@agentvault/agentvault 0.15.3 → 0.17.0

package/dist/index.js

@@ -45996,6 +45996,37 @@ function buildEvalSpan(opts) {
     status: { code: 0 }
   };
 }
+function buildPolicyViolationSpan(opts) {
+  const now = Date.now();
+  const attributes = {
+    "av.policy.rule_id": opts.ruleId,
+    "av.policy.scope": opts.policyScope,
+    "av.policy.action_taken": opts.actionTaken,
+    "av.policy.violation_type": opts.violationType
+  };
+  if (opts.targetTool)
+    attributes["av.policy.target_tool"] = opts.targetTool;
+  if (opts.targetModel)
+    attributes["av.policy.target_model"] = opts.targetModel;
+  if (opts.messageType)
+    attributes["av.policy.message_type"] = opts.messageType;
+  applySkillName(attributes, opts.skillName);
+  const isBlock = opts.actionTaken === "block";
+  return {
+    traceId: opts.traceId ?? generateTraceId(),
+    spanId: opts.spanId ?? generateSpanId(),
+    parentSpanId: opts.parentSpanId,
+    name: "av.policy.evaluate",
+    kind: "internal",
+    startTime: now,
+    endTime: now,
+    attributes,
+    status: isBlock ? { code: 2, message: `Policy violation: ${opts.violationType}` } : { code: 0 }
+  };
+}
+function buildTraceparent(span) {
+  return `00-${span.traceId}-${span.spanId}-01`;
+}
 var init_telemetry = __esm({
   "../crypto/dist/telemetry.js"() {
     "use strict";
@@ -46018,6 +46049,9 @@ function toOtlpAttributes(attrs) {
   });
 }
 function spanToOtlp(span) {
+  const enrichedAttrs = { ...span.attributes };
+  enrichedAttrs["w3c.traceparent"] = buildTraceparent(span);
+  enrichedAttrs["w3c.tracestate"] = `av=s:${span.spanId}`;
   const otlp = {
     traceId: span.traceId,
     spanId: span.spanId,
@@ -46025,7 +46059,7 @@ function spanToOtlp(span) {
     kind: span.kind,
     startTimeUnixNano: String(span.startTime * 1e6),
     endTimeUnixNano: String(span.endTime * 1e6),
-    attributes: toOtlpAttributes(span.attributes)
+    attributes: toOtlpAttributes(enrichedAttrs)
   };
   if (span.parentSpanId !== void 0) {
     otlp.parentSpanId = span.parentSpanId;
@@ -46202,6 +46236,14 @@ var init_backup = __esm({
   }
 });
 
+// ../crypto/dist/approval.js
+var init_approval = __esm({
+  async "../crypto/dist/approval.js"() {
+    "use strict";
+    await init_did();
+  }
+});
+
 // ../crypto/dist/index.js
 var init_dist = __esm({
   async "../crypto/dist/index.js"() {
@@ -46219,6 +46261,7 @@ var init_dist = __esm({
     init_telemetry();
     init_telemetry_reporter();
     await init_backup();
+    await init_approval();
   }
 });
 
@@ -46496,7 +46539,8 @@ __export(http_handlers_exports, {
   handleActionRequest: () => handleActionRequest,
   handleDecisionRequest: () => handleDecisionRequest,
   handleSendRequest: () => handleSendRequest,
-  handleStatusRequest: () => handleStatusRequest
+  handleStatusRequest: () => handleStatusRequest,
+  handleTargetsRequest: () => handleTargetsRequest
 });
 async function handleSendRequest(parsed, channel) {
   const text = parsed.text;
@@ -46504,32 +46548,55 @@ async function handleSendRequest(parsed, channel) {
     return { status: 400, body: { ok: false, error: "Missing 'text' field" } };
   }
   try {
+    let target;
     let a2aTarget = parsed.hub_address ?? parsed.a2a_address ?? parsed.a2aAddress;
     if (!a2aTarget && parsed.channel_id && typeof parsed.channel_id === "string") {
       const hubAddr = channel.resolveA2AChannelHub(parsed.channel_id);
       if (hubAddr) a2aTarget = hubAddr;
     }
-    const roomId = (typeof parsed.room_id === "string" ? parsed.room_id : void 0) ?? channel.lastInboundRoomId;
     if (a2aTarget && typeof a2aTarget === "string") {
-      await channel.sendToAgent(a2aTarget, text);
-    } else if (roomId) {
-      await channel.sendToRoom(roomId, text, {
-        messageType: parsed.message_type,
-        priority: parsed.priority,
-        metadata: parsed.metadata
-      });
+      target = { kind: "a2a", hubAddress: a2aTarget };
+    } else if (typeof parsed.room_id === "string") {
+      target = { kind: "room", roomId: parsed.room_id };
+    } else if (parsed.target === "context") {
+      target = { kind: "context" };
     } else if (parsed.file_path && typeof parsed.file_path === "string") {
-      await channel.sendWithAttachment(text, parsed.file_path, {
-        topicId: parsed.topicId
-      });
+      const receipt2 = await channel.deliver(
+        { kind: "owner" },
+        { type: "attachment", text, filePath: parsed.file_path },
+        { topicId: parsed.topicId }
+      );
+      return {
+        status: receipt2.ok ? 200 : 500,
+        body: {
+          ok: receipt2.ok,
+          destination: receipt2.destination,
+          ...receipt2.error ? { error: receipt2.error } : {}
+        }
+      };
     } else {
-      await channel.send(text, {
-        topicId: parsed.topicId,
-        messageType: parsed.message_type,
-        metadata: parsed.metadata
-      });
+      target = { kind: "owner" };
     }
-    return { status: 200, body: { ok: true } };
+    const receipt = await channel.deliver(
+      target,
+      { type: "text", text },
+      {
+        topicId: parsed.topicId,
+        priority: parsed.priority,
+        metadata: {
+          ...parsed.metadata,
+          ...parsed.message_type ? { message_type: parsed.message_type } : {}
