a2acalling 0.6.66 → 0.6.67

package/.a2a-manifest.json

@@ -1,6 +1,6 @@
 {
-  "version": "0.6.66",
-  "installed_at": "2026-02-25T09:43:06.371Z",
+  "version": "0.6.67",
+  "installed_at": "2026-02-25T14:23:35.176Z",
   "files": [
     {
       "path": "CLAUDE.md",

package/ARCHITECTURE.md

@@ -20,7 +20,7 @@ A2A Calling enables agent-to-agent communication across OpenClaw instances. Agen
 ┌───────────▼──────────────────────────────────────────────────────┐
 │  Core Libraries (src/lib/)                                        │
 │  ├─ tokens.js         Token CRUD, validation, tiers               │
-│  ├─ client.js         A2AClient for outbound calls                │
+│  ├─ client.js         A2AClient for outbound calls (retry + size cap) │
 │  ├─ conversations.js  ConversationStore (SQLite)                  │
 │  ├─ conversation-driver.js  Multi-turn call orchestration         │
 │  ├─ summarizer.js     Call summary generation                     │
@@ -28,6 +28,7 @@ A2A Calling enables agent-to-agent communication across OpenClaw instances. Agen
 │  ├─ summary-formatter.js  Format summaries for display            │
 │  ├─ disclosure.js     Disclosure level enforcement                │
 │  ├─ config.js         Config file management                      │
+│  ├─ crypto.js         Ed25519 identity keypair + signing           │
 │  ├─ logger.js         Structured logger (SQLite + stdout)         │
 │  ├─ call-monitor.js   Active call monitoring                      │
 │  ├─ callbook.js       Contact/callbook management                 │
@@ -80,6 +81,10 @@ Single-page app served from `src/dashboard/public/`. Uses Shoelace web component
 
 Tauri v2 app at `native/macos/` wrapping the dashboard SPA. Provides native menus, notifications, and server lifecycle management.
 
+## Identity Verification
+
+Ed25519 cryptographic identity for agents. Each instance generates a keypair on first run (stored in config). Outbound calls sign messages; inbound calls verify signatures. Uses Node.js built-in `crypto.sign`/`crypto.verify` — no external dependencies. See `src/lib/crypto.js`.
+
 ## Testing
 
 Zero-dependency test runner at `test/run.js` with custom assert API. Three test tiers:
@@ -90,3 +95,7 @@ Zero-dependency test runner at `test/run.js` with custom assert API. Three test
 Test profiles at `test/profiles/` represent real personas with distinct permission tiers.
 
 E2E test results are persisted to `~/.config/openclaw/a2a-e2e-results.json` via `test/e2e/persist.js` and surfaced in the dashboard Health tab. The `scripts/run-e2e.sh` orchestrator runs E2E suites and stores results.
+
+## Network Resilience
+
+The outbound A2A client (`src/lib/client.js`) retries transient network failures (ECONNRESET, ECONNREFUSED, EPIPE, ENOTFOUND, EAI_AGAIN, timeouts) with exponential backoff (0s, 1s, 2s). HTTP 4xx/5xx errors are not retried. All response accumulation is capped at 2MB to prevent OOM from malicious remotes.

package/CONVENTIONS.md

@@ -67,6 +67,24 @@ All modules use CommonJS (`require`/`module.exports`). Each lib file exports a f
 - Sidebar navigation with tab switching (Contacts, Calls, Invites, Logs, Settings, Permissions, Health)
 - Permissions tab uses tier cards with tool toggles and auto-save
 
+## Network Resilience (A2A-54)
+
+Outbound client methods (`call()`, `end()`) automatically retry transient network errors with exponential backoff. Pattern:
+- Use `withRetry(fn, { delays })` for retryable operations
+- Only retry on transient errors (ECONNRESET, ECONNREFUSED, EPIPE, ENOTFOUND, EAI_AGAIN, timeout)
+- Never retry HTTP 4xx/5xx — those are explicit server rejections
+- All HTTP responses are size-capped at 2MB via `handleSizeCappedResponse()`
+- Configurable retry delays via `_retryDelays` constructor option (used in tests with `[0,0,0]` for fast execution)
+
+## Dashboard API Testing (A2A-56)
+
+Dashboard API integration tests follow the pattern in `test/integration/dashboard-logs.test.js`:
+- Mount `createDashboardApiRouter()` on an Express app
+- Use `helpers.request()` for HTTP assertions (binds to 127.0.0.1 — bypasses auth)
+- Bust module caches for `dashboard`, `logger`, `tokens`, `config`, `disclosure`, `conversations`, `callbook`, `dashboard-events`
+- Call `loggerModule.closeAllLoggerStores()` in teardown to prevent SQLite handle leaks
+- Pass `convStore` directly via `options.convStore` when testing calls endpoints
+
 ## Permission Tiers
 
