@clawcrony/claw-crony 1.2.3 → 1.3.0

package/dist/src/hub-registration.js

@@ -1,22 +1,13 @@
 /**
- * Hub registration module for openclaw-claw-crony.
+ * Hub registration module for claw-crony.
  *
- * Handles automatic registration of the gateway with the hub server on first startup,
- * token generation, and idempotent re-registration.
+ * Registers the local plugin with the hub using client_id + public_key
+ * and persists the resulting agent binding locally.
  */
-import crypto from "node:crypto";
 import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
-// ---------------------------------------------------------------------------
-// Token generation
-// ---------------------------------------------------------------------------
-function generateToken() {
-    return crypto.randomBytes(32).toString("hex");
-}
-// ---------------------------------------------------------------------------
-// Registration file path & I/O
-// ---------------------------------------------------------------------------
+import { loadOrCreateIdentity } from "./identity-store.js";
 const REGISTRATION_FILENAME = "a2a-registration.json";
 function getRegistrationPath(configDir) {
     return path.join(configDir, REGISTRATION_FILENAME);
@@ -48,7 +39,6 @@ async function registerHubUser(hubUrl, agentId, username, password) {
         body: JSON.stringify({ agentId, username, password }),
     });
     if (res.status === 409) {
-        // Already registered — this is fine, idempotent
         return;
     }
     if (!res.ok) {
@@ -63,18 +53,14 @@ async function registerWithHub(hubUrl, payload) {
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify(payload),
     });
-    if (res.status === 409) {
-        const err = await res.json().catch(() => ({}));
-        throw Object.assign(new Error("Agent address already registered"), { status: 409, body: err });
-    }
     if (!res.ok) {
         const err = await res.json().catch(() => ({}));
         throw Object.assign(new Error(`Hub rejected registration: ${JSON.stringify(err)}`), { status: res.status });
     }
     return res.json();
 }
-async function lookupAgentByAddress(hubUrl, address) {
-    const url = `${hubUrl.replace(/\/$/, "")}/api/agents?address=${encodeURIComponent(address)}`;
+async function lookupAgentByClientId(hubUrl, clientId) {
+    const url = `${hubUrl.replace(/\/$/, "")}/api/agents?clientId=${encodeURIComponent(clientId)}`;
     const res = await fetch(url);
     if (!res.ok) {
         throw Object.assign(new Error(`Hub lookup failed: ${res.status}`), { status: res.status });
@@ -82,9 +68,6 @@ async function lookupAgentByAddress(hubUrl, address) {
     const agents = await res.json();
     return agents.length > 0 ? agents[0] : null;
 }
-// ---------------------------------------------------------------------------
-// Retry with exponential backoff
-// ---------------------------------------------------------------------------
 async function retryWithBackoff(fn, maxRetries, baseDelayMs, maxDelayMs) {
     let lastError;
     for (let attempt = 0; attempt <= maxRetries; attempt++) {
@@ -101,106 +84,37 @@ async function retryWithBackoff(fn, maxRetries, baseDelayMs, maxDelayMs) {
     }
     throw lastError;
 }
-// ---------------------------------------------------------------------------
-// Flatten skills from agent card config
-// ---------------------------------------------------------------------------
 function flattenSkills(skills) {
     return skills.map((s) => (typeof s === "string" ? s : s.name));
 }
-/**
- * Run the full hub registration flow:
- * 1. Load existing registration (if any)
- * 2. Validate existing token with hub
- * 3. If no valid registration, create new one (handling 409 conflicts)
- * 4. Save registration file atomically
- */
 export async function runHubRegistration(api, config, hubConfig, registrationConfig) {
     const configDir = getConfigDir();
     const hubUrl = hubConfig.url;
-    // Derive address from agentCard.url (the externally reachable address), not server.bind
-    // e.g. "http://100.10.10.1:18800/a2a/jsonrpc" -> "100.10.10.1:18800"
-    let address;
-    if (config.agentCard.url) {
-        try {
-            const urlObj = new URL(config.agentCard.url);
-            address = `${urlObj.hostname}:${urlObj.port || (urlObj.protocol === "https:" ? 443 : 80)}`;
-        }
-        catch {
-            address = `${config.server.host}:${config.server.port}`;
-        }
-    }
-    else {
-        address = `${config.server.host}:${config.server.port}`;
-    }
-    // Ensure config directory exists
+    const identity = loadOrCreateIdentity(registrationConfig.clientId);
