@swarmclawai/swarmclaw 1.2.8 → 1.2.9

package/README.md

@@ -100,13 +100,13 @@ A squad of agents mirroring a real engineering team — planning, building, revi
 
 | Role | Agent | Tools |
 |------|-------|-------|
-| **Lead** | Architect | Delegation, tasks, schedules, missions |
+| **Lead** | Architect | Delegation, tasks, schedules, structured sessions |
 | **Dev** | Builder | Shell, files, Claude Code / Codex / OpenCode |
 | **QA** | Tester | Shell, browser, files, web search |
 | **Designer** | Creative | Image generation, browser, web search, files |
 | **Reviewer** | Critic | Files, web search, memory |
 
-- The Lead creates missions and breaks them into tasks on the board
+- The Lead breaks work into tasks on the board and uses structured sessions for bounded runs
 - Dev agents pick up tasks and delegate to Claude Code, Codex, or OpenCode for implementation
 - QA runs tests, takes screenshots, and files bugs back on the task board
 - The Reviewer audits PRs and flags regressions
@@ -188,8 +188,30 @@ These aren't exclusive templates — they're patterns you combine. A virtual com
 
 The building blocks are the same: **agents, tools, memory, delegation, schedules, connectors, and skills**. SwarmClaw just gives you the control plane to wire them together.
 
+## SwarmDock Marketplace
+
+SwarmClaw agents can register on [SwarmDock](https://swarmdock.ai) — a peer-to-peer marketplace where autonomous AI agents discover tasks, bid competitively, complete work, and earn USDC payments on Base L2. SwarmDock is the marketplace; SwarmClaw is the control plane.
+
+- **Register** your agents on SwarmDock with their Ed25519 identity and skill set
+- **Discover** paid tasks matching your agents' capabilities via polling or real-time SSE
+- **Bid** autonomously within configured budget and confidence thresholds
+- **Earn** USDC on Base L2 with 7% platform fee, sub-2-second settlement
+- **Track** assignments, payouts, and task history from the SwarmClaw task board and connectors UI
+
+Read the full setup guide in [`SWARMDOCK.md`](./SWARMDOCK.md), browse the public docs at [swarmclaw.ai/docs/swarmdock](https://swarmclaw.ai/docs/swarmdock), and visit [swarmdock.ai](https://swarmdock.ai) for the marketplace itself.
+
+---
+
 ## Release Notes
 
+### v1.2.9 Highlights
+
+- **SwarmDock marketplace connector**: SwarmClaw agents can now register on SwarmDock, auto-bid on matching work, receive assignments as board tasks, and submit results back through the connector runtime.
+- **Secure SwarmDock credentials**: Ed25519 identity keys now live in encrypted credentials instead of connector config, legacy plaintext keys auto-migrate on load, connector API responses redact secrets, and failed result submissions now surface properly for retry/recovery.
+- **Portable config transfer**: new portability import/export flows move agents, skills, and schedules between installs, with manifest validation that rejects malformed imports cleanly instead of crashing.
+- **Wallet surface simplification**: wallets are now lightweight Base-linked agent records with stricter validation for missing agents and invalid addresses, replacing the older action-heavy wallet route surface.
+- **UI surface cleanup**: the app now centers work around tasks, structured sessions, autonomy, connectors, and projects, with the old Missions, Canvas, and legacy wallet action screens removed from the shipped interface.
+
 ### v1.2.8 Highlights
 
 - **Linux/WSL compatibility**: subprocess spawning now uses `$SHELL` instead of hardcoded `/bin/zsh`, fixing `ENOENT` errors on Linux and WSL systems.
@@ -345,12 +367,12 @@ Then open `http://localhost:3456`.
 
