@swarmclawai/swarmclaw 0.7.7 → 0.8.0

package/src/lib/server/session-tools/normalize-tool-args.ts

@@ -43,7 +43,7 @@ export function normalizeToolInputArgs(rawArgs: ToolArgsRecord): ToolArgsRecord
 
     for (const [key, value] of Object.entries(current)) {
       if (value === undefined || value === null) continue
-      normalized[key] = value
+      if (!(key in normalized)) normalized[key] = value
     }
   }
 

package/src/lib/server/session-tools/platform-access.test.ts

@@ -0,0 +1,58 @@
+import assert from 'node:assert/strict'
+import { afterEach, describe, it } from 'node:test'
+import type { ToolBuildContext } from './context'
+import { buildPlatformTools } from './platform'
+import { loadSettings, saveSettings } from '../storage'
+
+const originalSettings = loadSettings()
+
+afterEach(() => {
+  saveSettings(originalSettings)
+})
+
+function buildTestContext(hasPlugin: (name: string) => boolean): ToolBuildContext {
+  return {
+    cwd: process.cwd(),
+    ctx: undefined,
+    hasPlugin,
+    hasTool: hasPlugin,
+    cleanupFns: [],
+    commandTimeoutMs: 1_000,
+    claudeTimeoutMs: 1_000,
+    cliProcessTimeoutMs: 1_000,
+    persistDelegateResumeId: () => {},
+    readStoredDelegateResumeId: () => null,
+    resolveCurrentSession: () => null,
+    activePlugins: ['manage_platform'],
+  }
+}
+
+describe('buildPlatformTools', () => {
+  it('blocks task resources when task management is disabled', async () => {
+    saveSettings({
+      ...originalSettings,
+      taskManagementEnabled: false,
+      projectManagementEnabled: true,
+    })
+
+    const [toolEntry] = buildPlatformTools(buildTestContext((name) => name === 'manage_platform'))
+    assert.ok(toolEntry)
+
+    const result = await toolEntry.invoke({ resource: 'tasks', action: 'list' })
+    assert.match(String(result), /task management is disabled/i)
+  })
+
+  it('allows project resources through manage_platform when project management is enabled', async () => {
+    saveSettings({
+      ...originalSettings,
+      taskManagementEnabled: true,
+      projectManagementEnabled: true,
+    })
+
+    const [toolEntry] = buildPlatformTools(buildTestContext((name) => name === 'manage_platform'))
+    assert.ok(toolEntry)
+
+    const result = await toolEntry.invoke({ resource: 'projects', action: 'list' })
+    assert.doesNotMatch(String(result), /unknown resource|disabled/i)
+  })
+})

package/src/lib/server/session-tools/platform.ts

@@ -2,9 +2,13 @@ import { z } from 'zod'
 import { tool, type StructuredToolInterface } from '@langchain/core/tools'
 import { buildCrudTools } from './crud'
 import type { ToolBuildContext } from './context'
-import type { Plugin, PluginHooks } from '@/types'
+import type { Plugin, PluginHooks, Session } from '@/types'
 import { getPluginManager } from '../plugins'
 import { normalizeToolInputArgs } from './normalize-tool-args'
+import { loadSettings } from '../storage'
+import { resolveSessionToolPolicy } from '../tool-capability-policy'
+import { loadRuntimeSettings } from '../runtime-settings'
+import { expandPluginIds } from '../tool-aliases'
 
 function parsePlatformData(value: unknown): Record<string, unknown> | null {
   if (!value) return null
@@ -39,6 +43,7 @@ function normalizePlatformResourceName(value: unknown): string | undefined {
   if (!normalized) return undefined
   const singularMap: Record<string, string> = {
     agent: 'agents',
+    project: 'projects',
     task: 'tasks',
     backlog_task: 'tasks',
     'backlog-task': 'tasks',
@@ -144,33 +149,69 @@ function uniqueStrings(values: Array<string | undefined>): string[] {
   return [...new Set(values.filter((value): value is string => Boolean(value)))]
 }
 
