@swarmclawai/swarmclaw 1.0.9 → 1.1.0

package/README.md

@@ -17,6 +17,13 @@ Extension tutorial: https://swarmclaw.ai/docs/extension-tutorial
 
 ## Release Notes
 
+### v1.1.0 Highlights
+
+- **Mission controller and Missions UI**: SwarmClaw now tracks durable multi-step objectives as missions with status, phase, linked tasks, queued turns, recent runs, event history, and operator actions from the new **Missions** surface.
+- **Autonomy safety desk and run replay**: the new **Autonomy Control** page adds estop visibility, resume policy controls, incident review, and run replay backed by durable run history rather than transient in-memory state.
+- **Durable queued follow-ups**: direct chat and connector follow-up turns now use a backend queue so queued work survives reloads, drains in order, and stays attached to the right mission/session context.
+- **Chat execution and UX hardening**: streamed handoff, memory writes, inline media, queue state, and tool-policy fallback behavior were cleaned up so agents are less noisy, less brittle, and easier to follow in real chats.
+
 ### v1.0.9 Highlights
 
 - **Quieter chat and inbox replies**: chat-origin and connector turns now suppress more hidden control text, stop replaying connector-tool output as normal assistant prose, and avoid extra empty follow-up chatter after successful tool work.
@@ -108,7 +115,7 @@ Then open `http://localhost:3456`.
 
 - **Providers**: OpenClaw, OpenAI, Anthropic, Ollama, Google, DeepSeek, Groq, Together, Mistral, xAI, Fireworks, plus compatible custom endpoints.
 - **Delegation**: built-in delegation to Claude Code, Codex CLI, OpenCode CLI, Gemini CLI, and native SwarmClaw subagents.
-- **Autonomy**: heartbeat loops, schedules, background jobs, task execution, supervisor recovery, and agent wakeups.
+- **Autonomy**: heartbeat loops, schedules, background jobs, task execution, supervisor recovery, mission control, and agent wakeups.
 - **Memory**: hybrid recall, graph traversal, journaling, durable documents, project-scoped context, automatic reflection memory, communication preferences, profile and boundary memory, significant events, and open follow-up loops.
 - **Wallets**: balances, transfers, signatures, EVM call/quote/swap flows, and approval-gated execution.
 - **Connectors**: Discord, Slack, Telegram, WhatsApp, Teams, Matrix, OpenClaw, and more.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.0.9",
+  "version": "1.1.0",
   "description": "Self-hosted AI runtime for OpenClaw, delegation, autonomy, runtime skills, crypto wallets, and chat platform connectors.",
   "license": "MIT",
   "publishConfig": {

package/src/app/api/activity/route.ts

@@ -11,7 +11,7 @@ export async function GET(req: Request) {
   const limit = Math.min(200, Math.max(1, Number(searchParams.get('limit')) || 50))
 
   const all = loadActivity()
-  let entries = Object.values(all) as Array<Record<string, unknown>>
+  let entries = Object.values(all) as unknown as Array<Record<string, unknown>>
 
   if (entityType) entries = entries.filter((e) => e.entityType === entityType)
   if (entityId) entries = entries.filter((e) => e.entityId === entityId)

