@swarmclawai/swarmclaw 0.8.2 → 0.8.3

package/README.md

@@ -148,7 +148,7 @@ curl -fsSL https://raw.githubusercontent.com/swarmclawai/swarmclaw/main/install.
 ```
 
 The installer resolves the latest stable release tag and installs that version by default.
-To pin a version: `SWARMCLAW_VERSION=v0.8.2 curl ... | bash`
+To pin a version: `SWARMCLAW_VERSION=v0.8.3 curl ... | bash`
 
 Or run locally from the repo (friendly for non-technical users):
 
@@ -701,7 +701,7 @@ npm run update:easy     # safe update helper for local installs
 SwarmClaw uses tag-based releases (`vX.Y.Z`) as the stable channel.
 
 ```bash
-# example minor release (v0.8.2 style)
+# example minor release (v0.8.3 style)
 npm version minor
 git push origin main --follow-tags
 ```
@@ -711,14 +711,14 @@ On `v*` tags, GitHub Actions will:
 2. Create a GitHub Release
 3. Build and publish Docker images to `ghcr.io/swarmclawai/swarmclaw` (`:vX.Y.Z`, `:latest`, `:sha-*`)
 
-#### v0.8.2 Release Readiness Notes
+#### v0.8.3 Release Readiness Notes
 
-Before shipping `v0.8.2`, confirm the following user-facing changes are reflected in docs:
+Before shipping `v0.8.3`, confirm the following user-facing changes are reflected in docs:
 
-1. Runtime/defaults docs mention the higher default agent recursion limit so long-running bounded turns get more headroom without custom tuning.
-2. Memory/tooling docs mention the narrower direct-memory-write routing: remember-and-confirm turns stay on `memory_store`/`memory_update`, bundled related facts should be stored as one canonical write, and same-thread recall should not steal those turns.
-3. File-output guidance notes that exact bullet-count and titled-section constraints are now treated as hard structure requirements during deliverable follow-through.
-4. Site and README install/version strings are updated to `v0.8.2`, including install snippets, release notes index text, and sidebar/footer labels.
+1. Chat/session docs note that the chat index now serves lightweight session summaries instead of full transcript payloads, and full messages are loaded from per-chat endpoints.
+2. Operator/runtime docs note that the daemon once again owns scheduler/queue startup; background services should be described from the daemon controls rather than as unconditional boot behavior.
+3. Local auth/troubleshooting docs mention that development-like runtimes are detected even when `NODE_ENV` is unset, so local rate limits and bootstrap timeouts now behave like dev instead of production.
+4. Site and README install/version strings are updated to `v0.8.3`, including install snippets, release notes index text, and sidebar/footer labels.
 
 ## CLI
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "0.8.2",
+  "version": "0.8.3",
   "description": "Self-hosted AI agent orchestration dashboard — manage LLM providers, orchestrate agent swarms, schedule tasks, and bridge agents to chat platforms.",
   "license": "MIT",
   "publishConfig": {
@@ -42,7 +42,7 @@
     "quickstart": "node ./scripts/easy-setup.mjs --start",
     "quickstart:prod": "node ./scripts/easy-setup.mjs --prod",
     "update:easy": "node ./scripts/easy-update.mjs",
-    "dev": "next dev --hostname 0.0.0.0 -p 3456",
+    "dev": "next dev --webpack --hostname 0.0.0.0 -p 3456",
     "dev:webpack": "next dev --webpack --hostname 0.0.0.0 -p 3456",
     "dev:clean": "rm -rf .next && next dev --hostname 0.0.0.0 -p 3456",
     "build": "next build",

package/src/app/api/agents/route.ts

@@ -3,15 +3,18 @@ import { genId } from '@/lib/id'
 import { loadAgents, loadSessions, loadUsage, saveAgents, logActivity } from '@/lib/server/storage'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 import { notify } from '@/lib/server/ws-hub'
