@swarmclawai/swarmclaw 0.9.4 → 0.9.6

package/README.md

@@ -155,7 +155,7 @@ curl -fsSL https://raw.githubusercontent.com/swarmclawai/swarmclaw/main/install.
 The installer resolves the latest stable release tag and installs that version by default.
 It also builds the production bundle so `npm run start` is ready immediately after install.
 No Deno install is required; local sandbox execution is Docker-first with automatic host Node fallback.
-To pin a version: `SWARMCLAW_VERSION=v0.9.4 curl ... | bash`
+To pin a version: `SWARMCLAW_VERSION=v0.9.6 curl ... | bash`
 
 Or run locally from the repo (friendly for non-technical users):
 
@@ -729,15 +729,15 @@ On `v*` tags, GitHub Actions will:
 2. Create a GitHub Release
 3. Build and publish Docker images to `ghcr.io/swarmclawai/swarmclaw` (`:vX.Y.Z`, `:latest`, `:sha-*`)
 
-#### v0.9.4 Release Readiness Notes
+#### v0.9.6 Release Readiness Notes
 
-Before shipping `v0.9.4`, confirm the following user-facing changes are reflected in docs:
+Before shipping `v0.9.6`, confirm the following user-facing changes are reflected in docs:
 
-1. Skills docs explain that local skills are discoverable by default, while `skillIds` now mean pinned always-on skills for an agent.
-2. Runtime-skill docs mention executable skill metadata, on-demand selection, and the `use_skill` / `manage_skills` flow instead of implying every discovered skill is inlined into the prompt.
-3. Connector/heartbeat docs mention that routable connector state is kept on direct connector sessions only, sender quiet-boundary memories are enforced before reply generation, and tool-only heartbeats no longer pollute visible main-thread history.
-4. Site and README install/version strings are updated to `v0.9.4`, including pinned install snippets, release notes index text, and sidebar/footer labels.
-5. The release tag, npm package version, and generated GitHub release install snippet all agree on the non-prefixed npm version (`0.9.4`) versus the git tag (`v0.9.4`).
+1. Wallet docs explain the new global wallet approval override in Settings/Wallets, and note that per-wallet approval toggles remain stored but are ignored when the global switch is off.
+2. Runtime/autonomy docs mention the continuation hardening for long-running tasks: intent-only kickoff replies now get one bounded followthrough, and chat-originated progress runs can schedule a bounded main-loop continuation without waiting for another user ping.
+3. Skills/runtime docs still explain that local skills are discoverable by default, pinned skills stay always-on, and `use_skill` is the runtime path for selection/loading/dispatch.
+4. Site and README install/version strings are updated to `v0.9.6`, including release notes index text and any pinned install snippets.
+5. The release tag, npm package version, and generated GitHub release install snippet all agree on the non-prefixed npm version (`0.9.6`) versus the git tag (`v0.9.6`).
 
 ## CLI
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "0.9.4",
+  "version": "0.9.6",
   "description": "Self-hosted AI agent orchestration dashboard — manage LLM providers, orchestrate agent swarms, schedule tasks, and bridge agents to chat platforms.",
   "license": "MIT",
   "publishConfig": {

package/src/app/api/settings/route.ts

@@ -129,6 +129,7 @@ export async function PUT(req: Request) {
   settings.taskQualityGateRequireReport = parseBoolSetting(settings.taskQualityGateRequireReport, false)
   settings.taskManagementEnabled = parseBoolSetting(settings.taskManagementEnabled, true)
   settings.projectManagementEnabled = parseBoolSetting(settings.projectManagementEnabled, true)
+  settings.walletApprovalsEnabled = parseBoolSetting(settings.walletApprovalsEnabled, true)
   settings.integrityMonitorEnabled = parseBoolSetting(settings.integrityMonitorEnabled, true)
   settings.daemonAutostartEnabled = parseBoolSetting(settings.daemonAutostartEnabled, true)
   settings.sessionResetMode = settings.sessionResetMode === 'daily' ? 'daily' : settings.sessionResetMode === 'idle' ? 'idle' : null

