@swarmclawai/swarmclaw 1.5.42 → 1.5.44

package/README.md

@@ -389,6 +389,22 @@ Operational docs: https://swarmclaw.ai/docs/observability
 
 ## Releases
 
+### v1.5.44 Highlights
+
+- **Model lists refreshed across every provider**: dropdowns now lead with the April-2026 flagship models instead of mid-2025 names. OpenAI goes to GPT-5.4 / 5.4-mini / 5.4-nano / 5.3 / o3-mini. Google and Gemini CLI lead with Gemini 3.1 Pro, Gemini 3 Flash, and 3.1 Flash-Lite, keeping 2.5 as a legacy fallback. xAI jumps from Grok 3 to Grok 4 plus the Grok 4 / 4.1 Fast reasoning and non-reasoning variants. Groq drops the deprecated `deepseek-r1-distill-llama-70b` and leads with Llama 4 Maverick, Llama 4 Scout, Kimi K2, and gpt-oss 120b/20b. Mistral moves to Magistral 1.2, Devstral 2, Codestral, and Mistral Small 4. Fireworks / Nebius / DeepInfra now lead with DeepSeek V3.2, Kimi K2.5, and Qwen 3 235B instead of the older R1-0528 checkpoint. Anthropic and Claude CLI reorder Opus 4.6 / Sonnet 4.6 / Haiku 4.5 newest-first. OpenCode Web refreshes its `providerID/modelID` seed list.
+- **OpenRouter default set expanded**: was one model (`openai/gpt-4.1-mini`). Now ten flagship routes including `openrouter/auto`, Claude 4.6 Opus / Sonnet / Haiku, GPT-5.4, Gemini 3.1 Pro / 3 Flash, Grok 4, DeepSeek V3.2, and Llama 4 Maverick. Much better first-run experience for the "provider that routes to every other provider".
+- **`DEFAULT_AGENTS` models refreshed**: 11 starter-agent models updated to match the new flagship lineups (OpenAI → GPT-5.4, xAI → Grok 4, Google / Gemini CLI → Gemini 3.1 Pro, Groq → Llama 4 Maverick, Fireworks / Nebius / DeepInfra → DeepSeek V3.2, OpenCode Web / Copilot CLI → Claude Sonnet 4.6, OpenRouter → Claude Sonnet 4.6). Starter agents created from the setup wizard now default to the right model out of the box.
+- **Starter-agent tool bundles now include `droid_cli` and `copilot_cli`**: these delegation backends were added in v1.5.37 and v1.5.3 respectively but never made it into `STARTER_AGENT_TOOLS` / `BUILDER_AGENT_TOOLS`. Every starter kit (Sidekick, Researcher, Builder, Reviewer, Operator, OpenClaw fleet) now picks them up on new workspace creation.
+- **DeepSeek note**: `deepseek-chat` and `deepseek-reasoner` remain the recommended model names — they are stable aliases that auto-track the current `V3.2` weights. No action required.
+- **Registry sanity test**: added `provider-models.test.ts` which asserts every provider declares a non-empty deduplicated models array, matching metadata keys, and a working `handler.streamChat`. Guards against future copy-paste regressions in the registry.
+
+### v1.5.43 Highlights
+
+- **`/api/version` no longer 500s in Docker**: the route used to shell out to `git` at runtime, which fails in the production image because `.git/` is not copied. The route now returns 200 with `{ source: 'package', version }` from `package.json` when git metadata is unavailable, and `{ source: 'git', version, commit, ... }` when it is. `/api/version/update` short-circuits on Docker-style installs with a clear `no_git_metadata` reason instead of an opaque 500. ([#41](https://github.com/swarmclawai/swarmclaw/issues/41) Bug 1, reported by [@SteamedFish](https://github.com/SteamedFish).)
+- **Daemon reclaims stale `daemon-primary` leases on container restart**: when the previous container died holding the SQLite-backed lease, the new container previously waited up to the full 120 s TTL before the daemon could start. The successor now parses the recorded owner pid, probes it with `process.kill(pid, 0)`, and reclaims the lease immediately when the prior owner is provably dead on this host. When the owner is genuinely alive (or when the recorded host is ambiguous, such as multi-pod Kubernetes), behaviour is unchanged but a single deferred retry is scheduled just past the TTL so the daemon comes up automatically rather than waiting for the next API call. ([#41](https://github.com/swarmclawai/swarmclaw/issues/41) Bug 2.)
+- **Subprocess daemon fallback fails soft in Docker**: when `resolveDaemonRuntimeEntry()` cannot find `src/lib/server/daemon/daemon-runtime.ts` (the file is intentionally not in the standalone build), `ensureDaemonProcessRunning()` now logs a one-shot warning and returns `false` instead of throwing into the API handler. The in-process daemon path (with the Bug 2 fix) is the production path in Docker. ([#41](https://github.com/swarmclawai/swarmclaw/issues/41) Bug 3.)
+- **`CONTRIBUTING.md`**: dropped the broken reference to `AGENTS.md`. That file is `.gitignore`'d and not visible to external contributors. The single canonical project-conventions document is `CLAUDE.md`.
+
 ### v1.5.42 Highlights
 
 - **New `opencode-web` provider — connect to remote OpenCode HTTP servers** ([#40](https://github.com/swarmclawai/swarmclaw/issues/40), requested by [@SteamedFish](https://github.com/SteamedFish)): point an agent at any host running `opencode serve` or `opencode web` (default port `4096`). Supports HTTPS endpoints, HTTP Basic Auth (encode credentials as `username:password` in the API key field; bare passwords default the username to `opencode`), automatic OpenCode session reuse across chat turns, and per-session workspace isolation via `?directory=...`. Models are entered as `providerID/modelID` (e.g. `anthropic/claude-sonnet-4-5`). The existing `opencode-cli` provider is unchanged.
@@ -408,26 +424,6 @@ Operational docs: https://swarmclaw.ai/docs/observability
 - **Classifier timeout raised to 10 s**: 2 s was too tight for Ollama Cloud with a fully-configured agent (observed 4–6 s calls). Result caching means the latency tax only applies to first-seen messages.
 - **Reflection memories dedup across runs**: the supervisor reflection writer now compares candidate notes against recent (last 7 days) reflection memories for the same agent and skips ones that have already been stored, stopping the ~7-per-turn rediscovery churn on top of the within-run dedup shipped in v1.5.38.
 
