npm - a2acalling - Versions diffs - 0.6.5 → 0.6.7 - Mend

a2acalling 0.6.5 → 0.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +13 -0
package/SKILL.md +29 -1
package/bin/cli.js +453 -521
package/docs/plans/2026-02-14-agent-driven-disclosure-extraction.md +986 -0
package/package.json +2 -1
package/scripts/postinstall.js +9 -0
package/src/lib/disclosure.js +192 -15

package/bin/cli.js CHANGED Viewed

@@ -12,11 +12,41 @@
  *   a2a ping <url>           Ping an invite URL
  *   a2a gui                  Open the local dashboard GUI in a browser
  *   a2a setup                Auto setup (gateway-aware dashboard install)
+ *   a2a uninstall            Stop server and remove local A2A config
  */
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { spawn } = require('child_process');
 const { TokenStore } = require('../src/lib/tokens');
 const { A2AClient } = require('../src/lib/client');
+const CONFIG_DIR = process.env.A2A_CONFIG_DIR || process.env.OPENCLAW_CONFIG_DIR || path.join(os.homedir(), '.config', 'openclaw');
+const CONFIG_PATH = path.join(CONFIG_DIR, 'a2a-config.json');
+const ONBOARDING_EXEMPT = new Set([
+  'quickstart',
+  'help',
+  'version',
+  'update',
+  'uninstall',
+  'onboard',
+  'gui',
+  'dashboard',
+  'server',
+  'setup',
+  'install'
+]);
+function isOnboarded() {
+  try {
+    const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8'));
+    return config.onboarding?.version === 2 && config.onboarding?.step === 'complete';
+  } catch (err) {
+    return false;
+  }
+}
 // Lazy load conversation store (requires better-sqlite3)
 let convStore = null;
 function getConvStore() {
@@ -40,20 +70,29 @@ function getConvStore() {
 const store = new TokenStore();
-// Check onboarding status — warns but does not block
-function checkOnboarding(commandName) {
-  try {
-    const { A2AConfig } = require('../src/lib/config');
-    const config = new A2AConfig();
-    if (!config.isOnboarded()) {
-      console.warn('\n\u26a0\ufe0f  A2A onboarding not complete.');
-      console.warn('   Run "a2a quickstart" to complete deterministic onboarding.');
-      console.warn('   Without onboarding, invites may use default topics/goals and remote dashboard access may not be configured.\n');
-      return false;
+function enforceOnboarding(command) {
+  if (ONBOARDING_EXEMPT.has(command)) {
+    return;
+  }
+  if (!isOnboarded()) {
+    // Check if we're mid-onboarding (server running, awaiting disclosure)
+    try {
+      const cfg = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8'));
+      if (cfg.onboarding?.step === 'awaiting_disclosure') {
+        console.log('\nA2A setup in progress. Disclosure topics not yet submitted.\n');
+        console.log("Next: run `a2a onboard --submit '<json>'`\n");
+        process.exit(1);
+      }
+    } catch (e) {
+      if (e.code !== 'ENOENT' && e.name !== 'SyntaxError') {
+        console.error(`Warning: could not read config: ${e.message}`);
+      }
     }
-    return true;
-  } catch (e) {
-    return true; // Don't block if config is broken
+    console.log('\nA2A not configured yet.\n');
+    console.log('Next: run `a2a quickstart`\n');
+    process.exit(1);
   }
 }
@@ -71,8 +110,6 @@ function formatTimeAgo(date) {
 }
 function openInBrowser(url) {
-  const { spawn } = require('child_process');
   const platform = process.platform;
   let cmd = null;
   let args = [];
@@ -162,6 +199,17 @@ function parseArgs(argv) {
   return args;
 }
+async function promptYesNo(question) {
+  return await new Promise(resolve => {
+    const rl = require('readline').createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(question, (answer) => {
+      rl.close();
+      const normalized = String(answer || '').trim().toLowerCase();
+      resolve(normalized === 'y' || normalized === 'yes');
+    });
+  });
+}
 async function resolveInviteHostname() {
   const { resolveInviteHost } = require('../src/lib/invite-host');
@@ -184,7 +232,6 @@ async function resolveInviteHostname() {
 // Commands
 const commands = {
   create: async (args) => {
-    checkOnboarding('create');
     // Parse max-calls: number, 'unlimited', or default (unlimited)
     let maxCalls = null; // Default: unlimited
     if (args.flags['max-calls']) {
@@ -753,7 +800,6 @@ https://github.com/onthegonow/a2a_calling`;
   },
   call: async (args) => {
-    checkOnboarding('call');
     let target = args._[1];
     const message = args._.slice(2).join(' ') || args.flags.message || args.flags.m;
@@ -901,500 +947,204 @@ https://github.com/onthegonow/a2a_calling`;
   },
   quickstart: async (args) => {
-    const http = require('http');
-    const https = require('https');
     const { A2AConfig } = require('../src/lib/config');
-    const disc = require('../src/lib/disclosure');
-    const {
-      normalizeHostInput,
-      splitHostPort,
-      isLocalOrUnroutableHost
-    } = require('../src/lib/invite-host');
+    const { tryBindPort, findAvailablePort, isPortListening } = require('../src/lib/port-scanner');
+    const { buildExtractionPrompt, MANIFEST_FILE } = require('../src/lib/disclosure');
     const { getExternalIp } = require('../src/lib/external-ip');
-    const { CallbookStore } = require('../src/lib/callbook');
-    const { isPortListening, tryBindPort } = require('../src/lib/port-scanner');
-    const workspaceDir = process.env.A2A_WORKSPACE || process.cwd();
     const config = new A2AConfig();
     if (args.flags.force) {
       config.resetOnboarding();
     }
-    const backendPort = (() => {
-      const raw = args.flags.port || process.env.A2A_PORT || process.env.PORT || 3001;
-      const n = Number.parseInt(String(raw), 10);
