@ouro.bot/friends 0.1.0-alpha.6 → 0.1.0-alpha.7

package/dist/coordination.js

@@ -49,8 +49,12 @@ function holdsAssignment(record, selfAgentId) {
 /** Apply the OUTGOING intent to the producer's own mission record as a first-party
  * step: always append the intent to `coordination.log`; on an `accept`, also claim
  * the assignment for self (the accepter is taking it). No other intent moves the
- * producer's `assignee`. Mirrors how recordMission stamps first-party provenance. */
-function applyOutgoingIntent(record, input, now) {
+ * producer's `assignee`. When a `taskSpec` is supplied (a request carrying a task,
+ * gap-1), ALSO record it first-party under `delegations[requestId]` — the task-spec, the
+ * delegated-TO `assignee` (`input.toAgentId`), and first-party provenance. The assignee is
+ * the anchor importMissionResult checks the result's source against (security-review inc-2
+ * finding 1). Mirrors how recordMission stamps first-party provenance. */
+function applyOutgoingIntent(record, input, now, taskSpec) {
     const entry = {
         intent: input.intent,
         fromAgentId: input.selfAgentId,
@@ -62,7 +66,38 @@ function applyOutgoingIntent(record, input, now) {
     const coordination = input.intent === "accept"
         ? { ...withLog, assignee: { agentId: input.selfAgentId }, assignedAt: now }
         : withLog;
-    return { ...record, coordination, updatedAt: now };
+    // gap-1: record the issued delegation first-party under delegations[requestId]. PERSIST
+    // the ASSIGNEE — the agent this task is delegated TO (input.toAgentId) — alongside the
+    // task-spec (security-review inc-2 finding 1). This is the anchor importMissionResult
+    // checks the result's SOURCE against: A only accepts a result for this requestId from the
+    // very agent it delegated TO. Without it, a trusted non-assignee who learned the
+    // requestId could inject a forged result.
+    const delegations = taskSpec
+        ? {
+            ...(record.delegations ?? {}),
+            [taskSpec.requestId]: { task: taskSpec, assignee: { agentId: input.toAgentId }, provenance: { origin: "first_party" } },
+        }
+        : record.delegations;
+    return {
+        ...record,
+        coordination,
+        ...(delegations ? { delegations } : {}),
+        updatedAt: now,
+    };
+}
+/** Build the MissionTaskSpec for a request carrying a task (gap-1): mint the
+ * `requestId` and carry the optional details/inputs only when present. Returns undefined
+ * when there is no task to attach, or the intent is not a request (a task on any other
+ * intent is ignored). */
+function buildTaskSpec(input) {
+    if (input.intent !== "request" || input.task === undefined)
+        return undefined;
+    return {
+        requestId: (0, node_crypto_1.randomUUID)(),
+        summary: input.task.summary,
+        ...(input.task.details !== undefined ? { details: input.task.details } : {}),
+        ...(input.task.inputs !== undefined ? { inputs: input.task.inputs } : {}),
+    };
 }
 /**
  * Producer half of the coordination primitive. Consent-gated (subject = the
@@ -101,6 +136,10 @@ async function prepareCoordination(missions, store, grants, input, consent = con
         return { ok: false, status: "not_assignee" };
     }
     const now = new Date().toISOString();
+    // gap-1: a request carrying a task mints a requestId + a MissionTaskSpec (undefined on
+    // any non-request intent, or when no task was given). Minted ONCE so the envelope's
+    // task and the first-party delegations[requestId] share the same correlation key.
+    const taskSpec = buildTaskSpec(input);
     const envelope = {
         subject: { missionKey: record.missionKey, title: record.title },
         fromAgentId: input.selfAgentId,
@@ -110,11 +149,13 @@ async function prepareCoordination(missions, store, grants, input, consent = con
         ...(input.intent === "handoff" && input.proposedAssignee !== undefined
             ? { proposedAssignee: input.proposedAssignee }
             : {}),
+        ...(taskSpec ? { task: taskSpec } : {}),
         ...(input.proof !== undefined ? { proof: input.proof } : {}),
     };
     // Record the outgoing intent on the producer's own mission (first-party), so the
-    // sender's record reflects "I asked / I offered / I accepted".
-    const updated = applyOutgoingIntent(record, input, now);
+    // sender's record reflects "I asked / I offered / I accepted" — and, for a request
+    // with a task, the issued delegation under delegations[requestId].
+    const updated = applyOutgoingIntent(record, input, now, taskSpec);
     await missions.put(updated.id, updated);
     (0, observability_1.emitNervesEvent)({
         component: "friends",
@@ -174,8 +215,41 @@ function applyIncomingIntent(record, envelope, fromAgentId, now) {
             : withLog;
         return { record: { ...record, coordination, updatedAt: now }, assigned: isLater };
     }
+    // gap-1: a request carrying a task lands the task-spec QUARANTINED under
+    // importedDelegations[fromAgentId][requestId] (attributed, imported), NEVER touching
+    // first-party `delegations`/`learnings`/`notes`/`status`. Idempotent per (agentId,
+    // requestId): an existing entry is preserved (never re-stamped).
+    const importedDelegations = envelope.intent === "request" && envelope.task !== undefined
+        ? mergeImportedDelegation(record, envelope.task, fromAgentId, now)
+        : record.importedDelegations;
     // request / offer / decline / handoff → log only; assignee untouched.
-    return { record: { ...record, coordination: withLog, updatedAt: now }, assigned: false };
+    return {
+        record: {
+            ...record,
+            coordination: withLog,
+            ...(importedDelegations ? { importedDelegations } : {}),
+            updatedAt: now,
+        },
+        assigned: false,
+    };
+}
+/** Land one imported task-spec under `importedDelegations[fromAgentId][requestId]`,
+ * returning a NEW namespace (never mutates the input). First-party `delegations` are NOT
+ * passed in and stay physically untouched. Idempotent per (agentId, requestId): an entry
+ * that already exists is preserved unchanged (never re-stamped with a new importedAt). */
+function mergeImportedDelegation(record, task, fromAgentId, now) {
+    const existing = record.importedDelegations ?? {};
+    const forAgent = existing[fromAgentId] ?? {};
+    // Idempotent: keep the existing entry for this requestId (do not re-stamp on replay).
+    if (forAgent[task.requestId])
+        return existing;
+    return {
+        ...existing,
+        [fromAgentId]: {
+            ...forAgent,
+            [task.requestId]: { task, provenance: { origin: "imported", assertedBy: { agentId: fromAgentId }, importedAt: now } },
+        },
+    };
 }
 /** Create a freshly-seeded mission for a previously-unknown key, carrying the
  * subject's join key + title, `status:"active"`, empty first-party `learnings`. The

