agentbnb 2.2.0

package/dist/cli/index.js

@@ -0,0 +1,4048 @@
+#!/usr/bin/env node
+
+// src/cli/index.ts
+import { Command } from "commander";
+import { readFileSync as readFileSync6 } from "fs";
+import { createRequire } from "module";
+import { randomBytes } from "crypto";
+import { join as join5 } from "path";
+import { networkInterfaces, homedir as homedir2 } from "os";
+import { createInterface } from "readline";
+
+// src/cli/config.ts
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+function getConfigDir() {
+  return process.env["AGENTBNB_DIR"] ?? join(homedir(), ".agentbnb");
+}
+function getConfigPath() {
+  return join(getConfigDir(), "config.json");
+}
+function loadConfig() {
+  const configPath = getConfigPath();
+  if (!existsSync(configPath)) return null;
+  try {
+    const raw = readFileSync(configPath, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+function saveConfig(config) {
+  const dir = getConfigDir();
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  writeFileSync(getConfigPath(), JSON.stringify(config, null, 2), "utf-8");
+}
+
+// src/credit/signing.ts
+import { generateKeyPairSync, sign, verify, createPublicKey, createPrivateKey } from "crypto";
+import { writeFileSync as writeFileSync2, readFileSync as readFileSync2, existsSync as existsSync2, chmodSync } from "fs";
+import { join as join2 } from "path";
+
+// src/types/index.ts
+import { z } from "zod";
+var IOSchemaSchema = z.object({
+  name: z.string(),
+  type: z.enum(["text", "json", "file", "audio", "image", "video", "stream"]),
+  description: z.string().optional(),
+  required: z.boolean().default(true),
+  schema: z.record(z.unknown()).optional()
+  // JSON Schema
+});
+var PoweredBySchema = z.object({
+  provider: z.string().min(1),
+  model: z.string().optional(),
+  tier: z.string().optional()
+});
+var CapabilityCardSchema = z.object({
+  spec_version: z.literal("1.0").default("1.0"),
+  id: z.string().uuid(),
+  owner: z.string().min(1),
+  name: z.string().min(1).max(100),
+  description: z.string().max(500),
+  level: z.union([z.literal(1), z.literal(2), z.literal(3)]),
+  inputs: z.array(IOSchemaSchema),
+  outputs: z.array(IOSchemaSchema),
+  pricing: z.object({
+    credits_per_call: z.number().nonnegative(),
+    credits_per_minute: z.number().nonnegative().optional(),
+    /** Number of free monthly calls. Shown as a "N free/mo" badge in the Hub. */
+    free_tier: z.number().nonnegative().optional()
+  }),
+  availability: z.object({
+    online: z.boolean(),
+    schedule: z.string().optional()
+    // cron expression
+  }),
+  powered_by: z.array(PoweredBySchema).optional(),
+  /**
+   * Private per-card metadata. Stripped from all API and CLI responses —
+   * never transmitted beyond the local store.
+   */
+  _internal: z.record(z.unknown()).optional(),
+  metadata: z.object({
+    apis_used: z.array(z.string()).optional(),
+    avg_latency_ms: z.number().nonnegative().optional(),
+    success_rate: z.number().min(0).max(1).optional(),
+    tags: z.array(z.string()).optional()
+  }).optional(),
+  created_at: z.string().datetime().optional(),
+  updated_at: z.string().datetime().optional()
+});
+var SkillSchema = z.object({
+  /** Stable skill identifier, e.g. 'tts-elevenlabs'. Used for gateway routing and idle tracking. */
+  id: z.string().min(1),
+  name: z.string().min(1).max(100),
+  description: z.string().max(500),
+  level: z.union([z.literal(1), z.literal(2), z.literal(3)]),
+  /** Optional grouping category, e.g. 'tts' | 'video_gen' | 'code_review'. */
+  category: z.string().optional(),
+  inputs: z.array(IOSchemaSchema),
+  outputs: z.array(IOSchemaSchema),
+  pricing: z.object({
+    credits_per_call: z.number().nonnegative(),
+    credits_per_minute: z.number().nonnegative().optional(),
+    free_tier: z.number().nonnegative().optional()
+  }),
+  /** Per-skill online flag — overrides card-level availability for this skill. */
+  availability: z.object({ online: z.boolean() }).optional(),
+  powered_by: z.array(PoweredBySchema).optional(),
+  metadata: z.object({
+    apis_used: z.array(z.string()).optional(),
+    avg_latency_ms: z.number().nonnegative().optional(),
+    success_rate: z.number().min(0).max(1).optional(),
+    tags: z.array(z.string()).optional(),
+    capacity: z.object({
+      calls_per_hour: z.number().positive().default(60)
+    }).optional()
+  }).optional(),
+  /**
+   * Private per-skill metadata. Stripped from all API and CLI responses —
+   * never transmitted beyond the local store.
+   */
+  _internal: z.record(z.unknown()).optional()
+});
+var CapabilityCardV2Schema = z.object({
+  spec_version: z.literal("2.0"),
+  id: z.string().uuid(),
+  owner: z.string().min(1),
+  /** Agent display name — was 'name' in v1.0. */
+  agent_name: z.string().min(1).max(100),
+  /** At least one skill is required. */
+  skills: z.array(SkillSchema).min(1),
+  availability: z.object({
+    online: z.boolean(),
+    schedule: z.string().optional()
+  }),
+  /** Optional deployment environment metadata. */
+  environment: z.object({
+    runtime: z.string(),
+    region: z.string().optional()
+  }).optional(),
+  /**
+   * Private per-card metadata. Stripped from all API and CLI responses —
+   * never transmitted beyond the local store.
+   */
+  _internal: z.record(z.unknown()).optional(),
+  created_at: z.string().datetime().optional(),
+  updated_at: z.string().datetime().optional()
+});
+var AnyCardSchema = z.discriminatedUnion("spec_version", [
+  CapabilityCardSchema,
+  CapabilityCardV2Schema
+]);
+var AgentBnBError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "AgentBnBError";
+  }
+};
+
+// src/credit/signing.ts
+function generateKeyPair() {
+  const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
+    publicKeyEncoding: { type: "spki", format: "der" },
+    privateKeyEncoding: { type: "pkcs8", format: "der" }
+  });
+  return {
+    publicKey: Buffer.from(publicKey),
+    privateKey: Buffer.from(privateKey)
+  };
+}
+function saveKeyPair(configDir, keys) {
+  const privatePath = join2(configDir, "private.key");
+  const publicPath = join2(configDir, "public.key");
+  writeFileSync2(privatePath, keys.privateKey);
+  chmodSync(privatePath, 384);
+  writeFileSync2(publicPath, keys.publicKey);
+}
+function loadKeyPair(configDir) {
+  const privatePath = join2(configDir, "private.key");
+  const publicPath = join2(configDir, "public.key");
+  if (!existsSync2(privatePath) || !existsSync2(publicPath)) {
+    throw new AgentBnBError("Keypair not found. Run `agentbnb init` to generate one.", "KEYPAIR_NOT_FOUND");
+  }
+  return {
+    publicKey: readFileSync2(publicPath),
+    privateKey: readFileSync2(privatePath)
+  };
+}
+
+// src/autonomy/tiers.ts
+import { randomUUID } from "crypto";
+var DEFAULT_AUTONOMY_CONFIG = {
+  tier1_max_credits: 0,
+  tier2_max_credits: 0
+};
+function getAutonomyTier(creditAmount, config) {
+  if (creditAmount < config.tier1_max_credits) return 1;
+  if (creditAmount < config.tier2_max_credits) return 2;
+  return 3;
+}
+function insertAuditEvent(db, event) {
+  const isShareEvent = event.type === "auto_share" || event.type === "auto_share_notify" || event.type === "auto_share_pending";
+  const cardId = isShareEvent ? "system" : event.card_id;
+  const creditsCharged = isShareEvent ? 0 : event.credits;
+  const stmt = db.prepare(`
+    INSERT INTO request_log (
+      id, card_id, card_name, requester, status, latency_ms, credits_charged,
+      created_at, skill_id, action_type, tier_invoked
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `);
+  stmt.run(
+    randomUUID(),
+    cardId,
+    "autonomy-audit",
+    "self",
+    "success",
+    0,
+    creditsCharged,
+    (/* @__PURE__ */ new Date()).toISOString(),
+    event.skill_id,
+    event.type,
+    event.tier_invoked
+  );
+}
+
+// src/autonomy/idle-monitor.ts
+import { Cron } from "croner";
+
+// src/registry/store.ts
+import Database from "better-sqlite3";
+
+// src/registry/request-log.ts
+var SINCE_MS = {
+  "24h": 864e5,
+  "7d": 6048e5,
+  "30d": 2592e6
+};
+function createRequestLogTable(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS request_log (
+      id TEXT PRIMARY KEY,
+      card_id TEXT NOT NULL,
+      card_name TEXT NOT NULL,
+      requester TEXT NOT NULL,
+      status TEXT NOT NULL CHECK(status IN ('success', 'failure', 'timeout')),
+      latency_ms INTEGER NOT NULL,
+      credits_charged INTEGER NOT NULL,
+      created_at TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS request_log_created_at_idx
+      ON request_log (created_at DESC);
+  `);
+  try {
+    db.exec("ALTER TABLE request_log ADD COLUMN skill_id TEXT");
+  } catch {
+  }
+  try {
+    db.exec("ALTER TABLE request_log ADD COLUMN action_type TEXT");
+  } catch {
+  }
+  try {
+    db.exec("ALTER TABLE request_log ADD COLUMN tier_invoked INTEGER");
+  } catch {
+  }
+}
+function insertRequestLog(db, entry) {
+  const stmt = db.prepare(`
+    INSERT INTO request_log (id, card_id, card_name, requester, status, latency_ms, credits_charged, created_at, skill_id, action_type, tier_invoked)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `);
+  stmt.run(
+    entry.id,
+    entry.card_id,
+    entry.card_name,
+    entry.requester,
+    entry.status,
+    entry.latency_ms,
+    entry.credits_charged,
+    entry.created_at,
+    entry.skill_id ?? null,
+    entry.action_type ?? null,
+    entry.tier_invoked ?? null
+  );
+}
+function getSkillRequestCount(db, skillId, windowMs) {
+  const cutoff = new Date(Date.now() - windowMs).toISOString();
+  const stmt = db.prepare(
+    `SELECT COUNT(*) as cnt FROM request_log
+     WHERE skill_id = ? AND created_at >= ? AND status = 'success' AND action_type IS NULL`
+  );
+  const row = stmt.get(skillId, cutoff);
+  return row.cnt;
+}
+function getActivityFeed(db, limit = 20, since) {
+  const effectiveLimit = Math.min(limit, 100);
+  if (since !== void 0) {
+    const stmt2 = db.prepare(`
+      SELECT r.id, r.card_name, r.requester, c.owner AS provider,
+             r.status, r.credits_charged, r.latency_ms, r.created_at, r.action_type
+      FROM request_log r
+      LEFT JOIN capability_cards c ON r.card_id = c.id
+      WHERE (r.action_type IS NULL OR r.action_type = 'auto_share')
+        AND r.created_at > ?
+      ORDER BY r.created_at DESC
+      LIMIT ?
+    `);
+    return stmt2.all(since, effectiveLimit);
+  }
+  const stmt = db.prepare(`
+    SELECT r.id, r.card_name, r.requester, c.owner AS provider,
+           r.status, r.credits_charged, r.latency_ms, r.created_at, r.action_type
+    FROM request_log r
+    LEFT JOIN capability_cards c ON r.card_id = c.id
+    WHERE (r.action_type IS NULL OR r.action_type = 'auto_share')
+    ORDER BY r.created_at DESC
+    LIMIT ?
+  `);
+  return stmt.all(effectiveLimit);
+}
+function getRequestLog(db, limit = 10, since) {
+  if (since !== void 0) {
+    const cutoff = new Date(Date.now() - SINCE_MS[since]).toISOString();
+    const stmt2 = db.prepare(`
+      SELECT id, card_id, card_name, requester, status, latency_ms, credits_charged, created_at, skill_id, action_type, tier_invoked
+      FROM request_log
+      WHERE created_at >= ?
