@swarmclawai/swarmclaw 1.2.8 → 1.3.0

package/src/lib/server/connectors/connector-lifecycle.ts

@@ -19,6 +19,7 @@ import {
   setReconnectState,
 } from './reconnect-state'
 import { connectorRuntimeState, runningConnectors } from './runtime-state'
+import { ensureSwarmdockConnectorCredential } from './swarmdock-secret'
 
 const TAG = 'connector-lifecycle'
 
@@ -70,6 +71,7 @@ export async function getPlatform(platform: string) {
     case 'googlechat': return (await import('./googlechat')).default
     case 'matrix':    return (await import('./matrix')).default
     case 'email':     return (await import('./email')).default
+    case 'swarmdock': return (await import('./swarmdock')).default
   }
 
   // 2. Check Extension-provided connectors
@@ -134,8 +136,9 @@ async function _startConnectorImpl(connectorId: string): Promise<void> {
   }
 
   const connectors = loadConnectors()
-  const connector = connectors[connectorId] as Connector | undefined
-  if (!connector) throw new Error('Connector not found')
+  const storedConnector = connectors[connectorId] as Connector | undefined
+  if (!storedConnector) throw new Error('Connector not found')
+  let connector: Connector = storedConnector
 
   // Starting a connector expresses durable intent: keep it enabled across
   // transient failures so daemon recovery and server restarts can retry it.
@@ -148,6 +151,16 @@ async function _startConnectorImpl(connectorId: string): Promise<void> {
   }
 
   try {
+    let swarmdockFallbackPrivateKey: string | null = null
+    if (connector.platform === 'swarmdock') {
+      const prepared = ensureSwarmdockConnectorCredential(connector, {
+        allowMigrationFailureFallback: true,
+      })
+      connector = prepared.connector
+      connectors[connectorId] = connector
+      swarmdockFallbackPrivateKey = prepared.fallbackPrivateKey
+    }
+
     // Resolve bot token from credential
     let botToken = ''
     if (connector.credentialId) {
@@ -164,8 +177,11 @@ async function _startConnectorImpl(connectorId: string): Promise<void> {
     if (!botToken && connector.platform === 'bluebubbles' && connector.config.password) {
       botToken = connector.config.password
     }
+    if (!botToken && swarmdockFallbackPrivateKey) {
+      botToken = swarmdockFallbackPrivateKey
+    }
 
-    if (!botToken && connector.platform !== 'whatsapp' && connector.platform !== 'openclaw' && connector.platform !== 'signal' && connector.platform !== 'email') {
+    if (!botToken && connector.platform !== 'whatsapp' && connector.platform !== 'openclaw' && connector.platform !== 'signal' && connector.platform !== 'email' && connector.platform !== 'swarmdock') {
       throw new Error('No bot token configured')
     }
 

package/src/lib/server/connectors/connector-service.ts

@@ -43,6 +43,11 @@ import type {
 } from '@/types'
 import type { ServiceResult } from '@/lib/server/service-result'
 import type { DaemonConnectorRuntimeState } from '@/lib/server/daemon/types'
+import {
+  ensureSwarmdockConnectorCredential,
+  prepareSwarmdockConnectorInput,
+  redactConnectorSecrets,
+} from './swarmdock-secret'
 
 function cloneConnector<T extends Connector>(connector: T): T {
   return {
@@ -124,35 +129,52 @@ function requireSenderId(body: Record<string, unknown>): string {
 export async function listConnectorsWithRuntime(): Promise<Record<string, Connector>> {
   await ensureDaemonProcessRunning('api/connectors:get')
   const connectors = Object.fromEntries(
-    Object.entries(loadConnectors()).map(([id, connector]) => [id, cloneConnector(connector)]),
+    Object.entries(loadConnectors()).map(([id, connector]) => {
+      const prepared = ensureSwarmdockConnectorCredential(connector, {
+        allowMigrationFailureFallback: true,
+      })
+      return [id, cloneConnector(prepared.connector)]
+    }),
   ) as Record<string, Connector>
   const runtimeByConnector = await listDaemonConnectorRuntime()
   for (const connector of Object.values(connectors)) {
     applyRuntimeFields(connector, runtimeByConnector[connector.id] || null)
   }
-  return connectors
+  return Object.fromEntries(
+    Object.entries(connectors).map(([id, connector]) => [id, redactConnectorSecrets(connector)]),
+  )
 }
 
