@ouro.bot/cli 0.1.0-alpha.653 → 0.1.0-alpha.654

package/dist/heart/identity.js

@@ -137,6 +137,7 @@ exports.DEFAULT_AGENT_SENSES = {
     bluebubbles: { enabled: false },
     mail: { enabled: false },
     voice: { enabled: false },
+    a2a: { enabled: false },
 };
 function normalizeSenses(value, configFile) {
     const defaults = {
@@ -145,6 +146,7 @@ function normalizeSenses(value, configFile) {
         bluebubbles: { ...exports.DEFAULT_AGENT_SENSES.bluebubbles },
         mail: { ...exports.DEFAULT_AGENT_SENSES.mail },
         voice: { ...exports.DEFAULT_AGENT_SENSES.voice },
+        a2a: { ...exports.DEFAULT_AGENT_SENSES.a2a },
     };
     if (value === undefined) {
         return defaults;
@@ -160,7 +162,7 @@ function normalizeSenses(value, configFile) {
         throw new Error(`agent.json at ${configFile} must include senses as an object when present.`);
     }
     const raw = value;
-    const senseNames = ["cli", "teams", "bluebubbles", "mail", "voice"];
+    const senseNames = ["cli", "teams", "bluebubbles", "mail", "voice", "a2a"];
     for (const senseName of senseNames) {
         const rawSense = raw[senseName];
         if (rawSense === undefined) {
@@ -204,6 +206,7 @@ function buildDefaultAgentTemplate(_agentName) {
             bluebubbles: { ...exports.DEFAULT_AGENT_SENSES.bluebubbles },
             mail: { ...exports.DEFAULT_AGENT_SENSES.mail },
             voice: { ...exports.DEFAULT_AGENT_SENSES.voice },
+            a2a: { ...exports.DEFAULT_AGENT_SENSES.a2a },
         },
         phrases: {
             thinking: [...exports.DEFAULT_AGENT_PHRASES.thinking],

package/dist/heart/sense-truth.js

@@ -9,6 +9,7 @@ const SENSES = [
     { sense: "bluebubbles", label: "BlueBubbles", daemonManaged: true },
     { sense: "mail", label: "Mail", daemonManaged: true },
     { sense: "voice", label: "Voice", daemonManaged: true },
+    { sense: "a2a", label: "A2A", daemonManaged: true },
 ];
 function configuredSenses(senses) {
     const configured = senses ?? {};
@@ -19,6 +20,7 @@ function configuredSenses(senses) {
         bluebubbles: configured.bluebubbles ?? { ...identity_1.DEFAULT_AGENT_SENSES.bluebubbles },
         mail: configured.mail ?? { ...identity_1.DEFAULT_AGENT_SENSES.mail },
         voice: configured.voice ?? { ...identity_1.DEFAULT_AGENT_SENSES.voice },
+        a2a: configured.a2a ?? { ...identity_1.DEFAULT_AGENT_SENSES.a2a },
     };
 }
 function resolveStatus(enabled, daemonManaged, runtimeInfo) {

package/dist/heart/turn-context.js

@@ -140,6 +140,7 @@ function readSenseStatusLines() {
         bluebubbles: configuredSenses.bluebubbles ?? { enabled: false },
         mail: configuredSenses.mail ?? { enabled: false },
         voice: configuredSenses.voice ?? { enabled: false },
+        a2a: configuredSenses.a2a ?? { enabled: false },
     };
     const payload = (0, config_1.loadConfig)();
     const agentName = (0, identity_1.getAgentName)();
@@ -183,6 +184,7 @@ function readSenseStatusLines() {
             : voiceConversationEngine === "openai-realtime"
                 ? openAIRealtimeVoiceReady
                 : cascadeVoiceReady,
+        a2a: true,
     };
     const rows = [
         { label: "CLI", status: "interactive" },
@@ -202,6 +204,10 @@ function readSenseStatusLines() {
             label: "Voice",
             status: !senses.voice.enabled ? "disabled" : configured.voice ? "ready" : "needs_config",
         },
+        {
+            label: "A2A",
+            status: senses.a2a.enabled ? "ready" : "disabled",
+        },
     ];
     return rows.map((row) => `- ${row.label}: ${row.status}`);
 }

