@swarmclawai/swarmclaw 1.2.1 → 1.2.3

package/skills/skill-creator/scripts/quick_validate.py

@@ -0,0 +1,159 @@
+#!/usr/bin/env python3
+"""
+Quick validation script for skills - minimal version
+"""
+
+import re
+import sys
+from pathlib import Path
+from typing import Optional
+
+try:
+    import yaml
+except ModuleNotFoundError:
+    yaml = None
+
+MAX_SKILL_NAME_LENGTH = 64
+
+
+def _extract_frontmatter(content: str) -> Optional[str]:
+    lines = content.splitlines()
+    if not lines or lines[0].strip() != "---":
+        return None
+    for i in range(1, len(lines)):
+        if lines[i].strip() == "---":
+            return "\n".join(lines[1:i])
+    return None
+
+
+def _parse_simple_frontmatter(frontmatter_text: str) -> Optional[dict[str, str]]:
+    """
+    Minimal fallback parser used when PyYAML is unavailable.
+    Supports simple `key: value` mappings used by SKILL.md frontmatter.
+    """
+    parsed: dict[str, str] = {}
+    current_key: Optional[str] = None
+    for raw_line in frontmatter_text.splitlines():
+        stripped = raw_line.strip()
+        if not stripped or stripped.startswith("#"):
+            continue
+
+        is_indented = raw_line[:1].isspace()
+        if is_indented:
+            if current_key is None:
+                return None
+            current_value = parsed[current_key]
+            parsed[current_key] = (
+                f"{current_value}\n{stripped}" if current_value else stripped
+            )
+            continue
+
+        if ":" not in stripped:
+            return None
+        key, value = stripped.split(":", 1)
+        key = key.strip()
+        value = value.strip()
+        if not key:
+            return None
+        if (value.startswith('"') and value.endswith('"')) or (
+            value.startswith("'") and value.endswith("'")
+        ):
+            value = value[1:-1]
+        parsed[key] = value
+        current_key = key
+    return parsed
+
+
+def validate_skill(skill_path):
+    """Basic validation of a skill"""
+    skill_path = Path(skill_path)
+
+    skill_md = skill_path / "SKILL.md"
+    if not skill_md.exists():
+        return False, "SKILL.md not found"
+
+    try:
+        content = skill_md.read_text(encoding="utf-8")
+    except OSError as e:
+        return False, f"Could not read SKILL.md: {e}"
+
+    frontmatter_text = _extract_frontmatter(content)
+    if frontmatter_text is None:
+        return False, "Invalid frontmatter format"
+    if yaml is not None:
+        try:
+            frontmatter = yaml.safe_load(frontmatter_text)
+            if not isinstance(frontmatter, dict):
+                return False, "Frontmatter must be a YAML dictionary"
+        except yaml.YAMLError as e:
+            return False, f"Invalid YAML in frontmatter: {e}"
+    else:
+        frontmatter = _parse_simple_frontmatter(frontmatter_text)
+        if frontmatter is None:
+            return (
+                False,
+                "Invalid YAML in frontmatter: unsupported syntax without PyYAML installed",
+            )
+
+    allowed_properties = {"name", "description", "license", "allowed-tools", "metadata"}
+
+    unexpected_keys = set(frontmatter.keys()) - allowed_properties
+    if unexpected_keys:
+        allowed = ", ".join(sorted(allowed_properties))
+        unexpected = ", ".join(sorted(unexpected_keys))
+        return (
+            False,
+            f"Unexpected key(s) in SKILL.md frontmatter: {unexpected}. Allowed properties are: {allowed}",
+        )
+
+    if "name" not in frontmatter:
+        return False, "Missing 'name' in frontmatter"
+    if "description" not in frontmatter:
+        return False, "Missing 'description' in frontmatter"
+
+    name = frontmatter.get("name", "")
+    if not isinstance(name, str):
+        return False, f"Name must be a string, got {type(name).__name__}"
+    name = name.strip()
+    if name:
+        if not re.match(r"^[a-z0-9-]+$", name):
+            return (
+                False,
+                f"Name '{name}' should be hyphen-case (lowercase letters, digits, and hyphens only)",
+            )
+        if name.startswith("-") or name.endswith("-") or "--" in name:
+            return (
+                False,
+                f"Name '{name}' cannot start/end with hyphen or contain consecutive hyphens",
+            )
+        if len(name) > MAX_SKILL_NAME_LENGTH:
+            return (
+                False,
+                f"Name is too long ({len(name)} characters). "
+                f"Maximum is {MAX_SKILL_NAME_LENGTH} characters.",
+            )
+
+    description = frontmatter.get("description", "")
+    if not isinstance(description, str):
+        return False, f"Description must be a string, got {type(description).__name__}"
+    description = description.strip()
+    if description:
+        if "<" in description or ">" in description:
+            return False, "Description cannot contain angle brackets (< or >)"
+        if len(description) > 1024:
+            return (
+                False,
+                f"Description is too long ({len(description)} characters). Maximum is 1024 characters.",
+            )
+
+    return True, "Skill is valid!"
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print("Usage: python quick_validate.py <skill_directory>")
+        sys.exit(1)
+
+    valid, message = validate_skill(sys.argv[1])
+    print(message)
+    sys.exit(0 if valid else 1)

