@highway1/core 0.1.62 → 0.1.76

package/dist/index.js

@@ -3,8 +3,6 @@ import { base58btc } from 'multiformats/bases/base58';
 import { WebSocket } from 'ws';
 import { encode, decode } from 'cbor-x';
 import Ajv from 'ajv';
-import lunr from 'lunr';
-import Fuse from 'fuse.js';
 import { Level } from 'level';
 import { sha256 } from '@noble/hashes/sha256';
 import { bytesToHex } from '@noble/hashes/utils';
@@ -146,6 +144,112 @@ async function verifyMessage(signedMessage, expectedPublicKey) {
   }
 }
 
+// src/identity/aliases.ts
+function validateAliasName(alias) {
+  if (!alias || alias.length === 0) {
+    return { valid: false, error: "Alias cannot be empty" };
+  }
+  if (alias.length > 32) {
+    return { valid: false, error: "Alias must be 32 characters or less" };
+  }
+  if (alias.startsWith("did:")) {
+    return { valid: false, error: 'Alias cannot start with "did:" (reserved for DID prefix)' };
+  }
+  if (!/^[a-z0-9][a-z0-9-]*$/.test(alias)) {
+    return { valid: false, error: "Alias must be lowercase alphanumeric with hyphens, starting with alphanumeric" };
+  }
+  return { valid: true };
+}
+function resolveDid(input, aliases) {
+  if (!input) {
+    return void 0;
+  }
+  if (input.startsWith("did:")) {
+    return input;
+  }
+  const did = aliases[input];
+  if (did) {
+    return did;
+  }
+  return void 0;
+}
+function reverseAlias(did, aliases) {
+  for (const [alias, aliasDid] of Object.entries(aliases)) {
+    if (aliasDid === did) {
+      return alias;
+    }
+  }
+  return void 0;
+}
+function formatDidWithAlias(did, aliases) {
+  const alias = reverseAlias(did, aliases);
+  return alias || did;
+}
+function formatDidWithAliasDetailed(did, aliases, truncate = false) {
+  const alias = reverseAlias(did, aliases);
+  if (alias) {
+    if (truncate && did.length > 40) {
+      const truncated = did.substring(0, 20) + "..." + did.substring(did.length - 10);
+      return `${alias} (${truncated})`;
+    }
+    return `${alias} (${did})`;
+  }
+  if (truncate && did.length > 40) {
+    return did.substring(0, 20) + "..." + did.substring(did.length - 10);
+  }
+  return did;
+}
+
+// src/identity/document.ts
+function createDIDDocument(publicKey, services) {
+  const did = deriveDID(publicKey);
+  const keyId = `${did}#key-1`;
+  const publicKeyMultibase = `z${Buffer.from(publicKey).toString("hex")}`;
+  return {
+    "@context": [
+      "https://www.w3.org/ns/did/v1",
+      "https://w3id.org/security/suites/ed25519-2020/v1"
+    ],
+    id: did,
+    verificationMethod: [
+      {
+        id: keyId,
+        type: "Ed25519VerificationKey2020",
+        controller: did,
+        publicKeyMultibase
+      }
+    ],
+    authentication: [keyId],
+    assertionMethod: [keyId],
+    service: services
+  };
+}
+function validateDIDDocument(doc) {
+  if (typeof doc !== "object" || doc === null) {
+    return false;
+  }
+  const d = doc;
+  return Array.isArray(d["@context"]) && typeof d.id === "string" && d.id.startsWith("did:clawiverse:") && Array.isArray(d.verificationMethod) && d.verificationMethod.length > 0 && Array.isArray(d.authentication) && Array.isArray(d.assertionMethod);
+}
+
+// src/identity/index.ts
+async function generateAnonymousIdentity() {
+  const keyPair = await generateKeyPair();
+  const exported = exportKeyPair(keyPair);
+  const did = deriveDID(keyPair.publicKey);
+  const didSuffix = did.split(":").pop().slice(-8);
+  return {
+    did,
+    publicKey: exported.publicKey,
+    privateKey: exported.privateKey,
+    agentCard: {
+      name: `Agent-${didSuffix}`,
+      description: `Anonymous agent ${didSuffix}`,
+      capabilities: []
+    }
+  };
+}
+
 // src/utils/logger.ts
 var LogLevel = /* @__PURE__ */ ((LogLevel2) => {
   LogLevel2[LogLevel2["DEBUG"] = 0] = "DEBUG";
@@ -198,8 +302,9 @@ var DEFAULT_RECONNECT = {
   stableAfterMs: 6e4
 };
 function createRelayClient(config) {
-  const { relayUrls, did, keyPair, card } = config;
+  const { relayUrls, did, keyPair } = config;
   const reconnectConfig = { ...DEFAULT_RECONNECT, ...config.reconnect };
+  let currentCard = config.card;
   const connections = relayUrls.map((url) => ({
     url,
     ws: null,
@@ -228,13 +333,13 @@ function createRelayClient(config) {
           logger.info("WebSocket connected", { url: conn.url });
           try {
             const timestamp = Date.now();
-            const helloData = encode({ did, card, timestamp });
+            const helloData = encode({ did, card: currentCard, timestamp });
             const signature = await sign(helloData, keyPair.privateKey);
             const hello = {
               type: "HELLO",
               protocolVersion: 1,
               did,
-              card,
+              card: currentCard,
               timestamp,
               signature
             };
@@ -445,7 +550,7 @@ function createRelayClient(config) {
               ws.off("message", handler);
               resolve(msg.agents);
             }
-          } catch (err) {
+          } catch {
           }
         };
         ws.on("message", handler);
@@ -470,13 +575,49 @@ function createRelayClient(config) {
               ws.off("message", handler);
               resolve(msg.card);
             }
-          } catch (err) {
+          } catch {
           }
         };
         ws.on("message", handler);
         ws.send(encode({ type: "FETCH_CARD", did: did2 }));
       });
     },
+    async queryTrust(target, domain, since, cursor) {
+      const conn = getConnectedConnection();
+      const ws = conn?.ws;
+      if (!conn || !ws) {
+        throw new TransportError("No connected relay");
+      }
+      return new Promise((resolve, reject) => {
+        const timeout = setTimeout(() => {
+          reject(new TransportError("Trust query timeout"));
+        }, 1e4);
+        const handler = (data) => {
+          try {
+            const msg = decode(data);
+            if (msg.type === "TRUST_RESULT" && msg.target === target) {
+              clearTimeout(timeout);
+              ws.off("message", handler);
+              resolve(msg);
+            }
+          } catch {
+          }
+        };
+        ws.on("message", handler);
+        ws.send(encode({ type: "TRUST_QUERY", target, domain, since, cursor }));
+      });
+    },
+    async publishCard(card) {
+      if (card) {
+        currentCard = card;
+      }
+      await sendToRelay({ type: "PUBLISH_CARD", card });
+      logger.debug("Sent PUBLISH_CARD");
+    },
+    async unpublishCard() {
+      await sendToRelay({ type: "UNPUBLISH_CARD" });
+      logger.debug("Sent UNPUBLISH_CARD");
+    },
     onDeliver(handler) {
       deliveryHandler = handler;
     },
@@ -818,490 +959,63 @@ function createRelayIndexOperations(client) {
     }
   };
 }
-var logger3 = createLogger("search-index");
-var SearchIndex = class {
-  cards = /* @__PURE__ */ new Map();
-  lunrIndex;
-  fuse;
-  needsRebuild = false;
-  /**
-   * Add or update an Agent Card in the index
-   */
-  indexAgentCard(card) {
-    this.cards.set(card.did, card);
-    this.needsRebuild = true;
-    logger3.debug("Indexed Agent Card", { did: card.did, capabilities: card.capabilities.length });
-  }
-  /**
-   * Remove an Agent Card from the index
-   */
-  removeAgentCard(did) {
-    this.cards.delete(did);
-    this.needsRebuild = true;
-    logger3.debug("Removed Agent Card from index", { did });
-  }
-  /**
-   * Search for agents matching a query
-   */
-  search(query) {
-    if (this.needsRebuild) {
-      this.rebuild();
-    }
-    let results = [];
-    if (query.text && this.lunrIndex) {
-      results = this.searchByText(query.text);
-    } else if (query.capability && this.fuse) {
-      results = this.searchByCapability(query.capability);
-    } else {
-      results = Array.from(this.cards.values()).map((card) => ({
-        card,
-        score: 1
-      }));
-    }
-    if (query.filters) {
-      results = this.applyFilters(results, query.filters);
-    }
-    results.sort((a, b) => b.score - a.score);
-    if (query.limit) {
-      results = results.slice(0, query.limit);
-    }
-    logger3.debug("Search completed", { query, results: results.length });
-    return results;
-  }
-  /**
-   * Get all indexed cards
-   */
-  getAllCards() {
-    return Array.from(this.cards.values());
-  }
-  /**
-   * Clear the index
-   */
-  clear() {
-    this.cards.clear();
-    this.lunrIndex = void 0;
-    this.fuse = void 0;
-    this.needsRebuild = false;
-    logger3.info("Search index cleared");
-  }
-  /**
-   * Get index size
-   */
-  size() {
-    return this.cards.size;
-  }
-  /**
-   * Rebuild search indexes
-   */
-  rebuild() {
-    logger3.info("Rebuilding search indexes", { cards: this.cards.size });
-    const cards = Array.from(this.cards.values());
-    this.lunrIndex = lunr(function() {
-      this.ref("did");
-      this.field("name", { boost: 10 });
-      this.field("description", { boost: 5 });
-      this.field("capabilities");
-      for (const card of cards) {
-        this.add({
-          did: card.did,
-          name: card.name,
-          description: card.description,
-          capabilities: card.capabilities.map((cap) => `${cap.name} ${cap.description}`).join(" ")
-        });
-      }
-    });
-    this.fuse = new Fuse(Array.from(this.cards.values()), {
-      keys: [
-        { name: "name", weight: 0.3 },
-        { name: "description", weight: 0.2 },
-        { name: "capabilities.name", weight: 0.3 },
-        { name: "capabilities.description", weight: 0.2 }
-      ],
-      threshold: 0.4,
-      includeScore: true
-    });
-    this.needsRebuild = false;
-    logger3.info("Search indexes rebuilt");
-  }
-  /**
-   * Search by text using Lunr
-   */
-  searchByText(text) {
-    if (!this.lunrIndex) return [];
-    const lunrResults = this.lunrIndex.search(text);
-    return lunrResults.map((result) => ({
-      card: this.cards.get(result.ref),
-      score: result.score
-    }));
-  }
-  /**
-   * Search by capability using Fuse
-   */
-  searchByCapability(capability) {