-      return (Number.isFinite(n) && n > 0 && n <= 65535) ? n : 3001;
-    })();
+    // Already onboarded — skip unless --force
+    if (config.isOnboarded() && !args.flags.force) {
+      console.log('\nOnboarding already complete. Use --force to re-run.\n');
+      return;
+    }
-    function looksLikePong(body) {
-      try {
-        const parsed = JSON.parse(String(body || ''));
-        if (parsed && typeof parsed === 'object' && parsed.pong === true) return true;
-      } catch (err) {
-        // ignore
+    // If server is already running and awaiting disclosure, skip to Step 2
+    let currentStep = 'not_started';
+    try {
+      const cfg = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8'));
+      currentStep = cfg.onboarding?.step || 'not_started';
+    } catch (e) {
+      if (e.code !== 'ENOENT' && e.name !== 'SyntaxError') {
+        console.error(`  Warning: could not read config: ${e.message}`);
       }
-      return String(body || '').includes('"pong":true') || String(body || '').includes('"pong": true');
+    }
+    if (currentStep === 'awaiting_disclosure' && !args.flags.force) {
+      console.log('\nStep 1 already complete. Server is running.\n');
+      console.log('Step 2 of 4: Configure disclosure topics\n');
+      console.log(buildExtractionPrompt());
+      console.log('\n  Read your workspace files, extract topics, and present to your owner for review.');
+      console.log("  Then submit with: a2a onboard --submit '<json>'\n");
+      return;
     }
-    function fetchUrlText(url, timeoutMs = 5000) {
-      return new Promise((resolve, reject) => {
-        let parsed;
-        try {
-          parsed = new URL(url);
-        } catch (err) {
-          reject(new Error('invalid_url'));
-          return;
-        }
-        const client = parsed.protocol === 'https:' ? https : http;
-        const req = client.request({
-          protocol: parsed.protocol,
-          hostname: parsed.hostname,
-          port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
-          method: 'GET',
-          path: parsed.pathname + parsed.search,
-          headers: {
-            'User-Agent': `a2acalling/${process.env.npm_package_version || 'dev'} (quickstart)`
-          },
-          timeout: timeoutMs
-        }, (res) => {
-          let data = '';
-          res.setEncoding('utf8');
-          res.on('data', (chunk) => {
-            data += chunk;
-            if (data.length > 1024 * 256) {
-              req.destroy(new Error('response_too_large'));
-            }
-          });
-          res.on('end', () => resolve({ statusCode: res.statusCode || 0, body: data }));
-        });
-        req.on('error', reject);
-        req.on('timeout', () => req.destroy(new Error('timeout')));
-        req.end();
-      });
+    function parsePort(raw, fallback) {
+      const parsed = Number.parseInt(String(raw || '').trim(), 10);
+      if (Number.isFinite(parsed) && parsed > 0 && parsed <= 65535) {
+        return parsed;
+      }
+      return fallback;
     }
-	    async function probeLocalPing(port, timeoutMs = 1000) {
-	      try {
-	        const res = await fetchUrlText(`http://127.0.0.1:${port}/api/a2a/ping`, timeoutMs);
-	        return { ok: looksLikePong(res.body), statusCode: res.statusCode, body: res.body };
-	      } catch (err) {
-	        return { ok: false, error: err && err.message ? err.message : 'request_failed' };
-	      }
-	    }
-	    async function externalPingCheck(targetUrl) {
-	      // Try direct access first. In practice this is the most reliable signal:
-	      // it avoids flaky third-party proxies and catches obvious scheme/port mistakes.
-	      try {
-	        const direct = await fetchUrlText(targetUrl, 2500);
-	        return { ok: looksLikePong(direct.body), provider: 'direct', statusCode: direct.statusCode };
-	      } catch (err) {
-	        // Fall back to remote fetch providers below.
-	      }
-	      const providers = [
-	        {
-	          name: 'allorigins',
-	          buildUrl: () => {
-	            const u = new URL('https://api.allorigins.win/raw');
-            u.searchParams.set('url', targetUrl);
-            return u.toString();
-          }
-        },
-        {
-          name: 'jina',
-          buildUrl: () => `https://r.jina.ai/${targetUrl}`
-        }
-      ];
+    // ── Step 1 of 4: Setting up A2A server ──────────────────
+    console.log('\nStep 1 of 4: Setting up A2A server\n');
-      for (const provider of providers) {
-        try {
-          // eslint-disable-next-line no-await-in-loop
-          const res = await fetchUrlText(provider.buildUrl(), 8000);
-          if (looksLikePong(res.body)) {
-            return { ok: true, provider: provider.name, statusCode: res.statusCode };
-          }
-        } catch (err) {
-          // try next
+    const preferredPort = parsePort(args.flags.port || args.flags.p, null);
+    // If user specified a port, try that first
+    let serverPort;
+    let usingAlternatePort = false;
+    if (preferredPort) {
+      console.log(`  1a. Checking preferred port ${preferredPort}...`);
+      const preferredResult = await tryBindPort(preferredPort);
+      if (preferredResult.ok) {
+        console.log(`  Port ${preferredPort} available.`);
+        serverPort = preferredPort;
+        usingAlternatePort = preferredPort !== 80;
+      } else if (preferredResult.code === 'EACCES') {
+        console.log(`  Port ${preferredPort} requires elevated privileges.`);
+        console.log('  Rerun with: sudo npm install -g a2acalling\n');
+        process.exit(1);
+      } else {
+        console.log(`  Port ${preferredPort} is in use. Scanning for alternatives...`);