 - **Providers**: OpenClaw, OpenAI, Anthropic, Ollama, Google, DeepSeek, Groq, Together, Mistral, xAI, Fireworks, Nebius, DeepInfra, plus compatible custom endpoints.
 - **Delegation**: built-in delegation to Claude Code, Codex CLI, OpenCode CLI, Gemini CLI, and native SwarmClaw subagents.
-- **Autonomy**: heartbeat loops, schedules, background jobs, task execution, supervisor recovery, mission control, and agent wakeups.
-- **Orchestration**: durable structured execution with branching, repeat loops, parallel branches, explicit joins, restart-safe run state, and contextual launch from chats, chatrooms, tasks, missions, schedules, and API flows.
+- **Autonomy**: heartbeat loops, schedules, background jobs, task execution, supervisor recovery, and agent wakeups.
+- **Orchestration**: durable structured execution with branching, repeat loops, parallel branches, explicit joins, restart-safe run state, and contextual launch from chats, chatrooms, tasks, schedules, and API flows.
 - **Structured Sessions**: reusable bounded runs with templates, facilitators, participants, hidden live rooms, chatroom `/breakout`, durable transcripts, outputs, and operator controls.
 - **Memory**: hybrid recall, graph traversal, journaling, durable documents, project-scoped context, automatic reflection memory, communication preferences, profile and boundary memory, significant events, and open follow-up loops.
-- **Wallets**: balances, transfers, signatures, EVM call/quote/swap flows, and approval-gated execution.
-- **Connectors**: Discord, Slack, Telegram, WhatsApp, Teams, Matrix, OpenClaw, and more.
+- **Wallets**: linked Base wallet generation, address management, approval-oriented limits, and agent payout identity.
+- **Connectors**: Discord, Slack, Telegram, WhatsApp, Teams, Matrix, OpenClaw, SwarmDock, and more.
 - **Extensions**: external tool extensions, UI modules, hooks, and install/update flows.
 
 ## Requirements
@@ -373,5 +395,7 @@ Then open `http://localhost:3456`.
 - OpenClaw setup: https://swarmclaw.ai/docs/openclaw-setup
 - Agents: https://swarmclaw.ai/docs/agents
 - Connectors: https://swarmclaw.ai/docs/connectors
+- SwarmDock: https://swarmclaw.ai/docs/swarmdock
+- SwarmDock marketplace: https://swarmdock.ai
 - Extensions: https://swarmclaw.ai/docs/extensions
 - CLI reference: https://swarmclaw.ai/docs/cli

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.2.8",
+  "version": "1.2.9",
   "description": "Self-hosted AI runtime for OpenClaw, delegation, autonomy, runtime skills, crypto wallets, and chat platform connectors.",
   "license": "MIT",
   "publishConfig": {
@@ -87,7 +87,7 @@
     "@multiavatar/multiavatar": "^1.0.7",
     "@playwright/mcp": "^0.0.68",
     "@slack/bolt": "^4.6.0",
-    "@solana/web3.js": "^1.98.4",
+    "@swarmdock/sdk": "^0.1.0",
     "@tailwindcss/postcss": "^4",
     "@tanstack/react-query": "^5.91.0",
     "@types/better-sqlite3": "^7.6.13",

package/src/app/agents/[id]/page.tsx

@@ -1,19 +1,13 @@
 'use client'
 
-import { useEffect, useState } from 'react'
+import { useEffect } from 'react'
 import { useParams } from 'next/navigation'
 import { useAppStore } from '@/stores/use-app-store'
-import { selectActiveSessionId } from '@/stores/slices/session-slice'
 import { ChatArea } from '@/components/chat/chat-area'
-import { CanvasPanel } from '@/components/canvas/canvas-panel'
 
 export default function AgentChatPage() {
   const { id } = useParams<{ id: string }>()
   const setCurrentAgent = useAppStore((s) => s.setCurrentAgent)
-  const activeSessionId = useAppStore(selectActiveSessionId)
-  const sessions = useAppStore((s) => s.sessions)
-  const agents = useAppStore((s) => s.agents)
-  const [canvasDismissedFor, setCanvasDismissedFor] = useState<string | null>(null)
 
   // Sync URL param to store
   useEffect(() => {
@@ -22,22 +16,11 @@ export default function AgentChatPage() {
     }
   }, [id, setCurrentAgent])
 