+function resolvePlatformResourceAccess(toolId: string, bctx: ToolBuildContext): { allowed: boolean; reason: string | null } {
+  if (bctx.hasPlugin(toolId)) return { allowed: true, reason: null }
+  if (!bctx.hasPlugin('manage_platform')) return { allowed: false, reason: null }
+  const settings = loadSettings()
+  const decision = resolveSessionToolPolicy(['manage_platform', toolId], settings)
+  const allowed = decision.enabledPlugins.includes(toolId)
+  const blocked = decision.blockedPlugins.find((entry) => entry.tool === toolId)
+  return { allowed, reason: blocked?.reason || null }
+}
+
+function buildPlatformContextFromSession(session: Session): ToolBuildContext {
+  const runtime = loadRuntimeSettings()
+  const sessionPlugins = Array.isArray(session.plugins) ? session.plugins : []
+  const legacyTools = Array.isArray(session.tools) ? session.tools : []
+  const activePlugins = expandPluginIds([...sessionPlugins, ...legacyTools, 'manage_platform'])
+  const activePluginSet = new Set(activePlugins)
+  const hasPlugin = (name: string) => activePluginSet.has(name)
+
+  return {
+    cwd: session.cwd || process.cwd(),
+    ctx: {
+      sessionId: session.id,
+      agentId: session.agentId ?? null,
+    },
+    hasPlugin,
+    hasTool: hasPlugin,
+    cleanupFns: [],
+    commandTimeoutMs: runtime.shellCommandTimeoutMs,
+    claudeTimeoutMs: runtime.claudeCodeTimeoutMs,
+    cliProcessTimeoutMs: runtime.cliProcessTimeoutMs,
+    persistDelegateResumeId: () => {},
+    readStoredDelegateResumeId: () => null,
+    resolveCurrentSession: () => session,
+    activePlugins,
+  }
+}
+
 /**
  * Unified Platform Execution Logic
  */
-async function executePlatformAction(args: any, bctx: any) {
+async function executePlatformAction(args: any, bctx: ToolBuildContext) {
   const normalized = normalizePlatformActionArgs((args ?? {}) as Record<string, unknown>)
   const { resource, action, id, data } = normalized
+  const resourceName = typeof resource === 'string' ? resource : ''
   
   // We reuse the existing CRUD tool logic but expose it via a single tool
   const crudTools = buildCrudTools({
     ...bctx,
-    hasPlugin: (id: string) => [
-      'manage_agents',
-      'manage_tasks',
-      'manage_schedules',
-      'manage_skills',
-      'manage_documents',
-      'manage_secrets',
-      'manage_connectors',
-      'manage_sessions'
-    ].includes(id)
+    hasPlugin: (toolId: string) => resolvePlatformResourceAccess(toolId, bctx).allowed,
   })
 
-  const targetToolName = `manage_${resource}`
+  const targetToolName = `manage_${resourceName}`
   const targetTool = crudTools.find(t => t.name === targetToolName)
   
   if (!targetTool) {
-    return `Error: Unknown resource type "${resource}". Valid resources: agents, tasks, schedules, skills, documents, secrets, connectors, sessions.`
+    const knownResources = ['agents', 'projects', 'tasks', 'schedules', 'skills', 'documents', 'secrets', 'connectors', 'sessions']
+    if (resourceName && knownResources.includes(resourceName)) {
+      const toolId = `manage_${resourceName}`
+      const access = resolvePlatformResourceAccess(toolId, bctx)
+      const suffix = access.reason ? ` (${access.reason})` : ''
+      return `Error: Resource "${resourceName}" is disabled by app settings or capability policy in this chat${suffix}.`
+    }
+    return `Error: Unknown resource type "${resourceName || resource}". Valid resources: ${knownResources.join(', ')}.`
   }
 