package/src/app/api/wallets/[id]/send/route.ts

@@ -1,12 +1,17 @@
 import { NextResponse } from 'next/server'
 import { genId } from '@/lib/id'
-import { loadWallets, upsertWalletTransaction } from '@/lib/server/storage'
+import { loadSettings, loadWallets, upsertWalletTransaction } from '@/lib/server/storage'
 import { notify } from '@/lib/server/ws-hub'
 import type { AgentWallet, WalletTransaction } from '@/types'
 import {
   normalizeAtomicString,
 } from '@/lib/wallet/wallet'
-import { isValidWalletAddress, sendWalletNativeAsset, validateWalletSendLimits } from '@/lib/server/wallet/wallet-service'
+import {
+  isValidWalletAddress,
+  sendWalletNativeAsset,
+  validateWalletSendLimits,
+  walletRequiresApproval,
+} from '@/lib/server/wallet/wallet-service'
 import { errorMessage } from '@/lib/shared-utils'
 export const dynamic = 'force-dynamic'
 
@@ -15,6 +20,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   const wallets = loadWallets() as Record<string, AgentWallet>
   const wallet = wallets[id]
   if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+  const settings = loadSettings()
 
   const body = await req.json()
   const toAddress = typeof body.toAddress === 'string' ? body.toAddress.trim() : ''
@@ -32,8 +38,8 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   const txId = genId(8)
   const now = Date.now()
 
-  // If requireApproval, create pending tx and return it
-  if (wallet.requireApproval) {
+  // When approvals are enabled globally and for this wallet, create a pending request instead of sending.
+  if (walletRequiresApproval(wallet, settings)) {
     const pendingTx: WalletTransaction = {
       id: txId,
       walletId: id,

package/src/app/api/wallets/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import { loadAgents, loadWallets } from '@/lib/server/storage'
+import { loadAgents, loadSettings, loadWallets } from '@/lib/server/storage'
 import { createAgentWallet, getAgentActiveWalletId, getWalletPortfolioSnapshot, stripWalletPrivateKey } from '@/lib/server/wallet/wallet-service'
 import { buildEmptyWalletPortfolio } from '@/lib/server/wallet/wallet-portfolio'
 import type { AgentWallet, WalletPortfolioSummary } from '@/types'
@@ -62,13 +62,16 @@ export async function GET(req: Request) {
 
 export async function POST(req: Request) {
   const body = await req.json()
+  const settings = loadSettings()
   try {
     const wallet = createAgentWallet({
       agentId: body.agentId,
       chain: body.chain,
       provider: body.provider,
       label: body.label,
-      requireApproval: body.requireApproval,
+      requireApproval: typeof body.requireApproval === 'boolean'
+        ? body.requireApproval
+        : settings.walletApprovalsEnabled !== false,
       spendingLimitAtomic: body.spendingLimitAtomic ?? body.spendingLimitLamports,
       dailyLimitAtomic: body.dailyLimitAtomic ?? body.dailyLimitLamports,
     })

package/src/app/settings/page.tsx

@@ -11,6 +11,7 @@ import { ThemeSection } from '@/views/settings/section-theme'
 import { OrchestratorSection } from '@/views/settings/section-orchestrator'
 import { RuntimeLoopSection } from '@/views/settings/section-runtime-loop'
 import { CapabilityPolicySection } from '@/views/settings/section-capability-policy'
+import { WalletsSection } from '@/views/settings/section-wallets'
 import { StorageSection } from '@/views/settings/section-storage'
 import { VoiceSection } from '@/views/settings/section-voice'
 import { WebSearchSection } from '@/views/settings/section-web-search'
@@ -147,6 +148,14 @@ export default function SettingsRoute() {
       keywords: ['storage', 'uploads', 'disk', 'cleanup', 'files'],
       render: () => <StorageSection {...sectionProps} />,
     },
+    {
+      id: 'wallets',
+      tabId: 'general',
+      title: 'Wallets',
+      description: 'Control global wallet approval behavior and auto-execution defaults.',
+      keywords: ['wallet', 'wallets', 'approval', 'approvals', 'crypto', 'send'],
+      render: () => <WalletsSection {...sectionProps} />,
+    },
     {
       id: 'theme',
       tabId: 'appearance',

