@a2hmarket/a2hmarket 2026.3.19

package/src/api-client.ts

@@ -0,0 +1,251 @@
+/**
+ * HTTP API client for the A2HMarket platform.
+ * Implements HMAC-SHA256 signed requests and standard platform response parsing.
+ */
+
+import { createHmac } from "node:crypto";
+import { readCredentials } from "./credentials.js";
+
+export type Credentials = {
+  agent_id: string;
+  agent_key: string;
+  api_url: string;
+  mqtt_url: string;
+  push_enabled?: boolean;
+  expires_at?: string;
+};
+
+// Platform standard response envelope
+type PlatformResponse<T> = {
+  code: string | number;
+  message: string;
+  data?: T;
+};
+
+export class PlatformError extends Error {
+  constructor(
+    public readonly code: string | number,
+    public readonly platformMessage: string,
+  ) {
+    super(`Platform error ${code}: ${platformMessage}`);
+    this.name = "PlatformError";
+  }
+}
+
+/**
+ * Compute HMAC-SHA256 signature.
+ * payload = "{METHOD}&{signPath}&{agentId}&{timestampSec}"
+ */
+function computeSignature(
+  agentKey: string,
+  method: string,
+  signPath: string,
+  agentId: string,
+  timestampSec: string,
+): string {
+  const payload = `${method}&${signPath}&${agentId}&${timestampSec}`;
+  return createHmac("sha256", agentKey).update(payload).digest("hex");
+}
+
+/**
+ * Build signed headers for an API request.
+ */
+function buildSignedHeaders(
+  creds: Credentials,
+  method: string,
+  signPath: string,
+): Record<string, string> {
+  const timestampSec = String(Math.floor(Date.now() / 1000));
+  const signature = computeSignature(
+    creds.agent_key,
+    method,
+    signPath,
+    creds.agent_id,
+    timestampSec,
+  );
+  return {
+    "Content-Type": "application/json",
+    "X-Agent-Id": creds.agent_id,
+    "X-Timestamp": timestampSec,
+    "X-Agent-Signature": signature,
+  };
+}
+
+/**
+ * Parse a platform standard response envelope.
+ * Throws PlatformError if code != 200.
+ */
+function parsePlatformResponse<T>(body: PlatformResponse<T>): T {
+  const code = String(body.code).trim();
+  if (code !== "200") {
+    throw new PlatformError(body.code, body.message ?? "Unknown error");
+  }
+  return body.data as T;
+}
+
+export class ApiClient {
+  private readonly creds: Credentials;
+  private readonly baseUrl: string;
+
+  constructor(creds: Credentials, baseUrl?: string) {
+    this.creds = creds;
+    this.baseUrl = baseUrl ?? creds.api_url;
+  }
+
+  /** GET request with HMAC signature. signPath defaults to apiPath (no query string). */
+  async get<T>(apiPath: string, signPath?: string): Promise<T> {
+    const effectiveSignPath = signPath ?? apiPath.split("?")[0];
+    const headers = buildSignedHeaders(this.creds, "GET", effectiveSignPath);
+    const url = `${this.baseUrl}${apiPath}`;
+    const resp = await fetch(url, { method: "GET", headers });
+    if (!resp.ok) {
+      throw new PlatformError(resp.status, `HTTP ${resp.status} ${resp.statusText}`);
+    }
+    const body = (await resp.json()) as PlatformResponse<T>;
+    return parsePlatformResponse(body);
+  }
+
+  /** POST request with HMAC signature. */
+  async post<T>(apiPath: string, body: unknown, signPath?: string): Promise<T> {
+    const effectiveSignPath = signPath ?? apiPath.split("?")[0];
+    const headers = buildSignedHeaders(this.creds, "POST", effectiveSignPath);
+    const url = `${this.baseUrl}${apiPath}`;
+    const resp = await fetch(url, {
+      method: "POST",
+      headers,
+      body: JSON.stringify(body),
+    });
+    if (!resp.ok) {
+      throw new PlatformError(resp.status, `HTTP ${resp.status} ${resp.statusText}`);
+    }
+    const respBody = (await resp.json()) as PlatformResponse<T>;
+    return parsePlatformResponse(respBody);
+  }
+
+  /** DELETE request with HMAC signature. */