package/dist/mind/friends/channel.js

@@ -7,7 +7,7 @@ exports.getChannelCapabilities = getChannelCapabilities;
 exports.isRemoteChannel = isRemoteChannel;
 exports.getAlwaysOnSenseNames = getAlwaysOnSenseNames;
 const runtime_1 = require("../../nerves/runtime");
-const AGENT_FACING_CHANNELS = new Set(["inner", "mcp"]);
+const AGENT_FACING_CHANNELS = new Set(["inner", "mcp", "a2a"]);
 function channelToFacing(channel) {
     const facing = channel && AGENT_FACING_CHANNELS.has(channel) ? "agent" : "human";
     (0, runtime_1.emitNervesEvent)({
@@ -64,6 +64,15 @@ const CHANNEL_CAPABILITIES = {
         supportsRichCards: false,
         maxMessageLength: Infinity,
     },
+    a2a: {
+        channel: "a2a",
+        senseType: "open",
+        availableIntegrations: [],
+        supportsMarkdown: true,
+        supportsStreaming: false,
+        supportsRichCards: false,
+        maxMessageLength: Infinity,
+    },
     inner: {
         channel: "inner",
         senseType: "internal",

package/dist/mind/friends/resolver.js

@@ -87,6 +87,7 @@ class FriendResolver {
             hasAnyFriends = false;
         }
         const isFirstImprint = !hasAnyFriends;
+        const isA2AAgent = this.params.provider === "a2a-agent";
         // BlueBubbles group chats route through here as `imessage-handle` with an
         // externalId of the form `group:any;+;<chatHash>`. When the harness auto-
         // creates the group friend at stranger trust, we mark the record so that
@@ -105,8 +106,8 @@ class FriendResolver {
         const friend = {
             id: (0, crypto_1.randomUUID)(),
             name: this.params.displayName,
-            role: isFirstImprint ? "primary" : "stranger",
-            trustLevel: isFirstImprint ? "family" : "stranger",
+            role: isA2AAgent ? "agent-peer" : isFirstImprint ? "primary" : "stranger",
+            trustLevel: isA2AAgent ? "stranger" : isFirstImprint ? "family" : "stranger",
             connections: [],
             externalIds: [externalId],
             tenantMemberships,
@@ -116,6 +117,16 @@ class FriendResolver {
             createdAt: now,
             updatedAt: now,
             schemaVersion: CURRENT_SCHEMA_VERSION,
+            kind: isA2AAgent ? "agent" : "human",
+            ...(isA2AAgent ? {
+                agentMeta: {
+                    bundleName: this.params.displayName,
+                    familiarity: 0,
+                    sharedMissions: [],
+                    outcomes: [],
+                    a2a: { agentId: this.params.externalId },
+                },
+            } : {}),
         };
         // Persist -- log and continue on failure (D16)
         try {

package/dist/mind/friends/store-file.js

@@ -190,8 +190,21 @@ class FileFriendStore {
             familiarity: typeof meta.familiarity === "number" ? meta.familiarity : 0,
             sharedMissions: Array.isArray(meta.sharedMissions) ? meta.sharedMissions : [],
             outcomes: Array.isArray(meta.outcomes) ? meta.outcomes : [],
+            ...(this.normalizeA2AMeta(meta.a2a) ? { a2a: this.normalizeA2AMeta(meta.a2a) } : {}),
         };
     }
+    normalizeA2AMeta(raw) {
+        if (!raw || typeof raw !== "object" || Array.isArray(raw))
+            return undefined;
+        const meta = raw;
+        const a2a = {
+            ...(typeof meta.cardUrl === "string" ? { cardUrl: meta.cardUrl } : {}),
+            ...(typeof meta.endpointUrl === "string" ? { endpointUrl: meta.endpointUrl } : {}),
+            ...(typeof meta.agentId === "string" ? { agentId: meta.agentId } : {}),
+            ...(typeof meta.protocolVersion === "string" ? { protocolVersion: meta.protocolVersion } : {}),
+        };
+        return Object.keys(a2a).length > 0 ? a2a : undefined;
+    }
     async readJson(filePath) {
         try {
             const raw = await fsPromises.readFile(filePath, "utf-8");