package/src/components/wallets/wallet-panel.tsx

@@ -114,6 +114,7 @@ function suggestCreateChain(wallets: SafeWallet[], agentId?: string | null): Wal
 
 export function WalletPanel() {
   const agents = useAppStore((s) => s.agents)
+  const appSettings = useAppStore((s) => s.appSettings)
   const walletPanelAgentId = useAppStore((s) => s.walletPanelAgentId)
   const setWalletPanelAgentId = useAppStore((s) => s.setWalletPanelAgentId)
   const navigateTo = useNavigate()
@@ -354,6 +355,7 @@ export function WalletPanel() {
   })
   const selectedWalletMeta = selectedWallet ? getWalletChainMeta(selectedWallet.chain) : null
   const selectedWalletSymbol = selectedWallet ? getWalletAssetSymbol(selectedWallet.chain) : null
+  const walletApprovalsEnabled = appSettings.walletApprovalsEnabled !== false
   const selectedWalletBalance = selectedWallet ? walletBalanceLabel(selectedWallet) : null
   const selectedWalletAssets = (selectedWallet?.assets || []).filter((asset) => BigInt(asset.balanceAtomic) > BigInt(0))
   const selectedAgent = selectedWallet ? agents[selectedWallet.agentId] as Agent | undefined : undefined
@@ -807,6 +809,11 @@ export function WalletPanel() {
                   </button>
                   <span className="text-[11px] text-text-3">Require approval for sends</span>
                 </div>
+                {!walletApprovalsEnabled && (
+                  <p className="text-[10px] text-amber-300/80">
+                    Global wallet approvals are currently off in Settings, so this per-wallet toggle is ignored until they are turned back on.
+                  </p>
+                )}
                 <div className="flex gap-2 pt-1">
                   <button
                     type="button"
@@ -839,7 +846,11 @@ export function WalletPanel() {
                 </div>
                 <div className="flex justify-between">
                   <span className="text-text-3/70">Approval</span>
-                  <span className="text-text-2">{selectedWallet.requireApproval ? 'Required' : 'Auto-send'}</span>
+                  <span className="text-text-2">
+                    {!walletApprovalsEnabled
+                      ? 'Disabled globally'
+                      : (selectedWallet.requireApproval ? 'Required' : 'Auto-send')}
+                  </span>
                 </div>
               </div>
             )}

package/src/components/wallets/wallet-section.tsx

@@ -3,6 +3,7 @@
 import { useCallback, useEffect, useMemo, useState } from 'react'
 import { api } from '@/lib/app/api-client'
 import { copyTextToClipboard } from '@/lib/clipboard'
+import { useAppStore } from '@/stores/use-app-store'
 import type { AgentWallet, WalletAssetBalance, WalletPortfolioSummary, WalletChain } from '@/types'
 import { toast } from 'sonner'
 import { errorMessage } from '@/lib/shared-utils'
@@ -32,6 +33,7 @@ interface WalletSectionProps {
 }
 
 export function WalletSection({ agentId, wallets, activeWalletId, onWalletCreated }: WalletSectionProps) {
+  const appSettings = useAppStore((s) => s.appSettings)
   const [creating, setCreating] = useState(false)
   const [activatingWalletId, setActivatingWalletId] = useState<string | null>(null)
   const [error, setError] = useState<string | null>(null)
@@ -53,6 +55,7 @@ export function WalletSection({ agentId, wallets, activeWalletId, onWalletCreate
   )
 
   const [chain, setChain] = useState<WalletChain>(availableChains[0] || 'solana')
+  const walletApprovalsEnabled = appSettings.walletApprovalsEnabled !== false
 