package/dist/index.d.ts

@@ -34,6 +34,10 @@ export { MemoryAuditSink, FileAuditSink, auditPathFor } from "./audit";
 export type { AuditSink, ControlPlaneAuditRecord } from "./audit";
 export { linkExternalId, unlinkExternalId } from "./link-identity";
 export { upsertAgentPeer } from "./agent-peer";
+export { connectAgents } from "./connect";
+export type { ConnectPeer, ConnectAgentsInput, ConnectAgentsDeps, ConnectResult, ConnectStatus } from "./connect";
+export { authorizeConnect } from "./connect-authority";
+export type { AuthorizeConnectInput, ConnectAuthorization } from "./connect-authority";
 export { resolveAgentIdentity, withMigratedIdentity } from "./identity";
 export type { ResolvedAgentIdentity } from "./identity";
 export { findFriendByDid } from "./friend-lookup";
@@ -57,6 +61,9 @@ export { prepareMissionShare, importMissionShare } from "./mission-share";
 export type { MissionShareEnvelope, SharedLearning, PrepareMissionShareInput, PrepareMissionShareResult, PrepareMissionShareStatus, ImportMissionShareInput, ImportMissionShareOptions, ImportMissionShareResult, ImportMissionShareStatus, } from "./mission-share";
 export { prepareCoordination, importCoordination } from "./coordination";
 export type { CoordinationEnvelope, PrepareCoordinationInput, PrepareCoordinationResult, PrepareCoordinationStatus, ImportCoordinationInput, ImportCoordinationOptions, ImportCoordinationResult, ImportCoordinationStatus, } from "./coordination";
+export { prepareMissionResult, importMissionResult } from "./mission-result";
+export type { PrepareMissionResultInput, PrepareMissionResultResult, PrepareMissionResultStatus, ImportMissionResultInput, ImportMissionResultOptions, ImportMissionResultResult, ImportMissionResultStatus, } from "./mission-result";
+export type { MissionTaskSpec, MissionResult, MissionResultEnvelope } from "./types";
 export { grantShare, revokeShare, listShares, isGrantEffective } from "./grants";
 export { emitNervesEvent, setNervesEmitter, } from "./observability";
 export type { NervesEvent, NervesEmitter, LogLevel } from "./observability";

