@agentvault/agentvault 0.17.5 → 0.19.0

package/dist/index.js

@@ -46265,6 +46265,123 @@ var init_dist = __esm({
   }
 });
 
+// src/credential-store.ts
+var CredentialStore;
+var init_credential_store = __esm({
+  "src/credential-store.ts"() {
+    "use strict";
+    CredentialStore = class _CredentialStore {
+      /** Map<roomId, Map<credentialKey, RenterCredential>> */
+      _store = /* @__PURE__ */ new Map();
+      /** Seen nonces for replay prevention — bounded per room */
+      _seenNonces = /* @__PURE__ */ new Map();
+      static MAX_NONCES_PER_ROOM = 1e3;
+      constructor() {
+        const purge = () => this.purgeAll();
+        process.on("exit", purge);
+        process.on("SIGINT", () => {
+          purge();
+          process.exit(0);
+        });
+        process.on("SIGTERM", () => {
+          purge();
+          process.exit(0);
+        });
+      }
+      /**
+       * Check if a nonce has been seen (replay prevention).
+       * Returns true if the nonce is new (not a replay), false if seen before.
+       */
+      checkNonce(roomId, nonce) {
+        if (!nonce) return true;
+        let nonces = this._seenNonces.get(roomId);
+        if (!nonces) {
+          nonces = /* @__PURE__ */ new Set();
+          this._seenNonces.set(roomId, nonces);
+        }
+        if (nonces.has(nonce)) return false;
+        nonces.add(nonce);
+        if (nonces.size > _CredentialStore.MAX_NONCES_PER_ROOM) {
+          const iter = nonces.values();
+          for (let i2 = 0; i2 < 100; i2++) {
+            const val = iter.next().value;
+            if (val !== void 0) nonces.delete(val);
+          }
+        }
+        return true;
+      }
+      /** Store a credential for a room. */
+      grant(roomId, credential) {
+        let room = this._store.get(roomId);
+        if (!room) {
+          room = /* @__PURE__ */ new Map();
+          this._store.set(roomId, room);
+        }
+        room.set(credential.key, credential);
+      }
+      /** Revoke a specific credential. */
+      revoke(roomId, key) {
+        const room = this._store.get(roomId);
+        if (!room) return false;
+        return room.delete(key);
+      }
+      /** Revoke all credentials for a room. */
+      revokeAll(roomId) {
+        this._store.delete(roomId);
+      }
+      /** Get a credential value. */
+      get(roomId, key) {
+        return this._store.get(roomId)?.get(key);
+      }
+      /** Get all credentials for a room (values included — only for agent context injection). */
+      getAll(roomId) {
+        const room = this._store.get(roomId);
+        if (!room) return [];
+        return Array.from(room.values());
+      }
+      /** Get credential info without values (safe for logging). */
+      getInfo(roomId) {
+        const room = this._store.get(roomId);
+        if (!room) return [];
+        return Array.from(room.values()).map((c2) => ({
+          key: c2.key,
+          type: c2.type,
+          scope: c2.scope,
+          grantedAt: c2.grantedAt
+        }));
+      }
+      /** Check if a specific credential exists. */
+      has(roomId, key) {
+        return this._store.get(roomId)?.has(key) ?? false;
+      }
+      /** Get credential count for a room. */
+      count(roomId) {
+        return this._store.get(roomId)?.size ?? 0;
+      }
+      /** Purge all credentials for a room (rental end). */
+      purgeForRoom(roomId) {
+        this._store.delete(roomId);
+        this._seenNonces.delete(roomId);
+      }
+      /** Purge everything (process exit). */
+      purgeAll() {
+        this._store.clear();
+        this._seenNonces.clear();
+      }
+      /** Get a map of credential key → value for context injection. */
+      getCredentialMap(roomId) {
+        const room = this._store.get(roomId);
+        if (!room) return {};
+        const result = {};
+        for (const [key, cred] of room) {
+          result[key] = cred.value;
+        }
+        return result;
+      }
+    };
+  }
+});
+
 // src/crypto-helpers.ts
 var init_crypto_helpers = __esm({