 export async function getConnectorWithRuntime(id: string): Promise<Connector | null> {
   await ensureDaemonProcessRunning('api/connectors/[id]:get')
   const connector = loadConnector(id)
   if (!connector) return null
-  const current = cloneConnector(connector)
-  return applyRuntimeFields(current, await getDaemonConnectorRuntime(id))
+  const prepared = ensureSwarmdockConnectorCredential(connector, {
+    allowMigrationFailureFallback: true,
+  })
+  const current = cloneConnector(prepared.connector)
+  return redactConnectorSecrets(applyRuntimeFields(current, await getDaemonConnectorRuntime(id)))
 }
 
 export function createConnector(body: Record<string, unknown>): Connector {
   const id = genId()
+  const rawConfig = body.config && typeof body.config === 'object' && !Array.isArray(body.config)
+    ? body.config as Record<string, string>
+    : {}
+  const prepared = prepareSwarmdockConnectorInput({
+    platform: body.platform as Connector['platform'],
+    name: (body.name as string) || `${String(body.platform || '')} Connector`,
+    credentialId: (body.credentialId as string | null | undefined) || null,
+    config: rawConfig,
+  })
   const connector: Connector = {
     id,
     name: (body.name as string) || `${String(body.platform || '')} Connector`,
     platform: body.platform as Connector['platform'],
     agentId: (body.agentId as string | null | undefined) || null,
     chatroomId: (body.chatroomId as string | null | undefined) || null,
-    credentialId: (body.credentialId as string | null | undefined) || null,
-    config: body.config && typeof body.config === 'object' && !Array.isArray(body.config)
-      ? body.config as Record<string, string>
-      : {},
+    credentialId: prepared.credentialId,
+    config: prepared.config,
     isEnabled: false,
     status: 'stopped',
     lastError: null,
@@ -210,6 +232,14 @@ export async function updateConnectorFromRoute(id: string, body: Record<string,
   if (body.credentialId !== undefined) next.credentialId = typeof body.credentialId === 'string' || body.credentialId === null ? body.credentialId : next.credentialId
   if (body.config !== undefined) next.config = body.config && typeof body.config === 'object' && !Array.isArray(body.config) ? body.config as Record<string, string> : next.config
   if (body.isEnabled !== undefined) next.isEnabled = typeof body.isEnabled === 'boolean' ? body.isEnabled : next.isEnabled
+  const prepared = prepareSwarmdockConnectorInput({
+    platform: next.platform,
+    name: next.name,
+    credentialId: next.credentialId || null,
+    config: next.config,
+  })
+  next.credentialId = prepared.credentialId
+  next.config = prepared.config
   persistConnector(next)
 
   try {
@@ -235,7 +265,7 @@ export async function updateConnectorFromRoute(id: string, body: Record<string,
   }
 
   notify('connectors')
-  return serviceOk(await getConnectorWithRuntime(id) || next)
+  return serviceOk(await getConnectorWithRuntime(id) || redactConnectorSecrets(next))
 }
 
 export async function deleteConnectorFromRoute(id: string): Promise<ServiceResult<{ ok: true }>> {

package/src/lib/server/connectors/swarmdock-bidding.ts

@@ -0,0 +1,74 @@
+import { log } from '@/lib/server/logger'
+import type { BidCreateInput } from '@swarmdock/shared'
+
+const TAG = 'swarmdock-bid'
+
+interface SwarmDockTask {
+  id: string
+  title: string
+  skillRequirements: string[]
+  budgetMax: string
+}
+
+interface SwarmDockConfig {
+  skills: string
+  maxBudget: string
+  autoDiscover: boolean
+}
+
+/**
+ * Determine if the agent should auto-bid on a discovered task.
+ * Checks skill overlap and budget limits.
+ */
+export function shouldAutoBid(task: SwarmDockTask, config: SwarmDockConfig): boolean {
+  if (!config.autoDiscover) return false
+
+  // Check budget
+  const maxBudget = BigInt(config.maxBudget || '0')
+  if (maxBudget > BigInt(0)) {
+    const taskBudget = BigInt(task.budgetMax || '0')
+    if (taskBudget > maxBudget) {
+      log.debug(TAG, `Skipping "${task.title}" — budget ${task.budgetMax} exceeds max ${config.maxBudget}`)
+      return false
+    }
+  }
+
+  // Check skill overlap
+  const agentSkills = new Set(
+    config.skills.split(',').map((s) => s.trim().toLowerCase()).filter(Boolean),
+  )
+  if (agentSkills.size === 0) return false
+
+  const hasMatchingSkill = task.skillRequirements.some(
+    (req) => agentSkills.has(req.toLowerCase()),
+  )
+  if (!hasMatchingSkill) {
+    log.debug(TAG, `Skipping "${task.title}" — no matching skills`)
+    return false
+  }
+
+  return true
+}
+
+/**
+ * Submit an auto-bid on a SwarmDock task.
+ * Uses the task's max budget as the proposed price (simple strategy).
+ */
+export async function submitAutoBid(
+  client: { tasks: { bid: (taskId: string, input: BidCreateInput) => Promise<unknown> } },
+  taskId: string,
+  config: SwarmDockConfig,
+): Promise<void> {
+  const agentSkills = config.skills.split(',').map((s) => s.trim()).filter(Boolean)
+
+  const bid: BidCreateInput = {
+    proposedPrice: config.maxBudget || '1000000',
+    confidenceScore: 0.8,
+    proposal: `SwarmClaw agent with skills: ${agentSkills.join(', ')}. Ready to start immediately.`,
+    portfolioRefs: [],
+  }
+
+  await client.tasks.bid(taskId, bid)
+
+  log.info(TAG, `Auto-bid submitted for task ${taskId}`)
+}

