@swarmclawai/swarmclaw 1.5.54 → 1.5.55

package/README.md

@@ -399,6 +399,16 @@ Operational docs: https://swarmclaw.ai/docs/observability
 
 ## Releases
 
+### v1.5.55 Highlights
+
+- **Fix: mission budget updates with decimal values no longer silently fail with a 400.** The mission UI's `numOrNull` parsed user input with `Number.parseFloat`, but the API requires `int()` for `maxTokens`, `maxToolCalls`, `maxWallclockSec`, and `maxTurns`. Typing `1000.5` returned a cryptic Zod error to the toast and the update was lost. Added `intOrNull` (rounds) in `mission-edit-sheet.tsx`, `mission-template-install-dialog.tsx`, and `app/missions/page.tsx`. `maxUsd` still accepts decimals.
+- **Fix: mission edit sheet's connectors dropdown was always empty.** The sheet fetched `/connectors` expecting a `Connector[]`, but the endpoint returns `Record<string, Connector>`. The defensive `Array.isArray` fallback quietly rendered an empty list, so users could not attach report connectors when editing a running mission. Now typed as `Record<string, Connector>` and projected with `Object.values`.
+- **Fix: memory search returns results for short (3-4 char) words like `cats`, `blue`, `dog`.** `buildFtsQuery` had a `unique[0].length >= 5` guard that returned an empty FTS query for any single-token search shorter than 5 chars, silently dropping valid searches. The upstream filter already requires ≥3 chars, so the extra guard just excluded useful queries. Removed; regression tests cover `cats`, `blue`, and `dog`.
+- **Fix: `PUT /api/agents/:id` now validates its body with a Zod schema.** Previously the route did `{...current, ...body}` without validation, so sending `{"tools": "not_an_array"}` silently wiped the agent's tool list to `[]`. Added `AgentUpdateSchema = AgentCreateSchema.partial()` and a filter step that keeps only keys present in the raw body (so Zod defaults do not overwrite untouched fields). Bad types now return a 400 with field-level errors. `updateAgent()` keeps a `current.tools` / `current.extensions` fallback as defense-in-depth for internal callers.
+- **Fix: `PUT /api/tasks/:id` now validates its body with a Zod schema.** Same class of bug: a numeric `title` silently corrupted the stored field. Added `TaskUpdateSchema = TaskCreateSchema.partial().extend({...})` with the update-only fields (`appendComment`, `result`, `error`, lifecycle timestamps) and the same raw-key filter pattern. Bad types now 400 with untouched storage.
+- **Fix: `PUT /api/webhooks/:id` now validates its body with a Zod schema.** Previously `{"events": "not_an_array"}` wiped the events list. Added `WebhookUpdateSchema` and explicit `rawKeys.has(...)` guards in the mutate closure so only fields actually present in the body are applied.
+- **Fix: classifier JSON no longer leaks into assistant responses.** Some Ollama / Ollama Cloud turns were emitting the internal `MessageClassification` object directly into the stream (e.g. `{"taskIntent":"research",...}` prepended to the real reply). The existing stripper only matched when `isDeliverableTask` was the first key, so leaks starting with `taskIntent` sailed through to the user. Replaced the regex with a principled detector that brace-matches candidate JSON (string-quote aware) and validates against `MessageClassificationSchema.safeParse` — the schema itself is the source of truth, so future schema changes can't break detection.
+
 ### v1.5.54 Highlights
 