package/dist/index.js

@@ -6,8 +6,8 @@
 // multi-agent (a2a peer) aware, consumed through the FriendStore interface +
 // FriendResolver.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.resolveRoom = exports.whoami = exports.recordMission = exports.recordRelationshipOutcome = exports._resetRosterVerifierWarningForTest = exports.verifiedCandidate = exports.evaluateAccountMembership = exports.MemoryRosterStore = exports.DEFAULT_ROSTER_VERIFIER = exports.identityRosterVerifier = exports.rostersDirFor = exports.FileRosterStore = exports.findFriendByDid = exports.withMigratedIdentity = exports.resolveAgentIdentity = exports.upsertAgentPeer = exports.unlinkExternalId = exports.linkExternalId = exports.auditPathFor = exports.FileAuditSink = exports.MemoryAuditSink = exports.setFriendTrust = exports.applyFriendNote = exports.accumulateFriendTokens = exports.upsertGroupContextParticipants = exports.DEFAULT_STANDING_RULE = exports.explainStanding = exports.assessStanding = exports.describeTrustContext = exports.getAlwaysOnSenseNames = exports.isRemoteChannel = exports.channelToFacing = exports.getChannelCapabilities = exports._setMachineOwnerUsernameForTest = exports.isLocalMachineOwnerIdentity = exports.machineOwnerUsername = exports.FriendResolver = exports.openFileBundle = exports.missionsDirFor = exports.FileMissionStore = exports.grantsDirFor = exports.FileGrantStore = exports.FileFriendStore = exports.isCoordinationIntent = exports.isShareScope = exports.isIntegration = exports.isIdentityProvider = exports.isTrustedLevel = exports.IDENTITY_SCOPES = exports.TRUSTED_LEVELS = void 0;
-exports.setNervesEmitter = exports.emitNervesEvent = exports.isGrantEffective = exports.listShares = exports.revokeShare = exports.grantShare = exports.importCoordination = exports.prepareCoordination = exports.importMissionShare = exports.prepareMissionShare = exports.importProfileShare = exports.prepareProfileShare = exports.DEFAULT_AGENT_VERIFIER = exports.tofuVerifier = exports.DEFAULT_CONSENT_POLICY = exports.tieredPolicy = exports.trustImpliedPolicy = exports.strictPolicy = void 0;
+exports.recordMission = exports.recordRelationshipOutcome = exports._resetRosterVerifierWarningForTest = exports.verifiedCandidate = exports.evaluateAccountMembership = exports.MemoryRosterStore = exports.DEFAULT_ROSTER_VERIFIER = exports.identityRosterVerifier = exports.rostersDirFor = exports.FileRosterStore = exports.findFriendByDid = exports.withMigratedIdentity = exports.resolveAgentIdentity = exports.authorizeConnect = exports.connectAgents = exports.upsertAgentPeer = exports.unlinkExternalId = exports.linkExternalId = exports.auditPathFor = exports.FileAuditSink = exports.MemoryAuditSink = exports.setFriendTrust = exports.applyFriendNote = exports.accumulateFriendTokens = exports.upsertGroupContextParticipants = exports.DEFAULT_STANDING_RULE = exports.explainStanding = exports.assessStanding = exports.describeTrustContext = exports.getAlwaysOnSenseNames = exports.isRemoteChannel = exports.channelToFacing = exports.getChannelCapabilities = exports._setMachineOwnerUsernameForTest = exports.isLocalMachineOwnerIdentity = exports.machineOwnerUsername = exports.FriendResolver = exports.openFileBundle = exports.missionsDirFor = exports.FileMissionStore = exports.grantsDirFor = exports.FileGrantStore = exports.FileFriendStore = exports.isCoordinationIntent = exports.isShareScope = exports.isIntegration = exports.isIdentityProvider = exports.isTrustedLevel = exports.IDENTITY_SCOPES = exports.TRUSTED_LEVELS = void 0;
+exports.setNervesEmitter = exports.emitNervesEvent = exports.isGrantEffective = exports.listShares = exports.revokeShare = exports.grantShare = exports.importMissionResult = exports.prepareMissionResult = exports.importCoordination = exports.prepareCoordination = exports.importMissionShare = exports.prepareMissionShare = exports.importProfileShare = exports.prepareProfileShare = exports.DEFAULT_AGENT_VERIFIER = exports.tofuVerifier = exports.DEFAULT_CONSENT_POLICY = exports.tieredPolicy = exports.trustImpliedPolicy = exports.strictPolicy = exports.resolveRoom = exports.whoami = void 0;
 // -- Values --
 var types_1 = require("./types");
 Object.defineProperty(exports, "TRUSTED_LEVELS", { enumerable: true, get: function () { return types_1.TRUSTED_LEVELS; } });
@@ -62,6 +62,16 @@ Object.defineProperty(exports, "linkExternalId", { enumerable: true, get: functi
 Object.defineProperty(exports, "unlinkExternalId", { enumerable: true, get: function () { return link_identity_1.unlinkExternalId; } });
 var agent_peer_1 = require("./agent-peer");
 Object.defineProperty(exports, "upsertAgentPeer", { enumerable: true, get: function () { return agent_peer_1.upsertAgentPeer; } });
+// -- connect_to (brick 8, p11 inc2): the owner links one of their OWN agents into the
+// fleet, gated to a management sense (local/closed) — `local` commits; an `open` sense
+// downgrades to a confirm-prompt; `closed` is gated by a roster/membership check (never a
+// blanket allow); a bare name with no resolvable handle/DID returns needs_handle (never
+// fabricated). Writes one `action:"connect"` control-plane audit. `authorizeConnect` is the
+// pure authority predicate (consumes a pre-computed AccountMembershipResult — core-clean).
+var connect_1 = require("./connect");
+Object.defineProperty(exports, "connectAgents", { enumerable: true, get: function () { return connect_1.connectAgents; } });
+var connect_authority_1 = require("./connect-authority");
+Object.defineProperty(exports, "authorizeConnect", { enumerable: true, get: function () { return connect_authority_1.authorizeConnect; } });
 // -- Agent identity (p11 Item 2 — DID re-key): durable home + migrate-on-read --
 var identity_1 = require("./identity");
 Object.defineProperty(exports, "resolveAgentIdentity", { enumerable: true, get: function () { return identity_1.resolveAgentIdentity; } });
@@ -120,6 +130,16 @@ Object.defineProperty(exports, "importMissionShare", { enumerable: true, get: fu
 var coordination_1 = require("./coordination");
 Object.defineProperty(exports, "prepareCoordination", { enumerable: true, get: function () { return coordination_1.prepareCoordination; } });
 Object.defineProperty(exports, "importCoordination", { enumerable: true, get: function () { return coordination_1.importCoordination; } });
+// -- Result-return / delegation deliverable (gap-2, p11 inc2): B returns its result --
+// prepareMissionResult (producer) / importMissionResult (consumer) carry B's actual
+// produced deliverable back to A — attributed to B, correlated to A's delegation via
+// missionKey + requestId, consent-gated via the existing "coordinate" scope, lands
+// quarantined + attributed on import, trust-capped, non-transitive, first-party-inviolable.
+// `MissionTaskSpec` (gap-1) rides the CoordinationEnvelope; the new MissionRecord fields
+// (delegations / importedDelegations / results / importedResults) are additive.
+var mission_result_1 = require("./mission-result");
+Object.defineProperty(exports, "prepareMissionResult", { enumerable: true, get: function () { return mission_result_1.prepareMissionResult; } });
+Object.defineProperty(exports, "importMissionResult", { enumerable: true, get: function () { return mission_result_1.importMissionResult; } });
 var grants_1 = require("./grants");
 Object.defineProperty(exports, "grantShare", { enumerable: true, get: function () { return grants_1.grantShare; } });
 Object.defineProperty(exports, "revokeShare", { enumerable: true, get: function () { return grants_1.revokeShare; } });

