a2acalling 0.3.5 → 0.4.0

package/scripts/install-openclaw.js

@@ -136,16 +136,17 @@ function writeExecutableFile(filePath, content) {
   }
 }
 
-function ensureStandaloneBootstrap(hostname, port) {
+/**
+ * Ensure config and disclosure manifest exist.
+ * Called from both OpenClaw and standalone install paths.
+ */
+function ensureConfigAndManifest(hostname, port) {
   const configDir = resolveA2AConfigDir();
   ensureDir(configDir);
 
-  const configFile = path.join(configDir, 'a2a-config.json');
-  const manifestFile = path.join(configDir, 'a2a-disclosure.json');
-
   try {
     const { A2AConfig } = require('../src/lib/config');
-    const { loadManifest, saveManifest, generateDefaultManifest } = require('../src/lib/disclosure');
+    const { loadManifest, saveManifest, generateDefaultManifest, readContextFiles } = require('../src/lib/disclosure');
 
     const config = new A2AConfig();
     const defaults = config.getDefaults() || {};
@@ -153,25 +154,30 @@ function ensureStandaloneBootstrap(hostname, port) {
 
     const agent = config.getAgent() || {};
     if (!agent.hostname) {
-      config.setAgent({
-        hostname: `${hostname}:${port}`
-      });
+      config.setAgent({ hostname: `${hostname}:${port}` });
     }
 
     const manifest = loadManifest();
     if (!manifest || Object.keys(manifest).length === 0) {
-      const generated = generateDefaultManifest({
-        user: safeRead(path.join(process.cwd(), 'USER.md')),
-        heartbeat: safeRead(path.join(process.cwd(), 'HEARTBEAT.md')),
-        soul: safeRead(path.join(process.cwd(), 'SOUL.md'))
-      });
+      const contextFiles = readContextFiles(process.cwd());
+      const generated = generateDefaultManifest(contextFiles);
       saveManifest(generated);
+      const manifestFile = path.join(configDir, 'a2a-disclosure.json');
       log(`Generated default disclosure manifest: ${manifestFile}`);
     }
   } catch (err) {
-    warn(`Standalone config bootstrap failed: ${err.message}`);
+    warn(`Config/manifest bootstrap failed: ${err.message}`);
   }
 
+  return configDir;
+}
+
+function ensureStandaloneBootstrap(hostname, port) {
+  const configDir = ensureConfigAndManifest(hostname, port);
+
+  const configFile = path.join(configDir, 'a2a-config.json');
+  const manifestFile = path.join(configDir, 'a2a-disclosure.json');
+
   const bridgeDir = path.join(configDir, 'runtime-bridge');
   ensureDir(bridgeDir);
   const turnScript = path.join(bridgeDir, 'a2a-turn.sh');
@@ -202,6 +208,15 @@ echo "a2a notify: $payload" >&2
 `);
   }
 
+  // Install SKILL.md so standalone agents can discover it
+  const skillsDir = path.join(configDir, 'skills', SKILL_NAME);
+  ensureDir(skillsDir);
+  const skillContent = loadSkillMd();
+  if (skillContent) {
+    fs.writeFileSync(path.join(skillsDir, 'SKILL.md'), skillContent);
+    log(`Installed skill to: ${skillsDir}`);
+  }
+
   let generatedAdminToken = null;
   if (!process.env.A2A_ADMIN_TOKEN) {
     generatedAdminToken = crypto.randomBytes(24).toString('base64url');
@@ -211,6 +226,7 @@ echo "a2a notify: $payload" >&2
     configDir,
     configFile,
     manifestFile,
+    skillsDir,
     bridgeDir,
     turnScript,
     summaryScript,
@@ -388,108 +404,44 @@ function installDashboardProxyPlugin(backendUrl) {
   return pluginDir;
 }
 
