@clawcrony/claw-crony 1.2.4 → 1.3.0

package/dist/src/ephemeral-token.d.ts

@@ -1,5 +1,7 @@
 import type { GatewayConfig } from "./types.js";
-export declare function issueEphemeralInboundToken(config: GatewayConfig, matchId: number, peerAgentId: number, ttlMs?: number): {
+export declare const EPHEMERAL_INBOUND_TOKEN_LENGTH = 48;
+export declare function isValidEphemeralInboundToken(value: unknown): value is string;
+export declare function issueEphemeralInboundToken(config: GatewayConfig, _matchId: number, _peerAgentId: number, ttlMs?: number): {
     token: string;
     expiresAt: string;
 };

package/dist/src/ephemeral-token.js

@@ -1,6 +1,11 @@
 import crypto from "node:crypto";
-export function issueEphemeralInboundToken(config, matchId, peerAgentId, ttlMs = 5 * 60_000) {
-    const token = `match-${matchId}-peer-${peerAgentId}-${crypto.randomBytes(18).toString("hex")}`;
+export const EPHEMERAL_INBOUND_TOKEN_LENGTH = 48;
+const EPHEMERAL_INBOUND_TOKEN_PATTERN = /^[0-9a-f]{48}$/;
+export function isValidEphemeralInboundToken(value) {
+    return typeof value === "string" && EPHEMERAL_INBOUND_TOKEN_PATTERN.test(value);
+}
+export function issueEphemeralInboundToken(config, _matchId, _peerAgentId, ttlMs = 5 * 60_000) {
+    const token = crypto.randomBytes(EPHEMERAL_INBOUND_TOKEN_LENGTH / 2).toString("hex");
     config.security.validTokens.add(token);
     setTimeout(() => {
         config.security.validTokens.delete(token);

package/dist/src/history.d.ts

@@ -0,0 +1,44 @@
+export type RequestHistoryType = "match.created" | "match.failed" | "handshake.offer_sent" | "handshake.offer_received" | "handshake.answer_sent" | "handshake.answer_received" | "handshake.failed" | "peer.upserted" | "send.started" | "send.completed" | "send.failed" | "send_file.started" | "send_file.completed" | "send_file.failed" | "task.inbound_completed" | "task.inbound_failed";
+export type RequestHistoryStatus = "started" | "success" | "failure" | "ignored";
+export type RequestHistoryDirection = "inbound" | "outbound" | "local";
+export interface RequestHistoryEntry {
+    ts: string;
+    type: RequestHistoryType;
+    status: RequestHistoryStatus;
+    direction?: RequestHistoryDirection;
+    matchId?: number;
+    messageId?: number;
+    peer?: string;
+    durationMs?: number;
+    detail?: Record<string, unknown>;
+}
+export interface RequestHistoryFilter {
+    count?: number;
+    type?: string;
+    status?: string;
+    direction?: string;
+    matchId?: number;
+    peer?: string;
+}
+export interface RequestHistoryOptions {
+    enabled: boolean;
+    includeEncryptedPayloads: boolean;
+}
+/**
+ * Append-only request history store for operator-facing troubleshooting.
+ * Unlike the audit log, this captures Hub match/handshake milestones and
+ * gateway calls. Sensitive fields are redacted before persistence.
+ */
+export declare class RequestHistoryStore {
+    private readonly filePath;
+    private readonly options;
+    private dirEnsured;
+    constructor(filePath: string, options?: Partial<RequestHistoryOptions>);
+    record(entry: Omit<RequestHistoryEntry, "ts"> & {
+        ts?: string;
+    }): void;
+    tail(filter?: RequestHistoryFilter): Promise<RequestHistoryEntry[]>;
+    close(): void;
+    private ensureDir;
+    private write;
+}

