agentbnb 2.2.0 → 3.0.0

package/dist/cli/index.js

@@ -1,168 +1,69 @@
 #!/usr/bin/env node
+import {
+  getActivityFeed,
+  getCard,
+  getRequestLog,
+  getSkillRequestCount,
+  insertCard,
+  insertRequestLog,
+  listCards,
+  openDatabase,
+  updateCard,
+  updateReputation,
+  updateSkillAvailability,
+  updateSkillIdleRate
+} from "../chunk-PJSYSVKN.js";
+import {
+  AutoRequestor,
+  BudgetManager,
+  DEFAULT_AUTONOMY_CONFIG,
+  DEFAULT_BUDGET_CONFIG,
+  bootstrapAgent,
+  confirmEscrowDebit,
+  filterCards,
+  getAutonomyTier,
+  getBalance,
+  getTransactions,
+  holdEscrow,
+  insertAuditEvent,
+  interpolateObject,
+  listPendingRequests,
+  openCreditDb,
+  recordEarning,
+  releaseEscrow,
+  requestCapability,
+  resolvePendingRequest,
+  searchCards,
+  settleEscrow
+} from "../chunk-V7M6GIJZ.js";
+import {
+  findPeer,
+  getConfigDir,
+  loadConfig,
+  loadPeers,
+  removePeer,
+  saveConfig,
+  savePeer
+} from "../chunk-BEI5MTNZ.js";
+import {
+  AgentBnBError,
+  CapabilityCardSchema,
+  CapabilityCardV2Schema
+} from "../chunk-TQMI73LL.js";
 
 // src/cli/index.ts
 import { Command } from "commander";
-import { readFileSync as readFileSync6 } from "fs";
+import { readFileSync as readFileSync4 } from "fs";
 import { createRequire } from "module";
 import { randomBytes } from "crypto";
-import { join as join5 } from "path";
-import { networkInterfaces, homedir as homedir2 } from "os";
+import { join as join3 } from "path";
+import { networkInterfaces, homedir } from "os";
 import { createInterface } from "readline";
 
-// src/cli/config.ts
-import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
-import { homedir } from "os";
-import { join } from "path";
-function getConfigDir() {
-  return process.env["AGENTBNB_DIR"] ?? join(homedir(), ".agentbnb");
-}
-function getConfigPath() {
-  return join(getConfigDir(), "config.json");
-}
-function loadConfig() {
-  const configPath = getConfigPath();
-  if (!existsSync(configPath)) return null;
-  try {
-    const raw = readFileSync(configPath, "utf-8");
-    return JSON.parse(raw);
-  } catch {
-    return null;
-  }
-}
-function saveConfig(config) {
-  const dir = getConfigDir();
-  if (!existsSync(dir)) {
-    mkdirSync(dir, { recursive: true });
-  }
-  writeFileSync(getConfigPath(), JSON.stringify(config, null, 2), "utf-8");
-}
-
 // src/credit/signing.ts
 import { generateKeyPairSync, sign, verify, createPublicKey, createPrivateKey } from "crypto";
-import { writeFileSync as writeFileSync2, readFileSync as readFileSync2, existsSync as existsSync2, chmodSync } from "fs";
-import { join as join2 } from "path";
-
-// src/types/index.ts
-import { z } from "zod";
-var IOSchemaSchema = z.object({
-  name: z.string(),
-  type: z.enum(["text", "json", "file", "audio", "image", "video", "stream"]),
-  description: z.string().optional(),
-  required: z.boolean().default(true),
-  schema: z.record(z.unknown()).optional()
-  // JSON Schema
-});
-var PoweredBySchema = z.object({
-  provider: z.string().min(1),
-  model: z.string().optional(),
-  tier: z.string().optional()
-});
-var CapabilityCardSchema = z.object({
-  spec_version: z.literal("1.0").default("1.0"),
-  id: z.string().uuid(),
-  owner: z.string().min(1),
-  name: z.string().min(1).max(100),
-  description: z.string().max(500),
-  level: z.union([z.literal(1), z.literal(2), z.literal(3)]),
-  inputs: z.array(IOSchemaSchema),
-  outputs: z.array(IOSchemaSchema),
-  pricing: z.object({
-    credits_per_call: z.number().nonnegative(),
-    credits_per_minute: z.number().nonnegative().optional(),
-    /** Number of free monthly calls. Shown as a "N free/mo" badge in the Hub. */
-    free_tier: z.number().nonnegative().optional()
-  }),
-  availability: z.object({
-    online: z.boolean(),
-    schedule: z.string().optional()
-    // cron expression
-  }),
-  powered_by: z.array(PoweredBySchema).optional(),
-  /**
-   * Private per-card metadata. Stripped from all API and CLI responses —
-   * never transmitted beyond the local store.
-   */
-  _internal: z.record(z.unknown()).optional(),
-  metadata: z.object({
-    apis_used: z.array(z.string()).optional(),
-    avg_latency_ms: z.number().nonnegative().optional(),
-    success_rate: z.number().min(0).max(1).optional(),
-    tags: z.array(z.string()).optional()
-  }).optional(),
-  created_at: z.string().datetime().optional(),
-  updated_at: z.string().datetime().optional()
-});
-var SkillSchema = z.object({
-  /** Stable skill identifier, e.g. 'tts-elevenlabs'. Used for gateway routing and idle tracking. */
-  id: z.string().min(1),
-  name: z.string().min(1).max(100),
-  description: z.string().max(500),
-  level: z.union([z.literal(1), z.literal(2), z.literal(3)]),
-  /** Optional grouping category, e.g. 'tts' | 'video_gen' | 'code_review'. */
-  category: z.string().optional(),
-  inputs: z.array(IOSchemaSchema),
-  outputs: z.array(IOSchemaSchema),
-  pricing: z.object({
-    credits_per_call: z.number().nonnegative(),
-    credits_per_minute: z.number().nonnegative().optional(),
-    free_tier: z.number().nonnegative().optional()
-  }),
-  /** Per-skill online flag — overrides card-level availability for this skill. */
-  availability: z.object({ online: z.boolean() }).optional(),
-  powered_by: z.array(PoweredBySchema).optional(),
-  metadata: z.object({
-    apis_used: z.array(z.string()).optional(),
-    avg_latency_ms: z.number().nonnegative().optional(),
-    success_rate: z.number().min(0).max(1).optional(),
-    tags: z.array(z.string()).optional(),
-    capacity: z.object({
-      calls_per_hour: z.number().positive().default(60)
-    }).optional()
-  }).optional(),
-  /**
-   * Private per-skill metadata. Stripped from all API and CLI responses —
-   * never transmitted beyond the local store.
-   */
-  _internal: z.record(z.unknown()).optional()
-});
-var CapabilityCardV2Schema = z.object({
-  spec_version: z.literal("2.0"),
-  id: z.string().uuid(),
-  owner: z.string().min(1),
-  /** Agent display name — was 'name' in v1.0. */
-  agent_name: z.string().min(1).max(100),
-  /** At least one skill is required. */
-  skills: z.array(SkillSchema).min(1),
-  availability: z.object({
-    online: z.boolean(),
-    schedule: z.string().optional()
-  }),
-  /** Optional deployment environment metadata. */
-  environment: z.object({
-    runtime: z.string(),
-    region: z.string().optional()
-  }).optional(),
-  /**
-   * Private per-card metadata. Stripped from all API and CLI responses —
-   * never transmitted beyond the local store.
-   */
-  _internal: z.record(z.unknown()).optional(),
-  created_at: z.string().datetime().optional(),
-  updated_at: z.string().datetime().optional()
-});
-var AnyCardSchema = z.discriminatedUnion("spec_version", [
-  CapabilityCardSchema,
-  CapabilityCardV2Schema
-]);
-var AgentBnBError = class extends Error {
-  constructor(message, code) {
-    super(message);
-    this.code = code;
-    this.name = "AgentBnBError";
-  }
-};
-
-// src/credit/signing.ts
+import { writeFileSync, readFileSync, existsSync, chmodSync } from "fs";
+import { join } from "path";
 function generateKeyPair() {
   const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
     publicKeyEncoding: { type: "spki", format: "der" },
@@ -174,536 +75,95 @@ function generateKeyPair() {
   };
 }
 function saveKeyPair(configDir, keys) {
-  const privatePath = join2(configDir, "private.key");
-  const publicPath = join2(configDir, "public.key");
-  writeFileSync2(privatePath, keys.privateKey);
+  const privatePath = join(configDir, "private.key");
+  const publicPath = join(configDir, "public.key");
+  writeFileSync(privatePath, keys.privateKey);
   chmodSync(privatePath, 384);
-  writeFileSync2(publicPath, keys.publicKey);
+  writeFileSync(publicPath, keys.publicKey);
 }
 function loadKeyPair(configDir) {
-  const privatePath = join2(configDir, "private.key");
-  const publicPath = join2(configDir, "public.key");
-  if (!existsSync2(privatePath) || !existsSync2(publicPath)) {
+  const privatePath = join(configDir, "private.key");
+  const publicPath = join(configDir, "public.key");
+  if (!existsSync(privatePath) || !existsSync(publicPath)) {
     throw new AgentBnBError("Keypair not found. Run `agentbnb init` to generate one.", "KEYPAIR_NOT_FOUND");
   }
   return {
-    publicKey: readFileSync2(publicPath),
-    privateKey: readFileSync2(privatePath)
+    publicKey: readFileSync(publicPath),
+    privateKey: readFileSync(privatePath)
   };
 }
-
-// src/autonomy/tiers.ts
-import { randomUUID } from "crypto";
-var DEFAULT_AUTONOMY_CONFIG = {
-  tier1_max_credits: 0,
-  tier2_max_credits: 0
-};
-function getAutonomyTier(creditAmount, config) {
-  if (creditAmount < config.tier1_max_credits) return 1;
-  if (creditAmount < config.tier2_max_credits) return 2;
-  return 3;
+function canonicalJson(data) {
+  return JSON.stringify(data, Object.keys(data).sort());
 }
-function insertAuditEvent(db, event) {
-  const isShareEvent = event.type === "auto_share" || event.type === "auto_share_notify" || event.type === "auto_share_pending";
-  const cardId = isShareEvent ? "system" : event.card_id;
-  const creditsCharged = isShareEvent ? 0 : event.credits;
-  const stmt = db.prepare(`
-    INSERT INTO request_log (
-      id, card_id, card_name, requester, status, latency_ms, credits_charged,
-      created_at, skill_id, action_type, tier_invoked
-    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-  `);
-  stmt.run(
-    randomUUID(),
-    cardId,
-    "autonomy-audit",
-    "self",
-    "success",
-    0,
-    creditsCharged,
-    (/* @__PURE__ */ new Date()).toISOString(),
-    event.skill_id,
-    event.type,
-    event.tier_invoked
-  );
+function signEscrowReceipt(data, privateKey) {
+  const message = Buffer.from(canonicalJson(data), "utf-8");
+  const keyObject = createPrivateKey({ key: privateKey, format: "der", type: "pkcs8" });
+  const signature = sign(null, message, keyObject);
+  return signature.toString("base64url");
 }
-
-// src/autonomy/idle-monitor.ts
-import { Cron } from "croner";
-
-// src/registry/store.ts
-import Database from "better-sqlite3";
-
-// src/registry/request-log.ts
-var SINCE_MS = {
-  "24h": 864e5,
-  "7d": 6048e5,
-  "30d": 2592e6
-};
-function createRequestLogTable(db) {
-  db.exec(`
-    CREATE TABLE IF NOT EXISTS request_log (
-      id TEXT PRIMARY KEY,
-      card_id TEXT NOT NULL,
-      card_name TEXT NOT NULL,
-      requester TEXT NOT NULL,
-      status TEXT NOT NULL CHECK(status IN ('success', 'failure', 'timeout')),
-      latency_ms INTEGER NOT NULL,
-      credits_charged INTEGER NOT NULL,
-      created_at TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS request_log_created_at_idx
-      ON request_log (created_at DESC);
-  `);
+function verifyEscrowReceipt(data, signature, publicKey) {
   try {
-    db.exec("ALTER TABLE request_log ADD COLUMN skill_id TEXT");
-  } catch {
-  }
-  try {
-    db.exec("ALTER TABLE request_log ADD COLUMN action_type TEXT");
-  } catch {
-  }
-  try {
-    db.exec("ALTER TABLE request_log ADD COLUMN tier_invoked INTEGER");
+    const message = Buffer.from(canonicalJson(data), "utf-8");
+    const keyObject = createPublicKey({ key: publicKey, format: "der", type: "spki" });
+    const sigBuffer = Buffer.from(signature, "base64url");
+    return verify(null, message, keyObject, sigBuffer);
   } catch {
+    return false;
   }
 }
-function insertRequestLog(db, entry) {
-  const stmt = db.prepare(`
-    INSERT INTO request_log (id, card_id, card_name, requester, status, latency_ms, credits_charged, created_at, skill_id, action_type, tier_invoked)
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-  `);
-  stmt.run(
-    entry.id,
-    entry.card_id,
-    entry.card_name,
-    entry.requester,
-    entry.status,
-    entry.latency_ms,
-    entry.credits_charged,
-    entry.created_at,
-    entry.skill_id ?? null,
-    entry.action_type ?? null,
-    entry.tier_invoked ?? null
-  );
-}
-function getSkillRequestCount(db, skillId, windowMs) {
-  const cutoff = new Date(Date.now() - windowMs).toISOString();
-  const stmt = db.prepare(
-    `SELECT COUNT(*) as cnt FROM request_log
-     WHERE skill_id = ? AND created_at >= ? AND status = 'success' AND action_type IS NULL`
-  );
-  const row = stmt.get(skillId, cutoff);
-  return row.cnt;
-}
-function getActivityFeed(db, limit = 20, since) {
-  const effectiveLimit = Math.min(limit, 100);
-  if (since !== void 0) {
-    const stmt2 = db.prepare(`
-      SELECT r.id, r.card_name, r.requester, c.owner AS provider,
-             r.status, r.credits_charged, r.latency_ms, r.created_at, r.action_type
-      FROM request_log r
-      LEFT JOIN capability_cards c ON r.card_id = c.id
-      WHERE (r.action_type IS NULL OR r.action_type = 'auto_share')
-        AND r.created_at > ?
-      ORDER BY r.created_at DESC
-      LIMIT ?
-    `);
-    return stmt2.all(since, effectiveLimit);
-  }
-  const stmt = db.prepare(`
-    SELECT r.id, r.card_name, r.requester, c.owner AS provider,
-           r.status, r.credits_charged, r.latency_ms, r.created_at, r.action_type
-    FROM request_log r
-    LEFT JOIN capability_cards c ON r.card_id = c.id
-    WHERE (r.action_type IS NULL OR r.action_type = 'auto_share')
-    ORDER BY r.created_at DESC
-    LIMIT ?
-  `);
-  return stmt.all(effectiveLimit);
-}
-function getRequestLog(db, limit = 10, since) {
-  if (since !== void 0) {
-    const cutoff = new Date(Date.now() - SINCE_MS[since]).toISOString();
-    const stmt2 = db.prepare(`
-      SELECT id, card_id, card_name, requester, status, latency_ms, credits_charged, created_at, skill_id, action_type, tier_invoked
-      FROM request_log
-      WHERE created_at >= ?
-      ORDER BY created_at DESC
-      LIMIT ?
-    `);
-    return stmt2.all(cutoff, limit);
-  }
-  const stmt = db.prepare(`
-    SELECT id, card_id, card_name, requester, status, latency_ms, credits_charged, created_at, skill_id, action_type, tier_invoked
-    FROM request_log
-    ORDER BY created_at DESC
-    LIMIT ?
-  `);
-  return stmt.all(limit);
-}
 