+        }
+      }
+    );
+    return {
+      status: receipt.ok ? 200 : 500,
+      body: {
+        ok: receipt.ok,
+        destination: receipt.destination,
+        ...receipt.error ? { error: receipt.error } : {}
+      }
+    };
   } catch (err) {
     return { status: 500, body: { ok: false, error: String(err) } };
   }
@@ -46546,12 +46613,19 @@ async function handleActionRequest(parsed, channel) {
       detail: parsed.detail,
       estimated_cost: parsed.estimated_cost
     };
-    if (parsed.room_id && typeof parsed.room_id === "string") {
-      await channel.sendActionConfirmationToRoom(parsed.room_id, confirmation);
-    } else {
-      await channel.sendActionConfirmation(confirmation);
-    }
-    return { status: 200, body: { ok: true } };
+    const target = parsed.room_id && typeof parsed.room_id === "string" ? { kind: "room", roomId: parsed.room_id } : { kind: "owner" };
+    const receipt = await channel.deliver(
+      target,
+      { type: "action_confirmation", confirmation }
+    );
+    return {
+      status: receipt.ok ? 200 : 500,
+      body: {
+        ok: receipt.ok,
+        destination: receipt.destination,
+        ...receipt.error ? { error: receipt.error } : {}
+      }
+    };
   } catch (err) {
     return { status: 500, body: { ok: false, error: String(err) } };
   }
@@ -46595,6 +46669,16 @@ function handleStatusRequest(channel) {
     }
   };
 }
+function handleTargetsRequest(channel) {
+  return {
+    status: 200,
+    body: {
+      ok: true,
+      targets: channel.listTargets(),
+      context: channel.lastInboundRoomId ? { kind: "room", roomId: channel.lastInboundRoomId } : { kind: "owner" }
+    }
+  };
+}
 var init_http_handlers = __esm({
   "src/http-handlers.ts"() {
     "use strict";
@@ -47574,6 +47658,171 @@ var init_channel = __esm({
           metadata
         });
       }
+      // --- Unified Delivery Protocol ---
+      /**
+       * Canonical message dispatcher. ALL outbound messages should flow through this method.
+       * Routes based on explicit target — never silently falls back to a room.
+       */
+      async deliver(target, content, options) {
+        const ts = (/* @__PURE__ */ new Date()).toISOString();
+        if (this._state === "idle" || this._state === "error") {
+          return {
+            ok: false,
+            destination: { kind: "owner" },
+            error: `Channel is in ${this._state} state`,
+            timestamp: ts
+          };
+        }
+        let resolved;
+        if (target.kind === "context") {
+          if (this._lastInboundRoomId) {
+            resolved = { kind: "room", id: this._lastInboundRoomId };
+            console.log(`[deliver] target=context\u2192room:${this._lastInboundRoomId.slice(0, 8)}...`);
+          } else {
+            resolved = { kind: "owner" };
+            console.log(`[deliver] target=context\u2192owner`);
+          }
+        } else if (target.kind === "owner") {
+          resolved = { kind: "owner" };
+        } else if (target.kind === "room") {
+          if (!this._persisted?.rooms?.[target.roomId]) {
+            const err = `Room ${target.roomId} not found`;
+            console.log(`[deliver] target=room:${target.roomId.slice(0, 8)}... content=${content.type} result=FAIL: ${err}`);
+            return { ok: false, destination: { kind: "room", id: target.roomId }, error: err, timestamp: ts };
+          }
+          resolved = { kind: "room", id: target.roomId };
+        } else if (target.kind === "a2a") {
+          const channelEntry = this._persisted?.a2aChannels ? Object.values(this._persisted.a2aChannels).find((ch) => ch.hubAddress === target.hubAddress) : void 0;
+          if (!channelEntry) {
+            const err = `No A2A channel found for hub address: ${target.hubAddress}`;
+            console.log(`[deliver] target=a2a:${target.hubAddress} content=${content.type} result=FAIL: ${err}`);
+            return { ok: false, destination: { kind: "a2a", id: target.hubAddress }, error: err, timestamp: ts };
+          }
+          resolved = { kind: "a2a", id: target.hubAddress };
+        } else {
+          return { ok: false, destination: { kind: "owner" }, error: "Unknown target kind", timestamp: ts };
+        }
+        try {
+          let decisionId;
+          if (content.type === "text") {
+            if (resolved.kind === "room") {
+              await this.sendToRoom(resolved.id, content.text, {
+                messageType: options?.metadata?.message_type,
+                priority: options?.priority,
+                metadata: options?.metadata
+              });
+            } else if (resolved.kind === "a2a") {
+              await this.sendToAgent(resolved.id, content.text, {
+                parentSpanId: options?.parentSpanId
+              });
+            } else {
+              await this.send(content.text, {
+                conversationId: options?.conversationId,
+                topicId: options?.topicId,
+                messageType: options?.metadata?.message_type,
+                priority: options?.priority,
+                metadata: options?.metadata
+              });
+            }
+          } else if (content.type === "decision_request") {
