@swarmclawai/swarmclaw 1.9.32 → 1.9.34

package/README.md

@@ -151,6 +151,25 @@ openclaw skills install swarmclaw
 
 [Browse on ClawHub](https://clawhub.ai/waydelyle/swarmclaw)
 
+## v1.9.34 Highlights
+
+Credential recovery and external extension access release for npm-global upgrades and scoped agent tool configuration.
+
+- **Credential secret recovery.** Startup now checks prior npm-global build env files before accepting a fresh per-version `CREDENTIAL_SECRET`, and validates candidate secrets against existing encrypted credentials before persisting `DATA_DIR/credential-secret`.
+- **Clear connector failures.** Connector startup now logs and surfaces credential decrypt failures directly instead of falling through to a misleading "No bot token configured" error.
+- **External extension tools.** Scoped agents now keep explicitly attached external `*.js` and `*.mjs` extensions, and the agent/chat tool controls persist enabled external tools through the `extensions` field.
+- **Regression coverage.** Added tests for previous-build credential recovery, non-decrypting secret replacement, scoped external extension access, and extension access persistence.
+
+## v1.9.33 Highlights
+
+Issue and PR validation release for credential durability, delegated task dispatch, connector output hygiene, and OpenClaw gateway protocol compatibility.
+
+- **Credential durability.** Execute-tool credential injection now reads the persisted `encryptedKey` field, and `CREDENTIAL_SECRET` now resolves in a stable order: explicit environment value, `DATA_DIR/credential-secret`, legacy env files, then generated fallback.
+- **Delegated task dispatch.** Agent-created tasks delegated to another agent auto-queue when no explicit status is supplied, and failed dead-lettered tasks can be requeued through `POST /api/tasks/:id/retry`.
+- **Connector output hygiene.** Connector replies now reuse the internal metadata scrubber before delivery and persistence, while successful non-connector delivery tool output is no longer overwritten as an unconfirmed send.
+- **Agent and gateway compatibility.** Agent updates preserve workspace filesystem settings, and OpenClaw gateway routes now use protocol version 4.
+- **Regression coverage.** Added tests for credential env injection, secret precedence, delegated queueing, failed-task retry, connector sanitization, agent workspace settings, and OpenClaw gateway protocol exports.
+
 ## v1.9.32 Highlights
 
 PR integration release for background model routing, reflection memory controls, and current ClawHub install guidance.
@@ -435,6 +454,25 @@ Operational docs: https://swarmclaw.ai/docs/observability
 
 ## Releases
 
+### v1.9.34 Highlights
+
+Credential recovery and external extension access release for npm-global upgrades and scoped agent tool configuration.
+
+- **Credential secret recovery.** Startup now checks prior npm-global build env files before accepting a fresh per-version `CREDENTIAL_SECRET`, and validates candidate secrets against existing encrypted credentials before persisting `DATA_DIR/credential-secret`.
+- **Clear connector failures.** Connector startup now logs and surfaces credential decrypt failures directly instead of falling through to a misleading "No bot token configured" error.
+- **External extension tools.** Scoped agents now keep explicitly attached external `*.js` and `*.mjs` extensions, and the agent/chat tool controls persist enabled external tools through the `extensions` field.
+- **Regression coverage.** Added tests for previous-build credential recovery, non-decrypting secret replacement, scoped external extension access, and extension access persistence.
+
+### v1.9.33 Highlights
+
+Issue and PR validation release for credential durability, delegated task dispatch, connector output hygiene, and OpenClaw gateway protocol compatibility.
+
+- **Credential durability.** Execute-tool credential injection now reads the persisted `encryptedKey` field, and `CREDENTIAL_SECRET` now resolves in a stable order: explicit environment value, `DATA_DIR/credential-secret`, legacy env files, then generated fallback.
+- **Delegated task dispatch.** Agent-created tasks delegated to another agent auto-queue when no explicit status is supplied, and failed dead-lettered tasks can be requeued through `POST /api/tasks/:id/retry`.
+- **Connector output hygiene.** Connector replies now reuse the internal metadata scrubber before delivery and persistence, while successful non-connector delivery tool output is no longer overwritten as an unconfirmed send.
+- **Agent and gateway compatibility.** Agent updates preserve workspace filesystem settings, and OpenClaw gateway routes now use protocol version 4.
+- **Regression coverage.** Added tests for credential env injection, secret precedence, delegated queueing, failed-task retry, connector sanitization, agent workspace settings, and OpenClaw gateway protocol exports.
+
 ### v1.9.32 Highlights
 