-// Skill content
-const SKILL_MD = `---
-name: a2a
-description: "Agent-to-Agent a2a. Handle /a2a commands to create tokens, manage connections, and call remote agents. Triggers on: /a2a, a2a, agent token, a2a invite."
----
-
-# A2A
-
-Handle agent-to-agent communication with Telegram inline buttons + \`a2a\` CLI.
-
-## CRITICAL: Forum Topic Threading
-
-When sending messages with buttons in Telegram forum groups, **ALWAYS include threadId**:
-
-1. Extract topic ID from message header (e.g., \`topic:567\`)
-2. Include \`threadId: "TOPIC_ID"\` in ALL message tool calls
-
-## Onboarding (First Run)
-
-**BEFORE showing tiers, ALWAYS read and analyze user context:**
-- HEARTBEAT.md - current tasks/interests
-- USER.md - professional context, shareable bio
-- SOUL.md - agent personality
-- memory/*.md - stored context
-
-**Extract:** Topics of interest, goals, professional context (job seeking?), sensitive areas.
-
-**Personalize tiers based on findings** - not generic examples!
+// Skill content — read from the canonical SKILL.md that ships with the package.
+// No embedded copy to drift out of sync.
+const SKILL_MD_PATH = path.resolve(__dirname, '..', 'SKILL.md');
 
-**Step 1:** Show analyzed topics grouped into Public/Friends/Private tiers
-**Step 2:** Confirm default settings (expiration, rate limits)
-**Step 3:** Confirm agent identity
-**Step 4:** Complete - save config, show next steps
-
-Settings saved to ~/.config/openclaw/a2a-config.json
-
-## First-Call Requirement
-
-Before any agent uses \`/a2a call\`, the human owner must complete onboarding and approve tier permissions.
-If onboarding has not been completed yet, route them to \`/a2a quickstart\` first.
-
-## Main Menu (Post-Onboarding)
-
-\`\`\`javascript
-message({
-  action: "send",
-  channel: "telegram",
-  target: "CHAT_ID",
-  threadId: "TOPIC_ID",  // REQUIRED for forum topics!
-  message: "🤝 **A2A**\\n\\nWhat would you like to do?",
-  buttons: [
-    [{ text: "📝 Create Invite", callback_data: "/a2a invite" }, { text: "📋 List Tokens", callback_data: "/a2a list" }],
-    [{ text: "🗑 Revoke Token", callback_data: "/a2a revoke" }, { text: "📡 Add Remote", callback_data: "/a2a add" }]
-  ]
-})
-\`\`\`
-
-## Commands
-
-### /a2a invite
-\`\`\`bash
-a2a create --name "NAME" --expires "DURATION"
-\`\`\`
-Reply with full shareable invite block.
-
-### /a2a list
-\`\`\`bash
-a2a list
-\`\`\`
-
-### /a2a revoke <id>
-\`\`\`bash
-a2a revoke TOKEN_ID
-\`\`\`
-
-### /a2a add <url> [name]
-\`\`\`bash
-a2a add "URL" "NAME"
-\`\`\`
-
-### /a2a call <url> <msg>
-\`\`\`bash
-a2a call "URL" "MESSAGE"
-\`\`\`
-
-## Server
-
-\`\`\`bash
-a2a server --port 3001
-\`\`\`
-
-## Defaults
-- Expiration: 1 day
-- Max calls: 100
-- Rate limit: 10/min
-`;
+function loadSkillMd() {
+  if (fs.existsSync(SKILL_MD_PATH)) {
+    return fs.readFileSync(SKILL_MD_PATH, 'utf8');
+  }
+  warn(`SKILL.md not found at ${SKILL_MD_PATH}`);
+  warn('The a2acalling package may be incomplete. Run: a2a update');
+  return null;
+}
 