-    if (!this.fuse) return [];
-    const fuseResults = this.fuse.search(capability);
-    return fuseResults.map((result) => ({
-      card: result.item,
-      score: 1 - (result.score || 0)
-      // Fuse score is distance, convert to similarity
-    }));
-  }
-  /**
-   * Apply filters to search results
-   */
-  applyFilters(results, filters) {
-    return results.filter((result) => {
-      const { card } = result;
-      if (filters.minTrustScore !== void 0 && card.trust) {
-        const overallTrust = card.trust.interactionScore * 0.4 + Math.min(card.trust.endorsements / 10, 1) * 0.2 + card.trust.completionRate * 0.2 + card.trust.uptime * 0.2;
-        if (overallTrust < filters.minTrustScore) {
-          return false;
-        }
-      }
-      if (filters.language) {
-        const hasLanguage = card.capabilities.some(
-          (cap) => {
-            const metadata = cap.metadata;
-            if (!metadata) return false;
-            return metadata.language === filters.language || Array.isArray(metadata.languages) && metadata.languages.includes(filters.language);
-          }
-        );
-        if (!hasLanguage) return false;
-      }
-      if (filters.tags && filters.tags.length > 0) {
-        const cardTags = Array.isArray(card.metadata?.tags) ? card.metadata.tags : [];
-        const hasAllTags = filters.tags.every((tag) => cardTags.includes(tag));
-        if (!hasAllTags) return false;
-      }
-      return true;
-    });
-  }
-};
 
-// src/discovery/capability-matcher.ts
-var CapabilityMatcher = class {
-  /**
-   * Match a query against a capability
-   * Returns a score between 0 and 1
-   */
-  match(query, capability) {
-    let score = 0;
-    let weights = 0;
-    if (query.capability && capability.id === query.capability) {
-      return 1;
-    }
-    if (query.capability) {
-      const nameScore = this.fuzzyMatch(query.capability, capability.name);
-      score += nameScore * 0.4;
-      weights += 0.4;
-    }
-    if (query.text) {
-      const keywords = this.extractKeywords(query.text);
-      const keywordScore = this.matchKeywords(keywords, capability);
-      score += keywordScore * 0.4;
-      weights += 0.4;
-    }
-    if (query.capability && capability["@type"]) {
-      const typeScore = this.matchesType(query.capability, capability["@type"]) ? 0.6 : 0;
-      score += typeScore * 0.2;
-      weights += 0.2;
-    }
-    return weights > 0 ? score / weights : 0;
-  }
-  /**
-   * Extract keywords from natural language text
-   */
-  extractKeywords(text) {
-    const stopWords = /* @__PURE__ */ new Set([
-      "a",
-      "an",
-      "the",
-      "is",
-      "are",
-      "was",
-      "were",
-      "be",
-      "been",
-      "to",
-      "from",
-      "in",
-      "on",
-      "at",
-      "by",
-      "for",
-      "with",
-      "about",
-      "can",
-      "could",
-      "should",
-      "would",
-      "will",
-      "do",
-      "does",
-      "did",
-      "i",
-      "you",
-      "he",
-      "she",
-      "it",
-      "we",
-      "they",
-      "me",
-      "him",
-      "her"
-    ]);
-    return text.toLowerCase().split(/\W+/).filter((word) => word.length > 2 && !stopWords.has(word));
-  }
-  /**
-   * Match keywords against capability
-   */
-  matchKeywords(keywords, capability) {
-    if (keywords.length === 0) return 0;
-    const capText = `${capability.name} ${capability.description}`.toLowerCase();
-    const matches = keywords.filter((keyword) => capText.includes(keyword));
-    return matches.length / keywords.length;
-  }
-  /**
-   * Check if query matches capability type hierarchy
-   */
-  matchesType(query, type) {
-    const queryLower = query.toLowerCase();
-    const typeLower = type.toLowerCase();
-    if (typeLower.includes(queryLower)) return true;
-    const typeMap = {
-      translate: ["translation", "translationservice"],
-      review: ["codereview", "reviewservice"],
-      analyze: ["analysis", "dataanalysis"],
-      generate: ["generation", "textgeneration", "imagegeneration"],
-      search: ["searchservice", "query"],
-      compute: ["computation", "computationservice"],
-      store: ["storage", "storageservice"],
-      message: ["messaging", "messagingservice"],
-      auth: ["authentication", "authenticationservice"]
-    };
-    for (const [key, values] of Object.entries(typeMap)) {
-      if (queryLower.includes(key) && values.some((v) => typeLower.includes(v))) {
-        return true;
-      }
-    }
-    return false;
-  }
-  /**
-   * Fuzzy string matching using Levenshtein distance
-   */
-  fuzzyMatch(query, target) {
-    const queryLower = query.toLowerCase();
-    const targetLower = target.toLowerCase();
-    if (queryLower === targetLower) return 1;
-    if (targetLower.includes(queryLower)) return 0.8;
-    if (queryLower.includes(targetLower)) return 0.7;
-    const distance = this.levenshteinDistance(queryLower, targetLower);
-    const maxLen = Math.max(queryLower.length, targetLower.length);
-    const similarity = 1 - distance / maxLen;
-    return similarity > 0.5 ? similarity * 0.6 : 0;
-  }
-  /**
-   * Calculate Levenshtein distance between two strings
-   */
-  levenshteinDistance(a, b) {
-    const matrix = [];
-    for (let i = 0; i <= b.length; i++) {
-      matrix[i] = [i];
-    }
-    for (let j = 0; j <= a.length; j++) {
-      matrix[0][j] = j;
-    }
-    for (let i = 1; i <= b.length; i++) {
-      for (let j = 1; j <= a.length; j++) {
-        if (b.charAt(i - 1) === a.charAt(j - 1)) {
-          matrix[i][j] = matrix[i - 1][j - 1];
-        } else {
-          matrix[i][j] = Math.min(
-            matrix[i - 1][j - 1] + 1,
-            // substitution
-            matrix[i][j - 1] + 1,
-            // insertion
-            matrix[i - 1][j] + 1
-            // deletion
-          );
-        }
-      }
-    }
-    return matrix[b.length][a.length];
-  }
-};
-
-// src/discovery/semantic-search.ts
-var logger4 = createLogger("semantic-search");
-var SemanticSearchEngine = class {
-  constructor(dht) {
-    this.dht = dht;
-    this.index = new SearchIndex();
-    this.matcher = new CapabilityMatcher();
-  }
-  index;
-  matcher;
-  /**
-   * Main search interface
-   * Local-first with network fallback
-   */
-  async search(query) {
-    logger4.info("Searching for agents", { query });
-    const localResults = this.index.search(query);
-    logger4.debug("Local search results", { count: localResults.length });
-    const limit = query.limit || 10;
-    if (localResults.length < limit && this.dht) {
-      logger4.debug("Insufficient local results, querying network");
-      const networkResults = await this.searchNetwork(query);
-      return this.mergeResults(localResults, networkResults, limit);
-    }
-    return localResults.map((r) => r.card);
+// src/messaging/envelope.ts
+function normalizeEnvelopeType(type) {
+  if (type === "message" || type === "notification" || type === "request") {
+    return "message";
   }
-  /**
-   * Index an Agent Card for local search
-   */
-  indexAgentCard(card) {
-    this.index.indexAgentCard(card);
+  if (type === "reply" || type === "response") {
+    return "reply";
   }
-  /**
-   * Remove an Agent Card from local index
-   */
-  removeAgentCard(did) {
-    this.index.removeAgentCard(did);
-  }
-  /**
-   * Get all indexed cards
-   */
-  getAllIndexedCards() {
-    return this.index.getAllCards();
+  return void 0;
+}
+function normalizeEnvelope(msg) {
+  if (typeof msg !== "object" || msg === null) {
+    return void 0;
   }
-  /**
-   * Clear local index
-   */
-  clearIndex() {
-    this.index.clear();
+  const envelope = msg;
+  const normalizedType = envelope.type ? normalizeEnvelopeType(envelope.type) : void 0;
+  if (typeof envelope.id !== "string" || typeof envelope.from !== "string" || !envelope.from.startsWith("did:clawiverse:") || typeof envelope.to !== "string" || !envelope.to.startsWith("did:clawiverse:") || !normalizedType || typeof envelope.protocol !== "string" || envelope.payload === void 0 || typeof envelope.timestamp !== "number" || typeof envelope.signature !== "string") {
+    return void 0;
   }
-  /**
-   * Get index size
-   */
-  getIndexSize() {
-    return this.index.size();
+  if (normalizedType === "reply" && typeof envelope.replyTo !== "string") {
+    return void 0;
   }
-  /**
-   * Search network via DHT
-   */
-  async searchNetwork(query) {
-    if (!this.dht) {
-      return [];
-    }
-    try {
-      const capability = query.capability || this.extractPrimaryCapability(query.text);
-      if (!capability) {
-        logger4.debug("No capability extracted from query, skipping network search");
-        return [];
-      }
-      const cards = await this.dht.queryByCapability(capability);
-      logger4.debug("Network search results", { count: cards.length });
-      return cards.map((card) => {
-        const score = this.scoreCard(card, query);
-        return { card, score };
-      });
-    } catch (error) {
-      logger4.error("Network search failed", { error });
-      return [];
-    }
+  if (normalizedType === "message" && envelope.replyTo !== void 0) {
+    return void 0;
   }
-  /**
-   * Merge local and network results, removing duplicates
-   */
-  mergeResults(local, network, limit) {
-    const seen = /* @__PURE__ */ new Set();
-    const merged = [];
-    for (const result of local) {
-      if (!seen.has(result.card.did)) {
-        seen.add(result.card.did);
-        merged.push(result);
-      }
-    }
-    for (const result of network) {
-      if (!seen.has(result.card.did)) {
-        seen.add(result.card.did);
-        merged.push(result);
-        this.index.indexAgentCard(result.card);
-      }
-    }
-    merged.sort((a, b) => b.score - a.score);
-    return merged.slice(0, limit).map((r) => r.card);
+  return {
+    id: envelope.id,
+    from: envelope.from,
+    to: envelope.to,
+    type: normalizedType,
+    protocol: envelope.protocol,
+    payload: envelope.payload,
+    timestamp: envelope.timestamp,
