@swarmclawai/swarmclaw 1.5.41 → 1.5.43

package/README.md

@@ -389,6 +389,19 @@ Operational docs: https://swarmclaw.ai/docs/observability
 
 ## Releases
 
+### v1.5.43 Highlights
+
+- **`/api/version` no longer 500s in Docker**: the route used to shell out to `git` at runtime, which fails in the production image because `.git/` is not copied. The route now returns 200 with `{ source: 'package', version }` from `package.json` when git metadata is unavailable, and `{ source: 'git', version, commit, ... }` when it is. `/api/version/update` short-circuits on Docker-style installs with a clear `no_git_metadata` reason instead of an opaque 500. ([#41](https://github.com/swarmclawai/swarmclaw/issues/41) Bug 1, reported by [@SteamedFish](https://github.com/SteamedFish).)
+- **Daemon reclaims stale `daemon-primary` leases on container restart**: when the previous container died holding the SQLite-backed lease, the new container previously waited up to the full 120 s TTL before the daemon could start. The successor now parses the recorded owner pid, probes it with `process.kill(pid, 0)`, and reclaims the lease immediately when the prior owner is provably dead on this host. When the owner is genuinely alive (or when the recorded host is ambiguous, such as multi-pod Kubernetes), behaviour is unchanged but a single deferred retry is scheduled just past the TTL so the daemon comes up automatically rather than waiting for the next API call. ([#41](https://github.com/swarmclawai/swarmclaw/issues/41) Bug 2.)
+- **Subprocess daemon fallback fails soft in Docker**: when `resolveDaemonRuntimeEntry()` cannot find `src/lib/server/daemon/daemon-runtime.ts` (the file is intentionally not in the standalone build), `ensureDaemonProcessRunning()` now logs a one-shot warning and returns `false` instead of throwing into the API handler. The in-process daemon path (with the Bug 2 fix) is the production path in Docker. ([#41](https://github.com/swarmclawai/swarmclaw/issues/41) Bug 3.)
+- **`CONTRIBUTING.md`**: dropped the broken reference to `AGENTS.md`. That file is `.gitignore`'d and not visible to external contributors. The single canonical project-conventions document is `CLAUDE.md`.
+
+### v1.5.42 Highlights
+
+- **New `opencode-web` provider — connect to remote OpenCode HTTP servers** ([#40](https://github.com/swarmclawai/swarmclaw/issues/40), requested by [@SteamedFish](https://github.com/SteamedFish)): point an agent at any host running `opencode serve` or `opencode web` (default port `4096`). Supports HTTPS endpoints, HTTP Basic Auth (encode credentials as `username:password` in the API key field; bare passwords default the username to `opencode`), automatic OpenCode session reuse across chat turns, and per-session workspace isolation via `?directory=...`. Models are entered as `providerID/modelID` (e.g. `anthropic/claude-sonnet-4-5`). The existing `opencode-cli` provider is unchanged.
+- **New `CONTRIBUTING.md`**: short, scannable guide covering bug reports, feature requests, PR expectations, commit conventions, and where to look in the codebase. Models the gold-standard examples after issues #39 and #40.
+- **`GET /api/memory/:id` now returns a single entry by default**: previously it eagerly traversed linked memories and returned an array, which broke naive callers that expected a single object per REST convention. Linked traversal is now opt-in via `?depth=N` or `?envelope=true`.
+
 ### v1.5.41 Highlights
 
 - **Moonshot / Kimi compatibility — duplicate `files` tool name fixed**: any agent with the default `files` extension was sending two tools both literally named `files` to the LLM. Most providers tolerated the duplicate; Moonshot's strict tool-schema validation rejected it with `MoonshotException - function name files is duplicated` ([#39](https://github.com/swarmclawai/swarmclaw/issues/39), reported by [@SteamedFish](https://github.com/SteamedFish)). Three fixes: the v2 file builder is now correctly gated on `files_v2` (not `files`), it registers under the matching capability key, and the session-tools assembler now shares a single dedup Set across native, CRUD, and extension phases so any future name collision is rejected with a clear warning instead of a silent double-register.
@@ -411,25 +424,6 @@ Operational docs: https://swarmclaw.ai/docs/observability
 - **Perf ring buffer raised to 2 000 entries**: queue/task repository events fire ~20 Hz during task processing and were evicting chat-execution/prompt perf entries out of the 200-entry buffer before they could be read. The larger buffer lets the perf viewer actually show a full turn.
 - **Tests**: added regression tests for pre-1.5.38 stale-checkout orphan recovery and for the scoped-tool-access algorithm.
 
-### v1.5.38 Highlights
-
-- **Task queue: reclaim stale checkouts**: `checkoutTask()` now reclaims a lingering `checkoutRunId` on a `queued` task instead of refusing it forever. An ungraceful server exit mid-turn (crash, SIGKILL, HMR reload) previously left tasks uncheckoutable, producing a dispatch → orphan-recovery → failed-checkout spin that logged "Recovering orphaned queued task" tens of thousands of times per session. `scheduleRetryOrDeadLetter()` also clears the prior checkout when scheduling a retry or dead-lettering.
-- **Chat: suppress duplicate parallel tool calls**: some OSS models on Ollama (notably `devstral`) emit the same tool call twice in a single turn. The LangGraph tool-event tracker now dedupes by `name + input` signature, swallowing the duplicate start and its result while allowing a genuinely later identical call once the first completes. Hardened against replayed-start events (HMR, graph retries) that previously could leak a `run_id` into both the accepted and suppressed sets and leave `pendingCount` stuck above zero.
-- **Chat: disable `parallel_tool_calls` for Ollama**: local Ollama sessions now pass `parallel_tool_calls: false` to prevent the upstream duplicate-call behavior at the source for models that honor it.
-- **Chat: no-progress guard for tool summary retries**: if the model produces essentially no new text on a `tool_summary` continuation, the loop stops retrying instead of streaming the same short sentence two or three times. The guard is snapshot-aware: a transient-error rollback no longer leaves a stale progress counter that silently skips a legitimate retry (`lastToolSummaryTextLen` is now round-tripped through `ChatTurnState.snapshot`/`restore`).
-- **Task UI: distinguish retry-pending from failure**: a retrying task now renders in amber with a "Retry Pending" label in the task card and sheet, instead of the same red treatment used for dead-lettered failures.
-- **Autonomy: dedupe reflection memories across kinds**: the supervisor reflection writer now drops notes whose normalized text has already been stored this run, eliminating near-identical memory rows classified under multiple kinds.
-- **OpenClaw gateway: fast-fail on dangling credentials**: when an agent's OpenClaw route references a deleted or missing credential, the gateway now refuses to dial the WebSocket up front instead of attempting an unauthenticated handshake and waiting the full 120 s for the agent-side timeout. The credential-missing log line is promoted from warn to error so it surfaces in routine monitoring.
-- **Prompt size profiler**: setting `SWARMCLAW_PROFILE_PROMPT=1` now logs a per-section size breakdown of the assembled system prompt (block index, first-line label, char count) on every turn, making it practical to diagnose why a specific agent is eating context budget. Off by default so production turns stay quiet.
-
-### v1.5.37 Highlights
-
-- **Factory Droid CLI as a provider and delegation backend**: adds [`droid`](https://docs.factory.ai/cli/droid-exec/overview) as a first-class chat provider and `delegate` backend with streaming JSON output, session resume, and a conservative `--auto low` autonomy pin on the delegate path. Install `droid` and sign in via browser (or set `FACTORY_API_KEY`), then pick **Factory Droid CLI** in the setup wizard. Resolves #38.
-- **Desktop Release CI hardening**: v1.5.36's Electron build workflow failed on all three platforms. This release:
-  - Adds a proper `author` with email to `package.json` and a `linux.maintainer` entry in `electron-builder.yml` so the Linux `.deb` target stops rejecting the build.
-  - Pins `outputFileTracingRoot` in `next.config.ts` to the project root so the Next.js build no longer walks `C:\Users\<user>\Application Data` (a legacy NTFS junction that throws EPERM on Windows runners).
-  - Pins Python 3.11 in the desktop-release workflow so `node-gyp` rebuilds of native modules (`node-liblzma`, etc.) succeed on Python 3.12+ runners where `distutils` was removed from the stdlib.
-
 Older releases: https://swarmclaw.ai/docs/release-notes
 