   async "src/crypto-helpers.ts"() {
@@ -46541,7 +46658,8 @@ __export(http_handlers_exports, {
   handleMcpConfigRequest: () => handleMcpConfigRequest,
   handleSendRequest: () => handleSendRequest,
   handleStatusRequest: () => handleStatusRequest,
-  handleTargetsRequest: () => handleTargetsRequest
+  handleTargetsRequest: () => handleTargetsRequest,
+  handleTrustRequest: () => handleTrustRequest
 });
 async function handleSendRequest(parsed, channel) {
   const text = parsed.text;
@@ -46680,6 +46798,24 @@ function handleTargetsRequest(channel) {
     }
   };
 }
+function handleTrustRequest(channel) {
+  const token = channel.trustToken;
+  if (!token) {
+    return {
+      status: 503,
+      body: { ok: false, error: "token_unavailable" }
+    };
+  }
+  return {
+    status: 200,
+    body: {
+      ok: true,
+      tier: channel.trustTier,
+      composite: null,
+      token_expires_at: channel.trustTokenExpiresAt
+    }
+  };
+}
 function handleMcpConfigRequest(agentName, port, mcpSkillCount) {
   return {
     status: 200,
@@ -46934,12 +47070,13 @@ function migratePersistedState(raw) {
     messageHistory: []
   };
 }
-var ROOM_AGENT_TYPES, POLL_INTERVAL_MS, RECONNECT_BASE_MS, RECONNECT_MAX_MS, PENDING_POLL_INTERVAL_MS, SecureChannel;
+var ROOM_AGENT_TYPES, CREDENTIAL_MESSAGE_TYPES, POLL_INTERVAL_MS, RECONNECT_BASE_MS, RECONNECT_MAX_MS, PENDING_POLL_INTERVAL_MS, SecureChannel;
 var init_channel = __esm({
   async "src/channel.ts"() {
     "use strict";
     await init_libsodium_wrappers();
     await init_dist();
+    init_credential_store();
     await init_crypto_helpers();
     await init_state();
     init_transport2();
@@ -46950,6 +47087,11 @@ var init_channel = __esm({
       "decision_response",
       "artifact_share"
     ]);
+    CREDENTIAL_MESSAGE_TYPES = /* @__PURE__ */ new Set([
+      "credential_grant",
+      "credential_revoke",
+      "credential_request"
+    ]);
     POLL_INTERVAL_MS = 6e3;
     RECONNECT_BASE_MS = 1e3;
     RECONNECT_MAX_MS = 3e4;
@@ -46986,17 +47128,26 @@ var init_channel = __esm({
       _heartbeatIntervalSeconds = 0;
       _wakeDetectorTimer = null;
       _lastWakeTick = Date.now();
+      _trustToken = null;
+      _trustTier = null;
+      _trustTokenExpiresAt = null;
+      _trustTokenInterval = null;
       _pendingPollTimer = null;
       _syncMessageIds = null;
       /** Sender Key chains — own chain per room for O(1) encryption */
       _senderKeyChains = /* @__PURE__ */ new Map();
       /** Sender Key peer state — peer chains per room for decryption */
       _senderKeyStates = /* @__PURE__ */ new Map();
+      /** In-memory credential store for renter-provided credentials (never persisted). */
+      _credentialStore = new CredentialStore();
       /** Queued A2A messages for responder channels not yet activated (no first initiator message received). */
       _a2aPendingQueue = {};
       /** Dedup buffer for A2A message IDs (prevents double-delivery via direct + Redis) */
       _a2aSeenMessageIds = /* @__PURE__ */ new Set();
       static A2A_SEEN_MAX = 500;
+      /** Dedup buffer for regular message IDs (prevents double-decrypt via direct WS + Redis pub/sub) */
+      _seenMessageIds = /* @__PURE__ */ new Set();
+      static SEEN_MSG_MAX = 500;
       _scanEngine = null;
       _scanRuleSetVersion = 0;
       _telemetryReporter = null;
@@ -47926,9 +48077,56 @@ var init_channel = __esm({
           this.emit("error", new Error(`Heartbeat send failed: ${err}`));
         });
       }
+      // --- Trust Gate token management ---
+      getTrustHeaders() {
+        if (!this._trustToken) return {};
+        return { "AgentVault-Trust": this._trustToken };
+      }
+      get trustToken() {
+        return this._trustToken;
+      }
+      get trustTier() {
+        return this._trustTier;
+      }
+      get trustTokenExpiresAt() {
+        return this._trustTokenExpiresAt;
+      }
+      async refreshTrustToken() {
+        try {
+          const res = await fetch(`${this.config.apiUrl}/api/v1/gate/token`, {