-// src/registry/store.ts
-var V2_FTS_TRIGGERS = `
-  DROP TRIGGER IF EXISTS cards_ai;
-  DROP TRIGGER IF EXISTS cards_au;
-  DROP TRIGGER IF EXISTS cards_ad;
-
-  CREATE TRIGGER cards_ai AFTER INSERT ON capability_cards BEGIN
-    INSERT INTO cards_fts(rowid, id, owner, name, description, tags)
-    VALUES (
-      new.rowid,
-      new.id,
-      new.owner,
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.name'), ' ')
-         FROM json_each(json_extract(new.data, '$.skills'))),
-        json_extract(new.data, '$.name'),
-        ''
-      ),
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.description'), ' ')
-         FROM json_each(json_extract(new.data, '$.skills'))),
-        json_extract(new.data, '$.description'),
-        ''
-      ),
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
-         FROM json_each(json_extract(new.data, '$.skills'))),
-        (SELECT group_concat(value, ' ')
-         FROM json_each(json_extract(new.data, '$.metadata.tags'))),
-        ''
-      )
-    );
-  END;
-
-  CREATE TRIGGER cards_au AFTER UPDATE ON capability_cards BEGIN
-    INSERT INTO cards_fts(cards_fts, rowid, id, owner, name, description, tags)
-    VALUES (
-      'delete',
-      old.rowid,
-      old.id,
-      old.owner,
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.name'), ' ')
-         FROM json_each(json_extract(old.data, '$.skills'))),
-        json_extract(old.data, '$.name'),
-        ''
-      ),
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.description'), ' ')
-         FROM json_each(json_extract(old.data, '$.skills'))),
-        json_extract(old.data, '$.description'),
-        ''
-      ),
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
-         FROM json_each(json_extract(old.data, '$.skills'))),
-        (SELECT group_concat(value, ' ')
-         FROM json_each(json_extract(old.data, '$.metadata.tags'))),
-        ''
-      )
-    );
-    INSERT INTO cards_fts(rowid, id, owner, name, description, tags)
-    VALUES (
-      new.rowid,
-      new.id,
-      new.owner,
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.name'), ' ')
-         FROM json_each(json_extract(new.data, '$.skills'))),
-        json_extract(new.data, '$.name'),
-        ''
-      ),
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.description'), ' ')
-         FROM json_each(json_extract(new.data, '$.skills'))),
-        json_extract(new.data, '$.description'),
-        ''
-      ),
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
-         FROM json_each(json_extract(new.data, '$.skills'))),
-        (SELECT group_concat(value, ' ')
-         FROM json_each(json_extract(new.data, '$.metadata.tags'))),
-        ''
-      )
-    );
-  END;
-
-  CREATE TRIGGER cards_ad AFTER DELETE ON capability_cards BEGIN
-    INSERT INTO cards_fts(cards_fts, rowid, id, owner, name, description, tags)
-    VALUES (
-      'delete',
-      old.rowid,
-      old.id,
-      old.owner,
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.name'), ' ')
-         FROM json_each(json_extract(old.data, '$.skills'))),
-        json_extract(old.data, '$.name'),
-        ''
-      ),
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.description'), ' ')
-         FROM json_each(json_extract(old.data, '$.skills'))),
-        json_extract(old.data, '$.description'),
-        ''
-      ),
-      COALESCE(
-        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
-         FROM json_each(json_extract(old.data, '$.skills'))),
-        (SELECT group_concat(value, ' ')
-         FROM json_each(json_extract(old.data, '$.metadata.tags'))),
-        ''
-      )
-    );
-  END;
-`;
-function openDatabase(path = ":memory:") {
-  const db = new Database(path);
-  db.pragma("journal_mode = WAL");
-  db.pragma("foreign_keys = ON");
-  db.exec(`
-    CREATE TABLE IF NOT EXISTS capability_cards (
-      id TEXT PRIMARY KEY,
-      owner TEXT NOT NULL,
-      data TEXT NOT NULL,
-      created_at TEXT NOT NULL,
-      updated_at TEXT NOT NULL
-    );
-
-    CREATE TABLE IF NOT EXISTS pending_requests (
-      id TEXT PRIMARY KEY,
-      skill_query TEXT NOT NULL,
-      max_cost_credits REAL NOT NULL,
-      selected_peer TEXT,
-      selected_card_id TEXT,
-      selected_skill_id TEXT,
-      credits REAL NOT NULL,
-      status TEXT NOT NULL DEFAULT 'pending',
-      params TEXT,
-      created_at TEXT NOT NULL,
-      resolved_at TEXT
-    );
-
-    CREATE VIRTUAL TABLE IF NOT EXISTS cards_fts USING fts5(
-      id UNINDEXED,
-      owner,
-      name,
-      description,
-      tags,
-      content=""
-    );
-  `);
-  createRequestLogTable(db);
-  runMigrations(db);
-  return db;
-}
-function runMigrations(db) {
-  const version = db.pragma("user_version")[0]?.user_version ?? 0;
-  if (version < 2) {
-    migrateV1toV2(db);
-  }
-}
-function migrateV1toV2(db) {
-  const migrate = db.transaction(() => {
-    const rows = db.prepare("SELECT rowid, id, data FROM capability_cards").all();
-    const now = (/* @__PURE__ */ new Date()).toISOString();
-    for (const row of rows) {
-      const parsed = JSON.parse(row.data);
-      if (parsed["spec_version"] === "2.0") continue;
-      const v1 = parsed;
-      const v2 = {
-        spec_version: "2.0",
-        id: v1.id,
-        owner: v1.owner,
-        agent_name: v1.name,
-        skills: [
-          {
-            id: `skill-${v1.id}`,
-            name: v1.name,
-            description: v1.description,
-            level: v1.level,
-            inputs: v1.inputs,
-            outputs: v1.outputs,
-            pricing: v1.pricing,
-            availability: { online: v1.availability.online },
-            powered_by: v1.powered_by,
-            metadata: v1.metadata,
-            _internal: v1._internal
-          }
-        ],
-        availability: v1.availability,
-        created_at: v1.created_at,
-        updated_at: now
-      };
-      db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(
-        JSON.stringify(v2),
-        now,
-        v2.id
-      );
-    }
-    db.exec(V2_FTS_TRIGGERS);
-    db.exec(`INSERT INTO cards_fts(cards_fts) VALUES('delete-all')`);
-    const allRows = db.prepare("SELECT rowid, id, owner, data FROM capability_cards").all();
-    const ftsInsert = db.prepare(
-      "INSERT INTO cards_fts(rowid, id, owner, name, description, tags) VALUES (?, ?, ?, ?, ?, ?)"
-    );
-    for (const row of allRows) {
-      const data = JSON.parse(row.data);
-      const skills = data["skills"] ?? [];
-      let name;
-      let description;
-      let tags;
-      if (skills.length > 0) {
-        name = skills.map((s) => String(s["name"] ?? "")).join(" ");
-        description = skills.map((s) => String(s["description"] ?? "")).join(" ");
-        tags = skills.flatMap((s) => {
-          const meta = s["metadata"];
-          return meta?.["tags"] ?? [];
-        }).join(" ");
-      } else {
-        name = String(data["name"] ?? "");
-        description = String(data["description"] ?? "");
-        const meta = data["metadata"];
-        const rawTags = meta?.["tags"] ?? [];
-        tags = rawTags.join(" ");
-      }
-      ftsInsert.run(row.rowid, row.id, row.owner, name, description, tags);
-    }
-    db.pragma("user_version = 2");
-  });
-  migrate();
-}
-function insertCard(db, card) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const withTimestamps = { ...card, created_at: card.created_at ?? now, updated_at: now };
-  const parsed = CapabilityCardSchema.safeParse(withTimestamps);
-  if (!parsed.success) {
-    throw new AgentBnBError(
-      `Card validation failed: ${parsed.error.message}`,
-      "VALIDATION_ERROR"
-    );
-  }
-  const stmt = db.prepare(`
-    INSERT INTO capability_cards (id, owner, data, created_at, updated_at)
-    VALUES (?, ?, ?, ?, ?)
-  `);
-  stmt.run(
-    parsed.data.id,
-    parsed.data.owner,
-    JSON.stringify(parsed.data),
-    parsed.data.created_at ?? now,
-    parsed.data.updated_at ?? now
-  );
-}
-function getCard(db, id) {
-  const stmt = db.prepare("SELECT data FROM capability_cards WHERE id = ?");
-  const row = stmt.get(id);
-  if (!row) return null;
-  return JSON.parse(row.data);
-}
-function updateCard(db, id, owner, updates) {
-  const existing = getCard(db, id);
-  if (!existing) {
-    throw new AgentBnBError(`Card not found: ${id}`, "NOT_FOUND");
-  }
-  if (existing.owner !== owner) {
-    throw new AgentBnBError("Forbidden: you do not own this card", "FORBIDDEN");
-  }
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const merged = { ...existing, ...updates, updated_at: now };
-  const parsed = CapabilityCardSchema.safeParse(merged);
-  if (!parsed.success) {
-    throw new AgentBnBError(
-      `Card validation failed: ${parsed.error.message}`,
-      "VALIDATION_ERROR"
-    );
-  }
-  const stmt = db.prepare(`
-    UPDATE capability_cards
-    SET data = ?, updated_at = ?
-    WHERE id = ?
-  `);
-  stmt.run(JSON.stringify(parsed.data), now, id);
-}
-function updateReputation(db, cardId, success, latencyMs) {
-  const existing = getCard(db, cardId);
-  if (!existing) return;
-  const ALPHA = 0.1;
-  const observed = success ? 1 : 0;
-  const prevSuccessRate = existing.metadata?.success_rate;
-  const prevLatency = existing.metadata?.avg_latency_ms;
-  const newSuccessRate = prevSuccessRate === void 0 ? observed : ALPHA * observed + (1 - ALPHA) * prevSuccessRate;
-  const newLatency = prevLatency === void 0 ? latencyMs : ALPHA * latencyMs + (1 - ALPHA) * prevLatency;
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const updatedMetadata = {
-    ...existing.metadata,
-    success_rate: Math.round(newSuccessRate * 1e3) / 1e3,
-    avg_latency_ms: Math.round(newLatency)
+// src/credit/escrow-receipt.ts
+import { z } from "zod";
+import { randomUUID } from "crypto";
+var EscrowReceiptSchema = z.object({
+  requester_owner: z.string().min(1),
+  requester_public_key: z.string().min(1),
+  amount: z.number().positive(),
+  card_id: z.string().min(1),
+  skill_id: z.string().optional(),
+  timestamp: z.string(),
+  nonce: z.string().uuid(),
+  signature: z.string().min(1)
+});
+function createSignedEscrowReceipt(db, privateKey, publicKey, opts) {
+  const escrowId = holdEscrow(db, opts.owner, opts.amount, opts.cardId);
+  const receiptData = {
+    requester_owner: opts.owner,
+    requester_public_key: publicKey.toString("hex"),
+    amount: opts.amount,
+    card_id: opts.cardId,
+    ...opts.skillId ? { skill_id: opts.skillId } : {},
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    nonce: randomUUID()
   };
-  const updatedCard = { ...existing, metadata: updatedMetadata, updated_at: now };
-  const stmt = db.prepare(`
-    UPDATE capability_cards
-    SET data = ?, updated_at = ?
-    WHERE id = ?
-  `);
-  stmt.run(JSON.stringify(updatedCard), now, cardId);
+  const signature = signEscrowReceipt(receiptData, privateKey);
+  const receipt = {
+    ...receiptData,
+    signature
+  };
+  return { escrowId, receipt };
 }
-function updateSkillAvailability(db, cardId, skillId, online) {
-  const row = db.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
-  if (!row) return;
-  const card = JSON.parse(row.data);
-  const skills = card["skills"];
-  if (!skills) return;
-  const skill = skills.find((s) => s["id"] === skillId);
-  if (!skill) return;
-  const existing = skill["availability"] ?? {};
-  skill["availability"] = { ...existing, online };
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(
-    JSON.stringify(card),
-    now,
-    cardId
+
+// src/credit/settlement.ts
+function settleProviderEarning(providerDb, providerOwner, receipt) {
+  recordEarning(
+    providerDb,
+    providerOwner,
+    receipt.amount,
+    receipt.card_id,
+    receipt.nonce
   );
+  return { settled: true };
 }
-function updateSkillIdleRate(db, cardId, skillId, idleRate) {
-  const row = db.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
-  if (!row) return;
-  const card = JSON.parse(row.data);
-  const skills = card["skills"];
-  if (!skills) return;
-  const skill = skills.find((s) => s["id"] === skillId);
-  if (!skill) return;
-  const existing = skill["_internal"] ?? {};
-  skill["_internal"] = {
-    ...existing,
-    idle_rate: idleRate,
-    idle_rate_computed_at: (/* @__PURE__ */ new Date()).toISOString()
-  };
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(
-    JSON.stringify(card),
-    now,
-    cardId
-  );
+function settleRequesterEscrow(requesterDb, escrowId) {
+  confirmEscrowDebit(requesterDb, escrowId);
 }
-function listCards(db, owner) {
-  let stmt;
-  let rows;
-  if (owner !== void 0) {
-    stmt = db.prepare("SELECT data FROM capability_cards WHERE owner = ?");
-    rows = stmt.all(owner);
-  } else {
-    stmt = db.prepare("SELECT data FROM capability_cards");
-    rows = stmt.all();
-  }
-  return rows.map((row) => JSON.parse(row.data));
+function releaseRequesterEscrow(requesterDb, escrowId) {
+  releaseEscrow(requesterDb, escrowId);
 }
 