-function install() {
+async function install() {
   log('Installing A2A Calling...\n');
 
   const hostname = flags.hostname || process.env.HOSTNAME || 'localhost';
-  const port = String(flags.port || process.env.A2A_PORT || '3001');
+
+  // Port scanning: use explicit port or scan for available one
+  let port;
+  if (flags.port) {
+    port = String(flags.port);
+  } else if (process.env.A2A_PORT) {
+    port = String(process.env.A2A_PORT);
+  } else {
+    try {
+      const { findAvailablePort } = require('../src/lib/port-scanner');
+      const available = await findAvailablePort([80, 3001, 8080, 8443, 9001]);
+      port = available ? String(available) : '3001';
+      if (available === 80) {
+        log(`Port 80 is available (recommended for inbound A2A connections)`);
+      } else if (available) {
+        log(`Auto-detected available port: ${available}`);
+      }
+    } catch (e) {
+      port = '3001';
+    }
+  }
   const backendUrl = flags['dashboard-backend'] || `http://127.0.0.1:${port}`;
   const forceStandalone = Boolean(flags.standalone) || String(process.env.A2A_FORCE_STANDALONE || '').toLowerCase() === 'true';
   const hasOpenClawBinary = commandExists('openclaw');
@@ -504,8 +456,16 @@ function install() {
     // 2. Install skill
     const skillDir = path.join(OPENCLAW_SKILLS, SKILL_NAME);
     ensureDir(skillDir);
-    fs.writeFileSync(path.join(skillDir, 'SKILL.md'), SKILL_MD);
+    const skillContent = loadSkillMd();
+    if (skillContent) {
+      fs.writeFileSync(path.join(skillDir, 'SKILL.md'), skillContent);
+    } else {
+      warn('Skipped SKILL.md install — source file not found in package.');
+    }
     log(`Installed skill to: ${skillDir}`);
+
+    // Ensure config and manifest exist even in OpenClaw path
+    ensureConfigAndManifest(hostname, port);
   } else {
     warn('OpenClaw not detected. Enabling standalone A2A bootstrap.');
     standaloneBootstrap = ensureStandaloneBootstrap(hostname, port);
@@ -676,7 +636,10 @@ Examples:
 switch (command) {
   case 'install':
   case 'setup':
-    install();
+    install().catch(err => {
+      error(`Install failed: ${err.message}`);
+      process.exit(1);
+    });
     break;
   case 'uninstall':
     uninstall();

package/src/dashboard/public/app.js

@@ -313,7 +313,11 @@ function bindInviteActions() {
       body: JSON.stringify(body)
     });
     document.getElementById('invite-message').value = result.invite_message || result.invite_url;
-    showNotice('Invite created');
+    if (result.warnings && result.warnings.length) {
+      showNotice(result.warnings[0]);
+    } else {
+      showNotice('Invite created');
+    }
     await loadInvites();
   });
 }

package/src/lib/config.js

@@ -112,8 +112,13 @@ class A2AConfig {
       this.config.createdAt = this.config.updatedAt;
     }
     const tmpPath = `${CONFIG_FILE}.tmp`;
-    fs.writeFileSync(tmpPath, JSON.stringify(this.config, null, 2));
+    fs.writeFileSync(tmpPath, JSON.stringify(this.config, null, 2), { mode: 0o600 });
     fs.renameSync(tmpPath, CONFIG_FILE);
+    try {
+      fs.chmodSync(CONFIG_FILE, 0o600);
+    } catch (err) {
+      // Best effort - ignore on platforms without chmod support.
+    }
   }
 
   // Check if onboarding is complete

package/src/lib/conversations.js

@@ -39,6 +39,11 @@ class ConversationStore {
     try {
       const Database = require('better-sqlite3');
       this.db = new Database(this.dbPath);
+      try {
+        fs.chmodSync(this.dbPath, 0o600);
+      } catch (err) {
+        // Best effort - ignore on platforms without chmod support.
+      }
       this._migrate();
       return this.db;
     } catch (err) {

package/src/lib/disclosure.js

@@ -39,8 +39,13 @@ function saveManifest(manifest) {
   }
   manifest.updated_at = new Date().toISOString();
   const tmpPath = `${MANIFEST_FILE}.tmp`;
-  fs.writeFileSync(tmpPath, JSON.stringify(manifest, null, 2));
+  fs.writeFileSync(tmpPath, JSON.stringify(manifest, null, 2), { mode: 0o600 });
   fs.renameSync(tmpPath, MANIFEST_FILE);
+  try {
+    fs.chmodSync(MANIFEST_FILE, 0o600);
+  } catch (err) {
+    // Best effort - ignore on platforms without chmod support.
+  }
 }
 
