@swarmclawai/swarmclaw 1.5.37 → 1.5.39

package/README.md

@@ -389,6 +389,26 @@ Operational docs: https://swarmclaw.ai/docs/observability
 
 ## Releases
 
+### v1.5.39 Highlights
+
+- **Agents default to scoped tool access**: new agents (and existing agents whose `tools` list is non-empty) now only see the tools they've been given in the system prompt. This trims ~3 k input tokens per turn — an observed CEO/coordinator agent with 14 tools and 4 loaded skills went from 62 k to 38 k chars of system prompt. Opt back into the old firehose by toggling **Universal tool access** in the agent sheet's new "Context & Tool Access" section. Memory, context management, and `ask_human` are always included regardless of the scoped list.
+- **Pinned skills budget hardening**: one long markdown skill was eating 24 k of a 62 k prompt. Inlined pinned-skill content is now capped at 3 k chars with a pointer to `use_skill` action="load" for the full guide, and auto-attached *learned* skills get a dedicated sub-budget (max 6 skills / 8 k chars) so they cannot dominate the main pinned-skills section.
+- **OpenClaw chat fast-fails on dangling credentials**: v1.5.38 added gateway-side fast-fail; the chat streaming path now does the same, emitting a clear `err` event naming the missing credential instead of dialing the gateway unauthenticated and waiting 120 s for the timeout.
+- **Queue: orphan-recovery auto-heals stale checkouts**: pre-1.5.38 storage could leave `queued` tasks with a stale `checkoutRunId` that `checkoutTask()` refused forever. Orphan recovery now clears the stale id in the same sweep that re-queues the task, and `reconcileFinishedRunningTasks` / agent-not-found / capability-mismatch paths also null out the checkout when they terminally fail a task.
+- **Perf ring buffer raised to 2 000 entries**: queue/task repository events fire ~20 Hz during task processing and were evicting chat-execution/prompt perf entries out of the 200-entry buffer before they could be read. The larger buffer lets the perf viewer actually show a full turn.
+- **Tests**: added regression tests for pre-1.5.38 stale-checkout orphan recovery and for the scoped-tool-access algorithm.
+
+### v1.5.38 Highlights
+
+- **Task queue: reclaim stale checkouts**: `checkoutTask()` now reclaims a lingering `checkoutRunId` on a `queued` task instead of refusing it forever. An ungraceful server exit mid-turn (crash, SIGKILL, HMR reload) previously left tasks uncheckoutable, producing a dispatch → orphan-recovery → failed-checkout spin that logged "Recovering orphaned queued task" tens of thousands of times per session. `scheduleRetryOrDeadLetter()` also clears the prior checkout when scheduling a retry or dead-lettering.
+- **Chat: suppress duplicate parallel tool calls**: some OSS models on Ollama (notably `devstral`) emit the same tool call twice in a single turn. The LangGraph tool-event tracker now dedupes by `name + input` signature, swallowing the duplicate start and its result while allowing a genuinely later identical call once the first completes. Hardened against replayed-start events (HMR, graph retries) that previously could leak a `run_id` into both the accepted and suppressed sets and leave `pendingCount` stuck above zero.
+- **Chat: disable `parallel_tool_calls` for Ollama**: local Ollama sessions now pass `parallel_tool_calls: false` to prevent the upstream duplicate-call behavior at the source for models that honor it.
+- **Chat: no-progress guard for tool summary retries**: if the model produces essentially no new text on a `tool_summary` continuation, the loop stops retrying instead of streaming the same short sentence two or three times. The guard is snapshot-aware: a transient-error rollback no longer leaves a stale progress counter that silently skips a legitimate retry (`lastToolSummaryTextLen` is now round-tripped through `ChatTurnState.snapshot`/`restore`).
+- **Task UI: distinguish retry-pending from failure**: a retrying task now renders in amber with a "Retry Pending" label in the task card and sheet, instead of the same red treatment used for dead-lettered failures.
+- **Autonomy: dedupe reflection memories across kinds**: the supervisor reflection writer now drops notes whose normalized text has already been stored this run, eliminating near-identical memory rows classified under multiple kinds.
+- **OpenClaw gateway: fast-fail on dangling credentials**: when an agent's OpenClaw route references a deleted or missing credential, the gateway now refuses to dial the WebSocket up front instead of attempting an unauthenticated handshake and waiting the full 120 s for the agent-side timeout. The credential-missing log line is promoted from warn to error so it surfaces in routine monitoring.
+- **Prompt size profiler**: setting `SWARMCLAW_PROFILE_PROMPT=1` now logs a per-section size breakdown of the assembled system prompt (block index, first-line label, char count) on every turn, making it practical to diagnose why a specific agent is eating context budget. Off by default so production turns stay quiet.
+
 ### v1.5.37 Highlights
 
 - **Factory Droid CLI as a provider and delegation backend**: adds [`droid`](https://docs.factory.ai/cli/droid-exec/overview) as a first-class chat provider and `delegate` backend with streaming JSON output, session resume, and a conservative `--auto low` autonomy pin on the delegate path. Install `droid` and sign in via browser (or set `FACTORY_API_KEY`), then pick **Factory Droid CLI** in the setup wizard. Resolves #38.
@@ -411,91 +431,7 @@ Operational docs: https://swarmclaw.ai/docs/observability
 - **Gateway credential resolution logging**: when a gateway credential can't be resolved, the server now logs a clear warning identifying the missing credential ID.
 - **Credential decryption error logging**: when a stored credential can't be decrypted (e.g. after `CREDENTIAL_SECRET` changes), the server now logs the credential ID and provider so users know which key to re-add.
 