package/dist/mailbox/index.d.ts

@@ -1,6 +1,7 @@
 import type { ProfileShareEnvelope } from "../share";
 import type { MissionShareEnvelope } from "../mission-share";
 import type { CoordinationEnvelope } from "../coordination";
+import type { MissionResultEnvelope } from "../types";
 /** The mailbox wire-format version. Bumped only on a breaking message change. */
 export declare const MAILBOX_VERSION = 1;
 /** A mailbox message: the TRANSPORT wrapper around a verbatim share envelope. The
@@ -14,19 +15,21 @@ export interface MailboxMessage {
     toAgentId: string;
     issuedAt: string;
     /** The payload discriminant. The host branches on it to call importProfileShare
-     * vs importMissionShare vs importCoordination. The mailbox itself is
-     * payload-agnostic — this union grows by one leaf per brick (additive, backward-
-     * compatible); buildOutgoing/readIncoming carry any of them unchanged. */
-    kind: "profile_share" | "mission_share" | "coordination";
-    envelope: ProfileShareEnvelope | MissionShareEnvelope | CoordinationEnvelope;
+     * vs importMissionShare vs importCoordination vs importMissionResult. The mailbox
+     * itself is payload-agnostic — this union grows by one leaf per brick (additive,
+     * backward-compatible); buildOutgoing/readIncoming carry any of them unchanged.
+     * `mission_result` (gap-2) carries B's delegation deliverable back to A. */
+    kind: "profile_share" | "mission_share" | "coordination" | "mission_result";
+    envelope: ProfileShareEnvelope | MissionShareEnvelope | CoordinationEnvelope | MissionResultEnvelope;
 }
 export interface BuildOutgoingInput {
-    envelope: ProfileShareEnvelope | MissionShareEnvelope | CoordinationEnvelope;
+    envelope: ProfileShareEnvelope | MissionShareEnvelope | CoordinationEnvelope | MissionResultEnvelope;
     fromAgentId: string;
     toAgentId: string;
     /** The payload discriminant. Defaults to "profile_share" for backward-compat;
-     * a mission share passes "mission_share", a coordination message "coordination". */
-    kind?: "profile_share" | "mission_share" | "coordination";
+     * a mission share passes "mission_share", a coordination message "coordination",
+     * a result-return "mission_result" (gap-2). */
+    kind?: "profile_share" | "mission_share" | "coordination" | "mission_result";
     /** Injectable ISO clock for deterministic tests; defaults to now. */
     now?: string;
 }
@@ -54,8 +57,8 @@ export interface IncomingMessage {
     fromAgentId: string;
     toAgentId: string;
     issuedAt: string;
-    kind: "profile_share" | "mission_share" | "coordination";
-    envelope: ProfileShareEnvelope | MissionShareEnvelope | CoordinationEnvelope;
+    kind: "profile_share" | "mission_share" | "coordination" | "mission_result";
+    envelope: ProfileShareEnvelope | MissionShareEnvelope | CoordinationEnvelope | MissionResultEnvelope;
     relativePath: string;
 }
 export interface ReadIncomingInput {

