@swarmclawai/swarmclaw 0.7.8 → 0.8.0

package/src/app/api/mcp-servers/route.test.ts

@@ -0,0 +1,130 @@
+import assert from 'node:assert/strict'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+import test, { afterEach } from 'node:test'
+
+import { GET as getMcpServer, PUT as updateMcpServer, DELETE as deleteMcpServer } from './[id]/route'
+import { POST as runMcpConformance } from './[id]/conformance/route'
+import { POST as invokeMcpTool } from './[id]/invoke/route'
+import { POST as testMcpServer } from './[id]/test/route'
+import { GET as listMcpTools } from './[id]/tools/route'
+import { GET as listMcpServers, POST as createMcpServer } from './route'
+import { loadMcpServers, saveMcpServers } from '@/lib/server/storage'
+
+const originalMcpServers = loadMcpServers()
+const fixturePath = path.resolve(
+  path.dirname(fileURLToPath(import.meta.url)),
+  '../../../lib/server/__fixtures__/fake-mcp-stdio-server.mjs',
+)
+
+function routeParams(id: string) {
+  return { params: Promise.resolve({ id }) }
+}
+
+afterEach(() => {
+  saveMcpServers(originalMcpServers)
+})
+
+test('MCP server routes exercise a live stdio server end to end', async () => {
+  const createResponse = await createMcpServer(new Request('http://local/api/mcp-servers', {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({
+      name: 'smoke',
+      transport: 'stdio',
+      command: process.execPath,
+      args: [fixturePath],
+    }),
+  }))
+  assert.equal(createResponse.status, 200)
+  const created = await createResponse.json() as Record<string, unknown>
+  const serverId = String(created.id)
+  assert.equal(created.name, 'smoke')
+
+  const listResponse = await listMcpServers(new Request('http://local/api/mcp-servers'))
+  assert.equal(listResponse.status, 200)
+  const listed = await listResponse.json() as Record<string, Record<string, unknown>>
+  assert.equal(listed[serverId]?.name, 'smoke')
+
+  const detailResponse = await getMcpServer(new Request(`http://local/api/mcp-servers/${serverId}`), routeParams(serverId))
+  assert.equal(detailResponse.status, 200)
+  const detail = await detailResponse.json() as Record<string, unknown>
+  assert.equal(detail.command, process.execPath)
+
+  const healthResponse = await testMcpServer(new Request(`http://local/api/mcp-servers/${serverId}/test`, {
+    method: 'POST',
+  }), routeParams(serverId))
+  assert.equal(healthResponse.status, 200)
+  const health = await healthResponse.json() as Record<string, unknown>
+  assert.equal(health.ok, true)
+  assert.deepEqual(health.tools, ['mcp_smoke_ping', 'mcp_smoke_echo'])
+
+  const toolsResponse = await listMcpTools(new Request(`http://local/api/mcp-servers/${serverId}/tools`), routeParams(serverId))
+  assert.equal(toolsResponse.status, 200)
+  const tools = await toolsResponse.json() as Array<Record<string, unknown>>
+  assert.deepEqual(tools.map((tool) => tool.name), ['ping', 'echo'])
+
+  const invokeResponse = await invokeMcpTool(new Request(`http://local/api/mcp-servers/${serverId}/invoke`, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({
+      toolName: 'echo',
+      args: JSON.stringify({ message: 'hello from route test' }),
+    }),
+  }), routeParams(serverId))
+  assert.equal(invokeResponse.status, 200)
+  const invokePayload = await invokeResponse.json() as Record<string, unknown>
+  assert.equal(invokePayload.ok, true)
+  assert.equal(invokePayload.text, 'echo: hello from route test')
+
+  const conformanceResponse = await runMcpConformance(new Request(`http://local/api/mcp-servers/${serverId}/conformance`, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ smokeToolName: 'ping' }),
+  }), routeParams(serverId))
+  assert.equal(conformanceResponse.status, 200)
+  const conformance = await conformanceResponse.json() as Record<string, unknown>
+  assert.equal(conformance.ok, true)
+  assert.equal(conformance.toolsCount, 2)
+  assert.equal(conformance.smokeToolName, 'ping')
+
+  const updateResponse = await updateMcpServer(new Request(`http://local/api/mcp-servers/${serverId}`, {
+    method: 'PUT',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ name: 'smoke-renamed' }),
+  }), routeParams(serverId))
+  assert.equal(updateResponse.status, 200)
+  const updated = await updateResponse.json() as Record<string, unknown>
+  assert.equal(updated.name, 'smoke-renamed')
+
+  const deleteResponse = await deleteMcpServer(new Request(`http://local/api/mcp-servers/${serverId}`, {
+    method: 'DELETE',
+  }), routeParams(serverId))
+  assert.equal(deleteResponse.status, 200)
+  assert.equal(loadMcpServers()[serverId], undefined)
+})
+
+test('MCP invoke route validates required fields before connecting', async () => {
+  const serverId = 'mcp-validate-smoke'
+  const servers = loadMcpServers()
+  servers[serverId] = {
+    id: serverId,
+    name: 'smoke',
+    transport: 'stdio',
+    command: process.execPath,
+    args: [fixturePath],
+    createdAt: 1,
+    updatedAt: 1,
+  }
+  saveMcpServers(servers)
+
+  const response = await invokeMcpTool(new Request(`http://local/api/mcp-servers/${serverId}/invoke`, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ args: {} }),
+  }), routeParams(serverId))
+
+  assert.equal(response.status, 400)
+  const payload = await response.json() as Record<string, unknown>
+  assert.equal(payload.error, 'toolName is required')
+})

