@swarmclawai/swarmclaw 0.7.3 → 0.7.4

package/src/lib/provider-model-discovery-client.ts

@@ -0,0 +1,29 @@
+import { api } from './api-client'
+import type { ProviderModelDiscoveryResult } from '@/types'
+
+export interface DiscoverProviderModelsParams {
+  providerId: string
+  credentialId?: string | null
+  endpoint?: string | null
+  force?: boolean
+  requiresApiKey?: boolean
+}
+
+export function buildProviderModelDiscoveryPath(params: DiscoverProviderModelsParams): string {
+  const searchParams = new URLSearchParams()
+  if (params.credentialId) searchParams.set('credentialId', params.credentialId)
+  if (params.endpoint?.trim()) searchParams.set('endpoint', params.endpoint.trim())
+  if (params.force) searchParams.set('force', '1')
+  if (typeof params.requiresApiKey === 'boolean') {
+    searchParams.set('requiresApiKey', params.requiresApiKey ? '1' : '0')
+  }
+  const query = searchParams.toString()
+  const encodedProviderId = encodeURIComponent(params.providerId)
+  return `/providers/${encodedProviderId}/discover-models${query ? `?${query}` : ''}`
+}
+
+export function fetchProviderModelDiscovery(
+  params: DiscoverProviderModelsParams,
+): Promise<ProviderModelDiscoveryResult> {
+  return api<ProviderModelDiscoveryResult>('GET', buildProviderModelDiscoveryPath(params))
+}

package/src/lib/providers/index.ts

@@ -256,11 +256,16 @@ export function getProviderList(): ProviderInfo[] {
   const overrides = getModelOverrides()
   const builtins = Object.values(PROVIDERS)
     .filter(({ id }) => id !== 'openclaw')
-    .map(({ handler, ...info }) => ({
-      ...info,
-      models: overrides[info.id] || info.models,
-      defaultModels: info.models,
-    }))
+    .map((provider) => {
+      const { handler, ...info } = provider
+      void handler
+      return {
+        ...info,
+        models: overrides[info.id] || info.models,
+        defaultModels: info.models,
+        supportsModelDiscovery: !['claude-cli', 'codex-cli', 'opencode-cli', 'fireworks'].includes(info.id),
+      }
+    })
   
   const customs: ProviderInfo[] = Object.values(getCustomProviders())
     .filter((c) => c.isEnabled)
@@ -269,6 +274,7 @@ export function getProviderList(): ProviderInfo[] {
       name: c.name,
       models: c.models,
       defaultModels: c.models,
+      supportsModelDiscovery: !!(c.baseUrl && c.baseUrl.trim()),
       requiresApiKey: c.requiresApiKey,
       requiresEndpoint: false as boolean,
       defaultEndpoint: c.baseUrl,
@@ -283,6 +289,7 @@ export function getProviderList(): ProviderInfo[] {
       name: String(p.name),
       models: p.models as string[],
       defaultModels: p.models as string[],
+      supportsModelDiscovery: Boolean(p.supportsModelDiscovery),
       requiresApiKey: Boolean(p.requiresApiKey),
       requiresEndpoint: Boolean(p.requiresEndpoint),
       defaultEndpoint: p.defaultEndpoint as string | undefined,

package/src/lib/runtime-loop.ts

@@ -3,9 +3,28 @@ import type { LoopMode } from '@/types'
 export const DEFAULT_LOOP_MODE: LoopMode = 'bounded'
 