 Tokens have a tier (`public`, `friends`, `family`) and a disclosure level (`public`, `minimal`, `none`). These are enforced at the route level in `src/routes/a2a.js`.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "a2acalling",
-  "version": "0.6.66",
+  "version": "0.6.67",
   "description": "Agent-to-agent calling for OpenClaw - A2A agent communication",
   "main": "src/index.js",
   "bin": {

package/src/lib/client.js

@@ -5,6 +5,68 @@
 const https = require('https');
 const http = require('http');
 const { signRequest } = require('./crypto');
+// A2A-54: structured logging for retry warnings and size-cap violations
+const { createLogger } = require('./logger');
+
+const logger = createLogger({ component: 'a2a.client' });
+
+// A2A-54: response size cap prevents OOM from unbounded accumulation
+const MAX_RESPONSE_BYTES = 2 * 1024 * 1024;
+
+// A2A-54: only transient network errors are retryable — HTTP 4xx/5xx are not
+const RETRYABLE_CODES = ['ECONNRESET', 'ECONNREFUSED', 'EPIPE', 'ENOTFOUND', 'EAI_AGAIN'];
+
+// A2A-54: exponential backoff — first retry is immediate, then 1s, then 2s
+const RETRY_DELAYS = [0, 1000, 2000];
+
+/**
+ * A2A-54: Retry wrapper for transient network failures.
+ * Only retries on RETRYABLE_CODES and timeout errors — HTTP status errors
+ * bubble up immediately since the remote explicitly rejected the request.
+ *
+ * @param {Function} fn - async function to retry
+ * @param {object} options
+ * @param {number[]} options.delays - delay sequence in ms (default: RETRY_DELAYS)
+ * @returns {Promise<*>}
+ */
+async function withRetry(fn, options = {}) {
+  const delays = options.delays || RETRY_DELAYS;
+  const maxAttempts = delays.length + 1;
+
+  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+    try {
+      return await fn();
+    } catch (err) {
+      // A2A-54: only retry transient network errors and timeouts.
+      // HTTP 4xx/5xx errors have err.code set to the server's error code
+      // (e.g. 'bad_request'), so they won't match network_error or timeout.
+      const isRetryable = err instanceof A2AError && (
+        (err.code === 'network_error' && RETRYABLE_CODES.some(c => err.message.includes(c))) ||
+        err.code === 'timeout'
+      );
+
+      if (!isRetryable || attempt >= maxAttempts) {
+        throw err;
+      }
+
+      // A2A-54: log each retry at warn level for operator visibility
+      const delay = delays[attempt - 1];
+      logger.warn(`Retrying request (attempt ${attempt + 1}/${maxAttempts})`, {
+        event: 'retry',
+        data: {
+          error_code: err.code,
+          error_message: err.message,
+          attempt: attempt + 1,
+          delay_ms: delay
+        }
+      });
+
+      if (delay > 0) {
+        await new Promise(resolve => setTimeout(resolve, delay));
+      }
+    }
+  }
+}
 
 function splitHostPort(rawHost) {
   const host = String(rawHost || '').trim();
@@ -51,6 +113,41 @@ function resolveProtocolAndPort(host) {
   return { protocol, hostname, port };
 }
 