-  const currentSession = activeSessionId ? sessions[activeSessionId] : null
-  const hasCanvas = !!(currentSession?.canvasContent && canvasDismissedFor !== activeSessionId)
-  const canvasAgentName = currentSession?.agentId && agents[currentSession.agentId] ? agents[currentSession.agentId].name : undefined
-
   return (
     <div className="flex-1 flex h-full min-h-0 min-w-0">
       <div className="flex-1 min-h-0 min-w-0 overflow-hidden">
         <ChatArea key={id} />
       </div>
-      {hasCanvas && activeSessionId && (
-        <CanvasPanel
-          sessionId={activeSessionId}
-          agentName={canvasAgentName}
-          onClose={() => activeSessionId && setCanvasDismissedFor(activeSessionId)}
-        />
-      )}
     </div>
   )
 }

package/src/app/api/agents/thread-route.test.ts

@@ -116,7 +116,6 @@ test('POST /api/agents/[id]/thread reuses an existing thread for a disabled agen
     file: null,
     queuedCount: 0,
     currentRunId: null,
-    canvasContent: null,
   }
   saveSessions(sessions)
 

package/src/app/api/approvals/route.test.ts

@@ -46,11 +46,6 @@ test('GET and POST /api/approvals handle human-loop approvals only', () => {
       title: 'Approve deploy',
       data: { question: 'Deploy now?' },
     })
-    approvals.requestApproval({
-      category: 'wallet_action',
-      title: 'Legacy wallet approval',
-      data: { action: 'sign_message' },
-    })
 
     const pendingBefore = await route.GET()
     const pendingBeforeJson = await pendingBefore.json()
@@ -84,43 +79,32 @@ test('GET and POST /api/approvals handle human-loop approvals only', () => {
   assert.equal(output.storedStatus, 'approved')
 })
 
-test('POST /api/approvals rejects invalid and non-human-loop approvals', () => {
+test('POST /api/approvals rejects invalid payloads', () => {
   const output = runWithTempDataDir(`
     const approvalsMod = await import('./src/lib/server/approvals')
     const routeMod = await import('./src/app/api/approvals/route')
     const approvals = approvalsMod.default || approvalsMod
     const route = routeMod.default || routeMod
 
-    const walletApproval = approvals.requestApproval({
-      category: 'wallet_action',
-      title: 'Legacy wallet approval',
-      data: { action: 'sign_message' },
+    const humanApproval = approvals.requestApproval({
+      category: 'human_loop',
+      title: 'Test approval',
+      data: { question: 'Proceed?' },
     })
 
     const invalidResponse = await route.POST(new Request('http://local/api/approvals', {
       method: 'POST',
       headers: { 'content-type': 'application/json' },
-      body: JSON.stringify({ id: walletApproval.id }),
+      body: JSON.stringify({ id: humanApproval.id }),
     }))
     const invalidPayload = await invalidResponse.json()
 
-    const wrongCategory = await route.POST(new Request('http://local/api/approvals', {
-      method: 'POST',
-      headers: { 'content-type': 'application/json' },
-      body: JSON.stringify({ id: walletApproval.id, approved: true }),
-    }))
-    const wrongCategoryPayload = await wrongCategory.json()
-
     console.log(JSON.stringify({
       invalidStatus: invalidResponse.status,
       invalidError: invalidPayload?.error || null,
-      wrongCategoryStatus: wrongCategory.status,
-      wrongCategoryError: wrongCategoryPayload?.error || null,
     }))
   `)
 
   assert.equal(output.invalidStatus, 400)
   assert.match(String(output.invalidError || ''), /id and approved required/i)
-  assert.equal(output.wrongCategoryStatus, 400)
-  assert.match(String(output.wrongCategoryError || ''), /human-loop/i)
 })

package/src/app/api/connectors/route.ts

@@ -6,10 +6,10 @@ import { z } from 'zod'
 import {
   autoStartConnectorIfNeeded,
   createConnector,
+  getConnectorWithRuntime,
   listConnectorsWithRuntime,
 } from '@/lib/server/connectors/connector-service'
 import { ensureDaemonProcessRunning } from '@/lib/server/daemon/controller'
-import { loadConnector } from '@/lib/server/connectors/connector-repository'
 export const dynamic = 'force-dynamic'
 
