@swarmclawai/swarmclaw 1.2.5 → 1.2.8

package/src/lib/server/connectors/matrix.ts

@@ -4,6 +4,7 @@ import path from 'path'
 import { DATA_DIR } from '../data-dir'
 import type { PlatformConnector, ConnectorInstance, InboundMessage } from './types'
 import { resolveConnectorIngressReply } from './ingress-delivery'
+import { errorMessage } from '@/lib/shared-utils'
 
 const TAG = 'matrix'
 
@@ -54,8 +55,8 @@ const matrix: PlatformConnector = {
         const reply = await resolveConnectorIngressReply(onMessage, inbound)
         if (!reply) return
         await client.sendText(roomId, reply.visibleText)
-      } catch (err: any) {
-        log.error(TAG, 'Error handling message:', err.message)
+      } catch (err: unknown) {
+        log.error(TAG, 'Error handling message:', errorMessage(err))
         try {
           await client.sendText(roomId, 'Sorry, I encountered an error processing your message.')
         } catch { /* ignore */ }

package/src/lib/server/connectors/signal.ts

@@ -4,6 +4,7 @@ import type { ChildProcess } from 'child_process'
 import type { Connector } from '@/types'
 import type { PlatformConnector, ConnectorInstance, InboundMessage, ConnectorIngressResult } from './types'
 import { resolveConnectorIngressReply } from './ingress-delivery'
+import { errorMessage } from '@/lib/shared-utils'
 
 const TAG = 'signal'
 
@@ -107,8 +108,8 @@ const signal: PlatformConnector = {
               `${cliPath} -u ${phoneNumber} send -m ${JSON.stringify(text)} ${channelId}`,
               { timeout: 15_000 },
             )
-          } catch (err: any) {
-            throw new Error(`Signal send failed: ${err.message}`)
+          } catch (err: unknown) {
+            throw new Error(`Signal send failed: ${errorMessage(err)}`)
           }
         }
       },
@@ -179,8 +180,8 @@ export async function handleSignalEvent(
         { timeout: 15_000 },
       )
     }
-  } catch (err: any) {
-    log.error(TAG, 'Error handling message:', err.message)
+  } catch (err: unknown) {
+    log.error(TAG, 'Error handling message:', errorMessage(err))
   }
 }
 

package/src/lib/server/connectors/slack.ts

@@ -145,11 +145,12 @@ const slack: PlatformConnector = {
       }
       botUserId = auth.user_id as string
       log.info(TAG, `Authenticated as @${auth.user} in workspace "${auth.team}"`)
-    } catch (err: any) {
-      const hint = err.code === 'slack_webapi_platform_error'
+    } catch (err: unknown) {
+      const hint = (err instanceof Error && 'code' in err) ? (err as { code: string }).code : undefined
+      const suffix = hint === 'slack_webapi_platform_error'
         ? '. Check that your Bot Token (xoxb-...) is correct and the app is installed to the workspace.'
         : ''
-      throw new Error(`Slack auth failed: ${err.message}${hint}`)
+      throw new Error(`Slack auth failed: ${errorMessage(err)}${suffix}`)
     }
 
     const app = new App({
@@ -215,8 +216,8 @@ const slack: PlatformConnector = {
                 media.push(stored)
                 continue
               }
-            } catch (err: any) {
-              log.warn(TAG, `Media download failed (${f?.name || 'file'}):`, err?.message || String(err))
+            } catch (err: unknown) {
+              log.warn(TAG, `Media download failed (${f?.name || 'file'}):`, errorMessage(err))
             }
           }
           media.push({
@@ -264,8 +265,8 @@ const slack: PlatformConnector = {
             return sent.ts || undefined
           },
         })
-      } catch (err: any) {
-        log.error(TAG, 'Error handling message:', err.message)
+      } catch (err: unknown) {
+        log.error(TAG, 'Error handling message:', errorMessage(err))
         try {
           await say('Sorry, I encountered an error processing your message.')
         } catch { /* ignore */ }
@@ -322,8 +323,8 @@ const slack: PlatformConnector = {
             return sent.ts || undefined
           },
         })
-      } catch (err: any) {
-        log.error(TAG, 'Error handling mention:', err.message)
+      } catch (err: unknown) {
+        log.error(TAG, 'Error handling mention:', errorMessage(err))
       }
     })
 

package/src/lib/server/connectors/teams.ts

@@ -1,6 +1,7 @@
 import { log } from '@/lib/server/logger'
 import type { PlatformConnector, ConnectorInstance, InboundMessage } from './types'
 import { resolveConnectorIngressReply } from './ingress-delivery'
+import { errorMessage } from '@/lib/shared-utils'
 
 const TAG = 'teams'
 