+/**
+ * A2A-54: Create a size-capped response handler.
+ * Tracks accumulated bytes and destroys the socket if the cap is exceeded,
+ * preventing OOM from malicious or misconfigured remote agents.
+ *
+ * @param {http.IncomingMessage} res - the response stream
+ * @param {Function} resolve - promise resolve
+ * @param {Function} reject - promise reject
+ * @param {Function} onComplete - called with (data, statusCode) when response ends within cap
+ */
+function handleSizeCappedResponse(res, resolve, reject, onComplete) {
+  let data = '';
+  let bytes = 0;
+  let destroyed = false;
+
+  res.on('data', (chunk) => {
+    bytes += chunk.length;
+    if (bytes > MAX_RESPONSE_BYTES) {
+      if (!destroyed) {
+        destroyed = true;
+        res.destroy();
+        // A2A-54: reject immediately — the remote sent more data than we allow
+        reject(new A2AError('response_too_large', `Response exceeded ${MAX_RESPONSE_BYTES} bytes`));
+      }
+      return;
+    }
+    data += chunk;
+  });
+
+  res.on('end', () => {
+    if (destroyed) return;
+    onComplete(data, res.statusCode);
+  });
+}
+
 class A2AClient {
   constructor(options = {}) {
     this.timeout = options.timeout || 60000;
@@ -58,6 +155,8 @@ class A2AClient {
     // A2A-52: Ed25519 identity keys for request signing
     this.privateKey = options.privateKey || null;
     this.publicKey = options.publicKey || null;
+    // A2A-54: allow configurable retry delays for testing (fast tests use [0,0,0])
+    this._retryDelays = options._retryDelays || RETRY_DELAYS;
   }
 
   /**
@@ -88,7 +187,7 @@ class A2AClient {
 
   /**
    * Call a remote agent
-   * 
+   *
    * @param {string|object} endpoint - a2a:// URL or {host, token}
    * @param {string} message - Message to send
    * @param {object} options - Additional options
@@ -96,7 +195,7 @@ class A2AClient {
    */
   async call(endpoint, message, options = {}) {
     let host, token;
-    
+
     if (typeof endpoint === 'string') {
       ({ host, token } = A2AClient.parseInvite(endpoint));
     } else {
@@ -117,7 +216,8 @@ class A2AClient {
     // A2A-52: attach signature headers when keypair available
     const sigHeaders = this._signHeaders('POST', '/api/a2a/invoke', body);
 
-    return new Promise((resolve, reject) => {
+    // A2A-54: wrap with retry for transient network failures
+    const makeRequest = () => new Promise((resolve, reject) => {
       const req = protocol.request({
         hostname,
         port,
@@ -131,24 +231,23 @@ class A2AClient {
         },
         timeout: this.timeout
       }, (res) => {
-        let data = '';
-        res.on('data', chunk => data += chunk);
-        res.on('end', () => {
+        // A2A-54: size-capped response accumulation
+        handleSizeCappedResponse(res, resolve, reject, (data, statusCode) => {
           try {
             const json = JSON.parse(data);
-            if (res.statusCode >= 400) {
-              reject(new A2AError(json.error || 'request_failed', json.message || data, res.statusCode));
+            if (statusCode >= 400) {
+              reject(new A2AError(json.error || 'request_failed', json.message || data, statusCode));
             } else {
               resolve(json);
             }
           } catch (e) {
-            reject(new A2AError('parse_error', `Failed to parse response: ${data}`, res.statusCode));
+            reject(new A2AError('parse_error', `Failed to parse response: ${data}`, statusCode));
           }
         });
       });
 
       req.on('error', (e) => {
-        reject(new A2AError('network_error', e.message));
+        reject(new A2AError('network_error', e.code ? `${e.code}: ${e.message}` : e.message));
       });
 
       req.on('timeout', () => {
@@ -159,6 +258,8 @@ class A2AClient {
       req.write(body);
       req.end();
     });
+
+    return withRetry(makeRequest, { delays: this._retryDelays });
   }
 
   /**
@@ -189,7 +290,8 @@ class A2AClient {
     // A2A-52: attach signature headers when keypair available
     const sigHeaders = this._signHeaders('POST', '/api/a2a/end', body);
 