package/dist/mailbox/index.js

@@ -86,7 +86,7 @@ function isWellFormedWrapper(value) {
         typeof value.fromAgentId === "string" &&
         typeof value.toAgentId === "string" &&
         typeof value.issuedAt === "string" &&
-        (value.kind === "profile_share" || value.kind === "mission_share" || value.kind === "coordination") &&
+        (value.kind === "profile_share" || value.kind === "mission_share" || value.kind === "coordination" || value.kind === "mission_result") &&
         typeof value.envelope === "object" &&
         value.envelope !== null &&
         !Array.isArray(value.envelope));

package/dist/mcp/dispatch.d.ts

@@ -2,6 +2,8 @@ import type { FriendStore } from "../store";
 import type { GrantStore } from "../grant-store";
 import type { MissionStore } from "../mission-store";
 import type { AuditSink } from "../audit";
+import type { SenseType } from "../types";
+import type { AccountMembershipResult } from "../account-roster";
 type Args = Record<string, unknown>;
 export interface DispatchResult {
     result: unknown;
@@ -12,6 +14,19 @@ export interface DispatchResult {
 export interface ControlPlaneContext {
     actor?: string;
     originSense?: string;
+    /** The management SENSE the gate evaluates for `connect_to` (p11 inc2, brick 8).
+     * The stdio path is owner-only, so this defaults to `local` (`?? "local"`) — a
+     * `local` management sense COMMITS. A network/multi-tenant transport that constructs
+     * the server MUST pass its real senseType (`open` ⇒ confirm-prompt downgrade; `closed`
+     * ⇒ gated by `membership`). Distinct from `originSense` (a free-form audit string like
+     * "stdio"); this is the typed SenseType the authority predicate consumes. */
+    senseType?: SenseType;
+    /** The PRE-COMPUTED account-roster membership for a `closed`-sense `connect_to`
+     * (p11 inc2). The stdio `local` path never consults it (left `undefined`); a `closed`
+     * network transport supplies the membership it already evaluated against the roster.
+     * The boundary stays thin — it forwards this to the library, computing no membership
+     * itself (the MCP `resolve_party` path does not wire a roster context). */
+    membership?: AccountMembershipResult;
 }
 /** Whether wiring an AuditSink should also stamp a record for an `onboard_agent` trust
  * seat: only when the owner explicitly set a trustLevel (a deliberate trust decision).

