@swarmclawai/swarmclaw 1.5.37 → 1.5.38

package/README.md

@@ -389,6 +389,17 @@ Operational docs: https://swarmclaw.ai/docs/observability
 
 ## Releases
 
+### v1.5.38 Highlights
+
+- **Task queue: reclaim stale checkouts**: `checkoutTask()` now reclaims a lingering `checkoutRunId` on a `queued` task instead of refusing it forever. An ungraceful server exit mid-turn (crash, SIGKILL, HMR reload) previously left tasks uncheckoutable, producing a dispatch → orphan-recovery → failed-checkout spin that logged "Recovering orphaned queued task" tens of thousands of times per session. `scheduleRetryOrDeadLetter()` also clears the prior checkout when scheduling a retry or dead-lettering.
+- **Chat: suppress duplicate parallel tool calls**: some OSS models on Ollama (notably `devstral`) emit the same tool call twice in a single turn. The LangGraph tool-event tracker now dedupes by `name + input` signature, swallowing the duplicate start and its result while allowing a genuinely later identical call once the first completes. Hardened against replayed-start events (HMR, graph retries) that previously could leak a `run_id` into both the accepted and suppressed sets and leave `pendingCount` stuck above zero.
+- **Chat: disable `parallel_tool_calls` for Ollama**: local Ollama sessions now pass `parallel_tool_calls: false` to prevent the upstream duplicate-call behavior at the source for models that honor it.
+- **Chat: no-progress guard for tool summary retries**: if the model produces essentially no new text on a `tool_summary` continuation, the loop stops retrying instead of streaming the same short sentence two or three times. The guard is snapshot-aware: a transient-error rollback no longer leaves a stale progress counter that silently skips a legitimate retry (`lastToolSummaryTextLen` is now round-tripped through `ChatTurnState.snapshot`/`restore`).
+- **Task UI: distinguish retry-pending from failure**: a retrying task now renders in amber with a "Retry Pending" label in the task card and sheet, instead of the same red treatment used for dead-lettered failures.
+- **Autonomy: dedupe reflection memories across kinds**: the supervisor reflection writer now drops notes whose normalized text has already been stored this run, eliminating near-identical memory rows classified under multiple kinds.
+- **OpenClaw gateway: fast-fail on dangling credentials**: when an agent's OpenClaw route references a deleted or missing credential, the gateway now refuses to dial the WebSocket up front instead of attempting an unauthenticated handshake and waiting the full 120 s for the agent-side timeout. The credential-missing log line is promoted from warn to error so it surfaces in routine monitoring.
+- **Prompt size profiler**: setting `SWARMCLAW_PROFILE_PROMPT=1` now logs a per-section size breakdown of the assembled system prompt (block index, first-line label, char count) on every turn, making it practical to diagnose why a specific agent is eating context budget. Off by default so production turns stay quiet.
+
 ### v1.5.37 Highlights
 
 - **Factory Droid CLI as a provider and delegation backend**: adds [`droid`](https://docs.factory.ai/cli/droid-exec/overview) as a first-class chat provider and `delegate` backend with streaming JSON output, session resume, and a conservative `--auto low` autonomy pin on the delegate path. Install `droid` and sign in via browser (or set `FACTORY_API_KEY`), then pick **Factory Droid CLI** in the setup wizard. Resolves #38.
@@ -417,85 +428,7 @@ Operational docs: https://swarmclaw.ai/docs/observability
 - **Chat execution context hardening**: tool invocation now resolves names case-insensitively, oversized tool results are truncated before they are fed back into the model, and proactive grounding/heartbeat prompts stay smaller under pressure to reduce avoidable context blowouts.
 - **API compatibility fixes**: OpenAI-compatible streaming now captures reasoning deltas from providers that emit them outside `delta.content`, and A2A endpoints are exempt from the main proxy access-key gate so they can rely on their own auth scheme.
 