 - GitHub releases: https://github.com/swarmclawai/swarmclaw/releases

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.5.41",
+  "version": "1.5.43",
   "description": "Build and run autonomous AI agents with OpenClaw, Hermes, multiple model providers, orchestration, delegation, memory, skills, schedules, and chat connectors.",
   "main": "electron-dist/main.js",
   "license": "MIT",

package/src/app/api/memory/[id]/route.ts

@@ -35,8 +35,13 @@ export async function GET(req: Request, { params }: { params: Promise<{ id: stri
   const requestedLinkedLimit = parseOptionalInt(searchParams.get('linkedLimit'))
   const db = getMemoryDb()
   const defaults = getMemoryLookupLimits()
+  // By default, GET /memory/:id returns a single entry (REST convention).
+  // Linked-traversal is opt-in via ?depth=N or ?envelope=true — previously
+  // this endpoint returned an array of linked entries by default, which
+  // broke every naive caller that expected a single object.
+  const linkedTraversalRequested = requestedDepth !== undefined || envelope
   const limits = resolveLookupRequest(defaults, {
-    depth: requestedDepth,
+    depth: linkedTraversalRequested ? requestedDepth : 0,
     limit: requestedLimit,
     linkedLimit: requestedLinkedLimit,
   })

package/src/app/api/version/route.ts

@@ -1,7 +1,8 @@
 import { NextResponse } from 'next/server'
-import { execSync } from 'child_process'
-export const dynamic = 'force-dynamic'
+import { gitAvailable, safeGit } from '@/lib/server/git-metadata'
+import packageJson from '../../../../package.json'
 
+export const dynamic = 'force-dynamic'
 
 let cachedRemote: {
   sha: string
@@ -10,74 +11,87 @@ let cachedRemote: {
   remoteTag: string | null
   checkedAt: number
 } | null = null
-const CACHE_TTL = 60_000 // 60s
+const CACHE_TTL = 60_000
 const RELEASE_TAG_RE = /^v\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/
 
-function run(cmd: string): string {
-  return execSync(cmd, { encoding: 'utf-8', cwd: process.cwd(), timeout: 15_000 }).trim()
-}
-
 function getLatestStableTag(): string | null {
-  const tags = run(`git tag --list 'v*' --sort=-v:refname`)
-    .split('\n')
-    .map((line) => line.trim())
-    .filter(Boolean)
-  return tags.find((tag) => RELEASE_TAG_RE.test(tag)) || null
+  const out = safeGit(['tag', '--list', 'v*', '--sort=-v:refname'])
+  if (!out) return null
+  return out.split('\n').map((l) => l.trim()).filter(Boolean).find((t) => RELEASE_TAG_RE.test(t)) || null
 }
 
 function getHeadStableTag(): string | null {
-  const tags = run(`git tag --points-at HEAD --list 'v*' --sort=-v:refname`)
-    .split('\n')
-    .map((line) => line.trim())
-    .filter(Boolean)
-  return tags.find((tag) => RELEASE_TAG_RE.test(tag)) || null
+  const out = safeGit(['tag', '--points-at', 'HEAD', '--list', 'v*', '--sort=-v:refname'])
+  if (!out) return null
+  return out.split('\n').map((l) => l.trim()).filter(Boolean).find((t) => RELEASE_TAG_RE.test(t)) || null
 }
 
 export async function GET(_req: Request) {
-  try {
-    const localSha = run('git rev-parse --short HEAD')
-    const localTag = getHeadStableTag()
+  // Always return 200. When git metadata is unavailable (Docker production
+  // image, npm tarball install) we fall back to the static package.json
+  // version. Issue #41 reported a 500 response when `.git/` was not present
+  // in the production container; this route now degrades gracefully.
+  const packageVersion = packageJson.version
 
-    let remoteSha = cachedRemote?.sha ?? localSha
-    let behindBy = cachedRemote?.behindBy ?? 0
-    let channel: 'stable' | 'main' = cachedRemote?.channel ?? 'main'
-    let remoteTag = cachedRemote?.remoteTag ?? null
+  if (!gitAvailable()) {
+    return NextResponse.json({
+      source: 'package',
+      version: packageVersion,
+      localSha: null,
+      localTag: `v${packageVersion}`,
+      remoteSha: null,
+      remoteTag: null,
+      channel: 'stable',
+      updateAvailable: false,
+      behindBy: 0,
+    })
+  }
 
-    if (!cachedRemote || Date.now() - cachedRemote.checkedAt > CACHE_TTL) {
-      try {
-        run('git fetch --tags origin --quiet')
-        const latestTag = getLatestStableTag()
-        if (latestTag) {
-          channel = 'stable'
-          remoteTag = latestTag
-          remoteSha = run(`git rev-parse --short ${latestTag}^{commit}`)
-          behindBy = parseInt(run(`git rev-list HEAD..${latestTag}^{commit} --count`), 10) || 0
-        } else {
-          // Fallback for repos without release tags yet.
-          channel = 'main'
-          remoteTag = null
-          run('git fetch origin main --quiet')
-          behindBy = parseInt(run('git rev-list HEAD..origin/main --count'), 10) || 0
-          remoteSha = behindBy > 0
-            ? run('git rev-parse --short origin/main')
-            : localSha
+  const localSha = safeGit(['rev-parse', '--short', 'HEAD'])
+  const localTag = getHeadStableTag()
+
+  let remoteSha = cachedRemote?.sha ?? localSha
+  let behindBy = cachedRemote?.behindBy ?? 0
+  let channel: 'stable' | 'main' = cachedRemote?.channel ?? 'main'
+  let remoteTag = cachedRemote?.remoteTag ?? null
+
+  if (!cachedRemote || Date.now() - cachedRemote.checkedAt > CACHE_TTL) {
+    const fetched = safeGit(['fetch', '--tags', 'origin', '--quiet'])
+    if (fetched !== null) {
+      const latestTag = getLatestStableTag()
+      if (latestTag) {
+        channel = 'stable'
+        remoteTag = latestTag
+        const sha = safeGit(['rev-parse', '--short', `${latestTag}^{commit}`])
+        if (sha) remoteSha = sha
+        const count = safeGit(['rev-list', `HEAD..${latestTag}^{commit}`, '--count'])
+        behindBy = count ? (parseInt(count, 10) || 0) : 0
+      } else {
+        channel = 'main'
+        remoteTag = null
+        safeGit(['fetch', 'origin', 'main', '--quiet'])
+        const count = safeGit(['rev-list', 'HEAD..origin/main', '--count'])
+        behindBy = count ? (parseInt(count, 10) || 0) : 0
+        if (behindBy > 0) {
+          const sha = safeGit(['rev-parse', '--short', 'origin/main'])
+          if (sha) remoteSha = sha
+        } else if (localSha) {
+          remoteSha = localSha
         }
-        cachedRemote = { sha: remoteSha, behindBy, channel, remoteTag, checkedAt: Date.now() }
-      } catch {
-        // fetch failed (no network, no remote, etc.) — use stale cache or defaults
       }
+      cachedRemote = { sha: remoteSha || '', behindBy, channel, remoteTag, checkedAt: Date.now() }
     }
-
-    return NextResponse.json({
-      localSha,
-      localTag,
-      remoteSha,
-      remoteTag,
-      channel,
-      updateAvailable: behindBy > 0,
-      behindBy,
-    })
-  } catch {
-    return NextResponse.json({ error: 'Not a git repository' }, { status: 500 })
   }
+
+  return NextResponse.json({
+    source: 'git',
+    version: packageVersion,
+    localSha,
+    localTag,
+    remoteSha,
+    remoteTag,
+    channel,
+    updateAvailable: behindBy > 0,
+    behindBy,
+  })
 }