 PR integration release for background model routing, reflection memory controls, and current ClawHub install guidance.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarmclawai/swarmclaw",
-  "version": "1.9.32",
+  "version": "1.9.34",
   "description": "Build and run autonomous AI agents with OpenClaw, Hermes, multiple model providers, orchestration, delegation, memory, skills, schedules, and chat connectors.",
   "main": "electron-dist/main.js",
   "license": "MIT",
@@ -154,7 +154,7 @@
     "next": "16.2.4",
     "next-themes": "^0.4.6",
     "nodemailer": "^8.0.1",
-    "openclaw": "^2026.4.22",
+    "openclaw": "^2026.5.12",
     "pdf-parse": "^2.4.5",
     "qrcode": "^1.5.4",
     "radix-ui": "^1.4.3",

package/src/app/api/agents/agents-route.test.ts

@@ -206,6 +206,42 @@ test('PUT /api/agents/:id updates planning mode without clobbering other fields'
   assert.equal(body.proactiveMemory, false)
 })
 
+test('PUT /api/agents/:id persists workspace filesystem settings', async () => {
+  seedAgent('agent-workspace-settings', {
+    name: 'Workspace Agent',
+    workspace: null,
+    filesystemScope: null,
+    fileAccessPolicy: null,
+  })
+
+  const response = await putAgent(new Request('http://local/api/agents/agent-workspace-settings', {
+    method: 'PUT',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({
+      workspace: '/tmp/swarmclaw-agent-workspace',
+      filesystemScope: 'workspace',
+      fileAccessPolicy: {
+        allowedPaths: ['/tmp/swarmclaw-agent-workspace'],
+        blockedPaths: ['/tmp/swarmclaw-agent-workspace/private'],
+      },
+    }),
+  }), routeParams('agent-workspace-settings'))
+
+  assert.equal(response.status, 200)
+  const body = await response.json()
+  assert.equal(body.workspace, '/tmp/swarmclaw-agent-workspace')
+  assert.equal(body.filesystemScope, 'workspace')
+  assert.deepEqual(body.fileAccessPolicy, {
+    allowedPaths: ['/tmp/swarmclaw-agent-workspace'],
+    blockedPaths: ['/tmp/swarmclaw-agent-workspace/private'],
+  })
+
+  const stored = loadAgents()['agent-workspace-settings']
+  assert.equal(stored.workspace, '/tmp/swarmclaw-agent-workspace')
+  assert.equal(stored.filesystemScope, 'workspace')
+  assert.deepEqual(stored.fileAccessPolicy, body.fileAccessPolicy)
+})
+
 test('PUT /api/agents/:id rejects non-string name', async () => {
   seedAgent('agent-bad-name', { name: 'Good' })
 

package/src/app/api/extensions/builtins/route.ts

@@ -20,7 +20,7 @@ export async function GET() {
 
   // For external extensions that are enabled, also collect their concrete tool names
   // so the UI can show those tools in the toggles
-  const externalTools: Array<{ extensionId: string; toolName: string; label: string; description: string }> = []
+  const externalTools: Array<{ extensionId: string; extensionName: string; toolName: string; label: string; description: string }> = []
   for (const meta of all) {
     if (meta.isBuiltin || !meta.enabled) continue
     try {
@@ -28,6 +28,7 @@ export async function GET() {
       for (const entry of tools) {
         externalTools.push({
           extensionId: entry.extensionId,
+          extensionName: meta.name || meta.filename,
           toolName: entry.tool.name,
           label: entry.tool.name.replace(/_/g, ' ').replace(/\b\w/g, (c) => c.toUpperCase()),
           description: entry.tool.description || '',

package/src/app/api/tasks/[id]/retry/route.ts

@@ -0,0 +1,12 @@
+import { NextResponse } from 'next/server'
+import { notFound } from '@/lib/server/collection-helpers'
+import { retryTaskFromRoute } from '@/lib/server/tasks/task-route-service'
+
+export async function POST(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const result = retryTaskFromRoute(id)
+  if (!result.ok && result.status === 404) return notFound()
+  return result.ok
+    ? NextResponse.json(result.payload)
+    : NextResponse.json(result.payload, { status: result.status })
+}

