a2acalling 0.6.1 → 0.6.3

package/src/lib/tokens.js

@@ -15,6 +15,47 @@ const DEFAULT_CONFIG_DIR = process.env.A2A_CONFIG_DIR ||
 const DB_FILENAME = 'a2a.json';
 const logger = createLogger({ component: 'a2a.tokens' });
 
+function sanitizeCustomFields(fields, options = {}) {
+  const maxFields = Number.isFinite(options.maxFields) ? options.maxFields : 200;
+  const keyMaxLength = Number.isFinite(options.keyMaxLength) ? options.keyMaxLength : 80;
+  const valMaxLength = Number.isFinite(options.valMaxLength) ? options.valMaxLength : 800;
+
+  if (!fields || typeof fields !== 'object' || Array.isArray(fields)) {
+    return {};
+  }
+
+  const cleaned = {};
+  const keys = Object.keys(fields);
+  let count = 0;
+
+  for (const rawKey of keys) {
+    if (count >= maxFields) break;
+    const key = String(rawKey || '').replace(/\s+/g, ' ').trim().slice(0, keyMaxLength);
+    if (!key) continue;
+
+    const rawVal = fields[rawKey];
+    let value = '';
+    if (rawVal === null || rawVal === undefined) {
+      value = '';
+    } else if (typeof rawVal === 'string') {
+      value = rawVal;
+    } else if (typeof rawVal === 'number' || typeof rawVal === 'boolean') {
+      value = String(rawVal);
+    } else {
+      try {
+        value = JSON.stringify(rawVal);
+      } catch (err) {
+        value = String(rawVal);
+      }
+    }
+
+    cleaned[key] = String(value).replace(/\s+/g, ' ').trim().slice(0, valMaxLength);
+    count++;
+  }
+
+  return cleaned;
+}
+
 class TokenStore {
   constructor(configDir = DEFAULT_CONFIG_DIR) {
     this.configDir = configDir;
@@ -31,7 +72,42 @@ class TokenStore {
   _load() {
     if (fs.existsSync(this.dbPath)) {
       try {
-        return JSON.parse(fs.readFileSync(this.dbPath, 'utf8'));
+        const parsed = JSON.parse(fs.readFileSync(this.dbPath, 'utf8'));
+        const db = parsed && typeof parsed === 'object' ? parsed : {};
+        db.tokens = Array.isArray(db.tokens) ? db.tokens : [];
+        db.calls = Array.isArray(db.calls) ? db.calls : [];
+        db.contacts = Array.isArray(db.contacts) ? db.contacts : [];
+
+        // Backward compat: legacy "remotes" is now "contacts".
+        const legacyRemotes = Array.isArray(db.remotes) ? db.remotes : [];
+        if (legacyRemotes.length) {
+          const keyFor = (row) => {
+            if (!row || typeof row !== 'object') return null;
+            if (row.id) return `id:${row.id}`;
+            const host = row.host ? String(row.host) : '';
+            const hash = row.token_hash ? String(row.token_hash) : '';
+            if (host && hash) return `hosthash:${host}#${hash}`;
+            if (host) return `host:${host}`;
+            return null;
+          };
+
+          const merged = db.contacts.slice();
+          const seen = new Set();
+          for (const row of merged) {
+            const key = keyFor(row);
+            if (key) seen.add(key);
+          }
+          for (const row of legacyRemotes) {
+            const key = keyFor(row);
+            if (key && seen.has(key)) continue;
+            if (key) seen.add(key);
+            merged.push(row);
+          }
+          db.contacts = merged;
+        }
+
+        // Persisted schema is intentionally minimal during prototyping.
+        return { tokens: db.tokens, contacts: db.contacts, calls: db.calls };
       } catch (e) {
         // Corrupted file - backup and start fresh
         const backupPath = `${this.dbPath}.corrupt.${Date.now()}`;
@@ -46,16 +122,22 @@ class TokenStore {
             backup_path: backupPath
           }
         });
-        return { tokens: [], remotes: [], calls: [] };
+        return { tokens: [], contacts: [], calls: [] };
       }
     }
-    return { tokens: [], remotes: [], calls: [] };
+    return { tokens: [], contacts: [], calls: [] };
   }
 