package/src/app/api/autonomy/estop/route.ts

@@ -0,0 +1,92 @@
+import { NextResponse } from 'next/server'
+import { cancelAllRuns } from '@/lib/server/runtime/session-run-manager'
+import { startDaemon, stopDaemon } from '@/lib/server/runtime/daemon-state'
+import {
+  areEstopResumeApprovalsEnabled,
+  engageEstop,
+  findEstopResumeApproval,
+  loadEstopState,
+  requestEstopResumeApproval,
+  resumeEstop,
+} from '@/lib/server/runtime/estop'
+
+export const dynamic = 'force-dynamic'
+
+function buildStateResponse(state = loadEstopState()) {
+  const approval = state.resumeApprovalId ? findEstopResumeApproval(state.resumeApprovalId) : null
+  return {
+    ...state,
+    resumeRequiresApproval: areEstopResumeApprovalsEnabled(),
+    approval,
+  }
+}
+
+export async function GET() {
+  return NextResponse.json(buildStateResponse())
+}
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json().catch(() => ({})) as Record<string, unknown>
+    const action = typeof body.action === 'string' ? body.action.trim().toLowerCase() : 'status'
+
+    if (action === 'engage') {
+      const level = body.level === 'autonomy' ? 'autonomy' : 'all'
+      const state = engageEstop({
+        level,
+        reason: typeof body.reason === 'string' ? body.reason : null,
+        engagedBy: typeof body.engagedBy === 'string' ? body.engagedBy : 'user',
+      })
+      stopDaemon({ source: `api/autonomy/estop:${level}` })
+      const cancelled = level === 'all'
+        ? cancelAllRuns('Cancelled because all estop is engaged.')
+        : { cancelledQueued: 0, abortedRunning: 0 }
+      return NextResponse.json({ ok: true, state: buildStateResponse(state), cancelled })
+    }
+
+    if (action === 'resume') {
+      const approvalId = typeof body.approvalId === 'string' ? body.approvalId : null
+      const requiresApproval = areEstopResumeApprovalsEnabled()
+      const state = loadEstopState()
+
+      if (state.level === 'none') {
+        return NextResponse.json({ ok: true, state: buildStateResponse(state) })
+      }
+
+      if (!requiresApproval) {
+        const resumed = resumeEstop({ bypassApproval: true })
+        startDaemon({ source: 'api/autonomy/estop:resume', manualStart: true })
+        return NextResponse.json({ ok: true, state: buildStateResponse(resumed) })
+      }
+
+      if (!approvalId) {
+        const existingApproval = state.resumeApprovalId ? findEstopResumeApproval(state.resumeApprovalId) : null
+        if (existingApproval?.status === 'approved') {
+          const resumed = resumeEstop({ approvalId: existingApproval.id })
+          startDaemon({ source: 'api/autonomy/estop:resume', manualStart: true })
+          return NextResponse.json({ ok: true, state: buildStateResponse(resumed) })
+        }
+
+        const result = requestEstopResumeApproval({
+          requester: typeof body.requester === 'string' ? body.requester : 'user',
+        })
+        return NextResponse.json({
+          ok: false,
+          requiresApproval: true,
+          state: buildStateResponse(result.state),
+          approval: result.approval,
+        }, { status: 202 })
+      }
+
+      const resumed = resumeEstop({ approvalId })
+      startDaemon({ source: 'api/autonomy/estop:resume', manualStart: true })
+      return NextResponse.json({ ok: true, state: buildStateResponse(resumed) })
+    }
+
+    return NextResponse.json(buildStateResponse())
+  } catch (err: unknown) {
+    return NextResponse.json({
+      error: err instanceof Error ? err.message : 'Failed to update estop state',
+    }, { status: 400 })
+  }
+}

package/src/app/api/autonomy/guardian/restore/route.ts

@@ -0,0 +1,18 @@
+import { NextResponse } from 'next/server'
+import { restoreGuardianCheckpoint } from '@/lib/server/agents/guardian'
+
+export const dynamic = 'force-dynamic'
+
+export async function POST(req: Request) {
+  const body = await req.json().catch(() => ({})) as Record<string, unknown>
+  const approvalId = typeof body.approvalId === 'string' ? body.approvalId.trim() : ''
+  if (!approvalId) {
+    return NextResponse.json({ error: 'approvalId is required' }, { status: 400 })
+  }
+
+  const result = restoreGuardianCheckpoint(approvalId)
+  if (!result.ok) {
+    return NextResponse.json({ error: result.reason || 'Restore failed' }, { status: 400 })
+  }
+  return NextResponse.json({ ok: true, checkpoint: result.checkpoint })
+}

