a2acalling 0.6.52 → 0.6.54

package/.claude/commands/a2a-call.md

@@ -0,0 +1,26 @@
+---
+description: Call another A2A agent — starts a multi-turn conversation
+allowed-tools: [Bash, Read]
+argument-hint: <contact-or-url> <message>
+---
+
+Call an A2A agent. This starts a multi-turn agent-to-agent conversation.
+
+## Usage
+
+```
+/a2a-call Alice "Hello! My owner wants to discuss the project."
+/a2a-call a2a://host.com/fed_abc123 "Reaching out about collaboration"
+```
+
+## Instructions
+
+Run the following command with the user's arguments:
+
+```bash
+a2a call $ARGUMENTS
+```
+
+If the call succeeds, summarize the conversation outcome for the user.
+If it fails with "not onboarded", tell the user to run `/a2a-setup` first.
+If it fails with "contact not found", suggest `/a2a-contacts` to see available contacts.

package/.claude/commands/a2a-contacts.md

@@ -0,0 +1,31 @@
+---
+description: List A2A contacts — agents you can call or who can call you
+allowed-tools: [Bash]
+argument-hint: [add|show|ping|rm] [args...]
+---
+
+Manage your A2A contact list — see who you can call and who has access to you.
+
+## Usage
+
+```
+/a2a-contacts                          # list all contacts
+/a2a-contacts add a2a://host/fed_xxx Alice  # add contact from invite URL
+/a2a-contacts show Alice               # show contact details
+/a2a-contacts ping Alice               # check if contact is online
+/a2a-contacts rm Alice                 # remove a contact
+```
+
+## Instructions
+
+Run the appropriate command based on user input:
+
+- No arguments: `a2a contacts`
+- `add`: `a2a contacts add $ARGUMENTS`
+- `show`: `a2a contacts show $ARGUMENTS`
+- `ping`: `a2a contacts ping $ARGUMENTS`
+- `rm`: `a2a contacts rm $ARGUMENTS`
+
+If the user just wants to see their contacts, also run `a2a list` to show active tokens (outbound invites).
+
+Format the output clearly: contact name, owner, status (online/offline), permission tier, last seen.

package/.claude/commands/a2a-invite.md

@@ -0,0 +1,33 @@
+---
+description: Create an A2A invite token to share with another agent
+allowed-tools: [Bash]
+argument-hint: [name] [--tier public|friends|family] [--expires 7d]
+---
+
+Create an A2A federation token and display the invite URL for sharing.
+
+## Usage
+
+```
+/a2a-invite Alice --tier friends --expires 7d
+/a2a-invite "Bob's Agent" --tier public
+/a2a-invite                              # interactive — uses defaults
+```
+
+## Instructions
+
+Parse the user's arguments and run:
+
+```bash
+a2a create $ARGUMENTS
+```
+
+If no arguments provided, run `a2a create` with no flags (interactive mode).
+
+After success, display the invite URL prominently and explain:
+1. The URL format: `a2a://<hostname>/<token>`
+2. Share this URL with the other agent's owner
+3. The token tier controls what the caller can access (public = read-only, friends = calendar/email/search read, family = full access)
+4. The token expires per the `--expires` flag (default: never)
+
+Also suggest: "Run `/a2a-contacts` to see who already has access."

package/.claude/commands/a2a-setup.md

@@ -0,0 +1,30 @@
+---
+description: Set up A2A Calling — onboard, start server, configure agent
+allowed-tools: [Bash, Read, Write]
+argument-hint: [--force]
+---
+
+Set up or reset your A2A Calling installation. Runs onboarding, starts the server, and configures your agent.
+
+## Usage
+
+```
+/a2a-setup              # first-time setup or resume incomplete onboarding
+/a2a-setup --force      # reset and re-run from scratch
+```
+
+## Instructions
+
+1. Check if already onboarded: `a2a config --show`
+2. If not onboarded (or `--force`): run `a2a quickstart $ARGUMENTS`
+3. If already onboarded but server not running: run `a2a server` in background
+4. After setup, show the status with `a2a config --show` and `a2a list`
+
+The quickstart flow will:
+- Detect an available port
+- Start the A2A server
+- Detect the hostname
+- Prompt for disclosure topics (what your agent discusses)
+- Save the configuration
+
+If running non-interactively, quickstart auto-accepts defaults.