+        const candidates = [];
+        for (let p = 3001; p < 3101; p++) candidates.push(p);
+        serverPort = await findAvailablePort(candidates);
+        if (!serverPort) {
+          console.log('  Could not find a bindable port. Rerun with elevated privileges:');
+          console.log('    sudo npm install -g a2acalling');
+          process.exit(1);
         }
+        console.log(`  Port ${serverPort} available.`);
+        usingAlternatePort = true;
       }
-      return { ok: false };
-    }
-    function slugify(value) {
-      return String(value || '')
-        .toLowerCase()
-        .replace(/['"]/g, '')
-        .replace(/[^a-z0-9]+/g, '-')
-        .replace(/^-+|-+$/g, '')
-        .slice(0, 60);
-    }
-    function uniqueNonEmpty(items, limit = 24) {
-      const out = [];
-      const seen = new Set();
-      for (const raw of items) {
-        const s = String(raw || '').trim();
-        if (!s) continue;
-        if (seen.has(s)) continue;
-        seen.add(s);
-        out.push(s);
-        if (out.length >= limit) break;
-      }
-      return out;
-    }
-    function extractSectionBullets(markdown, headingRegex) {
-      const text = String(markdown || '');
-      const match = text.match(new RegExp(`##\\s*(?:${headingRegex})[^\\n]*\\n([\\s\\S]*?)(?=\\n##|$)`, 'i'));
-      if (!match) return [];
-      return match[1]
-        .split('\n')
-        .map(l => l.trim())
-        .filter(l => l.startsWith('-') || l.startsWith('*'))
-        .map(l => l.replace(/^[\\s\\-\\*]+/, '').trim())
-        .filter(Boolean);
-    }
-    function tierFromManifest(manifest, tier, fallback = []) {
-      const t = (manifest && manifest.topics && manifest.topics[tier]) ? manifest.topics[tier] : null;
-      if (!t) return fallback;
-      const items = []
-        .concat(Array.isArray(t.lead_with) ? t.lead_with : [])
-        .concat(Array.isArray(t.discuss_freely) ? t.discuss_freely : [])
-        .concat(Array.isArray(t.deflect) ? t.deflect : []);
-      const topics = items.map(x => (x && x.topic) ? x.topic : '').filter(Boolean);
-      return topics.length ? topics : fallback;
-    }
-    function buildTierRecommendations(contextFiles, manifest) {
-      const publicFallback = ['chat', 'openclaw', 'a2a'];
-      const friendsFallback = ['chat', 'search', 'openclaw', 'a2a'];
-      const familyFallback = ['chat', 'search', 'openclaw', 'a2a', 'tools', 'memory'];
-      const rawPublic = tierFromManifest(manifest, 'public', publicFallback);
-      const rawFriends = tierFromManifest(manifest, 'friends', friendsFallback);
-      const rawFamily = tierFromManifest(manifest, 'family', familyFallback);
-      const goalsFromUser = extractSectionBullets(contextFiles.user, 'Goals|Current|Seeking|Working On');
-      const baseGoals = goalsFromUser.length
-        ? goalsFromUser
-        : ['grow network', 'find collaborators', 'build in public'];
-      const publicTopics = uniqueNonEmpty(rawPublic.map(slugify).filter(Boolean), 16);
-      const friendsTopics = uniqueNonEmpty(rawFriends.map(slugify).filter(Boolean), 20);
-      const familyTopics = uniqueNonEmpty(rawFamily.map(slugify).filter(Boolean), 24);
-      const goals = uniqueNonEmpty(baseGoals.map(slugify).filter(Boolean), 12);
-      return {
-        public: { topics: publicTopics, goals: goals.slice(0, 6) },
-        friends: { topics: uniqueNonEmpty([...publicTopics, ...friendsTopics], 24), goals: goals.slice(0, 8) },
-        family: { topics: uniqueNonEmpty([...publicTopics, ...friendsTopics, ...familyTopics], 30), goals }
-      };
-    }
-    function printTierSummary(tiers) {
-      const format = (t) => {
-        const topics = (t.topics || []).join(' · ') || '(none)';
-        const goals = (t.goals || []).join(' · ') || '(none)';
-        return `Topics: ${topics}\nGoals:  ${goals}`;
-      };
-      console.log('\nProposed permission tiers:\n');
-      console.log('PUBLIC');
-      console.log(format(tiers.public));
-      console.log('\nFRIENDS');
-      console.log(format(tiers.friends));
-      console.log('\nFAMILY');
-      console.log(format(tiers.family));
-      console.log('');
-    }
-    // ── Step 1: Background bootstrap (config + manifest) ─────────
-    let contextFiles = {};
-    let manifest = {};
-	    try {
-	      contextFiles = disc.readContextFiles(workspaceDir);
-	      const forceManifest = Boolean(args.flags.force || args.flags['regen-manifest'] || args.flags.regenManifest);
-	      if (forceManifest) {
-	        // Force-regen uses minimal starter; agent-driven extraction is the
-	        // proper way to populate topics (via `a2a onboard --submit`).
-	        const generated = disc.generateDefaultManifest();
-	        disc.saveManifest(generated);
-	        manifest = generated;
-	      } else {
-	        manifest = disc.loadManifest();
-	        if (!manifest || Object.keys(manifest).length === 0) {
-	          const generated = disc.generateDefaultManifest();
-	          disc.saveManifest(generated);
-	          manifest = generated;
-	        }
-	      }
-	    } catch (err) {
-	      // Non-fatal: onboarding can proceed even if manifest fails.
-	      contextFiles = {};
-	      manifest = {};
-	    }
-    console.log('\nA2A deterministic onboarding');
-    console.log('──────────────────────────');
-    // ── Step 2: Owner dashboard access (local + optional remote) ─
-    config.setOnboarding({ step: 'access' });
-    const hostnameFlagRaw = args.flags.hostname !== undefined ? String(args.flags.hostname) : '';
-    const normalizedHostname = normalizeHostInput(hostnameFlagRaw);
-    // Invite host controls the a2a:// hostname we hand out (and remote dashboard pairing URL).