+    signature: envelope.signature,
+    replyTo: normalizedType === "reply" ? envelope.replyTo : void 0,
+    threadId: typeof envelope.threadId === "string" ? envelope.threadId : void 0
+  };
+}
+function createEnvelope(from, to, type, protocol, payload, replyTo, threadId) {
+  const normalizedType = normalizeEnvelopeType(type);
+  if (!normalizedType) {
+    throw new MessagingError(`Invalid message type: ${type}`);
   }
-  /**
-   * Score a card against a query
-   */
-  scoreCard(card, query) {
-    let totalScore = 0;
-    let count = 0;
-    for (const capability of card.capabilities) {
-      const score = this.matcher.match(query, capability);
-      if (score > 0) {
-        totalScore += score;
-        count++;
-      }
-    }
-    const avgScore = count > 0 ? totalScore / count : 0;
-    if (card.trust) {
-      const trustBoost = card.trust.interactionScore * 0.2;
-      return Math.min(avgScore + trustBoost, 1);
-    }
-    return avgScore;
-  }
-  /**
-   * Extract primary capability from natural language text
-   */
-  extractPrimaryCapability(text) {
-    if (!text) return void 0;
-    const keywords = this.matcher.extractKeywords(text);
-    const capabilityKeywords = [
-      "translate",
-      "translation",
-      "review",
-      "code",
-      "analyze",
-      "analysis",
-      "generate",
-      "generation",
-      "search",
-      "query",
-      "compute",
-      "calculation",
-      "store",
-      "storage",
-      "message",
-      "messaging",
-      "auth",
-      "authentication"
-    ];
-    for (const keyword of keywords) {
-      if (capabilityKeywords.includes(keyword)) {
-        return keyword;
-      }
-    }
-    return keywords[0];
+  if (normalizedType === "reply" && !replyTo) {
+    throw new MessagingError("Reply envelopes must include replyTo");
   }
-};
-function createSemanticSearch(dht) {
-  return new SemanticSearchEngine(dht);
-}
-
-// src/messaging/envelope.ts
-function createEnvelope(from, to, type, protocol, payload, replyTo) {
   return {
     id: generateMessageId(),
     from,
     to,
-    type,
+    type: normalizedType,
     protocol,
     payload,
     timestamp: Date.now(),
-    replyTo
+    ...normalizedType === "reply" ? { replyTo } : {},
+    ...threadId ? { threadId } : {}
   };
 }
 async function signEnvelope(envelope, signFn) {
@@ -1319,7 +1033,11 @@ async function signEnvelope(envelope, signFn) {
 }
 async function verifyEnvelope(envelope, verifyFn) {
   try {
-    const { signature, ...envelopeWithoutSig } = envelope;
+    const normalized = normalizeEnvelope(envelope);
+    if (!normalized) {
+      return false;
+    }
+    const { signature, ...envelopeWithoutSig } = normalized;
     const envelopeJson = JSON.stringify(envelopeWithoutSig);
     const envelopeBytes = new TextEncoder().encode(envelopeJson);
     const signatureBytes = Buffer.from(signature, "hex");
@@ -1329,15 +1047,15 @@ async function verifyEnvelope(envelope, verifyFn) {
   }
 }
 function validateEnvelope(msg) {
-  if (typeof msg !== "object" || msg === null) {
-    return false;
-  }
-  const m = msg;
-  return typeof m.id === "string" && typeof m.from === "string" && m.from.startsWith("did:clawiverse:") && typeof m.to === "string" && m.to.startsWith("did:clawiverse:") && (m.type === "request" || m.type === "response" || m.type === "notification") && typeof m.protocol === "string" && m.payload !== void 0 && typeof m.timestamp === "number" && typeof m.signature === "string";
+  const normalized = normalizeEnvelope(msg);
+  return normalized !== void 0;
 }
 function generateMessageId() {
   return `msg_${Date.now()}_${Math.random().toString(36).substring(2, 15)}`;
 }
+function generateThreadId() {
+  return `thread_${Date.now()}_${Math.random().toString(36).substring(2, 15)}`;
+}
 function encodeMessage(envelope) {
   try {
     return encode(envelope);
@@ -1347,8 +1065,16 @@ function encodeMessage(envelope) {
 }
 function decodeMessage(data) {
   try {
-    return decode(data);
+    const decoded = decode(data);
+    const normalized = normalizeEnvelope(decoded);
+    if (!normalized) {
+      throw new MessagingError("Decoded message envelope is invalid");
+    }
+    return normalized;
   } catch (error) {
+    if (error instanceof MessagingError) {
+      throw error;
+    }
     throw new MessagingError("Failed to decode message", error);
   }
 }
@@ -1361,30 +1087,37 @@ function encodeMessageJSON(envelope) {
 }
 function decodeMessageJSON(json) {
   try {
-    return JSON.parse(json);
+    const decoded = JSON.parse(json);
+    const normalized = normalizeEnvelope(decoded);
+    if (!normalized) {
+      throw new MessagingError("Decoded JSON envelope is invalid");
+    }
+    return normalized;
   } catch (error) {
+    if (error instanceof MessagingError) {
+      throw error;
+    }
     throw new MessagingError("Failed to decode message from JSON", error);
   }
 }
 
 // src/messaging/router.ts
-var logger5 = createLogger("router");
+var logger3 = createLogger("router");
 function createMessageRouter(relayClient, verifyFn) {
   const handlers = /* @__PURE__ */ new Map();
   let catchAllHandler;
-  const pendingRequests = /* @__PURE__ */ new Map();
   return {
     registerHandler: (protocol, handler) => {
       handlers.set(protocol, handler);
-      logger5.info("Registered message handler", { protocol });
+      logger3.info("Registered message handler", { protocol });
     },
     unregisterHandler: (protocol) => {
       handlers.delete(protocol);
-      logger5.info("Unregistered message handler", { protocol });
+      logger3.info("Unregistered message handler", { protocol });
     },
     registerCatchAllHandler: (handler) => {
       catchAllHandler = handler;
-      logger5.info("Registered catch-all message handler");
+      logger3.info("Registered catch-all message handler");
     },
     sendMessage: async (envelope) => {
       try {
@@ -1393,25 +1126,13 @@ function createMessageRouter(relayClient, verifyFn) {
         }
         const encoded = encodeMessage(envelope);
         await relayClient.sendEnvelope(envelope.to, encoded);
-        logger5.info("Message sent via relay", {
+        logger3.info("Message sent via relay", {
           id: envelope.id,
           from: envelope.from,
           to: envelope.to,
-          protocol: envelope.protocol
+          protocol: envelope.protocol,
+          type: envelope.type
         });
-        if (envelope.type === "request") {
-          logger5.debug("Waiting for response to request", { id: envelope.id });
-          const RESPONSE_TIMEOUT = 3e4;
-          return new Promise((resolve) => {
-            const timeout = setTimeout(() => {
-              pendingRequests.delete(envelope.id);
-              logger5.warn("Response timeout", { id: envelope.id, timeout: RESPONSE_TIMEOUT });
-              resolve(void 0);
-            }, RESPONSE_TIMEOUT);
-            pendingRequests.set(envelope.id, { resolve, timeout });
-          });
-        }
-        return void 0;
       } catch (error) {
         if (error instanceof MessagingError) throw error;
         throw new MessagingError("Failed to send message", error);
@@ -1422,7 +1143,7 @@ function createMessageRouter(relayClient, verifyFn) {
         try {
           const envelope = decodeMessage(deliverMsg.envelope);
           if (!validateEnvelope(envelope)) {
-            logger5.warn("Received invalid message envelope");
+            logger3.warn("Received invalid message envelope");
             return;
           }
           const isValidSignature = await verifyEnvelope(envelope, async (signature, data) => {
@@ -1430,7 +1151,7 @@ function createMessageRouter(relayClient, verifyFn) {
             return verify(signature, data, senderPublicKey);
           });
           if (!isValidSignature) {
-            logger5.warn("Received message with invalid signature", {
+            logger3.warn("Received message with invalid signature", {
               id: envelope.id,
               from: envelope.from
             });
@@ -1442,77 +1163,59 @@ function createMessageRouter(relayClient, verifyFn) {
             const signatureBytes = Buffer.from(signature, "hex");
             const hookValid = await verifyFn(signatureBytes, dataBytes);
             if (!hookValid) {
-              logger5.warn("Message rejected by custom verifier", {
+              logger3.warn("Message rejected by custom verifier", {
                 id: envelope.id,
                 from: envelope.from
               });
               return;
             }
           } catch (error) {
-            logger5.warn("Custom verification hook failed", {
+            logger3.warn("Custom verification hook failed", {
               id: envelope.id,
               from: envelope.from,
               error: error.message
             });
             return;
           }
-          logger5.info("Received message", {
+          logger3.info("Received message", {
             id: envelope.id,
             from: envelope.from,
             to: envelope.to,
             protocol: envelope.protocol,
             type: envelope.type
           });
-          if (envelope.type === "response" && envelope.replyTo) {
-            const pending = pendingRequests.get(envelope.replyTo);
-            if (pending) {
-              clearTimeout(pending.timeout);
-              pendingRequests.delete(envelope.replyTo);
-              pending.resolve(envelope);
-              logger5.info("Matched response to pending request", {
-                requestId: envelope.replyTo,
-                responseId: envelope.id
-              });
-              return;
-            }
-          }
           const handler = handlers.get(envelope.protocol);
           let response = void 0;
           if (handler) {
             response = await handler(envelope);
           } else if (catchAllHandler) {
-            logger5.debug("Using catch-all handler for protocol", { protocol: envelope.protocol });
+            logger3.debug("Using catch-all handler for protocol", { protocol: envelope.protocol });