 export async function GET() {
@@ -29,5 +29,5 @@ export async function POST(req: Request) {
   }
   const connector = createConnector(parsed.data as unknown as Record<string, unknown>)
   await autoStartConnectorIfNeeded(connector, parsed.data as unknown as Record<string, unknown>)
-  return NextResponse.json(loadConnector(connector.id) || connector)
+  return NextResponse.json(await getConnectorWithRuntime(connector.id) || connector)
 }

package/src/app/api/portability/export/route.ts

@@ -0,0 +1,8 @@
+import { NextResponse } from 'next/server'
+import { exportConfig } from '@/lib/server/portability/export'
+export const dynamic = 'force-dynamic'
+
+export async function GET() {
+  const manifest = exportConfig()
+  return NextResponse.json(manifest)
+}

package/src/app/api/portability/import/route.test.ts

@@ -0,0 +1,80 @@
+import assert from 'node:assert/strict'
+import fs from 'node:fs'
+import os from 'node:os'
+import path from 'node:path'
+import { spawnSync } from 'node:child_process'
+import test from 'node:test'
+
+const repoRoot = path.resolve(path.dirname(new URL(import.meta.url).pathname), '../../../../..')
+
+function runWithTempDataDir(script: string) {
+  const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-portability-import-'))
+  try {
+    const result = spawnSync(process.execPath, ['--import', 'tsx', '--input-type=module', '--eval', script], {
+      cwd: repoRoot,
+      env: {
+        ...process.env,
+        DATA_DIR: path.join(tempDir, 'data'),
+        WORKSPACE_DIR: path.join(tempDir, 'workspace'),
+      },
+      encoding: 'utf-8',
+    })
+    assert.equal(result.status, 0, result.stderr || result.stdout || 'subprocess failed')
+    const lines = (result.stdout || '')
+      .trim()
+      .split('\n')
+      .map((line) => line.trim())
+      .filter(Boolean)
+    const jsonLine = [...lines].reverse().find((line) => line.startsWith('{'))
+    return JSON.parse(jsonLine || '{}')
+  } finally {
+    fs.rmSync(tempDir, { recursive: true, force: true })
+  }
+}
+
+test('POST /api/portability/import validates manifest arrays before importing', () => {
+  const output = runWithTempDataDir(`
+    const routeMod = await import('./src/app/api/portability/import/route')
+    const route = routeMod.default || routeMod
+
+    const invalidResponse = await route.POST(new Request('http://local/api/portability/import', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ formatVersion: 1, agents: [] }),
+    }))
+    const invalidPayload = await invalidResponse.json()
+
+    const validResponse = await route.POST(new Request('http://local/api/portability/import', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({
+        formatVersion: 1,
+        exportedAt: '2026-03-29T00:00:00.000Z',
+        agents: [],
+        skills: [],
+        schedules: [],
+      }),
+    }))
+    const validPayload = await validResponse.json()
+
+    console.log(JSON.stringify({
+      invalidStatus: invalidResponse.status,
+      invalidError: invalidPayload?.error || null,
+      invalidPaths: Array.isArray(invalidPayload?.issues)
+        ? invalidPayload.issues.map((issue) => issue.path).sort()
+        : [],
+      validStatus: validResponse.status,
+      validAgentsCreated: validPayload?.agents?.created ?? null,
+      validSkillsCreated: validPayload?.skills?.created ?? null,
+      validSchedulesCreated: validPayload?.schedules?.created ?? null,
+    }))
+  `)
+
+  assert.equal(output.invalidStatus, 400)
+  assert.equal(output.invalidError, 'Validation failed')
+  assert.deepEqual(output.invalidPaths, ['schedules', 'skills'])
+  assert.equal(output.validStatus, 200)
+  assert.equal(output.validAgentsCreated, 0)
+  assert.equal(output.validSkillsCreated, 0)
+  assert.equal(output.validSchedulesCreated, 0)
+})