package/src/app/api/version/update/route.ts

@@ -1,6 +1,7 @@
 import { NextResponse } from 'next/server'
 import { execSync } from 'child_process'
 import { getDb } from '@/lib/server/storage'
+import { gitAvailable } from '@/lib/server/git-metadata'
 
 const RELEASE_TAG_RE = /^v\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/
 
@@ -37,6 +38,17 @@ function ensureCleanWorkingTree() {
 }
 
 export async function POST() {
+  // The git-pull update path only makes sense for source/git checkouts.
+  // Docker and packaged-app installs have their own update channels and
+  // calling this route on those installs would otherwise return a confusing
+  // 500. Surface the situation as a 200 with a clear reason instead.
+  if (!gitAvailable()) {
+    return NextResponse.json({
+      success: false,
+      reason: 'no_git_metadata',
+      error: 'Self-update is only supported for source / git checkouts. Use the npm or Docker upgrade path for this install.',
+    })
+  }
   try {
     const beforeSha = run('git rev-parse --short HEAD')
     const beforeRef = run('git rev-parse HEAD')

package/src/lib/provider-sets.ts

@@ -1,5 +1,5 @@
 /** CLI providers that use their own tool execution outside the shared tool-runtime path. */
-export const NON_LANGGRAPH_PROVIDER_IDS = new Set(['claude-cli', 'codex-cli', 'opencode-cli', 'gemini-cli', 'copilot-cli', 'droid-cli', 'cursor-cli', 'qwen-code-cli'])
+export const NON_LANGGRAPH_PROVIDER_IDS = new Set(['claude-cli', 'codex-cli', 'opencode-cli', 'opencode-web', 'gemini-cli', 'copilot-cli', 'droid-cli', 'cursor-cli', 'qwen-code-cli'])
 
 /** Providers that manage their own runtime/tool loop even when reached over an API endpoint. */
 export const RUNTIME_MANAGED_PROVIDER_IDS = new Set(['hermes', 'goose'])

package/src/lib/providers/index.ts

@@ -1,6 +1,7 @@
 import { streamClaudeCliChat } from './claude-cli'
 import { streamCodexCliChat } from './codex-cli'
 import { streamOpenCodeCliChat } from './opencode-cli'
+import { streamOpenCodeWebChat } from './opencode-web'
 import { streamGeminiCliChat } from './gemini-cli'
 import { streamCopilotCliChat } from './copilot-cli'
 import { streamDroidCliChat } from './droid-cli'
@@ -136,6 +137,18 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
     requiresEndpoint: false,
     handler: { streamChat: streamOpenCodeCliChat },
   },
+  'opencode-web': {
+    id: 'opencode-web',
+    name: 'OpenCode Web',
+    // OpenCode addresses models as `providerID/modelID`. Free-text entry is
+    // supported; these defaults seed the dropdown with common combinations.
+    models: ['anthropic/claude-sonnet-4-5', 'anthropic/claude-opus-4-5', 'openai/gpt-4.1', 'openai/o4-mini', 'google/gemini-2.5-pro'],
+    requiresApiKey: false,
+    optionalApiKey: true,
+    requiresEndpoint: true,
+    defaultEndpoint: 'http://localhost:4096',
+    handler: { streamChat: streamOpenCodeWebChat },
+  },
   'gemini-cli': {
     id: 'gemini-cli',
     name: 'Gemini CLI',