package/dist/mind/friends/types.js

@@ -7,7 +7,7 @@ exports.isIdentityProvider = isIdentityProvider;
 exports.isIntegration = isIntegration;
 exports.isTrustedLevel = isTrustedLevel;
 const runtime_1 = require("../../nerves/runtime");
-const IDENTITY_PROVIDERS = new Set(["aad", "local", "teams-conversation", "imessage-handle", "email-address"]);
+const IDENTITY_PROVIDERS = new Set(["aad", "local", "teams-conversation", "imessage-handle", "email-address", "a2a-agent"]);
 function isIdentityProvider(value) {
     (0, runtime_1.emitNervesEvent)({
         component: "friends",

package/dist/mind/prompt.js

@@ -346,6 +346,7 @@ const PROCESS_TYPE_LABELS = {
     bluebubbles: "bluebubbles handler",
     mail: "mail handler",
     voice: "voice handler",
+    a2a: "a2a handler",
     mcp: "mcp bridge",
 };
 function processTypeLabel(channel) {
@@ -409,6 +410,9 @@ function runtimeInfoSection(channel, options) {
     else if (channel === "mail") {
         lines.push("i am responding from an agent mail session. i keep the response clear, auditable, and grounded in visible mail facts.");
     }
+    else if (channel === "a2a") {
+        lines.push("i am responding through the A2A sense to another agent peer. i treat the peer as an agent friend record, keep the exchange task-oriented and auditable, and rely on the existing friend trust model for authority.");
+    }
     else if (channel === "voice") {
         lines.push("i am responding in a live voice session. the person is waiting in real time, so i answer early and often, keep spoken turns to one or two short sentences, stay interruption-friendly, avoid markdown and lists unless explicitly asked, and use speak before any tool work that may take more than a moment. if a later transcript says the caller interrupted or followed up while i was speaking, i prioritize that newest utterance before continuing the older answer. the overview shows the text transcript as the durable record.");
     }
@@ -435,6 +439,7 @@ function localSenseStatusLines() {
         bluebubbles: configuredSenses.bluebubbles ?? { enabled: false },
         mail: configuredSenses.mail ?? { enabled: false },
         voice: configuredSenses.voice ?? { enabled: false },
+        a2a: configuredSenses.a2a ?? { enabled: false },
     };
     const payload = (0, config_1.loadConfig)();
     const runtimeConfig = (0, runtime_credentials_1.readRuntimeCredentialConfig)((0, identity_1.getAgentName)());
@@ -457,6 +462,7 @@ function localSenseStatusLines() {
             && (hasTextField(integrations, "elevenLabsVoiceId") || hasTextField(portableVoice, "elevenLabsVoiceId"))
             && hasTextField(voice, "whisperCliPath")
             && hasTextField(voice, "whisperModelPath"),
+        a2a: true,
     };
     const rows = [
         { label: "CLI", status: "interactive" },
@@ -476,6 +482,10 @@ function localSenseStatusLines() {
             label: "Voice",
             status: !senses.voice.enabled ? "disabled" : configured.voice ? "ready" : "needs_config",
         },
+        {
+            label: "A2A",
+            status: senses.a2a.enabled ? "ready" : "disabled",
+        },
     ];
     return rows.map((row) => `- ${row.label}: ${row.status}`);
 }
@@ -493,6 +503,7 @@ function senseRuntimeGuidance(channel, preReadStatusLines) {
     lines.push("If asked how to enable another sense, I explain the relevant agent.json senses entry and required agent-vault runtime/config fields instead of guessing.");
     lines.push("teams setup truth: run `ouro connect teams --agent <agent>` from the connect bay; it stores Teams runtime/config fields and enables `senses.teams.enabled`.");
     lines.push("bluebubbles setup truth: run `ouro connect bluebubbles --agent <agent>` from the connect bay; it stores this machine's BlueBubbles URL/password/listener config in the agent vault machine runtime item.");
+    lines.push("a2a setup truth: run `ouro connect a2a --agent <agent>` to enable the A2A sense, `ouro a2a card --agent <agent> --base-url <public-url>` to publish an agent card, and `ouro a2a onboard --agent <agent> --card-url <peer-card-url>` to add a peer as an agent friend. A2A uses the existing friend trust model, not a separate trust registry.");
     lines.push("mail setup AX: if a human asks me to set up email, I do not hand them a terminal checklist. I guide the flow end-to-end: name the current phase, run agent-runnable commands myself with shell/tools when available, ask the human only for human-required facts or browser actions, wait for their reply, verify the result, then continue.");
     lines.push("mail setup hard rule: never tell the human to run `ouro account ensure`, `ouro connect mail`, `ouro mail import-mbox`, `ouro status`, or `ouro doctor` for setup. Say what I am about to run, run it myself, and report the result. If my current surface cannot run shell/tools, I ask for a tool-capable Ouro setup session or companion to continue; I do not offload CLI operation to the human.");
     lines.push("mail setup truth: Agent Mail uses Mailroom, not HEY OAuth/IMAP. For the full work substrate account, the agent-runnable command is `ouro account ensure --agent <agent> --owner-email <email> --source hey`; use `ouro connect mail --agent <agent> --owner-email <email> --source hey` for mail-only repair/provisioning, or `--no-delegated-source` for native-only mail. The detailed runbook is `docs/agent-mail-setup.md`.");

