a2acalling 0.6.71 → 0.6.72

package/.a2a-manifest.json

@@ -1,6 +1,6 @@
 {
-  "version": "0.6.70",
-  "installed_at": "2026-02-26T07:50:29.975Z",
+  "version": "0.6.72",
+  "installed_at": "2026-02-27T03:05:52.375Z",
   "files": [
     {
       "path": "CLAUDE.md",
@@ -56,8 +56,7 @@
     },
     {
       "path": ".codex/AGENTS.md",
-      "action": "error",
-      "detail": "Source file not found"
+      "action": "skipped"
     },
     {
       "path": ".a2a-manifest.json",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "a2acalling",
-  "version": "0.6.71",
+  "version": "0.6.72",
   "description": "Agent-to-agent calling for OpenClaw - A2A agent communication",
   "main": "src/index.js",
   "bin": {

package/src/lib/config.js

@@ -246,7 +246,15 @@ const DEFAULT_CONFIG = {
     allowMajor: false,
     lastGoodVersion: null
   },
-  
+
+  // A2A-63: Retention policy defaults for database lifecycle management
+  retention: {
+    conversations_days: 90,
+    logs_days: 30,
+    compress_after_days: 7,
+    token_expiry_grace_days: 30
+  },
+
   // Timestamps
   createdAt: null,
   updatedAt: null
@@ -442,6 +450,22 @@ class A2AConfig {
     return next;
   }
 
+  // A2A-63: Retention config accessor — returns merged defaults when
+  // the retention section is missing or partially present in the config file.
+  // Does NOT write defaults to disk automatically.
+  getRetention() {
+    const defaults = DEFAULT_CONFIG.retention;
+    const current = (this.config && typeof this.config.retention === 'object' && this.config.retention)
+      ? this.config.retention
+      : {};
+    return {
+      conversations_days: Number.isFinite(current.conversations_days) ? current.conversations_days : defaults.conversations_days,
+      logs_days: Number.isFinite(current.logs_days) ? current.logs_days : defaults.logs_days,
+      compress_after_days: Number.isFinite(current.compress_after_days) ? current.compress_after_days : defaults.compress_after_days,
+      token_expiry_grace_days: Number.isFinite(current.token_expiry_grace_days) ? current.token_expiry_grace_days : defaults.token_expiry_grace_days
+    };
+  }
+
   // Export for sharing (strips private_key to prevent leakage — A2A-52)
   export() {
     const { private_key, ...agentPublic } = this.config.agent || {};

package/src/lib/conversations.js

@@ -16,6 +16,8 @@ const DEFAULT_CONFIG_DIR = process.env.A2A_CONFIG_DIR ||
 
 const DB_FILENAME = 'a2a-conversations.db';
 const logger = createLogger({ component: 'a2a.conversations' });
+// A2A-63: Dedicated cleanup logger for retention pruning operations
+const cleanupLogger = createLogger({ component: 'a2a.cleanup' });
 
 class ConversationStore {
   constructor(configDir = DEFAULT_CONFIG_DIR, options = {}) {
@@ -573,6 +575,135 @@ class ConversationStore {
     return { compressed, total: messages.length };
   }
 