     if (!fs.existsSync(configDir)) {
         fs.mkdirSync(configDir, { recursive: true });
     }
-    // Load existing registration
     const existing = loadRegistration(configDir);
-    // If we have a registration with a matching address and token, validate it
-    if (existing && existing.address === address && existing.hubUrl === hubUrl && existing.token) {
+    if (existing &&
+        existing.hubUrl === hubUrl &&
+        existing.clientId === identity.clientId &&
+        existing.publicKey === identity.publicKey) {
         try {
-            const agent = await lookupAgentByAddress(hubUrl, address);
+            const agent = await lookupAgentByClientId(hubUrl, identity.clientId);
             if (agent && agent.id === existing.agentId) {
                 api.logger.info(`claw-crony: using existing hub registration (agentId=${existing.agentId})`);
                 return {
                     agentId: existing.agentId,
-                    token: existing.token,
-                    address: existing.address,
+                    token: "",
+                    address: "",
                     name: existing.name,
                 };
             }
         }
         catch {
-            // Hub unreachable or agent not found — try re-registering with existing token first
-            api.logger.warn("claw-crony: existing registration invalid, trying with existing token");
-            const existingToken = existing.token;
-            try {
-                const existingPayload = {
-                    name: config.agentCard.name,
-                    description: config.agentCard.description ?? "",
-                    skills: flattenSkills(config.agentCard.skills),
-                    address,
-                    token: existingToken,
-                    username: registrationConfig.username ?? config.agentCard.name,
-                    email: registrationConfig.email ?? "",
-                };
-                const agent = await retryWithBackoff(() => registerWithHub(hubUrl, existingPayload), 3, 1000, 10000);
-                api.logger.info(`claw-crony: re-registered with hub using existing token (agentId=${agent.id})`);
-                // Also register hub user if password is configured
-                if (registrationConfig.password) {
-                    try {
-                        await retryWithBackoff(() => registerHubUser(hubUrl, agent.id, registrationConfig.username ?? config.agentCard.name, registrationConfig.password), 3, 1000, 10000);
-                        api.logger.info(`claw-crony: registered hub user for web login (agentId=${agent.id})`);
-                    }
-                    catch (err) {
-                        api.logger.warn(`claw-crony: hub user registration failed — ${err instanceof Error ? err.message : String(err)}`);
-                    }
-                }
-                // Re-save to update registration file
-                const updatedData = {
-                    ...existing,
-                    registeredAt: new Date().toISOString(),
-                };
-                saveRegistration(configDir, updatedData);
-                return { agentId: agent.id, token: existingToken, address, name: config.agentCard.name };
-            }
-            catch (err) {
-                // Existing token also failed (409 means address conflict from elsewhere)
-                const status = typeof err === "object" && err !== null ? err.status : undefined;
-                if (status === 409) {
-                    api.logger.warn("claw-crony: existing token rejected, generating new token");
-                }
-                else {
-                    api.logger.warn(`claw-crony: re-registration with existing token failed — ${err instanceof Error ? err.message : String(err)}`);
-                }
-                // fall through to generate new token
-            }
+            api.logger.warn("claw-crony: existing registration not confirmed remotely, re-registering");
         }
     }
-    // Generate new token
-    const token = generateToken();
     const name = config.agentCard.name;
     const description = config.agentCard.description ?? "";
     const skills = flattenSkills(config.agentCard.skills);
@@ -210,8 +124,10 @@ export async function runHubRegistration(api, config, hubConfig, registrationCon
         name,
         description,
         skills,
-        address,
-        token,
+        clientId: identity.clientId,
+        publicKey: identity.publicKey,
+        keyVersion: identity.keyVersion,
+        clientVersion: "claw-crony/1.3.0",