package/dist/repertoire/guardrails.js

@@ -39,6 +39,7 @@ const fs = __importStar(require("node:fs"));
 const path = __importStar(require("node:path"));
 const types_1 = require("../mind/friends/types");
 const runtime_1 = require("../nerves/runtime");
+const store_1 = require("../commerce/store");
 const deny = (reason) => ({ allowed: false, reason });
 const allow = { allowed: true };
 // --- reason templates ---
@@ -292,6 +293,9 @@ const CREDENTIAL_TRUSTED_TOOLS = new Set(["credential_get", "credential_list"]);
 // advisory and geocode are public APIs but gated for consistency)
 // Flight search is also friend+ (read-only, no payment)
 const TRAVEL_TRUSTED_TOOLS = new Set(["weather_lookup", "travel_advisory", "geocode_search", "flight_search"]);
+const A2A_TRUSTED_TOOLS = new Set(["a2a_list_peers", "a2a_send_message", "a2a_get_task"]);
+const COMMERCE_FAMILY_TOOLS = new Set(["commerce_checkout_preview", "commerce_checkout_commit", "commerce_receipt_get", "commerce_access_log"]);
+const COMMERCE_AUTHORITY_TOOLS = new Set(["stripe_create_card", "flight_hold", "flight_book"]);
 const MAIL_FAMILY_TOOLS = new Set(["mail_screener", "mail_decide", "mail_access_log", "mail_send", "mail_index_refresh"]);
 const MAIL_DELEGATED_READ_TOOLS = new Set(["mail_recent", "mail_search"]);
 function mailTrustGuardrail(toolName, args, context) {
@@ -315,18 +319,34 @@ function mailTrustGuardrail(toolName, args, context) {
     return allow;
 }
 function checkCredentialTrustGuardrails(toolName, context) {
-    if (CREDENTIAL_FAMILY_TOOLS.has(toolName)) {
+    if (CREDENTIAL_FAMILY_TOOLS.has(toolName) || COMMERCE_FAMILY_TOOLS.has(toolName)) {
         if (context.trustLevel === "family")
             return allow;
         return deny(REASONS.needsTrust);
     }
-    if (CREDENTIAL_TRUSTED_TOOLS.has(toolName) || TRAVEL_TRUSTED_TOOLS.has(toolName)) {
+    if (CREDENTIAL_TRUSTED_TOOLS.has(toolName) || TRAVEL_TRUSTED_TOOLS.has(toolName) || A2A_TRUSTED_TOOLS.has(toolName)) {
         if ((0, types_1.isTrustedLevel)(context.trustLevel))
             return allow;
         return deny(REASONS.needsTrust);
     }
     return allow;
 }
+function checkCommerceAuthorityGuardrails(toolName, args, context) {
+    if (!COMMERCE_AUTHORITY_TOOLS.has(toolName))
+        return allow;
+    if (!context.agentRoot)
+        return deny("commerce authority unavailable: agent root could not be resolved.");
+    const result = (0, store_1.validateCommerceAuthority)({
+        agentRoot: context.agentRoot,
+        token: args.commerce_authority,
+        toolName,
+        args,
+        friendId: context.friendId,
+    });
+    if (result.ok)
+        return allow;
+    return deny(`commerce authority required: ${result.reason}`);
+}
 function checkFirstClassMcpTrust(context) {
     if (!context.mcpServerName)
         return allow;
@@ -347,6 +367,9 @@ function checkTrustLevelGuardrails(toolName, args, context) {
     const credentialResult = checkCredentialTrustGuardrails(toolName, context);
     if (!credentialResult.allowed)
         return credentialResult;
+    const commerceAuthorityResult = checkCommerceAuthorityGuardrails(toolName, args, context);
+    if (!commerceAuthorityResult.allowed)
+        return commerceAuthorityResult;
     // First-class MCP tool trust (e.g. browser_navigate) — applies at all trust levels
     const firstClassMcpResult = checkFirstClassMcpTrust(context);
     if (!firstClassMcpResult.allowed)