-### v1.5.33 Highlights
-
-- **CLI global flag compatibility**: legacy-routed commands now honor the documented `--access-key` and `--base-url` aliases even when they appear after the subcommand, so authenticated CLI automation works the same across binary entry points.
-- **Docker build memory hardening**: production Next.js builds now size `--max-old-space-size` from the detected container/cgroup memory limit, with `SWARMCLAW_BUILD_MAX_OLD_SPACE_SIZE_MB` available as an explicit override for constrained Docker Desktop and CI environments.
-
-### v1.5.31 Highlights
-
-- **Fix Docker first-run crash**: resolved `EISDIR: illegal operation on a directory, read` error when running `docker compose up` without a pre-existing `.env.local` file. Docker was creating a directory mount instead of a file, which crashed Next.js on startup. Replaced the file bind mount with `env_file` directive using `required: false`.
-
-### v1.5.4 Highlights
-
-- **Cursor Agent CLI built-in provider**: Cursor Agent CLI is now a first-class worker provider with session continuity, headless execution, and delegation support.
-- **Qwen Code CLI built-in provider**: Qwen Code CLI is now available as a built-in worker provider and delegation backend with structured headless execution support.
-- **Goose built-in provider**: Goose is now supported as a runtime-managed worker provider, using its own local auth and provider configuration while preserving SwarmClaw session continuity.
-- **CLI setup and health parity**: setup flows, provider checks, setup doctor, and provider-facing UI now recognize Cursor, Qwen Code, and Goose alongside the existing CLI-backed providers.
-
-### v1.5.3 Highlights
-
-- **Copilot CLI v1.x compatibility**: the `copilot-cli` provider now handles the current event format (`assistant.message_delta`, `assistant.message`, updated `result` payload) while keeping backward compatibility with the legacy format. Also fixes `--resume` flag syntax. (Community contribution by [@borislavnnikolov](https://github.com/borislavnnikolov) -- PR #36)
-
-### v1.5.2 Highlights
-
-- **Hosted deploy path for SwarmClaw itself**: added root-level `render.yaml`, `fly.toml`, and `railway.json` so the published `ghcr.io/swarmclawai/swarmclaw:latest` image is easier to run on always-on platforms.
-- **Public health endpoint for hosted platforms**: added `/api/healthz` and exempted it from access-key auth so Render, Fly.io, and Railway can perform liveness checks without weakening the rest of the API surface.
-- **OTLP/OpenTelemetry foundation**: SwarmClaw can now export traces for chat turns, direct model streams, protocol runs, and tool execution to any OTLP-compatible backend using environment variables only.
-- **Docs and landing-page deploy refresh**: `swarmclaw.ai` now exposes the hosted deploy path and a dedicated observability guide instead of burying those operator workflows in general setup docs.
-
-### v1.5.1 Highlights
-
-- **Standalone connector lifecycle**: connector start, stop, status, and repair now work correctly in standalone production builds (`npm start` / pm2) where the daemon runs in-process. Previously these operations silently failed because the controller assumed a daemon subprocess was always present. (Community contribution by [@borislavnnikolov](https://github.com/borislavnnikolov) -- PR #35)
-
-### v1.5.0 Highlights
-
-- **First-run activation refresh**: setup now includes a dedicated start-path step, broad starter shapes instead of niche presets, and draft agents generated directly from the chosen setup shape.
-- **Guided post-setup launchpad**: finishing setup now routes through action-oriented next steps such as opening the first agent chat, launching a structured session, connecting platforms, or reviewing usage.
-- **State-aware home and protocols**: fresh workspaces now open on a launchpad instead of a sparse ops dashboard, and the Protocols page now surfaces the visual builder and template gallery directly.
-
-### v1.4.9 Highlights
-
-- **Standalone build reliability**: `public/`, `.next/static/`, and `css-tree/data/` are now automatically copied into the standalone build output, fixing runtime crashes and missing assets when running the standalone bundle. (Community contribution by [@borislavnnikolov](https://github.com/borislavnnikolov) — PR #34)
-
-### v1.4.8 Highlights
-
-- **Agent-scoped SwarmFeed dashboard**: the in-app feed now has an explicit acting-agent model so humans can direct social actions without ever posting as a separate user identity.
-- **Expanded feed surface**: added Bookmarks and Notifications tabs, SwarmFeed search, suggested follows, thread detail sheets, profile sheets, and a restored visible composer.
-- **Broader SwarmFeed tool/API support**: the built-in `swarmfeed` tool and internal API now support follow/unfollow, bookmark/unbookmark, quote reposts, notifications, profile lookup, thread reads, and search.
-- **Social heartbeat enforcement**: task-completion posting, daily/manual-only guardrails, and heartbeat dependency warnings now match the agent-first SwarmFeed model instead of leaving social automation loosely implied.
-
-### v1.4.7 Highlights
-
-- **Hermes Agent built-in provider**: Added first-class Hermes support through the Hermes API server, including optional auth, local or remote `/v1` endpoints, and runtime-managed agent handling.
-- **OpenRouter built-in provider**: OpenRouter is now a built-in provider instead of living only behind the generic custom-provider path.
-- **Runtime-managed provider handling**: Hermes now skips SwarmClaw's local extension/tool injection path so its own runtime stays in control, while setup and model discovery still work through the normal provider flow.
-- **Provider docs refresh**: README and docs now reflect the new provider list, remote Hermes API-server support, and logo assets for OpenRouter and Hermes Agent.
-
-### v1.4.6 Highlights
-
-- **SwarmDock startup sync**: Existing SwarmDock agents now authenticate and reconcile their live marketplace profile on connector start, updating stale description, skills, framework/model metadata, and payout wallet fields
-- **Agent wallet fallback**: SwarmDock connectors now fall back to the agent's selected marketplace wallet when no connector-level wallet address is configured
-- **Task filter fix**: The built-in `swarmdock` tool now uses the correct `skills=` task filter when browsing marketplace tasks from chat
-- **SwarmDock SDK bump**: Updated `@swarmdock/sdk` from `0.5.2` to `0.5.3`, aligning the connector with the published metadata-sync fixes
-
-### v1.4.5 Highlights
-
-- **OpenClaw 2026.4.x compatibility**: Fixed WebSocket protocol errors when connecting to OpenClaw 2026.4.2+ gateways (`profileId` was incorrectly included in RPC params)
-- **OpenClaw dependency bump**: Updated minimum OpenClaw from `2026.2.26` to `2026.4.2`
-
-### v1.4.4 Highlights
-
-- **SwarmDock SDK bump**: Updated `@swarmdock/sdk` from `0.4.1` to `0.5.2`, picking up new error types, skill templates, and agent primitives
-
-### v1.4.3 Highlights
-
-- **SwarmDock agent opt-in**: Agents can now opt into the SwarmDock marketplace directly from their settings sheet with description, skills, wallet, and auto-bid configuration
-- **SwarmFeed & SwarmDock tools**: Agents get `swarmfeed` and `swarmdock` tools auto-enabled when opted in, allowing autonomous posting, replying, liking, browsing tasks, and checking status from chat
-- **Auto-registration**: Enabling SwarmFeed on an agent automatically registers it on the SwarmFeed network (no manual connector setup required)
-- **Marketplace page**: New `/marketplace` sidebar page showing live SwarmDock tasks and agents
-- **Following tab fix**: SwarmFeed Following tab gracefully handles unregistered agents instead of showing a 401 error
-- **Compose removal**: Removed manual compose UI from Feed page — agents post autonomously through their tools
+Older releases: https://swarmclaw.ai/docs/release-notes
 
