@swarmclawai/swarmclaw 0.7.3 → 0.7.4

package/src/lib/server/session-tools/sandbox.ts

@@ -14,22 +14,20 @@ function getDenoPath(): string | null {
   return findBinaryOnPath('deno')
 }
 
-function getNodePath(): string | null {
-  return findBinaryOnPath('node')
-}
-
-function getTsxPath(): string | null {
-  return findBinaryOnPath('tsx')
-}
-
-function getPythonPath(): string | null {
-  return findBinaryOnPath('python3') ?? findBinaryOnPath('python')
-}
-
 const EXT_MAP: Record<string, string> = {
   javascript: 'js',
   typescript: 'ts',
-  python: 'py',
+}
+
+function sandboxUnavailableError(reason: string): string {
+  return JSON.stringify({
+    error: reason,
+    guidance: [
+      'Install Deno or run `npm run setup:easy` to enable sandbox_exec.',
+      'Use http_request for straightforward API calls.',
+      'Use plugin_creator plus manage_schedules for recurring automations.',
+    ],
+  })
 }
 
 /**
@@ -45,18 +43,13 @@ async function executeSandboxExec(args: any, context: { sessionId?: string; cwd?
   const sessionId = context.sessionId ?? 'unknown'
   const sandboxDir = path.join('/tmp', `swarmclaw-sandbox-${sessionId}-${Date.now()}`)
   const denoPath = getDenoPath()
-  const nodePath = getNodePath()
-  const tsxPath = getTsxPath()
-  const pythonPath = getPythonPath()
 
-  if (language === 'javascript' && !denoPath && !nodePath) {
-    return JSON.stringify({ error: 'No JavaScript runtime available. Install Deno or Node.js.' })
-  }
-  if (language === 'typescript' && !denoPath && !tsxPath) {
-    return JSON.stringify({ error: 'No TypeScript runtime available. Install Deno or tsx.' })
+  if (language !== 'javascript' && language !== 'typescript') {
+    return sandboxUnavailableError('sandbox_exec currently supports only JavaScript and TypeScript via Deno.')
   }
-  if (language === 'python' && !pythonPath) {
-    return JSON.stringify({ error: 'Python is not installed.' })
+
+  if (!denoPath) {
+    return sandboxUnavailableError('Deno is required for sandbox_exec. Unsafe Node/Python fallbacks are disabled.')
   }
 
   try {
@@ -65,36 +58,15 @@ async function executeSandboxExec(args: any, context: { sessionId?: string; cwd?
     const scriptPath = path.join(sandboxDir, scriptFile)
     fs.writeFileSync(scriptPath, code, 'utf-8')
 
-    let result: ReturnType<typeof spawnSync>
-
-    if (language === 'javascript') {
-      if (denoPath) {
-        result = spawnSync(denoPath, [
-          'run', '--allow-read=.', '--allow-write=.', '--allow-net', '--deny-env', '--no-prompt', scriptFile,
-        ], { cwd: sandboxDir, encoding: 'utf-8', timeout, maxBuffer: MAX_OUTPUT })
-      } else {
-        result = spawnSync(nodePath!, [scriptPath], {
-          cwd: sandboxDir, encoding: 'utf-8', timeout, maxBuffer: MAX_OUTPUT,
-          env: { PATH: process.env.PATH || '/usr/bin:/bin' } as any,
-        })
-      }
-    } else if (language === 'typescript') {
-      if (denoPath) {
-        result = spawnSync(denoPath, [
-          'run', '--allow-read=.', '--allow-write=.', '--allow-net', '--deny-env', '--no-prompt', scriptFile,
-        ], { cwd: sandboxDir, encoding: 'utf-8', timeout, maxBuffer: MAX_OUTPUT })
-      } else {
-        result = spawnSync(tsxPath!, [scriptPath], {
-          cwd: sandboxDir, encoding: 'utf-8', timeout, maxBuffer: MAX_OUTPUT,
-          env: { PATH: process.env.PATH || '/usr/bin:/bin' } as any,
-        })
-      }
-    } else {
-      result = spawnSync(pythonPath!, [scriptPath], {
-        cwd: sandboxDir, encoding: 'utf-8', timeout, maxBuffer: MAX_OUTPUT,
-        env: { PATH: process.env.PATH || '/usr/bin:/bin' } as any,
-      })
-    }
+    const result = spawnSync(denoPath, [
+      'run',
+      '--allow-read=.',
+      '--allow-write=.',
+      '--allow-net',
+      '--deny-env',
+      '--no-prompt',
+      scriptFile,
+    ], { cwd: sandboxDir, encoding: 'utf-8', timeout, maxBuffer: MAX_OUTPUT })
 