package/skills/summarize/SKILL.md

@@ -0,0 +1,77 @@
+---
+name: summarize
+description: Summarize or extract text/transcripts from URLs, podcasts, YouTube videos, and local files using the summarize CLI. Use when asked to summarize a link, article, video, or file, or to transcribe a YouTube video.
+metadata:
+  {
+    "openclaw":
+      {
+        "emoji": "🧾",
+        "requires": { "bins": ["summarize"] },
+        "install":
+          [
+            {
+              "id": "brew",
+              "kind": "brew",
+              "formula": "steipete/tap/summarize",
+              "bins": ["summarize"],
+              "label": "Install summarize (brew)",
+            },
+          ],
+      },
+  }
+---
+
+# Summarize
+
+Fast CLI to summarize URLs, local files, and YouTube links.
+
+## Quick Start
+
+```bash
+summarize "https://example.com" --model google/gemini-3-flash-preview
+summarize "/path/to/file.pdf" --model google/gemini-3-flash-preview
+summarize "https://youtu.be/dQw4w9WgXcQ" --youtube auto
+```
+
+## YouTube: Summary vs Transcript
+
+Best-effort transcript extraction (URLs only):
+
+```bash
+summarize "https://youtu.be/dQw4w9WgXcQ" --youtube auto --extract-only
+```
+
+If the user asked for a transcript but it's very long, return a tight summary first, then ask which section or time range to expand.
+
+## Model + Keys
+
+Set the API key for your chosen provider:
+
+- OpenAI: `OPENAI_API_KEY`
+- Anthropic: `ANTHROPIC_API_KEY`
+- xAI: `XAI_API_KEY`
+- Google: `GEMINI_API_KEY` (aliases: `GOOGLE_GENERATIVE_AI_API_KEY`, `GOOGLE_API_KEY`)
+
+Default model is `google/gemini-3-flash-preview` if none is set.
+
+## Useful Flags
+
+- `--length short|medium|long|xl|xxl|<chars>` — control summary length
+- `--max-output-tokens <count>` — hard token limit
+- `--extract-only` — extract raw text without summarizing (URLs only)
+- `--json` — machine-readable output
+- `--firecrawl auto|off|always` — fallback extraction for blocked sites
+- `--youtube auto` — Apify fallback if `APIFY_API_TOKEN` is set
+
+## Config
+
+Optional config file: `~/.summarize/config.json`
+
+```json
+{ "model": "openai/gpt-5.2" }
+```
+
+Optional services:
+
+- `FIRECRAWL_API_KEY` for blocked sites
+- `APIFY_API_TOKEN` for YouTube fallback