 - GitHub releases: https://github.com/swarmclawai/swarmclaw/releases
 - npm package: https://www.npmjs.com/package/@swarmclawai/swarmclaw

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.5.37",
+  "version": "1.5.38",
   "description": "Build and run autonomous AI agents with OpenClaw, Hermes, multiple model providers, orchestration, delegation, memory, skills, schedules, and chat connectors.",
   "main": "electron-dist/main.js",
   "license": "MIT",

package/src/components/tasks/task-card.tsx

@@ -343,9 +343,17 @@ export function TaskCard({
         )}
       </div>
 
-      {task.error && (
-        <p className="mt-2 text-[11px] text-red-400/80 line-clamp-2">{task.error}</p>
-      )}
+      {task.error && (() => {
+        const retryPending =
+          task.status !== 'failed' &&
+          !task.deadLetteredAt &&
+          (task.retryScheduledAt != null || /^Retry scheduled after failure/i.test(task.error))
+        return (
+          <p className={`mt-2 text-[11px] line-clamp-2 ${retryPending ? 'text-amber-400/80' : 'text-red-400/80'}`}>
+            {task.error}
+          </p>
+        )
+      })()}
 
       {/* Inline comments — show latest 2 */}
       {task.comments && task.comments.length > 0 && (

package/src/components/tasks/task-sheet.tsx

@@ -549,15 +549,26 @@ export function TaskSheet() {
           </div>
         )}
 
-        {/* Error */}
-        {editing.error && (
-          <div className="mb-8">
-            <label className="block font-display text-[12px] font-600 text-red-400 uppercase tracking-[0.08em] mb-3">Error</label>
-            <div className="p-4 rounded-[14px] border border-red-500/10 bg-red-500/[0.03] text-[13px] text-red-400/80 whitespace-pre-wrap">
-              {editing.error}
+        {/* Error / Retry notice */}
+        {editing.error && (() => {
+          const retryPending =
+            editing.status !== 'failed' &&
+            !editing.deadLetteredAt &&
+            (editing.retryScheduledAt != null || /^Retry scheduled after failure/i.test(editing.error))
+          const label = retryPending ? 'Retry Pending' : 'Error'
+          const tone = retryPending
+            ? 'border-amber-500/15 bg-amber-500/[0.04] text-amber-300/80'
+            : 'border-red-500/10 bg-red-500/[0.03] text-red-400/80'
+          const labelTone = retryPending ? 'text-amber-400' : 'text-red-400'
+          return (
+            <div className="mb-8">
+              <label className={`block font-display text-[12px] font-600 uppercase tracking-[0.08em] mb-3 ${labelTone}`}>{label}</label>
+              <div className={`p-4 rounded-[14px] border text-[13px] whitespace-pre-wrap ${tone}`}>
+                {editing.error}
+              </div>
             </div>
-          </div>
-        )}
+          )
+        })()}
 
         {/* Comments (with input — adding comments from view mode is useful) */}
         <div className="mb-8">

package/src/lib/server/autonomy/supervisor-reflection.ts

@@ -779,8 +779,20 @@ function writeReflectionMemories(params: {
     { kind: 'open_loop', notes: params.openLoops },
   ]
 
+  // Cross-kind dedup: skip notes whose normalized text we've already stored
+  // this run. The reflection classifier often produces near-identical notes
+  // under multiple kinds (e.g. "successfully completed a multi-step task…"
+  // appearing as both invariant and lesson), which floods memory with noise.
+  const seenNormalized = new Set<string>()
+  const normalizeNote = (note: string): string =>
+    note.toLowerCase().replace(/\s+/g, ' ').trim().slice(0, 240)
+
   for (const group of groups) {
     for (const note of group.notes) {
+      const norm = normalizeNote(note)
+      if (!norm) continue
+      if (seenNormalized.has(norm)) continue
+      seenNormalized.add(norm)
       const metadata: Record<string, unknown> = {
         origin: 'autonomy-reflection',
         reflectionId: params.reflectionId,

package/src/lib/server/build-llm.test.ts

@@ -238,6 +238,18 @@ test('buildChatModel keeps local Ollama local even when a credential and :cloud
   assert.equal(llm.clientConfig?.baseURL, 'http://localhost:11434/v1')
 })
 
+test('buildChatModel disables parallel_tool_calls for Ollama local to avoid duplicate tool emissions from some OSS models', () => {
+  const llm = buildChatModel({
+    provider: 'ollama',
+    model: 'devstral',
+    ollamaMode: 'local',
+    apiKey: null,
+  }) as ChatOpenAI & { modelKwargs?: Record<string, unknown> }
+
+  assert.equal(llm.modelKwargs?.parallel_tool_calls, false)
+  assert.equal(llm.clientConfig?.baseURL, 'http://localhost:11434/v1')
+})
+
 test('buildChatModel uses Ollama Cloud only when explicit cloud mode is selected', () => {
   saveCredentials({
     'cred-1': {

package/src/lib/server/build-llm.ts

@@ -38,6 +38,7 @@ type OpenAiReasoningEffort = 'low' | 'medium' | 'high'
 type ChatOpenAiConfig = ConstructorParameters<typeof ChatOpenAI>[0] & {
   modelKwargs?: {
     reasoning_effort?: OpenAiReasoningEffort
+    parallel_tool_calls?: boolean
   }
   configuration?: {
     baseURL?: string
@@ -104,6 +105,7 @@ export function buildChatModel(opts: {
       timeout: OPENAI_COMPAT_MODEL_TIMEOUT_MS,
       maxRetries: OPENAI_COMPAT_MODEL_MAX_RETRIES,
       configuration: { baseURL },
+      modelKwargs: { parallel_tool_calls: false },
     })
   }
 

package/src/lib/server/chat-execution/chat-turn-preparation.ts

@@ -1,6 +1,7 @@
 import fs from 'fs'
 import os from 'os'
 
