@swarmclawai/swarmclaw 0.7.2 → 0.7.3

package/src/app/api/chats/[id]/messages/route.ts

@@ -1,17 +1,26 @@
 import { NextResponse } from 'next/server'
-import { loadSessions, saveSessions } from '@/lib/server/storage'
+import { active, loadStoredItem, upsertStoredItem } from '@/lib/server/storage'
 import { notFound } from '@/lib/server/collection-helpers'
+import { getSessionRunState } from '@/lib/server/session-run-manager'
+import { pruneStreamingAssistantArtifacts } from '@/lib/chat-streaming-state'
 
 export async function GET(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const sessions = loadSessions()
-  if (!sessions[id]) return notFound()
+  const session = loadStoredItem('sessions', id)
+  if (!session) return notFound()
+  session.messages = Array.isArray(session.messages) ? session.messages : []
+
+  const run = getSessionRunState(id)
+  const hasLiveRun = active.has(id) || !!run.runningRunId
+  if (!hasLiveRun && pruneStreamingAssistantArtifacts(session.messages)) {
+    upsertStoredItem('sessions', id, session)
+  }
 
   const url = new URL(req.url)
   const limitParam = url.searchParams.get('limit')
   const beforeParam = url.searchParams.get('before')
 
-  const allMessages = sessions[id].messages
+  const allMessages = Array.isArray(session.messages) ? session.messages : []
   const total = allMessages.length
 
   // If no limit param, return all messages (backward compatible)
@@ -41,8 +50,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   if (body.kind !== 'context-clear') {
     return NextResponse.json({ error: 'Only context-clear kind is supported' }, { status: 400 })
   }
-  const sessions = loadSessions()
-  const session = sessions[id]
+  const session = loadStoredItem('sessions', id)
   if (!session) return notFound()
 
   session.messages.push({
@@ -51,15 +59,14 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
     kind: 'context-clear',
     time: Date.now(),
   })
-  saveSessions(sessions)
+  upsertStoredItem('sessions', id, session)
   return NextResponse.json({ ok: true })
 }
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const body = await req.json() as { messageIndex: number; bookmarked: boolean }
-  const sessions = loadSessions()
-  const session = sessions[id]
+  const session = loadStoredItem('sessions', id)
   if (!session) return notFound()
 
   const { messageIndex, bookmarked } = body
@@ -68,15 +75,14 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   }
 
   session.messages[messageIndex].bookmarked = bookmarked
-  saveSessions(sessions)
+  upsertStoredItem('sessions', id, session)
   return NextResponse.json(session.messages[messageIndex])
 }
 
 export async function DELETE(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const body = await req.json() as { messageIndex: number }
-  const sessions = loadSessions()
-  const session = sessions[id]
+  const session = loadStoredItem('sessions', id)
   if (!session) return notFound()
 
   const { messageIndex } = body
@@ -90,6 +96,6 @@ export async function DELETE(req: Request, { params }: { params: Promise<{ id: s
   }
 
   session.messages.splice(messageIndex, 1)
-  saveSessions(sessions)
+  upsertStoredItem('sessions', id, session)
   return NextResponse.json({ ok: true })
 }