 - **Mission templates library**: the `/missions` page now opens with a curated gallery of starter missions. Each template pre-wires a goal, success criteria, USD / token / turn / wallclock budgets, and a report cadence, so non-technical users can install a working autonomous run in one click. Initial lineup: Daily News Digest, Inbox Triage, Competitor Watch, Weekly Research Report, Social Listener, and Customer Support Triage. Setup notes flag any connector or permission prerequisites before installation. Power-user overrides (budget caps, success criteria, report cadence) live behind a collapsed **Advanced Settings** panel so the default install flow stays one click.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.5.54",
+  "version": "1.5.55",
   "description": "Build and run autonomous AI agents with OpenClaw, Hermes, multiple model providers, orchestration, delegation, memory, skills, schedules, and chat connectors.",
   "main": "electron-dist/main.js",
   "license": "MIT",
@@ -80,7 +80,7 @@
     "test:cli": "node --test src/cli/*.test.js bin/*.test.js scripts/postinstall.test.mjs scripts/run-next-build.test.mjs scripts/run-next-typegen.test.mjs",
     "test:setup": "tsx --test src/app/api/setup/check-provider/route.test.ts src/lib/server/provider-model-discovery.test.ts src/components/auth/setup-wizard/utils.test.ts src/components/auth/setup-wizard/types.test.ts src/hooks/setup-done-detection.test.ts src/lib/setup-defaults.test.ts src/lib/server/storage-auth.test.ts src/lib/server/storage-auth-docker.test.ts",
     "test:openclaw": "tsx --test src/lib/openclaw/openclaw-agent-id.test.ts src/lib/openclaw/openclaw-endpoint.test.ts src/lib/server/agents/agent-runtime-config.test.ts src/lib/server/build-llm.test.ts src/lib/server/connectors/connector-routing.test.ts src/lib/server/connectors/openclaw.test.ts src/lib/server/connectors/swarmdock.test.ts src/lib/server/gateway/protocol.test.ts src/lib/server/llm-response-cache.test.ts src/lib/server/mcp-conformance.test.ts src/lib/server/openclaw/agent-resolver.test.ts src/lib/server/openclaw/deploy.test.ts src/lib/server/openclaw/skills-normalize.test.ts src/lib/server/session-tools/openclaw-nodes.test.ts src/lib/server/session-tools/swarmdock.test.ts src/lib/server/tasks/task-quality-gate.test.ts src/lib/server/tasks/task-validation.test.ts src/lib/server/tool-capability-policy.test.ts src/lib/providers/openclaw-exports.test.ts src/app/api/openclaw/dashboard-url/route.test.ts",
-    "test:runtime": "tsx --test src/lib/server/knowledge-sources.test.ts src/lib/server/chat-execution/chat-execution-grounding.test.ts src/lib/server/chat-execution/iteration-timers.test.ts src/lib/server/protocols/protocol-service.test.ts src/lib/server/runtime/run-ledger.test.ts src/lib/server/observability/otel-config.test.ts src/lib/server/safe-parse-body.test.ts src/app/api/approvals/route.test.ts src/app/api/agents/agents-route.test.ts src/app/api/chats/chat-route.test.ts src/app/api/connectors/connector-doctor-route.test.ts src/app/api/healthz/route.test.ts src/app/api/logs/route.test.ts src/app/api/tts/route.test.ts",
+    "test:runtime": "tsx --test src/lib/server/knowledge-sources.test.ts src/lib/server/chat-execution/chat-execution-grounding.test.ts src/lib/server/chat-execution/chat-turn-preparation.test.ts src/lib/server/chat-execution/iteration-timers.test.ts src/lib/server/chat-execution/post-stream-finalization.test.ts src/lib/server/connectors/email.test.ts src/lib/server/protocols/protocol-service.test.ts src/lib/server/runtime/run-ledger.test.ts src/lib/server/observability/otel-config.test.ts src/lib/server/safe-parse-body.test.ts src/app/api/approvals/route.test.ts src/app/api/agents/agents-route.test.ts src/app/api/tasks/tasks-route.test.ts src/app/api/chats/chat-route.test.ts src/app/api/connectors/connector-doctor-route.test.ts src/app/api/healthz/route.test.ts src/app/api/logs/route.test.ts src/app/api/tts/route.test.ts",
     "test:builder": "tsx --test src/features/protocols/builder/utils/nodes-to-template.test.ts src/features/protocols/builder/utils/template-to-nodes.test.ts src/features/protocols/builder/validators/dag-validator.test.ts",
     "test:e2e": "tsx .workbench/browser-e2e/run.ts",
     "test:mcp:conformance": "node --import tsx ./scripts/mcp-conformance-check.ts",

package/src/app/api/agents/[id]/route.ts

@@ -4,6 +4,7 @@ import { trashAgent, updateAgent } from '@/lib/server/agents/agent-service'
 import { loadAgent } from '@/lib/server/agents/agent-repository'
 import { notify } from '@/lib/server/ws-hub'
 import { safeParseBody } from '@/lib/server/safe-parse-body'
+import { AgentUpdateSchema, formatZodError } from '@/lib/validation/schemas'
 