   // Forward to the specific CRUD tool implementation
@@ -182,10 +223,10 @@ async function executePlatformAction(args: any, bctx: any) {
  */
 const PlatformPlugin: Plugin = {
   name: 'Core Platform',
-  description: 'Unified management of agents, tasks, schedules, skills, documents, and secrets.',
+  description: 'Unified management of agents, projects, tasks, schedules, skills, documents, and secrets.',
   hooks: {
-    getCapabilityDescription: () => 'I can create and configure other agents (`manage_agents`), manage tasks (`manage_tasks`), set up schedules (`manage_schedules`), store and search documents (`manage_documents`), register webhooks (`manage_webhooks`), manage reusable skills (`manage_skills`), and store encrypted secrets (`manage_secrets`).',
-    getOperatingGuidance: () => ['Create/update tasks for long-lived goals to track progress.', 'Use schedules for follow-ups. Check existing schedules before creating new ones.', 'Inspect existing chats before creating duplicates.'],
+    getCapabilityDescription: () => 'I can manage durable execution context across agents, projects, tasks, schedules, documents, skills, webhooks, connectors, sessions, and encrypted secrets.',
+    getOperatingGuidance: () => ['Use projects to hold longer-lived goals, objectives, and credential requirements.', 'Create/update tasks for long-lived goals to track progress.', 'Use schedules for follow-ups and heartbeat-style check-ins. Check existing schedules before creating new ones.', 'Inspect existing chats before creating duplicates.'],
   } as PluginHooks,
   tools: [
     {
@@ -194,14 +235,14 @@ const PlatformPlugin: Plugin = {
       parameters: {
         type: 'object',
         properties: {
-          resource: { type: 'string', enum: ['agents', 'tasks', 'schedules', 'skills', 'documents', 'secrets', 'connectors', 'sessions'] },
+          resource: { type: 'string', enum: ['agents', 'projects', 'tasks', 'schedules', 'skills', 'documents', 'secrets', 'connectors', 'sessions'] },
           action: { type: 'string', enum: ['list', 'get', 'create', 'update', 'delete'] },
           id: { type: 'string' },
           data: { type: 'string' }
         },
         required: ['resource', 'action']
       },
-      execute: async (args, context) => executePlatformAction(args, { ...context.session, ctx: context.session })
+      execute: async (args, context) => executePlatformAction(args, buildPlatformContextFromSession(context.session))
     }
   ]
 }

package/src/lib/server/session-tools/plugin-creator.ts

@@ -4,7 +4,7 @@ import fs from 'fs'
 import path from 'path'
 import { DATA_DIR } from '../data-dir'
 import type { ToolBuildContext } from './context'
-import type { Plugin, PluginHooks } from '@/types'
+import type { ApprovalRequest, Plugin, PluginHooks } from '@/types'
 import { getPluginManager } from '../plugins'
 import { normalizeToolInputArgs } from './normalize-tool-args'
 
@@ -240,6 +240,38 @@ Key rules:
   }
 }
 
+function trimString(value: unknown): string {
+  return typeof value === 'string' ? value.trim() : ''
+}
+
+function buildPluginCreatorApprovalResumeInput(approval: ApprovalRequest): Record<string, unknown> | null {
+  if (approval.category === 'plugin_scaffold') {
+    const filename = trimString(approval.data.filename)
+    const code = trimString(approval.data.code)
+    if (!filename || !code) return null
+    return {
+      action: 'scaffold',
+      filename,
+      code,
+      packageJson: approval.data.packageJson,
+      packageManager: trimString(approval.data.packageManager) || undefined,
+      approved: true,
+    }
+  }
+  if (approval.category === 'plugin_install') {
+    const filename = trimString(approval.data.filename)
+    if (!filename) return null
+    return {
+      action: 'install_dependencies',
+      filename,
+      packageJson: approval.data.packageJson,
+      packageManager: trimString(approval.data.packageManager) || undefined,
+      approved: true,
+    }
+  }
+  return null
+}
+
 /**
  * Register as a Built-in Plugin
  */
@@ -253,6 +285,30 @@ const PluginCreatorPlugin: Plugin = {
       'Put API keys in plugin settings or SwarmClaw secrets instead of hardcoding them in plugin source.',
       'Call `get_spec` before scaffolding so the plugin follows the current contract.',
     ],
+    getApprovalGuidance: ({ approval, phase, approved }) => {
+      if (approval.category !== 'plugin_scaffold' && approval.category !== 'plugin_install') return null
+      if (phase === 'request') {
+        return [
+          'When this approval is granted, continue with `plugin_creator_tool` for the exact approved action instead of asking again in prose.',
+          'Do not change the approved filename, dependency manifest, or package manager unless tool evidence proves the approved action can no longer execute as approved.',
+        ]
+      }
+      if (phase === 'connector_reminder') {
+        return 'Approving this lets the agent resume the exact plugin scaffolding or dependency install step automatically.'
+      }
+      if (approved !== true) {
+        return 'Do not retry the rejected plugin scaffolding or install request unless the exact requested action materially changes.'
+      }
+      const resumeInput = buildPluginCreatorApprovalResumeInput(approval)
+      const lines = [
+        'Resume immediately with `plugin_creator_tool` using the exact approved action.',
+        'Do not re-explain or re-request the same plugin action once approval has been granted.',
+      ]
+      if (resumeInput) {
+        lines.push(`Exact tool input: ${JSON.stringify(resumeInput)}`)
+      }
+      return lines
+    },
   } as PluginHooks,
   tools: [
     {

