@swarmclawai/swarmclaw 0.7.8 → 0.8.0

package/src/lib/server/session-tools/discovery.ts

@@ -1,12 +1,32 @@
 import { z } from 'zod'
 import { tool, type StructuredToolInterface } from '@langchain/core/tools'
 import type { ToolBuildContext } from './context'
-import { getPluginManager } from '../plugins'
+import { getPluginManager, normalizeMarketplacePluginUrl } from '../plugins'
 import type { Plugin, PluginHooks, ClawHubSkill } from '@/types'
 import { searchClawHub } from '../clawhub-client'
 import { normalizeToolInputArgs } from './normalize-tool-args'
 import { pluginIdMatches } from '../tool-aliases'
 import { loadSessions } from '../storage'
+import { inferPluginPublisherSourceFromUrl } from '@/lib/plugin-sources'
+
+function trimString(value: unknown): string {
+  return typeof value === 'string' ? value.trim() : ''
+}
+
+function buildDiscoveryApprovalResumeInput(approval: import('@/types').ApprovalRequest): Record<string, unknown> | null {
+  if (approval.category !== 'plugin_install') return null
+  const url = trimString(approval.data.url)
+  if (!url) return null
+  const pluginId = trimString(approval.data.pluginId)
+  const reason = trimString(approval.data.reason)
+  return {
+    action: 'install_request',
+    url,
+    pluginId: pluginId || undefined,
+    reason: reason || `Approved install request for ${url}`,
+    approved: true,
+  }
+}
 
 /**
  * Unified Discovery Logic
@@ -41,11 +61,15 @@ async function executeDiscoveryAction(args: Record<string, unknown>, bctx?: Tool
       case 'list':
       case 'discover': {
         const plugins = manager.listPlugins()
+        const currentSession = bctx?.ctx?.sessionId ? loadSessions()[bctx.ctx.sessionId] : null
+        const sessionPlugins = currentSession?.plugins || currentSession?.tools || []
         return JSON.stringify(plugins.map(p => ({
           id: p.filename,
           name: p.name,
           description: p.description,
           enabled: p.enabled,
+          granted: pluginIdMatches(sessionPlugins, p.filename),
+          availableNow: pluginIdMatches(sessionPlugins, p.filename) && !manager.isExplicitlyDisabled(p.filename),
           isBuiltin: !p.filename.endsWith('.js') && !p.filename.endsWith('.mjs')
         })), null, 2)
       }
@@ -62,6 +86,7 @@ async function executeDiscoveryAction(args: Record<string, unknown>, bctx?: Tool
               description: s.description,
               author: s.author,
               source: 'clawhub',
+              catalogSource: 'clawhub',
               url: (s as ClawHubSkill & { rawUrl?: string }).rawUrl ?? s.url
             })))
           }
@@ -71,14 +96,32 @@ async function executeDiscoveryAction(args: Record<string, unknown>, bctx?: Tool
 