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
@@ -14,9 +15,20 @@ export async function GET(_req: Request, { params }: { params: Promise<{ id: str
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const { data: body, error } = await safeParseBody(req)
+  const { data: raw, error } = await safeParseBody<Record<string, unknown>>(req)
   if (error) return error
-  const result = updateAgent(id, body as Record<string, unknown>)
+  const parsed = AgentUpdateSchema.safeParse(raw)
+  if (!parsed.success) return NextResponse.json(formatZodError(parsed.error), { status: 400 })
+
+  // Filter to keys actually present in the raw body — zod re-applies `.default(...)`
+  // to absent fields, which would clobber untouched fields on the stored agent.
+  const rawKeys = new Set(Object.keys(raw ?? {}))
+  const body: Record<string, unknown> = {}
+  for (const [key, value] of Object.entries(parsed.data)) {
+    if (rawKeys.has(key)) body[key] = value
+  }
+
+  const result = updateAgent(id, body)
   if (!result) return notFound()
   return NextResponse.json(result)
 }

package/src/app/api/agents/agents-route.test.ts

@@ -4,7 +4,7 @@ import test, { afterEach } from 'node:test'
 // Disable daemon autostart during tests
 process.env.SWARMCLAW_DAEMON_AUTOSTART = '0'
 
-import { GET as getAgent } from './[id]/route'
+import { GET as getAgent, PUT as putAgent } from './[id]/route'
 import { POST as createAgent } from './route'
 import { loadAgents, saveAgents } from '@/lib/server/storage'
 
@@ -112,3 +112,67 @@ test('POST /api/agents rejects missing required fields with a 400', async () =>
   const body = await response.json()
   assert.equal(body.error, 'Validation failed')
 })
+
+// --- PUT /api/agents/:id (validation & field preservation) ---
+
+test('PUT /api/agents/:id rejects a non-array tools value with a 400', async () => {
+  seedAgent('agent-tools-reject', { tools: ['memory', 'files', 'web_search'] })
+
+  const response = await putAgent(new Request('http://local/api/agents/agent-tools-reject', {
+    method: 'PUT',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ tools: 'not_an_array' }),
+  }), routeParams('agent-tools-reject'))
+
+  assert.equal(response.status, 400)
+  const body = await response.json()
+  assert.equal(body.error, 'Validation failed')
+  assert.ok(body.issues.some((i: { path: string }) => i.path === 'tools'))
+
+  const agentAfter = loadAgents()['agent-tools-reject']
+  assert.deepEqual(agentAfter.tools, ['memory', 'files', 'web_search'], 'stored tools must be untouched')
+})
+
+test('PUT /api/agents/:id does not clobber untouched fields with schema defaults', async () => {
+  // Seed with non-default values; PUT a body that omits those fields. The route
+  // must filter zod defaults so missing keys do NOT reset the stored values.
+  seedAgent('agent-partial-update', {
+    name: 'Original',
+    tools: ['memory'],
+    delegationEnabled: true,
+    delegationTargetMode: 'selected',
+    delegationTargetAgentIds: ['other-agent'],
+    heartbeatEnabled: false,
+    proactiveMemory: false,
+  })
+
+  const response = await putAgent(new Request('http://local/api/agents/agent-partial-update', {
+    method: 'PUT',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ description: 'edited' }),
+  }), routeParams('agent-partial-update'))
+
+  assert.equal(response.status, 200)
+  const body = await response.json()
+  assert.equal(body.description, 'edited')
+  assert.equal(body.name, 'Original')
+  assert.deepEqual(body.tools, ['memory'])
+  assert.equal(body.delegationEnabled, true)
+  assert.equal(body.delegationTargetMode, 'selected')
+  assert.equal(body.heartbeatEnabled, false)
+  assert.equal(body.proactiveMemory, false)
+})
+
+test('PUT /api/agents/:id rejects non-string name', async () => {
+  seedAgent('agent-bad-name', { name: 'Good' })
+
+  const response = await putAgent(new Request('http://local/api/agents/agent-bad-name', {
+    method: 'PUT',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ name: 12345 }),
+  }), routeParams('agent-bad-name'))
+
+  assert.equal(response.status, 400)
+  const agentAfter = loadAgents()['agent-bad-name']
+  assert.equal(agentAfter.name, 'Good')
+})