package/src/lib/server/connectors/swarmdock-payloads.test.ts

@@ -0,0 +1,85 @@
+import assert from 'node:assert/strict'
+import test from 'node:test'
+
+import { submitAutoBid } from '@/lib/server/connectors/swarmdock-bidding'
+import { submitSwarmdockTaskResult } from '@/lib/server/connectors/swarmdock'
+
+test('submitAutoBid includes empty portfolio refs for SDK compatibility', async () => {
+  const seen: {
+    taskId?: string
+    bid?: { proposedPrice: string; portfolioRefs: string[] }
+  } = {}
+
+  await submitAutoBid(
+    {
+      tasks: {
+        bid: async (taskId, input) => {
+          seen.taskId = taskId
+          seen.bid = {
+            proposedPrice: input.proposedPrice,
+            portfolioRefs: [...input.portfolioRefs],
+          }
+        },
+      },
+    },
+    'task-123',
+    {
+      skills: 'typescript,automation',
+      maxBudget: '2500000',
+      autoDiscover: true,
+    },
+  )
+
+  assert.equal(seen.taskId, 'task-123')
+  assert.deepEqual(seen.bid, {
+    proposedPrice: '2500000',
+    portfolioRefs: [],
+  })
+})
+
+test('submitSwarmdockTaskResult includes empty files and propagates submit errors', async () => {
+  const seen: {
+    taskId?: string
+    payload?: { files: unknown[]; artifacts: Array<{ type: string; content: string }> }
+  } = {}
+
+  await submitSwarmdockTaskResult(
+    {
+      tasks: {
+        submit: async (taskId, input) => {
+          seen.taskId = taskId
+          seen.payload = {
+            files: [...input.files],
+            artifacts: input.artifacts.map((artifact) => ({
+              type: artifact.type,
+              content: String(artifact.content),
+            })),
+          }
+        },
+      },
+    },
+    'task-456',
+    'Result body',
+  )
+
+  assert.equal(seen.taskId, 'task-456')
+  assert.deepEqual(seen.payload, {
+    files: [],
+    artifacts: [{ type: 'text/markdown', content: 'Result body' }],
+  })
+
+  await assert.rejects(
+    submitSwarmdockTaskResult(
+      {
+        tasks: {
+          submit: async () => {
+            throw new Error('submit failed')
+          },
+        },
+      },
+      'task-456',
+      'Result body',
+    ),
+    /submit failed/,
+  )
+})