package/dist/src/history.js

@@ -0,0 +1,119 @@
+import fs from "node:fs";
+import path from "node:path";
+import readline from "node:readline";
+const SECRET_KEY_NAMES = ["token", "secret", "password", "authorization", "ciphertext"];
+function redactValue(key, value, includeEncryptedPayloads) {
+    const normalizedKey = key.toLowerCase();
+    if (SECRET_KEY_NAMES.some((name) => normalizedKey.includes(name))) {
+        if (normalizedKey.includes("ciphertext") && includeEncryptedPayloads) {
+            return value;
+        }
+        return "[redacted]";
+    }
+    if (Array.isArray(value)) {
+        return value.map((entry) => redactUnknown(entry, includeEncryptedPayloads));
+    }
+    if (value && typeof value === "object") {
+        return redactObject(value, includeEncryptedPayloads);
+    }
+    return value;
+}
+function redactUnknown(value, includeEncryptedPayloads) {
+    if (Array.isArray(value)) {
+        return value.map((entry) => redactUnknown(entry, includeEncryptedPayloads));
+    }
+    if (value && typeof value === "object") {
+        return redactObject(value, includeEncryptedPayloads);
+    }
+    return value;
+}
+function redactObject(value, includeEncryptedPayloads) {
+    const next = {};
+    for (const [key, entry] of Object.entries(value)) {
+        next[key] = redactValue(key, entry, includeEncryptedPayloads);
+    }
+    return next;
+}
+function matchesFilter(entry, filter) {
+    if (filter.type && entry.type !== filter.type)
+        return false;
+    if (filter.status && entry.status !== filter.status)
+        return false;
+    if (filter.direction && entry.direction !== filter.direction)
+        return false;
+    if (filter.matchId != null && entry.matchId !== filter.matchId)
+        return false;
+    if (filter.peer && entry.peer !== filter.peer)
+        return false;
+    return true;
+}
+/**
+ * Append-only request history store for operator-facing troubleshooting.
+ * Unlike the audit log, this captures Hub match/handshake milestones and
+ * gateway calls. Sensitive fields are redacted before persistence.
+ */
+export class RequestHistoryStore {
+    filePath;
+    options;
+    dirEnsured = false;
+    constructor(filePath, options = {}) {
+        this.filePath = filePath;
+        this.options = {
+            enabled: options.enabled ?? true,
+            includeEncryptedPayloads: options.includeEncryptedPayloads ?? false,
+        };
+    }
+    record(entry) {
+        if (!this.options.enabled) {
+            return;
+        }
+        const detail = entry.detail
+            ? redactObject(entry.detail, this.options.includeEncryptedPayloads)
+            : undefined;
+        this.write({
+            ...entry,
+            ts: entry.ts ?? new Date().toISOString(),
+            ...(detail ? { detail } : {}),
+        });
+    }
+    async tail(filter = {}) {
+        if (!fs.existsSync(this.filePath))
+            return [];
+        const count = Math.min(Math.max(1, Math.floor(filter.count ?? 50)), 500);
+        const entries = [];
+        const input = fs.createReadStream(this.filePath, { encoding: "utf-8" });
+        const rl = readline.createInterface({ input, crlfDelay: Infinity });
+        for await (const line of rl) {
+            if (!line.trim())
+                continue;
+            try {
+                const entry = JSON.parse(line);
+                if (matchesFilter(entry, filter)) {
+                    entries.push(entry);
+                }
+            }
+            catch {
+                // Skip malformed lines.
+            }
+        }
+        return entries.slice(-count).reverse();
+    }
+    close() {
+        // No persistent handles.
+    }
+    ensureDir() {
+        if (this.dirEnsured)
+            return;
+        this.dirEnsured = true;
+        fs.mkdirSync(path.dirname(this.filePath), { recursive: true });
+    }
+    write(entry) {
+        try {
+            this.ensureDir();
+            fs.appendFileSync(this.filePath, JSON.stringify(entry) + "\n");
+        }
+        catch {
+            // History is diagnostic only; never crash the gateway.
+        }
+    }
+}

package/dist/src/hub-match.js

@@ -51,7 +51,7 @@ export class HubMatchClient {
     async getPendingMatches() {
         return this.request(`/api/matches/pending?agentId=${this.registration.agentId}`);
     }
-    async updatePresence(presenceStatus, clientVersion = "claw-crony/1.2.4") {
+    async updatePresence(presenceStatus, clientVersion = "claw-crony/1.3.0") {
         return this.request(`/api/agents/${this.registration.agentId}/presence`, {
             method: "PUT",
             body: JSON.stringify({