         try {
           console.log('[discovery] Searching SwarmClaw registry...')
-          const scRes = await fetch('https://swarmclaw.ai/registry/plugins.json', { signal: AbortSignal.timeout(5000) })
-          if (scRes.ok) {
+          const registryResults = new Map<string, Record<string, unknown>>()
+          const registries = [
+            { url: 'https://swarmclaw.ai/registry/plugins.json', catalogSource: 'swarmclaw-site' },
+            { url: 'https://raw.githubusercontent.com/swarmclawai/swarmforge/main/registry.json', catalogSource: 'swarmforge' },
+          ] as const
+          for (const registry of registries) {
+            const scRes = await fetch(registry.url, { signal: AbortSignal.timeout(5000) })
+            if (!scRes.ok) continue
             const scPlugins = await scRes.json()
             const filtered = (scPlugins as Record<string, unknown>[]).filter((p: Record<string, unknown>) =>
               !q || (String(p.name || '')).toLowerCase().includes(q.toLowerCase()) || (String(p.description || '')).toLowerCase().includes(q.toLowerCase())
             )
-            results.push(...filtered.map(p => ({ ...p, source: 'swarmclaw' })))
+            for (const p of filtered) {
+              const id = String(p.id || p.name || '').trim().toLowerCase().replace(/[^a-z0-9]/g, '_')
+              if (!id || registryResults.has(id)) continue
+              const url = normalizeMarketplacePluginUrl(String(p.url || ''))
+              registryResults.set(id, {
+                ...p,
+                id,
+                url,
+                source: inferPluginPublisherSourceFromUrl(url) || 'swarmforge',
+                catalogSource: registry.catalogSource,
+              })
+            }
           }
+          results.push(...registryResults.values())
         } catch (err: unknown) {
           console.error('[discovery] SC Registry search failed:', err instanceof Error ? err.message : String(err))
         }
@@ -99,12 +142,12 @@ async function executeDiscoveryAction(args: Record<string, unknown>, bctx?: Tool
           const currentSession = allSessions[bctx.ctx.sessionId]
           const grantedTools = currentSession?.plugins || currentSession?.tools || []
           if (currentSession && pluginIdMatches(grantedTools, pluginId)) {
-            return JSON.stringify({
-              alreadyGranted: true,
-              pluginId,
-              message: `You already have access to "${pluginId}" — proceed to use it directly.`,
-            })
-          }
+          return JSON.stringify({
+            alreadyGranted: true,
+            pluginId,
+            message: `You already have access to "${pluginId}". If it was just granted, it will be available on the next agent turn.`,
+          })
+        }
         }
         const { requestApprovalMaybeAutoApprove } = await import('../approvals')
         const approval = await requestApprovalMaybeAutoApprove({
@@ -121,7 +164,7 @@ async function executeDiscoveryAction(args: Record<string, unknown>, bctx?: Tool
             pluginId,
             toolId: pluginId,
             autoApproved: true,
-            message: `Access to "${pluginId}" was auto-approved and granted. Proceed to use it directly.`,
+            message: `Access to "${pluginId}" was auto-approved and granted. It will be available on the next agent turn.`,
           })
         }
         return JSON.stringify({
@@ -182,7 +225,32 @@ async function executeDiscoveryAction(args: Record<string, unknown>, bctx?: Tool
 const DiscoveryPlugin: Plugin = {
   name: 'Core Discovery',
   description: 'Discover available plugins, search marketplaces, request access, or suggest new installs.',
-  hooks: {} as PluginHooks,
+  hooks: {
+    getApprovalGuidance: ({ approval, phase, approved }) => {
+      if (approval.category !== 'plugin_install') return null
+      if (phase === 'request') {
+        return [
+          'When this approval is granted, continue with `manage_capabilities` for the exact approved install request instead of asking again in prose.',
+          'Do not change the approved plugin URL or pluginId unless newer tool evidence proves the approved source is invalid.',
+        ]
+      }
+      if (phase === 'connector_reminder') {
+        return 'Approving this lets the agent resume the approved plugin install request without repeating marketplace research.'
+      }
+      if (approved !== true) {
+        return 'Do not retry the rejected install request unless the plugin source or requested capability materially changes.'
+      }
+      const resumeInput = buildDiscoveryApprovalResumeInput(approval)
+      const lines = [
+        'Resume immediately with `manage_capabilities` for the approved install request.',
+        'Do not repeat the same marketplace search or install request once approval has been granted.',
+      ]
+      if (resumeInput) {
+        lines.push(`Exact tool input: ${JSON.stringify(resumeInput)}`)
+      }
+      return lines
+    },
+  } as PluginHooks,
   tools: [
     {
       name: 'manage_capabilities',

package/src/lib/server/session-tools/file-normalize.test.ts

@@ -83,6 +83,24 @@ describe('normalizeFileArgs', () => {
     assert.deepEqual(out.files, [{ name: 'report.md', content: '# report' }])
   })
 