-import { ensureDaemonStarted } from '@/lib/server/daemon-state'
 import { getAgentSpendWindows } from '@/lib/server/cost'
 import { AgentCreateSchema, formatZodError } from '@/lib/validation/schemas'
 import { z } from 'zod'
 export const dynamic = 'force-dynamic'
 
+async function ensureDaemonIfNeeded(source: string) {
+  const { ensureDaemonStarted } = await import('@/lib/server/daemon-state')
+  ensureDaemonStarted(source)
+}
+
 
 export async function GET(req: Request) {
-  ensureDaemonStarted('api/agents:get')
   const agents = loadAgents()
   const sessions = loadSessions()
   const usage = loadUsage()
@@ -44,7 +47,7 @@ export async function GET(req: Request) {
 }
 
 export async function POST(req: Request) {
-  ensureDaemonStarted('api/agents:post')
+  await ensureDaemonIfNeeded('api/agents:post')
   const raw = await req.json()
   const parsed = AgentCreateSchema.safeParse(raw)
   if (!parsed.success) {

package/src/app/api/auth/route.ts

@@ -1,7 +1,7 @@
 import { NextResponse } from 'next/server'
 import { validateAccessKey, isFirstTimeSetup, markSetupComplete } from '@/lib/server/storage'
-import { ensureDaemonStarted } from '@/lib/server/daemon-state'
 import { AUTH_COOKIE_NAME, getCookieValue } from '@/lib/auth'
+import { isProductionRuntime } from '@/lib/runtime-env'
 export const dynamic = 'force-dynamic'
 
 interface AuthAttemptEntry {
@@ -16,6 +16,10 @@ const authRateLimitMap = (
 const MAX_ATTEMPTS = 5
 const LOCKOUT_MS = 15 * 60 * 1000
 
+function isRateLimitEnabled(): boolean {
+  return isProductionRuntime()
+}
+
 function getClientIp(req: Request): string {
   const forwarded = req.headers.get('x-forwarded-for')
   if (forwarded) {
@@ -59,9 +63,10 @@ export async function GET(req: Request) {
 
 /** POST /api/auth — validate an access key */
 export async function POST(req: Request) {
+  const rateLimitEnabled = isRateLimitEnabled()
   const clientIp = getClientIp(req)
-  const entry = authRateLimitMap.get(clientIp)
-  if (entry && entry.lockedUntil > Date.now()) {
+  const entry = rateLimitEnabled ? authRateLimitMap.get(clientIp) : undefined
+  if (rateLimitEnabled && entry && entry.lockedUntil > Date.now()) {
     const retryAfter = Math.ceil((entry.lockedUntil - Date.now()) / 1000)
     return clearAuthCookie(NextResponse.json(
       { error: 'Too many failed attempts. Try again later.', retryAfter },
@@ -71,26 +76,31 @@ export async function POST(req: Request) {
 
   const { key } = await req.json()
   if (!key || !validateAccessKey(key)) {
-    const current = authRateLimitMap.get(clientIp) ?? { count: 0, lockedUntil: 0 }
-    current.count += 1
-    if (current.count >= MAX_ATTEMPTS) {
-      current.lockedUntil = Date.now() + LOCKOUT_MS
+    let remaining = MAX_ATTEMPTS
+    if (rateLimitEnabled) {
+      const current = authRateLimitMap.get(clientIp) ?? { count: 0, lockedUntil: 0 }
+      current.count += 1
+      if (current.count >= MAX_ATTEMPTS) {
+        current.lockedUntil = Date.now() + LOCKOUT_MS
+      }
+      authRateLimitMap.set(clientIp, current)
+      remaining = Math.max(0, MAX_ATTEMPTS - current.count)
     }
-    authRateLimitMap.set(clientIp, current)
     return clearAuthCookie(NextResponse.json(
       { error: 'Invalid access key' },
       {
         status: 401,
-        headers: { 'X-RateLimit-Remaining': String(Math.max(0, MAX_ATTEMPTS - current.count)) },
+        headers: { 'X-RateLimit-Remaining': String(remaining) },
       },
     ))
   }
 
-  authRateLimitMap.delete(clientIp)
+  if (rateLimitEnabled) authRateLimitMap.delete(clientIp)
   // If this was first-time setup, mark it as claimed
   if (isFirstTimeSetup()) {
     markSetupComplete()