package/dist/mcp/dispatch.js

@@ -32,6 +32,8 @@ const missions_1 = require("../missions");
 const mission_share_1 = require("../mission-share");
 const coordination_1 = require("../coordination");
 const types_2 = require("../types");
+const connect_1 = require("../connect");
+const mission_result_1 = require("../mission-result");
 /** SECURITY (finding 3-A): the friends MCP server speaks JSON-RPC over **stdio**, and
  * stdio is an owner-only channel — the local user who launched the process is the only
  * actor. So when no explicit controlContext is wired, audited mutations are attributed
@@ -259,6 +261,31 @@ async function dispatchTool(store, name, args, grants, missions, audit, controlC
             }
             return { result: record, isError: false };
         }
+        case "connect_to": {
+            // The management-sense control plane (p11 inc2, brick 8). The boundary stays
+            // thin — coerce the peer handles + level, resolve the gate's management sense
+            // (the stdio path is owner-only ⇒ `local`), and forward to the library, which
+            // owns the authority gate + disambiguation + introduce + audit. `isError` reflects
+            // ok===false (a `downgraded` / `needs_handle_or_introduction` result is an error
+            // result like the other mutation cases).
+            const result = await (0, connect_1.connectAgents)(store, {
+                peer: {
+                    agentId: coerceOptionalString(args.agentId),
+                    did: coerceOptionalString(args.did),
+                    name: coerceOptionalString(args.name),
+                },
+                // The stdio default is `local` (owner-only); a network transport supplies its
+                // real senseType via controlContext. The proof's stdio path commits.
+                senseType: controlContext?.senseType ?? "local",
+                ...(controlContext?.membership ? { membership: controlContext.membership } : {}),
+                trustLevel: coerceOptionalString(args.trustLevel),
+            }, {
+                ...(audit ? { audit } : {}),
+                actor: auditActor,
+                originSense: auditOriginSense,
+            });
+            return { result, isError: result.ok === false };
+        }
         case "whoami": {
             return { result: await (0, whoami_1.whoami)(store), isError: false };
         }
@@ -438,6 +465,9 @@ async function dispatchTool(store, name, args, grants, missions, audit, controlC
                 note: coerceOptionalString(args.note),
                 proposedAssignee: parseMaybeJson(args.proposedAssignee),
                 selfAgentId,
+                // gap-1 (p11 inc2): an optional task-spec, meaningful only on a `request`. The
+                // library mints the requestId + records the delegation first-party.
+                task: parseMaybeJson(args.task),
                 proof: coerceOptionalString(args.proof),
             });
             return { result, isError: result.ok === false };
@@ -467,6 +497,41 @@ async function dispatchTool(store, name, args, grants, missions, audit, controlC
             }
             return { result: record.coordination ?? { assignee: undefined, log: [] }, isError: false };
         }
+        case "send_result": {
+            // Producer (gap-2): B returns its deliverable. Self identity comes from whoami
+            // (the dispatch is store-only); the mission is named by its missionKey inside the
+            // library. Gated on BOTH a GrantStore (consent via the "coordinate" scope) and a
+            // MissionStore — exactly like share_mission.
+            if (!missions || !grants)
+                return { result: NO_MISSION_STORE, isError: true };
+            const self = await (0, whoami_1.whoami)(store);
+            const selfAgentId = self.selfFriendId ?? "";
+            const result = await (0, mission_result_1.prepareMissionResult)(missions, store, grants, {
+                missionId: coerceString(args.missionId),
+                toAgentId: coerceString(args.toAgentId),
+                requestId: coerceString(args.requestId),
+                result: parseMaybeJson(args.result) ?? { summary: "" },
+                selfAgentId,
+                proof: coerceOptionalString(args.proof),
+            });
+            return { result, isError: result.ok === false };
+        }
+        case "import_result": {
+            // Consumer (gap-2): A imports B's deliverable. Gated on the MissionStore, like
+            // import_mission. An invalid/malformed envelope is a clean `invalid` result.
+            if (!missions)
+                return { result: NO_MISSION_STORE, isError: true };
+            const envelope = parseMaybeJson(args.envelope);
+            if (!envelope || typeof envelope !== "object") {
+                return { result: { ok: false, status: "invalid", message: "an envelope object is required" }, isError: true };
+            }
+            const result = await (0, mission_result_1.importMissionResult)(missions, {
+                envelope,
+                fromAgentId: coerceString(args.fromAgentId),
+                trustOfSource: coerceString(args.trustOfSource),
+            });
+            return { result, isError: result.ok === false };
+        }
         default: {
             return { result: { error: `Unknown tool: ${name}` }, isError: true };
         }

