@clawcrony/claw-crony 1.0.1

package/dist/src/executor.js

@@ -0,0 +1,994 @@
+import { v4 as uuidv4 } from "uuid";
+import crypto from "node:crypto";
+import { validateMimeType, validateUriSchemeAndIp, checkFileSize, decodedBase64Size, sanitizeUriForLog, } from "./file-security.js";
+const DEFAULT_AGENT_RESPONSE_TIMEOUT_MS = 300_000;
+const GATEWAY_CONNECT_TIMEOUT_MS = 10_000;
+const GATEWAY_REQUEST_TIMEOUT_MS = 10_000;
+const HOOKS_WAKE_TIMEOUT_MS = 5_000;
+const TASK_CONTEXT_CACHE_LIMIT = 10_000;
+/**
+ * Interval for SSE heartbeat events during agent dispatch.
+ * Keeps the SSE connection alive and signals clients the task is still working.
+ */
+const STREAMING_HEARTBEAT_INTERVAL_MS = 15_000;
+/**
+ * Maximum number of messages retained in task history.
+ * Prevents unbounded growth in long-running conversations.
+ * The SDK's tasks/get historyLength param can further trim on read.
+ */
+const MAX_HISTORY_MESSAGES = 200;
+function pickAgentId(requestContext, fallbackAgentId) {
+    const msg = requestContext.userMessage;
+    const explicit = msg && typeof msg.agentId === "string" ? msg.agentId : "";
+    return explicit || fallbackAgentId;
+}
+function asObject(value) {
+    if (!value || typeof value !== "object") {
+        return null;
+    }
+    return value;
+}
+function asString(value) {
+    if (typeof value !== "string") {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function asFiniteNumber(value) {
+    if (typeof value !== "number" || !Number.isFinite(value)) {
+        return undefined;
+    }
+    return value;
+}
+/**
+ * Format an A2A DataPart as human-readable text for the OpenClaw agent.
+ *
+ * DataPart carries structured JSON data (kind: "data"). Since the Gateway RPC
+ * only accepts plain text, we serialize the data with a mimeType hint so the
+ * agent can interpret it.
+ */
+function formatDataPartAsText(obj) {
+    const data = asObject(obj.data);
+    if (!data) {
+        // Fallback: stringify the entire obj.data even if it's a primitive/array
+        if (obj.data !== undefined && obj.data !== null) {
+            const raw = JSON.stringify(obj.data);
+            const mimeType = asString(obj.mimeType) || "application/json";
+            return `[Data (${mimeType}): ${raw.slice(0, 2000)}]`;
+        }
+        return "";
+    }
+    const mimeType = asString(obj.mimeType) || "application/json";
+    const raw = JSON.stringify(data);
+    // Truncate very large payloads to prevent overwhelming the agent context
+    const preview = raw.length > 2000 ? raw.slice(0, 2000) + "…" : raw;
+    return `[Data (${mimeType}): ${preview}]`;
+}
+/**
+ * Format an A2A FilePart as human-readable text for the OpenClaw agent.
+ *
+ * The Gateway RPC `agent` method only accepts a `message: string` parameter,
+ * so file parts must be serialized into text. URI-based files include the URL
+ * so the agent can reference or fetch them; inline base64 files include a size
+ * hint since the raw bytes cannot be forwarded through the text channel.
+ */
+function formatFilePartAsText(obj) {
+    const file = asObject(obj.file);
+    if (!file) {
+        return "";
+    }
+    // Sanitize name/mimeType: strip control chars and newlines to prevent
+    // format injection when embedded in the agent message text.