package/src/app/api/auth/route.ts

@@ -1,11 +1,14 @@
 import { NextResponse } from 'next/server'
 import { safeParseBody } from '@/lib/server/safe-parse-body'
-import { getAccessKey, validateAccessKey, isFirstTimeSetup, markSetupComplete, replaceAccessKey } from '@/lib/server/storage'
+import { log } from '@/lib/server/logger'
+import { getAccessKey, validateAccessKey, isFirstTimeSetup, markSetupComplete, replaceAccessKey } from '@/lib/server/storage-auth'
 import { AUTH_COOKIE_NAME, getCookieValue } from '@/lib/auth'
 import { isProductionRuntime } from '@/lib/runtime/runtime-env'
 import { hmrSingleton } from '@/lib/shared-utils'
 export const dynamic = 'force-dynamic'
 
+const TAG = 'auth-route'
+
 interface AuthAttemptEntry {
   count: number
   lockedUntil: number
@@ -75,6 +78,20 @@ function pruneExpiredEntries() {
   }
 }
 
+function startDaemonAfterAuth() {
+  void import('@/lib/server/runtime/daemon-state')
+    .then(({ ensureDaemonStarted }) => {
+      try {
+        ensureDaemonStarted('api/auth:post')
+      } catch (err: unknown) {
+        log.error(TAG, 'Deferred daemon start failed', err)
+      }
+    })
+    .catch((err: unknown) => {
+      log.error(TAG, 'Failed to load daemon-state for deferred start', err)
+    })
+}
+
 /** POST /api/auth — validate an access key */
 export async function POST(req: Request) {
   const rateLimitEnabled = isRateLimitEnabled()
@@ -98,8 +115,7 @@ export async function POST(req: Request) {
     replaceAccessKey(key.trim())
     markSetupComplete()
     if (rateLimitEnabled) authRateLimitMap.delete(clientIp)
-    const { ensureDaemonStarted } = await import('@/lib/server/runtime/daemon-state')
-    ensureDaemonStarted('api/auth:post')
+    startDaemonAfterAuth()
     return setAuthCookie(NextResponse.json({ ok: true }), req, key.trim())
   }
 
@@ -128,7 +144,6 @@ export async function POST(req: Request) {
   if (isFirstTimeSetup()) {
     markSetupComplete()
   }
-  const { ensureDaemonStarted } = await import('@/lib/server/runtime/daemon-state')
-  ensureDaemonStarted('api/auth:post')
+  startDaemonAfterAuth()
   return setAuthCookie(NextResponse.json({ ok: true }), req, key)
 }

package/src/app/api/chats/[id]/devserver/route.ts

@@ -1,8 +1,10 @@
 import { NextResponse } from 'next/server'
 import { spawn } from 'child_process'
-import { loadSessions, devServers, localIP } from '@/lib/server/storage'
 import { notFound } from '@/lib/server/collection-helpers'
 import { resolveDevServerLaunchDir } from '@/lib/server/runtime/devserver-launch'
+import { clearDevServer, getDevServer, hasDevServer, registerDevServer, stopDevServer, updateDevServerUrl } from '@/lib/server/runtime/runtime-state'
+import { localIP } from '@/lib/server/runtime/network'
+import { listSessions } from '@/lib/server/sessions/session-repository'
 import { safeParseBody } from '@/lib/server/safe-parse-body'
 import { sleep } from '@/lib/shared-utils'
 import net from 'net'
@@ -56,22 +58,21 @@ async function startDevServer(id: string, session: { cwd: string }): Promise<Dev
       if (match) {
         const detectedPort = match[1]
         detectedUrl = `http://${localIP()}:${detectedPort}`
-        const ds = devServers.get(id)
-        if (ds) ds.url = detectedUrl
+        updateDevServerUrl(id, detectedUrl)
       }
     }
   }
 
   proc.stdout!.on('data', onData)
   proc.stderr!.on('data', onData)
-  proc.on('close', () => { devServers.delete(id); log.info(TAG, `dev server stopped for ${id}`) })
-  proc.on('error', () => devServers.delete(id))
+  proc.on('close', () => { clearDevServer(id); log.info(TAG, `dev server stopped for ${id}`) })
+  proc.on('error', () => clearDevServer(id))
 