package/src/lib/providers/opencode-web.test.ts

@@ -0,0 +1,113 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import {
+  parseBasicAuth,
+  buildAuthHeader,
+  parseModelId,
+  joinUrl,
+  SseLineParser,
+} from '@/lib/providers/opencode-web'
+
+describe('opencode-web parseBasicAuth', () => {
+  it('returns null for null / undefined / empty / whitespace', () => {
+    assert.equal(parseBasicAuth(null), null)
+    assert.equal(parseBasicAuth(undefined), null)
+    assert.equal(parseBasicAuth(''), null)
+    assert.equal(parseBasicAuth('   '), null)
+  })
+
+  it('treats a value with no colon as the password and defaults the username to "opencode"', () => {
+    assert.deepEqual(parseBasicAuth('mypass'), { username: 'opencode', password: 'mypass' })
+  })
+
+  it('splits on the first colon and preserves later colons in the password', () => {
+    assert.deepEqual(parseBasicAuth('bob:secret'), { username: 'bob', password: 'secret' })
+    assert.deepEqual(parseBasicAuth('bob:s3cr:et'), { username: 'bob', password: 's3cr:et' })
+  })
+
+  it('handles empty halves', () => {
+    assert.deepEqual(parseBasicAuth('bob:'), { username: 'bob', password: '' })
+    assert.deepEqual(parseBasicAuth(':secret'), { username: '', password: 'secret' })
+  })
+})
+
+describe('opencode-web buildAuthHeader', () => {
+  it('returns undefined for null', () => {
+    assert.equal(buildAuthHeader(null), undefined)
+  })
+
+  it('builds RFC-compliant Basic auth from username:password', () => {
+    const header = buildAuthHeader({ username: 'opencode', password: 'mypass' })
+    assert.equal(header, `Basic ${Buffer.from('opencode:mypass').toString('base64')}`)
+  })
+
+  it('round-trips with parseBasicAuth for a custom user', () => {
+    const parsed = parseBasicAuth('bob:secret')
+    assert.equal(buildAuthHeader(parsed), `Basic ${Buffer.from('bob:secret').toString('base64')}`)
+  })
+})
+
+describe('opencode-web parseModelId', () => {
+  it('splits providerID/modelID on the first slash', () => {
+    assert.deepEqual(parseModelId('anthropic/claude-sonnet-4-5'), { providerID: 'anthropic', modelID: 'claude-sonnet-4-5' })
+    assert.deepEqual(parseModelId('openai/gpt-4.1'), { providerID: 'openai', modelID: 'gpt-4.1' })
+  })
+
+  it('preserves slashes inside the modelID', () => {
+    assert.deepEqual(parseModelId('local/qwen/coder-14b'), { providerID: 'local', modelID: 'qwen/coder-14b' })
+  })
+
+  it('returns providerID-only when the user enters a bare string (server will reject with a real error)', () => {
+    assert.deepEqual(parseModelId('claude-sonnet-4-5'), { providerID: 'claude-sonnet-4-5', modelID: '' })
+  })
+
+  it('handles empty / whitespace input', () => {
+    assert.deepEqual(parseModelId(''), { providerID: '', modelID: '' })
+    assert.deepEqual(parseModelId('   '), { providerID: '', modelID: '' })
+    assert.deepEqual(parseModelId(undefined), { providerID: '', modelID: '' })
+  })
+})
+
+describe('opencode-web joinUrl', () => {
+  it('handles trailing and leading slashes idempotently', () => {
+    assert.equal(joinUrl('http://localhost:4096', '/session'), 'http://localhost:4096/session')
+    assert.equal(joinUrl('http://localhost:4096/', '/session'), 'http://localhost:4096/session')
+    assert.equal(joinUrl('http://localhost:4096/', 'session'), 'http://localhost:4096/session')
+    assert.equal(joinUrl('http://localhost:4096///', '///session'), 'http://localhost:4096///session')
+  })
+})
+
+describe('opencode-web SseLineParser', () => {
+  it('emits one event per data: line and ignores comments / event: / id:', () => {
+    const events: unknown[] = []
+    const parser = new SseLineParser()
+    parser.feed(
+      ':keepalive\nevent: message\ndata: {"type":"text-delta","text":"hi"}\nid: 1\n\n',
+      (ev) => events.push(ev),
+    )
+    assert.deepEqual(events, [{ type: 'text-delta', text: 'hi' }])
+  })
+
+  it('buffers across chunk boundaries (split mid-line)', () => {
+    const events: unknown[] = []
+    const parser = new SseLineParser()
+    parser.feed('data: {"type":"text-delta","text":"he', (ev) => events.push(ev))
+    assert.equal(events.length, 0, 'incomplete line should not emit')
+    parser.feed('llo"}\n', (ev) => events.push(ev))
+    assert.deepEqual(events, [{ type: 'text-delta', text: 'hello' }])
+  })
+
+  it('tolerates CRLF line endings and skips blank data: lines', () => {
+    const events: unknown[] = []
+    const parser = new SseLineParser()
+    parser.feed('data: {"type":"x","v":1}\r\ndata: \r\ndata: {"type":"y","v":2}\r\n', (ev) => events.push(ev))
+    assert.deepEqual(events, [{ type: 'x', v: 1 }, { type: 'y', v: 2 }])
+  })
+
+  it('silently ignores malformed JSON payloads (heartbeats, partial frames)', () => {
+    const events: unknown[] = []
+    const parser = new SseLineParser()
+    parser.feed('data: not json\ndata: {"type":"text-delta","text":"ok"}\n', (ev) => events.push(ev))
+    assert.deepEqual(events, [{ type: 'text-delta', text: 'ok' }])
+  })
+})