package/src/lib/server/connectors/swarmdock-secret.test.ts

@@ -0,0 +1,128 @@
+import assert from 'node:assert/strict'
+import fs from 'node:fs'
+import os from 'node:os'
+import path from 'node:path'
+import { spawnSync } from 'node:child_process'
+import test from 'node:test'
+
+const repoRoot = path.resolve(path.dirname(new URL(import.meta.url).pathname), '../../../..')
+
+function runWithTempDataDir(script: string) {
+  const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'swarmclaw-swarmdock-secret-'))
+  try {
+    const result = spawnSync(process.execPath, ['--import', 'tsx', '--input-type=module', '--eval', script], {
+      cwd: repoRoot,
+      env: {
+        ...process.env,
+        CREDENTIAL_SECRET: 'test-credential-secret',
+        DATA_DIR: path.join(tempDir, 'data'),
+        WORKSPACE_DIR: path.join(tempDir, 'workspace'),
+      },
+      encoding: 'utf-8',
+    })
+    assert.equal(result.status, 0, result.stderr || result.stdout || 'subprocess failed')
+    const lines = (result.stdout || '')
+      .trim()
+      .split('\n')
+      .map((line) => line.trim())
+      .filter(Boolean)
+    const jsonLine = [...lines].reverse().find((line) => line.startsWith('{'))
+    return JSON.parse(jsonLine || '{}')
+  } finally {
+    fs.rmSync(tempDir, { recursive: true, force: true })
+  }
+}
+
+test('createConnector stores SwarmDock private keys as credentials and redacts config output', () => {
+  const output = runWithTempDataDir(`
+    const storageMod = await import('./src/lib/server/storage')
+    const serviceMod = await import('./src/lib/server/connectors/connector-service')
+    const secretMod = await import('./src/lib/server/connectors/swarmdock-secret')
+    const storage = storageMod.default || storageMod
+    const service = serviceMod.default || serviceMod
+    const secret = secretMod.default || secretMod
+
+    const created = service.createConnector({
+      name: 'SwarmDock Worker',
+      platform: 'swarmdock',
+      config: {
+        apiUrl: 'https://api.swarmdock.example',
+        walletAddress: '0x000000000000000000000000000000000000dEaD',
+        privateKey: 'legacy-private-key',
+      },
+    })
+
+    const stored = storage.loadConnectors()[created.id]
+    const credentials = storage.loadCredentials()
+    const credential = stored?.credentialId ? credentials[stored.credentialId] : null
+    const redacted = secret.redactConnectorSecrets({
+      ...stored,
+      config: {
+        ...(stored?.config || {}),
+        privateKey: 'should-not-leak',
+      },
+    })
+
+    console.log(JSON.stringify({
+      credentialId: stored?.credentialId || null,
+      storedHasPrivateKey: Boolean(stored?.config && Object.prototype.hasOwnProperty.call(stored.config, 'privateKey')),
+      credentialProvider: credential?.provider || null,
+      credentialName: credential?.name || null,
+      redactedHasPrivateKey: Boolean(redacted?.config && Object.prototype.hasOwnProperty.call(redacted.config, 'privateKey')),
+    }))
+  `)
+
+  assert.match(String(output.credentialId || ''), /^cred_/)
+  assert.equal(output.storedHasPrivateKey, false)
+  assert.equal(output.credentialProvider, 'swarmdock')
+  assert.match(String(output.credentialName || ''), /SwarmDock Identity Key/)
+  assert.equal(output.redactedHasPrivateKey, false)
+})
+
+test('ensureSwarmdockConnectorCredential migrates stored legacy config keys into credentials', () => {
+  const output = runWithTempDataDir(`
+    const storageMod = await import('./src/lib/server/storage')
+    const repoMod = await import('./src/lib/server/connectors/connector-repository')
+    const secretMod = await import('./src/lib/server/connectors/swarmdock-secret')
+    const storage = storageMod.default || storageMod
+    const repo = repoMod.default || repoMod
+    const secret = secretMod.default || secretMod
+
+    storage.saveConnectors({
+      conn_legacy: {
+        id: 'conn_legacy',
+        name: 'Legacy SwarmDock',
+        platform: 'swarmdock',
+        agentId: null,
+        chatroomId: null,
+        credentialId: null,
+        config: {
+          walletAddress: '0x000000000000000000000000000000000000dEaD',
+          privateKey: 'legacy-private-key',
+        },
+        isEnabled: false,
+        status: 'stopped',
+        lastError: null,
+        createdAt: 1,
+        updatedAt: 1,
+      },
+    })
+
+    const prepared = secret.ensureSwarmdockConnectorCredential(repo.loadConnector('conn_legacy'))
+    const migrated = repo.loadConnector('conn_legacy')
+    const credentials = storage.loadCredentials()
+    const credential = migrated?.credentialId ? credentials[migrated.credentialId] : null
+
+    console.log(JSON.stringify({
+      fallbackPrivateKey: prepared.fallbackPrivateKey,
+      migratedCredentialId: migrated?.credentialId || null,
+      migratedHasPrivateKey: Boolean(migrated?.config && Object.prototype.hasOwnProperty.call(migrated.config, 'privateKey')),
+      credentialProvider: credential?.provider || null,
+    }))
+  `)
+
+  assert.equal(output.fallbackPrivateKey, null)
+  assert.match(String(output.migratedCredentialId || ''), /^cred_/)
+  assert.equal(output.migratedHasPrivateKey, false)
+  assert.equal(output.credentialProvider, 'swarmdock')
+})