package/.claude/commands/a2a-status.md

@@ -0,0 +1,24 @@
+---
+description: Check A2A server status, active conversations, and agent health
+allowed-tools: [Bash, Read]
+---
+
+Check the health of your A2A installation — server running, conversations active, contacts online.
+
+## Instructions
+
+Run these commands and compile a status report:
+
+1. **Config:** `a2a config --show`
+2. **Active tokens:** `a2a list`
+3. **Contacts:** `a2a contacts`
+4. **Recent conversations:** `a2a conversations --limit 5`
+
+Present a clear status dashboard:
+- Server: running/stopped (with port and hostname)
+- Tokens: N active, N expired/revoked
+- Contacts: N total
+- Recent calls: last 5 conversations with status
+
+If the server is not running, suggest `/a2a-setup` to start it.
+If not onboarded, suggest `/a2a-setup` for first-time setup.

package/CLAUDE-INSTALL.md

@@ -0,0 +1,154 @@
+# A2A Calling — Installed Package Context
+
+This file is automatically installed by the `a2acalling` package to give Claude Code
+immediate context after `npm install`. It describes what A2A Calling is, how to get
+started, and the full CLI reference — so you never need to grep source code.
+
+## Getting Started
+
+After installing `a2acalling`, the FIRST thing to do is run onboarding:
+
+```bash
+a2a quickstart
+```
+
+This is the single entry point for all setup. It will:
+1. Detect an available port (prefers 80, falls back to 3001+)
+2. Start the A2A server
+3. Detect the hostname
+4. Prompt for disclosure topics (what your agent discusses with callers)
+5. On macOS, offer to install the native Callbook app
+6. Save configuration to `~/.config/openclaw/a2a-config.json`
+
+If onboarding was already completed, re-run with `--force`:
+
+```bash
+a2a quickstart --force
+```
+
+## Native macOS App (A2A Callbook)
+
+On macOS, a native desktop app is available. It provides a dashboard GUI for managing
+calls, contacts, tokens, and logs.
+
+```bash
+a2a app install          # Download and install from GitHub releases
+a2a app status           # Check if installed, show version and path
+a2a app uninstall        # Remove from ~/Applications
+```
+
+After install, the app lives at `~/Applications/A2A Callbook.app`. You can also
+open the dashboard in a browser:
+
+```bash
+a2a gui                  # Open dashboard in browser (or native app if installed)
+a2a gui --tab logs       # Open specific tab: contacts|calls|logs|settings|invites
+```
+
+## Full CLI Reference
+
+### Token Management
+
+```bash
+a2a create --name "AgentName" --owner "OwnerName" --expires 7d --permissions friends
+  # Options:
+  #   --name, -n        Token/agent name
+  #   --owner, -o       Owner name
+  #   --expires, -e     1h, 1d, 7d, 30d, never (default: 1d)
+  #   --permissions, -p public, friends, family (default: public)
+  #   --disclosure, -d  public, minimal, none (default: minimal)
+  #   --notify          all, summary, none (default: all)
+  #   --max-calls       Maximum invocations (default: 100)
+  #   --topics          Custom topics (comma-separated)
+  #   --tools           Custom tool allowlist (comma-separated)
+  #   --link, -l        Auto-link to contact name
+
+a2a list                 # List active tokens
+a2a revoke <token_id>    # Revoke a token
+```
+
+### Contacts
+
+```bash
+a2a contacts             # List all contacts (shows permission badges)
+a2a contacts add <url> --name "Alice" --owner "Alice Chen"
+a2a contacts show <name> # Show contact details + linked token
+a2a contacts edit <name> # Edit contact metadata
+a2a contacts link <name> <token_id>  # Link a token to a contact
+a2a contacts ping <name> # Ping contact, update status
+a2a contacts rm <name>   # Remove contact
+```
+
+### Calling
+
+```bash
