@swarmclawai/swarmclaw 1.2.6 → 1.2.8

package/src/lib/server/messages/message-repository.ts

@@ -107,6 +107,11 @@ function syncSessionMeta(sessionId: string): void {
   })
 }
 
+function notifyMessageTopics(sessionId: string, action: string): void {
+  notify('messages', action, sessionId)
+  notify(`messages:${sessionId}`, action)
+}
+
 // ---------------------------------------------------------------------------
 // Lazy migration — copies blob messages → table on first access
 // ---------------------------------------------------------------------------
@@ -229,7 +234,7 @@ export function appendMessage(sessionId: string, message: Message): number {
     const seq = nextSeq(sessionId)
     stmts().insert.run(sessionId, seq, JSON.stringify(message))
     syncSessionMeta(sessionId)
-    notify('messages', 'append', sessionId)
+    notifyMessageTopics(sessionId, 'append')
     return seq
   }, { sessionId })
 }
@@ -247,7 +252,7 @@ export function appendMessages(sessionId: string, messages: Message[]): void {
       }
     })
     syncSessionMeta(sessionId)
-    notify('messages', 'append', sessionId)
+    notifyMessageTopics(sessionId, 'append')
   }, { sessionId, count: messages.length })
 }
 
@@ -256,7 +261,7 @@ export function replaceMessageAt(sessionId: string, seq: number, message: Messag
   perf.measureSync('message-repo', 'replaceMessageAt', () => {
     stmts().update.run(JSON.stringify(message), sessionId, seq)
     syncSessionMeta(sessionId)
-    notify('messages', 'update', sessionId)
+    notifyMessageTopics(sessionId, 'update')
   }, { sessionId, seq })
 }
 
@@ -265,7 +270,7 @@ export function truncateAfter(sessionId: string, seq: number): void {
   perf.measureSync('message-repo', 'truncateAfter', () => {
     stmts().deleteAfter.run(sessionId, seq)
     syncSessionMeta(sessionId)
-    notify('messages', 'truncate', sessionId)
+    notifyMessageTopics(sessionId, 'truncate')
   }, { sessionId, seq })
 }
 
@@ -274,7 +279,7 @@ export function clearMessages(sessionId: string): void {
   perf.measureSync('message-repo', 'clearMessages', () => {
     stmts().deleteAll.run(sessionId)
     syncSessionMeta(sessionId)
-    notify('messages', 'clear', sessionId)
+    notifyMessageTopics(sessionId, 'clear')
   }, { sessionId })
 }
 
@@ -289,7 +294,7 @@ export function replaceAllMessages(sessionId: string, messages: Message[]): void
       }
     })
     syncSessionMeta(sessionId)
-    notify('messages', 'replace', sessionId)
+    notifyMessageTopics(sessionId, 'replace')
   }, { sessionId, count: messages.length })
 }
 

package/src/lib/server/openclaw/deploy.ts

@@ -12,6 +12,9 @@ import {
   type ProcessStatus,
 } from '@/lib/server/runtime/process-manager'
 import { normalizeOpenClawEndpoint, deriveOpenClawWsUrl } from '@/lib/openclaw/openclaw-endpoint'
+import { createCredentialRecord } from '@/lib/server/credentials/credential-service'
+import { createGatewayProfile } from '@/lib/server/gateways/gateway-profile-service'
+import { loadGatewayProfiles } from '@/lib/server/gateways/gateway-profile-repository'
 import { probeOpenClawHealth, type OpenClawHealthResult } from './health'
 import { DATA_DIR } from '../data-dir'
 
@@ -1046,7 +1049,7 @@ export async function startOpenClawLocalDeploy(input?: {
   port?: number
   token?: string | null
   makePrimary?: boolean
-}): Promise<{ local: OpenClawLocalDeployStatus; locals: OpenClawLocalDeployStatus[]; token: string }> {
+}): Promise<{ local: OpenClawLocalDeployStatus; locals: OpenClawLocalDeployStatus[]; token: string; gatewayProfileId: string | null }> {
   const state = getRuntimeState()
   const port = sanitizeLocalPort(input?.port, DEFAULT_LOCAL_PORT)
   const requestedLocalId = typeof input?.localId === 'string' && input.localId.trim()
@@ -1145,11 +1148,38 @@ export async function startOpenClawLocalDeploy(input?: {
 
   await waitForLocalRuntime(result.processId)
 