   _save(db) {
+    const persisted = {
+      tokens: Array.isArray(db.tokens) ? db.tokens : [],
+      contacts: Array.isArray(db.contacts) ? db.contacts : [],
+      calls: Array.isArray(db.calls) ? db.calls : []
+    };
+
     // Atomic write: write to temp file, then rename
     const tmpPath = `${this.dbPath}.tmp.${process.pid}`;
-    fs.writeFileSync(tmpPath, JSON.stringify(db, null, 2), { mode: 0o600 });
+    fs.writeFileSync(tmpPath, JSON.stringify(persisted, null, 2), { mode: 0o600 });
     fs.renameSync(tmpPath, this.dbPath);
     try {
       fs.chmodSync(this.dbPath, 0o600);
@@ -117,8 +199,10 @@ class TokenStore {
       tierSettings = null    // Object with tier-specific settings
     } = options;
 
-    // Map legacy tier values to labels
-    const tier = TokenStore.LEGACY_TIER_MAP[permissions] || permissions;
+    const tier = String(permissions || 'public').trim() || 'public';
+    if (!TokenStore.VALID_TIERS.includes(tier)) {
+      throw new Error(`Invalid permissions tier: ${tier}. Expected: ${TokenStore.VALID_TIERS.join('|')}`);
+    }
 
     const token = TokenStore.generateToken();
     const tokenHash = TokenStore.hashToken(token);
@@ -144,14 +228,16 @@ class TokenStore {
     const defaultTopics = {
       'public': configTiers.public?.topics || ['chat'],
       'friends': configTiers.friends?.topics || ['chat', 'calendar.read', 'email.read', 'search'],
-      'family': configTiers.family?.topics || ['chat', 'calendar', 'email', 'search', 'tools']
+      'family': configTiers.family?.topics || ['chat', 'calendar', 'email', 'search', 'tools'],
+      'custom': configTiers.custom?.topics || ['chat']
     };
 
     // Default goals based on tier label (snapshot at creation)
     const defaultGoals = {
       'public': configTiers.public?.goals || [],
       'friends': configTiers.friends?.goals || [],
-      'family': configTiers.family?.goals || []
+      'family': configTiers.family?.goals || [],
+      'custom': configTiers.custom?.goals || []
     };
 
     // Resolve capabilities: explicit > config > defaults
@@ -231,8 +317,10 @@ class TokenStore {
     record.last_used = new Date().toISOString();
     this._save(db);
 
-    // Map legacy tier values to labels for old records
-    const tier = TokenStore.LEGACY_TIER_MAP[record.tier] || record.tier || record.permissions || 'public';
+    const tier = record.tier || 'public';
+    if (!TokenStore.VALID_TIERS.includes(tier)) {
+      return { valid: false, error: 'invalid_token_tier' };
+    }
 
     // Resolve capabilities: stored > defaults
     const capabilities = record.capabilities
@@ -280,100 +368,155 @@ class TokenStore {
    * @param {object} options - Contact metadata
    * @param {string} options.name - Agent name
    * @param {string} options.owner - Human owner name
+   * @param {string} options.server_name - Server label (owner-local / optional)
    * @param {string} options.notes - Freeform notes
    * @param {string[]} options.tags - Grouping tags
+   * @param {object} options.fields - Flexible CRM-like fields (key/value)
    * @param {string} options.trust - Trust level (trusted, verified, unknown)
    */
-  addRemote(inviteUrl, options = {}) {
-    // Handle legacy signature: addRemote(url, name)
-    if (typeof options === 'string') {
-      options = { name: options };
-    }
-
-    const match = inviteUrl.match(/^(?:a2a|oclaw):\/\/([^/]+)\/(.+)$/);
+	  addContact(inviteUrl, options = {}) {
+    const match = String(inviteUrl || '').match(/^a2a:\/\/([^/]+)\/(.+)$/);
     if (!match) {
       throw new Error(`Invalid invite URL: ${inviteUrl}. Expected format: a2a://host/token`);
     }
 