 // src/autonomy/idle-monitor.ts
+import { Cron } from "croner";
 var IdleMonitor = class {
   job;
   owner;
@@ -795,566 +255,6 @@ var IdleMonitor = class {
   }
 };
 
-// src/credit/ledger.ts
-import Database2 from "better-sqlite3";
-import { randomUUID as randomUUID2 } from "crypto";
-var CREDIT_SCHEMA = `
-  CREATE TABLE IF NOT EXISTS credit_balances (
-    owner TEXT PRIMARY KEY,
-    balance INTEGER NOT NULL DEFAULT 0,
-    updated_at TEXT NOT NULL
-  );
-
-  CREATE TABLE IF NOT EXISTS credit_transactions (
-    id TEXT PRIMARY KEY,
-    owner TEXT NOT NULL,
-    amount INTEGER NOT NULL,
-    reason TEXT NOT NULL,
-    reference_id TEXT,
-    created_at TEXT NOT NULL
-  );
-
-  CREATE TABLE IF NOT EXISTS credit_escrow (
-    id TEXT PRIMARY KEY,
-    owner TEXT NOT NULL,
-    amount INTEGER NOT NULL,
-    card_id TEXT NOT NULL,
-    status TEXT NOT NULL DEFAULT 'held',
-    created_at TEXT NOT NULL,
-    settled_at TEXT
-  );
-
-  CREATE INDEX IF NOT EXISTS idx_transactions_owner ON credit_transactions(owner, created_at);
-  CREATE INDEX IF NOT EXISTS idx_escrow_owner ON credit_escrow(owner);
-`;
-function openCreditDb(path = ":memory:") {
-  const db = new Database2(path);
-  db.pragma("journal_mode = WAL");
-  db.pragma("foreign_keys = ON");
-  db.exec(CREDIT_SCHEMA);
-  return db;
-}
-function bootstrapAgent(db, owner, amount = 100) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  db.transaction(() => {
-    const result = db.prepare("INSERT OR IGNORE INTO credit_balances (owner, balance, updated_at) VALUES (?, ?, ?)").run(owner, amount, now);
-    if (result.changes > 0) {
-      db.prepare(
-        "INSERT INTO credit_transactions (id, owner, amount, reason, reference_id, created_at) VALUES (?, ?, ?, ?, ?, ?)"
-      ).run(randomUUID2(), owner, amount, "bootstrap", null, now);
-    }
-  })();
-}
-function getBalance(db, owner) {
-  const row = db.prepare("SELECT balance FROM credit_balances WHERE owner = ?").get(owner);
-  return row?.balance ?? 0;
-}
-function getTransactions(db, owner, limit = 100) {
-  return db.prepare(
-    "SELECT id, owner, amount, reason, reference_id, created_at FROM credit_transactions WHERE owner = ? ORDER BY created_at DESC LIMIT ?"
-  ).all(owner, limit);
-}
-
-// src/credit/budget.ts
-var DEFAULT_BUDGET_CONFIG = {
-  reserve_credits: 20
-};
-var BudgetManager = class {
-  /**
-   * Creates a new BudgetManager.
-   *
-   * @param creditDb - The credit SQLite database instance.
-   * @param owner - Agent owner identifier.
-   * @param config - Budget configuration. Defaults to DEFAULT_BUDGET_CONFIG (20 credit reserve).
-   */
-  constructor(creditDb, owner, config = DEFAULT_BUDGET_CONFIG) {
-    this.creditDb = creditDb;
-    this.owner = owner;
-    this.config = config;
-  }
-  /**
-   * Returns the number of credits available for spending.
-   * Computed as: max(0, balance - reserve_credits).
-   * Always returns a non-negative number — never goes below zero.
-   *
-   * @returns Available credits (balance minus reserve, floored at 0).
-   */
-  availableCredits() {
-    const balance = getBalance(this.creditDb, this.owner);
-    return Math.max(0, balance - this.config.reserve_credits);
-  }
-  /**
-   * Returns true if spending `amount` credits is permitted by budget rules.
-   *
-   * Rules:
-   * - Zero-cost calls (amount <= 0) always return true.
-   * - Any positive amount requires availableCredits() >= amount.
-   * - If balance is at or below the reserve floor, all positive-cost calls return false.
-   *
-   * @param amount - Number of credits to spend.
-   * @returns true if the spend is allowed, false if it would breach the reserve floor.
-   */
-  canSpend(amount) {
-    if (amount <= 0) return true;
-    return this.availableCredits() >= amount;
-  }
-};
-
-// src/registry/matcher.ts
-function searchCards(db, query, filters = {}) {
-  const words = query.trim().split(/\s+/).map((w) => w.replace(/"/g, "")).filter((w) => w.length > 0);
-  if (words.length === 0) return [];
-  const ftsQuery = words.map((w) => `"${w}"`).join(" OR ");
-  const conditions = [];
-  const params = [ftsQuery];
-  if (filters.level !== void 0) {
-    conditions.push(`json_extract(cc.data, '$.level') = ?`);
-    params.push(filters.level);
-  }
-  if (filters.online !== void 0) {
-    conditions.push(`json_extract(cc.data, '$.availability.online') = ?`);
-    params.push(filters.online ? 1 : 0);
-  }
-  const whereClause = conditions.length > 0 ? `AND ${conditions.join(" AND ")}` : "";
-  const sql = `
-    SELECT cc.data
-    FROM capability_cards cc
-    JOIN cards_fts ON cc.rowid = cards_fts.rowid
-    WHERE cards_fts MATCH ?
-      ${whereClause}
-    ORDER BY bm25(cards_fts)
-    LIMIT 50
-  `;
-  const stmt = db.prepare(sql);
-  const rows = stmt.all(...params);
-  const results = rows.map((row) => JSON.parse(row.data));
-  if (filters.apis_used && filters.apis_used.length > 0) {
-    const requiredApis = filters.apis_used;
-    return results.filter((card) => {
-      const cardApis = card.metadata?.apis_used ?? [];
-      return requiredApis.every((api) => cardApis.includes(api));
-    });
-  }
-  return results;
-}
-function filterCards(db, filters) {
-  const conditions = [];
-  const params = [];
-  if (filters.level !== void 0) {
-    conditions.push(`json_extract(data, '$.level') = ?`);
-    params.push(filters.level);
-  }
-  if (filters.online !== void 0) {
-    conditions.push(`json_extract(data, '$.availability.online') = ?`);
-    params.push(filters.online ? 1 : 0);
-  }
-  const whereClause = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
-  const sql = `SELECT data FROM capability_cards ${whereClause}`;
-  const stmt = db.prepare(sql);
-  const rows = stmt.all(...params);
-  return rows.map((row) => JSON.parse(row.data));
-}
-
-// src/credit/escrow.ts
-import { randomUUID as randomUUID3 } from "crypto";
-function holdEscrow(db, owner, amount, cardId) {
-  const escrowId = randomUUID3();
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const hold = db.transaction(() => {
-    const row = db.prepare("SELECT balance FROM credit_balances WHERE owner = ?").get(owner);
-    if (!row || row.balance < amount) {
-      throw new AgentBnBError("Insufficient credits", "INSUFFICIENT_CREDITS");
-    }
-    db.prepare(
-      "UPDATE credit_balances SET balance = balance - ?, updated_at = ? WHERE owner = ? AND balance >= ?"
-    ).run(amount, now, owner, amount);
-    db.prepare(
-      "INSERT INTO credit_escrow (id, owner, amount, card_id, status, created_at) VALUES (?, ?, ?, ?, ?, ?)"
-    ).run(escrowId, owner, amount, cardId, "held", now);
-    db.prepare(
-      "INSERT INTO credit_transactions (id, owner, amount, reason, reference_id, created_at) VALUES (?, ?, ?, ?, ?, ?)"
-    ).run(randomUUID3(), owner, -amount, "escrow_hold", escrowId, now);
-  });
-  hold();
-  return escrowId;
-}
-function settleEscrow(db, escrowId, recipientOwner) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const settle = db.transaction(() => {
-    const escrow = db.prepare("SELECT id, owner, amount, status FROM credit_escrow WHERE id = ?").get(escrowId);
-    if (!escrow) {
-      throw new AgentBnBError(`Escrow not found: ${escrowId}`, "ESCROW_NOT_FOUND");
-    }
-    if (escrow.status !== "held") {
-      throw new AgentBnBError(
-        `Escrow ${escrowId} is already ${escrow.status}`,
-        "ESCROW_ALREADY_SETTLED"
-      );
-    }
-    db.prepare(
-      "INSERT OR IGNORE INTO credit_balances (owner, balance, updated_at) VALUES (?, 0, ?)"
-    ).run(recipientOwner, now);
-    db.prepare(
-      "UPDATE credit_balances SET balance = balance + ?, updated_at = ? WHERE owner = ?"
-    ).run(escrow.amount, now, recipientOwner);
-    db.prepare(
-      "UPDATE credit_escrow SET status = ?, settled_at = ? WHERE id = ?"
-    ).run("settled", now, escrowId);
-    db.prepare(
-      "INSERT INTO credit_transactions (id, owner, amount, reason, reference_id, created_at) VALUES (?, ?, ?, ?, ?, ?)"
-    ).run(randomUUID3(), recipientOwner, escrow.amount, "settlement", escrowId, now);
-  });
-  settle();
-}
-function releaseEscrow(db, escrowId) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const release = db.transaction(() => {
-    const escrow = db.prepare("SELECT id, owner, amount, status FROM credit_escrow WHERE id = ?").get(escrowId);
-    if (!escrow) {
-      throw new AgentBnBError(`Escrow not found: ${escrowId}`, "ESCROW_NOT_FOUND");
-    }
-    if (escrow.status !== "held") {
-      throw new AgentBnBError(
-        `Escrow ${escrowId} is already ${escrow.status}`,
-        "ESCROW_ALREADY_SETTLED"
-      );
-    }
-    db.prepare(
-      "UPDATE credit_balances SET balance = balance + ?, updated_at = ? WHERE owner = ?"
-    ).run(escrow.amount, now, escrow.owner);
-    db.prepare(
-      "UPDATE credit_escrow SET status = ?, settled_at = ? WHERE id = ?"
-    ).run("released", now, escrowId);
-    db.prepare(
-      "INSERT INTO credit_transactions (id, owner, amount, reason, reference_id, created_at) VALUES (?, ?, ?, ?, ?, ?)"
-    ).run(randomUUID3(), escrow.owner, escrow.amount, "refund", escrowId, now);
-  });
-  release();
-}
-
-// src/gateway/client.ts
-import { randomUUID as randomUUID4 } from "crypto";
-async function requestCapability(opts) {
-  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4 } = opts;
-  const id = randomUUID4();
-  const payload = {
-    jsonrpc: "2.0",
-    id,
-    method: "capability.execute",
-    params: { card_id: cardId, ...params }
-  };
-  const controller = new AbortController();
-  const timer = setTimeout(() => controller.abort(), timeoutMs);
-  let response;
-  try {
-    response = await fetch(`${gatewayUrl}/rpc`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`
-      },
-      body: JSON.stringify(payload),
-      signal: controller.signal
-    });
-  } catch (err) {
-    clearTimeout(timer);
-    const isTimeout = err instanceof Error && err.name === "AbortError";
-    throw new AgentBnBError(
-      isTimeout ? "Request timed out" : `Network error: ${String(err)}`,