+a2a call <contact|url> "<message>"   # Multi-turn call (default: 8-25 turns)
+a2a call Alice "Hello!"              # Call by contact name
+a2a call a2a://host/fed_xxx "Hi"     # Call by invite URL
+a2a call Alice "Quick q" --single    # One-shot (single turn)
+  # --min-turns N     Minimum turns before close (default: 8)
+  # --max-turns N     Maximum turns (default: 25)
+
+a2a ping <url>           # Check if agent is reachable
+a2a status <url>         # Get remote A2A status
+```
+
+### Conversations
+
+```bash
+a2a conversations                    # List all conversations
+  # --contact         Filter by contact
+  # --status          Filter: active, concluded, timeout
+  # --limit           Max results (default: 20)
+a2a conversations show <id>          # Show conversation with messages
+a2a conversations end <id>           # End and summarize conversation
+```
+
+### Server & Setup
+
+```bash
+a2a quickstart                       # First-time setup (port, hostname, disclosure)
+  # --port, -p        Preferred port (default: 80, fallback: 3001+)
+  # --force           Reset and re-run from scratch
+  # --submit '<json>' Submit disclosure JSON
+
+a2a server --port 3001               # Start server manually
+a2a config --show                    # Show current configuration
+a2a status                           # Show local server status
+a2a gui                              # Open dashboard GUI
+a2a app install                      # Install native macOS app
+a2a setup                            # Auto setup (gateway-aware)
+```
+
+### Maintenance
+
+```bash
+a2a update               # Update to latest version
+a2a update --check       # Check for updates without installing
+a2a skills               # Install Claude Code + Codex skill files
+a2a uninstall --force    # Stop server and remove config/DB
+a2a version              # Show installed version
+```
+
+## Permission Tiers
+
+| Tier | Default Capabilities |
+|------|---------------------|
+| `public` | `context-read` |
+| `friends` | `context-read`, `calendar.read`, `email.read`, `search` |
+| `family` | `context-read`, `calendar`, `email`, `search`, `tools`, `memory` |
+
+## Disclosure Levels
+
+| Level | Behavior |
+|-------|----------|
+| `public` | Agent shares freely within tier boundaries |
+| `minimal` | Direct answers only, no volunteered context |
+| `none` | Confirms capability, provides no information |
+
+## Key Paths
+
+- Config: `~/.config/openclaw/a2a-config.json`
+- Disclosure: `~/.config/openclaw/a2a-disclosure.json`
+- Native app: `~/Applications/A2A Callbook.app` (macOS only)
+- Dashboard: `http://127.0.0.1:<port>/dashboard/`

package/README.md

@@ -149,6 +149,7 @@ Customize tiers in `~/.config/openclaw/a2a-config.json`:
   "tiers": {
     "friends": {
       "topics": ["chat", "web", "files", "calendar"],
+      "allowed_tools": ["Bash(readonly)", "Read", "Grep", "Glob", "WebSearch", "WebFetch"],
       "disclosure": "minimal"
     }
   }

package/bin/cli.js

@@ -646,6 +646,22 @@ async function handleDisclosureSubmit(args, commandLabel = 'onboard') {
     return tierData.topics.map(t => String(t && t.topic || '').trim()).filter(Boolean);
   }
 
+  // Helper to extract allowed tools per tier from the disclosure manifest.
+  function getTierTools(tierData) {
+    if (!tierData || !Array.isArray(tierData.allowed_tools)) return [];
+    const seen = new Set();
+    const out = [];
+    for (const tool of tierData.allowed_tools) {
+      const cleaned = String(tool || '').trim();
+      if (!cleaned) continue;
+      const key = cleaned.toLowerCase();
+      if (seen.has(key)) continue;
+      seen.add(key);
+      out.push(cleaned);
+    }
+    return out;
+  }
+
   const tiersData = manifest.tiers || {};
 