package/src/app/api/chatrooms/[id]/chat/route.ts

@@ -25,7 +25,7 @@ import {
   selectChatroomRecipients,
 } from '@/lib/server/chatrooms/chatroom-routing'
 import { markProviderFailure, markProviderSuccess } from '@/lib/server/provider-health'
-import { applyAgentReactionsFromText } from '@/lib/server/chatrooms/chatroom-agent-signals'
+import { applyAgentReactionsFromText, stripAgentReactionTokens } from '@/lib/server/chatrooms/chatroom-agent-signals'
 import { resolvePrimaryAgentRoute } from '@/lib/server/agents/agent-runtime-config'
 import { shouldSuppressHiddenControlText, stripHiddenControlTokens } from '@/lib/server/agents/assistant-control'
 import type { Chatroom, ChatroomMessage, Agent } from '@/types'
@@ -46,7 +46,9 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   const chatroom = chatrooms[id] as Chatroom | undefined
   if (!chatroom) return notFound()
 
-  const text = typeof body.text === 'string' ? body.text : ''
+  const text = typeof body.text === 'string'
+    ? body.text
+    : (typeof body.message === 'string' ? body.message : '')
   const senderId = typeof body.senderId === 'string' ? body.senderId : 'user'
   const imagePath = typeof body.imagePath === 'string' ? body.imagePath : undefined
   const attachedFiles = Array.isArray(body.attachedFiles)
@@ -260,7 +262,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
             })
 
             const rawResponseText = result.finalResponse || result.fullText || fullText
-            const responseText = stripHiddenControlTokens(rawResponseText)
+            const responseText = stripAgentReactionTokens(stripHiddenControlTokens(rawResponseText))
 
             // Don't persist empty or error-only messages — they pollute chat history
             if (!responseText.trim() && agentError) {

package/src/app/api/chatrooms/route.ts

@@ -41,6 +41,9 @@ export async function GET(req: Request) {
 export async function POST(req: Request) {
   const { data: raw, error } = await safeParseBody<Record<string, unknown>>(req)
   if (error) return error
+  if (raw && Array.isArray(raw.memberAgentIds) && !Array.isArray(raw.agentIds)) {
+    raw.agentIds = raw.memberAgentIds
+  }
   const parsed = ChatroomCreateSchema.safeParse(raw)
   if (!parsed.success) {
     return NextResponse.json(formatZodError(parsed.error as z.ZodError), { status: 400 })

package/src/app/api/missions/[id]/control/route.ts

@@ -11,6 +11,9 @@ import {
   pauseMission,
   startMission,
 } from '@/lib/server/missions/mission-service'
+import { enqueueSessionRun } from '@/lib/server/runtime/session-run-manager'
+import { loadSessions } from '@/lib/server/storage'
+import { log } from '@/lib/server/logger'
 
 export const dynamic = 'force-dynamic'
 
@@ -31,7 +34,25 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   switch (parsed.data.action) {
     case 'start':
     case 'resume': {
+      const wasDraft = mission.status === 'draft'
       const updated = startMission(id)
+      if (updated && wasDraft && updated.rootSessionId && updated.goal) {
+        const sessions = loadSessions()
+        if (sessions[updated.rootSessionId]) {
+          try {
+            enqueueSessionRun({
+              sessionId: updated.rootSessionId,
+              message: `Mission goal: ${updated.goal}`,
+              missionId: updated.id,
+              source: 'mission',
+              internal: true,
+              dedupeKey: `mission:${updated.id}:kickoff`,
+            })
+          } catch (kickErr) {
+            log.warn('api-mission-control', `Mission kickoff enqueue failed for ${updated.id}`, kickErr)
+          }
+        }
+      }
       return NextResponse.json(updated)
     }
     case 'pause': {

package/src/app/api/tasks/[id]/route.ts

@@ -7,6 +7,7 @@ import {
   prepareTasksForListing,
   updateTaskFromRoute,
 } from '@/lib/server/tasks/task-route-service'
+import { TaskUpdateSchema, formatZodError } from '@/lib/validation/schemas'
 