+      ORDER BY created_at DESC
+      LIMIT ?
+    `);
+    return stmt2.all(cutoff, limit);
+  }
+  const stmt = db.prepare(`
+    SELECT id, card_id, card_name, requester, status, latency_ms, credits_charged, created_at, skill_id, action_type, tier_invoked
+    FROM request_log
+    ORDER BY created_at DESC
+    LIMIT ?
+  `);
+  return stmt.all(limit);
+}
+
+// src/registry/store.ts
+var V2_FTS_TRIGGERS = `
+  DROP TRIGGER IF EXISTS cards_ai;
+  DROP TRIGGER IF EXISTS cards_au;
+  DROP TRIGGER IF EXISTS cards_ad;
+
+  CREATE TRIGGER cards_ai AFTER INSERT ON capability_cards BEGIN
+    INSERT INTO cards_fts(rowid, id, owner, name, description, tags)
+    VALUES (
+      new.rowid,
+      new.id,
+      new.owner,
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.name'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        json_extract(new.data, '$.name'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.description'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        json_extract(new.data, '$.description'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        (SELECT group_concat(value, ' ')
+         FROM json_each(json_extract(new.data, '$.metadata.tags'))),
+        ''
+      )
+    );
+  END;
+
+  CREATE TRIGGER cards_au AFTER UPDATE ON capability_cards BEGIN
+    INSERT INTO cards_fts(cards_fts, rowid, id, owner, name, description, tags)
+    VALUES (
+      'delete',
+      old.rowid,
+      old.id,
+      old.owner,
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.name'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        json_extract(old.data, '$.name'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.description'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        json_extract(old.data, '$.description'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        (SELECT group_concat(value, ' ')
+         FROM json_each(json_extract(old.data, '$.metadata.tags'))),
+        ''
+      )
+    );
+    INSERT INTO cards_fts(rowid, id, owner, name, description, tags)
+    VALUES (
+      new.rowid,
+      new.id,
+      new.owner,
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.name'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        json_extract(new.data, '$.name'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.description'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        json_extract(new.data, '$.description'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        (SELECT group_concat(value, ' ')
+         FROM json_each(json_extract(new.data, '$.metadata.tags'))),
+        ''
+      )
+    );
+  END;
+
+  CREATE TRIGGER cards_ad AFTER DELETE ON capability_cards BEGIN
+    INSERT INTO cards_fts(cards_fts, rowid, id, owner, name, description, tags)
+    VALUES (
+      'delete',
+      old.rowid,
+      old.id,
+      old.owner,
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.name'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        json_extract(old.data, '$.name'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.description'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        json_extract(old.data, '$.description'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        (SELECT group_concat(value, ' ')
+         FROM json_each(json_extract(old.data, '$.metadata.tags'))),
+        ''
+      )
+    );
+  END;
+`;
+function openDatabase(path = ":memory:") {
+  const db = new Database(path);
+  db.pragma("journal_mode = WAL");
+  db.pragma("foreign_keys = ON");
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS capability_cards (
+      id TEXT PRIMARY KEY,
+      owner TEXT NOT NULL,
+      data TEXT NOT NULL,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS pending_requests (
+      id TEXT PRIMARY KEY,
+      skill_query TEXT NOT NULL,
+      max_cost_credits REAL NOT NULL,
+      selected_peer TEXT,
+      selected_card_id TEXT,
+      selected_skill_id TEXT,
+      credits REAL NOT NULL,
+      status TEXT NOT NULL DEFAULT 'pending',
+      params TEXT,
+      created_at TEXT NOT NULL,
+      resolved_at TEXT
+    );
+
+    CREATE VIRTUAL TABLE IF NOT EXISTS cards_fts USING fts5(
+      id UNINDEXED,
+      owner,
+      name,
+      description,
+      tags,
+      content=""
+    );
+  `);
+  createRequestLogTable(db);
+  runMigrations(db);
+  return db;
+}
+function runMigrations(db) {
+  const version = db.pragma("user_version")[0]?.user_version ?? 0;
+  if (version < 2) {
+    migrateV1toV2(db);
+  }
+}
+function migrateV1toV2(db) {
+  const migrate = db.transaction(() => {
+    const rows = db.prepare("SELECT rowid, id, data FROM capability_cards").all();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    for (const row of rows) {
+      const parsed = JSON.parse(row.data);
+      if (parsed["spec_version"] === "2.0") continue;
+      const v1 = parsed;
+      const v2 = {
+        spec_version: "2.0",
+        id: v1.id,
+        owner: v1.owner,
+        agent_name: v1.name,
+        skills: [
+          {
+            id: `skill-${v1.id}`,
+            name: v1.name,
+            description: v1.description,
+            level: v1.level,
+            inputs: v1.inputs,
+            outputs: v1.outputs,
+            pricing: v1.pricing,
+            availability: { online: v1.availability.online },
+            powered_by: v1.powered_by,
+            metadata: v1.metadata,
+            _internal: v1._internal
+          }
+        ],
+        availability: v1.availability,
+        created_at: v1.created_at,
+        updated_at: now
+      };
+      db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(
+        JSON.stringify(v2),
+        now,
+        v2.id
+      );
+    }
+    db.exec(V2_FTS_TRIGGERS);
+    db.exec(`INSERT INTO cards_fts(cards_fts) VALUES('delete-all')`);
+    const allRows = db.prepare("SELECT rowid, id, owner, data FROM capability_cards").all();
+    const ftsInsert = db.prepare(
+      "INSERT INTO cards_fts(rowid, id, owner, name, description, tags) VALUES (?, ?, ?, ?, ?, ?)"
+    );
+    for (const row of allRows) {
+      const data = JSON.parse(row.data);
+      const skills = data["skills"] ?? [];
+      let name;
+      let description;
+      let tags;
+      if (skills.length > 0) {
+        name = skills.map((s) => String(s["name"] ?? "")).join(" ");
+        description = skills.map((s) => String(s["description"] ?? "")).join(" ");
+        tags = skills.flatMap((s) => {
+          const meta = s["metadata"];
+          return meta?.["tags"] ?? [];
+        }).join(" ");
+      } else {
+        name = String(data["name"] ?? "");
+        description = String(data["description"] ?? "");
+        const meta = data["metadata"];
+        const rawTags = meta?.["tags"] ?? [];
+        tags = rawTags.join(" ");
+      }
+      ftsInsert.run(row.rowid, row.id, row.owner, name, description, tags);
+    }
+    db.pragma("user_version = 2");
+  });
+  migrate();
+}
+function insertCard(db, card) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const withTimestamps = { ...card, created_at: card.created_at ?? now, updated_at: now };
+  const parsed = CapabilityCardSchema.safeParse(withTimestamps);
+  if (!parsed.success) {
+    throw new AgentBnBError(
+      `Card validation failed: ${parsed.error.message}`,
+      "VALIDATION_ERROR"
+    );
+  }
+  const stmt = db.prepare(`
+    INSERT INTO capability_cards (id, owner, data, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?)
+  `);
+  stmt.run(
+    parsed.data.id,
+    parsed.data.owner,
+    JSON.stringify(parsed.data),
+    parsed.data.created_at ?? now,
+    parsed.data.updated_at ?? now
+  );
+}
+function getCard(db, id) {
+  const stmt = db.prepare("SELECT data FROM capability_cards WHERE id = ?");
+  const row = stmt.get(id);
+  if (!row) return null;
+  return JSON.parse(row.data);
+}
+function updateCard(db, id, owner, updates) {
+  const existing = getCard(db, id);
+  if (!existing) {
+    throw new AgentBnBError(`Card not found: ${id}`, "NOT_FOUND");
+  }
+  if (existing.owner !== owner) {
+    throw new AgentBnBError("Forbidden: you do not own this card", "FORBIDDEN");
+  }
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const merged = { ...existing, ...updates, updated_at: now };
+  const parsed = CapabilityCardSchema.safeParse(merged);
+  if (!parsed.success) {
+    throw new AgentBnBError(
+      `Card validation failed: ${parsed.error.message}`,
+      "VALIDATION_ERROR"
+    );
+  }
+  const stmt = db.prepare(`
+    UPDATE capability_cards
+    SET data = ?, updated_at = ?
+    WHERE id = ?
+  `);
+  stmt.run(JSON.stringify(parsed.data), now, id);
+}
+function updateReputation(db, cardId, success, latencyMs) {
+  const existing = getCard(db, cardId);
+  if (!existing) return;
+  const ALPHA = 0.1;
+  const observed = success ? 1 : 0;
+  const prevSuccessRate = existing.metadata?.success_rate;
+  const prevLatency = existing.metadata?.avg_latency_ms;
+  const newSuccessRate = prevSuccessRate === void 0 ? observed : ALPHA * observed + (1 - ALPHA) * prevSuccessRate;
+  const newLatency = prevLatency === void 0 ? latencyMs : ALPHA * latencyMs + (1 - ALPHA) * prevLatency;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const updatedMetadata = {
+    ...existing.metadata,
+    success_rate: Math.round(newSuccessRate * 1e3) / 1e3,
+    avg_latency_ms: Math.round(newLatency)
+  };
+  const updatedCard = { ...existing, metadata: updatedMetadata, updated_at: now };
+  const stmt = db.prepare(`
+    UPDATE capability_cards
+    SET data = ?, updated_at = ?
+    WHERE id = ?
+  `);
+  stmt.run(JSON.stringify(updatedCard), now, cardId);
+}
+function updateSkillAvailability(db, cardId, skillId, online) {
+  const row = db.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
+  if (!row) return;
+  const card = JSON.parse(row.data);
+  const skills = card["skills"];
+  if (!skills) return;
+  const skill = skills.find((s) => s["id"] === skillId);
+  if (!skill) return;
+  const existing = skill["availability"] ?? {};
+  skill["availability"] = { ...existing, online };
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(
+    JSON.stringify(card),
+    now,
+    cardId
+  );
+}
+function updateSkillIdleRate(db, cardId, skillId, idleRate) {
+  const row = db.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
+  if (!row) return;
+  const card = JSON.parse(row.data);
+  const skills = card["skills"];
+  if (!skills) return;
+  const skill = skills.find((s) => s["id"] === skillId);
+  if (!skill) return;
+  const existing = skill["_internal"] ?? {};
+  skill["_internal"] = {
+    ...existing,
+    idle_rate: idleRate,
+    idle_rate_computed_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(
+    JSON.stringify(card),
+    now,
+    cardId
+  );
+}
+function listCards(db, owner) {
+  let stmt;
+  let rows;
+  if (owner !== void 0) {
+    stmt = db.prepare("SELECT data FROM capability_cards WHERE owner = ?");
+    rows = stmt.all(owner);
+  } else {
+    stmt = db.prepare("SELECT data FROM capability_cards");
+    rows = stmt.all();
+  }
+  return rows.map((row) => JSON.parse(row.data));
+}
+
+// src/autonomy/idle-monitor.ts
+var IdleMonitor = class {
+  job;
+  owner;
+  db;
+  idleThreshold;
+  autonomyConfig;
+  /**
+   * Creates a new IdleMonitor instance. The Cron job is constructed paused.
+   * Call `start()` to activate polling.
+   *
+   * @param opts - IdleMonitor configuration options.
+   */
+  constructor(opts) {
+    this.owner = opts.owner;
+    this.db = opts.db;
+    this.idleThreshold = opts.idleThreshold ?? 0.7;
+    this.autonomyConfig = opts.autonomyConfig ?? DEFAULT_AUTONOMY_CONFIG;
+    this.job = new Cron("0 * * * * *", { paused: true }, () => {
+      void this.poll();
+    });
+  }
+  /**
+   * Starts the Cron polling loop by resuming the paused job.
+   *
+   * @returns The Cron job instance, for registration with AgentRuntime.registerJob().
+   */
+  start() {
+    this.job.resume();
+    return this.job;
+  }
+  /**
+   * Returns the underlying Cron job instance.
+   * Used for testing or for registering with AgentRuntime.registerJob() without starting.
+   *
+   * @returns The Cron job instance.