+    const rawName = asString(file.name) || "file";
+    const rawMimeType = asString(file.mimeType) || "application/octet-stream";
+    const name = rawName.replace(/[\r\n\t\x00-\x1f]/g, "").slice(0, 200);
+    const mimeType = rawMimeType.replace(/[\r\n\t\x00-\x1f]/g, "").slice(0, 100);
+    // URI-based file
+    const uri = asString(file.uri);
+    if (uri) {
+        return `[Attached: ${name} (${mimeType}) \u2192 ${uri}]`;
+    }
+    // Base64-encoded inline file
+    const bytes = asString(file.bytes);
+    if (bytes) {
+        const sizeKB = Math.ceil(decodedBase64Size(bytes) / 1024);
+        return `[Attached: ${name} (${mimeType}), inline ${sizeKB}KB]`;
+    }
+    return `[Attached: ${name} (${mimeType})]`;
+}
+function extractTextFragments(value) {
+    if (typeof value === "string") {
+        const trimmed = value.trim();
+        return trimmed ? [trimmed] : [];
+    }
+    if (Array.isArray(value)) {
+        return value.flatMap((entry) => extractTextFragments(entry));
+    }
+    const obj = asObject(value);
+    if (!obj) {
+        return [];
+    }
+    if (obj.kind === "text" && typeof obj.text === "string") {
+        const trimmed = obj.text.trim();
+        return trimmed ? [trimmed] : [];
+    }
+    // Handle A2A FilePart: format as human-readable text for the agent
+    if (obj.kind === "file") {
+        const description = formatFilePartAsText(obj);
+        return description ? [description] : [];
+    }
+    // Handle A2A DataPart: serialize structured data as human-readable text
+    if (obj.kind === "data") {
+        const description = formatDataPartAsText(obj);
+        return description ? [description] : [];
+    }
+    const parts = Array.isArray(obj.parts) ? obj.parts : [];
+    if (parts.length > 0) {
+        return parts.flatMap((part) => extractTextFragments(part));
+    }
+    const content = Array.isArray(obj.content) ? obj.content : [];
+    if (content.length > 0) {
+        return content.flatMap((entry) => extractTextFragments(entry));
+    }
+    if (typeof obj.text === "string") {
+        const trimmed = obj.text.trim();
+        return trimmed ? [trimmed] : [];
+    }
+    return [];
+}
+function extractInboundMessageText(message) {
+    const fragments = extractTextFragments(message);
+    if (fragments.length > 0) {
+        return fragments.join("\n");
+    }
+    try {
+        return JSON.stringify(message);
+    }
+    catch {
+        return "A2A inbound message";
+    }
+}
+function extractAgentPayloadText(payload) {
+    const fragments = extractTextFragments(payload);
+    if (fragments.length === 0) {
+        return undefined;
+    }
+    return fragments.join("\n").trim() || undefined;
+}
+/**
+ * Extract media URLs from a single agent payload entry.
+ *
+ * OpenClaw Gateway agent payloads carry media via `mediaUrl` (single) and/or
+ * `mediaUrls` (array). Both are extracted and de-duplicated.
+ */
+function extractMediaUrlsFromPayload(payload) {
+    const obj = asObject(payload);
+    if (!obj) {
+        return [];
+    }
+    const urls = [];
+    const single = asString(obj.mediaUrl);
+    if (single) {
+        urls.push(single);
+    }
+    if (Array.isArray(obj.mediaUrls)) {
+        for (const entry of obj.mediaUrls) {
+            const url = asString(entry);
+            if (url && !urls.includes(url)) {
+                urls.push(url);
+            }
+        }
+    }
+    return urls;
+}
+/**
+ * Extract structured response (text + media URLs) from the Gateway agent
+ * final payload. Returns undefined when no usable content is found.
+ */
+function extractAgentResponse(payload) {
+    const body = asObject(payload);
+    if (!body) {
+        return undefined;
+    }
+    const result = asObject(body.result);
+    const payloads = Array.isArray(result?.payloads) ? result.payloads : [];
+    const texts = payloads
+        .map((entry) => extractAgentPayloadText(entry))
+        .filter((entry) => Boolean(entry && entry.trim()));
+    const mediaUrls = [];
+    for (const entry of payloads) {
+        for (const url of extractMediaUrlsFromPayload(entry)) {
+            if (!mediaUrls.includes(url)) {
+                mediaUrls.push(url);
+            }
+        }
+    }
+    if (texts.length > 0 || mediaUrls.length > 0) {
+        return {
+            text: texts.join("\n\n"),
+            mediaUrls,
+        };
+    }
+    return undefined;
+}
+/**
+ * Build A2A Part array from an AgentResponse. Produces TextPart for text
+ * content and FilePart entries for each media URL.