-    let inviteHost = '';
-    if (normalizedHostname) {
-      const parsed = splitHostPort(normalizedHostname);
-      const publicPortRaw = args.flags['public-port'] || args.flags.publicPort || process.env.A2A_PUBLIC_PORT || 443;
-      const publicPort = Number.parseInt(String(publicPortRaw), 10);
-      inviteHost = parsed.port
-        ? normalizedHostname
-        : `${parsed.hostname}:${(Number.isFinite(publicPort) && publicPort > 0 && publicPort <= 65535) ? publicPort : 443}`;
-      config.setAgent({ hostname: inviteHost });
     } else {
-      const existing = normalizeHostInput((config.getAgent() || {}).hostname || '');
-      inviteHost = existing || `localhost:${backendPort}`;
-      if (!existing) {
-        config.setAgent({ hostname: inviteHost });
+      // Default: check port 80 first, then scan
+      console.log('  1a. Checking port 80...');
+      const port80Result = await tryBindPort(80);
+      if (port80Result.ok) {
+        console.log('  Port 80 available.');
+        serverPort = 80;
+      } else if (port80Result.code === 'EACCES') {
+        console.log('  Port 80 is available but requires elevated privileges.');
+        console.log('  A2A needs to bind to a port to function. Rerun with:');
+        console.log('    sudo npm install -g a2acalling\n');
+        console.log('  Onboarding cannot continue without a bound port.');
+        process.exit(1);
+      } else {
+        console.log('  Port 80 is in use by another process.');
+        console.log('  1b. Scanning for available port...');
+        const candidates = [];
+        for (let p = 3001; p < 3101; p++) candidates.push(p);
+        serverPort = await findAvailablePort(candidates);
+        if (!serverPort) {
+          console.log('  Could not find a bindable port. Rerun with elevated privileges:');
+          console.log('    sudo npm install -g a2acalling');
+          process.exit(1);
+        }
+        console.log(`  Port ${serverPort} available.`);
+        usingAlternatePort = true;
       }
     }
-    const inviteParsed = splitHostPort(inviteHost);
-    const invitePort = inviteParsed.port;
-    const schemeOverride = String(process.env.A2A_PUBLIC_SCHEME || '').trim();
-    const inviteScheme = schemeOverride || ((!invitePort || invitePort === 443) ? 'https' : 'http');
-    const expectedPingUrl = `${inviteScheme}://${inviteHost}/api/a2a/ping`;
-    const inviteLooksLocal = isLocalOrUnroutableHost(inviteParsed.hostname);
+    // Start server
+    console.log(`  Starting A2A server on port ${serverPort}...`);
-    console.log('\n2️⃣  Owner dashboard access');
-    console.log(`Local dashboard: http://127.0.0.1:${backendPort}/dashboard/`);
-    console.log(`Invite host:      ${inviteHost}`);
+    async function startServer(port) {
+      const listening = await isPortListening(port, '127.0.0.1', { timeoutMs: 250 });
+      if (listening.listening) return { started: false, existing: true };
+      const serverScript = path.join(__dirname, '../src/server.js');
+      const child = spawn(process.execPath, [serverScript], {
+        env: { ...process.env, PORT: String(port) },
+        detached: true,
+        stdio: 'ignore'
+      });
+      child.unref();
+      await new Promise(r => setTimeout(r, 300));
+      return { started: true, pid: child.pid };
+    }
-    if (inviteLooksLocal) {
-      console.log('Remote dashboard: not configured (invite host looks local/unroutable)');
-      console.log('  To enable remote access, rerun with: --hostname YOUR_DOMAIN:443');
-    } else {
-      const callbookStore = new CallbookStore();
-      if (!callbookStore.isAvailable()) {
-        console.log('Remote dashboard: Callbook Remote not available (storage unavailable)');
-        console.log(`  Hint: ${callbookStore.getDbError ? callbookStore.getDbError() : 'storage_unavailable'}`);
-      } else {
-        const label = String(args.flags['device-label'] || args.flags.deviceLabel || 'Callbook Remote').trim().slice(0, 120);
-        const ttlHoursRaw = args.flags['callbook-ttl-hours'] || args.flags.callbookTtlHours || 24;
-        const ttlHours = Math.max(1, Math.min(168, Number.parseInt(String(ttlHoursRaw), 10) || 24));
-        const created = callbookStore.createProvisionCode({ label, ttlMs: ttlHours * 60 * 60 * 1000 });
-        if (created && created.success) {
-          const installUrl = `${inviteScheme}://${inviteHost}/callbook/install#code=${created.code}`;
-          console.log(`Remote dashboard: ${installUrl}  (one-time, ${ttlHours}h)`);
-        } else {
-          console.log('Remote dashboard: failed to create install link');
-          console.log(`  Hint: ${created && created.message ? created.message : (created && created.error ? created.error : 'unknown_error')}`);
-        }
+    async function waitForServer(port) {
+      for (let i = 0; i < 18; i++) {
+        const listening = await isPortListening(port, '127.0.0.1', { timeoutMs: 250 });
+        if (listening.listening) return true;
+        await new Promise(r => setTimeout(r, 250));
       }
+      return false;
     }
-	    // ── Step 3: Permission tiers (topics + goals) ───────────────
-	    const onboardingAfterAccess = config.getOnboarding();
-	    if (!onboardingAfterAccess.tiers_confirmed) {
-	      const recommendations = buildTierRecommendations(contextFiles, manifest);
-	      const parseFreeTextList = (raw) => {
-	        if (raw === undefined || raw === null || raw === true) return [];
-	        const text = String(raw || '').trim();
-	        if (!text) return [];
-	        return text
-	          .split(/[\n,]+/g)
-	          .map(s => s.trim())
-	          .filter(Boolean);
-	      };
-	      const promptLine = async (question) => {
-	        const readline = require('readline');
-	        return await new Promise(resolve => {
-	          const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-	          rl.question(question, (answer) => {
-	            rl.close();
-	            resolve(String(answer || '').trim());
-	          });
-	        });
-	      };
-	      // Optional owner override: Friends tier topics/interests (most important tier).