+   */
+  getJob() {
+    return this.job;
+  }
+  /**
+   * Polls the registry for all v2.0 cards owned by this agent, computes per-skill
+   * idle rates from the past hour of request_log data, and triggers auto-share if eligible.
+   *
+   * Called automatically by the Cron job every 60 seconds.
+   * Can be called directly in tests without needing to wait for the timer.
+   */
+  async poll() {
+    const cards = listCards(this.db, this.owner);
+    for (const card of cards) {
+      const maybeV2 = card;
+      if (!Array.isArray(maybeV2.skills)) {
+        continue;
+      }
+      for (const skill of maybeV2.skills) {
+        const capacity = skill.metadata?.capacity?.calls_per_hour ?? 60;
+        const count = getSkillRequestCount(this.db, skill.id, 60 * 60 * 1e3);
+        const idleRate = Math.max(0, 1 - count / capacity);
+        updateSkillIdleRate(this.db, card.id, skill.id, idleRate);
+        const isOnline = skill.availability?.online ?? false;
+        if (idleRate >= this.idleThreshold && !isOnline) {
+          const tier = getAutonomyTier(0, this.autonomyConfig);
+          if (tier === 1) {
+            updateSkillAvailability(this.db, card.id, skill.id, true);
+            insertAuditEvent(this.db, {
+              type: "auto_share",
+              skill_id: skill.id,
+              tier_invoked: 1,
+              idle_rate: idleRate
+            });
+          } else if (tier === 2) {
+            updateSkillAvailability(this.db, card.id, skill.id, true);
+            insertAuditEvent(this.db, {
+              type: "auto_share_notify",
+              skill_id: skill.id,
+              tier_invoked: 2,
+              idle_rate: idleRate
+            });
+          } else {
+            insertAuditEvent(this.db, {
+              type: "auto_share_pending",
+              skill_id: skill.id,
+              tier_invoked: 3,
+              idle_rate: idleRate
+            });
+          }
+        }
+      }
+    }
+  }
+};
+
+// src/credit/ledger.ts
+import Database2 from "better-sqlite3";
+import { randomUUID as randomUUID2 } from "crypto";
+var CREDIT_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS credit_balances (
+    owner TEXT PRIMARY KEY,
+    balance INTEGER NOT NULL DEFAULT 0,
+    updated_at TEXT NOT NULL
+  );
+
+  CREATE TABLE IF NOT EXISTS credit_transactions (
+    id TEXT PRIMARY KEY,
+    owner TEXT NOT NULL,
+    amount INTEGER NOT NULL,
+    reason TEXT NOT NULL,
+    reference_id TEXT,
+    created_at TEXT NOT NULL
+  );
+
+  CREATE TABLE IF NOT EXISTS credit_escrow (
+    id TEXT PRIMARY KEY,
+    owner TEXT NOT NULL,
+    amount INTEGER NOT NULL,
+    card_id TEXT NOT NULL,
+    status TEXT NOT NULL DEFAULT 'held',
+    created_at TEXT NOT NULL,
+    settled_at TEXT
+  );
+
+  CREATE INDEX IF NOT EXISTS idx_transactions_owner ON credit_transactions(owner, created_at);
+  CREATE INDEX IF NOT EXISTS idx_escrow_owner ON credit_escrow(owner);
+`;
+function openCreditDb(path = ":memory:") {
+  const db = new Database2(path);
+  db.pragma("journal_mode = WAL");
+  db.pragma("foreign_keys = ON");
+  db.exec(CREDIT_SCHEMA);
+  return db;
+}
+function bootstrapAgent(db, owner, amount = 100) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  db.transaction(() => {
+    const result = db.prepare("INSERT OR IGNORE INTO credit_balances (owner, balance, updated_at) VALUES (?, ?, ?)").run(owner, amount, now);
+    if (result.changes > 0) {
+      db.prepare(
+        "INSERT INTO credit_transactions (id, owner, amount, reason, reference_id, created_at) VALUES (?, ?, ?, ?, ?, ?)"
+      ).run(randomUUID2(), owner, amount, "bootstrap", null, now);
+    }
+  })();
+}
+function getBalance(db, owner) {
+  const row = db.prepare("SELECT balance FROM credit_balances WHERE owner = ?").get(owner);
+  return row?.balance ?? 0;
+}
+function getTransactions(db, owner, limit = 100) {
+  return db.prepare(
+    "SELECT id, owner, amount, reason, reference_id, created_at FROM credit_transactions WHERE owner = ? ORDER BY created_at DESC LIMIT ?"
+  ).all(owner, limit);
+}
+
+// src/credit/budget.ts
+var DEFAULT_BUDGET_CONFIG = {
+  reserve_credits: 20
+};
+var BudgetManager = class {
+  /**
+   * Creates a new BudgetManager.
+   *
+   * @param creditDb - The credit SQLite database instance.
+   * @param owner - Agent owner identifier.
+   * @param config - Budget configuration. Defaults to DEFAULT_BUDGET_CONFIG (20 credit reserve).
+   */
+  constructor(creditDb, owner, config = DEFAULT_BUDGET_CONFIG) {
+    this.creditDb = creditDb;
+    this.owner = owner;
+    this.config = config;
+  }
+  /**
+   * Returns the number of credits available for spending.
+   * Computed as: max(0, balance - reserve_credits).
+   * Always returns a non-negative number — never goes below zero.
+   *
+   * @returns Available credits (balance minus reserve, floored at 0).
+   */
+  availableCredits() {
+    const balance = getBalance(this.creditDb, this.owner);
+    return Math.max(0, balance - this.config.reserve_credits);
+  }
+  /**
+   * Returns true if spending `amount` credits is permitted by budget rules.
+   *
+   * Rules:
+   * - Zero-cost calls (amount <= 0) always return true.
+   * - Any positive amount requires availableCredits() >= amount.
+   * - If balance is at or below the reserve floor, all positive-cost calls return false.
+   *
+   * @param amount - Number of credits to spend.
+   * @returns true if the spend is allowed, false if it would breach the reserve floor.
+   */
+  canSpend(amount) {
+    if (amount <= 0) return true;
+    return this.availableCredits() >= amount;
+  }
+};
+
+// src/registry/matcher.ts
+function searchCards(db, query, filters = {}) {
+  const words = query.trim().split(/\s+/).map((w) => w.replace(/"/g, "")).filter((w) => w.length > 0);
+  if (words.length === 0) return [];
+  const ftsQuery = words.map((w) => `"${w}"`).join(" OR ");
+  const conditions = [];
+  const params = [ftsQuery];
+  if (filters.level !== void 0) {
+    conditions.push(`json_extract(cc.data, '$.level') = ?`);
+    params.push(filters.level);
+  }
+  if (filters.online !== void 0) {
+    conditions.push(`json_extract(cc.data, '$.availability.online') = ?`);
+    params.push(filters.online ? 1 : 0);
+  }
+  const whereClause = conditions.length > 0 ? `AND ${conditions.join(" AND ")}` : "";
+  const sql = `
+    SELECT cc.data
+    FROM capability_cards cc
+    JOIN cards_fts ON cc.rowid = cards_fts.rowid
+    WHERE cards_fts MATCH ?
+      ${whereClause}
+    ORDER BY bm25(cards_fts)
+    LIMIT 50
+  `;
+  const stmt = db.prepare(sql);
+  const rows = stmt.all(...params);
+  const results = rows.map((row) => JSON.parse(row.data));
+  if (filters.apis_used && filters.apis_used.length > 0) {
+    const requiredApis = filters.apis_used;
+    return results.filter((card) => {
+      const cardApis = card.metadata?.apis_used ?? [];
+      return requiredApis.every((api) => cardApis.includes(api));
+    });
+  }
+  return results;
+}
+function filterCards(db, filters) {
+  const conditions = [];
+  const params = [];
+  if (filters.level !== void 0) {
+    conditions.push(`json_extract(data, '$.level') = ?`);
+    params.push(filters.level);
+  }
+  if (filters.online !== void 0) {
+    conditions.push(`json_extract(data, '$.availability.online') = ?`);
+    params.push(filters.online ? 1 : 0);
+  }
+  const whereClause = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+  const sql = `SELECT data FROM capability_cards ${whereClause}`;
+  const stmt = db.prepare(sql);
+  const rows = stmt.all(...params);
+  return rows.map((row) => JSON.parse(row.data));
+}
+
+// src/credit/escrow.ts
+import { randomUUID as randomUUID3 } from "crypto";
+function holdEscrow(db, owner, amount, cardId) {
+  const escrowId = randomUUID3();
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const hold = db.transaction(() => {
+    const row = db.prepare("SELECT balance FROM credit_balances WHERE owner = ?").get(owner);
+    if (!row || row.balance < amount) {
+      throw new AgentBnBError("Insufficient credits", "INSUFFICIENT_CREDITS");
+    }
+    db.prepare(
+      "UPDATE credit_balances SET balance = balance - ?, updated_at = ? WHERE owner = ? AND balance >= ?"
+    ).run(amount, now, owner, amount);
+    db.prepare(
+      "INSERT INTO credit_escrow (id, owner, amount, card_id, status, created_at) VALUES (?, ?, ?, ?, ?, ?)"
+    ).run(escrowId, owner, amount, cardId, "held", now);
+    db.prepare(
+      "INSERT INTO credit_transactions (id, owner, amount, reason, reference_id, created_at) VALUES (?, ?, ?, ?, ?, ?)"
+    ).run(randomUUID3(), owner, -amount, "escrow_hold", escrowId, now);
+  });
+  hold();
+  return escrowId;
+}
+function settleEscrow(db, escrowId, recipientOwner) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const settle = db.transaction(() => {
+    const escrow = db.prepare("SELECT id, owner, amount, status FROM credit_escrow WHERE id = ?").get(escrowId);
+    if (!escrow) {
+      throw new AgentBnBError(`Escrow not found: ${escrowId}`, "ESCROW_NOT_FOUND");
+    }
+    if (escrow.status !== "held") {
+      throw new AgentBnBError(
+        `Escrow ${escrowId} is already ${escrow.status}`,
+        "ESCROW_ALREADY_SETTLED"
+      );
+    }
+    db.prepare(
+      "INSERT OR IGNORE INTO credit_balances (owner, balance, updated_at) VALUES (?, 0, ?)"
+    ).run(recipientOwner, now);
+    db.prepare(
+      "UPDATE credit_balances SET balance = balance + ?, updated_at = ? WHERE owner = ?"
+    ).run(escrow.amount, now, recipientOwner);
+    db.prepare(
+      "UPDATE credit_escrow SET status = ?, settled_at = ? WHERE id = ?"
+    ).run("settled", now, escrowId);
+    db.prepare(
+      "INSERT INTO credit_transactions (id, owner, amount, reason, reference_id, created_at) VALUES (?, ?, ?, ?, ?, ?)"
+    ).run(randomUUID3(), recipientOwner, escrow.amount, "settlement", escrowId, now);
+  });
+  settle();
+}
+function releaseEscrow(db, escrowId) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const release = db.transaction(() => {
+    const escrow = db.prepare("SELECT id, owner, amount, status FROM credit_escrow WHERE id = ?").get(escrowId);
+    if (!escrow) {
+      throw new AgentBnBError(`Escrow not found: ${escrowId}`, "ESCROW_NOT_FOUND");
+    }
+    if (escrow.status !== "held") {
+      throw new AgentBnBError(
+        `Escrow ${escrowId} is already ${escrow.status}`,
+        "ESCROW_ALREADY_SETTLED"
+      );
+    }
+    db.prepare(
+      "UPDATE credit_balances SET balance = balance + ?, updated_at = ? WHERE owner = ?"
+    ).run(escrow.amount, now, escrow.owner);
+    db.prepare(
+      "UPDATE credit_escrow SET status = ?, settled_at = ? WHERE id = ?"
+    ).run("released", now, escrowId);
+    db.prepare(
+      "INSERT INTO credit_transactions (id, owner, amount, reason, reference_id, created_at) VALUES (?, ?, ?, ?, ?, ?)"