-### v1.5.34 Highlights
-
-- **Ollama Cloud auth fix**: SwarmClaw now normalizes `api.ollama.com` and `www.ollama.com` to `ollama.com` before making authenticated requests, avoiding the redirect that was dropping authorization headers and causing false provider-health/runtime failures.
-- **Chat execution context hardening**: tool invocation now resolves names case-insensitively, oversized tool results are truncated before they are fed back into the model, and proactive grounding/heartbeat prompts stay smaller under pressure to reduce avoidable context blowouts.
-- **API compatibility fixes**: OpenAI-compatible streaming now captures reasoning deltas from providers that emit them outside `delta.content`, and A2A endpoints are exempt from the main proxy access-key gate so they can rely on their own auth scheme.
-
-### v1.5.33 Highlights
-
-- **CLI global flag compatibility**: legacy-routed commands now honor the documented `--access-key` and `--base-url` aliases even when they appear after the subcommand, so authenticated CLI automation works the same across binary entry points.
-- **Docker build memory hardening**: production Next.js builds now size `--max-old-space-size` from the detected container/cgroup memory limit, with `SWARMCLAW_BUILD_MAX_OLD_SPACE_SIZE_MB` available as an explicit override for constrained Docker Desktop and CI environments.
-
-### v1.5.31 Highlights
-
-- **Fix Docker first-run crash**: resolved `EISDIR: illegal operation on a directory, read` error when running `docker compose up` without a pre-existing `.env.local` file. Docker was creating a directory mount instead of a file, which crashed Next.js on startup. Replaced the file bind mount with `env_file` directive using `required: false`.
-
-### v1.5.4 Highlights
-
-- **Cursor Agent CLI built-in provider**: Cursor Agent CLI is now a first-class worker provider with session continuity, headless execution, and delegation support.
-- **Qwen Code CLI built-in provider**: Qwen Code CLI is now available as a built-in worker provider and delegation backend with structured headless execution support.
-- **Goose built-in provider**: Goose is now supported as a runtime-managed worker provider, using its own local auth and provider configuration while preserving SwarmClaw session continuity.
-- **CLI setup and health parity**: setup flows, provider checks, setup doctor, and provider-facing UI now recognize Cursor, Qwen Code, and Goose alongside the existing CLI-backed providers.
-
-### v1.5.3 Highlights
-
-- **Copilot CLI v1.x compatibility**: the `copilot-cli` provider now handles the current event format (`assistant.message_delta`, `assistant.message`, updated `result` payload) while keeping backward compatibility with the legacy format. Also fixes `--resume` flag syntax. (Community contribution by [@borislavnnikolov](https://github.com/borislavnnikolov) -- PR #36)
-
-### v1.5.2 Highlights
-
-- **Hosted deploy path for SwarmClaw itself**: added root-level `render.yaml`, `fly.toml`, and `railway.json` so the published `ghcr.io/swarmclawai/swarmclaw:latest` image is easier to run on always-on platforms.
-- **Public health endpoint for hosted platforms**: added `/api/healthz` and exempted it from access-key auth so Render, Fly.io, and Railway can perform liveness checks without weakening the rest of the API surface.
-- **OTLP/OpenTelemetry foundation**: SwarmClaw can now export traces for chat turns, direct model streams, protocol runs, and tool execution to any OTLP-compatible backend using environment variables only.
-- **Docs and landing-page deploy refresh**: `swarmclaw.ai` now exposes the hosted deploy path and a dedicated observability guide instead of burying those operator workflows in general setup docs.
-
-### v1.5.1 Highlights
-
-- **Standalone connector lifecycle**: connector start, stop, status, and repair now work correctly in standalone production builds (`npm start` / pm2) where the daemon runs in-process. Previously these operations silently failed because the controller assumed a daemon subprocess was always present. (Community contribution by [@borislavnnikolov](https://github.com/borislavnnikolov) -- PR #35)
-
-### v1.5.0 Highlights
-
-- **First-run activation refresh**: setup now includes a dedicated start-path step, broad starter shapes instead of niche presets, and draft agents generated directly from the chosen setup shape.
-- **Guided post-setup launchpad**: finishing setup now routes through action-oriented next steps such as opening the first agent chat, launching a structured session, connecting platforms, or reviewing usage.
-- **State-aware home and protocols**: fresh workspaces now open on a launchpad instead of a sparse ops dashboard, and the Protocols page now surfaces the visual builder and template gallery directly.
-
-### v1.4.9 Highlights
-
-- **Standalone build reliability**: `public/`, `.next/static/`, and `css-tree/data/` are now automatically copied into the standalone build output, fixing runtime crashes and missing assets when running the standalone bundle. (Community contribution by [@borislavnnikolov](https://github.com/borislavnnikolov) — PR #34)
-
-### v1.4.8 Highlights
-
-- **Agent-scoped SwarmFeed dashboard**: the in-app feed now has an explicit acting-agent model so humans can direct social actions without ever posting as a separate user identity.
-- **Expanded feed surface**: added Bookmarks and Notifications tabs, SwarmFeed search, suggested follows, thread detail sheets, profile sheets, and a restored visible composer.
-- **Broader SwarmFeed tool/API support**: the built-in `swarmfeed` tool and internal API now support follow/unfollow, bookmark/unbookmark, quote reposts, notifications, profile lookup, thread reads, and search.
-- **Social heartbeat enforcement**: task-completion posting, daily/manual-only guardrails, and heartbeat dependency warnings now match the agent-first SwarmFeed model instead of leaving social automation loosely implied.
-
-### v1.4.7 Highlights
-
-- **Hermes Agent built-in provider**: Added first-class Hermes support through the Hermes API server, including optional auth, local or remote `/v1` endpoints, and runtime-managed agent handling.
-- **OpenRouter built-in provider**: OpenRouter is now a built-in provider instead of living only behind the generic custom-provider path.
-- **Runtime-managed provider handling**: Hermes now skips SwarmClaw's local extension/tool injection path so its own runtime stays in control, while setup and model discovery still work through the normal provider flow.
-- **Provider docs refresh**: README and docs now reflect the new provider list, remote Hermes API-server support, and logo assets for OpenRouter and Hermes Agent.
-
-### v1.4.6 Highlights
-
-- **SwarmDock startup sync**: Existing SwarmDock agents now authenticate and reconcile their live marketplace profile on connector start, updating stale description, skills, framework/model metadata, and payout wallet fields
-- **Agent wallet fallback**: SwarmDock connectors now fall back to the agent's selected marketplace wallet when no connector-level wallet address is configured
-- **Task filter fix**: The built-in `swarmdock` tool now uses the correct `skills=` task filter when browsing marketplace tasks from chat
-- **SwarmDock SDK bump**: Updated `@swarmdock/sdk` from `0.5.2` to `0.5.3`, aligning the connector with the published metadata-sync fixes
-
-### v1.4.5 Highlights
-
-- **OpenClaw 2026.4.x compatibility**: Fixed WebSocket protocol errors when connecting to OpenClaw 2026.4.2+ gateways (`profileId` was incorrectly included in RPC params)
-- **OpenClaw dependency bump**: Updated minimum OpenClaw from `2026.2.26` to `2026.4.2`
-
-### v1.4.4 Highlights
-
-- **SwarmDock SDK bump**: Updated `@swarmdock/sdk` from `0.4.1` to `0.5.2`, picking up new error types, skill templates, and agent primitives
-
-### v1.4.3 Highlights
-
-- **SwarmDock agent opt-in**: Agents can now opt into the SwarmDock marketplace directly from their settings sheet with description, skills, wallet, and auto-bid configuration
-- **SwarmFeed & SwarmDock tools**: Agents get `swarmfeed` and `swarmdock` tools auto-enabled when opted in, allowing autonomous posting, replying, liking, browsing tasks, and checking status from chat
-- **Auto-registration**: Enabling SwarmFeed on an agent automatically registers it on the SwarmFeed network (no manual connector setup required)
-- **Marketplace page**: New `/marketplace` sidebar page showing live SwarmDock tasks and agents
-- **Following tab fix**: SwarmFeed Following tab gracefully handles unregistered agents instead of showing a 401 error
-- **Compose removal**: Removed manual compose UI from Feed page — agents post autonomously through their tools
+Older releases: https://swarmclaw.ai/docs/release-notes
 
 - GitHub releases: https://github.com/swarmclawai/swarmclaw/releases
 - npm package: https://www.npmjs.com/package/@swarmclawai/swarmclaw

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.5.37",
+  "version": "1.5.39",
   "description": "Build and run autonomous AI agents with OpenClaw, Hermes, multiple model providers, orchestration, delegation, memory, skills, schedules, and chat connectors.",
   "main": "electron-dist/main.js",
   "license": "MIT",

package/src/components/agents/agent-sheet.tsx

@@ -210,6 +210,11 @@ export function AgentSheet() {
   const [delegationTargetMode, setDelegationTargetMode] = useState<'all' | 'selected'>('all')
   const [delegationTargetAgentIds, setDelegationTargetAgentIds] = useState<string[]>([])
   const [tools, setTools] = useState<string[]>([])
+  // Scoped tool access is the default for new agents (cuts ~3 k input tokens
+  // per turn). Existing agents with no toolAccessMode field persisted stay
+  // universal server-side for backward compat; the new-agent setup path
+  // below also explicitly writes 'scoped' so it persists on save.
+  const [toolAccessMode, setToolAccessMode] = useState<'universal' | 'scoped'>('scoped')
   const [extensions, setExtensions] = useState<string[]>([])
   const [enabledExtensionIds, setEnabledExtensionIds] = useState<Set<string> | null>(null)
   const [skills, setSkills] = useState<string[]>([])
@@ -415,6 +420,7 @@ export function AgentSheet() {
         setDelegationTargetMode(editing.delegationTargetMode === 'selected' ? 'selected' : 'all')
         setDelegationTargetAgentIds(editing.delegationTargetAgentIds || [])
         setTools(getEnabledToolIds(editing))
+        setToolAccessMode(editing.toolAccessMode === 'scoped' ? 'scoped' : 'universal')
         setExtensions(getEnabledExtensionIds(editing))
         setSkills(editing.skills || [])
         setSkillIds(editing.skillIds || [])
@@ -497,6 +503,7 @@ export function AgentSheet() {
         setDelegationTargetMode(src.delegationTargetMode === 'selected' ? 'selected' : 'all')
         setDelegationTargetAgentIds(src.delegationTargetAgentIds || [])
         setTools(getEnabledToolIds(src))
+        setToolAccessMode(src.toolAccessMode === 'scoped' ? 'scoped' : 'universal')
         setExtensions(getEnabledExtensionIds(src))
         setSkills(src.skills || [])
         setSkillIds(src.skillIds || [])
@@ -576,6 +583,7 @@ export function AgentSheet() {
         setDelegationTargetMode('all')
         setDelegationTargetAgentIds([])
         setTools(getDefaultAgentToolIds())
+        setToolAccessMode('scoped')
         setExtensions([])
         setSkills([])
         setSkillIds([])
@@ -783,6 +791,7 @@ export function AgentSheet() {
       delegationTargetMode: delegationEnabled || role === 'coordinator' ? delegationTargetMode : 'all',
       delegationTargetAgentIds: (delegationEnabled || role === 'coordinator') && delegationTargetMode === 'selected' ? delegationTargetAgentIds : [],
       tools,
+      toolAccessMode,
       extensions,
       skills,
       skillIds,
@@ -2005,6 +2014,30 @@ export function AgentSheet() {
         summary={advancedSummary}
         badges={agentAdvancedBadges}
       >
+      <SectionCard
+        title="Context & Tool Access"
+        description="Control how many tools are described in this agent's system prompt. Scoped (default) keeps the agent focused and saves ~3 k input tokens per turn; Universal gives it visibility into every built-in tool."
+        className="mb-6 border-white/[0.05] bg-white/[0.01]"
+      >
+      <div className="space-y-3">
+        <label className="flex items-center gap-3 cursor-pointer">
+          <div
+            onClick={() => setToolAccessMode((current) => current === 'universal' ? 'scoped' : 'universal')}
+            className={`w-11 h-6 rounded-full transition-all duration-200 relative cursor-pointer shrink-0 ${toolAccessMode === 'universal' ? 'bg-accent-bright' : 'bg-white/[0.08]'}`}
+          >
+            <div className={`absolute top-0.5 w-5 h-5 rounded-full bg-white transition-all duration-200 ${toolAccessMode === 'universal' ? 'left-[22px]' : 'left-0.5'}`} />
+          </div>
+          <span className="text-[13px] text-text-2">Universal tool access</span>
+          <HintTip text="Off (default, recommended): the agent only sees tools enabled in its Tools list. On: every built-in tool is described in the system prompt. Turn on only for coordinator agents that need visibility across every possible downstream tool, or temporarily for debugging." />
+        </label>
+        <p className="text-[12px] text-text-3/70 pl-[56px] -mt-1">
+          {toolAccessMode === 'universal'
+            ? 'Full tool universe is injected into the prompt. Costs ~3 k more input tokens per turn.'
+            : 'Only the tools enabled above are visible to the agent — this is the focused default.'}
+        </p>
+      </div>
+      </SectionCard>
+
       <SectionCard
         title="Voice & Autonomy"
         description="Tune voice and the detailed heartbeat behavior for this agent."