-	      const interactive = Boolean(
-	        args.flags.interactive ||
-	        args.flags['ask-friends-topics'] ||
-	        args.flags.askFriendsTopics
-	      );
-	      let friendsTopicsOverride = parseFreeTextList(args.flags['friends-topics'] || args.flags.friendsTopics);
-	      const noWorkspaceContext = !contextFiles.user && !contextFiles.heartbeat && !contextFiles.soul &&
-	        !contextFiles.memory && !contextFiles.claude;
-	      const shouldPromptFriendsTopics = (interactive || noWorkspaceContext) &&
-	        friendsTopicsOverride.length === 0 &&
-	        process.stdin.isTTY &&
-	        process.stdout.isTTY;
-	      if (shouldPromptFriendsTopics) {
-	        const suggested = (recommendations.friends.topics || []).slice(0, 12).join(', ');
-	        const answer = await promptLine(`Friends-tier topics/interests (comma-separated).\nSuggested: ${suggested}\n> `);
-	        friendsTopicsOverride = parseFreeTextList(answer);
-	      }
-	      if (friendsTopicsOverride.length > 0) {
-	        const normalized = uniqueNonEmpty(friendsTopicsOverride.map(slugify).filter(Boolean), 24);
-	        recommendations.friends.topics = uniqueNonEmpty(
-	          [...(recommendations.public.topics || []), ...normalized],
-	          24
-	        );
-	        recommendations.family.topics = uniqueNonEmpty(
-	          [...(recommendations.friends.topics || []), ...(recommendations.family.topics || [])],
-	          30
-	        );
-	      }
-	      try {
-	        config.setTier('public', recommendations.public);
-	        config.setTier('friends', recommendations.friends);
-	        config.setTier('family', recommendations.family);
-	      } catch (err) {
-	        console.error('\n❌ Tier configuration validation failed.');
-	        console.error(`   ${err.message}`);
-	        if (err.hint) {
-	          console.error(`   Hint: ${err.hint}`);
-	        }
-	        console.error('');
-	        process.exit(1);
-	      }
-	      printTierSummary(recommendations);
-	      config.setOnboarding({
-	        step: 'tiers',
-	        tiers_confirmed: true
-	      });
-	    }
-    // ── Step 4: Port scan + reverse proxy guidance (if needed) ──
-    console.log('\n4️⃣  Port scan + reverse proxy');
-    console.log(`Invite host: ${inviteHost}`);
-    console.log(`Expected ping URL: ${expectedPingUrl}\n`);
-    const expectsReverseProxy = Boolean(
-      (invitePort === 80 && backendPort !== 80) ||
-      ((!invitePort || invitePort === 443) && backendPort !== 443)
-    );
-    if (expectsReverseProxy) {
-      const port80Listening = await isPortListening(80, '127.0.0.1', { timeoutMs: 500 });
-      const port80Bind = await tryBindPort(80, '0.0.0.0');
-      const port80Ping = port80Listening.listening ? await probeLocalPing(80) : { ok: false };
-      console.log('Port 80:');
-      if (port80Ping.ok) {
-        console.log('  ✅ serves /api/a2a/ping (A2A detected on :80)');
-      } else if (port80Listening.listening) {
-        console.log(`  ⚠️  has a listener (${port80Listening.code || 'in_use'})`);
-      } else if (!port80Bind.ok && port80Bind.code === 'EACCES') {
-        console.log('  ⚠️  appears free but is not bindable by this user (EACCES)');
-      } else if (port80Bind.ok) {
-        console.log('  ✅ free and bindable by this user');
-      } else {
-        console.log(`  ⚠️  not bindable (${port80Bind.code || 'unknown'})`);
-      }
+    const serverResult = await startServer(serverPort);
+    if (serverResult.existing) {
+      console.log('  Existing server detected on this port.');
+    }
+    const serverUp = await waitForServer(serverPort);
+    if (!serverUp) {
+      console.log('  Server failed to start. Check logs and retry:');
+      console.log(`    PORT=${serverPort} node ${path.join(__dirname, '../src/server.js')}`);
+      process.exit(1);
+    }
+    console.log('  Server running.\n');
-      console.log('\nReverse proxy required (example routes):');
-      console.log(`  /api/a2a/*   -> http://127.0.0.1:${backendPort}`);
-      console.log(`  /dashboard/* -> http://127.0.0.1:${backendPort}`);
-      console.log(`  /callbook/*  -> http://127.0.0.1:${backendPort}`);
-	      console.log('');
-	      console.log('If you have configured your reverse proxy and want to continue, run:');
-	      console.log(`  a2a quickstart --hostname ${inviteHost} --port ${backendPort} --confirm-ingress`);
-	      console.log('');
-	      if (!args.flags['confirm-ingress']) {
-	        return;
-	      }
-    } else {
-      console.log('✅ No reverse proxy required based on invite host/port.');
+    // Store server PID for cleanup
+    if (serverResult.pid) {
+      config.setOnboarding({ server_pid: serverResult.pid, server_port: serverPort });
     }
-    if (!config.getOnboarding().ingress_confirmed) {
-      config.setOnboarding({
-        step: 'ingress',
-        ingress_confirmed: true
-      });
+    // Detect external IP
+    const ipResult = await getExternalIp();
+    if (!ipResult.ip) {
+      console.log('  Warning: Could not detect external IP address.');
+      console.log('  Set your hostname via environment variable and re-run:');
+      console.log(`    A2A_HOSTNAME=YOUR_IP${serverPort !== 80 ? ':' + serverPort : ''} a2a quickstart --force\n`);
     }
+    const externalIp = ipResult.ip || null;
+    const publicHost = externalIp
+      ? (serverPort === 80 ? externalIp : `${externalIp}:${serverPort}`)
+      : `localhost:${serverPort}`;
-    // ── Step 5: External IP + reachability check ───────────────
-    console.log('\n5️⃣  External IP + reachability check');
+    // Save server config
+    config.setAgent({ hostname: publicHost });
-    if (inviteLooksLocal) {
-      console.log('Skipping external IP probe: invite host looks local/unroutable.');
-    } else {
-      const external = await getExternalIp({ forceRefresh: true });
-      if (external && external.ip) {
-        console.log(`External IP (${external.source || 'resolver'}): ${external.ip}`);
