@perkos/perkos-a2a 0.8.12 → 0.8.13

package/dist/index.js

@@ -5368,9 +5368,9 @@ var require_read = __commonJS({
   }
 });
 
-// node_modules/type-is/node_modules/media-typer/index.js
+// node_modules/media-typer/index.js
 var require_media_typer = __commonJS({
-  "node_modules/type-is/node_modules/media-typer/index.js"(exports) {
+  "node_modules/media-typer/index.js"(exports) {
     var paramRegExp = /; *([!#$%&'\*\+\-\.0-9A-Z\^_`a-z\|~]+) *= *("(?:[ !\u0023-\u005b\u005d-\u007e\u0080-\u00ff]|\\[\u0020-\u007e])*"|[!#$%&'\*\+\-\.0-9A-Z\^_`a-z\|~]+) */g;
     var textRegExp = /^[\u0020-\u007e\u0080-\u00ff]+$/;
     var tokenRegExp = /^[!#$%&'\*\+\-\.0-9A-Z\^_`a-z\|~]+$/;
@@ -14035,7 +14035,7 @@ var require_mime_types = __commonJS({
     exports.charset = charset;
     exports.charsets = { lookup: charset };
     exports.contentType = contentType;
-    exports.extension = extension;
+    exports.extension = extension2;
     exports.extensions = /* @__PURE__ */ Object.create(null);
     exports.lookup = lookup;
     exports.types = /* @__PURE__ */ Object.create(null);
@@ -14068,7 +14068,7 @@ var require_mime_types = __commonJS({
       }
       return mime;
     }
-    function extension(type) {
+    function extension2(type) {
       if (!type || typeof type !== "string") {
         return false;
       }
@@ -14083,11 +14083,11 @@ var require_mime_types = __commonJS({
       if (!path || typeof path !== "string") {
         return false;
       }
-      var extension2 = extname("x." + path).toLowerCase().substr(1);
-      if (!extension2) {
+      var extension3 = extname("x." + path).toLowerCase().substr(1);
+      if (!extension3) {
         return false;
       }
-      return exports.types[extension2] || false;
+      return exports.types[extension3] || false;
     }
     function populateMaps(extensions, types) {
       var preference = ["nginx", "apache", void 0, "iana"];
@@ -14099,15 +14099,15 @@ var require_mime_types = __commonJS({
         }
         extensions[type] = exts;
         for (var i = 0; i < exts.length; i++) {
-          var extension2 = exts[i];
-          if (types[extension2]) {
-            var from = preference.indexOf(db[types[extension2]].source);
+          var extension3 = exts[i];
+          if (types[extension3]) {
+            var from = preference.indexOf(db[types[extension3]].source);
             var to = preference.indexOf(mime.source);
-            if (types[extension2] !== "application/octet-stream" && (from > to || from === to && types[extension2].substr(0, 12) === "application/")) {
+            if (types[extension3] !== "application/octet-stream" && (from > to || from === to && types[extension3].substr(0, 12) === "application/")) {
               continue;
             }
           }
-          types[extension2] = type;
+          types[extension3] = type;
         }
       });
     }
@@ -14305,10 +14305,7 @@ var require_json = __commonJS({
       var index = str.indexOf(char);
       var partial = "";
       if (index !== -1) {
-        partial = str.substring(0, index) + JSON_SYNTAX_CHAR;
-        for (var i = index + 1; i < str.length; i++) {
-          partial += JSON_SYNTAX_CHAR;
-        }
+        partial = str.substring(0, index) + new Array(str.length - index + 1).join(JSON_SYNTAX_CHAR);
       }
       try {
         JSON.parse(partial);
@@ -15083,9 +15080,8 @@ var require_side_channel_list = __commonJS({
           }
         },
         "delete": function(key) {
-          var root = $o && $o.next;
           var deletedNode = listDelete($o, key);
-          if (deletedNode && root && root === deletedNode) {
+          if (deletedNode && $o && !$o.next) {
             $o = void 0;
           }
           return !!deletedNode;
@@ -16196,6 +16192,8 @@ var require_utils = __commonJS({
             var newIndex = getMaxIndex(target) + 1;
             target[newIndex] = source;
             setMaxIndex(target, newIndex);
+          } else if (options && options.strictMerge) {
+            return [target, source];
           } else if (options && (options.plainObjects || options.allowPrototypes) || !has.call(Object.prototype, source)) {
             target[source] = true;
           }
@@ -16699,6 +16697,7 @@ var require_parse = __commonJS({
       parseArrays: true,
       plainObjects: false,
       strictDepth: false,
+      strictMerge: true,
       strictNullHandling: false,
       throwOnLimitExceeded: false
     };
@@ -16725,9 +16724,9 @@ var require_parse = __commonJS({
       var limit = options.parameterLimit === Infinity ? void 0 : options.parameterLimit;
       var parts = cleanStr.split(
         options.delimiter,
-        options.throwOnLimitExceeded ? limit + 1 : limit
+        options.throwOnLimitExceeded && typeof limit !== "undefined" ? limit + 1 : limit
       );
-      if (options.throwOnLimitExceeded && parts.length > limit) {
+      if (options.throwOnLimitExceeded && typeof limit !== "undefined" && parts.length > limit) {
         throw new RangeError("Parameter limit exceeded. Only " + limit + " parameter" + (limit === 1 ? "" : "s") + " allowed.");
       }
       var skipIndex = -1;
@@ -16787,7 +16786,7 @@ var require_parse = __commonJS({
         }
         if (key !== null) {
           var existing = has.call(obj, key);
-          if (existing && options.duplicates === "combine") {
+          if (existing && (options.duplicates === "combine" || part.indexOf("[]=") > -1)) {
             obj[key] = utils.combine(
               obj[key],
               val,
@@ -16944,6 +16943,7 @@ var require_parse = __commonJS({
         parseArrays: opts.parseArrays !== false,
         plainObjects: typeof opts.plainObjects === "boolean" ? opts.plainObjects : defaults.plainObjects,