         username,
         email,
     };
@@ -220,15 +136,13 @@ export async function runHubRegistration(api, config, hubConfig, registrationCon
         const agent = await retryWithBackoff(() => registerWithHub(hubUrl, payload), 3, 1000, 10000);
         agentId = agent.id;
         api.logger.info(`claw-crony: registered with hub (agentId=${agentId})`);
-        // Also register hub user for web dashboard login (if password provided)
         if (registrationConfig.password) {
             try {
                 await retryWithBackoff(() => registerHubUser(hubUrl, agentId, username, registrationConfig.password), 3, 1000, 10000);
                 api.logger.info(`claw-crony: registered hub user for web login (agentId=${agentId})`);
             }
             catch (err) {
-                api.logger.warn(`claw-crony: hub user registration failed — ${err instanceof Error ? err.message : String(err)}`);
-                // Non-fatal — agent is registered, web login may already exist
+                api.logger.warn(`claw-crony: hub user registration failed - ${err instanceof Error ? err.message : String(err)}`);
             }
         }
         else {
@@ -237,46 +151,33 @@ export async function runHubRegistration(api, config, hubConfig, registrationCon
         }
     }
     catch (err) {
-        // 409 Conflict: address already registered by someone else — try to find our agentId
         if (typeof err === "object" && err !== null && err.status === 409) {
             try {
-                const existingAgent = await lookupAgentByAddress(hubUrl, address);
-                if (existingAgent) {
-                    agentId = existingAgent.id;
-                    api.logger.info(`claw-crony: found existing registration (agentId=${agentId})`);
-                    // Also register hub user if password is configured
-                    if (registrationConfig.password) {
-                        try {
-                            await retryWithBackoff(() => registerHubUser(hubUrl, agentId, registrationConfig.username ?? config.agentCard.name, registrationConfig.password), 3, 1000, 10000);
-                            api.logger.info(`claw-crony: registered hub user for web login (agentId=${agentId})`);
-                        }
-                        catch (err) {
-                            api.logger.warn(`claw-crony: hub user registration failed — ${err instanceof Error ? err.message : String(err)}`);
-                        }
-                    }
-                }
-                else {
-                    api.logger.error("claw-crony: address conflict but could not find existing agent");
+                const existingAgent = await lookupAgentByClientId(hubUrl, identity.clientId);
+                if (!existingAgent) {
+                    api.logger.error("claw-crony: identity conflict but could not find existing agent");
                     return null;
                 }
+                agentId = existingAgent.id;
+                api.logger.info(`claw-crony: found existing registration (agentId=${agentId})`);
             }
             catch {
-                api.logger.error("claw-crony: address conflict and hub lookup failed");
+                api.logger.error("claw-crony: identity conflict and hub lookup failed");
                 return null;
             }
         }
         else {
-            api.logger.warn(`claw-crony: hub registration failed — ${err instanceof Error ? err.message : String(err)}`);
+            api.logger.warn(`claw-crony: hub registration failed - ${err instanceof Error ? err.message : String(err)}`);
             return null;
         }
     }
-    // Save registration file
     const registrationData = {
-        version: 1,
+        version: 2,
         hubUrl,
         agentId,
-        address,
-        token,
+        clientId: identity.clientId,
+        publicKey: identity.publicKey,
+        keyVersion: identity.keyVersion,
         registeredAt: new Date().toISOString(),
         name,
         description,
@@ -286,7 +187,7 @@ export async function runHubRegistration(api, config, hubConfig, registrationCon
         saveRegistration(configDir, registrationData);
     }
     catch (saveErr) {
-        api.logger.warn(`claw-crony: failed to save registration file — ${saveErr instanceof Error ? saveErr.message : String(saveErr)}`);
+        api.logger.warn(`claw-crony: failed to save registration file - ${saveErr instanceof Error ? saveErr.message : String(saveErr)}`);
     }
-    return { agentId, token, address, name };
+    return { agentId, token: "", address: "", name };
 }