+  it('parses stringified bulk file arrays from wrapped payloads', () => {
+    const out = normalizeFileArgs({
+      input: JSON.stringify({
+        action: 'write',
+        files: JSON.stringify([
+          { path: 'offer-pack/offer-brief.md', content: '# brief' },
+          { path: 'offer-pack/landing-copy.md', content: '# landing' },
+        ]),
+      }),
+    })
+
+    assert.equal(out.action, 'write')
+    assert.deepEqual(out.files, [
+      { path: 'offer-pack/offer-brief.md', content: '# brief' },
+      { path: 'offer-pack/landing-copy.md', content: '# landing' },
+    ])
+  })
+
   it('treats trailing-slash write targets as directory creation', async () => {
     const cwd = fs.mkdtempSync(path.join(os.tmpdir(), 'file-write-dir-'))
     const out = await executeFileAction({
@@ -95,4 +113,22 @@ describe('normalizeFileArgs', () => {
     assert.equal(fs.statSync(path.join(cwd, 'weather_update')).isDirectory(), true)
     fs.rmSync(cwd, { recursive: true, force: true })
   })
+
+  it('does not inline binary screenshot data when reading image files', async () => {
+    const cwd = fs.mkdtempSync(path.join(os.tmpdir(), 'file-read-binary-'))
+    const imagePath = path.join(cwd, 'screenshot-main.png')
+    fs.writeFileSync(imagePath, Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x00, 0x01, 0x02, 0x03]))
+
+    try {
+      const out = await executeFileAction({
+        action: 'read',
+        filePath: 'screenshot-main.png',
+      }, { cwd })
+
+      assert.match(out, /Binary file: screenshot-main\.png/)
+      assert.match(out, /Use send_file/)
+    } finally {
+      fs.rmSync(cwd, { recursive: true, force: true })
+    }
+  })
 })

package/src/lib/server/session-tools/file.ts

@@ -47,6 +47,25 @@ function getFileEntryContent(entry: Record<string, unknown> | undefined): string
   return typeof raw === 'string' ? raw : JSON.stringify(raw)
 }
 
+function parseFileEntries(value: unknown): Array<Record<string, unknown>> | undefined {
+  const candidates = [value]
+  if (typeof value === 'string') {
+    const trimmed = value.trim()
+    if (trimmed.startsWith('[')) {
+      try {
+        candidates.unshift(JSON.parse(trimmed))
+      } catch {
+        // ignore malformed JSON payloads and fall back to the raw string
+      }
+    }
+  }
+  for (const candidate of candidates) {
+    if (!Array.isArray(candidate)) continue
+    return candidate.filter((entry): entry is Record<string, unknown> => !!entry && typeof entry === 'object' && !Array.isArray(entry))
+  }
+  return undefined
+}
+
 function inferFileAction(
   normalized: Record<string, unknown>,
   files: Array<Record<string, unknown>> | undefined,
@@ -75,9 +94,7 @@ export function normalizeFileArgs(rawArgs: Record<string, unknown>): Record<stri
     ...normalized,
     ...(actionPayload?.value || {}),
   }
-  const files = Array.isArray(merged.files)
-    ? merged.files.filter((entry): entry is Record<string, unknown> => !!entry && typeof entry === 'object' && !Array.isArray(entry))
-    : undefined
+  const files = parseFileEntries(merged.files)
 
   let action = pickNonEmptyString(normalized.action, actionPayload?.action)
   if (!action && Array.isArray(files) && files.length > 0) {
@@ -131,6 +148,24 @@ function resolveFileToolPath(cwd: string, target: string): string {
   }
 }
 
+const BINARY_FILE_EXTENSIONS = new Set([
+  '.png', '.jpg', '.jpeg', '.gif', '.webp', '.bmp', '.ico', '.svg', '.pdf',
+  '.zip', '.gz', '.tar', '.tgz', '.7z', '.rar',
+  '.mp3', '.wav', '.ogg', '.m4a', '.mp4', '.mov', '.avi', '.webm',
+  '.woff', '.woff2', '.ttf', '.otf',
+  '.exe', '.dll', '.so', '.dylib', '.bin',
+])
+
+function isLikelyBinaryFile(resolvedPath: string, data: Buffer): boolean {
+  const ext = path.extname(resolvedPath).toLowerCase()
+  if (BINARY_FILE_EXTENSIONS.has(ext)) return true
+  const sample = data.subarray(0, Math.min(data.length, 512))
+  for (const byte of sample) {
+    if (byte === 0) return true
+  }
+  return false
+}
+
 /**
  * Unified File Execution Logic
  */
@@ -154,7 +189,11 @@ export async function executeFileAction(args: Record<string, unknown>, bctx: { c
         const target = filePath || getFileEntryPath(files?.[0])
         if (!target) return 'Error: no filePath or path provided.'
         const resolved = resolveFileToolPath(bctx.cwd, target)
-        return truncate(fs.readFileSync(resolved, 'utf-8'), MAX_FILE)
+        const data = fs.readFileSync(resolved)
+        if (isLikelyBinaryFile(resolved, data)) {
+          return `Binary file: ${target} (${data.byteLength} bytes). I did not inline its contents. Use send_file with this path to share it.`
+        }
+        return truncate(data.toString('utf-8'), MAX_FILE)
       }
       