package/src/components/tasks/task-card.tsx

@@ -343,9 +343,17 @@ export function TaskCard({
         )}
       </div>
 
-      {task.error && (
-        <p className="mt-2 text-[11px] text-red-400/80 line-clamp-2">{task.error}</p>
-      )}
+      {task.error && (() => {
+        const retryPending =
+          task.status !== 'failed' &&
+          !task.deadLetteredAt &&
+          (task.retryScheduledAt != null || /^Retry scheduled after failure/i.test(task.error))
+        return (
+          <p className={`mt-2 text-[11px] line-clamp-2 ${retryPending ? 'text-amber-400/80' : 'text-red-400/80'}`}>
+            {task.error}
+          </p>
+        )
+      })()}
 
       {/* Inline comments — show latest 2 */}
       {task.comments && task.comments.length > 0 && (

package/src/components/tasks/task-sheet.tsx

@@ -549,15 +549,26 @@ export function TaskSheet() {
           </div>
         )}
 
-        {/* Error */}
-        {editing.error && (
-          <div className="mb-8">
-            <label className="block font-display text-[12px] font-600 text-red-400 uppercase tracking-[0.08em] mb-3">Error</label>
-            <div className="p-4 rounded-[14px] border border-red-500/10 bg-red-500/[0.03] text-[13px] text-red-400/80 whitespace-pre-wrap">
-              {editing.error}
+        {/* Error / Retry notice */}
+        {editing.error && (() => {
+          const retryPending =
+            editing.status !== 'failed' &&
+            !editing.deadLetteredAt &&
+            (editing.retryScheduledAt != null || /^Retry scheduled after failure/i.test(editing.error))
+          const label = retryPending ? 'Retry Pending' : 'Error'
+          const tone = retryPending
+            ? 'border-amber-500/15 bg-amber-500/[0.04] text-amber-300/80'
+            : 'border-red-500/10 bg-red-500/[0.03] text-red-400/80'
+          const labelTone = retryPending ? 'text-amber-400' : 'text-red-400'
+          return (
+            <div className="mb-8">
+              <label className={`block font-display text-[12px] font-600 uppercase tracking-[0.08em] mb-3 ${labelTone}`}>{label}</label>
+              <div className={`p-4 rounded-[14px] border text-[13px] whitespace-pre-wrap ${tone}`}>
+                {editing.error}
+              </div>
             </div>
-          </div>
-        )}
+          )
+        })()}
 
         {/* Comments (with input — adding comments from view mode is useful) */}
         <div className="mb-8">

package/src/lib/providers/openclaw.ts

@@ -422,6 +422,21 @@ export function streamOpenClawChat({ session, message, imagePath, apiKey, write,
 
   const wsUrl = session.apiEndpoint ? deriveOpenClawWsUrl(session.apiEndpoint) : 'ws://127.0.0.1:18789'
   const token = apiKey || session.apiKey || undefined
+  // If the session references a credential but nothing resolved, the credential
+  // was deleted or corrupted. Fail fast with a clear error instead of dialing
+  // the gateway unauthenticated and timing out 120 s later (the original symptom
+  // behind the "OpenClaw gateway timed out after 120 s" report).
+  const credentialIdSet = typeof session.credentialId === 'string' && session.credentialId.trim().length > 0
+  if (credentialIdSet && !token) {
+    return Promise.resolve().then(() => {
+      active.delete(session.id)
+      write(`data: ${JSON.stringify({
+        t: 'err',
+        text: `OpenClaw credential "${session.credentialId}" is missing from the credential store. Reattach an existing credential or create a new one in Settings → Credentials.`,
+      })}\n\n`)
+      return ''
+    })
+  }
   return new Promise((resolve) => {
     let fullResponse = ''
     let settled = false

package/src/lib/server/autonomy/supervisor-reflection.ts

@@ -779,8 +779,20 @@ function writeReflectionMemories(params: {
     { kind: 'open_loop', notes: params.openLoops },
   ]
 
+  // Cross-kind dedup: skip notes whose normalized text we've already stored
+  // this run. The reflection classifier often produces near-identical notes
+  // under multiple kinds (e.g. "successfully completed a multi-step task…"
+  // appearing as both invariant and lesson), which floods memory with noise.
+  const seenNormalized = new Set<string>()
+  const normalizeNote = (note: string): string =>
+    note.toLowerCase().replace(/\s+/g, ' ').trim().slice(0, 240)
+
   for (const group of groups) {
     for (const note of group.notes) {
+      const norm = normalizeNote(note)
+      if (!norm) continue
+      if (seenNormalized.has(norm)) continue
+      seenNormalized.add(norm)
       const metadata: Record<string, unknown> = {
         origin: 'autonomy-reflection',
         reflectionId: params.reflectionId,

package/src/lib/server/build-llm.test.ts

@@ -238,6 +238,18 @@ test('buildChatModel keeps local Ollama local even when a credential and :cloud
   assert.equal(llm.clientConfig?.baseURL, 'http://localhost:11434/v1')
 })
 
+test('buildChatModel disables parallel_tool_calls for Ollama local to avoid duplicate tool emissions from some OSS models', () => {
+  const llm = buildChatModel({
+    provider: 'ollama',
+    model: 'devstral',
+    ollamaMode: 'local',
+    apiKey: null,
+  }) as ChatOpenAI & { modelKwargs?: Record<string, unknown> }
+
+  assert.equal(llm.modelKwargs?.parallel_tool_calls, false)
+  assert.equal(llm.clientConfig?.baseURL, 'http://localhost:11434/v1')
+})
+
 test('buildChatModel uses Ollama Cloud only when explicit cloud mode is selected', () => {
   saveCredentials({
     'cred-1': {

package/src/lib/server/build-llm.ts

@@ -38,6 +38,7 @@ type OpenAiReasoningEffort = 'low' | 'medium' | 'high'
 type ChatOpenAiConfig = ConstructorParameters<typeof ChatOpenAI>[0] & {
   modelKwargs?: {
     reasoning_effort?: OpenAiReasoningEffort
+    parallel_tool_calls?: boolean
   }
   configuration?: {
     baseURL?: string
@@ -104,6 +105,7 @@ export function buildChatModel(opts: {
       timeout: OPENAI_COMPAT_MODEL_TIMEOUT_MS,
       maxRetries: OPENAI_COMPAT_MODEL_MAX_RETRIES,
       configuration: { baseURL },
+      modelKwargs: { parallel_tool_calls: false },
     })
   }
 

package/src/lib/server/chat-execution/chat-turn-preparation.ts

@@ -1,6 +1,7 @@
 import fs from 'fs'
 import os from 'os'
 