package/dist/src/identity-store.d.ts

@@ -0,0 +1,4 @@
+import type { IdentityData } from "./types.js";
+export declare function loadIdentity(configDir?: string): IdentityData | null;
+export declare function saveIdentity(configDir: string, data: IdentityData): void;
+export declare function loadOrCreateIdentity(clientId?: string): IdentityData;

package/dist/src/identity-store.js

@@ -0,0 +1,55 @@
+import crypto from "node:crypto";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+const IDENTITY_FILENAME = "a2a-identity.json";
+function getConfigDir() {
+    return path.join(os.homedir(), ".openclaw");
+}
+function getIdentityPath(configDir) {
+    return path.join(configDir, IDENTITY_FILENAME);
+}
+function randomClientId() {
+    return crypto.randomUUID();
+}
+export function loadIdentity(configDir) {
+    const identityPath = getIdentityPath(configDir ?? getConfigDir());
+    try {
+        const raw = fs.readFileSync(identityPath, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+export function saveIdentity(configDir, data) {
+    const identityPath = getIdentityPath(configDir);
+    const tmpPath = `${identityPath}.tmp`;
+    fs.writeFileSync(tmpPath, JSON.stringify(data, null, 2), "utf-8");
+    fs.renameSync(tmpPath, identityPath);
+}
+export function loadOrCreateIdentity(clientId) {
+    const configDir = getConfigDir();
+    if (!fs.existsSync(configDir)) {
+        fs.mkdirSync(configDir, { recursive: true });
+    }
+    const existing = loadIdentity(configDir);
+    if (existing) {
+        if (clientId && existing.clientId !== clientId) {
+            existing.clientId = clientId;
+            saveIdentity(configDir, existing);
+        }
+        return existing;
+    }
+    const { publicKey, privateKey } = crypto.generateKeyPairSync("x25519");
+    const identity = {
+        version: 1,
+        clientId: clientId?.trim() || randomClientId(),
+        publicKey: publicKey.export({ format: "pem", type: "spki" }).toString(),
+        privateKey: privateKey.export({ format: "pem", type: "pkcs8" }).toString(),
+        keyVersion: 1,
+        createdAt: new Date().toISOString(),
+    };
+    saveIdentity(configDir, identity);
+    return identity;
+}

package/dist/src/types.d.ts

@@ -3,7 +3,7 @@
  *
  * These types support the A2A v0.3.0 protocol integration via @a2a-js/sdk.
  */
-export type { OpenClawPluginApi, PluginLogger, OpenClawConfig } from "openclaw/plugin-sdk";
+export type { OpenClawPluginApi, PluginLogger, OpenClawConfig } from "openclaw/plugin-sdk/plugin-entry";
 export type InboundAuth = "none" | "bearer";
 export type PeerAuthType = "bearer" | "apiKey";
 export interface PeerAuthConfig {
@@ -70,6 +70,9 @@ export interface GatewayConfig {
         metricsPath: string;
         metricsAuth: "none" | "bearer";
         auditLogPath: string;
+        historyEnabled: boolean;
+        historyLogPath: string;
+        historyIncludeEncryptedPayloads: boolean;
     };
     timeouts?: {
         /**
@@ -92,18 +95,56 @@ export interface RegistrationConfig {
     email?: string;
     password?: string;
     skills?: string[];
+    clientId?: string;
 }
 export interface HubRegistrationData {
     version: number;
     hubUrl: string;
     agentId: number;
-    address: string;
-    token: string;
+    clientId: string;
+    publicKey: string;
+    keyVersion: number;
     registeredAt: string;
     name: string;
     description: string;
     skills: string[];
 }
+export interface IdentityData {
+    version: number;
+    clientId: string;
+    publicKey: string;
+    privateKey: string;
+    keyVersion: number;
+    createdAt: string;
+}
+export interface EphemeralTokenRecord {
+    token: string;
+    matchId: number;
+    peerAgentId: number;
+    expiresAt: number;
+}
+export interface HandshakePayload {
+    version: number;
+    matchId: number;
+    sessionId: string;
+    fromAgentId: number;
+    toAgentId: number;
+    address: string;
+    agentCardPath: string;
+    token: string;
+    tokenExpiresAt: string;
+    protocols: string[];
+    createdAt: string;
+    nonce: string;
+}
+export interface EncryptedHandshakeMessage {
+    version: number;
+    algorithm: "x25519-aes-256-gcm";
+    senderPublicKey: string;
+    iv: string;
+    ciphertext: string;
+    authTag: string;
+}
 export interface HealthCheckConfig {
     enabled: boolean;
     intervalMs: number;