+            method: "POST",
+            headers: {
+              Authorization: `Bearer ${this._deviceJwt}`,
+              "Content-Type": "application/json"
+            }
+          });
+          if (res.ok) {
+            const data = await res.json();
+            this._trustToken = data.token;
+            this._trustTier = data.tier;
+            this._trustTokenExpiresAt = data.expires_at;
+          }
+        } catch (err) {
+          console.warn("[AgentVault] Trust token refresh failed:", err);
+        }
+      }
+      startTrustTokenRefresh() {
+        this.refreshTrustToken();
+        this._trustTokenInterval = setInterval(
+          () => this.refreshTrustToken(),
+          12 * 60 * 1e3
+        );
+      }
+      stopTrustTokenRefresh() {
+        if (this._trustTokenInterval) {
+          clearInterval(this._trustTokenInterval);
+          this._trustTokenInterval = null;
+        }
+      }
       async stop() {
         this._stopped = true;
         await this.stopHeartbeat();
+        this.stopTrustTokenRefresh();
         this._flushAcks();
         this._stopPing();
         this._stopWakeDetector();
@@ -48044,6 +48242,10 @@ var init_channel = __esm({
                 res.end(JSON.stringify({ ok: false, error: "Internal MCP error" }));
               }
             });
+          } else if (req.method === "GET" && req.url === "/trust") {
+            const result = handlers.handleTrustRequest(this);
+            res.writeHead(result.status, { "Content-Type": "application/json" });
+            res.end(JSON.stringify(result.body));
           } else if (req.method === "GET" && req.url === "/mcp-config") {
             const agentName = this.config.agentName ?? "agent";
             const mcpSkillCount = this._mcpServer?.skillCount ?? 0;
@@ -48550,6 +48752,7 @@ var init_channel = __esm({
               });
               this._telemetryReporter.startAutoFlush(3e4);
             }
+            this.startTrustTokenRefresh();
             this.emit("ready");
           } catch (openErr) {
             console.error("[SecureChannel] Error in WS open handler:", openErr);
@@ -48582,6 +48785,17 @@ var init_channel = __esm({
               return;
             }
             if (data.event === "message") {
+              const inMsgId = data.data?.message_id;
+              if (inMsgId && this._seenMessageIds.has(inMsgId)) {
+                return;
+              }
+              if (inMsgId) {
+                this._seenMessageIds.add(inMsgId);
+                if (this._seenMessageIds.size > _SecureChannel.SEEN_MSG_MAX) {
+                  const first = this._seenMessageIds.values().next().value;
+                  if (first) this._seenMessageIds.delete(first);
+                }
+              }
               try {
                 await this._handleIncomingMessage(data.data);
               } catch (msgErr) {
@@ -48612,6 +48826,17 @@ var init_channel = __esm({
               }).catch((err) => this.emit("error", err));
             }
             if (data.event === "room_message") {
+              const rmMsgId = data.data?.message_id;
+              if (rmMsgId && this._seenMessageIds.has(rmMsgId)) {
+                return;
+              }
+              if (rmMsgId) {
+                this._seenMessageIds.add(rmMsgId);
+                if (this._seenMessageIds.size > _SecureChannel.SEEN_MSG_MAX) {
+                  const first = this._seenMessageIds.values().next().value;
+                  if (first) this._seenMessageIds.delete(first);
+                }
+              }
               try {
                 await this._handleRoomMessage(data.data);
               } catch (rmErr) {
@@ -49146,6 +49371,10 @@ var init_channel = __esm({
         if (!session.activated) {
           session.activated = true;
           console.log(`[SecureChannel] Session ${convId.slice(0, 8)}... activated by first owner message`);
+          if (this._persisted?.sessions[convId]) {
+            this._persisted.sessions[convId].activated = true;
+          }