 // Loop limits
-export const DEFAULT_AGENT_LOOP_RECURSION_LIMIT = 30
-export const DEFAULT_ORCHESTRATOR_LOOP_RECURSION_LIMIT = 40
-export const DEFAULT_LEGACY_ORCHESTRATOR_MAX_TURNS = 10
+export const AGENT_LOOP_RECURSION_LIMIT_MIN = 1
+export const AGENT_LOOP_RECURSION_LIMIT_MAX = 200
+export const ORCHESTRATOR_LOOP_RECURSION_LIMIT_MIN = 1
+export const ORCHESTRATOR_LOOP_RECURSION_LIMIT_MAX = 300
+export const LEGACY_ORCHESTRATOR_MAX_TURNS_MIN = 1
+export const LEGACY_ORCHESTRATOR_MAX_TURNS_MAX = 300
+export const ONGOING_LOOP_MAX_ITERATIONS_MIN = 10
+export const ONGOING_LOOP_MAX_ITERATIONS_MAX = 5000
+export const ONGOING_LOOP_MAX_RUNTIME_MINUTES_MIN = 0
+export const ONGOING_LOOP_MAX_RUNTIME_MINUTES_MAX = 1440
+export const DELEGATION_MAX_DEPTH_MIN = 1
+export const DELEGATION_MAX_DEPTH_MAX = 12
+export const SHELL_COMMAND_TIMEOUT_SEC_MIN = 1
+export const SHELL_COMMAND_TIMEOUT_SEC_MAX = 600
+export const CLAUDE_CODE_TIMEOUT_SEC_MIN = 5
+export const CLAUDE_CODE_TIMEOUT_SEC_MAX = 7200
+export const CLI_PROCESS_TIMEOUT_SEC_MIN = 10
+export const CLI_PROCESS_TIMEOUT_SEC_MAX = 7200
+
+export const DEFAULT_AGENT_LOOP_RECURSION_LIMIT = 60
+export const DEFAULT_ORCHESTRATOR_LOOP_RECURSION_LIMIT = 80
+export const DEFAULT_LEGACY_ORCHESTRATOR_MAX_TURNS = 16
 export const DEFAULT_ONGOING_LOOP_MAX_ITERATIONS = 250
 export const DEFAULT_ONGOING_LOOP_MAX_RUNTIME_MINUTES = 60
 export const DEFAULT_DELEGATION_MAX_DEPTH = 3
@@ -14,3 +33,86 @@ export const DEFAULT_DELEGATION_MAX_DEPTH = 3
 export const DEFAULT_SHELL_COMMAND_TIMEOUT_SEC = 30
 export const DEFAULT_CLAUDE_CODE_TIMEOUT_SEC = 1800
 export const DEFAULT_CLI_PROCESS_TIMEOUT_SEC = 1800
+
+function parseIntSetting(value: unknown, fallback: number, min: number, max: number): number {
+  const parsed = typeof value === 'number'
+    ? value
+    : typeof value === 'string'
+      ? Number.parseInt(value, 10)
+      : Number.NaN
+  if (!Number.isFinite(parsed)) return fallback
+  return Math.max(min, Math.min(max, Math.trunc(parsed)))
+}
+
+export interface NormalizedRuntimeSettingFields {
+  loopMode: LoopMode
+  agentLoopRecursionLimit: number
+  orchestratorLoopRecursionLimit: number
+  legacyOrchestratorMaxTurns: number
+  delegationMaxDepth: number
+  ongoingLoopMaxIterations: number
+  ongoingLoopMaxRuntimeMinutes: number