-      isTimeout ? "TIMEOUT" : "NETWORK_ERROR"
-    );
-  } finally {
-    clearTimeout(timer);
-  }
-  const body = await response.json();
-  if (body.error) {
-    throw new AgentBnBError(body.error.message, `RPC_ERROR_${body.error.code}`);
-  }
-  return body.result;
-}
-
-// src/autonomy/pending-requests.ts
-import { randomUUID as randomUUID5 } from "crypto";
-function createPendingRequest(db, opts) {
-  const id = randomUUID5();
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const paramsJson = opts.params !== void 0 ? JSON.stringify(opts.params) : null;
-  db.prepare(`
-    INSERT INTO pending_requests (
-      id, skill_query, max_cost_credits, selected_peer, selected_card_id,
-      selected_skill_id, credits, status, params, created_at, resolved_at
-    ) VALUES (?, ?, ?, ?, ?, ?, ?, 'pending', ?, ?, NULL)
-  `).run(
-    id,
-    opts.skill_query,
-    opts.max_cost_credits,
-    opts.selected_peer ?? null,
-    opts.selected_card_id ?? null,
-    opts.selected_skill_id ?? null,
-    opts.credits,
-    paramsJson,
-    now
-  );
-  return id;
-}
-function listPendingRequests(db) {
-  const rows = db.prepare(`SELECT * FROM pending_requests WHERE status = 'pending' ORDER BY created_at DESC`).all();
-  return rows;
-}
-function resolvePendingRequest(db, id, resolution) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const result = db.prepare(
-    `UPDATE pending_requests SET status = ?, resolved_at = ? WHERE id = ?`
-  ).run(resolution, now, id);
-  if (result.changes === 0) {
-    throw new AgentBnBError(
-      `Pending request not found: ${id}`,
-      "NOT_FOUND"
-    );
-  }
-}
-
-// src/cli/peers.ts
-import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, existsSync as existsSync3, mkdirSync as mkdirSync2 } from "fs";
-import { join as join3 } from "path";
-function getPeersPath() {
-  return join3(getConfigDir(), "peers.json");
-}
-function loadPeers() {
-  const peersPath = getPeersPath();
-  if (!existsSync3(peersPath)) {
-    return [];
-  }
-  try {
-    const raw = readFileSync3(peersPath, "utf-8");
-    return JSON.parse(raw);
-  } catch {
-    return [];
-  }
-}
-function writePeers(peers) {
-  const dir = getConfigDir();
-  if (!existsSync3(dir)) {
-    mkdirSync2(dir, { recursive: true });
-  }
-  writeFileSync3(getPeersPath(), JSON.stringify(peers, null, 2), "utf-8");
-}
-function savePeer(peer) {
-  const peers = loadPeers();
-  const lowerName = peer.name.toLowerCase();
-  const existing = peers.findIndex((p) => p.name.toLowerCase() === lowerName);
-  if (existing >= 0) {
-    peers[existing] = peer;
-  } else {
-    peers.push(peer);
-  }
-  writePeers(peers);
-}
-function removePeer(name) {
-  const peers = loadPeers();
-  const lowerName = name.toLowerCase();
-  const filtered = peers.filter((p) => p.name.toLowerCase() !== lowerName);
-  if (filtered.length === peers.length) {
-    return false;
-  }
-  writePeers(filtered);
-  return true;
-}
-function findPeer(name) {
-  const peers = loadPeers();
-  const lowerName = name.toLowerCase();
-  return peers.find((p) => p.name.toLowerCase() === lowerName) ?? null;
-}
-
-// src/autonomy/auto-request.ts
-function minMaxNormalize(values) {
-  if (values.length === 0) return [];
-  if (values.length === 1) return [1];
-  const min = Math.min(...values);
-  const max = Math.max(...values);
-  if (max === min) {
-    return values.map(() => 1);
-  }
-  return values.map((v) => (v - min) / (max - min));
-}
-function scorePeers(candidates, selfOwner) {
-  const eligible = candidates.filter((c) => c.card.owner !== selfOwner);
-  if (eligible.length === 0) return [];
-  const successRates = eligible.map((c) => c.card.metadata?.success_rate ?? 0.5);
-  const costEfficiencies = eligible.map((c) => c.cost === 0 ? 1 : 1 / c.cost);
-  const idleRates = eligible.map((c) => {
-    const internal = c.card._internal;
-    const idleRate = internal?.idle_rate;
-    return typeof idleRate === "number" ? idleRate : 1;
-  });
-  const normSuccess = minMaxNormalize(successRates);
-  const normCost = minMaxNormalize(costEfficiencies);
-  const normIdle = minMaxNormalize(idleRates);
-  const scored = eligible.map((c, i) => ({
-    ...c,
-    rawScore: (normSuccess[i] ?? 0) * (normCost[i] ?? 0) * (normIdle[i] ?? 0)
-  }));
-  scored.sort((a, b) => b.rawScore - a.rawScore);
-  return scored;
-}
-var AutoRequestor = class {
-  owner;
-  registryDb;
-  creditDb;
-  autonomyConfig;
-  budgetManager;
-  /**
-   * Creates a new AutoRequestor.
-   *
-   * @param opts - Configuration for this AutoRequestor instance.
-   */
-  constructor(opts) {
-    this.owner = opts.owner;
-    this.registryDb = opts.registryDb;
-    this.creditDb = opts.creditDb;
-    this.autonomyConfig = opts.autonomyConfig;
-    this.budgetManager = opts.budgetManager;
-  }
-  /**
-   * Executes an autonomous capability request.
-   *
-   * Performs the full flow:
-   * 1. Search for matching capability cards
-   * 2. Filter self-owned and over-budget candidates
-   * 3. Score candidates using min-max normalized composite scoring
-   * 4. Resolve peer gateway config
-   * 5. Check autonomy tier (Tier 3 queues to pending_requests)
-   * 6. Check budget reserve
-   * 7. Hold escrow
-   * 8. Execute via peer gateway
-   * 9. Settle or release escrow based on outcome
-   * 10. Log audit event (for Tier 2 notifications and all failures)
-   *
-   * @param need - The capability need to fulfill.
-   * @returns The result of the auto-request attempt.
-   */
-  async requestWithAutonomy(need) {
-    const cards = searchCards(this.registryDb, need.query, { online: true });
-    const candidates = [];
-    for (const card of cards) {
-      const cardAsV2 = card;
-      if (Array.isArray(cardAsV2.skills)) {
-        for (const skill of cardAsV2.skills) {
-          const cost = skill.pricing.credits_per_call;
-          if (cost <= need.maxCostCredits) {
-            candidates.push({ card, cost, skillId: skill.id });
-          }
-        }
-      } else {
-        const cost = card.pricing.credits_per_call;
-        if (cost <= need.maxCostCredits) {
-          candidates.push({ card, cost, skillId: void 0 });
-        }
-      }
-    }
-    const scored = scorePeers(candidates, this.owner);
-    if (scored.length === 0) {
-      this.logFailure("auto_request_failed", "system", "none", 3, 0, "none", "No eligible peer found");
-      return { status: "no_peer", reason: "No eligible peer found" };
-    }
-    const top = scored[0];
-    const peerConfig = findPeer(top.card.owner);
-    if (!peerConfig) {
-      this.logFailure("auto_request_failed", top.card.id, top.skillId ?? "none", 3, top.cost, top.card.owner, "No gateway config for peer");
-      return { status: "no_peer", reason: "No gateway config for peer" };
-    }
-    const tier = getAutonomyTier(top.cost, this.autonomyConfig);
-    if (tier === 3) {
-      createPendingRequest(this.registryDb, {
-        skill_query: need.query,
-        max_cost_credits: need.maxCostCredits,
-        credits: top.cost,
-        selected_peer: top.card.owner,
-        selected_card_id: top.card.id,
-        selected_skill_id: top.skillId,
-        params: need.params
-      });
-      insertAuditEvent(this.registryDb, {
-        type: "auto_request_pending",
-        card_id: top.card.id,
-        skill_id: top.skillId ?? top.card.id,
-        tier_invoked: 3,
-        credits: top.cost,
-        peer: top.card.owner
-      });
-      return {
-        status: "tier_blocked",
-        reason: "Tier 3: owner approval required",
-        peer: top.card.owner
-      };
-    }
-    if (!this.budgetManager.canSpend(top.cost)) {
-      this.logFailure("auto_request_failed", top.card.id, top.skillId ?? "none", tier, top.cost, top.card.owner, "Budget reserve would be breached");
-      return { status: "budget_blocked", reason: "Insufficient credits \u2014 reserve floor would be breached" };
-    }
-    const escrowId = holdEscrow(this.creditDb, this.owner, top.cost, top.card.id);
-    try {
-      const execResult = await requestCapability({
-        gatewayUrl: peerConfig.url,
-        token: peerConfig.token,
-        cardId: top.card.id,
-        params: top.skillId ? { skill_id: top.skillId, ...need.params } : need.params
-      });
-      settleEscrow(this.creditDb, escrowId, top.card.owner);
-      if (tier === 2) {
-        insertAuditEvent(this.registryDb, {
-          type: "auto_request_notify",
-          card_id: top.card.id,
-          skill_id: top.skillId ?? top.card.id,
-          tier_invoked: 2,
-          credits: top.cost,
-          peer: top.card.owner
-        });
-      } else {
-        insertAuditEvent(this.registryDb, {
-          type: "auto_request",
-          card_id: top.card.id,
-          skill_id: top.skillId ?? top.card.id,
-          tier_invoked: 1,
-          credits: top.cost,
-          peer: top.card.owner
-        });
-      }
-      return {
-        status: "success",
-        result: execResult,
-        escrowId,
-        peer: top.card.owner,
-        creditsSpent: top.cost
-      };
-    } catch (err) {
-      releaseEscrow(this.creditDb, escrowId);
-      const reason = err instanceof Error ? err.message : String(err);
-      this.logFailure("auto_request_failed", top.card.id, top.skillId ?? "none", tier, top.cost, top.card.owner, `Execution failed: ${reason}`);
-      return {
-        status: "failed",
-        reason: `Execution failed: ${reason}`,
-        peer: top.card.owner
-      };
-    }
-  }
-  /**
-   * Logs a failure audit event to request_log.
-   * Used for all non-success paths to satisfy REQ-06.
-   */
-  logFailure(type, cardId, skillId, tier, credits, peer, reason) {
-    insertAuditEvent(this.registryDb, {
-      type,
-      card_id: cardId,
-      skill_id: skillId,
-      tier_invoked: tier,
-      credits,
-      peer,
-      reason
-    });
-  }
-};
-
 // src/cli/remote-registry.ts
 var RegistryTimeoutError = class extends AgentBnBError {
   constructor(url) {
@@ -1439,7 +339,7 @@ function mergeResults(localCards, remoteCards, hasQuery) {
 }
 
