npm - a2acalling - Versions diffs - 0.6.10 → 0.6.12 - Mend

a2acalling 0.6.10 → 0.6.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/cli.js +94 -40
package/package.json +1 -1
package/scripts/postinstall.js +42 -20
package/docs/plans/2026-02-14-agent-driven-disclosure-extraction.md +0 -986

package/bin/cli.js CHANGED Viewed

@@ -200,11 +200,14 @@ function parseArgs(argv) {
 }
 async function promptYesNo(question) {
-  const defaultValue = question.includes('[Y/n]') || question.includes('[y/N]') || question.includes('[Y/N]')
-    ? question.includes('[Y/n]') || question.includes('[y/n]')
+  const q = String(question || '');
+  // Support both bracket and paren styles: [Y/n], (y/N), etc.
+  // Convention: uppercase letter is the default when user presses Enter.
+  const defaultValue = q.includes('y/N')
+    ? false
+    : q.includes('Y/n')
       ? true
-      : false
-    : true;
+      : true;
   if (!isInteractiveShell()) {
     return defaultValue;
@@ -296,17 +299,22 @@ function readWorkspaceContext(baseDir = process.cwd()) {
 }
 function printWorkspaceScan(context) {
-  console.log('Scanning workspace for context...');
-  console.log(`  ${context.found.USER ? '✅' : '⚠️ '} ${context.found.USER ? 'Found USER.md' : 'No USER.md'}${context.found.USER ? ' — identity hints found' : ''}`);
-  console.log(`  ${context.found.SOUL ? '✅' : '⚠️ '} ${context.found.SOUL ? 'Found SOUL.md' : 'No SOUL.md'}${context.found.SOUL ? ' — personality notes available' : ''}`);
-  console.log(`  ${context.found.HEARTBEAT ? '✅' : '⚠️ '} ${context.found.HEARTBEAT ? 'Found HEARTBEAT.md' : 'No HEARTBEAT.md (skipped)'}`);
-  console.log(`  ${context.found.SKILL ? '✅' : '⚠️ '} ${context.found.SKILL ? 'Found SKILL.md' : 'No SKILL.md (skipped)'}`
-  );
-  console.log(`  ${context.found.CLAUDE ? '✅' : '⚠️ '} ${context.found.CLAUDE ? 'Found CLAUDE.md' : 'No CLAUDE.md (skipped)'}`);
-  if (context.memoryCount > 0) {
-    console.log(`  ✅ Found ${context.memoryCount} memory file(s)`);
+  const fileLabels = {
+    USER: 'USER.md — identity hints',
+    SOUL: 'SOUL.md — personality notes',
+    HEARTBEAT: 'HEARTBEAT.md — scheduled tasks',
+    SKILL: 'SKILL.md — capabilities',
+    CLAUDE: 'CLAUDE.md — agent instructions'
+  };
+  const found = Object.entries(fileLabels)
+    .filter(([key]) => context.found[key])
+    .map(([, label]) => label);
+  if (context.memoryCount > 0) found.push(`${context.memoryCount} memory file(s)`);
+  if (found.length) {
+    console.log(`Workspace context: ${found.join(', ')}`);
   } else {
-    console.log('  ⚠️  No memory/*.md files');
+    console.log('Workspace context: no context files found (disclosure topics will be minimal)');
   }
 }
@@ -1205,6 +1213,33 @@ https://github.com/onthegonow/a2a_calling`;
     require('../src/server.js');
   },
+  // ==========================================================================
+  // quickstart — full onboarding flow
+  //
+  // OBJECTIVE: Walk an installing agent (or human) through every step needed
+  // to get A2A Calling running, in a single pass. The postinstall hook calls
+  // this automatically, so `npm install -g a2acalling` completes the entire
+  // setup without any follow-up commands.
+  //
+  // Every prompt auto-accepts its default when there is no TTY, so the full
+  // flow completes unattended in non-interactive environments (agents).
+  //
+  // STEPS:
+  //   Step 1 — Port selection: scan for an available port and bind it.
+  //   Step 2 — Hostname detection: look up the external IP so remote agents
+  //            know where to reach this instance.
+  //   Step 3 — Server start: launch the A2A server as a detached process,
+  //            confirm it's listening, save config, and print a verify hint.
+  //   Step 4 — Disclosure prompt: output a full agent-readable prompt that
+  //            instructs the agent to scan its own workspace files, extract
+  //            tiered disclosure topics, and submit them back via
+  //            `a2a quickstart --submit '<json>'`.
+  //
+  // The disclosure prompt does NOT pre-scan files itself — it tells the agent
+  // which files to look for (USER.md, SOUL.md, etc.) and lets the agent read
+  // them with its own tools. This is intentional: the installer runs in a
+  // subprocess where it has no access to the agent's file-reading capabilities.
+  // ==========================================================================
   quickstart: async (args) => {
     const { A2AConfig } = require('../src/lib/config');
     const { isPortListening } = require('../src/lib/port-scanner');
@@ -1214,6 +1249,8 @@ https://github.com/onthegonow/a2a_calling`;
     const config = new A2AConfig();
     const interactive = isInteractiveShell();
+    // Handle `quickstart --submit '<json>'` — this is the agent calling back
+    // after it has scanned its workspace and built the disclosure JSON.
     if (await handleDisclosureSubmit(args, 'quickstart')) {
       return;
     }
@@ -1228,10 +1265,9 @@ https://github.com/onthegonow/a2a_calling`;
       return;
     }
-    const context = readWorkspaceContext(process.env.A2A_WORKSPACE || process.cwd());
-    const availableFiles = getDisclosurePromptFiles(context);
-    // If server is already running and awaiting disclosure, skip to Step 2
+    // Resume point: if the server is already running and we're waiting for the
+    // agent to submit disclosure topics, skip straight to the disclosure prompt.
+    // This happens when the agent re-runs quickstart after a previous partial run.
     let currentStep = 'not_started';
     try {
       const cfg = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8'));
@@ -1244,42 +1280,46 @@ https://github.com/onthegonow/a2a_calling`;
     if (currentStep === 'awaiting_disclosure' && !args.flags.force) {
       console.log('\nStep 1 already complete. Server is running.\n');
       console.log('Step 2 of 4: Configure disclosure topics\n');
-      console.log(buildExtractionPrompt(availableFiles));
+      console.log(buildExtractionPrompt());
       console.log('\n  Read your workspace files, extract topics, and present to your owner for review.');
       console.log("  Then submit with: a2a quickstart --submit '<json>'\n");
       return;
     }
     printStepHeader('🤝  A2A Calling — First-Time Setup');
-    printWorkspaceScan(context);
+    // Interactive: ask for confirmation. Non-interactive: auto-accepts (Y).
     const continueSetup = await promptYesNo('Continue with setup? [Y/n] ');
     if (!continueSetup) {
       console.log('\nSetup cancelled.\n');
       return;
     }
+    // ── Step 1: Port selection ───────────────────────────────────────────
+    // Scan ports 80, 3001-3020 and pick the first available one.