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
@@ -17,8 +18,17 @@ export async function GET(_req: Request, { params }: { params: Promise<{ id: str
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const { data: body, error } = await safeParseBody<Record<string, unknown>>(req)
+  const { data: raw, error } = await safeParseBody<Record<string, unknown>>(req)
   if (error) return error
+  const parsed = TaskUpdateSchema.safeParse(raw)
+  if (!parsed.success) return NextResponse.json(formatZodError(parsed.error), { status: 400 })
+
+  const rawKeys = new Set(Object.keys(raw ?? {}))
+  const body: Record<string, unknown> = {}
+  for (const [key, value] of Object.entries(parsed.data)) {
+    if (rawKeys.has(key)) body[key] = value
+  }
+
   const result = updateTaskFromRoute(id, body)
   if (!result.ok && result.status === 404) return notFound()
   return result.ok

package/src/app/api/tasks/tasks-route.test.ts

@@ -0,0 +1,81 @@
+import assert from 'node:assert/strict'
+import test, { afterEach } from 'node:test'
+
+process.env.SWARMCLAW_DAEMON_AUTOSTART = '0'
+
+import { PUT as putTask } from './[id]/route'
+import { loadTasks, saveTasks } from '@/lib/server/storage'
+import type { BoardTask } from '@/types'
+
+const originalTasks = loadTasks()
+
+function routeParams(id: string) {
+  return { params: Promise.resolve({ id }) }
+}
+
+function seedTask(id: string, overrides: Partial<BoardTask> = {}) {
+  const tasks = loadTasks()
+  const now = Date.now()
+  tasks[id] = {
+    id,
+    title: 'Seed Task',
+    description: '',
+    status: 'backlog',
+    createdAt: now,
+    updatedAt: now,
+    ...overrides,
+  } as BoardTask
+  saveTasks(tasks)
+}
+
+afterEach(() => {
+  saveTasks(originalTasks)
+})
+
+test('PUT /api/tasks/:id rejects a non-string title with a 400', async () => {
+  seedTask('task-bad-title', { title: 'Original' })
+
+  const response = await putTask(new Request('http://local/api/tasks/task-bad-title', {
+    method: 'PUT',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ title: 42 }),
+  }), routeParams('task-bad-title'))
+
+  assert.equal(response.status, 400)
+  const stored = loadTasks()['task-bad-title']
+  assert.equal(stored.title, 'Original', 'stored title must be unchanged')
+})
+
+test('PUT /api/tasks/:id partial update does not clobber untouched fields', async () => {
+  seedTask('task-partial', {
+    title: 'Keep me',
+    description: 'Keep me too',
+    status: 'queued',
+  })
+
+  const response = await putTask(new Request('http://local/api/tasks/task-partial', {
+    method: 'PUT',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ description: 'updated' }),
+  }), routeParams('task-partial'))
+
+  assert.equal(response.status, 200)
+  const body = await response.json()
+  assert.equal(body.title, 'Keep me')
+  assert.equal(body.description, 'updated')
+  assert.equal(body.status, 'queued')
+})
+
+test('PUT /api/tasks/:id rejects a non-array blockedBy with a 400', async () => {
+  seedTask('task-bad-blocked', { title: 'T', blockedBy: ['dep-1'] })
+
+  const response = await putTask(new Request('http://local/api/tasks/task-bad-blocked', {
+    method: 'PUT',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ blockedBy: 'not_an_array' }),
+  }), routeParams('task-bad-blocked'))
+
+  assert.equal(response.status, 400)
+  const stored = loadTasks()['task-bad-blocked']
+  assert.deepEqual(stored.blockedBy, ['dep-1'], 'stored blockedBy must be unchanged')
+})

package/src/app/api/webhooks/[id]/route.ts

@@ -1,19 +1,12 @@
 import { NextResponse } from 'next/server'
 import { loadWebhooks, saveWebhooks } from '@/lib/server/storage'
 import { mutateItem, deleteItem, notFound, type CollectionOps } from '@/lib/server/collection-helpers'
+import { WebhookUpdateSchema, formatZodError } from '@/lib/validation/schemas'
 import { handleWebhookPost } from './helpers'
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 const ops: CollectionOps<any> = { load: loadWebhooks, save: saveWebhooks }
 