package/src/app/api/tasks/task-workspace-route.test.ts

@@ -19,6 +19,7 @@ let getTaskHandoff: typeof import('./[id]/handoff/route')['GET']
 let postTaskHandoff: typeof import('./[id]/handoff/route')['POST']
 let getTaskExecutionPolicy: typeof import('./[id]/execution-policy/route')['GET']
 let postTaskExecutionPolicy: typeof import('./[id]/execution-policy/route')['POST']
+let postTaskRetry: typeof import('./[id]/retry/route')['POST']
 let getTaskHandoffs: typeof import('./handoffs/route')['GET']
 let getTasks: typeof import('./route')['GET']
 let storage: typeof import('@/lib/server/storage')
@@ -57,6 +58,7 @@ before(async () => {
   const policyRoute = await import('./[id]/execution-policy/route')
   getTaskExecutionPolicy = policyRoute.GET
   postTaskExecutionPolicy = policyRoute.POST
+  postTaskRetry = (await import('./[id]/retry/route')).POST
   getTaskHandoffs = (await import('./handoffs/route')).GET
   getTasks = (await import('./route')).GET
 })
@@ -255,6 +257,66 @@ test('GET /api/tasks/:id/execution-policy returns policy summary', async () => {
   assert.equal(body.summary.status, 'waiting')
 })
 
+test('POST /api/tasks/:id/retry requeues a dead-lettered failed task', async () => {
+  seedTask('task-dead-letter-retry', {
+    title: 'Dead Letter Retry',
+    status: 'failed',
+    attempts: 3,
+    maxAttempts: 3,
+    retryScheduledAt: Date.now() + 60_000,
+    deadLetteredAt: Date.now(),
+    checkoutRunId: 'run-failed',
+    error: 'Dead-lettered after 3/3 attempts: timeout',
+    validation: { ok: false, reasons: ['No result'], checkedAt: Date.now() },
+  })
+
+  const response = await postTaskRetry(
+    new Request('http://local/api/tasks/task-dead-letter-retry/retry', { method: 'POST' }),
+    routeParams('task-dead-letter-retry'),
+  )
+
+  assert.equal(response.status, 200)
+  const body = await response.json() as BoardTask
+  assert.equal(body.status, 'queued')
+  assert.equal(body.attempts, 0)
+  assert.equal(body.retryScheduledAt, null)
+  assert.equal(body.deadLetteredAt, null)
+  assert.equal(body.checkoutRunId, null)
+  assert.equal(body.error, null)
+  assert.equal(body.validation, null)
+  assert.equal(storage.loadQueue().includes('task-dead-letter-retry'), true)
+  assert.equal(body.comments?.some((comment) => comment.text.includes('retry requested')), true)
+})
+
+test('POST /api/tasks/:id/retry rejects tasks still blocked by dependencies', async () => {
+  seedTask('task-blocked-retry', {
+    title: 'Blocked Retry',
+    status: 'failed',
+    blockedBy: ['retry-dep'],
+    deadLetteredAt: Date.now(),
+  })
+  const tasks = storage.loadTasks()
+  tasks['retry-dep'] = {
+    id: 'retry-dep',
+    title: 'Retry Dependency',
+    description: '',
+    status: 'running',
+    agentId: 'agent-1',
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+  } as BoardTask
+  storage.saveTasks(tasks)
+
+  const response = await postTaskRetry(
+    new Request('http://local/api/tasks/task-blocked-retry/retry', { method: 'POST' }),
+    routeParams('task-blocked-retry'),
+  )
+
+  assert.equal(response.status, 409)
+  assert.equal(storage.loadTasks()['task-blocked-retry']?.status, 'failed')
+  assert.equal(storage.loadQueue().includes('task-blocked-retry'), false)
+})
+
 test('POST /api/tasks/:id/handoff saves markdown and JSON snapshots into the workspace', async () => {
   seedTask('task-handoff-save', {
     title: 'Saved Handoff Task',