+            if (resolved.kind !== "owner") {
+              const err = "Decision requests can only be sent to owner";
+              console.log(`[deliver] target=${resolved.kind}:${resolved.id} content=decision_request result=FAIL: ${err}`);
+              return { ok: false, destination: resolved, error: err, timestamp: ts };
+            }
+            decisionId = await this.sendDecisionRequest(content.request);
+          } else if (content.type === "status_alert") {
+            if (resolved.kind === "room") {
+              const envelope = {
+                title: content.alert.title,
+                message: content.alert.message,
+                severity: content.alert.severity,
+                timestamp: ts
+              };
+              if (content.alert.detail !== void 0) envelope.detail = content.alert.detail;
+              if (content.alert.detailFormat !== void 0) envelope.detail_format = content.alert.detailFormat;
+              if (content.alert.category !== void 0) envelope.category = content.alert.category;
+              await this.sendToRoom(resolved.id, JSON.stringify(envelope), {
+                messageType: "status_alert",
+                priority: content.alert.severity === "error" || content.alert.severity === "critical" ? "high" : "normal",
+                metadata: { severity: content.alert.severity }
+              });
+            } else if (resolved.kind === "owner") {
+              await this.sendStatusAlert(content.alert);
+            } else {
+              return { ok: false, destination: resolved, error: "Status alerts cannot be sent to A2A targets", timestamp: ts };
+            }
+          } else if (content.type === "action_confirmation") {
+            if (resolved.kind === "room") {
+              await this.sendActionConfirmationToRoom(resolved.id, content.confirmation);
+            } else if (resolved.kind === "owner") {
+              await this.sendActionConfirmation(content.confirmation);
+            } else {
+              return { ok: false, destination: resolved, error: "Action confirmations cannot be sent to A2A targets", timestamp: ts };
+            }
+          } else if (content.type === "artifact") {
+            if (resolved.kind !== "owner") {
+              return { ok: false, destination: resolved, error: "Artifacts can only be sent to owner", timestamp: ts };
+            }
+            await this.sendArtifact(content.artifact);
+          } else if (content.type === "attachment") {
+            if (resolved.kind !== "owner") {
+              return { ok: false, destination: resolved, error: "Attachments can only be sent to owner", timestamp: ts };
+            }
+            await this.sendWithAttachment(content.text, content.filePath, {
+              topicId: options?.topicId
+            });
+          }
+          const targetLabel = resolved.kind === "owner" ? "owner" : `${resolved.kind}:${resolved.id?.slice(0, 8)}...`;
+          console.log(`[deliver] target=${targetLabel} content=${content.type} result=ok`);
+          return {
+            ok: true,
+            destination: resolved,
+            queued: this._state !== "ready",
+            decisionId,
+            timestamp: ts
+          };
+        } catch (err) {
+          const targetLabel = resolved.kind === "owner" ? "owner" : `${resolved.kind}:${resolved.id?.slice(0, 8)}...`;
+          const errMsg = err instanceof Error ? err.message : String(err);
+          console.log(`[deliver] target=${targetLabel} content=${content.type} result=FAIL: ${errMsg}`);
+          return { ok: false, destination: resolved, error: errMsg, timestamp: ts };
+        }
+      }
+      /**
+       * Returns all available delivery destinations with availability status.
+       */
+      listTargets() {
+        const targets = [
+          {
+            kind: "owner",
+            id: "owner",
+            label: "Owner (direct)",
+            available: this._state === "ready" && this._sessions.size > 0
+          }
+        ];
+        if (this._persisted?.rooms) {
+          for (const room of Object.values(this._persisted.rooms)) {
+            targets.push({
+              kind: "room",
+              id: room.roomId,
+              label: room.name || `Room ${room.roomId.slice(0, 8)}`,
+              available: this._state === "ready" && room.conversationIds.length > 0
+            });
+          }
+        }
+        if (this._persisted?.a2aChannels) {
+          for (const ch of Object.values(this._persisted.a2aChannels)) {
+            targets.push({
+              kind: "a2a",
+              id: ch.hubAddress,
+              label: `A2A: ${ch.hubAddress}`,
+              available: this._state === "ready" && !!ch.session?.ratchetState
+            });
+          }
+        }
+        return targets;
+      }
       _sendHeartbeat() {
         if (this._state !== "ready" || !this._heartbeatCallback) return;
         const status = this._heartbeatCallback();
@@ -47692,9 +47941,13 @@ var init_channel = __esm({
             const result = handlers.handleStatusRequest(this);
             res.writeHead(result.status, { "Content-Type": "application/json" });
             res.end(JSON.stringify(result.body));