   useEffect(() => {
     if (availableChains.length === 0) return
@@ -204,7 +207,7 @@ export function WalletSection({ agentId, wallets, activeWalletId, onWalletCreate
                 <div className="flex flex-wrap items-center gap-3 text-[10px] text-text-3/60">
                   <span>Limit: {perTxLimit} {walletMeta.symbol}/tx</span>
                   <span>Daily: {dailyLimit} {walletMeta.symbol}</span>
-                  <span>{wallet.requireApproval ? 'Approval required' : 'Auto-send'}</span>
+                  <span>{!walletApprovalsEnabled ? 'Approvals off globally' : (wallet.requireApproval ? 'Approval required' : 'Auto-send')}</span>
                   {wallet.portfolioSummary?.nonZeroAssets ? (
                     <span>{wallet.portfolioSummary.nonZeroAssets} asset{wallet.portfolioSummary.nonZeroAssets === 1 ? '' : 's'} detected</span>
                   ) : null}

package/src/lib/server/agents/main-agent-loop-advanced.test.ts

@@ -195,6 +195,41 @@ describe('main-agent-loop advanced', () => {
     assert.equal(output.followupOk, null, 'no followup on terminal ack')
   })
 
+  it('allows a bounded followup for chat-originated runs when structured progress is still active', () => {
+    const progressMeta = heartbeatMetaLine('progress', 'buy nft', 'prepare the first safe wallet step')
+    const output = runWithTempDataDir(`
+      ${sessionSetupScript()}
+
+      const followup = mainLoop.handleMainLoopRunResult({
+        sessionId: 'main',
+        message: 'Try buy one NFT and show me what happened.',
+        internal: false,
+        source: 'chat',
+        resultText: \`I found the contract and I am moving to the first safe execution step.\\n${progressMeta}\`,
+        toolEvents: [{
+          name: 'wallet_tool',
+          input: '{"action":"balance"}',
+          output: '{"status":"ok"}',
+        }],
+      })
+      const state = mainLoop.getMainLoopStateForSession('main')
+
+      console.log(JSON.stringify({
+        hasFollowup: followup !== null,
+        followupMessage: followup?.message ?? null,
+        chain: state?.followupChainCount ?? -1,
+        status: state?.status ?? null,
+        nextAction: state?.nextAction ?? null,
+      }))
+    `)
+
+    assert.equal(output.hasFollowup, true, 'chat run should queue one bounded followup')
+    assert.equal(output.chain, 1, 'chat followup starts the chain at 1')
+    assert.equal(output.status, 'progress')
+    assert.equal(output.nextAction, 'prepare the first safe wallet step')
+    assert.match(String(output.followupMessage || ''), /Resume from this next action/)
+  })
+
   it('persists and upgrades a skill blocker across recommend/install steps', () => {
     const output = runWithTempDataDir(`
       ${sessionSetupScript()}

package/src/lib/server/agents/main-agent-loop.ts

@@ -894,9 +894,20 @@ export function handleMainLoopRunResult(input: HandleMainLoopRunResultInput): Ma
 
   const needsReplan = review?.needs_replan === true || ((review?.confidence ?? 1) < 0.45)
   const limit = followupLimit()
+  const allowChatOriginFollowup = !input.internal
+    && input.source === 'chat'
+    && !input.error
+    && !waitingForExternal
+    && !gotTerminalAck
+    && (
+      needsReplan
+      || heartbeat?.status === 'progress'
+      || !!heartbeat?.nextAction
+      || (!!plan?.current_step && toolNames.length > 0)
+    )
 
   let followup: MainLoopFollowupRequest | null = null
-  if (!input.internal || input.source === 'chat') {
+  if (!input.internal && !allowChatOriginFollowup) {
     state.followupChainCount = 0
   } else if (input.error || waitingForExternal || gotTerminalAck) {
     state.followupChainCount = 0

package/src/lib/server/agents/subagent-runtime.test.ts

@@ -15,6 +15,10 @@ let runtime: typeof import('@/lib/server/agents/subagent-runtime')
 let lineage: typeof import('@/lib/server/agents/subagent-lineage')
 let delegationJobs: typeof import('@/lib/server/agents/delegation-jobs')
 let storage: typeof import('@/lib/server/storage')
+let pluginManager: {
+  registerBuiltin: (id: string, plugin: Record<string, unknown>) => void
+}
+let providers: Record<string, unknown>
 