package/src/lib/providers/opencode-web.ts

@@ -0,0 +1,307 @@
+import type { StreamChatOptions } from './index'
+import { log } from '../server/logger'
+
+const TAG = 'opencode-web'
+
+const DEFAULT_ENDPOINT = 'http://localhost:4096'
+const DEFAULT_USERNAME = 'opencode'
+
+interface BasicAuth { username: string; password: string }
+
+/**
+ * Parse an apiKey field into HTTP Basic Auth components. Stored as a single
+ * encrypted string per the project-wide credential model.
+ *
+ * - null / empty → no auth header.
+ * - "user:pass"   → { username: 'user', password: 'pass' }
+ * - "pass"        → { username: 'opencode', password: 'pass' } (FR-10).
+ *
+ * Mirrors RFC 3986 userinfo and `curl -u` conventions so the format is
+ * unsurprising and self-documenting in the credential field placeholder.
+ */
+export function parseBasicAuth(apiKey: string | null | undefined): BasicAuth | null {
+  if (apiKey === null || apiKey === undefined) return null
+  const trimmed = apiKey.trim()
+  if (!trimmed) return null
+  const colon = trimmed.indexOf(':')
+  if (colon < 0) return { username: DEFAULT_USERNAME, password: trimmed }
+  return { username: trimmed.slice(0, colon), password: trimmed.slice(colon + 1) }
+}
+
+export function buildAuthHeader(auth: BasicAuth | null): string | undefined {
+  if (!auth) return undefined
+  const encoded = Buffer.from(`${auth.username}:${auth.password}`, 'utf8').toString('base64')
+  return `Basic ${encoded}`
+}
+
+/**
+ * Split a SwarmClaw model string into the `{ providerID, modelID }` shape
+ * OpenCode expects. The convention is a single forward slash:
+ *   "anthropic/claude-sonnet-4-5" → { providerID: 'anthropic', modelID: 'claude-sonnet-4-5' }
+ *
+ * If the user enters a bare string with no slash, send providerID=value and
+ * an empty modelID so OpenCode rejects with a real error rather than us
+ * guessing wrong. Whitespace is trimmed.
+ */
+export function parseModelId(model: string | null | undefined): { providerID: string; modelID: string } {
+  const trimmed = (model || '').trim()
+  if (!trimmed) return { providerID: '', modelID: '' }
+  const slash = trimmed.indexOf('/')
+  if (slash < 0) return { providerID: trimmed, modelID: '' }
+  return {
+    providerID: trimmed.slice(0, slash).trim(),
+    modelID: trimmed.slice(slash + 1).trim(),
+  }
+}
+
+export function joinUrl(baseUrl: string, path: string): string {
+  const base = baseUrl.replace(/\/+$/, '')
+  const suffix = path.startsWith('/') ? path : `/${path}`
+  return `${base}${suffix}`
+}
+
+/**
+ * Stateful SSE line parser. Buffers across chunk boundaries and emits
+ * one parsed JSON object per `data:` line. Lines that do not start with
+ * `data:` (comments, `event:`, `id:`, blank separators) are ignored.
+ */
+export class SseLineParser {
+  private buf = ''
+
+  feed(chunk: string, onEvent: (data: unknown) => void): void {
+    this.buf += chunk
+    const lines = this.buf.split('\n')
+    this.buf = lines.pop() ?? ''
+    for (const raw of lines) {
+      const line = raw.replace(/\r$/, '').trim()
+      if (!line.startsWith('data:')) continue
+      const payload = line.slice(5).trim()
+      if (!payload) continue
+      try {
+        onEvent(JSON.parse(payload))
+      } catch {
+        // Non-JSON SSE payload (heartbeat, keep-alive). Ignore.
+      }
+    }
+  }
+}
+
+/**
+ * Best-effort extraction of streamed text out of an OpenCode SSE event.
+ * The shape varies a bit between versions; we accept the common variants
+ * and return null for everything else.
+ */
+function extractTextDelta(ev: unknown): string | null {
+  if (!ev || typeof ev !== 'object') return null
+  const e = ev as Record<string, unknown>
+  if (typeof e.text === 'string' && (e.type === 'text-delta' || e.type === 'text' || e.type === 'message.update.delta')) {
+    return e.text
+  }
+  if (e.type === 'message.update.delta' && typeof (e.delta as Record<string, unknown>)?.text === 'string') {
+    return (e.delta as Record<string, unknown>).text as string
+  }
+  if (e.type === 'text' && typeof (e.part as Record<string, unknown>)?.text === 'string') {
+    return (e.part as Record<string, unknown>).text as string
+  }
+  return null
+}
+
+function isCompletionEvent(ev: unknown): boolean {
+  if (!ev || typeof ev !== 'object') return false
+  const t = (ev as Record<string, unknown>).type
+  return t === 'message.complete' || t === 'message.completed' || t === 'done' || t === 'response.completed'
+}
+
+function extractErrorMessage(ev: unknown): string | null {
+  if (!ev || typeof ev !== 'object') return null
+  const e = ev as Record<string, unknown>
+  if (e.type !== 'error') return null
+  if (typeof e.message === 'string') return e.message
+  if (typeof e.error === 'string') return e.error
+  return 'Unknown OpenCode event error'
+}
+
+interface CreateSessionResponse { id?: string; sessionID?: string; sessionId?: string }
+
+async function createSession(opts: {
+  endpoint: string
+  cwd: string
+  authHeader: string | undefined
+  signal: AbortSignal
+}): Promise<string> {
+  const url = `${joinUrl(opts.endpoint, '/session')}?directory=${encodeURIComponent(opts.cwd)}`
+  const res = await fetch(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      ...(opts.authHeader ? { Authorization: opts.authHeader } : {}),
+    },
+    body: '{}',
+    signal: opts.signal,
+  })
+  if (res.status === 401 || res.status === 403) {
+    throw new HttpError(res.status, 'OpenCode rejected the credentials. Check the username:password configured for this agent.')
+  }
+  if (!res.ok) {
+    const body = await safeReadText(res)
+    throw new HttpError(res.status, `OpenCode session create failed (HTTP ${res.status})${body ? `: ${body.slice(0, 200)}` : ''}`)
+  }
+  const json = (await res.json()) as CreateSessionResponse
+  const id = json.id || json.sessionID || json.sessionId
+  if (!id || typeof id !== 'string') {
+    throw new HttpError(0, 'OpenCode session create response did not include an id')
+  }
+  return id
+}
+
+async function postPrompt(opts: {
+  endpoint: string
+  sessionId: string
+  cwd: string
+  prompt: string
+  providerID: string
+  modelID: string
+  authHeader: string | undefined
+  signal: AbortSignal
+}): Promise<{ status: number }> {
+  const url = `${joinUrl(opts.endpoint, `/session/${encodeURIComponent(opts.sessionId)}/prompt_async`)}?directory=${encodeURIComponent(opts.cwd)}`
+  const res = await fetch(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      ...(opts.authHeader ? { Authorization: opts.authHeader } : {}),
+    },
+    body: JSON.stringify({
+      providerID: opts.providerID,
+      modelID: opts.modelID,
+      prompt: opts.prompt,
+    }),
+    signal: opts.signal,
+  })
+  if (res.status === 401 || res.status === 403) {
+    throw new HttpError(res.status, 'OpenCode rejected the credentials. Check the username:password configured for this agent.')
+  }
+  if (res.status !== 204 && res.status !== 200 && res.status !== 202) {
+    if (res.status === 404) return { status: 404 }
+    const body = await safeReadText(res)
+    throw new HttpError(res.status, `OpenCode prompt_async failed (HTTP ${res.status})${body ? `: ${body.slice(0, 200)}` : ''}`)
+  }
+  return { status: res.status }
+}
+
+async function safeReadText(res: Response): Promise<string> {
+  try { return await res.text() } catch { return '' }
+}
+
+class HttpError extends Error {
+  constructor(public readonly status: number, message: string) {
+    super(message)
+  }
+}
+
+/**
+ * Stream an agent chat turn against a remote OpenCode HTTP server
+ * (`opencode serve` or `opencode web`). Talks to the same REST + SSE API
+ * as the official CLI. Stores the OpenCode session id on
+ * `session.opencodeWebSessionId` so subsequent turns reuse it.
+ */
+export function streamOpenCodeWebChat(opts: StreamChatOptions): Promise<string> {
+  const { session, message, systemPrompt, apiKey, write, active, signal } = opts
+
+  const endpoint = (session.apiEndpoint as string | undefined) || DEFAULT_ENDPOINT
+  const cwd = (session.cwd as string | undefined) || process.cwd()
+  const auth = parseBasicAuth(apiKey)
+  const authHeader = buildAuthHeader(auth)
+  const { providerID, modelID } = parseModelId(session.model as string | undefined)
+
+  const controller = new AbortController()
+  if (signal) {
+    if (signal.aborted) controller.abort()
+    else signal.addEventListener('abort', () => controller.abort(), { once: true })
+  }
+  active.set(session.id, controller)
+
+  const promptParts: string[] = []
+  if (systemPrompt && !session.opencodeWebSessionId) {
+    promptParts.push(`[System instructions]\n${systemPrompt}`)
+  }
+  promptParts.push(message)
+  const prompt = promptParts.join('\n\n')
+
+  return (async () => {
+    let fullResponse = ''
+    try {
+      // Ensure we have a server-side session id. On HTTP 404 from prompt
+      // (FR-9: graceful expiry), we null this and recreate exactly once.
+      let sessionId = (session.opencodeWebSessionId as string | null | undefined)
+        || await createSession({ endpoint, cwd, authHeader, signal: controller.signal })
+      session.opencodeWebSessionId = sessionId
+
+      let postResult = await postPrompt({
+        endpoint, sessionId, cwd, prompt, providerID, modelID, authHeader, signal: controller.signal,
+      })
+      if (postResult.status === 404) {
+        log.info(TAG, `[${session.id}] session ${sessionId} returned 404, recreating`)
+        sessionId = await createSession({ endpoint, cwd, authHeader, signal: controller.signal })
+        session.opencodeWebSessionId = sessionId
+        postResult = await postPrompt({
+          endpoint, sessionId, cwd, prompt, providerID, modelID, authHeader, signal: controller.signal,
+        })
+        if (postResult.status === 404) {
+          throw new HttpError(404, 'OpenCode rejected the prompt for a freshly-created session — the server may be misconfigured.')
+        }
+      }
+
+      const eventUrl = `${joinUrl(endpoint, '/event')}?session=${encodeURIComponent(sessionId)}`
+      const eventRes = await fetch(eventUrl, {
+        method: 'GET',
+        headers: {
+          Accept: 'text/event-stream',
+          ...(authHeader ? { Authorization: authHeader } : {}),
+        },
+        signal: controller.signal,
+      })
+      if (!eventRes.ok || !eventRes.body) {
+        throw new HttpError(eventRes.status, `OpenCode event stream failed (HTTP ${eventRes.status})`)
+      }
+
+      const reader = eventRes.body.getReader()
+      const decoder = new TextDecoder()
+      const parser = new SseLineParser()
+      let completed = false
+
+      while (!completed) {
+        const { done, value } = await reader.read()
+        if (done) break
+        const chunk = decoder.decode(value, { stream: true })
+        parser.feed(chunk, (ev) => {
+          const text = extractTextDelta(ev)
+          if (text) {
+            fullResponse += text
+            write(`data: ${JSON.stringify({ t: 'd', text })}\n\n`)
+            return
+          }
+          const errMsg = extractErrorMessage(ev)
+          if (errMsg) {
+            write(`data: ${JSON.stringify({ t: 'err', text: errMsg })}\n\n`)
+            return
+          }
+          if (isCompletionEvent(ev)) completed = true
+        })
+      }
+
+      return fullResponse
+    } catch (err: unknown) {
+      const msg = err instanceof HttpError
+        ? err.message
+        : err instanceof Error
+          ? err.message
+          : String(err)
+      log.error(TAG, `[${session.id}] ${msg}`)
+      write(`data: ${JSON.stringify({ t: 'err', text: msg })}\n\n`)
+      return fullResponse
+    } finally {
+      active.delete(session.id)
+    }
+  })()
+}