+import { log } from '@/lib/server/logger'
 import { getProvider } from '@/lib/providers'
 import type { ExecutionBrief, Message, Session } from '@/types'
 import {
@@ -14,7 +15,7 @@ import { loadSettings } from '@/lib/server/settings/settings-repository'
 import { loadSkills } from '@/lib/server/skills/skill-repository'
 import { resolveImagePath } from '@/lib/server/resolve-image'
 import { resolveSessionToolPolicy } from '@/lib/server/tool-capability-policy'
-import { listUniversalToolAccessExtensionIds } from '@/lib/server/universal-tool-access'
+import { listUniversalToolAccessExtensionIds, listScopedToolAccessExtensionIds } from '@/lib/server/universal-tool-access'
 import {
   buildAgentDisabledMessage,
   isAgentDisabled,
@@ -331,9 +332,17 @@ function buildAgentSystemPrompt(
   const allowSilentReplies = isDirectConnectorSession(session)
   const lightweightDirectChat = options?.lightweightDirectChat === true
   const parts: string[] = []
-  const enabledExtensions = listUniversalToolAccessExtensionIds(
-    getEnabledCapabilityIds(session).length > 0 ? getEnabledCapabilityIds(session) : getEnabledCapabilityIds(agent),
-  )
+  const capabilityIds = getEnabledCapabilityIds(session).length > 0
+    ? getEnabledCapabilityIds(session)
+    : getEnabledCapabilityIds(agent)
+  // Scoped tool access is the new default: if the agent declares a non-empty
+  // `tools` list, the system prompt only describes those tools. Explicit
+  // `toolAccessMode: 'universal'` opts into the full firehose (for coordinators
+  // or debugging). Agents with no declared tools fall back to universal so
+  // empty-config agents aren't crippled.
+  const enabledExtensions = agent.toolAccessMode !== 'universal' && Array.isArray(agent.tools) && agent.tools.length > 0
+    ? listScopedToolAccessExtensionIds(agent.tools, capabilityIds)
+    : listUniversalToolAccessExtensionIds(capabilityIds)
 
   const identityLines = ['## My Identity']
   identityLines.push(`Name: ${agent.name}`)
@@ -418,7 +427,17 @@ function buildAgentSystemPrompt(
     'You run on an autonomous heartbeat. If you receive a heartbeat poll and nothing needs attention, reply exactly: HEARTBEAT_OK',
   ].join('\n'))
 
-  return parts.join('\n\n')
+  const assembled = parts.join('\n\n')
+  if (process.env.SWARMCLAW_PROFILE_PROMPT === '1') {
+    // Dump per-section sizes once per turn to help size the context budget.
+    // Kept behind an env flag so production turns stay quiet.
+    const sectionSizes = parts.map((block, idx) => {
+      const firstLine = block.split('\n', 1)[0]
+      return `  [${idx}] ${firstLine.slice(0, 60)} — ${block.length} chars`
+    }).join('\n')
+    log.info('prompt-profile', `System prompt assembled (${assembled.length} chars, ${parts.length} blocks, ${enabledExtensions.length} extensions):\n${sectionSizes}`)
+  }
+  return assembled
 }
 
 function resolveApiKeyForSession(session: SessionWithCredentials, provider: ProviderApiKeyConfig): string | null {
@@ -536,8 +555,16 @@ export async function prepareChatTurn(input: ExecuteChatTurnInput): Promise<Prep
   const runtimeCapabilityIds = filterRuntimeCapabilityIds(getEnabledCapabilityIds(session), {
     delegationEnabled: agentForSession?.delegationEnabled === true,
   })
+  // Match the resolver in buildAgentSystemPrompt: default to scoped whenever
+  // the agent declares a non-empty tools list, unless explicitly set to
+  // 'universal'. Agents with no declared tools stay universal.
+  const scopedAccess = agentForSession?.toolAccessMode !== 'universal'
+    && Array.isArray(agentForSession?.tools)
+    && (agentForSession!.tools!.length > 0)
   const requestedCapabilityIds = runtimeCapabilityIds.length > 0
-    ? listUniversalToolAccessExtensionIds(runtimeCapabilityIds)
+    ? (scopedAccess
+      ? listScopedToolAccessExtensionIds(agentForSession!.tools!, runtimeCapabilityIds)
+      : listUniversalToolAccessExtensionIds(runtimeCapabilityIds))
     : []
   const toolPolicy = resolveSessionToolPolicy(requestedCapabilityIds, appSettings)
   const isHeartbeatRun = input.internal === true && source === 'heartbeat'

package/src/lib/server/chat-execution/chat-turn-state.test.ts

@@ -0,0 +1,39 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import { ChatTurnState } from '@/lib/server/chat-execution/chat-turn-state'
+
+describe('ChatTurnState snapshot/restore', () => {
+  it('round-trips lastToolSummaryTextLen so a rollback does not skip a legitimate tool_summary retry', () => {
+    // Regression: before this field was included in the snapshot, a transient
+    // error + restore() would leave lastToolSummaryTextLen ahead of fullText.
+    // The no-progress guard in checkToolSummary then saw a negative delta and
+    // silently skipped the retry — the model lost its chance to summarize.
+    const state = new ChatTurnState()
+    state.fullText = 'initial prompt text'
+    state.hasToolCalls = true
+    const snap = state.snapshot()
+    assert.equal(snap.lastToolSummaryTextLen, -1)
+
+    // Simulate a tool_summary retry that advanced the guard counter, then a
+    // rollback to the pre-iteration snapshot.
+    state.lastToolSummaryTextLen = state.fullText.length
+    state.fullText += ' partial speculative output that gets thrown away'
+    state.restore(snap)
+
+    assert.equal(state.lastToolSummaryTextLen, -1)
+    assert.equal(state.fullText, 'initial prompt text')
+  })
+
+  it('preserves an already-advanced lastToolSummaryTextLen across a non-rollback snapshot cycle', () => {
+    const state = new ChatTurnState()
+    state.fullText = 'Here is the answer.'
+    state.lastToolSummaryTextLen = state.fullText.length
+    const snap = state.snapshot()
+
+    state.fullText += ' Extended thought.'
+    state.restore(snap)
+
+    assert.equal(state.lastToolSummaryTextLen, 'Here is the answer.'.length)
+    assert.equal(state.fullText, 'Here is the answer.')
+  })
+})

package/src/lib/server/chat-execution/chat-turn-state.ts

@@ -19,6 +19,7 @@ export interface TurnStateSnapshot {
   toolFrequencyBlocked: string | false
   terminalToolBoundary: 'memory_write' | 'durable_wait' | 'context_compaction' | null
   memoryWriteTerminalAllowed: boolean | null
+  lastToolSummaryTextLen: number
 }
 
 export class ChatTurnState {
@@ -39,6 +40,7 @@ export class ChatTurnState {
   terminalToolBoundary: 'memory_write' | 'durable_wait' | 'context_compaction' | null = null
   terminalToolResponse = ''
   memoryWriteTerminalAllowed: boolean | null = null
+  lastToolSummaryTextLen = -1
 
   snapshot(): TurnStateSnapshot {
     return {
@@ -53,6 +55,7 @@ export class ChatTurnState {
       toolFrequencyBlocked: this.toolFrequencyBlocked,
       terminalToolBoundary: this.terminalToolBoundary,
       memoryWriteTerminalAllowed: this.memoryWriteTerminalAllowed,
+      lastToolSummaryTextLen: this.lastToolSummaryTextLen,
     }
   }
 
@@ -68,6 +71,7 @@ export class ChatTurnState {
     this.toolFrequencyBlocked = snap.toolFrequencyBlocked
     this.terminalToolBoundary = snap.terminalToolBoundary
     this.memoryWriteTerminalAllowed = snap.memoryWriteTerminalAllowed
+    this.lastToolSummaryTextLen = snap.lastToolSummaryTextLen
   }
 
   /**

package/src/lib/server/chat-execution/continuation-evaluator.ts

@@ -28,6 +28,7 @@ import {
 } from '@/lib/server/chat-execution/memory-mutation-tools'
 import { shouldForceAttachmentFollowthrough } from '@/lib/server/chat-execution/prompt-builder'
 import { shouldSkipToolSummaryForShortResponse } from '@/lib/server/chat-execution/chat-streaming-utils'
+import { toolSummaryHasMeaningfulProgress } from '@/lib/server/chat-execution/tool-summary-progress'
 import { logExecution, type LogCategory } from '@/lib/server/execution-log'
 