+ */
+function buildResponseParts(response) {
+    const parts = [];
+    if (response.text) {
+        parts.push({ kind: "text", text: response.text });
+    }
+    for (const url of response.mediaUrls) {
+        parts.push({
+            kind: "file",
+            file: { uri: url },
+        });
+    }
+    // Ensure at least one part exists (A2A requires non-empty parts array)
+    if (parts.length === 0) {
+        parts.push({ kind: "text", text: "" });
+    }
+    return parts;
+}
+function extractLatestAssistantReply(historyPayload) {
+    const body = asObject(historyPayload);
+    if (!body) {
+        return undefined;
+    }
+    const messages = Array.isArray(body.messages) ? body.messages : [];
+    for (let i = messages.length - 1; i >= 0; i -= 1) {
+        const entry = asObject(messages[i]);
+        if (!entry || entry.role !== "assistant") {
+            continue;
+        }
+        const text = extractAgentPayloadText(entry);
+        if (text) {
+            return text;
+        }
+    }
+    return undefined;
+}
+function withTimeout(promise, timeoutMs, timeoutMessage) {
+    return new Promise((resolve, reject) => {
+        const timer = setTimeout(() => {
+            reject(new Error(timeoutMessage));
+        }, timeoutMs);
+        promise.then((value) => {
+            clearTimeout(timer);
+            resolve(value);
+        }, (error) => {
+            clearTimeout(timer);
+            reject(error);
+        });
+    });
+}
+/**
+ * Lazily generated Ed25519 device identity for this plugin instance.
+ * Persisted in-memory for the lifetime of the process so all connections
+ * from this gateway share the same device id and auto-pair only once.
+ */
+let cachedDeviceIdentity = null;
+function getOrCreateDeviceIdentity() {
+    if (cachedDeviceIdentity)
+        return cachedDeviceIdentity;
+    const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519");
+    const publicKeyRaw = publicKey.export({ type: "spki", format: "der" });
+    // Ed25519 SPKI DER has a 12-byte header; the raw 32-byte key starts at offset 12
+    const rawBytes = publicKeyRaw.subarray(12);
+    const publicKeyB64Url = rawBytes.toString("base64url");
+    const deviceId = crypto
+        .createHash("sha256")
+        .update(rawBytes)
+        .digest("hex");
+    cachedDeviceIdentity = { publicKey: publicKeyB64Url, privateKey, deviceId };
+    return cachedDeviceIdentity;
+}
+class GatewayRpcConnection {
+    wsUrl;
+    gatewayToken;
+    gatewayPassword;
+    pending;
+    socket;
+    messageListener;
+    closeListener;
+    connectChallengeTimer;
+    connectChallengeResolver;
+    connectChallengeRejecter;
+    challengeNonce;
+    constructor(config) {
+        this.wsUrl = config.wsUrl;
+        this.gatewayToken = config.gatewayToken;
+        this.gatewayPassword = config.gatewayPassword;
+        this.pending = new Map();
+        this.socket = null;
+        this.messageListener = null;
+        this.closeListener = null;
+        this.connectChallengeTimer = null;
+        this.connectChallengeResolver = null;
+        this.connectChallengeRejecter = null;
+        this.challengeNonce = "";
+    }
+    async connect() {
+        const ctor = globalThis.WebSocket;
+        if (!ctor) {
+            throw new Error("WebSocket runtime is unavailable");
+        }
+        const socket = new ctor(this.wsUrl);
+        this.socket = socket;
+        this.messageListener = (event) => {
+            this.handleMessage(event);
+        };
+        this.closeListener = () => {
+            const error = new Error("gateway connection closed");
+            this.rejectConnectChallenge(error);
+            this.rejectAllPending(error);
+        };
+        socket.addEventListener("message", this.messageListener);
+        socket.addEventListener("close", this.closeListener);
+        const challengePromise = this.awaitConnectChallenge();
+        try {
+            await new Promise((resolve, reject) => {
+                let settled = false;
+                const cleanup = () => {
+                    socket.removeEventListener("open", onOpen);
+                    socket.removeEventListener("error", onError);
+                    socket.removeEventListener("close", onClose);
+                };
+                const settle = (error) => {
+                    if (settled) {
+                        return;
+                    }
+                    settled = true;
+                    clearTimeout(timer);
+                    cleanup();
+                    if (error) {
+                        this.rejectConnectChallenge(error);
+                        reject(error);
+                        return;
+                    }
+                    resolve();
+                };
+                const onOpen = () => {
+                    settle();
+                };
+                const onError = () => {
+                    settle(new Error("failed to open gateway websocket"));
+                };
+                const onClose = () => {
+                    settle(new Error("gateway websocket closed during connect"));
+                };
+                const timer = setTimeout(() => {
+                    settle(new Error("gateway websocket connect timed out"));
+                }, GATEWAY_CONNECT_TIMEOUT_MS);
+                socket.addEventListener("open", onOpen);
+                socket.addEventListener("error", onError);
+                socket.addEventListener("close", onClose);
+            });
+            // OpenClaw Gateway uses a challenge event before accepting connect.