   // Derive goals from disclosure objectives (used in tier config and token creation)
@@ -659,19 +675,32 @@ async function handleDisclosureSubmit(args, commandLabel = 'onboard') {
     : ['grow-network', 'find-collaborators', 'build-in-public'];
 
   try {
-    config.setTier('public', {
+    const publicTools = getTierTools(tiersData.public);
+    const friendsTools = [...publicTools, ...getTierTools(tiersData.friends)];
+    const familyTools = [...friendsTools, ...getTierTools(tiersData.family)];
+
+    const publicTierPatch = {
       topics: getTierTopics(tiersData.public),
       goals: tokenGoals,
       disclosure: 'minimal'
-    });
-    config.setTier('friends', {
+    };
+    if (publicTools.length > 0) publicTierPatch.allowed_tools = publicTools;
+
+    const friendsTierPatch = {
       topics: [...getTierTopics(tiersData.public), ...getTierTopics(tiersData.friends)],
       disclosure: 'standard'
-    });
-    config.setTier('family', {
+    };
+    if (friendsTools.length > 0) friendsTierPatch.allowed_tools = friendsTools;
+
+    const familyTierPatch = {
       topics: [...getTierTopics(tiersData.public), ...getTierTopics(tiersData.friends), ...getTierTopics(tiersData.family)],
       disclosure: 'full'
-    });
+    };
+    if (familyTools.length > 0) familyTierPatch.allowed_tools = familyTools;
+
+    config.setTier('public', publicTierPatch);
+    config.setTier('friends', friendsTierPatch);
+    config.setTier('family', familyTierPatch);
   } catch (err) {
     console.error(`  Warning: could not sync tier config: ${err.message}`);
   }
@@ -702,6 +731,7 @@ async function handleDisclosureSubmit(args, commandLabel = 'onboard') {
   const hostname = config.getAgent().hostname || process.env.A2A_HOSTNAME || 'localhost';
 
   const publicTopics = getTierTopics(tiersData.public);
+  const publicTools = getTierTools(tiersData.public);
 
   const { token } = store.create({
     name: agentName,
@@ -712,6 +742,7 @@ async function handleDisclosureSubmit(args, commandLabel = 'onboard') {
     maxCalls: null,
     allowedTopics: publicTopics,
     allowedGoals: tokenGoals,
+    allowedTools: publicTools.length > 0 ? publicTools : null,
     notify: 'all'
   });
 
@@ -725,6 +756,33 @@ async function handleDisclosureSubmit(args, commandLabel = 'onboard') {
   console.log(`  Disclosure: ${MANIFEST_FILE}`);
   console.log(`  Invite: ${inviteUrl}\n`);
 
+  // Native app install should be part of the onboarding tail on macOS so users
+  // don't end up launching the app before a2a setup is complete.
+  if (os.platform() === 'darwin' && !findNativeApp()) {
+    if (isInteractiveShell()) {
+      const installNow = await promptYesNo('Install the native macOS app? [Y/n] ');
+      if (installNow) {
+        const result = installNativeMacApp({ force: false, quiet: false });
+        if (result.success) {
+          if (result.reason === 'already_current') {
+            console.log(`Native app already installed at current version (${result.version}).`);
+            console.log(`Path: ${result.appPath}\n`);
+          } else {
+            console.log(`Native app installed (v${result.version}).`);
+            console.log(`Path: ${result.appPath}\n`);
+          }
+        } else {
+          console.warn(`Native app install failed: ${result.error || 'unknown error'}`);
+          console.warn('You can retry with: a2a app install\n');
+        }
+      } else {
+        console.log('You can install the native app later with: a2a app install\n');
+      }
+    } else {
+      console.log('Install the native macOS app with: a2a app install\n');
+    }
+  }
+
   return true;
 }
 