+  /**
+   * A2A-63: Prune old concluded/timeout conversations and their messages.
+   *
+   * Pipeline:
+   *   1. Compress messages in the compress window (compress_after_days..conversations_days)
+   *   2. Delete messages belonging to expired conversations
+   *   3. Delete the expired conversations themselves
+   *   4. VACUUM only when >100 total rows deleted
+   *
+   * Active conversations are NEVER deleted regardless of age.
+   *
+   * @param {object} options
+   * @param {number} [options.conversations_days=90] - Delete concluded/timeout conversations older than this
+   * @param {number} [options.compress_after_days=7] - Compress messages older than this
+   * @returns {{ compressed: number, deletedMessages: number, deletedConversations: number, vacuumed: boolean }}
+   */
+  pruneOld(options = {}) {
+    const db = this._initDb();
+    if (!db) {
+      return {
+        compressed: 0,
+        deletedMessages: 0,
+        deletedConversations: 0,
+        vacuumed: false,
+        error: this._dbError
+      };
+    }
+
+    const conversationsDays = Number.isFinite(options.conversations_days)
+      ? options.conversations_days
+      : 90;
+    const compressAfterDays = Number.isFinite(options.compress_after_days)
+      ? options.compress_after_days
+      : 7;
+
+    // Step 1: Compress messages in the compress window before deletion
+    const compressResult = this.compressOldMessages(compressAfterDays);
+
+    // Step 2: Find expired conversations (concluded or timeout, older than retention threshold)
+    // A2A-63: Only prune conversations with a non-NULL ended_at that is older than the threshold.
+    // Active conversations have NULL ended_at and are never touched.
+    const retentionThreshold = new Date(
+      Date.now() - conversationsDays * 24 * 60 * 60 * 1000
+    ).toISOString();
+
+    const expiredConvIds = db.prepare(`
+      SELECT id FROM conversations
+      WHERE status IN ('concluded', 'timeout')
+        AND ended_at IS NOT NULL
+        AND ended_at < ?
+    `).all(retentionThreshold).map(row => row.id);
+
+    let deletedMessages = 0;
+    let deletedConversations = 0;
+
+    if (expiredConvIds.length > 0) {
+      // A2A-63: Delete messages BEFORE their parent conversations (foreign key safety)
+      const deleteMsgs = db.prepare(
+        'DELETE FROM messages WHERE conversation_id = ?'
+      );
+      const deleteConv = db.prepare(
+        'DELETE FROM conversations WHERE id = ?'
+      );
+
+      const pruneTransaction = db.transaction((ids) => {
+        for (const id of ids) {
+          const msgResult = deleteMsgs.run(id);
+          deletedMessages += msgResult.changes;
+          const convResult = deleteConv.run(id);
+          deletedConversations += convResult.changes;
+        }
+      });
+
+      pruneTransaction(expiredConvIds);
+    }
+
+    // Step 3: VACUUM only when >100 total rows deleted
+    const totalDeleted = deletedMessages + deletedConversations;
+    let vacuumed = false;
+    if (totalDeleted > 100) {
+      try {
+        db.exec('VACUUM');
+        vacuumed = true;
+      } catch (_) {
+        // A2A-63: Best effort — VACUUM can fail if another connection holds a lock
+      }
+    }
+
+    // Step 4: Log results
+    cleanupLogger.info('Conversation retention prune completed', {
+      event: 'conversations_pruned',
+      data: {
+        compressed: compressResult.compressed,
+        deleted_messages: deletedMessages,
+        deleted_conversations: deletedConversations,
+        vacuumed,
+        retention_days: conversationsDays,
+        compress_after_days: compressAfterDays
+      }
+    });
+
+    return {
+      compressed: compressResult.compressed,
+      deletedMessages,
+      deletedConversations,
+      vacuumed
+    };
+  }
+
+  /**
+   * A2A-63: Get database row counts for monitoring.
+   *
+   * @returns {{ conversations: number, messages: number }}
+   */
+  getDatabaseStats() {
+    const db = this._initDb();
+    if (!db) {
+      return { conversations: 0, messages: 0 };
+    }
+
+    const convCount = db.prepare('SELECT COUNT(*) AS count FROM conversations').get();
+    const msgCount = db.prepare('SELECT COUNT(*) AS count FROM messages').get();
+
+    return {
+      conversations: convCount ? convCount.count : 0,
+      messages: msgCount ? msgCount.count : 0
+    };
+  }
+
   /**
    * Get conversation context for retrieval (summary + recent messages)
    */

package/src/lib/logger.js

@@ -200,6 +200,8 @@ class LogStore {
         trace_id, conversation_id, token_id, request_id, error_code, status_code, hint, data
       ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
     `);
+    // A2A-64: Prepared statement for time-based retention pruning
+    this.pruneStmt = this.db.prepare('DELETE FROM logs WHERE timestamp < ?');
   }
 