+            await challengePromise;
+        }
+        catch (error) {
+            await challengePromise.catch(() => { });
+            throw error;
+        }
+        try {
+            await this.request("connect", this.buildConnectParams(true), GATEWAY_CONNECT_TIMEOUT_MS, false);
+        }
+        catch (connectError) {
+            const msg = connectError instanceof Error ? connectError.message : String(connectError);
+            // On older gateways (≤2026.3.11), sending a device identity may trigger
+            // "pairing required" if silent auto-pairing is not supported.
+            // Retry without device identity — the gateway token alone is sufficient
+            // on those versions because they preserve scopes for shared-auth connections.
+            if (msg.includes("pairing required") || msg.includes("device identity required")) {
+                this.challengeNonce = "";
+                await this.reconnect();
+                return;
+            }
+            throw connectError;
+        }
+    }
+    /**
+     * Reconnect without device identity (fallback for gateways that reject unpaired devices).
+     */
+    async reconnect() {
+        this.close();
+        const ctor = globalThis.WebSocket;
+        if (!ctor)
+            throw new Error("WebSocket runtime is unavailable");
+        const socket = new ctor(this.wsUrl);
+        this.socket = socket;
+        this.messageListener = (event) => { this.handleMessage(event); };
+        this.closeListener = () => {
+            const error = new Error("gateway connection closed");
+            this.rejectConnectChallenge(error);
+            this.rejectAllPending(error);
+        };
+        socket.addEventListener("message", this.messageListener);
+        socket.addEventListener("close", this.closeListener);
+        const challengePromise = this.awaitConnectChallenge();
+        await new Promise((resolve, reject) => {
+            let settled = false;
+            const settle = (error) => {
+                if (settled)
+                    return;
+                settled = true;
+                clearTimeout(timer);
+                socket.removeEventListener("open", onOpen);
+                socket.removeEventListener("error", onError);
+                socket.removeEventListener("close", onClose);
+                if (error) {
+                    this.rejectConnectChallenge(error);
+                    reject(error);
+                    return;
+                }
+                resolve();
+            };
+            const onOpen = () => settle();
+            const onError = () => settle(new Error("failed to open gateway websocket"));
+            const onClose = () => settle(new Error("gateway websocket closed during connect"));
+            const timer = setTimeout(() => settle(new Error("gateway websocket connect timed out")), GATEWAY_CONNECT_TIMEOUT_MS);
+            socket.addEventListener("open", onOpen);
+            socket.addEventListener("error", onError);
+            socket.addEventListener("close", onClose);
+        });
+        await challengePromise;
+        await this.request("connect", this.buildConnectParams(false), GATEWAY_CONNECT_TIMEOUT_MS, false);
+    }
+    async request(method, params, timeoutMs, expectFinal) {
+        const socket = this.socket;
+        if (!socket || socket.readyState !== 1) {
+            throw new Error("gateway websocket is not connected");
+        }
+        const id = uuidv4();
+        const frame = {
+            type: "req",
+            id,
+            method,
+            params,
+        };
+        return await new Promise((resolve, reject) => {
+            const timer = setTimeout(() => {
+                this.pending.delete(id);
+                reject(new Error(`gateway request timed out: ${method}`));
+            }, timeoutMs);
+            this.pending.set(id, {
+                method,
+                expectFinal,
+                timer,
+                resolve,
+                reject,
+            });
+            try {
+                socket.send(JSON.stringify(frame));
+            }
+            catch (error) {
+                clearTimeout(timer);
+                this.pending.delete(id);
+                reject(error instanceof Error ? error : new Error(String(error)));
+            }
+        });
+    }
+    close() {
+        const socket = this.socket;
+        this.socket = null;
+        if (socket) {
+            if (this.messageListener) {
+                socket.removeEventListener("message", this.messageListener);
+            }
+            if (this.closeListener) {
+                socket.removeEventListener("close", this.closeListener);
+            }
+            this.messageListener = null;
+            this.closeListener = null;
+            socket.close();
+        }
+        const error = new Error("gateway websocket connection closed");
+        this.rejectConnectChallenge(error);
+        this.rejectAllPending(error);
+    }
+    awaitConnectChallenge() {
+        if (this.connectChallengeRejecter) {
+            this.connectChallengeRejecter(new Error("gateway connect challenge wait superseded"));
+        }
+        this.clearConnectChallengeWait();
+        return new Promise((resolve, reject) => {
+            this.connectChallengeResolver = (nonce) => {
+                this.challengeNonce = nonce;
+                this.clearConnectChallengeWait();
+                resolve();
+            };
+            this.connectChallengeRejecter = (error) => {
+                this.clearConnectChallengeWait();
+                reject(error);
+            };
+            // OpenClaw Gateway typically emits a connect.challenge event shortly after the socket opens.