   }
+  const { ensureDaemonStarted } = await import('@/lib/server/daemon-state')
   ensureDaemonStarted('api/auth:post')
   return setAuthCookie(NextResponse.json({ ok: true }), req, key)
 }

package/src/app/api/chats/[id]/devserver/route.ts

@@ -5,6 +5,13 @@ import { notFound } from '@/lib/server/collection-helpers'
 import { resolveDevServerLaunchDir } from '@/lib/server/devserver-launch'
 import net from 'net'
 
+interface DevServerStartResult {
+  status?: number
+  body: Record<string, unknown>
+}
+
+const inflightDevServerStarts = new Map<string, Promise<DevServerStartResult>>()
+
 function findFreePort(): Promise<number> {
   return new Promise((resolve, reject) => {
     const server = net.createServer()
@@ -24,73 +31,92 @@ function buildDevArgs(framework: string, port: number): string[] {
   return ['--', '--host', '0.0.0.0', '--port', String(port)]
 }
 
-export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
-  const { id } = await params
-  const sessions = loadSessions()
-  const session = sessions[id]
-  if (!session) return notFound()
-
-  const { action } = await req.json()
-
-  if (action === 'start') {
-    if (devServers.has(id)) {
-      const ds = devServers.get(id)!
-      return NextResponse.json({ running: true, url: ds.url })
-    }
+async function startDevServer(id: string, session: { cwd: string }): Promise<DevServerStartResult> {
+  const launch = resolveDevServerLaunchDir(session.cwd)
+  const port = await findFreePort()
+  const proc = spawn('npm', ['run', 'dev', ...buildDevArgs(launch.framework, port)], {
+    cwd: launch.launchDir,
+    stdio: ['ignore', 'pipe', 'pipe'],
+    env: { ...process.env, FORCE_COLOR: '0', PORT: String(port) },
+  })
 
-    const launch = resolveDevServerLaunchDir(session.cwd)
-    const port = await findFreePort()
-    const proc = spawn('npm', ['run', 'dev', ...buildDevArgs(launch.framework, port)], {
-      cwd: launch.launchDir,
-      stdio: ['ignore', 'pipe', 'pipe'],
-      env: { ...process.env, FORCE_COLOR: '0', PORT: String(port) },
-    })
+  let output = ''
+  let detectedUrl: string | null = null
+  const urlRe = /https?:\/\/(?:localhost|0\.0\.0\.0|[\d.]+):(\d+)/
 
-    let output = ''
-    let detectedUrl: string | null = null
-    const urlRe = /https?:\/\/(?:localhost|0\.0\.0\.0|[\d.]+):(\d+)/
-
-    function onData(chunk: Buffer) {
-      output += chunk.toString()
-      if (!detectedUrl) {
-        const match = output.match(urlRe)
-        if (match) {
-          const port = match[1]
-          detectedUrl = `http://${localIP()}:${port}`
-          const ds = devServers.get(id)
-          if (ds) ds.url = detectedUrl
-        }
+  function onData(chunk: Buffer) {
+    output += chunk.toString()
+    if (!detectedUrl) {
+      const match = output.match(urlRe)
+      if (match) {
+        const detectedPort = match[1]
+        detectedUrl = `http://${localIP()}:${detectedPort}`
+        const ds = devServers.get(id)
+        if (ds) ds.url = detectedUrl
       }
     }
+  }
 
-    proc.stdout!.on('data', onData)
-    proc.stderr!.on('data', onData)
-    proc.on('close', () => { devServers.delete(id); console.log(`[${id}] dev server stopped`) })
-    proc.on('error', () => devServers.delete(id))
+  proc.stdout!.on('data', onData)
+  proc.stderr!.on('data', onData)
+  proc.on('close', () => { devServers.delete(id); console.log(`[${id}] dev server stopped`) })
+  proc.on('error', () => devServers.delete(id))
 
-    devServers.set(id, { proc, url: `http://${localIP()}:${port}` })
-    console.log(`[${id}] starting dev server in ${launch.launchDir} (session cwd=${session.cwd})`)
+  devServers.set(id, { proc, url: `http://${localIP()}:${port}` })