+    ).run(randomUUID3(), escrow.owner, escrow.amount, "refund", escrowId, now);
+  });
+  release();
+}
+
+// src/gateway/client.ts
+import { randomUUID as randomUUID4 } from "crypto";
+async function requestCapability(opts) {
+  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4 } = opts;
+  const id = randomUUID4();
+  const payload = {
+    jsonrpc: "2.0",
+    id,
+    method: "capability.execute",
+    params: { card_id: cardId, ...params }
+  };
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  let response;
+  try {
+    response = await fetch(`${gatewayUrl}/rpc`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${token}`
+      },
+      body: JSON.stringify(payload),
+      signal: controller.signal
+    });
+  } catch (err) {
+    clearTimeout(timer);
+    const isTimeout = err instanceof Error && err.name === "AbortError";
+    throw new AgentBnBError(
+      isTimeout ? "Request timed out" : `Network error: ${String(err)}`,
+      isTimeout ? "TIMEOUT" : "NETWORK_ERROR"
+    );
+  } finally {
+    clearTimeout(timer);
+  }
+  const body = await response.json();
+  if (body.error) {
+    throw new AgentBnBError(body.error.message, `RPC_ERROR_${body.error.code}`);
+  }
+  return body.result;
+}
+
+// src/autonomy/pending-requests.ts
+import { randomUUID as randomUUID5 } from "crypto";
+function createPendingRequest(db, opts) {
+  const id = randomUUID5();
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const paramsJson = opts.params !== void 0 ? JSON.stringify(opts.params) : null;
+  db.prepare(`
+    INSERT INTO pending_requests (
+      id, skill_query, max_cost_credits, selected_peer, selected_card_id,
+      selected_skill_id, credits, status, params, created_at, resolved_at
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, 'pending', ?, ?, NULL)
+  `).run(
+    id,
+    opts.skill_query,
+    opts.max_cost_credits,
+    opts.selected_peer ?? null,
+    opts.selected_card_id ?? null,
+    opts.selected_skill_id ?? null,
+    opts.credits,
+    paramsJson,
+    now
+  );
+  return id;
+}
+function listPendingRequests(db) {
+  const rows = db.prepare(`SELECT * FROM pending_requests WHERE status = 'pending' ORDER BY created_at DESC`).all();
+  return rows;
+}
+function resolvePendingRequest(db, id, resolution) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const result = db.prepare(
+    `UPDATE pending_requests SET status = ?, resolved_at = ? WHERE id = ?`
+  ).run(resolution, now, id);
+  if (result.changes === 0) {
+    throw new AgentBnBError(
+      `Pending request not found: ${id}`,
+      "NOT_FOUND"
+    );
+  }
+}
+
+// src/cli/peers.ts
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, existsSync as existsSync3, mkdirSync as mkdirSync2 } from "fs";
+import { join as join3 } from "path";
+function getPeersPath() {
+  return join3(getConfigDir(), "peers.json");
+}
+function loadPeers() {
+  const peersPath = getPeersPath();
+  if (!existsSync3(peersPath)) {
+    return [];
+  }
+  try {
+    const raw = readFileSync3(peersPath, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return [];
+  }
+}
+function writePeers(peers) {
+  const dir = getConfigDir();
+  if (!existsSync3(dir)) {
+    mkdirSync2(dir, { recursive: true });
+  }
+  writeFileSync3(getPeersPath(), JSON.stringify(peers, null, 2), "utf-8");
+}
+function savePeer(peer) {
+  const peers = loadPeers();
+  const lowerName = peer.name.toLowerCase();
+  const existing = peers.findIndex((p) => p.name.toLowerCase() === lowerName);
+  if (existing >= 0) {
+    peers[existing] = peer;
+  } else {
+    peers.push(peer);
+  }
+  writePeers(peers);
+}
+function removePeer(name) {
+  const peers = loadPeers();
+  const lowerName = name.toLowerCase();
+  const filtered = peers.filter((p) => p.name.toLowerCase() !== lowerName);
+  if (filtered.length === peers.length) {
+    return false;
+  }
+  writePeers(filtered);
+  return true;
+}
+function findPeer(name) {
+  const peers = loadPeers();
+  const lowerName = name.toLowerCase();
+  return peers.find((p) => p.name.toLowerCase() === lowerName) ?? null;
+}
+
+// src/autonomy/auto-request.ts
+function minMaxNormalize(values) {
+  if (values.length === 0) return [];
+  if (values.length === 1) return [1];
+  const min = Math.min(...values);
+  const max = Math.max(...values);
+  if (max === min) {
+    return values.map(() => 1);
+  }
+  return values.map((v) => (v - min) / (max - min));
+}
+function scorePeers(candidates, selfOwner) {
+  const eligible = candidates.filter((c) => c.card.owner !== selfOwner);
+  if (eligible.length === 0) return [];
+  const successRates = eligible.map((c) => c.card.metadata?.success_rate ?? 0.5);
+  const costEfficiencies = eligible.map((c) => c.cost === 0 ? 1 : 1 / c.cost);
+  const idleRates = eligible.map((c) => {
+    const internal = c.card._internal;
+    const idleRate = internal?.idle_rate;
+    return typeof idleRate === "number" ? idleRate : 1;
+  });
+  const normSuccess = minMaxNormalize(successRates);
+  const normCost = minMaxNormalize(costEfficiencies);
+  const normIdle = minMaxNormalize(idleRates);
+  const scored = eligible.map((c, i) => ({
+    ...c,
+    rawScore: (normSuccess[i] ?? 0) * (normCost[i] ?? 0) * (normIdle[i] ?? 0)
+  }));
+  scored.sort((a, b) => b.rawScore - a.rawScore);
+  return scored;
+}
+var AutoRequestor = class {
+  owner;
+  registryDb;
+  creditDb;
+  autonomyConfig;
+  budgetManager;
+  /**
+   * Creates a new AutoRequestor.
+   *
+   * @param opts - Configuration for this AutoRequestor instance.
+   */
+  constructor(opts) {
+    this.owner = opts.owner;
+    this.registryDb = opts.registryDb;
+    this.creditDb = opts.creditDb;
+    this.autonomyConfig = opts.autonomyConfig;
+    this.budgetManager = opts.budgetManager;
+  }
+  /**
+   * Executes an autonomous capability request.
+   *
+   * Performs the full flow:
+   * 1. Search for matching capability cards
+   * 2. Filter self-owned and over-budget candidates
+   * 3. Score candidates using min-max normalized composite scoring
+   * 4. Resolve peer gateway config
+   * 5. Check autonomy tier (Tier 3 queues to pending_requests)
+   * 6. Check budget reserve
+   * 7. Hold escrow
+   * 8. Execute via peer gateway
+   * 9. Settle or release escrow based on outcome
+   * 10. Log audit event (for Tier 2 notifications and all failures)
+   *
+   * @param need - The capability need to fulfill.
+   * @returns The result of the auto-request attempt.
+   */
+  async requestWithAutonomy(need) {
+    const cards = searchCards(this.registryDb, need.query, { online: true });
+    const candidates = [];
+    for (const card of cards) {
+      const cardAsV2 = card;
+      if (Array.isArray(cardAsV2.skills)) {
+        for (const skill of cardAsV2.skills) {
+          const cost = skill.pricing.credits_per_call;
+          if (cost <= need.maxCostCredits) {
+            candidates.push({ card, cost, skillId: skill.id });
+          }
+        }
+      } else {
+        const cost = card.pricing.credits_per_call;
+        if (cost <= need.maxCostCredits) {
+          candidates.push({ card, cost, skillId: void 0 });
+        }
+      }
+    }
+    const scored = scorePeers(candidates, this.owner);
+    if (scored.length === 0) {
+      this.logFailure("auto_request_failed", "system", "none", 3, 0, "none", "No eligible peer found");
+      return { status: "no_peer", reason: "No eligible peer found" };
+    }
+    const top = scored[0];
+    const peerConfig = findPeer(top.card.owner);
+    if (!peerConfig) {
+      this.logFailure("auto_request_failed", top.card.id, top.skillId ?? "none", 3, top.cost, top.card.owner, "No gateway config for peer");
+      return { status: "no_peer", reason: "No gateway config for peer" };
+    }
+    const tier = getAutonomyTier(top.cost, this.autonomyConfig);
+    if (tier === 3) {
+      createPendingRequest(this.registryDb, {
+        skill_query: need.query,
+        max_cost_credits: need.maxCostCredits,
+        credits: top.cost,
+        selected_peer: top.card.owner,
+        selected_card_id: top.card.id,
+        selected_skill_id: top.skillId,
+        params: need.params
+      });
+      insertAuditEvent(this.registryDb, {
+        type: "auto_request_pending",
+        card_id: top.card.id,
+        skill_id: top.skillId ?? top.card.id,
+        tier_invoked: 3,
+        credits: top.cost,
+        peer: top.card.owner
+      });
+      return {
+        status: "tier_blocked",
+        reason: "Tier 3: owner approval required",
+        peer: top.card.owner
+      };
+    }
+    if (!this.budgetManager.canSpend(top.cost)) {
+      this.logFailure("auto_request_failed", top.card.id, top.skillId ?? "none", tier, top.cost, top.card.owner, "Budget reserve would be breached");
+      return { status: "budget_blocked", reason: "Insufficient credits \u2014 reserve floor would be breached" };
+    }
+    const escrowId = holdEscrow(this.creditDb, this.owner, top.cost, top.card.id);
+    try {
+      const execResult = await requestCapability({
+        gatewayUrl: peerConfig.url,
+        token: peerConfig.token,
+        cardId: top.card.id,
+        params: top.skillId ? { skill_id: top.skillId, ...need.params } : need.params
+      });
+      settleEscrow(this.creditDb, escrowId, top.card.owner);
+      if (tier === 2) {
+        insertAuditEvent(this.registryDb, {
+          type: "auto_request_notify",
+          card_id: top.card.id,
+          skill_id: top.skillId ?? top.card.id,
+          tier_invoked: 2,
+          credits: top.cost,
+          peer: top.card.owner
+        });
+      } else {
+        insertAuditEvent(this.registryDb, {
+          type: "auto_request",
+          card_id: top.card.id,
+          skill_id: top.skillId ?? top.card.id,
+          tier_invoked: 1,
+          credits: top.cost,
+          peer: top.card.owner
+        });
+      }
+      return {
+        status: "success",
+        result: execResult,
+        escrowId,
+        peer: top.card.owner,
+        creditsSpent: top.cost
+      };
+    } catch (err) {
+      releaseEscrow(this.creditDb, escrowId);
+      const reason = err instanceof Error ? err.message : String(err);
+      this.logFailure("auto_request_failed", top.card.id, top.skillId ?? "none", tier, top.cost, top.card.owner, `Execution failed: ${reason}`);
+      return {
+        status: "failed",
+        reason: `Execution failed: ${reason}`,
+        peer: top.card.owner
+      };
+    }
+  }
+  /**
+   * Logs a failure audit event to request_log.
+   * Used for all non-success paths to satisfy REQ-06.