+            // Use a bounded timeout so we fail fast (and can fall back) if the gateway isn't reachable.
+            const timeoutMs = 2_000;
+            this.connectChallengeTimer = setTimeout(() => {
+                this.connectChallengeRejecter?.(new Error("gateway connect challenge timed out"));
+            }, timeoutMs);
+        });
+    }
+    clearConnectChallengeWait() {
+        if (this.connectChallengeTimer) {
+            clearTimeout(this.connectChallengeTimer);
+        }
+        this.connectChallengeTimer = null;
+        this.connectChallengeResolver = null;
+        this.connectChallengeRejecter = null;
+    }
+    rejectConnectChallenge(error) {
+        if (this.connectChallengeRejecter) {
+            this.connectChallengeRejecter(error);
+            return;
+        }
+        this.clearConnectChallengeWait();
+    }
+    buildConnectParams(includeDevice = true) {
+        const auth = {};
+        if (this.gatewayToken) {
+            auth.token = this.gatewayToken;
+        }
+        if (this.gatewayPassword) {
+            auth.password = this.gatewayPassword;
+        }
+        const role = "operator";
+        const scopes = ["operator.admin", "operator.read", "operator.write", "operator.approvals", "operator.pairing"];
+        const params = {
+            minProtocol: 3,
+            maxProtocol: 3,
+            client: {
+                id: "cli",
+                version: "a2a-gateway-plugin",
+                platform: process.platform,
+                mode: "cli",
+                instanceId: uuidv4(),
+            },
+            role,
+            scopes,
+        };
+        if (Object.keys(auth).length > 0) {
+            params.auth = auth;
+        }
+        // Build device identity so the gateway preserves requested scopes.
+        // Without this, OpenClaw ≥2026.3.13 clears scopes for connections
+        // that lack a device identity, causing "missing scope: operator.write".
+        // See: https://github.com/win4r/openclaw-a2a-gateway/issues/29
+        const nonce = this.challengeNonce;
+        if (includeDevice && nonce) {
+            const identity = getOrCreateDeviceIdentity();
+            const signedAtMs = Date.now();
+            // Build the v3 signature payload — must match buildDeviceAuthPayloadV3 in OpenClaw core
+            const payloadParts = [
+                "v3",
+                identity.deviceId,
+                "cli", // clientId
+                "cli", // clientMode
+                role,
+                scopes.join(","),
+                String(signedAtMs),
+                auth.token || "", // token from shared auth
+                nonce,
+                process.platform, // platform
+                "", // deviceFamily (empty)
+            ];
+            const payload = payloadParts.join("|");
+            const signature = crypto.sign(null, Buffer.from(payload), identity.privateKey);
+            const signatureB64Url = signature.toString("base64url");
+            params.device = {
+                id: identity.deviceId,
+                publicKey: identity.publicKey,
+                signedAt: signedAtMs,
+                nonce,
+                signature: signatureB64Url,
+            };
+        }
+        return params;
+    }
+    handleMessage(event) {
+        const raw = typeof event.data === "string" ? event.data : "";
+        if (!raw) {
+            return;
+        }
+        let parsed;
+        try {
+            parsed = JSON.parse(raw);
+        }
+        catch {
+            return;
+        }
+        const frame = asObject(parsed);
+        if (!frame) {
+            return;
+        }
+        if (frame.type === "event") {
+            if (frame.event === "connect.challenge") {
+                const payload = asObject(frame.payload);
+                const nonce = asString(payload?.nonce)?.trim() || "";
+                if (nonce && this.connectChallengeResolver) {
+                    this.connectChallengeResolver(nonce);
+                }
+            }
+            return;
+        }
+        if (frame.type !== "res") {
+            return;
+        }
+        const id = asString(frame.id);
+        if (!id) {
+            return;
+        }
+        const pending = this.pending.get(id);
+        if (!pending) {
+            return;
+        }
+        if (pending.expectFinal) {
+            const payload = asObject(frame.payload);
+            if (payload?.status === "accepted") {
+                return;
+            }
+        }
+        this.pending.delete(id);
+        clearTimeout(pending.timer);
+        if (frame.ok === true) {
+            pending.resolve(frame.payload);
+            return;
+        }
+        const errorBody = asObject(frame.error);
+        const message = asString(errorBody?.message) || `gateway method failed: ${pending.method}`;
+        pending.reject(new Error(message));
+    }
+    rejectAllPending(error) {
+        for (const [, pending] of this.pending) {
+            clearTimeout(pending.timer);
+            pending.reject(error);
+        }
+        this.pending.clear();
+    }
+}
+/**
+ * Bridges A2A inbound messages to OpenClaw agent dispatch.