package/dist/src/hub-registration.js

@@ -127,7 +127,7 @@ export async function runHubRegistration(api, config, hubConfig, registrationCon
         clientId: identity.clientId,
         publicKey: identity.publicKey,
         keyVersion: identity.keyVersion,
-        clientVersion: "claw-crony/1.2.4",
+        clientVersion: "claw-crony/1.3.0",
         username,
         email,
     };

package/dist/src/types.d.ts

@@ -3,7 +3,7 @@
  *
  * These types support the A2A v0.3.0 protocol integration via @a2a-js/sdk.
  */
-export type { OpenClawPluginApi, PluginLogger, OpenClawConfig } from "openclaw/plugin-sdk";
+export type { OpenClawPluginApi, PluginLogger, OpenClawConfig } from "openclaw/plugin-sdk/plugin-entry";
 export type InboundAuth = "none" | "bearer";
 export type PeerAuthType = "bearer" | "apiKey";
 export interface PeerAuthConfig {
@@ -70,6 +70,9 @@ export interface GatewayConfig {
         metricsPath: string;
         metricsAuth: "none" | "bearer";
         auditLogPath: string;
+        historyEnabled: boolean;
+        historyLogPath: string;
+        historyIncludeEncryptedPayloads: boolean;
     };
     timeouts?: {
         /**