package/src/app/api/openclaw/deploy/route.ts

@@ -1,6 +1,8 @@
 import { NextResponse } from 'next/server'
 import {
   buildOpenClawDeployBundle,
+  getOpenClawLocalDeployCollectionStatus,
+  getOpenClawRemoteDeployCollectionStatus,
   deployOpenClawOverSsh,
   getOpenClawLocalDeployStatus,
   getOpenClawRemoteDeployStatus,
@@ -96,9 +98,15 @@ function parseSsh(value: unknown): Partial<OpenClawSshConfig> | null {
 }
 
 export async function GET() {
+  const locals = getOpenClawLocalDeployCollectionStatus()
+  const remotes = getOpenClawRemoteDeployCollectionStatus()
   return NextResponse.json({
-    local: getOpenClawLocalDeployStatus(),
-    remote: getOpenClawRemoteDeployStatus(),
+    local: getOpenClawLocalDeployStatus(locals.primaryId),
+    locals: locals.items,
+    localPrimaryId: locals.primaryId,
+    remote: remotes.primaryId ? getOpenClawRemoteDeployStatus(remotes.primaryId) : null,
+    remotes: remotes.items,
+    remotePrimaryId: remotes.primaryId,
   })
 }
 
@@ -109,31 +117,44 @@ export async function POST(req: Request) {
   try {
     if (action === 'start-local') {
       const result = await startOpenClawLocalDeploy({
+        localId: typeof body.localId === 'string' ? body.localId : null,
+        name: typeof body.name === 'string' ? body.name : null,
         port: parsePort(body.port),
         token: typeof body.token === 'string' ? body.token : null,
+        makePrimary: body.makePrimary !== false,
       })
       return NextResponse.json({
         ok: true,
         local: result.local,
+        locals: result.locals,
+        localPrimaryId: result.locals.find((item) => item.isPrimary)?.id || result.local.id,
         token: result.token,
       })
     }
 
     if (action === 'stop-local') {
+      const result = stopOpenClawLocalDeploy(typeof body.localId === 'string' ? body.localId : null)
       return NextResponse.json({
         ok: true,
-        local: stopOpenClawLocalDeploy(),
+        local: result.local,
+        locals: result.locals,
+        localPrimaryId: result.locals.find((item) => item.isPrimary)?.id || result.local.id,
       })
     }
 
     if (action === 'restart-local') {
       const result = await restartOpenClawLocalDeploy({
+        localId: typeof body.localId === 'string' ? body.localId : null,
+        name: typeof body.name === 'string' ? body.name : null,
         port: parsePort(body.port),
         token: typeof body.token === 'string' ? body.token : null,
+        makePrimary: body.makePrimary !== false,
       })
       return NextResponse.json({
         ok: true,
         local: result.local,
+        locals: result.locals,
+        localPrimaryId: result.locals.find((item) => item.isPrimary)?.id || result.local.id,
         token: result.token,
       })
     }
@@ -157,6 +178,8 @@ export async function POST(req: Request) {
 