 // src/cli/onboarding.ts
-import { randomUUID as randomUUID6 } from "crypto";
+import { randomUUID as randomUUID2 } from "crypto";
 import { createConnection } from "net";
 var KNOWN_API_KEYS = [
   "OPENAI_API_KEY",
@@ -1588,7 +488,7 @@ function buildDraftCard(apiKey, owner) {
   const now = (/* @__PURE__ */ new Date()).toISOString();
   return {
     spec_version: "1.0",
-    id: randomUUID6(),
+    id: randomUUID2(),
     owner,
     name: template.name,
     description: template.description,
@@ -1608,7 +508,7 @@ function buildDraftCard(apiKey, owner) {
 }
 
 // src/runtime/agent-runtime.ts
-import { readFileSync as readFileSync4, existsSync as existsSync4 } from "fs";
+import { readFileSync as readFileSync2, existsSync as existsSync2 } from "fs";
 
 // src/skills/executor.ts
 var SkillExecutor = class {
@@ -1766,17 +666,29 @@ var CommandSkillConfigSchema = z2.object({
   timeout_ms: z2.number().positive().default(3e4),
   pricing: PricingSchema
 });
+var ConductorSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("conductor"),
+  name: z2.string().min(1),
+  conductor_skill: z2.enum(["orchestrate", "plan"]),
+  pricing: PricingSchema,
+  timeout_ms: z2.number().positive().optional()
+});
 var SkillConfigSchema = z2.discriminatedUnion("type", [
   ApiSkillConfigSchema,
   PipelineSkillConfigSchema,
   OpenClawSkillConfigSchema,
-  CommandSkillConfigSchema
+  CommandSkillConfigSchema,
+  ConductorSkillConfigSchema
 ]);
 var SkillsFileSchema = z2.object({
   skills: z2.array(SkillConfigSchema)
 });
 function expandEnvVars(value) {
   return value.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
+    if (/[.a-z]/.test(varName)) {
+      return _match;
+    }
     const envValue = process.env[varName];
     if (envValue === void 0) {
       throw new Error(`Environment variable "${varName}" is not defined`);
@@ -1867,7 +779,7 @@ function applyInputMapping(params, mapping) {
         pathParams[key] = String(value);
         break;
       case "header":
-        headers[key] = String(value);
+        headers[key] = String(value).replace(/[\r\n]/g, "");
         break;
     }
   }
@@ -1962,58 +874,34 @@ var ApiExecutor = class {
 };
 