 /**
@@ -130,7 +135,8 @@ function generateDefaultManifest(contextFiles = {}) {
   const heartbeatContent = contextFiles.heartbeat || '';
   const soulContent = contextFiles.soul || '';
 
-  const hasContent = userContent || heartbeatContent || soulContent;
+  const hasContent = userContent || heartbeatContent || soulContent ||
+    contextFiles.skill || contextFiles.memory || contextFiles.skills || contextFiles.claude;
 
   if (!hasContent) {
     // Minimal starter manifest
@@ -247,6 +253,52 @@ function generateDefaultManifest(contextFiles = {}) {
     }
   }
 
+  // Extract capability keywords from SKILL.md and installed skills
+  const skillContent = (contextFiles.skill || '') + '\n' + (contextFiles.skills || '');
+  if (skillContent.trim()) {
+    const capabilityLines = skillContent
+      .split('\n')
+      .filter(l => l.trim().startsWith('-') || l.trim().startsWith('*'))
+      .map(l => l.replace(/^[\s\-\*]+/, '').trim())
+      .filter(l => l.length > 5 && l.length < 120)
+      .slice(0, 6);
+
+    capabilityLines.forEach(cap => {
+      manifest.topics.public.discuss_freely.push({ topic: cap.slice(0, 60), detail: cap });
+    });
+  }
+
+  // Extract topic keywords from memory files
+  if (contextFiles.memory) {
+    const memoryLines = contextFiles.memory
+      .split('\n')
+      .filter(l => l.trim().startsWith('-') || l.trim().startsWith('*'))
+      .map(l => l.replace(/^[\s\-\*]+/, '').trim())
+      .filter(l => l.length > 5 && l.length < 120)
+      .slice(0, 4);
+
+    memoryLines.forEach(item => {
+      manifest.topics.friends.discuss_freely.push({ topic: item.slice(0, 60), detail: item });
+    });
+  }
+
+  // Extract project context from CLAUDE.md
+  if (contextFiles.claude) {
+    const claudeMatch = contextFiles.claude.match(/##\s*(?:What|Quick|About|Context)[^\n]*\n([\s\S]*?)(?=\n##|$)/i);
+    if (claudeMatch) {
+      const contextLines = claudeMatch[1]
+        .split('\n')
+        .filter(l => l.trim().startsWith('-') || l.trim().startsWith('*') || (l.trim().length > 10 && !l.startsWith('#')))
+        .map(l => l.replace(/^[\s\-\*]+/, '').trim())
+        .filter(Boolean)
+        .slice(0, 3);
+
+      contextLines.forEach(item => {
+        manifest.topics.public.discuss_freely.push({ topic: item.slice(0, 60), detail: item });
+      });
+    }
+  }
+
   // Ensure at least something in each public category
   if (manifest.topics.public.lead_with.length === 0) {
     manifest.topics.public.lead_with.push(
@@ -269,7 +321,7 @@ function generateDefaultManifest(contextFiles = {}) {
 
 /**
  * Read context files from an OpenClaw workspace directory.
- * Returns { user, heartbeat, soul } with file contents or empty strings.
+ * Returns { user, heartbeat, soul, skill, claude, memory, skills } with file contents or empty strings.
  */
 function readContextFiles(workspaceDir) {
   const read = (filename) => {
@@ -282,11 +334,55 @@ function readContextFiles(workspaceDir) {
     return '';
   };
 