package/dist/repertoire/tools-a2a.js

@@ -0,0 +1,283 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.a2aToolDefinitions = void 0;
+const path = __importStar(require("node:path"));
+const identity_1 = require("../heart/identity");
+const runtime_credentials_1 = require("../heart/runtime-credentials");
+const types_1 = require("../mind/friends/types");
+const store_file_1 = require("../mind/friends/store-file");
+const runtime_1 = require("../nerves/runtime");
+const client_1 = require("../a2a/client");
+const outboundTaskTokens = new Map();
+function tokenKey(ctx, friendId, taskId) {
+    return `${ctx?.agentRoot ?? "ambient"}\n${friendId}\n${taskId}`;
+}
+function rememberTaskToken(ctx, friendId, task) {
+    /* v8 ignore next -- defensive metadata-shape guard; protocol tasks from Ouro servers always use object metadata @preserve */
+    const token = task.metadata?.a2a && typeof task.metadata.a2a === "object" && !Array.isArray(task.metadata.a2a)
+        ? task.metadata.a2a.accessToken
+        : undefined;
+    if (typeof token === "string" && token.trim()) {
+        outboundTaskTokens.set(tokenKey(ctx, friendId, task.id), token.trim());
+    }
+}
+function rememberedTaskToken(ctx, friendId, taskId) {
+    return outboundTaskTokens.get(tokenKey(ctx, friendId, taskId));
+}
+function redactTaskToken(task) {
+    const a2a = task.metadata?.a2a;
+    if (!a2a || typeof a2a !== "object" || Array.isArray(a2a) || !("accessToken" in a2a))
+        return task;
+    const { accessToken: _accessToken, ...safeA2A } = a2a;
+    return {
+        ...task,
+        metadata: {
+            ...task.metadata,
+            a2a: safeA2A,
+        },
+    };
+}
+function storeFor(ctx) {
+    if (ctx?.friendStore)
+        return ctx.friendStore;
+    /* v8 ignore next -- no-agentRoot fallback depends on process argv; normal tool calls inject agentRoot @preserve */
+    if (ctx?.agentRoot)
+        return new store_file_1.FileFriendStore(path.join(ctx.agentRoot, "friends"));
+    return new store_file_1.FileFriendStore(path.join((0, identity_1.getAgentRoot)(), "friends"));
+}
+function requireTrustedRequester(ctx) {
+    if (!ctx?.context?.friend?.id)
+        return "no friend context — cannot use A2A tools.";
+    if (!(0, types_1.isTrustedLevel)(ctx.context.friend.trustLevel))
+        return "A2A tools require friend or family trust.";
+    return null;
+}
+function isA2APeer(friend) {
+    return friend.kind === "agent" && friend.externalIds.some((id) => id.provider === "a2a-agent");
+}
+function agentNameFromRoot(agentRoot) {
+    if (!agentRoot)
+        return undefined;
+    const base = path.basename(agentRoot);
+    return base.endsWith(".ouro") ? base.slice(0, -".ouro".length) : undefined;
+}
+function textField(record, key) {
+    const value = record?.[key];
+    return typeof value === "string" && value.trim() ? value.trim() : undefined;
+}
+function localA2ACardUrl(agentRoot) {
+    const agentName = agentNameFromRoot(agentRoot);
+    if (!agentName)
+        return undefined;
+    const result = (0, runtime_credentials_1.readMachineRuntimeCredentialConfig)(agentName);
+    if (!result.ok)
+        return undefined;
+    const a2a = result.config.a2a;
+    if (!a2a || typeof a2a !== "object" || Array.isArray(a2a))
+        return undefined;
+    const publicUrl = textField(a2a, "publicUrl");
+    return publicUrl ? `${publicUrl.replace(/\/+$/, "")}/.well-known/agent-card.json` : undefined;
+}
+async function resolveA2AEndpoint(friend) {
+    const metadata = friend.agentMeta?.a2a;
+    if (metadata?.endpointUrl) {
+        return { endpointUrl: metadata.endpointUrl, agentId: metadata.agentId, peerName: friend.name };
+    }
+    if (metadata?.cardUrl) {
+        const card = await (0, client_1.fetchA2AAgentCard)(metadata.cardUrl);
+        const endpointUrl = (0, client_1.endpointForCard)(card);
+        /* v8 ignore next -- fetchA2AAgentCard rejects cards without a usable endpoint before tools see them @preserve */
+        if (!endpointUrl)
+            throw new Error("A2A card has no JSONRPC endpoint");