       case 'write': {

package/src/lib/server/session-tools/human-loop.ts

@@ -58,7 +58,12 @@ async function executeHumanLoopAction(args: Record<string, unknown>, bctx: { ses
     if (action === 'ack_mailbox') {
       const sessionId = typeof normalized.sessionId === 'string' ? normalized.sessionId : bctx.sessionId
       if (!sessionId) return 'Error: sessionId or current session is required.'
-      const envelopeId = typeof normalized.envelopeId === 'string' ? normalized.envelopeId.trim() : ''
+      let envelopeId = typeof normalized.envelopeId === 'string' ? normalized.envelopeId.trim() : ''
+      if (!envelopeId) {
+        const newestReply = listMailbox(sessionId, { limit: 50 })
+          .find((envelope) => envelope.type === 'human_reply' && envelope.status !== 'ack')
+        if (newestReply) envelopeId = newestReply.id
+      }
       if (!envelopeId) return 'Error: envelopeId is required.'
       const envelope = ackMailboxEnvelope(sessionId, envelopeId)
       return envelope ? JSON.stringify(envelope) : `Error: mailbox envelope "${envelopeId}" not found.`
@@ -108,7 +113,10 @@ async function executeHumanLoopAction(args: Record<string, unknown>, bctx: { ses
           containsText: typeof normalized.containsText === 'string' ? normalized.containsText : undefined,
         },
       })
-      return JSON.stringify(job)
+      return JSON.stringify({
+        ...job,
+        message: 'Durable wait registered. Stop active tool use now and continue on the next agent turn when the human reply arrives.',
+      })
     }
 
     if (action === 'wait_for_approval') {
@@ -135,7 +143,10 @@ async function executeHumanLoopAction(args: Record<string, unknown>, bctx: { ses
             : ['approved', 'rejected'],
         },
       })
-      return JSON.stringify(job)
+      return JSON.stringify({
+        ...job,
+        message: 'Durable approval wait registered. Stop active tool use now and continue on the next agent turn when the approval decision arrives.',
+      })
     }
 
     if (action === 'status') {
@@ -150,7 +161,7 @@ async function executeHumanLoopAction(args: Record<string, unknown>, bctx: { ses
         const watch = getWatchJob(watchJobId)
         return watch ? JSON.stringify(watch) : `Error: watch job "${watchJobId}" not found.`
       }
-      return 'Error: approvalId or watchJobId is required for status.'
+      return 'Error: approvalId or watchJobId is required for status. Use list_mailbox to inspect replies, or wait_for_reply / wait_for_approval to create a durable watch first.'
     }
 
     return `Error: Unknown action "${action}".`
@@ -166,11 +177,30 @@ const HumanLoopPlugin: Plugin = {
   hooks: {
     getCapabilityDescription: () =>
       'I can request structured human input or explicit approvals with `ask_human`, then pause on durable wait handles until the response arrives.',
+    getApprovalGuidance: ({ approval, phase, approved }) => {
+      if (approval.category !== 'human_loop') return null
+      if (phase === 'request') {
+        return [
+          'When this approval is decided, continue the blocked task instead of asking the same human approval question again.',
+          'Use `ask_human` only for fresh questions, durable waits, or status checks. Do not duplicate the same approval request while it is pending.',
+        ]
+      }
+      if (phase === 'connector_reminder') {
+        return 'Approving this lets the agent resume the blocked task without repeating the same human-loop request.'
+      }
+      if (approved !== true) {
+        return 'Do not repeat the rejected human-loop approval request unless the question or requested action materially changes.'
+      }
+      return [
+        'Resume the blocked task immediately after approval.',
+        'Do not call `ask_human` action `request_approval` again for the same exact question.',
+      ]
+    },
   } as PluginHooks,
   tools: [
     {
       name: 'ask_human',
-      description: 'Human-loop tool. Actions: request_input, request_approval, wait_for_reply, wait_for_approval, list_mailbox, ack_mailbox, status.',
+      description: 'Human-loop tool. Use request_input(question, ...) to ask a human, wait_for_reply(correlationId) for durable waiting, list_mailbox to read replies, ack_mailbox(envelopeId) to acknowledge them, and status(approvalId or watchJobId) only when you have an id.',
       parameters: {
         type: 'object',
         properties: {