-    const [, host, token] = match;
-    const remoteName = options.name || host;
+	    const [, host, token] = match;
+	    const agentName = options.name || host;
+	    const rawMine = options.is_mine !== undefined ? options.is_mine : options.isMine;
+	    const isMine = (() => {
+	      if (rawMine === null || rawMine === undefined) return false;
+	      if (typeof rawMine === 'boolean') return rawMine;
+	      if (typeof rawMine === 'string') {
+	        const s = rawMine.trim().toLowerCase();
+	        if (['true', '1', 'yes', 'y', 'on'].includes(s)) return true;
+	        if (['false', '0', 'no', 'n', 'off', ''].includes(s)) return false;
+	      }
+	      return Boolean(rawMine);
+	    })();
 
     const db = this._load();
-    
+
     // Check for duplicate by host + token hash
     const tokenHash = TokenStore.hashToken(token);
-    const existing = db.remotes.find(r => r.host === host && r.token_hash === tokenHash);
+    const existing = (db.contacts || []).find(r => r.host === host && r.token_hash === tokenHash);
     if (existing) {
       return { success: false, error: 'duplicate', existing };
     }
 
-    // Encrypt token for storage (simple XOR with derived key - not production-grade but better than plaintext)
-    const encryptionKey = crypto.createHash('sha256').update(this.dbPath + 'remote-key').digest();
+    // Encrypt token for storage (simple XOR with derived key - not production-grade but better than plaintext).
+    // Keep using the legacy key suffix so older "remotes" records remain decryptable.
+    const encryptionKey = crypto.createHash('sha256').update(this.dbPath + TokenStore.LEGACY_REMOTE_KEY_SUFFIX).digest();
     const tokenBuffer = Buffer.from(token, 'utf8');
     const encrypted = Buffer.alloc(tokenBuffer.length);
     for (let i = 0; i < tokenBuffer.length; i++) {
       encrypted[i] = tokenBuffer[i] ^ encryptionKey[i % encryptionKey.length];
     }
 
-    const remote = {
-      id: crypto.randomBytes(8).toString('hex'),
-      name: remoteName,
-      owner: options.owner || null,
-      host,
-      token_hash: tokenHash,
-      token_enc: encrypted.toString('base64'),
-      notes: options.notes || null,
-      tags: options.tags || [],
-      linked_token_id: options.linkedTokenId || null,  // Token you gave them
+	    const contact = {
+	      id: crypto.randomBytes(8).toString('hex'),
+	      name: agentName,
+	      owner: options.owner || null,
+	      is_mine: isMine,
+	      host,
+	      token_hash: tokenHash,
+	      token_enc: encrypted.toString('base64'),
+	      server_name: options.server_name || options.serverName || null,
+	      notes: options.notes || null,
+      tags: Array.isArray(options.tags) ? options.tags : [],
+      fields: sanitizeCustomFields(options.fields || options.custom_fields || options.customFields),
+      linked_token_id: options.linkedTokenId || options.linked_token_id || null,  // Token you gave them
       status: 'unknown',
       last_seen: null,
-      added_at: new Date().toISOString()
+      added_at: new Date().toISOString(),
+      updated_at: null
     };
 
-    db.remotes.push(remote);
+    db.contacts = db.contacts || [];
+    db.contacts.push(contact);
     this._save(db);
 
-    return { success: true, remote: { ...remote, token: undefined, token_enc: undefined } };
+    return { success: true, contact: { ...contact, token: undefined, token_enc: undefined } };
+  }
+
+  // Legacy wrapper.
+  addRemote(inviteUrl, options = {}) {
+    const result = this.addContact(inviteUrl, options);
+    if (!result.success) return result;
+    return { success: true, remote: result.contact };
   }
 