+ *
+ * - Dispatches to an OpenClaw agent via Gateway RPC (agent server method)
+ * - On success: publishes a complete Task with "completed" state and artifacts
+ * - On dispatch failure: keeps legacy fallback text and attempts `/hooks/wake`
+ */
+export class OpenClawAgentExecutor {
+    api;
+    defaultAgentId;
+    agentResponseTimeoutMs;
+    security;
+    taskContextByTaskId;
+    constructor(api, config) {
+        this.api = api;
+        this.defaultAgentId = config.routing.defaultAgentId;
+        this.security = config.security;
+        const configured = config.timeouts?.agentResponseTimeoutMs;
+        this.agentResponseTimeoutMs =
+            typeof configured === "number" && Number.isFinite(configured) && configured >= 1000
+                ? configured
+                : DEFAULT_AGENT_RESPONSE_TIMEOUT_MS;
+        this.taskContextByTaskId = new Map();
+    }
+    async execute(requestContext, eventBus) {
+        const agentId = pickAgentId(requestContext, this.defaultAgentId);
+        const taskId = requestContext.taskId;
+        const contextId = requestContext.contextId;
+        this.rememberTaskContext(taskId, contextId);
+        // Carry forward conversation history from previous rounds (if any).
+        // The SDK's ResultManager replaces currentTask with { ...taskEvent }, so
+        // omitting history would wipe out prior messages.
+        //
+        // IMPORTANT: The SDK's _createRequestContext already appends the current
+        // user message to task.history before calling execute(). The ResultManager
+        // then checks messageId to avoid double-adding. We rely on this dedup —
+        // do NOT manually strip the current message from existingHistory.
+        const rawHistory = requestContext.task?.history ?? [];
+        const existingHistory = rawHistory.length > MAX_HISTORY_MESSAGES
+            ? rawHistory.slice(-MAX_HISTORY_MESSAGES)
+            : rawHistory;
+        // Publish initial "working" state so the task is trackable during async dispatch
+        const workingTask = {
+            kind: "task",
+            id: taskId,
+            contextId,
+            status: {
+                state: "working",
+                timestamp: new Date().toISOString(),
+            },
+            history: existingHistory,
+        };
+        eventBus.publish(workingTask);
+        // Validate inbound FileParts before dispatching to the agent
+        const fileValidationError = this.validateInboundFileParts(requestContext.userMessage);
+        if (fileValidationError) {
+            this.api.logger.warn(`a2a-gateway: inbound file validation failed: ${fileValidationError}`);
+            const rejectedMessage = {
+                kind: "message",
+                messageId: uuidv4(),
+                role: "agent",
+                parts: [{ kind: "text", text: `File validation failed: ${fileValidationError}` }],
+                contextId,
+            };
+            const rejectedTask = {
+                kind: "task",
+                id: taskId,
+                contextId,
+                status: {
+                    state: "failed",
+                    message: rejectedMessage,
+                    timestamp: new Date().toISOString(),
+                },
+                history: existingHistory,
+            };
+            eventBus.publish(rejectedTask);
+            eventBus.finished();
+            return;
+        }
+        let agentResponse;
+        // Emit periodic heartbeat events while the agent is working.
+        // This keeps SSE connections alive and signals that the task is still in progress.
+        const heartbeat = setInterval(() => {
+            const heartbeatTask = {
+                kind: "task",
+                id: taskId,
+                contextId,
+                status: {
+                    state: "working",
+                    timestamp: new Date().toISOString(),
+                },
+                history: existingHistory,
+            };
+            eventBus.publish(heartbeatTask);
+        }, STREAMING_HEARTBEAT_INTERVAL_MS);
+        try {
+            agentResponse = await this.dispatchViaGatewayRpc(agentId, requestContext.userMessage, contextId);
+        }
+        catch (err) {
+            clearInterval(heartbeat);
+            const errorMessage = err instanceof Error ? err.message : String(err);
+            const truncatedError = errorMessage.length > 500 ? errorMessage.slice(0, 500) + "..." : errorMessage;
+            this.api.logger.error(`a2a-gateway: agent dispatch failed: ${truncatedError}`);
+            await this.tryHooksWakeFallback(agentId, taskId, contextId, requestContext.userMessage);
+            // Return failed task status so the caller knows dispatch did not succeed.