@@ -51,8 +52,8 @@ const teams: PlatformConnector = {
           const reply = await resolveConnectorIngressReply(onMessage, inbound)
           if (!reply) return
           await context.sendActivity(reply.visibleText)
-        } catch (err: any) {
-          log.error(TAG, 'Error handling message:', err.message)
+        } catch (err: unknown) {
+          log.error(TAG, 'Error handling message:', errorMessage(err))
           try {
             await context.sendActivity('Sorry, I encountered an error processing your message.')
           } catch { /* ignore */ }

package/src/lib/server/connectors/telegram.ts

@@ -127,8 +127,8 @@ const telegram: PlatformConnector = {
             mimeType: m.mimeType,
           })
           if (stored) media.push(stored)
-        } catch (err: any) {
-          log.warn(TAG, `Failed to fetch media ${m.fileId}:`, err?.message || String(err))
+        } catch (err: unknown) {
+          log.warn(TAG, `Failed to fetch media ${m.fileId}:`, errorMessage(err))
           media.push({
             type: m.type,
             fileName: m.fileName,
@@ -177,8 +177,8 @@ const telegram: PlatformConnector = {
             return String(sent.message_id)
           },
         })
-      } catch (err: any) {
-        log.error(TAG, 'Error handling message:', err.message)
+      } catch (err: unknown) {
+        log.error(TAG, 'Error handling message:', errorMessage(err))
         try {
           await ctx.reply('Sorry, I encountered an error processing your message.')
         } catch { /* ignore */ }

package/src/lib/server/connectors/whatsapp.ts

@@ -714,8 +714,8 @@ const whatsapp: PlatformConnector = {
                 fileName: mediaCandidate.payload?.fileName || undefined,
               })
               media.push(saved)
-            } catch (err: any) {
-              log.error(TAG, `Failed to decode media: ${err?.message || String(err)}`)
+            } catch (err: unknown) {
+              log.error(TAG, `Failed to decode media: ${errorMessage(err)}`)
               media.push({
                 type: mediaCandidate.kind,
                 fileName: mediaCandidate.payload?.fileName || undefined,

package/src/lib/server/daemon/controller.ts

@@ -25,6 +25,7 @@ import type {
 } from '@/lib/server/daemon/types'
 import { DATA_DIR } from '@/lib/server/data-dir'
 import { loadEstopState } from '@/lib/server/runtime/estop'
+import { getDaemonStatus } from '@/lib/server/runtime/daemon-state/core'
 import { daemonAutostartEnvEnabled } from '@/lib/server/runtime/daemon-policy'
 import {
   releaseRuntimeLock,
@@ -344,6 +345,12 @@ export async function ensureDaemonProcessRunning(
   source: string,
   opts?: { manualStart?: boolean },
 ): Promise<boolean> {
+  // In dev mode, the daemon may already be running in-process (same Next.js server)
+  // without a daemon-admin.json file. Check in-process state first to avoid spawning
+  // a subprocess that fails to acquire the already-held lease.
+  const inProcessStatus = getDaemonStatus()
+  if (inProcessStatus.running) return false
+
   const manualStart = opts?.manualStart === true
   const record = loadDaemonStatusRecord()
   if (loadEstopState().level !== 'none') return false