             response = await catchAllHandler(envelope);
           } else {
-            logger5.warn("No handler for protocol", { protocol: envelope.protocol });
+            logger3.warn("No handler for protocol", { protocol: envelope.protocol });
           }
           if (response) {
             const encoded = encodeMessage(response);
             await relayClient.sendEnvelope(response.to, encoded);
-            logger5.info("Sent response back to sender", {
+            logger3.info("Sent reply back to sender", {
               responseId: response.id,
               replyTo: response.replyTo
             });
           }
         } catch (error) {
-          logger5.error("Error handling incoming message", error);
+          logger3.error("Error handling incoming message", error);
         }
       });
-      logger5.info("Message router started");
+      logger3.info("Message router started");
     },
     stop: async () => {
-      for (const [, pending] of pendingRequests.entries()) {
-        clearTimeout(pending.timeout);
-        pending.resolve(void 0);
-      }
-      pendingRequests.clear();
       handlers.clear();
       catchAllHandler = void 0;
-      logger5.info("Message router stopped");
+      logger3.info("Message router stopped");
     }
   };
 }
-var logger6 = createLogger("message-storage");
+var logger4 = createLogger("message-storage");
 var MessageStorage = class {
   db;
   ready = false;
@@ -1522,22 +1225,28 @@ var MessageStorage = class {
   async open() {
     await this.db.open();
     this.ready = true;
-    logger6.info("Message storage opened");
+    logger4.info("Message storage opened");
   }
   async close() {
     if (this.ready) {
       await this.db.close();
       this.ready = false;
-      logger6.info("Message storage closed");
+      logger4.info("Message storage closed");
     }
   }
   // ─── Message Operations ───────────────────────────────────────────────────
   async putMessage(msg) {
-    const ts = String(msg.receivedAt ?? msg.sentAt ?? Date.now()).padStart(16, "0");
-    const key = `msg:${msg.direction}:${ts}:${msg.envelope.id}`;
-    await this.db.put(key, msg);
-    const idxKey = `idx:from:${msg.envelope.from}:${ts}:${msg.envelope.id}`;
+    const normalized = this.requireStoredMessage(msg);
+    const ts = String(normalized.receivedAt ?? normalized.sentAt ?? Date.now()).padStart(16, "0");
+    const key = `msg:${normalized.direction}:${ts}:${normalized.envelope.id}`;
+    await this.db.put(key, normalized);
+    const idxKey = `idx:from:${normalized.envelope.from}:${ts}:${normalized.envelope.id}`;
     await this.db.put(idxKey, "1");
+    if (normalized.envelope.threadId) {
+      const threadIdxKey = `idx:thread:${normalized.envelope.threadId}:${ts}:${normalized.envelope.id}`;
+      await this.db.put(threadIdxKey, "1");
+      await this.updateSessionMeta(normalized);
+    }
   }
   async getMessage(id) {
     for (const direction of ["inbound", "outbound"]) {
@@ -1547,7 +1256,9 @@ var MessageStorage = class {
         lte: prefix + "\xFF",
         valueEncoding: "json"
       })) {
-        if (value.envelope.id === id) return value;
+        if (value.envelope.id !== id) continue;
+        const normalized = this.normalizeStoredMessage(value);
+        if (normalized) return normalized;
       }
     }
     return null;
@@ -1583,13 +1294,14 @@ var MessageStorage = class {
       // newest first
       valueEncoding: "json"
     })) {
-      if (!this.matchesFilter(value, filter)) continue;
+      const normalized = this.normalizeStoredMessage(value);
+      if (!normalized || !this.matchesFilter(normalized, filter)) continue;
       total++;
       if (skipped < offset) {
         skipped++;
         continue;
       }
-      if (results.length < limit) results.push(value);
+      if (results.length < limit) results.push(normalized);
     }
     return {
       messages: results,
@@ -1611,6 +1323,10 @@ var MessageStorage = class {
       if (!protos.includes(msg.envelope.protocol)) return false;
     }
     if (filter.type && msg.envelope.type !== filter.type) return false;
+    if (filter.replyTo) {
+      const replyIds = Array.isArray(filter.replyTo) ? filter.replyTo : [filter.replyTo];
+      if (!msg.envelope.replyTo || !replyIds.includes(msg.envelope.replyTo)) return false;
+    }
     if (filter.unreadOnly && msg.readAt != null) return false;
     if (filter.status) {
       const statuses = Array.isArray(filter.status) ? filter.status : [filter.status];
@@ -1621,6 +1337,7 @@ var MessageStorage = class {
       if (age > filter.maxAge) return false;
     }
     if (filter.minTrustScore != null && (msg.trustScore ?? 0) < filter.minTrustScore) return false;
+    if (filter.threadId && msg.envelope.threadId !== filter.threadId) return false;
     return true;
   }
   async countMessages(direction, filter = {}) {
@@ -1631,10 +1348,29 @@ var MessageStorage = class {
       lte: prefix + "\xFF",
       valueEncoding: "json"
     })) {
-      if (this.matchesFilter(value, filter)) count++;
+      const normalized = this.normalizeStoredMessage(value);
+      if (normalized && this.matchesFilter(normalized, filter)) count++;
     }
     return count;
   }
+  normalizeStoredMessage(msg) {
+    const envelope = normalizeEnvelope(msg.envelope);
+    if (!envelope) {
+      logger4.warn("Skipping invalid stored message envelope", { id: msg.envelope?.id });
+      return null;
+    }
+    return {
+      ...msg,
+      envelope
+    };
+  }
+  requireStoredMessage(msg) {
+    const normalized = this.normalizeStoredMessage(msg);
+    if (!normalized) {
+      throw new Error(`Invalid stored message envelope: ${msg.envelope?.id ?? "unknown"}`);
+    }
+    return normalized;
+  }
   // ─── Blocklist ────────────────────────────────────────────────────────────
   async putBlock(entry) {
     await this.db.put(`block:${entry.did}`, entry);
@@ -1737,10 +1473,160 @@ var MessageStorage = class {
     }
     await this.db.batch(toDelete.map((key) => ({ type: "del", key })));
   }
+  // ─── Session Management (CVP-0014) ────────────────────────────────────────
+  async updateSessionMeta(msg) {
+    if (!msg.envelope.threadId) return;
+    const sessionKey = `session:${msg.envelope.threadId}`;
+    let session;
+    try {
+      session = await this.db.get(sessionKey);
+    } catch {
+      const peerDid = msg.direction === "inbound" ? msg.envelope.from : msg.envelope.to;
+      const text = typeof msg.envelope.payload === "object" && msg.envelope.payload !== null ? msg.envelope.payload.text ?? msg.envelope.payload.message ?? "" : String(msg.envelope.payload ?? "");
+      const title = text ? String(text).slice(0, 50) : void 0;
+      session = {
+        threadId: msg.envelope.threadId,
+        peerDid,
+        startedAt: msg.receivedAt ?? msg.sentAt ?? Date.now(),
+        lastMessageAt: msg.receivedAt ?? msg.sentAt ?? Date.now(),
+        messageCount: 1,
+        title
+      };
+      await this.db.put(sessionKey, session);
+      return;
+    }
+    session.lastMessageAt = msg.receivedAt ?? msg.sentAt ?? Date.now();
+    session.messageCount = (session.messageCount ?? 0) + 1;
+    await this.db.put(sessionKey, session);
+  }
+  async getSession(threadId) {
+    try {
+      return await this.db.get(`session:${threadId}`);
+    } catch {
+      return null;
+    }
+  }
+  async listSessions(peerDid, limit = 50, includeArchived = false) {
+    const results = [];
+    for await (const [, value] of this.db.iterator({
+      gte: "session:",
+      lte: "session:\xFF",
+      reverse: true,
+      // newest first
+      valueEncoding: "json"
+    })) {
+      if (peerDid && value.peerDid !== peerDid) continue;
+      if (!includeArchived && value.archived) continue;
+      results.push(value);
+      if (results.length >= limit) break;
+    }
+    return results;
+  }
+  async archiveSession(threadId) {
+    const session = await this.getSession(threadId);
+    if (!session) {
+      throw new Error(`Session not found: ${threadId}`);
+    }
+    session.archived = true;
+    session.archivedAt = Date.now();
+    await this.db.put(`session:${threadId}`, session);
+  }
+  async unarchiveSession(threadId) {
+    const session = await this.getSession(threadId);
+    if (!session) {
+      throw new Error(`Session not found: ${threadId}`);
+    }
+    session.archived = false;
+    delete session.archivedAt;
+    await this.db.put(`session:${threadId}`, session);
+  }
+  async listArchivedSessions(peerDid, limit = 50) {
+    const results = [];
+    for await (const [, value] of this.db.iterator({
+      gte: "session:",
+      lte: "session:\xFF",
+      reverse: true,
+      // newest first
+      valueEncoding: "json"
+    })) {
+      if (!value.archived) continue;
+      if (peerDid && value.peerDid !== peerDid) continue;
+      results.push(value);
+      if (results.length >= limit) break;
+    }
+    return results;
+  }
+  async searchSessions(query, limit = 50) {
+    const results = [];
+    const lowerQuery = query.toLowerCase();
+    for await (const [, value] of this.db.iterator({
+      gte: "session:",
+      lte: "session:\xFF",
+      reverse: true,
+      // newest first
+      valueEncoding: "json"
+    })) {
+      if (value.title && value.title.toLowerCase().includes(lowerQuery)) {
+        results.push(value);
+        if (results.length >= limit) break;
+        continue;
+      }
+      if (value.peerDid && value.peerDid.toLowerCase().includes(lowerQuery)) {
+        results.push(value);
+        if (results.length >= limit) break;
+        continue;
+      }
+      const messages = await this.queryMessagesByThread(value.threadId, { limit: 100 });
+      for (const msg of messages.messages) {
+        const payload = msg.envelope.payload;
+        const text = payload?.text || payload?.message || "";
+        if (text && String(text).toLowerCase().includes(lowerQuery)) {
+          results.push(value);
+          if (results.length >= limit) break;