package/src/cli/index.js

@@ -761,6 +761,7 @@ const COMMAND_GROUPS = [
       cmd('handoffs', 'GET', '/tasks/handoffs', 'List task handoff readiness packets'),
       cmd('execution-policy', 'GET', '/tasks/:id/execution-policy', 'Get task execution policy state'),
       cmd('execution-policy-decision', 'POST', '/tasks/:id/execution-policy', 'Approve, request changes, or reset a task policy stage', { expectsJsonBody: true }),
+      cmd('retry', 'POST', '/tasks/:id/retry', 'Retry a failed task and requeue it'),
       cmd('create', 'POST', '/tasks', 'Create task', { expectsJsonBody: true }),
       cmd('bulk', 'POST', '/tasks/bulk', 'Bulk update tasks (status/agent/project)', { expectsJsonBody: true }),
       cmd('update', 'PUT', '/tasks/:id', 'Update task', { expectsJsonBody: true }),

package/src/cli/index.test.js

@@ -225,6 +225,36 @@ test('tasks execution-policy-decision posts policy decisions', async () => {
   assert.equal(stderr.toString(), '')
 })
 
+test('tasks retry posts to the failed-task retry endpoint', async () => {
+  const stdout = makeWritable()
+  const stderr = makeWritable()
+  const calls = []
+
+  const fetchImpl = async (url, init) => {
+    calls.push({ url: String(url), init })
+    return jsonResponse({ id: 'task-1', status: 'queued' })
+  }
+
+  const exitCode = await runCli(
+    ['tasks', 'retry', 'task-1', '--json'],
+    {
+      fetchImpl,
+      stdout,
+      stderr,
+      env: {},
+      cwd: process.cwd(),
+    }
+  )
+
+  assert.equal(exitCode, 0)
+  assert.equal(calls.length, 1)
+  assert.match(calls[0].url, /\/api\/tasks\/task-1\/retry$/)
+  assert.equal(calls[0].init.method, 'POST')
+  assert.equal(calls[0].init.body, undefined)
+  assert.match(stdout.toString(), /"queued"/)
+  assert.equal(stderr.toString(), '')
+})
+
 test('gateways drain command posts a lifecycle control action', async () => {
   const stdout = makeWritable()
   const stderr = makeWritable()

package/src/cli/spec.js

@@ -541,6 +541,7 @@ const COMMAND_GROUPS = {
       handoffs: { description: 'List task handoff readiness packets', method: 'GET', path: '/tasks/handoffs' },
       'execution-policy': { description: 'Get task execution policy state', method: 'GET', path: '/tasks/:id/execution-policy', params: ['id'] },
       'execution-policy-decision': { description: 'Approve, request changes, or reset a task policy stage', method: 'POST', path: '/tasks/:id/execution-policy', params: ['id'] },
+      retry: { description: 'Retry a failed task and requeue it', method: 'POST', path: '/tasks/:id/retry', params: ['id'] },
       create: { description: 'Create task', method: 'POST', path: '/tasks' },
       bulk: { description: 'Bulk update tasks (status/agent/project)', method: 'POST', path: '/tasks/bulk' },
       update: { description: 'Update task', method: 'PUT', path: '/tasks/:id', params: ['id'] },

package/src/components/agents/agent-sheet.tsx

@@ -57,6 +57,14 @@ const AUTO_SYNC_MODEL_PROVIDER_IDS = new Set<ProviderType>([
 const CONNECTION_TEST_TIMEOUT_MS = 40_000
 type AgentProviderId = string
 