-function normalizeEvents(value: unknown): string[] {
-  if (!Array.isArray(value)) return []
-  return value
-    .filter((v): v is string => typeof v === 'string')
-    .map((v) => v.trim())
-    .filter(Boolean)
-}
-
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const webhooks = loadWebhooks()
@@ -24,14 +17,24 @@ export async function GET(_req: Request, { params }: { params: Promise<{ id: str
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
-  const body = await req.json().catch(() => ({}))
+  const raw = await req.json().catch(() => null)
+  if (!raw || typeof raw !== 'object' || Array.isArray(raw)) {
+    return NextResponse.json({ error: 'Invalid or missing request body' }, { status: 400 })
+  }
+  const parsed = WebhookUpdateSchema.safeParse(raw)
+  if (!parsed.success) return NextResponse.json(formatZodError(parsed.error), { status: 400 })
+
+  const rawKeys = new Set(Object.keys(raw))
+  const body = parsed.data
   const result = mutateItem(ops, id, (webhook) => {
-    if (body.name !== undefined) webhook.name = body.name
-    if (body.source !== undefined) webhook.source = body.source
-    if (body.events !== undefined) webhook.events = normalizeEvents(body.events)
-    if (body.agentId !== undefined) webhook.agentId = body.agentId
-    if (body.secret !== undefined) webhook.secret = body.secret
-    if (body.isEnabled !== undefined) webhook.isEnabled = !!body.isEnabled
+    if (rawKeys.has('name') && body.name !== undefined) webhook.name = body.name
+    if (rawKeys.has('source') && body.source !== undefined) webhook.source = body.source
+    if (rawKeys.has('events') && body.events !== undefined) {
+      webhook.events = body.events.map((e) => e.trim()).filter(Boolean)
+    }
+    if (rawKeys.has('agentId') && body.agentId !== undefined) webhook.agentId = body.agentId
+    if (rawKeys.has('secret') && body.secret !== undefined) webhook.secret = body.secret
+    if (rawKeys.has('isEnabled') && body.isEnabled !== undefined) webhook.isEnabled = body.isEnabled
     webhook.updatedAt = Date.now()
     return webhook
   })

package/src/app/missions/page.tsx

@@ -10,6 +10,7 @@ import {
   MissionTemplateInstallDialog,
   type InstantiateInput,
 } from '@/components/missions/mission-template-install-dialog'
+import { MissionEditSheet, isMissionEditable } from '@/components/missions/mission-edit-sheet'
 import type { Mission, MissionReport, MissionEvent, MissionTemplate, Session } from '@/types'
 import { toast } from 'sonner'
 
@@ -119,11 +120,13 @@ interface ControlsProps {
   mission: Mission
   onAction: (action: string, reason?: string) => Promise<void>
   onForceReport: () => Promise<void>
+  onEdit: () => void
   busy: boolean
 }
 
-function MissionControls({ mission, onAction, onForceReport, busy }: ControlsProps) {
+function MissionControls({ mission, onAction, onForceReport, onEdit, busy }: ControlsProps) {
   const btn = 'text-[11px] font-600 px-2.5 py-1 rounded border transition-colors disabled:opacity-40 disabled:cursor-not-allowed'
+  const editable = isMissionEditable(mission.status)
   return (
     <div className="flex flex-wrap items-center gap-2">
       {mission.status === 'draft' || mission.status === 'paused' ? (
@@ -153,6 +156,15 @@ function MissionControls({ mission, onAction, onForceReport, busy }: ControlsPro
           Mark complete
         </button>
       ) : null}
+      {editable ? (
+        <button
+          disabled={busy}
+          onClick={onEdit}
+          className={`${btn} border-white/[0.12] bg-white/[0.04] text-text hover:bg-white/[0.08]`}
+        >
+          Edit
+        </button>
+      ) : null}
       {mission.status !== 'completed' && mission.status !== 'cancelled' ? (
         <button
           disabled={busy}
@@ -218,6 +230,10 @@ function CreateMissionDialog({ open, sessions, onClose, onCreate }: CreateDialog
     const n = Number.parseFloat(s)
     return Number.isFinite(n) && n > 0 ? n : null
   }
+  const intOrNull = (s: string): number | null => {
+    const n = numOrNull(s)
+    return n == null ? null : Math.round(n)
+  }
 