-      } else {
-        console.log(`External IP lookup failed: ${external && external.error ? external.error : 'unknown_error'}`);
-      }
+    if (usingAlternatePort) {
+      console.log('  External access required.');
+      console.log('  Something is already bound to port 80 on this machine.');
+      console.log('  Two options to make your A2A server reachable:\n');
+      console.log('  Option A (recommended): Set up a reverse proxy (HTTP or HTTPS).');
+      console.log(`    Configure your web server to forward /api/a2a/* to localhost:${serverPort}.`);
+      console.log('    If you serve HTTPS on port 443, proxy from there instead.');
+      console.log('    A reverse proxy avoids firewall changes entirely.\n');
+      console.log(`  Option B: Open port ${serverPort} in your firewall.`);
+      console.log('    This requires the owner to manually allow inbound traffic on');
+      console.log(`    port ${serverPort} (e.g. ufw allow ${serverPort}, or cloud provider security group).`);
+      console.log('    Most users prefer not to modify firewall settings.\n');
     }
-	    const localListener = await isPortListening(backendPort, '127.0.0.1', { timeoutMs: 500 });
-	    if (!localListener.listening) {
-	      console.log('\n⚠️  A2A server is not reachable locally yet.');
-	      console.log('Start it, then rerun quickstart:');
-	      console.log(`  A2A_HOSTNAME="${inviteHost}" a2a server --port ${backendPort}`);
-	      console.log('');
-	      return;
-	    }
-	    const localPing = await probeLocalPing(backendPort, inviteLooksLocal ? 250 : 1000);
-	    if (!localPing.ok) {
-	      if (inviteLooksLocal) {
-	        console.log(`\n⚠️  Port ${backendPort} is listening but /api/a2a/ping did not respond within a short timeout.`);
-	        console.log('Continuing onboarding anyway (invite host is local/unroutable).');
-	      } else {
-	        console.log('\n⚠️  A2A server is not responding locally yet.');
-	        console.log('Start it, then rerun quickstart:');
-	        console.log(`  A2A_HOSTNAME="${inviteHost}" a2a server --port ${backendPort}`);
-	        console.log('');
-	        return;
-	      }
-	    }
-	    if (inviteLooksLocal) {
-	      console.log('Skipping external reachability check: invite host looks local/unroutable.');
-	    } else {
-	      const extPing = await externalPingCheck(expectedPingUrl);
-	      if (extPing.ok) {
-	        console.log(`✅ External ping OK (${extPing.provider})`);
-	      } else if (args.flags['skip-verify']) {
-	        console.log('⚠️  External ping FAILED (skipped via --skip-verify).');
-	      } else if (args.flags['confirm-ingress']) {
-	        console.log('⚠️  External ping FAILED (continuing due to --confirm-ingress).');
-	      } else {
-	        console.log('⚠️  External ping FAILED (server may not be publicly reachable yet).');
-	        console.log('Fix ingress (DNS/reverse proxy/firewall), then rerun. If you want to proceed anyway:');
-	        console.log(`  a2a quickstart --hostname ${inviteHost} --port ${backendPort} --confirm-ingress`);
-	        console.log(`  a2a quickstart --hostname ${inviteHost} --port ${backendPort} --skip-verify`);
-	        console.log('');
-	        return;
-	      }
-	    }
-    if (!config.getOnboarding().verify_confirmed) {
-      config.setOnboarding({
-        step: 'verify',
-        verify_confirmed: true
-      });
+    if (externalIp) {
+      const verifyUrl = `http://${publicHost}/api/a2a/ping`;
+      console.log('  Verify externally:');
+      console.log(`    curl -s ${verifyUrl}`);
+      console.log('  Or ask your owner to check: https://canyouseeme.org/\n');
     }
-    config.completeOnboarding();
-    console.log('✅ Onboarding complete.');
-    console.log('Next: a2a gui   or   a2a create   or   a2a server');
+    config.setOnboarding({ step: 'awaiting_disclosure' });
+    // ── Step 2 of 4: Configure disclosure topics ────────────
+    console.log('Step 2 of 4: Configure disclosure topics\n');
+    console.log(buildExtractionPrompt());
+    console.log('\n  Read your workspace files, extract topics, and present to your owner for review.');
+    console.log("  Then submit with: a2a onboard --submit '<json>'\n");
   },
   install: () => {
     require('../scripts/install-openclaw.js');
   },
@@ -1403,6 +1153,136 @@ https://github.com/onthegonow/a2a_calling`;
     require('../scripts/install-openclaw.js');
   },
+  uninstall: async (args) => {
+    const fs = require('fs');
+    const path = require('path');
+    const { spawnSync } = require('child_process');
+    const keepConfig = Boolean(args.flags['keep-config'] || args.flags.keepConfig);
+    const force = Boolean(args.flags.force || args.flags.f);
+    const configDir = process.env.A2A_CONFIG_DIR ||
+      process.env.OPENCLAW_CONFIG_DIR ||
+      path.join(process.env.HOME || '/tmp', '.config', 'openclaw');
+    const configFile = path.join(configDir, 'a2a-config.json');
+    const disclosureFile = path.join(configDir, 'a2a-disclosure.json');
+    const tokensFile = path.join(configDir, 'a2a-tokens.json');
+    const dbFile = path.join(configDir, 'a2a-conversations.db');
+    const logsDbFile = path.join(configDir, 'a2a-logs.db');
+    const callbookDbFile = path.join(configDir, 'a2a-callbook.db');
+    console.log(`\n🗑️  A2A Uninstall`);
+    console.log('─────────────────\n');
+    if (!keepConfig && !force) {
+      if (!process.stdin.isTTY || !process.stdout.isTTY) {
+        console.error('Refusing to prompt without a TTY. Re-run with --force to confirm uninstall.');
+        process.exit(1);
+      }
+      const existing = [configFile, disclosureFile, tokensFile, dbFile, logsDbFile, callbookDbFile].filter(f => fs.existsSync(f));
+      const list = existing.length ? existing.map(f => `  - ${f}`).join('\n') : '  (no local config/database files found)';
+      const ok = await promptYesNo(
+        `This will stop the pm2 process "a2a" and delete:\n${list}\nProceed? (y/N) `