-  devServers.set(id, { proc, url: `http://${localIP()}:${port}` })
+  registerDevServer(id, { proc, url: `http://${localIP()}:${port}` })
   log.info(TAG, `starting dev server in ${launch.launchDir} (session cwd=${session.cwd})`)
 
   await sleep(4000)
-  const ds = devServers.get(id)
+  const ds = getDevServer(id)
   if (!ds) {
     return {
       status: 502,
@@ -99,7 +100,7 @@ async function startDevServer(id: string, session: { cwd: string }): Promise<Dev
 
 export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const sessions = loadSessions()
+  const sessions = listSessions()
   const session = sessions[id]
   if (!session) return notFound()
 
@@ -108,8 +109,8 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   const { action } = body
 
   if (action === 'start') {
-    if (devServers.has(id)) {
-      const ds = devServers.get(id)!
+    if (hasDevServer(id)) {
+      const ds = getDevServer(id)!
       return NextResponse.json({ running: true, url: ds.url })
     }
 
@@ -126,18 +127,11 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
     return NextResponse.json(result.body, result.status ? { status: result.status } : undefined)
 
   } else if (action === 'stop') {
-    if (devServers.has(id)) {
-      const ds = devServers.get(id)!
-      try { ds.proc.kill('SIGTERM') } catch {}
-      if (typeof ds.proc.pid === 'number') {
-        try { process.kill(-ds.proc.pid, 'SIGTERM') } catch {}
-      }
-      devServers.delete(id)
-    }
+    stopDevServer(id)
     return NextResponse.json({ running: false })
 
   } else if (action === 'status') {
-    return NextResponse.json({ running: devServers.has(id), url: devServers.get(id)?.url })
+    return NextResponse.json({ running: hasDevServer(id), url: getDevServer(id)?.url })
   }
 
   return NextResponse.json({ running: false })

package/src/app/api/chats/[id]/messages/route.ts

@@ -1,27 +1,25 @@
 import { NextResponse } from 'next/server'
-import { loadStoredItem, upsertStoredItem, active } from '@/lib/server/storage'
 import { notFound } from '@/lib/server/collection-helpers'
 import { materializeStreamingAssistantArtifacts } from '@/lib/chat/chat-streaming-state'
 import { appendSessionNote } from '@/lib/server/session-note'
 import { getSessionRunState } from '@/lib/server/runtime/session-run-manager'
-import type { Message, Session } from '@/types'
+import { getSession, saveSession } from '@/lib/server/sessions/session-repository'
+import type { Message } from '@/types'
 import { safeParseBody } from '@/lib/server/safe-parse-body'
 
 export async function GET(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const session = loadStoredItem('sessions', id) as Session | null
+  const session = getSession(id)
   if (!session) return notFound()
   session.messages = Array.isArray(session.messages) ? session.messages : []
 
-  // Check both persisted fields AND in-memory runtime state.
-  // The persisted session doesn't have active/currentRunId set during runs —
-  // those are only computed at runtime from the active map and run ledger.
+  // Use persisted fields plus the run ledger. Process-local execution state is
+  // intentionally excluded here so stale registry entries do not block cleanup.
   const sessionClaimsActive = session.active === true
     || (typeof session.currentRunId === 'string' && session.currentRunId.trim().length > 0)
-    || active.has(id)
     || !!getSessionRunState(id).runningRunId
   if (!sessionClaimsActive && materializeStreamingAssistantArtifacts(session.messages)) {
-    upsertStoredItem('sessions', id, session)
+    saveSession(id, session)
   }
 
   const url = new URL(req.url)
@@ -63,7 +61,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   if (error) return error
 
   if (body.kind === 'context-clear') {
-    const session = loadStoredItem('sessions', id) as Session | null
+    const session = getSession(id)
     if (!session) return notFound()
 
     session.messages.push({
@@ -72,7 +70,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
       kind: 'context-clear',
       time: Date.now(),
     })
-    upsertStoredItem('sessions', id, session)
+    saveSession(id, session)
     return NextResponse.json({ ok: true })
   }
 