+    // Only show the selected port — agents don't need to see every candidate.
+    // Interactive users can override with a custom port; non-interactive
+    // auto-accepts the recommendation.
     printSection('Port Configuration');
     const preferredPort = parsePort(args.flags.port || args.flags.p, null);
     const candidates = await inspectPorts(preferredPort);
     const availableCandidates = candidates.filter(c => c.available);
     const recommendedPort = availableCandidates.length ? availableCandidates[0].port : null;
-    summarizePortResults(candidates).forEach(line => {
-      console.log(`  ${line}`);
-    });
     if (!recommendedPort) {
       console.error('  Could not find a bindable port in the scan range.');
       console.error('  Re-run with --port <number> after freeing one of these ports.\n');
+      if (interactive) {
+        console.log('  Ports scanned:');
+        summarizePortResults(candidates).forEach(line => console.log(`    ${line}`));
+      }
       process.exit(1);
     }
-    console.log(`\n  Recommended: ${recommendedPort}`);
+    console.log(`  Selected port: ${recommendedPort}`);
     let serverPort = recommendedPort;
     const portChoice = await promptText(`Use port ${recommendedPort}? [Y/n/custom]: `, 'y');
     if (!interactive) {
-      // explicit default for non-interactive mode
       serverPort = recommendedPort;
     } else if (!['', 'y', 'Y', 'yes', 'YES', 'ye'].includes(String(portChoice).trim())) {
       if (/^(n|no|custom|c)$/i.test(String(portChoice).trim())) {
@@ -1318,6 +1358,10 @@ https://github.com/onthegonow/a2a_calling`;
       }
     }
+    // ── Step 2: Hostname detection ───────────────────────────────────────
+    // Look up the machine's external IP so invite URLs point to a routable
+    // address. Non-interactive: auto-uses the detected IP. Interactive: lets
+    // the user choose IP, domain, or skip.
     printSection('Hostname Configuration');
     const ipResult = await getExternalIp();
     const externalIp = ipResult.ip || null;
@@ -1364,17 +1408,23 @@ https://github.com/onthegonow/a2a_calling`;
       console.log(`  External IP lookup failed: ${ipResult.error}`);
     }
+    // ── Step 3: Server start ─────────────────────────────────────────────
+    // Launch the A2A Express server as a detached background process, wait
+    // for it to bind, then save the config with the server PID and port.
+    // Non-interactive: auto-starts. Interactive: asks for confirmation.
+    // Also prints a one-line networking hint (reverse proxy or firewall)
+    // and a curl command the agent can use to verify external reachability.
     printSection('Starting Server');
     console.log('  Configuration summary:');
     console.log(`    Port: ${serverPort}`);
     console.log(`    Public host: ${publicHost}`);
     const startServer = await promptYesNo('Start the A2A server now? [Y/n] ');
     if (!startServer) {
       console.log('\nServer not started. Run with:\n  a2a server --port <port> --hostname <host>\n');
       return;
     }
-    // Start server
     const isAlreadyListening = await isPortListening(serverPort, '127.0.0.1', { timeoutMs: 250 });
     let serverPid = null;
     if (!isAlreadyListening.listening) {
@@ -1414,28 +1464,32 @@ https://github.com/onthegonow/a2a_calling`;
     }
     console.log('  ✅ A2A server is running');
-    if (serverPort !== 80 && externalIp) {
-      console.log('\n  External access required because port 80 is not in use.');
-      console.log('  Option A (recommended): Set up a reverse proxy (HTTP or HTTPS).');
-      console.log(`    Configure your web server to forward /api/a2a/* to localhost:${serverPort}.`);
-      console.log('    If you serve HTTPS on port 443, proxy from there instead.');
-      console.log('    A reverse proxy avoids firewall changes entirely.');
-      console.log(`\n  Option B: Open port ${serverPort} in your firewall (e.g. ufw allow ${serverPort}).`);
-      console.log('  Most users prefer not to modify firewall settings.\n');
-    }
     if (externalIp) {
       const verifyUrl = `http://${publicHost}/api/a2a/ping`;
-      console.log('  External ping check:\n    curl -s ' + verifyUrl);
+      if (serverPort !== 80) {
+        console.log(`\n  Note: Port ${serverPort} must be reachable externally.`);
+        console.log(`  Reverse-proxy /api/a2a/* to localhost:${serverPort}, or open the port in your firewall.`);
+      }
+      console.log(`  Verify: curl -s ${verifyUrl}`);
     }
-    // Save server config and advance onboarding
+    // Save server config and advance onboarding state to awaiting_disclosure.
     config.setAgent({ hostname: publicHost });
     config.setOnboarding({ step: 'awaiting_disclosure' });
-    // Step 2 of 4: Configure disclosure topics
+    // ── Step 4: Disclosure prompt ────────────────────────────────────────
+    // Output a full agent-readable prompt that tells the agent to:
+    //   1. Scan its own workspace for USER.md, SOUL.md, etc.
+    //   2. Extract tiered disclosure topics from those files
+    //   3. Build the required JSON structure
+    //   4. Submit it back via `a2a quickstart --submit '<json>'`
+    //
+    // IMPORTANT: We do NOT pre-scan files here. The installer runs in a
+    // subprocess and has no access to the agent's file-reading tools. The
+    // prompt lists which files to look for and the agent reads them itself.
     printSection('Disclosure Topic Extraction');
     console.log('Step 2 of 4: Configure disclosure topics\n');
-    console.log(buildExtractionPrompt(availableFiles));
+    console.log(buildExtractionPrompt());
     console.log('\n  Read your workspace files, extract topics, and present to your owner for review.');
     console.log("  Then submit with: a2a quickstart --submit '<json>'\n");
   },

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "a2acalling",
-  "version": "0.6.10",
+  "version": "0.6.12",
   "description": "Agent-to-agent calling for OpenClaw - A2A agent communication",
   "main": "src/index.js",
   "bin": {

package/scripts/postinstall.js CHANGED Viewed

@@ -1,35 +1,57 @@
 #!/usr/bin/env node
-// Only run for global installs; skip in CI, dev, and Docker builds.
+// ============================================================================
+// npm postinstall hook — automatic onboarding launcher
+//
+// OBJECTIVE: When a user (or agent) runs `npm install -g a2acalling`, this
+// script fires automatically and launches the full quickstart onboarding flow.