-### v1.5.39 Highlights
-
-- **Agents default to scoped tool access**: new agents (and existing agents whose `tools` list is non-empty) now only see the tools they've been given in the system prompt. This trims ~3 k input tokens per turn — an observed CEO/coordinator agent with 14 tools and 4 loaded skills went from 62 k to 38 k chars of system prompt. Opt back into the old firehose by toggling **Universal tool access** in the agent sheet's new "Context & Tool Access" section. Memory, context management, and `ask_human` are always included regardless of the scoped list.
-- **Pinned skills budget hardening**: one long markdown skill was eating 24 k of a 62 k prompt. Inlined pinned-skill content is now capped at 3 k chars with a pointer to `use_skill` action="load" for the full guide, and auto-attached *learned* skills get a dedicated sub-budget (max 6 skills / 8 k chars) so they cannot dominate the main pinned-skills section.
-- **OpenClaw chat fast-fails on dangling credentials**: v1.5.38 added gateway-side fast-fail; the chat streaming path now does the same, emitting a clear `err` event naming the missing credential instead of dialing the gateway unauthenticated and waiting 120 s for the timeout.
-- **Queue: orphan-recovery auto-heals stale checkouts**: pre-1.5.38 storage could leave `queued` tasks with a stale `checkoutRunId` that `checkoutTask()` refused forever. Orphan recovery now clears the stale id in the same sweep that re-queues the task, and `reconcileFinishedRunningTasks` / agent-not-found / capability-mismatch paths also null out the checkout when they terminally fail a task.
-- **Perf ring buffer raised to 2 000 entries**: queue/task repository events fire ~20 Hz during task processing and were evicting chat-execution/prompt perf entries out of the 200-entry buffer before they could be read. The larger buffer lets the perf viewer actually show a full turn.
-- **Tests**: added regression tests for pre-1.5.38 stale-checkout orphan recovery and for the scoped-tool-access algorithm.
-
-### v1.5.38 Highlights
-
-- **Task queue: reclaim stale checkouts**: `checkoutTask()` now reclaims a lingering `checkoutRunId` on a `queued` task instead of refusing it forever. An ungraceful server exit mid-turn (crash, SIGKILL, HMR reload) previously left tasks uncheckoutable, producing a dispatch → orphan-recovery → failed-checkout spin that logged "Recovering orphaned queued task" tens of thousands of times per session. `scheduleRetryOrDeadLetter()` also clears the prior checkout when scheduling a retry or dead-lettering.
-- **Chat: suppress duplicate parallel tool calls**: some OSS models on Ollama (notably `devstral`) emit the same tool call twice in a single turn. The LangGraph tool-event tracker now dedupes by `name + input` signature, swallowing the duplicate start and its result while allowing a genuinely later identical call once the first completes. Hardened against replayed-start events (HMR, graph retries) that previously could leak a `run_id` into both the accepted and suppressed sets and leave `pendingCount` stuck above zero.
-- **Chat: disable `parallel_tool_calls` for Ollama**: local Ollama sessions now pass `parallel_tool_calls: false` to prevent the upstream duplicate-call behavior at the source for models that honor it.
-- **Chat: no-progress guard for tool summary retries**: if the model produces essentially no new text on a `tool_summary` continuation, the loop stops retrying instead of streaming the same short sentence two or three times. The guard is snapshot-aware: a transient-error rollback no longer leaves a stale progress counter that silently skips a legitimate retry (`lastToolSummaryTextLen` is now round-tripped through `ChatTurnState.snapshot`/`restore`).
-- **Task UI: distinguish retry-pending from failure**: a retrying task now renders in amber with a "Retry Pending" label in the task card and sheet, instead of the same red treatment used for dead-lettered failures.
-- **Autonomy: dedupe reflection memories across kinds**: the supervisor reflection writer now drops notes whose normalized text has already been stored this run, eliminating near-identical memory rows classified under multiple kinds.
-- **OpenClaw gateway: fast-fail on dangling credentials**: when an agent's OpenClaw route references a deleted or missing credential, the gateway now refuses to dial the WebSocket up front instead of attempting an unauthenticated handshake and waiting the full 120 s for the agent-side timeout. The credential-missing log line is promoted from warn to error so it surfaces in routine monitoring.
-- **Prompt size profiler**: setting `SWARMCLAW_PROFILE_PROMPT=1` now logs a per-section size breakdown of the assembled system prompt (block index, first-line label, char count) on every turn, making it practical to diagnose why a specific agent is eating context budget. Off by default so production turns stay quiet.
-
 Older releases: https://swarmclaw.ai/docs/release-notes
 
 - GitHub releases: https://github.com/swarmclawai/swarmclaw/releases

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.5.42",
+  "version": "1.5.44",
   "description": "Build and run autonomous AI agents with OpenClaw, Hermes, multiple model providers, orchestration, delegation, memory, skills, schedules, and chat connectors.",
   "main": "electron-dist/main.js",
   "license": "MIT",

package/src/app/api/version/route.ts

@@ -1,7 +1,8 @@
 import { NextResponse } from 'next/server'
-import { execSync } from 'child_process'
-export const dynamic = 'force-dynamic'
+import { gitAvailable, safeGit } from '@/lib/server/git-metadata'
+import packageJson from '../../../../package.json'
 
+export const dynamic = 'force-dynamic'
 
 let cachedRemote: {
   sha: string
@@ -10,74 +11,87 @@ let cachedRemote: {
   remoteTag: string | null
   checkedAt: number
 } | null = null
-const CACHE_TTL = 60_000 // 60s
+const CACHE_TTL = 60_000
 const RELEASE_TAG_RE = /^v\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/
 
-function run(cmd: string): string {
-  return execSync(cmd, { encoding: 'utf-8', cwd: process.cwd(), timeout: 15_000 }).trim()
-}
-
 function getLatestStableTag(): string | null {
-  const tags = run(`git tag --list 'v*' --sort=-v:refname`)
-    .split('\n')
-    .map((line) => line.trim())
-    .filter(Boolean)
-  return tags.find((tag) => RELEASE_TAG_RE.test(tag)) || null
+  const out = safeGit(['tag', '--list', 'v*', '--sort=-v:refname'])
+  if (!out) return null
+  return out.split('\n').map((l) => l.trim()).filter(Boolean).find((t) => RELEASE_TAG_RE.test(t)) || null
 }
 
 function getHeadStableTag(): string | null {
-  const tags = run(`git tag --points-at HEAD --list 'v*' --sort=-v:refname`)
-    .split('\n')
-    .map((line) => line.trim())
-    .filter(Boolean)
-  return tags.find((tag) => RELEASE_TAG_RE.test(tag)) || null
+  const out = safeGit(['tag', '--points-at', 'HEAD', '--list', 'v*', '--sort=-v:refname'])
+  if (!out) return null
+  return out.split('\n').map((l) => l.trim()).filter(Boolean).find((t) => RELEASE_TAG_RE.test(t)) || null
 }
 
 export async function GET(_req: Request) {
-  try {
-    const localSha = run('git rev-parse --short HEAD')
-    const localTag = getHeadStableTag()
+  // Always return 200. When git metadata is unavailable (Docker production
+  // image, npm tarball install) we fall back to the static package.json
+  // version. Issue #41 reported a 500 response when `.git/` was not present
+  // in the production container; this route now degrades gracefully.
+  const packageVersion = packageJson.version
 