     if (action === 'ssh-deploy') {
       const result = await deployOpenClawOverSsh({
+        remoteId: typeof body.remoteId === 'string' ? body.remoteId : null,
+        name: typeof body.name === 'string' ? body.name : null,
         template: parseTemplate(body.template),
         target: typeof body.target === 'string' ? body.target : null,
         token: typeof body.token === 'string' ? body.token : null,
@@ -166,10 +189,14 @@ export async function POST(req: Request) {
         useCase: parseUseCase(body.useCase),
         exposure: parseExposure(body.exposure),
         ssh: parseSsh(body.ssh),
+        makePrimary: body.makePrimary !== false,
       })
+      const remotes = getOpenClawRemoteDeployCollectionStatus()
       return NextResponse.json({
         ok: result.ok,
-        remote: getOpenClawRemoteDeployStatus(),
+        remote: getOpenClawRemoteDeployStatus(result.remoteId || remotes.primaryId),
+        remotes: remotes.items,
+        remotePrimaryId: remotes.primaryId,
         processId: result.processId || null,
         token: result.token,
         bundle: result.bundle,
@@ -198,14 +225,20 @@ export async function POST(req: Request) {
       } as const
       const lifecycleAction = action as keyof typeof actionMap
       const result = await runOpenClawRemoteLifecycle({
+        remoteId: typeof body.remoteId === 'string' ? body.remoteId : null,
+        name: typeof body.name === 'string' ? body.name : null,
         action: actionMap[lifecycleAction],
         ssh: parseSsh(body.ssh),
         token: typeof body.token === 'string' ? body.token : null,
         backupPath: typeof body.backupPath === 'string' ? body.backupPath : null,
+        makePrimary: body.makePrimary !== false,
       })
+      const remotes = getOpenClawRemoteDeployCollectionStatus()
       return NextResponse.json({
         ok: result.ok,
-        remote: getOpenClawRemoteDeployStatus(),
+        remote: getOpenClawRemoteDeployStatus(result.remoteId || remotes.primaryId),
+        remotes: remotes.items,
+        remotePrimaryId: remotes.primaryId,
         processId: result.processId || null,
         token: result.token,
         summary: result.summary,

package/src/app/api/plugins/install/route.ts

@@ -1,22 +1,61 @@
 import { NextResponse } from 'next/server'
 import { getPluginManager, sanitizePluginFilename } from '@/lib/server/plugins'
+import {
+  inferPluginInstallSourceFromUrl,
+  inferPluginPublisherSourceFromUrl,
+  normalizePluginInstallSource,
+  normalizePluginPublisherSource,
+} from '@/lib/plugin-sources'
+import {
+  buildPluginInstallCorsHeaders,
+  resolvePluginInstallCorsOrigin,
+} from '@/lib/plugin-install-cors'
+
+function json(body: Record<string, unknown>, status: number, origin: string | null) {
+  return NextResponse.json(body, {
+    status,
+    headers: buildPluginInstallCorsHeaders(origin),
+  })
+}
+
+export async function OPTIONS(req: Request) {
+  const origin = resolvePluginInstallCorsOrigin(req.headers.get('origin'))
+  if (!origin) return NextResponse.json({ error: 'Origin not allowed' }, { status: 403 })
+  return new NextResponse(null, {
+    status: 204,
+    headers: buildPluginInstallCorsHeaders(origin),
+  })
+}
 
 export async function POST(req: Request) {
+  const origin = resolvePluginInstallCorsOrigin(req.headers.get('origin'))
   const body = await req.json()
   const url = typeof body?.url === 'string' ? body.url : ''
   const filename = typeof body?.filename === 'string' ? body.filename : ''
+  const installMethod = body?.installMethod === 'marketplace' ? 'marketplace' : 'manual'
+  const sourceLabel = normalizePluginPublisherSource(body?.sourceLabel)
+    || inferPluginPublisherSourceFromUrl(url)
+    || 'manual'
+  const installSource = normalizePluginInstallSource(body?.installSource)
+    || inferPluginInstallSourceFromUrl(url)
+    || 'manual'
 