     const stdout = truncate((result.stdout || '').toString(), MAX_OUTPUT)
     const stderr = truncate((result.stderr || '').toString(), MAX_OUTPUT)
@@ -125,16 +97,18 @@ async function executeSandboxExec(args: any, context: { sessionId?: string; cwd?
 }
 
 async function executeListRuntimes() {
-  const runtimes: Record<string, any> = {}
-  for (const [name, bin] of [['deno', getDenoPath()], ['node', getNodePath()], ['tsx', getTsxPath()], ['python', getPythonPath()]] as const) {
-    if (bin) {
-      const ver = spawnSync(bin, ['--version'], { encoding: 'utf-8', timeout: 3000 })
-      runtimes[name] = { available: true, version: (ver.stdout || '').split('\n')[0]?.trim() || null }
-    } else {
-      runtimes[name] = { available: false }
-    }
+  const denoPath = getDenoPath()
+  if (!denoPath) {
+    return sandboxUnavailableError('Deno is not available for sandbox_exec.')
   }
-  return JSON.stringify(runtimes)
+  const ver = spawnSync(denoPath, ['--version'], { encoding: 'utf-8', timeout: 3000 })
+  return JSON.stringify({
+    deno: {
+      available: true,
+      version: (ver.stdout || '').split('\n')[0]?.trim() || null,
+    },
+    sandboxReady: true,
+  })
 }
 
 /**
@@ -142,18 +116,23 @@ async function executeListRuntimes() {
  */
 const SandboxPlugin: Plugin = {
   name: 'Core Sandbox',
-  description: 'Secure isolated code execution for JS, TS, and Python.',
+  description: 'Deno-based isolated code execution for JavaScript and TypeScript when custom code is necessary.',
   hooks: {
-    getCapabilityDescription: () => 'I can run code in a sandbox (`sandbox_exec`) — JS/TS via Deno or Python, in an isolated environment. I get stdout, stderr, and any files created.',
+    getCapabilityDescription: () => 'I can run JavaScript or TypeScript in a Deno sandbox (`sandbox_exec`) when custom code is necessary. For straightforward API calls, use `http_request` instead.',
+    getOperatingGuidance: () => [
+      'Use `http_request` for straightforward REST/JSON API calls instead of writing code in `sandbox_exec`.',
+      'Use `sandbox_exec` only when custom parsing or transformation code is actually needed.',
+      'For recurring automations, prefer `plugin_creator` plus `manage_schedules` over repeated sandbox runs.',
+    ],
   } as PluginHooks,
   tools: [
     {
       name: 'sandbox_exec',
-      description: 'Execute code in an isolated sandbox.',
+      description: 'Execute JavaScript or TypeScript in a Deno sandbox when custom code is necessary.',
       parameters: {
         type: 'object',
         properties: {
-          language: { type: 'string', enum: ['javascript', 'typescript', 'python'] },
+          language: { type: 'string', enum: ['javascript', 'typescript'] },
           code: { type: 'string' },
           timeoutSec: { type: 'number' }
         },
@@ -163,7 +142,7 @@ const SandboxPlugin: Plugin = {
     },
     {
       name: 'sandbox_list_runtimes',
-      description: 'List available sandbox runtimes.',
+      description: 'Report whether the Deno sandbox runtime is available.',
       parameters: { type: 'object', properties: {} },
       execute: async () => executeListRuntimes()
     }
@@ -185,7 +164,11 @@ export function buildSandboxTools(bctx: ToolBuildContext): StructuredToolInterfa
       {
         name: 'sandbox_exec',
         description: SandboxPlugin.tools![0].description,
-        schema: z.object({}).passthrough()
+        schema: z.object({
+          language: z.enum(['javascript', 'typescript']),
+          code: z.string(),
+          timeoutSec: z.number().optional(),
+        })
       }
     ),
     tool(
@@ -198,29 +181,5 @@ export function buildSandboxTools(bctx: ToolBuildContext): StructuredToolInterfa
     )
   )
 