package/openclaw.plugin.json

@@ -1,9 +1,18 @@
 {
-  "id": "claw-crony",
-  "name": "Claw Crony",
-  "description": "OpenClaw A2A v0.3.0 gateway with Agent Card, JSON-RPC, REST, routing rules, transport fallback, and Hub matchmaking",
-  "version": "1.2.3",
-  "defaultConfig": {
+  "id": "claw-crony",
+  "name": "Claw Crony",
+  "description": "OpenClaw A2A v0.3.0 gateway with Agent Card, JSON-RPC, REST, routing rules, transport fallback, and Hub matchmaking",
+  "version": "1.3.0",
+  "activation": {
+    "onStartup": true
+  },
+  "contracts": {
+    "tools": [
+      "a2a_send_file",
+      "a2a_match_request"
+    ]
+  },
+  "defaultConfig": {
     "agentCard": {
       "name": "OpenClaw A2A Gateway",
       "description": "A2A bridge for OpenClaw agents",
@@ -58,12 +67,16 @@
       "registration": {
         "type": "object",
         "additionalProperties": false,
-        "properties": {
-          "username": { "type": "string" },
-          "email": { "type": "string" },
-          "password": { "type": "string" }
-        }
-      },
+        "properties": {
+          "username": { "type": "string" },
+          "email": { "type": "string" },
+          "password": { "type": "string" },
+          "clientId": {
+            "type": "string",
+            "description": "Optional stable client id for Hub registration. If omitted, claw-crony generates and persists one locally."
+          }
+        }
+      },
       "server": {
         "type": "object",
         "additionalProperties": false,
@@ -206,13 +219,28 @@
             "default": "none",
             "description": "Authentication for the metrics endpoint. When set to 'bearer', reuses security.token/tokens."
           },
-          "auditLogPath": {
-            "type": "string",
-            "default": "~/.openclaw/a2a-audit.jsonl",
-            "description": "Path for the JSONL audit log file (separate from structured logs)."
-          }
-        }
-      },
+          "auditLogPath": {
+            "type": "string",
+            "default": "~/.openclaw/a2a-audit.jsonl",
+            "description": "Path for the JSONL audit log file (separate from structured logs)."
+          },
+          "historyEnabled": {
+            "type": "boolean",
+            "default": true,
+            "description": "Enable operator-facing JSONL request history for match, handshake, peer, send, and file-send events."
+          },
+          "historyLogPath": {
+            "type": "string",
+            "default": "~/.openclaw/a2a-history.jsonl",
+            "description": "Path for the JSONL request history file."
+          },
+          "historyIncludeEncryptedPayloads": {
+            "type": "boolean",
+            "default": false,
+            "description": "Include encrypted handshake payload fields in request history. Tokens and secrets remain redacted."
+          }
+        }
+      },
       "timeouts": {
         "type": "object",
         "additionalProperties": false,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawcrony/claw-crony",
-  "version": "1.2.3",
+  "version": "1.3.0",
   "type": "module",
   "description": "OpenClaw A2A gateway plugin implementing the A2A v0.3.0 protocol surface",
   "main": "dist/index.js",
@@ -11,11 +11,16 @@
       "types": "./dist/index.d.ts"
     }
   },
-  "files": [
-    "dist",
-    "openclaw.plugin.json",
-    "skill"
-  ],
+  "files": [
+    "dist",
+    "openclaw.plugin.json",
+    "skill",
+    "scripts",
+    "README.md",
+    "CONFIG.md",
+    "CHANGELOG.md",
+    "LICENSE"
+  ],
   "scripts": {
     "build": "tsc",
     "test": "node --import tsx --test tests/*.test.ts"
@@ -29,27 +34,38 @@
   ],
   "license": "MIT",
   "devDependencies": {
-    "@types/express": "^5.0.6",
-    "@types/node": "^22.0.0",
-    "@types/supertest": "^2.0.16",
-    "@types/uuid": "^10.0.0",
-    "openclaw": "^2026.3.2",
-    "supertest": "^7.1.4",
-    "tsx": "^4.19.0",
-    "typescript": "^5.9.3"
-  },
-  "dependencies": {
-    "@a2a-js/sdk": "^0.3.0",
-    "@bufbuild/protobuf": "^2.11.0",
-    "@grpc/grpc-js": "^1.14.3",
-    "express": "^4.21.2",
-    "uuid": "^9.0.1"
-  },
-  "openclaw": {
-    "extensions": [
-      "./index.ts"
-    ]
-  },
+    "@types/express": "5.0.6",
+    "@types/node": "25.5.0",
+    "@types/supertest": "2.0.16",
+    "@types/uuid": "10.0.0",
+    "openclaw": "2026.5.2",
+    "supertest": "7.2.2",
+    "tsx": "4.21.0",
+    "typescript": "5.9.3"
+  },
+  "dependencies": {
+    "@a2a-js/sdk": "0.3.13",
+    "@bufbuild/protobuf": "2.11.0",
+    "@grpc/grpc-js": "1.14.3",
+    "express": "4.22.1",
+    "uuid": "9.0.1"
+  },
+  "openclaw": {
+    "extensions": [
+      "./dist/index.js"
+    ],
+    "compat": {
+      "pluginApi": ">=2026.5.2",
+      "minGatewayVersion": "2026.5.2"
+    },
+    "build": {
+      "openclawVersion": "2026.5.2",
+      "pluginSdkVersion": "2026.5.2"
+    }
+  },
+  "overrides": {
+    "axios": "1.16.0"
+  },
   "engines": {
     "node": ">=22"
   }