 // src/skills/pipeline-executor.ts
-import { exec } from "child_process";
+import { execFile } from "child_process";
 import { promisify } from "util";
-
-// src/utils/interpolation.ts
-function resolvePath(obj, path) {
-  const segments = path.replace(/\[(\d+)\]/g, ".$1").split(".").filter((s) => s.length > 0);
-  let current = obj;
-  for (const segment of segments) {
-    if (current === null || current === void 0) {
-      return void 0;
-    }
-    if (typeof current !== "object") {
-      return void 0;
-    }
-    current = current[segment];
-  }
-  return current;
-}
-function interpolate(template, context) {
-  return template.replace(/\$\{([^}]+)\}/g, (_match, expression) => {
-    const resolved = resolvePath(context, expression.trim());
-    if (resolved === void 0 || resolved === null) {
-      return "";
-    }
-    if (typeof resolved === "object") {
-      return JSON.stringify(resolved);
+var execFileAsync = promisify(execFile);
+function shellEscape(value) {
+  return "'" + value.replace(/'/g, "'\\''") + "'";
+}
+function safeInterpolateCommand(template, context) {
+  return template.replace(/\$\{([^}]+)\}/g, (_match, expr) => {
+    const parts = expr.split(".");
+    let current = context;
+    for (const part of parts) {
+      if (current === null || typeof current !== "object") return "";
+      const bracketMatch = part.match(/^(\w+)\[(\d+)\]$/);
+      if (bracketMatch) {
+        current = current[bracketMatch[1]];
+        if (Array.isArray(current)) {
+          current = current[parseInt(bracketMatch[2], 10)];
+        } else {
+          return "";
+        }
+      } else {
+        current = current[part];
+      }
     }
-    return String(resolved);
+    if (current === void 0 || current === null) return "";
+    return shellEscape(String(current));
   });
 }
-function interpolateObject(obj, context) {
-  const result = {};
-  for (const [key, value] of Object.entries(obj)) {
-    result[key] = interpolateValue(value, context);
-  }
-  return result;
-}
-function interpolateValue(value, context) {
-  if (typeof value === "string") {
-    return interpolate(value, context);
-  }
-  if (Array.isArray(value)) {
-    return value.map((item) => interpolateValue(item, context));
-  }
-  if (value !== null && typeof value === "object") {
-    return interpolateObject(value, context);
-  }
-  return value;
-}
-
-// src/skills/pipeline-executor.ts
-var execAsync = promisify(exec);
 var PipelineExecutor = class {
   /**
    * @param skillExecutor - The parent SkillExecutor used to dispatch sub-skill calls.
@@ -2074,12 +962,12 @@ var PipelineExecutor = class {
         }
         stepResult = subResult.result;
       } else if ("command" in step && step.command) {
-        const interpolatedCommand = interpolate(
+        const interpolatedCommand = safeInterpolateCommand(
           step.command,
           context
         );
         try {
-          const { stdout } = await execAsync(interpolatedCommand, { timeout: 3e4 });
+          const { stdout } = await execFileAsync("/bin/sh", ["-c", interpolatedCommand], { timeout: 3e4 });
           stepResult = stdout.trim();
         } catch (err) {
           const message = err instanceof Error ? err.message : String(err);
@@ -2106,7 +994,7 @@ var PipelineExecutor = class {
 };
 
 // src/skills/openclaw-bridge.ts
-import { execSync } from "child_process";
+import { execFileSync } from "child_process";
 var DEFAULT_BASE_URL = "http://localhost:3000";
 var DEFAULT_TIMEOUT_MS = 6e4;
 function buildPayload(config, params) {
@@ -2151,12 +1039,22 @@ async function executeWebhook(config, payload) {
     clearTimeout(timer);
   }
 }
+function validateAgentName(name) {
+  return /^[a-zA-Z0-9._-]+$/.test(name);
+}
 function executeProcess(config, payload) {
   const timeoutMs = config.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+  if (!validateAgentName(config.agent_name)) {
+    return {
+      success: false,
+      error: `Invalid agent name: "${config.agent_name}" (only alphanumeric, hyphens, underscores, dots allowed)`
+    };
+  }
   const inputJson = JSON.stringify(payload);
-  const cmd = `openclaw run ${config.agent_name} --input '${inputJson}'`;
   try {
-    const stdout = execSync(cmd, { timeout: timeoutMs });
+    const stdout = execFileSync("openclaw", ["run", config.agent_name, "--input", inputJson], {
+      timeout: timeoutMs
+    });
     const text = stdout.toString().trim();
     const result = JSON.parse(text);
     return { success: true, result };
@@ -2229,10 +1127,35 @@ var OpenClawBridge = class {
 };
 
 // src/skills/command-executor.ts
-import { exec as exec2 } from "child_process";
-function execAsync2(command, options) {
+import { execFile as execFile2 } from "child_process";
+function shellEscape2(value) {
+  return "'" + value.replace(/'/g, "'\\''") + "'";
+}
+function safeInterpolateCommand2(template, context) {
+  return template.replace(/\$\{([^}]+)\}/g, (_match, expr) => {
+    const parts = expr.split(".");
+    let current = context;
+    for (const part of parts) {
+      if (current === null || typeof current !== "object") return "";
+      const bracketMatch = part.match(/^(\w+)\[(\d+)\]$/);
+      if (bracketMatch) {
+        current = current[bracketMatch[1]];
+        if (Array.isArray(current)) {
+          current = current[parseInt(bracketMatch[2], 10)];
+        } else {
+          return "";
+        }
+      } else {
+        current = current[part];
+      }
+    }
+    if (current === void 0 || current === null) return "";
+    return shellEscape2(String(current));
+  });
+}
+function execFileAsync2(file, args, options) {
   return new Promise((resolve, reject) => {
-    exec2(command, options, (error, stdout, stderr) => {
+    execFile2(file, args, options, (error, stdout, stderr) => {
       const stdoutStr = typeof stdout === "string" ? stdout : stdout.toString();
       const stderrStr = typeof stderr === "string" ? stderr : stderr.toString();
       if (error) {
@@ -2269,17 +1192,16 @@ var CommandExecutor = class {
         };
       }
     }
-    const interpolatedCommand = interpolate(cmdConfig.command, { params });
+    const interpolatedCommand = safeInterpolateCommand2(cmdConfig.command, { params });
     const timeout = cmdConfig.timeout_ms ?? 3e4;
     const cwd = cmdConfig.working_dir ?? process.cwd();
     let stdout;
     try {
-      const result = await execAsync2(interpolatedCommand, {
+      const result = await execFileAsync2("/bin/sh", ["-c", interpolatedCommand], {
         timeout,
         cwd,
-        maxBuffer: 10 * 1024 * 1024,
+        maxBuffer: 10 * 1024 * 1024
         // 10 MB
-        shell: "/bin/sh"
       });
       stdout = result.stdout;
     } catch (err) {
@@ -2346,6 +1268,8 @@ var AgentRuntime = class {
   draining = false;
   orphanedEscrowAgeMinutes;
   skillsYamlPath;
+  conductorEnabled;
+  conductorToken;
   /**
    * Creates a new AgentRuntime instance.
    * Opens both databases with WAL mode, foreign_keys=ON, and busy_timeout=5000.
@@ -2357,6 +1281,8 @@ var AgentRuntime = class {
     this.owner = options.owner;
     this.orphanedEscrowAgeMinutes = options.orphanedEscrowAgeMinutes ?? 10;
     this.skillsYamlPath = options.skillsYamlPath;
+    this.conductorEnabled = options.conductorEnabled ?? false;
+    this.conductorToken = options.conductorToken ?? "";
     this.registryDb = openDatabase(options.registryDbPath);
     this.creditDb = openCreditDb(options.creditDbPath);
     this.registryDb.pragma("busy_timeout = 5000");
@@ -2393,18 +1319,70 @@ var AgentRuntime = class {
    * 3. Populate the Map with all 4 modes — SkillExecutor sees them via reference.
    */
   async initSkillExecutor() {
-    if (!this.skillsYamlPath || !existsSync4(this.skillsYamlPath)) {
+    const hasSkillsYaml = this.skillsYamlPath && existsSync2(this.skillsYamlPath);
+    if (!hasSkillsYaml && !this.conductorEnabled) {
       return;
     }
-    const yamlContent = readFileSync4(this.skillsYamlPath, "utf8");
-    const configs = parseSkillsFile(yamlContent);
+    let configs = [];
+    if (hasSkillsYaml) {
+      const yamlContent = readFileSync2(this.skillsYamlPath, "utf8");
+      configs = parseSkillsFile(yamlContent);
+    }
     const modes = /* @__PURE__ */ new Map();
+    if (this.conductorEnabled) {
+      const { ConductorMode } = await import("../conductor-mode-DJ3RIJ5T.js");
+      const { registerConductorCard, CONDUCTOR_OWNER } = await import("../card-P5C36VBD.js");
+      const { loadPeers: loadPeers2 } = await import("../peers-G36URZYB.js");
+      registerConductorCard(this.registryDb);
+      const resolveAgentUrl = (owner) => {
+        const peers = loadPeers2();
+        const peer = peers.find((p) => p.name.toLowerCase() === owner.toLowerCase());
+        if (!peer) {
+          throw new Error(
+            `No peer found for agent owner "${owner}". Add with: agentbnb peers add ${owner} <url> <token>`
+          );
+        }
+        const stmt = this.registryDb.prepare(
+          "SELECT id FROM capability_cards WHERE owner = ? LIMIT 1"
+        );
+        const row = stmt.get(owner);
+        const cardId = row?.id ?? owner;
+        return { url: peer.url, cardId };
+      };
+      const conductorMode = new ConductorMode({
+        db: this.registryDb,
+        creditDb: this.creditDb,
+        conductorOwner: CONDUCTOR_OWNER,
+        gatewayToken: this.conductorToken,
+        resolveAgentUrl,
+        maxBudget: 100
+      });
+      modes.set("conductor", conductorMode);
+      configs.push(
+        {
+          id: "orchestrate",
+          type: "conductor",
+          name: "Orchestrate",
+          conductor_skill: "orchestrate",
+          pricing: { credits_per_call: 5 }
+        },
+        {
+          id: "plan",
+          type: "conductor",
+          name: "Plan",
+          conductor_skill: "plan",
+          pricing: { credits_per_call: 1 }
+        }
+      );
+    }
     const executor = createSkillExecutor(configs, modes);
-    const pipelineExecutor = new PipelineExecutor(executor);
-    modes.set("api", new ApiExecutor());
-    modes.set("pipeline", pipelineExecutor);
-    modes.set("openclaw", new OpenClawBridge());
-    modes.set("command", new CommandExecutor());
+    if (hasSkillsYaml) {
+      const pipelineExecutor = new PipelineExecutor(executor);
+      modes.set("api", new ApiExecutor());
+      modes.set("pipeline", pipelineExecutor);
+      modes.set("openclaw", new OpenClawBridge());
+      modes.set("command", new CommandExecutor());
+    }
     this.skillExecutor = executor;
   }
   /**
@@ -2459,7 +1437,7 @@ var AgentRuntime = class {
 