-  const openclawPath = findBinaryOnPath('openclaw') || findBinaryOnPath('clawdbot')
-  if (openclawPath) {
-    tools.push(
-      tool(
-        async (rawArgs) => {
-          const normalized = normalizeToolInputArgs((rawArgs ?? {}) as Record<string, unknown>)
-          const code = normalized.code as string | undefined
-          const explain = normalized.explain as boolean | undefined
-          try {
-            if (!code) return JSON.stringify({ error: 'code is required' })
-            const args = explain ? ['sandbox', 'explain', code] : ['sandbox', 'run', code]
-            const result = spawnSync(openclawPath, args, { encoding: 'utf-8', timeout: 60_000, maxBuffer: MAX_OUTPUT })
-            return JSON.stringify({ exitCode: result.status ?? 0, stdout: truncate(result.stdout || '', MAX_OUTPUT), stderr: truncate(result.stderr || '', MAX_OUTPUT) })
-          } catch (err: any) { return JSON.stringify({ error: err.message }) }
-        },
-        {
-          name: 'openclaw_sandbox',
-          description: 'Execute or explain code through OpenClaw CLI.',
-          schema: z.object({ code: z.string(), explain: z.boolean().optional() }),
-        }
-      )
-    )
-  }
-
   return tools
 }

package/src/lib/server/session-tools/session-info.ts

@@ -25,9 +25,30 @@ async function executeWhoAmI(context: { sessionId?: string; agentId?: string })
   } catch (err: any) { return `Error: ${err.message}` }
 }
 
+function inferSessionsAction(
+  normalized: Record<string, unknown>,
+  context: { sessionId?: string; agentId?: string },
+): string | undefined {
+  const explicit = typeof normalized.action === 'string' ? normalized.action.trim() : ''
+  if (explicit) return explicit
+
+  const hasUpdates = !!normalized.updates && typeof normalized.updates === 'object'
+  const hasSpawnTarget = typeof normalized.agentId === 'string' || typeof normalized.agent_id === 'string'
+  const hasHistoryTarget =
+    typeof normalized.sessionId === 'string'
+    || typeof normalized.session_id === 'string'
+    || typeof normalized.limit === 'number'
+    || !!context.sessionId
+
+  if (hasUpdates) return 'update'
+  if (hasSpawnTarget) return 'spawn'
+  if (hasHistoryTarget) return 'history'
+  return 'list'
+}
+
 async function executeSessionsAction(args: any, context: { sessionId?: string; agentId?: string; cwd: string }) {
   const normalized = normalizeToolInputArgs((args ?? {}) as Record<string, unknown>)
-  const action = normalized.action as string | undefined
+  const action = inferSessionsAction(normalized, context)
   const sessionId = (normalized.sessionId ?? normalized.session_id) as string | undefined
   const message = normalized.message as string | undefined
   const limit = normalized.limit as number | undefined

package/src/lib/server/session-tools/session-tools-wiring.test.ts

@@ -32,12 +32,14 @@ describe('module exports', () => {
     const crawl = await import('./crawl')
     const mailbox = await import('./mailbox')
     const humanLoop = await import('./human-loop')
+    const sandbox = await import('./sandbox')
     assert.equal(typeof document.buildDocumentTools, 'function')
     assert.equal(typeof extract.buildExtractTools, 'function')
     assert.equal(typeof table.buildTableTools, 'function')
     assert.equal(typeof crawl.buildCrawlTools, 'function')
     assert.equal(typeof mailbox.buildMailboxTools, 'function')
     assert.equal(typeof humanLoop.buildHumanLoopTools, 'function')
+    assert.equal(typeof sandbox.buildSandboxTools, 'function')
   })
 })
 
@@ -72,6 +74,27 @@ describe('buildSessionTools signature', () => {
     // Verify the function has arity of at least 2
     assert.ok(buildSessionTools.length >= 2, 'buildSessionTools should accept at least 2 params')
   })
+
+  it('sandbox builder exposes only the local Deno sandbox tools', async () => {
+    const { buildSandboxTools } = await import('./sandbox')
+    const bctx: import('./context').ToolBuildContext = {
+      cwd: process.cwd(),
+      ctx: { sessionId: 'sandbox-test' },
+      hasPlugin: (name) => name === 'sandbox',
+      hasTool: (name) => name === 'sandbox',
+      cleanupFns: [],
+      commandTimeoutMs: 1_000,
+      claudeTimeoutMs: 1_000,
+      cliProcessTimeoutMs: 1_000,
+      persistDelegateResumeId: () => {},
+      readStoredDelegateResumeId: () => null,
+      resolveCurrentSession: () => null,
+      activePlugins: ['sandbox'],
+    }
+
+    const tools = buildSandboxTools(bctx).map((tool) => tool.name).sort()
+    assert.deepEqual(tools, ['sandbox_exec', 'sandbox_list_runtimes'])
+  })
 })
 