package/src/lib/server/gateways/gateway-profile-service.ts

@@ -4,6 +4,7 @@ import { genId } from '@/lib/id'
 import { normalizeOpenClawEndpoint } from '@/lib/openclaw/openclaw-endpoint'
 import { listAgents, saveAgentMany } from '@/lib/server/agents/agent-repository'
 import { getGatewayProfiles } from '@/lib/server/agents/agent-runtime-config'
+import { deleteCredentialRecord } from '@/lib/server/credentials/credential-service'
 import {
   loadGatewayProfile,
   loadGatewayProfiles,
@@ -161,7 +162,9 @@ export function updateGatewayProfile(id: string, input: Record<string, unknown>)
 
 export function deleteGatewayProfileAndDetachAgents(id: string): boolean {
   const gateways = loadGatewayProfiles()
-  if (!gateways[id]) return false
+  const deleted = gateways[id]
+  if (!deleted) return false
+  const orphanCredentialId = deleted.credentialId || null
   delete gateways[id]
   saveGatewayProfiles(gateways)
 
@@ -195,6 +198,21 @@ export function deleteGatewayProfileAndDetachAgents(id: string): boolean {
   }
 
   if (changed.length > 0) saveAgentMany(changed)
+
+  // Clean up orphaned credential if no other gateway or agent references it
+  if (orphanCredentialId) {
+    const stillReferencedByGateway = Object.values(gateways).some(
+      (gw) => gw && gw.credentialId === orphanCredentialId,
+    )
+    const stillReferencedByAgent = !stillReferencedByGateway && Object.values(agents).some(
+      (a) => a.credentialId === orphanCredentialId
+        || (Array.isArray(a.fallbackCredentialIds) && a.fallbackCredentialIds.includes(orphanCredentialId)),
+    )
+    if (!stillReferencedByGateway && !stillReferencedByAgent) {
+      deleteCredentialRecord(orphanCredentialId)
+    }
+  }
+
   notify('gateways')
   return true
 }

package/src/lib/server/messages/message-repository.test.ts

@@ -0,0 +1,70 @@
+import assert from 'node:assert/strict'
+import test from 'node:test'
+import { runWithTempDataDir } from '@/lib/server/test-utils/run-with-temp-data-dir'
+
+test('appendMessage notifies both generic and per-session message topics', () => {
+  const output = runWithTempDataDir<{
+    genericTopics: string[]
+    sessionTopics: string[]
+  }>(`
+    const { WebSocket } = await import('ws')
+    const storageMod = await import('@/lib/server/storage')
+    const repoMod = await import('@/lib/server/messages/message-repository')
+    const storage = storageMod.default || storageMod
+    const repo = repoMod.default || repoMod
+
+    storage.saveSessions({
+      'sess-notify': {
+        id: 'sess-notify',
+        name: 'Notify Session',
+        cwd: process.env.WORKSPACE_DIR,
+        user: 'tester',
+        provider: 'openai',
+        model: 'gpt-5',
+        claudeSessionId: null,
+        codexThreadId: null,
+        opencodeSessionId: null,
+        delegateResumeIds: { claudeCode: null, codex: null, opencode: null, gemini: null },
+        messages: [],
+        createdAt: Date.now(),
+        lastActiveAt: Date.now(),
+      },
+    })
+
+    const genericPayloads = []
+    const sessionPayloads = []
+    globalThis.__swarmclaw_ws__ = {
+      wss: null,
+      clients: new Set([
+        {
+          ws: {
+            readyState: WebSocket.OPEN,
+            send(payload) { genericPayloads.push(JSON.parse(payload)) },
+          },
+          topics: new Set(['messages']),
+        },
+        {
+          ws: {
+            readyState: WebSocket.OPEN,
+            send(payload) { sessionPayloads.push(JSON.parse(payload)) },
+          },
+          topics: new Set(['messages:sess-notify']),
+        },
+      ]),
+    }
+
+    repo.appendMessage('sess-notify', {
+      role: 'user',
+      text: 'hello',
+      time: 1,
+    })
+
+    console.log(JSON.stringify({
+      genericTopics: genericPayloads.map((payload) => payload.topic),
+      sessionTopics: sessionPayloads.map((payload) => payload.topic),
+    }))
+  `, { prefix: 'swarmclaw-message-repo-notify-' })
+
+  assert.deepEqual(output.genericTopics, ['messages'])
+  assert.deepEqual(output.sessionTopics, ['messages:sess-notify'])
+})

package/src/lib/server/messages/message-repository.ts

@@ -107,6 +107,11 @@ function syncSessionMeta(sessionId: string): void {
   })
 }
 