+  // Auto-provision gateway profile so agents can connect immediately
+  const existingGateways = loadGatewayProfiles()
+  const existingProfile = Object.values(existingGateways).find(
+    (gw) => gw && gw.endpoint === endpoint,
+  )
+  let gatewayProfileId: string | null = null
+
+  if (existingProfile) {
+    gatewayProfileId = existingProfile.id
+  } else {
+    const deployName = current.name || 'Local OpenClaw'
+    const cred = createCredentialRecord({
+      provider: 'openclaw',
+      name: `${deployName} token`,
+      apiKey: token,
+    })
+    const profile = createGatewayProfile({
+      name: deployName,
+      endpoint,
+      credentialId: cred.id,
+      isDefault: Object.keys(existingGateways).length === 0,
+      deployment: { method: 'local', port, localId },
+    })
+    gatewayProfileId = profile.id
+  }
+
   const local = getOpenClawLocalDeployStatus(localId)
   return {
     local,
     locals: getOpenClawLocalDeployStatuses(),
     token,
+    gatewayProfileId,
   }
 }
 
@@ -1190,7 +1220,7 @@ export async function restartOpenClawLocalDeploy(input?: {
   port?: number
   token?: string | null
   makePrimary?: boolean
-}): Promise<{ local: OpenClawLocalDeployStatus; locals: OpenClawLocalDeployStatus[]; token: string }> {
+}): Promise<{ local: OpenClawLocalDeployStatus; locals: OpenClawLocalDeployStatus[]; token: string; gatewayProfileId: string | null }> {
   const state = getRuntimeState()
   const current = findLocalRuntimeState(state, {
     localId: input?.localId ?? null,

package/src/lib/server/plugins-advanced.test.ts

@@ -340,8 +340,7 @@ describe('complex expansion scenarios', () => {
   it('sandbox aliases expand', () => {
     const result = expandExtensionIds(['sandbox'])
     assert.ok(result.includes('sandbox'))
-    assert.ok(result.includes('sandbox_exec'))
-    assert.ok(result.includes('sandbox_list_runtimes'))
+    assert.ok(result.includes('execute'))
   })
 
   it('files expands to include read_file, write_file, etc.', () => {

package/src/lib/server/provider-health.ts

@@ -42,7 +42,7 @@ function commandExists(binary: string): boolean {
   pruneTTLCache(cliCheckCache, CLI_CHECK_TTL_MS, CLI_CHECK_CACHE_MAX)
   const probe = isWindows
     ? spawnSync('where', [binary], { timeout: 2000, stdio: 'pipe' })
-    : spawnSync('/bin/zsh', ['-lc', `command -v ${binary} >/dev/null 2>&1`], { timeout: 2000 })
+    : spawnSync(process.env.SHELL || '/bin/bash', ['-lc', `command -v ${binary} >/dev/null 2>&1`], { timeout: 2000 })
   const ok = (probe.status ?? 1) === 0
   cliCheckCache.set(binary, { at: now, ok })
   return ok

package/src/lib/server/runtime/process-manager.ts

@@ -1,5 +1,5 @@
 import { genId } from '@/lib/id'
-import { hmrSingleton, sleep } from '@/lib/shared-utils'
+import { hmrSingleton, sleep, errorMessage } from '@/lib/shared-utils'
 import { spawn, type ChildProcessWithoutNullStreams } from 'child_process'
 import { detectDocker } from '@/lib/server/sandbox/docker-detect'
 import { log } from '@/lib/server/logger'
@@ -169,7 +169,8 @@ export function buildDockerExecArgs(params: {
 
 export function getShellCommand(command: string, processId?: string, sandbox?: SandboxOptions): { shell: string; args: string[]; containerName?: string } {
   if (!sandbox) {
-    return { shell: '/bin/zsh', args: ['-lc', command] }
+    const shell = process.env.SHELL || '/bin/bash'
+    return { shell, args: ['-lc', command] }
   }
 