+  shellCommandTimeoutSec: number
+  claudeCodeTimeoutSec: number
+  cliProcessTimeoutSec: number
+}
+
+export function normalizeRuntimeSettingFields(settings: Record<string, unknown>): NormalizedRuntimeSettingFields {
+  return {
+    loopMode: settings.loopMode === 'ongoing' ? 'ongoing' : DEFAULT_LOOP_MODE,
+    agentLoopRecursionLimit: parseIntSetting(
+      settings.agentLoopRecursionLimit,
+      DEFAULT_AGENT_LOOP_RECURSION_LIMIT,
+      AGENT_LOOP_RECURSION_LIMIT_MIN,
+      AGENT_LOOP_RECURSION_LIMIT_MAX,
+    ),
+    orchestratorLoopRecursionLimit: parseIntSetting(
+      settings.orchestratorLoopRecursionLimit,
+      DEFAULT_ORCHESTRATOR_LOOP_RECURSION_LIMIT,
+      ORCHESTRATOR_LOOP_RECURSION_LIMIT_MIN,
+      ORCHESTRATOR_LOOP_RECURSION_LIMIT_MAX,
+    ),
+    legacyOrchestratorMaxTurns: parseIntSetting(
+      settings.legacyOrchestratorMaxTurns,
+      DEFAULT_LEGACY_ORCHESTRATOR_MAX_TURNS,
+      LEGACY_ORCHESTRATOR_MAX_TURNS_MIN,
+      LEGACY_ORCHESTRATOR_MAX_TURNS_MAX,
+    ),
+    delegationMaxDepth: parseIntSetting(
+      settings.delegationMaxDepth,
+      DEFAULT_DELEGATION_MAX_DEPTH,
+      DELEGATION_MAX_DEPTH_MIN,
+      DELEGATION_MAX_DEPTH_MAX,
+    ),
+    ongoingLoopMaxIterations: parseIntSetting(
+      settings.ongoingLoopMaxIterations,
+      DEFAULT_ONGOING_LOOP_MAX_ITERATIONS,
+      ONGOING_LOOP_MAX_ITERATIONS_MIN,
+      ONGOING_LOOP_MAX_ITERATIONS_MAX,
+    ),
+    ongoingLoopMaxRuntimeMinutes: parseIntSetting(
+      settings.ongoingLoopMaxRuntimeMinutes,
+      DEFAULT_ONGOING_LOOP_MAX_RUNTIME_MINUTES,
+      ONGOING_LOOP_MAX_RUNTIME_MINUTES_MIN,
+      ONGOING_LOOP_MAX_RUNTIME_MINUTES_MAX,
+    ),
+    shellCommandTimeoutSec: parseIntSetting(
+      settings.shellCommandTimeoutSec,
+      DEFAULT_SHELL_COMMAND_TIMEOUT_SEC,
+      SHELL_COMMAND_TIMEOUT_SEC_MIN,
+      SHELL_COMMAND_TIMEOUT_SEC_MAX,
+    ),
+    claudeCodeTimeoutSec: parseIntSetting(
+      settings.claudeCodeTimeoutSec,
+      DEFAULT_CLAUDE_CODE_TIMEOUT_SEC,
+      CLAUDE_CODE_TIMEOUT_SEC_MIN,
+      CLAUDE_CODE_TIMEOUT_SEC_MAX,
+    ),
+    cliProcessTimeoutSec: parseIntSetting(
+      settings.cliProcessTimeoutSec,
+      DEFAULT_CLI_PROCESS_TIMEOUT_SEC,
+      CLI_PROCESS_TIMEOUT_SEC_MIN,
+      CLI_PROCESS_TIMEOUT_SEC_MAX,
+    ),
+  }
+}