package/src/lib/server/session-tools/primitive-tools.test.ts

@@ -176,6 +176,12 @@ describe('primitive tools', () => {
     watchJobs.triggerMailboxWatchJobs({ sessionId: 'session_1', envelope: replyEnvelope })
     assert.equal(watchJobs.getWatchJob(replyWatch.id)?.status, 'triggered')
 
+    const ackedReply = JSON.parse(String(await humanTool.invoke({
+      action: 'ack_mailbox',
+    })))
+    assert.equal(ackedReply.id, replyEnvelope.id)
+    assert.equal(ackedReply.status, 'ack')
+
     const approval = JSON.parse(String(await humanTool.invoke({
       action: 'request_approval',
       title: 'Need signoff',

package/src/lib/server/session-tools/schedule.ts

@@ -20,7 +20,12 @@ async function executeScheduleWake(args: { delayMinutes: number; message: string
 
   if (delayMinutes === 0) {
     enqueueSystemEvent(context.sessionId, `[Scheduled Wake Event / Reminder] ${message}`)
-    requestHeartbeatNow({ sessionId: context.sessionId, reason: 'scheduled_wake' })
+    requestHeartbeatNow({
+      sessionId: context.sessionId,
+      reason: 'scheduled_wake',
+      source: 'schedule_wake',
+      resumeMessage: message,
+    })
     return 'Successfully scheduled an immediate wake event.'
   }
 

package/src/lib/server/session-tools/shell-normalize.test.ts

@@ -1,6 +1,6 @@
 import { describe, it } from 'node:test'
 import assert from 'node:assert/strict'
-import { normalizeShellArgs } from './shell'
+import { normalizeShellArgs, rewriteShellWorkspaceAliases, stripManagedBackgroundSuffix } from './shell'
 
 describe('normalizeShellArgs', () => {
   it('keeps explicit action + command', () => {
@@ -41,3 +41,27 @@ describe('normalizeShellArgs', () => {
     assert.equal(out.command, 'pwd')
   })
 })
+
+describe('rewriteShellWorkspaceAliases', () => {
+  it('maps /workspace paths inside shell commands to the session cwd', () => {
+    const out = rewriteShellWorkspaceAliases('/tmp/agent-workspace', 'cd /workspace/research && ls /workspace/file.md')
+    assert.equal(out, 'cd /tmp/agent-workspace/research && ls /tmp/agent-workspace/file.md')
+  })
+
+  it('maps workspace/ relative aliases without touching unrelated text', () => {
+    const out = rewriteShellWorkspaceAliases('/tmp/agent-workspace', 'cat workspace/topics/one.md && echo https://example.com/workspace/demo')
+    assert.equal(out, 'cat /tmp/agent-workspace/topics/one.md && echo https://example.com/workspace/demo')
+  })
+})
+
+describe('stripManagedBackgroundSuffix', () => {
+  it('removes a trailing ampersand for managed background commands', () => {
+    const out = stripManagedBackgroundSuffix('python3 -m http.server 8001 &')
+    assert.equal(out, 'python3 -m http.server 8001')
+  })
+
+  it('leaves ordinary commands untouched', () => {
+    const out = stripManagedBackgroundSuffix('npm run build')
+    assert.equal(out, 'npm run build')
+  })
+})

package/src/lib/server/session-tools/shell.ts

@@ -27,6 +27,20 @@ function resolveShellWorkdir(baseCwd: string, requestedWorkdir?: string): string
   return safePath(baseCwd, raw)
 }
 