+          await this._persistState();
         }
         let messageText;
         let messageType;
@@ -49760,6 +49989,14 @@ ${messageText}`;
               `[SecureChannel] Room ratchet re-initialized for conv ${convId.slice(0, 8)}...`
             );
             plaintext = session.ratchet.decrypt(encrypted);
+            session.activated = true;
+            if (this._persisted.sessions[convId]) {
+              this._persisted.sessions[convId].activated = true;
+            }
+            await this._persistState();
+            console.log(
+              `[SecureChannel] Room session ${convId.slice(0, 8)}... re-activated after ratchet re-init`
+            );
           } catch (reinitErr) {
             console.error(
               `[SecureChannel] Room ratchet re-init failed for conv ${convId.slice(0, 8)}...:`,
@@ -49778,6 +50015,14 @@ ${messageText}`;
           messageType = "message";
           messageText = plaintext;
         }
+        if (CREDENTIAL_MESSAGE_TYPES.has(messageType)) {
+          this._handleCredentialMessage(msgData.room_id, messageType, messageText, msgData.message_id);
+          if (msgData.created_at && this._persisted) {
+            this._persisted.lastMessageTimestamp = msgData.created_at;
+          }
+          await this._persistState();
+          return;
+        }
         if (!ROOM_AGENT_TYPES.has(messageType)) {
           return;
         }
@@ -49814,6 +50059,94 @@ ${messageText}`;
           console.error("[SecureChannel] onMessage callback error:", err);
         });
       }
+      /**
+       * Handle credential protocol messages (grant, revoke, request).
+       * These are intercepted before reaching the agent's onMessage callback.
+       */
+      _handleCredentialMessage(roomId, messageType, plaintext, messageId) {
+        try {
+          const payload = JSON.parse(plaintext);
+          if (messageType === "credential_grant") {
+            const grant = payload;
+            if (grant.nonce && !this._credentialStore.checkNonce(roomId, grant.nonce)) {
+              console.warn(`[SecureChannel] Credential grant replay detected for room ${roomId.slice(0, 8)}..., ignoring`);
+              return;
+            }
+            const keys = [];
+            for (const cred of grant.credentials || []) {
+              this._credentialStore.grant(roomId, {
+                key: cred.key,
+                value: cred.value,
+                type: cred.type,
+                scope: cred.scope,
+                grantedAt: grant.timestamp || (/* @__PURE__ */ new Date()).toISOString(),
+                agreementId: grant.agreement_id,
+                roomId
+              });
+              keys.push(cred.key);
+            }
+            console.log(
+              `[SecureChannel] Credentials granted for room ${roomId.slice(0, 8)}...: ${keys.join(", ")} (${keys.length} keys)`
+            );
+            this._sendCredentialAck(roomId, grant.agreement_id, keys, "stored");
+            this.emit("credentials_granted", { roomId, keys, agreementId: grant.agreement_id });
+          } else if (messageType === "credential_revoke") {
+            const revoke = payload;
+            const revoked = [];
+            for (const key of revoke.credential_keys || []) {
+              if (this._credentialStore.revoke(roomId, key)) {
+                revoked.push(key);
+              }
+            }
+            console.log(
+              `[SecureChannel] Credentials revoked for room ${roomId.slice(0, 8)}...: ${revoked.join(", ")} (reason: ${revoke.reason || "none"})`
+            );
+            this._sendCredentialAck(roomId, revoke.agreement_id, revoked, "revoked");
+            this.emit("credentials_revoked", { roomId, keys: revoked, agreementId: revoke.agreement_id });
+          }
+        } catch (err) {
+          console.error("[SecureChannel] Error handling credential message:", err);
+        }
+        if (messageId) {
+          this._sendAck(messageId);
+        }
+      }
+      /**
+       * Send a credential_ack back to a room.