         strictDepth: typeof opts.strictDepth === "boolean" ? !!opts.strictDepth : defaults.strictDepth,
+        strictMerge: typeof opts.strictMerge === "boolean" ? !!opts.strictMerge : defaults.strictMerge,
         strictNullHandling: typeof opts.strictNullHandling === "boolean" ? opts.strictNullHandling : defaults.strictNullHandling,
         throwOnLimitExceeded: typeof opts.throwOnLimitExceeded === "boolean" ? opts.throwOnLimitExceeded : false
       };
@@ -17102,14 +17102,14 @@ var require_urlencoded = __commonJS({
     }
     function parameterCount(body, limit) {
       var count = 0;
-      var index = 0;
-      while ((index = body.indexOf("&", index)) !== -1) {
+      var index = -1;
+      do {
         count++;
-        index++;
-        if (count === limit) {
+        if (count > limit) {
           return void 0;
         }
-      }
+        index = body.indexOf("&", index + 1);
+      } while (index !== -1);
       return count;
     }
     function parser(name) {
@@ -17431,7 +17431,7 @@ var require_finalhandler = __commonJS({
     module.exports = finalhandler;
     function finalhandler(req, res, options) {
       var opts = options || {};
-      var env = opts.env || process.env.NODE_ENV || "development";
+      var env2 = opts.env || process.env.NODE_ENV || "development";
       var onerror = opts.onerror;
       return function(err) {
         var headers;
@@ -17448,7 +17448,7 @@ var require_finalhandler = __commonJS({
           } else {
             headers = getErrorHeaders(err);
           }
-          msg = getErrorMessage(err, status, env);
+          msg = getErrorMessage(err, status, env2);
         } else {
           status = 404;
           msg = "Cannot " + req.method + " " + encodeUrl(getResourceName(req));
@@ -17479,9 +17479,9 @@ var require_finalhandler = __commonJS({
       }
       return headers;
     }
-    function getErrorMessage(err, status, env) {
+    function getErrorMessage(err, status, env2) {
       var msg;
-      if (env !== "production") {
+      if (env2 !== "production") {
         msg = err.stack;
         if (!msg && typeof err.toString === "function") {
           msg = err.toString();
@@ -17653,6 +17653,7 @@ var require_path_to_regexp = __commonJS({
           }
           pos = offset + match.length;
           if (match === "*") {
+            backtrack = "";
             extraOffset += 3;
             return "(.*)";
           }
@@ -17673,6 +17674,7 @@ var require_path_to_regexp = __commonJS({
             offset: offset + extraOffset
           });
           var result = "(?:" + format + slash + capture + (star ? "((?:[/" + format + "].+?)?)" : "") + ")" + optional;
+          backtrack = "";
           extraOffset += result.length - match.length;
           return result;
         }
@@ -19662,9 +19664,9 @@ var require_forwarded = __commonJS({
   }
 });
 
-// node_modules/proxy-addr/node_modules/ipaddr.js/lib/ipaddr.js
+// node_modules/ipaddr.js/lib/ipaddr.js
 var require_ipaddr = __commonJS({
-  "node_modules/proxy-addr/node_modules/ipaddr.js/lib/ipaddr.js"(exports, module) {
+  "node_modules/ipaddr.js/lib/ipaddr.js"(exports, module) {
     (function() {
       var expandIPv6, ipaddr, ipv4Part, ipv4Regexes, ipv6Part, ipv6Regexes, matchCIDR, root, zoneIndex;
       ipaddr = {};
@@ -20571,7 +20573,8 @@ var require_utils2 = __commonJS({
     }
     function parseExtendedQueryString(str) {
       return qs.parse(str, {
-        allowPrototypes: true
+        allowPrototypes: true,
+        arrayLimit: 1e3
       });
     }
     function newObject() {
@@ -20611,10 +20614,10 @@ var require_application = __commonJS({
       this.defaultConfiguration();
     };
     app.defaultConfiguration = function defaultConfiguration() {
-      var env = process.env.NODE_ENV || "development";
+      var env2 = process.env.NODE_ENV || "development";
       this.enable("x-powered-by");
       this.set("etag", "weak");
-      this.set("env", env);
+      this.set("env", env2);
       this.set("query parser", "extended");
       this.set("subdomain offset", 2);
       this.set("trust proxy", false);
@@ -20622,7 +20625,7 @@ var require_application = __commonJS({
         configurable: true,
         value: true
       });
-      debug("booting in %s mode", env);
+      debug("booting in %s mode", env2);
       this.on("mount", function onmount(parent) {
         if (this.settings[trustProxyDefaultSymbol] === true && typeof parent.settings["trust proxy fn"] === "function") {
           delete this.settings["trust proxy"];
@@ -20639,7 +20642,7 @@ var require_application = __commonJS({
       this.set("view", View);
       this.set("views", resolve("views"));
       this.set("jsonp callback name", "callback");
-      if (env === "production") {
+      if (env2 === "production") {
         this.enable("view cache");
       }
       Object.defineProperty(this, "router", {
@@ -20717,8 +20720,8 @@ var require_application = __commonJS({
       if (typeof fn !== "function") {
         throw new Error("callback function required");
       }
-      var extension = ext[0] !== "." ? "." + ext : ext;
-      this.engines[extension] = fn;
+      var extension2 = ext[0] !== "." ? "." + ext : ext;
+      this.engines[extension2] = fn;
       return this;
     };
     app.param = function param(name, fn) {
@@ -22746,7 +22749,7 @@ var require_permessage_deflate = __commonJS({
     var kBuffers = /* @__PURE__ */ Symbol("buffers");
     var kError = /* @__PURE__ */ Symbol("error");
     var zlibLimiter;
-    var PerMessageDeflate = class {
+    var PerMessageDeflate2 = class {
       /**
        * Creates a PerMessageDeflate instance.