 // ---------------------------------------------------------------------------

package/src/lib/server/session-tools/shell.ts

@@ -163,8 +163,8 @@ const ShellPlugin: Plugin = {
   name: 'Core Shell',
   description: 'Execute shell commands and manage background processes.',
   hooks: {
-    getCapabilityDescription: () => 'I can run shell commands (`execute_command`) — servers, installs, scripts, git, builds, anything. I can run things in the background for long-lived processes like dev servers.',
-    getOperatingGuidance: () => ['Shell: use `execute_command` for servers, installs, scripts, git. Use `background=true` for long-lived processes.', 'Verify servers with `process_tool` status/log and liveness probes before claiming success.', 'Resolve IPs/URLs via shell — never use placeholders. Retry path errors without workdir override.'],
+    getCapabilityDescription: () => 'I can run shell commands with the unified `shell` tool. Use action `execute` for commands, and `list` / `status` / `poll` / `log` for long-lived processes.',
+    getOperatingGuidance: () => ['Shell: use `shell` with `{"action":"execute","command":"..."}` for servers, installs, scripts, and git. Use `background=true` for long-lived processes.', 'Verify servers with `shell` status/log actions and liveness probes before claiming success.', 'Resolve IPs/URLs via shell — never use placeholders. Retry path errors without workdir override.'],
   } as PluginHooks,
   tools: [
     {

package/src/lib/server/session-tools/subagent.ts

@@ -9,6 +9,7 @@ import type { ToolBuildContext } from './context'
 import type { Plugin, PluginHooks } from '@/types'
 import { getPluginManager } from '../plugins'
 import { normalizeToolInputArgs } from './normalize-tool-args'
+import { applyResolvedRoute, resolvePrimaryAgentRoute } from '../agent-runtime-config'
 import {
   appendDelegationCheckpoint,
   cancelDelegationJob,
@@ -74,7 +75,7 @@ async function startSubagentJob(jobId: string, args: {
   const sessions = loadSessions()
   const parent = context.sessionId ? sessions[context.sessionId] : null
   const browserProfileId = resolveSubagentBrowserProfileId(parent, sid, args.shareBrowserProfile === true)
-  sessions[sid] = {
+  const nextSession = {
     id: sid,
     name: `subagent-${agent.name}`,
     cwd: args.cwd || context.cwd,
@@ -91,6 +92,7 @@ async function startSubagentJob(jobId: string, args: {
     plugins: agent.plugins || agent.tools || [],
     browserProfileId,
   }
+  sessions[sid] = applyResolvedRoute(nextSession, resolvePrimaryAgentRoute(agent))
   saveSessions(sessions)
 
   startDelegationJob(jobId, {

package/src/lib/server/session-tools/web.ts

@@ -222,7 +222,7 @@ const WebPlugin: Plugin = {
   name: 'Core Web',
   description: 'Search the web and fetch content from URLs.',
   hooks: {
-    getCapabilityDescription: () => 'I can search the web (`web_search`) for research, fact-checking, and discovery.',
+    getCapabilityDescription: () => 'I can use the unified `web` tool with action `search` for research and action `fetch` for reading a URL.',
   } as PluginHooks,
   tools: [
     {
@@ -400,9 +400,12 @@ export function buildWebTools(bctx: ToolBuildContext): StructuredToolInterface[]
     }
 
     const stringifyStructured = (value: unknown): string => truncate(JSON.stringify(value, null, 2), MAX_OUTPUT)
+    const callBrowserEvaluate = (fn: string) => callMcpTool('browser_evaluate', {
+      function: fn,
+    })
 
