Agent-centric UI, orchestrator capability, tool access requests, and CLI resume tracking

- Sidebar now shows agents as chat threads with persistent thread sessions
- Agent awareness: agents see each other's capabilities and status in system prompt
- Orchestrator capability toggle gates delegate_to_agent behind explicit permission
- Tool access request UI: agents request disabled tools, user grants via chat banner
- Store all CLI resume IDs (claude/codex/opencode) on tasks separately
- CLI resume IDs shown in task sheet and agent thread notifications
- Task notifications include working directory and resume IDs
- File path preview: inline code file paths render as interactive chips with preview/open
- File serve API endpoint (/api/files/serve) for local file preview
- Code block preview/open/save buttons for HTML and SVG
- Atomic storage upserts to prevent task race conditions
- Queue orphan recovery for tasks stuck in queued status
- Agent delegation name-to-ID fallback resolution

Author: waydelyle

src/app/api/agents/[id]/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import { loadAgents, saveAgents } from '@/lib/server/storage'
+import { loadAgents, saveAgents, deleteAgent } from '@/lib/server/storage'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
@@ -25,7 +25,6 @@ export async function DELETE(_req: Request, { params }: { params: Promise<{ id:
   const { id } = await params
   const agents = loadAgents()
   if (!agents[id]) return new NextResponse(null, { status: 404 })
-  delete agents[id]
-  saveAgents(agents)
+  deleteAgent(id)
   return NextResponse.json('ok')
 }

src/app/api/agents/[id]/thread/route.ts

@@ -0,0 +1,66 @@
+import { NextResponse } from 'next/server'
+import crypto from 'crypto'
+import { loadAgents, saveAgents, loadSessions, saveSessions } from '@/lib/server/storage'
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id: agentId } = await params
+  const agents = loadAgents()
+  const agent = agents[agentId]
+  if (!agent) {
+    return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
+  }
+
+  const body = await req.json().catch(() => ({}))
+  const user = body.user || 'default'
+  const sessions = loadSessions()
+
+  // If agent already has a thread session that exists, return it
+  if (agent.threadSessionId && sessions[agent.threadSessionId]) {
+    return NextResponse.json(sessions[agent.threadSessionId])
+  }
+
+  // Check if an existing session is already linked to this agent as a thread
+  const existing = Object.values(sessions).find(
+    (s: any) => s.name === `agent-thread:${agentId}` && s.user === user
+  )
+  if (existing) {
+    agent.threadSessionId = (existing as any).id
+    agent.updatedAt = Date.now()
+    saveAgents(agents)
+    return NextResponse.json(existing)
+  }
+
+  // Create a new thread session
+  const sessionId = `agent-thread-${agentId}-${crypto.randomBytes(4).toString('hex')}`
+  const now = Date.now()
+  const session = {
+    id: sessionId,
+    name: `agent-thread:${agentId}`,
+    cwd: process.cwd(),
+    user: user,
+    provider: agent.provider,
+    model: agent.model,
+    credentialId: agent.credentialId || null,
+    fallbackCredentialIds: agent.fallbackCredentialIds || [],
+    apiEndpoint: agent.apiEndpoint || null,
+    claudeSessionId: null,
+    messages: [],
+    createdAt: now,
+    lastActiveAt: now,
+    active: false,
+    sessionType: 'human' as const,
+    agentId,
+    tools: agent.tools || [],
+    heartbeatEnabled: agent.heartbeatEnabled || false,
+    heartbeatIntervalSec: agent.heartbeatIntervalSec || null,
+  }
+
+  sessions[sessionId] = session as any
+  saveSessions(sessions)
+
+  agent.threadSessionId = sessionId
+  agent.updatedAt = Date.now()
+  saveAgents(agents)
+
+  return NextResponse.json(session)
+}

src/app/api/agents/route.ts

@@ -24,6 +24,7 @@ export async function POST(req: Request) {
     isOrchestrator: body.isOrchestrator || false,
     subAgentIds: body.subAgentIds || [],
     tools: body.tools || [],
+    capabilities: body.capabilities || [],
     createdAt: now,
     updatedAt: now,
   }