   if (!url || !url.startsWith('https://')) {
-    return NextResponse.json(
+    return json(
       { error: 'URL must be a valid HTTPS URL' },
-      { status: 400 },
+      400,
+      origin,
     )
   }
 
   try {
     const sanitizedFilename = sanitizePluginFilename(filename)
-    const installed = await getPluginManager().installPluginFromUrl(url, sanitizedFilename)
-    return NextResponse.json({ ok: true, filename: installed.filename, hash: installed.sourceHash })
+    const installed = await getPluginManager().installPluginFromUrl(url, sanitizedFilename, {
+      source: installMethod,
+      sourceLabel,
+      installSource,
+    })
+    return json({ ok: true, filename: installed.filename, hash: installed.sourceHash }, 200, origin)
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err)
     const isTimeout = /abort|timeout/i.test(msg)
@@ -25,9 +64,10 @@ export async function POST(req: Request) {
       : isTimeout
         ? 504
         : 500
-    return NextResponse.json(
+    return json(
       { error: isTimeout ? 'Download timed out — the plugin URL may be unreachable' : msg },
-      { status },
+      status,
+      origin,
     )
   }
 }

package/src/app/api/plugins/marketplace/route.ts

@@ -1,11 +1,25 @@
 import { NextResponse } from 'next/server'
+import { inferPluginPublisherSourceFromUrl } from '@/lib/plugin-sources'
 import { searchClawHub } from '@/lib/server/clawhub-client'
+import type { PluginCatalogSource } from '@/types'
 
 export const dynamic = 'force-dynamic'
 
-const REGISTRY_URLS = [
-  'https://raw.githubusercontent.com/swarmclawai/swarmforge/main/registry.json',
-  'https://swarmclaw.ai/registry/plugins.json',
+interface RegistryPluginEntry {
+  id?: string
+  name?: string
+  description?: string
+  url?: string
+  author?: string
+  version?: string
+  tags?: string[]
+  openclaw?: boolean
+  downloads?: number
+}
+
+const REGISTRY_URLS: Array<{ url: string; catalogSource: PluginCatalogSource }> = [
+  { url: 'https://swarmclaw.ai/registry/plugins.json', catalogSource: 'swarmclaw-site' },
+  { url: 'https://raw.githubusercontent.com/swarmclawai/swarmforge/main/registry.json', catalogSource: 'swarmforge' },
 ]
 const CACHE_TTL = 5 * 60 * 1000 // 5 minutes
 
@@ -33,34 +47,43 @@ export async function GET(req: Request) {
   }
 
   const allPlugins: Record<string, unknown>[] = []
+  const registryPlugins = new Map<string, Record<string, unknown>>()
 
   // 1. Fetch SwarmClaw Registry
-  for (const registryUrl of REGISTRY_URLS) {
+  for (const registry of REGISTRY_URLS) {
     try {
-      const res = await fetch(registryUrl, { cache: 'no-store' })
+      const res = await fetch(registry.url, { cache: 'no-store' })
       if (!res.ok) continue
 
       const data = await res.json()
-      const filtered = (data as Array<{ name: string; description: string; url?: string }>).filter((p) => {
+      const entries = Array.isArray(data) ? data as RegistryPluginEntry[] : []
+      const filtered = entries.filter((p) => {
         if (!p || typeof p.name !== 'string' || typeof p.description !== 'string') return false
         return !query || p.name.toLowerCase().includes(query.toLowerCase()) || p.description.toLowerCase().includes(query.toLowerCase())
       })
 