@@ -84,7 +82,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
       kind: body.messageKind || 'system',
     })
     if (!inserted) {
-      const session = loadStoredItem('sessions', id) as Session | null
+      const session = getSession(id)
       if (!session) return notFound()
       return NextResponse.json({ error: 'Note text is required' }, { status: 400 })
     }
@@ -98,7 +96,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   const { id } = await params
   const { data: body, error } = await safeParseBody<{ messageIndex: number; bookmarked: boolean }>(req)
   if (error) return error
-  const session = loadStoredItem('sessions', id) as Session | null
+  const session = getSession(id)
   if (!session) return notFound()
 
   const { messageIndex, bookmarked } = body
@@ -107,7 +105,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   }
 
   session.messages[messageIndex].bookmarked = bookmarked
-  upsertStoredItem('sessions', id, session)
+  saveSession(id, session)
   return NextResponse.json(session.messages[messageIndex])
 }
 
@@ -115,7 +113,7 @@ export async function DELETE(req: Request, { params }: { params: Promise<{ id: s
   const { id } = await params
   const { data: body, error } = await safeParseBody<{ messageIndex: number }>(req)
   if (error) return error
-  const session = loadStoredItem('sessions', id) as Session | null
+  const session = getSession(id)
   if (!session) return notFound()
 
   const { messageIndex } = body
@@ -129,6 +127,6 @@ export async function DELETE(req: Request, { params }: { params: Promise<{ id: s
   }
 
   session.messages.splice(messageIndex, 1)
-  upsertStoredItem('sessions', id, session)
+  saveSession(id, session)
   return NextResponse.json({ ok: true })
 }

package/src/app/api/chats/[id]/route.ts

@@ -1,10 +1,12 @@
 import { NextResponse } from 'next/server'
-import { loadSession, upsertSession, deleteSession, active, loadAgents } from '@/lib/server/storage'
+import { loadAgents } from '@/lib/server/storage'
 import { notFound } from '@/lib/server/collection-helpers'
 import { normalizeProviderEndpoint } from '@/lib/openclaw/openclaw-endpoint'
 import { resolvePrimaryAgentRoute } from '@/lib/server/agents/agent-runtime-config'
 import { clearMainLoopStateForSession } from '@/lib/server/agents/main-agent-loop'
 import { cleanupSessionProcesses } from '@/lib/server/runtime/process-manager'
+import { deleteSession, getSession, saveSession } from '@/lib/server/sessions/session-repository'
+import { stopActiveSessionProcess } from '@/lib/server/runtime/runtime-state'
 import { getSessionQueueSnapshot, getSessionRunState } from '@/lib/server/runtime/session-run-manager'
 import { normalizeCapabilitySelection } from '@/lib/capability-selection'
 import { enrichSessionWithMissionSummary } from '@/lib/server/missions/mission-service'
@@ -12,12 +14,12 @@ import { safeParseBody } from '@/lib/server/safe-parse-body'
 
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const session = loadSession(id)
+  const session = getSession(id)
   if (!session) return notFound()
 
   const run = getSessionRunState(id)
   const queue = getSessionQueueSnapshot(id)
-  session.active = active.has(id) || !!run.runningRunId
+  session.active = !!run.runningRunId
   session.queuedCount = queue.queueLength
   session.currentRunId = run.runningRunId || null
 