     const captureStructuredObservation = async () => {
-      const expression = `(() => {
+      const expression = `() => {
         const normalize = (value) => String(value || '').replace(/\\s+/g, ' ').trim();
         const visible = (el) => {
           if (!el) return false;
@@ -445,17 +448,27 @@ export function buildWebTools(bctx: ToolBuildContext): StructuredToolInterface[]
           .slice(0, 10)
           .map((el) => normalize(el.innerText || el.textContent))
           .filter(Boolean);
-        return JSON.stringify({
+        const textPreview = normalize(document.body?.innerText || document.body?.textContent || '').slice(0, 1200);
+        const lowerPreview = textPreview.toLowerCase();
+        const notices = [];
+        if (/ask the human|out-of-band|do not guess|verification code required/.test(lowerPreview)) {
+          notices.push({
+            type: 'human_input_required',
+            message: 'This page requires human-provided input. Ask the human instead of guessing or repeatedly submitting blank values.',
+          });
+        }
+        return {
           url: window.location.href,
           title: document.title || null,
-          textPreview: normalize(document.body?.innerText || document.body?.textContent || '').slice(0, 1200),
+          textPreview,
           links,
           forms,
           tables,
           errors,
-        });
-      })()`
-      const raw = await callMcpTool('browser_evaluate', { expression })
+          notices,
+        };
+      }`
+      const raw = await callBrowserEvaluate(expression)
       const parsed = extractJsonPayload(raw)
       if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
         const observation = {
@@ -638,18 +651,39 @@ export function buildWebTools(bctx: ToolBuildContext): StructuredToolInterface[]
 
     const dismissCookieBanners = async (mcpCall: (toolName: string, args: Record<string, unknown>) => Promise<string>) => {
       await new Promise((r) => setTimeout(r, 1500))
-      const js = `(() => {
+      const js = `() => {
         const sel = ['button[id*="reject" i]', 'button[class*="reject" i]', 'a[id*="reject" i]', 'a[class*="reject" i]', '#onetrust-reject-all-handler', '#CybotCookiebotDialogBodyButtonDecline', '#didomi-notice-disagree-button', '.qc-cmp2-summary-buttons button:first-child', 'button.sp_choice_type_12'];
         for (const s of sel) { const el = document.querySelector(s); if (el && el.offsetParent !== null) { el.click(); return 'dismissed:' + s; } }
         const btns = [...document.querySelectorAll('button, a[role="button"]')]; const rejectRe = /^(reject|reject all|decline|deny|refuse|no,? thanks|only necessary|necessary only)$/i;
         for (const b of btns) { const txt = (b.textContent || '').trim(); if (rejectRe.test(txt) && b.offsetParent !== null) { b.click(); return 'dismissed:text=' + txt; } }
         return 'none';
-      })()`
-      await mcpCall('browser_evaluate', { expression: js })
+      }`
+      await mcpCall('browser_evaluate', { function: js })
     }
 
     const performFillForm = async (params: Record<string, unknown>) => {
-      const fields = Array.isArray(params.fields) ? params.fields : []
+      const fields = Array.isArray(params.fields)
+        ? params.fields
+        : (() => {
+            const form = params.form
+            if (!form || typeof form !== 'object' || Array.isArray(form)) return []
+            return Object.entries(form as Record<string, unknown>).map(([key, value]) => {
+              const escapedId = String(key).replace(/[^a-zA-Z0-9_-]/g, '')
+              const escapedAttr = String(key).replace(/["\\]/g, '\\$&')
+              const inferredType = typeof value === 'boolean'
+                ? 'checkbox'
+                : /password/i.test(key)
+                  ? 'password'
+                  : 'text'
+              return {
+                element: escapedId
+                  ? `#${escapedId}, [name="${escapedAttr}"]`
+                  : `[name="${escapedAttr}"]`,
+                type: inferredType,
+                value,
+              }
+            })
+          })()
       if (fields.length === 0) return { ok: false, error: 'fields is required for fill_form.' }
       const filled: Array<Record<string, unknown>> = []
       for (const field of fields) {
@@ -692,14 +726,29 @@ export function buildWebTools(bctx: ToolBuildContext): StructuredToolInterface[]
           element: typeof params.submitElement === 'string' ? params.submitElement : undefined,
         })
       } else {
-        await callMcpTool('browser_press_key', { key: typeof params.key === 'string' ? params.key : 'Enter' })
+        await callBrowserEvaluate(`() => {
+          const form = document.forms[0];
+          if (!form) return { submitted: false, reason: 'no-form' };
+          const submitButton = form.querySelector('button[type="submit"], input[type="submit"], button');
+          if (submitButton && typeof submitButton.click === 'function') {
+            submitButton.click();
+            return { submitted: true, method: 'click' };
+          }
+          if (typeof form.requestSubmit === 'function') {
+            form.requestSubmit();
+            return { submitted: true, method: 'requestSubmit' };
+          }
+          if (typeof form.submit === 'function') {
+            form.submit();
+            return { submitted: true, method: 'submit' };
+          }
+          return { submitted: false, reason: 'no-submit-method' };
+        }`)
       }
 