package/openclaw.plugin.json

@@ -1,9 +1,18 @@
 {
-  "id": "claw-crony",
-  "name": "Claw Crony",
-  "description": "OpenClaw A2A v0.3.0 gateway with Agent Card, JSON-RPC, REST, routing rules, transport fallback, and Hub matchmaking",
-  "version": "1.2.3",
-  "defaultConfig": {
+  "id": "claw-crony",
+  "name": "Claw Crony",
+  "description": "OpenClaw A2A v0.3.0 gateway with Agent Card, JSON-RPC, REST, routing rules, transport fallback, and Hub matchmaking",
+  "version": "1.3.0",
+  "activation": {
+    "onStartup": true
+  },
+  "contracts": {
+    "tools": [
+      "a2a_send_file",
+      "a2a_match_request"
+    ]
+  },
+  "defaultConfig": {
     "agentCard": {
       "name": "OpenClaw A2A Gateway",
       "description": "A2A bridge for OpenClaw agents",
@@ -58,12 +67,16 @@
       "registration": {
         "type": "object",
         "additionalProperties": false,
-        "properties": {
-          "username": { "type": "string" },
-          "email": { "type": "string" },
-          "password": { "type": "string" }
-        }
-      },
+        "properties": {
+          "username": { "type": "string" },
+          "email": { "type": "string" },
+          "password": { "type": "string" },
+          "clientId": {
+            "type": "string",
+            "description": "Optional stable client id for Hub registration. If omitted, claw-crony generates and persists one locally."
+          }
+        }
+      },
       "server": {
         "type": "object",
         "additionalProperties": false,
@@ -206,13 +219,28 @@
             "default": "none",
             "description": "Authentication for the metrics endpoint. When set to 'bearer', reuses security.token/tokens."
           },
-          "auditLogPath": {
-            "type": "string",
-            "default": "~/.openclaw/a2a-audit.jsonl",
-            "description": "Path for the JSONL audit log file (separate from structured logs)."
-          }
-        }
-      },
+          "auditLogPath": {
+            "type": "string",
+            "default": "~/.openclaw/a2a-audit.jsonl",
+            "description": "Path for the JSONL audit log file (separate from structured logs)."
+          },
+          "historyEnabled": {
+            "type": "boolean",
+            "default": true,
+            "description": "Enable operator-facing JSONL request history for match, handshake, peer, send, and file-send events."
+          },
+          "historyLogPath": {
+            "type": "string",
+            "default": "~/.openclaw/a2a-history.jsonl",
+            "description": "Path for the JSONL request history file."
+          },
+          "historyIncludeEncryptedPayloads": {
+            "type": "boolean",
+            "default": false,
+            "description": "Include encrypted handshake payload fields in request history. Tokens and secrets remain redacted."
+          }
+        }
+      },
       "timeouts": {
         "type": "object",
         "additionalProperties": false,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawcrony/claw-crony",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "type": "module",
   "description": "OpenClaw A2A gateway plugin implementing the A2A v0.3.0 protocol surface",
   "main": "dist/index.js",
@@ -11,11 +11,16 @@
       "types": "./dist/index.d.ts"
     }
   },
-  "files": [
-    "dist",
-    "openclaw.plugin.json",
-    "skill"
-  ],
+  "files": [
+    "dist",
+    "openclaw.plugin.json",
+    "skill",
+    "scripts",
+    "README.md",
+    "CONFIG.md",
+    "CHANGELOG.md",
+    "LICENSE"
+  ],
   "scripts": {
     "build": "tsc",
     "test": "node --import tsx --test tests/*.test.ts"
@@ -29,27 +34,38 @@
   ],
   "license": "MIT",
   "devDependencies": {
-    "@types/express": "^5.0.6",
-    "@types/node": "^22.0.0",
-    "@types/supertest": "^2.0.16",
-    "@types/uuid": "^10.0.0",
-    "openclaw": "^2026.3.2",
-    "supertest": "^7.1.4",
-    "tsx": "^4.19.0",
-    "typescript": "^5.9.3"
-  },
-  "dependencies": {
-    "@a2a-js/sdk": "^0.3.0",
-    "@bufbuild/protobuf": "^2.11.0",
-    "@grpc/grpc-js": "^1.14.3",
-    "express": "^4.21.2",
-    "uuid": "^9.0.1"
-  },
-  "openclaw": {
-    "extensions": [
-      "./index.ts"
-    ]
-  },
+    "@types/express": "5.0.6",
+    "@types/node": "25.5.0",
+    "@types/supertest": "2.0.16",
+    "@types/uuid": "10.0.0",
+    "openclaw": "2026.5.2",
+    "supertest": "7.2.2",
+    "tsx": "4.21.0",
+    "typescript": "5.9.3"
+  },
+  "dependencies": {
+    "@a2a-js/sdk": "0.3.13",
+    "@bufbuild/protobuf": "2.11.0",
+    "@grpc/grpc-js": "1.14.3",
+    "express": "4.22.1",
+    "uuid": "9.0.1"
+  },
+  "openclaw": {
+    "extensions": [
+      "./dist/index.js"
+    ],
+    "compat": {
+      "pluginApi": ">=2026.5.2",
+      "minGatewayVersion": "2026.5.2"
+    },
+    "build": {
+      "openclawVersion": "2026.5.2",
+      "pluginSdkVersion": "2026.5.2"
+    }
+  },
+  "overrides": {
+    "axios": "1.16.0"
+  },
   "engines": {
     "node": ">=22"
   }

package/scripts/a2a-diagnose.ps1

@@ -0,0 +1,15 @@
+Write-Host "== OpenClaw Gateway =="
+openclaw gateway status
+
+Write-Host "`n== Plugin =="
+openclaw plugins inspect claw-crony
+openclaw plugins inspect claw-crony --runtime
+
+Write-Host "`n== Peers =="
+openclaw gateway call a2a.peers --params "{}"
+
+Write-Host "`n== Metrics =="
+openclaw gateway call a2a.metrics --params "{}"
+
+Write-Host "`n== Recent History =="
+openclaw gateway call a2a.history --params "{`"count`":20}"

package/scripts/a2a-diagnose.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "== OpenClaw Gateway =="
+openclaw gateway status
+
+echo
+echo "== Plugin =="
+openclaw plugins inspect claw-crony
+openclaw plugins inspect claw-crony --runtime
+
+echo
+echo "== Peers =="
+openclaw gateway call a2a.peers --params "{}"
+
+echo
+echo "== Metrics =="
+openclaw gateway call a2a.metrics --params "{}"
+
+echo
+echo "== Recent History =="
+openclaw gateway call a2a.history --params '{"count":20}'