package/src/app/api/chats/[id]/route.ts

@@ -45,6 +45,24 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   }
   if (updates.heartbeatEnabled !== undefined) sessions[id].heartbeatEnabled = updates.heartbeatEnabled
   if (updates.heartbeatIntervalSec !== undefined) sessions[id].heartbeatIntervalSec = updates.heartbeatIntervalSec
+  if (updates.sessionResetMode !== undefined) sessions[id].sessionResetMode = updates.sessionResetMode
+  if (updates.sessionIdleTimeoutSec !== undefined) sessions[id].sessionIdleTimeoutSec = updates.sessionIdleTimeoutSec
+  if (updates.sessionMaxAgeSec !== undefined) sessions[id].sessionMaxAgeSec = updates.sessionMaxAgeSec
+  if (updates.sessionDailyResetAt !== undefined) sessions[id].sessionDailyResetAt = updates.sessionDailyResetAt
+  if (updates.sessionResetTimezone !== undefined) sessions[id].sessionResetTimezone = updates.sessionResetTimezone
+  if (updates.thinkingLevel !== undefined) sessions[id].thinkingLevel = updates.thinkingLevel
+  if (updates.connectorThinkLevel !== undefined) sessions[id].connectorThinkLevel = updates.connectorThinkLevel
+  if (updates.connectorSessionScope !== undefined) sessions[id].connectorSessionScope = updates.connectorSessionScope
+  if (updates.connectorReplyMode !== undefined) sessions[id].connectorReplyMode = updates.connectorReplyMode
+  if (updates.connectorThreadBinding !== undefined) sessions[id].connectorThreadBinding = updates.connectorThreadBinding
+  if (updates.connectorGroupPolicy !== undefined) sessions[id].connectorGroupPolicy = updates.connectorGroupPolicy
+  if (updates.connectorIdleTimeoutSec !== undefined) sessions[id].connectorIdleTimeoutSec = updates.connectorIdleTimeoutSec
+  if (updates.connectorMaxAgeSec !== undefined) sessions[id].connectorMaxAgeSec = updates.connectorMaxAgeSec
+  if (updates.connectorContext !== undefined) sessions[id].connectorContext = updates.connectorContext
+  if (updates.identityState !== undefined) sessions[id].identityState = updates.identityState
+  if (updates.sessionArchiveState !== undefined) sessions[id].sessionArchiveState = updates.sessionArchiveState
+  if (updates.lastSessionResetAt !== undefined) sessions[id].lastSessionResetAt = updates.lastSessionResetAt
+  if (updates.lastSessionResetReason !== undefined) sessions[id].lastSessionResetReason = updates.lastSessionResetReason
   if (updates.pinned !== undefined) sessions[id].pinned = !!updates.pinned
   if (updates.claudeSessionId !== undefined) sessions[id].claudeSessionId = updates.claudeSessionId
   if (updates.codexThreadId !== undefined) sessions[id].codexThreadId = updates.codexThreadId

package/src/app/api/chats/[id]/stop/route.ts

@@ -1,10 +1,15 @@
 import { NextResponse } from 'next/server'
-import { active } from '@/lib/server/storage'
+import { pruneStreamingAssistantArtifacts } from '@/lib/chat-streaming-state'
+import { active, loadStoredItem, upsertStoredItem } from '@/lib/server/storage'
 import { cancelSessionRuns } from '@/lib/server/session-run-manager'
 
 export async function POST(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const cancel = cancelSessionRuns(id, 'Stopped by user')
+  const session = loadStoredItem('sessions', id)
+  if (session && Array.isArray(session.messages) && pruneStreamingAssistantArtifacts(session.messages)) {
+    upsertStoredItem('sessions', id, session)
+  }
   if (active.has(id)) {
     try { active.get(id).kill() } catch {}
     active.delete(id)

package/src/app/api/chats/route.ts

@@ -96,6 +96,22 @@ export async function POST(req: Request) {
     plugins: resolvedPlugins,
     heartbeatEnabled: body.heartbeatEnabled ?? null,
     heartbeatIntervalSec: body.heartbeatIntervalSec ?? null,
+    sessionResetMode: body.sessionResetMode ?? agent?.sessionResetMode ?? null,
+    sessionIdleTimeoutSec: body.sessionIdleTimeoutSec ?? agent?.sessionIdleTimeoutSec ?? null,
+    sessionMaxAgeSec: body.sessionMaxAgeSec ?? agent?.sessionMaxAgeSec ?? null,
+    sessionDailyResetAt: body.sessionDailyResetAt ?? agent?.sessionDailyResetAt ?? null,
+    sessionResetTimezone: body.sessionResetTimezone ?? agent?.sessionResetTimezone ?? null,
+    thinkingLevel: body.thinkingLevel ?? null,
+    connectorThinkLevel: body.connectorThinkLevel ?? null,
+    connectorSessionScope: body.connectorSessionScope ?? null,
+    connectorReplyMode: body.connectorReplyMode ?? null,
+    connectorThreadBinding: body.connectorThreadBinding ?? null,
+    connectorGroupPolicy: body.connectorGroupPolicy ?? null,
+    connectorIdleTimeoutSec: body.connectorIdleTimeoutSec ?? null,
+    connectorMaxAgeSec: body.connectorMaxAgeSec ?? null,
+    connectorContext: body.connectorContext ?? null,
+    identityState: body.identityState ?? agent?.identityState ?? null,
+    sessionArchiveState: body.sessionArchiveState ?? null,
   }
   saveSessions(sessions)
   notify('sessions')