src/app/api/files/serve/route.ts

@@ -0,0 +1,69 @@
+import { NextResponse } from 'next/server'
+import fs from 'fs'
+import path from 'path'
+
+const MIME_MAP: Record<string, string> = {
+  '.html': 'text/html',
+  '.htm': 'text/html',
+  '.css': 'text/css',
+  '.js': 'application/javascript',
+  '.json': 'application/json',
+  '.svg': 'image/svg+xml',
+  '.png': 'image/png',
+  '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg',
+  '.gif': 'image/gif',
+  '.webp': 'image/webp',
+  '.txt': 'text/plain',
+  '.md': 'text/markdown',
+  '.ts': 'text/plain',
+  '.tsx': 'text/plain',
+  '.jsx': 'text/plain',
+  '.py': 'text/plain',
+  '.sh': 'text/plain',
+}
+
+const MAX_SIZE = 10 * 1024 * 1024 // 10MB
+
+export async function GET(req: Request) {
+  const url = new URL(req.url)
+  const filePath = url.searchParams.get('path')
+
+  if (!filePath) {
+    return NextResponse.json({ error: 'Missing path parameter' }, { status: 400 })
+  }
+
+  // Resolve and normalize the path
+  const resolved = path.resolve(filePath)
+
+  // Block access to sensitive paths
+  const blocked = ['.env', 'credentials', '.ssh', '.gnupg', '.aws']
+  if (blocked.some((b) => resolved.includes(b))) {
+    return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+  }
+
+  if (!fs.existsSync(resolved)) {
+    return NextResponse.json({ error: 'File not found' }, { status: 404 })
+  }
+
+  const stat = fs.statSync(resolved)
+  if (!stat.isFile()) {
+    return NextResponse.json({ error: 'Not a file' }, { status: 400 })
+  }
+  if (stat.size > MAX_SIZE) {
+    return NextResponse.json({ error: 'File too large' }, { status: 413 })
+  }
+
+  const ext = path.extname(resolved).toLowerCase()
+  const contentType = MIME_MAP[ext] || 'application/octet-stream'
+  const content = fs.readFileSync(resolved)
+
+  return new NextResponse(content, {
+    headers: {
+      'Content-Type': contentType,
+      'Content-Disposition': contentType.startsWith('text/') || contentType.startsWith('image/')
+        ? 'inline'
+        : `attachment; filename="${path.basename(resolved)}"`,
+    },
+  })
+}

src/app/api/schedules/[id]/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import { loadSchedules, saveSchedules } from '@/lib/server/storage'
+import { loadSchedules, saveSchedules, deleteSchedule } from '@/lib/server/storage'
 import { resolveScheduleName } from '@/lib/schedule-name'
 
 export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
@@ -23,7 +23,6 @@ export async function DELETE(_req: Request, { params }: { params: Promise<{ id:
   const { id } = await params
   const schedules = loadSchedules()
   if (!schedules[id]) return new NextResponse(null, { status: 404 })
-  delete schedules[id]
-  saveSchedules(schedules)
+  deleteSchedule(id)
   return NextResponse.json('ok')
 }

src/app/api/schedules/[id]/run/route.ts

@@ -34,37 +34,71 @@ export async function POST(_req: Request, { params }: { params: Promise<{ id: st
   }
 
   const now = Date.now()
-  const taskId = crypto.randomBytes(4).toString('hex')
-  tasks[taskId] = {
-    id: taskId,
-    title: `[Sched] ${schedule.name}: ${String(schedule.taskPrompt || '').slice(0, 40)}`,
-    description: schedule.taskPrompt || '',
-    status: 'backlog',
-    agentId: schedule.agentId,
-    sessionId: null,
-    result: null,
-    error: null,
-    createdAt: now,
-    updatedAt: now,
-    queuedAt: null,
-    startedAt: null,
-    completedAt: null,
-    sourceType: 'schedule',
-    sourceScheduleId: schedule.id,
-    sourceScheduleName: schedule.name,
-    sourceScheduleKey: scheduleSignature || null,
-    createdInSessionId: schedule.createdInSessionId || null,
-    createdByAgentId: schedule.createdByAgentId || null,
+  schedule.runNumber = (schedule.runNumber || 0) + 1
+
+  // Reuse linked task if it exists and is not in-flight
+  let taskId = ''
+  const existingTaskId = typeof schedule.linkedTaskId === 'string' ? schedule.linkedTaskId : ''
+  const existingTask = existingTaskId ? tasks[existingTaskId] : null
+
+  if (existingTask && existingTask.status !== 'queued' && existingTask.status !== 'running') {
+    taskId = existingTaskId
+    const prev = existingTask as any
+    prev.totalRuns = (prev.totalRuns || 0) + 1
+    if (existingTask.status === 'completed') prev.totalCompleted = (prev.totalCompleted || 0) + 1
+    if (existingTask.status === 'failed') prev.totalFailed = (prev.totalFailed || 0) + 1
+
+    existingTask.status = 'backlog'
+    existingTask.title = `[Sched] ${schedule.name} (run #${schedule.runNumber})`
+    existingTask.result = null
+    existingTask.error = null
+    existingTask.sessionId = null
+    existingTask.updatedAt = now
+    existingTask.queuedAt = null
+    existingTask.startedAt = null
+    existingTask.completedAt = null
+    existingTask.archivedAt = null
+    existingTask.attempts = 0
+    existingTask.retryScheduledAt = null
+    existingTask.deadLetteredAt = null
+    existingTask.validation = null
+    prev.runNumber = schedule.runNumber
+  } else {
+    taskId = crypto.randomBytes(4).toString('hex')
+    tasks[taskId] = {
+      id: taskId,
+      title: `[Sched] ${schedule.name} (run #${schedule.runNumber})`,
+      description: schedule.taskPrompt || '',
+      status: 'backlog',
+      agentId: schedule.agentId,
+      sessionId: null,
+      result: null,
+      error: null,
+      createdAt: now,
+      updatedAt: now,
+      queuedAt: null,
+      startedAt: null,
+      completedAt: null,
+      sourceType: 'schedule',
+      sourceScheduleId: schedule.id,
+      sourceScheduleName: schedule.name,
+      sourceScheduleKey: scheduleSignature || null,
+      createdInSessionId: schedule.createdInSessionId || null,
+      createdByAgentId: schedule.createdByAgentId || null,
+      runNumber: schedule.runNumber,
+    }
+    schedule.linkedTaskId = taskId
   }
+
   saveTasks(tasks)
   enqueueTask(taskId)
   pushMainLoopEventToMainSessions({
     type: 'schedule_fired',
-    text: `Schedule fired manually: "${schedule.name}" (${schedule.id}) queued task "${tasks[taskId].title}" (${taskId}).`,
+    text: `Schedule fired manually: "${schedule.name}" (${schedule.id}) run #${schedule.runNumber} — task ${taskId}`,
   })
 