-    return new Promise((resolve, reject) => {
+    // A2A-54: wrap with retry for transient network failures
+    const makeRequest = () => new Promise((resolve, reject) => {
       const req = protocol.request({
         hostname,
         port,
@@ -203,24 +305,23 @@ class A2AClient {
         },
         timeout: this.timeout
       }, (res) => {
-        let data = '';
-        res.on('data', chunk => data += chunk);
-        res.on('end', () => {
+        // A2A-54: size-capped response accumulation
+        handleSizeCappedResponse(res, resolve, reject, (data, statusCode) => {
           try {
             const json = JSON.parse(data);
-            if (res.statusCode >= 400) {
-              reject(new A2AError(json.error || 'request_failed', json.message || data, res.statusCode));
+            if (statusCode >= 400) {
+              reject(new A2AError(json.error || 'request_failed', json.message || data, statusCode));
             } else {
               resolve(json);
             }
           } catch (e) {
-            reject(new A2AError('parse_error', `Failed to parse response: ${data}`, res.statusCode));
+            reject(new A2AError('parse_error', `Failed to parse response: ${data}`, statusCode));
           }
         });
       });
 
       req.on('error', (e) => {
-        reject(new A2AError('network_error', e.message));
+        reject(new A2AError('network_error', e.code ? `${e.code}: ${e.message}` : e.message));
       });
 
       req.on('timeout', () => {
@@ -231,6 +332,8 @@ class A2AClient {
       req.write(body);
       req.end();
     });
+
+    return withRetry(makeRequest, { delays: this._retryDelays });
   }
 
   /**
@@ -238,7 +341,7 @@ class A2AClient {
    */
   async ping(endpoint) {
     let host;
-    
+
     if (typeof endpoint === 'string') {
       ({ host } = A2AClient.parseInvite(endpoint));
     } else {
@@ -247,6 +350,7 @@ class A2AClient {
 
     const { protocol, hostname, port } = resolveProtocolAndPort(host);
 
+    // A2A-54: no retry for ping — it's a lightweight probe, not a critical call
     return new Promise((resolve, reject) => {
       const req = protocol.request({
         hostname,
@@ -255,13 +359,12 @@ class A2AClient {
         method: 'GET',
         timeout: 5000
       }, (res) => {
-        let data = '';
-        res.on('data', chunk => data += chunk);
-        res.on('end', () => {
+        // A2A-54: size-capped response accumulation
+        handleSizeCappedResponse(res, resolve, reject, (data, statusCode) => {
           try {
             resolve(JSON.parse(data));
           } catch {
-            resolve({ pong: res.statusCode === 200 });
+            resolve({ pong: statusCode === 200 });
           }
         });
       });
@@ -280,7 +383,7 @@ class A2AClient {
    */
   async status(endpoint) {
     let host;
-    
+
     if (typeof endpoint === 'string') {
       ({ host } = A2AClient.parseInvite(endpoint));
     } else {
@@ -289,6 +392,7 @@ class A2AClient {
 
     const { protocol, hostname, port } = resolveProtocolAndPort(host);
 
+    // A2A-54: no retry for status — read-only probe, not a stateful operation
     return new Promise((resolve, reject) => {
       const req = protocol.request({
         hostname,
@@ -297,9 +401,8 @@ class A2AClient {
         method: 'GET',
         timeout: 5000
       }, (res) => {
-        let data = '';
-        res.on('data', chunk => data += chunk);
-        res.on('end', () => {
+        // A2A-54: size-capped response accumulation
+        handleSizeCappedResponse(res, resolve, reject, (data) => {
           try {
             resolve(JSON.parse(data));
           } catch {
@@ -308,7 +411,7 @@ class A2AClient {
         });
       });
 
-      req.on('error', (e) => reject(new A2AError('network_error', e.message)));
+      req.on('error', (e) => reject(new A2AError('network_error', e.code ? `${e.code}: ${e.message}` : e.message)));
       req.on('timeout', () => {
         req.destroy();
         reject(new A2AError('timeout', 'Request timed out'));
@@ -327,4 +430,13 @@ class A2AError extends Error {
   }
 }
 
-module.exports = { A2AClient, A2AError };
+// A2A-54: export internals for testing (splitHostPort, resolveProtocolAndPort, constants)
+module.exports = {
+  A2AClient,
+  A2AError,
+  _splitHostPort: splitHostPort,
+  _resolveProtocolAndPort: resolveProtocolAndPort,
+  _MAX_RESPONSE_BYTES: MAX_RESPONSE_BYTES,
+  _RETRYABLE_CODES: RETRYABLE_CODES,
+  _RETRY_DELAYS: RETRY_DELAYS
+};