@@ -28,7 +30,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   const { id } = await params
   const { data: updates, error } = await safeParseBody(req)
   if (error) return error
-  const session = loadSession(id) as Record<string, unknown> | null
+  const session = getSession(id) as Record<string, unknown> | null
   if (!session) return notFound()
 
   if (updates.resetMainLoopState === true) {
@@ -142,17 +144,14 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   if (updates.delegateResumeIds !== undefined) session.delegateResumeIds = updates.delegateResumeIds
   if (!Array.isArray(session.messages)) session.messages = []
 
-  upsertSession(id, session)
+  saveSession(id, session)
   return NextResponse.json(enrichSessionWithMissionSummary(session as never))
 }
 
 export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  if (!loadSession(id)) return notFound()
-  if (active.has(id)) {
-    try { active.get(id)?.kill() } catch {}
-    active.delete(id)
-  }
+  if (!getSession(id)) return notFound()
+  stopActiveSessionProcess(id)
   cleanupSessionProcesses(id)
   deleteSession(id)
   return new NextResponse('OK')

package/src/app/api/chats/[id]/stop/route.ts

@@ -1,19 +1,17 @@
 import { NextResponse } from 'next/server'
 import { materializeStreamingAssistantArtifacts } from '@/lib/chat/chat-streaming-state'
-import { active, loadStoredItem, upsertStoredItem } from '@/lib/server/storage'
 import { cancelSessionRuns } from '@/lib/server/runtime/session-run-manager'
+import { stopActiveSessionProcess } from '@/lib/server/runtime/runtime-state'
+import { getSession, saveSession } from '@/lib/server/sessions/session-repository'
 import type { Session } from '@/types'
 
 export async function POST(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const cancel = cancelSessionRuns(id, 'Stopped by user')
-  const session = loadStoredItem('sessions', id) as Session | null
+  const session = getSession(id) as Session | null
   if (session && Array.isArray(session.messages) && materializeStreamingAssistantArtifacts(session.messages)) {
-    upsertStoredItem('sessions', id, session)
-  }
-  if (active.has(id)) {
-    try { active.get(id)?.kill() } catch {}
-    active.delete(id)
+    saveSession(id, session)
   }
+  stopActiveSessionProcess(id)
   return NextResponse.json({ ok: true, ...cancel })
 }

package/src/app/api/chats/messages-route.test.ts

@@ -10,11 +10,13 @@ test('chat messages route materializes stale streaming artifacts even if runtime
     returnedText: string | null
     persistedStreaming: boolean | null
     persistedText: string | null
-  }>(`
-    const storageMod = await import('./src/lib/server/storage')
-    const routeMod = await import('./src/app/api/chats/[id]/messages/route')
-    const storage = storageMod.default || storageMod
-    const route = routeMod.default || routeMod
+	  }>(`
+	    const storageMod = await import('./src/lib/server/storage')
+	    const routeMod = await import('./src/app/api/chats/[id]/messages/route')
+	    const runtimeStateMod = await import('./src/lib/server/runtime/runtime-state')
+	    const storage = storageMod.default || storageMod
+	    const route = routeMod.default || routeMod
+	    const runtimeState = runtimeStateMod.default || runtimeStateMod
 
     storage.upsertStoredItem('sessions', 'session-stale', {
       id: 'session-stale',
@@ -37,7 +39,7 @@ test('chat messages route materializes stale streaming artifacts even if runtime
       ],
     })
 