+interface ExtensionToolInfo {
+  extensionId: string
+  extensionName?: string
+  toolName: string
+  label: string
+  description: string
+}
+
 function SectionCard({
   title,
   description,
@@ -223,6 +231,7 @@ export function AgentSheet() {
   const [toolAccessMode, setToolAccessMode] = useState<'universal' | 'scoped'>('scoped')
   const [extensions, setExtensions] = useState<string[]>([])
   const [enabledExtensionIds, setEnabledExtensionIds] = useState<Set<string> | null>(null)
+  const [externalTools, setExternalTools] = useState<ExtensionToolInfo[]>([])
   const [skills, setSkills] = useState<string[]>([])
   const [skillIds, setSkillIds] = useState<string[]>([])
   const [mcpServerIds, setMcpServerIds] = useState<string[]>([])
@@ -423,8 +432,11 @@ export function AgentSheet() {
       loadProjects()
       loadClaudeSkills()
       // Fetch enabled extension IDs so we can filter tool toggles
-      api<{ enabledExtensionIds: string[] }>('GET', '/extensions/builtins')
-        .then((res) => { if (res?.enabledExtensionIds) setEnabledExtensionIds(new Set(res.enabledExtensionIds)) })
+      api<{ enabledExtensionIds: string[]; externalTools?: ExtensionToolInfo[] }>('GET', '/extensions/builtins')
+        .then((res) => {
+          if (res?.enabledExtensionIds) setEnabledExtensionIds(new Set(res.enabledExtensionIds))
+          if (Array.isArray(res?.externalTools)) setExternalTools(res.externalTools)
+        })
         .catch(() => {})
       setTestStatus('idle')
       setTestMessage('')
@@ -2642,6 +2654,33 @@ export function AgentSheet() {
         </div>
       )}
 
+      {!hasNativeCapabilities && externalTools.length > 0 && (
+        <div className="mb-8">
+          <label className="block font-display text-[12px] font-600 text-text-2 uppercase tracking-[0.08em] mb-2">Extension Tools</label>
+          <p className="text-[12px] text-text-3/60 mb-3">Attach enabled external extension tools to this agent.</p>
+          <div className="space-y-3">
+            {externalTools.map((t) => {
+              const attached = extensions.includes(t.extensionId)
+              const description = t.extensionName
+                ? `${t.description || 'External extension tool'} (${t.extensionName})`
+                : (t.description || 'External extension tool')
+              return (
+                <label key={`${t.extensionId}:${t.toolName}`} className="flex items-center gap-3 cursor-pointer">
+                  <div
+                    onClick={() => setExtensions((prev) => prev.includes(t.extensionId) ? prev.filter((x) => x !== t.extensionId) : [...prev, t.extensionId])}
+                    className={`w-11 h-6 rounded-full transition-all duration-200 relative shrink-0 ${attached ? 'bg-accent-bright cursor-pointer' : 'bg-white/[0.08] cursor-pointer'}`}
+                  >
+                    <div className={`absolute top-0.5 w-5 h-5 rounded-full bg-white transition-all duration-200 ${attached ? 'left-[22px]' : 'left-0.5'}`} />
+                  </div>
+                  <span className="font-display text-[14px] font-600 text-text-2">{t.label}</span>
+                  <span className="text-[12px] text-text-3">{description}</span>
+                </label>
+              )
+            })}
+          </div>
+        </div>
+      )}
+
       {/* Native capability provider note — not shown for OpenClaw (covered in connection status) */}
       {hasNativeCapabilities && !openclawEnabled && (
         <div className="mb-8 p-4 rounded-[14px] bg-white/[0.02] border border-white/[0.06]">

package/src/components/chat/chat-tool-toggles.tsx

@@ -7,7 +7,7 @@ import { AVAILABLE_TOOLS, PLATFORM_TOOLS } from '@/lib/tool-definitions'
 import type { ToolDefinition } from '@/lib/tool-definitions'
 import type { Session } from '@/types'
 import { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider } from '@/components/ui/tooltip'
-import { getEnabledToolIds, getEnabledExtensionIds } from '@/lib/capability-selection'
+import { getEnabledToolIds, getEnabledExtensionIds, isExternalExtensionId } from '@/lib/capability-selection'
 
 interface Props {
   session: Session
@@ -15,6 +15,7 @@ interface Props {
 
 interface ExtensionToolInfo {
   extensionId: string
+  extensionName?: string
   toolName: string
   label: string
   description: string
@@ -55,7 +56,20 @@ export function ChatToolToggles({ session }: Props) {
     return () => document.removeEventListener('mousedown', handler)
   }, [open])
 