package/src/lib/safe-storage.ts

@@ -1,5 +1,10 @@
 function canUseLocalStorage(): boolean {
-  return typeof window !== 'undefined' && !!window.localStorage
+  if (typeof window === 'undefined') return false
+  try {
+    return !!window.localStorage
+  } catch {
+    return false
+  }
 }
 
 export function safeStorageGet(key: string): string | null {

package/src/lib/server/agent-runtime-config.test.ts

@@ -0,0 +1,141 @@
+import assert from 'node:assert/strict'
+import { test } from 'node:test'
+import type { Agent, GatewayProfile } from '@/types'
+import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
+import {
+  applyResolvedRoute,
+  resolveAgentRouteCandidatesWithProfiles,
+} from './agent-runtime-config'
+
+function makeGateway(overrides: Partial<GatewayProfile> = {}): GatewayProfile {
+  const now = Date.now()
+  return {
+    id: 'gateway-default',
+    name: 'Gateway Default',
+    provider: 'openclaw',
+    endpoint: 'https://gateway.example.com/v1',
+    wsUrl: 'wss://gateway.example.com',
+    credentialId: 'cred-gateway',
+    status: 'healthy',
+    tags: [],
+    isDefault: true,
+    createdAt: now,
+    updatedAt: now,
+    ...overrides,
+  }
+}
+
+function makeAgent(overrides: Partial<Agent> = {}): Agent {
+  const now = Date.now()
+  return {
+    id: 'agent-1',
+    name: 'OpenClaw Ops',
+    description: '',
+    systemPrompt: '',
+    provider: 'openclaw',
+    model: '',
+    createdAt: now,
+    updatedAt: now,
+    ...overrides,
+  }
+}
+
+test('resolveAgentRouteCandidatesWithProfiles applies the default OpenClaw gateway profile to base agents', () => {
+  const gateways = [
+    makeGateway(),
+    makeGateway({
+      id: 'gateway-secondary',
+      name: 'Gateway Secondary',
+      endpoint: 'https://secondary.example.com/v1',
+      wsUrl: 'wss://secondary.example.com',
+      credentialId: 'cred-secondary',
+      isDefault: false,
+    }),
+  ]
+
+  const [route] = resolveAgentRouteCandidatesWithProfiles(makeAgent(), gateways)
+  assert.ok(route)
+  assert.equal(route.provider, 'openclaw')
+  assert.equal(route.model, 'default')
+  assert.equal(route.gatewayProfileId, 'gateway-default')
+  assert.equal(route.credentialId, 'cred-gateway')
+  assert.equal(route.apiEndpoint, normalizeProviderEndpoint('openclaw', 'https://gateway.example.com/v1'))
+})
+
+test('resolveAgentRouteCandidatesWithProfiles respects routing strategy but deprioritizes cooling providers', () => {
+  const gateways = [
+    makeGateway({
+      id: 'gateway-economy',
+      name: 'Economy Gateway',
+      endpoint: 'https://economy.example.com/v1',
+      wsUrl: 'wss://economy.example.com',
+      credentialId: 'cred-economy',
+      isDefault: false,
+    }),
+  ]
+
+  const agent = makeAgent({
+    provider: 'openai',
+    model: 'gpt-4o',
+    gatewayProfileId: null,
+    routingStrategy: 'economy',
+    routingTargets: [
+      {
+        id: 'economy-route',
+        label: 'Economy',
+        provider: 'openclaw',
+        model: 'default',
+        gatewayProfileId: 'gateway-economy',
+        role: 'economy',
+      },
+      {
+        id: 'premium-route',
+        label: 'Premium',
+        provider: 'openai',
+        model: 'gpt-5',
+        role: 'premium',
+      },
+    ],
+  })
+
+  const preferred = resolveAgentRouteCandidatesWithProfiles(agent, gateways)
+  assert.equal(preferred[0]?.id, 'economy-route')
+  assert.equal(preferred[0]?.apiEndpoint, normalizeProviderEndpoint('openclaw', 'https://economy.example.com/v1'))
+
+  const cooled = resolveAgentRouteCandidatesWithProfiles(agent, gateways, undefined, (providerId) => providerId === 'openclaw')
+  assert.equal(cooled[0]?.id, 'base')
+  assert.equal(cooled[0]?.provider, 'openai')
+})
+
+test('applyResolvedRoute copies gateway, endpoint, and fallback credentials onto a target session-like object', () => {
+  const target = {
+    provider: 'claude-cli' as const,
+    model: 'claude-sonnet-4-5',
+    credentialId: null,
+    fallbackCredentialIds: [] as string[],
+    apiEndpoint: null,
+    gatewayProfileId: null,
+  }
+
+  const next = applyResolvedRoute(target, {
+    id: 'route-1',
+    label: 'Gateway route',
+    provider: 'openclaw',
+    model: 'default',
+    credentialId: 'cred-1',
+    fallbackCredentialIds: ['cred-2', 'cred-3'],
+    apiEndpoint: 'https://gateway.example.com/v1',
+    gatewayProfileId: 'gateway-1',
+    priority: 0,
+    source: 'routing-target',
+  })
+
+  assert.deepEqual(next, {
+    provider: 'openclaw',
+    model: 'default',
+    credentialId: 'cred-1',
+    fallbackCredentialIds: ['cred-2', 'cred-3'],
+    apiEndpoint: 'https://gateway.example.com/v1',
+    gatewayProfileId: 'gateway-1',
+  })
+})