 // ---------------------------------------------------------------------------
@@ -378,6 +379,15 @@ function checkToolSummary(ctx: ContinuationContext): ContinuationDecision | null
     )
   )
   if (!textIsTrivial) return null
+  const currentLen = ctx.state.fullText.length
+  const priorLen = ctx.state.lastToolSummaryTextLen
+  if (!toolSummaryHasMeaningfulProgress(priorLen, currentLen)) {
+    logStatus(ctx, 'decision', `Tool summary retry skipped — no meaningful progress (delta=${currentLen - priorLen} chars)`, {
+      priorLen, currentLen, toolEventCount: ctx.state.streamedToolEvents.length,
+    })
+    return null
+  }
+  ctx.state.lastToolSummaryTextLen = currentLen
   const count = ctx.limits.increment('tool_summary')
   const summaryReason = !ctx.state.fullText.trim() ? 'empty_response_after_tools' : 'trivial_preamble_after_tools'
   logStatus(ctx, 'decision', `Tools called but response text is trivial (${ctx.state.fullText.trim().length} chars) — forcing summary continuation`, {

package/src/lib/server/chat-execution/tool-event-tracker.test.ts

@@ -33,4 +33,71 @@ describe('tool-event-tracker', () => {
     assert.equal(tracker.complete('nested_1'), false)
     assert.equal(tracker.pendingCount, 0)
   })
+
+  it('suppresses duplicate parallel tool_calls with identical name+input in the same turn', () => {
+    const tracker = new LangGraphToolEventTracker()
+    const metadata = { langgraph_node: 'tools' }
+    const event = { name: 'files', data: { input: { action: 'write', path: '/tmp/x' } }, metadata }
+
+    // First acceptance emits; second identical call is swallowed.
+    assert.equal(tracker.acceptStart({ run_id: 'r1', ...event }), true)
+    assert.equal(tracker.acceptStart({ run_id: 'r2', ...event }), false)
+    assert.equal(tracker.pendingCount, 1)
+
+    // complete() returns false for the suppressed one so the caller skips its result too.
+    assert.equal(tracker.complete('r2'), false)
+    assert.equal(tracker.complete('r1'), true)
+    assert.equal(tracker.pendingCount, 0)
+
+    // After the first call fully completes, a legitimately later identical call is accepted.
+    assert.equal(tracker.acceptStart({ run_id: 'r3', ...event }), true)
+    assert.equal(tracker.complete('r3'), true)
+  })
+
+  it('does not leak the accepted run if the same run_id re-enters acceptStart', () => {
+    // Guards against replayed start events (e.g., HMR, graph retries) causing
+    // the same run_id to be recorded both as accepted and suppressed, which
+    // would leave pendingCount > 0 after complete().
+    const tracker = new LangGraphToolEventTracker()
+    const metadata = { langgraph_node: 'tools' }
+    const event = { name: 'shell', data: { input: { cmd: 'ls' } }, metadata }
+
+    assert.equal(tracker.acceptStart({ run_id: 'same', ...event }), true)
+    assert.equal(tracker.acceptStart({ run_id: 'same', ...event }), false)
+    assert.equal(tracker.pendingCount, 1)
+    assert.equal(tracker.complete('same'), true)
+    assert.equal(tracker.pendingCount, 0)
+  })
+
+  it('handles triple-duplicate (2 suppressed) parallel tool_calls cleanly', () => {
+    const tracker = new LangGraphToolEventTracker()
+    const metadata = { langgraph_node: 'tools' }
+    const event = { name: 'files', data: { input: { action: 'read', path: '/a' } }, metadata }
+
+    assert.equal(tracker.acceptStart({ run_id: 'r1', ...event }), true)
+    assert.equal(tracker.acceptStart({ run_id: 'r2', ...event }), false)
+    assert.equal(tracker.acceptStart({ run_id: 'r3', ...event }), false)
+    assert.equal(tracker.pendingCount, 1)
+
+    // Out-of-order completions still settle correctly.
+    assert.equal(tracker.complete('r3'), false)
+    assert.equal(tracker.complete('r1'), true)
+    assert.equal(tracker.complete('r2'), false)
+    assert.equal(tracker.pendingCount, 0)
+  })
+
+  it('distinct inputs produce distinct signatures and both are accepted', () => {
+    const tracker = new LangGraphToolEventTracker()
+    const metadata = { langgraph_node: 'tools' }
+
+    assert.equal(tracker.acceptStart({
+      run_id: 'a', name: 'files', data: { input: { path: '/a' } }, metadata,
+    }), true)
+    assert.equal(tracker.acceptStart({
+      run_id: 'b', name: 'files', data: { input: { path: '/b' } }, metadata,
+    }), true)
+    assert.equal(tracker.pendingCount, 2)
+    assert.equal(tracker.complete('a'), true)
+    assert.equal(tracker.complete('b'), true)
+  })
 })

package/src/lib/server/chat-execution/tool-event-tracker.ts

@@ -1,5 +1,7 @@
 export interface StreamToolEventLike {
   run_id: string
+  name?: string
+  data?: { input?: unknown }
   metadata?: Record<string, unknown>
 }
 
@@ -9,18 +11,54 @@ export function isLangGraphToolNodeMetadata(metadata: Record<string, unknown> |
     || typeof metadata.__pregel_task_id === 'string'
 }
 
+function toolCallSignature(event: StreamToolEventLike): string {
+  const name = event.name || ''
+  // Only dedup when we have enough to form a meaningful signature — name
+  // is required. Otherwise callers (and tests) that track distinct run ids
+  // with no name/input must continue to work as before.
+  if (!name) return ''
+  const input = event.data?.input
+  const inputStr = typeof input === 'string' ? input : JSON.stringify(input ?? '')
+  return `${name}:${inputStr}`
+}
+
 export class LangGraphToolEventTracker {
   private readonly acceptedRunIds = new Set<string>()
+  private readonly suppressedRunIds = new Set<string>()
+  // Active signatures -> first accepted run_id. Used to suppress duplicate
+  // parallel tool_calls emitted by some open-source models (e.g. Ollama's
+  // devstral emits identical tool_calls twice per turn).
+  private readonly activeSignatures = new Map<string, string>()
 
   acceptStart(event: StreamToolEventLike): boolean {
     if (!isLangGraphToolNodeMetadata(event.metadata)) return false
+    const signature = toolCallSignature(event)
+    if (signature && this.activeSignatures.has(signature)) {
+      const firstAcceptedId = this.activeSignatures.get(signature)
+      // If the incoming run_id matches the already-accepted one, this is a
+      // duplicate start event for the same run — treat as a no-op accept
+      // (do not suppress, since we must still acknowledge its completion).
+      if (firstAcceptedId === event.run_id) return false
+      this.suppressedRunIds.add(event.run_id)
+      return false
+    }
+    if (signature) this.activeSignatures.set(signature, event.run_id)
     this.acceptedRunIds.add(event.run_id)
     return true
   }
 
   complete(runId: string): boolean {
+    if (this.suppressedRunIds.has(runId)) {
+      this.suppressedRunIds.delete(runId)
+      return false
+    }
     if (!this.acceptedRunIds.has(runId)) return false
     this.acceptedRunIds.delete(runId)
+    // Clear matching signature so a legitimately-new call with the same args
+    // later in the turn is not mistaken for a duplicate.
+    for (const [sig, id] of this.activeSignatures) {
+      if (id === runId) { this.activeSignatures.delete(sig); break }
+    }
     return true
   }
 

package/src/lib/server/chat-execution/tool-summary-progress.test.ts

@@ -0,0 +1,42 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import {
+  TOOL_SUMMARY_PROGRESS_MIN_DELTA,
+  toolSummaryHasMeaningfulProgress,
+} from '@/lib/server/chat-execution/tool-summary-progress'
+
+describe('toolSummaryHasMeaningfulProgress (no-progress guard for tool_summary retries)', () => {
+  it('allows the first retry even when fullText is empty (sentinel priorLen = -1)', () => {
+    assert.equal(toolSummaryHasMeaningfulProgress(-1, 0), true)
+  })
+
+  it('allows the first retry even when some text already exists (sentinel priorLen = -1)', () => {
+    assert.equal(toolSummaryHasMeaningfulProgress(-1, 9999), true)
+  })
+
+  it('skips subsequent retries when the delta is below the minimum', () => {
+    assert.equal(toolSummaryHasMeaningfulProgress(100, 105), false)
+    assert.equal(toolSummaryHasMeaningfulProgress(100, 100), false)
+    // The boundary: exactly MIN_DELTA - 1 still skips.
+    assert.equal(
+      toolSummaryHasMeaningfulProgress(100, 100 + TOOL_SUMMARY_PROGRESS_MIN_DELTA - 1),
+      false,
+    )
+  })
+
+  it('allows a retry when the delta meets or exceeds the minimum', () => {
+    assert.equal(
+      toolSummaryHasMeaningfulProgress(100, 100 + TOOL_SUMMARY_PROGRESS_MIN_DELTA),
+      true,
+    )
+    assert.equal(toolSummaryHasMeaningfulProgress(100, 1000), true)
+  })
+
+  it('skips retry when fullText SHRANK after a restore — protects against stale priorLen post-rollback', () => {
+    // This scenario was the real reason we also added lastToolSummaryTextLen to
+    // ChatTurnState snapshot/restore. Here we just verify the math: if priorLen
+    // is ahead of currentLen (e.g., rollback happened without syncing the
+    // counter), the delta is negative, so the guard correctly skips retry.
+    assert.equal(toolSummaryHasMeaningfulProgress(500, 200), false)
+  })
+})