 // src/gateway/server.ts
 import Fastify from "fastify";
-import { randomUUID as randomUUID7 } from "crypto";
+import { randomUUID as randomUUID3 } from "crypto";
 var VERSION = "0.0.1";
 function createGatewayServer(opts) {
   const {
@@ -2553,24 +1531,55 @@ function createGatewayServer(opts) {
       creditsNeeded = card.pricing.credits_per_call;
       cardName = card.name;
     }
-    let escrowId;
-    try {
-      const balance = getBalance(creditDb, requester);
-      if (balance < creditsNeeded) {
+    const receipt = params.escrow_receipt;
+    let escrowId = null;
+    let isRemoteEscrow = false;
+    if (receipt) {
+      const { signature, ...receiptData } = receipt;
+      const publicKeyBuf = Buffer.from(receipt.requester_public_key, "hex");
+      const valid = verifyEscrowReceipt(receiptData, signature, publicKeyBuf);
+      if (!valid) {
         return reply.send({
           jsonrpc: "2.0",
           id,
-          error: { code: -32603, message: "Insufficient credits" }
+          error: { code: -32603, message: "Invalid escrow receipt signature" }
+        });
+      }
+      if (receipt.amount < creditsNeeded) {
+        return reply.send({
+          jsonrpc: "2.0",
+          id,
+          error: { code: -32603, message: "Insufficient escrow amount" }
+        });
+      }
+      const receiptAge = Date.now() - new Date(receipt.timestamp).getTime();
+      if (receiptAge > 5 * 60 * 1e3) {
+        return reply.send({
+          jsonrpc: "2.0",
+          id,
+          error: { code: -32603, message: "Escrow receipt expired" }
+        });
+      }
+      isRemoteEscrow = true;
+    } else {
+      try {
+        const balance = getBalance(creditDb, requester);
+        if (balance < creditsNeeded) {
+          return reply.send({
+            jsonrpc: "2.0",
+            id,
+            error: { code: -32603, message: "Insufficient credits" }
+          });
+        }
+        escrowId = holdEscrow(creditDb, requester, creditsNeeded, cardId);
+      } catch (err) {
+        const msg = err instanceof AgentBnBError ? err.message : "Failed to hold escrow";
+        return reply.send({
+          jsonrpc: "2.0",
+          id,
+          error: { code: -32603, message: msg }
         });
       }
-      escrowId = holdEscrow(creditDb, requester, creditsNeeded, cardId);
-    } catch (err) {
-      const msg = err instanceof AgentBnBError ? err.message : "Failed to hold escrow";
-      return reply.send({
-        jsonrpc: "2.0",
-        id,
-        error: { code: -32603, message: msg }
-      });
     }
     const startMs = Date.now();
     if (skillExecutor) {
@@ -2579,11 +1588,11 @@ function createGatewayServer(opts) {
       try {
         execResult = await skillExecutor.execute(targetSkillId, params);
       } catch (err) {
-        releaseEscrow(creditDb, escrowId);
+        if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
         updateReputation(registryDb, cardId, false, Date.now() - startMs);
         try {
           insertRequestLog(registryDb, {
-            id: randomUUID7(),
+            id: randomUUID3(),
             card_id: cardId,
             card_name: cardName,
             skill_id: resolvedSkillId,
@@ -2599,15 +1608,19 @@ function createGatewayServer(opts) {
         return reply.send({
           jsonrpc: "2.0",
           id,
-          error: { code: -32603, message }
+          error: {
+            code: -32603,
+            message,
+            ...isRemoteEscrow ? { data: { receipt_released: true } } : {}
+          }
         });
       }
       if (!execResult.success) {
-        releaseEscrow(creditDb, escrowId);
+        if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
         updateReputation(registryDb, cardId, false, execResult.latency_ms);
         try {
           insertRequestLog(registryDb, {
-            id: randomUUID7(),
+            id: randomUUID3(),
             card_id: cardId,
             card_name: cardName,
             skill_id: resolvedSkillId,
@@ -2622,14 +1635,22 @@ function createGatewayServer(opts) {
         return reply.send({
           jsonrpc: "2.0",
           id,
-          error: { code: -32603, message: execResult.error ?? "Execution failed" }
+          error: {
+            code: -32603,
+            message: execResult.error ?? "Execution failed",
+            ...isRemoteEscrow ? { data: { receipt_released: true } } : {}
+          }
         });
       }
-      settleEscrow(creditDb, escrowId, card.owner);
+      if (isRemoteEscrow && receipt) {
+        settleProviderEarning(creditDb, card.owner, receipt);
+      } else if (escrowId) {
+        settleEscrow(creditDb, escrowId, card.owner);
+      }
       updateReputation(registryDb, cardId, true, execResult.latency_ms);
       try {
         insertRequestLog(registryDb, {
-          id: randomUUID7(),
+          id: randomUUID3(),
           card_id: cardId,
           card_name: cardName,
           skill_id: resolvedSkillId,
@@ -2641,7 +1662,8 @@ function createGatewayServer(opts) {
         });
       } catch {
       }
-      return reply.send({ jsonrpc: "2.0", id, result: execResult.result });
+      const successResult = isRemoteEscrow ? { ...typeof execResult.result === "object" && execResult.result !== null ? execResult.result : { data: execResult.result }, receipt_settled: true, receipt_nonce: receipt.nonce } : execResult.result;
+      return reply.send({ jsonrpc: "2.0", id, result: successResult });
     }
     const controller = new AbortController();
     const timer = setTimeout(() => controller.abort(), timeoutMs);
@@ -2654,11 +1676,11 @@ function createGatewayServer(opts) {
       });
       clearTimeout(timer);
       if (!response.ok) {
-        releaseEscrow(creditDb, escrowId);
+        if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
         updateReputation(registryDb, cardId, false, Date.now() - startMs);
         try {
           insertRequestLog(registryDb, {
-            id: randomUUID7(),
+            id: randomUUID3(),
             card_id: cardId,
             card_name: cardName,
             skill_id: resolvedSkillId,
@@ -2673,15 +1695,23 @@ function createGatewayServer(opts) {
         return reply.send({
           jsonrpc: "2.0",
           id,
-          error: { code: -32603, message: `Handler returned ${response.status}` }
+          error: {
+            code: -32603,
+            message: `Handler returned ${response.status}`,
+            ...isRemoteEscrow ? { data: { receipt_released: true } } : {}
+          }
         });
       }
       const result = await response.json();
-      settleEscrow(creditDb, escrowId, card.owner);
+      if (isRemoteEscrow && receipt) {
+        settleProviderEarning(creditDb, card.owner, receipt);
+      } else if (escrowId) {
+        settleEscrow(creditDb, escrowId, card.owner);
+      }
       updateReputation(registryDb, cardId, true, Date.now() - startMs);
       try {
         insertRequestLog(registryDb, {
-          id: randomUUID7(),
+          id: randomUUID3(),
           card_id: cardId,
           card_name: cardName,
           skill_id: resolvedSkillId,
@@ -2693,15 +1723,16 @@ function createGatewayServer(opts) {
         });
       } catch {
       }
-      return reply.send({ jsonrpc: "2.0", id, result });
+      const successResult = isRemoteEscrow ? { ...typeof result === "object" && result !== null ? result : { data: result }, receipt_settled: true, receipt_nonce: receipt.nonce } : result;
+      return reply.send({ jsonrpc: "2.0", id, result: successResult });
     } catch (err) {
       clearTimeout(timer);
-      releaseEscrow(creditDb, escrowId);
+      if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
       updateReputation(registryDb, cardId, false, Date.now() - startMs);
       const isTimeout = err instanceof Error && err.name === "AbortError";
       try {
         insertRequestLog(registryDb, {
-          id: randomUUID7(),
+          id: randomUUID3(),
           card_id: cardId,
           card_name: cardName,
           skill_id: resolvedSkillId,
@@ -2716,7 +1747,11 @@ function createGatewayServer(opts) {
       return reply.send({
         jsonrpc: "2.0",
         id,
-        error: { code: -32603, message: isTimeout ? "Execution timeout" : "Handler error" }
+        error: {
+          code: -32603,
+          message: isTimeout ? "Execution timeout" : "Handler error",
+          ...isRemoteEscrow ? { data: { receipt_released: true } } : {}
+        }
       });
     }
   });
@@ -2727,9 +1762,9 @@ function createGatewayServer(opts) {
 import Fastify2 from "fastify";
 import cors from "@fastify/cors";
 import fastifyStatic from "@fastify/static";
-import { join as join4, dirname } from "path";
+import { join as join2, dirname } from "path";
 import { fileURLToPath } from "url";
-import { existsSync as existsSync5 } from "fs";
+import { existsSync as existsSync3 } from "fs";
 function stripInternal(card) {
   const { _internal: _, ...publicCard } = card;
   return publicCard;
@@ -2745,12 +1780,12 @@ function createRegistryServer(opts) {
   const __filename = fileURLToPath(import.meta.url);
   const __dirname = dirname(__filename);
   const hubDistCandidates = [
-    join4(__dirname, "../../hub/dist"),
+    join2(__dirname, "../../hub/dist"),
     // When running from dist/registry/server.js
-    join4(__dirname, "../../../hub/dist")
+    join2(__dirname, "../../../hub/dist")
     // Fallback for alternative layouts
   ];
-  const hubDistDir = hubDistCandidates.find((p) => existsSync5(p));
+  const hubDistDir = hubDistCandidates.find((p) => existsSync3(p));
   if (hubDistDir) {
     void server.register(fastifyStatic, {
       root: hubDistDir,
@@ -3100,10 +2135,10 @@ async function stopAnnouncement() {
 }
 
 // src/openclaw/soul-sync.ts
-import { randomUUID as randomUUID9 } from "crypto";
+import { randomUUID as randomUUID5 } from "crypto";
 
 // src/skills/publish-capability.ts
-import { randomUUID as randomUUID8 } from "crypto";
+import { randomUUID as randomUUID4 } from "crypto";
 function parseSoulMd(content) {
   const lines = content.split("\n");
   let name = "";
@@ -3174,7 +2209,7 @@ function parseSoulMdV2(content) {
   const parsed = parseSoulMd(content);
   const skills = parsed.capabilities.map((cap) => {
     const sanitizedId = cap.name.toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "");
-    const id = sanitizedId.length > 0 ? sanitizedId : randomUUID9();
+    const id = sanitizedId.length > 0 ? sanitizedId : randomUUID5();
     return {
       id,
       name: cap.name,
@@ -3216,7 +2251,7 @@ function publishFromSoulV2(db, soulContent, owner) {
     (c) => c.spec_version === "2.0"
   );
   const now = (/* @__PURE__ */ new Date()).toISOString();
-  const cardId = existingV2?.id ?? randomUUID9();
+  const cardId = existingV2?.id ?? randomUUID5();
   const card = {
     spec_version: "2.0",
     id: cardId,
@@ -3241,7 +2276,7 @@ function publishFromSoulV2(db, soulContent, owner) {
 }
 
 // src/openclaw/heartbeat-writer.ts
-import { readFileSync as readFileSync5, writeFileSync as writeFileSync4, existsSync as existsSync6 } from "fs";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync2, existsSync as existsSync4 } from "fs";
 var HEARTBEAT_MARKER_START = "<!-- agentbnb:start -->";
 var HEARTBEAT_MARKER_END = "<!-- agentbnb:end -->";
 function generateHeartbeatSection(autonomy, budget) {
@@ -3277,11 +2312,11 @@ function generateHeartbeatSection(autonomy, budget) {
   ].join("\n");
 }
 function injectHeartbeatSection(heartbeatPath, section) {
-  if (!existsSync6(heartbeatPath)) {
-    writeFileSync4(heartbeatPath, section + "\n", "utf-8");
+  if (!existsSync4(heartbeatPath)) {
+    writeFileSync2(heartbeatPath, section + "\n", "utf-8");
     return;
   }
-  let content = readFileSync5(heartbeatPath, "utf-8");
+  let content = readFileSync3(heartbeatPath, "utf-8");
   const startIdx = content.indexOf(HEARTBEAT_MARKER_START);
   const endIdx = content.indexOf(HEARTBEAT_MARKER_END);
   if (startIdx !== -1 && endIdx !== -1) {
@@ -3289,7 +2324,7 @@ function injectHeartbeatSection(heartbeatPath, section) {
   } else {
     content = content + "\n" + section + "\n";
   }
-  writeFileSync4(heartbeatPath, content, "utf-8");
+  writeFileSync2(heartbeatPath, content, "utf-8");
 }
 