   if (sandbox.kind === 'persistent') {
@@ -247,9 +248,12 @@ export async function startManagedProcess(opts: StartProcessOptions): Promise<St
   state.records.set(id, record)
 
   const { shell, args } = getShellCommand(opts.command, id, opts.sandbox)
-  // Strip SwarmClaw-specific env vars so agent child processes don't inherit
-  // our port binding or internal keys (e.g. npm dev servers defaulting to :3456)
-  const stripKeys = new Set(['PORT', 'ACCESS_KEY', 'NEXTAUTH_SECRET'])
+  // Strip env vars that should not leak into child processes:
+  // - PORT, ACCESS_KEY, NEXTAUTH_SECRET: SwarmClaw-specific bindings
+  // - npm_config_prefix: injected by npm when running scripts; conflicts with nvm
+  //   in login shell subprocesses (nvm refuses to initialize when this is set,
+  //   breaking node PATH resolution for all nvm users)
+  const stripKeys = new Set(['PORT', 'ACCESS_KEY', 'NEXTAUTH_SECRET', 'npm_config_prefix'])
   const cleanEnv = Object.fromEntries(Object.entries(process.env).filter(([k]) => !stripKeys.has(k))) as NodeJS.ProcessEnv
   const child = spawn(shell, args, {
     cwd: opts.sandbox ? undefined : opts.cwd,
@@ -405,8 +409,8 @@ export function writeManagedProcessStdin(processId: string, data: string, eof?:
     if (data) child.stdin.write(data)
     if (eof) child.stdin.end()
     return { ok: true }
-  } catch (err: any) {
-    return { ok: false, error: err.message || String(err) }
+  } catch (err: unknown) {
+    return { ok: false, error: errorMessage(err) || String(err) }
   }
 }
 
@@ -418,8 +422,8 @@ export function killManagedProcess(processId: string, signal: NodeJS.Signals = '
     rec.status = 'killed'
     child.kill(signal)
     return { ok: true }
-  } catch (err: any) {
-    return { ok: false, error: err.message || String(err) }
+  } catch (err: unknown) {
+    return { ok: false, error: errorMessage(err) || String(err) }
   }
 }
 

package/src/lib/server/runtime/session-run-manager/queries.ts

@@ -49,12 +49,27 @@ function toQueuedTurn(entry: SessionRunQueueEntry, index: number): SessionQueued
   }
 }
 
+function toActiveTurn(entry: SessionRunQueueEntry): SessionQueuedTurn {
+  return {
+    ...toQueuedTurn(entry, 0),
+    position: 0,
+  }
+}
+
+function visibleActiveTurnForSession(sessionId: string): SessionQueuedTurn | null {
+  const running = Array.from(state.runningByExecution.values())
+    .find((entry) => entry.run.sessionId === sessionId && entry.run.status === 'running')
+  if (!running || running.run.internal === true) return null
+  return toActiveTurn(running)
+}
+
 export function getSessionQueueSnapshot(sessionId: string): SessionQueueSnapshot {
   const execution = getSessionExecutionState(sessionId)
   const visibleQueued = visibleQueuedEntriesForSession(sessionId)
   return {
     sessionId,
     activeRunId: execution.runningRunId || null,
+    activeTurn: visibleActiveTurnForSession(sessionId),
     queueLength: visibleQueued.length,
     items: visibleQueued.map((entry, index) => toQueuedTurn(entry, index)),
   }

package/src/lib/server/runtime/session-run-manager.test.ts

@@ -521,6 +521,37 @@ describe('session-run-manager', () => {
       })
     })
 