        *
@@ -22757,6 +22760,9 @@ var require_permessage_deflate = __commonJS({
        *     acknowledge disabling of client context takeover
        * @param {Number} [options.concurrencyLimit=10] The number of concurrent
        *     calls to zlib
+       * @param {Boolean} [options.isServer=false] Create the instance in either
+       *     server or client mode
+       * @param {Number} [options.maxPayload=0] The maximum allowed message length
        * @param {(Boolean|Number)} [options.serverMaxWindowBits] Request/confirm the
        *     use of a custom server window size
        * @param {Boolean} [options.serverNoContextTakeover=false] Request/accept
@@ -22767,15 +22773,12 @@ var require_permessage_deflate = __commonJS({
        *     deflate
        * @param {Object} [options.zlibInflateOptions] Options to pass to zlib on
        *     inflate
-       * @param {Boolean} [isServer=false] Create the instance in either server or
-       *     client mode
-       * @param {Number} [maxPayload=0] The maximum allowed message length
        */
-      constructor(options, isServer, maxPayload) {
-        this._maxPayload = maxPayload | 0;
+      constructor(options) {
         this._options = options || {};
         this._threshold = this._options.threshold !== void 0 ? this._options.threshold : 1024;
-        this._isServer = !!isServer;
+        this._maxPayload = this._options.maxPayload | 0;
+        this._isServer = !!this._options.isServer;
         this._deflate = null;
         this._inflate = null;
         this.params = null;
@@ -23084,7 +23087,7 @@ var require_permessage_deflate = __commonJS({
         });
       }
     };
-    module.exports = PerMessageDeflate;
+    module.exports = PerMessageDeflate2;
     function deflateOnData(chunk) {
       this[kBuffers].push(chunk);
       this[kTotalLength] += chunk.length;
@@ -23319,7 +23322,7 @@ var require_receiver = __commonJS({
   "node_modules/ws/lib/receiver.js"(exports, module) {
     "use strict";
     var { Writable } = __require("stream");
-    var PerMessageDeflate = require_permessage_deflate();
+    var PerMessageDeflate2 = require_permessage_deflate();
     var {
       BINARY_TYPES,
       EMPTY_BUFFER,
@@ -23486,7 +23489,7 @@ var require_receiver = __commonJS({
           return;
         }
         const compressed = (buf[0] & 64) === 64;
-        if (compressed && !this._extensions[PerMessageDeflate.extensionName]) {
+        if (compressed && !this._extensions[PerMessageDeflate2.extensionName]) {
           const error = this.createError(
             RangeError,
             "RSV1 must be clear",
@@ -23730,7 +23733,7 @@ var require_receiver = __commonJS({
        * @private
        */
       decompress(data, cb) {
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         perMessageDeflate.decompress(data, this._fin, (err, buf) => {
           if (err) return cb(err);
           if (buf.length) {
@@ -23912,7 +23915,10 @@ var require_sender = __commonJS({
     "use strict";
     var { Duplex } = __require("stream");
     var { randomFillSync } = __require("crypto");
-    var PerMessageDeflate = require_permessage_deflate();
+    var {
+      types: { isUint8Array }
+    } = __require("util");
+    var PerMessageDeflate2 = require_permessage_deflate();
     var { EMPTY_BUFFER, kWebSocket, NOOP } = require_constants();
     var { isBlob, isValidStatusCode } = require_validation();
     var { mask: applyMask, toBuffer } = require_buffer_util();
@@ -24065,8 +24071,10 @@ var require_sender = __commonJS({
           buf.writeUInt16BE(code, 0);
           if (typeof data === "string") {
             buf.write(data, 2);
-          } else {
+          } else if (isUint8Array(data)) {
             buf.set(data, 2);
+          } else {
+            throw new TypeError("Second argument must be a string or a Uint8Array");
           }
         }
         const options = {
@@ -24196,7 +24204,7 @@ var require_sender = __commonJS({
        * @public
        */
       send(data, options, cb) {
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         let opcode = options.binary ? 2 : 1;
         let rsv1 = options.compress;
         let byteLength;
@@ -24320,7 +24328,7 @@ var require_sender = __commonJS({
           this.sendFrame(_Sender.frame(data, options), cb);
           return;
         }
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         this._bufferedBytes += options[kByteLength];
         this._state = DEFLATING;
         perMessageDeflate.compress(data, options.fin, (_, buf) => {
@@ -24758,11 +24766,11 @@ var require_extension = __commonJS({
       return offers;
     }
     function format(extensions) {
-      return Object.keys(extensions).map((extension) => {
-        let configurations = extensions[extension];
+      return Object.keys(extensions).map((extension2) => {
+        let configurations = extensions[extension2];
         if (!Array.isArray(configurations)) configurations = [configurations];
         return configurations.map((params) => {
-          return [extension].concat(
+          return [extension2].concat(
             Object.keys(params).map((k) => {
               let values = params[k];
               if (!Array.isArray(values)) values = [values];
@@ -24788,7 +24796,7 @@ var require_websocket = __commonJS({
     var { randomBytes, createHash } = __require("crypto");
     var { Duplex, Readable } = __require("stream");
     var { URL } = __require("url");
-    var PerMessageDeflate = require_permessage_deflate();
+    var PerMessageDeflate2 = require_permessage_deflate();
     var Receiver2 = require_receiver();
     var Sender2 = require_sender();
     var { isBlob } = require_validation();
@@ -24996,8 +25004,8 @@ var require_websocket = __commonJS({
           this.emit("close", this._closeCode, this._closeMessage);
           return;
         }
-        if (this._extensions[PerMessageDeflate.extensionName]) {
-          this._extensions[PerMessageDeflate.extensionName].cleanup();
+        if (this._extensions[PerMessageDeflate2.extensionName]) {