+// The agent should never need a second command — install IS onboarding.
+//
+// KEY DESIGN DECISIONS:
+//
+//   1. No TTY gate. Agents are the primary users of this package and they
+//      run in non-interactive (piped) environments. Every prompt in the
+//      quickstart flow auto-accepts sensible defaults when there is no TTY,
+//      so the full onboarding completes unattended: port selection, hostname
+//      detection, server start, and disclosure prompt output.
+//
+//   2. stdio: 'inherit'. The onboarding output goes straight to whatever
+//      called npm — if that's a terminal the user sees it; if it's an agent
+//      the agent reads it. No /dev/tty tricks needed.
+//
+//   3. Never fail the install. If quickstart can't launch (e.g. missing node
+//      binary edge case), we print a hint and exit 0. A broken postinstall
+//      would prevent the package from installing at all.
+//
+//   4. Skip non-global installs, CI, and Docker builds. Local `npm install`
+//      in a project shouldn't trigger onboarding. CI and Docker are build
+//      environments, not runtime hosts.
+// ============================================================================
 if (process.env.CI || process.env.CONTINUOUS_INTEGRATION) process.exit(0);
 if (process.env.DOCKER) process.exit(0);
 if (process.env.npm_config_global !== 'true') process.exit(0);
+const path = require('path');
 const { spawnSync } = require('child_process');
-const isInteractive = Boolean(process.stdout && process.stderr && process.stdin &&
-  process.stdout.isTTY && process.stderr.isTTY && process.stdin.isTTY);
-function warnSuppressedOutput() {
-  if (!isInteractive) {
-    console.warn('\n⚠️  Output may be suppressed. Run \'a2a quickstart\' manually if you don\'t see prompts.');
-  }
-}
+const initCwd = process.env.INIT_CWD || process.env.HOME || process.cwd();
+const cliPath = path.join(__dirname, '..', 'bin', 'cli.js');
-warnSuppressedOutput();
-// Launch quickstart directly — stdio: 'inherit' forces foreground output
-// even when npm v10+ suppresses postinstall stdout by default.
-const result = spawnSync('a2a', ['quickstart'], {
+// Launch quickstart — prompts auto-accept defaults when there's no TTY.
+const result = spawnSync(process.execPath, [cliPath, 'quickstart'], {
   stdio: 'inherit',
-  shell: true,
-  cwd: process.env.HOME || process.cwd()
+  cwd: initCwd,
+  env: {
+    ...process.env,
+    A2A_WORKSPACE: process.env.A2A_WORKSPACE || initCwd
+  }
 });
-if (result.error || result.status === 127) {
-  // spawn error or shell couldn't find the a2a binary
-  const reason = result.error ? result.error.message : 'a2a not found in PATH';
-  console.error('Could not auto-launch onboarding:', reason);
-  console.log('\nRun manually: a2a quickstart');
+if (result.error) {
+  console.error('\nCould not auto-launch onboarding.');
+  console.error(`Reason: ${result.error.message}`);
+  console.error('\nRun manually: a2a quickstart\n');
   process.exit(0); // don't fail the install
 }

package/docs/plans/2026-02-14-agent-driven-disclosure-extraction.md DELETED Viewed

@@ -1,986 +0,0 @@
-# Agent-Driven Disclosure Extraction — Implementation Plan
-> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
-**Goal:** Replace the naive file-parser in `generateDefaultManifest()` with an agent-driven extraction flow where the onboarder instructs the agent what structured data to return, the agent extracts and presents to the human for confirmation, and the onboarder validates the submission before storing.
-**Architecture:** The onboarding system provides explicit instructions (a prompt) telling the agent the exact JSON schema it needs to return. The agent reads workspace files itself, structures the data, gets human confirmation, and submits. Our code validates the submission against the schema and either stores it or returns errors. `generateDefaultManifest()` is stripped to a minimal fallback (no file parsing). Two new functions are added: `buildExtractionPrompt()` (instructions for the agent) and `validateDisclosureSubmission()` (validates agent output). The CLI `onboard` command gains `--submit` mode.
-**Tech Stack:** Node.js, existing test framework (`test/run.js`), existing config validation (`config.js:validateTierPatch`)
----
-## New flow
-```
-1. a2a onboard                     → prints extraction prompt for agent
-2. Agent reads workspace files      → extracts topics/goals semantically
-3. Agent presents to human          → human confirms or amends
-4. a2a onboard --submit '{...}'    → validates structured output
-5. Valid?  → save to manifest + config tiers, print success
-   Invalid → print errors, agent retries
-```
-## JSON schema the agent must return
-```json
-{
-  "topics": {
-    "public": {
-      "lead_with": [
-        { "topic": "OpenClaw development", "detail": "Building agent-to-agent communication tools" }
-      ],
-      "discuss_freely": [
-        { "topic": "A2A federation protocol", "detail": "Design and implementation of federation" }
-      ],
-      "deflect": [
-        { "topic": "Personal finances", "detail": "Redirect to direct owner contact" }
-      ]
-    },
-    "friends": {
-      "lead_with": [],
-      "discuss_freely": [],
-      "deflect": []
-    },
-    "family": {
-      "lead_with": [],
-      "discuss_freely": [],
-      "deflect": []
-    }
-  },
-  "never_disclose": ["API keys", "Other users' data"],
-  "personality_notes": "Direct and technical. Prefers depth over breadth."
-}
-```
----
-### Task 1: Add `validateDisclosureSubmission()` to disclosure.js
-**Files:**
-- Test: `test/unit/disclosure.test.js`
-- Modify: `src/lib/disclosure.js`
-This is the validator that checks agent-submitted JSON against the expected schema.