package/src/lib/server/agent-runtime-config.ts

@@ -0,0 +1,277 @@
+import type {
+  Agent,
+  AgentRoutingStrategy,
+  AgentRoutingTarget,
+  GatewayProfile,
+  ProviderType,
+} from '@/types'
+import { deriveOpenClawWsUrl, normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
+import { loadGatewayProfiles } from './storage'
+import { isProviderCoolingDown } from './provider-health'
+
+const DEFAULT_OPENCLAW_ENDPOINT = 'http://localhost:18789/v1'
+const DEFAULT_OPENCLAW_MODEL = 'default'
+
+export interface ResolvedAgentRoute {
+  id: string
+  label: string
+  provider: ProviderType
+  model: string
+  credentialId?: string | null
+  fallbackCredentialIds: string[]
+  apiEndpoint?: string | null
+  gatewayProfileId?: string | null
+  role?: NonNullable<AgentRoutingTarget['role']>
+  priority: number
+  source: 'agent' | 'routing-target'
+}
+
+interface RouteSeed {
+  id: string
+  label?: string
+  provider?: ProviderType | null
+  model?: string | null
+  credentialId?: string | null
+  fallbackCredentialIds?: string[]
+  apiEndpoint?: string | null
+  gatewayProfileId?: string | null
+  role?: AgentRoutingTarget['role']
+  priority?: number
+  source: ResolvedAgentRoute['source']
+}
+
+function ensureStringArray(value: unknown): string[] {
+  if (!Array.isArray(value)) return []
+  return value
+    .map((item) => (typeof item === 'string' ? item.trim() : ''))
+    .filter(Boolean)
+}
+
+function normalizeGateway(raw: unknown, id: string): GatewayProfile | null {
+  if (!raw || typeof raw !== 'object') return null
+  const gateway = raw as Partial<GatewayProfile> & Record<string, unknown>
+  const endpoint = normalizeProviderEndpoint(
+    'openclaw',
+    typeof gateway.endpoint === 'string' && gateway.endpoint.trim()
+      ? gateway.endpoint
+      : DEFAULT_OPENCLAW_ENDPOINT,
+  )
+  if (!endpoint) return null
+  return {
+    id,
+    name: typeof gateway.name === 'string' && gateway.name.trim() ? gateway.name.trim() : id,
+    provider: 'openclaw',
+    endpoint,
+    wsUrl: typeof gateway.wsUrl === 'string' && gateway.wsUrl.trim() ? gateway.wsUrl.trim() : deriveOpenClawWsUrl(endpoint),
+    credentialId: typeof gateway.credentialId === 'string' && gateway.credentialId.trim() ? gateway.credentialId.trim() : null,
+    status: gateway.status === 'healthy' || gateway.status === 'degraded' || gateway.status === 'offline' || gateway.status === 'pending' ? gateway.status : 'unknown',
+    notes: typeof gateway.notes === 'string' ? gateway.notes : null,
+    tags: ensureStringArray(gateway.tags),
+    lastError: typeof gateway.lastError === 'string' ? gateway.lastError : null,
+    lastCheckedAt: typeof gateway.lastCheckedAt === 'number' ? gateway.lastCheckedAt : null,
+    lastModelCount: typeof gateway.lastModelCount === 'number' ? gateway.lastModelCount : null,
+    discoveredHost: typeof gateway.discoveredHost === 'string' ? gateway.discoveredHost : null,
+    discoveredPort: typeof gateway.discoveredPort === 'number' ? gateway.discoveredPort : null,
+    isDefault: gateway.isDefault === true,
+    createdAt: typeof gateway.createdAt === 'number' ? gateway.createdAt : Date.now(),
+    updatedAt: typeof gateway.updatedAt === 'number' ? gateway.updatedAt : Date.now(),
+  }
+}
+
+function findGatewayProfile(
+  gatewayProfiles: GatewayProfile[],
+  profileId?: string | null,
+): GatewayProfile | null {
+  const id = typeof profileId === 'string' ? profileId.trim() : ''
+  if (!id) return null
+  return gatewayProfiles.find((profile) => profile.id === id) || null
+}
+
+export function getGatewayProfiles(provider: GatewayProfile['provider'] | null = null): GatewayProfile[] {