       const waitMs = typeof params.waitMs === 'number' ? Math.max(250, params.waitMs) : 1000
       try {
-        await callMcpTool('browser_evaluate', {
-          expression: `await new Promise(resolve => setTimeout(resolve, ${Math.min(waitMs, 5000)}))`,
-        })
+        await callBrowserEvaluate(`async () => { await new Promise(resolve => setTimeout(resolve, ${Math.min(waitMs, 5000)})); }`)
       } catch {
         await new Promise((resolve) => setTimeout(resolve, waitMs))
       }
@@ -723,18 +772,16 @@ export function buildWebTools(bctx: ToolBuildContext): StructuredToolInterface[]
       const maxScrolls = typeof params.maxScrolls === 'number' ? Math.max(1, Math.min(20, params.maxScrolls)) : 8
       let matchedAtStep = -1
       for (let index = 0; index < maxScrolls; index += 1) {
-        const result = await callMcpTool('browser_evaluate', {
-          expression: `(() => {
+        const result = await callBrowserEvaluate(`() => {
             const bodyText = String(document.body?.innerText || document.body?.textContent || '');
             const selector = ${JSON.stringify(selector)};
             const containsText = ${JSON.stringify(containsText)};
             const match = (selector && !!document.querySelector(selector))
               || (containsText && bodyText.includes(containsText));
-            if (match) return JSON.stringify({ found: true, scrollY: window.scrollY, step: ${index} });
+            if (match) return { found: true, scrollY: window.scrollY, step: ${index} };
             window.scrollBy({ top: Math.max(window.innerHeight * 0.85, 600), behavior: 'instant' });
-            return JSON.stringify({ found: false, scrollY: window.scrollY, step: ${index} });
-          })()`,
-        })
+            return { found: false, scrollY: window.scrollY, step: ${index} };
+          }`)
         const payload = extractJsonPayload(result)
         if (payload && typeof payload === 'object' && !Array.isArray(payload) && (payload as Record<string, unknown>).found === true) {
           matchedAtStep = index
@@ -756,8 +803,7 @@ export function buildWebTools(bctx: ToolBuildContext): StructuredToolInterface[]
       const linkText = typeof params.linkText === 'string' ? params.linkText.trim() : ''
       const hrefContains = typeof params.hrefContains === 'string' ? params.hrefContains.trim() : ''
       if (!linkText && !hrefContains) return null
-      const result = await callMcpTool('browser_evaluate', {
-        expression: `(() => {
+      const result = await callBrowserEvaluate(`() => {
           const linkText = ${JSON.stringify(linkText)};
           const hrefContains = ${JSON.stringify(hrefContains)};
           const links = Array.from(document.querySelectorAll('a[href]'));
@@ -769,9 +815,8 @@ export function buildWebTools(bctx: ToolBuildContext): StructuredToolInterface[]
             if (hrefContains && href.toLowerCase().includes(hrefContains.toLowerCase())) return true;
             return false;
           });
-          return JSON.stringify({ href: match ? (match.href || match.getAttribute('href') || '') : null });
-        })()`,
-      })
+          return { href: match ? (match.href || match.getAttribute('href') || '') : null };
+        }`)
       const payload = extractJsonPayload(result)
       if (payload && typeof payload === 'object' && !Array.isArray(payload)) {
         const href = (payload as Record<string, unknown>).href
@@ -1083,16 +1128,14 @@ export function buildWebTools(bctx: ToolBuildContext): StructuredToolInterface[]
 
             if (action === 'screenshot' || action === 'snapshot') {
               try {
-                await callMcpTool('browser_evaluate', {
-                  expression: `await new Promise(resolve => {
+                await callBrowserEvaluate(`async () => { await new Promise(resolve => {
                     if (document.readyState === 'complete') {
                       setTimeout(resolve, 1200);
                     } else {
                       window.addEventListener('load', () => setTimeout(resolve, 1200), { once: true });
                       setTimeout(resolve, 5000);
                     }
-                  })`,
-                })
+                  }); }`)
               } catch {
                 await new Promise((r) => setTimeout(r, 1200))
               }

package/src/lib/server/storage.ts

@@ -5,7 +5,9 @@ import os from 'os'
 import Database from 'better-sqlite3'
 
 import { DATA_DIR, WORKSPACE_DIR } from './data-dir'
-import type { Message } from '@/types'
+import { normalizeHeartbeatSettingFields } from '@/lib/heartbeat-defaults'
+import { normalizeRuntimeSettingFields } from '@/lib/runtime-loop'
+import type { ExternalAgentRuntime, GatewayProfile, Message } from '@/types'
 export const UPLOAD_DIR = path.join(DATA_DIR, 'uploads')
 