package/dist/mcp/schemas.js

@@ -3,14 +3,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getToolSchemas = getToolSchemas;
 // MCP tool schemas for the friends server.
 //
-// 29 tools — a thin 1:1 surface over the friends library (D7): the original 14,
+// 32 tools — a thin 1:1 surface over the friends library (D7): the original 14,
 // the cross-agent moat surface (resolve_room, import_profile, grant_share,
 // revoke_share, list_shares; share_profile is de-stubbed in place), the brick-3
 // mission ledger (record_mission, get_mission, list_missions, share_mission,
 // import_mission), the brick-4 earned-standing lenses (assess_standing,
 // explain_standing — read-only, advisory; never write trust, never on the wire),
-// and the brick-5 coordination verbs (coordinate, import_coordination,
-// get_coordination — negotiate WHO does a mission; advisory assignment metadata).
+// the brick-5 coordination verbs (coordinate, import_coordination,
+// get_coordination — negotiate WHO does a mission; advisory assignment metadata),
+// and the p11-inc2 own-fleet delegation surface (connect_to — the management-sense
+// control plane that links two own agents + audits action:"connect"; send_result,
+// import_result — the result-return / delegation deliverable channel that carries
+// B's produced artifact back to A, attributed + correlated + quarantined on import).
 // Each schema follows JSON Schema for
 // `inputSchema` as required by MCP. The shape mirrors the harness's McpToolSchema
 // so the same client tooling consumes both.
@@ -195,6 +199,20 @@ function getToolSchemas() {
                 required: ["name", "agentId"],
             },
         },
+        {
+            name: "connect_to",
+            description: "Management-sense control plane (brick 8): the owner links one of their OWN agents into this agent's fleet — introduce a peer by agentId/did/name at a trust level (default family for own-fleet). Authority-gated: commits inline ONLY from a local (owner-only stdio) or roster-verified same-account closed sense; an open sense never commits inline (it downgrades to a confirm-prompt); a bare name with no resolvable handle/DID and no record hit returns needs_handle_or_introduction (never fabricates a target). Writes one control-plane audit record (action:'connect') through the wired sink. Returns { ok:true, status:'connected', record } or { ok:false, status:'downgraded'|'needs_handle_or_introduction', downgrade? }.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    agentId: { type: "string", description: "the peer agent's join-key agentId (an owner-supplied handle)" },
+                    did: { type: "string", description: "the peer's DID (an alternative handle; must resolve to an existing record)" },
+                    name: { type: "string", description: "the peer's colloquial name (resolves ONLY by matching an existing record — never fabricated)" },
+                    trustLevel: { type: "string", enum: ["family", "friend", "acquaintance", "stranger"], description: "the trust to link at (default family for own-fleet linked agents)" },
+                    proof: { type: "string", description: "optional opaque proof slot (reserved; the TOFU path ignores it)" },
+                },
+            },
+        },
         {
             name: "whoami",
             description: "Resolve who the machine owner is and which friend record represents the self.",
@@ -365,6 +383,7 @@ function getToolSchemas() {
                     intent: { type: "string", enum: ["request", "offer", "accept", "decline", "handoff"], description: "the coordination verb: request (will you take this?) / offer (I'll take this) / accept (yes, I'm on it — sets assignee=self) / decline (no) / handoff (it's yours now — you must hold the assignment; proposes a new assignee)" },
                     note: { type: "string", description: "optional free text carried on the message + logged" },
                     proposedAssignee: { type: "object", description: "the proposed new assignee { agentId?, agentName? } — meaningful ONLY on intent=handoff" },
+                    task: { type: "object", description: "optional delegation task-spec { summary, details?, inputs? } — meaningful ONLY on intent=request (gap-2); the producer mints a requestId, stamps it on the envelope, and records the delegation first-party for the result-return to correlate against" },
                     proof: { type: "string", description: "optional opaque proof to stamp on the envelope (for a non-TOFU recipient verifier)" },
                 },
                 required: ["missionId", "toAgentId", "intent"],
@@ -394,5 +413,33 @@ function getToolSchemas() {
                 required: ["missionId"],
             },
         },
+        {
+            name: "send_result",
+            description: "Producer (gap-2 — the result-return): B returns its DELIVERABLE for a delegation, attributed to B (from whoami) + correlated to A's task-spec by requestId, named by the mission's missionKey (never the local uuid). Consent-gated via the identity-tier 'coordinate' scope (a result is B answering A's own delegation — trust ≥ friend suffices; NO new scope). Records the result first-party on B's own mission. Returns { ok, envelope } or { ok:false, status: not_found|no_consent }.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    missionId: { type: "string", description: "the local mission B is returning a result for (its local uuid id)" },
+                    toAgentId: { type: "string", description: "the recipient agent's join-key agentId — A, the delegator" },
+                    requestId: { type: "string", description: "the delegation correlation key (the task-spec's requestId)" },
+                    result: { type: "object", description: "B's deliverable { summary, artifact?, outputs? }" },
+                    proof: { type: "string", description: "optional opaque proof to stamp on the envelope (for a non-TOFU recipient verifier)" },
+                },
+                required: ["missionId", "toAgentId", "requestId", "result"],
+            },
+        },
+        {
+            name: "import_result",
+            description: "Consumer (gap-2, non-clobbering merge): A imports B's result-return. Resolves the mission by missionKey; lands B's deliverable QUARANTINED + attributed under importedResults WITHOUT touching first-party; source trust caps acceptance (checked before correlation); a result whose requestId matches no prior first-party delegation is REJECTED (no_delegation — A only accepts results for work it delegated); an unknown mission is no_mission (a result never seeds a mission); never recomputes status/participants. Returns { ok, status, record } or { ok:false, status: untrusted_source|no_mission|no_delegation|invalid }.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    envelope: { type: "object", description: "the MissionResultEnvelope to import" },
+                    fromAgentId: { type: "string", description: "the agent the envelope arrived from (join-key agentId) — B" },
+                    trustOfSource: { type: "string", enum: ["family", "friend", "acquaintance", "stranger"], description: "this agent's resolved trust in the source agent — the acceptance cap" },
+                },
+                required: ["envelope", "fromAgentId", "trustOfSource"],
+            },
+        },
     ];
 }