+    it('exposes the active user-visible turn separately from queued follow-ups', () => {
+      const running = enqueue({
+        sessionId: 'sess-active-turn',
+        message: 'running now',
+        source: 'chat',
+      })
+      const queued = enqueue({
+        sessionId: 'sess-active-turn',
+        message: 'queued next',
+        source: 'chat',
+      })
+
+      const snapshot = mgr.getSessionQueueSnapshot('sess-active-turn')
+      assert.equal(snapshot.activeRunId, running.runId)
+      assert.deepEqual(snapshot.activeTurn, {
+        runId: running.runId,
+        sessionId: 'sess-active-turn',
+        missionId: null,
+        text: 'running now',
+        queuedAt: snapshot.activeTurn?.queuedAt,
+        position: 0,
+        imagePath: undefined,
+        imageUrl: undefined,
+        attachedFiles: undefined,
+        replyToId: undefined,
+        source: 'chat',
+      })
+      assert.deepEqual(snapshot.items.map((item) => item.runId), [queued.runId])
+      assert.equal(snapshot.queueLength, 1)
+    })
+
     it('hides internal queued runs from the user-visible queue snapshot', () => {
       enqueue({ sessionId: 'sess-visible-queue', message: 'running' })
       enqueue({
@@ -538,9 +569,36 @@ describe('session-run-manager', () => {
 
       const snapshot = mgr.getSessionQueueSnapshot('sess-visible-queue')
       assert.equal(snapshot.queueLength, 1)
+      assert.equal(snapshot.activeTurn?.runId, snapshot.activeRunId)
       assert.deepEqual(snapshot.items.map((item) => item.runId), [visible.runId])
     })
 
+    it('hides internal active runs from the active-turn snapshot field', () => {
+      const { entry, promise } = makeManualQueuedEntry({
+        sessionId: 'sess-hidden-active',
+        runId: 'run-hidden',
+        message: 'heartbeat hidden',
+        internal: true,
+        source: 'heartbeat',
+      })
+      entry.run.status = 'running'
+      entry.run.startedAt = Date.now()
+      const state = getRuntimeState()
+      state.runningByExecution.set(entry.executionKey, entry as unknown)
+      state.runs.set(entry.run.id, entry.run)
+      state.promises.set(entry.run.id, promise)
+      pendingPromises.push(promise.catch(() => {}))
+
+      try {
+        const snapshot = mgr.getSessionQueueSnapshot('sess-hidden-active')
+        assert.equal(snapshot.activeRunId, 'run-hidden')
+        assert.equal(snapshot.activeTurn, null)
+        assert.equal(snapshot.queueLength, 0)
+      } finally {
+        entry.resolve(undefined)
+      }
+    })
+
     it('reports heartbeat vs non-heartbeat queued runs', () => {
       enqueue({ sessionId: 'sess-hb-state', message: 'occupier' })
       enqueue({

package/src/lib/server/sandbox/session-runtime.test.ts

@@ -1,6 +1,6 @@
 import assert from 'node:assert/strict'
 import test from 'node:test'
-import { resolveSandboxRuntimeStatus, resolveSandboxWorkdir } from '@/lib/server/sandbox/session-runtime'
+import { resolveSandboxRuntimeStatus, resolveSandboxSessionContext, resolveSandboxWorkdir } from '@/lib/server/sandbox/session-runtime'
 import type { Session } from '@/types'
 
 test('resolveSandboxRuntimeStatus defaults enabled sandboxes to all sessions', () => {
@@ -49,6 +49,23 @@ test('resolveSandboxRuntimeStatus sandboxes child sessions in non-main mode', ()
   assert.equal(status.scopeKey, 'agent:agent-1')
 })
 
+test('resolveSandboxSessionContext resolves browser-compatible workspace context without starting containers', () => {
+  const context = resolveSandboxSessionContext({
+    config: { enabled: true, scope: 'agent', workdir: '/workspace' },
+    session: {
+      id: 'child-session',
+      agentId: 'agent-1',
+      parentSessionId: 'main-session',
+    } as Session,
+    workspaceDir: '/tmp/project',
+  })
+
+  assert.ok(context)
+  assert.equal(context?.scopeKey, 'agent:agent-1')
+  assert.equal(context?.workspaceDir, '/tmp/project')
+  assert.equal(context?.containerWorkdir, '/workspace')
+})
+
 test('resolveSandboxWorkdir maps nested host paths into the container workspace', () => {
   const resolved = resolveSandboxWorkdir({
     workspaceDir: '/tmp/project',