+          } else if (req.method === "GET" && req.url === "/targets") {
+            const result = handlers.handleTargetsRequest(this);
+            res.writeHead(result.status, { "Content-Type": "application/json" });
+            res.end(JSON.stringify(result.body));
           } else {
             res.writeHead(404, { "Content-Type": "application/json" });
-            res.end(JSON.stringify({ ok: false, error: "Not found. Use POST /send, POST /decision, POST /action, or GET /status" }));
+            res.end(JSON.stringify({ ok: false, error: "Not found. Use POST /send, POST /decision, POST /action, GET /status, or GET /targets" }));
           }
         });
         this._httpServer.listen(port, "127.0.0.1", () => {
@@ -48303,10 +48556,11 @@ var init_channel = __esm({
             }
             if (data.event === "hub_identity_sync") {
               if (this._persisted && data.data?.hub_id) {
-                const changed = this._persisted.hubId !== data.data.hub_id;
+                const changed = this._persisted.hubId !== data.data.hub_id || this._persisted.agentRole !== (data.data.agent_role ?? "peer");
                 this._persisted.hubAddress = data.data.hub_address;
                 this._persisted.hubId = data.data.hub_id;
                 this._persisted.agentHubId = data.data.hub_id;
+                this._persisted.agentRole = data.data.agent_role ?? "peer";
                 if (changed) this._persistState();
                 if (!this._telemetryReporter && this._persisted.deviceJwt && this._persisted.hubId) {
                   this._telemetryReporter = new TelemetryReporter({
@@ -48328,6 +48582,14 @@ var init_channel = __esm({
               }
               this.emit("hub_identity_assigned", data.data);
             }
+            if (data.event === "hub_identity_role_changed") {
+              if (this._persisted && data.data?.agent_role) {
+                this._persisted.agentRole = data.data.agent_role;
+                this._persistState();
+                console.log(`[SecureChannel] Agent role changed to: ${data.data.agent_role}`);
+              }
+              this.emit("hub_identity_role_changed", data.data);
+            }
             if (data.event === "hub_identity_removed") {
               if (this._persisted) {
                 delete this._persisted.hubAddress;
@@ -48994,6 +49256,9 @@ ${messageText}`;
       _resolveWorkspaceDir() {
         const homedir = process.env.HOME ?? process.env.USERPROFILE ?? "/tmp";
         const agentName = this.config.agentName;
+        if (this._persisted?.agentRole === "lead") {
+          return join3(homedir, ".openclaw", "workspace");
+        }
         try {
           const configPath = join3(homedir, ".openclaw", "openclaw.json");
           const raw = __require("node:fs").readFileSync(configPath, "utf-8");
@@ -50015,6 +50280,39 @@ ${messageText}`;
   }
 });
 
+// src/types.ts
+function parseTarget(raw) {
+  let target = raw;
+  if (target.startsWith("agentvault:")) {
+    target = target.slice("agentvault:".length);
+  }
+  if (target.startsWith("agent:")) {
+    target = "a2a:" + target.slice("agent:".length);
+  }
+  if (target === "owner" || target === "default") {
+    return { kind: "owner" };
+  }
+  if (target === "context") {
+    return { kind: "context" };
+  }
+  if (target.startsWith("room:")) {
+    const roomId = target.slice("room:".length);
+    if (!roomId) throw new Error(`Invalid room target: "${raw}" \u2014 missing room ID`);
+    return { kind: "room", roomId };
+  }
+  if (target.startsWith("a2a:")) {
+    const hubAddress = target.slice("a2a:".length);
+    if (!hubAddress) throw new Error(`Invalid A2A target: "${raw}" \u2014 missing hub address`);
+    return { kind: "a2a", hubAddress };
+  }
+  throw new Error(`Unrecognized delivery target: "${raw}". Use "owner", "room:<id>", "a2a:<addr>", or "context".`);
+}
+var init_types = __esm({
+  "src/types.ts"() {
+    "use strict";
+  }
+});
+
 // src/account-config.ts
 function listAccountIds(cfg) {
   const av = cfg?.channels?.agentvault;
@@ -50408,6 +50706,88 @@ async function sendDecisionToOwner(request, options) {
     return { ok: false, error: friendlyError(err) };
   }
 }
+async function sendToRoom(roomId, text, options) {
+  if (typeof text !== "string" || text.trim().length === 0) {
+    return { ok: false, error: "Message text must be a non-empty string" };
+  }
+  if (!roomId) {
+    return { ok: false, error: "Room ID is required" };
+  }
+  requestHeartbeatNow({ reason: "proactive-room-send" }).catch(() => {
+  });
+  try {
+    const base = resolveBaseUrl(options);
+    const sendPath = process.env.OPENCLAW_GATEWAY_URL ? "/agentvault/send" : "/send";
+    const res = await fetch(`${base}${sendPath}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ text, room_id: roomId }),
+      signal: options?.signal
+    });
+    if (!res.ok) {
+      const body = await res.text().catch(() => "");
+      return { ok: false, error: `HTTP ${res.status}${body ? `: ${body}` : ""}` };
+    }
+    const data = await res.json();
+    return { ok: data.ok ?? true };
+  } catch (err) {
+    return { ok: false, error: friendlyError(err) };
+  }
+}
+async function sendToTarget(target, text, options) {