+  const all = loadGatewayProfiles()
+  return Object.entries(all)
+    .map(([id, value]) => normalizeGateway(value, id))
+    .filter((value): value is GatewayProfile => Boolean(value))
+    .filter((value) => !provider || value.provider === provider)
+    .sort((a, b) => {
+      if ((a.isDefault === true) !== (b.isDefault === true)) return a.isDefault ? -1 : 1
+      return a.name.localeCompare(b.name)
+    })
+}
+
+export function getGatewayProfile(profileId?: string | null): GatewayProfile | null {
+  return findGatewayProfile(getGatewayProfiles(), profileId)
+}
+
+function defaultGatewayProfile(gatewayProfiles: GatewayProfile[]): GatewayProfile | null {
+  return gatewayProfiles.find((profile) => profile.isDefault) || gatewayProfiles[0] || null
+}
+
+function roleWeight(strategy: AgentRoutingStrategy, role?: AgentRoutingTarget['role']): number {
+  const normalized = role || 'primary'
+  const matrix: Record<AgentRoutingStrategy, Record<string, number>> = {
+    single: { primary: 0, backup: 10, premium: 20, reasoning: 30, economy: 40 },
+    balanced: { primary: 0, premium: 4, economy: 4, reasoning: 6, backup: 12 },
+    economy: { economy: 0, primary: 10, backup: 18, premium: 28, reasoning: 36 },
+    premium: { premium: 0, reasoning: 4, primary: 10, backup: 18, economy: 28 },
+    reasoning: { reasoning: 0, premium: 4, primary: 10, backup: 18, economy: 28 },
+  }
+  return matrix[strategy][normalized] ?? 50
+}
+
+function dedupeCredentialIds(primary: string | null | undefined, candidates: string[] | undefined): string[] {
+  const seen = new Set<string>()
+  const normalizedPrimary = typeof primary === 'string' && primary.trim() ? primary.trim() : null
+  const result: string[] = []
+  for (const value of ensureStringArray(candidates)) {
+    if (normalizedPrimary && value === normalizedPrimary) continue
+    if (seen.has(value)) continue
+    seen.add(value)
+    result.push(value)
+  }
+  return result
+}
+
+function buildRouteFromSeed(
+  seed: RouteSeed,
+  gatewayProfiles: GatewayProfile[],
+  agentGatewayProfileId?: string | null,
+): ResolvedAgentRoute | null {
+  const provider = (seed.provider || 'claude-cli') as ProviderType
+  let gatewayProfileId = seed.gatewayProfileId ?? null
+  if (!gatewayProfileId && provider === 'openclaw') {
+    gatewayProfileId = agentGatewayProfileId ?? defaultGatewayProfile(gatewayProfiles)?.id ?? null
+  }
+  const gatewayProfile = findGatewayProfile(gatewayProfiles, gatewayProfileId)
+
+  const providerFromGateway = gatewayProfile?.provider === 'openclaw' ? 'openclaw' : provider
+  const apiEndpoint = normalizeProviderEndpoint(
+    providerFromGateway,
+    seed.apiEndpoint ?? gatewayProfile?.endpoint ?? null,
+  )
+  const model = (seed.model || '').trim() || (providerFromGateway === 'openclaw' ? DEFAULT_OPENCLAW_MODEL : '')
+  if (!providerFromGateway || !model) return null
+
+  const credentialId = seed.credentialId ?? gatewayProfile?.credentialId ?? null
+  return {
+    id: seed.id,
+    label: seed.label?.trim() || (gatewayProfile?.name || `${providerFromGateway}:${model}`),
+    provider: providerFromGateway,
+    model,
+    credentialId,
+    fallbackCredentialIds: dedupeCredentialIds(credentialId, seed.fallbackCredentialIds),
+    apiEndpoint,
+    gatewayProfileId,
+    role: seed.role,
+    priority: typeof seed.priority === 'number' ? seed.priority : 100,
+    source: seed.source,
+  }
+}
+
+function dedupeRoutes(routes: ResolvedAgentRoute[]): ResolvedAgentRoute[] {
+  const seen = new Set<string>()
+  const deduped: ResolvedAgentRoute[] = []