+export function rewriteShellWorkspaceAliases(baseCwd: string, command: string): string {
+  const cwd = typeof baseCwd === 'string' ? baseCwd.trim() : ''
+  if (!cwd) return command
+
+  let rewritten = command
+  rewritten = rewritten.replace(/(^|[\s"'`(=;])\/workspace(?=\/|\b)/g, `$1${cwd}`)
+  rewritten = rewritten.replace(/(^|[\s"'`(=;])workspace\//g, `$1${cwd}/`)
+  return rewritten
+}
+
+export function stripManagedBackgroundSuffix(command: string): string {
+  return command.replace(/\s*&\s*$/, '').trim()
+}
+
 function isLikelyServerCommand(command: string): boolean {
   const cmd = command.trim()
   return /\bnpm\s+run\s+(dev|start|serve)\b/.test(cmd) || 
@@ -126,11 +140,16 @@ async function executeShellAction(args: Record<string, unknown>, bctx: { cwd: st
     switch (action) {
       case 'execute': {
         if (!command) return 'Error: command or cmd is required for execute action.'
-        const effectiveBackground = !!background || (typeof command === 'string' && isLikelyServerCommand(command))
+        const rewrittenCommand = rewriteShellWorkspaceAliases(bctx.cwd, command)
+        const effectiveBackground = !!background || (typeof rewrittenCommand === 'string' && isLikelyServerCommand(rewrittenCommand))
+        const managedCommand = effectiveBackground ? stripManagedBackgroundSuffix(rewrittenCommand) : rewrittenCommand
+        const envMap = coerceEnvMap(env) || {}
+        if (!envMap.WORKSPACE) envMap.WORKSPACE = bctx.cwd
+        if (!envMap.SESSION_CWD) envMap.SESSION_CWD = bctx.cwd
         const result = await startManagedProcess({
-          command: command,
+          command: managedCommand,
           cwd: resolveShellWorkdir(bctx.cwd, workdir),
-          env: coerceEnvMap(env),
+          env: envMap,
           agentId: bctx.agentId || null,
           sessionId: bctx.sessionId || null,
           background: effectiveBackground,