+  if (typeof text !== "string" || text.trim().length === 0) {
+    return { ok: false, error: "Message text must be a non-empty string" };
+  }
+  requestHeartbeatNow({ reason: "proactive-target-send" }).catch(() => {
+  });
+  try {
+    const base = resolveBaseUrl(options);
+    const sendPath = process.env.OPENCLAW_GATEWAY_URL ? "/agentvault/send" : "/send";
+    const body = { text };
+    if (target.startsWith("room:")) {
+      body.room_id = target.slice(5);
+    } else if (target.startsWith("a2a:")) {
+      body.hub_address = target.slice(4);
+    } else if (target === "context") {
+      body.target = "context";
+    }
+    const res = await fetch(`${base}${sendPath}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(body),
+      signal: options?.signal
+    });
+    if (!res.ok) {
+      const respBody = await res.text().catch(() => "");
+      return { ok: false, error: `HTTP ${res.status}${respBody ? `: ${respBody}` : ""}` };
+    }
+    const data = await res.json();
+    return {
+      ok: data.ok ?? true,
+      destination: data.destination
+    };
+  } catch (err) {
+    return { ok: false, error: friendlyError(err) };
+  }
+}
+async function listTargets(options) {
+  try {
+    const base = resolveBaseUrl(options);
+    const targetsPath = process.env.OPENCLAW_GATEWAY_URL ? "/agentvault/targets" : "/targets";
+    const res = await fetch(`${base}${targetsPath}`, { signal: options?.signal });
+    if (!res.ok) {
+      return { ok: false, error: `HTTP ${res.status}` };
+    }
+    const data = await res.json();
+    return {
+      ok: true,
+      targets: data.targets,
+      context: data.context
+    };
+  } catch (err) {
+    return { ok: false, error: friendlyError(err) };
+  }
+}
 async function checkGateway(options) {
   try {
     const base = resolveBaseUrl(options);
@@ -50453,6 +50833,7 @@ var init_openclaw_entry = __esm({
     init_fetch_interceptor();
     init_http_handlers();
     init_openclaw_compat();
+    init_types();
     isUsingManagedRoutes = false;
   }
 });
@@ -51135,7 +51516,7 @@ function createZodEnum(values, params) {
   });
 }
 var ParseInputLazyPath, handleResult, ZodType, cuidRegex, cuid2Regex, ulidRegex, uuidRegex, nanoidRegex, jwtRegex, durationRegex, emailRegex, _emojiRegex, emojiRegex, ipv4Regex, ipv4CidrRegex, ipv6Regex, ipv6CidrRegex, base64Regex, base64urlRegex, dateRegexSource, dateRegex, ZodString, ZodNumber, ZodBigInt, ZodBoolean, ZodDate, ZodSymbol, ZodUndefined, ZodNull, ZodAny, ZodUnknown, ZodNever, ZodVoid, ZodArray, ZodObject, ZodUnion, getDiscriminator, ZodDiscriminatedUnion, ZodIntersection, ZodTuple, ZodRecord, ZodMap, ZodSet, ZodFunction, ZodLazy, ZodLiteral, ZodEnum, ZodNativeEnum, ZodPromise, ZodEffects, ZodOptional, ZodNullable, ZodDefault, ZodCatch, ZodNaN, ZodBranded, ZodPipeline, ZodReadonly, late, ZodFirstPartyTypeKind, stringType, numberType, nanType, bigIntType, booleanType, dateType, symbolType, undefinedType, nullType, anyType, unknownType, neverType, voidType, arrayType, objectType, strictObjectType, unionType, discriminatedUnionType, intersectionType, tupleType, recordType, mapType, setType, functionType, lazyType, literalType, enumType, nativeEnumType, promiseType, effectsType, optionalType, nullableType, preprocessType, pipelineType;
-var init_types = __esm({
+var init_types2 = __esm({
   "../../node_modules/zod/v3/types.js"() {
     init_ZodError();
     init_errors();
@@ -54387,7 +54768,7 @@ var init_external = __esm({
     init_parseUtil();
     init_typeAliases();
     init_util();
-    init_types();
+    init_types2();
     init_ZodError();
   }
 });
@@ -62159,7 +62540,7 @@ function assertCompleteRequestResourceTemplate(request) {
   void request;
 }
 var LATEST_PROTOCOL_VERSION, DEFAULT_NEGOTIATED_PROTOCOL_VERSION, SUPPORTED_PROTOCOL_VERSIONS, RELATED_TASK_META_KEY, JSONRPC_VERSION, AssertObjectSchema, ProgressTokenSchema, CursorSchema, TaskCreationParamsSchema, TaskMetadataSchema, RelatedTaskMetadataSchema, RequestMetaSchema, BaseRequestParamsSchema, TaskAugmentedRequestParamsSchema, isTaskAugmentedRequestParams, RequestSchema, NotificationsParamsSchema, NotificationSchema, ResultSchema, RequestIdSchema, JSONRPCRequestSchema, isJSONRPCRequest, JSONRPCNotificationSchema, isJSONRPCNotification, JSONRPCResultResponseSchema, isJSONRPCResultResponse, ErrorCode, JSONRPCErrorResponseSchema, isJSONRPCErrorResponse, JSONRPCMessageSchema, JSONRPCResponseSchema, EmptyResultSchema, CancelledNotificationParamsSchema, CancelledNotificationSchema, IconSchema, IconsSchema, BaseMetadataSchema, ImplementationSchema, FormElicitationCapabilitySchema, ElicitationCapabilitySchema, ClientTasksCapabilitySchema, ServerTasksCapabilitySchema, ClientCapabilitiesSchema, InitializeRequestParamsSchema, InitializeRequestSchema, isInitializeRequest, ServerCapabilitiesSchema, InitializeResultSchema, InitializedNotificationSchema, PingRequestSchema, ProgressSchema, ProgressNotificationParamsSchema, ProgressNotificationSchema, PaginatedRequestParamsSchema, PaginatedRequestSchema, PaginatedResultSchema, TaskStatusSchema, TaskSchema, CreateTaskResultSchema, TaskStatusNotificationParamsSchema, TaskStatusNotificationSchema, GetTaskRequestSchema, GetTaskResultSchema, GetTaskPayloadRequestSchema, GetTaskPayloadResultSchema, ListTasksRequestSchema, ListTasksResultSchema, CancelTaskRequestSchema, CancelTaskResultSchema, ResourceContentsSchema, TextResourceContentsSchema, Base64Schema, BlobResourceContentsSchema, RoleSchema, AnnotationsSchema, ResourceSchema, ResourceTemplateSchema, ListResourcesRequestSchema, ListResourcesResultSchema, ListResourceTemplatesRequestSchema, ListResourceTemplatesResultSchema, ResourceRequestParamsSchema, ReadResourceRequestParamsSchema, ReadResourceRequestSchema, ReadResourceResultSchema, ResourceListChangedNotificationSchema, SubscribeRequestParamsSchema, SubscribeRequestSchema, UnsubscribeRequestParamsSchema, UnsubscribeRequestSchema, ResourceUpdatedNotificationParamsSchema, ResourceUpdatedNotificationSchema, PromptArgumentSchema, PromptSchema, ListPromptsRequestSchema, ListPromptsResultSchema, GetPromptRequestParamsSchema, GetPromptRequestSchema, TextContentSchema, ImageContentSchema, AudioContentSchema, ToolUseContentSchema, EmbeddedResourceSchema, ResourceLinkSchema, ContentBlockSchema, PromptMessageSchema, GetPromptResultSchema, PromptListChangedNotificationSchema, ToolAnnotationsSchema, ToolExecutionSchema, ToolSchema, ListToolsRequestSchema, ListToolsResultSchema, CallToolResultSchema, CompatibilityCallToolResultSchema, CallToolRequestParamsSchema, CallToolRequestSchema, ToolListChangedNotificationSchema, ListChangedOptionsBaseSchema, LoggingLevelSchema, SetLevelRequestParamsSchema, SetLevelRequestSchema, LoggingMessageNotificationParamsSchema, LoggingMessageNotificationSchema, ModelHintSchema, ModelPreferencesSchema, ToolChoiceSchema, ToolResultContentSchema, SamplingContentSchema, SamplingMessageContentBlockSchema, SamplingMessageSchema, CreateMessageRequestParamsSchema, CreateMessageRequestSchema, CreateMessageResultSchema, CreateMessageResultWithToolsSchema, BooleanSchemaSchema, StringSchemaSchema, NumberSchemaSchema, UntitledSingleSelectEnumSchemaSchema, TitledSingleSelectEnumSchemaSchema, LegacyTitledEnumSchemaSchema, SingleSelectEnumSchemaSchema, UntitledMultiSelectEnumSchemaSchema, TitledMultiSelectEnumSchemaSchema, MultiSelectEnumSchemaSchema, EnumSchemaSchema, PrimitiveSchemaDefinitionSchema, ElicitRequestFormParamsSchema, ElicitRequestURLParamsSchema, ElicitRequestParamsSchema, ElicitRequestSchema, ElicitationCompleteNotificationParamsSchema, ElicitationCompleteNotificationSchema, ElicitResultSchema, ResourceTemplateReferenceSchema, PromptReferenceSchema, CompleteRequestParamsSchema, CompleteRequestSchema, CompleteResultSchema, RootSchema, ListRootsRequestSchema, ListRootsResultSchema, RootsListChangedNotificationSchema, ClientRequestSchema, ClientNotificationSchema, ClientResultSchema, ServerRequestSchema, ServerNotificationSchema, ServerResultSchema, McpError, UrlElicitationRequiredError;
-var init_types2 = __esm({
+var init_types3 = __esm({
   "../../node_modules/@modelcontextprotocol/sdk/dist/esm/types.js"() {
     init_v4();
     LATEST_PROTOCOL_VERSION = "2025-11-25";
@@ -65325,7 +65706,7 @@ var DEFAULT_REQUEST_TIMEOUT_MSEC, Protocol;
 var init_protocol = __esm({
   "../../node_modules/@modelcontextprotocol/sdk/dist/esm/shared/protocol.js"() {
     init_zod_compat();
-    init_types2();
+    init_types3();
     init_interfaces();
     init_zod_json_schema_compat();
     DEFAULT_REQUEST_TIMEOUT_MSEC = 6e4;
@@ -73221,7 +73602,7 @@ var Server;
 var init_server2 = __esm({
   "../../node_modules/@modelcontextprotocol/sdk/dist/esm/server/index.js"() {
     init_protocol();
-    init_types2();
+    init_types3();
     init_ajv_provider();
     init_zod_compat();
     init_server();
@@ -73791,7 +74172,7 @@ var init_mcp = __esm({
     init_server2();
     init_zod_compat();
     init_zod_json_schema_compat();
-    init_types2();
+    init_types3();
     init_completable();
     init_uriTemplate();
     init_toolNameValidation();
@@ -75063,7 +75444,7 @@ var init_dist2 = __esm({
 var WebStandardStreamableHTTPServerTransport;
 var init_webStandardStreamableHttp = __esm({
   "../../node_modules/@modelcontextprotocol/sdk/dist/esm/server/webStandardStreamableHttp.js"() {
-    init_types2();
+    init_types3();
     WebStandardStreamableHTTPServerTransport = class {
       constructor(options = {}) {
         this._started = false;
@@ -75806,7 +76187,13 @@ var init_mcp_server2 = __esm({
               tags: s2.tags,
               sla: s2.slaDefinition,
               hasSchema: !!s2.inputSchema,
-              hasInstructions: !!s2.instructions
+              hasInstructions: !!s2.instructions,
+              certificationTier: s2.certificationTier,
+              modelRouting: s2.modelRouting,
+              allowedModels: s2.allowedModels,
+              hasToolPolicy: !!(s2.toolsAllowed || s2.toolsDenied),
+              hasOutputSchema: !!s2.outputSchema,
+              requiredPolicies: s2.requiredPolicies
             }));
             return {
               contents: [{
@@ -76002,7 +76389,7 @@ function parseSkillMd(content) {
   if (!frontmatter.name) return null;
   const instructionLines = lines.slice(endIdx + 1);
   const instructions = instructionLines.join("\n").trim();
-  return {
+  const skill = {
     name: frontmatter.name,
     version: frontmatter.version,
     description: frontmatter.description,
@@ -76011,82 +76398,76 @@ function parseSkillMd(content) {