package/src/app/api/portability/import/route.ts

@@ -0,0 +1,28 @@
+import { NextResponse } from 'next/server'
+import { safeParseBody } from '@/lib/server/safe-parse-body'
+import { importConfig } from '@/lib/server/portability/import'
+import type { PortableManifest } from '@/lib/server/portability/export'
+import { PortableManifestSchema, formatZodError } from '@/lib/validation/schemas'
+import { z } from 'zod'
+export const dynamic = 'force-dynamic'
+
+export async function POST(req: Request) {
+  const { data: raw, error } = await safeParseBody(req)
+  if (error) return error
+
+  const parsed = PortableManifestSchema.safeParse(raw)
+  if (!parsed.success) {
+    return NextResponse.json(formatZodError(parsed.error as z.ZodError), { status: 400 })
+  }
+
+  try {
+    const result = importConfig(parsed.data as PortableManifest)
+    return NextResponse.json(result)
+  } catch (err) {
+    const message = err instanceof Error ? err.message : 'Failed to import manifest'
+    if (/^Unsupported format version /i.test(message)) {
+      return NextResponse.json({ error: message }, { status: 400 })
+    }
+    return NextResponse.json({ error: message }, { status: 500 })
+  }
+}

package/src/app/api/settings/route.ts

@@ -141,11 +141,9 @@ export async function PUT(req: Request) {
   settings.taskQualityGateRequireReport = parseBoolSetting(settings.taskQualityGateRequireReport, false)
   settings.taskManagementEnabled = parseBoolSetting(settings.taskManagementEnabled, true)
   settings.projectManagementEnabled = parseBoolSetting(settings.projectManagementEnabled, true)
-  settings.walletApprovalsEnabled = parseBoolSetting(settings.walletApprovalsEnabled, true)
   settings.integrityMonitorEnabled = parseBoolSetting(settings.integrityMonitorEnabled, true)
   settings.daemonAutostartEnabled = parseBoolSetting(settings.daemonAutostartEnabled, true)
   settings.autonomyResumeApprovalsEnabled = parseBoolSetting(settings.autonomyResumeApprovalsEnabled, false)
-  settings.missionHumanLoopEnabled = parseBoolSetting(settings.missionHumanLoopEnabled, false)
   settings.untrustedContentGuardMode = parseGuardMode(settings.untrustedContentGuardMode)
   settings.sessionResetMode = settings.sessionResetMode === 'daily' ? 'daily' : settings.sessionResetMode === 'idle' ? 'idle' : null
   settings.whatsappApprovedContacts = normalizeWhatsAppApprovedContacts(settings.whatsappApprovedContacts)

package/src/app/api/wallets/[id]/route.ts

@@ -1,174 +1,32 @@
 import { NextResponse } from 'next/server'
 import { safeParseBody } from '@/lib/server/safe-parse-body'
-import { loadWallets, upsertWallet, deleteWallet as deleteWalletFromStore, loadAgent, loadAgents, upsertAgent } from '@/lib/server/storage'
-import { notify } from '@/lib/server/ws-hub'
-import { getWalletLimitAtomic, normalizeAtomicString } from '@/lib/wallet/wallet'
-import type { AgentWallet, WalletAssetBalance, WalletPortfolioSummary } from '@/types'
-import { buildEmptyWalletPortfolio, getCachedWalletPortfolio } from '@/lib/server/wallet/wallet-portfolio'
-import {
-  getAgentActiveWalletId,
-  getWalletPortfolioSnapshot,
-  linkWalletToAgent,
-  setAgentActiveWallet,
-  stripWalletPrivateKey,
-  unlinkWalletFromAgent,
-} from '@/lib/server/wallet/wallet-service'
+import { getWalletSafe, removeWallet, updateWallet } from '@/lib/server/wallets/wallet-service'
 export const dynamic = 'force-dynamic'
-const WALLET_DETAIL_PORTFOLIO_TIMEOUT_MS = 2500
 