+  async delete<T>(apiPath: string): Promise<T> {
+    const signPath = apiPath.split("?")[0];
+    const headers = buildSignedHeaders(this.creds, "DELETE", signPath);
+    const url = `${this.baseUrl}${apiPath}`;
+    const resp = await fetch(url, { method: "DELETE", headers });
+    if (!resp.ok) {
+      throw new PlatformError(resp.status, `HTTP ${resp.status} ${resp.statusText}`);
+    }
+    const respBody = (await resp.json()) as PlatformResponse<T>;
+    return parsePlatformResponse(respBody);
+  }
+
+  /**
+   * POST to a specific baseURL (for OSS and other cross-host calls).
+   * signPath must be provided explicitly (with service prefix).
+   */
+  async postToHost<T>(
+    baseUrl: string,
+    apiPath: string,
+    body: unknown,
+    signPath: string,
+  ): Promise<T> {
+    const headers = buildSignedHeaders(this.creds, "POST", signPath);
+    const url = `${baseUrl}${apiPath}`;
+    const resp = await fetch(url, {
+      method: "POST",
+      headers,
+      body: JSON.stringify(body),
+    });
+    if (!resp.ok) {
+      throw new PlatformError(resp.status, `HTTP ${resp.status} ${resp.statusText}`);
+    }
+    const respBody = (await resp.json()) as PlatformResponse<T>;
+    return parsePlatformResponse(respBody);
+  }
+
+  /**
+   * PUT binary data to a pre-signed URL (no business signature).
+   */
+  async putBinary(
+    uploadUrl: string,
+    signedHeaders: Record<string, string>,
+    data: Uint8Array,
+  ): Promise<void> {
+    const resp = await fetch(uploadUrl, {
+      method: "PUT",
+      headers: signedHeaders,
+      body: data,
+    });
+    if (!resp.ok) {
+      throw new Error(`OSS upload failed: HTTP ${resp.status} ${resp.statusText}`);
+    }
+  }
+
+  /** Expose credentials for use by specialized functions (e.g. fetchMqttToken). */
+  getCredentials(): Credentials {
+    return this.creds;
+  }
+}
+
+/**
+ * Factory function: creates an ApiClient by reading credentials from disk.
+ * Throws if credentials are missing.
+ */
+export function createApiClient(baseUrl?: string): ApiClient {
+  const creds = readCredentials();
+  if (!creds) {
+    throw new Error(
+      "A2HMarket credentials not found. Run: openclaw a2h setup",
+    );
+  }
+  return new ApiClient(creds, baseUrl);
+}
+
+/**
+ * Fetch MQTT token from the dedicated token endpoint.
+ * Response format: {"success": true, "data": {...}} — NOT the standard platform format.
+ */
+export async function fetchMqttToken(creds: Credentials, clientId?: string): Promise<{
+  client_id: string;
+  instance_id: string;
+  username: string;
+  password: string;
+  expire_time: number;
+}> {
+  const resolvedClientId = clientId ?? `GID_agent@@@${creds.agent_id}`;
+  const path = "/mqtt-token/api/v1/token";
+  const timestampSec = String(Math.floor(Date.now() / 1000));
+  const signature = computeSignature(
+    creds.agent_key,
+    "POST",
+    path,
+    creds.agent_id,
+    timestampSec,
+  );
+  const headers: Record<string, string> = {
+    "Content-Type": "application/json",
+    "X-Agent-Id": creds.agent_id,
+    "X-Timestamp": timestampSec,
+    "X-Agent-Signature": signature,
+  };
+  const url = `${creds.api_url}${path}`;
+  const resp = await fetch(url, {
+    method: "POST",
+    headers,
+    body: JSON.stringify({ client_id: resolvedClientId }),
+  });
+  if (!resp.ok) {
+    throw new Error(`MQTT token fetch failed: HTTP ${resp.status} ${resp.statusText}`);
+  }
+  const body = (await resp.json()) as {
+    success: boolean;
+    data?: {
+      client_id: string;
+      instance_id: string;
+      username: string;
+      password: string;
+      expire_time: number;
+    };
+    message?: string;
+  };
+  if (!body.success || !body.data) {
+    throw new Error(`MQTT token error: ${body.message ?? "unknown"}`);
+  }
+  return body.data;
+}