+          this._extensions[PerMessageDeflate2.extensionName].cleanup();
         }
         this._receiver.removeAllListeners();
         this._readyState = _WebSocket.CLOSED;
@@ -25159,7 +25167,7 @@ var require_websocket = __commonJS({
           fin: true,
           ...options
         };
-        if (!this._extensions[PerMessageDeflate.extensionName]) {
+        if (!this._extensions[PerMessageDeflate2.extensionName]) {
           opts.compress = false;
         }
         this._sender.send(data || EMPTY_BUFFER, opts, cb);
@@ -25285,7 +25293,7 @@ var require_websocket = __commonJS({
       } else {
         try {
           parsedUrl = new URL(address);
-        } catch (e) {
+        } catch {
           throw new SyntaxError(`Invalid URL: ${address}`);
         }
       }
@@ -25333,13 +25341,13 @@ var require_websocket = __commonJS({
       opts.path = parsedUrl.pathname + parsedUrl.search;
       opts.timeout = opts.handshakeTimeout;
       if (opts.perMessageDeflate) {
-        perMessageDeflate = new PerMessageDeflate(
-          opts.perMessageDeflate !== true ? opts.perMessageDeflate : {},
-          false,
-          opts.maxPayload
-        );
+        perMessageDeflate = new PerMessageDeflate2({
+          ...opts.perMessageDeflate,
+          isServer: false,
+          maxPayload: opts.maxPayload
+        });
         opts.headers["Sec-WebSocket-Extensions"] = format({
-          [PerMessageDeflate.extensionName]: perMessageDeflate.offer()
+          [PerMessageDeflate2.extensionName]: perMessageDeflate.offer()
         });
       }
       if (protocols.length) {
@@ -25482,19 +25490,19 @@ var require_websocket = __commonJS({
             return;
           }
           const extensionNames = Object.keys(extensions);
-          if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate.extensionName) {
+          if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate2.extensionName) {
             const message = "Server indicated an extension that was not requested";
             abortHandshake(websocket, socket, message);
             return;
           }
           try {
-            perMessageDeflate.accept(extensions[PerMessageDeflate.extensionName]);
+            perMessageDeflate.accept(extensions[PerMessageDeflate2.extensionName]);
           } catch (err) {
             const message = "Invalid Sec-WebSocket-Extensions header";
             abortHandshake(websocket, socket, message);
             return;
           }
-          websocket._extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
+          websocket._extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
         }
         websocket.setSocket(socket, head, {
           allowSynchronousEvents: opts.allowSynchronousEvents,
@@ -25813,9 +25821,9 @@ var require_websocket_server = __commonJS({
     var http = __require("http");
     var { Duplex } = __require("stream");
     var { createHash } = __require("crypto");
-    var extension = require_extension();
-    var PerMessageDeflate = require_permessage_deflate();
-    var subprotocol = require_subprotocol();
+    var extension2 = require_extension();
+    var PerMessageDeflate2 = require_permessage_deflate();
+    var subprotocol2 = require_subprotocol();
     var WebSocket2 = require_websocket();
     var { CLOSE_TIMEOUT, GUID, kWebSocket } = require_constants();
     var keyRegex = /^[+/0-9A-Za-z]{22}==$/;
@@ -26038,7 +26046,7 @@ var require_websocket_server = __commonJS({
         let protocols = /* @__PURE__ */ new Set();
         if (secWebSocketProtocol !== void 0) {
           try {
-            protocols = subprotocol.parse(secWebSocketProtocol);
+            protocols = subprotocol2.parse(secWebSocketProtocol);
           } catch (err) {
             const message = "Invalid Sec-WebSocket-Protocol header";
             abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
@@ -26048,16 +26056,16 @@ var require_websocket_server = __commonJS({
         const secWebSocketExtensions = req.headers["sec-websocket-extensions"];
         const extensions = {};
         if (this.options.perMessageDeflate && secWebSocketExtensions !== void 0) {
-          const perMessageDeflate = new PerMessageDeflate(
-            this.options.perMessageDeflate,
-            true,
-            this.options.maxPayload
-          );
+          const perMessageDeflate = new PerMessageDeflate2({
+            ...this.options.perMessageDeflate,
+            isServer: true,
+            maxPayload: this.options.maxPayload
+          });
           try {
-            const offers = extension.parse(secWebSocketExtensions);
-            if (offers[PerMessageDeflate.extensionName]) {
-              perMessageDeflate.accept(offers[PerMessageDeflate.extensionName]);
-              extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
+            const offers = extension2.parse(secWebSocketExtensions);
+            if (offers[PerMessageDeflate2.extensionName]) {
+              perMessageDeflate.accept(offers[PerMessageDeflate2.extensionName]);
+              extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
             }
           } catch (err) {
             const message = "Invalid or unacceptable Sec-WebSocket-Extensions header";
@@ -26128,10 +26136,10 @@ var require_websocket_server = __commonJS({
             ws._protocol = protocol;
           }
         }
-        if (extensions[PerMessageDeflate.extensionName]) {
-          const params = extensions[PerMessageDeflate.extensionName].params;
-          const value = extension.format({
-            [PerMessageDeflate.extensionName]: [params]
+        if (extensions[PerMessageDeflate2.extensionName]) {
+          const params = extensions[PerMessageDeflate2.extensionName].params;
+          const value = extension2.format({
+            [PerMessageDeflate2.extensionName]: [params]
           });
           headers.push(`Sec-WebSocket-Extensions: ${value}`);
           ws._extensions = extensions;
@@ -26200,13 +26208,16 @@ var require_websocket_server = __commonJS({
 
 // src/server.ts