-      allPlugins.push(...filtered.map((p: { id?: string; name?: string; url?: string }) => ({
-        ...p,
-        id: p.id || (p.name || '').toLowerCase().replace(/[^a-z0-9]/g, '_'),
-        url: normalizeRegistryPluginUrl(p.url) || p.url,
-        source: 'swarmclaw',
-      })))
-      break
+      for (const p of filtered) {
+        const normalizedUrl = normalizeRegistryPluginUrl(p.url) || p.url
+        const id = p.id || (p.name || '').toLowerCase().replace(/[^a-z0-9]/g, '_')
+        if (registryPlugins.has(id)) continue
+        registryPlugins.set(id, {
+          ...p,
+          id,
+          url: normalizedUrl,
+          source: inferPluginPublisherSourceFromUrl(normalizedUrl) || 'swarmforge',
+          catalogSource: registry.catalogSource,
+        })
+      }
     } catch (err: unknown) {
       console.warn('[marketplace] SC Registry failed:', {
-        registryUrl,
+        registryUrl: registry.url,
         error: err instanceof Error ? err.message : String(err),
       })
     }
   }
 
+  allPlugins.push(...registryPlugins.values())
+
   // 2. Fetch ClawHub Skills/Plugins
   try {
     const hubResults = await searchClawHub(query)
@@ -71,12 +94,22 @@ export async function GET(req: Request) {
       author: s.author,
       version: s.version || '1.0.0',
       url: s.url,
-      source: 'clawhub'
+      source: 'clawhub',
+      catalogSource: 'clawhub',
     })))
   } catch (err: unknown) {
     console.warn('[marketplace] ClawHub failed:', err instanceof Error ? err.message : String(err))
   }
 
+  allPlugins.sort((a, b) => {
+    const catalogA = typeof a.catalogSource === 'string' ? a.catalogSource : ''
+    const catalogB = typeof b.catalogSource === 'string' ? b.catalogSource : ''
+    if (catalogA !== catalogB) return catalogA.localeCompare(catalogB)
+    const nameA = typeof a.name === 'string' ? a.name : ''
+    const nameB = typeof b.name === 'string' ? b.name : ''
+    return nameA.localeCompare(nameB)
+  })
+
   // Update cache only for empty queries
   if (!query) {
     cache = { data: allPlugins, fetchedAt: now }

package/src/app/api/preview-server/route.ts

@@ -4,6 +4,7 @@ import http from 'http'
 import fs from 'fs'
 import path from 'path'
 import { localIP } from '@/lib/server/storage'
+import { resolveDevServerLaunchDir } from '@/lib/server/devserver-launch'
 
 // ---------------------------------------------------------------------------
 // MIME types for static server
@@ -77,6 +78,13 @@ interface ProjectInfo {
   framework?: string      // e.g. 'vite', 'next', 'cra'
 }
 
+function buildFrameworkArgs(framework: string | undefined, port: number): string[] {
+  if (framework === 'next') {
+    return ['--', '--hostname', '0.0.0.0', '--port', String(port)]
+  }
+  return ['--', '--port', String(port), '--host', '0.0.0.0']
+}
+
 function detectProject(dir: string): ProjectInfo {
   const pkgPath = path.join(dir, 'package.json')
   if (!fs.existsSync(pkgPath)) {
@@ -168,7 +176,7 @@ function createStaticServer(dir: string): http.Server {
 // npm dev server
 // ---------------------------------------------------------------------------
 
-async function startNpmServer(dir: string, command: string[], port: number): Promise<PreviewServer> {
+async function startNpmServer(dir: string, command: string[], port: number, framework?: string): Promise<PreviewServer> {
   // Install deps if node_modules missing
   if (!fs.existsSync(path.join(dir, 'node_modules'))) {
     console.log(`[preview] Installing dependencies in ${dir}`)
@@ -190,7 +198,7 @@ async function startNpmServer(dir: string, command: string[], port: number): Pro
   const args = [...command.slice(1)]
   const cmdName = command[0]
 
-  const proc = spawn(cmdName, [...args, '--', '--port', String(port), '--host', '0.0.0.0'], {
+  const proc = spawn(cmdName, [...args, ...buildFrameworkArgs(framework, port)], {
     cwd: dir,
     stdio: ['ignore', 'pipe', 'pipe'],
     env,
@@ -234,6 +242,10 @@ async function startNpmServer(dir: string, command: string[], port: number): Pro
 
   // Wait for the server to start and detect the actual port
   await new Promise((resolve) => setTimeout(resolve, 5000))
+  if (proc.exitCode !== null) {
+    servers.delete(dirKey(dir))
+    throw new Error(`npm dev server exited early with code ${proc.exitCode}\n${log.slice(-4000)}`)
+  }
   entry.port = detectedPort
   entry.log = log
 