     slaDefinition: frontmatter.sla,
     instructions: instructions || void 0
   };
+  if (frontmatter.agentVault) {
+    const av = frontmatter.agentVault;
+    if (av.certification) skill.certificationTier = av.certification;
+    if (av.runtime?.capabilities) skill.toolsAllowed = av.runtime.capabilities;
+    if (av.runtime?.forbidden) skill.toolsDenied = av.runtime.forbidden;
+    if (av.runtime?.output_schema) skill.outputSchema = av.runtime.output_schema;
+    if (av.model?.routing) skill.modelRouting = av.model.routing;
+    if (av.model?.allowed) skill.allowedModels = av.model.allowed;
+    if (av.model?.default) skill.defaultModel = av.model.default;
+    if (av.integrity) skill.integrity = av.integrity;
+    if (av.requiredPolicies) skill.requiredPolicies = av.requiredPolicies;
+  }
+  return skill;
 }
 function parseSimpleYaml(yaml) {
   const result = {};
   const lines = yaml.split("\n");
-  let currentKey = "";
-  let currentIndent = 0;
-  let nestedObj = null;
+  const stack = [];
+  let currentObj = result;
+  function parseValue(raw) {
+    const value = raw.replace(/^["']|["']$/g, "");
+    const num = Number(value);
+    if (!isNaN(num) && value !== "") return num;
+    if (value === "true") return true;
+    if (value === "false") return false;
+    return value;
+  }
   for (const line of lines) {
     const trimmed = line.trim();
     if (!trimmed || trimmed.startsWith("#")) continue;
     const indent = line.length - line.trimStart().length;
-    const inlineArrayMatch = trimmed.match(/^(\w[\w-]*)\s*:\s*\[(.+)\]$/);
+    while (stack.length > 0 && indent <= stack[stack.length - 1].indent) {
+      const popped = stack.pop();
+      currentObj = stack.length > 0 ? stack[stack.length - 1].obj : result;
+      currentObj[popped.key] = popped.obj;
+    }
+    const inlineArrayMatch = trimmed.match(/^(\w[\w_-]*)\s*:\s*\[(.+)\]$/);
     if (inlineArrayMatch) {
       const key = inlineArrayMatch[1];
       const values = inlineArrayMatch[2].split(",").map((v2) => v2.trim().replace(/^["']|["']$/g, ""));
-      if (nestedObj && indent > currentIndent) {
-        nestedObj[key] = values;
+      if (stack.length > 0) {
+        stack[stack.length - 1].obj[key] = values;
       } else {
-        if (nestedObj && currentKey) {
-          result[currentKey] = nestedObj;
-          nestedObj = null;
-        }
-        result[key] = values;
+        currentObj[key] = values;
       }
       continue;
     }
-    const kvMatch = trimmed.match(/^(\w[\w-]*)\s*:\s*(.+)$/);
-    if (kvMatch && indent === 0) {
-      if (nestedObj && currentKey) {
-        result[currentKey] = nestedObj;
-        nestedObj = null;
-      }
+    const kvMatch = trimmed.match(/^(\w[\w_-]*)\s*:\s*(.+)$/);
+    if (kvMatch) {
       const key = kvMatch[1];
-      const value = kvMatch[2].replace(/^["']|["']$/g, "");
-      const num = Number(value);
-      if (!isNaN(num) && value !== "") {
-        result[key] = num;
-      } else if (value === "true") {
-        result[key] = true;
-      } else if (value === "false") {
-        result[key] = false;
+      const val = parseValue(kvMatch[2]);
+      if (stack.length > 0) {
+        stack[stack.length - 1].obj[key] = val;
       } else {
-        result[key] = value;
+        currentObj[key] = val;
       }
       continue;
     }
-    const nestedMatch = trimmed.match(/^(\w[\w-]*)\s*:$/);
-    if (nestedMatch && indent === 0) {
-      if (nestedObj && currentKey) {
-        result[currentKey] = nestedObj;
-      }
-      currentKey = nestedMatch[1];
-      currentIndent = indent;
-      nestedObj = {};
+    const nestedMatch = trimmed.match(/^(\w[\w_-]*)\s*:$/);
+    if (nestedMatch) {
+      const key = nestedMatch[1];
+      const newObj = {};
+      stack.push({ key, obj: newObj, indent });
       continue;
     }
-    if (nestedObj && indent > 0) {
-      const nestedKv = trimmed.match(/^(\w[\w-]*)\s*:\s*(.+)$/);
-      if (nestedKv) {
-        const key = nestedKv[1];
-        const value = nestedKv[2].replace(/^["']|["']$/g, "");
-        const num = Number(value);
-        if (!isNaN(num) && value !== "") {
-          nestedObj[key] = num;
-        } else if (value === "true") {
-          nestedObj[key] = true;
-        } else if (value === "false") {
-          nestedObj[key] = false;
-        } else {
-          nestedObj[key] = value;
-        }
-      }
-    }
   }
-  if (nestedObj && currentKey) {
-    result[currentKey] = nestedObj;
+  while (stack.length > 0) {
+    const popped = stack.pop();
+    const parent = stack.length > 0 ? stack[stack.length - 1].obj : result;
+    parent[popped.key] = popped.obj;
   }
   return result;
 }
@@ -76358,11 +76739,157 @@ var init_skill_telemetry = __esm({
   }
 });
 
+// src/policy-enforcer.ts
+var PolicyEnforcer;
+var init_policy_enforcer = __esm({
+  async "src/policy-enforcer.ts"() {
+    "use strict";
+    await init_dist();
+    PolicyEnforcer = class {
+      skills = /* @__PURE__ */ new Map();
+      metrics = {
+        totalEvaluations: 0,
+        totalBlocks: 0,
+        totalWarnings: 0,
+        bySkill: {},
+        byRule: {}
+      };
+      spanBuffer = [];
+      /**
+       * Register a skill definition for policy evaluation.