+            const failedMessage = {
+                kind: "message",
+                messageId: uuidv4(),
+                role: "agent",
+                parts: [{ kind: "text", text: `Agent dispatch failed: ${errorMessage}` }],
+                contextId,
+            };
+            const failedTask = {
+                kind: "task",
+                id: taskId,
+                contextId,
+                status: {
+                    state: "failed",
+                    message: failedMessage,
+                    timestamp: new Date().toISOString(),
+                },
+                history: existingHistory,
+            };
+            eventBus.publish(failedTask);
+            eventBus.finished();
+            return;
+        }
+        clearInterval(heartbeat);
+        // Publish completed Task with artifact (text + optional file parts)
+        const responseParts = buildResponseParts(agentResponse);
+        const responseMessage = {
+            kind: "message",
+            messageId: uuidv4(),
+            role: "agent",
+            parts: responseParts,
+            contextId,
+        };
+        const completedTask = {
+            kind: "task",
+            id: taskId,
+            contextId,
+            status: {
+                state: "completed",
+                message: responseMessage,
+                timestamp: new Date().toISOString(),
+            },
+            history: existingHistory,
+            artifacts: [
+                {
+                    artifactId: uuidv4(),
+                    parts: responseParts,
+                },
+            ],
+        };
+        eventBus.publish(completedTask);
+        eventBus.finished();
+    }
+    // cancelTask intentionally omits history: it only receives taskId (no
+    // RequestContext), so loading history would require a TaskStore reference
+    // that the executor doesn't hold. Cancellation is a terminal state where
+    // consumers care about status, not conversation history.
+    async cancelTask(taskId, eventBus) {
+        const contextId = this.taskContextByTaskId.get(taskId);
+        if (!contextId) {
+            this.api.logger.warn(`a2a-gateway: cancelTask missing contextId for task ${taskId}; skipping cancel publish`);
+            eventBus.finished();
+            return;
+        }
+        const canceledTask = {
+            kind: "task",
+            id: taskId,
+            contextId,
+            status: {
+                state: "canceled",
+                timestamp: new Date().toISOString(),
+            },
+        };
+        eventBus.publish(canceledTask);
+        this.taskContextByTaskId.delete(taskId);
+        eventBus.finished();
+    }
+    rememberTaskContext(taskId, contextId) {
+        if (this.taskContextByTaskId.has(taskId)) {
+            this.taskContextByTaskId.delete(taskId);
+        }
+        this.taskContextByTaskId.set(taskId, contextId);
+        if (this.taskContextByTaskId.size > TASK_CONTEXT_CACHE_LIMIT) {
+            const oldestTaskId = this.taskContextByTaskId.keys().next().value;
+            if (oldestTaskId) {
+                this.taskContextByTaskId.delete(oldestTaskId);
+            }
+        }
+    }
+    async dispatchViaGatewayRpc(agentId, userMessage, contextId) {
+        const messageText = extractInboundMessageText(userMessage);
+        const gatewayConfig = this.resolveGatewayRuntimeConfig();
+        const gateway = new GatewayRpcConnection(gatewayConfig);
+        await gateway.connect();
+        try {
+            // Derive a deterministic session key from A2A contextId for:
+            // 1. Session reuse across messages in the same A2A context (conversation continuity)
+            // 2. Isolation between different A2A contexts (no cross-contamination)
+            // The gateway `agent` RPC auto-creates the session if it doesn't exist.
+            const sessionKey = `agent:${agentId}:a2a:${contextId}`;
+            const runId = uuidv4();
+            const agentParams = {
+                agentId,
+                message: messageText,
+                deliver: false,
+                idempotencyKey: runId,
+                sessionKey,
+            };
+            const finalPayload = await gateway.request("agent", agentParams, this.agentResponseTimeoutMs, true);
+            const finalBody = asObject(finalPayload);
+            const status = asString(finalBody?.status);
+            if (status && status !== "ok") {
+                const summary = asString(finalBody?.summary) || "Agent run did not complete";
+                throw new Error(summary);
+            }
+            const agentResponse = extractAgentResponse(finalPayload);
+            if (agentResponse) {
+                return agentResponse;
+            }
+            // sessionKey is always available (deterministic from contextId),
+            // so we can always try to retrieve the latest assistant reply from history.