+        /* v8 ignore next -- empty card names are invalid in practice; friend-name fallback is defensive @preserve */
+        const peerName = card.name || friend.name;
+        return { endpointUrl, agentId: metadata.agentId ?? endpointUrl, peerName };
+    }
+    const external = friend.externalIds.find((id) => id.provider === "a2a-agent");
+    if (external?.externalId?.startsWith("http")) {
+        const card = await (0, client_1.fetchA2AAgentCard)(external.externalId);
+        const endpointUrl = (0, client_1.endpointForCard)(card);
+        /* v8 ignore next -- fetchA2AAgentCard rejects cards without a usable endpoint before tools see them @preserve */
+        if (!endpointUrl)
+            throw new Error("A2A card has no JSONRPC endpoint");
+        /* v8 ignore next -- empty card names are invalid in practice; friend-name fallback is defensive @preserve */
+        const peerName = card.name || friend.name;
+        return { endpointUrl, agentId: external.externalId, peerName };
+    }
+    throw new Error("A2A peer has no endpointUrl or cardUrl in agentMeta.a2a");
+}
+exports.a2aToolDefinitions = [
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "a2a_list_peers",
+                description: "List onboarded A2A agent peers from the friend model. Requires friend or family trust.",
+                parameters: {
+                    type: "object",
+                    properties: {},
+                },
+            },
+        },
+        handler: async (_args, ctx) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.tool_a2a_list_peers",
+                message: "a2a_list_peers invoked",
+                meta: { tool: "a2a_list_peers" },
+            });
+            const guard = requireTrustedRequester(ctx);
+            if (guard)
+                return guard;
+            const store = storeFor(ctx);
+            const listAll = store.listAll;
+            if (!listAll)
+                return "friend store does not support listing.";
+            const peers = (await listAll.call(store)).filter(isA2APeer);
+            return JSON.stringify(peers.map((peer) => ({
+                id: peer.id,
+                name: peer.name,
+                trustLevel: peer.trustLevel ?? "friend",
+                endpointUrl: peer.agentMeta?.a2a?.endpointUrl,
+                cardUrl: peer.agentMeta?.a2a?.cardUrl,
+            })), null, 2);
+        },
+        summaryKeys: [],
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "a2a_send_message",
+                description: "Send a message to a trusted A2A agent peer. The target peer must be an agent friend at friend/family trust.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        friend_id: { type: "string", description: "Friend record ID for the A2A agent peer." },
+                        message: { type: "string", description: "Message or task request to send." },
+                        session_key: { type: "string", description: "Optional A2A context/session key." },
+                    },
+                    required: ["friend_id", "message"],
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.tool_a2a_send_message",
+                message: "a2a_send_message invoked",
+                meta: { tool: "a2a_send_message", friendId: args.friend_id },
+            });
+            const guard = requireTrustedRequester(ctx);
+            if (guard)
+                return guard;
+            const peer = await storeFor(ctx).get(args.friend_id);
+            if (!peer || !isA2APeer(peer))
+                return `A2A peer not found: ${args.friend_id}`;
+            if (!(0, types_1.isTrustedLevel)(peer.trustLevel))
+                return "target A2A peer must be friend or family trust before outbound messages.";
+            try {
+                const endpoint = await resolveA2AEndpoint(peer);
+                const task = await (0, client_1.sendA2AMessage)({
+                    endpointUrl: endpoint.endpointUrl,
+                    message: args.message,
+                    senderAgentId: agentNameFromRoot(ctx?.agentRoot) ?? "ouro-agent",