@@ -787,6 +845,7 @@ const commands = {
 
     // Get tier from --tier or --permissions flag
     const tier = args.flags.tier || args.flags.t || args.flags.permissions || args.flags.p || 'public';
+    const configTier = config.getTiers?.()[tier] || {};
     
     // Get owner from flag or config
     const configAgent = config.getAgent() || {};
@@ -807,6 +866,9 @@ const commands = {
     
     // Get objectives from disclosure
     const objectives = tierTopics.objectives || [];
+    const allowedTools = args.flags.tools
+      ? String(args.flags.tools).split(',').map(t => t.trim()).filter(Boolean)
+      : (Array.isArray(configTier.allowed_tools) ? configTier.allowed_tools : null);
     const timeoutMsRaw = args.flags['timeout-ms'] || args.flags.timeout_ms;
     const timeoutMs = timeoutMsRaw ? Number.parseInt(String(timeoutMsRaw), 10) : null;
 
@@ -820,6 +882,7 @@ const commands = {
       maxCalls,
       allowedTopics,
       allowedGoals: objectives.map(o => o.objective || o),
+      allowedTools,
       timeoutMs
     });
 
@@ -856,6 +919,9 @@ const commands = {
     console.log(`Expires: ${record.expires_at || 'never'}`);
     console.log(`Tier: ${record.tier}`);
     console.log(`Topics: ${record.allowed_topics.join(', ')}`);
+    if (Array.isArray(record.allowed_tools) && record.allowed_tools.length > 0) {
+      console.log(`Tools: ${record.allowed_tools.join(', ')}`);
+    }
     console.log(`Disclosure: ${record.disclosure}`);
     console.log(`Notify: ${record.notify}`);
     console.log(`Max calls: ${record.max_calls || 'unlimited'}`);
@@ -2117,6 +2183,9 @@ a2a add "${inviteUrl}" "${ownerText || 'friend'}" && a2a call "${ownerText || 'f
       });
     } else {
       console.log('  Using existing server.');
+      // Persist detected server port even when reusing an already-running process.
+      // Native app discovery depends on onboarding.server_port as a primary hint.
+      config.setOnboarding({ server_port: serverPort });
     }
     console.log('  ✅ A2A server is running');
 
@@ -2282,6 +2351,11 @@ a2a add "${inviteUrl}" "${ownerText || 'friend'}" && a2a call "${ownerText || 'f
     }
 
     if (action === 'install') {
+      if (os.platform() === 'darwin' && !force && !isOnboarded()) {
+        console.error('Onboarding not complete. Run `a2a quickstart` first, then install the app.');
+        console.error('Use `a2a app install --force` to bypass this check.');
+        process.exit(1);
+      }
       const result = installNativeMacApp({ force, quiet });
       if (result.skipped === 'not_macos') {
         console.error('Native app install is only available on macOS.');
@@ -2856,6 +2930,7 @@ Commands:
     --expires, -e     Expiration (1h, 1d, 7d, 30d, never)
     --permissions, -p Tier (public, friends, family)
     --topics          Custom topics (comma-separated, overrides tier defaults)
+    --tools           Custom tool allowlist (comma-separated, overrides tier defaults)
     --disclosure, -d  Disclosure level (public, minimal, none)
     --notify          Owner notification (all, summary, none)
     --max-calls       Maximum invocations (default: 100)
@@ -2904,7 +2979,7 @@ Calling:
   app                 Manage native macOS app
     status            Show native app installation status (default)
     install           Install/update native app from GitHub release
-      --force, -f     Reinstall even when current version is present
+      --force, -f     Reinstall/bypass onboarding guard
       --quiet, -q     Suppress download/extract output
     uninstall         Remove native app from ~/Applications
 