   /**
-   * Decrypt a remote token
+   * Decrypt a contact token
    */
-  _decryptRemoteToken(remote) {
-    if (remote.token) return remote.token; // Legacy plaintext
-    if (!remote.token_enc) return null;
-    
-    const encryptionKey = crypto.createHash('sha256').update(this.dbPath + 'remote-key').digest();
-    const encrypted = Buffer.from(remote.token_enc, 'base64');
-    const decrypted = Buffer.alloc(encrypted.length);
-    for (let i = 0; i < encrypted.length; i++) {
-      decrypted[i] = encrypted[i] ^ encryptionKey[i % encryptionKey.length];
+  _decryptContactToken(contact) {
+    if (!contact.token_enc) return null;
+
+    let encrypted;
+    try {
+      encrypted = Buffer.from(contact.token_enc, 'base64');
+    } catch (err) {
+      return null;
+    }
+
+    // Try legacy key first, then the newer "contact-key" suffix (in case we ever wrote it).
+    const suffixes = [
+      TokenStore.LEGACY_REMOTE_KEY_SUFFIX,
+      TokenStore.CONTACT_KEY_SUFFIX
+    ].filter(Boolean);
+
+    for (const suffix of [...new Set(suffixes)]) {
+      const encryptionKey = crypto.createHash('sha256').update(this.dbPath + suffix).digest();
+      const decrypted = Buffer.alloc(encrypted.length);
+      for (let i = 0; i < encrypted.length; i++) {
+        decrypted[i] = encrypted[i] ^ encryptionKey[i % encryptionKey.length];
+      }
+      const token = decrypted.toString('utf8');
+      if (/^fed_[A-Za-z0-9_-]{10,}$/.test(token)) {
+        return token;
+      }
     }
-    return decrypted.toString('utf8');
+
+    return null;
   }
 
   /**
-   * List remote agents with linked token info
+   * List contacts (optionally with linked token info / secrets)
    */
-  listRemotes() {
+  listContacts(options = {}) {
+    const includeLinkedToken = options.includeLinkedToken !== false;
+    const includeSecrets = options.includeSecrets === true;
     const db = this._load();
-    return db.remotes.map(r => {
-      if (r.linked_token_id) {
-        const token = db.tokens.find(t => t.id === r.linked_token_id);
+
+    const contacts = Array.isArray(db.contacts) ? db.contacts : [];
+    return contacts.map(row => {
+      const base = { ...row };
+      if (!includeSecrets) {
+        base.token_hash = undefined;
+        base.token_enc = undefined;
+      }
+
+      if (includeLinkedToken && base.linked_token_id) {
+        const token = (db.tokens || []).find(t => t.id === base.linked_token_id);
         if (token) {
-          return { ...r, linked_token: token };
+          base.linked_token = token;
         }
       }
-      return r;
+
+      return base;
     });
   }
 
+  // Legacy wrapper.
+  listRemotes(options = {}) {
+    return this.listContacts(options);
+  }
+
   /**
    * Link a token to a contact
    */
   linkTokenToContact(contactNameOrId, tokenId) {
     const db = this._load();
-    const remote = db.remotes.find(r => 
+    const remote = (db.contacts || []).find(r =>
       r.name === contactNameOrId || r.id === contactNameOrId
     );
     const token = db.tokens.find(t => 
@@ -385,15 +528,15 @@ class TokenStore {
 
     remote.linked_token_id = token.id;
     this._save(db);
-    return { success: true, remote, token };
+    return { success: true, contact: remote, remote, token };
   }
 
   /**
-   * Get a remote by name or host (with decrypted token)
+   * Get a contact by name/host/id (with decrypted token)
    */
-  getRemote(nameOrHost) {
+  getContact(nameOrHost) {
     const db = this._load();
-    const remote = db.remotes.find(r => 
+    const remote = (db.contacts || []).find(r =>
       r.name === nameOrHost || 
       r.host === nameOrHost ||
       r.id === nameOrHost
@@ -403,45 +546,84 @@ class TokenStore {
     // Return with decrypted token
     return {
       ...remote,
-      token: this._decryptRemoteToken(remote),
+      token: this._decryptContactToken(remote),
       token_enc: undefined
     };
   }
 
   /**
-   * Update a remote agent's metadata
+   * Legacy wrapper.
    */
-  updateRemote(nameOrHost, updates) {
-    const db = this._load();
-    const remote = db.remotes.find(r => 
-      r.name === nameOrHost || 
-      r.host === nameOrHost ||
-      r.id === nameOrHost
-    );
+  getRemote(nameOrHost) {
+    return this.getContact(nameOrHost);
+  }
+
+  /**
+   * Update a contact's metadata
+   */
+	  updateContact(nameOrHost, updates) {
+	    const db = this._load();
+	    const remote = (db.contacts || []).find(r =>
+	      r.name === nameOrHost || 
+	      r.host === nameOrHost ||
+	      r.id === nameOrHost
+	    );
     