+function notifyMessageTopics(sessionId: string, action: string): void {
+  notify('messages', action, sessionId)
+  notify(`messages:${sessionId}`, action)
+}
+
 // ---------------------------------------------------------------------------
 // Lazy migration — copies blob messages → table on first access
 // ---------------------------------------------------------------------------
@@ -229,7 +234,7 @@ export function appendMessage(sessionId: string, message: Message): number {
     const seq = nextSeq(sessionId)
     stmts().insert.run(sessionId, seq, JSON.stringify(message))
     syncSessionMeta(sessionId)
-    notify('messages', 'append', sessionId)
+    notifyMessageTopics(sessionId, 'append')
     return seq
   }, { sessionId })
 }
@@ -247,7 +252,7 @@ export function appendMessages(sessionId: string, messages: Message[]): void {
       }
     })
     syncSessionMeta(sessionId)
-    notify('messages', 'append', sessionId)
+    notifyMessageTopics(sessionId, 'append')
   }, { sessionId, count: messages.length })
 }
 
@@ -256,7 +261,7 @@ export function replaceMessageAt(sessionId: string, seq: number, message: Messag
   perf.measureSync('message-repo', 'replaceMessageAt', () => {
     stmts().update.run(JSON.stringify(message), sessionId, seq)
     syncSessionMeta(sessionId)
-    notify('messages', 'update', sessionId)
+    notifyMessageTopics(sessionId, 'update')
   }, { sessionId, seq })
 }
 
@@ -265,7 +270,7 @@ export function truncateAfter(sessionId: string, seq: number): void {
   perf.measureSync('message-repo', 'truncateAfter', () => {
     stmts().deleteAfter.run(sessionId, seq)
     syncSessionMeta(sessionId)
-    notify('messages', 'truncate', sessionId)
+    notifyMessageTopics(sessionId, 'truncate')
   }, { sessionId, seq })
 }
 
@@ -274,7 +279,7 @@ export function clearMessages(sessionId: string): void {
   perf.measureSync('message-repo', 'clearMessages', () => {
     stmts().deleteAll.run(sessionId)
     syncSessionMeta(sessionId)
-    notify('messages', 'clear', sessionId)
+    notifyMessageTopics(sessionId, 'clear')
   }, { sessionId })
 }
 
@@ -289,7 +294,7 @@ export function replaceAllMessages(sessionId: string, messages: Message[]): void
       }
     })
     syncSessionMeta(sessionId)
-    notify('messages', 'replace', sessionId)
+    notifyMessageTopics(sessionId, 'replace')
   }, { sessionId, count: messages.length })
 }
 

package/src/lib/server/openclaw/deploy.ts

@@ -12,6 +12,9 @@ import {
   type ProcessStatus,
 } from '@/lib/server/runtime/process-manager'
 import { normalizeOpenClawEndpoint, deriveOpenClawWsUrl } from '@/lib/openclaw/openclaw-endpoint'
+import { createCredentialRecord } from '@/lib/server/credentials/credential-service'
+import { createGatewayProfile } from '@/lib/server/gateways/gateway-profile-service'
+import { loadGatewayProfiles } from '@/lib/server/gateways/gateway-profile-repository'
 import { probeOpenClawHealth, type OpenClawHealthResult } from './health'
 import { DATA_DIR } from '../data-dir'
 
@@ -1046,7 +1049,7 @@ export async function startOpenClawLocalDeploy(input?: {
   port?: number
   token?: string | null
   makePrimary?: boolean
-}): Promise<{ local: OpenClawLocalDeployStatus; locals: OpenClawLocalDeployStatus[]; token: string }> {
+}): Promise<{ local: OpenClawLocalDeployStatus; locals: OpenClawLocalDeployStatus[]; token: string; gatewayProfileId: string | null }> {
   const state = getRuntimeState()
   const port = sanitizeLocalPort(input?.port, DEFAULT_LOCAL_PORT)
   const requestedLocalId = typeof input?.localId === 'string' && input.localId.trim()
@@ -1145,11 +1148,38 @@ export async function startOpenClawLocalDeploy(input?: {
 
   await waitForLocalRuntime(result.processId)
 