package/src/lib/server/session-tools/wallet-tool.test.ts

@@ -0,0 +1,254 @@
+import assert from 'node:assert/strict'
+import fs from 'node:fs'
+import os from 'node:os'
+import path from 'node:path'
+import { after, before, describe, it } from 'node:test'
+
+import type { Agent, Session } from '@/types'
+
+const originalEnv = {
+  DATA_DIR: process.env.DATA_DIR,
+  WORKSPACE_DIR: process.env.WORKSPACE_DIR,
+  SWARMCLAW_BUILD_MODE: process.env.SWARMCLAW_BUILD_MODE,
+  CREDENTIAL_SECRET: process.env.CREDENTIAL_SECRET,
+}
+
+let tempDir = ''
+let workspaceDir = ''
+let buildWalletTools: typeof import('./wallet').buildWalletTools
+let createAgentWallet: typeof import('../wallet-service').createAgentWallet
+let storage: typeof import('../storage')
+
+function makeAgent(): Agent {
+  const now = Date.now()
+  return {
+    id: 'agent_wallet',
+    name: 'Wallet Agent',
+    description: 'Tests wallet actions',
+    systemPrompt: 'test',
+    provider: 'ollama',
+    model: 'qwen3.5',
+    plugins: ['wallet'],
+    createdAt: now,
+    updatedAt: now,
+  }
+}
+
+function makeSession(): Session {
+  const now = Date.now()
+  return {
+    id: 'session_wallet',
+    name: 'Wallet Session',
+    cwd: workspaceDir,
+    user: 'tester',
+    provider: 'ollama',
+    model: 'qwen3.5',
+    claudeSessionId: null,
+    messages: [],
+    createdAt: now,
+    lastActiveAt: now,
+    plugins: ['wallet'],
+    agentId: 'agent_wallet',
+  }
+}
+
+function makeBuildContext(session: Session) {
+  return {
+    cwd: workspaceDir,
+    ctx: {
+      sessionId: session.id,
+      agentId: session.agentId || null,
+    },
+    hasPlugin: (pluginId: string) => pluginId === 'wallet',
+    hasTool: () => true,
+    cleanupFns: [],
+    commandTimeoutMs: 5000,
+    claudeTimeoutMs: 5000,
+    cliProcessTimeoutMs: 5000,
+    persistDelegateResumeId: () => {},
+    readStoredDelegateResumeId: () => null,
+    resolveCurrentSession: () => session,
+    activePlugins: ['wallet'],
+  }
+}
+
+before(async () => {
+  tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-wallet-tool-'))
+  workspaceDir = path.join(tempDir, 'workspace')
+  process.env.DATA_DIR = path.join(tempDir, 'data')
+  process.env.WORKSPACE_DIR = workspaceDir
+  process.env.SWARMCLAW_BUILD_MODE = '1'
+  process.env.CREDENTIAL_SECRET = '22'.repeat(32)
+  fs.mkdirSync(process.env.DATA_DIR, { recursive: true })
+  fs.mkdirSync(workspaceDir, { recursive: true })
+
+  ;({ buildWalletTools } = await import('./wallet'))
+  ;({ createAgentWallet } = await import('../wallet-service'))
+  storage = await import('../storage')
+
+  storage.saveSettings({
+    approvalsEnabled: true,
+    approvalAutoApproveCategories: [],
+  })
+  storage.saveAgents({ agent_wallet: makeAgent() })
+  storage.saveSessions({ session_wallet: makeSession() })
+})
+
+after(() => {
+  if (originalEnv.DATA_DIR === undefined) delete process.env.DATA_DIR
+  else process.env.DATA_DIR = originalEnv.DATA_DIR
+  if (originalEnv.WORKSPACE_DIR === undefined) delete process.env.WORKSPACE_DIR
+  else process.env.WORKSPACE_DIR = originalEnv.WORKSPACE_DIR
+  if (originalEnv.SWARMCLAW_BUILD_MODE === undefined) delete process.env.SWARMCLAW_BUILD_MODE
+  else process.env.SWARMCLAW_BUILD_MODE = originalEnv.SWARMCLAW_BUILD_MODE
+  if (originalEnv.CREDENTIAL_SECRET === undefined) delete process.env.CREDENTIAL_SECRET
+  else process.env.CREDENTIAL_SECRET = originalEnv.CREDENTIAL_SECRET
+  fs.rmSync(tempDir, { recursive: true, force: true })
+})
+
+describe('wallet tool generic execution', () => {
+  it('requests approval before signing a message', async () => {
+    createAgentWallet({ agentId: 'agent_wallet', chain: 'ethereum' })
+    const session = makeSession()
+    const [walletTool] = buildWalletTools(makeBuildContext(session))
+
+    const result = JSON.parse(String(await walletTool.invoke({
+      action: 'sign_message',
+      chain: 'ethereum',
+      message: 'approve me',
+    })))
+
+    assert.equal(result.type, 'plugin_wallet_action_request')
+    assert.equal(result.action, 'sign_message')
+
+    const approvals = storage.loadApprovals()
+    const pending = Object.values(approvals).find((approval) => approval.category === 'wallet_action')
+    assert.ok(pending)
+    assert.equal(pending?.status, 'pending')
+  })
+
+  it('signs messages after approval and encodes contract calls', async () => {
+    const session = makeSession()
+    const [walletTool] = buildWalletTools(makeBuildContext(session))
+
+    const bypassAttempt = JSON.parse(String(await walletTool.invoke({
+      action: 'sign_message',
+      chain: 'ethereum',
+      message: 'signed',
+      approved: true,
+    })))