package/src/lib/server/session-tools/index.ts

@@ -1,7 +1,7 @@
 import { z } from 'zod'
 import { tool, type StructuredToolInterface } from '@langchain/core/tools'
 import type { Session } from '@/types'
-import { loadSettings, loadSessions, saveSessions, loadMcpServers } from '../storage'
+import { loadApprovals, loadSettings, loadSessions, saveSessions, loadMcpServers } from '../storage'
 import { loadRuntimeSettings } from '../runtime-settings'
 import { log } from '../logger'
 import { resolveSessionToolPolicy } from '../tool-capability-policy'
@@ -29,7 +29,6 @@ import { buildCrudTools } from './crud'
 import { buildSessionInfoTools } from './session-info'
 import { buildOpenClawNodeTools } from './openclaw-nodes'
 import { buildContextTools } from './context-mgmt'
-import { buildConnectorTools } from './connector'
 import { buildDiscoveryTools } from './discovery'
 import { buildMonitorTools } from './monitor'
 import { buildSampleUITools } from './sample-ui'
@@ -44,6 +43,7 @@ import { buildDocumentTools } from './document'
 import { buildExtractTools } from './extract'
 import { buildTableTools } from './table'
 import { buildCrawlTools } from './crawl'
+import './connector'
 import { normalizeToolInputArgs } from './normalize-tool-args'
 
 import { getPluginManager } from '../plugins'
@@ -52,6 +52,23 @@ import { jsonSchemaToZod } from '../mcp-client'
 export type { ToolContext, SessionToolsResult }
 export { sweepOrphanedBrowsers, cleanupSessionBrowser, getActiveBrowserCount, hasActiveBrowser }
 