-**Step 1: Write failing tests**
-Add to `test/unit/disclosure.test.js` inside the module.exports function, before the closing `};`:
-```javascript
-// ── Disclosure Submission Validation ──────────────────────────
-test('validateDisclosureSubmission accepts valid submission', () => {
-  const disc = freshDisclosure();
-  const result = disc.validateDisclosureSubmission({
-    topics: {
-      public: {
-        lead_with: [{ topic: 'AI development', detail: 'Building AI tools' }],
-        discuss_freely: [{ topic: 'Open source', detail: 'Contributing to OSS' }],
-        deflect: [{ topic: 'Personal life', detail: 'Redirect to owner' }]
-      },
-      friends: { lead_with: [], discuss_freely: [], deflect: [] },
-      family: { lead_with: [], discuss_freely: [], deflect: [] }
-    },
-    never_disclose: ['API keys'],
-    personality_notes: 'Friendly and technical'
-  });
-  assert.ok(result.valid);
-  assert.equal(result.errors.length, 0);
-  assert.ok(result.manifest);
-  assert.equal(result.manifest.version, 1);
-  tmp.cleanup();
-});
-test('validateDisclosureSubmission rejects non-object input', () => {
-  const disc = freshDisclosure();
-  const result = disc.validateDisclosureSubmission('not an object');
-  assert.equal(result.valid, false);
-  assert.ok(result.errors.length > 0);
-  assert.ok(result.errors[0].includes('object'));
-  tmp.cleanup();
-});
-test('validateDisclosureSubmission rejects missing topics', () => {
-  const disc = freshDisclosure();
-  const result = disc.validateDisclosureSubmission({
-    never_disclose: ['secrets'],
-    personality_notes: 'Nice'
-  });
-  assert.equal(result.valid, false);
-  assert.ok(result.errors.some(e => e.includes('topics')));
-  tmp.cleanup();
-});
-test('validateDisclosureSubmission rejects missing tier', () => {
-  const disc = freshDisclosure();
-  const result = disc.validateDisclosureSubmission({
-    topics: {
-      public: { lead_with: [], discuss_freely: [], deflect: [] }
-      // missing friends and family
-    },
-    never_disclose: [],
-    personality_notes: ''
-  });
-  assert.equal(result.valid, false);
-  assert.ok(result.errors.some(e => e.includes('friends')));
-  tmp.cleanup();
-});
-test('validateDisclosureSubmission rejects invalid topic shape', () => {
-  const disc = freshDisclosure();
-  const result = disc.validateDisclosureSubmission({
-    topics: {
-      public: {
-        lead_with: ['just a string'],  // wrong: should be {topic, detail}
-        discuss_freely: [],
-        deflect: []
-      },
-      friends: { lead_with: [], discuss_freely: [], deflect: [] },
-      family: { lead_with: [], discuss_freely: [], deflect: [] }
-    },
-    never_disclose: [],
-    personality_notes: ''
-  });
-  assert.equal(result.valid, false);
-  assert.ok(result.errors.some(e => e.includes('topic')));
-  tmp.cleanup();
-});
-test('validateDisclosureSubmission rejects topics with technical content', () => {
-  const disc = freshDisclosure();
-  const result = disc.validateDisclosureSubmission({
-    topics: {
-      public: {
-        lead_with: [
-          { topic: 'Run `npm test` to verify', detail: 'Code command' },
-          { topic: 'https://github.com/example', detail: 'Raw URL' }
-        ],
-        discuss_freely: [],
-        deflect: []
-      },
-      friends: { lead_with: [], discuss_freely: [], deflect: [] },
-      family: { lead_with: [], discuss_freely: [], deflect: [] }
-    },
-    never_disclose: [],
-    personality_notes: ''
-  });
-  assert.equal(result.valid, false);
-  assert.ok(result.errors.some(e => e.includes('technical')));
-  tmp.cleanup();
-});
-test('validateDisclosureSubmission enforces max topic length', () => {
-  const disc = freshDisclosure();
-  const longTopic = 'A'.repeat(200);
-  const result = disc.validateDisclosureSubmission({
-    topics: {
-      public: {
-        lead_with: [{ topic: longTopic, detail: 'Too long topic' }],
-        discuss_freely: [],
-        deflect: []
-      },
-      friends: { lead_with: [], discuss_freely: [], deflect: [] },
-      family: { lead_with: [], discuss_freely: [], deflect: [] }
-    },
-    never_disclose: [],
-    personality_notes: ''
-  });
-  assert.equal(result.valid, false);
-  assert.ok(result.errors.some(e => e.includes('160')));
-  tmp.cleanup();
-});
-```
-**Step 2: Run tests to verify they fail**
-Run: `npm test 2>&1 | grep -E 'validateDisclosureSubmission|passing|failing'`
-Expected: 7 new FAILs — `validateDisclosureSubmission is not a function`
-**Step 3: Implement `validateDisclosureSubmission()` in disclosure.js**
-Add before the `module.exports` block:
-```javascript
-/**
- * Validate structured disclosure data submitted by an agent.
- * Returns { valid: boolean, manifest: object|null, errors: string[] }.
- */
-function validateDisclosureSubmission(data) {
-  const errors = [];
-  if (!data || typeof data !== 'object' || Array.isArray(data)) {
-    return { valid: false, manifest: null, errors: ['Submission must be a JSON object'] };
-  }
-  // Require topics object
-  if (!data.topics || typeof data.topics !== 'object' || Array.isArray(data.topics)) {
-    errors.push('Missing or invalid "topics" — must be an object with public, friends, family keys');
-    return { valid: false, manifest: null, errors };
-  }
-  // Require all three tiers
-  for (const tier of TIER_HIERARCHY) {
-    if (!data.topics[tier] || typeof data.topics[tier] !== 'object') {
-      errors.push(`Missing tier "${tier}" in topics`);
-    }
-  }
-  if (errors.length > 0) return { valid: false, manifest: null, errors };
-  // Validate each tier's topic arrays
-  const TOPIC_CATEGORIES = ['lead_with', 'discuss_freely', 'deflect'];
-  for (const tier of TIER_HIERARCHY) {
-    const tierData = data.topics[tier];
-    for (const cat of TOPIC_CATEGORIES) {
-      if (!Array.isArray(tierData[cat])) {
-        errors.push(`topics.${tier}.${cat} must be an array`);
-        continue;
-      }
-      for (let i = 0; i < tierData[cat].length; i++) {
-        const item = tierData[cat][i];
-        if (!item || typeof item !== 'object' || typeof item.topic !== 'string' || typeof item.detail !== 'string') {
-          errors.push(`topics.${tier}.${cat}[${i}] must have "topic" and "detail" strings`);
-          continue;
-        }
-        if (item.topic.length > 160) {
-          errors.push(`topics.${tier}.${cat}[${i}].topic exceeds 160 chars`);
-        }
-        if (item.detail.length > 500) {
-          errors.push(`topics.${tier}.${cat}[${i}].detail exceeds 500 chars`);
-        }
-        if (isTechnicalContent(item.topic)) {
-          errors.push(`topics.${tier}.${cat}[${i}].topic contains technical content (code, URLs, or formatting) — topics should be human-readable`);
-        }
-      }
-    }
-  }
-  // Validate never_disclose (optional, defaults to [])
-  if (data.never_disclose !== undefined) {
-    if (!Array.isArray(data.never_disclose)) {
-      errors.push('"never_disclose" must be an array of strings');
-    } else {
-      for (let i = 0; i < data.never_disclose.length; i++) {
-        if (typeof data.never_disclose[i] !== 'string') {
-          errors.push(`never_disclose[${i}] must be a string`);
-        }
-      }
-    }
-  }
-  // Validate personality_notes (optional, defaults to '')
-  if (data.personality_notes !== undefined && typeof data.personality_notes !== 'string') {
-    errors.push('"personality_notes" must be a string');
-  }
-  if (errors.length > 0) return { valid: false, manifest: null, errors };
-  // Build valid manifest
-  const now = new Date().toISOString();
-  const manifest = {
-    version: 1,
-    generated_at: now,
-    updated_at: now,
-    topics: data.topics,
-    never_disclose: data.never_disclose || ['API keys', 'Other users\' data', 'Financial figures'],
-    personality_notes: data.personality_notes || 'Direct and technical. Prefers depth over breadth.'