+  for (const route of routes) {
+    const key = [
+      route.provider,
+      route.model,
+      route.credentialId || '',
+      route.apiEndpoint || '',
+      route.gatewayProfileId || '',
+    ].join('::')
+    if (seen.has(key)) continue
+    seen.add(key)
+    deduped.push(route)
+  }
+  return deduped
+}
+
+export function resolveAgentRouteCandidates(
+  agent: Agent | null | undefined,
+  preferredStrategy?: AgentRoutingStrategy | null,
+): ResolvedAgentRoute[] {
+  return resolveAgentRouteCandidatesWithProfiles(agent, getGatewayProfiles('openclaw'), preferredStrategy)
+}
+
+export function resolveAgentRouteCandidatesWithProfiles(
+  agent: Agent | null | undefined,
+  gatewayProfiles: GatewayProfile[],
+  preferredStrategy?: AgentRoutingStrategy | null,
+  isCoolingDown: (providerId: string) => boolean = isProviderCoolingDown,
+): ResolvedAgentRoute[] {
+  if (!agent) return []
+  const strategy = preferredStrategy || agent.routingStrategy || 'single'
+  const seeds: RouteSeed[] = [
+    {
+      id: 'base',
+      label: agent.name,
+      provider: agent.provider,
+      model: agent.model,
+      credentialId: agent.credentialId ?? null,
+      fallbackCredentialIds: agent.fallbackCredentialIds || [],
+      apiEndpoint: agent.apiEndpoint ?? null,
+      gatewayProfileId: agent.gatewayProfileId ?? null,
+      role: 'primary',
+      priority: 0,
+      source: 'agent',
+    },
+    ...((agent.routingTargets || []).map((target, index) => ({
+      id: target.id || `route-${index + 1}`,
+      label: target.label,
+      provider: target.provider,
+      model: target.model,
+      credentialId: target.credentialId ?? null,
+      fallbackCredentialIds: target.fallbackCredentialIds || [],
+      apiEndpoint: target.apiEndpoint ?? null,
+      gatewayProfileId: target.gatewayProfileId ?? null,
+      role: target.role,
+      priority: typeof target.priority === 'number' ? target.priority : index + 1,
+      source: 'routing-target' as const,
+    }))),
+  ]
+
+  return dedupeRoutes(
+    seeds
+      .map((seed) => buildRouteFromSeed(seed, gatewayProfiles, agent.gatewayProfileId ?? null))
+      .filter((route): route is ResolvedAgentRoute => Boolean(route)),
+  ).sort((left, right) => {
+    const leftCooling = isCoolingDown(left.provider)
+    const rightCooling = isCoolingDown(right.provider)
+    if (leftCooling !== rightCooling) return leftCooling ? 1 : -1
+    const leftRole = roleWeight(strategy, left.role)
+    const rightRole = roleWeight(strategy, right.role)
+    if (leftRole !== rightRole) return leftRole - rightRole
+    if (left.priority !== right.priority) return left.priority - right.priority
+    return left.label.localeCompare(right.label)
+  })
+}
+
+export function resolvePrimaryAgentRoute(
+  agent: Agent | null | undefined,
+  preferredStrategy?: AgentRoutingStrategy | null,
+): ResolvedAgentRoute | null {
+  return resolveAgentRouteCandidates(agent, preferredStrategy)[0] || null
+}
+
+export function applyResolvedRoute<T extends {
+  provider: ProviderType
+  model: string
+  credentialId?: string | null
+  fallbackCredentialIds?: string[]
+  apiEndpoint?: string | null
+  gatewayProfileId?: string | null
+}>(
+  target: T,
+  route: ResolvedAgentRoute | null | undefined,
+): T {
+  if (!route) return target
+  return {
+    ...target,
+    provider: route.provider,
+    model: route.model,
+    credentialId: route.credentialId ?? null,
+    fallbackCredentialIds: [...route.fallbackCredentialIds],
+    apiEndpoint: route.apiEndpoint ?? null,
+    gatewayProfileId: route.gatewayProfileId ?? null,
+  }
+}