-  return {
+  // Read primary files
+  const result = {
     user: read('USER.md'),
     heartbeat: read('HEARTBEAT.md'),
-    soul: read('SOUL.md')
+    soul: read('SOUL.md'),
+    skill: read('SKILL.md'),
+    claude: read('CLAUDE.md')
   };
+
+  // Scan memory/*.md
+  const memoryDir = path.join(workspaceDir, 'memory');
+  result.memory = '';
+  if (fs.existsSync(memoryDir)) {
+    try {
+      const files = fs.readdirSync(memoryDir).filter(f => f.endsWith('.md'));
+      result.memory = files.map(f => {
+        try { return fs.readFileSync(path.join(memoryDir, f), 'utf8'); }
+        catch (e) { return ''; }
+      }).filter(Boolean).join('\n---\n');
+    } catch (e) {}
+  }
+
+  // Scan installed skills from both OpenClaw and standalone paths
+  const homeDir = process.env.HOME || '/tmp';
+  const skillsDirs = [
+    process.env.OPENCLAW_SKILLS || path.join(homeDir, '.openclaw', 'skills'),
+    path.join(CONFIG_DIR, 'skills')
+  ];
+  const skillFragments = [];
+  const seenSkillDirs = new Set();
+  for (const skillsDir of skillsDirs) {
+    if (!fs.existsSync(skillsDir) || seenSkillDirs.has(skillsDir)) continue;
+    seenSkillDirs.add(skillsDir);
+    try {
+      const dirs = fs.readdirSync(skillsDir).filter(d => {
+        try { return fs.statSync(path.join(skillsDir, d)).isDirectory(); }
+        catch (e) { return false; }
+      });
+      for (const d of dirs) {
+        try {
+          const content = fs.readFileSync(path.join(skillsDir, d, 'SKILL.md'), 'utf8');
+          if (content) skillFragments.push(content);
+        } catch (e) {}
+      }
+    } catch (e) {}
+  }
+  result.skills = skillFragments.join('\n---\n');
+
+  return result;
 }
 