-  };
-  return { valid: true, manifest, errors: [] };
-}
-```
-**Step 4: Export it**
-In `module.exports`, add `validateDisclosureSubmission`.
-**Step 5: Run tests to verify they pass**
-Run: `npm test`
-Expected: All 7 new tests PASS, all existing tests still pass.
-**Step 6: Commit**
-```bash
-git add src/lib/disclosure.js test/unit/disclosure.test.js
-git commit -m "feat(disclosure): add validateDisclosureSubmission for agent-driven extraction"
-```
----
-### Task 2: Add `buildExtractionPrompt()` to disclosure.js
-**Files:**
-- Test: `test/unit/disclosure.test.js`
-- Modify: `src/lib/disclosure.js`
-This function generates the explicit instructions the agent receives.
-**Step 1: Write failing tests**
-```javascript
-// ── Extraction Prompt Generation ──────────────────────────────
-test('buildExtractionPrompt returns string with JSON schema', () => {
-  const disc = freshDisclosure();
-  const prompt = disc.buildExtractionPrompt();
-  assert.equal(typeof prompt, 'string');
-  assert.includes(prompt, 'lead_with');
-  assert.includes(prompt, 'discuss_freely');
-  assert.includes(prompt, 'deflect');
-  assert.includes(prompt, 'never_disclose');
-  assert.includes(prompt, 'personality_notes');
-  assert.includes(prompt, 'public');
-  assert.includes(prompt, 'friends');
-  assert.includes(prompt, 'family');
-  tmp.cleanup();
-});
-test('buildExtractionPrompt lists available context files', () => {
-  const disc = freshDisclosure();
-  const prompt = disc.buildExtractionPrompt({ user: true, soul: true, heartbeat: false });
-  assert.includes(prompt, 'USER.md');
-  assert.includes(prompt, 'SOUL.md');
-  tmp.cleanup();
-});
-test('buildExtractionPrompt includes guidance on what NOT to extract', () => {
-  const disc = freshDisclosure();
-  const prompt = disc.buildExtractionPrompt();
-  // Should warn against extracting code, URLs, instructions
-  assert.includes(prompt, 'URL');
-  assert.includes(prompt, 'code');
-  tmp.cleanup();
-});
-```
-**Step 2: Run tests to verify they fail**
-Run: `npm test`
-Expected: 3 new FAILs
-**Step 3: Implement `buildExtractionPrompt()` in disclosure.js**
-```javascript
-/**
- * Generate the extraction prompt that instructs an agent on exactly what
- * structured disclosure data to return. The agent reads workspace files,
- * determines topics semantically, and returns the JSON schema below.
- *
- * @param {Object} [availableFiles] - Map of filename → truthy if present
- * @returns {string} The instruction prompt for the agent
- */
-function buildExtractionPrompt(availableFiles = {}) {
-  const fileList = Object.entries(availableFiles)
-    .filter(([, present]) => present)
-    .map(([name]) => `  - ${name}`)
-    .join('\n') || '  (no workspace files detected)';
-  return `## A2A Disclosure Extraction
-You are helping the owner set up their A2A disclosure profile — the topics and information their agent is willing to discuss with other agents at different trust levels.
-### Available workspace files
-${fileList}
-Read the available files above and extract disclosure topics. Focus on what the OWNER cares about, works on, and wants to discuss — NOT on agent instructions, code documentation, or operational tasks.
-### What to extract
-For each trust tier, identify topics the owner would want to discuss:
-- **public** — safe for anyone: professional role, public interests, general project descriptions
-- **friends** — for trusted contacts: current goals, collaboration interests, values, detailed project work
-- **family** — inner circle only: personal interests, private projects, sensitive plans
-For each tier, categorize topics as:
-- **lead_with** — proactively bring up (max 3 per tier)
-- **discuss_freely** — happy to discuss if asked (max 8 per tier)
-- **deflect** — redirect or decline (max 3 per tier)
-Also identify:
-- **never_disclose** — information that should never be shared regardless of tier (API keys, credentials, financial data, etc.)
-- **personality_notes** — a 1-2 sentence description of the owner's communication style
-### What NOT to extract
-Do NOT include as topics:
-- Code snippets, CLI commands, or technical documentation
-- URLs or file paths
-- Agent instructions or operational tasks (e.g., "post 50 comments/day")
-- Markdown formatting artifacts (bold markers, backticks)
-- Anything from HEARTBEAT.md (these are agent tasks, not disclosure topics)
-### Required JSON format
-Return ONLY valid JSON in this exact structure:
-\`\`\`json
-{
-  "topics": {
-    "public": {
-      "lead_with": [
-        { "topic": "Short label (max 60 chars)", "detail": "Longer description of the topic" }
-      ],
-      "discuss_freely": [],
-      "deflect": []
-    },
-    "friends": {
-      "lead_with": [],
-      "discuss_freely": [],
-      "deflect": []
-    },
-    "family": {
-      "lead_with": [],
-      "discuss_freely": [],
-      "deflect": []
-    }
-  },
-  "never_disclose": ["API keys", "Credentials", "Financial figures"],
-  "personality_notes": "Brief description of communication style"
-}
-\`\`\`
-### Rules
-1. Each "topic" string must be a short, human-readable label (max 160 chars)
-2. Each "detail" string explains the topic more fully (max 500 chars)
-3. Topics should be things a person would discuss, not technical artifacts
-4. Higher tiers (friends, family) inherit lower-tier topics automatically — don't duplicate
-5. Present this to the owner for review before submitting
-6. The owner may edit, remove, or add topics before final submission`;
-}
-```
-**Step 4: Export it**
-Add `buildExtractionPrompt` to module.exports.
-**Step 5: Run tests**
-Run: `npm test`
-Expected: All 3 new tests PASS.
-**Step 6: Commit**
-```bash
-git add src/lib/disclosure.js test/unit/disclosure.test.js
-git commit -m "feat(disclosure): add buildExtractionPrompt for agent-driven extraction"
-```
----
-### Task 3: Strip file parsing from `generateDefaultManifest()`
-**Files:**
-- Test: `test/unit/disclosure.test.js`
-- Modify: `src/lib/disclosure.js`
-Remove all the context-file parsing from `generateDefaultManifest()`. It becomes a minimal-starter-only function. The agent-driven flow replaces file parsing.