+          break;
+        }
+      }
+      if (results.length >= limit) break;
+    }
+    return results;
+  }
+  async queryMessagesByThread(threadId, pagination = {}) {
+    const { limit = 50, offset = 0 } = pagination;
+    const prefix = `idx:thread:${threadId}:`;
+    const results = [];
+    let total = 0;
+    let skipped = 0;
+    const messageIds = [];
+    for await (const [key] of this.db.iterator({
+      gte: prefix,
+      lte: prefix + "\xFF",
+      reverse: false
+      // chronological order
+    })) {
+      const parts = key.split(":");
+      const msgId = parts[parts.length - 1];
+      messageIds.push(msgId);
+    }
+    for (const msgId of messageIds) {
+      const msg = await this.getMessage(msgId);
+      if (!msg) continue;
+      total++;
+      if (skipped < offset) {
+        skipped++;
+        continue;
+      }
+      if (results.length < limit) results.push(msg);
+    }
+    return {
+      messages: results,
+      total,
+      hasMore: total > offset + results.length
+    };
+  }
 };
 
 // src/messaging/queue.ts
-var logger7 = createLogger("message-queue");
+var logger5 = createLogger("message-queue");
 var MessageQueue = class {
   storage;
   subscriptions = /* @__PURE__ */ new Map();
@@ -1753,12 +1639,12 @@ var MessageQueue = class {
   }
   async start() {
     await this.storage.open();
-    logger7.info("Message queue started");
+    logger5.info("Message queue started");
   }
   async stop() {
     await this.storage.close();
     this.subscriptions.clear();
-    logger7.info("Message queue stopped");
+    logger5.info("Message queue stopped");
   }
   // ─── Inbox ────────────────────────────────────────────────────────────────
   async getInbox(filter = {}, pagination = {}) {
@@ -1781,16 +1667,17 @@ var MessageQueue = class {
     await this.storage.updateMessage(id, { status: "pending", error: void 0 });
   }
   // ─── Enqueue ──────────────────────────────────────────────────────────────
-  async enqueueInbound(envelope, trustScore) {
+  async enqueueInbound(envelope, trustScore, trustStatus) {
     const msg = {
       envelope,
       direction: "inbound",
       status: "pending",
       receivedAt: Date.now(),
-      trustScore
+      trustScore,
+      trustStatus
     };
     await this.storage.putMessage(msg);
-    logger7.debug("Enqueued inbound message", { id: envelope.id, from: envelope.from });
+    logger5.debug("Enqueued inbound message", { id: envelope.id, from: envelope.from });
     this.notifySubscribers(msg);
     return msg;
   }
@@ -1802,7 +1689,7 @@ var MessageQueue = class {
       sentAt: Date.now()
     };
     await this.storage.putMessage(msg);
-    logger7.debug("Enqueued outbound message", { id: envelope.id, to: envelope.to });
+    logger5.debug("Enqueued outbound message", { id: envelope.id, to: envelope.to });
     return msg;
   }
   async markOutboundDelivered(id) {
@@ -1815,18 +1702,18 @@ var MessageQueue = class {
   subscribe(filter, callback) {
     const id = `sub_${++this.subCounter}`;
     this.subscriptions.set(id, { id, filter, callback });
-    logger7.debug("Subscription added", { id });
+    logger5.debug("Subscription added", { id });
     return id;
   }
   unsubscribe(subscriptionId) {
     this.subscriptions.delete(subscriptionId);
-    logger7.debug("Subscription removed", { id: subscriptionId });
+    logger5.debug("Subscription removed", { id: subscriptionId });
   }
   notifySubscribers(msg) {
     for (const sub of this.subscriptions.values()) {
       if (this.matchesSubscriptionFilter(msg, sub.filter)) {
         Promise.resolve(sub.callback(msg)).catch((err) => {
-          logger7.warn("Subscription callback error", { id: sub.id, error: err.message });
+          logger5.warn("Subscription callback error", { id: sub.id, error: err.message });
         });
       }
     }
@@ -1841,6 +1728,11 @@ var MessageQueue = class {
       if (!protos.includes(msg.envelope.protocol)) return false;
     }
     if (filter.type && msg.envelope.type !== filter.type) return false;
+    if (filter.replyTo) {
+      const replyIds = Array.isArray(filter.replyTo) ? filter.replyTo : [filter.replyTo];
+      if (!msg.envelope.replyTo || !replyIds.includes(msg.envelope.replyTo)) return false;
+    }
+    if (filter.threadId && msg.envelope.threadId !== filter.threadId) return false;
     return true;
   }
   // ─── Stats ────────────────────────────────────────────────────────────────
@@ -1925,12 +1817,11 @@ function getTierConfig(trustScore, tiers) {
 }
 
 // src/messaging/defense.ts
-var logger8 = createLogger("defense");
+var logger6 = createLogger("defense");
 var DefenseMiddleware = class {
   trust;
   storage;
   minTrustScore;
-  autoBlockThreshold;
   tiers;
   seenTtlMs;
   // In-memory LRU-style seen cache (backed by LevelDB for persistence)
@@ -1943,7 +1834,6 @@ var DefenseMiddleware = class {
     this.trust = config.trustSystem;
     this.storage = config.storage;
     this.minTrustScore = config.minTrustScore ?? 0;
-    this.autoBlockThreshold = config.autoBlockThreshold ?? 0.1;
     this.tiers = config.rateLimitTiers ?? DEFAULT_RATE_LIMIT_TIERS;
     this.seenTtlMs = config.seenTtlMs ?? 60 * 60 * 1e3;
   }
@@ -1956,36 +1846,47 @@ var DefenseMiddleware = class {
     const did = envelope.from;
     if (await this.isAllowed(did)) {
       this.markAsSeen(envelope.id);
-      return { allowed: true };
+      return { allowed: true, trustStatus: "allowed" };
     }
     if (await this.isBlocked(did)) {
-      logger8.debug("Message rejected: blocked", { id: envelope.id, from: did });
+      logger6.debug("Message rejected: blocked", { id: envelope.id, from: did });
       return { allowed: false, reason: "blocked" };
     }
+    if (this.trust.isRateLimited(did)) {
+      logger6.debug("Message rejected: sybil rate limited", { id: envelope.id, from: did });
+      return { allowed: false, reason: "rate_limited" };
+    }
     if (this.hasSeen(envelope.id)) {
-      logger8.debug("Message rejected: duplicate", { id: envelope.id });
+      logger6.debug("Message rejected: duplicate", { id: envelope.id });
       return { allowed: false, reason: "duplicate" };
     }
     let trustScore = 0;
+    let trustStatus = "unknown";
     try {
       const score = await this.trust.getTrustScore(did);
       trustScore = score.interactionScore;
-      const hasHistory = (score.totalInteractions ?? 0) >= 5;
-      if (hasHistory && trustScore < this.autoBlockThreshold && trustScore > 0) {
-        logger8.warn("Auto-blocking low-trust agent", { did, trustScore });
-        await this.blockAgent(did, `Auto-blocked: trust score ${trustScore.toFixed(2)} below threshold`);
+      trustStatus = score.status;
+      const totalInteractions = score.totalInteractions ?? 0;
+      const recentFailureRate = 1 - (score.recentSuccessRate ?? 1);
+      if (totalInteractions >= 10 && recentFailureRate > 0.5) {
+        logger6.warn("Suspicious agent detected", { did, recentFailureRate: recentFailureRate.toFixed(2), totalInteractions });
+        trustScore = 0;
+      }
+      if (totalInteractions >= 20 && recentFailureRate > 0.7) {
+        logger6.warn("Auto-blocking high-failure-rate agent", { did, recentFailureRate: recentFailureRate.toFixed(2), totalInteractions });
+        await this.blockAgent(did, `Auto-blocked: ${(recentFailureRate * 100).toFixed(0)}% failure rate over last 20 interactions`);
         return { allowed: false, reason: "blocked" };
       }
       if (trustScore < this.minTrustScore) {
-        logger8.debug("Message rejected: trust too low", { id: envelope.id, trustScore });
+        logger6.debug("Message rejected: trust too low", { id: envelope.id, trustScore });
         return { allowed: false, reason: "trust_too_low", trustScore };
       }
     } catch (err) {
-      logger8.warn("Trust score lookup failed, using 0", { did, error: err.message });
+      logger6.warn("Trust score lookup failed, using 0", { did, error: err.message });
     }
     const rateLimitResult = await this.checkRateLimit(did, trustScore);
     if (!rateLimitResult.allowed) {
-      logger8.debug("Message rejected: rate limited", {
+      logger6.debug("Message rejected: rate limited", {
         id: envelope.id,
         from: did,
         resetTime: rateLimitResult.resetTime
@@ -1998,16 +1899,16 @@ var DefenseMiddleware = class {
       };
     }
     this.markAsSeen(envelope.id);
-    return { allowed: true, trustScore, remainingTokens: rateLimitResult.remaining };
+    return { allowed: true, trustScore, trustStatus, remainingTokens: rateLimitResult.remaining };
   }
   // ─── Blocklist ────────────────────────────────────────────────────────────
   async blockAgent(did, reason, blockedBy = "local") {
     await this.storage.putBlock({ did, reason, blockedAt: Date.now(), blockedBy });
-    logger8.info("Agent blocked", { did, reason });
+    logger6.info("Agent blocked", { did, reason });
   }
   async unblockAgent(did) {
     await this.storage.deleteBlock(did);
-    logger8.info("Agent unblocked", { did });
+    logger6.info("Agent unblocked", { did });
   }
   async isBlocked(did) {
     return await this.storage.getBlock(did) !== null;
@@ -2015,11 +1916,11 @@ var DefenseMiddleware = class {
   // ─── Allowlist ────────────────────────────────────────────────────────────
   async allowAgent(did, note) {
     await this.storage.putAllow({ did, addedAt: Date.now(), note });
-    logger8.info("Agent allowlisted", { did });
+    logger6.info("Agent allowlisted", { did });
   }
   async removeFromAllowlist(did) {
     await this.storage.deleteAllow(did);
-    logger8.info("Agent removed from allowlist", { did });
+    logger6.info("Agent removed from allowlist", { did });
   }
   async isAllowed(did) {
     return await this.storage.getAllow(did) !== null;
@@ -2088,41 +1989,51 @@ var DefenseMiddleware = class {
 // src/trust/trust-score.ts
 var TrustMetrics = class {
   /**
-   * Calculate trust score from interaction history
+   * Calculate trust score from interaction history.
