ? job.target.approvalId : ''
+    if (targetApprovalId !== params.approvalId) return false
+    const statuses = Array.isArray(job.condition.statusIn)
+      ? job.condition.statusIn.filter((value): value is string => typeof value === 'string')
+      : ['approved']
+    return statuses.includes(params.status)
+  })
+
+  const updated = matches.map((job) => {
+    const next: WatchJob = {
+      ...job,
+      status: 'triggered',
+      result: {
+        approvalId: params.approvalId,
+        status: params.status,
+        title: params.title || (typeof approval?.title === 'string' ? approval.title : null),
+        description: params.description || (typeof approval?.description === 'string' ? approval.description : null),
+      },
+      lastTriggeredAt: now(),
+      updatedAt: now(),
+    }
+    wakeFromWatch(next, next.result || null)
+    return [next.id, next] as [string, WatchJob]
+  })
+
+  if (updated.length > 0) {
+    upsertWatchJobs(updated)
+    notifyWatchJobsChanged()
+  }
+
+  return updated.map(([, job]) => job)
+}

package/src/lib/server/ws-hub.ts

@@ -1,6 +1,7 @@
 import { WebSocketServer, WebSocket } from 'ws'
 import type { IncomingMessage } from 'http'
 import { validateAccessKey } from './storage'
+import { AUTH_COOKIE_NAME, getCookieValue } from '@/lib/auth'
 
 interface WsClient {
   ws: WebSocket
@@ -29,9 +30,10 @@ export function initWsServer() {
   ;(globalThis as any)[GK] = hub
 
   wss.on('connection', (ws: WebSocket, req: IncomingMessage) => {
-    // Auth: validate ?key= from upgrade URL
-    const url = new URL(req.url || '/', `http://${req.headers.host || 'localhost'}`)
-    const key = url.searchParams.get('key') || ''
+    const headerKey = req.headers['x-access-key']
+    const key = (Array.isArray(headerKey) ? headerKey[0] : headerKey)
+      || getCookieValue(req.headers.cookie, AUTH_COOKIE_NAME)
+      || ''
     if (!validateAccessKey(key)) {
       ws.close(4001, 'Unauthorized')
       return

package/src/lib/tool-definitions.ts

@@ -25,6 +25,10 @@ export const AVAILABLE_TOOLS: ToolDefinition[] = [
   { id: 'monitor', label: 'Monitor', description: 'System observability: check resource usage, watch logs, and ping endpoints' },
   { id: 'plugin_creator', label: 'Plugin Creator', description: 'Design, write, and test custom SwarmClaw plugins dynamically' },
   { id: 'sample_ui', label: 'Sample UI', description: 'Demonstration of dynamic UI injection into Sidebar and Chat Header' },
+  { id: 'image_gen', label: 'Image Generation', description: 'Generate images from text prompts using OpenAI, Stability AI, Replicate, fal.ai, and more' },
+  { id: 'email', label: 'Email', description: 'Send emails via SMTP with plain text and HTML support' },
+  { id: 'calendar', label: 'Calendar', description: 'Manage Google Calendar or Outlook events — list, create, update, delete' },
+  { id: 'replicate', label: 'Replicate', description: 'Run any AI model on Replicate — image generation, LLMs, audio, video, and more' },
 ]
 
 /**

package/src/lib/validation/schemas.test.ts

@@ -0,0 +1,26 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import { AgentCreateSchema } from './schemas'
+
+describe('AgentCreateSchema', () => {
+  it('defaults platformAssignScope to self', () => {
+    const parsed = AgentCreateSchema.parse({
+      name: 'Solo Agent',
+      provider: 'openai',
+    })
+
+    assert.equal(parsed.platformAssignScope, 'self')
+  })
+
+  it('accepts explicit all-scope delegation without relying on legacy orchestrator flags', () => {
+    const parsed = AgentCreateSchema.parse({
+      name: 'Coordinator',
+      provider: 'openai',
+      platformAssignScope: 'all',
+      isOrchestrator: false,
+    })
+
+    assert.equal(parsed.platformAssignScope, 'all')
+    assert.equal(parsed.isOrchestrator, false)
+  })
+})