-**Step 1: Update existing tests**
-Several tests call `generateDefaultManifest(contextFiles)` and expect parsed topics. These need to change:
-- `generateDefaultManifest extracts goals from USER.md content` → remove (agent does this now)
-- `generateDefaultManifest extracts personality from SOUL.md` → remove (agent does this now)
-- `generateDefaultManifest uses memory content to add topics` → remove
-- `generateDefaultManifest uses CLAUDE.md context` → remove
-- The 3 new bug-fix tests (HEARTBEAT, code filtering, truncation) → remove (no longer relevant)
-- `generateDefaultManifest ignores HEARTBEAT.md entirely` → remove
-- `generateDefaultManifest ignores SKILL.md...` → remove
-Keep:
-- `generateDefaultManifest with no context returns starter` → update to verify it returns same starter even WITH context
-Add new test:
-```javascript
-test('generateDefaultManifest returns minimal starter regardless of context', () => {
-  const disc = freshDisclosure();
-  const manifest = disc.generateDefaultManifest({
-    user: '## Goals\n- Build AI tools\n',
-    soul: 'Refined and precise.\n## Values\n- Craftsmanship\n',
-    memory: '- Working on distributed systems\n',
-    claude: '## Quick Context\n- A2A enables agent-to-agent communication\n'
-  });
-  // Should return only the minimal starter, no parsed content
-  assert.equal(manifest.topics.public.lead_with.length, 1);
-  assert.equal(manifest.topics.public.lead_with[0].topic, 'What I do');
-  assert.equal(manifest.topics.friends.lead_with.length, 0);
-  assert.equal(manifest.topics.friends.discuss_freely.length, 0);
-  tmp.cleanup();
-});
-```
-**Step 2: Run tests to verify the new test fails (old behavior parses files)**
-Run: `npm test`
-Expected: New test FAILS because `generateDefaultManifest` still parses files.
-**Step 3: Strip file parsing from `generateDefaultManifest()`**
-Replace the entire function body with:
-```javascript
-function generateDefaultManifest() {
-  const now = new Date().toISOString();
-  return {
-    version: 1,
-    generated_at: now,
-    updated_at: now,
-    topics: {
-      public: {
-        lead_with: [{ topic: 'What I do', detail: 'Brief professional description' }],
-        discuss_freely: [{ topic: 'General interests', detail: 'Non-sensitive topics and hobbies' }],
-        deflect: [{ topic: 'Personal details', detail: 'Redirect to direct owner contact' }]
-      },
-      friends: { lead_with: [], discuss_freely: [], deflect: [] },
-      family: { lead_with: [], discuss_freely: [], deflect: [] }
-    },
-    never_disclose: ['API keys', 'Other users\' data', 'Financial figures'],
-    personality_notes: 'Direct and technical. Prefers depth over breadth.'
-  };
-}
-```
-Remove `isTechnicalContent()` and `truncateAtWord()` — they are no longer needed in the manifest generator. **Keep `isTechnicalContent()`** — it's still used by `validateDisclosureSubmission()`.
-Remove `truncateAtWord()` — no longer used.
-**Step 4: Remove tests that tested the old parsing behavior**
-Delete these tests:
-- `generateDefaultManifest extracts goals from USER.md content`
-- `generateDefaultManifest extracts personality from SOUL.md`
-- `generateDefaultManifest uses memory content to add topics`
-- `generateDefaultManifest uses CLAUDE.md context`
-- `generateDefaultManifest ignores SKILL.md bullet lists for disclosure topics`
-- `generateDefaultManifest ignores HEARTBEAT.md entirely`
-- `generateDefaultManifest filters out code/technical content from topics`
-- `generateDefaultManifest truncates at word boundaries`
-**Step 5: Run tests**
-Run: `npm test`
-Expected: All tests PASS. Fewer total tests (removed old parsing tests).
-**Step 6: Commit**
-```bash
-git add src/lib/disclosure.js test/unit/disclosure.test.js
-git commit -m "refactor(disclosure): strip file parsing from generateDefaultManifest
-generateDefaultManifest now returns only the minimal starter manifest.
-Topic extraction is handled by agent-driven flow via
-buildExtractionPrompt + validateDisclosureSubmission."
-```
----
-### Task 4: Update CLI `onboard` command for agent-driven flow
-**Files:**
-- Modify: `bin/cli.js` (the `onboard` command, ~lines 1499-1538)
-- Test: `test/integration/onboarding.test.js`
-**Step 1: Write failing test**
-Add to `test/integration/onboarding.test.js`:
-```javascript
-test('onboard --submit validates and saves agent disclosure submission', () => {
-  tmp = helpers.tmpConfigDir('onboard-submit');
-  const fs = require('fs');
-  const path = require('path');
-  const { execFileSync } = require('child_process');
-  const cliPath = path.join(__dirname, '..', '..', 'bin', 'cli.js');
-  const env = { ...process.env, A2A_CONFIG_DIR: tmp.dir };
-  const submission = JSON.stringify({
-    topics: {
-      public: {
-        lead_with: [{ topic: 'AI development', detail: 'Building AI-powered tools' }],
-        discuss_freely: [{ topic: 'Open source', detail: 'Contributing to OSS projects' }],
-        deflect: [{ topic: 'Personal finances', detail: 'Redirect to owner' }]
-      },
-      friends: {
-        lead_with: [{ topic: 'Current projects', detail: 'Deep work on A2A protocol' }],
-        discuss_freely: [],
-        deflect: []
-      },
-      family: { lead_with: [], discuss_freely: [], deflect: [] }
-    },