-    storage.active.set('session-stale', { kill() {} })
+	    runtimeState.registerActiveSessionProcess('session-stale', { kill() {} })
 
     const response = await route.GET(
       new Request('http://local/api/chats/session-stale/messages'),

package/src/app/api/chats/route.ts

@@ -3,9 +3,11 @@ import { genId } from '@/lib/id'
 import os from 'os'
 import path from 'path'
 import { perf } from '@/lib/server/runtime/perf'
-import { loadSessions, saveSessions, deleteSession, active, loadAgents } from '@/lib/server/storage'
+import { loadAgents } from '@/lib/server/storage'
 import { WORKSPACE_DIR } from '@/lib/server/data-dir'
 import { notify } from '@/lib/server/ws-hub'
+import { deleteSession, listSessions, replaceSessions } from '@/lib/server/sessions/session-repository'
+import { stopActiveSessionProcess } from '@/lib/server/runtime/runtime-state'
 import { getSessionQueueSnapshot, getSessionRunState } from '@/lib/server/runtime/session-run-manager'
 import { normalizeProviderEndpoint } from '@/lib/openclaw/openclaw-endpoint'
 import { applyResolvedRoute, resolvePrimaryAgentRoute } from '@/lib/server/agents/agent-runtime-config'
@@ -25,11 +27,11 @@ export async function GET(req: Request) {
   const endPerf = perf.start('api', 'GET /api/chats')
   // Note: pruneThreadConnectorMirrors and materializeStreamingAssistantArtifacts
   // are handled by the daemon periodic health check, not on every list fetch.
-  const sessions = loadSessions()
+  const sessions = listSessions()
   for (const id of Object.keys(sessions)) {
     const run = getSessionRunState(id)
     const queue = getSessionQueueSnapshot(id)
-    sessions[id].active = active.has(id) || !!run.runningRunId
+    sessions[id].active = !!run.runningRunId
     sessions[id].queuedCount = queue.queueLength
     sessions[id].currentRunId = run.runningRunId || null
   }
@@ -59,14 +61,11 @@ export async function DELETE(req: Request) {
   if (!Array.isArray(ids) || !ids.length) {
     return new NextResponse('Missing ids', { status: 400 })
   }
-  const sessions = loadSessions()
+  const sessions = listSessions()
   let deleted = 0
   for (const id of ids) {
     if (!sessions[id]) continue
-    if (active.has(id)) {
-      try { active.get(id)?.kill() } catch {}
-      active.delete(id)
-    }
+    stopActiveSessionProcess(id)
     deleteSession(id)
     deleted += 1
   }
@@ -83,7 +82,7 @@ export async function POST(req: Request) {
   else if (!cwd) cwd = WORKSPACE_DIR
 
   const id = body.id || genId()
-  const sessions = loadSessions()
+  const sessions = listSessions()
   const agent = body.agentId ? loadAgents()[body.agentId] : null
   if (isAgentDisabled(agent)) {
     return NextResponse.json({ error: buildAgentDisabledMessage(agent, 'start chats') }, { status: 409 })
@@ -162,7 +161,7 @@ export async function POST(req: Request) {
   sessions[id] = (body.provider || body.model || body.credentialId || body.apiEndpoint)
     ? nextSession
     : applyResolvedRoute(nextSession, resolvedRoute)
-  saveSessions(sessions)
+  replaceSessions(sessions)
   notify('sessions')
   return NextResponse.json(sessions[id])
 }

package/src/app/api/ip/route.ts

@@ -1,8 +1,8 @@
 import { NextResponse } from 'next/server'
-import { localIP } from '@/lib/server/storage'
+import { localIP } from '@/lib/server/runtime/network'
 export const dynamic = 'force-dynamic'
 
 
-export async function GET(_req: Request) {
+export async function GET() {
   return NextResponse.json({ ip: localIP(), port: parseInt(process.env.PORT || '3000') })
 }

package/src/app/api/preview-server/route.ts

@@ -3,7 +3,7 @@ import { spawn, type ChildProcess } from 'child_process'
 import http from 'http'
 import fs from 'fs'
 import path from 'path'
-import { localIP } from '@/lib/server/storage'
+import { localIP } from '@/lib/server/runtime/network'
 import { resolveDevServerLaunchDir } from '@/lib/server/runtime/devserver-launch'
 import { resolvePathWithinBaseDir } from '@/lib/server/path-utils'
 import { safeParseBody } from '@/lib/server/safe-parse-body'