-  const toggleTool = async (toolId: string) => {
+  const toggleTool = async (tool: ToolDefinition) => {
+    if (tool.extensionId && isExternalExtensionId(tool.extensionId)) {
+      const updatedExtensions = sessionExtensions.includes(tool.extensionId)
+        ? sessionExtensions.filter((extensionId) => extensionId !== tool.extensionId)
+        : [...sessionExtensions, tool.extensionId]
+      await api('PUT', `/chats/${session.id}`, {
+        tools: sessionTools,
+        extensions: updatedExtensions,
+      })
+      await refreshSession(session.id)
+      return
+    }
+
+    const toolId = tool.id
     const updated = sessionTools.includes(toolId)
       ? sessionTools.filter((t) => t !== toolId)
       : [...sessionTools, toolId]
@@ -78,9 +92,9 @@ export function ChatToolToggles({ session }: Props) {
 
   // Convert external extension tools into ToolDefinition-like items for display
   const extensionToolDefs: ToolDefinition[] = externalTools.map((et) => ({
-    id: et.toolName,
+    id: `${et.extensionId}:${et.toolName}`,
     label: et.label,
-    description: et.description,
+    description: et.extensionName ? `${et.description || 'External extension tool'} (${et.extensionName})` : et.description,
     extensionId: et.extensionId,
   }))
 
@@ -92,7 +106,11 @@ export function ChatToolToggles({ session }: Props) {
 
   const allVisibleTools = groups.flatMap((g) => g.tools)
   const totalCount = allVisibleTools.length
-  const enabledCount = sessionTools.filter((id) => allVisibleTools.some((t) => t.id === id)).length
+  const enabledCount = allVisibleTools.filter((tool) => (
+    tool.extensionId && isExternalExtensionId(tool.extensionId)
+      ? sessionExtensions.includes(tool.extensionId)
+      : sessionTools.includes(tool.id)
+  )).length
 
   return (
     <div className="relative" ref={ref}>
@@ -120,13 +138,17 @@ export function ChatToolToggles({ session }: Props) {
                 <p className="text-[10px] font-600 text-text-3/60 uppercase tracking-wider mb-2">{group.label}</p>
                 {group.tools.map((tool) => {
                   const extDisabled = !isExtensionEnabled(tool)
-                  const enabled = !extDisabled && sessionTools.includes(tool.id)
+                  const enabled = !extDisabled && (
+                    tool.extensionId && isExternalExtensionId(tool.extensionId)
+                      ? sessionExtensions.includes(tool.extensionId)
+                      : sessionTools.includes(tool.id)
+                  )
                   return (
                     <Tooltip key={tool.id}>
                       <TooltipTrigger asChild>
                         <label className={`flex items-center gap-2.5 py-1.5 ${extDisabled ? 'cursor-not-allowed opacity-40' : 'cursor-pointer'}`}>
                           <div
-                            onClick={() => !extDisabled && toggleTool(tool.id)}
+                            onClick={() => !extDisabled && toggleTool(tool)}
                             className={`w-8 h-[18px] rounded-full transition-all duration-200 relative shrink-0
                               ${extDisabled ? 'bg-white/[0.04] cursor-not-allowed' : enabled ? 'bg-accent-bright cursor-pointer' : 'bg-white/[0.12] cursor-pointer'}`}
                           >

package/src/lib/providers/openclaw.test.ts

@@ -1,7 +1,7 @@
 import assert from 'node:assert/strict'
 import { afterEach, test } from 'node:test'
 
-import { buildOpenClawSessionKey, resolveGatewayAgentId } from './openclaw'
+import { buildOpenClawConnectParams, buildOpenClawSessionKey, resolveGatewayAgentId } from './openclaw'
 import { loadAgents, saveAgents } from '../server/storage'
 import type { Agent } from '@/types'
 
@@ -72,3 +72,10 @@ test('buildOpenClawSessionKey honors explicit OpenClaw session keys when provide
 
   assert.equal(sessionKey, 'agent:ops:benchmark:fixed-key')
 })
+
+test('buildOpenClawConnectParams advertises the current gateway protocol', () => {
+  const params = buildOpenClawConnectParams('test-token', 'test-nonce')
+
+  assert.equal(params.minProtocol, 4)
+  assert.equal(params.maxProtocol, 4)
+})

package/src/lib/providers/openclaw.ts

@@ -113,6 +113,8 @@ export function getDeviceId(): string {
 
 // --- Protocol helpers ---
 
+export const OPENCLAW_GATEWAY_PROTOCOL_VERSION = 4
+
 /**
  * Build connect params for the OpenClaw gateway protocol.
  *
@@ -132,8 +134,8 @@ export function buildOpenClawConnectParams(
   const scopes = ['operator.admin']
 