package/src/commands/cmd-setup.ts

@@ -0,0 +1,167 @@
+/**
+ * Auth Setup Command — `openclaw a2h setup`
+ * Generates an auth code, opens a browser login URL, polls for credentials,
+ * and writes them to ~/.a2hmarket/credentials.json.
+ */
+
+import { createHash } from "node:crypto";
+import { mkdirSync, writeFileSync } from "node:fs";
+import { networkInterfaces } from "node:os";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk/core";
+import type { Credentials } from "../api-client.js";
+import { CREDENTIALS_PATH } from "../credentials.js";
+
+/** Generate N random hex chars (N must be even; length = N bytes → 2N chars). */
+function randomHex(bytes: number): string {
+  const arr = new Uint8Array(bytes);
+  for (let i = 0; i < bytes; i++) {
+    arr[i] = Math.floor(Math.random() * 256);
+  }
+  return Array.from(arr)
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+}
+
+/** Get primary MAC address (first non-loopback interface). */
+function getMacAddress(): string | null {
+  const ifaces = networkInterfaces();
+  for (const name of Object.keys(ifaces)) {
+    const list = ifaces[name];
+    if (!list) continue;
+    for (const iface of list) {
+      if (iface.internal) continue;
+      if (iface.mac && iface.mac !== "00:00:00:00:00:00") {
+        return iface.mac;
+      }
+    }
+  }
+  return null;
+}
+
+/** MD5 hash of a string → hex string. */
+function md5(input: string): string {
+  return createHash("md5").update(input).digest("hex");
+}
+
+/** Write credentials to disk. */
+function writeCredentials(creds: Credentials): void {
+  const dir = join(homedir(), ".a2hmarket");
+  mkdirSync(dir, { recursive: true });
+  writeFileSync(CREDENTIALS_PATH, JSON.stringify(creds, null, 2) + "\n", { mode: 0o600 });
+}
+
+type ServerCredentials = {
+  agentId: string;
+  secret: string;
+};
+
+type AuthCheckResponse = {
+  code: string | number;
+  message: string;
+  data?: ServerCredentials | null;
+};
+
+/** Poll the auth endpoint until credentials appear or timeout. */
+async function pollForAuth(
+  checkUrl: string,
+  logger: { info: (msg: string) => void; warn: (msg: string) => void },
+): Promise<Credentials> {
+  const maxAttempts = 60;
+  const pollIntervalMs = 2000;
+
+  for (let i = 0; i < maxAttempts; i++) {
+    await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
+
+    try {
+      const resp = await fetch(checkUrl, {
+        method: "GET",
+        headers: { Accept: "application/json" },
+      });
+
+      if (!resp.ok) {
+        logger.warn(`a2h setup: poll HTTP ${resp.status}, retrying...`);
+        continue;
+      }
+
+      const body = (await resp.json()) as AuthCheckResponse;
+      if (body.data?.agentId) {
+        return {
+          agent_id: body.data.agentId,
+          agent_key: body.data.secret,
+          api_url: "https://api.a2hmarket.ai",
+          mqtt_url: "mqtts://post-cn-e4k4o78q702.mqtt.aliyuncs.com:8883",
+        };
+      }
+    } catch (err) {
+      logger.warn(`a2h setup: poll error: ${String(err)}, retrying...`);
+    }
+
+    if ((i + 1) % 10 === 0) {
+      logger.info(`a2h setup: still waiting... (${i + 1}/${maxAttempts})`);
+    }
+  }
+
+  throw new Error("Authorization timed out (2 minutes). Please try again.");
+}
+
+export function addSetupCommand(a2h: import("commander").Command, api: OpenClawPluginApi): void {
+  a2h
+    .command("setup")
+    .description("Authorize this machine as an A2HMarket agent (opens browser login URL)")
+    .action(async () => {
+      const logger = api.logger;
+
+          // 1. Generate auth code:
+          //    rawString = {random32hex}_{timestamp}_{mac_without_colons}
+          //    authCode = MD5(rawString)
+          const timestamp = Math.floor(Date.now() / 1000);
+          const mac = getMacAddress() ?? "unknown";
+          const random32hex = randomHex(16); // 16 bytes = 32 hex chars
+          const cleanMac = mac.replace(/:/g, "");
+          const rawString = `${random32hex}_${timestamp}_${cleanMac}`;
+          const authCode = md5(rawString);
+
+          // 2. Try server-side init-login (optional; fail gracefully to local code)
+          let finalCode = authCode;
+          try {
+            const initResp = await fetch("https://web.a2hmarket.ai/v1/auth/init-login", {
+              method: "POST",
+              headers: { "Content-Type": "application/x-www-form-urlencoded" },
+              body: new URLSearchParams({
+                timestamp: String(timestamp),
+                mac: cleanMac,
+                feishu_user_id: "",
+              }).toString(),
+            });
+            if (initResp.ok) {
+              const initBody = (await initResp.json()) as { data?: { code?: string } };
+              if (initBody.data?.code) {
+                finalCode = initBody.data.code;
+              }
+            }
+          } catch {
+            // Silently fall back to locally generated code
+          }
+
+          // 3. Print login URL
+          const loginUrl = `https://a2hmarket.ai/authcode?code=${finalCode}`;
+          logger.info(`\n请在 PC 浏览器中打开以下链接扫码授权：\n${loginUrl}\n`);
+          logger.info("等待授权中（最多 2 分钟）...");
+
+          // 4. Poll for credentials
+          const checkUrl = `https://web.a2hmarket.ai/findu-user/api/v1/public/user/agent/auth?code=${finalCode}`;
+          try {
+            const creds = await pollForAuth(checkUrl, logger);
+
+            // 5. Write credentials to disk
+            writeCredentials(creds);
+            logger.info(`\n授权成功！Agent ID: ${creds.agent_id}`);
+            logger.info("凭证已保存到 ~/.a2hmarket/credentials.json");
+          } catch (err) {
+            logger.warn(`\n授权失败: ${String(err)}`);
+            process.exitCode = 1;
+          }
+      });
+}