@@ -263,7 +275,8 @@ export async function POST(req: Request) {
   }
 
   const dir = resolveServeDir(filePath)
-  const key = dirKey(dir)
+  const launch = resolveDevServerLaunchDir(dir)
+  const key = dirKey(launch.launchDir)
 
   if (action === 'start') {
     if (servers.has(key)) {
@@ -274,16 +287,18 @@ export async function POST(req: Request) {
       return NextResponse.json({ error: 'Directory not found' }, { status: 404 })
     }
 
-    const project = detectProject(dir)
+    const project = detectProject(launch.launchDir)
     const port = await findFreePort()
 
     if (project.type === 'npm' && project.devCommand) {
-      console.log(`[preview] Detected ${project.framework} project in ${dir}, running: ${project.devCommand.join(' ')}`)
+      console.log(`[preview] Detected ${project.framework} project in ${launch.launchDir}, running: ${project.devCommand.join(' ')}`)
       try {
-        const entry = await startNpmServer(dir, project.devCommand, port)
+        const entry = await startNpmServer(launch.launchDir, project.devCommand, port, project.framework)
         return NextResponse.json({
           ...buildResponse(entry),
           framework: project.framework,
+          inputDir: dir,
+          launchDir: launch.launchDir,
         })
       } catch (err: unknown) {
         console.error(`[preview] npm server failed, falling back to static:`, err)
@@ -313,15 +328,15 @@ export async function POST(req: Request) {
       }
       if (srv.server) srv.server.close()
       servers.delete(key)
-      console.log(`[preview] Stopped server for ${dir}`)
+      console.log(`[preview] Stopped server for ${launch.launchDir}`)
     }
-    return NextResponse.json({ running: false, dir })
+    return NextResponse.json({ running: false, dir: launch.launchDir })
 
   } else if (action === 'status') {
     if (servers.has(key)) {
       return NextResponse.json(buildResponse(servers.get(key)!))
     }
-    return NextResponse.json({ running: false, dir })
+    return NextResponse.json({ running: false, dir: launch.launchDir })
 
   } else if (action === 'list') {
     const list = Array.from(servers.values()).map((s) => ({
@@ -331,8 +346,8 @@ export async function POST(req: Request) {
     return NextResponse.json({ servers: list })
 
   } else if (action === 'detect') {
-    const project = detectProject(dir)
-    return NextResponse.json({ dir, ...project })
+    const project = detectProject(launch.launchDir)
+    return NextResponse.json({ dir, launchDir: launch.launchDir, frameworkHint: launch.framework, ...project })
   }
 
   return NextResponse.json({ error: 'Invalid action' }, { status: 400 })

package/src/app/api/schedules/[id]/run/route.ts

@@ -2,6 +2,7 @@ import { NextResponse } from 'next/server'
 import { genId } from '@/lib/id'
 import { notFound } from '@/lib/server/collection-helpers'
 import { loadSchedules, saveSchedules, loadAgents, loadTasks, saveTasks } from '@/lib/server/storage'
+import { buildAgentDisabledMessage, isAgentDisabled } from '@/lib/server/agent-availability'
 import { enqueueTask } from '@/lib/server/queue'
 import { pushMainLoopEventToMainSessions } from '@/lib/server/main-agent-loop'
 import { getScheduleSignatureKey } from '@/lib/schedule-dedupe'
@@ -20,6 +21,9 @@ export async function POST(_req: Request, { params }: { params: Promise<{ id: st
   const agents = loadAgents()
   const agent = agents[schedule.agentId]
   if (!agent) return NextResponse.json({ error: 'Agent not found' }, { status: 400 })
+  if (isAgentDisabled(agent)) {
+    return NextResponse.json({ error: buildAgentDisabledMessage(agent, 'run schedules') }, { status: 409 })
+  }
 
   const tasks = loadTasks()
   const scheduleSignature = getScheduleSignatureKey(schedule)