+            const historyPayload = await gateway.request("chat.history", { sessionKey, limit: 50 }, GATEWAY_REQUEST_TIMEOUT_MS, false);
+            const historyText = extractLatestAssistantReply(historyPayload);
+            if (historyText) {
+                return { text: historyText, mediaUrls: [] };
+            }
+            throw new Error("No assistant response text returned by gateway");
+        }
+        finally {
+            gateway.close();
+        }
+    }
+    resolveGatewayRuntimeConfig() {
+        const config = asObject(this.api.config) || {};
+        const gateway = asObject(config.gateway) || {};
+        const gatewayAuth = asObject(gateway.auth) || {};
+        const hooks = asObject(config.hooks) || {};
+        const gatewayTls = asObject(gateway.tls) || {};
+        const port = asFiniteNumber(gateway.port) || 18_789;
+        const tlsEnabled = gatewayTls.enabled === true;
+        const scheme = tlsEnabled ? "wss" : "ws";
+        return {
+            port,
+            wsUrl: `${scheme}://localhost:${port}`,
+            hooksWakeUrl: `http://localhost:${port}/hooks/wake`,
+            gatewayToken: asString(gatewayAuth.token) || "",
+            gatewayPassword: asString(gatewayAuth.password) || "",
+            hooksToken: asString(hooks.token) || "",
+        };
+    }
+    /**
+     * Validate inbound FileParts for scheme/IP safety, MIME, and size.
+     *
+     * Inbound validation is lighter than outbound (a2a_send_file):
+     * - Scheme + IP-literal check only (no DNS resolution — we don't fetch the URL)
+     * - MIME whitelist
+     * - Inline size limit
+     */
+    validateInboundFileParts(userMessage) {
+        const parts = this.extractFileParts(userMessage);
+        if (parts.length === 0)
+            return null;
+        for (const part of parts) {
+            const file = asObject(part.file);
+            if (!file)
+                continue;
+            const uri = asString(file.uri);
+            const mimeType = asString(file.mimeType);
+            const bytes = asString(file.bytes);
+            // URI-based file: scheme + IP literal check + MIME
+            if (uri) {
+                const schemeCheck = validateUriSchemeAndIp(uri);
+                if (schemeCheck) {
+                    return `URI blocked: ${sanitizeUriForLog(uri)} — ${schemeCheck}`;
+                }
+                if (mimeType && !validateMimeType(mimeType, this.security.allowedMimeTypes)) {
+                    return `MIME type rejected: "${mimeType}"`;
+                }
+            }
+            // Inline base64 file: size + MIME check
+            if (bytes) {
+                const decodedSize = decodedBase64Size(bytes);
+                const sizeCheck = checkFileSize(decodedSize, this.security.maxInlineFileSizeBytes);
+                if (!sizeCheck.ok) {
+                    return `Inline file too large: ${sizeCheck.reason}`;
+                }
+                if (mimeType && !validateMimeType(mimeType, this.security.allowedMimeTypes)) {
+                    return `MIME type rejected: "${mimeType}"`;
+                }
+            }
+        }
+        return null;
+    }
+    extractFileParts(value) {
+        const results = [];
+        if (!value || typeof value !== "object")
+            return results;
+        const obj = value;
+        if (obj.kind === "file" && obj.file) {
+            results.push(obj);
+            return results;
+        }
+        const parts = Array.isArray(obj.parts) ? obj.parts : [];
+        for (const p of parts) {
+            if (p && typeof p === "object") {
+                const part = p;
+                if (part.kind === "file" && part.file) {
+                    results.push(part);
+                }
+            }
+        }
+        return results;
+    }
+    async tryHooksWakeFallback(agentId, taskId, contextId, userMessage) {
+        const config = this.resolveGatewayRuntimeConfig();
+        if (!config.hooksToken) {
+            return;
+        }
+        const text = extractInboundMessageText(userMessage);
+        const wakeText = `[A2A_INBOUND] agentId=${agentId} taskId=${taskId} contextId=${contextId} message=${text}`;
+        try {
+            await fetch(config.hooksWakeUrl, {
+                method: "POST",
+                headers: {
+                    authorization: `Bearer ${config.hooksToken}`,
+                    "content-type": "application/json",
+                },
+                body: JSON.stringify({ text: wakeText }),
+                signal: AbortSignal.timeout(HOOKS_WAKE_TIMEOUT_MS),
+            });
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            this.api.logger.warn(`a2a-gateway: hooks/wake fallback failed (${message})`);
+        }
+    }
+}
+//# sourceMappingURL=executor.js.map