+  // Auto-provision gateway profile so agents can connect immediately
+  const existingGateways = loadGatewayProfiles()
+  const existingProfile = Object.values(existingGateways).find(
+    (gw) => gw && gw.endpoint === endpoint,
+  )
+  let gatewayProfileId: string | null = null
+
+  if (existingProfile) {
+    gatewayProfileId = existingProfile.id
+  } else {
+    const deployName = current.name || 'Local OpenClaw'
+    const cred = createCredentialRecord({
+      provider: 'openclaw',
+      name: `${deployName} token`,
+      apiKey: token,
+    })
+    const profile = createGatewayProfile({
+      name: deployName,
+      endpoint,
+      credentialId: cred.id,
+      isDefault: Object.keys(existingGateways).length === 0,
+      deployment: { method: 'local', port, localId },
+    })
+    gatewayProfileId = profile.id
+  }
+
   const local = getOpenClawLocalDeployStatus(localId)
   return {
     local,
     locals: getOpenClawLocalDeployStatuses(),
     token,
+    gatewayProfileId,
   }
 }
 
@@ -1190,7 +1220,7 @@ export async function restartOpenClawLocalDeploy(input?: {
   port?: number
   token?: string | null
   makePrimary?: boolean
-}): Promise<{ local: OpenClawLocalDeployStatus; locals: OpenClawLocalDeployStatus[]; token: string }> {
+}): Promise<{ local: OpenClawLocalDeployStatus; locals: OpenClawLocalDeployStatus[]; token: string; gatewayProfileId: string | null }> {
   const state = getRuntimeState()
   const current = findLocalRuntimeState(state, {
     localId: input?.localId ?? null,

package/src/lib/server/plugins-advanced.test.ts

@@ -340,8 +340,7 @@ describe('complex expansion scenarios', () => {
   it('sandbox aliases expand', () => {
     const result = expandExtensionIds(['sandbox'])
     assert.ok(result.includes('sandbox'))
-    assert.ok(result.includes('sandbox_exec'))
-    assert.ok(result.includes('sandbox_list_runtimes'))
+    assert.ok(result.includes('execute'))
   })
 
   it('files expands to include read_file, write_file, etc.', () => {

package/src/lib/server/provider-health.ts

@@ -42,7 +42,7 @@ function commandExists(binary: string): boolean {
   pruneTTLCache(cliCheckCache, CLI_CHECK_TTL_MS, CLI_CHECK_CACHE_MAX)
   const probe = isWindows
     ? spawnSync('where', [binary], { timeout: 2000, stdio: 'pipe' })
-    : spawnSync('/bin/zsh', ['-lc', `command -v ${binary} >/dev/null 2>&1`], { timeout: 2000 })
+    : spawnSync(process.env.SHELL || '/bin/bash', ['-lc', `command -v ${binary} >/dev/null 2>&1`], { timeout: 2000 })
   const ok = (probe.status ?? 1) === 0
   cliCheckCache.set(binary, { at: now, ok })
   return ok

package/src/lib/server/runtime/process-manager.ts

@@ -1,5 +1,5 @@
 import { genId } from '@/lib/id'
-import { hmrSingleton, sleep } from '@/lib/shared-utils'
+import { hmrSingleton, sleep, errorMessage } from '@/lib/shared-utils'
 import { spawn, type ChildProcessWithoutNullStreams } from 'child_process'
 import { detectDocker } from '@/lib/server/sandbox/docker-detect'
 import { log } from '@/lib/server/logger'
@@ -169,7 +169,8 @@ export function buildDockerExecArgs(params: {
 
 export function getShellCommand(command: string, processId?: string, sandbox?: SandboxOptions): { shell: string; args: string[]; containerName?: string } {
   if (!sandbox) {
-    return { shell: '/bin/zsh', args: ['-lc', command] }
+    const shell = process.env.SHELL || '/bin/bash'
+    return { shell, args: ['-lc', command] }
   }
 