+   * @param endorsementScore - Average endorsement score (0-1), not count
    */
-  calculateScore(stats, endorsements, uptime) {
-    const volumeWeight = Math.min(stats.totalInteractions / 100, 1);
-    const interactionScore = stats.successRate * volumeWeight;
-    const completionRate = stats.successRate;
+  calculateScore(stats, endorsementScore, uptime) {
+    const maturityWeight = Math.min(stats.totalInteractions / 50, 1);
+    const interactionScore = stats.successRate * maturityWeight;
+    const status = this.deriveStatus(stats);
     return {
       interactionScore,
-      endorsements,
-      completionRate,
+      endorsements: 0,
+      // kept for backwards compat
+      endorsementScore,
+      completionRate: stats.successRate,
       responseTime: stats.avgResponseTime,
       uptime,
       lastUpdated: Date.now(),
-      totalInteractions: stats.totalInteractions
+      totalInteractions: stats.totalInteractions,
+      recentSuccessRate: stats.recentSuccessRate,
+      status
     };
   }
+  deriveStatus(stats) {
+    if (stats.totalInteractions === 0) return "unknown";
+    const recentFailureRate = 1 - stats.recentSuccessRate;
+    if (stats.totalInteractions >= 10 && recentFailureRate > 0.5) return "suspicious";
+    return "known";
+  }
   /**
    * Calculate overall trust level (0-1)
+   * @param score - TrustScore
+   * @param endorsementScore - Average endorsement score (0-1)
    */
   calculateOverallTrust(score) {
     const weights = {
-      interaction: 0.4,
-      endorsement: 0.2,
-      completion: 0.2,
-      uptime: 0.2
+      interaction: 0.6,
+      endorsement: 0.4
     };
-    const endorsementScore = Math.min(score.endorsements / 10, 1);
-    return score.interactionScore * weights.interaction + endorsementScore * weights.endorsement + score.completionRate * weights.completion + score.uptime * weights.uptime;
+    return score.interactionScore * weights.interaction + score.endorsementScore * weights.endorsement;
   }
   /**
    * Get trust level category
    */
   getTrustLevel(score) {
     const overall = this.calculateOverallTrust(score);
-    if (score.interactionScore === 0) return "new";
+    if (score.totalInteractions === 0) return "new";
     if (overall < 0.3) return "low";
     if (overall < 0.6) return "medium";
     if (overall < 0.8) return "high";
@@ -2134,12 +2045,8 @@ var TrustMetrics = class {
   shouldRateLimit(score, agentAge) {
     const overall = this.calculateOverallTrust(score);
     const ONE_DAY = 24 * 60 * 60 * 1e3;
-    if (agentAge < ONE_DAY && overall < 0.3) {
-      return true;
-    }
-    if (overall < 0.1) {
-      return true;
-    }
+    if (agentAge < ONE_DAY && overall < 0.3) return true;
+    if (overall < 0.1) return true;
     return false;
   }
 };
@@ -2147,14 +2054,17 @@ function createDefaultTrustScore() {
   return {
     interactionScore: 0,
     endorsements: 0,
+    endorsementScore: 0,
     completionRate: 0,
     responseTime: 0,
     uptime: 0,
     lastUpdated: Date.now(),
-    totalInteractions: 0
+    totalInteractions: 0,
+    recentSuccessRate: 1,
+    status: "unknown"
   };
 }
-var logger9 = createLogger("interaction-history");
+var logger7 = createLogger("interaction-history");
 var InteractionHistory = class {
   db;
   constructor(dbPath) {
@@ -2165,14 +2075,14 @@ var InteractionHistory = class {
    */
   async open() {
     await this.db.open();
-    logger9.info("Interaction history database opened", { path: this.db.location });
+    logger7.info("Interaction history database opened", { path: this.db.location });
   }
   /**
    * Close database connection
    */
   async close() {
     await this.db.close();
-    logger9.info("Interaction history database closed");
+    logger7.info("Interaction history database closed");
   }
   /**
    * Record an interaction
@@ -2180,7 +2090,7 @@ var InteractionHistory = class {
   async record(interaction) {
     const key = `interaction:${interaction.agentDid}:${interaction.timestamp}`;
     await this.db.put(key, interaction);
-    logger9.debug("Recorded interaction", { agentDid: interaction.agentDid, type: interaction.type });
+    logger7.debug("Recorded interaction", { agentDid: interaction.agentDid, type: interaction.type });
   }
   /**
    * Get interaction history for an agent
@@ -2199,7 +2109,7 @@ var InteractionHistory = class {
         interactions.push(value);
       }
     } catch (error) {
-      logger9.error("Failed to get interaction history", { agentDid, error });
+      logger7.error("Failed to get interaction history", { agentDid, error });
     }
     return interactions;
   }
@@ -2212,15 +2122,21 @@ var InteractionHistory = class {
       return {
         totalInteractions: 0,
         successRate: 0,
+        recentSuccessRate: 1,
+        // No history → assume good (don't penalize new agents)
         avgResponseTime: 0,
         lastInteraction: 0
       };
     }
     const successCount = history.filter((i) => i.success).length;
     const totalResponseTime = history.reduce((sum, i) => sum + i.responseTime, 0);
+    const recent = history.slice(0, 20);
+    const recentSuccessCount = recent.filter((i) => i.success).length;
+    const recentSuccessRate = recentSuccessCount / recent.length;
     return {
       totalInteractions: history.length,
       successRate: successCount / history.length,
+      recentSuccessRate,
       avgResponseTime: totalResponseTime / history.length,
       lastInteraction: history[0].timestamp
     };
@@ -2238,7 +2154,7 @@ var InteractionHistory = class {
         }
       }
     } catch (error) {
-      logger9.error("Failed to get all agents", { error });
+      logger7.error("Failed to get all agents", { error });
     }
     return Array.from(agents);
   }
@@ -2255,7 +2171,7 @@ var InteractionHistory = class {
       keysToDelete.push(key);
     }
     await this.db.batch(keysToDelete.map((key) => ({ type: "del", key })));
-    logger9.info("Deleted interaction history", { agentDid, count: keysToDelete.length });
+    logger7.info("Deleted interaction history", { agentDid, count: keysToDelete.length });
   }
   /**
    * Clean up old interactions (older than 90 days)
@@ -2270,21 +2186,65 @@ var InteractionHistory = class {
     }
     if (keysToDelete.length > 0) {
       await this.db.batch(keysToDelete.map((key) => ({ type: "del", key })));
-      logger9.info("Cleaned up old interactions", { count: keysToDelete.length });
+      logger7.info("Cleaned up old interactions", { count: keysToDelete.length });
     }
     return keysToDelete.length;
   }
 };
 
 // src/trust/endorsement.ts
-var logger10 = createLogger("endorsement");
+var logger8 = createLogger("endorsement");
+var FAST_DOMAINS = ["translation", "transcription", "data-entry", "moderation"];
+var SLOW_DOMAINS = ["research", "architecture", "security-audit", "legal-review"];
+function getDefaultExpiration(domain) {
+  if (!domain) return 180;
+  if (FAST_DOMAINS.includes(domain)) return 90;
+  if (SLOW_DOMAINS.includes(domain)) return 365;
+  return 180;
+}
+function validateDomain(domain) {
+  const pattern = /^[a-z0-9]+(-[a-z0-9]+)*$/;
+  return pattern.test(domain) && domain.length <= 64;
+}
 var EndorsementManager = class {
   constructor(db, getPublicKey) {
     this.db = db;
     this.getPublicKey = getPublicKey;
   }
   /**
-   * Create an endorsement
+   * Create an endorsement (v2)
+   */
+  async endorseV2(fromDid, toDid, score, reason, signFn, domain, expires) {
+    if (score < 0 || score > 1) {
+      throw new Error("Score must be between 0 and 1");
+    }
+    if (domain && !validateDomain(domain)) {
+      throw new Error("Invalid domain format. Must match ^[a-z0-9]+(-[a-z0-9]+)*$ and be <= 64 chars");
+    }
+    const timestamp = Date.now();
+    const defaultExpires = timestamp + getDefaultExpiration(domain) * 24 * 60 * 60 * 1e3;
+    const endorsement = {
+      version: 2,
+      from: fromDid,
+      to: toDid,
+      score,
+      domain,
+      reason,
+      timestamp,
+      expires: expires || defaultExpires
+    };
+    const data = new TextEncoder().encode(JSON.stringify(endorsement));
+    const signatureBytes = await signFn(data);
+    const signature = Buffer.from(signatureBytes).toString("hex");
+    const signedEndorsement = {
+      ...endorsement,
+      signature
+    };
+    logger8.info("Created endorsement v2", { from: fromDid, to: toDid, score, domain });
+    return signedEndorsement;
+  }
+  /**
+   * Create an endorsement (v1 - legacy)
    */
   async endorse(fromDid, toDid, score, reason, signFn) {
     if (score < 0 || score > 1) {
@@ -2304,11 +2264,26 @@ var EndorsementManager = class {
       ...endorsement,
       signature
     };
-    logger10.info("Created endorsement", { from: fromDid, to: toDid, score });
+    logger8.info("Created endorsement", { from: fromDid, to: toDid, score });
     return signedEndorsement;
   }
   /**
-   * Verify endorsement signature
+   * Verify endorsement signature (v2)
+   */
+  async verifyV2(endorsement, verifyFn) {
+    try {
+      const { signature, ...endorsementWithoutSig } = endorsement;
+      const data = new TextEncoder().encode(JSON.stringify(endorsementWithoutSig));
+      const signatureBytes = Buffer.from(signature, "hex");
+      const publicKey = await this.getPublicKey(endorsement.from);
+      return await verifyFn(signatureBytes, data, publicKey);
+    } catch (error) {
+      logger8.error("Failed to verify endorsement v2", { error });
+      return false;
+    }
+  }
+  /**
+   * Verify endorsement signature (v1)
    */
   async verify(endorsement, verifyFn) {
     try {
@@ -2318,17 +2293,36 @@ var EndorsementManager = class {
       const publicKey = await this.getPublicKey(endorsement.from);
       return await verifyFn(signatureBytes, data, publicKey);
     } catch (error) {
-      logger10.error("Failed to verify endorsement", { error });
+      logger8.error("Failed to verify endorsement", { error });
       return false;
     }
   }
+  /**
+   * Upgrade v1 endorsement to v2
+   */
+  upgradeEndorsement(e) {
+    return {
+      version: 2,
+      from: e.from,
+      to: e.to,
+      score: e.score,
+      domain: void 0,
+      // v1 endorsements are domain-agnostic
+      reason: e.reason,
+      timestamp: e.timestamp,
+      expires: e.timestamp + 90 * 24 * 60 * 60 * 1e3,
+      // 90-day default
+      signature: e.signature
+      // v1 signature remains valid
+    };
+  }
   /**
    * Publish endorsement to local database
    */
   async publish(endorsement) {
     const key = `endorsement:${endorsement.to}:${endorsement.from}`;
     await this.db.put(key, endorsement);
-    logger10.info("Published endorsement", { from: endorsement.from, to: endorsement.to });
+    logger8.info("Published endorsement", { from: endorsement.from, to: endorsement.to });
   }
   /**
    * Get all endorsements for an agent
@@ -2344,7 +2338,7 @@ var EndorsementManager = class {
         endorsements.push(value);
       }
     } catch (error) {
-      logger10.error("Failed to get endorsements", { agentDid, error });
+      logger8.error("Failed to get endorsements", { agentDid, error });
     }
     return endorsements;
   }
@@ -2360,7 +2354,7 @@ var EndorsementManager = class {
         }
       }
     } catch (error) {
-      logger10.error("Failed to get endorsements by agent", { fromDid, error });
+      logger8.error("Failed to get endorsements by agent", { fromDid, error });
     }
     return endorsements;
   }
@@ -2381,10 +2375,29 @@ var EndorsementManager = class {
   async deleteEndorsement(fromDid, toDid) {
     const key = `endorsement:${toDid}:${fromDid}`;
     await this.db.del(key);
-    logger10.info("Deleted endorsement", { from: fromDid, to: toDid });
+    logger8.info("Deleted endorsement", { from: fromDid, to: toDid });
+  }
+  /**
+   * Publish endorsement to relay (CVP-0017)
+   */
+  async publishToRelay(relay, endorsement) {