   isAvailable() {
@@ -231,6 +233,19 @@ class LogStore {
         entry.hint,
         dataText
       );
+
+      // A2A-64: Auto-prune on every 1000th write (dashboard-events.js pattern).
+      // Best effort — prune failures must not affect write operations.
+      this._writeCount = (this._writeCount || 0) + 1;
+      if (this._writeCount % 1000 === 0 && !this._pruning) {
+        try {
+          const threshold = new Date(Date.now() - 30 * 24 * 60 * 60 * 1000).toISOString();
+          this.pruneStmt.run(threshold);
+        } catch (_) {
+          // A2A-64: Best effort — silent catch like dashboard-events.js:149
+        }
+      }
+
       return true;
     } catch (err) {
       this._dbError = err.message || 'failed_to_write_log_entry';
@@ -409,6 +424,72 @@ class LogStore {
       this.db = null;
     }
   }
+
+  /**
+   * A2A-64: Delete log entries older than the retention period.
+   *
+   * @param {object} [options]
+   * @param {number} [options.days=30] - Retention period in days
+   * @returns {{ deleted: number }}
+   */
+  pruneOld(options = {}) {
+    const db = this._initDb();
+    if (!db) return { deleted: 0 };
+
+    const days = Number.isFinite(options.days) ? options.days : 30;
+    const threshold = new Date(Date.now() - days * 24 * 60 * 60 * 1000).toISOString();
+
+    // A2A-64: Set _pruning flag to prevent auto-prune recursion if the
+    // cleanup logger writes back to this same store.
+    this._pruning = true;
+    let deleted = 0;
+    try {
+      const result = this.pruneStmt.run(threshold);
+      deleted = result.changes;
+
+      // A2A-64: Only VACUUM after bulk deletions (>100 rows) to avoid unnecessary I/O
+      if (deleted > 100) {
+        db.exec('VACUUM');
+      }
+    } finally {
+      this._pruning = false;
+    }
+
+    // A2A-64: Log prune results AFTER prune completes to avoid recursion.
+    // Use a Logger instance with stdout:false for the cleanup component.
+    try {
+      const cleanupLogger = new Logger(this, { component: 'a2a.cleanup', stdout: true, minLevel: 'info' });
+      cleanupLogger.info(`Pruned ${deleted} log entries older than ${days} days`, {
+        event: 'logs_pruned',
+        data: { deleted, days, threshold }
+      });
+    } catch (_) {
+      // A2A-64: Best effort — logging about prune results must not throw
+    }
+
+    return { deleted };
+  }
+
+  /**
+   * A2A-64: Return database-level stats for monitoring.
+   * Complements the existing stats() method which provides level/component breakdowns.
+   *
+   * @returns {{ total: number, oldest_entry: string|null, newest_entry: string|null }}
+   */
+  getDatabaseStats() {
+    const db = this._initDb();
+    if (!db) return { total: 0, oldest_entry: null, newest_entry: null };
+
+    const row = db.prepare(
+      'SELECT COUNT(*) AS total, MIN(timestamp) AS oldest, MAX(timestamp) AS newest FROM logs'
+    ).get();
+
+    return {
+      total: row?.total || 0,
+      oldest_entry: row?.oldest || null,
+      newest_entry: row?.newest || null
+    };
+  }
 }
 
 class Logger {
@@ -570,9 +651,25 @@ function closeAllLoggerStores() {
   storeCache.clear();
 }
 
+// A2A-65: Prune old entries from all cached logger stores.
+// Best effort — individual store failures are caught and logged.
+function pruneAllLoggerStores(options = {}) {
+  const results = [];
+  for (const store of storeCache.values()) {
+    try {
+      results.push(store.pruneOld(options));
+    } catch (_) {
+      // A2A-65: Best effort — one store failure must not block others
+    }
+  }
+  return results;
+}
+
 module.exports = {
   LOG_DB_FILENAME,
+  LogStore,
   createLogger,
   createTraceId,
-  closeAllLoggerStores
+  closeAllLoggerStores,
+  pruneAllLoggerStores
 };

package/src/lib/tokens.js

@@ -383,6 +383,73 @@ class TokenStore {
     return { success: true, record };
   }
 