-    never_disclose: ['API keys', 'Passwords'],
-    personality_notes: 'Technical and direct'
-  });
-  const result = execFileSync(process.execPath, [cliPath, 'onboard', '--submit', submission], {
-    env,
-    encoding: 'utf8'
-  });
-  assert.includes(result, 'Disclosure manifest saved');
-  // Verify manifest was saved correctly
-  delete require.cache[require.resolve('../../src/lib/disclosure')];
-  const disc = require('../../src/lib/disclosure');
-  const manifest = disc.loadManifest();
-  assert.equal(manifest.version, 1);
-  assert.equal(manifest.topics.public.lead_with[0].topic, 'AI development');
-  assert.equal(manifest.topics.friends.lead_with[0].topic, 'Current projects');
-  tmp.cleanup();
-});
-test('onboard --submit rejects invalid submission with errors', () => {
-  tmp = helpers.tmpConfigDir('onboard-submit-fail');
-  const { execFileSync } = require('child_process');
-  const path = require('path');
-  const cliPath = path.join(__dirname, '..', '..', 'bin', 'cli.js');
-  const env = { ...process.env, A2A_CONFIG_DIR: tmp.dir };
-  const badSubmission = JSON.stringify({ not: 'valid' });
-  let threw = false;
-  try {
-    execFileSync(process.execPath, [cliPath, 'onboard', '--submit', badSubmission], {
-      env,
-      encoding: 'utf8',
-      stdio: ['pipe', 'pipe', 'pipe']
-    });
-  } catch (err) {
-    threw = true;
-    const stderr = err.stderr || '';
-    const stdout = err.stdout || '';
-    const output = stderr + stdout;
-    assert.ok(output.includes('topics') || output.includes('Validation'), 'Should mention validation error');
-  }
-  assert.ok(threw, 'Should exit with non-zero code on invalid submission');
-  tmp.cleanup();
-});
-test('onboard without --submit prints extraction prompt', () => {
-  tmp = helpers.tmpConfigDir('onboard-prompt');
-  const fs = require('fs');
-  const path = require('path');
-  const { execFileSync } = require('child_process');
-  const cliPath = path.join(__dirname, '..', '..', 'bin', 'cli.js');
-  const workspaceDir = path.join(tmp.dir, 'ws');
-  fs.mkdirSync(workspaceDir, { recursive: true });
-  fs.writeFileSync(path.join(workspaceDir, 'USER.md'), '## Goals\n- Build cool tools\n');
-  const env = { ...process.env, A2A_CONFIG_DIR: tmp.dir, A2A_WORKSPACE: workspaceDir };
-  const result = execFileSync(process.execPath, [cliPath, 'onboard'], {
-    env,
-    encoding: 'utf8'
-  });
-  assert.includes(result, 'lead_with');
-  assert.includes(result, 'discuss_freely');
-  assert.includes(result, 'USER.md');
-  tmp.cleanup();
-});
-```
-**Step 2: Run tests to verify they fail**
-Run: `npm test`
-Expected: 3 new FAILs
-**Step 3: Rewrite the `onboard` CLI command**
-Replace the `onboard` handler in `bin/cli.js` (~lines 1499-1538):
-```javascript
-onboard: (args) => {
-  const { A2AConfig } = require('../src/lib/config');
-  const {
-    readContextFiles,
-    buildExtractionPrompt,
-    validateDisclosureSubmission,
-    saveManifest,
-    MANIFEST_FILE
-  } = require('../src/lib/disclosure');
-  const config = new A2AConfig();
-  // ── Submit mode: agent sends structured JSON ──────────────
-  const submitRaw = args.flags.submit;
-  if (submitRaw) {
-    let parsed;
-    try {
-      parsed = JSON.parse(String(submitRaw));
-    } catch (e) {
-      console.error('\n\u274c Invalid JSON in --submit flag.');
-      console.error(`   Parse error: ${e.message}\n`);
-      process.exit(1);
-    }
-    const result = validateDisclosureSubmission(parsed);
-    if (!result.valid) {
-      console.error('\n\u274c Disclosure submission validation failed:\n');
-      result.errors.forEach(err => console.error(`   \u2022 ${err}`));
-      console.error(`\nFix the errors above and resubmit with: a2a onboard --submit '<json>'\n`);
-      process.exit(1);
-    }
-    saveManifest(result.manifest);
-    const agentName = args.flags.name || config.getAgent().name || process.env.A2A_AGENT_NAME || '';
-    const hostname = args.flags.hostname || config.getAgent().hostname || process.env.A2A_HOSTNAME || '';
-    if (agentName) config.setAgent({ name: agentName });
-    if (hostname) config.setAgent({ hostname });
-    console.log('\n\u2705 Disclosure manifest saved.');
-    console.log(`   Manifest: ${MANIFEST_FILE}`);
-    console.log('   Next: a2a quickstart\n');
-    return;
-  }
-  // ── Prompt mode: print extraction instructions for agent ──
-  if (config.isOnboarded() && !args.flags.force) {
-    console.log('\u2705 Onboarding already complete. Use --force to regenerate.');
-    return;
-  }
-  const workspaceDir = process.env.A2A_WORKSPACE || process.cwd();
-  const contextFiles = readContextFiles(workspaceDir);
-  const availableFiles = {
-    'USER.md': Boolean(contextFiles.user),
-    'SOUL.md': Boolean(contextFiles.soul),
-    'HEARTBEAT.md': Boolean(contextFiles.heartbeat),
-    'SKILL.md': Boolean(contextFiles.skill),
-    'CLAUDE.md': Boolean(contextFiles.claude),
-    'memory/*.md': Boolean(contextFiles.memory)
-  };
-  console.log(buildExtractionPrompt(availableFiles));
-  console.log('\n---');
-  console.log('After the owner confirms, submit with:');
-  console.log("  a2a onboard --submit '<json>'\n");
-},
-```
-**Step 4: Run tests**
-Run: `npm test`
-Expected: All 3 new tests PASS, all existing tests still pass.