 // --- LRU Cache ---
@@ -135,6 +137,7 @@ const COLLECTIONS = [
   'tasks',
   'secrets',
   'provider_configs',
+  'gateway_profiles',
   'skills',
   'connectors',
   'documents',
@@ -159,6 +162,7 @@ const COLLECTIONS = [
   'browser_sessions',
   'watch_jobs',
   'delegation_jobs',
+  'external_agents',
 ] as const
 
 export type StorageCollection = (typeof COLLECTIONS)[number]
@@ -352,10 +356,12 @@ const JSON_FILES: Record<string, string> = {
   tasks: path.join(DATA_DIR, 'tasks.json'),
   secrets: path.join(DATA_DIR, 'secrets.json'),
   provider_configs: path.join(DATA_DIR, 'providers.json'),
+  gateway_profiles: path.join(DATA_DIR, 'gateways.json'),
   skills: path.join(DATA_DIR, 'skills.json'),
   connectors: path.join(DATA_DIR, 'connectors.json'),
   documents: path.join(DATA_DIR, 'documents.json'),
   webhooks: path.join(DATA_DIR, 'webhooks.json'),
+  external_agents: path.join(DATA_DIR, 'external-agents.json'),
 }
 
 const MIGRATION_FLAG = path.join(DATA_DIR, '.sqlite_migrated')
@@ -803,6 +809,8 @@ function isProvidedSecretValue(value: unknown): value is string {
 
 function buildPersistedSettings(input: Record<string, any>, existing?: PersistedSettingsRecord): PersistedSettingsRecord {
   const next = cloneRecord(input) as PersistedSettingsRecord
+  Object.assign(next, normalizeRuntimeSettingFields(next))
+  Object.assign(next, normalizeHeartbeatSettingFields(next))
   const encrypted = {
     ...(existing ? getEncryptedAppSettings(existing) : {}),
     ...getEncryptedAppSettings(next),
@@ -935,6 +943,15 @@ export function saveProviderConfigs(p: Record<string, any>) {
   saveCollection('provider_configs', p)
 }
 
+// --- Gateway Profiles ---
+export function loadGatewayProfiles(): Record<string, any> {
+  return loadCollection('gateway_profiles') as Record<string, GatewayProfile>
+}
+
+export function saveGatewayProfiles(g: Record<string, GatewayProfile>) {
+  saveCollection('gateway_profiles', g)
+}
+
 // --- Model Overrides (user-added models for built-in providers) ---
 export function loadModelOverrides(): Record<string, string[]> {
   return loadCollection('model_overrides') as Record<string, string[]>
@@ -964,6 +981,15 @@ export function saveSkills(s: Record<string, any>) {
   saveCollection('skills', s)
 }
 
+// --- External Agent Runtimes ---
+export function loadExternalAgents(): Record<string, ExternalAgentRuntime> {
+  return loadCollection('external_agents') as Record<string, ExternalAgentRuntime>
+}
+
+export function saveExternalAgents(items: Record<string, ExternalAgentRuntime>) {
+  saveCollection('external_agents', items)
+}
+
 // --- Usage ---
 export function loadUsage(): Record<string, any[]> {
   const stmt = db.prepare('SELECT session_id, data FROM usage')
@@ -1067,11 +1093,11 @@ export function saveIntegrityBaselines(entries: Record<string, any>) {
 }
 
 // --- Webhook Logs ---
-export function loadWebhookLogs(): Record<string, any> {
+export function loadWebhookLogs(): Record<string, unknown> {
   return loadCollection('webhook_logs')
 }
 
-export function appendWebhookLog(id: string, entry: any) {
+export function appendWebhookLog(id: string, entry: unknown) {
   upsertCollectionItem('webhook_logs', id, entry)
 }