package/src/lib/server/sandbox/session-runtime.ts

@@ -236,15 +236,37 @@ export function resolveSandboxWorkdir(params: {
   }
 }
 
-export async function ensureSessionSandbox(params: {
+export function resolveSandboxSessionContext(params: {
   config: AgentSandboxConfig | null | undefined
   session?: Session | null
   agentId?: string | null
   sessionId?: string | null
   workspaceDir: string
-}): Promise<SandboxSessionContext | null> {
+}): SandboxSessionContext | null {
   const status = resolveSandboxRuntimeStatus(params)
   if (!status.sandboxed || !status.config || !status.scopeKey) return null
+
+  return {
+    containerName: `${status.config.containerPrefix}${slugifyScopeKey(status.scopeKey)}`.slice(0, 63),
+    containerWorkdir: status.config.workdir,
+    workspaceDir: params.workspaceDir,
+    workspaceAccess: status.config.workspaceAccess,
+    mode: status.mode,
+    scope: status.scope,
+    scopeKey: status.scopeKey,
+    config: status.config,
+  }
+}
+
+export async function ensureSessionSandbox(params: {
+  config: AgentSandboxConfig | null | undefined
+  session?: Session | null
+  agentId?: string | null
+  sessionId?: string | null
+  workspaceDir: string
+}): Promise<SandboxSessionContext | null> {
+  const context = resolveSandboxSessionContext(params)
+  if (!context) return null
   await maybePruneSandboxes(params.config)
 
   const docker = detectDocker()
@@ -252,17 +274,16 @@ export async function ensureSessionSandbox(params: {
     throw new Error('Sandbox is enabled but Docker is not available. Install Docker Desktop or disable the sandbox in agent settings.')
   }
 
-  const containerName = `${status.config.containerPrefix}${slugifyScopeKey(status.scopeKey)}`.slice(0, 63)
   const configHash = computeSandboxConfigHash({
-    config: status.config,
+    config: context.config,
     workspaceDir: params.workspaceDir,
-    scopeKey: status.scopeKey,
+    scopeKey: context.scopeKey,
   })
 
-  const current = await inspectDockerContainer(containerName)
-  const currentHash = current.exists ? await readDockerLabel(containerName, 'swarmclaw.configHash') : null
+  const current = await inspectDockerContainer(context.containerName)
+  const currentHash = current.exists ? await readDockerLabel(context.containerName, 'swarmclaw.configHash') : null
   if (current.exists && currentHash && currentHash !== configHash) {
-    await execDocker(['rm', '-f', containerName], true)
+    await execDocker(['rm', '-f', context.containerName], true)
   }
 
   const next = current.exists && currentHash === configHash
@@ -271,37 +292,28 @@ export async function ensureSessionSandbox(params: {
 
   if (!next.exists) {
     await execDocker(buildSandboxCreateArgs({
-      containerName,
-      scopeKey: status.scopeKey,
+      containerName: context.containerName,
+      scopeKey: context.scopeKey,
       configHash,
-      config: status.config,
+      config: context.config,
       workspaceDir: params.workspaceDir,
     }))
-    await execDocker(['start', containerName])
-    if (status.config.setupCommand) {
-      await execDocker(['exec', '-i', containerName, '/bin/sh', '-lc', status.config.setupCommand])
+    await execDocker(['start', context.containerName])
+    if (context.config.setupCommand) {
+      await execDocker(['exec', '-i', context.containerName, '/bin/sh', '-lc', context.config.setupCommand])
     }
   } else if (!next.running) {
-    await execDocker(['start', containerName])
+    await execDocker(['start', context.containerName])
   }
 
   await upsertSandboxRegistryEntry({
-    containerName,
-    scopeKey: status.scopeKey,
+    containerName: context.containerName,
+    scopeKey: context.scopeKey,
     createdAtMs: Date.now(),
     lastUsedAtMs: Date.now(),
-    image: status.config.image,
+    image: context.config.image,
     configHash,
   })
 
-  return {
-    containerName,
-    containerWorkdir: status.config.workdir,
-    workspaceDir: params.workspaceDir,
-    workspaceAccess: status.config.workspaceAccess,
-    mode: status.mode,
-    scope: status.scope,
-    scopeKey: status.scopeKey,
-    config: status.config,
-  }
+  return context
 }

package/src/lib/server/session-tools/autonomy-tools.test.ts

@@ -52,14 +52,12 @@ describe('durable wait surface', () => {
   })
 })
 