package/src/app/api/connectors/[id]/doctor/route.ts

@@ -0,0 +1,26 @@
+import { NextResponse } from 'next/server'
+import { loadConnectors } from '@/lib/server/storage'
+import { notFound } from '@/lib/server/collection-helpers'
+import { buildConnectorDoctorPreview, buildConnectorDoctorReport, type ConnectorDoctorPreviewInput } from '@/lib/server/connectors/doctor'
+
+export const dynamic = 'force-dynamic'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const connectors = loadConnectors()
+  const connector = connectors[id]
+  if (!connector) return notFound()
+
+  return NextResponse.json(buildConnectorDoctorReport(connector, null, { baseConnector: connector }))
+}
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const connectors = loadConnectors()
+  const baseConnector = connectors[id]
+  if (!baseConnector) return notFound()
+
+  const body = await req.json().catch(() => ({})) as ConnectorDoctorPreviewInput
+  const connector = buildConnectorDoctorPreview({ baseConnector, input: body, fallbackId: id })
+  return NextResponse.json(buildConnectorDoctorReport(connector, body.sampleMsg, { baseConnector }))
+}

package/src/app/api/connectors/doctor/route.ts

@@ -0,0 +1,13 @@
+import { NextResponse } from 'next/server'
+import { buildConnectorDoctorPreview, buildConnectorDoctorReport, type ConnectorDoctorPreviewInput } from '@/lib/server/connectors/doctor'
+import { loadConnectors } from '@/lib/server/storage'
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(req: Request) {
+  const body = await req.json().catch(() => ({})) as ConnectorDoctorPreviewInput
+  const connectors = loadConnectors()
+  const baseConnector = typeof body.id === 'string' ? connectors[body.id] : null
+  const connector = buildConnectorDoctorPreview({ baseConnector, input: body })
+  return NextResponse.json(buildConnectorDoctorReport(connector, body.sampleMsg, { baseConnector }))
+}

package/src/app/api/files/open/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import { exec } from 'child_process'
+import { spawn } from 'child_process'
 import fs from 'fs'
 import path from 'path'
 
@@ -19,25 +19,27 @@ export async function POST(req: Request) {
   const isDir = fs.statSync(resolved).isDirectory()
   const platform = process.platform
 
-  // Determine the command to reveal in the OS file manager
-  let cmd: string
+  let command: string
+  let args: string[]
   if (platform === 'darwin') {
-    // macOS: -R reveals in Finder (selects the item), for dirs just open the dir
-    cmd = isDir ? `open "${resolved}"` : `open -R "${resolved}"`
+    command = 'open'
+    args = isDir ? [resolved] : ['-R', resolved]
   } else if (platform === 'win32') {
-    cmd = isDir ? `explorer "${resolved}"` : `explorer /select,"${resolved}"`
+    command = 'explorer'
+    args = isDir ? [resolved] : [`/select,${resolved}`]
   } else {
-    // Linux: xdg-open on the directory containing the file
-    cmd = `xdg-open "${isDir ? resolved : path.dirname(resolved)}"`
+    command = 'xdg-open'
+    args = [isDir ? resolved : path.dirname(resolved)]
   }
 
   return new Promise<NextResponse>((resolve) => {
-    exec(cmd, (err) => {
-      if (err) {
-        resolve(NextResponse.json({ error: err.message }, { status: 500 }))
-      } else {
-        resolve(NextResponse.json({ ok: true }))
-      }
+    const child = spawn(command, args, { stdio: 'ignore' })
+    child.once('error', (err) => {
+      resolve(NextResponse.json({ error: err.message }, { status: 500 }))
+    })
+    child.once('spawn', () => {
+      child.unref()
+      resolve(NextResponse.json({ ok: true }))
     })
   })
 }