-    let remoteSha = cachedRemote?.sha ?? localSha
-    let behindBy = cachedRemote?.behindBy ?? 0
-    let channel: 'stable' | 'main' = cachedRemote?.channel ?? 'main'
-    let remoteTag = cachedRemote?.remoteTag ?? null
+  if (!gitAvailable()) {
+    return NextResponse.json({
+      source: 'package',
+      version: packageVersion,
+      localSha: null,
+      localTag: `v${packageVersion}`,
+      remoteSha: null,
+      remoteTag: null,
+      channel: 'stable',
+      updateAvailable: false,
+      behindBy: 0,
+    })
+  }
 
-    if (!cachedRemote || Date.now() - cachedRemote.checkedAt > CACHE_TTL) {
-      try {
-        run('git fetch --tags origin --quiet')
-        const latestTag = getLatestStableTag()
-        if (latestTag) {
-          channel = 'stable'
-          remoteTag = latestTag
-          remoteSha = run(`git rev-parse --short ${latestTag}^{commit}`)
-          behindBy = parseInt(run(`git rev-list HEAD..${latestTag}^{commit} --count`), 10) || 0
-        } else {
-          // Fallback for repos without release tags yet.
-          channel = 'main'
-          remoteTag = null
-          run('git fetch origin main --quiet')
-          behindBy = parseInt(run('git rev-list HEAD..origin/main --count'), 10) || 0
-          remoteSha = behindBy > 0
-            ? run('git rev-parse --short origin/main')
-            : localSha
+  const localSha = safeGit(['rev-parse', '--short', 'HEAD'])
+  const localTag = getHeadStableTag()
+
+  let remoteSha = cachedRemote?.sha ?? localSha
+  let behindBy = cachedRemote?.behindBy ?? 0
+  let channel: 'stable' | 'main' = cachedRemote?.channel ?? 'main'
+  let remoteTag = cachedRemote?.remoteTag ?? null
+
+  if (!cachedRemote || Date.now() - cachedRemote.checkedAt > CACHE_TTL) {
+    const fetched = safeGit(['fetch', '--tags', 'origin', '--quiet'])
+    if (fetched !== null) {
+      const latestTag = getLatestStableTag()
+      if (latestTag) {
+        channel = 'stable'
+        remoteTag = latestTag
+        const sha = safeGit(['rev-parse', '--short', `${latestTag}^{commit}`])
+        if (sha) remoteSha = sha
+        const count = safeGit(['rev-list', `HEAD..${latestTag}^{commit}`, '--count'])
+        behindBy = count ? (parseInt(count, 10) || 0) : 0
+      } else {
+        channel = 'main'
+        remoteTag = null
+        safeGit(['fetch', 'origin', 'main', '--quiet'])
+        const count = safeGit(['rev-list', 'HEAD..origin/main', '--count'])
+        behindBy = count ? (parseInt(count, 10) || 0) : 0
+        if (behindBy > 0) {
+          const sha = safeGit(['rev-parse', '--short', 'origin/main'])
+          if (sha) remoteSha = sha
+        } else if (localSha) {
+          remoteSha = localSha
         }
-        cachedRemote = { sha: remoteSha, behindBy, channel, remoteTag, checkedAt: Date.now() }
-      } catch {
-        // fetch failed (no network, no remote, etc.) — use stale cache or defaults
       }
+      cachedRemote = { sha: remoteSha || '', behindBy, channel, remoteTag, checkedAt: Date.now() }
     }
-
-    return NextResponse.json({
-      localSha,
-      localTag,
-      remoteSha,
-      remoteTag,
-      channel,
-      updateAvailable: behindBy > 0,
-      behindBy,
-    })
-  } catch {
-    return NextResponse.json({ error: 'Not a git repository' }, { status: 500 })
   }
+
+  return NextResponse.json({
+    source: 'git',
+    version: packageVersion,
+    localSha,
+    localTag,
+    remoteSha,
+    remoteTag,
+    channel,
+    updateAvailable: behindBy > 0,
+    behindBy,
+  })
 }

package/src/app/api/version/update/route.ts

@@ -1,6 +1,7 @@
 import { NextResponse } from 'next/server'
 import { execSync } from 'child_process'
 import { getDb } from '@/lib/server/storage'
+import { gitAvailable } from '@/lib/server/git-metadata'
 
 const RELEASE_TAG_RE = /^v\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/
 
@@ -37,6 +38,17 @@ function ensureCleanWorkingTree() {
 }
 
 export async function POST() {
+  // The git-pull update path only makes sense for source/git checkouts.
+  // Docker and packaged-app installs have their own update channels and
+  // calling this route on those installs would otherwise return a confusing
+  // 500. Surface the situation as a 200 with a clear reason instead.
+  if (!gitAvailable()) {
+    return NextResponse.json({
+      success: false,
+      reason: 'no_git_metadata',
+      error: 'Self-update is only supported for source / git checkouts. Use the npm or Docker upgrade path for this install.',
+    })
+  }
   try {
     const beforeSha = run('git rev-parse --short HEAD')
     const beforeRef = run('git rev-parse HEAD')