+import { log } from '@/lib/server/logger'
 import { getProvider } from '@/lib/providers'
 import type { ExecutionBrief, Message, Session } from '@/types'
 import {
@@ -418,7 +419,17 @@ function buildAgentSystemPrompt(
     'You run on an autonomous heartbeat. If you receive a heartbeat poll and nothing needs attention, reply exactly: HEARTBEAT_OK',
   ].join('\n'))
 
-  return parts.join('\n\n')
+  const assembled = parts.join('\n\n')
+  if (process.env.SWARMCLAW_PROFILE_PROMPT === '1') {
+    // Dump per-section sizes once per turn to help size the context budget.
+    // Kept behind an env flag so production turns stay quiet.
+    const sectionSizes = parts.map((block, idx) => {
+      const firstLine = block.split('\n', 1)[0]
+      return `  [${idx}] ${firstLine.slice(0, 60)} — ${block.length} chars`
+    }).join('\n')
+    log.info('prompt-profile', `System prompt assembled (${assembled.length} chars, ${parts.length} blocks, ${enabledExtensions.length} extensions):\n${sectionSizes}`)
+  }
+  return assembled
 }
 
 function resolveApiKeyForSession(session: SessionWithCredentials, provider: ProviderApiKeyConfig): string | null {

package/src/lib/server/chat-execution/chat-turn-state.test.ts

@@ -0,0 +1,39 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import { ChatTurnState } from '@/lib/server/chat-execution/chat-turn-state'
+
+describe('ChatTurnState snapshot/restore', () => {
+  it('round-trips lastToolSummaryTextLen so a rollback does not skip a legitimate tool_summary retry', () => {
+    // Regression: before this field was included in the snapshot, a transient
+    // error + restore() would leave lastToolSummaryTextLen ahead of fullText.
+    // The no-progress guard in checkToolSummary then saw a negative delta and
+    // silently skipped the retry — the model lost its chance to summarize.
+    const state = new ChatTurnState()
+    state.fullText = 'initial prompt text'
+    state.hasToolCalls = true
+    const snap = state.snapshot()
+    assert.equal(snap.lastToolSummaryTextLen, -1)
+
+    // Simulate a tool_summary retry that advanced the guard counter, then a
+    // rollback to the pre-iteration snapshot.
+    state.lastToolSummaryTextLen = state.fullText.length
+    state.fullText += ' partial speculative output that gets thrown away'
+    state.restore(snap)
+
+    assert.equal(state.lastToolSummaryTextLen, -1)
+    assert.equal(state.fullText, 'initial prompt text')
+  })
+
+  it('preserves an already-advanced lastToolSummaryTextLen across a non-rollback snapshot cycle', () => {
+    const state = new ChatTurnState()
+    state.fullText = 'Here is the answer.'
+    state.lastToolSummaryTextLen = state.fullText.length
+    const snap = state.snapshot()
+
+    state.fullText += ' Extended thought.'
+    state.restore(snap)
+
+    assert.equal(state.lastToolSummaryTextLen, 'Here is the answer.'.length)
+    assert.equal(state.fullText, 'Here is the answer.')
+  })
+})

package/src/lib/server/chat-execution/chat-turn-state.ts

@@ -19,6 +19,7 @@ export interface TurnStateSnapshot {
   toolFrequencyBlocked: string | false
   terminalToolBoundary: 'memory_write' | 'durable_wait' | 'context_compaction' | null
   memoryWriteTerminalAllowed: boolean | null
+  lastToolSummaryTextLen: number
 }
 
 export class ChatTurnState {
@@ -39,6 +40,7 @@ export class ChatTurnState {
   terminalToolBoundary: 'memory_write' | 'durable_wait' | 'context_compaction' | null = null
   terminalToolResponse = ''
   memoryWriteTerminalAllowed: boolean | null = null
+  lastToolSummaryTextLen = -1
 
   snapshot(): TurnStateSnapshot {
     return {
@@ -53,6 +55,7 @@ export class ChatTurnState {
       toolFrequencyBlocked: this.toolFrequencyBlocked,
       terminalToolBoundary: this.terminalToolBoundary,
       memoryWriteTerminalAllowed: this.memoryWriteTerminalAllowed,
+      lastToolSummaryTextLen: this.lastToolSummaryTextLen,
     }
   }
 
@@ -68,6 +71,7 @@ export class ChatTurnState {
     this.toolFrequencyBlocked = snap.toolFrequencyBlocked
     this.terminalToolBoundary = snap.terminalToolBoundary
     this.memoryWriteTerminalAllowed = snap.memoryWriteTerminalAllowed
+    this.lastToolSummaryTextLen = snap.lastToolSummaryTextLen
   }
 