+      );
+      if (!ok) {
+        console.log('\nCancelled.\n');
+        return;
+      }
+    }
+    function pm2Exists() {
+      const res = spawnSync('pm2', ['--version'], { stdio: 'ignore', timeout: 4000 });
+      if (res.error && res.error.code === 'ENOENT') return false;
+      return res.status === 0;
+    }
+    function pm2HasProcess(name) {
+      const res = spawnSync('pm2', ['describe', name], { encoding: 'utf8', timeout: 6000 });
+      if (res.error && res.error.code === 'ENOENT') return false;
+      return res.status === 0;
+    }
+    function pm2StopAndDelete(name) {
+      if (!pm2Exists()) return { ok: true, skipped: true };
+      if (!pm2HasProcess(name)) return { ok: true, skipped: true };
+      const stop = spawnSync('pm2', ['stop', name], { encoding: 'utf8', timeout: 8000 });
+      if (stop.status !== 0) {
+        const msg = (stop.stderr || stop.stdout || '').trim();
+        return { ok: false, error: msg || 'pm2 stop failed' };
+      }
+      const del = spawnSync('pm2', ['delete', name], { encoding: 'utf8', timeout: 8000 });
+      if (del.status !== 0) {
+        const msg = (del.stderr || del.stdout || '').trim();
+        return { ok: false, error: msg || 'pm2 delete failed' };
+      }
+      return { ok: true };
+    }
+    function rmFileSafe(filePath) {
+      try {
+        fs.rmSync(filePath, { force: true });
+        return { ok: true };
+      } catch (err) {
+        return { ok: false, error: err.message };
+      }
+    }
+    process.stdout.write('Stopping server... ');
+    const stopped = pm2StopAndDelete('a2a');
+    if (!stopped.ok) {
+      console.log('❌');
+      console.error(`  ${stopped.error}`);
+      process.exit(1);
+    }
+    console.log('✅');
+    let configOk = true;
+    let dbOk = true;
+    if (!keepConfig) {
+      process.stdout.write('Removing config... ');
+      const c1 = rmFileSafe(configFile);
+      const c2 = rmFileSafe(disclosureFile);
+      const c3 = rmFileSafe(tokensFile);
+      configOk = Boolean(c1.ok && c2.ok && c3.ok);
+      console.log(configOk ? '✅' : '❌');
+      if (!configOk) {
+        if (!c1.ok) console.error(`  ${configFile}: ${c1.error}`);
+        if (!c2.ok) console.error(`  ${disclosureFile}: ${c2.error}`);
+        if (!c3.ok) console.error(`  ${tokensFile}: ${c3.error}`);
+      }
+      process.stdout.write('Removing database... ');
+      const d1 = rmFileSafe(dbFile);
+      const d2 = rmFileSafe(logsDbFile);
+      const d3 = rmFileSafe(callbookDbFile);
+      dbOk = Boolean(d1.ok && d2.ok && d3.ok);
+      console.log(dbOk ? '✅' : '❌');
+      if (!dbOk) {
+        if (!d1.ok) console.error(`  ${dbFile}: ${d1.error}`);
+        if (!d2.ok) console.error(`  ${logsDbFile}: ${d2.error}`);
+        if (!d3.ok) console.error(`  ${callbookDbFile}: ${d3.error}`);
+      }
+      if (!configOk || !dbOk) {
+        process.exit(1);
+      }
+    } else {
+      console.log('Removing config... ⏭️');
+      console.log('Removing database... ⏭️');
+    }
+    console.log('\nTo complete removal:');
+    console.log('  npm uninstall -g a2acalling\n');
+    console.log(`Config preserved: ${keepConfig ? 'yes' : 'no'}`);
+    console.log(`Location: ${configDir}`);
+  },
   update: async (args) => {
     const { execSync } = require('child_process');
     const path = require('path');
@@ -1510,11 +1390,9 @@ https://github.com/onthegonow/a2a_calling`;
     }
   },
-  onboard: (args) => {
+  onboard: async (args) => {
     const { A2AConfig } = require('../src/lib/config');
     const {
-      readContextFiles,
-      buildExtractionPrompt,
       validateDisclosureSubmission,
       saveManifest,
       MANIFEST_FILE
@@ -1528,54 +1406,109 @@ https://github.com/onthegonow/a2a_calling`;
       try {
         parsed = JSON.parse(String(submitRaw));
       } catch (e) {
-        console.error('\n\u274c Invalid JSON in --submit flag.');
-        console.error(`   Parse error: ${e.message}\n`);
+        console.error('\nInvalid JSON in --submit flag.');
+        console.error(`  Parse error: ${e.message}\n`);
         process.exit(1);
       }
       const result = validateDisclosureSubmission(parsed);
       if (!result.valid) {
-        console.error('\n\u274c Disclosure submission validation failed:\n');
-        result.errors.forEach(err => console.error(`   \u2022 ${err}`));
-        console.error(`\nFix the errors above and resubmit with: a2a onboard --submit '<json>'\n`);
+        console.error('\nDisclosure submission validation failed:\n');
+        result.errors.forEach(err => console.error(`  - ${err}`));
+        console.error("\nFix the errors above and resubmit with: a2a onboard --submit '<json>'\n");
         process.exit(1);
       }
       saveManifest(result.manifest);
+      console.log('\nStep 3 of 4: Disclosure manifest saved.');
+      console.log(`  Manifest: ${MANIFEST_FILE}`);
+      // Sync tier config from manifest
+      const manifest = result.manifest;
+      function flattenTopics(sections) {
+        const out = [];
+        for (const section of sections) {
+          for (const item of section) {
+            const t = String(item && item.topic || '').trim();
+            if (t && !out.includes(t)) out.push(t);
+          }
+        }
+        return out;
+      }
+      try {
+        config.setTier('public', {
+          topics: flattenTopics([manifest.topics.public.lead_with, manifest.topics.public.discuss_freely, manifest.topics.public.deflect]),
+          disclosure: 'public'
+        });
+        config.setTier('friends', {
+          topics: flattenTopics([
+            manifest.topics.public.lead_with, manifest.topics.public.discuss_freely, manifest.topics.public.deflect,
+            manifest.topics.friends.lead_with, manifest.topics.friends.discuss_freely, manifest.topics.friends.deflect
+          ]),
+          disclosure: 'minimal'
+        });
+        config.setTier('family', {
+          topics: flattenTopics([