     if (!remote) {
       return { success: false, error: 'not_found' };
-    }
-
-    // Only allow updating specific fields
-    const allowed = ['name', 'owner', 'notes', 'tags', 'linked_token_id'];
-    for (const key of allowed) {
-      if (updates[key] !== undefined) {
-        remote[key] = updates[key];
-      }
-    }
+	    }
+
+	    // Only allow updating specific fields
+	    const allowed = ['name', 'owner', 'is_mine', 'notes', 'tags', 'linked_token_id', 'server_name', 'fields'];
+	    for (const key of allowed) {
+	      if (updates[key] !== undefined) {
+	        if (key === 'fields') {
+	          if (updates.fields === null) {
+	            remote.fields = {};
+	          } else {
+	            remote.fields = {
+	              ...(remote.fields && typeof remote.fields === 'object' ? remote.fields : {}),
+	              ...sanitizeCustomFields(updates.fields)
+	            };
+	          }
+	        } else if (key === 'is_mine') {
+	          const raw = updates.is_mine;
+	          if (raw === null) {
+	            remote.is_mine = false;
+	          } else if (typeof raw === 'boolean') {
+	            remote.is_mine = raw;
+	          } else if (typeof raw === 'string') {
+	            const s = raw.trim().toLowerCase();
+	            if (['true', '1', 'yes', 'y', 'on'].includes(s)) remote.is_mine = true;
+	            else if (['false', '0', 'no', 'n', 'off', ''].includes(s)) remote.is_mine = false;
+	            else remote.is_mine = Boolean(raw);
+	          } else {
+	            remote.is_mine = Boolean(raw);
+	          }
+	        } else {
+	          remote[key] = updates[key];
+	        }
+	      }
+	    }
     remote.updated_at = new Date().toISOString();
 
     this._save(db);
-    return { success: true, remote };
+    return { success: true, contact: remote, remote };
+  }
+
+  /**
+   * Legacy wrapper.
+   */
+  updateRemote(nameOrHost, updates) {
+    return this.updateContact(nameOrHost, updates);
   }
 
   /**
    * Update contact status after ping/call
    */
-  updateRemoteStatus(nameOrHost, status, error = null) {
+  updateContactStatus(nameOrHost, status, error = null) {
     const db = this._load();
-    const remote = db.remotes.find(r => 
+    const remote = (db.contacts || []).find(r =>
       r.name === nameOrHost || 
       r.host === nameOrHost ||
       r.id === nameOrHost
@@ -458,11 +640,18 @@ class TokenStore {
   }
 
   /**
-   * Remove a remote agent
+   * Legacy wrapper.
    */
-  removeRemote(nameOrHost) {
+  updateRemoteStatus(nameOrHost, status, error = null) {
+    return this.updateContactStatus(nameOrHost, status, error);
+  }
+
+  /**
+   * Remove a contact
+   */
+  removeContact(nameOrHost) {
     const db = this._load();
-    const idx = db.remotes.findIndex(r => 
+    const idx = (db.contacts || []).findIndex(r =>
       r.name === nameOrHost || 
       r.host === nameOrHost ||
       r.id === nameOrHost
@@ -472,9 +661,14 @@ class TokenStore {
       return { success: false, error: 'not_found' };
     }
 
-    const [removed] = db.remotes.splice(idx, 1);
+    const [removed] = db.contacts.splice(idx, 1);
     this._save(db);
-    return { success: true, remote: removed };
+    return { success: true, contact: removed, remote: removed };
+  }
+
+  // Legacy wrapper.
+  removeRemote(nameOrHost) {
+    return this.removeContact(nameOrHost);
   }
 
   /**
@@ -489,7 +683,7 @@ class TokenStore {
    * This allows mapping call history (SQLite contact_id=tok_...) to a contact
    * row in the dashboard via linked_token_id.
    */
-  ensureInboundContact(caller, tokenId) {
+	  ensureInboundContact(caller, tokenId) {
     if (!caller || !caller.name) {
       return null;
     }
@@ -498,70 +692,77 @@ class TokenStore {
     const owner = caller.owner ? String(caller.owner).trim().slice(0, 120) : null;
 
     const db = this._load();
-    db.remotes = db.remotes || [];
+    db.contacts = db.contacts || [];
 
     // Prefer stable linking by the token used for inbound auth.
     let remote = tokenId
-      ? db.remotes.find(r => r.linked_token_id === tokenId)
+      ? db.contacts.find(r => r.linked_token_id === tokenId)
       : null;
 