 module.exports = {

package/src/lib/external-ip.js

@@ -0,0 +1,200 @@
+/**
+ * External IP Resolver (Cached)
+ *
+ * When generating invites, we want a host that other agents can reach.
+ * This module fetches the machine's public (egress) IP from a few
+ * "what is my IP" services and caches the result to avoid repeated
+ * network calls.
+ *
+ * Cache file: ~/.config/openclaw/a2a-external-ip.json (or A2A_CONFIG_DIR)
+ */
+
+const fs = require('fs');
+const path = require('path');
+const http = require('http');
+const https = require('https');
+const net = require('net');
+
+const CONFIG_DIR = process.env.A2A_CONFIG_DIR ||
+  process.env.OPENCLAW_CONFIG_DIR ||
+  path.join(process.env.HOME || '/tmp', '.config', 'openclaw');
+
+const EXTERNAL_IP_CACHE_FILE = path.join(CONFIG_DIR, 'a2a-external-ip.json');
+
+const DEFAULT_SERVICES = [
+  'https://api.ipify.org',
+  'https://checkip.amazonaws.com/',
+  'https://icanhazip.com/'
+];
+
+function ensureDir(dirPath) {
+  if (!fs.existsSync(dirPath)) {
+    fs.mkdirSync(dirPath, { recursive: true });
+  }
+}
+
+function atomicWriteJson(filePath, data) {
+  ensureDir(path.dirname(filePath));
+  const tmpPath = `${filePath}.tmp`;
+  fs.writeFileSync(tmpPath, JSON.stringify(data, null, 2), { mode: 0o600 });
+  fs.renameSync(tmpPath, filePath);
+  try {
+    fs.chmodSync(filePath, 0o600);
+  } catch (err) {
+    // Best effort.
+  }
+}
+
+function readJson(filePath) {
+  try {
+    if (!fs.existsSync(filePath)) return null;
+    return JSON.parse(fs.readFileSync(filePath, 'utf8'));
+  } catch (err) {
+    return null;
+  }
+}
+
+function parseIp(text) {
+  const candidate = String(text || '')
+    .trim()
+    .replace(/^"+|"+$/g, '')
+    .split(/\s+/)[0];
+  if (!candidate) return null;
+  return net.isIP(candidate) ? candidate : null;
+}
+
+function requestText(url, timeoutMs) {
+  return new Promise((resolve, reject) => {
+    let parsed;
+    try {
+      parsed = new URL(url);
+    } catch (err) {
+      reject(new Error('invalid_url'));
+      return;
+    }
+
+    const client = parsed.protocol === 'https:' ? https : http;
+    const req = client.request({
+      protocol: parsed.protocol,
+      hostname: parsed.hostname,
+      port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
+      method: 'GET',
+      path: parsed.pathname + parsed.search,
+      headers: {
+        'User-Agent': `a2acalling/${process.env.npm_package_version || 'dev'} (external-ip)`
+      },
+      timeout: timeoutMs
+    }, (res) => {
+      let data = '';
+      res.setEncoding('utf8');
+
+      res.on('data', (chunk) => {
+        data += chunk;
+        if (data.length > 4096) {
+          req.destroy(new Error('response_too_large'));
+        }
+      });
+
+      res.on('end', () => resolve({ statusCode: res.statusCode || 0, body: data }));
+    });
+
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy(new Error('timeout'));
+    });
+
+    req.end();
+  });
+}
+
+async function fetchExternalIp(options = {}) {
+  const timeoutMs = Number.isFinite(options.timeoutMs) ? options.timeoutMs : 2500;
+  const services = Array.isArray(options.services) && options.services.length
+    ? options.services
+    : DEFAULT_SERVICES;
+
+  let lastError = null;
+  for (const serviceUrl of services) {
+    try {
+      const res = await requestText(serviceUrl, timeoutMs);
+      if (res.statusCode < 200 || res.statusCode >= 300) {
+        throw new Error(`bad_status_${res.statusCode}`);
+      }
+      const ip = parseIp(res.body);
+      if (!ip) {
+        throw new Error('invalid_ip');
+      }
+      return { ip, source: serviceUrl };
+    } catch (err) {
+      lastError = err;
+    }
+  }
+
+  const msg = lastError ? lastError.message : 'unavailable';
+  throw new Error(`external_ip_unavailable:${msg}`);
+}
+
+/**
+ * Get external IP, using cached result if not stale.
+ *
+ * Returns:
+ *   { ip, checkedAt, source, fromCache, stale }
+ * or:
+ *   { ip: null, error }
+ */
+async function getExternalIp(options = {}) {
+  const ttlMs = Number.isFinite(options.ttlMs)
+    ? options.ttlMs
+    : Number.parseInt(process.env.A2A_EXTERNAL_IP_TTL_MS || '', 10) || (6 * 60 * 60 * 1000);
+  const cacheFile = options.cacheFile || EXTERNAL_IP_CACHE_FILE;
+  const nowMs = Number.isFinite(options.nowMs) ? options.nowMs : Date.now();
+
+  const cached = readJson(cacheFile);
+  if (cached && cached.ip && cached.checked_at) {
+    const cachedIp = parseIp(cached.ip);
+    const checkedAtMs = Date.parse(cached.checked_at);
+    if (cachedIp && Number.isFinite(checkedAtMs)) {
+      const ageMs = Math.max(0, nowMs - checkedAtMs);
+      if (ageMs <= ttlMs && !options.forceRefresh) {
+        return {
+          ip: cachedIp,
+          checkedAt: cached.checked_at,
+          source: cached.source || 'cache',
+          fromCache: true,
+          stale: false
+        };
+      }
+    }
+  }
+
+  try {
+    const { ip, source } = await fetchExternalIp({
+      timeoutMs: options.timeoutMs,
+      services: options.services
+    });
+    const checkedAt = new Date(nowMs).toISOString();
+    atomicWriteJson(cacheFile, { ip, checked_at: checkedAt, source });
+    return { ip, checkedAt, source, fromCache: false, stale: false };
+  } catch (err) {
+    if (cached && cached.ip) {
+      const cachedIp = parseIp(cached.ip);
+      if (cachedIp) {
+        return {
+          ip: cachedIp,
+          checkedAt: cached.checked_at || null,
+          source: cached.source || 'cache',
+          fromCache: true,
+          stale: true
+        };
+      }
+    }
+    return { ip: null, error: err.message };
+  }
+}
+
+module.exports = {
+  EXTERNAL_IP_CACHE_FILE,
+  fetchExternalIp,
+  getExternalIp
+};
+