+   */
+  logFailure(type, cardId, skillId, tier, credits, peer, reason) {
+    insertAuditEvent(this.registryDb, {
+      type,
+      card_id: cardId,
+      skill_id: skillId,
+      tier_invoked: tier,
+      credits,
+      peer,
+      reason
+    });
+  }
+};
+
+// src/cli/remote-registry.ts
+var RegistryTimeoutError = class extends AgentBnBError {
+  constructor(url) {
+    super(
+      `Registry at ${url} did not respond within 5s. Showing local results only.`,
+      "REGISTRY_TIMEOUT"
+    );
+    this.name = "RegistryTimeoutError";
+  }
+};
+var RegistryConnectionError = class extends AgentBnBError {
+  constructor(url) {
+    super(
+      `Cannot reach ${url}. Is the registry running? Showing local results only.`,
+      "REGISTRY_CONNECTION"
+    );
+    this.name = "RegistryConnectionError";
+  }
+};
+var RegistryAuthError = class extends AgentBnBError {
+  constructor(url) {
+    super(
+      `Authentication failed for ${url}. Run \`agentbnb config set token <your-token>\`.`,
+      "REGISTRY_AUTH"
+    );
+    this.name = "RegistryAuthError";
+  }
+};
+async function fetchRemoteCards(registryUrl, params, timeoutMs = 5e3) {
+  let cardsUrl;
+  try {
+    cardsUrl = new URL("/cards", registryUrl);
+  } catch {
+    throw new AgentBnBError(`Invalid registry URL: ${registryUrl}`, "INVALID_REGISTRY_URL");
+  }
+  const searchParams = new URLSearchParams();
+  if (params.q !== void 0) searchParams.set("q", params.q);
+  if (params.level !== void 0) searchParams.set("level", String(params.level));
+  if (params.online !== void 0) searchParams.set("online", String(params.online));
+  if (params.tag !== void 0) searchParams.set("tag", params.tag);
+  searchParams.set("limit", "100");
+  cardsUrl.search = searchParams.toString();
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  let response;
+  try {
+    response = await fetch(cardsUrl.toString(), { signal: controller.signal });
+  } catch (err) {
+    clearTimeout(timer);
+    const isTimeout = err instanceof Error && err.name === "AbortError";
+    if (isTimeout) {
+      throw new RegistryTimeoutError(registryUrl);
+    }
+    throw new RegistryConnectionError(registryUrl);
+  } finally {
+    clearTimeout(timer);
+  }
+  if (response.status === 401 || response.status === 403) {
+    throw new RegistryAuthError(registryUrl);
+  }
+  if (!response.ok) {
+    throw new RegistryConnectionError(registryUrl);
+  }
+  const body = await response.json();
+  return body.items;
+}
+function mergeResults(localCards, remoteCards, hasQuery) {
+  const taggedLocal = localCards.map((c) => ({ ...c, source: "local" }));
+  const taggedRemote = remoteCards.map((c) => ({ ...c, source: "remote" }));
+  const localIds = new Set(localCards.map((c) => c.id));
+  const dedupedRemote = taggedRemote.filter((c) => !localIds.has(c.id));
+  if (!hasQuery) {
+    return [...taggedLocal, ...dedupedRemote];
+  }
+  const result = [];
+  const maxLen = Math.max(taggedLocal.length, dedupedRemote.length);
+  for (let i = 0; i < maxLen; i++) {
+    if (i < taggedLocal.length) result.push(taggedLocal[i]);
+    if (i < dedupedRemote.length) result.push(dedupedRemote[i]);
+  }
+  return result;
+}
+
+// src/cli/onboarding.ts
+import { randomUUID as randomUUID6 } from "crypto";
+import { createConnection } from "net";
+var KNOWN_API_KEYS = [
+  "OPENAI_API_KEY",
+  "ANTHROPIC_API_KEY",
+  "ELEVENLABS_API_KEY",
+  "KLING_API_KEY",
+  "STABILITY_API_KEY",
+  "REPLICATE_API_TOKEN",
+  "GOOGLE_API_KEY",
+  "AZURE_OPENAI_API_KEY",
+  "COHERE_API_KEY",
+  "MISTRAL_API_KEY"
+];
+var API_TEMPLATES = {
+  OPENAI_API_KEY: {
+    name: "OpenAI Text Generation",
+    description: "Text completion and chat via OpenAI API",
+    level: 1,
+    inputs: [{ name: "prompt", type: "text", required: true }],
+    outputs: [{ name: "completion", type: "text", required: true }],
+    pricing: { credits_per_call: 5 },
+    powered_by: [{ provider: "OpenAI", model: "GPT-4o" }],
+    metadata: { apis_used: ["openai"], tags: ["llm", "text", "generation"] }
+  },
+  ANTHROPIC_API_KEY: {
+    name: "Anthropic Claude",
+    description: "Text reasoning and analysis via Anthropic Claude API",
+    level: 1,
+    inputs: [{ name: "prompt", type: "text", required: true }],
+    outputs: [{ name: "response", type: "text", required: true }],
+    pricing: { credits_per_call: 5 },
+    powered_by: [{ provider: "Anthropic", model: "Claude" }],
+    metadata: { apis_used: ["anthropic"], tags: ["llm", "text", "reasoning"] }
+  },
+  ELEVENLABS_API_KEY: {
+    name: "ElevenLabs Text-to-Speech",
+    description: "High-quality voice synthesis via ElevenLabs API",
+    level: 1,
+    inputs: [{ name: "text", type: "text", required: true }],
+    outputs: [{ name: "audio", type: "audio", required: true }],
+    pricing: { credits_per_call: 10 },
+    powered_by: [{ provider: "ElevenLabs" }],
+    metadata: { apis_used: ["elevenlabs"], tags: ["tts", "audio", "voice"] }
+  },
+  KLING_API_KEY: {
+    name: "Kling Video Generation",
+    description: "AI video generation via Kling API",
+    level: 1,
+    inputs: [{ name: "prompt", type: "text", required: true }],
+    outputs: [{ name: "video", type: "video", required: true }],
+    pricing: { credits_per_call: 50 },
+    powered_by: [{ provider: "Kling", model: "v1.5" }],
+    metadata: { apis_used: ["kling"], tags: ["video", "generation", "ai"] }
+  },
+  STABILITY_API_KEY: {
+    name: "Stability AI Image Generation",
+    description: "Image generation via Stability AI (Stable Diffusion)",
+    level: 1,
+    inputs: [{ name: "prompt", type: "text", required: true }],
+    outputs: [{ name: "image", type: "image", required: true }],
+    pricing: { credits_per_call: 8 },
+    powered_by: [{ provider: "Stability AI", model: "SDXL" }],
+    metadata: { apis_used: ["stability"], tags: ["image", "generation", "diffusion"] }
+  },
+  REPLICATE_API_TOKEN: {
+    name: "Replicate Model Runner",
+    description: "Run open-source models via Replicate API",
+    level: 1,
+    inputs: [{ name: "input", type: "json", required: true }],
+    outputs: [{ name: "output", type: "json", required: true }],
+    pricing: { credits_per_call: 10 },
+    powered_by: [{ provider: "Replicate" }],
+    metadata: { apis_used: ["replicate"], tags: ["ml", "inference"] }
+  },
+  GOOGLE_API_KEY: {
+    name: "Google AI (Gemini)",
+    description: "Multimodal AI via Google Gemini API",
+    level: 1,
+    inputs: [{ name: "prompt", type: "text", required: true }],
+    outputs: [{ name: "response", type: "text", required: true }],
+    pricing: { credits_per_call: 5 },
+    powered_by: [{ provider: "Google", model: "Gemini" }],
+    metadata: { apis_used: ["google"], tags: ["llm", "multimodal", "text"] }
+  },
+  AZURE_OPENAI_API_KEY: {
+    name: "Azure OpenAI Service",
+    description: "OpenAI models hosted on Azure cloud",
+    level: 1,
+    inputs: [{ name: "prompt", type: "text", required: true }],
+    outputs: [{ name: "completion", type: "text", required: true }],
+    pricing: { credits_per_call: 5 },
+    powered_by: [{ provider: "Azure OpenAI" }],
+    metadata: { apis_used: ["azure-openai"], tags: ["llm", "text", "azure"] }
+  },
+  COHERE_API_KEY: {
+    name: "Cohere Language AI",
+    description: "Text generation and embeddings via Cohere API",
+    level: 1,
+    inputs: [{ name: "text", type: "text", required: true }],
+    outputs: [{ name: "response", type: "text", required: true }],
+    pricing: { credits_per_call: 3 },
+    powered_by: [{ provider: "Cohere" }],
+    metadata: { apis_used: ["cohere"], tags: ["llm", "embeddings", "text"] }
+  },
+  MISTRAL_API_KEY: {
+    name: "Mistral AI",
+    description: "Text generation via Mistral AI API",
+    level: 1,
+    inputs: [{ name: "prompt", type: "text", required: true }],
+    outputs: [{ name: "response", type: "text", required: true }],
+    pricing: { credits_per_call: 4 },
+    powered_by: [{ provider: "Mistral" }],
+    metadata: { apis_used: ["mistral"], tags: ["llm", "text", "generation"] }
+  }
+};
+function detectApiKeys(knownKeys) {
+  return knownKeys.filter((key) => key in process.env);
+}
+async function isPortOpen(port, host = "127.0.0.1", timeoutMs = 300) {
+  return new Promise((resolve) => {
+    const socket = createConnection({ port, host });
+    const timer = setTimeout(() => {
+      socket.destroy();
+      resolve(false);
+    }, timeoutMs);
+    socket.on("connect", () => {
+      clearTimeout(timer);
+      socket.destroy();
+      resolve(true);
+    });
+    socket.on("error", () => {
+      clearTimeout(timer);
+      resolve(false);
+    });
+  });
+}
+async function detectOpenPorts(ports) {
+  const results = await Promise.all(
+    ports.map(async (port) => ({ port, open: await isPortOpen(port) }))
+  );
+  return results.filter((r) => r.open).map((r) => r.port);
+}
+function buildDraftCard(apiKey, owner) {
+  const template = API_TEMPLATES[apiKey];
+  if (!template) return null;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    spec_version: "1.0",
+    id: randomUUID6(),
+    owner,
+    name: template.name,
+    description: template.description,
+    level: template.level,
+    inputs: template.inputs,
+    outputs: template.outputs,
+    pricing: template.pricing,
+    availability: { online: true },
+    powered_by: template.powered_by,
+    metadata: {
+      apis_used: template.metadata.apis_used,
+      tags: template.metadata.tags
+    },
+    created_at: now,
+    updated_at: now
+  };
+}
+
+// src/runtime/agent-runtime.ts
+import { readFileSync as readFileSync4, existsSync as existsSync4 } from "fs";
+
+// src/skills/executor.ts
+var SkillExecutor = class {
+  skillMap;
+  modeMap;
+  /**
+   * @param configs - Parsed SkillConfig array (from parseSkillsFile).
+   * @param modes - Map from skill type string to its executor implementation.
+   */
+  constructor(configs, modes) {
+    this.skillMap = new Map(configs.map((c) => [c.id, c]));
+    this.modeMap = modes;
+  }
+  /**
+   * Execute a skill by ID with the given input parameters.
+   *
+   * Dispatch order:
+   * 1. Look up skill config by skillId.
+   * 2. Find executor mode by config.type.
+   * 3. Invoke mode.execute(), wrap with latency timing.
+   * 4. Catch any thrown errors and return as ExecutionResult with success:false.
+   *
+   * @param skillId - The ID of the skill to execute.
+   * @param params - Input parameters for the skill.
+   * @returns ExecutionResult including success, result/error, and latency_ms.
+   */
+  async execute(skillId, params) {
+    const startTime = Date.now();
+    const config = this.skillMap.get(skillId);
+    if (!config) {
+      return {
+        success: false,
+        error: `Skill not found: "${skillId}"`,
+        latency_ms: Date.now() - startTime
+      };
+    }
+    const mode = this.modeMap.get(config.type);
+    if (!mode) {
+      return {
+        success: false,
+        error: `No executor registered for skill type "${config.type}" (skill: "${skillId}")`,
+        latency_ms: Date.now() - startTime
+      };
+    }
+    try {
+      const modeResult = await mode.execute(config, params);
+      return {
+        ...modeResult,
+        latency_ms: Date.now() - startTime
+      };
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: message,
+        latency_ms: Date.now() - startTime
+      };
+    }
+  }
+  /**
+   * Returns the IDs of all registered skills.
+   *
+   * @returns Array of skill ID strings.
+   */
+  listSkills() {
+    return Array.from(this.skillMap.keys());
+  }
+  /**
+   * Returns the SkillConfig for a given skill ID, or undefined if not found.
+   *
+   * @param skillId - The skill ID to look up.
+   * @returns The SkillConfig or undefined.