 var import_express = __toESM(require_express2(), 1);
-import { randomUUID as randomUUID3 } from "crypto";
+import { randomUUID as randomUUID4 } from "crypto";
 import { homedir, networkInterfaces } from "os";
 
 // node_modules/ws/wrapper.mjs
 var import_stream = __toESM(require_stream(), 1);
+var import_extension = __toESM(require_extension(), 1);
+var import_permessage_deflate = __toESM(require_permessage_deflate(), 1);
 var import_receiver = __toESM(require_receiver(), 1);
 var import_sender = __toESM(require_sender(), 1);
+var import_subprotocol = __toESM(require_subprotocol(), 1);
 var import_websocket = __toESM(require_websocket(), 1);
 var import_websocket_server = __toESM(require_websocket_server(), 1);
 var wrapper_default = import_websocket.default;
@@ -26255,7 +26266,7 @@ var RelayClient = class {
       from: this.options.agentName,
       payload,
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    }, "task_response", 3e4);
+    }, "task_response", Number(process.env.A2A_RELAY_RESPONSE_WAIT_MS || 6e4));
   }
   /** Discover agents connected to the relay */
   async discover() {
@@ -26424,6 +26435,7 @@ import { randomUUID as randomUUID2 } from "crypto";
 var DEFAULT_CONFIG = {
   port: 6060,
   apiKeys: [],
+  registeredAgents: {},
   maxQueuePerAgent: 200,
   rateLimitPerMinute: 60,
   heartbeatIntervalMs: 3e4,
@@ -26531,7 +26543,14 @@ var RelayHub = class {
       this.sendError(ws, "missing_name", "agentName is required for registration");
       return null;
     }
-    if (this.config.apiKeys.length > 0 && !this.config.apiKeys.includes(apiKey)) {
+    const approvedKey = this.config.registeredAgents[name];
+    if (Object.keys(this.config.registeredAgents).length > 0) {
+      if (!approvedKey || approvedKey !== apiKey) {
+        this.sendError(ws, "not_approved", "Agent is not approved for this relay or API key does not match");
+        ws.close(4001, "Agent not approved");
+        return null;
+      }
+    } else if (this.config.apiKeys.length > 0 && !this.config.apiKeys.includes(apiKey)) {
       this.sendError(ws, "auth_failed", "Invalid API key");
       ws.close(4001, "Authentication failed");
       return null;
@@ -26569,6 +26588,10 @@ var RelayHub = class {
     }
     msg.from = fromAgent;
     msg.timestamp = (/* @__PURE__ */ new Date()).toISOString();
+    if (Object.keys(this.config.registeredAgents).length > 0 && !(target in this.config.registeredAgents)) {
+      this.sendError(this.agents.get(fromAgent).ws, "target_not_approved", `Target agent ${target} is not approved on this relay`);
+      return;
+    }
     const targetAgent = this.agents.get(target);
     if (targetAgent && targetAgent.ws.readyState === import_websocket.default.OPEN) {
       targetAgent.ws.send(JSON.stringify(msg));
@@ -26664,11 +26687,114 @@ var RelayHub = class {
   }
 };
 
+// src/runtime-reply.ts
+import { randomUUID as randomUUID3 } from "crypto";
+function env(name) {
+  const value = process.env[name];
+  return value && value.trim() ? value.trim() : void 0;
+}
+function stripTaskMarker(text, marker) {
+  const trimmed = text.trim();
+  if (!trimmed.includes(marker)) return trimmed;
+  return trimmed.slice(trimmed.indexOf(marker) + marker.length).trim();
+}
+function agentIdFor(config) {
+  return env("A2A_AGENT_ID") || env("HERMES_AGENT_ID") || config.agentName || "perkos-a2a-agent";
+}
+function llmSystemPrompt(config) {
+  const agentName = config.agentName || config.runtime?.kind || "PerkOS A2A agent";
+  return [
+    `You are ${agentName}, a PerkOS A2A agent.`,
+    "Reply concisely and directly.",
+    "If asked to confirm receipt, confirm that you received the task via PerkOS A2A and are using PerkOS LLM.",
+    "Do not mention implementation details unless asked."
+  ].join(" ");
+}
+async function generateRuntimeReply(config, text, marker) {
+  const runtimeKind = config.runtime?.kind || "openclaw";
+  const apiKey = env("PERKOS_LLM_API_KEY") || env("OPENAI_API_KEY") || env("OLLAMA_API_KEY");
+  if (!apiKey) {
+    throw new Error("No PerkOS LLM API key available in environment");
+  }
+  const headers = {
+    "content-type": "application/json",
+    authorization: `Bearer ${apiKey}`,
+    "x-agent-id": agentIdFor(config)
+  };
+  const system = llmSystemPrompt(config);
+  const user = [
+    text,
+    "",
+    "Return only the useful final answer.",
+    `Do not include ${marker}; the A2A bridge will attach the marker/task result.`
+  ].join("\n");
+  if (runtimeKind === "hermes") {
+    const base2 = (env("OPENAI_BASE_URL") || "https://api.llm.perkos.xyz/v1").replace(/\/+$/, "");
+    const model2 = env("HERMES_INFERENCE_MODEL") || env("OPENAI_MODEL") || "kimi-k2.6:cloud";
+    const response2 = await fetch(`${base2}/chat/completions`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        model: model2,
+        messages: [
+          { role: "system", content: system },
+          { role: "user", content: user }
+        ],
+        temperature: 0.2
+      })
+    });
+    if (!response2.ok) {
+      const body = await response2.text().catch(() => "");
+      throw new Error(`PerkOS LLM OpenAI-compatible call failed (${response2.status}): ${body || response2.statusText}`);
+    }
+    const data2 = await response2.json();
+    return stripTaskMarker(data2.choices?.[0]?.message?.content || "Task completed.", marker);
+  }
+  const base = (env("OLLAMA_BASE_URL") || "https://api.llm.perkos.xyz").replace(/\/+$/, "");
+  const model = env("OLLAMA_MODEL") || "kimi-k2.6:cloud";
+  const response = await fetch(`${base}/api/chat`, {
+    method: "POST",
+    headers,
+    body: JSON.stringify({
+      model,
+      stream: false,
+      messages: [
+        { role: "system", content: system },
+        { role: "user", content: user }
+      ]
+    })
+  });
+  if (!response.ok) {
+    const body = await response.text().catch(() => "");
+    throw new Error(`PerkOS LLM Ollama-compatible call failed (${response.status}): ${body || response.statusText}`);
+  }
+  const data = await response.json();