package/src/lib/server/context-manager.ts

@@ -77,6 +77,7 @@ const PROVIDER_DEFAULT_WINDOWS: Record<string, number> = {
   openai: 128_000,
   'codex-cli': 1_047_576,
   'opencode-cli': 200_000,
+  'opencode-web': 200_000,
   'gemini-cli': 1_048_576,
   'copilot-cli': 200_000,
   'droid-cli': 200_000,

package/src/lib/server/daemon/controller.ts

@@ -31,7 +31,14 @@ import {
   releaseRuntimeLock,
   tryAcquireRuntimeLock,
 } from '@/lib/server/runtime/runtime-lock-repository'
-import { errorMessage } from '@/lib/shared-utils'
+import { errorMessage, hmrSingleton } from '@/lib/shared-utils'
+
+// HMR-safe single-shot guard so the "subprocess fallback unavailable"
+// warning logs once per process lifetime, not per API call.
+const subprocessFallbackUnavailableLogged = hmrSingleton<{ value: boolean }>(
+  '__swarmclaw_daemon_subprocess_fallback_warned__',
+  () => ({ value: false }),
+)
 
 const TAG = 'daemon-controller'
 const LAUNCH_LOCK_NAME = 'daemon-launcher'
@@ -367,7 +374,22 @@ export async function ensureDaemonProcessRunning(
     const secondCheck = await getLiveDaemonSnapshot()
     if (secondCheck?.status.running) return false
 
-    const { root, entry } = resolveDaemonRuntimeEntry()
+    let resolved: { root: string; entry: string }
+    try {
+      resolved = resolveDaemonRuntimeEntry()
+    } catch (err: unknown) {
+      // The standalone Docker image does not ship `src/` (Next.js standalone
+      // output excludes raw source files), so the subprocess fallback can
+      // never spawn there. Fail soft: log once and let callers fall back to
+      // whatever in-process daemon path is available rather than surfacing
+      // a 500 to API consumers. Reported as issue #41 (Bug 3).
+      if (!subprocessFallbackUnavailableLogged.value) {
+        subprocessFallbackUnavailableLogged.value = true
+        log.warn(TAG, `[daemon] Subprocess fallback unavailable in this build (${errorMessage(err)}). The in-process daemon will continue to be the primary path.`)
+      }
+      return false
+    }
+    const { root, entry } = resolved
     const adminPort = await reservePort()
     const adminToken = crypto.randomBytes(24).toString('hex')
     fs.mkdirSync(path.dirname(DAEMON_LOG_PATH), { recursive: true })

package/src/lib/server/daemon/lease-owner.test.ts

@@ -0,0 +1,72 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import { isOwnerProcessDead, parseOwnerPid } from '@/lib/server/daemon/lease-owner'
+
+function probeThrowing(code: string) {
+  return {
+    kill: () => {
+      const err = new Error('mock probe failure') as NodeJS.ErrnoException
+      err.code = code
+      throw err
+    },
+  }
+}
+
+const probeAlive = { kill: () => true as const }
+
+describe('parseOwnerPid', () => {
+  it('returns the pid for a well-formed owner string', () => {
+    assert.equal(parseOwnerPid('pid:12345:abc'), 12345)
+    assert.equal(parseOwnerPid('pid:1:xyz'), 1)
+  })
+
+  it('returns null for unrecognised owner strings', () => {
+    assert.equal(parseOwnerPid(null), null)
+    assert.equal(parseOwnerPid(undefined), null)
+    assert.equal(parseOwnerPid(''), null)
+    assert.equal(parseOwnerPid('another process'), null)
+    assert.equal(parseOwnerPid('pid::abc'), null)
+    assert.equal(parseOwnerPid('pid:abc:xyz'), null)
+    assert.equal(parseOwnerPid('host:hostname:pid:1:abc'), null)
+  })
+
+  it('rejects zero and negative pids', () => {
+    assert.equal(parseOwnerPid('pid:0:abc'), null)
+    assert.equal(parseOwnerPid('pid:-1:abc'), null)
+  })
+})
+
+describe('isOwnerProcessDead — bug #41 stale-lease recovery', () => {
+  it('returns true when the probe reports ESRCH (no such process)', () => {
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeThrowing('ESRCH')), true)
+  })
+
+  it('returns false when the probe reports EPERM (process owned by someone else)', () => {
+    // EPERM means the process exists but signal delivery is blocked. Assume alive
+    // and do not steal the lease — bias towards waiting for TTL.
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeThrowing('EPERM')), false)
+  })
+
+  it('returns false when the probe succeeds (process is alive)', () => {
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeAlive), false)
+  })
+
+  it('returns false for any unknown probe error code (do not guess)', () => {
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeThrowing('EAGAIN')), false)
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeThrowing('UNKNOWN')), false)
+  })
+
+  it('returns false for owner strings we cannot parse (different host, malformed, missing)', () => {
+    assert.equal(isOwnerProcessDead(null, probeThrowing('ESRCH')), false)
+    assert.equal(isOwnerProcessDead('another process', probeThrowing('ESRCH')), false)
+    assert.equal(isOwnerProcessDead('host:remote:pid:1:abc', probeThrowing('ESRCH')), false)
+  })
+
+  it('refuses to declare its own pid dead even if probe lies', () => {
+    // Defence in depth: the current process is obviously alive; if a
+    // pathological probe returned ESRCH for its own pid, we must not
+    // act on that.
+    const owner = `pid:${process.pid}:self`
+    assert.equal(isOwnerProcessDead(owner, probeThrowing('ESRCH')), false)
+  })
+})