package/src/app/api/chats/[id]/queue/route.ts

@@ -0,0 +1,84 @@
+import { NextResponse } from 'next/server'
+import { notFound } from '@/lib/server/collection-helpers'
+import { loadSession } from '@/lib/server/storage'
+import {
+  cancelQueuedRunById,
+  cancelQueuedRunsForSession,
+  enqueueSessionRun,
+  getSessionQueueSnapshot,
+} from '@/lib/server/runtime/session-run-manager'
+
+export const dynamic = 'force-dynamic'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const session = loadSession(id)
+  if (!session) return notFound()
+  return NextResponse.json(getSessionQueueSnapshot(id))
+}
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const session = loadSession(id)
+  if (!session) return notFound()
+
+  const body = await req.json().catch(() => ({}))
+  const message = typeof body.message === 'string' ? body.message : ''
+  const imagePath = typeof body.imagePath === 'string' ? body.imagePath : undefined
+  const imageUrl = typeof body.imageUrl === 'string' ? body.imageUrl : undefined
+  const attachedFiles = Array.isArray(body.attachedFiles)
+    ? body.attachedFiles.filter((file: unknown): file is string => typeof file === 'string' && file.trim().length > 0)
+    : undefined
+  const replyToId = typeof body.replyToId === 'string' ? body.replyToId : undefined
+  const hasFiles = !!(imagePath || imageUrl || attachedFiles?.length)
+
+  if (!message.trim() && !hasFiles) {
+    return NextResponse.json({ error: 'message or file is required' }, { status: 400 })
+  }
+
+  const queued = enqueueSessionRun({
+    sessionId: id,
+    missionId: session.missionId || null,
+    message,
+    imagePath,
+    imageUrl,
+    attachedFiles,
+    source: 'chat',
+    mode: 'followup',
+    replyToId,
+  })
+
+  return NextResponse.json({
+    queued: {
+      runId: queued.runId,
+      position: queued.position,
+    },
+    snapshot: getSessionQueueSnapshot(id),
+  }, { status: 202 })
+}
+
+export async function DELETE(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const session = loadSession(id)
+  if (!session) return notFound()
+
+  const body = await req.json().catch(() => ({}))
+  const runId = typeof body.runId === 'string' ? body.runId.trim() : ''
+  if (runId) {
+    const snapshot = getSessionQueueSnapshot(id)
+    if (!snapshot.items.some((item) => item.runId === runId)) {
+      return NextResponse.json({ error: 'Queued run not found' }, { status: 404 })
+    }
+    cancelQueuedRunById(runId, 'Removed from queue')
+    return NextResponse.json({
+      cancelled: 1,
+      snapshot: getSessionQueueSnapshot(id),
+    })
+  }
+
+  const cancelled = cancelQueuedRunsForSession(id, 'Cleared queued messages')
+  return NextResponse.json({
+    cancelled,
+    snapshot: getSessionQueueSnapshot(id),
+  })
+}

package/src/app/api/chats/[id]/route.ts

@@ -4,8 +4,9 @@ import { notFound } from '@/lib/server/collection-helpers'
 import { normalizeProviderEndpoint } from '@/lib/openclaw/openclaw-endpoint'
 import { resolvePrimaryAgentRoute } from '@/lib/server/agents/agent-runtime-config'
 import { clearMainLoopStateForSession } from '@/lib/server/agents/main-agent-loop'
-import { getSessionRunState } from '@/lib/server/runtime/session-run-manager'
+import { getSessionQueueSnapshot, getSessionRunState } from '@/lib/server/runtime/session-run-manager'
 import { normalizeCapabilitySelection } from '@/lib/capability-selection'
+import { enrichSessionWithMissionSummary } from '@/lib/server/missions/mission-service'
 
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
@@ -13,11 +14,12 @@ export async function GET(_req: Request, { params }: { params: Promise<{ id: str
   if (!session) return notFound()
 
   const run = getSessionRunState(id)
+  const queue = getSessionQueueSnapshot(id)
   session.active = active.has(id) || !!run.runningRunId
-  session.queuedCount = run.queueLength
+  session.queuedCount = queue.queueLength
   session.currentRunId = run.runningRunId || null
 