+   */
+  getSkillConfig(skillId) {
+    return this.skillMap.get(skillId);
+  }
+};
+function createSkillExecutor(configs, modes) {
+  return new SkillExecutor(configs, modes);
+}
+
+// src/skills/skill-config.ts
+import { z as z2 } from "zod";
+import yaml from "js-yaml";
+var PricingSchema = z2.object({
+  credits_per_call: z2.number().nonnegative(),
+  credits_per_minute: z2.number().nonnegative().optional(),
+  free_tier: z2.number().nonnegative().optional()
+});
+var ApiAuthSchema = z2.discriminatedUnion("type", [
+  z2.object({
+    type: z2.literal("bearer"),
+    token: z2.string()
+  }),
+  z2.object({
+    type: z2.literal("apikey"),
+    header: z2.string().default("X-API-Key"),
+    key: z2.string()
+  }),
+  z2.object({
+    type: z2.literal("basic"),
+    username: z2.string(),
+    password: z2.string()
+  })
+]);
+var ApiSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("api"),
+  name: z2.string().min(1),
+  endpoint: z2.string().min(1),
+  method: z2.enum(["GET", "POST", "PUT", "DELETE"]),
+  auth: ApiAuthSchema.optional(),
+  input_mapping: z2.record(z2.string()).default({}),
+  output_mapping: z2.record(z2.string()).default({}),
+  pricing: PricingSchema,
+  timeout_ms: z2.number().positive().default(3e4),
+  retries: z2.number().nonnegative().int().default(0),
+  provider: z2.string().optional()
+});
+var PipelineStepSchema = z2.union([
+  z2.object({
+    skill_id: z2.string().min(1),
+    input_mapping: z2.record(z2.string()).default({})
+  }),
+  z2.object({
+    command: z2.string().min(1),
+    input_mapping: z2.record(z2.string()).default({})
+  })
+]);
+var PipelineSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("pipeline"),
+  name: z2.string().min(1),
+  steps: z2.array(PipelineStepSchema).min(1),
+  pricing: PricingSchema,
+  timeout_ms: z2.number().positive().optional()
+});
+var OpenClawSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("openclaw"),
+  name: z2.string().min(1),
+  agent_name: z2.string().min(1),
+  channel: z2.enum(["telegram", "webhook", "process"]),
+  pricing: PricingSchema,
+  timeout_ms: z2.number().positive().optional()
+});
+var CommandSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("command"),
+  name: z2.string().min(1),
+  command: z2.string().min(1),
+  output_type: z2.enum(["json", "text", "file"]),
+  allowed_commands: z2.array(z2.string()).optional(),
+  working_dir: z2.string().optional(),
+  timeout_ms: z2.number().positive().default(3e4),
+  pricing: PricingSchema
+});
+var SkillConfigSchema = z2.discriminatedUnion("type", [
+  ApiSkillConfigSchema,
+  PipelineSkillConfigSchema,
+  OpenClawSkillConfigSchema,
+  CommandSkillConfigSchema
+]);
+var SkillsFileSchema = z2.object({
+  skills: z2.array(SkillConfigSchema)
+});
+function expandEnvVars(value) {
+  return value.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
+    const envValue = process.env[varName];
+    if (envValue === void 0) {
+      throw new Error(`Environment variable "${varName}" is not defined`);
+    }
+    return envValue;
+  });
+}
+function expandEnvVarsDeep(value) {
+  if (typeof value === "string") {
+    return expandEnvVars(value);
+  }
+  if (Array.isArray(value)) {
+    return value.map(expandEnvVarsDeep);
+  }
+  if (value !== null && typeof value === "object") {
+    const result = {};
+    for (const [k, v] of Object.entries(value)) {
+      result[k] = expandEnvVarsDeep(v);
+    }
+    return result;
+  }
+  return value;
+}
+function parseSkillsFile(yamlContent) {
+  const raw = yaml.load(yamlContent);
+  const expanded = expandEnvVarsDeep(raw);
+  const result = SkillsFileSchema.parse(expanded);
+  return result.skills;
+}
+
+// src/skills/api-executor.ts
+function parseMappingTarget(mapping) {
+  const dotIndex = mapping.indexOf(".");
+  if (dotIndex < 0) {
+    throw new Error(`Invalid input_mapping format: "${mapping}" (expected "target.key")`);
+  }
+  const target = mapping.slice(0, dotIndex);
+  const key = mapping.slice(dotIndex + 1);
+  if (!["body", "query", "path", "header"].includes(target)) {
+    throw new Error(
+      `Invalid mapping target "${target}" in "${mapping}" (must be body|query|path|header)`
+    );
+  }
+  return { target, key };
+}
+function extractByPath(obj, dotPath) {
+  const normalizedPath = dotPath.startsWith("response.") ? dotPath.slice("response.".length) : dotPath;
+  const parts = normalizedPath.split(".");
+  let current = obj;
+  for (const part of parts) {
+    if (current === null || typeof current !== "object") {
+      return void 0;
+    }
+    current = current[part];
+  }
+  return current;
+}
+function buildAuthHeaders(auth) {
+  if (!auth) return {};
+  switch (auth.type) {
+    case "bearer":
+      return { Authorization: `Bearer ${auth.token}` };
+    case "apikey":
+      return { [auth.header]: auth.key };
+    case "basic": {
+      const encoded = Buffer.from(`${auth.username}:${auth.password}`).toString("base64");
+      return { Authorization: `Basic ${encoded}` };
+    }
+  }
+}
+function applyInputMapping(params, mapping) {
+  const body = {};
+  const query = {};
+  const pathParams = {};
+  const headers = {};
+  for (const [paramName, mappingValue] of Object.entries(mapping)) {
+    const value = params[paramName];
+    if (value === void 0) continue;
+    const { target, key } = parseMappingTarget(mappingValue);
+    switch (target) {
+      case "body":
+        body[key] = value;
+        break;
+      case "query":
+        query[key] = String(value);
+        break;
+      case "path":
+        pathParams[key] = String(value);
+        break;
+      case "header":
+        headers[key] = String(value);
+        break;
+    }
+  }
+  return { body, query, pathParams, headers };
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 500, 503]);
+var ApiExecutor = class {
+  /**
+   * Execute an API call described by the given skill config.
+   *
+   * @param config - The validated SkillConfig (must be ApiSkillConfig).
+   * @param params - Input parameters to map to the HTTP request.
+   * @returns Partial ExecutionResult (without latency_ms — added by SkillExecutor).
+   */
+  async execute(config, params) {
+    const apiConfig = config;
+    const { body, query, pathParams, headers: mappedHeaders } = applyInputMapping(
+      params,
+      apiConfig.input_mapping
+    );
+    let url = apiConfig.endpoint;
+    for (const [key, value] of Object.entries(pathParams)) {
+      url = url.replace(`{${key}}`, encodeURIComponent(value));
+    }
+    if (Object.keys(query).length > 0) {
+      const qs = new URLSearchParams(query).toString();
+      url = `${url}?${qs}`;
+    }
+    const authHeaders = buildAuthHeaders(apiConfig.auth);
+    const requestHeaders = {
+      ...authHeaders,
+      ...mappedHeaders
+    };
+    const hasBody = ["POST", "PUT"].includes(apiConfig.method);
+    if (hasBody) {
+      requestHeaders["Content-Type"] = "application/json";
+    }
+    const maxAttempts = (apiConfig.retries ?? 0) + 1;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+      if (attempt > 0) {
+        await sleep(100 * Math.pow(2, attempt - 1));
+      }
+      const controller = new AbortController();
+      const timeoutId = setTimeout(
+        () => controller.abort(),
+        apiConfig.timeout_ms ?? 3e4
+      );
+      let response;
+      try {
+        response = await fetch(url, {
+          method: apiConfig.method,
+          headers: requestHeaders,
+          body: hasBody ? JSON.stringify(body) : void 0,
+          signal: controller.signal
+        });
+      } catch (err) {
+        clearTimeout(timeoutId);
+        const message = err instanceof Error ? err.message : String(err);
+        const isAbort = err instanceof Error && err.name === "AbortError" || message.toLowerCase().includes("abort");
+        if (isAbort) {
+          return { success: false, error: `Request timeout after ${apiConfig.timeout_ms}ms` };
+        }
+        return { success: false, error: message };
+      } finally {
+        clearTimeout(timeoutId);
+      }
+      if (!response.ok && RETRYABLE_STATUSES.has(response.status) && attempt < maxAttempts - 1) {
+        continue;
+      }
+      if (!response.ok) {
+        return {
+          success: false,
+          error: `HTTP ${response.status} from ${apiConfig.endpoint}`
+        };
+      }
+      const responseBody = await response.json();
+      const outputMapping = apiConfig.output_mapping;
+      if (Object.keys(outputMapping).length === 0) {
+        return { success: true, result: responseBody };
+      }
+      const mappedOutput = {};
+      for (const [outputKey, path] of Object.entries(outputMapping)) {
+        mappedOutput[outputKey] = extractByPath(responseBody, path);
+      }
+      return { success: true, result: mappedOutput };
+    }
+    return { success: false, error: "Unexpected: retry loop exhausted" };
+  }
+};
+
+// src/skills/pipeline-executor.ts
+import { exec } from "child_process";
+import { promisify } from "util";
+
+// src/utils/interpolation.ts
+function resolvePath(obj, path) {
+  const segments = path.replace(/\[(\d+)\]/g, ".$1").split(".").filter((s) => s.length > 0);
+  let current = obj;
+  for (const segment of segments) {
+    if (current === null || current === void 0) {
+      return void 0;
+    }
+    if (typeof current !== "object") {
+      return void 0;
+    }
+    current = current[segment];
+  }
+  return current;
+}
+function interpolate(template, context) {
+  return template.replace(/\$\{([^}]+)\}/g, (_match, expression) => {
+    const resolved = resolvePath(context, expression.trim());
+    if (resolved === void 0 || resolved === null) {
+      return "";
+    }
+    if (typeof resolved === "object") {
+      return JSON.stringify(resolved);
+    }
+    return String(resolved);
+  });
+}
+function interpolateObject(obj, context) {
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    result[key] = interpolateValue(value, context);
+  }
+  return result;
+}
+function interpolateValue(value, context) {
+  if (typeof value === "string") {
+    return interpolate(value, context);
+  }
+  if (Array.isArray(value)) {
+    return value.map((item) => interpolateValue(item, context));
+  }
+  if (value !== null && typeof value === "object") {
+    return interpolateObject(value, context);
+  }
+  return value;
+}
+
+// src/skills/pipeline-executor.ts
+var execAsync = promisify(exec);
+var PipelineExecutor = class {
+  /**
+   * @param skillExecutor - The parent SkillExecutor used to dispatch sub-skill calls.
+   */
+  constructor(skillExecutor) {
+    this.skillExecutor = skillExecutor;
+  }
+  /**
+   * Execute a pipeline skill config sequentially.
+   *
+   * Algorithm:
+   * 1. Initialise context: { params, steps: [], prev: { result: null } }
+   * 2. For each step:
+   *    a. Resolve input_mapping keys against current context via interpolateObject.
+   *    b. If step has `skill_id`: dispatch via skillExecutor.execute(). On failure → stop.
+   *    c. If step has `command`: interpolate command string, run via exec(). On non-zero exit → stop.
+   *    d. Store step result in context.steps[i] and context.prev.
+   * 3. Return success with final step result (or null for empty pipeline).
+   *
+   * @param config - The PipelineSkillConfig for this skill.
+   * @param params - Input parameters from the caller.
+   * @returns Partial ExecutionResult (without latency_ms — added by SkillExecutor wrapper).