package/src/commands/cmd-status.ts

@@ -0,0 +1,56 @@
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk/core";
+import { readCredentials } from "../credentials.js";
+import { getListenerStatus } from "../service/mqtt-listener.js";
+import { peekUnread, getQueueSize } from "../api/inbox.js";
+
+export function addStatusCommand(a2h: import("commander").Command, api: OpenClawPluginApi): void {
+  void api;
+  a2h
+    .command("status")
+    .description("Show A2HMarket agent status — credentials, MQTT connection, inbox queue")
+    .action(() => {
+          console.log("=== A2HMarket Status ===\n");
+
+          // Credentials
+          const creds = readCredentials();
+          if (!creds) {
+            console.log("Credentials: NOT FOUND");
+            console.log("  Run: openclaw a2h setup");
+            console.log("");
+          } else {
+            console.log("Credentials:");
+            console.log(`  Agent ID : ${creds.agent_id}`);
+            console.log(`  API URL  : ${creds.api_url}`);
+            console.log(`  MQTT URL : ${creds.mqtt_url}`);
+            if (creds.expires_at) {
+              const daysLeft = Math.floor(
+                (new Date(creds.expires_at).getTime() - Date.now()) /
+                  (1000 * 60 * 60 * 24),
+              );
+              console.log(`  Expires  : ${creds.expires_at} (${daysLeft} days)`);
+            }
+            console.log("");
+          }
+
+          // MQTT listener status (in-memory, not PID file)
+          const listenerStatus = getListenerStatus();
+          if (listenerStatus.connected) {
+            console.log("MQTT Listener: CONNECTED");
+            console.log(`  Session present : ${listenerStatus.sessionPresent}`);
+          } else {
+            console.log("MQTT Listener: DISCONNECTED");
+            if (listenerStatus.reconnectAttempts > 0) {
+              console.log(`  Reconnect attempts: ${listenerStatus.reconnectAttempts}`);
+            }
+          }
+          console.log("");
+
+          // Inbox queue stats
+          const queueSize = getQueueSize();
+          const { unread } = peekUnread("default");
+          console.log("Inbox queue (in-memory):");
+          console.log(`  Total events : ${queueSize}`);
+          console.log(`  Unread       : ${unread}`);
+          console.log("");
+      });
+}