-  return NextResponse.json(session)
+  return NextResponse.json(enrichSessionWithMissionSummary(session))
 }
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
@@ -133,7 +135,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   if (!Array.isArray(session.messages)) session.messages = []
 
   upsertSession(id, session)
-  return NextResponse.json(session)
+  return NextResponse.json(enrichSessionWithMissionSummary(session as never))
 }
 
 export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {

package/src/app/api/chats/route.ts

@@ -6,13 +6,14 @@ import { perf } from '@/lib/server/runtime/perf'
 import { loadSessions, saveSessions, deleteSession, active, loadAgents, upsertStoredItem } from '@/lib/server/storage'
 import { WORKSPACE_DIR } from '@/lib/server/data-dir'
 import { notify } from '@/lib/server/ws-hub'
-import { getSessionRunState } from '@/lib/server/runtime/session-run-manager'
+import { getSessionQueueSnapshot, getSessionRunState } from '@/lib/server/runtime/session-run-manager'
 import { normalizeProviderEndpoint } from '@/lib/openclaw/openclaw-endpoint'
 import { applyResolvedRoute, resolvePrimaryAgentRoute } from '@/lib/server/agents/agent-runtime-config'
 import { buildAgentDisabledMessage, isAgentDisabled } from '@/lib/server/agents/agent-availability'
 import { materializeStreamingAssistantArtifacts } from '@/lib/chat/chat-streaming-state'
 import { buildSessionListSummary } from '@/lib/chat/session-summary'
 import { normalizeCapabilitySelection } from '@/lib/capability-selection'
+import { enrichSessionWithMissionSummary } from '@/lib/server/missions/mission-service'
 export const dynamic = 'force-dynamic'
 
 async function ensureDaemonIfNeeded(source: string) {
@@ -33,8 +34,9 @@ export async function GET(req: Request) {
   const changedSessionIds: string[] = []
   for (const id of Object.keys(sessions)) {
     const run = getSessionRunState(id)
+    const queue = getSessionQueueSnapshot(id)
     sessions[id].active = active.has(id) || !!run.runningRunId
-    sessions[id].queuedCount = run.queueLength
+    sessions[id].queuedCount = queue.queueLength
     sessions[id].currentRunId = run.runningRunId || null
     if (!sessions[id].active && Array.isArray(sessions[id].messages)) {
       if (materializeStreamingAssistantArtifacts(sessions[id].messages)) changedSessionIds.push(id)
@@ -49,7 +51,7 @@ export async function GET(req: Request) {
   }
 
   const summarized = Object.fromEntries(
-    Object.entries(sessions).map(([id, session]) => [id, buildSessionListSummary(session)]),
+    Object.entries(sessions).map(([id, session]) => [id, buildSessionListSummary(enrichSessionWithMissionSummary(session))]),
   )
 
   const { searchParams } = new URL(req.url)

package/src/app/api/clawhub/install/route.ts

@@ -6,6 +6,7 @@ import { loadSkills, saveSkills } from '@/lib/server/storage'
 import type { ClawHubSkillBundle } from '@/lib/server/skills/clawhub-client'
 import { fetchClawHubSkillBundle, fetchSkillContent } from '@/lib/server/skills/clawhub-client'
 import { clearDiscoveredSkillsCache, resolveWorkspaceSkillsDir } from '@/lib/server/skills/skill-discovery'
+import { auditSkillBundleFiles, auditSkillContent, mergeSkillAuditResults } from '@/lib/server/skills/skill-audit'
 import { normalizeSkillPayload } from '@/lib/server/skills/skills-normalize'
 
 function sanitizeSkillDirName(value: string): string {
@@ -33,11 +34,8 @@ function stripSharedTopLevelDir(paths: string[]): string[] {
     : paths
 }
 