 // src/openclaw/skill.ts
@@ -3356,8 +2391,8 @@ program.command("init").description("Initialize AgentBnB config and create agent
   const owner = opts.owner ?? `agent-${randomBytes(4).toString("hex")}`;
   const token = randomBytes(32).toString("hex");
   const configDir = getConfigDir();
-  const dbPath = join5(configDir, "registry.db");
-  const creditDbPath = join5(configDir, "credit.db");
+  const dbPath = join3(configDir, "registry.db");
+  const creditDbPath = join3(configDir, "credit.db");
   const port = parseInt(opts.port, 10);
   const ip = opts.host ?? getLanIp();
   const existingConfig = loadConfig();
@@ -3471,7 +2506,7 @@ program.command("publish <card.json>").description("Publish a Capability Card to
   }
   let raw;
   try {
-    raw = readFileSync6(cardPath, "utf-8");
+    raw = readFileSync4(cardPath, "utf-8");
   } catch {
     console.error(`Error: cannot read file: ${cardPath}`);
     process.exit(1);
@@ -3622,7 +2657,7 @@ ${discovered.length} agent(s) found on local network`);
   console.log(`
 ${outputCards.length} result(s)`);
 });
-program.command("request [card-id]").description("Request a capability from another agent \u2014 direct (card-id) or auto (--query)").option("--params <json>", "Input parameters as JSON string", "{}").option("--peer <name>", "Peer name to send request to (resolves URL+token from peer registry)").option("--query <text>", "Search query for capability gap (triggers auto-request flow)").option("--max-cost <credits>", "Maximum credits to spend on auto-request (default: 50)").option("--json", "Output as JSON").action(async (cardId, opts) => {
+program.command("request [card-id]").description("Request a capability from another agent \u2014 direct (card-id) or auto (--query)").option("--params <json>", "Input parameters as JSON string", "{}").option("--peer <name>", "Peer name to send request to (resolves URL+token from peer registry)").option("--skill <id>", "Skill ID within a v2.0 card").option("--cost <credits>", "Credits to commit (required for cross-machine peer requests)").option("--query <text>", "Search query for capability gap (triggers auto-request flow)").option("--max-cost <credits>", "Maximum credits to spend on auto-request (default: 50)").option("--no-receipt", "Skip signed escrow receipt (local-only mode)").option("--json", "Output as JSON").action(async (cardId, opts) => {
   const config = loadConfig();
   if (!config) {
     console.error("Error: not initialized. Run `agentbnb init` first.");
@@ -3638,8 +2673,8 @@ program.command("request [card-id]").description("Request a capability from anot
         process.exit(1);
       }
     }
-    const registryDb = openDatabase(join5(getConfigDir(), "registry.db"));
-    const creditDb = openCreditDb(join5(getConfigDir(), "credit.db"));
+    const registryDb = openDatabase(join3(getConfigDir(), "registry.db"));
+    const creditDb = openCreditDb(join3(getConfigDir(), "credit.db"));
     registryDb.pragma("busy_timeout = 5000");
     creditDb.pragma("busy_timeout = 5000");
     try {
@@ -3676,6 +2711,7 @@ program.command("request [card-id]").description("Request a capability from anot
   }
   let gatewayUrl;
   let token;
+  const isPeerRequest = !!opts.peer;
   if (opts.peer) {
     const peer = findPeer(opts.peer);
     if (!peer) {
@@ -3688,20 +2724,87 @@ program.command("request [card-id]").description("Request a capability from anot
     gatewayUrl = config.gateway_url;
     token = config.token;
   }
+  const useReceipt = isPeerRequest && opts.receipt !== false;
+  if (useReceipt && !opts.cost) {
+    console.error("Error: --cost <credits> is required for peer requests. Specify the credits to commit.");
+    process.exit(1);
+  }
+  let escrowId;
+  let escrowReceipt;
+  if (useReceipt) {
+    const configDir = getConfigDir();
+    const creditDb = openCreditDb(join3(configDir, "credit.db"));
+    creditDb.pragma("busy_timeout = 5000");
+    try {
+      const keys = loadKeyPair(configDir);
+      const amount = Number(opts.cost);
+      if (isNaN(amount) || amount <= 0) {
+        console.error("Error: --cost must be a positive number.");
+        process.exit(1);
+      }
+      const receiptResult = createSignedEscrowReceipt(creditDb, keys.privateKey, keys.publicKey, {
+        owner: config.owner,
+        amount,
+        cardId,
+        skillId: opts.skill
+      });
+      escrowId = receiptResult.escrowId;
+      escrowReceipt = receiptResult.receipt;
+      if (!opts.json) {
+        console.log(`Escrow: ${amount} credits held (ID: ${escrowId.slice(0, 8)}...)`);
+      }
+    } catch (err) {
+      creditDb.close();
+      const msg = err instanceof Error ? err.message : String(err);
+      if (opts.json) {
+        console.log(JSON.stringify({ success: false, error: msg }, null, 2));
+      } else {
+        console.error(`Error creating escrow receipt: ${msg}`);
+      }
+      process.exit(1);
+    }
+  }
   try {
     const result = await requestCapability({
       gatewayUrl,
       token,
       cardId,
-      params
+      params: { ...params, ...opts.skill ? { skill_id: opts.skill } : {} },
+      escrowReceipt
     });
+    if (useReceipt && escrowId) {
+      const configDir = getConfigDir();
+      const creditDb = openCreditDb(join3(configDir, "credit.db"));
+      creditDb.pragma("busy_timeout = 5000");
+      try {
+        settleRequesterEscrow(creditDb, escrowId);
+        if (!opts.json) {
+          console.log(`Escrow settled: ${opts.cost} credits deducted.`);
+        }
+      } finally {
+        creditDb.close();
+      }
+    }
     if (opts.json) {
       console.log(JSON.stringify({ success: true, result }, null, 2));
     } else {
       console.log("Result:");
-      console.log(JSON.stringify(result, null, 2));
+      console.log(typeof result === "string" ? result : JSON.stringify(result, null, 2));
     }
   } catch (err) {
+    if (useReceipt && escrowId) {
+      const configDir = getConfigDir();
+      const creditDb = openCreditDb(join3(configDir, "credit.db"));
+      creditDb.pragma("busy_timeout = 5000");
+      try {
+        releaseRequesterEscrow(creditDb, escrowId);
+        if (!opts.json) {
+          console.log("Escrow released: credits refunded.");
+        }
+      } finally {
+        creditDb.close();
+      }
+    }
     const msg = err instanceof Error ? err.message : String(err);
     if (opts.json) {
       console.log(JSON.stringify({ success: false, error: msg }, null, 2));
@@ -3751,7 +2854,7 @@ Active Escrows (${heldEscrows.length}):`);
     }
   }
 });
-program.command("serve").description("Start the AgentBnB gateway server").option("--port <port>", "Port to listen on (overrides config)").option("--handler-url <url>", "Local capability handler URL", "http://localhost:8080").option("--skills-yaml <path>", "Path to skills.yaml (default: ~/.agentbnb/skills.yaml)").option("--registry-port <port>", "Public registry API port (0 to disable)", "7701").option("--announce", "Announce this gateway on the local network via mDNS").action(async (opts) => {
+program.command("serve").description("Start the AgentBnB gateway server").option("--port <port>", "Port to listen on (overrides config)").option("--handler-url <url>", "Local capability handler URL", "http://localhost:8080").option("--skills-yaml <path>", "Path to skills.yaml (default: ~/.agentbnb/skills.yaml)").option("--registry-port <port>", "Public registry API port (0 to disable)", "7701").option("--conductor", "Enable Conductor orchestration mode").option("--announce", "Announce this gateway on the local network via mDNS").action(async (opts) => {
   const config = loadConfig();
   if (!config) {
     console.error("Error: not initialized. Run `agentbnb init` first.");
@@ -3759,17 +2862,22 @@ program.command("serve").description("Start the AgentBnB gateway server").option
   }
   const port = opts.port ? parseInt(opts.port, 10) : config.gateway_port;
   const registryPort = parseInt(opts.registryPort, 10);
-  const skillsYamlPath = opts.skillsYaml ?? join5(homedir2(), ".agentbnb", "skills.yaml");
+  const skillsYamlPath = opts.skillsYaml ?? join3(homedir(), ".agentbnb", "skills.yaml");
   const runtime = new AgentRuntime({
     registryDbPath: config.db_path,
     creditDbPath: config.credit_db_path,
     owner: config.owner,
-    skillsYamlPath
+    skillsYamlPath,
+    conductorEnabled: opts.conductor ?? false,
+    conductorToken: config.token
   });
   await runtime.start();
   if (runtime.skillExecutor) {
     console.log(`SkillExecutor initialized from ${skillsYamlPath}`);
   }
+  if (opts.conductor) {
+    console.log("Conductor mode enabled \u2014 orchestrate/plan skills available via gateway");
+  }
   const autonomyConfig = config.autonomy ?? DEFAULT_AUTONOMY_CONFIG;
   const idleMonitor = new IdleMonitor({
     owner: config.owner,
@@ -3985,7 +3093,7 @@ openclaw.command("sync").description("Read SOUL.md and publish/update a v2.0 cap
   }
   let content;
   try {
-    content = readFileSync6(opts.soulPath, "utf-8");
+    content = readFileSync4(opts.soulPath, "utf-8");
   } catch {
     console.error(`Error: cannot read SOUL.md at ${opts.soulPath}`);
     process.exit(1);
@@ -4045,4 +3153,38 @@ openclaw.command("rules").description("Print HEARTBEAT.md rules block (or inject
     console.log(section);
   }
 });
+program.command("conduct <task>").description("Orchestrate a complex task across the AgentBnB network").option("--plan-only", "Show execution plan without executing").option("--max-budget <credits>", "Maximum credits to spend", "100").option("--json", "Output as JSON").action(async (task, opts) => {
+  const { conductAction } = await import("../conduct-JZJS2ZHA.js");
+  const result = await conductAction(task, opts);
+  if (opts.json) {
+    console.log(JSON.stringify(result, null, 2));
+    if (!result.success) process.exit(1);
+    return;
+  }
+  if (!result.success) {
+    console.error(`Error: ${result.error}`);
+    process.exit(1);
+  }
+  const plan = result.plan;
+  console.log("\nExecution Plan:");
+  for (const step of plan.steps) {
+    const deps = step.depends_on.length > 0 ? ` [depends on prior steps]` : "";
+    console.log(`  Step ${step.step}: ${step.description} (${step.capability}) -> @${step.agent} (${step.credits} cr)${deps}`);
+  }
+  console.log(`  Orchestration fee: ${plan.orchestration_fee} cr`);
+  console.log(`  Total estimated: ${plan.estimated_total} cr`);
+  if (result.execution) {
+    console.log("\nResults:");
+    console.log(JSON.stringify(result.execution, null, 2));
+    console.log(`
+Total credits spent: ${result.total_credits ?? 0} cr`);
+    console.log(`Latency: ${result.latency_ms ?? 0} ms`);
+  }
+  if (result.errors && result.errors.length > 0) {
+    console.log("\nErrors:");
+    for (const err of result.errors) {
+      console.log(`  - ${err}`);
+    }
+  }
+});
 await program.parseAsync(process.argv);