   /**

package/src/lib/server/chat-execution/continuation-evaluator.ts

@@ -28,6 +28,7 @@ import {
 } from '@/lib/server/chat-execution/memory-mutation-tools'
 import { shouldForceAttachmentFollowthrough } from '@/lib/server/chat-execution/prompt-builder'
 import { shouldSkipToolSummaryForShortResponse } from '@/lib/server/chat-execution/chat-streaming-utils'
+import { toolSummaryHasMeaningfulProgress } from '@/lib/server/chat-execution/tool-summary-progress'
 import { logExecution, type LogCategory } from '@/lib/server/execution-log'
 
 // ---------------------------------------------------------------------------
@@ -378,6 +379,15 @@ function checkToolSummary(ctx: ContinuationContext): ContinuationDecision | null
     )
   )
   if (!textIsTrivial) return null
+  const currentLen = ctx.state.fullText.length
+  const priorLen = ctx.state.lastToolSummaryTextLen
+  if (!toolSummaryHasMeaningfulProgress(priorLen, currentLen)) {
+    logStatus(ctx, 'decision', `Tool summary retry skipped — no meaningful progress (delta=${currentLen - priorLen} chars)`, {
+      priorLen, currentLen, toolEventCount: ctx.state.streamedToolEvents.length,
+    })
+    return null
+  }
+  ctx.state.lastToolSummaryTextLen = currentLen
   const count = ctx.limits.increment('tool_summary')
   const summaryReason = !ctx.state.fullText.trim() ? 'empty_response_after_tools' : 'trivial_preamble_after_tools'
   logStatus(ctx, 'decision', `Tools called but response text is trivial (${ctx.state.fullText.trim().length} chars) — forcing summary continuation`, {

package/src/lib/server/chat-execution/tool-event-tracker.test.ts

@@ -33,4 +33,71 @@ describe('tool-event-tracker', () => {
     assert.equal(tracker.complete('nested_1'), false)
     assert.equal(tracker.pendingCount, 0)
   })
+
+  it('suppresses duplicate parallel tool_calls with identical name+input in the same turn', () => {
+    const tracker = new LangGraphToolEventTracker()
+    const metadata = { langgraph_node: 'tools' }
+    const event = { name: 'files', data: { input: { action: 'write', path: '/tmp/x' } }, metadata }
+
+    // First acceptance emits; second identical call is swallowed.
+    assert.equal(tracker.acceptStart({ run_id: 'r1', ...event }), true)
+    assert.equal(tracker.acceptStart({ run_id: 'r2', ...event }), false)
+    assert.equal(tracker.pendingCount, 1)
+
+    // complete() returns false for the suppressed one so the caller skips its result too.
+    assert.equal(tracker.complete('r2'), false)
+    assert.equal(tracker.complete('r1'), true)
+    assert.equal(tracker.pendingCount, 0)
+
+    // After the first call fully completes, a legitimately later identical call is accepted.
+    assert.equal(tracker.acceptStart({ run_id: 'r3', ...event }), true)
+    assert.equal(tracker.complete('r3'), true)
+  })
+
+  it('does not leak the accepted run if the same run_id re-enters acceptStart', () => {
+    // Guards against replayed start events (e.g., HMR, graph retries) causing
+    // the same run_id to be recorded both as accepted and suppressed, which
+    // would leave pendingCount > 0 after complete().
+    const tracker = new LangGraphToolEventTracker()
+    const metadata = { langgraph_node: 'tools' }
+    const event = { name: 'shell', data: { input: { cmd: 'ls' } }, metadata }
+
+    assert.equal(tracker.acceptStart({ run_id: 'same', ...event }), true)
+    assert.equal(tracker.acceptStart({ run_id: 'same', ...event }), false)
+    assert.equal(tracker.pendingCount, 1)
+    assert.equal(tracker.complete('same'), true)
+    assert.equal(tracker.pendingCount, 0)
+  })
+
+  it('handles triple-duplicate (2 suppressed) parallel tool_calls cleanly', () => {
+    const tracker = new LangGraphToolEventTracker()
+    const metadata = { langgraph_node: 'tools' }
+    const event = { name: 'files', data: { input: { action: 'read', path: '/a' } }, metadata }
+
+    assert.equal(tracker.acceptStart({ run_id: 'r1', ...event }), true)
+    assert.equal(tracker.acceptStart({ run_id: 'r2', ...event }), false)
+    assert.equal(tracker.acceptStart({ run_id: 'r3', ...event }), false)
+    assert.equal(tracker.pendingCount, 1)
+
+    // Out-of-order completions still settle correctly.
+    assert.equal(tracker.complete('r3'), false)
+    assert.equal(tracker.complete('r1'), true)
+    assert.equal(tracker.complete('r2'), false)
+    assert.equal(tracker.pendingCount, 0)
+  })
+
+  it('distinct inputs produce distinct signatures and both are accepted', () => {
+    const tracker = new LangGraphToolEventTracker()
+    const metadata = { langgraph_node: 'tools' }
+
+    assert.equal(tracker.acceptStart({
+      run_id: 'a', name: 'files', data: { input: { path: '/a' } }, metadata,
+    }), true)
+    assert.equal(tracker.acceptStart({
+      run_id: 'b', name: 'files', data: { input: { path: '/b' } }, metadata,
+    }), true)
+    assert.equal(tracker.pendingCount, 2)
+    assert.equal(tracker.complete('a'), true)
+    assert.equal(tracker.complete('b'), true)
+  })
 })

package/src/lib/server/chat-execution/tool-event-tracker.ts

@@ -1,5 +1,7 @@
 export interface StreamToolEventLike {
   run_id: string
+  name?: string
+  data?: { input?: unknown }
   metadata?: Record<string, unknown>
 }
 