+  return stripTaskMarker(data.message?.content || data.response || "Task completed.", marker);
+}
+function completeTaskWithReply(task, finalText) {
+  task.artifacts.push({
+    kind: "artifact",
+    artifactId: randomUUID3(),
+    parts: [{ kind: "text", text: finalText }]
+  });
+  task.status = {
+    state: "completed",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    message: {
+      role: "agent",
+      parts: [{ kind: "text", text: finalText }]
+    }
+  };
+}
+function isTerminalTaskState(state) {
+  return state === "completed" || state === "failed" || state === "canceled";
+}
+
 // src/server.ts
 function appendArtifact(task, text) {
   task.artifacts.push({
     kind: "artifact",
-    artifactId: randomUUID3(),
+    artifactId: randomUUID4(),
     parts: [{ kind: "text", text }]
   });
 }
@@ -26718,7 +26844,7 @@ var A2AServer = class {
       description: `PerkOS agent: ${config.agentName}`,
       protocolVersion: "0.3.0",
       version: "1.0.0",
-      url: `http://localhost:${config.port}/a2a/jsonrpc`,
+      url: `${(config.publicUrl || `http://localhost:${config.port}`).replace(/\/+$/, "")}/a2a/jsonrpc`,
       skills: config.skills || [],
       capabilities: { pushNotifications: false },
       defaultInputModes: ["text"],
@@ -26822,9 +26948,8 @@ var A2AServer = class {
   }
   async handleSendMessage(params, rpcId) {
     const message = params.message;
-    const taskId = randomUUID3();
-    const contextId = message?.contextId || randomUUID3();
-    const meta = message?.metadata || {};
+    const taskId = randomUUID4();
+    const contextId = message?.contextId || randomUUID4();
     const task = {
       kind: "task",
       id: taskId,
@@ -26833,10 +26958,7 @@ var A2AServer = class {
       messages: [message],
       artifacts: [],
       metadata: {
-        fromAgent: meta.fromAgent || "unknown",
-        replyToTaskId: meta.replyToTaskId,
-        conversationId: meta.conversationId || contextId,
-        kind: meta.kind || "request"
+        fromAgent: message?.metadata?.fromAgent || "unknown"
       },
       sessionKeyHint: "agent:main"
     };
@@ -26852,33 +26974,11 @@ var A2AServer = class {
     this.tasks.set(task.id, structuredClone(task));
     const textParts = task.messages.flatMap((m) => m.parts || []).filter((p) => p.kind === "text").map((p) => p.text).join("\n");
     try {
-      if (task.metadata?.kind === "response" && task.metadata?.replyToTaskId) {
-        const original = this.tasks.get(String(task.metadata.replyToTaskId));
-        if (original) {
-          appendArtifact(original, textParts || "(empty response)");
-          original.status = {
-            state: "completed",
-            timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-            message: {
-              role: "agent",
-              parts: [{ kind: "text", text: textParts || "(empty response)" }]
-            }
-          };
-          this.tasks.set(original.id, structuredClone(original));
-          appendArtifact(task, `Response linked to original task ${original.id}`);
-          task.status = { state: "completed", timestamp: (/* @__PURE__ */ new Date()).toISOString() };
-          this.tasks.set(task.id, structuredClone(task));
-          this.logger.info(`[perkos-a2a] Response task ${task.id} linked to original task ${original.id}`);
-          return;
-        }
-      }
       if (this.messageInjector) {
         this.messageInjector(textParts, {
           source: "a2a",
           fromAgent: task.metadata?.fromAgent,
-          taskId: task.id,
-          conversationId: task.metadata?.conversationId,
-          kind: task.metadata?.kind
+          taskId: task.id
         });
         appendArtifact(task, "Task accepted and dispatched for execution");
         this.tasks.set(task.id, structuredClone(task));
@@ -26954,11 +27054,11 @@ var A2AServer = class {
     return this.success(rpcId, task);
   }
   /** Send a task to a peer agent via A2A protocol (direct HTTP or relay) */
-  async sendTask(targetAgent, messageText, metadata) {
+  async sendTask(targetAgent, messageText) {
     const targetUrl = this.config.peers[targetAgent];
     if (targetUrl) {
       try {
-        return await this.sendTaskDirect(targetAgent, targetUrl, messageText, metadata);
+        return await this.sendTaskDirect(targetAgent, targetUrl, messageText);
       } catch (err) {
         if (!this.relayClient?.isConnected()) {
           throw err;
@@ -26969,13 +27069,13 @@ var A2AServer = class {
       }
     }
     if (this.relayClient?.isConnected()) {
-      return this.sendTaskViaRelay(targetAgent, messageText, metadata);
+      return this.sendTaskViaRelay(targetAgent, messageText);
     }
     throw new Error(
       `Cannot reach ${targetAgent}: no direct URL configured and relay not connected. Known peers: ${Object.keys(this.config.peers).join(", ")}`
     );
   }
-  async sendTaskDirect(targetAgent, targetUrl, messageText, metadata) {
+  async sendTaskDirect(targetAgent, targetUrl, messageText) {
     const headers = { "Content-Type": "application/json" };
     const peerAuth = this.config.peerAuth?.[targetAgent];
     if (peerAuth) {
@@ -26984,19 +27084,14 @@ var A2AServer = class {
     const payload = {
       jsonrpc: "2.0",
       method: "message/send",
-      id: randomUUID3(),
+      id: randomUUID4(),
       params: {
         message: {
           kind: "message",
-          messageId: randomUUID3(),
+          messageId: randomUUID4(),
           role: "user",
           parts: [{ kind: "text", text: messageText }],
-          metadata: {
-            fromAgent: this.config.agentName,
-            conversationId: metadata?.conversationId,
-            replyToTaskId: metadata?.replyToTaskId,
-            kind: metadata?.kind || "request"
-          }
+          metadata: { fromAgent: this.config.agentName }
         }
       }
     };
@@ -27005,10 +27100,51 @@ var A2AServer = class {
       headers,
       body: JSON.stringify(payload)
     });
-    return await response.json();
+    const initial = await response.json();
+    const task = initial.result;