package/src/lib/providers/index.ts

@@ -55,7 +55,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   'claude-cli': {
     id: 'claude-cli',
     name: 'Claude Code CLI',
-    models: ['claude-sonnet-4-6', 'claude-opus-4-6', 'claude-haiku-4-5-20251001', 'claude-sonnet-4-5-20250514'],
+    models: ['claude-opus-4-6', 'claude-sonnet-4-6', 'claude-haiku-4-5'],
     requiresApiKey: false,
     requiresEndpoint: false,
     handler: { streamChat: streamClaudeCliChat },
@@ -63,7 +63,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   'codex-cli': {
     id: 'codex-cli',
     name: 'OpenAI Codex CLI',
-    models: ['gpt-5.3-codex', 'gpt-5.2-codex', 'gpt-5.1-codex', 'gpt-5-codex', 'gpt-5-codex-mini'],
+    models: ['gpt-5.4-codex', 'gpt-5.3-codex', 'gpt-5.2-codex', 'gpt-5.1-codex', 'gpt-5-codex-mini'],
     requiresApiKey: false,
     requiresEndpoint: false,
     handler: { streamChat: streamCodexCliChat },
@@ -71,7 +71,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   openai: {
     id: 'openai',
     name: 'OpenAI',
-    models: ['gpt-4o', 'gpt-4o-mini', 'gpt-4.1', 'gpt-4.1-mini', 'gpt-4.1-nano', 'o3', 'o3-mini', 'o4-mini'],
+    models: ['gpt-5.4', 'gpt-5.4-mini', 'gpt-5.4-nano', 'gpt-5.3', 'o3-mini', 'gpt-4.1', 'gpt-4.1-mini'],
     requiresApiKey: true,
     requiresEndpoint: false,
     handler: { streamChat: streamOpenAiChat },
@@ -79,7 +79,15 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   openrouter: {
     id: 'openrouter',
     name: 'OpenRouter',
-    models: ['openai/gpt-4.1-mini'],
+    models: [
+      'openrouter/auto',
+      'anthropic/claude-opus-4.6', 'anthropic/claude-sonnet-4.6', 'anthropic/claude-haiku-4.5',
+      'openai/gpt-5.4', 'openai/gpt-5.4-mini',
+      'google/gemini-3.1-pro', 'google/gemini-3-flash',
+      'x-ai/grok-4',
+      'deepseek/deepseek-v3.2',
+      'meta-llama/llama-4-maverick-17b-128e-instruct',
+    ],
     requiresApiKey: true,
     requiresEndpoint: false,
     defaultEndpoint: 'https://openrouter.ai/api/v1',
@@ -96,7 +104,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   anthropic: {
     id: 'anthropic',
     name: 'Anthropic',
-    models: ['claude-sonnet-4-6', 'claude-opus-4-6', 'claude-haiku-4-5-20251001'],
+    models: ['claude-opus-4-6', 'claude-sonnet-4-6', 'claude-haiku-4-5'],
     requiresApiKey: true,
     requiresEndpoint: false,
     handler: { streamChat: streamAnthropicChat },
@@ -132,7 +140,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   'opencode-cli': {
     id: 'opencode-cli',
     name: 'OpenCode CLI',
-    models: ['claude-sonnet-4-6', 'gpt-4.1', 'gemini-2.5-pro', 'gemini-2.5-flash'],
+    models: ['claude-opus-4-6', 'claude-sonnet-4-6', 'gpt-5.4', 'gemini-3.1-pro', 'gemini-3-flash'],
     requiresApiKey: false,
     requiresEndpoint: false,
     handler: { streamChat: streamOpenCodeCliChat },
@@ -142,7 +150,11 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
     name: 'OpenCode Web',
     // OpenCode addresses models as `providerID/modelID`. Free-text entry is
     // supported; these defaults seed the dropdown with common combinations.
-    models: ['anthropic/claude-sonnet-4-5', 'anthropic/claude-opus-4-5', 'openai/gpt-4.1', 'openai/o4-mini', 'google/gemini-2.5-pro'],
+    models: [
+      'anthropic/claude-opus-4-6', 'anthropic/claude-sonnet-4-6', 'anthropic/claude-haiku-4-5',
+      'openai/gpt-5.4', 'openai/gpt-5.4-mini',
+      'google/gemini-3.1-pro', 'google/gemini-3-flash',
+    ],
     requiresApiKey: false,
     optionalApiKey: true,
     requiresEndpoint: true,
@@ -152,7 +164,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   'gemini-cli': {
     id: 'gemini-cli',
     name: 'Gemini CLI',
-    models: ['gemini-2.5-pro', 'gemini-2.5-flash', 'gemini-2.5-flash-lite'],
+    models: ['gemini-3.1-pro', 'gemini-3-flash', 'gemini-3.1-flash-lite', 'gemini-2.5-pro', 'gemini-2.5-flash'],
     requiresApiKey: false,
     requiresEndpoint: false,
     handler: { streamChat: streamGeminiCliChat },
@@ -160,7 +172,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   'copilot-cli': {
     id: 'copilot-cli',
     name: 'GitHub Copilot CLI',
-    models: ['claude-sonnet-4-5', 'gpt-4.1', 'gemini-3-pro'],
+    models: ['claude-sonnet-4-6', 'gpt-5.4', 'gemini-3.1-pro'],
     requiresApiKey: false,
     requiresEndpoint: false,
     handler: { streamChat: streamCopilotCliChat },
@@ -202,7 +214,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   google: {
     id: 'google',
     name: 'Google Gemini',
-    models: ['gemini-2.5-pro', 'gemini-2.5-flash', 'gemini-2.5-flash-lite'],
+    models: ['gemini-3.1-pro', 'gemini-3-flash', 'gemini-3.1-flash-lite', 'gemini-2.5-pro', 'gemini-2.5-flash'],
     requiresApiKey: true,
     requiresEndpoint: false,
     defaultEndpoint: 'https://generativelanguage.googleapis.com/v1beta/openai',
@@ -219,6 +231,9 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   deepseek: {
     id: 'deepseek',
     name: 'DeepSeek',
+    // Stable aliases: 'deepseek-chat' is the non-thinking mode of the latest
+    // V-series (currently V3.2), 'deepseek-reasoner' is the thinking mode.
+    // DeepSeek rotates the underlying weights without changing these names.
     models: ['deepseek-chat', 'deepseek-reasoner'],
     requiresApiKey: true,
     requiresEndpoint: false,
@@ -236,7 +251,15 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   groq: {
     id: 'groq',
     name: 'Groq',
-    models: ['llama-3.3-70b-versatile', 'deepseek-r1-distill-llama-70b', 'qwen-qwq-32b', 'gemma2-9b-it'],
+    models: [
+      'meta-llama/llama-4-maverick-17b-128e-instruct',
+      'meta-llama/llama-4-scout-17b-16e-instruct',
+      'moonshotai/kimi-k2-instruct-0905',
+      'openai/gpt-oss-120b',
+      'openai/gpt-oss-20b',
+      'qwen/qwen3-32b',
+      'llama-3.3-70b-versatile',
+    ],
     requiresApiKey: true,
     requiresEndpoint: false,
     defaultEndpoint: 'https://api.groq.com/openai/v1',
@@ -253,7 +276,14 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   together: {
     id: 'together',
     name: 'Together AI',
-    models: ['meta-llama/Llama-4-Maverick-17B-128E-Instruct-FP8', 'deepseek-ai/DeepSeek-R1', 'Qwen/Qwen2.5-72B-Instruct'],
+    models: [
+      'meta-llama/Llama-4-Maverick-17B-128E-Instruct-FP8',
+      'meta-llama/Llama-4-Scout-17B-16E-Instruct',
+      'deepseek-ai/DeepSeek-V3.2',
+      'deepseek-ai/DeepSeek-R1',
+      'Qwen/Qwen3-235B-A22B-Instruct',
+      'moonshotai/Kimi-K2-Instruct-0905',
+    ],
     requiresApiKey: true,
     requiresEndpoint: false,
     defaultEndpoint: 'https://api.together.xyz/v1',
@@ -270,7 +300,16 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   mistral: {
     id: 'mistral',
     name: 'Mistral AI',
-    models: ['mistral-large-latest', 'mistral-small-latest', 'magistral-medium-2506', 'devstral-small-latest'],
+    models: [
+      'magistral-medium-1.2',
+      'magistral-small-1.2',
+      'devstral-medium',
+      'devstral-small-1.1',
+      'codestral-latest',
+      'mistral-small-4',
+      'mistral-large-latest',
+      'ministral-3b-latest',
+    ],
     requiresApiKey: true,
     requiresEndpoint: false,
     defaultEndpoint: 'https://api.mistral.ai/v1',
@@ -287,7 +326,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   xai: {
     id: 'xai',
     name: 'xAI (Grok)',
-    models: ['grok-3', 'grok-3-fast', 'grok-3-mini', 'grok-3-mini-fast'],
+    models: ['grok-4', 'grok-4-fast-reasoning', 'grok-4-fast-non-reasoning', 'grok-4-1-fast-reasoning', 'grok-4-1-fast-non-reasoning'],
     requiresApiKey: true,
     requiresEndpoint: false,
     defaultEndpoint: 'https://api.x.ai/v1',
@@ -304,7 +343,13 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   fireworks: {
     id: 'fireworks',
     name: 'Fireworks AI',
-    models: ['accounts/fireworks/models/deepseek-r1-0528', 'accounts/fireworks/models/llama-v3p3-70b-instruct', 'accounts/fireworks/models/qwen3-235b-a22b'],
+    models: [
+      'accounts/fireworks/models/deepseek-v3p2',
+      'accounts/fireworks/models/kimi-k2-instruct-0905',
+      'accounts/fireworks/models/glm-5',
+      'accounts/fireworks/models/qwen3-235b-a22b',
+      'accounts/fireworks/models/llama-v3p3-70b-instruct',
+    ],
     requiresApiKey: true,
     requiresEndpoint: false,
     defaultEndpoint: 'https://api.fireworks.ai/inference/v1',
@@ -321,7 +366,13 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   nebius: {
     id: 'nebius',
     name: 'Nebius',
-    models: ['deepseek-ai/DeepSeek-R1-0528', 'Qwen/Qwen3-235B-A22B', 'meta-llama/Llama-4-Maverick-17B-128E-Instruct-FP8'],
+    models: [
+      'deepseek-ai/DeepSeek-V3.2',
+      'moonshotai/Kimi-K2-Instruct',
+      'Qwen/Qwen3-235B-A22B',
+      'meta-llama/Llama-4-Maverick-17B-128E-Instruct-FP8',
+      'deepseek-ai/DeepSeek-R1',
+    ],
     requiresApiKey: true,
     requiresEndpoint: false,
     defaultEndpoint: 'https://api.tokenfactory.nebius.com/v1',
@@ -338,7 +389,13 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
   deepinfra: {
     id: 'deepinfra',
     name: 'DeepInfra',
-    models: ['deepseek-ai/DeepSeek-R1-0528', 'meta-llama/Llama-4-Maverick-17B-128E-Instruct-FP8', 'Qwen/Qwen3-235B-A22B'],
+    models: [
+      'deepseek-ai/DeepSeek-V3.2',
+      'moonshotai/Kimi-K2-Instruct',
+      'Qwen/Qwen3-235B-A22B',
+      'meta-llama/Llama-4-Maverick-17B-128E-Instruct-FP8',
+      'deepseek-ai/DeepSeek-R1',
+    ],
     requiresApiKey: true,
     requiresEndpoint: false,
     defaultEndpoint: 'https://api.deepinfra.com/v1/openai',
@@ -364,7 +421,7 @@ export const PROVIDERS: Record<string, BuiltinProviderConfig> = {
       'gemini-3-flash-preview', 'gemma3',
       'devstral-2', 'devstral-small-2', 'ministral-3', 'mistral-large-3',
       'gpt-oss', 'cogito-2.1', 'rnj-1', 'nemotron-3-nano',
-      'llama3.3', 'llama3.2', 'llama3.1',
+      'llama3.3', 'llama3.2',
     ],
     requiresApiKey: false,
     optionalApiKey: true,