+function approvedToolAccessIds(ctx?: ToolContext): string[] {
+  if (!ctx?.sessionId && !ctx?.agentId) return []
+  const approvals = loadApprovals()
+  const granted = new Set<string>()
+  for (const request of Object.values(approvals) as Array<Record<string, unknown>>) {
+    if (request?.status !== 'approved' || request?.category !== 'tool_access') continue
+    const sessionMatch = ctx.sessionId && request.sessionId === ctx.sessionId
+    const agentMatch = ctx.agentId && request.agentId === ctx.agentId
+    if (!sessionMatch && !agentMatch) continue
+    const toolId = typeof request.data === 'object' && request.data && !Array.isArray(request.data)
+      ? String((request.data as Record<string, unknown>).toolId || (request.data as Record<string, unknown>).pluginId || '').trim()
+      : ''
+    if (toolId) granted.add(toolId)
+  }
+  return [...granted]
+}
+
 export async function buildSessionTools(cwd: string, enabledPlugins: string[], ctx?: ToolContext): Promise<SessionToolsResult> {
   const tools: StructuredToolInterface[] = []
   const cleanupFns: (() => Promise<void>)[] = []
@@ -62,7 +79,26 @@ export async function buildSessionTools(cwd: string, enabledPlugins: string[], c
     const claudeTimeoutMs = runtime.claudeCodeTimeoutMs
     const cliProcessTimeoutMs = runtime.cliProcessTimeoutMs
     const appSettings = loadSettings()
-    const toolPolicy = resolveSessionToolPolicy(enabledPlugins, appSettings)
+    const grantedToolIds = approvedToolAccessIds(ctx)
+    const effectiveEnabledPlugins = Array.from(new Set([
+      ...(Array.isArray(enabledPlugins) ? enabledPlugins : []),
+      ...grantedToolIds,
+    ]))
+    if (ctx?.sessionId && grantedToolIds.length > 0) {
+      const sessions = loadSessions()
+      const currentSession = sessions[ctx.sessionId]
+      if (currentSession) {
+        const currentPlugins = Array.isArray(currentSession.plugins) ? currentSession.plugins : []
+        const mergedPlugins = Array.from(new Set([...currentPlugins, ...grantedToolIds]))
+        if (mergedPlugins.length !== currentPlugins.length) {
+          currentSession.plugins = mergedPlugins
+          currentSession.updatedAt = Date.now()
+          sessions[ctx.sessionId] = currentSession
+          saveSessions(sessions)
+        }
+      }
+    }
+    const toolPolicy = resolveSessionToolPolicy(effectiveEnabledPlugins, appSettings)
     const expandedEnabled = expandPluginIds(toolPolicy.enabledPlugins)
     const expandedBlocked = expandPluginIds(toolPolicy.blockedPlugins.map((entry) => entry.tool))
     const blockedSet = new Set(expandedBlocked)
@@ -72,7 +108,7 @@ export async function buildSessionTools(cwd: string, enabledPlugins: string[], c
       && !filteredEnabled.includes('process')
       && !blockedSet.has('process')
       ? [...filteredEnabled, 'process']
-      : filteredEnabled).filter(t => pluginManager.isEnabled(t))
+      : filteredEnabled).filter((pluginId) => !pluginManager.isExplicitlyDisabled(pluginId))
     const activePluginSet = new Set(activePlugins)
     const hasPlugin = (pluginName: string) => activePluginSet.has(pluginName)
     /** @deprecated Use hasPlugin */
@@ -155,7 +191,6 @@ export async function buildSessionTools(cwd: string, enabledPlugins: string[], c
       ['manage_sessions', buildSessionInfoTools],
       ['openclaw_nodes', buildOpenClawNodeTools],
       ['context_mgmt', buildContextTools],
-      ['manage_connectors', buildConnectorTools],
       ['discovery', buildDiscoveryTools],
       ['monitor', buildMonitorTools],
       ['sample_ui', buildSampleUITools],
@@ -206,13 +241,13 @@ export async function buildSessionTools(cwd: string, enabledPlugins: string[], c
         tools.push(
           tool(
             async (args) => {
-              if (!pluginManager.isEnabled(entry.pluginId)) {
+              if (pluginManager.isExplicitlyDisabled(entry.pluginId)) {
                 throw new Error(`Plugin "${entry.pluginId}" is disabled`)
               }
               try {
                 const normalizedArgs = normalizeToolInputArgs((args ?? {}) as Record<string, unknown>)
                 const res = await pt.execute(normalizedArgs, {
-                  session: { ...ctx, cwd } as any,
+                  session: { ...(ctx || {}), ...bctx } as any,
                   message: '',
                 })
                 pluginManager.recordExternalToolSuccess(entry.pluginId)
@@ -293,14 +328,14 @@ export async function buildSessionTools(cwd: string, enabledPlugins: string[], c
               type: 'tool_request',
               toolId,
               autoApproved: true,
-              message: `Tool access for "${toolId}" was granted. Proceed to use it directly.`,
+              message: `Tool access for "${toolId}" was granted. It will be available on the next agent turn.`,
             })
           }
           return JSON.stringify({
             type: 'tool_request',
             toolId,
             reason,
-            message: `Tool access request sent to user for "${toolId}". Once granted, continue immediately with the original task using the newly available tool.`,
+            message: `Tool access request sent to user for "${toolId}". Once granted, use it on the next agent turn.`,
           })
         },
         {