-async function materializeClawHubBundle(url: string): Promise<string | null> {
-  const bundle = await fetchClawHubSkillBundle(url)
-  if (!bundle) return null
-  await writeClawHubBundleToWorkspace(bundle)
-  return bundle.content
+async function materializeClawHubBundle(url: string): Promise<ClawHubSkillBundle | null> {
+  return fetchClawHubSkillBundle(url)
 }
 
 async function writeClawHubBundleToWorkspace(bundle: ClawHubSkillBundle): Promise<void> {
@@ -73,10 +71,12 @@ export async function POST(req: Request) {
   const body = await req.json()
   const { name, description, url, author, tags } = body
   let { content } = body
+  let bundle: ClawHubSkillBundle | null = null
 
   if (!content) {
     try {
-      content = await materializeClawHubBundle(url) || await fetchSkillContent(url)
+      bundle = await materializeClawHubBundle(url)
+      content = bundle?.content || await fetchSkillContent(url)
     } catch (err: unknown) {
       return NextResponse.json(
         { error: err instanceof Error ? err.message : 'Failed to fetch skill content' },
@@ -93,6 +93,21 @@ export async function POST(req: Request) {
     author,
     tags,
   })
+  const audit = mergeSkillAuditResults(
+    bundle ? auditSkillBundleFiles(bundle.files) : { status: 'pass', findings: [] },
+    auditSkillContent({
+      content,
+      requirements: normalized.skillRequirements,
+      installOptions: normalized.installOptions,
+      primaryEnv: normalized.primaryEnv,
+    }),
+  )
+  if (audit.status === 'block') {
+    return NextResponse.json({ error: 'Skill blocked by static audit', audit }, { status: 400 })
+  }
+  if (bundle) {
+    await writeClawHubBundleToWorkspace(bundle)
+  }
 
   const skills = loadSkills()
   const duplicate = Object.values(skills).find((skill) => {
@@ -131,5 +146,5 @@ export async function POST(req: Request) {
   }
   saveSkills(skills)
   clearDiscoveredSkillsCache()
-  return NextResponse.json(skills[id])
+  return NextResponse.json({ ...skills[id], audit })
 }

package/src/app/api/missions/[id]/actions/route.ts

@@ -0,0 +1,31 @@
+import { NextResponse } from 'next/server'
+import { notFound } from '@/lib/server/collection-helpers'
+import { loadMissionById, performMissionAction } from '@/lib/server/missions/mission-service'
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const mission = loadMissionById(id)
+  if (!mission) return notFound()
+
+  const body = await req.json().catch(() => ({}))
+  const action = body?.action
+  if (action !== 'resume' && action !== 'replan' && action !== 'cancel' && action !== 'retry_verification' && action !== 'wait') {
+    return NextResponse.json({ error: 'Invalid mission action.' }, { status: 400 })
+  }
+
+  const result = performMissionAction({
+    missionId: id,
+    action,
+    reason: typeof body.reason === 'string' ? body.reason : null,
+    waitKind: typeof body.waitKind === 'string' ? body.waitKind : undefined,
+    untilAt: typeof body.untilAt === 'number' ? body.untilAt : null,
+  })
+  if (!result) {
+    return NextResponse.json({ error: 'Unable to update mission.' }, { status: 409 })
+  }
+  return NextResponse.json({
+    ok: true,
+    mission: result.mission,
+    appendedEvent: result.event,
+  })
+}

package/src/app/api/missions/[id]/events/route.ts

@@ -0,0 +1,14 @@
+import { NextResponse } from 'next/server'
+import { notFound } from '@/lib/server/collection-helpers'
+import { listMissionEventsForMission, loadMissionById } from '@/lib/server/missions/mission-service'
+
+export async function GET(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const mission = loadMissionById(id)
+  if (!mission) return notFound()
+
+  const { searchParams } = new URL(req.url)
+  const limitParam = searchParams.get('limit')
+  const limit = limitParam ? Number.parseInt(limitParam, 10) : undefined
+  return NextResponse.json(listMissionEventsForMission(id, Number.isFinite(limit) ? limit : undefined))
+}

package/src/app/api/missions/[id]/route.ts

@@ -0,0 +1,10 @@
+import { NextResponse } from 'next/server'
+import { notFound } from '@/lib/server/collection-helpers'
+import { getMissionDetail } from '@/lib/server/missions/mission-service'
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const mission = getMissionDetail(id)
+  if (!mission) return notFound()
+  return NextResponse.json(mission)
+}