+   */
+  async execute(config, params) {
+    const pipelineConfig = config;
+    const steps = pipelineConfig.steps ?? [];
+    if (steps.length === 0) {
+      return { success: true, result: null };
+    }
+    const context = {
+      params,
+      steps: [],
+      prev: { result: null }
+    };
+    for (let i = 0; i < steps.length; i++) {
+      const step = steps[i];
+      if (step === void 0) {
+        return {
+          success: false,
+          error: `Step ${i} failed: step definition is undefined`
+        };
+      }
+      const resolvedInputs = interpolateObject(
+        step.input_mapping,
+        context
+      );
+      let stepResult;
+      if ("skill_id" in step && step.skill_id) {
+        const subResult = await this.skillExecutor.execute(
+          step.skill_id,
+          resolvedInputs
+        );
+        if (!subResult.success) {
+          return {
+            success: false,
+            error: `Step ${i} failed: ${subResult.error ?? "unknown error"}`
+          };
+        }
+        stepResult = subResult.result;
+      } else if ("command" in step && step.command) {
+        const interpolatedCommand = interpolate(
+          step.command,
+          context
+        );
+        try {
+          const { stdout } = await execAsync(interpolatedCommand, { timeout: 3e4 });
+          stepResult = stdout.trim();
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          return {
+            success: false,
+            error: `Step ${i} failed: ${message}`
+          };
+        }
+      } else {
+        return {
+          success: false,
+          error: `Step ${i} failed: step must have either "skill_id" or "command"`
+        };
+      }
+      context.steps.push({ result: stepResult });
+      context.prev = { result: stepResult };
+    }
+    const lastStep = context.steps[context.steps.length - 1];
+    return {
+      success: true,
+      result: lastStep !== void 0 ? lastStep.result : null
+    };
+  }
+};
+
+// src/skills/openclaw-bridge.ts
+import { execSync } from "child_process";
+var DEFAULT_BASE_URL = "http://localhost:3000";
+var DEFAULT_TIMEOUT_MS = 6e4;
+function buildPayload(config, params) {
+  return {
+    task: config.name,
+    params,
+    source: "agentbnb",
+    skill_id: config.id
+  };
+}
+async function executeWebhook(config, payload) {
+  const baseUrl = process.env["OPENCLAW_BASE_URL"] ?? DEFAULT_BASE_URL;
+  const url = `${baseUrl}/openclaw/${config.agent_name}/task`;
+  const timeoutMs = config.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload),
+      signal: controller.signal
+    });
+    if (!response.ok) {
+      return {
+        success: false,
+        error: `Webhook returned HTTP ${response.status}: ${response.statusText}`
+      };
+    }
+    const result = await response.json();
+    return { success: true, result };
+  } catch (err) {
+    if (err instanceof Error && err.name === "AbortError") {
+      return {
+        success: false,
+        error: `OpenClaw webhook timed out after ${timeoutMs}ms`
+      };
+    }
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+function executeProcess(config, payload) {
+  const timeoutMs = config.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+  const inputJson = JSON.stringify(payload);
+  const cmd = `openclaw run ${config.agent_name} --input '${inputJson}'`;
+  try {
+    const stdout = execSync(cmd, { timeout: timeoutMs });
+    const text = stdout.toString().trim();
+    const result = JSON.parse(text);
+    return { success: true, result };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  }
+}
+async function executeTelegram(config, payload) {
+  const token = process.env["TELEGRAM_BOT_TOKEN"];
+  if (!token) {
+    return {
+      success: false,
+      error: "TELEGRAM_BOT_TOKEN environment variable is not set"
+    };
+  }
+  const chatId = process.env["TELEGRAM_CHAT_ID"];
+  if (!chatId) {
+    return {
+      success: false,
+      error: "TELEGRAM_CHAT_ID environment variable is not set"
+    };
+  }
+  const text = `[AgentBnB] Skill: ${config.name} (${config.id})
+Agent: ${config.agent_name}
+Params: ${JSON.stringify(payload.params ?? {})}`;
+  const url = `https://api.telegram.org/bot${token}/sendMessage`;
+  try {
+    await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ chat_id: chatId, text })
+    });
+    return {
+      success: true,
+      result: { sent: true, channel: "telegram" }
+    };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  }
+}
+var OpenClawBridge = class {
+  /**
+   * Execute a skill with the given config and input parameters.
+   *
+   * @param config - The SkillConfig for this skill (must be type 'openclaw').
+   * @param params - Input parameters passed by the caller.
+   * @returns Partial ExecutionResult without latency_ms.
+   */
+  async execute(config, params) {
+    const ocConfig = config;
+    const payload = buildPayload(ocConfig, params);
+    switch (ocConfig.channel) {
+      case "webhook":
+        return executeWebhook(ocConfig, payload);
+      case "process":
+        return executeProcess(ocConfig, payload);
+      case "telegram":
+        return executeTelegram(ocConfig, payload);
+      default: {
+        const unknownChannel = ocConfig.channel;
+        return {
+          success: false,
+          error: `Unknown OpenClaw channel: "${String(unknownChannel)}"`
+        };
+      }
+    }
+  }
+};
+
+// src/skills/command-executor.ts
+import { exec as exec2 } from "child_process";
+function execAsync2(command, options) {
+  return new Promise((resolve, reject) => {
+    exec2(command, options, (error, stdout, stderr) => {
+      const stdoutStr = typeof stdout === "string" ? stdout : stdout.toString();
+      const stderrStr = typeof stderr === "string" ? stderr : stderr.toString();
+      if (error) {
+        const enriched = Object.assign(error, { stderr: stderrStr });
+        reject(enriched);
+      } else {
+        resolve({ stdout: stdoutStr, stderr: stderrStr });
+      }
+    });
+  });
+}
+var CommandExecutor = class {
+  /**
+   * Execute a command skill with the provided parameters.
+   *
+   * Steps:
+   * 1. Security check: base command must be in `allowed_commands` if set.
+   * 2. Interpolate `config.command` using `{ params }` context.
+   * 3. Run via `child_process.exec` with timeout and cwd.
+   * 4. Parse stdout based on `output_type`: text | json | file.
+   *
+   * @param config - Validated CommandSkillConfig.
+   * @param params - Input parameters passed by the caller.
+   * @returns Partial ExecutionResult (without latency_ms).
+   */
+  async execute(config, params) {
+    const cmdConfig = config;
+    const baseCommand = cmdConfig.command.trim().split(/\s+/)[0] ?? "";
+    if (cmdConfig.allowed_commands && cmdConfig.allowed_commands.length > 0) {
+      if (!cmdConfig.allowed_commands.includes(baseCommand)) {
+        return {
+          success: false,
+          error: `Command not allowed: "${baseCommand}". Allowed: ${cmdConfig.allowed_commands.join(", ")}`
+        };
+      }
+    }
+    const interpolatedCommand = interpolate(cmdConfig.command, { params });
+    const timeout = cmdConfig.timeout_ms ?? 3e4;
+    const cwd = cmdConfig.working_dir ?? process.cwd();
+    let stdout;
+    try {
+      const result = await execAsync2(interpolatedCommand, {
+        timeout,
+        cwd,
+        maxBuffer: 10 * 1024 * 1024,
+        // 10 MB
+        shell: "/bin/sh"
+      });
+      stdout = result.stdout;
+    } catch (err) {
+      if (err instanceof Error) {
+        const message = err.message;
+        const stderrContent = err.stderr ?? "";
+        if (message.includes("timed out") || message.includes("ETIMEDOUT") || err.code === "ETIMEDOUT") {
+          return {
+            success: false,
+            error: `Command timed out after ${timeout}ms`
+          };
+        }
+        return {
+          success: false,
+          error: stderrContent.trim() || message
+        };
+      }
+      return {
+        success: false,
+        error: String(err)
+      };
+    }
+    const rawOutput = stdout.trim();
+    switch (cmdConfig.output_type) {
+      case "text":
+        return { success: true, result: rawOutput };
+      case "json": {
+        try {
+          const parsed = JSON.parse(rawOutput);
+          return { success: true, result: parsed };
+        } catch {
+          return {
+            success: false,
+            error: `Failed to parse JSON output: ${rawOutput.slice(0, 100)}`
+          };
+        }
+      }
+      case "file":
+        return { success: true, result: { file_path: rawOutput } };
+      default:
+        return {
+          success: false,
+          error: `Unknown output_type: ${String(cmdConfig.output_type)}`
+        };
+    }
+  }
+};
+
+// src/runtime/agent-runtime.ts
+var AgentRuntime = class {
+  /** The registry SQLite database instance */
+  registryDb;
+  /** The credit SQLite database instance */
+  creditDb;
+  /** The agent owner identifier */
+  owner;
+  /** Registered background Cron jobs */
+  jobs = [];
+  /**
+   * The SkillExecutor instance, populated by start() if skillsYamlPath is set.
+   * Undefined if no skills.yaml was provided or the file does not exist.
+   */
+  skillExecutor;
+  draining = false;
+  orphanedEscrowAgeMinutes;
+  skillsYamlPath;
+  /**
+   * Creates a new AgentRuntime instance.
+   * Opens both databases with WAL mode, foreign_keys=ON, and busy_timeout=5000.
+   * Schema migrations are applied via openDatabase() and openCreditDb().
+   *
+   * @param options - Runtime configuration options.
+   */
+  constructor(options) {
+    this.owner = options.owner;
+    this.orphanedEscrowAgeMinutes = options.orphanedEscrowAgeMinutes ?? 10;
+    this.skillsYamlPath = options.skillsYamlPath;
+    this.registryDb = openDatabase(options.registryDbPath);
+    this.creditDb = openCreditDb(options.creditDbPath);
+    this.registryDb.pragma("busy_timeout = 5000");
+    this.creditDb.pragma("busy_timeout = 5000");
+  }
+  /**
+   * Registers a Cron job to be managed by this runtime.
+   * Registered jobs will be stopped automatically on shutdown().
+   *
+   * @param job - The Cron job instance to register.
+   */
+  registerJob(job) {
+    this.jobs.push(job);
+  }
+  /**
+   * Starts the runtime.
+   * Recovers orphaned escrows (held escrows older than orphanedEscrowAgeMinutes).
+   * If skillsYamlPath is set and the file exists, initializes SkillExecutor with
+   * all four executor modes (api, pipeline, openclaw, command).
+   *
+   * Call this after creating the runtime and before accepting requests.
+   */
+  async start() {
+    await this.recoverOrphanedEscrows();
+    await this.initSkillExecutor();
+  }
+  /**
+   * Initializes SkillExecutor from skills.yaml if skillsYamlPath is configured
+   * and the file exists on disk.
+   *
+   * Uses a mutable Map to handle the PipelineExecutor circular dependency:
+   * 1. Create an empty modes Map and a SkillExecutor (holds Map reference).
+   * 2. Create PipelineExecutor passing the SkillExecutor (for sub-skill dispatch).
+   * 3. Populate the Map with all 4 modes — SkillExecutor sees them via reference.
+   */
+  async initSkillExecutor() {
+    if (!this.skillsYamlPath || !existsSync4(this.skillsYamlPath)) {
+      return;
+    }
+    const yamlContent = readFileSync4(this.skillsYamlPath, "utf8");
+    const configs = parseSkillsFile(yamlContent);
+    const modes = /* @__PURE__ */ new Map();
+    const executor = createSkillExecutor(configs, modes);
+    const pipelineExecutor = new PipelineExecutor(executor);
+    modes.set("api", new ApiExecutor());
+    modes.set("pipeline", pipelineExecutor);
+    modes.set("openclaw", new OpenClawBridge());
+    modes.set("command", new CommandExecutor());
+    this.skillExecutor = executor;
+  }
+  /**
+   * Recovers orphaned escrows by releasing them.
+   * Orphaned escrows are 'held' escrows older than the configured age threshold.
+   * Errors during individual release are swallowed (escrow may have settled between query and release).
+   */
+  async recoverOrphanedEscrows() {
+    const cutoff = new Date(
+      Date.now() - this.orphanedEscrowAgeMinutes * 60 * 1e3
+    ).toISOString();
+    const orphaned = this.creditDb.prepare(
+      "SELECT id FROM credit_escrow WHERE status = 'held' AND created_at < ?"
+    ).all(cutoff);
+    for (const row of orphaned) {
+      try {
+        releaseEscrow(this.creditDb, row.id);
+      } catch {
+      }
+    }
+  }
+  /**
+   * Shuts down the runtime gracefully.
+   * Sets draining flag, stops all registered Cron jobs, and closes both databases.
+   * Idempotent — safe to call multiple times.
+   */
+  async shutdown() {
+    if (this.draining) {
+      return;
+    }
+    this.draining = true;
+    for (const job of this.jobs) {
+      job.stop();
+    }
+    try {
+      this.registryDb.close();
+    } catch {
+    }
+    try {
+      this.creditDb.close();
+    } catch {
+    }
+  }
+  /**
+   * Returns true if the runtime is shutting down or has shut down.
+   * Background handlers should check this before processing new requests.