package/src/lib/server/connectors/swarmdock-secret.ts

@@ -0,0 +1,152 @@
+import type { Connector } from '@/types'
+import { createCredentialRecord, resolveCredentialSecret } from '@/lib/server/credentials/credential-service'
+import { upsertConnector } from './connector-repository'
+import { notify } from '@/lib/server/ws-hub'
+
+export const SWARMMDOCK_CREDENTIAL_PROVIDER = 'swarmdock'
+
+function clean(value: unknown): string {
+  return typeof value === 'string' ? value.trim() : ''
+}
+
+function cloneConfig(config: Record<string, string> | null | undefined): Record<string, string> {
+  return config ? { ...config } : {}
+}
+
+function getLegacyPrivateKey(config: Record<string, string> | null | undefined): string {
+  return clean(config?.privateKey)
+}
+
+function stripLegacyPrivateKey(config: Record<string, string> | null | undefined): Record<string, string> {
+  const next = cloneConfig(config)
+  delete next.privateKey
+  return next
+}
+
+function buildCredentialName(connectorName: string): string {
+  const normalizedName = clean(connectorName)
+  return normalizedName ? `${normalizedName} SwarmDock Identity Key` : 'SwarmDock Identity Key'
+}
+
+function persistConnectorSecretMigration(
+  connector: Connector,
+  credentialId: string,
+): Connector {
+  const nextConfig = stripLegacyPrivateKey(connector.config)
+  const next: Connector = {
+    ...connector,
+    credentialId,
+    config: nextConfig,
+    updatedAt: Date.now(),
+  }
+  upsertConnector(next.id, next)
+  notify('connectors')
+  return next
+}
+
+export function redactConnectorSecrets<T extends Connector>(connector: T): T {
+  if (connector.platform !== 'swarmdock') {
+    return {
+      ...connector,
+      config: cloneConfig(connector.config),
+    }
+  }
+  return {
+    ...connector,
+    config: stripLegacyPrivateKey(connector.config),
+  }
+}
+
+export function prepareSwarmdockConnectorInput(params: {
+  platform: Connector['platform']
+  name: string
+  credentialId: string | null
+  config: Record<string, string> | null | undefined
+}): {
+  credentialId: string | null
+  config: Record<string, string>
+} {
+  const config = cloneConfig(params.config)
+  if (params.platform !== 'swarmdock') {
+    return {
+      credentialId: clean(params.credentialId) || null,
+      config,
+    }
+  }
+
+  const credentialId = clean(params.credentialId)
+  const legacyPrivateKey = getLegacyPrivateKey(config)
+  if (!legacyPrivateKey) {
+    return {
+      credentialId: credentialId || null,
+      config: stripLegacyPrivateKey(config),
+    }
+  }
+
+  if (credentialId) {
+    return {
+      credentialId,
+      config: stripLegacyPrivateKey(config),
+    }
+  }
+
+  const credential = createCredentialRecord({
+    provider: SWARMMDOCK_CREDENTIAL_PROVIDER,
+    name: buildCredentialName(params.name),
+    apiKey: legacyPrivateKey,
+  })
+
+  return {
+    credentialId: credential.id,
+    config: stripLegacyPrivateKey(config),
+  }
+}
+
+export function ensureSwarmdockConnectorCredential(
+  connector: Connector,
+  options?: { allowMigrationFailureFallback?: boolean },
+): {
+  connector: Connector
+  fallbackPrivateKey: string | null
+} {
+  if (connector.platform !== 'swarmdock') {
+    return { connector, fallbackPrivateKey: null }
+  }
+
+  const legacyPrivateKey = getLegacyPrivateKey(connector.config)
+  if (!legacyPrivateKey) {
+    return { connector, fallbackPrivateKey: null }
+  }
+
+  const configuredCredentialId = clean(connector.credentialId)
+  if (configuredCredentialId) {
+    if (resolveCredentialSecret(configuredCredentialId)) {
+      return {
+        connector: persistConnectorSecretMigration(connector, configuredCredentialId),
+        fallbackPrivateKey: null,
+      }
+    }
+    return {
+      connector,
+      fallbackPrivateKey: legacyPrivateKey,
+    }
+  }
+
+  try {
+    const credential = createCredentialRecord({
+      provider: SWARMMDOCK_CREDENTIAL_PROVIDER,
+      name: buildCredentialName(connector.name),
+      apiKey: legacyPrivateKey,
+    })
+    return {
+      connector: persistConnectorSecretMigration(connector, credential.id),
+      fallbackPrivateKey: null,
+    }
+  } catch (error) {
+    if (!options?.allowMigrationFailureFallback) throw error
+    return {
+      connector,
+      fallbackPrivateKey: legacyPrivateKey,
+    }
+  }
+}