+                    senderName: agentNameFromRoot(ctx?.agentRoot) ?? "Ouro agent",
+                    senderCardUrl: localA2ACardUrl(ctx?.agentRoot),
+                    sessionKey: args.session_key,
+                });
+                rememberTaskToken(ctx, peer.id, task);
+                return JSON.stringify(redactTaskToken(task), null, 2);
+            }
+            catch (error) {
+                return `A2A send error: ${error instanceof Error ? error.message : /* v8 ignore next -- defensive non-Error transport failures */ String(error)}`;
+            }
+        },
+        summaryKeys: ["friend_id", "session_key"],
+        riskProfile: { mutates: "external_side_effect", risk: "high", reason: "sends a message to a remote agent peer" },
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "a2a_get_task",
+                description: "Fetch a task from a trusted A2A agent peer.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        friend_id: { type: "string", description: "Friend record ID for the A2A agent peer." },
+                        task_id: { type: "string", description: "Remote A2A task ID." },
+                        access_token: { type: "string", description: "Optional task access token from an external A2A response; omitted for tasks sent through a2a_send_message because Ouro stores it out of transcript." },
+                    },
+                    required: ["friend_id", "task_id"],
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.tool_a2a_get_task",
+                message: "a2a_get_task invoked",
+                meta: { tool: "a2a_get_task", friendId: args.friend_id, taskId: args.task_id },
+            });
+            const guard = requireTrustedRequester(ctx);
+            if (guard)
+                return guard;
+            const peer = await storeFor(ctx).get(args.friend_id);
+            if (!peer || !isA2APeer(peer))
+                return `A2A peer not found: ${args.friend_id}`;
+            if (!(0, types_1.isTrustedLevel)(peer.trustLevel))
+                return "target A2A peer must be friend or family trust before task lookup.";
+            try {
+                const endpoint = await resolveA2AEndpoint(peer);
+                const task = await (0, client_1.getA2ATask)({
+                    endpointUrl: endpoint.endpointUrl,
+                    taskId: args.task_id,
+                    accessToken: args.access_token ?? rememberedTaskToken(ctx, peer.id, args.task_id),
+                    senderAgentId: agentNameFromRoot(ctx?.agentRoot) ?? "ouro-agent",
+                    senderName: agentNameFromRoot(ctx?.agentRoot) ?? "Ouro agent",
+                    senderCardUrl: localA2ACardUrl(ctx?.agentRoot),
+                });
+                rememberTaskToken(ctx, peer.id, task);
+                return JSON.stringify(redactTaskToken(task), null, 2);
+            }
+            catch (error) {
+                return `A2A task error: ${error instanceof Error ? error.message : /* v8 ignore next -- defensive non-Error transport failures */ String(error)}`;
+            }
+        },
+        summaryKeys: ["friend_id", "task_id"],
+    },
+];

package/dist/repertoire/tools-base.js

@@ -19,6 +19,8 @@ const tools_flight_1 = require("./tools-flight");
 const tools_attachments_1 = require("./tools-attachments");
 const tools_mail_1 = require("./tools-mail");
 const tools_trip_1 = require("./tools-trip");
+const tools_a2a_1 = require("./tools-a2a");
+const tools_commerce_1 = require("./tools-commerce");
 const tools_awaiting_1 = require("./tools-awaiting");
 const tools_obligations_1 = require("./tools-obligations");
 const tools_evolution_1 = require("./tools-evolution");
@@ -58,6 +60,8 @@ exports.baseToolDefinitions = [
     ...tools_attachments_1.attachmentToolDefinitions,
     ...tools_mail_1.mailToolDefinitions,
     ...tools_trip_1.tripToolDefinitions,
+    ...tools_a2a_1.a2aToolDefinitions,
+    ...tools_commerce_1.commerceToolDefinitions,
     ...tools_awaiting_1.awaitingToolDefinitions,
     ...tools_obligations_1.obligationToolDefinitions,
     ...tools_evolution_1.evolutionToolDefinitions,