+    logger8.info("Publishing endorsement to relay", { from: endorsement.from, to: endorsement.to });
+    return await relay.publishEndorsement(endorsement);
+  }
+  /**
+   * Query endorsements from relay (CVP-0017)
+   */
+  async queryFromRelay(relay, target, domain, since) {
+    logger8.info("Querying endorsements from relay", { target, domain });
+    const result = await relay.queryTrust(target, domain, since);
+    return {
+      endorsements: result.endorsements,
+      total: result.endorsementCount ?? result.endorsements.length,
+      averageScore: result.averageScore ?? (result.endorsements.length > 0 ? result.endorsements.reduce((sum, e) => sum + e.score, 0) / result.endorsements.length : 0)
+    };
   }
 };
-var logger11 = createLogger("sybil-defense");
+var logger9 = createLogger("sybil-defense");
 var SybilDefense = class {
   rateLimits = /* @__PURE__ */ new Map();
   peerFirstSeen = /* @__PURE__ */ new Map();
@@ -2414,7 +2427,7 @@ var SybilDefense = class {
   verifyChallenge(solution) {
     const { challenge, solution: solutionNonce } = solution;
     if (Date.now() - challenge.timestamp > 60 * 60 * 1e3) {
-      logger11.warn("Challenge expired", { did: challenge.did });
+      logger9.warn("Challenge expired", { did: challenge.did });
       return false;
     }
     const data = `${challenge.did}:${challenge.nonce}:${solutionNonce}`;
@@ -2422,9 +2435,9 @@ var SybilDefense = class {
     const leadingZeros = this.countLeadingZeroBits(hash);
     const valid = leadingZeros >= challenge.difficulty;
     if (valid) {
-      logger11.info("Challenge verified", { did: challenge.did, leadingZeros });
+      logger9.info("Challenge verified", { did: challenge.did, leadingZeros });
     } else {
-      logger11.warn("Challenge failed", { did: challenge.did, leadingZeros, required: challenge.difficulty });
+      logger9.warn("Challenge failed", { did: challenge.did, leadingZeros, required: challenge.difficulty });
     }
     return valid;
   }
@@ -2464,7 +2477,7 @@ var SybilDefense = class {
     record.requests = record.requests.filter(
       (t) => now - t < this.RATE_LIMIT_WINDOW
     );
-    logger11.debug("Recorded request", { did, count: record.requests.length });
+    logger9.debug("Recorded request", { did, count: record.requests.length });
   }
   /**
    * Get peer trust level based on age
@@ -2489,7 +2502,7 @@ var SybilDefense = class {
   recordPeerSeen(peerId) {
     if (!this.peerFirstSeen.has(peerId)) {
       this.peerFirstSeen.set(peerId, Date.now());
-      logger11.debug("Recorded new peer", { peerId });
+      logger9.debug("Recorded new peer", { peerId });
     }
   }
   /**
@@ -2503,7 +2516,7 @@ var SybilDefense = class {
         this.rateLimits.delete(did);
       }
     }
-    logger11.info("Cleaned up Sybil defense records", {
+    logger9.info("Cleaned up Sybil defense records", {
       rateLimits: this.rateLimits.size,
       peers: this.peerFirstSeen.size
     });
@@ -2536,7 +2549,342 @@ var SybilDefense = class {
     return count;
   }
 };
-var logger12 = createLogger("trust-system");
+
+// src/trust/trust-computer.ts
+var logger10 = createLogger("trust-computer");
+var DEFAULT_CONFIG = {
+  seedPeers: [],
+  maxRecursionDepth: 3,
+  decayHalfLife: {
+    default: 90,
+    translation: 30,
+    transcription: 30,
+    "data-entry": 30,
+    moderation: 30,
+    research: 180,
+    architecture: 180,
+    "security-audit": 180,
+    "legal-review": 180
+  },
+  localInteractionWeight: 0.6,
+  networkEndorsementWeight: 0.4
+};
+var TrustComputer = class {
+  config;
+  cache = /* @__PURE__ */ new Map();
+  CACHE_TTL = 5 * 60 * 1e3;
+  // 5 minutes
+  // Cached SCC results: endorser DID → penalty factor (1.0 = no penalty, 0.1 = collusion)
+  sccPenaltyCache = /* @__PURE__ */ new Map();
+  sccCacheExpiresAt = 0;
+  SCC_CACHE_TTL = 5 * 60 * 1e3;
+  // 5 minutes
+  // Endorsements by target DID, used for recursive weight lookup
+  endorsementsByTarget = /* @__PURE__ */ new Map();
+  constructor(config = {}) {
+    this.config = {
+      ...DEFAULT_CONFIG,
+      ...config,
+      decayHalfLife: {
+        ...DEFAULT_CONFIG.decayHalfLife,
+        ...config.decayHalfLife
+      }
+    };
+    if (this.config.maxRecursionDepth > 6) {
+      logger10.warn("Max recursion depth capped at 6", { requested: this.config.maxRecursionDepth });
+      this.config.maxRecursionDepth = 6;
+    }
+  }
+  /**
+   * Compute trust score for a target DID.
+   * allEndorsements: flat list of all endorsements known to the caller (used for recursive weight lookup).
+   */
+  compute(target, endorsements, localInteractionScore = 0, localInteractionCount = 0, domain, allEndorsements) {
+    const cached = this.cache.get(this.getCacheKey(target, domain));
+    if (cached && cached.expiresAt > Date.now()) {
+      logger10.debug("Trust score cache hit", { target, domain });
+      return cached.result;
+    }
+    if (allEndorsements && allEndorsements.length > 0) {
+      this.endorsementsByTarget.clear();
+      for (const e of allEndorsements) {
+        if (!this.endorsementsByTarget.has(e.to)) {
+          this.endorsementsByTarget.set(e.to, []);
+        }
+        this.endorsementsByTarget.get(e.to).push(e);
+      }
+    }
+    const allEnds = allEndorsements ?? endorsements;
+    if (Date.now() > this.sccCacheExpiresAt) {
+      this.rebuildSccPenaltyCache(allEnds);
+    }
+    const filteredEndorsements = this.filterByDomain(endorsements, domain);
+    const networkScore = this.computeNetworkTrust(target, filteredEndorsements, domain);
+    const alpha = Math.min(localInteractionCount / 20, 0.8);
+    const score = alpha * localInteractionScore + (1 - alpha) * networkScore;
+    const collusionDetected = this.detectCollusion(target, allEnds);
+    const result = {
+      score,
+      localScore: localInteractionScore,
+      networkScore,
+      endorsementCount: filteredEndorsements.length,
+      collusionDetected,
+      computedAt: Date.now()
+    };
+    this.cache.set(this.getCacheKey(target, domain), {
+      result,
+      expiresAt: Date.now() + this.CACHE_TTL
+    });
+    logger10.debug("Computed trust score", { target, domain, score, networkScore, collusionDetected });
+    return result;
+  }
+  /**
+   * Compute network trust score using EigenTrust-lite
+   */
+  computeNetworkTrust(target, endorsements, domain, depth = 0, visited = /* @__PURE__ */ new Set()) {
+    if (endorsements.length === 0) {
+      return 0;
+    }
+    if (depth >= this.config.maxRecursionDepth) {
+      return 0.1;
+    }
+    if (visited.has(target)) {
+      return 0.1;
+    }
+    visited.add(target);
+    const now = Date.now();
+    let weightedSum = 0;
+    let totalWeight = 0;
+    for (const endorsement of endorsements) {
+      if (endorsement.expires && endorsement.expires < now) {
+        continue;
+      }
+      const endorserWeight = this.getEndorserWeight(
+        endorsement.from,
+        domain,
+        depth + 1,
+        visited
+      );
+      const timeDecay = this.computeTimeDecay(endorsement, domain);
+      const collusionPenalty = this.getCollusionPenalty(endorsement.from);
+      const baseWeight = endorserWeight * collusionPenalty;
+      weightedSum += endorsement.score * timeDecay * baseWeight;
+      totalWeight += baseWeight;
+    }
+    return totalWeight > 0 ? weightedSum / totalWeight : 0;
+  }
+  /**
+   * Get endorser weight (recursive EigenTrust-lite).
+   * Uses endorsementsByTarget populated by compute() for local graph traversal.
+   */
+  getEndorserWeight(endorser, domain, depth, visited) {
+    if (this.config.seedPeers.includes(endorser)) {
+      return 1;
+    }
+    if (depth >= this.config.maxRecursionDepth) {
+      return 0.1;
+    }
+    if (visited.has(endorser)) {
+      return 0.1;
+    }
+    const endorserEndorsements = this.endorsementsByTarget.get(endorser);
+    if (!endorserEndorsements || endorserEndorsements.length === 0) {
+      return 0.1;
+    }
+    const endorserScore = this.computeNetworkTrust(
+      endorser,
+      this.filterByDomain(endorserEndorsements, domain),
+      domain,
+      depth,
+      new Set(visited)
+      // copy so sibling branches don't share state
+    );
+    return 0.1 + endorserScore * 0.9;
+  }
+  /**
+   * Compute time decay for an endorsement
+   */
+  computeTimeDecay(endorsement, domain) {
+    const age = Date.now() - endorsement.timestamp;
+    const ageDays = age / (24 * 60 * 60 * 1e3);
+    const halfLife = this.getDecayHalfLife(endorsement.domain || domain);
+    return Math.exp(-ageDays / halfLife);
+  }
+  /**
+   * Get decay half-life for a domain
+   */
+  getDecayHalfLife(domain) {
+    if (!domain) {
+      return this.config.decayHalfLife.default || 90;
+    }
+    if (FAST_DOMAINS.includes(domain)) {
+      return this.config.decayHalfLife[domain] || 30;
+    }
+    if (SLOW_DOMAINS.includes(domain)) {
+      return this.config.decayHalfLife[domain] || 180;
+    }
+    return this.config.decayHalfLife[domain] || this.config.decayHalfLife.default || 90;
+  }
+  /**
+   * Detect collusion using Tarjan's SCC algorithm
+   */
+  detectCollusion(target, endorsements) {
+    const graph = this.buildGraph(endorsements);
+    const sccs = this.findSCCs(graph);
+    for (const scc of sccs) {
+      if (scc.nodes.includes(target) && scc.nodes.length > 3) {
+        const ratio = scc.externalEdges / (scc.internalEdges || 1);
+        if (ratio < 0.2) {
+          logger10.warn("Collusion detected", {
+            target,
+            sccSize: scc.nodes.length,
+            ratio
+          });
+          return true;
+        }
+      }
+    }
+    return false;
+  }
+  /**
+   * Build endorsement graph
+   */
+  buildGraph(endorsements) {
+    const graph = /* @__PURE__ */ new Map();
+    for (const endorsement of endorsements) {
+      if (!graph.has(endorsement.from)) {
+        graph.set(endorsement.from, { did: endorsement.from, endorsements: [] });
+      }
+      if (!graph.has(endorsement.to)) {
+        graph.set(endorsement.to, { did: endorsement.to, endorsements: [] });
+      }
+      graph.get(endorsement.from).endorsements.push(endorsement);
+    }
+    return graph;
+  }
+  /**
+   * Find strongly connected components using Tarjan's algorithm
+   */
+  findSCCs(graph) {
+    const sccs = [];
+    const stack = [];
+    let index = 0;
+    const strongConnect = (node) => {
+      node.index = index;
+      node.lowlink = index;
+      index++;
+      stack.push(node.did);
+      node.onStack = true;
+      for (const endorsement of node.endorsements) {
+        const successor = graph.get(endorsement.to);
+        if (!successor) continue;
+        if (successor.index === void 0) {
+          strongConnect(successor);
+          node.lowlink = Math.min(node.lowlink, successor.lowlink);
+        } else if (successor.onStack) {
+          node.lowlink = Math.min(node.lowlink, successor.index);
+        }
+      }
+      if (node.lowlink === node.index) {
+        const sccNodes = [];
+        let w;
+        do {
+          w = stack.pop();
+          graph.get(w).onStack = false;
+          sccNodes.push(w);
+        } while (w !== node.did);
+        if (sccNodes.length > 1) {
+          let internalEdges = 0;
+          let externalEdges = 0;
+          for (const did of sccNodes) {
+            const n = graph.get(did);
+            for (const endorsement of n.endorsements) {
+              if (sccNodes.includes(endorsement.to)) {
+                internalEdges++;
+              } else {
+                externalEdges++;
+              }
+            }
+          }
+          sccs.push({ nodes: sccNodes, internalEdges, externalEdges });
+        }
+      }
+    };
+    for (const node of graph.values()) {
+      if (node.index === void 0) {
+        strongConnect(node);
+      }
+    }
+    return sccs;
+  }
+  /**
+   * Rebuild the SCC penalty cache from a full endorsement graph.