package/scripts/a2a-diagnose.ps1

@@ -0,0 +1,15 @@
+Write-Host "== OpenClaw Gateway =="
+openclaw gateway status
+
+Write-Host "`n== Plugin =="
+openclaw plugins inspect claw-crony
+openclaw plugins inspect claw-crony --runtime
+
+Write-Host "`n== Peers =="
+openclaw gateway call a2a.peers --params "{}"
+
+Write-Host "`n== Metrics =="
+openclaw gateway call a2a.metrics --params "{}"
+
+Write-Host "`n== Recent History =="
+openclaw gateway call a2a.history --params "{`"count`":20}"

package/scripts/a2a-diagnose.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "== OpenClaw Gateway =="
+openclaw gateway status
+
+echo
+echo "== Plugin =="
+openclaw plugins inspect claw-crony
+openclaw plugins inspect claw-crony --runtime
+
+echo
+echo "== Peers =="
+openclaw gateway call a2a.peers --params "{}"
+
+echo
+echo "== Metrics =="
+openclaw gateway call a2a.metrics --params "{}"
+
+echo
+echo "== Recent History =="
+openclaw gateway call a2a.history --params '{"count":20}'

package/scripts/a2a-history.ps1

@@ -0,0 +1,21 @@
+param(
+  [int] $Count = 50,
+  [string] $Type = "",
+  [string] $Status = "",
+  [string] $Direction = "",
+  [int] $MatchId = 0,
+  [string] $Peer = ""
+)
+
+$payload = @{
+  count = $Count
+}
+
+if ($Type) { $payload.type = $Type }
+if ($Status) { $payload.status = $Status }
+if ($Direction) { $payload.direction = $Direction }
+if ($MatchId -gt 0) { $payload.matchId = $MatchId }
+if ($Peer) { $payload.peer = $Peer }
+
+$json = $payload | ConvertTo-Json -Depth 20 -Compress
+openclaw gateway call a2a.history --params $json

package/scripts/a2a-history.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+count="${1:-50}"
+type="${2:-}"
+match_id="${3:-}"
+
+params="$(node -e 'const payload={count:Number(process.argv[1] || 50)}; if (process.argv[2]) payload.type=process.argv[2]; if (process.argv[3]) payload.matchId=Number(process.argv[3]); process.stdout.write(JSON.stringify(payload));' "$count" "$type" "$match_id")"
+openclaw gateway call a2a.history --params "$params"