package/src/lib/providers/provider-models.test.ts

@@ -0,0 +1,44 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import { PROVIDERS } from '@/lib/providers'
+
+describe('PROVIDERS model list sanity', () => {
+  it('every provider declares a non-empty models array', () => {
+    for (const [id, entry] of Object.entries(PROVIDERS)) {
+      assert.ok(Array.isArray(entry.models), `${id}: models must be an array`)
+      assert.ok(entry.models.length > 0, `${id}: models must be non-empty`)
+    }
+  })
+
+  it('every model id is a non-empty trimmed string', () => {
+    for (const [id, entry] of Object.entries(PROVIDERS)) {
+      for (const model of entry.models) {
+        assert.equal(typeof model, 'string', `${id}: model entries must be strings`)
+        assert.ok(model.length > 0, `${id}: model id must be non-empty`)
+        assert.equal(model, model.trim(), `${id}: model id must be trimmed (got "${model}")`)
+      }
+    }
+  })
+
+  it('no duplicate model ids within a single provider', () => {
+    for (const [id, entry] of Object.entries(PROVIDERS)) {
+      const seen = new Set<string>()
+      for (const model of entry.models) {
+        assert.ok(!seen.has(model), `${id}: duplicate model id "${model}"`)
+        seen.add(model)
+      }
+    }
+  })
+
+  it('every provider declares the required metadata fields', () => {
+    for (const [id, entry] of Object.entries(PROVIDERS)) {
+      assert.equal(typeof entry.id, 'string', `${id}: id must be a string`)
+      assert.equal(entry.id, id, `${id}: id field must match registry key`)
+      assert.equal(typeof entry.name, 'string', `${id}: name must be a string`)
+      assert.ok(entry.name.length > 0, `${id}: name must be non-empty`)
+      assert.equal(typeof entry.requiresApiKey, 'boolean', `${id}: requiresApiKey must be boolean`)
+      assert.equal(typeof entry.requiresEndpoint, 'boolean', `${id}: requiresEndpoint must be boolean`)
+      assert.equal(typeof entry.handler?.streamChat, 'function', `${id}: handler.streamChat must be a function`)
+    }
+  })
+})

package/src/lib/server/daemon/controller.ts

@@ -31,7 +31,14 @@ import {
   releaseRuntimeLock,
   tryAcquireRuntimeLock,
 } from '@/lib/server/runtime/runtime-lock-repository'
-import { errorMessage } from '@/lib/shared-utils'
+import { errorMessage, hmrSingleton } from '@/lib/shared-utils'
+
+// HMR-safe single-shot guard so the "subprocess fallback unavailable"
+// warning logs once per process lifetime, not per API call.
+const subprocessFallbackUnavailableLogged = hmrSingleton<{ value: boolean }>(
+  '__swarmclaw_daemon_subprocess_fallback_warned__',
+  () => ({ value: false }),
+)
 
 const TAG = 'daemon-controller'
 const LAUNCH_LOCK_NAME = 'daemon-launcher'
@@ -367,7 +374,22 @@ export async function ensureDaemonProcessRunning(
     const secondCheck = await getLiveDaemonSnapshot()
     if (secondCheck?.status.running) return false
 