+   * Called lazily when the cache is stale.
+   */
+  rebuildSccPenaltyCache(endorsements) {
+    this.sccPenaltyCache.clear();
+    const graph = this.buildGraph(endorsements);
+    const sccs = this.findSCCs(graph);
+    for (const scc of sccs) {
+      if (scc.nodes.length > 3) {
+        const ratio = scc.externalEdges / (scc.internalEdges || 1);
+        if (ratio < 0.2) {
+          for (const did of scc.nodes) {
+            this.sccPenaltyCache.set(did, 0.1);
+          }
+        }
+      }
+    }
+    this.sccCacheExpiresAt = Date.now() + this.SCC_CACHE_TTL;
+  }
+  /**
+   * Get collusion penalty for an endorser.
+   * Returns 0.1 if the endorser is in a detected collusion cluster, 1.0 otherwise.
+   */
+  getCollusionPenalty(endorser) {
+    return this.sccPenaltyCache.get(endorser) ?? 1;
+  }
+  /**
+   * Filter endorsements by domain
+   */
+  filterByDomain(endorsements, domain) {
+    if (!domain) {
+      return endorsements;
+    }
+    return endorsements.filter(
+      (e) => e.domain === domain || e.domain === void 0 || e.domain === "*"
+    );
+  }
+  /**
+   * Get cache key
+   */
+  getCacheKey(target, domain) {
+    return `${target}:${domain || "*"}`;
+  }
+  /**
+   * Clear cache
+   */
+  clearCache() {
+    this.cache.clear();
+    logger10.debug("Trust score cache cleared");
+  }
+  /**
+   * Update configuration
+   */
+  updateConfig(config) {
+    this.config = {
+      ...this.config,
+      ...config,
+      decayHalfLife: {
+        ...this.config.decayHalfLife,
+        ...config.decayHalfLife
+      }
+    };
+    this.clearCache();
+    logger10.info("Trust config updated", { config });
+  }
+};
+var logger11 = createLogger("trust-system");
 var TrustSystem = class {
   metrics;
   history;
@@ -2545,6 +2893,8 @@ var TrustSystem = class {
   trustCache = /* @__PURE__ */ new Map();
   CACHE_TTL = 5 * 60 * 1e3;
   // 5 minutes
+  // Uptime tracking: DID → { firstSeen, totalOnlineMs, lastOnlineAt }
+  uptimeTracker = /* @__PURE__ */ new Map();
   constructor(config) {
     this.metrics = new TrustMetrics();
     this.history = new InteractionHistory(`${config.dbPath}/interactions`);
@@ -2559,14 +2909,14 @@ var TrustSystem = class {
    */
   async start() {
     await this.history.open();
-    logger12.info("Trust system started");
+    logger11.info("Trust system started");
   }
   /**
    * Shutdown the trust system
    */
   async stop() {
     await this.history.close();
-    logger12.info("Trust system stopped");
+    logger11.info("Trust system stopped");
   }
   /**
    * Record an interaction
@@ -2576,6 +2926,42 @@ var TrustSystem = class {
     this.sybilDefense.recordRequest(interaction.agentDid);
     this.trustCache.delete(interaction.agentDid);
   }
+  /**
+   * Record agent coming online (for uptime tracking)
+   */
+  recordOnline(agentDid) {
+    const now = Date.now();
+    const existing = this.uptimeTracker.get(agentDid);
+    if (existing) {
+      existing.lastOnlineAt = now;
+    } else {
+      this.uptimeTracker.set(agentDid, { firstSeen: now, totalOnlineMs: 0, lastOnlineAt: now });
+    }
+  }
+  /**
+   * Record agent going offline (for uptime tracking)
+   */
+  recordOffline(agentDid) {
+    const now = Date.now();
+    const entry = this.uptimeTracker.get(agentDid);
+    if (entry && entry.lastOnlineAt > 0) {
+      entry.totalOnlineMs += now - entry.lastOnlineAt;
+      entry.lastOnlineAt = 0;
+    }
+  }
+  /**
+   * Get uptime ratio for an agent (0.0 - 1.0)
+   * Based on time since first seen vs total online time.
+   */
+  getUptime(agentDid) {
+    const entry = this.uptimeTracker.get(agentDid);
+    if (!entry) return 1;
+    const now = Date.now();
+    const totalMs = now - entry.firstSeen;
+    if (totalMs < 6e4) return 1;
+    const onlineMs = entry.totalOnlineMs + (entry.lastOnlineAt > 0 ? now - entry.lastOnlineAt : 0);
+    return Math.min(1, onlineMs / totalMs);
+  }
   /**
    * Get trust score for an agent
    */
@@ -2586,8 +2972,9 @@ var TrustSystem = class {
     }
     const stats = await this.history.getStats(agentDid);
     const endorsementList = await this.endorsements.getEndorsements(agentDid);
-    const uptime = 1;
-    const score = this.metrics.calculateScore(stats, endorsementList.length, uptime);
+    const uptime = this.getUptime(agentDid);
+    const endorsementScore = endorsementList.length > 0 ? endorsementList.reduce((sum, e) => sum + e.score, 0) / endorsementList.length : 0;
+    const score = this.metrics.calculateScore(stats, endorsementScore, uptime);
     this.trustCache.set(agentDid, { score, timestamp: Date.now() });
     return score;
   }
@@ -2655,13 +3042,13 @@ var TrustSystem = class {
     await this.history.cleanup();
     this.sybilDefense.cleanup();
     this.trustCache.clear();
-    logger12.info("Trust system cleanup completed");
+    logger11.info("Trust system cleanup completed");
   }
 };
 function createTrustSystem(config) {
   return new TrustSystem(config);
 }
 
-export { CLAWIVERSE_CONTEXT, CapabilityMatcher, CapabilityTypes, ClawiverseError, DEFAULT_RATE_LIMIT_TIERS, DefenseMiddleware, DiscoveryError, EndorsementManager, IdentityError, InteractionHistory, LogLevel, Logger, MessageQueue, MessageStorage, MessagingError, ParameterTypes, RELAY_PROTOCOL_VERSION, SCHEMA_ORG_CONTEXT, SearchIndex, SemanticSearchEngine, SybilDefense, TokenBucket, TransportError, TrustMetrics, TrustSystem, clawiverseContext, createAgentCard, createDefaultTrustScore, createEnvelope, createLegacyAgentCard, createLogger, createMessageRouter, createRelayClient, createRelayIndexOperations, createSemanticSearch, createTrustSystem, decodeAgentCard, decodeFromCBOR, decodeFromJSON, decodeMessage, decodeMessageJSON, deriveDID, downgradeToLegacyCard, encodeForDHT, encodeForWeb, encodeMessage, encodeMessageJSON, exportKeyPair, extractPublicKey, generateKeyPair, getAgentCardContext, getEncodedSize, getTierConfig, importKeyPair, isLegacyCard, isValidContext, matchesCapability, sign, signAgentCard, signEnvelope, signMessage, upgradeLegacyCard, validateAgentCard, validateDID, validateEnvelope, verify, verifyAgentCard, verifyEnvelope, verifyMessage };
+export { CLAWIVERSE_CONTEXT, CapabilityTypes, ClawiverseError, DEFAULT_RATE_LIMIT_TIERS, DefenseMiddleware, DiscoveryError, EndorsementManager, FAST_DOMAINS, IdentityError, InteractionHistory, LogLevel, Logger, MessageQueue, MessageStorage, MessagingError, ParameterTypes, RELAY_PROTOCOL_VERSION, SCHEMA_ORG_CONTEXT, SLOW_DOMAINS, SybilDefense, TokenBucket, TransportError, TrustComputer, TrustMetrics, TrustSystem, clawiverseContext, createAgentCard, createDIDDocument, createDefaultTrustScore, createEnvelope, createLegacyAgentCard, createLogger, createMessageRouter, createRelayClient, createRelayIndexOperations, createTrustSystem, decodeAgentCard, decodeFromCBOR, decodeFromJSON, decodeMessage, decodeMessageJSON, deriveDID, downgradeToLegacyCard, encodeForDHT, encodeForWeb, encodeMessage, encodeMessageJSON, exportKeyPair, extractPublicKey, formatDidWithAlias, formatDidWithAliasDetailed, generateAnonymousIdentity, generateKeyPair, generateThreadId, getAgentCardContext, getDefaultExpiration, getEncodedSize, getTierConfig, importKeyPair, isLegacyCard, isValidContext, matchesCapability, normalizeEnvelope, normalizeEnvelopeType, resolveDid, reverseAlias, sign, signAgentCard, signEnvelope, signMessage, upgradeLegacyCard, validateAgentCard, validateAliasName, validateDID, validateDIDDocument, validateDomain, validateEnvelope, verify, verifyAgentCard, verifyEnvelope, verifyMessage };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map