   const params: Record<string, unknown> = {
-    minProtocol: 3,
-    maxProtocol: 3,
+    minProtocol: OPENCLAW_GATEWAY_PROTOCOL_VERSION,
+    maxProtocol: OPENCLAW_GATEWAY_PROTOCOL_VERSION,
     auth: token ? { token } : undefined,
     client: {
       id: clientId,

package/src/lib/server/chat-execution/chat-execution-connector-delivery.ts

@@ -1,5 +1,6 @@
 import type { MessageToolEvent } from '@/types'
 import { dedupeConsecutiveToolEvents } from '@/lib/server/chat-execution/chat-execution-tool-events'
+import { stripAllInternalMetadata } from '@/lib/strip-internal-metadata'
 
 function parseToolJsonObject(raw: string): Record<string, unknown> | null {
   const trimmed = raw.trim()
@@ -65,12 +66,23 @@ export function looksLikePositiveConnectorDeliveryText(
 
 export function reconcileConnectorDeliveryText(text: string, events: MessageToolEvent[]): string {
   const trimmed = text.trim()
-  const connectorEvents = dedupeConsecutiveToolEvents(events).filter((event) => event.name === 'connector_message_tool')
+  const dedupedEvents = dedupeConsecutiveToolEvents(events)
+  const connectorEvents = dedupedEvents.filter((event) => event.name === 'connector_message_tool')
   if (!looksLikePositiveConnectorDeliveryText(trimmed, {
     requireConnectorContext: connectorEvents.length === 0,
   })) return text
   if (connectorEvents.some((event) => connectorToolEventSucceeded(event))) return text
   if (connectorEvents.length === 0) {
+    // No connector_message_tool event was recorded for this turn, but the
+    // agent may have legitimately delivered the message through another tool
+    // — typically `execute` running nodemailer / smtp / curl against an
+    // outbound HTTP endpoint, or a future connector that doesn't route
+    // through connector_message_tool. If *any* tool ran this turn, the agent
+    // did real work; trust them rather than overwriting their response with
+    // a false-negative. Only reconcile (with the overwrite below) when there
+    // is genuine evidence of a failed send — i.e., a connector_message_tool
+    // event exists but didn't succeed.
+    if (dedupedEvents.length > 0) return text
     return `I couldn't confirm that the configured connector actually sent anything. No connector delivery tool call was recorded for this response.`
   }
 
@@ -84,3 +96,7 @@ export function reconcileConnectorDeliveryText(text: string, events: MessageTool
 
   return `I couldn't send that through the configured connector. ${failureSummary}`.trim()
 }
+
+export function sanitizeConnectorDeliveryText(text: string, events: MessageToolEvent[]): string {
+  return reconcileConnectorDeliveryText(stripAllInternalMetadata(text), events).trim()
+}

package/src/lib/server/chat-execution/chat-turn-finalization.ts

@@ -12,7 +12,7 @@ import { stripMainLoopMetaForPersistence } from '@/lib/server/agents/main-agent-
 import { shouldSuppressHiddenControlText, stripHiddenControlTokens } from '@/lib/server/agents/assistant-control'
 import { pruneStreamingAssistantArtifacts } from '@/lib/chat/chat-streaming-state'
 import { pruneIncompleteToolEvents } from '@/lib/server/chat-execution/chat-streaming-utils'
-import { reconcileConnectorDeliveryText } from '@/lib/server/chat-execution/chat-execution-connector-delivery'
+import { sanitizeConnectorDeliveryText } from '@/lib/server/chat-execution/chat-execution-connector-delivery'
 import {
   classifyHeartbeatResponse,
   estimateConversationTone,
@@ -347,7 +347,7 @@ export async function finalizeChatTurn(params: {
       // Outbound transforms are non-critical.
     }
   }
-  finalText = reconcileConnectorDeliveryText(finalText, persistedToolEvents)
+  finalText = sanitizeConnectorDeliveryText(finalText, persistedToolEvents)
   finalText = normalizeAssistantArtifactLinks(finalText, session.cwd)
   finalText = applyExactOutputContract({
     contract: await resolveExactOutputContractWithTimeout({

package/src/lib/server/chat-execution/post-stream-finalization.test.ts

@@ -2,6 +2,7 @@ import assert from 'node:assert/strict'
 import { describe, it } from 'node:test'
 
 import { stripLeakedClassificationJson } from './post-stream-finalization'
+import { sanitizeConnectorDeliveryText } from './chat-execution-connector-delivery'
 