+       */
+      _sendCredentialAck(roomId, agreementId, keys, ackStatus) {
+        const ack = JSON.stringify({
+          type: "credential_ack",
+          agreement_id: agreementId,
+          acknowledged_keys: keys,
+          status: ackStatus,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        });
+        this.sendToRoom(roomId, ack, { messageType: "credential_ack" }).catch((err) => {
+          console.warn("[SecureChannel] Failed to send credential ACK:", err);
+        });
+      }
+      // --- Public credential accessors ---
+      /** Get a specific renter credential for a room. */
+      getCredential(roomId, key) {
+        return this._credentialStore.get(roomId, key);
+      }
+      /** Get all renter credentials for a room (includes values — for agent context). */
+      getCredentials(roomId) {
+        return this._credentialStore.getAll(roomId);
+      }
+      /** Get credential key→value map for a room (for context injection). */
+      getCredentialMap(roomId) {
+        return this._credentialStore.getCredentialMap(roomId);
+      }
+      /** Check if a specific credential exists for a room. */
+      hasCredential(roomId, key) {
+        return this._credentialStore.has(roomId, key);
+      }
+      /** Purge all credentials for a room (call on rental end). */
+      purgeRoomCredentials(roomId) {
+        this._credentialStore.purgeForRoom(roomId);
+      }
       /**
        * Find the pairwise conversation ID for a given sender in a room.
        */
@@ -49976,6 +50309,14 @@ ${messageText}`;
           messageType = "message";
           messageText = plaintext;
         }
+        if (CREDENTIAL_MESSAGE_TYPES.has(messageType)) {
+          this._handleCredentialMessage(msgData.room_id, messageType, messageText, msgData.message_id);
+          if (msgData.created_at && this._persisted) {
+            this._persisted.lastMessageTimestamp = msgData.created_at;
+          }
+          await this._persistState();
+          return;
+        }
         if (!ROOM_AGENT_TYPES.has(messageType)) {
           return;
         }
@@ -76664,21 +77005,26 @@ function loadSkillsFromDirectory(dir) {
   const skills = [];
   const absDir = resolve2(dir);
   if (!existsSync(absDir)) return skills;
-  const rootSkill = join4(absDir, "SKILL.md");
-  if (existsSync(rootSkill)) {
-    const content = readFileSync(rootSkill, "utf-8");
-    const skill = parseSkillMd(content);
-    if (skill) skills.push(skill);
+  const seen = /* @__PURE__ */ new Set();
+  function tryLoad(filePath) {
+    if (seen.has(filePath)) return;
+    seen.add(filePath);
+    try {
+      const content = readFileSync(filePath, "utf-8");
+      const skill = parseSkillMd(content);
+      if (skill) skills.push(skill);
+    } catch {
+    }
   }
   try {
     const entries = readdirSync(absDir, { withFileTypes: true });
     for (const entry of entries) {
-      if (entry.isDirectory()) {
+      if (entry.isFile() && entry.name.endsWith("SKILL.md")) {
+        tryLoad(join4(absDir, entry.name));
+      } else if (entry.isDirectory()) {
         const subSkill = join4(absDir, entry.name, "SKILL.md");
         if (existsSync(subSkill)) {
-          const content = readFileSync(subSkill, "utf-8");
-          const skill = parseSkillMd(content);
-          if (skill) skills.push(skill);
+          tryLoad(subSkill);
         }
       }
     }
@@ -77079,6 +77425,7 @@ var init_index = __esm({
   async "src/index.ts"() {
     await init_channel();
     init_types();
+    init_credential_store();
     init_account_config();
     await init_openclaw_plugin();
     init_gateway_send();
@@ -77097,6 +77444,7 @@ var init_index = __esm({
 await init_index();
 export {
   AgentVaultMcpServer,
+  CredentialStore,
   PolicyEnforcer,
   SecureChannel,
   VERSION,