-function withPortfolio(
-  wallet: AgentWallet,
-  portfolio: {
-    balanceAtomic: string
-    balanceFormatted: string
-    balanceSymbol: string
-    balanceDisplay: string
-    balanceLamports?: number
-    balanceSol?: number
-    assets: WalletAssetBalance[]
-    summary: WalletPortfolioSummary
-  },
-  isActive: boolean,
-) {
-  return {
-    ...stripWalletPrivateKey(wallet as unknown as Record<string, unknown>),
-    balanceAtomic: portfolio.balanceAtomic,
-    balanceFormatted: portfolio.balanceFormatted,
-    balanceSymbol: portfolio.balanceSymbol,
-    balanceDisplay: portfolio.balanceDisplay,
-    balanceLamports: portfolio.balanceLamports,
-    balanceSol: portfolio.balanceSol,
-    assets: portfolio.assets,
-    portfolioSummary: portfolio.summary,
-    isActive,
-  }
-}
-
-export async function GET(req: Request, { params }: { params: Promise<{ id: string }> }) {
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const wallets = loadWallets() as Record<string, AgentWallet>
-  const wallet = wallets[id]
+  const wallet = getWalletSafe(id)
   if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
-
-  const url = new URL(req.url)
-  const cachedOnly = url.searchParams.get('cached') === '1'
-  const agents = loadAgents()
-  const isActive = getAgentActiveWalletId(agents[wallet.agentId]) === wallet.id
-
-  if (cachedOnly) {
-    const cached = getCachedWalletPortfolio(wallet)
-    if (!cached) {
-      return NextResponse.json({
-        ...stripWalletPrivateKey(wallet as unknown as Record<string, unknown>),
-        isActive,
-      })
-    }
-    return NextResponse.json(withPortfolio(wallet, cached, isActive))
-  }
-
-  let portfolio = buildEmptyWalletPortfolio(wallet)
-  try {
-    portfolio = await getWalletPortfolioSnapshot(wallet, {
-      timeoutMs: WALLET_DETAIL_PORTFOLIO_TIMEOUT_MS,
-      allowStale: true,
-    })
-  } catch {
-    // RPC failure — return 0
-  }
-
-  return NextResponse.json(withPortfolio(wallet, portfolio, isActive))
+  return NextResponse.json(wallet)
 }
 
 export async function PATCH(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const wallets = loadWallets() as Record<string, AgentWallet>
-  const wallet = wallets[id]
-  if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
-
   const { data: body, error } = await safeParseBody(req)
   if (error) return error
-  const shouldMakeActive = body.makeActive === true
-
-  // Reassign wallet to a different agent
-  if (typeof body.agentId === 'string' && body.agentId !== wallet.agentId) {
-    const newAgent = loadAgent(body.agentId)
-    if (!newAgent) return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
-
-    // Only one wallet per chain per agent.
-    const allWallets = loadWallets() as Record<string, AgentWallet>
-    const conflict = Object.values(allWallets).find((w) => w.agentId === body.agentId && w.id !== id && w.chain === wallet.chain)
-    if (conflict) return NextResponse.json({ error: `Target agent already has a ${wallet.chain} wallet` }, { status: 409 })
-
-    const oldAgent = loadAgent(wallet.agentId)
-    if (oldAgent) {
-      unlinkWalletFromAgent(oldAgent as any, id)
-      oldAgent.updatedAt = Date.now()
-      upsertAgent(wallet.agentId, oldAgent)
-    }
-
-    linkWalletToAgent(newAgent as any, id, shouldMakeActive || getAgentActiveWalletId(newAgent as any) == null)
-    newAgent.updatedAt = Date.now()
-    upsertAgent(body.agentId, newAgent)
-    notify('agents')
-
-    wallet.agentId = body.agentId
-  } else if (shouldMakeActive) {
-    const agent = loadAgent(wallet.agentId)
-    if (agent) {
-      setAgentActiveWallet(agent as any, id)
-      agent.updatedAt = Date.now()
-      upsertAgent(wallet.agentId, agent)
-      notify('agents')
-    }
-  }
-
-  if (body.label !== undefined) wallet.label = body.label as string | undefined
-  if (body.spendingLimitAtomic !== undefined || body.spendingLimitLamports !== undefined) {
-    wallet.spendingLimitAtomic = normalizeAtomicString(body.spendingLimitAtomic ?? body.spendingLimitLamports, getWalletLimitAtomic(wallet, 'perTx'))
-  }
-  if (body.dailyLimitAtomic !== undefined || body.dailyLimitLamports !== undefined) {
-    wallet.dailyLimitAtomic = normalizeAtomicString(body.dailyLimitAtomic ?? body.dailyLimitLamports, getWalletLimitAtomic(wallet, 'daily'))
-  }
-  if (typeof body.requireApproval === 'boolean') wallet.requireApproval = body.requireApproval
-  wallet.updatedAt = Date.now()
-
-  upsertWallet(id, wallet)
-  notify('wallets')
-
-  return NextResponse.json(stripWalletPrivateKey(wallet as unknown as Record<string, unknown>))
+  const patch: Record<string, unknown> = {}
+  if (typeof body.label === 'string') patch.label = body.label
+  if (typeof body.spendingLimitUsdc === 'string' || body.spendingLimitUsdc === null) patch.spendingLimitUsdc = body.spendingLimitUsdc
+  if (typeof body.dailyLimitUsdc === 'string' || body.dailyLimitUsdc === null) patch.dailyLimitUsdc = body.dailyLimitUsdc
+  if (typeof body.requireApproval === 'boolean') patch.requireApproval = body.requireApproval
+  const updated = updateWallet(id, patch)
+  if (!updated) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+  return NextResponse.json(updated)
 }
 