package/src/app/api/memory/maintenance/route.ts

@@ -1,6 +1,9 @@
 import { NextResponse } from 'next/server'
+import path from 'path'
 import { getMemoryDb } from '@/lib/server/memory-db'
 import { loadSettings } from '@/lib/server/storage'
+import { syncAllSessionArchiveMemories } from '@/lib/server/session-archive-memory'
+import { DATA_DIR } from '@/lib/server/data-dir'
 
 function parseBool(value: unknown, fallback: boolean): boolean {
   if (typeof value === 'boolean') return value
@@ -33,10 +36,13 @@ export async function GET(req: Request) {
     24 * 365,
   )
   const analyzed = db.analyzeMaintenance(ttlHours)
+  const archiveSync = syncAllSessionArchiveMemories()
   return NextResponse.json({
     ok: true,
     ttlHours,
     analyzed,
+    archiveSync,
+    archiveExportDir: path.join(DATA_DIR, 'session-archives'),
   })
 }
 
@@ -46,6 +52,9 @@ export async function POST(req: Request) {
   const db = getMemoryDb()
   const ttlHours = parseIntBounded(body?.ttlHours ?? settings.memoryWorkingTtlHours, 24, 1, 24 * 365)
   const maxDeletes = parseIntBounded(body?.maxDeletes, 500, 1, 20_000)
+  const archiveSync = body?.syncArchives === false
+    ? { synced: 0, skipped: 0, sessionIds: [] }
+    : syncAllSessionArchiveMemories()
   const result = db.maintain({
     ttlHours,
     maxDeletes,
@@ -57,7 +66,8 @@ export async function POST(req: Request) {
     ok: true,
     ttlHours,
     maxDeletes,
+    archiveSync,
+    archiveExportDir: path.join(DATA_DIR, 'session-archives'),
     ...result,
   })
 }
-

package/src/app/api/openclaw/agent-files/route.ts

@@ -1,5 +1,6 @@
 import { NextResponse } from 'next/server'
 import { ensureGatewayConnected } from '@/lib/server/openclaw-gateway'
+import { resolveOpenClawGatewayAgentId } from '@/lib/server/openclaw-agent-resolver'
 
 const AGENT_FILES = ['SOUL.md', 'IDENTITY.md', 'USER.md', 'TOOLS.md', 'HEARTBEAT.md', 'MEMORY.md', 'AGENTS.md'] as const
 
@@ -16,12 +17,24 @@ export async function GET(req: Request) {
     return NextResponse.json({ error: 'OpenClaw gateway not connected' }, { status: 503 })
   }
 
+  let gatewayAgentId: string
+  try {
+    gatewayAgentId = await resolveOpenClawGatewayAgentId(agentId, gw)
+  } catch (err: unknown) {
+    const message = err instanceof Error ? err.message : String(err)
+    const status = message.includes('not an OpenClaw agent') ? 400 : 404
+    return NextResponse.json({ error: message }, { status })
+  }
+
   const files: Record<string, { content: string; error?: string }> = {}
   await Promise.all(
     AGENT_FILES.map(async (filename) => {
       try {
-        const result = await gw.rpc('agents.files.get', { agentId, filename }) as { content?: string } | undefined
-        files[filename] = { content: result?.content ?? '' }
+        const result = await gw.rpc('agents.files.get', {
+          agentId: gatewayAgentId,
+          name: filename,
+        }) as { file?: { content?: string } } | undefined
+        files[filename] = { content: result?.file?.content ?? '' }
       } catch (err: unknown) {
         files[filename] = { content: '', error: err instanceof Error ? err.message : String(err) }
       }
@@ -48,10 +61,20 @@ export async function PUT(req: Request) {
   }
 
   try {
-    await gw.rpc('agents.files.set', { agentId, filename, content: content ?? '' })
+    const gatewayAgentId = await resolveOpenClawGatewayAgentId(agentId, gw)
+    await gw.rpc('agents.files.set', {
+      agentId: gatewayAgentId,
+      name: filename,
+      content: content ?? '',
+    })
     return NextResponse.json({ ok: true })
   } catch (err: unknown) {
     const message = err instanceof Error ? err.message : String(err)
-    return NextResponse.json({ error: message }, { status: 502 })
+    const status = message.includes('not an OpenClaw agent')
+      ? 400
+      : message.includes('not found')
+        ? 404
+        : 502
+    return NextResponse.json({ error: message }, { status })
   }
 }