 before(async () => {
   tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-subagent-runtime-'))
@@ -26,6 +30,9 @@ before(async () => {
   delegationJobs = await import('@/lib/server/agents/delegation-jobs')
   lineage = await import('@/lib/server/agents/subagent-lineage')
   runtime = await import('@/lib/server/agents/subagent-runtime')
+  pluginManager = (await import('@/lib/server/plugins')).getPluginManager()
+  const providersMod = await import('@/lib/providers/index')
+  providers = providersMod.PROVIDERS
 })
 
 after(() => {
@@ -57,9 +64,9 @@ describe('subagent-runtime', () => {
   })
 
   describe('spawnSubagent', () => {
-    it('throws for unknown agent', () => {
+    it('throws for unknown agent', async () => {
       lineage._clearLineage()
-      assert.throws(
+      await assert.rejects(
         () => runtime.spawnSubagent(
           { agentId: 'nonexistent', message: 'hello' },
           { cwd: tempDir },
@@ -68,7 +75,7 @@ describe('subagent-runtime', () => {
       )
     })
 
-    it('throws when max depth is exceeded', () => {
+    it('throws when max depth is exceeded', async () => {
       lineage._clearLineage()
       seedAgent('depth-agent', 'Depth Agent')
 
@@ -80,7 +87,7 @@ describe('subagent-runtime', () => {
       sessions['depth-s3'] = { id: 'depth-s3', parentSessionId: 'depth-s2', cwd: tempDir }
       storage.saveSessions(sessions)
 
-      assert.throws(
+      await assert.rejects(
         () => runtime.spawnSubagent(
           { agentId: 'depth-agent', message: 'too deep' },
           { sessionId: 'depth-s3', cwd: tempDir },
@@ -89,13 +96,13 @@ describe('subagent-runtime', () => {
       )
     })
 
-    it('creates session, lineage node, and delegation job', () => {
+    it('creates session, lineage node, and delegation job', async () => {
       lineage._clearLineage()
       seedAgent('spawn-agent', 'Spawn Agent')
 
-      let handle: ReturnType<typeof runtime.spawnSubagent> | null = null
+      let handle: Awaited<ReturnType<typeof runtime.spawnSubagent>> | null = null
       try {
-        handle = runtime.spawnSubagent(
+        handle = await runtime.spawnSubagent(
           { agentId: 'spawn-agent', message: 'test task', waitForCompletion: false },
           { sessionId: undefined, cwd: tempDir },
         )
@@ -132,7 +139,7 @@ describe('subagent-runtime', () => {
       }
     })
 
-    it('tracks parent-child lineage correctly', () => {
+    it('tracks parent-child lineage correctly', async () => {
       lineage._clearLineage()
       seedAgent('parent-agent', 'Parent')
       seedAgent('child-agent', 'Child')
@@ -155,9 +162,9 @@ describe('subagent-runtime', () => {
         task: 'Parent task',
       })
 