   if (sandbox.kind === 'persistent') {
@@ -247,9 +248,12 @@ export async function startManagedProcess(opts: StartProcessOptions): Promise<St
   state.records.set(id, record)
 
   const { shell, args } = getShellCommand(opts.command, id, opts.sandbox)
-  // Strip SwarmClaw-specific env vars so agent child processes don't inherit
-  // our port binding or internal keys (e.g. npm dev servers defaulting to :3456)
-  const stripKeys = new Set(['PORT', 'ACCESS_KEY', 'NEXTAUTH_SECRET'])
+  // Strip env vars that should not leak into child processes:
+  // - PORT, ACCESS_KEY, NEXTAUTH_SECRET: SwarmClaw-specific bindings
+  // - npm_config_prefix: injected by npm when running scripts; conflicts with nvm
+  //   in login shell subprocesses (nvm refuses to initialize when this is set,
+  //   breaking node PATH resolution for all nvm users)
+  const stripKeys = new Set(['PORT', 'ACCESS_KEY', 'NEXTAUTH_SECRET', 'npm_config_prefix'])
   const cleanEnv = Object.fromEntries(Object.entries(process.env).filter(([k]) => !stripKeys.has(k))) as NodeJS.ProcessEnv
   const child = spawn(shell, args, {
     cwd: opts.sandbox ? undefined : opts.cwd,
@@ -405,8 +409,8 @@ export function writeManagedProcessStdin(processId: string, data: string, eof?:
     if (data) child.stdin.write(data)
     if (eof) child.stdin.end()
     return { ok: true }
-  } catch (err: any) {
-    return { ok: false, error: err.message || String(err) }
+  } catch (err: unknown) {
+    return { ok: false, error: errorMessage(err) || String(err) }
   }
 }
 
@@ -418,8 +422,8 @@ export function killManagedProcess(processId: string, signal: NodeJS.Signals = '
     rec.status = 'killed'
     child.kill(signal)
     return { ok: true }
-  } catch (err: any) {
-    return { ok: false, error: err.message || String(err) }
+  } catch (err: unknown) {
+    return { ok: false, error: errorMessage(err) || String(err) }
   }
 }
 

package/src/lib/server/runtime/session-run-manager/queries.ts

@@ -49,12 +49,27 @@ function toQueuedTurn(entry: SessionRunQueueEntry, index: number): SessionQueued
   }
 }
 
+function toActiveTurn(entry: SessionRunQueueEntry): SessionQueuedTurn {
+  return {
+    ...toQueuedTurn(entry, 0),
+    position: 0,
+  }
+}
+
+function visibleActiveTurnForSession(sessionId: string): SessionQueuedTurn | null {
+  const running = Array.from(state.runningByExecution.values())
+    .find((entry) => entry.run.sessionId === sessionId && entry.run.status === 'running')
+  if (!running || running.run.internal === true) return null
+  return toActiveTurn(running)
+}
+
 export function getSessionQueueSnapshot(sessionId: string): SessionQueueSnapshot {
   const execution = getSessionExecutionState(sessionId)
   const visibleQueued = visibleQueuedEntriesForSession(sessionId)
   return {
     sessionId,
     activeRunId: execution.runningRunId || null,
+    activeTurn: visibleActiveTurnForSession(sessionId),
     queueLength: visibleQueued.length,
     items: visibleQueued.map((entry, index) => toQueuedTurn(entry, index)),
   }

package/src/lib/server/runtime/session-run-manager.test.ts

@@ -521,6 +521,37 @@ describe('session-run-manager', () => {
       })
     })
 