     // Fallback match by agent name/owner (less reliable, but helpful).
     if (!remote) {
-      remote = db.remotes.find(r => r.name === name || (owner && r.owner === owner));
+      remote = db.contacts.find(r => r.name === name || (owner && r.owner === owner));
     }
 
-    if (remote) {
-      remote.name = remote.name || name;
-      if (owner && !remote.owner) {
-        remote.owner = owner;
-      }
-      if (tokenId && !remote.linked_token_id) {
-        remote.linked_token_id = tokenId;
-      }
+	    if (remote) {
+	      remote.name = remote.name || name;
+	      if (owner && !remote.owner) {
+	        remote.owner = owner;
+	      }
+	      if (remote.is_mine === undefined) {
+	        remote.is_mine = false;
+	      }
+	      if (tokenId && !remote.linked_token_id) {
+	        remote.linked_token_id = tokenId;
+	      }
       remote.host = remote.host || 'inbound';
       remote.tags = Array.isArray(remote.tags) ? remote.tags : [];
       if (!remote.tags.includes('inbound')) {
         remote.tags.push('inbound');
       }
+      remote.fields = remote.fields && typeof remote.fields === 'object' ? remote.fields : {};
+      remote.server_name = remote.server_name || null;
       remote.status = remote.status || 'unknown';
       remote.updated_at = new Date().toISOString();
       this._save(db);
       return remote;
     }
 
-    const contact = {
-      id: crypto.randomBytes(8).toString('hex'),
-      name,
-      owner,
-      host: 'inbound',
-      token_hash: null,
-      token_enc: null,
+	    const contact = {
+	      id: crypto.randomBytes(8).toString('hex'),
+	      name,
+	      owner,
+	      is_mine: false,
+	      host: 'inbound',
+	      token_hash: null,
+	      token_enc: null,
+	      server_name: null,
       notes: tokenId ? `Inbound caller via token ${tokenId}` : 'Inbound caller',
       tags: ['inbound'],
+      fields: {},
       linked_token_id: tokenId || null,
       status: 'unknown',
       last_seen: null,
-      added_at: new Date().toISOString()
+      added_at: new Date().toISOString(),
+      updated_at: null
     };
 
-    db.remotes.push(contact);
+    db.contacts.push(contact);
     this._save(db);
     return contact;
   }
 }
 
-// Legacy tier values from old records → label mapping
-TokenStore.LEGACY_TIER_MAP = {
-  'chat-only': 'public',
-  'tools-read': 'friends',
-  'tools-write': 'family'
-};
+TokenStore.VALID_TIERS = ['public', 'friends', 'family', 'custom'];
+TokenStore.LEGACY_REMOTE_KEY_SUFFIX = 'remote-key';
+TokenStore.CONTACT_KEY_SUFFIX = 'contact-key';
 
 // Default capabilities per tier label (used when config has none)
 TokenStore.DEFAULT_CAPABILITIES = {
   'public': ['context-read'],
   'friends': ['context-read', 'calendar.read', 'email.read', 'search'],
-  'family': ['context-read', 'calendar', 'email', 'search', 'tools', 'memory']
+  'family': ['context-read', 'calendar', 'email', 'search', 'tools', 'memory'],
+  'custom': ['context-read']
 };
 
 module.exports = { TokenStore };

package/src/routes/a2a.js

@@ -340,13 +340,22 @@ function createRoutes(options = {}) {
       request_id: requestId
     };
 
+    // Ensure inbound caller exists as a contact (best-effort).
+    let ensuredContact = null;
+    try {
+      ensuredContact = tokenStore.ensureInboundContact(sanitizedCaller, validation.id);
+    } catch (err) {
+      ensuredContact = null;
+    }
+
     // Track conversation if store available
     if (convStore) {
       try {
         convStore.startConversation({
           id: a2aContext.conversation_id,
-          contactId: validation.id,
-          contactName: sanitizedCaller.name || validation.name,
+          // Standardize: store the local contact.id when available (fallback to token id otherwise).
+          contactId: ensuredContact?.id || validation.id,
+          contactName: ensuredContact?.name || sanitizedCaller.name || validation.name,
           tokenId: validation.id,
           direction: 'inbound'
         });