   schedule.lastRunAt = now
   saveSchedules(schedules)
 
-  return NextResponse.json({ ok: true, queued: true, taskId })
+  return NextResponse.json({ ok: true, queued: true, taskId, runNumber: schedule.runNumber })
 }

src/app/api/sessions/[id]/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server'
-import { loadSessions, saveSessions, active, loadAgents } from '@/lib/server/storage'
+import { loadSessions, saveSessions, deleteSession, active, loadAgents } from '@/lib/server/storage'
 import { enqueueSessionRun } from '@/lib/server/session-run-manager'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 
@@ -97,7 +97,6 @@ export async function DELETE(_req: Request, { params }: { params: Promise<{ id:
     try { active.get(id).kill() } catch {}
     active.delete(id)
   }
-  delete sessions[id]
-  saveSessions(sessions)
+  deleteSession(id)
   return new NextResponse('OK')
 }

src/app/api/sessions/route.ts

@@ -2,7 +2,7 @@ import { NextResponse } from 'next/server'
 import crypto from 'crypto'
 import os from 'os'
 import path from 'path'
-import { loadSessions, saveSessions, active, loadAgents } from '@/lib/server/storage'
+import { loadSessions, saveSessions, deleteSession, active, loadAgents } from '@/lib/server/storage'
 import { getSessionRunState } from '@/lib/server/session-run-manager'
 import { normalizeProviderEndpoint } from '@/lib/openclaw-endpoint'
 
@@ -29,9 +29,8 @@ export async function DELETE(req: Request) {
       try { active.get(id).kill() } catch {}
       active.delete(id)
     }
-    delete sessions[id]
+    deleteSession(id)
   }
-  saveSessions(sessions)
   return NextResponse.json({ deleted: ids.length })
 }
 

src/app/api/tasks/route.ts

@@ -28,6 +28,37 @@ export async function GET(req: Request) {
   return NextResponse.json(filtered)
 }
 
+export async function DELETE(req: Request) {
+  const { searchParams } = new URL(req.url)
+  const filter = searchParams.get('filter') // 'all' | 'schedule' | null
+  const tasks = loadTasks()
+  const kept: Record<string, (typeof tasks)[string]> = {}
+  let removed = 0
+
+  for (const [id, task] of Object.entries(tasks)) {
+    const shouldRemove =
+      filter === 'all' ||
+      (filter === 'schedule' && (task as any).sourceType === 'schedule') ||
+      (!filter && task.status === 'archived')
+    if (shouldRemove) {
+      removed++
+    } else {
+      kept[id] = task
+    }
+  }
+
+  // Delete removed tasks atomically
+  const { deleteTask } = await import('@/lib/server/storage')
+  for (const [id, task] of Object.entries(tasks)) {
+    const shouldRemove =
+      filter === 'all' ||
+      (filter === 'schedule' && (task as any).sourceType === 'schedule') ||
+      (!filter && task.status === 'archived')
+    if (shouldRemove) deleteTask(id)
+  }
+  return NextResponse.json({ removed, remaining: Object.keys(tasks).length - removed })
+}
+
 export async function POST(req: Request) {
   const body = await req.json()
   const id = crypto.randomBytes(4).toString('hex')