-describe('sandbox surface', () => {
-  it('sandbox execution functions remain for shell integration', () => {
-    const src = readToolSource('sandbox')
-    assert.equal(src.includes('executeSandboxExec'), true)
-    assert.equal(src.includes('executeListRuntimes'), true)
-    assert.equal(src.includes('executeHostNode'), true)
-    // Extension registration removed — sandbox_exec is now provided by shell
-    assert.equal(src.includes('registerBuiltin'), false)
+describe('execute surface', () => {
+  it('keeps just-bash as the sandboxed execution path with explicit host opt-in', () => {
+    const src = readToolSource('execute')
+    assert.equal(src.includes('just-bash'), true)
+    assert.equal(src.includes('normalizeAgentExecuteConfig'), true)
+    assert.equal(src.includes('persistent=true'), true)
   })
 })
 
@@ -81,7 +79,7 @@ describe('delegation job handles', () => {
 
   it('scheduler and daemon recover the durable autonomy jobs', () => {
     const schedulerSrc = fs.readFileSync(path.join(serverDir, 'runtime', 'scheduler.ts'), 'utf-8')
-    const daemonSrc = fs.readFileSync(path.join(serverDir, 'runtime', 'daemon-state.ts'), 'utf-8')
+    const daemonSrc = fs.readFileSync(path.join(serverDir, 'runtime', 'daemon-state', 'core.ts'), 'utf-8')
     assert.equal(schedulerSrc.includes('processDueWatchJobs'), true)
     assert.equal(daemonSrc.includes('recoverStaleDelegationJobs'), true)
   })

package/src/lib/server/session-tools/context.ts

@@ -190,7 +190,7 @@ export function findBinaryOnPath(binaryName: string): string | null {
   const { spawnSync } = require('child_process')
   const probe = isWindows
     ? spawnSync('where', [binaryName], { encoding: 'utf-8', timeout: 2000, stdio: 'pipe' })
-    : spawnSync('/bin/zsh', ['-lc', `command -v ${binaryName} 2>/dev/null`], { encoding: 'utf-8', timeout: 2000 })
+    : spawnSync(process.env.SHELL || '/bin/bash', ['-lc', `command -v ${binaryName} 2>/dev/null`], { encoding: 'utf-8', timeout: 2000 })
   const resolved = (probe.stdout || '').trim() || null
   binaryLookupCache.set(binaryName, { checkedAt: now, path: resolved })
   return resolved