+       */
+      registerSkill(skill) {
+        this.skills.set(skill.name, skill);
+      }
+      /**
+       * Full 5-stage policy pipeline evaluation.
+       */
+      evaluate(ctx) {
+        this.metrics.totalEvaluations++;
+        const skillMetrics = this.metrics.bySkill[ctx.skillName] ??= { evaluations: 0, blocks: 0 };
+        skillMetrics.evaluations++;
+        const violations = [];
+        const skill = this.skills.get(ctx.skillName);
+        if (skill) {
+          if (ctx.toolName && skill.toolsDenied?.length) {
+            if (skill.toolsDenied.includes(ctx.toolName)) {
+              violations.push({
+                ruleId: `deny:${ctx.skillName}:${ctx.toolName}`,
+                scope: "tool",
+                action: "block",
+                type: "forbidden_tool",
+                message: `Tool "${ctx.toolName}" is forbidden for skill "${ctx.skillName}"`
+              });
+            }
+          }
+          if (ctx.toolName && skill.toolsAllowed?.length) {
+            if (!skill.toolsAllowed.includes(ctx.toolName)) {
+              violations.push({
+                ruleId: `allow:${ctx.skillName}:${ctx.toolName}`,
+                scope: "tool",
+                action: "block",
+                type: "tool_not_allowed",
+                message: `Tool "${ctx.toolName}" is not in the allowed list for skill "${ctx.skillName}"`
+              });
+            }
+          }
+          if (ctx.model && skill.allowedModels?.length) {
+            if (!skill.allowedModels.includes(ctx.model)) {
+              violations.push({
+                ruleId: `model:${ctx.skillName}:${ctx.model}`,
+                scope: "model",
+                action: "block",
+                type: "model_not_allowed",
+                message: `Model "${ctx.model}" is not allowed for skill "${ctx.skillName}". Allowed: ${skill.allowedModels.join(", ")}`
+              });
+            }
+          }
+        }
+        const blocked = violations.some((v2) => v2.action === "block");
+        for (const v2 of violations) {
+          this.metrics.byRule[v2.ruleId] = (this.metrics.byRule[v2.ruleId] ?? 0) + 1;
+          if (v2.action === "block") this.metrics.totalBlocks++;
+          if (v2.action === "warn") this.metrics.totalWarnings++;
+          this.spanBuffer.push(
+            buildPolicyViolationSpan({
+              ruleId: v2.ruleId,
+              policyScope: v2.scope,
+              actionTaken: v2.action,
+              violationType: v2.type,
+              targetTool: ctx.toolName,
+              targetModel: ctx.model,
+              skillName: ctx.skillName
+            })
+          );
+        }
+        if (blocked) {
+          skillMetrics.blocks++;
+        }
+        return {
+          allowed: !blocked,
+          violations,
+          stage: "report"
+        };
+      }
+      /**
+       * Wrap an MCP tool handler with policy enforcement.
+       * Returns a function that checks policy before calling the original handler.
+       */
+      wrapHandler(skillName, handler) {
+        return async (args) => {
+          const result = this.evaluate({
+            skillName,
+            args
+          });
+          if (!result.allowed) {
+            return {
+              blocked: true,
+              violations: result.violations.map((v2) => ({
+                rule: v2.ruleId,
+                reason: v2.message,
+                scope: v2.scope
+              }))
+            };
+          }
+          return handler(args);
+        };
+      }
+      /**
+       * Get accumulated policy metrics.
+       */
+      getMetrics() {
+        return { ...this.metrics };
+      }
+      /**
+       * Drain buffered telemetry spans.
+       */
+      drainSpans() {
+        const spans = this.spanBuffer;
+        this.spanBuffer = [];
+        return spans;
+      }
+      /**
+       * Reset all metrics (for testing).
+       */
+      resetMetrics() {
+        this.metrics = {
+          totalEvaluations: 0,
+          totalBlocks: 0,
+          totalWarnings: 0,
+          bySkill: {},
+          byRule: {}
+        };
+      }
+    };
+  }
+});
+
 // src/index.ts
 var VERSION;
 var init_index = __esm({
   async "src/index.ts"() {
     await init_channel();
+    init_types();
     init_account_config();
     await init_openclaw_plugin();
     init_gateway_send();
@@ -76374,12 +76901,14 @@ var init_index = __esm({
     init_skill_manifest();
     init_skill_invoker();
     await init_skill_telemetry();
+    await init_policy_enforcer();
     VERSION = "0.14.1";
   }
 });
 await init_index();
 export {
   AgentVaultMcpServer,
+  PolicyEnforcer,
   SecureChannel,
   VERSION,
   agentVaultPlugin,
@@ -76392,20 +76921,25 @@ export {
   handleDecisionRequest,
   handleSendRequest,
   handleStatusRequest,
+  handleTargetsRequest,
   invokeSkill,
   isUsingManagedRoutes,
   listAccountIds,
+  listTargets,
   loadSkillsFromApi,
   loadSkillsFromDirectory,
   mergeSkills,
   onAgentEvent,
   onSessionTranscriptUpdate,
   parseSkillMd,
+  parseTarget,
   reportSkillInvocation,
   requestHeartbeatNow,
   resolveAccount,
   sendDecisionToOwner,
   sendToOwner,
+  sendToRoom,
+  sendToTarget,
   setOcRuntime,
   wrapSkillExecution
 };