package/src/app/api/openclaw/skills/route.ts

@@ -1,5 +1,7 @@
 import { NextResponse } from 'next/server'
 import { ensureGatewayConnected } from '@/lib/server/openclaw-gateway'
+import { resolveOpenClawGatewayAgentId } from '@/lib/server/openclaw-agent-resolver'
+import { normalizeOpenClawSkillsPayload } from '@/lib/server/openclaw-skills-normalize'
 import { loadAgents, saveAgents } from '@/lib/server/storage'
 import { notify } from '@/lib/server/ws-hub'
 import type { OpenClawSkillEntry, SkillAllowlistMode } from '@/types'
@@ -18,11 +20,17 @@ export async function GET(req: Request) {
   }
 
   try {
-    const result = await gw.rpc('skills.status', { agentId }) as OpenClawSkillEntry[] | undefined
-    return NextResponse.json(result ?? [])
+    const gatewayAgentId = await resolveOpenClawGatewayAgentId(agentId, gw)
+    const result = await gw.rpc('skills.status', { agentId: gatewayAgentId }) as unknown
+    return NextResponse.json(normalizeOpenClawSkillsPayload(result))
   } catch (err: unknown) {
     const message = err instanceof Error ? err.message : String(err)
-    return NextResponse.json({ error: message }, { status: 502 })
+    const status = message.includes('not an OpenClaw agent')
+      ? 400
+      : message.includes('not found')
+        ? 404
+        : 502
+    return NextResponse.json({ error: message }, { status })
   }
 }
 

package/src/app/api/plugins/dependencies/route.ts

@@ -0,0 +1,24 @@
+import { NextResponse } from 'next/server'
+import { getPluginManager } from '@/lib/server/plugins'
+
+export async function POST(req: Request) {
+  const body = await req.json()
+  const filename = typeof body?.filename === 'string' ? body.filename : ''
+  const packageManager = typeof body?.packageManager === 'string' ? body.packageManager : undefined
+
+  if (!filename) {
+    return NextResponse.json({ error: 'filename is required' }, { status: 400 })
+  }
+
+  try {
+    const result = await getPluginManager().installPluginDependencies(filename, {
+      packageManager: packageManager as import('@/types').PluginPackageManager | undefined,
+    })
+    return NextResponse.json({ ok: true, dependencyInfo: result })
+  } catch (err: unknown) {
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : String(err) },
+      { status: 400 },
+    )
+  }
+}

package/src/app/api/plugins/install/route.ts

@@ -1,110 +1,33 @@
 import { NextResponse } from 'next/server'
-import fs from 'fs'
-import path from 'path'
-import { getPluginManager } from '@/lib/server/plugins'
-
-const PLUGINS_DIR = path.join(process.cwd(), 'data', 'plugins')
-
-function toRawUrl(url: string): string {
-  if (url.includes('github.com') && url.includes('/blob/')) {
-    return url.replace('github.com', 'raw.githubusercontent.com').replace('/blob/', '/')
-  }
-  if (url.includes('gist.github.com')) {
-    return url.endsWith('/raw') ? url : `${url}/raw`
-  }
-  return url
-}
-
-function normalizeMarketplaceUrl(url: string): string {
-  const trimmed = typeof url === 'string' ? url.trim() : ''
-  if (!trimmed) return trimmed
-
-  let normalized = trimmed
-    .replace('github.com/swarmclawai/plugins/', 'github.com/swarmclawai/swarmforge/')
-    .replace('raw.githubusercontent.com/swarmclawai/plugins/', 'raw.githubusercontent.com/swarmclawai/swarmforge/')
-
-  normalized = toRawUrl(normalized)
-
-  // Legacy registry entries used master and old repo names.
-  normalized = normalized
-    .replace('/swarmclawai/swarmforge/master/', '/swarmclawai/swarmforge/main/')
-    .replace('/swarmclawai/plugins/master/', '/swarmclawai/swarmforge/main/')
-    .replace('/swarmclawai/plugins/main/', '/swarmclawai/swarmforge/main/')
-
-  return normalized
-}
+import { getPluginManager, sanitizePluginFilename } from '@/lib/server/plugins'
 