+  console.log(`[${id}] starting dev server in ${launch.launchDir} (session cwd=${session.cwd})`)
 
-    // Wait for URL detection
-    await new Promise(resolve => setTimeout(resolve, 4000))
-    const ds = devServers.get(id)
-    if (!ds) {
-      return NextResponse.json({
+  await new Promise((resolve) => setTimeout(resolve, 4000))
+  const ds = devServers.get(id)
+  if (!ds) {
+    return {
+      status: 502,
+      body: {
         running: false,
         error: 'Dev server exited during startup',
         cwd: launch.launchDir,
         sessionCwd: session.cwd,
         framework: launch.framework,
         output: output.slice(-4000),
-      }, { status: 502 })
+      },
     }
-    return NextResponse.json({
+  }
+
+  return {
+    body: {
       running: true,
       url: ds.url,
       cwd: launch.launchDir,
       sessionCwd: session.cwd,
       framework: launch.framework,
-    })
+    },
+  }
+}
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const sessions = loadSessions()
+  const session = sessions[id]
+  if (!session) return notFound()
+
+  const { action } = await req.json()
+
+  if (action === 'start') {
+    if (devServers.has(id)) {
+      const ds = devServers.get(id)!
+      return NextResponse.json({ running: true, url: ds.url })
+    }
+
+    let startPromise = inflightDevServerStarts.get(id)
+    if (!startPromise) {
+      startPromise = startDevServer(id, session).finally(() => {
+        if (inflightDevServerStarts.get(id) === startPromise) {
+          inflightDevServerStarts.delete(id)
+        }
+      })
+      inflightDevServerStarts.set(id, startPromise)
+    }
+    const result = await startPromise
+    return NextResponse.json(result.body, result.status ? { status: result.status } : undefined)
 
   } else if (action === 'stop') {
     if (devServers.has(id)) {

package/src/app/api/chats/[id]/route.ts

@@ -1,8 +1,23 @@
 import { NextResponse } from 'next/server'
-import { loadSessions, saveSessions, deleteSession, active, loadAgents } from '@/lib/server/storage'
+import { loadSessions, saveSessions, deleteSession, active, loadAgents, loadStoredItem } from '@/lib/server/storage'
 import { notFound } from '@/lib/server/collection-helpers'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 import { resolvePrimaryAgentRoute } from '@/lib/server/agent-runtime-config'
+import { getSessionRunState } from '@/lib/server/session-run-manager'
+import type { Session } from '@/types'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const session = loadStoredItem('sessions', id) as Session | null
+  if (!session) return notFound()
+
+  const run = getSessionRunState(id)
+  session.active = active.has(id) || !!run.runningRunId
+  session.queuedCount = run.queueLength
+  session.currentRunId = run.runningRunId || null
+
+  return NextResponse.json(session)
+}
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params

package/src/app/api/chats/route.ts

@@ -10,12 +10,16 @@ import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 import { applyResolvedRoute, resolvePrimaryAgentRoute } from '@/lib/server/agent-runtime-config'
 import { buildAgentDisabledMessage, isAgentDisabled } from '@/lib/server/agent-availability'
 import { materializeStreamingAssistantArtifacts } from '@/lib/chat-streaming-state'
-import { ensureDaemonStarted } from '@/lib/server/daemon-state'
+import { buildSessionListSummary } from '@/lib/session-summary'
 export const dynamic = 'force-dynamic'
 
+async function ensureDaemonIfNeeded(source: string) {
+  const { ensureDaemonStarted } = await import('@/lib/server/daemon-state')
+  ensureDaemonStarted(source)
+}
+
 
 export async function GET(req: Request) {
-  ensureDaemonStarted('api/chats:get')