package/src/credentials.ts

@@ -0,0 +1,36 @@
+import { readFileSync, existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+
+export type A2HCredentials = {
+  agent_id: string;
+  agent_key: string;
+  api_url: string;
+  mqtt_url: string;
+  push_enabled?: boolean;
+  expires_at?: string;
+};
+
+const CREDENTIALS_PATH = join(homedir(), ".a2hmarket", "credentials.json");
+
+/**
+ * Reads ~/.a2hmarket/credentials.json synchronously.
+ * Returns null if the file does not exist or cannot be parsed.
+ */
+export function readCredentials(): A2HCredentials | null {
+  if (!existsSync(CREDENTIALS_PATH)) {
+    return null;
+  }
+  try {
+    const raw = readFileSync(CREDENTIALS_PATH, "utf-8");
+    const parsed = JSON.parse(raw) as A2HCredentials;
+    if (!parsed.agent_id || !parsed.agent_key) {
+      return null;
+    }
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+
+export { CREDENTIALS_PATH };

package/src/hooks/before-agent-start.ts

@@ -0,0 +1,83 @@
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk/core";
+import { readCredentials } from "../credentials.js";
+import { setCachedSessionKey } from "../session-cache.js";
+import { getListenerStatus } from "../service/mqtt-listener.js";
+import { peekUnread } from "../api/inbox.js";
+
+// Static system context — appended to system prompt for prompt caching
+const SYSTEM_CONTEXT = `
+<a2hmarket-role>
+You are an AI agent on the A2HMarket platform (a2hmarket.ai), a marketplace where AI agents conduct trades on behalf of human users.
+
+Your operation guide and references are in the skill/ directory of this extension:
+- skill/SKILL.md — main operation guide (read this first for any marketplace task)
+- skill/references/ — detailed references: tools.md, inbox.md, and playbooks/
+
+Your capabilities on this platform:
+- **Inbox**: Receive, inspect, and respond to messages from other agents (inbox_pull, inbox_get, inbox_ack, inbox_history)
+- **Messaging**: Send A2A messages to other agents (send_message)
+- **Works/Products**: Search, list, publish, update, and delete product listings (works_search, works_list, works_publish, works_update, works_delete)
+- **Orders**: Create, query, list, confirm, reject, and manage orders (order_create, order_get, order_list, order_action)
+- **Profile**: View your agent profile (profile_get)
+
+Operational guidelines:
+- Always acknowledge (inbox_ack) messages after reading them to mark them as processed
+- When another agent sends you a trade request, evaluate it and respond professionally
+- For order actions, use order_action with the appropriate action value
+- Maintain professional agent-to-agent communication standards
+- You represent your user's interests in all marketplace transactions
+- Refer to skill/SKILL.md for detailed business flows, playbooks, and reporting requirements
+</a2hmarket-role>
+`.trim();
+
+export function registerBeforeAgentStartHook(api: OpenClawPluginApi): void {
+  api.on("before_agent_start", (event) => {
+    // Cache session key so the MQTT listener can route notifications correctly
+    if (event.sessionKey) {
+      setCachedSessionKey(event.sessionKey);
+    }
+
+    const creds = readCredentials();
+    const lines: string[] = ["<a2hmarket-status>"];
+
+    if (!creds) {
+      lines.push("Status: NOT CONFIGURED (run: openclaw a2h setup)");
+    } else {
+      lines.push(`Agent ID: ${creds.agent_id}`);
+      lines.push(`Platform: ${creds.api_url}`);
+
+      const listenerStatus = getListenerStatus();
+      lines.push(
+        `Listener: ${listenerStatus.connected ? "CONNECTED" : "DISCONNECTED"}` +
+          (listenerStatus.reconnectAttempts > 0
+            ? ` (reconnect attempts: ${listenerStatus.reconnectAttempts})`
+            : ""),
+      );
+
+      if (listenerStatus.connected) {
+        const { unread } = peekUnread("default");
+        lines.push(
+          unread > 0
+            ? `Pending messages: ${unread} (use inbox_pull to read)`
+            : "Pending messages: 0",
+        );
+      }
+
+      if (creds.expires_at) {
+        const daysLeft = Math.floor(
+          (new Date(creds.expires_at).getTime() - Date.now()) / (1000 * 60 * 60 * 24),
+        );
+        if (daysLeft < 7) {
+          lines.push(`WARNING: Credentials expire in ${daysLeft} days`);
+        }
+      }
+    }
+
+    lines.push("</a2hmarket-status>");
+
+    return {
+      appendSystemContext: SYSTEM_CONTEXT,
+      prependContext: lines.join("\n"),
+    };
+  });
+}