@@ -9,18 +11,54 @@ export function isLangGraphToolNodeMetadata(metadata: Record<string, unknown> |
     || typeof metadata.__pregel_task_id === 'string'
 }
 
+function toolCallSignature(event: StreamToolEventLike): string {
+  const name = event.name || ''
+  // Only dedup when we have enough to form a meaningful signature — name
+  // is required. Otherwise callers (and tests) that track distinct run ids
+  // with no name/input must continue to work as before.
+  if (!name) return ''
+  const input = event.data?.input
+  const inputStr = typeof input === 'string' ? input : JSON.stringify(input ?? '')
+  return `${name}:${inputStr}`
+}
+
 export class LangGraphToolEventTracker {
   private readonly acceptedRunIds = new Set<string>()
+  private readonly suppressedRunIds = new Set<string>()
+  // Active signatures -> first accepted run_id. Used to suppress duplicate
+  // parallel tool_calls emitted by some open-source models (e.g. Ollama's
+  // devstral emits identical tool_calls twice per turn).
+  private readonly activeSignatures = new Map<string, string>()
 
   acceptStart(event: StreamToolEventLike): boolean {
     if (!isLangGraphToolNodeMetadata(event.metadata)) return false
+    const signature = toolCallSignature(event)
+    if (signature && this.activeSignatures.has(signature)) {
+      const firstAcceptedId = this.activeSignatures.get(signature)
+      // If the incoming run_id matches the already-accepted one, this is a
+      // duplicate start event for the same run — treat as a no-op accept
+      // (do not suppress, since we must still acknowledge its completion).
+      if (firstAcceptedId === event.run_id) return false
+      this.suppressedRunIds.add(event.run_id)
+      return false
+    }
+    if (signature) this.activeSignatures.set(signature, event.run_id)
     this.acceptedRunIds.add(event.run_id)
     return true
   }
 
   complete(runId: string): boolean {
+    if (this.suppressedRunIds.has(runId)) {
+      this.suppressedRunIds.delete(runId)
+      return false
+    }
     if (!this.acceptedRunIds.has(runId)) return false
     this.acceptedRunIds.delete(runId)
+    // Clear matching signature so a legitimately-new call with the same args
+    // later in the turn is not mistaken for a duplicate.
+    for (const [sig, id] of this.activeSignatures) {
+      if (id === runId) { this.activeSignatures.delete(sig); break }
+    }
     return true
   }
 

package/src/lib/server/chat-execution/tool-summary-progress.test.ts

@@ -0,0 +1,42 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import {
+  TOOL_SUMMARY_PROGRESS_MIN_DELTA,
+  toolSummaryHasMeaningfulProgress,
+} from '@/lib/server/chat-execution/tool-summary-progress'
+
+describe('toolSummaryHasMeaningfulProgress (no-progress guard for tool_summary retries)', () => {
+  it('allows the first retry even when fullText is empty (sentinel priorLen = -1)', () => {
+    assert.equal(toolSummaryHasMeaningfulProgress(-1, 0), true)
+  })
+
+  it('allows the first retry even when some text already exists (sentinel priorLen = -1)', () => {
+    assert.equal(toolSummaryHasMeaningfulProgress(-1, 9999), true)
+  })
+
+  it('skips subsequent retries when the delta is below the minimum', () => {
+    assert.equal(toolSummaryHasMeaningfulProgress(100, 105), false)
+    assert.equal(toolSummaryHasMeaningfulProgress(100, 100), false)
+    // The boundary: exactly MIN_DELTA - 1 still skips.
+    assert.equal(
+      toolSummaryHasMeaningfulProgress(100, 100 + TOOL_SUMMARY_PROGRESS_MIN_DELTA - 1),
+      false,
+    )
+  })
+
+  it('allows a retry when the delta meets or exceeds the minimum', () => {
+    assert.equal(
+      toolSummaryHasMeaningfulProgress(100, 100 + TOOL_SUMMARY_PROGRESS_MIN_DELTA),
+      true,
+    )
+    assert.equal(toolSummaryHasMeaningfulProgress(100, 1000), true)
+  })
+
+  it('skips retry when fullText SHRANK after a restore — protects against stale priorLen post-rollback', () => {
+    // This scenario was the real reason we also added lastToolSummaryTextLen to
+    // ChatTurnState snapshot/restore. Here we just verify the math: if priorLen
+    // is ahead of currentLen (e.g., rollback happened without syncing the
+    // counter), the delta is negative, so the guard correctly skips retry.
+    assert.equal(toolSummaryHasMeaningfulProgress(500, 200), false)
+  })
+})

package/src/lib/server/chat-execution/tool-summary-progress.ts

@@ -0,0 +1,13 @@
+/** Minimum new-character delta required between tool_summary retries. */
+export const TOOL_SUMMARY_PROGRESS_MIN_DELTA = 30
+
+/**
+ * Returns false when a prior tool_summary retry already ran and the model
+ * has produced essentially no additional text on the follow-up turn — the
+ * signal to stop retrying. On the first pass (priorLen < 0) this is always
+ * true so the retry can happen at least once.
+ */
+export function toolSummaryHasMeaningfulProgress(priorLen: number, currentLen: number): boolean {
+  if (priorLen < 0) return true
+  return currentLen - priorLen >= TOOL_SUMMARY_PROGRESS_MIN_DELTA
+}

package/src/lib/server/openclaw/gateway.ts

@@ -51,6 +51,9 @@ function buildGatewayConfigFromAgent(agent: Agent, options?: { allowDisabled?: b
   const route = resolvePrimaryAgentRoute(agent)
   if (route?.provider !== 'openclaw') return null
 