package/src/app/api/schedules/route.test.ts

@@ -0,0 +1,86 @@
+import assert from 'node:assert/strict'
+import test, { afterEach } from 'node:test'
+
+import { POST as createSchedule } from './route'
+import { POST as runSchedule } from './[id]/run/route'
+import { loadAgents, loadSchedules, saveAgents, saveSchedules } from '@/lib/server/storage'
+
+const originalAgents = loadAgents()
+const originalSchedules = loadSchedules()
+
+function routeParams(id: string) {
+  return { params: Promise.resolve({ id }) }
+}
+
+function seedAgent(id: string, overrides: Record<string, unknown> = {}) {
+  const agents = loadAgents()
+  const now = Date.now()
+  agents[id] = {
+    id,
+    name: 'Schedule Test Agent',
+    description: 'Schedule smoke test agent',
+    systemPrompt: 'Handle schedules.',
+    provider: 'openai',
+    model: 'gpt-4o-mini',
+    credentialId: null,
+    fallbackCredentialIds: [],
+    apiEndpoint: null,
+    plugins: ['manage_schedules'],
+    createdAt: now,
+    updatedAt: now,
+    ...overrides,
+  }
+  saveAgents(agents)
+}
+
+afterEach(() => {
+  saveAgents(originalAgents)
+  saveSchedules(originalSchedules)
+})
+
+test('POST /api/schedules rejects disabled agents', async () => {
+  seedAgent('schedule-disabled-agent', { disabled: true })
+
+  const response = await createSchedule(new Request('http://local/api/schedules', {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({
+      agentId: 'schedule-disabled-agent',
+      name: 'Disabled smoke',
+      taskPrompt: 'Send a reminder',
+      scheduleType: 'once',
+      runAt: Date.now() + 60_000,
+      status: 'active',
+    }),
+  }))
+
+  assert.equal(response.status, 409)
+  const payload = await response.json() as Record<string, unknown>
+  assert.match(String(payload.error || ''), /disabled/i)
+})
+
+test('POST /api/schedules/[id]/run rejects disabled agents', async () => {
+  seedAgent('schedule-run-disabled-agent', { disabled: true })
+  const schedules = loadSchedules()
+  schedules['schedule-disabled-run'] = {
+    id: 'schedule-disabled-run',
+    name: 'Disabled Run',
+    agentId: 'schedule-run-disabled-agent',
+    taskPrompt: 'Send a reminder',
+    scheduleType: 'once',
+    runAt: Date.now() + 60_000,
+    status: 'active',
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+  }
+  saveSchedules(schedules)
+
+  const response = await runSchedule(
+    new Request('http://local/api/schedules/schedule-disabled-run/run', { method: 'POST' }),
+    routeParams('schedule-disabled-run'),
+  )
+
+  assert.equal(response.status, 409)
+  const payload = await response.json() as Record<string, unknown>
+  assert.match(String(payload.error || ''), /disabled/i)
+})

package/src/app/api/schedules/route.ts

@@ -3,6 +3,7 @@ import { genId } from '@/lib/id'
 import { loadAgents, loadSchedules, saveSchedules } from '@/lib/server/storage'
 import { WORKSPACE_DIR } from '@/lib/server/data-dir'
 import { normalizeSchedulePayload } from '@/lib/server/schedule-normalization'
+import { buildAgentDisabledMessage, isAgentDisabled } from '@/lib/server/agent-availability'
 import { resolveScheduleName } from '@/lib/schedule-name'
 import { findDuplicateSchedule } from '@/lib/schedule-dedupe'
 import { notify } from '@/lib/server/ws-hub'
@@ -45,9 +46,13 @@ export async function POST(req: Request) {
 
   const candidate = normalizedSchedule.value
   const agents = loadAgents()
-  if (!agents[String(candidate.agentId)]) {
+  const agent = agents[String(candidate.agentId)]
+  if (!agent) {
     return NextResponse.json({ error: `Agent not found: ${String(candidate.agentId)}` }, { status: 400 })
   }
+  if (isAgentDisabled(agent)) {
+    return NextResponse.json({ error: buildAgentDisabledMessage(agent, 'take scheduled work') }, { status: 409 })
+  }
   const scheduleType = asScheduleType(candidate.scheduleType)
   const candidateAgentId = asString(candidate.agentId) || null
   const candidateTaskPrompt = asString(candidate.taskPrompt)