   const sessions = loadSessions()
   const changedSessionIds: string[] = []
   for (const id of Object.keys(sessions)) {
@@ -35,19 +39,23 @@ export async function GET(req: Request) {
     upsertStoredItem('sessions', id, persisted)
   }
 
+  const summarized = Object.fromEntries(
+    Object.entries(sessions).map(([id, session]) => [id, buildSessionListSummary(session)]),
+  )
+
   const { searchParams } = new URL(req.url)
   const limitParam = searchParams.get('limit')
-  if (!limitParam) return NextResponse.json(sessions)
+  if (!limitParam) return NextResponse.json(summarized)
 
   const limit = Math.max(1, Number(limitParam) || 50)
   const offset = Math.max(0, Number(searchParams.get('offset')) || 0)
-  const all = Object.values(sessions).sort((a, b) => (b.lastActiveAt ?? b.createdAt) - (a.lastActiveAt ?? a.createdAt))
+  const all = Object.values(summarized).sort((a, b) => (b.lastActiveAt ?? b.createdAt) - (a.lastActiveAt ?? a.createdAt))
   const items = all.slice(offset, offset + limit)
   return NextResponse.json({ items, total: all.length, hasMore: offset + limit < all.length })
 }
 
 export async function DELETE(req: Request) {
-  ensureDaemonStarted('api/chats:delete')
+  await ensureDaemonIfNeeded('api/chats:delete')
   const { ids } = await req.json().catch(() => ({ ids: [] })) as { ids: string[] }
   if (!Array.isArray(ids) || !ids.length) {
     return new NextResponse('Missing ids', { status: 400 })
@@ -68,7 +76,7 @@ export async function DELETE(req: Request) {
 }
 
 export async function POST(req: Request) {
-  ensureDaemonStarted('api/chats:post')
+  await ensureDaemonIfNeeded('api/chats:post')
   const body = await req.json().catch(() => ({}))
   let cwd = (body.cwd || '').trim()
   if (cwd.startsWith('~/')) cwd = path.join(os.homedir(), cwd.slice(2))

package/src/app/api/daemon/route.ts

@@ -1,11 +1,10 @@
 import { NextResponse } from 'next/server'
-import { ensureDaemonStarted, getDaemonStatus, startDaemon, stopDaemon } from '@/lib/server/daemon-state'
 import { notify } from '@/lib/server/ws-hub'
 export const dynamic = 'force-dynamic'
 
 
-export async function GET(_req: Request) {
-  ensureDaemonStarted('api/daemon:get')
+export async function GET() {
+  const { getDaemonStatus } = await import('@/lib/server/daemon-state')
   return NextResponse.json(getDaemonStatus())
 }
 
@@ -14,10 +13,12 @@ export async function POST(req: Request) {
   const action = body.action
 
   if (action === 'start') {
+    const { startDaemon } = await import('@/lib/server/daemon-state')
     startDaemon({ source: 'api/daemon:post:start', manualStart: true })
     notify('daemon')
     return NextResponse.json({ ok: true, status: 'running' })
   } else if (action === 'stop') {
+    const { stopDaemon } = await import('@/lib/server/daemon-state')
     stopDaemon({ source: 'api/daemon:post:stop', manualStop: true })
     notify('daemon')
     return NextResponse.json({ ok: true, status: 'stopped' })

package/src/app/api/openclaw/approvals/route.ts

@@ -1,11 +1,11 @@
 import { NextResponse } from 'next/server'
-import { ensureGatewayConnected } from '@/lib/server/openclaw-gateway'
+import { ensureGatewayConnected, getGateway } from '@/lib/server/openclaw-gateway'
 import type { PendingExecApproval, ExecApprovalDecision } from '@/types'
 
 /** GET — fetch pending execution approvals from gateway */
 export async function GET() {
-  const gw = await ensureGatewayConnected()
-  if (!gw) {
+  const gw = getGateway()
+  if (!gw?.connected) {
     return NextResponse.json([], { status: 200 })
   }
 

package/src/app/api/wallets/[id]/route.ts

@@ -3,7 +3,7 @@ import { loadWallets, upsertWallet, deleteWallet as deleteWalletFromStore, loadA