 export async function POST(req: Request) {
   const body = await req.json()
-  const { url, filename } = body
-  const rawUrl = normalizeMarketplaceUrl(url)
+  const url = typeof body?.url === 'string' ? body.url : ''
+  const filename = typeof body?.filename === 'string' ? body.filename : ''
 
-  // Validate URL
-  if (!url || typeof url !== 'string' || !url.startsWith('https://')) {
+  if (!url || !url.startsWith('https://')) {
     return NextResponse.json(
       { error: 'URL must be a valid HTTPS URL' },
       { status: 400 },
     )
   }
 
-  // Validate filename
-  if (!filename || typeof filename !== 'string' || !filename.endsWith('.js')) {
-    return NextResponse.json(
-      { error: 'Filename must end in .js' },
-      { status: 400 },
-    )
-  }
-
-  // Path traversal protection
-  const sanitized = path.basename(filename)
-  if (sanitized !== filename || filename.includes('..')) {
-    return NextResponse.json(
-      { error: 'Invalid filename' },
-      { status: 400 },
-    )
-  }
-
   try {
-    const res = await fetch(rawUrl, { signal: AbortSignal.timeout(15_000) })
-    if (!res.ok) {
-      return NextResponse.json(
-        { error: `Download failed (HTTP ${res.status}) from ${rawUrl}` },
-        { status: 502 },
-      )
-    }
-    const contentType = res.headers.get('content-type') || ''
-    let code = await res.text()
-
-    // Reject HTML responses (likely a GitHub page, not raw content)
-    if (contentType.includes('text/html') && code.includes('<!DOCTYPE')) {
-      return NextResponse.json(
-        { error: 'URL returned an HTML page instead of JavaScript. Use a raw/direct link to the .js file.' },
-        { status: 400 },
-      )
-    }
-
-    // Compatibility fix: Strip node-fetch requires if present, as modern Node has global fetch
-    code = code.replace(/const\s+fetch\s*=\s*require\(['"]node-fetch['"]\);?/g, '// node-fetch stripped for compatibility')
-    code = code.replace(/import\s+fetch\s+from\s+['"]node-fetch['"];?/g, '// node-fetch stripped for compatibility')
-
-    // Ensure plugins directory exists
-    if (!fs.existsSync(PLUGINS_DIR)) {
-      fs.mkdirSync(PLUGINS_DIR, { recursive: true })
-    }
-
-    const dest = path.join(PLUGINS_DIR, sanitized)
-    fs.writeFileSync(dest, code, 'utf8')
-
-    // Force plugin manager to re-scan so the new plugin appears in listings
-    getPluginManager().reload()
-
-    return NextResponse.json({ ok: true, filename: sanitized })
+    const sanitizedFilename = sanitizePluginFilename(filename)
+    const installed = await getPluginManager().installPluginFromUrl(url, sanitizedFilename)
+    return NextResponse.json({ ok: true, filename: installed.filename, hash: installed.sourceHash })
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err)
-    const isTimeout = msg.includes('abort') || msg.includes('timeout')
+    const isTimeout = /abort|timeout/i.test(msg)
+    const status = /valid HTTPS URL|Filename|Invalid filename|HTML page|too large/i.test(msg)
+      ? 400
+      : isTimeout
+        ? 504
+        : 500
     return NextResponse.json(
-      { error: isTimeout ? 'Download timed out — the plugin URL may be unreachable' : `Install failed: ${msg}` },
-      { status: isTimeout ? 504 : 500 },
+      { error: isTimeout ? 'Download timed out — the plugin URL may be unreachable' : msg },
+      { status },
     )
   }
 }