+    if (task?.id && !isTerminalTaskState(task.status?.state)) {
+      const terminal = await this.waitForRemoteTaskTerminal(targetUrl, headers, task.id).catch((err) => {
+        const msg = err instanceof Error ? err.message : String(err);
+        this.logger.info(`[perkos-a2a] Waiting for ${targetAgent} task ${task.id} terminal state failed: ${msg}`);
+        return null;
+      });
+      if (terminal) return terminal;
+    }
+    return initial;
+  }
+  async waitForRemoteTaskTerminal(targetUrl, headers, taskId, timeoutMs = Number(process.env.A2A_SEND_WAIT_MS || 45e3), pollMs = Number(process.env.A2A_SEND_POLL_MS || 1e3)) {
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+      await new Promise((resolve) => setTimeout(resolve, pollMs));
+      const response = await fetch(`${targetUrl}/a2a/jsonrpc`, {
+        method: "POST",
+        headers,
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          method: "tasks/get",
+          id: randomUUID4(),
+          params: { id: taskId }
+        })
+      });
+      const json = await response.json();
+      const task = json.result;
+      if (task && isTerminalTaskState(task.status?.state)) return json;
+    }
+    return null;
+  }
+  async waitForLocalTaskTerminal(taskId, timeoutMs = Number(process.env.A2A_RELAY_WAIT_MS || 45e3), pollMs = Number(process.env.A2A_RELAY_POLL_MS || 1e3)) {
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+      const task = this.tasks.get(taskId);
+      if (task && isTerminalTaskState(task.status?.state)) {
+        return this.success(randomUUID4(), structuredClone(task));
+      }
+      await new Promise((resolve) => setTimeout(resolve, pollMs));
+    }
+    return null;
   }
-  async sendTaskViaRelay(targetAgent, messageText, metadata) {
-    const rpcId = randomUUID3();
+  async sendTaskViaRelay(targetAgent, messageText) {
+    const rpcId = randomUUID4();
     const result = await this.relayClient.sendTask(targetAgent, {
       jsonrpc: "2.0",
       method: "message/send",
@@ -27016,15 +27152,10 @@ var A2AServer = class {
       params: {
         message: {
           kind: "message",
-          messageId: randomUUID3(),
+          messageId: randomUUID4(),
           role: "user",
           parts: [{ kind: "text", text: messageText }],
-          metadata: {
-            fromAgent: this.config.agentName,
-            conversationId: metadata?.conversationId,
-            replyToTaskId: metadata?.replyToTaskId,
-            kind: metadata?.kind || "request"
-          }
+          metadata: { fromAgent: this.config.agentName }
         }
       }
     });
@@ -27074,7 +27205,19 @@ var A2AServer = class {
     const payload = msg.payload;
     const params = payload.params || payload;
     const rpcId = payload.id || msg.id;
-    this.handleSendMessage(params, rpcId).then((response) => {
+    this.handleSendMessage(params, rpcId).then(async (response) => {
+      const task = response.result;
+      if (task?.id && !isTerminalTaskState(task.status?.state)) {
+        const terminal = await this.waitForLocalTaskTerminal(task.id).catch((err) => {
+          const errMsg = err instanceof Error ? err.message : String(err);
+          this.logger.info(`[perkos-a2a] Waiting for relay task ${task.id} terminal state failed: ${errMsg}`);
+          return null;
+        });
+        if (terminal) {
+          this.relayClient?.sendTaskResponse(msg, terminal);
+          return;
+        }
+      }
       this.relayClient?.sendTaskResponse(msg, response);
     }).catch((err) => {
       const errMsg = err instanceof Error ? err.message : String(err);
@@ -27099,8 +27242,9 @@ var A2AServer = class {
     const relayConfig = this.config.relay;
     this.relayHub = new RelayHub(
       {
-        port: this.config.port,
-        apiKeys: this.config.auth?.apiKeys || [],
+        port: this.config.relay?.hubPort || this.config.port,
+        apiKeys: this.config.relay?.hubApiKeys || this.config.auth?.apiKeys || [],
+        registeredAgents: this.config.relay?.registeredAgents || {},
         maxQueuePerAgent: 200,
         rateLimitPerMinute: 60,
         heartbeatIntervalMs: 3e4,
@@ -27162,11 +27306,12 @@ var A2AServer = class {
   tryListen(port, attempt = 1) {
     const maxAttempts = 3;
     try {
-      const srv = this.app.listen(port, "0.0.0.0", () => {
+      const bindHost = this.config.bindHost || "0.0.0.0";
+      const srv = this.app.listen(port, bindHost, () => {
         this.logger.info(
-          `[perkos-a2a] ${this.config.agentName} server on port ${port}`
+          `[perkos-a2a] ${this.config.agentName} server on ${bindHost}:${port}`
         );
-        this.agentCard.url = `http://localhost:${port}/a2a/jsonrpc`;
+        this.agentCard.url = `${(this.config.publicUrl || `http://localhost:${port}`).replace(/\/+$/, "")}/a2a/jsonrpc`;
       });
       srv.on("error", (err) => {
         if (err.code === "EADDRINUSE" && attempt < maxAttempts) {
@@ -27193,7 +27338,7 @@ var A2AServer = class {
 };
 
 // src/index.ts
-import { randomUUID as randomUUID4 } from "crypto";
+import { randomUUID as randomUUID5 } from "crypto";
 function wakeGatewayAgent(requestHeartbeatNow, reason, logger, sessionKey = "agent:main") {
   if (typeof requestHeartbeatNow === "function") {
     try {
@@ -27207,6 +27352,34 @@ function wakeGatewayAgent(requestHeartbeatNow, reason, logger, sessionKey = "age
     logger.info("[perkos-a2a] runtime.system.requestHeartbeatNow unavailable \u2014 task will process on next agent turn");
   }
 }
+function openclawWakeSessionKey(config) {
+  return config.runtime?.sessionKey || "agent:main";
+}
+function openclawEventSessionKey(config) {
+  const key = config.runtime?.sessionKey;
+  if (!key) return "agent:main:main";
+  return key.endsWith(":main") ? key : `${key}:main`;
+}
+async function deliverToHermes(config, message, logger) {
+  const runtime = config.runtime || {};
+  const baseUrl = (runtime.hermesUrl || process.env.HERMES_WORKSPACE_URL || "http://127.0.0.1:3000").replace(/\/+$/, "");
+  const endpoint = runtime.hermesEndpoint || "/api/session-send";