package/src/lib/validation/schemas.ts

@@ -9,11 +9,20 @@ export const AgentCreateSchema = z.object({
   credentialId: z.string().nullable().optional().default(null),
   apiEndpoint: z.string().nullable().optional().default(null),
   isOrchestrator: z.boolean().optional().default(false),
+  platformAssignScope: z.enum(['self', 'all']).optional().default('self'),
   subAgentIds: z.array(z.string()).optional().default([]),
-  tools: z.array(z.string()).optional().default([]),
+  plugins: z.array(z.string()).optional().default([]),
+  /** @deprecated Use plugins */
+  tools: z.array(z.string()).optional(),
   capabilities: z.array(z.string()).optional().default([]),
   thinkingLevel: z.string().optional(),
   soul: z.string().optional(),
+  identityState: z.record(z.string(), z.unknown()).nullable().optional().default(null),
+  sessionResetMode: z.enum(['idle', 'daily']).nullable().optional().default(null),
+  sessionIdleTimeoutSec: z.number().int().nonnegative().nullable().optional().default(null),
+  sessionMaxAgeSec: z.number().int().nonnegative().nullable().optional().default(null),
+  sessionDailyResetAt: z.string().nullable().optional().default(null),
+  sessionResetTimezone: z.string().nullable().optional().default(null),
   autoRecovery: z.boolean().optional().default(false),
   monthlyBudget: z.number().positive().nullable().optional().default(null),
   dailyBudget: z.number().positive().nullable().optional().default(null),

package/src/lib/ws-client.ts

@@ -1,15 +1,15 @@
 type WsCallback = () => void
 
 let ws: WebSocket | null = null
-let accessKey = ''
+let wsEnabled = false
 let reconnectTimer: ReturnType<typeof setTimeout> | null = null
 let reconnectDelay = 1000
 const MAX_RECONNECT_DELAY = 30_000
 const listeners = new Map<string, Set<WsCallback>>()
 let connected = false
 
-function getWsUrl(key: string): string {
-  if (typeof window === 'undefined') return `ws://localhost:3457/ws?key=${encodeURIComponent(key)}`
+function getWsUrl(): string {
+  if (typeof window === 'undefined') return 'ws://localhost:3457/ws'
 
   const protocol = window.location.protocol === 'https:' ? 'wss' : 'ws'
   const pagePort = window.location.port
@@ -22,7 +22,7 @@ function getWsUrl(key: string): string {
   const behindProxy = !pagePort || pagePort === '80' || pagePort === '443' || pagePort !== appPort
   const wsHost = behindProxy ? window.location.host : `${window.location.hostname}:${buildPort}`
 
-  return `${protocol}://${wsHost}/ws?key=${encodeURIComponent(key)}`
+  return `${protocol}://${wsHost}/ws`
 }
 
 function handleMessage(event: MessageEvent) {
@@ -44,17 +44,18 @@ function scheduleReconnect() {
   const jitter = Math.random() * 2000
   reconnectTimer = setTimeout(() => {
     reconnectTimer = null
-    if (!accessKey) return
-    connect(accessKey)
+    if (!wsEnabled) return
+    connect()
   }, reconnectDelay + jitter)
   reconnectDelay = Math.min(reconnectDelay * 2, MAX_RECONNECT_DELAY)
 }
 
-function connect(key: string) {
+function connect() {
+  if (!wsEnabled) return
   if (ws && (ws.readyState === WebSocket.OPEN || ws.readyState === WebSocket.CONNECTING)) return
 
   try {
-    ws = new WebSocket(getWsUrl(key))
+    ws = new WebSocket(getWsUrl())
   } catch {
     scheduleReconnect()
     return
@@ -75,7 +76,7 @@ function connect(key: string) {
   ws.onclose = () => {
     connected = false
     ws = null
-    if (accessKey) scheduleReconnect()
+    if (wsEnabled) scheduleReconnect()
   }
 
   ws.onerror = () => {
@@ -84,13 +85,14 @@ function connect(key: string) {
 }
 
 export function connectWs(key: string) {
-  accessKey = key
+  void key
+  wsEnabled = true
   reconnectDelay = 1000
-  connect(key)
+  connect()
 }
 
 export function disconnectWs() {
-  accessKey = ''
+  wsEnabled = false
   if (reconnectTimer) {
     clearTimeout(reconnectTimer)
     reconnectTimer = null