package/src/lib/server/chat-execution/tool-summary-progress.ts

@@ -0,0 +1,13 @@
+/** Minimum new-character delta required between tool_summary retries. */
+export const TOOL_SUMMARY_PROGRESS_MIN_DELTA = 30
+
+/**
+ * Returns false when a prior tool_summary retry already ran and the model
+ * has produced essentially no additional text on the follow-up turn — the
+ * signal to stop retrying. On the first pass (priorLen < 0) this is always
+ * true so the retry can happen at least once.
+ */
+export function toolSummaryHasMeaningfulProgress(priorLen: number, currentLen: number): boolean {
+  if (priorLen < 0) return true
+  return currentLen - priorLen >= TOOL_SUMMARY_PROGRESS_MIN_DELTA
+}

package/src/lib/server/openclaw/gateway.ts

@@ -51,6 +51,9 @@ function buildGatewayConfigFromAgent(agent: Agent, options?: { allowDisabled?: b
   const route = resolvePrimaryAgentRoute(agent)
   if (route?.provider !== 'openclaw') return null
 
+  const credential = resolveTokenForCredential(route.credentialId)
+  if (credential.dangling) return null
+
   const routeProfile = route.gatewayProfileId ? getGatewayProfile(route.gatewayProfileId) : null
   return {
     key: route.gatewayProfileId ? `profile:${route.gatewayProfileId}` : `agent:${agent.id}`,
@@ -60,7 +63,7 @@ function buildGatewayConfigFromAgent(agent: Agent, options?: { allowDisabled?: b
       : route.apiEndpoint
         ? deriveOpenClawWsUrl(route.apiEndpoint)
         : DEFAULT_OPENCLAW_WS_URL,
-    token: resolveTokenForCredential(route.credentialId),
+    token: credential.token,
   }
 }
 
@@ -80,15 +83,28 @@ function normalizeWsUrl(raw: string): string {
   return url.replace(/^http:/i, 'ws:').replace(/^https:/i, 'wss:')
 }
 
-function resolveTokenForCredential(credentialId?: string | null): string | undefined {
-  if (!credentialId) return undefined
+/**
+ * Resolves an OpenClaw gateway credential.
+ *
+ * - `credentialId` null/undefined: the caller wants an unauthenticated
+ *   connection. Returns `{ token: undefined, dangling: false }`.
+ * - `credentialId` set and resolvable: returns `{ token, dangling: false }`.
+ * - `credentialId` set but missing/deleted: returns `{ token: undefined,
+ *   dangling: true }`. Callers should treat this as a hard configuration
+ *   error and refuse to dial — otherwise the WS handshake fails as
+ *   `unauthorized: gateway token missing` and the agent-side timeout waits
+ *   the full 120 s before surfacing the error to the user.
+ */
+function resolveTokenForCredential(credentialId?: string | null): { token: string | undefined; dangling: boolean } {
+  if (!credentialId) return { token: undefined, dangling: false }
   const secret = resolveCredentialSecret(credentialId)
   if (!secret) {
-    log.warn(TAG, `Credential "${credentialId}" is referenced but could not be resolved — gateway connection will lack a token`, {
+    log.error(TAG, `Credential "${credentialId}" is referenced but missing from the credential store — refusing gateway connection`, {
       credentialId,
     })
+    return { token: undefined, dangling: true }
   }
-  return secret || undefined
+  return { token: secret, dangling: false }
 }
 
 export function resolveGatewayConfig(target?: {
@@ -99,11 +115,13 @@ export function resolveGatewayConfig(target?: {
   if (profileId) {
     const profile = getGatewayProfile(profileId)
     if (!profile) return null
+    const credential = resolveTokenForCredential(profile.credentialId)
+    if (credential.dangling) return null
     return {
       key: `profile:${profile.id}`,
       profileId: profile.id,
       wsUrl: profile.wsUrl ? normalizeWsUrl(profile.wsUrl) : deriveOpenClawWsUrl(profile.endpoint),
-      token: resolveTokenForCredential(profile.credentialId),
+      token: credential.token,
     }
   }
 
@@ -123,11 +141,13 @@ export function resolveGatewayConfig(target?: {
   const gatewayProfiles = getGatewayProfiles('openclaw')
   if (gatewayProfiles[0]) {
     const profile = gatewayProfiles[0]
+    const credential = resolveTokenForCredential(profile.credentialId)
+    if (credential.dangling) return null
     return {
       key: `profile:${profile.id}`,
       profileId: profile.id,
       wsUrl: profile.wsUrl ? normalizeWsUrl(profile.wsUrl) : deriveOpenClawWsUrl(profile.endpoint),
-      token: resolveTokenForCredential(profile.credentialId),
+      token: credential.token,
     }
   }
   return null

package/src/lib/server/runtime/perf.ts

@@ -34,7 +34,11 @@ const perfState = hmrSingleton('__swarmclaw_perf__', () => ({
   recentEntries: [] as PerfEntry[],
 }))
 
-const MAX_RECENT = 200
+// Keep a generous ring buffer so perf entries from a chat turn survive the
+// flurry of repository/queue events that fire between them. 200 was too small
+// — queue.get/tasks.list fire ~20/s during task processing and would evict
+// chat-execution/prompt entries before they could be read.
+const MAX_RECENT = 2000
 
 function emitEntry(entry: PerfEntry): void {
   perfState.recentEntries.push(entry)

package/src/lib/server/runtime/queue/core.ts

@@ -700,6 +700,7 @@ export function reconcileFinishedRunningTasks(): { reconciled: number; deadLette
     if (!fallbackText && !task.result) {
       task.status = 'failed'
       task.result = 'Agent session finished without producing output.'
+      task.checkoutRunId = null
       task.updatedAt = now
       tasksDirty = true
       continue
@@ -964,6 +965,7 @@ function scheduleRetryOrDeadLetter(task: BoardTask, reason: string): 'retry' | '
   if (isCancelledTask(task)) {
     task.retryScheduledAt = null
     task.deadLetteredAt = null
+    task.checkoutRunId = null
     task.updatedAt = Date.now()
     return 'dead_lettered'
   }
@@ -975,6 +977,10 @@ function scheduleRetryOrDeadLetter(task: BoardTask, reason: string): 'retry' | '
     const delayMs = jitteredBackoff((task.retryBackoffSec || 30) * 1000, Math.max(0, (task.attempts || 1) - 1), 6 * 3600_000)
     task.status = 'queued'
     task.retryScheduledAt = now + delayMs
+    // Release the prior checkout so the task can be checked out again on retry.
+    // Without this, checkoutTask() returns null every attempt and the orphan-
+    // recovery loop burns CPU re-queueing a task that can never run.
+    task.checkoutRunId = null
     task.updatedAt = now
     task.error = `Retry scheduled after failure: ${reason}`.slice(0, 500)
     if (!task.comments) task.comments = []
@@ -990,6 +996,7 @@ function scheduleRetryOrDeadLetter(task: BoardTask, reason: string): 'retry' | '
   task.status = 'failed'
   task.deadLetteredAt = now
   task.retryScheduledAt = null
+  task.checkoutRunId = null
   task.updatedAt = now
   task.error = `Dead-lettered after ${task.attempts}/${task.maxAttempts} attempts: ${reason}`.slice(0, 500)
   if (!task.comments) task.comments = []
@@ -1099,13 +1106,23 @@ export async function processNext() {
       const currentQueue = loadQueue()
       const queueSet = new Set(currentQueue)
       let recovered = false
+      let tasksDirty = false
       for (const [id, t] of Object.entries(allTasks) as [string, BoardTask][]) {
         if (t.status === 'queued' && !queueSet.has(id)) {
           log.info(TAG, `[queue] Recovering orphaned queued task: "${t.title}" (${id})`)
+          // Defence in depth: a queued task must not carry a stale checkoutRunId
+          // (left over from pre-1.5.38 retries). If it does, checkoutTask() will
+          // reject every attempt and this orphan-recovery loop will spin at 100%
+          // CPU re-queueing a task that can never run.
+          if (t.checkoutRunId) {
+            t.checkoutRunId = null
+            tasksDirty = true
+          }
           pushQueueUnique(currentQueue, id)
           recovered = true
         }
       }
+      if (tasksDirty) saveTasks(allTasks)
       if (recovered) saveQueue(currentQueue)
     }
 