package/src/lib/server/daemon/lease-owner.ts

@@ -0,0 +1,68 @@
+/**
+ * Helpers for reasoning about who owns a runtime lease.
+ *
+ * Owner strings have the shape `pid:${pid}:${suffix}` (see
+ * `runtime/daemon-state/core.ts` where the suffix is generated). When the
+ * holding process disappears without releasing the lease (container crash,
+ * SIGKILL), a successor instance has no way to know the lease is stale
+ * other than waiting out the TTL. These helpers let the successor detect
+ * that the recorded pid is no longer alive and reclaim the lease.
+ *
+ * The reclaim path is intentionally conservative: any uncertainty (owner
+ * string format we do not recognise, probe outcome we cannot interpret,
+ * etc.) returns `false` so the caller falls back to "wait for TTL".
+ *
+ * Single-host only. If a lease was acquired on a different host (Kubernetes
+ * multi-pod), the recorded pid means nothing here. Recognising "different
+ * host" requires the owner string itself to encode a host id, which we do
+ * not currently do; for now, mixed-host deployments will continue to wait
+ * out the TTL, which is the correct behavior in the absence of a way to
+ * verify the remote process status.
+ */
+
+const OWNER_PATTERN = /^pid:(\d+):/
+
+export interface ProcessProbe {
+  /** Sends signal 0 to the pid, throws on error like `process.kill`. */
+  kill: (pid: number, signal: 0) => true | void
+}
+
+const realProbe: ProcessProbe = {
+  kill: (pid, signal) => {
+    process.kill(pid, signal)
+    return true
+  },
+}
+
+export function parseOwnerPid(owner: string | null | undefined): number | null {
+  if (typeof owner !== 'string') return null
+  const match = owner.match(OWNER_PATTERN)
+  if (!match) return null
+  const pid = Number(match[1])
+  return Number.isInteger(pid) && pid > 0 ? pid : null
+}
+
+/**
+ * Returns true when the recorded owner pid is provably dead on this host.
+ * Returns false for any other outcome:
+ *   - owner string we cannot parse
+ *   - probe succeeded (the process is alive)
+ *   - probe failed with EPERM (process exists but is owned by someone
+ *     else; treat as "alive, do not steal")
+ *   - any other unexpected failure (do not guess)
+ *
+ * `probe` is injectable for tests.
+ */
+export function isOwnerProcessDead(owner: string | null | undefined, probe: ProcessProbe = realProbe): boolean {
+  const pid = parseOwnerPid(owner)
+  if (pid === null) return false
+  if (pid === process.pid) return false
+  try {
+    probe.kill(pid, 0)
+    return false
+  } catch (err: unknown) {
+    const code = (err as NodeJS.ErrnoException | undefined)?.code
+    if (code === 'ESRCH') return true
+    return false
+  }
+}

package/src/lib/server/git-metadata.test.ts

@@ -0,0 +1,45 @@
+import { describe, it, beforeEach } from 'node:test'
+import assert from 'node:assert/strict'
+import { gitAvailable, resetGitAvailableCache, safeGit } from '@/lib/server/git-metadata'
+
+describe('safeGit', () => {
+  it('returns null when git is invoked with arguments that produce no useful output', () => {
+    // `git` invoked outside of a repository and asked for a missing config key
+    // is one of the few invocations guaranteed to fail on every host, while
+    // still respecting the real binary path. If git itself is not installed,
+    // `safeGit` still returns null (the catch path).
+    const out = safeGit(['config', 'this.key.does.not.exist'])
+    assert.equal(out, null)
+  })
+
+  it('returns a trimmed string for a successful invocation', () => {
+    const version = safeGit(['--version'])
+    if (version === null) return // git is not installed in this env; skip
+    assert.match(version, /^git version /)
+  })
+})
+
+describe('gitAvailable', () => {
+  beforeEach(() => {
+    resetGitAvailableCache()
+  })
+
+  it('caches its result', () => {
+    const first = gitAvailable()
+    // After the first call, subsequent calls return the same value without
+    // re-probing. We cannot directly observe "did it re-probe?" without
+    // mocking `node:child_process`, so we just assert stability.
+    const second = gitAvailable()
+    const third = gitAvailable()
+    assert.equal(first, second)
+    assert.equal(second, third)
+  })
+
+  it('reflects whether the cwd is in a git checkout', () => {
+    // This test runs from inside the swarmclaw repo, so git should be
+    // available. When run from inside the published Docker image (where
+    // `.git/` is absent), the same call returns false.
+    const present = gitAvailable()
+    assert.equal(typeof present, 'boolean')
+  })
+})

package/src/lib/server/git-metadata.ts

@@ -0,0 +1,42 @@
+import { execFileSync } from 'node:child_process'
+
+/**
+ * Pure helpers for reading git metadata at runtime, with graceful degradation
+ * when the working directory is not a git checkout (Docker production image,
+ * npm tarball install, etc.).
+ *
+ * Always uses `execFileSync` with an arg array (no shell) so user input cannot
+ * influence the command line.
+ */
+export function safeGit(args: string[], cwd: string = process.cwd()): string | null {
+  try {
+    const out = execFileSync('git', args, {
+      cwd,
+      encoding: 'utf-8',
+      timeout: 15_000,
+      stdio: ['ignore', 'pipe', 'ignore'],
+    })
+    return typeof out === 'string' ? out.trim() : null
+  } catch {
+    return null
+  }
+}
+
+let cachedAvailable: boolean | null = null
+
+/**
+ * Returns true when the current working directory looks like a git checkout
+ * (i.e. `git rev-parse --git-dir` succeeds). Cached for the lifetime of the
+ * process, since the answer does not change while a server is running.
+ *
+ * Exported `resetGitAvailableCache` is for unit tests only.
+ */
+export function gitAvailable(): boolean {
+  if (cachedAvailable !== null) return cachedAvailable
+  cachedAvailable = safeGit(['rev-parse', '--git-dir']) !== null
+  return cachedAvailable
+}
+
+export function resetGitAvailableCache(): void {
+  cachedAvailable = null
+}

package/src/lib/server/runtime/daemon-state/core.ts

@@ -4,6 +4,7 @@ import { loadConnectors, saveConnectors } from '@/lib/server/connectors/connecto
 import { decryptKey, loadCredentials } from '@/lib/server/credentials/credential-repository'
 import { loadQueue } from '@/lib/server/runtime/queue-repository'
 import { pruneExpiredLocks, readRuntimeLock, releaseRuntimeLock, renewRuntimeLock, tryAcquireRuntimeLock } from '@/lib/server/runtime/runtime-lock-repository'
+import { isOwnerProcessDead } from '@/lib/server/daemon/lease-owner'
 import { loadSchedules } from '@/lib/server/schedules/schedule-repository'
 import { loadSessions } from '@/lib/server/sessions/session-repository'
 import { loadSettings } from '@/lib/server/settings/settings-repository'
@@ -126,6 +127,7 @@ interface DaemonState {
   shuttingDown: boolean
   providerPingCircuitBreaker: Map<string, { consecutiveFailures: number; skipUntil: number }>
   lockRenewIntervalId: ReturnType<typeof setInterval> | null
+  leaseRetryTimeoutId: ReturnType<typeof setTimeout> | null
   primaryLeaseHeld: boolean
 }
 
@@ -151,6 +153,7 @@ const ds: DaemonState = hmrSingleton<DaemonState>('__swarmclaw_daemon__', () =>
   shuttingDown: false,
   providerPingCircuitBreaker: new Map<string, { consecutiveFailures: number; skipUntil: number }>(),
   lockRenewIntervalId: null,
+  leaseRetryTimeoutId: null,
   primaryLeaseHeld: false,
 }))
 