+  const sessionKey = runtime.sessionKey || "main";
+  const token = runtime.hermesToken || process.env.HERMES_WORKSPACE_TOKEN || process.env.HERMES_SESSION_TOKEN;
+  const url = `${baseUrl}${endpoint.startsWith("/") ? endpoint : `/${endpoint}`}`;
+  const headers = { "content-type": "application/json" };
+  if (token) headers.cookie = `claude-auth=${token}`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers,
+    body: JSON.stringify({ sessionKey, message })
+  });
+  if (!response.ok) {
+    const body = await response.text().catch(() => "");
+    throw new Error(`Hermes delivery failed (${response.status}): ${body || response.statusText}`);
+  }
+  logger.info(`[perkos-a2a] Delivered inbound A2A task to Hermes session ${sessionKey} via ${url}`);
+}
 function register(api) {
   const pluginConfig = api.config?.plugins?.entries?.["perkos-a2a"]?.config || {
     agentName: "agent",
@@ -27230,6 +27403,7 @@ function register(api) {
     logger.info("[perkos-a2a] runtime.system.requestHeartbeatNow unavailable \u2014 wake will rely on next agent turn");
   }
   server.setTaskResultHandler(async (task, text) => {
+    const runtimeKind = pluginConfig.runtime?.kind || "openclaw";
     const from = task.metadata?.fromAgent || "unknown";
     const marker = `[A2A_RESULT:${task.id}]`;
     const eventText = [
@@ -27249,22 +27423,43 @@ function register(api) {
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       message: {
         role: "agent",
-        parts: [{ kind: "text", text: "Task dispatched to supported system-event execution path." }]
+        parts: [{ kind: "text", text: `Task dispatched to ${runtimeKind} runtime.` }]
       }
     };
+    if (runtimeKind === "hermes") {
+      await deliverToHermes(pluginConfig, eventText, logger);
+      task.artifacts.push({
+        kind: "artifact",
+        artifactId: randomUUID5(),
+        parts: [{ kind: "text", text: `debug: delivered task ${task.id} to Hermes Workspace` }]
+      });
+      const finalText2 = await generateRuntimeReply(pluginConfig, text, marker);
+      completeTaskWithReply(task, finalText2);
+      return;
+    }
+    if (runtimeKind === "none") {
+      task.artifacts.push({
+        kind: "artifact",
+        artifactId: randomUUID5(),
+        parts: [{ kind: "text", text: `debug: runtime delivery disabled for ${marker}` }]
+      });
+      return;
+    }
     task.artifacts.push({
       kind: "artifact",
-      artifactId: randomUUID4(),
+      artifactId: randomUUID5(),
       parts: [{ kind: "text", text: `debug: enqueued system event for ${marker}` }]
     });
     if (enqueueSystemEvent) {
-      enqueueSystemEvent(eventText, { sessionKey: "agent:main:main" });
+      enqueueSystemEvent(eventText, { sessionKey: openclawEventSessionKey(pluginConfig) });
     }
+    const finalText = await generateRuntimeReply(pluginConfig, text, marker);
+    completeTaskWithReply(task, finalText);
     wakeGatewayAgent(
       requestHeartbeatNow,
       `[A2A] Process queued task ${task.id}`,
       logger,
-      "agent:main"
+      openclawWakeSessionKey(pluginConfig)
     );
   });
   server.setTaskFailureHandler(async (task, errorText) => {
@@ -27283,7 +27478,8 @@ function register(api) {
     const time = (/* @__PURE__ */ new Date()).toISOString();
     pendingTasks.push({ from, text, taskId, time });
     logger.info(`[perkos-a2a] Task queued from ${from} (${taskId}), ${pendingTasks.length} pending`);
-    if (enqueueSystemEvent) {
+    const runtimeKind = pluginConfig.runtime?.kind || "openclaw";
+    if (runtimeKind === "openclaw" && enqueueSystemEvent) {
       const eventText = [
         `[A2A OBSERVABILITY EVENT]`,
         `From: ${from} | Task ID: ${taskId} | Time: ${time}`,
@@ -27291,19 +27487,21 @@ function register(api) {
         text
       ].join("\n");
       try {
-        enqueueSystemEvent(eventText, { sessionKey: "agent:main:main" });
+        enqueueSystemEvent(eventText, { sessionKey: openclawEventSessionKey(pluginConfig) });
         logger.info(`[perkos-a2a] Observability system event enqueued for task ${taskId}`);
       } catch (err) {
         const msg = err instanceof Error ? err.message : String(err);
         logger.error(`[perkos-a2a] Failed to enqueue observability system event: ${msg}`);
       }
     }
-    wakeGatewayAgent(
-      requestHeartbeatNow,
-      `[A2A] Incoming task from ${from} (${taskId}).`,
-      logger,
-      "agent:main"
-    );
+    if (runtimeKind === "openclaw") {
+      wakeGatewayAgent(
+        requestHeartbeatNow,
+        `[A2A] Incoming task from ${from} (${taskId}).`,
+        logger,
+        openclawWakeSessionKey(pluginConfig)
+      );
+    }
   });
   api.registerHook("before_agent_start", async () => {
     if (pendingTasks.length === 0) return {};
@@ -27320,7 +27518,7 @@ function register(api) {
     }
     logger.info(`[perkos-a2a] Injecting ${tasks.length} observability note(s) into agent context via before_agent_start`);
     return { prependContext: lines.join("\n") };
-  });
+  }, { name: "perkos-a2a-before-agent-start", description: "Inject pending A2A observability notes before agent starts." });
   api.runtime?.events?.onSessionTranscriptUpdate?.((update) => {
     const message = update?.message;
     const text = Array.isArray(message?.parts) ? message.parts.filter((p) => p?.kind === "text" && typeof p?.text === "string").map((p) => p.text).join("\n") : typeof message?.text === "string" ? message.text : "";
@@ -27328,11 +27526,12 @@ function register(api) {
     for (const task of server.getTasks()) {
       const marker = `[A2A_RESULT:${task.id}]`;
       if (!text.includes(marker)) continue;
+      if (task.status.state === "completed") continue;
       const finalText = text.slice(text.indexOf(marker) + marker.length).trim();
       if (!finalText) continue;
       task.artifacts.push({
         kind: "artifact",
-        artifactId: randomUUID4(),
+        artifactId: randomUUID5(),
         parts: [{ kind: "text", text: finalText }]
       });
       task.status = {