   const submit = async () => {
     if (!title.trim() || !goal.trim()) {
@@ -242,9 +258,9 @@ function CreateMissionDialog({ open, sessions, onClose, onCreate }: CreateDialog
         rootSessionId,
         budget: {
           maxUsd: numOrNull(maxUsd),
-          maxTokens: numOrNull(maxTokens),
-          maxWallclockSec: numOrNull(maxWallclockSec),
-          maxTurns: numOrNull(maxTurns),
+          maxTokens: intOrNull(maxTokens),
+          maxWallclockSec: intOrNull(maxWallclockSec),
+          maxTurns: intOrNull(maxTurns),
         },
         reportSchedule: reportsEnabled
           ? { intervalSec: Math.round(intervalMin * 60), format: 'markdown', enabled: true }
@@ -377,9 +393,10 @@ interface DetailProps {
   busy: boolean
   onAction: (action: string, reason?: string) => Promise<void>
   onForceReport: () => Promise<void>
+  onEdit: () => void
 }
 
-function MissionDetail({ mission, reports, events, busy, onAction, onForceReport }: DetailProps) {
+function MissionDetail({ mission, reports, events, busy, onAction, onForceReport, onEdit }: DetailProps) {
   const [selectedReport, setSelectedReport] = useState<MissionReport | null>(null)
   const wallclockCapMs = mission.budget.maxWallclockSec != null ? mission.budget.maxWallclockSec * 1000 : null
 
@@ -408,7 +425,7 @@ function MissionDetail({ mission, reports, events, busy, onAction, onForceReport
 
       <div>
         <div className="text-[11px] font-600 uppercase tracking-wide text-text-3 mb-2">Controls</div>
-        <MissionControls mission={mission} onAction={onAction} onForceReport={onForceReport} busy={busy} />
+        <MissionControls mission={mission} onAction={onAction} onForceReport={onForceReport} onEdit={onEdit} busy={busy} />
       </div>
 
       {mission.successCriteria.length > 0 && (
@@ -497,6 +514,7 @@ export default function MissionsPage() {
   const [templates, setTemplates] = useState<MissionTemplate[]>([])
   const [galleryOpen, setGalleryOpen] = useState(false)
   const [installTemplate, setInstallTemplate] = useState<MissionTemplate | null>(null)
+  const [editMission, setEditMission] = useState<Mission | null>(null)
 
   const selected = useMemo(() => missions.find((m) => m.id === selectedId) ?? null, [missions, selectedId])
 
@@ -539,8 +557,8 @@ export default function MissionsPage() {
   }, [selectedId, refreshDetail])
 
   useEffect(() => {
-    api<Session[]>('GET', '/chats').then((s) => {
-      setSessions(Array.isArray(s) ? s : Object.values(s))
+    api<Record<string, Session>>('GET', '/chats').then((s) => {
+      setSessions(s ? Object.values(s) : [])
     }).catch(() => setSessions([]))
   }, [createOpen, galleryOpen, installTemplate])
 
@@ -587,6 +605,11 @@ export default function MissionsPage() {
     toast.success(`Mission "${created.title}" created`)
   }, [refreshList])
 
+  const handleMissionSaved = useCallback((updated: Mission) => {
+    setMissions((prev) => prev.map((m) => (m.id === updated.id ? updated : m)))
+    void refreshList()
+  }, [refreshList])
+
   const handleInstallTemplate = useCallback(async (template: MissionTemplate, input: InstantiateInput) => {
     const result = await api<{ mission: Mission }>(
       'POST',
@@ -663,6 +686,7 @@ export default function MissionsPage() {
               busy={busy}
               onAction={handleAction}
               onForceReport={handleForceReport}
+              onEdit={() => setEditMission(selected)}
             />
           ) : loaded && missions.length === 0 && templates.length > 0 ? (
             <div className="p-6">
@@ -713,6 +737,12 @@ export default function MissionsPage() {
         onClose={() => setInstallTemplate(null)}
         onInstall={handleInstallTemplate}
       />
+
+      <MissionEditSheet
+        mission={editMission}
+        onClose={() => setEditMission(null)}
+        onSaved={handleMissionSaved}
+      />
     </MainContent>
   )
 }