@@ -1146,6 +1163,7 @@ export async function processNext() {
       if (!agent) {
         task.status = 'failed'
         task.deadLetteredAt = Date.now()
+        task.checkoutRunId = null
         task.error = `Agent ${task.agentId} not found`
         task.updatedAt = Date.now()
         saveTasks(latestTasks)
@@ -1176,6 +1194,7 @@ export async function processNext() {
         } else {
           task.status = 'failed'
           task.deadLetteredAt = Date.now()
+          task.checkoutRunId = null
           task.error = `No agent matches required capabilities: [${reqCaps.join(', ')}]`
           task.updatedAt = Date.now()
           saveTasks(latestTasks)

package/src/lib/server/runtime/queue-recovery.test.ts

@@ -248,6 +248,182 @@ describe('queue recovery', () => {
     assert.equal(output.scheduledCalls, 1)
   })
 
+  it('scheduleRetryOrDeadLetter via stall recovery clears checkoutRunId so the next attempt can check out', () => {
+    // Regression: a task transitioning running -> queued on retry must release its
+    // prior checkout. Without this, checkoutTask() returns null on every attempt
+    // and the orphan-recovery loop burns CPU re-queueing a task that can never run.
+    const output = runWithTempDataDir<{
+      status: string | null
+      checkoutRunId: string | null
+      queued: string[]
+      attempts: number | null
+    }>(`
+      const storageMod = await import('@/lib/server/storage')
+      const queueMod = await import('@/lib/server/runtime/queue')
+      const storage = storageMod.default || storageMod
+      const queue = queueMod.default || queueMod
+
+      const now = Date.now()
+      storage.saveSettings({
+        ...storage.loadSettings(),
+        taskStallTimeoutMin: 5,
+        taskRetryBackoffSec: 30,
+      })
+      storage.saveTasks({
+        stuck: {
+          id: 'stuck',
+          title: 'Stuck with stale checkout',
+          description: 'Running task that stalled and must release its checkout on retry',
+          status: 'running',
+          agentId: 'agent-a',
+          startedAt: now - 600_000,
+          updatedAt: now - 600_000,
+          createdAt: now - 700_000,
+          maxAttempts: 3,
+          attempts: 0,
+          checkoutRunId: 'stale-run-id',
+        },
+      })
+      storage.saveQueue([])
+
+      const originalSetTimeout = globalThis.setTimeout
+      globalThis.setTimeout = () => 0
+      try {
+        queue.recoverStalledRunningTasks()
+      } finally {
+        globalThis.setTimeout = originalSetTimeout
+      }
+
+      const task = storage.loadTasks().stuck
+      console.log(JSON.stringify({
+        status: task?.status ?? null,
+        checkoutRunId: task?.checkoutRunId ?? null,
+        queued: storage.loadQueue(),
+        attempts: task?.attempts ?? null,
+      }))
+    `)
+
+    assert.equal(output.status, 'queued', 'task should be requeued for retry')
+    assert.equal(output.checkoutRunId, null, 'stale checkoutRunId must be released so retry can check out')
+    assert.deepEqual(output.queued, ['stuck'])
+    assert.equal(output.attempts, 1)
+  })
+
+  it('processNext orphan recovery clears stale checkoutRunId on queued tasks', () => {
+    // Regression: tasks written before the 1.5.38 fix could land in storage with
+    // status='queued' + a set checkoutRunId (because the old scheduleRetryOrDeadLetter
+    // forgot to release the checkout). Orphan recovery must repair this invalid combo
+    // so the next checkoutTask() can succeed — otherwise the loop spins forever.
+    const output = runWithTempDataDir<{
+      status: string | null
+      checkoutRunId: string | null
+      queued: string[]
+    }>(`
+      const storageMod = await import('@/lib/server/storage')
+      const queueMod = await import('@/lib/server/runtime/queue')
+      const storage = storageMod.default || storageMod
+      const queue = queueMod.default || queueMod
+
+      const now = Date.now()
+      storage.saveAgents({
+        'agent-a': {
+          id: 'agent-a',
+          name: 'Agent A',
+          provider: 'openai',
+          model: 'gpt-test',
+          createdAt: now,
+          updatedAt: now,
+        },
+      })
+      storage.saveTasks({
+        stale: {
+          id: 'stale',
+          title: 'Pre-1.5.38 stuck task',
+          description: 'Queued but still holds a stale checkoutRunId from a prior failed run',
+          status: 'queued',
+          agentId: 'agent-a',
+          checkoutRunId: 'stale-run-id',
+          createdAt: now - 10_000,
+          updatedAt: now - 10_000,
+        },
+      })
+      // Intentionally NOT in the queue array — simulates the orphan condition.
+      storage.saveQueue([])
+
+      await queue.processNext()
+
+      const task = storage.loadTasks().stale
+      console.log(JSON.stringify({
+        status: task?.status ?? null,
+        checkoutRunId: task?.checkoutRunId ?? null,
+        queued: storage.loadQueue(),
+      }))
+    `)
+
+    // Orphan recovery should have put the task back in the queue AND cleared the stale id.
+    assert.equal(output.checkoutRunId, null, 'orphan recovery must clear stale checkoutRunId')
+    // After recovery the task either stayed queued or moved to running (depending on concurrency).
+    // Either way it must not still be stuck in an orphan state.
+    assert.ok(
+      output.status === 'queued' || output.status === 'running' || output.status === 'failed',
+      `unexpected status after recovery: ${output.status}`,
+    )
+  })
+
+  it('dead-letter path clears checkoutRunId so terminal tasks do not appear checked-out', () => {
+    const output = runWithTempDataDir<{
+      status: string | null
+      checkoutRunId: string | null
+      attempts: number | null
+    }>(`
+      const storageMod = await import('@/lib/server/storage')
+      const queueMod = await import('@/lib/server/runtime/queue')
+      const storage = storageMod.default || storageMod
+      const queue = queueMod.default || queueMod
+
+      const now = Date.now()
+      storage.saveSettings({
+        ...storage.loadSettings(),
+        taskStallTimeoutMin: 5,
+      })
+      storage.saveTasks({
+        doomed: {
+          id: 'doomed',
+          title: 'Exhausted retries',
+          description: 'Task at its last attempt that stalls should dead-letter and release checkout',
+          status: 'running',
+          agentId: 'agent-a',
+          startedAt: now - 600_000,
+          updatedAt: now - 600_000,
+          createdAt: now - 700_000,
+          maxAttempts: 2,
+          attempts: 1,
+          checkoutRunId: 'stale-run-id',
+        },
+      })
+      storage.saveQueue([])
+
+      const originalSetTimeout = globalThis.setTimeout
+      globalThis.setTimeout = () => 0
+      try {
+        queue.recoverStalledRunningTasks()
+      } finally {
+        globalThis.setTimeout = originalSetTimeout
+      }
+
+      const task = storage.loadTasks().doomed
+      console.log(JSON.stringify({
+        status: task?.status ?? null,
+        checkoutRunId: task?.checkoutRunId ?? null,
+        attempts: task?.attempts ?? null,
+      }))
+    `)
+
+    assert.equal(output.status, 'failed', 'task should be dead-lettered after exhausting retries')
+    assert.equal(output.checkoutRunId, null, 'dead-lettered tasks must not retain a stale checkoutRunId')
+    assert.equal(output.attempts, 2)
+  })
+
   it('resumeQueue restores blocked queued tasks without clobbering their queuedAt timestamp', () => {
     const output = runWithTempDataDir<{
       queued: string[]

package/src/lib/server/skills/runtime-skill-resolver.ts

@@ -654,6 +654,16 @@ export function resolveRuntimeSkills(options: ResolveRuntimeSkillsOptions = {}):
   }
 }
 
+// Dedicated sub-budget for auto-attached learned skills. buildSeedFromLearned
+// marks every learned skill as `attached`, which means a single coordinator
+// agent with 100+ historical learnings could flood the whole 30 k pinned-skill
+// block every turn (observed: 178 learned skills / 176 k chars candidate pool
+// → 24 k-char Pinned Skills section on every CEO turn). We cap learned-skill
+// injection well below the full budget so explicitly-pinned/always-on skills
+// still fit afterward.
+const MAX_LEARNED_SKILLS_PROMPT_CHARS = 8000
+const MAX_LEARNED_SKILLS_IN_PROMPT = 6
+
 function selectPromptSkills(skills: ResolvedRuntimeSkill[]): ResolvedRuntimeSkill[] {
   const ordered = [...skills]
     .filter((skill) =>
@@ -670,16 +680,39 @@ function selectPromptSkills(skills: ResolvedRuntimeSkill[]): ResolvedRuntimeSkil
 
   const selected: ResolvedRuntimeSkill[] = []
   let totalChars = 0
+  let learnedChars = 0
+  let learnedCount = 0
   for (const skill of ordered) {
     if (selected.length >= MAX_SKILLS_IN_PROMPT) break
     const contentLen = skill.name.length + skill.content.length + 12
     if (totalChars + contentLen > MAX_SKILLS_PROMPT_CHARS) continue
+    const isLearned = skill.source === 'learned'
+    if (isLearned) {
+      if (learnedCount >= MAX_LEARNED_SKILLS_IN_PROMPT) continue
+      if (learnedChars + contentLen > MAX_LEARNED_SKILLS_PROMPT_CHARS) continue
+      learnedChars += contentLen
+      learnedCount += 1
+    }
     totalChars += contentLen
     selected.push(skill)
   }
   return selected
 }
 
