@swarmclawai/swarmclaw 1.9.26 → 1.9.27

package/README.md

@@ -151,14 +151,14 @@ clawhub install swarmclaw
 
 [Browse on ClawHub](https://clawhub.ai/skills/swarmclaw)
 
-## v1.9.26 Highlights
+## v1.9.27 Highlights
 
-Output hygiene follow-up: empty successful LLM turns now stay silent instead of being rewritten as user-visible errors.
+Desktop compatibility and provider-save repair for Intel Mac users and OpenRouter setup.
 
-- **Silent empty completions.** Blank successful runs no longer become `Error: Run completed...` assistant messages.
-- **Connector-safe final text.** Slack and other connectors no longer receive synthetic error text for intentional silence or quiet no-op turns.
-- **Real errors preserved.** Explicit provider failures and streamed provider errors still surface as terminal errors.
-- **Regression coverage.** Chat-execution tests now lock the distinction between empty success and real failure.
+- **Intel macOS native modules.** The desktop packaging hook now rebuilds Electron-loaded native modules with the target architecture and blocks a release if an x64 macOS bundle contains an arm64-only required addon.
+- **OpenRouter save repair.** Provider updates now tolerate UI metadata fields like `id`, `type`, `createdAt`, and `updatedAt` without persisting them, while still rejecting unrelated unknown fields.
+- **Downloads clarity.** The downloads page no longer guesses Apple Silicon when a browser hides the Mac architecture, so Intel users can choose the x64 DMG explicitly.
+- **Regression coverage.** Provider route and Electron after-pack tests cover the reported failure modes.
 
 ## Hosted Deploys
 
@@ -410,6 +410,15 @@ Operational docs: https://swarmclaw.ai/docs/observability
 
 ## Releases
 
+### v1.9.27 Highlights
+
+Desktop compatibility and provider-save repair for Intel Mac users and OpenRouter setup.
+
+- **Intel macOS native modules.** The desktop packaging hook now rebuilds Electron-loaded native modules with the target architecture and blocks a release if an x64 macOS bundle contains an arm64-only required addon.
+- **OpenRouter save repair.** Provider updates now tolerate UI metadata fields like `id`, `type`, `createdAt`, and `updatedAt` without persisting them, while still rejecting unrelated unknown fields.
+- **Downloads clarity.** The downloads page no longer guesses Apple Silicon when a browser hides the Mac architecture, so Intel users can choose the x64 DMG explicitly.
+- **Regression coverage.** Provider route and Electron after-pack tests cover the reported failure modes.
+
 ### v1.9.26 Highlights
 
 Output hygiene follow-up: empty successful LLM turns now stay silent instead of being rewritten as user-visible errors.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.9.26",
+  "version": "1.9.27",
   "description": "Build and run autonomous AI agents with OpenClaw, Hermes, multiple model providers, orchestration, delegation, memory, skills, schedules, and chat connectors.",
   "main": "electron-dist/main.js",
   "license": "MIT",

package/src/app/api/providers/[id]/route.test.ts

@@ -48,7 +48,52 @@ test('provider route upserts builtin override records for enablement changes', (
   assert.equal(output.responsePayload.isEnabled, false)
 })
 
-test('provider route rejects unknown fields per ProviderUpdateSchema.strict()', () => {
+test('provider route ignores frontend metadata fields without persisting them', () => {
+  const output = runWithTempDataDir<{
+    status: number
+    providerConfig: {
+      id: string
+      type: string
+      name: string
+      isEnabled: boolean
+      updatedAt: number
+    }
+  }>(`
+    const storageMod = await import('./src/lib/server/storage')
+    const routeMod = await import('./src/app/api/providers/[id]/route')
+    const storage = storageMod.default || storageMod
+    const route = routeMod.default || routeMod
+
+    const response = await route.PUT(
+      new Request('http://local/api/providers/openai', {
+        method: 'PUT',
+        headers: { 'content-type': 'application/json' },
+        body: JSON.stringify({
+          id: 'wrong-id',
+          type: 'custom',
+          createdAt: '123',
+          updatedAt: '456',
+          isEnabled: false,
+        }),
+      }),
+      { params: Promise.resolve({ id: 'openai' }) },
+    )
+
+    console.log(JSON.stringify({
+      status: response.status,
+      providerConfig: storage.loadProviderConfigs().openai,
+    }))
+  `, { prefix: 'swarmclaw-provider-route-strict-test-' })
+
+  assert.equal(output.status, 200)
+  assert.equal(output.providerConfig.id, 'openai')
+  assert.equal(output.providerConfig.type, 'builtin')
+  assert.equal(output.providerConfig.name, 'OpenAI')
+  assert.equal(output.providerConfig.isEnabled, false)
+  assert.equal(typeof output.providerConfig.updatedAt, 'number')
+})
+
+test('provider route still rejects unknown non-metadata fields', () => {
   const output = runWithTempDataDir<{ status: number }>(`
     const routeMod = await import('./src/app/api/providers/[id]/route')
     const route = routeMod.default || routeMod
@@ -57,13 +102,13 @@ test('provider route rejects unknown fields per ProviderUpdateSchema.strict()',
       new Request('http://local/api/providers/openai', {
         method: 'PUT',
         headers: { 'content-type': 'application/json' },
-        body: JSON.stringify({ type: 'builtin', isEnabled: true }),
+        body: JSON.stringify({ unexpectedField: true, isEnabled: true }),
       }),
       { params: Promise.resolve({ id: 'openai' }) },
     )
 
     console.log(JSON.stringify({ status: response.status }))
-  `, { prefix: 'swarmclaw-provider-route-strict-test-' })
+  `, { prefix: 'swarmclaw-provider-route-unknown-field-test-' })
 
   assert.equal(output.status, 400)
 })

package/src/app/api/providers/[id]/route.ts

@@ -8,6 +8,7 @@ import { ProviderUpdateSchema, formatZodError } from '@/lib/validation/schemas'
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 const ops: CollectionOps<any> = { load: loadProviderConfigs, save: saveProviderConfigs, topic: 'providers' }
+const PROVIDER_UPDATE_WRITABLE_KEYS = new Set(['name', 'baseUrl', 'models', 'credentialId', 'isEnabled', 'requiresApiKey', 'notes'])
 
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
@@ -27,7 +28,7 @@ export async function PUT(req: Request, { params }: { params: Promise<{ id: stri
   const rawKeys = new Set(Object.keys(raw ?? {}))
   const body: Record<string, unknown> = {}
   for (const [key, value] of Object.entries(parsed.data)) {
-    if (rawKeys.has(key)) body[key] = value
+    if (rawKeys.has(key) && PROVIDER_UPDATE_WRITABLE_KEYS.has(key)) body[key] = value
   }
 
   if (!ops.load()[id]) {

package/src/lib/validation/schemas.ts

@@ -320,6 +320,10 @@ export const ProviderUpdateSchema = z.object({
   isEnabled: z.boolean().optional(),
   requiresApiKey: z.boolean().optional(),
   notes: z.string().max(4000).nullable().optional(),
+  id: z.unknown().optional(),
+  type: z.unknown().optional(),
+  createdAt: z.unknown().optional(),
+  updatedAt: z.unknown().optional(),
 }).strict()
 
 /** PUT /documents/:id — note: creating a new revision is a side-effect of