-      let handle: ReturnType<typeof runtime.spawnSubagent> | null = null
+      let handle: Awaited<ReturnType<typeof runtime.spawnSubagent>> | null = null
       try {
-        handle = runtime.spawnSubagent(
+        handle = await runtime.spawnSubagent(
           { agentId: 'child-agent', message: 'child task', waitForCompletion: false },
           { sessionId: 'parent-session', cwd: tempDir },
         )
@@ -184,6 +191,82 @@ describe('subagent-runtime', () => {
         assert.equal(ancestors[0].sessionId, 'parent-session')
       }
     })
+
+    it('fires subagent lifecycle hooks through the native runtime', async () => {
+      lineage._clearLineage()
+      seedAgent('parent-hook-agent', 'Parent Hook Agent', ['subagent_lifecycle_test'])
+      seedAgent('child-hook-agent', 'Child Hook Agent')
+
+      const marks: string[] = []
+      pluginManager.registerBuiltin('subagent_lifecycle_test', {
+        name: 'Subagent Lifecycle Test',
+        hooks: {
+          subagentSpawning: ({ agentId }) => {
+            marks.push(`spawning:${agentId}`)
+            return { status: 'ok' }
+          },
+          subagentSpawned: ({ childSessionId }) => {
+            marks.push(`spawned:${childSessionId}`)
+          },
+          subagentEnded: ({ status }) => {
+            marks.push(`ended:${status}`)
+          },
+          sessionEnd: ({ reason }) => {
+            marks.push(`session_end:${reason}`)
+          },
+        },
+      })
+
+      providers['subagent-test-provider'] = {
+        id: 'subagent-test-provider',
+        name: 'Subagent Test Provider',
+        models: ['unit'],
+        requiresApiKey: false,
+        requiresEndpoint: false,
+        handler: {
+          async streamChat() {
+            return 'subagent finished'
+          },
+        },
+      }
+
+      const agents = storage.loadAgents()
+      agents['child-hook-agent'] = {
+        id: 'child-hook-agent',
+        name: 'Child Hook Agent',
+        provider: 'subagent-test-provider',
+        model: 'unit',
+        systemPrompt: 'Child runtime test',
+      }
+      storage.saveAgents(agents)
+
+      const sessions = storage.loadSessions()
+      sessions['hook-parent-session'] = {
+        id: 'hook-parent-session',
+        cwd: tempDir,
+        parentSessionId: null,
+        agentId: 'parent-hook-agent',
+        provider: 'subagent-test-provider',
+        model: 'unit',
+        plugins: ['subagent_lifecycle_test'],
+        messages: [],
+        createdAt: Date.now(),
+        lastActiveAt: Date.now(),
+      }
+      storage.saveSessions(sessions)
+
+      const handle = await runtime.spawnSubagent(
+        { agentId: 'child-hook-agent', message: 'finish the task', waitForCompletion: false },
+        { sessionId: 'hook-parent-session', cwd: tempDir },
+      )
+      const result = await handle.promise
+
+      assert.equal(result.status, 'completed')
+      assert.equal(marks.includes('spawning:child-hook-agent'), true)
+      assert.equal(marks.some((mark) => mark.startsWith('spawned:')), true)
+      assert.equal(marks.includes('ended:completed'), true)
+      assert.equal(marks.includes('session_end:completed'), true)
+    })
   })
 
   describe('mergePlugins', () => {
@@ -230,7 +313,7 @@ describe('subagent-runtime', () => {
   })
 
   describe('plugin inheritance in spawnSubagent', () => {
-    it('child session inherits parent plugins merged with agent plugins', () => {
+    it('child session inherits parent plugins merged with agent plugins', async () => {
       lineage._clearLineage()
       seedAgent('inherit-agent', 'Inherit Agent', ['shell', 'memory'])
 
@@ -244,9 +327,9 @@ describe('subagent-runtime', () => {
       }
       storage.saveSessions(sessions)
 
-      let handle: ReturnType<typeof runtime.spawnSubagent> | null = null
+      let handle: Awaited<ReturnType<typeof runtime.spawnSubagent>> | null = null
       try {
-        handle = runtime.spawnSubagent(
+        handle = await runtime.spawnSubagent(
           { agentId: 'inherit-agent', message: 'test inheritance', waitForCompletion: false },
           { sessionId: 'inherit-parent', cwd: tempDir },
         )
@@ -265,7 +348,7 @@ describe('subagent-runtime', () => {
       }
     })
 
-    it('child session does not inherit when inheritPlugins is false', () => {
+    it('child session does not inherit when inheritPlugins is false', async () => {
       lineage._clearLineage()
       seedAgent('no-inherit-agent', 'No Inherit Agent', ['shell'])
 
@@ -278,9 +361,9 @@ describe('subagent-runtime', () => {
       }
       storage.saveSessions(sessions)
 
-      let handle: ReturnType<typeof runtime.spawnSubagent> | null = null
+      let handle: Awaited<ReturnType<typeof runtime.spawnSubagent>> | null = null
       try {
-        handle = runtime.spawnSubagent(
+        handle = await runtime.spawnSubagent(
           { agentId: 'no-inherit-agent', message: 'no inherit', inheritPlugins: false, waitForCompletion: false },
           { sessionId: 'no-inherit-parent', cwd: tempDir },
         )