+// Hard cap on how much skill content we inline per pinned skill. Long skill
+// files (multi-page markdown guides) were dominating the system prompt — one
+// coordinator agent had 24,402 chars (39% of its 62 k budget) from a single
+// pinned skill. When content exceeds the cap we truncate and instruct the
+// agent to pull the rest on demand via `use_skill` action="load".
+const INLINED_SKILL_CHAR_CAP = 3000
+
+function truncateInlinedSkillContent(content: string, skillName: string): string {
+  const trimmed = content.trim()
+  if (trimmed.length <= INLINED_SKILL_CHAR_CAP) return trimmed
+  const head = trimmed.slice(0, INLINED_SKILL_CHAR_CAP)
+  return `${head}\n\n[Skill content truncated at ${INLINED_SKILL_CHAR_CAP} chars to save context. Call \`use_skill\` with action="load" and skillId for "${skillName}" to load the full guide when you need it.]`
+}
+
 function sectionFromSkills(params: {
   title: string
   preface: string
@@ -688,7 +721,7 @@ function sectionFromSkills(params: {
   const usable = params.skills.filter((skill) => skill.content.trim())
   if (usable.length === 0) return ''
   const body = usable
-    .map((skill) => `### ${skill.name}\n${skill.content}`)
+    .map((skill) => `### ${skill.name}\n${truncateInlinedSkillContent(skill.content, skill.name)}`)
     .join('\n\n')
   return [params.title, params.preface, '', body].join('\n')
 }

package/src/lib/server/tasks/task-checkout.ts

@@ -19,7 +19,13 @@ export function checkoutTask(
     const tasks = loadTasks() as Record<string, BoardTask>
     const task = tasks[taskId]
     if (!task || task.status !== 'queued') return null
-    if (task.checkoutRunId) return null // already checked out
+    // A stale checkoutRunId can survive an ungraceful server exit (crash,
+    // SIGKILL, HMR reload mid-turn). If status is 'queued', the runId cannot
+    // reference a live checkout — only running tasks hold active checkouts —
+    // so treat the lingering id as stale and reclaim it. Previously this
+    // returned null forever, so the dispatch → orphan-recovery → failed-
+    // checkout cycle spammed "Recovering orphaned queued task" every ~2 ms
+    // (21 k log lines in a single session).
 
     const now = Date.now()
     task.status = 'running'

package/src/lib/server/universal-tool-access.test.ts

@@ -0,0 +1,71 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+
+// NOTE: we intentionally avoid importing the real universal-tool-access
+// module here — it pulls in the extension manager which transitively loads
+// the whole plugin system and OOMs in test workers. We re-declare the pure
+// logic and verify the algorithmic behavior. Integration coverage for the
+// extension-manager branch happens via live-chat profiling instead.
+
+const SCOPED_TOOL_BASELINE = ['memory', 'context_mgmt', 'ask_human'] as const
+const UNIVERSAL_SAMPLE = new Set([
+  'shell', 'files', 'edit_file', 'delegate', 'web', 'browser', 'memory',
+  'manage_platform', 'manage_tasks', 'context_mgmt', 'ask_human',
+  'schedule_wake', 'email', 'image_gen',
+])
+
+function normalize(value: string[] | undefined | null): string[] {
+  if (!Array.isArray(value)) return []
+  return value.map((entry) => (typeof entry === 'string' ? entry.trim() : '')).filter(Boolean)
+}
+
+function scoped(declared: string[] | null | undefined, universe: Set<string> = UNIVERSAL_SAMPLE): string[] {
+  const picks = normalize(declared).filter((t) => universe.has(t))
+  return Array.from(new Set([...SCOPED_TOOL_BASELINE, ...picks]))
+}
+
+describe('scoped tool access algorithm', () => {
+  it('intersects declared tools with the universe and keeps the baseline', () => {
+    const out = scoped(['shell', 'files', 'edit_file', 'web'])
+    assert.ok(out.includes('memory'))
+    assert.ok(out.includes('context_mgmt'))
+    assert.ok(out.includes('ask_human'))
+    assert.ok(out.includes('shell'))
+    assert.ok(out.includes('files'))
+    assert.ok(out.includes('edit_file'))
+    assert.ok(out.includes('web'))
+    assert.ok(!out.includes('browser'))
+    assert.ok(!out.includes('manage_platform'))
+    assert.ok(!out.includes('delegate'))
+  })
+
+  it('drops declared tools that are not in the universe', () => {
+    const out = scoped(['shell', 'not_a_real_tool'])
+    assert.ok(out.includes('shell'))
+    assert.ok(!out.includes('not_a_real_tool'))
+  })
+
+  it('returns only the baseline when declared tools is empty', () => {
+    assert.deepEqual(scoped([]).sort(), ['ask_human', 'context_mgmt', 'memory'])
+  })
+
+  it('produces a strictly smaller set than the universe for a focused agent', () => {
+    assert.ok(scoped(['shell', 'files', 'web']).length < UNIVERSAL_SAMPLE.size)
+  })
+
+  it('deduplicates when baseline overlaps with declared tools', () => {
+    const out = scoped(['memory', 'shell'])
+    assert.equal(out.filter((t) => t === 'memory').length, 1)
+  })
+
+  it('treats null / undefined / non-array declared tools as empty', () => {
+    assert.deepEqual(scoped(null).sort(), ['ask_human', 'context_mgmt', 'memory'])
+    assert.deepEqual(scoped(undefined).sort(), ['ask_human', 'context_mgmt', 'memory'])
+  })
+
+  it('trims whitespace in declared tool names', () => {
+    const out = scoped(['  shell  ', '\tfiles\n'])
+    assert.ok(out.includes('shell'))
+    assert.ok(out.includes('files'))
+  })
+})

package/src/lib/server/universal-tool-access.ts

@@ -57,3 +57,26 @@ export function listUniversalToolAccessExtensionIds(extraExtensions?: string[] |
     ...normalizeExtensionList(extraExtensions),
   ])
 }
+
+// Minimum extensions that a 'scoped' agent always gets regardless of its
+// declared tool list. Memory + context management are required for the agent
+// to function (remembering things, noticing when it's out of context), and
+// ask_human lets it escalate to the user when stuck. Everything else is
+// filterable through agent.tools.
+const SCOPED_TOOL_BASELINE = ['memory', 'context_mgmt', 'ask_human'] as const
+
+/**
+ * Returns the set of enabled extension IDs for a scoped-access agent: the
+ * intersection of `listUniversalToolAccessExtensionIds()` with the agent's
+ * declared tools, plus the non-negotiable baseline. Use this when an agent
+ * has opted into `toolAccessMode: 'scoped'` to shrink per-turn context.
+ */
+export function listScopedToolAccessExtensionIds(
+  declaredTools: string[] | null | undefined,
+  extraExtensions?: string[] | null,
+): string[] {
+  const universe = new Set(listUniversalToolAccessExtensionIds(extraExtensions))
+  const declared = normalizeExtensionList(declaredTools)
+  const scoped = declared.filter((tool) => universe.has(tool))
+  return dedup([...SCOPED_TOOL_BASELINE, ...scoped])
+}

package/src/types/agent.ts

@@ -68,6 +68,13 @@ export interface Agent {
   delegationTargetMode?: DelegationTargetMode
   delegationTargetAgentIds?: string[]
   tools?: string[]
+  // When 'scoped', the chat turn restricts enabled extensions to the
+  // intersection of the universal core list and agent.tools (plus a small
+  // non-negotiable baseline for memory + context management). Default
+  // 'universal' preserves existing behavior. Opt in to cut per-turn tool
+  // guidance dramatically — a focused agent with 5 tools drops ~15 k chars
+  // of tool-related prompt text vs. the full 33-tool universe.
+  toolAccessMode?: 'universal' | 'scoped'
   extensions?: string[]
   skills?: string[]             // e.g. ['frontend-design'] — pinned Claude Code skills to mention explicitly
   skillIds?: string[]           // IDs of pinned managed skills to keep always-on for this agent