+            manifest.topics.public.lead_with, manifest.topics.public.discuss_freely, manifest.topics.public.deflect,
+            manifest.topics.friends.lead_with, manifest.topics.friends.discuss_freely, manifest.topics.friends.deflect,
+            manifest.topics.family.lead_with, manifest.topics.family.discuss_freely, manifest.topics.family.deflect
+          ]),
+          disclosure: 'minimal'
+        });
+      } catch (err) {
+        console.error(`  Warning: could not sync tier config: ${err.message}`);
+      }
-      const agentName = args.flags.name || config.getAgent().name || process.env.A2A_AGENT_NAME || '';
-      const hostname = args.flags.hostname || config.getAgent().hostname || process.env.A2A_HOSTNAME || '';
-      if (agentName) config.setAgent({ name: agentName });
-      if (hostname) config.setAgent({ hostname });
+      // If already onboarded, this is a topic update — no invite generation needed
+      if (config.isOnboarded()) {
+        console.log('\nDisclosure topics updated. Your agent will use these on the next inbound call.\n');
+        return;
+      }
-      console.log('\n\u2705 Disclosure manifest saved.');
-      console.log(`   Manifest: ${MANIFEST_FILE}`);
-      console.log('   Next: a2a quickstart\n');
-      return;
-    }
+      // ── Step 4 of 4: Generate first invite and complete ─────
+      console.log('\nStep 4 of 4: Generating your first invite...\n');
+      const agentName = args.flags.name || config.getAgent().name || process.env.A2A_AGENT_NAME || 'my-agent';
+      const hostname = config.getAgent().hostname || process.env.A2A_HOSTNAME || 'localhost';
+      if (args.flags.name) config.setAgent({ name: agentName });
+      const publicTopics = flattenTopics([
+        manifest.topics.public.lead_with,
+        manifest.topics.public.discuss_freely
+      ]);
+      const { token } = store.create({
+        name: agentName,
+        owner: agentName,
+        permissions: 'public',
+        disclosure: 'minimal',
+        expires: 'never',
+        maxCalls: null,
+        allowedTopics: publicTopics,
+        allowedGoals: ['grow-network', 'find-collaborators', 'build-in-public'],
+        notify: 'all'
+      });
-    // ── Prompt mode: print extraction instructions for agent ──
-    if (config.isOnboarded() && !args.flags.force) {
-      console.log('\u2705 Onboarding already complete. Use --force to regenerate.');
+      const inviteUrl = `a2a://${hostname}/${token}`;
+      console.log(`  Invite URL: ${inviteUrl}`);
+      console.log('  Share this invite to let other agents call you.\n');
+      config.completeOnboarding();
+      console.log('Onboarding complete.\n');
+      console.log(`  Config: ${CONFIG_PATH}`);
+      console.log(`  Disclosure: ${MANIFEST_FILE}`);
+      console.log(`  Invite: ${inviteUrl}\n`);
       return;
     }
-    const workspaceDir = process.env.A2A_WORKSPACE || process.cwd();
-    const contextFiles = readContextFiles(workspaceDir);
-    const availableFiles = {
-      'USER.md': Boolean(contextFiles.user),
-      'SOUL.md': Boolean(contextFiles.soul),
-      'HEARTBEAT.md': Boolean(contextFiles.heartbeat),
-      'SKILL.md': Boolean(contextFiles.skill),
-      'CLAUDE.md': Boolean(contextFiles.claude),
-      'memory/*.md': Boolean(contextFiles.memory)
-    };
+    // ── No --submit: same as quickstart ───────────────────────
+    return commands.quickstart(args);
+  },
-    console.log(buildExtractionPrompt(availableFiles));
-    console.log('\n---');
-    console.log('After the owner confirms, submit with:');
-    console.log("  a2a onboard --submit '<json>'\n");
+  version: () => {
+    const pkg = require('../package.json');
+    console.log(pkg.version);
   },
   help: () => {
@@ -1636,27 +1569,24 @@ Server:
   server              Start the A2A server
     --port, -p        Port to listen on (default: 3001)
-  quickstart          Onboarding (access → tiers → ingress → verify)
-    --hostname        Public hostname for remote access (e.g. myserver.com:443)
-    --public-port     Port to assume when --hostname omits a port (default: 443)
-    --port            A2A server port to run locally (default: 3001)
-    --friends-topics  Override Friends tier topics/interests (comma or newline-separated)
-    --interactive     Prompt for Friends tier topics if needed
-    --confirm-ingress Confirm reverse proxy/ingress is configured and continue
-    --skip-verify     Skip external reachability check (not recommended)
-    --force           Reset onboarding + regenerate disclosure manifest
-    --regen-manifest  Regenerate disclosure manifest (no onboarding reset)
-  onboard             Generate disclosure manifest from workspace context
+  quickstart          Set up A2A server and start onboarding
+    --port, -p        Preferred server port (default: 80, fallback: 3001+)
+    --force           Reset onboarding and re-run from scratch
+  onboard             Submit disclosure topics or resume quickstart
+    --submit '<json>' Submit disclosure JSON (Step 3 of onboarding)
+    --name            Agent name for invite generation
     --force           Re-run even if already onboarded
-    --name            Agent name
-    --hostname        Agent hostname
   update              Update A2A to latest version (npm or git pull)
     --check, -c       Check for updates without installing
   install             Install A2A for OpenClaw
   setup               Auto setup (gateway-aware dashboard install)
+  uninstall           Stop server and remove local config/DB
+    --keep-config     Preserve config/DB (for reinstall)
+    --force           Skip confirmation prompt
+  version             Show installed package version
 Examples:
   a2a create --name "bappybot" --owner "Benjamin Pollack" --expires 7d
@@ -1680,6 +1610,8 @@ if (!commands[command]) {
   process.exit(1);
 }
+enforceOnboarding(command);
 // Handle async commands
 const result = commands[command](args);
 if (result instanceof Promise) {