 // A fully-valid MessageClassification serialized by the model. Mirrors the
 // real output we observed during a live delegation turn.
@@ -105,3 +106,26 @@ describe('stripLeakedClassificationJson', () => {
     assert.equal(cleaned, input)
   })
 })
+
+describe('sanitizeConnectorDeliveryText', () => {
+  it('strips internal metadata before connector delivery reconciliation', () => {
+    const input = [
+      '{ "isDeliverableTask": true, "confidence": 0.9 }',
+      'I sent the message via the endpoint. Message ID: abc123.',
+    ].join('\n')
+    const result = sanitizeConnectorDeliveryText(input, [
+      {
+        name: 'execute',
+        input: '{"code":"curl -X POST https://example.invalid/send"}',
+        output: 'ok',
+      },
+    ])
+
+    assert.equal(result, 'I sent the message via the endpoint. Message ID: abc123.')
+  })
+
+  it('preserves benign user JSON in non-delivery text', () => {
+    const input = 'The payload example is { "port": 3000 }.'
+    assert.equal(sanitizeConnectorDeliveryText(input, []), input)
+  })
+})

package/src/lib/server/connectors/connector-inbound.ts

@@ -92,7 +92,8 @@ import {
   resolveSenderPreferencePolicy,
 } from './contact-preferences'
 import { prepareConnectorVoiceNotePayload } from './voice-note'
-import { reconcileConnectorDeliveryText } from '@/lib/server/chat-execution/chat-execution-connector-delivery'
+import { sanitizeConnectorDeliveryText } from '@/lib/server/chat-execution/chat-execution-connector-delivery'
+import { stripAllInternalMetadata } from '@/lib/strip-internal-metadata'
 import { pruneIncompleteToolEvents, updateStreamedToolEvents } from '@/lib/server/chat-execution/chat-streaming-utils'
 import { guardUntrustedText, getUntrustedContentGuardMode } from '@/lib/server/untrusted-content'
 import {
@@ -432,7 +433,7 @@ export async function deliverQueuedConnectorRunResult(params: {
     session,
     toolEvents: params.result.toolEvents || [],
   })
-  fullText = reconcileConnectorDeliveryText(fullText, params.result.toolEvents || []).trim()
+  fullText = sanitizeConnectorDeliveryText(stripHiddenControlTokens(fullText), params.result.toolEvents || [])
 
   if (!fullText && !currentChannelDelivery) {
     await maybeSendStatusReaction(params.connector, params.msg, 'silent')
@@ -729,7 +730,7 @@ async function routeMessageToChatroom(connector: Connector, msg: InboundMessage)
         history,
       })
 
-      const responseText = stripHiddenControlTokens(result.finalResponse || result.fullText)
+      const responseText = stripAllInternalMetadata(stripHiddenControlTokens(result.finalResponse || result.fullText))
       if (responseText.trim() && !isNoMessage(responseText)) {
         // Persist agent response to chatroom
         const agentSource: MessageSource = {
@@ -1332,12 +1333,11 @@ If media sending fails, report the exact error and retry with a corrected path/t
   }
 
   const suppressHiddenResponse = shouldSuppressHiddenControlText(fullText)
-  fullText = stripHiddenControlTokens(fullText)
-  fullText = reconcileConnectorDeliveryText(fullText, settledConnectorToolEvents).trim()
+  fullText = sanitizeConnectorDeliveryText(stripHiddenControlTokens(fullText), settledConnectorToolEvents)
 
   // If the agent chose NO_MESSAGE, skip saving it to history — the user's message
   // is already recorded, and saving the sentinel would pollute the LLM's context
-  if (suppressHiddenResponse || isNoMessage(fullText)) {
+  if (suppressHiddenResponse || isNoMessage(fullText) || !fullText.trim()) {
     if (currentChannelDeliveryRef.current) {
       persistConnectorDeliveryMarker({
         session,