 export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const wallets = loadWallets() as Record<string, AgentWallet>
-  const wallet = wallets[id]
-  if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
-
-  // Check if balance > 0 and warn
-  let portfolio = buildEmptyWalletPortfolio(wallet)
-  try {
-    portfolio = await getWalletPortfolioSnapshot(wallet, {
-      timeoutMs: WALLET_DETAIL_PORTFOLIO_TIMEOUT_MS,
-      allowStale: true,
-    })
-  } catch { /* ignore */ }
-
-  // Unlink from agent
-  const agent = loadAgent(wallet.agentId)
-  if (agent) {
-    unlinkWalletFromAgent(agent as any, id)
-    agent.updatedAt = Date.now()
-    upsertAgent(wallet.agentId, agent)
-    notify('agents')
-  }
-
-  deleteWalletFromStore(id)
-  notify('wallets')
-
-  return NextResponse.json({
-    ok: true,
-    warning: portfolio.summary.nonZeroAssets > 0
-      ? `Wallet still had ${portfolio.summary.nonZeroAssets} asset${portfolio.summary.nonZeroAssets === 1 ? '' : 's'} remaining, including ${portfolio.balanceDisplay}`
-      : undefined,
-  })
+  const deleted = removeWallet(id)
+  if (!deleted) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
+  return NextResponse.json({ ok: true })
 }

package/src/app/api/wallets/generate/route.ts

@@ -0,0 +1,22 @@
+import { NextResponse } from 'next/server'
+import { safeParseBody } from '@/lib/server/safe-parse-body'
+import { generateWallet, WalletServiceError } from '@/lib/server/wallets/wallet-service'
+export const dynamic = 'force-dynamic'
+
+export async function POST(req: Request) {
+  const { data: body, error } = await safeParseBody(req)
+  if (error) return error
+  try {
+    const wallet = await generateWallet({
+      agentId: typeof body.agentId === 'string' ? body.agentId : '',
+      label: typeof body.label === 'string' ? body.label : undefined,
+    })
+    return NextResponse.json(wallet, { status: 201 })
+  } catch (err) {
+    if (err instanceof WalletServiceError) {
+      return NextResponse.json({ error: err.message }, { status: err.status })
+    }
+    const message = err instanceof Error ? err.message : 'Failed to generate wallet'
+    return NextResponse.json({ error: message }, { status: 500 })
+  }
+}