+  /**
+   * A2A-65: Remove expired and old-revoked tokens from the store.
+   *
+   * - Tokens expired for >1 hour are removed (grace period for in-flight calls)
+   * - Tokens revoked >token_expiry_grace_days ago are removed
+   * - Valid and recently-expired tokens are preserved
+   *
+   * @param {object} [options]
+   * @param {number} [options.token_expiry_grace_days=30] - Days after revocation before removal
+   * @returns {{ removed_expired: number, removed_revoked: number }}
+   */
+  cleanupExpired(options = {}) {
+    const graceDays = Number.isFinite(options.token_expiry_grace_days)
+      ? options.token_expiry_grace_days
+      : 30;
+
+    const db = this._load();
+    const now = Date.now();
+    const oneHourMs = 60 * 60 * 1000;
+    const gracePeriodMs = graceDays * 24 * 60 * 60 * 1000;
+
+    let removed_expired = 0;
+    let removed_revoked = 0;
+
+    const original = db.tokens.length;
+
+    db.tokens = db.tokens.filter(token => {
+      // Remove tokens expired for > 1 hour
+      if (token.expires_at) {
+        const expiresAt = new Date(token.expires_at).getTime();
+        if (expiresAt < now - oneHourMs) {
+          removed_expired++;
+          return false;
+        }
+      }
+
+      // Remove tokens revoked > graceDays ago
+      if (token.revoked && token.revoked_at) {
+        const revokedAt = new Date(token.revoked_at).getTime();
+        if (revokedAt < now - gracePeriodMs) {
+          removed_revoked++;
+          return false;
+        }
+      }
+
+      return true;
+    });
+
+    // Only write if something changed
+    if (db.tokens.length < original) {
+      this._save(db);
+    }
+
+    // A2A-65: Log cleanup results (best effort)
+    try {
+      const cleanupLogger = require('./logger').createLogger({ component: 'a2a.cleanup' });
+      cleanupLogger.info('Token cleanup completed', {
+        event: 'tokens_cleaned',
+        data: { removed_expired, removed_revoked, remaining: db.tokens.length, grace_days: graceDays }
+      });
+    } catch (_) {
+      // Best effort
+    }
+
+    return { removed_expired, removed_revoked };
+  }
+
   /**
    * Add a remote agent endpoint (contact)
    * Note: Token is encrypted at rest using a derived key

package/src/server.js

@@ -21,7 +21,7 @@ const {
   extractCollaborationState
 } = require('./lib/prompt-template');
 const { findAvailablePort } = require('./lib/port-scanner');
-const { createLogger, closeAllLoggerStores } = require('./lib/logger');
+const { createLogger, closeAllLoggerStores, pruneAllLoggerStores } = require('./lib/logger');
 const { writePidFile, removePidFile } = require('./lib/pid-file');
 const { buildUnifiedSummaryPrompt } = require('./lib/summary-prompt');
 const { A2AConfig } = require('./lib/config');
@@ -1019,6 +1019,67 @@ async function startServer() {
     });
     writePidFile(process.pid);
 
+    // A2A-65: Run retention cleanup on startup (best effort — failures must not prevent server startup)
+    try {
+      const retention = config.getRetention();
+
+      // Conversations retention
+      const convStore = getServerConvStore();
+      if (convStore) {
+        try {
+          const convResult = convStore.pruneOld({
+            conversations_days: retention.conversations_days,
+            compress_after_days: retention.compress_after_days
+          });
+          logger.info('Startup retention: conversations pruned', {
+            event: 'startup_retention_conversations',
+            data: convResult
+          });
+        } catch (err) {
+          logger.warn('Startup retention: conversations prune failed', {
+            event: 'startup_retention_conversations_failed',
+            error: err
+          });
+        }
+      }
+
+      // Logger retention
+      try {
+        const logResults = pruneAllLoggerStores({ days: retention.logs_days });
+        const totalDeleted = logResults.reduce((sum, r) => sum + (r.deleted || 0), 0);
+        logger.info('Startup retention: logs pruned', {
+          event: 'startup_retention_logs',
+          data: { total_deleted: totalDeleted, stores_pruned: logResults.length }
+        });
+      } catch (err) {
+        logger.warn('Startup retention: logs prune failed', {
+          event: 'startup_retention_logs_failed',
+          error: err
+        });
+      }
+
+      // Token retention
+      try {
+        const tokenResult = tokenStore.cleanupExpired({
+          token_expiry_grace_days: retention.token_expiry_grace_days
+        });
+        logger.info('Startup retention: tokens cleaned', {
+          event: 'startup_retention_tokens',
+          data: tokenResult
+        });
+      } catch (err) {
+        logger.warn('Startup retention: token cleanup failed', {
+          event: 'startup_retention_tokens_failed',
+          error: err
+        });
+      }
+    } catch (err) {
+      logger.warn('Startup retention failed', {
+        event: 'startup_retention_failed',
+        error: err
+      });
+    }
+
     if (!updateManager) {
       const pkg = require('../package.json');
       const restartFn = async () => {