+    it('exposes the active user-visible turn separately from queued follow-ups', () => {
+      const running = enqueue({
+        sessionId: 'sess-active-turn',
+        message: 'running now',
+        source: 'chat',
+      })
+      const queued = enqueue({
+        sessionId: 'sess-active-turn',
+        message: 'queued next',
+        source: 'chat',
+      })
+
+      const snapshot = mgr.getSessionQueueSnapshot('sess-active-turn')
+      assert.equal(snapshot.activeRunId, running.runId)
+      assert.deepEqual(snapshot.activeTurn, {
+        runId: running.runId,
+        sessionId: 'sess-active-turn',
+        missionId: null,
+        text: 'running now',
+        queuedAt: snapshot.activeTurn?.queuedAt,
+        position: 0,
+        imagePath: undefined,
+        imageUrl: undefined,
+        attachedFiles: undefined,
+        replyToId: undefined,
+        source: 'chat',
+      })
+      assert.deepEqual(snapshot.items.map((item) => item.runId), [queued.runId])
+      assert.equal(snapshot.queueLength, 1)
+    })
+
     it('hides internal queued runs from the user-visible queue snapshot', () => {
       enqueue({ sessionId: 'sess-visible-queue', message: 'running' })
       enqueue({
@@ -538,9 +569,36 @@ describe('session-run-manager', () => {
 
       const snapshot = mgr.getSessionQueueSnapshot('sess-visible-queue')
       assert.equal(snapshot.queueLength, 1)
+      assert.equal(snapshot.activeTurn?.runId, snapshot.activeRunId)
       assert.deepEqual(snapshot.items.map((item) => item.runId), [visible.runId])
     })
 
+    it('hides internal active runs from the active-turn snapshot field', () => {
+      const { entry, promise } = makeManualQueuedEntry({
+        sessionId: 'sess-hidden-active',
+        runId: 'run-hidden',
+        message: 'heartbeat hidden',
+        internal: true,
+        source: 'heartbeat',
+      })
+      entry.run.status = 'running'
+      entry.run.startedAt = Date.now()
+      const state = getRuntimeState()
+      state.runningByExecution.set(entry.executionKey, entry as unknown)
+      state.runs.set(entry.run.id, entry.run)
+      state.promises.set(entry.run.id, promise)
+      pendingPromises.push(promise.catch(() => {}))
+
+      try {
+        const snapshot = mgr.getSessionQueueSnapshot('sess-hidden-active')
+        assert.equal(snapshot.activeRunId, 'run-hidden')
+        assert.equal(snapshot.activeTurn, null)
+        assert.equal(snapshot.queueLength, 0)
+      } finally {
+        entry.resolve(undefined)
+      }
+    })
+
     it('reports heartbeat vs non-heartbeat queued runs', () => {
       enqueue({ sessionId: 'sess-hb-state', message: 'occupier' })
       enqueue({

package/src/lib/server/sandbox/session-runtime.test.ts

@@ -1,6 +1,6 @@
 import assert from 'node:assert/strict'
 import test from 'node:test'
-import { resolveSandboxRuntimeStatus, resolveSandboxWorkdir } from '@/lib/server/sandbox/session-runtime'
+import { resolveSandboxRuntimeStatus, resolveSandboxSessionContext, resolveSandboxWorkdir } from '@/lib/server/sandbox/session-runtime'
 import type { Session } from '@/types'
 
 test('resolveSandboxRuntimeStatus defaults enabled sandboxes to all sessions', () => {
@@ -49,6 +49,23 @@ test('resolveSandboxRuntimeStatus sandboxes child sessions in non-main mode', ()
   assert.equal(status.scopeKey, 'agent:agent-1')
 })
 
+test('resolveSandboxSessionContext resolves browser-compatible workspace context without starting containers', () => {
+  const context = resolveSandboxSessionContext({
+    config: { enabled: true, scope: 'agent', workdir: '/workspace' },
+    session: {
+      id: 'child-session',
+      agentId: 'agent-1',
+      parentSessionId: 'main-session',
+    } as Session,
+    workspaceDir: '/tmp/project',
+  })
+
+  assert.ok(context)
+  assert.equal(context?.scopeKey, 'agent:agent-1')
+  assert.equal(context?.workspaceDir, '/tmp/project')
+  assert.equal(context?.containerWorkdir, '/workspace')
+})
+
 test('resolveSandboxWorkdir maps nested host paths into the container workspace', () => {
   const resolved = resolveSandboxWorkdir({
     workspaceDir: '/tmp/project',