-    const { root, entry } = resolveDaemonRuntimeEntry()
+    let resolved: { root: string; entry: string }
+    try {
+      resolved = resolveDaemonRuntimeEntry()
+    } catch (err: unknown) {
+      // The standalone Docker image does not ship `src/` (Next.js standalone
+      // output excludes raw source files), so the subprocess fallback can
+      // never spawn there. Fail soft: log once and let callers fall back to
+      // whatever in-process daemon path is available rather than surfacing
+      // a 500 to API consumers. Reported as issue #41 (Bug 3).
+      if (!subprocessFallbackUnavailableLogged.value) {
+        subprocessFallbackUnavailableLogged.value = true
+        log.warn(TAG, `[daemon] Subprocess fallback unavailable in this build (${errorMessage(err)}). The in-process daemon will continue to be the primary path.`)
+      }
+      return false
+    }
+    const { root, entry } = resolved
     const adminPort = await reservePort()
     const adminToken = crypto.randomBytes(24).toString('hex')
     fs.mkdirSync(path.dirname(DAEMON_LOG_PATH), { recursive: true })

package/src/lib/server/daemon/lease-owner.test.ts

@@ -0,0 +1,72 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import { isOwnerProcessDead, parseOwnerPid } from '@/lib/server/daemon/lease-owner'
+
+function probeThrowing(code: string) {
+  return {
+    kill: () => {
+      const err = new Error('mock probe failure') as NodeJS.ErrnoException
+      err.code = code
+      throw err
+    },
+  }
+}
+
+const probeAlive = { kill: () => true as const }
+
+describe('parseOwnerPid', () => {
+  it('returns the pid for a well-formed owner string', () => {
+    assert.equal(parseOwnerPid('pid:12345:abc'), 12345)
+    assert.equal(parseOwnerPid('pid:1:xyz'), 1)
+  })
+
+  it('returns null for unrecognised owner strings', () => {
+    assert.equal(parseOwnerPid(null), null)
+    assert.equal(parseOwnerPid(undefined), null)
+    assert.equal(parseOwnerPid(''), null)
+    assert.equal(parseOwnerPid('another process'), null)
+    assert.equal(parseOwnerPid('pid::abc'), null)
+    assert.equal(parseOwnerPid('pid:abc:xyz'), null)
+    assert.equal(parseOwnerPid('host:hostname:pid:1:abc'), null)
+  })
+
+  it('rejects zero and negative pids', () => {
+    assert.equal(parseOwnerPid('pid:0:abc'), null)
+    assert.equal(parseOwnerPid('pid:-1:abc'), null)
+  })
+})
+
+describe('isOwnerProcessDead — bug #41 stale-lease recovery', () => {
+  it('returns true when the probe reports ESRCH (no such process)', () => {
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeThrowing('ESRCH')), true)
+  })
+
+  it('returns false when the probe reports EPERM (process owned by someone else)', () => {
+    // EPERM means the process exists but signal delivery is blocked. Assume alive
+    // and do not steal the lease — bias towards waiting for TTL.
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeThrowing('EPERM')), false)
+  })
+
+  it('returns false when the probe succeeds (process is alive)', () => {
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeAlive), false)
+  })
+
+  it('returns false for any unknown probe error code (do not guess)', () => {
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeThrowing('EAGAIN')), false)
+    assert.equal(isOwnerProcessDead('pid:99999:abc', probeThrowing('UNKNOWN')), false)
+  })
+
+  it('returns false for owner strings we cannot parse (different host, malformed, missing)', () => {
+    assert.equal(isOwnerProcessDead(null, probeThrowing('ESRCH')), false)
+    assert.equal(isOwnerProcessDead('another process', probeThrowing('ESRCH')), false)
+    assert.equal(isOwnerProcessDead('host:remote:pid:1:abc', probeThrowing('ESRCH')), false)
+  })
+
+  it('refuses to declare its own pid dead even if probe lies', () => {
+    // Defence in depth: the current process is obviously alive; if a
+    // pathological probe returned ESRCH for its own pid, we must not
+    // act on that.
+    const owner = `pid:${process.pid}:self`
+    assert.equal(isOwnerProcessDead(owner, probeThrowing('ESRCH')), false)
+  })
+})

package/src/lib/server/daemon/lease-owner.ts

@@ -0,0 +1,68 @@
+/**
+ * Helpers for reasoning about who owns a runtime lease.
+ *
+ * Owner strings have the shape `pid:${pid}:${suffix}` (see
+ * `runtime/daemon-state/core.ts` where the suffix is generated). When the
+ * holding process disappears without releasing the lease (container crash,
+ * SIGKILL), a successor instance has no way to know the lease is stale
+ * other than waiting out the TTL. These helpers let the successor detect
+ * that the recorded pid is no longer alive and reclaim the lease.
+ *
+ * The reclaim path is intentionally conservative: any uncertainty (owner
+ * string format we do not recognise, probe outcome we cannot interpret,
+ * etc.) returns `false` so the caller falls back to "wait for TTL".
+ *
+ * Single-host only. If a lease was acquired on a different host (Kubernetes
+ * multi-pod), the recorded pid means nothing here. Recognising "different
+ * host" requires the owner string itself to encode a host id, which we do
+ * not currently do; for now, mixed-host deployments will continue to wait
+ * out the TTL, which is the correct behavior in the absence of a way to
+ * verify the remote process status.
+ */
+
+const OWNER_PATTERN = /^pid:(\d+):/
+
+export interface ProcessProbe {
+  /** Sends signal 0 to the pid, throws on error like `process.kill`. */
+  kill: (pid: number, signal: 0) => true | void
+}
+
+const realProbe: ProcessProbe = {
+  kill: (pid, signal) => {
+    process.kill(pid, signal)
+    return true
+  },
+}
+
+export function parseOwnerPid(owner: string | null | undefined): number | null {
+  if (typeof owner !== 'string') return null
+  const match = owner.match(OWNER_PATTERN)
+  if (!match) return null
+  const pid = Number(match[1])
+  return Number.isInteger(pid) && pid > 0 ? pid : null
+}
+
+/**
+ * Returns true when the recorded owner pid is provably dead on this host.
+ * Returns false for any other outcome:
+ *   - owner string we cannot parse
+ *   - probe succeeded (the process is alive)
+ *   - probe failed with EPERM (process exists but is owned by someone
+ *     else; treat as "alive, do not steal")
+ *   - any other unexpected failure (do not guess)
+ *
+ * `probe` is injectable for tests.
+ */
+export function isOwnerProcessDead(owner: string | null | undefined, probe: ProcessProbe = realProbe): boolean {
+  const pid = parseOwnerPid(owner)
+  if (pid === null) return false
+  if (pid === process.pid) return false
+  try {
+    probe.kill(pid, 0)
+    return false
+  } catch (err: unknown) {
+    const code = (err as NodeJS.ErrnoException | undefined)?.code
+    if (code === 'ESRCH') return true
+    return false
+  }
+}