package/src/app/api/plugins/route.ts

@@ -1,32 +1,7 @@
 import { NextResponse } from 'next/server'
 import { getPluginManager } from '@/lib/server/plugins'
 import { notify } from '@/lib/server/ws-hub'
-
-// Ensure all builtin plugins are registered by importing their modules
-import '@/lib/server/session-tools/shell'
-import '@/lib/server/session-tools/file'
-import '@/lib/server/session-tools/edit_file'
-import '@/lib/server/session-tools/web'
-import '@/lib/server/session-tools/memory'
-import '@/lib/server/session-tools/platform'
-import '@/lib/server/session-tools/monitor'
-import '@/lib/server/session-tools/discovery'
-import '@/lib/server/session-tools/sample-ui'
-import '@/lib/server/session-tools/git'
-import '@/lib/server/session-tools/wallet'
-import '@/lib/server/session-tools/connector'
-import '@/lib/server/session-tools/http'
-import '@/lib/server/session-tools/sandbox'
-import '@/lib/server/session-tools/canvas'
-import '@/lib/server/session-tools/chatroom'
-import '@/lib/server/session-tools/delegate'
-import '@/lib/server/session-tools/schedule'
-import '@/lib/server/session-tools/session-info'
-import '@/lib/server/session-tools/openclaw-nodes'
-import '@/lib/server/session-tools/openclaw-workspace'
-import '@/lib/server/session-tools/context-mgmt'
-import '@/lib/server/session-tools/subagent'
-import '@/lib/server/session-tools/plugin-creator'
+import '@/lib/server/builtin-plugins'
 
 export const dynamic = 'force-dynamic'
 
@@ -74,11 +49,13 @@ export async function PATCH(req: Request) {
   
   if (all) {
     await manager.updateAllPlugins()
+    notify('plugins')
     return NextResponse.json({ ok: true, message: 'All plugins updated' })
   }
   
   if (id) {
     await manager.updatePlugin(id)
+    notify('plugins')
     return NextResponse.json({ ok: true, message: `Plugin ${id} updated` })
   }
   

package/src/app/api/plugins/settings/route.ts

@@ -1,5 +1,6 @@
 import { NextResponse } from 'next/server'
-import { loadSettings, saveSettings } from '@/lib/server/storage'
+import { getPluginManager } from '@/lib/server/plugins'
+import '@/lib/server/builtin-plugins'
 
 export const dynamic = 'force-dynamic'
 
@@ -11,9 +12,7 @@ export async function GET(req: Request) {
     return NextResponse.json({ error: 'pluginId required' }, { status: 400 })
   }
 
-  const settings = loadSettings()
-  const pluginSettings = (settings.pluginSettings as Record<string, Record<string, unknown>> | undefined) ?? {}
-  return NextResponse.json(pluginSettings[pluginId] ?? {})
+  return NextResponse.json(getPluginManager().getPublicPluginSettings(pluginId))
 }
 
 /** PUT /api/plugins/settings?pluginId=X — write per-plugin settings */
@@ -24,12 +23,18 @@ export async function PUT(req: Request) {
     return NextResponse.json({ error: 'pluginId required' }, { status: 400 })
   }
 
-  const body = await req.json() as Record<string, unknown>
-  const settings = loadSettings()
-  const pluginSettings = (settings.pluginSettings as Record<string, Record<string, unknown>> | undefined) ?? {}
-  pluginSettings[pluginId] = body
-  settings.pluginSettings = pluginSettings
-  saveSettings(settings)
-
-  return NextResponse.json({ ok: true })
+  try {
+    const body = await req.json() as Record<string, unknown>
+    const saved = getPluginManager().setPluginSettings(pluginId, body)
+    return NextResponse.json({
+      ok: true,
+      values: saved,
+      configuredSecretFields: getPluginManager().getPublicPluginSettings(pluginId).configuredSecretFields,
+    })
+  } catch (err: unknown) {
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : String(err) },
+      { status: 400 },
+    )
+  }
 }

package/src/app/api/plugins/ui/route.ts

@@ -1,5 +1,6 @@
 import { NextResponse } from 'next/server'
 import { getPluginManager } from '@/lib/server/plugins'
+import '@/lib/server/builtin-plugins'
 
 export const dynamic = 'force-dynamic'