package/dist/mission-result.d.ts

@@ -0,0 +1,82 @@
+import type { MissionStore } from "./mission-store";
+import type { FriendStore } from "./store";
+import type { GrantStore } from "./grant-store";
+import type { MissionRecord, MissionResultEnvelope, TrustLevel } from "./types";
+import type { ConsentPolicy } from "./consent";
+import type { AgentVerifier } from "./verifier";
+export interface PrepareMissionResultInput {
+    /** The LOCAL mission B is returning a result for, by its local UUID id. */
+    missionId: string;
+    /** The recipient agent's join-key agentId — A, the delegator. */
+    toAgentId: string;
+    /** The delegation correlation key (the gap-1 task-spec's requestId). */
+    requestId: string;
+    /** B's deliverable. `requestId`/`provenance` are stamped by the producer. */
+    result: {
+        summary: string;
+        artifact?: string;
+        outputs?: Record<string, string>;
+    };
+    /** This agent's own join-key agentId — the attribution (fromAgentId = B). */
+    selfAgentId: string;
+    /** Optional proof to stamp on the envelope (for a non-TOFU recipient verifier). */
+    proof?: string;
+}
+export type PrepareMissionResultStatus = "not_found" | "no_consent";
+export type PrepareMissionResultResult = {
+    ok: true;
+    envelope: MissionResultEnvelope;
+} | {
+    ok: false;
+    status: PrepareMissionResultStatus;
+};
+/**
+ * Producer half of the result-return. Resolves the local mission by `missionId`; names
+ * it by its `missionKey` (NEVER the local UUID); attributes the result to `selfAgentId`
+ * (B); correlates by `requestId`. Consent-gated via the `"coordinate"` identity-tier
+ * scope (a result is B answering A's own delegation — trust ≥ friend suffices under the
+ * tiered default, ZERO new scope). Records the result first-party on B's own record under
+ * `results[requestId]`.
+ */
+export declare function prepareMissionResult(missions: MissionStore, store: FriendStore, grants: GrantStore, input: PrepareMissionResultInput, consent?: ConsentPolicy): Promise<PrepareMissionResultResult>;
+export interface ImportMissionResultInput {
+    envelope: MissionResultEnvelope;
+    /** The agent the envelope arrived from (its join-key agentId) — B. */
+    fromAgentId: string;
+    /** This agent's resolved trust in the source agent — the cap on acceptance. */
+    trustOfSource: TrustLevel;
+}
+export type ImportMissionResultStatus = "imported" | "no_mission" | "no_delegation" | "assignee_mismatch" | "untrusted_source";
+export type ImportMissionResultResult = {
+    ok: true;
+    status: "imported";
+    record: MissionRecord;
+} | {
+    ok: false;
+    status: "no_mission" | "no_delegation" | "assignee_mismatch" | "untrusted_source";
+};
+export interface ImportMissionResultOptions {
+    /** Authentication seam. Defaults to TOFU. Authorization (trust) is still applied
+     * regardless of what the verifier says. */
+    verifier?: AgentVerifier;
+    /** Minimum trust a source must hold for its result to be accepted at all.
+     * Default `acquaintance`: a stranger source is refused. */
+    minTrustToAccept?: TrustLevel;
+}
+/**
+ * Consumer half of the result-return — the non-clobbering merge. Order (PINNED):
+ *  (1) TOFU verifier + trust cap (both must pass, else `untrusted_source`, write nothing);
+ *  (2) unknown mission (no findByMissionKey hit) → `no_mission` (NO seeding — a result
+ *      never creates a mission);
+ *  (3) the result's `requestId` not present in the record's FIRST-PARTY `delegations`
+ *      (A never delegated this) → `no_delegation` — correlation honesty;
+ *  (3b) the matched delegation's recorded `assignee` is not the result's source
+ *      (`delegation.assignee.agentId !== fromAgentId`) → `assignee_mismatch` — assignee
+ *      honesty (security-review inc-2 finding 1). FAILS CLOSED on a legacy delegation with
+ *      no recorded assignee. A mismatch writes NOTHING (not even quarantined);
+ *  (4) otherwise land under `importedResults[agentId][requestId]` (dedupe on replay),
+ *      stamped imported + attributed + importedAt, NEVER touching first-party
+ *      `learnings`/`notes`/`status`/`delegations`/`results`, NEVER recomputing
+ *      status/participants (non-transitive).
+ */
+export declare function importMissionResult(missions: MissionStore, input: ImportMissionResultInput, options?: ImportMissionResultOptions): Promise<ImportMissionResultResult>;