package/src/lib/server/git-metadata.test.ts

@@ -0,0 +1,45 @@
+import { describe, it, beforeEach } from 'node:test'
+import assert from 'node:assert/strict'
+import { gitAvailable, resetGitAvailableCache, safeGit } from '@/lib/server/git-metadata'
+
+describe('safeGit', () => {
+  it('returns null when git is invoked with arguments that produce no useful output', () => {
+    // `git` invoked outside of a repository and asked for a missing config key
+    // is one of the few invocations guaranteed to fail on every host, while
+    // still respecting the real binary path. If git itself is not installed,
+    // `safeGit` still returns null (the catch path).
+    const out = safeGit(['config', 'this.key.does.not.exist'])
+    assert.equal(out, null)
+  })
+
+  it('returns a trimmed string for a successful invocation', () => {
+    const version = safeGit(['--version'])
+    if (version === null) return // git is not installed in this env; skip
+    assert.match(version, /^git version /)
+  })
+})
+
+describe('gitAvailable', () => {
+  beforeEach(() => {
+    resetGitAvailableCache()
+  })
+
+  it('caches its result', () => {
+    const first = gitAvailable()
+    // After the first call, subsequent calls return the same value without
+    // re-probing. We cannot directly observe "did it re-probe?" without
+    // mocking `node:child_process`, so we just assert stability.
+    const second = gitAvailable()
+    const third = gitAvailable()
+    assert.equal(first, second)
+    assert.equal(second, third)
+  })
+
+  it('reflects whether the cwd is in a git checkout', () => {
+    // This test runs from inside the swarmclaw repo, so git should be
+    // available. When run from inside the published Docker image (where
+    // `.git/` is absent), the same call returns false.
+    const present = gitAvailable()
+    assert.equal(typeof present, 'boolean')
+  })
+})

package/src/lib/server/git-metadata.ts

@@ -0,0 +1,42 @@
+import { execFileSync } from 'node:child_process'
+
+/**
+ * Pure helpers for reading git metadata at runtime, with graceful degradation
+ * when the working directory is not a git checkout (Docker production image,
+ * npm tarball install, etc.).
+ *
+ * Always uses `execFileSync` with an arg array (no shell) so user input cannot
+ * influence the command line.
+ */
+export function safeGit(args: string[], cwd: string = process.cwd()): string | null {
+  try {
+    const out = execFileSync('git', args, {
+      cwd,
+      encoding: 'utf-8',
+      timeout: 15_000,
+      stdio: ['ignore', 'pipe', 'ignore'],
+    })
+    return typeof out === 'string' ? out.trim() : null
+  } catch {
+    return null
+  }
+}
+
+let cachedAvailable: boolean | null = null
+
+/**
+ * Returns true when the current working directory looks like a git checkout
+ * (i.e. `git rev-parse --git-dir` succeeds). Cached for the lifetime of the
+ * process, since the answer does not change while a server is running.
+ *
+ * Exported `resetGitAvailableCache` is for unit tests only.
+ */
+export function gitAvailable(): boolean {
+  if (cachedAvailable !== null) return cachedAvailable
+  cachedAvailable = safeGit(['rev-parse', '--git-dir']) !== null
+  return cachedAvailable
+}
+
+export function resetGitAvailableCache(): void {
+  cachedAvailable = null
+}

package/src/lib/server/runtime/daemon-state/core.ts

@@ -4,6 +4,7 @@ import { loadConnectors, saveConnectors } from '@/lib/server/connectors/connecto
 import { decryptKey, loadCredentials } from '@/lib/server/credentials/credential-repository'
 import { loadQueue } from '@/lib/server/runtime/queue-repository'
 import { pruneExpiredLocks, readRuntimeLock, releaseRuntimeLock, renewRuntimeLock, tryAcquireRuntimeLock } from '@/lib/server/runtime/runtime-lock-repository'
+import { isOwnerProcessDead } from '@/lib/server/daemon/lease-owner'
 import { loadSchedules } from '@/lib/server/schedules/schedule-repository'
 import { loadSessions } from '@/lib/server/sessions/session-repository'
 import { loadSettings } from '@/lib/server/settings/settings-repository'
@@ -126,6 +127,7 @@ interface DaemonState {
   shuttingDown: boolean
   providerPingCircuitBreaker: Map<string, { consecutiveFailures: number; skipUntil: number }>
   lockRenewIntervalId: ReturnType<typeof setInterval> | null
+  leaseRetryTimeoutId: ReturnType<typeof setTimeout> | null
   primaryLeaseHeld: boolean
 }
 
@@ -151,6 +153,7 @@ const ds: DaemonState = hmrSingleton<DaemonState>('__swarmclaw_daemon__', () =>
   shuttingDown: false,
   providerPingCircuitBreaker: new Map<string, { consecutiveFailures: number; skipUntil: number }>(),
   lockRenewIntervalId: null,
+  leaseRetryTimeoutId: null,
   primaryLeaseHeld: false,
 }))
 
@@ -180,6 +183,7 @@ if (ds.connectorHealthCheckRunning === undefined) ds.connectorHealthCheckRunning
 if (ds.shuttingDown === undefined) ds.shuttingDown = false
 if (!ds.providerPingCircuitBreaker) ds.providerPingCircuitBreaker = new Map<string, { consecutiveFailures: number; skipUntil: number }>()
 if (ds.lockRenewIntervalId === undefined) ds.lockRenewIntervalId = null
+if (ds.leaseRetryTimeoutId === undefined) ds.leaseRetryTimeoutId = null
 if (ds.primaryLeaseHeld === undefined) ds.primaryLeaseHeld = false
 