+  const credential = resolveTokenForCredential(route.credentialId)
+  if (credential.dangling) return null
+
   const routeProfile = route.gatewayProfileId ? getGatewayProfile(route.gatewayProfileId) : null
   return {
     key: route.gatewayProfileId ? `profile:${route.gatewayProfileId}` : `agent:${agent.id}`,
@@ -60,7 +63,7 @@ function buildGatewayConfigFromAgent(agent: Agent, options?: { allowDisabled?: b
       : route.apiEndpoint
         ? deriveOpenClawWsUrl(route.apiEndpoint)
         : DEFAULT_OPENCLAW_WS_URL,
-    token: resolveTokenForCredential(route.credentialId),
+    token: credential.token,
   }
 }
 
@@ -80,15 +83,28 @@ function normalizeWsUrl(raw: string): string {
   return url.replace(/^http:/i, 'ws:').replace(/^https:/i, 'wss:')
 }
 
-function resolveTokenForCredential(credentialId?: string | null): string | undefined {
-  if (!credentialId) return undefined
+/**
+ * Resolves an OpenClaw gateway credential.
+ *
+ * - `credentialId` null/undefined: the caller wants an unauthenticated
+ *   connection. Returns `{ token: undefined, dangling: false }`.
+ * - `credentialId` set and resolvable: returns `{ token, dangling: false }`.
+ * - `credentialId` set but missing/deleted: returns `{ token: undefined,
+ *   dangling: true }`. Callers should treat this as a hard configuration
+ *   error and refuse to dial — otherwise the WS handshake fails as
+ *   `unauthorized: gateway token missing` and the agent-side timeout waits
+ *   the full 120 s before surfacing the error to the user.
+ */
+function resolveTokenForCredential(credentialId?: string | null): { token: string | undefined; dangling: boolean } {
+  if (!credentialId) return { token: undefined, dangling: false }
   const secret = resolveCredentialSecret(credentialId)
   if (!secret) {
-    log.warn(TAG, `Credential "${credentialId}" is referenced but could not be resolved — gateway connection will lack a token`, {
+    log.error(TAG, `Credential "${credentialId}" is referenced but missing from the credential store — refusing gateway connection`, {
       credentialId,
     })
+    return { token: undefined, dangling: true }
   }
-  return secret || undefined
+  return { token: secret, dangling: false }
 }
 
 export function resolveGatewayConfig(target?: {
@@ -99,11 +115,13 @@ export function resolveGatewayConfig(target?: {
   if (profileId) {
     const profile = getGatewayProfile(profileId)
     if (!profile) return null
+    const credential = resolveTokenForCredential(profile.credentialId)
+    if (credential.dangling) return null
     return {
       key: `profile:${profile.id}`,
       profileId: profile.id,
       wsUrl: profile.wsUrl ? normalizeWsUrl(profile.wsUrl) : deriveOpenClawWsUrl(profile.endpoint),
-      token: resolveTokenForCredential(profile.credentialId),
+      token: credential.token,
     }
   }
 
@@ -123,11 +141,13 @@ export function resolveGatewayConfig(target?: {
   const gatewayProfiles = getGatewayProfiles('openclaw')
   if (gatewayProfiles[0]) {
     const profile = gatewayProfiles[0]
+    const credential = resolveTokenForCredential(profile.credentialId)
+    if (credential.dangling) return null
     return {
       key: `profile:${profile.id}`,
       profileId: profile.id,
       wsUrl: profile.wsUrl ? normalizeWsUrl(profile.wsUrl) : deriveOpenClawWsUrl(profile.endpoint),
-      token: resolveTokenForCredential(profile.credentialId),
+      token: credential.token,
     }
   }
   return null

package/src/lib/server/runtime/queue/core.ts

@@ -964,6 +964,7 @@ function scheduleRetryOrDeadLetter(task: BoardTask, reason: string): 'retry' | '
   if (isCancelledTask(task)) {
     task.retryScheduledAt = null
     task.deadLetteredAt = null
+    task.checkoutRunId = null
     task.updatedAt = Date.now()
     return 'dead_lettered'
   }
@@ -975,6 +976,10 @@ function scheduleRetryOrDeadLetter(task: BoardTask, reason: string): 'retry' | '
     const delayMs = jitteredBackoff((task.retryBackoffSec || 30) * 1000, Math.max(0, (task.attempts || 1) - 1), 6 * 3600_000)
     task.status = 'queued'
     task.retryScheduledAt = now + delayMs
+    // Release the prior checkout so the task can be checked out again on retry.
+    // Without this, checkoutTask() returns null every attempt and the orphan-
+    // recovery loop burns CPU re-queueing a task that can never run.
+    task.checkoutRunId = null
     task.updatedAt = now
     task.error = `Retry scheduled after failure: ${reason}`.slice(0, 500)
     if (!task.comments) task.comments = []
@@ -990,6 +995,7 @@ function scheduleRetryOrDeadLetter(task: BoardTask, reason: string): 'retry' | '
   task.status = 'failed'
   task.deadLetteredAt = now
   task.retryScheduledAt = null
+  task.checkoutRunId = null
   task.updatedAt = now
   task.error = `Dead-lettered after ${task.attempts}/${task.maxAttempts} attempts: ${reason}`.slice(0, 500)
   if (!task.comments) task.comments = []

package/src/lib/server/runtime/queue-recovery.test.ts

@@ -248,6 +248,121 @@ describe('queue recovery', () => {
     assert.equal(output.scheduledCalls, 1)
   })
 