-**Step 5: Commit**
-```bash
-git add bin/cli.js test/integration/onboarding.test.js
-git commit -m "feat(cli): rewrite onboard command for agent-driven disclosure extraction
-onboard now has two modes:
-- Default: prints extraction prompt with JSON schema for agent
-- --submit: validates agent's structured JSON and saves manifest"
-```
----
-### Task 5: Update CLI `quickstart` Step 1 to stop auto-parsing
-**Files:**
-- Modify: `bin/cli.js` (~lines 1105-1127, quickstart Step 1)
-- Test: `test/integration/onboarding.test.js`
-**Step 1: Write failing test**
-```javascript
-test('quickstart uses existing manifest without regenerating from files', () => {
-  tmp = helpers.tmpConfigDir('quickstart-no-regen');
-  const fs = require('fs');
-  const path = require('path');
-  const http = require('http');
-  const { execFileSync } = require('child_process');
-  // Pre-save a manifest via --submit
-  const cliPath = path.join(__dirname, '..', '..', 'bin', 'cli.js');
-  const env = { ...process.env, A2A_CONFIG_DIR: tmp.dir };
-  const submission = JSON.stringify({
-    topics: {
-      public: {
-        lead_with: [{ topic: 'Agent-submitted topic', detail: 'This was submitted by agent' }],
-        discuss_freely: [],
-        deflect: []
-      },
-      friends: { lead_with: [], discuss_freely: [], deflect: [] },
-      family: { lead_with: [], discuss_freely: [], deflect: [] }
-    },
-    never_disclose: [],
-    personality_notes: 'Agent-set personality'
-  });
-  execFileSync(process.execPath, [cliPath, 'onboard', '--submit', submission], { env, encoding: 'utf8' });
-  // Now write workspace files that would produce different topics if parsed
-  const workspaceDir = path.join(tmp.dir, 'ws');
-  fs.mkdirSync(workspaceDir, { recursive: true });
-  fs.writeFileSync(path.join(workspaceDir, 'USER.md'), '## Goals\n- Completely different goal\n');
-  env.A2A_WORKSPACE = workspaceDir;
-  // Start a minimal server for quickstart ping
-  const server = http.createServer((req, res) => {
-    if (req.method === 'GET' && req.url === '/api/a2a/ping') {
-      res.writeHead(200, { 'Content-Type': 'application/json' });
-      res.end(JSON.stringify({ pong: true }));
-      return;
-    }
-    res.statusCode = 404;
-    res.end();
-  });
-  const done = new Promise(resolve => server.listen(0, '127.0.0.1', resolve));
-  return done.then(() => {
-    const backendPort = String(server.address().port);
-    try {
-      execFileSync(process.execPath, [cliPath, 'quickstart', '--port', backendPort], {
-        env,
-        stdio: 'ignore'
-      });
-      // Verify the agent-submitted topic is preserved (not overwritten)
-      delete require.cache[require.resolve('../../src/lib/disclosure')];
-      const disc = require('../../src/lib/disclosure');
-      const manifest = disc.loadManifest();
-      assert.equal(manifest.topics.public.lead_with[0].topic, 'Agent-submitted topic');
-    } finally {
-      server.close();
-      tmp.cleanup();
-    }
-  });
-});
-```
-**Step 2: Run tests to verify it fails**
-Expected: FAIL because quickstart Step 1 still calls `generateDefaultManifest(contextFiles)` which overwrites.
-Wait — actually quickstart only generates if manifest is empty: `if (!manifest || Object.keys(manifest).length === 0)`. Since we pre-saved via `--submit`, the manifest exists and quickstart should preserve it. Let me check if the `--force` flag path is the issue...
-Actually this test might already pass since quickstart only regenerates on `--force` or empty manifest. Let me adjust — the key change needed is to make `--force` / `--regen-manifest` use the minimal starter instead of file parsing.
-**Step 3: Update quickstart Step 1**
-Replace lines ~1105-1127 in the quickstart handler:
-```javascript
-// ── Step 1: Background bootstrap (config + manifest) ─────────
-let contextFiles = {};
-let manifest = {};
-try {
-  contextFiles = disc.readContextFiles(workspaceDir);
-  const forceManifest = Boolean(args.flags.force || args.flags['regen-manifest'] || args.flags.regenManifest);
-  if (forceManifest) {
-    // Force-regen uses minimal starter; agent-driven extraction is the
-    // proper way to populate topics (via `a2a onboard --submit`).
-    const generated = disc.generateDefaultManifest();
-    disc.saveManifest(generated);
-    manifest = generated;
-  } else {
-    manifest = disc.loadManifest();
-    if (!manifest || Object.keys(manifest).length === 0) {
-      const generated = disc.generateDefaultManifest();
-      disc.saveManifest(generated);
-      manifest = generated;
-    }
-  }
-} catch (err) {
-  // Non-fatal: onboarding can proceed even if manifest fails.
-  contextFiles = {};
-  manifest = {};
-}
-```
-The change is small: `disc.generateDefaultManifest(contextFiles)` → `disc.generateDefaultManifest()` (no context files). Since the function now ignores them anyway, this is just for clarity.
-**Step 4: Run tests**
-Run: `npm test`
-Expected: All tests PASS.
-**Step 5: Commit**
-```bash
-git add bin/cli.js test/integration/onboarding.test.js
-git commit -m "fix(quickstart): stop auto-parsing workspace files into manifest
-quickstart Step 1 now uses minimal starter on force-regen instead of
-parsing workspace files. Proper topic extraction happens via
-agent-driven 'a2a onboard --submit'."
-```
----
-### Task 6: Update integration tests that call `generateDefaultManifest`
-**Files:**
-- Modify: `test/integration/bramble-calls-bappybot.test.js`
-- Modify: `test/integration/golda-calls-bappybot.test.js`
-- Modify: `test/integration/nyx-calls-bappybot.test.js`
-- Modify: `scripts/install-openclaw.js`
-These all call `generateDefaultManifest()` with no args as a fallback. Since the function signature hasn't changed (it just ignores args now), these should already work. Verify and clean up any references to context file args.
-**Step 1: Verify integration tests pass without changes**
-Run: `npm test`
-Expected: All pass. The integration tests call `disc.generateDefaultManifest()` with no args, which still returns the minimal starter.
-**Step 2: Clean up `scripts/install-openclaw.js` if it passes context files**
-Check if it passes `contextFiles` — if so, remove the arg since it's now ignored.
-**Step 3: Commit (if any changes needed)**
-```bash
-git add scripts/install-openclaw.js
-git commit -m "chore: remove unused context file args from generateDefaultManifest calls"
-```
----
-### Task 7: Final verification and cleanup
-**Step 1: Run full test suite**
-Run: `npm test`
-Expected: All tests pass, no regressions.
-**Step 2: Verify the new flow end-to-end manually**
-```bash
-# Generate extraction prompt
-A2A_WORKSPACE=. node bin/cli.js onboard
-# Submit valid disclosure
-node bin/cli.js onboard --submit '{"topics":{"public":{"lead_with":[{"topic":"A2A federation","detail":"Agent-to-agent communication protocol"}],"discuss_freely":[],"deflect":[]},"friends":{"lead_with":[],"discuss_freely":[],"deflect":[]},"family":{"lead_with":[],"discuss_freely":[],"deflect":[]}},"never_disclose":["API keys"],"personality_notes":"Technical"}'
-# Verify it rejects bad input
-node bin/cli.js onboard --submit '{"bad":"data"}'
-```
-**Step 3: Commit any final fixes**
----
-## Summary of changes
-| File | Change |
-|------|--------|
-| `src/lib/disclosure.js` | Add `buildExtractionPrompt()`, `validateDisclosureSubmission()`. Strip file parsing from `generateDefaultManifest()`. Keep `isTechnicalContent()` for validation. Remove `truncateAtWord()`. |
-| `bin/cli.js` | Rewrite `onboard` command (prompt mode + `--submit` mode). Update quickstart Step 1 to not pass context files. |
-| `test/unit/disclosure.test.js` | Remove old parsing tests. Add validation + prompt generation tests. |
-| `test/integration/onboarding.test.js` | Add `--submit` and prompt mode tests. |
-| `scripts/install-openclaw.js` | Remove unused context file arg (if present). |