 function stopDaemonLeaseRenewal(opts?: { release?: boolean }) {
@@ -229,12 +233,60 @@ function acquireDaemonLease(source: string): boolean {
   }
   if (!acquired) {
     let owner = 'another process'
+    let expiresAt: number | null = null
     try {
-      owner = readRuntimeLock(DAEMON_RUNTIME_LOCK_NAME)?.owner || owner
+      const lease = readRuntimeLock(DAEMON_RUNTIME_LOCK_NAME)
+      if (lease) {
+        owner = lease.owner || owner
+        expiresAt = lease.expiresAt
+      }
     } catch {
       // Best-effort diagnostics only.
     }
+
+    // Stale-lease recovery: when a previous container / process crashed
+    // without releasing the lease, the new instance would otherwise wait
+    // up to the full TTL (DAEMON_RUNTIME_LOCK_TTL_MS) before being able
+    // to start the daemon. If the recorded owner pid is local to this
+    // host AND is no longer alive, reclaim the lease immediately and
+    // retry. Conservative: any uncertainty (different host, malformed
+    // owner, kill probe failed for an unexpected reason) skips the
+    // reclaim path. Reported as issue #41 (Bug 2).
+    if (isOwnerProcessDead(owner)) {
+      try {
+        releaseRuntimeLock(DAEMON_RUNTIME_LOCK_NAME, owner)
+        log.info(TAG, `[daemon] Reclaimed stale daemon-primary lease from dead owner ${owner}`)
+        let retried = false
+        try {
+          retried = tryAcquireRuntimeLock(DAEMON_RUNTIME_LOCK_NAME, daemonLockOwner, DAEMON_RUNTIME_LOCK_TTL_MS)
+        } catch (err: unknown) {
+          log.warn(TAG, `[daemon] Reclaim retry failed (source=${source}): ${errorMessage(err)}`)
+        }
+        if (retried) {
+          ds.primaryLeaseHeld = true
+          startDaemonLeaseRenewal()
+          return true
+        }
+      } catch (err: unknown) {
+        log.warn(TAG, `[daemon] Failed to release stale lease (source=${source}): ${errorMessage(err)}`)
+      }
+    }
+
     log.info(TAG, `[daemon] Skipping start (source=${source}); lease held by ${owner}`)
+
+    // Schedule one deferred retry slightly past the lease's expiry so
+    // the daemon comes up automatically once the prior owner's TTL has
+    // elapsed, instead of waiting for the next API call to nudge it.
+    if (expiresAt !== null) {
+      const delayMs = Math.max(1_000, expiresAt - Date.now() + 1_000)
+      if (ds.leaseRetryTimeoutId) clearTimeout(ds.leaseRetryTimeoutId)
+      ds.leaseRetryTimeoutId = setTimeout(() => {
+        ds.leaseRetryTimeoutId = null
+        if (ds.running || ds.primaryLeaseHeld) return
+        ensureDaemonStarted(`${source}:lease-retry`)
+      }, delayMs)
+      ds.leaseRetryTimeoutId.unref?.()
+    }
     return false
   }
   ds.primaryLeaseHeld = true

package/src/lib/setup-defaults.ts

@@ -361,6 +361,8 @@ export const STARTER_AGENT_TOOLS = [
   'codex_cli',
   'opencode_cli',
   'gemini_cli',
+  'copilot_cli',
+  'droid_cli',
   'cursor_cli',
   'qwen_code_cli',
   'openclaw_workspace',
@@ -545,6 +547,8 @@ const BUILDER_AGENT_TOOLS = [
   'codex_cli',
   'opencode_cli',
   'gemini_cli',
+  'copilot_cli',
+  'droid_cli',
   'cursor_cli',
   'qwen_code_cli',
 ]
@@ -761,21 +765,21 @@ export const DEFAULT_AGENTS: Record<SetupProvider, DefaultAgentConfig> = {
     name: 'OpenCode Web',
     description: 'A helpful assistant powered by a remote OpenCode HTTP server.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'anthropic/claude-sonnet-4-5',
+    model: 'anthropic/claude-sonnet-4-6',
     tools: STARTER_AGENT_TOOLS,
   },
   'gemini-cli': {
     name: 'Gemini CLI',
     description: 'A helpful assistant powered by Gemini CLI.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'gemini-2.5-pro',
+    model: 'gemini-3.1-pro',
     tools: STARTER_AGENT_TOOLS,
   },
   'copilot-cli': {
     name: 'Copilot CLI',
     description: 'A helpful assistant powered by GitHub Copilot CLI.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'claude-sonnet-4-5',
+    model: 'claude-sonnet-4-6',
     tools: STARTER_AGENT_TOOLS,
   },
   'droid-cli': {
@@ -817,21 +821,21 @@ export const DEFAULT_AGENTS: Record<SetupProvider, DefaultAgentConfig> = {
     name: 'Atlas',
     description: 'A helpful GPT-powered assistant.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'gpt-4o',
+    model: 'gpt-5.4',
     tools: STARTER_AGENT_TOOLS,
   },
   openrouter: {
     name: 'Router',
     description: 'A helpful assistant powered through OpenRouter.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'openai/gpt-4.1-mini',
+    model: 'anthropic/claude-sonnet-4.6',
     tools: STARTER_AGENT_TOOLS,
   },
   google: {
     name: 'Gemini',
     description: 'A helpful Gemini-powered assistant.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'gemini-2.5-pro',
+    model: 'gemini-3.1-pro',
     tools: STARTER_AGENT_TOOLS,
   },
   deepseek: {
@@ -845,7 +849,7 @@ export const DEFAULT_AGENTS: Record<SetupProvider, DefaultAgentConfig> = {
     name: 'Bolt',
     description: 'A low-latency assistant powered by Groq.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'llama-3.3-70b-versatile',
+    model: 'meta-llama/llama-4-maverick-17b-128e-instruct',
     tools: STARTER_AGENT_TOOLS,
   },
   together: {
@@ -866,28 +870,28 @@ export const DEFAULT_AGENTS: Record<SetupProvider, DefaultAgentConfig> = {
     name: 'Grok',
     description: 'A helpful assistant powered by xAI Grok.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'grok-3',
+    model: 'grok-4',
     tools: STARTER_AGENT_TOOLS,
   },
   fireworks: {
     name: 'Spark',
     description: 'A helpful assistant powered by Fireworks AI.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'accounts/fireworks/models/deepseek-r1-0528',
+    model: 'accounts/fireworks/models/deepseek-v3p2',
     tools: STARTER_AGENT_TOOLS,
   },
   nebius: {
     name: 'Nebius Agent',
     description: 'A helpful assistant powered by Nebius.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'deepseek-ai/DeepSeek-R1-0528',
+    model: 'deepseek-ai/DeepSeek-V3.2',
     tools: STARTER_AGENT_TOOLS,
   },
   deepinfra: {
     name: 'DeepInfra Agent',
     description: 'A helpful assistant powered by DeepInfra.',
     systemPrompt: SWARMCLAW_ASSISTANT_PROMPT,
-    model: 'deepseek-ai/DeepSeek-R1-0528',
+    model: 'deepseek-ai/DeepSeek-V3.2',
     tools: STARTER_AGENT_TOOLS,
   },
   ollama: {