package/src/lib/server/approvals-auto-approve.test.ts

@@ -202,4 +202,63 @@ describe('approval auto-approve', () => {
     assert.match(output.lastMessage.text, /\"type\":\"plugin_request\"/)
     assert.match(output.lastMessage.text, /\"pluginId\":\"shell\"/)
   })
+
+  it('applies tool access after a manual approval decision', () => {
+    const output = runWithTempDataDir(`
+      const storageMod = await import('./src/lib/server/storage.ts')
+      const approvalsMod = await import('./src/lib/server/approvals.ts')
+      const storage = storageMod.default || storageMod
+      const approvals = approvalsMod.default || approvalsMod
+
+      const now = Date.now()
+      storage.saveSettings({
+        approvalsEnabled: true,
+        approvalAutoApproveCategories: [],
+      })
+      storage.saveSessions({
+        session_manual: {
+          id: 'session_manual',
+          name: 'Manual Approval Test',
+          cwd: process.cwd(),
+          user: 'tester',
+          provider: 'openai',
+          model: 'gpt-test',
+          credentialId: null,
+          apiEndpoint: null,
+          claudeSessionId: null,
+          codexThreadId: null,
+          opencodeSessionId: null,
+          delegateResumeIds: { claudeCode: null, codex: null, opencode: null, gemini: null },
+          messages: [],
+          createdAt: now,
+          lastActiveAt: now,
+          sessionType: 'human',
+          agentId: 'default',
+          plugins: [],
+        },
+      })
+
+      const approval = await approvals.requestApprovalMaybeAutoApprove({
+        category: 'tool_access',
+        title: 'Enable Plugin: shell',
+        description: 'Need shell access for a task.',
+        data: { toolId: 'shell', pluginId: 'shell' },
+        sessionId: 'session_manual',
+        agentId: 'default',
+      })
+      await approvals.submitDecision(approval.id, true)
+
+      const storedApproval = storage.loadApprovals()[approval.id]
+      const session = storage.loadSessions().session_manual
+      console.log(JSON.stringify({
+        initialStatus: approval.status,
+        finalStatus: storedApproval?.status || null,
+        plugins: session.plugins || [],
+      }))
+    `)
+
+    assert.equal(output.initialStatus, 'pending')
+    assert.equal(output.finalStatus, 'approved')
+    assert.equal(output.plugins.includes('shell'), true)
+  })
 })