package/src/lib/server/session-tools/credential-env.ts

@@ -0,0 +1,109 @@
+/**
+ * Credential injection and secret redaction for agent code execution.
+ *
+ * Resolves an agent's configured credentials from the credential store,
+ * returns them as env vars for injection, and provides a redaction function
+ * to scrub secrets from execution output.
+ */
+
+import { loadCredentials, decryptKey } from '../storage'
+import { log } from '../logger'
+import type { Credential } from '@/types'
+
+const TAG = 'credential-env'
+
+export interface CredentialEnv {
+  /** Environment variables to inject (name → decrypted value) */
+  env: Record<string, string>
+  /** Raw secret values for redaction */
+  secrets: string[]
+}
+
+/**
+ * Build credential environment variables for an agent execution.
+ *
+ * Each credential ID in the list is resolved from the credential store,
+ * decrypted, and mapped to an env var name derived from the credential's
+ * provider and name fields.
+ *
+ * Env var naming: `<PROVIDER>_API_KEY` for the primary key, or
+ * `<PROVIDER>_<NAME>` if a name is explicitly set. All uppercased,
+ * non-alphanumeric chars replaced with underscores.
+ */
+export function buildCredentialEnv(credentialIds: string[]): CredentialEnv {
+  if (!credentialIds.length) return { env: {}, secrets: [] }
+
+  const env: Record<string, string> = {}
+  const secrets: string[] = []
+
+  const allCredentials = loadCredentials() as Record<string, Credential & { encrypted?: string }>
+
+  for (const credId of credentialIds) {
+    const cred = allCredentials[credId]
+    if (!cred) {
+      log.warn(TAG, `Credential not found: ${credId}`)
+      continue
+    }
+
+    // Decrypt the stored key
+    const encrypted = cred.encrypted
+    if (!encrypted || typeof encrypted !== 'string') {
+      log.warn(TAG, `Credential has no encrypted value: ${credId}`)
+      continue
+    }
+
+    let value: string
+    try {
+      value = decryptKey(encrypted)
+    } catch (err: unknown) {
+      log.warn(TAG, `Failed to decrypt credential ${credId}`, { error: String(err) })
+      continue
+    }
+
+    // Derive env var name
+    const envVarName = deriveEnvVarName(cred.provider, cred.name)
+    env[envVarName] = value
+    secrets.push(value)
+  }
+
+  return { env, secrets }
+}
+
+/**
+ * Derive an environment variable name from provider and credential name.
+ * e.g., provider="openai", name="default" → "OPENAI_API_KEY"
+ * e.g., provider="custom", name="my-service-token" → "CUSTOM_MY_SERVICE_TOKEN"
+ */
+function deriveEnvVarName(provider: string, name: string): string {
+  const sanitize = (s: string) => s.toUpperCase().replace(/[^A-Z0-9]+/g, '_').replace(/^_|_$/g, '')
+
+  const providerKey = sanitize(provider)
+  const nameKey = sanitize(name)
+
+  // If name is generic (default, primary, key, api-key, etc.), use PROVIDER_API_KEY
+  const genericNames = new Set(['DEFAULT', 'PRIMARY', 'KEY', 'API_KEY', 'APIKEY', ''])
+  if (genericNames.has(nameKey)) {
+    return `${providerKey}_API_KEY`
+  }
+
+  return `${providerKey}_${nameKey}`
+}
+
+/**
+ * Redact secret values from execution output.
+ *
+ * Scans the text for any injected secret values and replaces them
+ * with [REDACTED]. Only redacts secrets longer than 4 characters
+ * to avoid false positives on short strings.
+ */
+export function redactSecrets(text: string, secrets: string[]): string {
+  if (!secrets.length || !text) return text
+
+  let result = text
+  for (const secret of secrets) {
+    if (secret.length > 4) {
+      result = result.replaceAll(secret, '[REDACTED]')
+    }
+  }
+  return result
+}

package/src/lib/server/session-tools/crud.ts

@@ -48,7 +48,7 @@ import {
 import type { ToolBuildContext } from './context'
 import { normalizeToolInputArgs } from './normalize-tool-args'
 import type { BoardTask } from '@/types'
-import { dedup } from '@/lib/shared-utils'
+import { dedup, errorMessage } from '@/lib/shared-utils'
 import { isDirectConnectorSession } from '../connectors/session-kind'
 import { buildManageSkillsDescription, executeManageSkillsAction } from './skills'
 import { isMainSession } from '@/lib/server/agents/main-agent-loop'
@@ -1149,8 +1149,8 @@ export function buildCrudTools(bctx: ToolBuildContext): StructuredToolInterface[
               return JSON.stringify({ ok: true, taskId: id, claimedByAgentId: ctx?.agentId })
             }
             return `Unknown action "${action}". Valid: list, get, create, update, delete, claim_task`
-          } catch (err: any) {
-            return `Error: ${err.message}`
+          } catch (err: unknown) {
+            return `Error: ${errorMessage(err)}`
           }
         },
         {

package/src/lib/server/session-tools/edit_file.ts

@@ -1,3 +1,4 @@
+import { errorMessage } from '@/lib/shared-utils'
 import { z } from 'zod'
 import { tool, type StructuredToolInterface } from '@langchain/core/tools'
 import fs from 'fs'
@@ -32,8 +33,8 @@ async function executeEditFile(args: { filePath: string; oldString: string; newS
     const updated = content.replace(oldString, newString)
     fs.writeFileSync(resolved, updated, 'utf-8')
     return `Successfully updated ${filePath} (1 replacement made).`
-  } catch (err: any) {
-    return `Error: ${err.message}`
+  } catch (err: unknown) {
+    return `Error: ${errorMessage(err)}`
   }
 }