+    assert.match(String(bypassAttempt.error || ''), /approvalId/i)
+
+    const approvalRequest = JSON.parse(String(await walletTool.invoke({
+      action: 'sign_message',
+      chain: 'ethereum',
+      message: 'signed',
+    })))
+    assert.equal(approvalRequest.type, 'plugin_wallet_action_request')
+
+    const approvals = storage.loadApprovals()
+    const pending = approvalRequest.approvalId ? approvals[approvalRequest.approvalId] : undefined
+    assert.ok(pending)
+    storage.upsertApproval(pending!.id, {
+      ...pending,
+      status: 'approved',
+      updatedAt: Date.now(),
+    })
+
+    const signResult = JSON.parse(String(await walletTool.invoke({
+      action: 'sign_message',
+      chain: 'ethereum',
+      message: 'signed',
+      approvalId: pending!.id,
+    })))
+    assert.equal(signResult.status, 'signed')
+    assert.equal(signResult.chain, 'ethereum')
+    assert.equal(typeof signResult.signature, 'string')
+
+    const encoded = JSON.parse(String(await walletTool.invoke({
+      action: 'encode_contract_call',
+      chain: 'ethereum',
+      abi: JSON.stringify(['function approve(address spender,uint256 amount)']),
+      functionName: 'approve',
+      args: JSON.stringify(['0x000000000000000000000000000000000000dEaD', '5']),
+    })))
+    assert.equal(encoded.status, 'encoded')
+    assert.equal(encoded.data.startsWith('0x095ea7b3'), true)
+  })
+
+  it('requests a fresh approval when a stale approvalId is reused for a changed transaction', async () => {
+    const session = makeSession()
+    const [walletTool] = buildWalletTools(makeBuildContext(session))
+
+    const firstApproval = JSON.parse(String(await walletTool.invoke({
+      action: 'send_transaction',
+      chain: 'ethereum',
+      network: 'arbitrum',
+      toAddress: '0x000000000000000000000000000000000000dEaD',
+      data: '0x1234',
+    })))
+    assert.equal(firstApproval.type, 'plugin_wallet_action_request')
+    assert.equal(typeof firstApproval.approvalId, 'string')
+
+    const approvals = storage.loadApprovals()
+    const approved = approvals[firstApproval.approvalId]
+    assert.ok(approved)
+    storage.upsertApproval(firstApproval.approvalId, {
+      ...approved,
+      status: 'approved',
+      updatedAt: Date.now(),
+    })
+
+    const replacement = JSON.parse(String(await walletTool.invoke({
+      action: 'send_transaction',
+      chain: 'ethereum',
+      network: 'arbitrum',
+      toAddress: '0x000000000000000000000000000000000000bEEF',
+      data: '0x5678',
+      approvalId: firstApproval.approvalId,
+    })))
+
+    assert.equal(replacement.type, 'plugin_wallet_action_request')
+    assert.equal(typeof replacement.approvalId, 'string')
+    assert.notEqual(replacement.approvalId, firstApproval.approvalId)
+    assert.equal(replacement.replacesApprovalId, firstApproval.approvalId)
+
+    const nextApprovals = storage.loadApprovals()
+    assert.equal(nextApprovals[replacement.approvalId]?.status, 'pending')
+  })
+
+  it('requests one resumable approval for a live swap intent when approvals are enabled', async () => {
+    const wallets = storage.loadWallets() as Record<string, { id: string; agentId: string; chain: string; publicKey: string }>
+    const existingEthWallet = Object.values(wallets).find((wallet) => wallet.agentId === 'agent_wallet' && wallet.chain === 'ethereum')
+    const ethWallet = existingEthWallet || createAgentWallet({ agentId: 'agent_wallet', chain: 'ethereum' })
+    storage.upsertWallet(ethWallet.id, {
+      ...(wallets[ethWallet.id] || ethWallet),
+      publicKey: '0x684faBf3F7a39aD667b503E771b86b99a09C8b30',
+      updatedAt: Date.now(),
+    })
+
+    const session = makeSession()
+    const [walletTool] = buildWalletTools(makeBuildContext(session))
+
+    const approvalRequest = JSON.parse(String(await walletTool.invoke({
+      action: 'swap',
+      chain: 'ethereum',
+      network: 'arbitrum',
+      sellToken: 'USDC',
+      buyToken: 'ETH',
+      sellAmount: '1',
+    })))
+
+    assert.equal(approvalRequest.type, 'plugin_wallet_action_request')
+    assert.equal(approvalRequest.action, 'swap')
+
+    const approvals = storage.loadApprovals()
+    const pending = approvalRequest.approvalId ? approvals[approvalRequest.approvalId] : undefined
+    assert.ok(pending)
+    assert.equal(pending?.status, 'pending')
+    assert.equal(String(pending?.data.amountAtomic), '1000000')
+    assert.equal(String(pending?.data.network), 'arbitrum')
+    assert.equal(String(pending?.data.sellToken).toLowerCase(), '0xaf88d065e77c8cc2239327c5edb3a432268e5831')
+    assert.equal(String(pending?.data.buyToken).toLowerCase(), '0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee')
+  })
+})