 import { notify } from '@/lib/server/ws-hub'
 import { getWalletLimitAtomic, normalizeAtomicString } from '@/lib/wallet'
 import type { AgentWallet, WalletAssetBalance, WalletPortfolioSummary } from '@/types'
-import { buildEmptyWalletPortfolio } from '@/lib/server/wallet-portfolio'
+import { buildEmptyWalletPortfolio, getCachedWalletPortfolio } from '@/lib/server/wallet-portfolio'
 import {
   getAgentActiveWalletId,
   getWalletPortfolioSnapshot,
@@ -43,12 +43,28 @@ function withPortfolio(
   }
 }
 
-export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+export async function GET(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const wallets = loadWallets() as Record<string, AgentWallet>
   const wallet = wallets[id]
   if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
 
+  const url = new URL(req.url)
+  const cachedOnly = url.searchParams.get('cached') === '1'
+  const agents = loadAgents()
+  const isActive = getAgentActiveWalletId(agents[wallet.agentId]) === wallet.id
+
+  if (cachedOnly) {
+    const cached = getCachedWalletPortfolio(wallet)
+    if (!cached) {
+      return NextResponse.json({
+        ...stripWalletPrivateKey(wallet as unknown as Record<string, unknown>),
+        isActive,
+      })
+    }
+    return NextResponse.json(withPortfolio(wallet, cached, isActive))
+  }
+
   let portfolio = buildEmptyWalletPortfolio(wallet)
   try {
     portfolio = await getWalletPortfolioSnapshot(wallet, {
@@ -59,8 +75,6 @@ export async function GET(_req: Request, { params }: { params: Promise<{ id: str
     // RPC failure — return 0
   }
 
-  const agents = loadAgents()
-  const isActive = getAgentActiveWalletId(agents[wallet.agentId]) === wallet.id
   return NextResponse.json(withPortfolio(wallet, portfolio, isActive))
 }
 

package/src/app/page.tsx

@@ -7,7 +7,7 @@ import { getStoredAccessKey, clearStoredAccessKey, api } from '@/lib/api-client'
 import { safeStorageGet, safeStorageRemove, safeStorageSet } from '@/lib/safe-storage'
 import { connectWs, disconnectWs } from '@/lib/ws-client'
 import { fetchWithTimeout } from '@/lib/fetch-timeout'
-import { isLocalhostBrowser } from '@/lib/local-observability'
+import { isDevelopmentLikeRuntime } from '@/lib/runtime-env'
 import { useWs } from '@/hooks/use-ws'
 import { AccessKeyGate } from '@/components/auth/access-key-gate'
 import { UserPicker } from '@/components/auth/user-picker'
@@ -16,8 +16,8 @@ import { AppLayout } from '@/components/layout/app-layout'
 import { useViewRouter } from '@/hooks/use-view-router'
 import type { Agent } from '@/types'
 
-const AUTH_CHECK_TIMEOUT_MS = 8_000
-const POST_AUTH_BOOTSTRAP_TIMEOUT_MS = 8_000
+const AUTH_CHECK_TIMEOUT_MS = isDevelopmentLikeRuntime() ? 20_000 : 8_000
+const POST_AUTH_BOOTSTRAP_TIMEOUT_MS = isDevelopmentLikeRuntime() ? 20_000 : 8_000
 
 function FullScreenLoader(props: {
   stage?: string | null
@@ -202,17 +202,22 @@ export default function Home() {
   })
 
   const checkAuth = useCallback(async () => {
-    const key = getStoredAccessKey()
-    if (!key) {
-      try {
-        const res = await fetchWithTimeout('/api/auth', {}, AUTH_CHECK_TIMEOUT_MS)
-        const data = await res.json().catch(() => ({}))
-        setAuthenticated(data?.authenticated === true)
-      } catch {
-        setAuthenticated(false)
-      } finally {
+    try {
+      const res = await fetchWithTimeout('/api/auth', {}, AUTH_CHECK_TIMEOUT_MS)
+      const data = await res.json().catch(() => ({}))
+      if (data?.authenticated === true) {
+        setAuthenticated(true)
         setAuthChecked(true)
+        return
       }
+    } catch {
+      // Fall back to stored-key bootstrap below if the auth probe is unavailable.