package/scripts/a2a-history.ps1

@@ -0,0 +1,21 @@
+param(
+  [int] $Count = 50,
+  [string] $Type = "",
+  [string] $Status = "",
+  [string] $Direction = "",
+  [int] $MatchId = 0,
+  [string] $Peer = ""
+)
+
+$payload = @{
+  count = $Count
+}
+
+if ($Type) { $payload.type = $Type }
+if ($Status) { $payload.status = $Status }
+if ($Direction) { $payload.direction = $Direction }
+if ($MatchId -gt 0) { $payload.matchId = $MatchId }
+if ($Peer) { $payload.peer = $Peer }
+
+$json = $payload | ConvertTo-Json -Depth 20 -Compress
+openclaw gateway call a2a.history --params $json

package/scripts/a2a-history.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+count="${1:-50}"
+type="${2:-}"
+match_id="${3:-}"
+
+params="$(node -e 'const payload={count:Number(process.argv[1] || 50)}; if (process.argv[2]) payload.type=process.argv[2]; if (process.argv[3]) payload.matchId=Number(process.argv[3]); process.stdout.write(JSON.stringify(payload));' "$count" "$type" "$match_id")"
+openclaw gateway call a2a.history --params "$params"

package/scripts/a2a-match.ps1

@@ -0,0 +1,16 @@
+param(
+  [Parameter(Mandatory = $true)]
+  [string[]] $Skills,
+  [string] $Description = ""
+)
+
+$payload = @{
+  skills = $Skills
+}
+
+if ($Description) {
+  $payload.description = $Description
+}
+
+$json = $payload | ConvertTo-Json -Depth 20 -Compress
+openclaw gateway call a2a.match --params $json

package/scripts/a2a-match.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+skills="${1:-}"
+description="${2:-}"
+
+if [[ -z "$skills" ]]; then
+  echo "usage: $0 chat,code_review [description]" >&2
+  exit 2
+fi
+
+params="$(node -e 'const skills=process.argv[1].split(",").map((s)=>s.trim()).filter(Boolean); const description=process.argv[2] || ""; const payload={skills}; if (description) payload.description=description; process.stdout.write(JSON.stringify(payload));' "$skills" "$description")"
+openclaw gateway call a2a.match --params "$params"

package/scripts/a2a-peers.ps1

@@ -0,0 +1 @@
+openclaw gateway call a2a.peers --params "{}"

package/scripts/a2a-peers.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+openclaw gateway call a2a.peers --params "{}"

package/scripts/a2a-send.ps1

@@ -0,0 +1,23 @@
+param(
+  [Parameter(Mandatory = $true)]
+  [string] $Peer,
+  [Parameter(Mandatory = $true)]
+  [string] $Text,
+  [string] $AgentId = ""
+)
+
+$message = @{
+  text = $Text
+}
+
+if ($AgentId) {
+  $message.agentId = $AgentId
+}
+
+$payload = @{
+  peer = $Peer
+  message = $message
+}
+
+$json = $payload | ConvertTo-Json -Depth 20 -Compress
+openclaw gateway call a2a.send --params $json

package/scripts/a2a-send.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+peer="${1:-}"
+text="${2:-}"
+agent_id="${3:-}"
+
+if [[ -z "$peer" || -z "$text" ]]; then
+  echo "usage: $0 <peer> <text> [agentId]" >&2
+  exit 2
+fi
+
+params="$(node -e 'const peer=process.argv[1]; const text=process.argv[2]; const agentId=process.argv[3] || ""; const message={text}; if (agentId) message.agentId=agentId; process.stdout.write(JSON.stringify({peer,message}));' "$peer" "$text" "$agent_id")"
+openclaw gateway call a2a.send --params "$params"

package/scripts/a2a-update.ps1

@@ -0,0 +1,3 @@
+openclaw plugins update claw-crony
+openclaw gateway restart
+openclaw plugins inspect claw-crony --runtime

package/scripts/a2a-update.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+openclaw plugins update claw-crony
+openclaw gateway restart
+openclaw plugins inspect claw-crony --runtime