@@ -180,6 +183,7 @@ if (ds.connectorHealthCheckRunning === undefined) ds.connectorHealthCheckRunning
 if (ds.shuttingDown === undefined) ds.shuttingDown = false
 if (!ds.providerPingCircuitBreaker) ds.providerPingCircuitBreaker = new Map<string, { consecutiveFailures: number; skipUntil: number }>()
 if (ds.lockRenewIntervalId === undefined) ds.lockRenewIntervalId = null
+if (ds.leaseRetryTimeoutId === undefined) ds.leaseRetryTimeoutId = null
 if (ds.primaryLeaseHeld === undefined) ds.primaryLeaseHeld = false
 
 function stopDaemonLeaseRenewal(opts?: { release?: boolean }) {
@@ -229,12 +233,60 @@ function acquireDaemonLease(source: string): boolean {
   }
   if (!acquired) {
     let owner = 'another process'
+    let expiresAt: number | null = null
     try {
-      owner = readRuntimeLock(DAEMON_RUNTIME_LOCK_NAME)?.owner || owner
+      const lease = readRuntimeLock(DAEMON_RUNTIME_LOCK_NAME)
+      if (lease) {
+        owner = lease.owner || owner
+        expiresAt = lease.expiresAt
+      }
     } catch {
       // Best-effort diagnostics only.
     }
+
+    // Stale-lease recovery: when a previous container / process crashed
+    // without releasing the lease, the new instance would otherwise wait
+    // up to the full TTL (DAEMON_RUNTIME_LOCK_TTL_MS) before being able
+    // to start the daemon. If the recorded owner pid is local to this
+    // host AND is no longer alive, reclaim the lease immediately and
+    // retry. Conservative: any uncertainty (different host, malformed
+    // owner, kill probe failed for an unexpected reason) skips the
+    // reclaim path. Reported as issue #41 (Bug 2).
+    if (isOwnerProcessDead(owner)) {
+      try {
+        releaseRuntimeLock(DAEMON_RUNTIME_LOCK_NAME, owner)
+        log.info(TAG, `[daemon] Reclaimed stale daemon-primary lease from dead owner ${owner}`)
+        let retried = false
+        try {
+          retried = tryAcquireRuntimeLock(DAEMON_RUNTIME_LOCK_NAME, daemonLockOwner, DAEMON_RUNTIME_LOCK_TTL_MS)
+        } catch (err: unknown) {
+          log.warn(TAG, `[daemon] Reclaim retry failed (source=${source}): ${errorMessage(err)}`)
+        }
+        if (retried) {
+          ds.primaryLeaseHeld = true
+          startDaemonLeaseRenewal()
+          return true
+        }
+      } catch (err: unknown) {
+        log.warn(TAG, `[daemon] Failed to release stale lease (source=${source}): ${errorMessage(err)}`)
+      }
+    }
+
     log.info(TAG, `[daemon] Skipping start (source=${source}); lease held by ${owner}`)
+
+    // Schedule one deferred retry slightly past the lease's expiry so
+    // the daemon comes up automatically once the prior owner's TTL has
+    // elapsed, instead of waiting for the next API call to nudge it.
+    if (expiresAt !== null) {
+      const delayMs = Math.max(1_000, expiresAt - Date.now() + 1_000)
+      if (ds.leaseRetryTimeoutId) clearTimeout(ds.leaseRetryTimeoutId)
+      ds.leaseRetryTimeoutId = setTimeout(() => {
+        ds.leaseRetryTimeoutId = null
+        if (ds.running || ds.primaryLeaseHeld) return
+        ensureDaemonStarted(`${source}:lease-retry`)
+      }, delayMs)
+      ds.leaseRetryTimeoutId.unref?.()
+    }
     return false
   }
   ds.primaryLeaseHeld = true

package/src/lib/setup-defaults.ts

@@ -7,6 +7,7 @@ export type SetupProvider =
   | 'claude-cli'
   | 'codex-cli'
   | 'opencode-cli'
+  | 'opencode-web'
   | 'gemini-cli'
   | 'copilot-cli'
   | 'droid-cli'
@@ -79,6 +80,19 @@ export const SETUP_PROVIDERS: SetupProviderOption[] = [
     badge: 'CLI',
     icon: 'O',
   },
+  {
+    id: 'opencode-web',
+    name: 'OpenCode Web',
+    description: 'Connect to a remote OpenCode HTTP server (`opencode serve` or `opencode web`). Supports HTTPS and HTTP Basic Auth.',
+    requiresKey: false,
+    optionalKey: true,
+    supportsEndpoint: true,
+    defaultEndpoint: 'http://localhost:4096',
+    keyLabel: 'username:password (Basic Auth)',
+    keyPlaceholder: 'opencode:••••••• (or just the password)',
+    badge: 'HTTP',
+    icon: 'O',
+  },
   {
     id: 'gemini-cli',
     name: 'Gemini CLI',
@@ -743,6 +757,13 @@ export const DEFAULT_AGENTS: Record<SetupProvider, DefaultAgentConfig> = {
     model: 'claude-sonnet-4-6',
     tools: STARTER_AGENT_TOOLS,
   },
+  'opencode-web': {
+    name: 'OpenCode Web',
+    description: 'A helpful assistant powered by a remote OpenCode HTTP server.',
+    systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
+    model: 'anthropic/claude-sonnet-4-5',
+    tools: STARTER_AGENT_TOOLS,
+  },
   'gemini-cli': {
     name: 'Gemini CLI',
     description: 'A helpful assistant powered by Gemini CLI.',

package/src/types/provider.ts

@@ -1,4 +1,4 @@
-export type ProviderType = 'claude-cli' | 'codex-cli' | 'opencode-cli' | 'gemini-cli' | 'copilot-cli' | 'droid-cli' | 'cursor-cli' | 'qwen-code-cli' | 'goose' | 'openai' | 'openrouter' | 'ollama' | 'anthropic' | 'openclaw' | 'hermes' | 'google' | 'deepseek' | 'groq' | 'together' | 'mistral' | 'xai' | 'fireworks' | 'nebius' | 'deepinfra'
+export type ProviderType = 'claude-cli' | 'codex-cli' | 'opencode-cli' | 'opencode-web' | 'gemini-cli' | 'copilot-cli' | 'droid-cli' | 'cursor-cli' | 'qwen-code-cli' | 'goose' | 'openai' | 'openrouter' | 'ollama' | 'anthropic' | 'openclaw' | 'hermes' | 'google' | 'deepseek' | 'groq' | 'together' | 'mistral' | 'xai' | 'fireworks' | 'nebius' | 'deepinfra'
 export type ProviderId = ProviderType | (string & {})
 
 export interface ProviderInfo {

package/src/types/session.ts

@@ -69,6 +69,7 @@ export interface Session {
   claudeSessionId: string | null
   codexThreadId?: string | null
   opencodeSessionId?: string | null
+  opencodeWebSessionId?: string | null
   geminiSessionId?: string | null
   copilotSessionId?: string | null
   droidSessionId?: string | null