package/src/lib/server/session-tools/manage-connectors.test.ts

@@ -0,0 +1,139 @@
+import assert from 'node:assert/strict'
+import fs from 'node:fs'
+import os from 'node:os'
+import path from 'node:path'
+import { spawnSync } from 'node:child_process'
+import { describe, it } from 'node:test'
+
+const repoRoot = path.resolve(path.dirname(new URL(import.meta.url).pathname), '../../../..')
+
+function runWithTempDataDir(script: string) {
+  const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-connectors-tool-'))
+  try {
+    const result = spawnSync(process.execPath, ['--import', 'tsx', '--input-type=module', '--eval', script], {
+      cwd: repoRoot,
+      env: {
+        ...process.env,
+        DATA_DIR: path.join(tempDir, 'data'),
+        WORKSPACE_DIR: path.join(tempDir, 'workspace'),
+      },
+      encoding: 'utf-8',
+    })
+    assert.equal(result.status, 0, result.stderr || result.stdout || 'subprocess failed')
+    const lines = (result.stdout || '')
+      .trim()
+      .split('\n')
+      .map((line) => line.trim())
+      .filter(Boolean)
+    const jsonLine = [...lines].reverse().find((line) => line.startsWith('{'))
+    return JSON.parse(jsonLine || '{}')
+  } finally {
+    fs.rmSync(tempDir, { recursive: true, force: true })
+  }
+}
+
+describe('manage_connectors tool', () => {
+  it('drops transient outbound-send args on create', () => {
+    const output = runWithTempDataDir(`
+      const storageMod = await import('./src/lib/server/storage.ts')
+      const crudMod = await import('./src/lib/server/session-tools/crud.ts')
+      const storage = storageMod.default || storageMod
+      const crud = crudMod.default || crudMod
+
+      const tools = crud.buildCrudTools({
+        cwd: process.env.WORKSPACE_DIR,
+        ctx: { sessionId: 'session-1', agentId: 'agent-1', platformAssignScope: 'all' },
+        hasPlugin: (name) => name === 'manage_connectors',
+      })
+      const tool = tools.find((entry) => entry.name === 'manage_connectors')
+      await tool.invoke({
+        action: 'create',
+        data: JSON.stringify({
+          name: 'Main WhatsApp',
+          platform: 'whatsapp',
+          agentId: 'agent-1',
+          enabled: true,
+          action: 'send_voice_note',
+          message: 'hello',
+          mediaPath: 'voice_note_gran.mp3',
+          connectorId: 'd81cd63b',
+          config: {
+            taskFollowups: true,
+            action: 'send',
+          },
+        }),
+      })
+
+      const connector = Object.values(storage.loadConnectors())[0]
+      console.log(JSON.stringify({ connector }))
+    `)
+
+    assert.equal(output.connector.name, 'Main WhatsApp')
+    assert.equal(output.connector.platform, 'whatsapp')
+    assert.equal(output.connector.agentId, 'agent-1')
+    assert.equal(output.connector.isEnabled, true)
+    assert.equal(output.connector.action, undefined)
+    assert.equal(output.connector.message, undefined)
+    assert.equal(output.connector.mediaPath, undefined)
+    assert.equal(output.connector.connectorId, undefined)
+    assert.deepEqual(output.connector.config, {
+      taskFollowups: 'true',
+      action: 'send',
+    })
+  })
+
+  it('ignores send-like update payloads instead of mutating connector routing state', () => {
+    const output = runWithTempDataDir(`
+      const storageMod = await import('./src/lib/server/storage.ts')
+      const crudMod = await import('./src/lib/server/session-tools/crud.ts')
+      const storage = storageMod.default || storageMod
+      const crud = crudMod.default || crudMod
+
+      const now = Date.now()
+      storage.saveConnectors({
+        conn_1: {
+          id: 'conn_1',
+          name: 'Main WhatsApp',
+          platform: 'whatsapp',
+          agentId: 'e355bf7a',
+          credentialId: 'cred-1',
+          config: {
+            allowFrom: 'me',
+          },
+          isEnabled: true,
+          status: 'running',
+          createdAt: now,
+          updatedAt: now,
+        },
+      })
+
+      const tools = crud.buildCrudTools({
+        cwd: process.env.WORKSPACE_DIR,
+        ctx: { sessionId: 'session-1', agentId: 'e355bf7a', platformAssignScope: 'all' },
+        hasPlugin: (name) => name === 'manage_connectors',
+      })
+      const tool = tools.find((entry) => entry.name === 'manage_connectors')
+      const raw = await tool.invoke({
+        action: 'update',
+        id: 'conn_1',
+        data: JSON.stringify({
+          action: 'send',
+          message: 'hello there',
+          mediaPath: 'voice_note_gran.mp3',
+          connectorId: 'conn_1',
+        }),
+      })
+
+      const connector = storage.loadConnectors().conn_1
+      console.log(JSON.stringify({ raw, connector }))
+    `)
+
+    assert.equal(output.connector.agentId, 'e355bf7a')
+    assert.equal(output.connector.credentialId, 'cred-1')
+    assert.deepEqual(output.connector.config, { allowFrom: 'me' })
+    assert.equal(output.connector.action, undefined)
+    assert.equal(output.connector.message, undefined)
+    assert.equal(output.connector.mediaPath, undefined)
+    assert.equal(output.connector.connectorId, undefined)
+  })
+})