+    }
+
+    const key = getStoredAccessKey()
+    if (!key) {
+      setAuthenticated(false)
+      setAuthChecked(true)
       return
     }
 
@@ -260,8 +265,7 @@ export default function Home() {
 
   useEffect(() => {
     if (!authenticated) return
-    const key = getStoredAccessKey()
-    if (key) connectWs(key)
+    connectWs()
     syncUserFromServer()
     loadNetworkInfo()
     loadSettings()
@@ -269,15 +273,7 @@ export default function Home() {
     return () => { disconnectWs() }
   }, [authenticated])
 
-  useWs('sessions', loadSessions, 5000)
-
-  useEffect(() => {
-    if (!authenticated || !isLocalhostBrowser()) return
-    const pollId = setInterval(() => {
-      void loadSessions()
-    }, 5000)
-    return () => clearInterval(pollId)
-  }, [authenticated, loadSessions])
+  useWs('sessions', loadSessions, 15000)
 
   // Auto-select agent's thread on load — resolves a persisted agentId into a session,
   // or falls back to defaultAgentId from settings, then first agent.

package/src/cli/index.js

@@ -490,7 +490,7 @@ const COMMAND_GROUPS = [
     description: 'Manage agent chats and runtime controls',
     commands: [
       cmd('list', 'GET', '/chats', 'List chats'),
-      cmd('get', 'GET', '/chats/:id', 'Get chat by id', { virtual: true, clientGetRoute: '/chats' }),
+      cmd('get', 'GET', '/chats/:id', 'Get chat by id'),
       cmd('create', 'POST', '/chats', 'Create chat', { expectsJsonBody: true }),
       cmd('update', 'PUT', '/chats/:id', 'Update chat', { expectsJsonBody: true }),
       cmd('delete', 'DELETE', '/chats/:id', 'Delete chat'),

package/src/cli/spec.js

@@ -379,7 +379,7 @@ const COMMAND_GROUPS = {
     commands: {
       list: { description: 'List chats', method: 'GET', path: '/chats' },
       create: { description: 'Create chat', method: 'POST', path: '/chats' },
-      get: { description: 'Get chat by id (from list)', virtualGet: true, collectionPath: '/chats', params: ['id'] },
+      get: { description: 'Get chat by id', method: 'GET', path: '/chats/:id', params: ['id'] },
       update: { description: 'Update chat fields', method: 'PUT', path: '/chats/:id', params: ['id'] },
       delete: { description: 'Delete one chat', method: 'DELETE', path: '/chats/:id', params: ['id'] },
       'delete-many': { description: 'Delete multiple chats (body: {"ids":[...]})', method: 'DELETE', path: '/chats' },

package/src/components/auth/access-key-gate.tsx

@@ -55,11 +55,13 @@ export function AccessKeyGate({ onAuthenticated }: AccessKeyGateProps) {
         setStoredAccessKey(trimmed)
         onAuthenticated()
       } else {
-        setError('Invalid access key')
+        const payload = await res.json().catch(() => null) as { error?: unknown } | null
+        setError(typeof payload?.error === 'string' && payload.error.trim() ? payload.error : 'Invalid access key')
         setKey('')
       }
-    } catch {
-      setError('Connection failed')
+    } catch (err) {
+      const message = err instanceof Error && err.message.trim() ? err.message : 'Connection failed'
+      setError(message)
     } finally {
       setLoading(false)
     }