+  it('scheduleRetryOrDeadLetter via stall recovery clears checkoutRunId so the next attempt can check out', () => {
+    // Regression: a task transitioning running -> queued on retry must release its
+    // prior checkout. Without this, checkoutTask() returns null on every attempt
+    // and the orphan-recovery loop burns CPU re-queueing a task that can never run.
+    const output = runWithTempDataDir<{
+      status: string | null
+      checkoutRunId: string | null
+      queued: string[]
+      attempts: number | null
+    }>(`
+      const storageMod = await import('@/lib/server/storage')
+      const queueMod = await import('@/lib/server/runtime/queue')
+      const storage = storageMod.default || storageMod
+      const queue = queueMod.default || queueMod
+
+      const now = Date.now()
+      storage.saveSettings({
+        ...storage.loadSettings(),
+        taskStallTimeoutMin: 5,
+        taskRetryBackoffSec: 30,
+      })
+      storage.saveTasks({
+        stuck: {
+          id: 'stuck',
+          title: 'Stuck with stale checkout',
+          description: 'Running task that stalled and must release its checkout on retry',
+          status: 'running',
+          agentId: 'agent-a',
+          startedAt: now - 600_000,
+          updatedAt: now - 600_000,
+          createdAt: now - 700_000,
+          maxAttempts: 3,
+          attempts: 0,
+          checkoutRunId: 'stale-run-id',
+        },
+      })
+      storage.saveQueue([])
+
+      const originalSetTimeout = globalThis.setTimeout
+      globalThis.setTimeout = () => 0
+      try {
+        queue.recoverStalledRunningTasks()
+      } finally {
+        globalThis.setTimeout = originalSetTimeout
+      }
+
+      const task = storage.loadTasks().stuck
+      console.log(JSON.stringify({
+        status: task?.status ?? null,
+        checkoutRunId: task?.checkoutRunId ?? null,
+        queued: storage.loadQueue(),
+        attempts: task?.attempts ?? null,
+      }))
+    `)
+
+    assert.equal(output.status, 'queued', 'task should be requeued for retry')
+    assert.equal(output.checkoutRunId, null, 'stale checkoutRunId must be released so retry can check out')
+    assert.deepEqual(output.queued, ['stuck'])
+    assert.equal(output.attempts, 1)
+  })
+
+  it('dead-letter path clears checkoutRunId so terminal tasks do not appear checked-out', () => {
+    const output = runWithTempDataDir<{
+      status: string | null
+      checkoutRunId: string | null
+      attempts: number | null
+    }>(`
+      const storageMod = await import('@/lib/server/storage')
+      const queueMod = await import('@/lib/server/runtime/queue')
+      const storage = storageMod.default || storageMod
+      const queue = queueMod.default || queueMod
+
+      const now = Date.now()
+      storage.saveSettings({
+        ...storage.loadSettings(),
+        taskStallTimeoutMin: 5,
+      })
+      storage.saveTasks({
+        doomed: {
+          id: 'doomed',
+          title: 'Exhausted retries',
+          description: 'Task at its last attempt that stalls should dead-letter and release checkout',
+          status: 'running',
+          agentId: 'agent-a',
+          startedAt: now - 600_000,
+          updatedAt: now - 600_000,
+          createdAt: now - 700_000,
+          maxAttempts: 2,
+          attempts: 1,
+          checkoutRunId: 'stale-run-id',
+        },
+      })
+      storage.saveQueue([])
+
+      const originalSetTimeout = globalThis.setTimeout
+      globalThis.setTimeout = () => 0
+      try {
+        queue.recoverStalledRunningTasks()
+      } finally {
+        globalThis.setTimeout = originalSetTimeout
+      }
+
+      const task = storage.loadTasks().doomed
+      console.log(JSON.stringify({
+        status: task?.status ?? null,
+        checkoutRunId: task?.checkoutRunId ?? null,
+        attempts: task?.attempts ?? null,
+      }))
+    `)
+
+    assert.equal(output.status, 'failed', 'task should be dead-lettered after exhausting retries')
+    assert.equal(output.checkoutRunId, null, 'dead-lettered tasks must not retain a stale checkoutRunId')
+    assert.equal(output.attempts, 2)
+  })
+
   it('resumeQueue restores blocked queued tasks without clobbering their queuedAt timestamp', () => {
     const output = runWithTempDataDir<{
       queued: string[]

package/src/lib/server/tasks/task-checkout.ts

@@ -19,7 +19,13 @@ export function checkoutTask(
     const tasks = loadTasks() as Record<string, BoardTask>
     const task = tasks[taskId]
     if (!task || task.status !== 'queued') return null
-    if (task.checkoutRunId) return null // already checked out
+    // A stale checkoutRunId can survive an ungraceful server exit (crash,
+    // SIGKILL, HMR reload mid-turn). If status is 'queued', the runId cannot
+    // reference a live checkout — only running tasks hold active checkouts —
+    // so treat the lingering id as stale and reclaim it. Previously this
+    // returned null forever, so the dispatch → orphan-recovery → failed-
+    // checkout cycle spammed "Recovering orphaned queued task" every ~2 ms
+    // (21 k log lines in a single session).
 
     const now = Date.now()
     task.status = 'running'