@@ -2939,6 +3014,7 @@ Server:
 Examples:
   a2a create --name "bappybot" --owner "Benjamin Pollack" --expires 7d
   a2a create --name "custom" --topics "chat,calendar.read,email.read"
+  a2a create --name "research" --tools "Read,Grep,Glob,WebSearch,WebFetch"
   a2a contacts add a2a://host/fed_xxx --name "Alice" --owner "Alice Chen"
   a2a contacts link Alice tok_abc123
   a2a call Alice "Hello!"

package/docs/protocol.md

@@ -155,11 +155,11 @@ Example filters for `/logs`: `trace_id`, `conversation_id`, `token_id`, `error_c
 
 ## Permission Tiers
 
-| Tier | Default capabilities |
-|------|----------------------|
-| `public` | `context-read` |
-| `friends` | `context-read`, `calendar.read`, `email.read`, `search` |
-| `family` | `context-read`, `calendar`, `email`, `search`, `tools`, `memory` |
+| Tier | Default capabilities | Default `allowed_tools` |
+|------|----------------------|--------------------------|
+| `public` | `context-read` | `Read`, `Grep`, `Glob` |
+| `friends` | `context-read`, `calendar.read`, `email.read`, `search` | `Bash(readonly)`, `Read`, `Grep`, `Glob`, `WebSearch`, `WebFetch` |
+| `family` | `context-read`, `calendar`, `email`, `search`, `tools`, `memory` | `Bash`, `Read`, `Grep`, `Glob`, `WebSearch`, `WebFetch` |
 
 ## Disclosure Levels
 
@@ -184,6 +184,7 @@ Stored in `~/.config/openclaw/a2a.json`:
       "capabilities": ["context-read"],
       "allowed_topics": ["chat"],
       "allowed_goals": [],
+      "allowed_tools": ["Read", "Grep", "Glob"],
       "tier_settings": {},
       "disclosure": "minimal",
       "notify": "all",

package/native/macos/index.html

@@ -62,7 +62,7 @@
         <span class="status-indicator searching"></span>
         Looking for a2a server...
       </p>
-      <p class="port-info" id="port-info">Scanning ports: 3001, 80, 8080, 8443, 9001</p>
+      <p class="port-info" id="port-info">Scanning ports: 80, 3001, 8080, 8443, 9001</p>
     </div>
 
     <div id="status-not-found" style="display:none;">
@@ -86,10 +86,22 @@
   </div>
 
   <script>
-    const { invoke } = window.__TAURI__.core;
+    const tauriCore = window.__TAURI__ && window.__TAURI__.core;
+    const tauriEvents = window.__TAURI__ && window.__TAURI__.event;
+    const legacyInvoke = window.__TAURI_INTERNALS__ && window.__TAURI_INTERNALS__.invoke;
+    const invoke = (tauriCore && tauriCore.invoke)
+      ? tauriCore.invoke
+      : (legacyInvoke ? ((cmd, args) => legacyInvoke(cmd, args)) : null);
 
     async function checkServer() {
       show('status-searching');
+      if (!invoke) {
+        show('status-not-found');
+        const detail = document.getElementById('error-detail');
+        detail.textContent = 'Tauri bridge unavailable. Reinstall with `a2a app install --force`.';
+        detail.style.display = 'block';
+        return;
+      }
       try {
         const result = await invoke('discover_server');
         if (result.port) {
@@ -132,16 +144,16 @@
     checkServer();
 
     // Listen for server disconnect/reconnect from Tauri backend
-    const { listen } = window.__TAURI__.event;
-
-    listen('server-status', (event) => {
-      const { connected, port } = event.payload;
-      if (!connected) {
-        showReconnectionOverlay();
-      } else {
-        hideReconnectionOverlay();
-      }
-    });
+    if (tauriEvents && tauriEvents.listen) {
+      tauriEvents.listen('server-status', (event) => {
+        const { connected } = event.payload;
+        if (!connected) {
+          showReconnectionOverlay();
+        } else {
+          hideReconnectionOverlay();
+        }
+      });
+    }
 
     function showReconnectionOverlay() {
       if (document.getElementById('reconnect-overlay')) return;