+   */
+  get isDraining() {
+    return this.draining;
+  }
+};
+
+// src/gateway/server.ts
+import Fastify from "fastify";
+import { randomUUID as randomUUID7 } from "crypto";
+var VERSION = "0.0.1";
+function createGatewayServer(opts) {
+  const {
+    registryDb,
+    creditDb,
+    tokens,
+    handlerUrl,
+    timeoutMs = 3e4,
+    silent = false,
+    skillExecutor
+  } = opts;
+  const fastify = Fastify({ logger: !silent });
+  const tokenSet = new Set(tokens);
+  fastify.addHook("onRequest", async (request, reply) => {
+    if (request.method === "GET" && request.url === "/health") return;
+    const auth = request.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) {
+      await reply.status(401).send({
+        jsonrpc: "2.0",
+        id: null,
+        error: { code: -32e3, message: "Unauthorized: missing token" }
+      });
+      return;
+    }
+    const token = auth.slice("Bearer ".length).trim();
+    if (!tokenSet.has(token)) {
+      await reply.status(401).send({
+        jsonrpc: "2.0",
+        id: null,
+        error: { code: -32e3, message: "Unauthorized: invalid token" }
+      });
+    }
+  });
+  fastify.get("/health", async () => {
+    return { status: "ok", version: VERSION, uptime: process.uptime() };
+  });
+  fastify.post("/rpc", async (request, reply) => {
+    const body = request.body;
+    if (body.jsonrpc !== "2.0" || !body.method) {
+      return reply.status(400).send({
+        jsonrpc: "2.0",
+        id: body.id ?? null,
+        error: { code: -32600, message: "Invalid Request" }
+      });
+    }
+    const id = body.id ?? null;
+    if (body.method !== "capability.execute") {
+      return reply.send({
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32601, message: "Method not found" }
+      });
+    }
+    const params = body.params ?? {};
+    const cardId = params.card_id;
+    const skillId = params.skill_id;
+    if (!cardId) {
+      return reply.send({
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32602, message: "Invalid params: card_id required" }
+      });
+    }
+    const card = getCard(registryDb, cardId);
+    if (!card) {
+      return reply.send({
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32602, message: `Card not found: ${cardId}` }
+      });
+    }
+    const requester = params.requester ?? "unknown";
+    let creditsNeeded;
+    let cardName;
+    let resolvedSkillId;
+    const rawCard = card;
+    if (Array.isArray(rawCard["skills"])) {
+      const v2card = card;
+      const skill = skillId ? v2card.skills.find((s) => s.id === skillId) : v2card.skills[0];
+      if (!skill) {
+        return reply.send({
+          jsonrpc: "2.0",
+          id,
+          error: { code: -32602, message: `Skill not found: ${skillId}` }
+        });
+      }
+      creditsNeeded = skill.pricing.credits_per_call;
+      cardName = skill.name;
+      resolvedSkillId = skill.id;
+    } else {
+      creditsNeeded = card.pricing.credits_per_call;
+      cardName = card.name;
+    }
+    let escrowId;
+    try {
+      const balance = getBalance(creditDb, requester);
+      if (balance < creditsNeeded) {
+        return reply.send({
+          jsonrpc: "2.0",
+          id,
+          error: { code: -32603, message: "Insufficient credits" }
+        });
+      }
+      escrowId = holdEscrow(creditDb, requester, creditsNeeded, cardId);
+    } catch (err) {
+      const msg = err instanceof AgentBnBError ? err.message : "Failed to hold escrow";
+      return reply.send({
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32603, message: msg }
+      });
+    }
+    const startMs = Date.now();
+    if (skillExecutor) {
+      const targetSkillId = resolvedSkillId ?? skillId ?? cardId;
+      let execResult;
+      try {
+        execResult = await skillExecutor.execute(targetSkillId, params);
+      } catch (err) {
+        releaseEscrow(creditDb, escrowId);
+        updateReputation(registryDb, cardId, false, Date.now() - startMs);
+        try {
+          insertRequestLog(registryDb, {
+            id: randomUUID7(),
+            card_id: cardId,
+            card_name: cardName,
+            skill_id: resolvedSkillId,
+            requester,
+            status: "failure",
+            latency_ms: Date.now() - startMs,
+            credits_charged: 0,
+            created_at: (/* @__PURE__ */ new Date()).toISOString()
+          });
+        } catch {
+        }
+        const message = err instanceof Error ? err.message : "Execution error";
+        return reply.send({
+          jsonrpc: "2.0",
+          id,
+          error: { code: -32603, message }
+        });
+      }
+      if (!execResult.success) {
+        releaseEscrow(creditDb, escrowId);
+        updateReputation(registryDb, cardId, false, execResult.latency_ms);
+        try {
+          insertRequestLog(registryDb, {
+            id: randomUUID7(),
+            card_id: cardId,
+            card_name: cardName,
+            skill_id: resolvedSkillId,
+            requester,
+            status: "failure",
+            latency_ms: execResult.latency_ms,
+            credits_charged: 0,
+            created_at: (/* @__PURE__ */ new Date()).toISOString()
+          });
+        } catch {
+        }
+        return reply.send({
+          jsonrpc: "2.0",
+          id,
+          error: { code: -32603, message: execResult.error ?? "Execution failed" }
+        });
+      }
+      settleEscrow(creditDb, escrowId, card.owner);
+      updateReputation(registryDb, cardId, true, execResult.latency_ms);
+      try {
+        insertRequestLog(registryDb, {
+          id: randomUUID7(),
+          card_id: cardId,
+          card_name: cardName,
+          skill_id: resolvedSkillId,
+          requester,
+          status: "success",
+          latency_ms: execResult.latency_ms,
+          credits_charged: creditsNeeded,
+          created_at: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      } catch {
+      }
+      return reply.send({ jsonrpc: "2.0", id, result: execResult.result });
+    }
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+      const response = await fetch(handlerUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ card_id: cardId, skill_id: resolvedSkillId, params }),
+        signal: controller.signal
+      });
+      clearTimeout(timer);
+      if (!response.ok) {
+        releaseEscrow(creditDb, escrowId);
+        updateReputation(registryDb, cardId, false, Date.now() - startMs);
+        try {
+          insertRequestLog(registryDb, {
+            id: randomUUID7(),
+            card_id: cardId,
+            card_name: cardName,
+            skill_id: resolvedSkillId,
+            requester,
+            status: "failure",
+            latency_ms: Date.now() - startMs,
+            credits_charged: 0,
+            created_at: (/* @__PURE__ */ new Date()).toISOString()
+          });
+        } catch {
+        }
+        return reply.send({
+          jsonrpc: "2.0",
+          id,
+          error: { code: -32603, message: `Handler returned ${response.status}` }
+        });
+      }
+      const result = await response.json();
+      settleEscrow(creditDb, escrowId, card.owner);
+      updateReputation(registryDb, cardId, true, Date.now() - startMs);
+      try {
+        insertRequestLog(registryDb, {
+          id: randomUUID7(),
+          card_id: cardId,
+          card_name: cardName,
+          skill_id: resolvedSkillId,
+          requester,
+          status: "success",
+          latency_ms: Date.now() - startMs,
+          credits_charged: creditsNeeded,
+          created_at: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      } catch {
+      }
+      return reply.send({ jsonrpc: "2.0", id, result });
+    } catch (err) {
+      clearTimeout(timer);
+      releaseEscrow(creditDb, escrowId);
+      updateReputation(registryDb, cardId, false, Date.now() - startMs);
+      const isTimeout = err instanceof Error && err.name === "AbortError";
+      try {
+        insertRequestLog(registryDb, {
+          id: randomUUID7(),
+          card_id: cardId,
+          card_name: cardName,
+          skill_id: resolvedSkillId,
+          requester,
+          status: isTimeout ? "timeout" : "failure",
+          latency_ms: Date.now() - startMs,
+          credits_charged: 0,
+          created_at: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      } catch {
+      }
+      return reply.send({
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32603, message: isTimeout ? "Execution timeout" : "Handler error" }
+      });
+    }
+  });
+  return fastify;
+}
+
+// src/registry/server.ts
+import Fastify2 from "fastify";
+import cors from "@fastify/cors";
+import fastifyStatic from "@fastify/static";
+import { join as join4, dirname } from "path";
+import { fileURLToPath } from "url";
+import { existsSync as existsSync5 } from "fs";
+function stripInternal(card) {
+  const { _internal: _, ...publicCard } = card;
+  return publicCard;
+}
+function createRegistryServer(opts) {
+  const { registryDb: db, silent = false } = opts;
+  const server = Fastify2({ logger: !silent });
+  void server.register(cors, {
+    origin: true,
+    methods: ["GET", "POST", "PATCH", "OPTIONS"],
+    allowedHeaders: ["Content-Type", "Authorization"]
+  });
+  const __filename = fileURLToPath(import.meta.url);
+  const __dirname = dirname(__filename);
+  const hubDistCandidates = [
+    join4(__dirname, "../../hub/dist"),
+    // When running from dist/registry/server.js
+    join4(__dirname, "../../../hub/dist")
+    // Fallback for alternative layouts
+  ];
+  const hubDistDir = hubDistCandidates.find((p) => existsSync5(p));
+  if (hubDistDir) {
+    void server.register(fastifyStatic, {
+      root: hubDistDir,
+      prefix: "/hub/"
+    });
+    server.get("/hub", async (_request, reply) => {
+      return reply.redirect("/hub/");
+    });
+    server.setNotFoundHandler(async (request, reply) => {
+      if (request.url.startsWith("/hub/")) {
+        return reply.sendFile("index.html");
+      }
+      return reply.code(404).send({ error: "Not found" });
+    });
+  }
+  server.get("/health", async (_request, reply) => {
+    return reply.send({ status: "ok" });
+  });
+  server.get("/cards", async (request, reply) => {
+    const query = request.query;
+    const q = query.q?.trim() ?? "";
+    const levelRaw = query.level !== void 0 ? parseInt(query.level, 10) : void 0;
+    const level = levelRaw === 1 || levelRaw === 2 || levelRaw === 3 ? levelRaw : void 0;
+    const onlineRaw = query.online;
+    const online = onlineRaw === "true" ? true : onlineRaw === "false" ? false : void 0;
+    const tag = query.tag?.trim();
+    const minSuccessRate = query.min_success_rate !== void 0 ? parseFloat(query.min_success_rate) : void 0;
+    const maxLatencyMs = query.max_latency_ms !== void 0 ? parseFloat(query.max_latency_ms) : void 0;
+    const sort = query.sort;
+    const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+    const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+    const rawOffset = query.offset !== void 0 ? parseInt(query.offset, 10) : 0;
+    const offset = isNaN(rawOffset) || rawOffset < 0 ? 0 : rawOffset;
+    let cards;
+    if (q.length > 0) {
+      cards = searchCards(db, q, { level, online });
+    } else {
+      cards = filterCards(db, { level, online });
+    }
+    if (tag !== void 0 && tag.length > 0) {
+      cards = cards.filter((c) => c.metadata?.tags?.includes(tag));
+    }
+    if (minSuccessRate !== void 0 && !isNaN(minSuccessRate)) {
+      cards = cards.filter(
+        (c) => (c.metadata?.success_rate ?? -1) >= minSuccessRate
+      );
+    }
+    if (maxLatencyMs !== void 0 && !isNaN(maxLatencyMs)) {
+      cards = cards.filter(
+        (c) => (c.metadata?.avg_latency_ms ?? Infinity) <= maxLatencyMs
+      );
+    }
+    if (sort === "success_rate") {
+      cards = [...cards].sort((a, b) => {
+        const aRate = a.metadata?.success_rate ?? -1;
+        const bRate = b.metadata?.success_rate ?? -1;
+        return bRate - aRate;
+      });
+    } else if (sort === "latency") {
+      cards = [...cards].sort((a, b) => {
+        const aLatency = a.metadata?.avg_latency_ms ?? Infinity;
+        const bLatency = b.metadata?.avg_latency_ms ?? Infinity;
+        return aLatency - bLatency;
+      });
+    }
+    const total = cards.length;
+    const items = cards.slice(offset, offset + limit).map(stripInternal);
+    const result = { total, limit, offset, items };
+    return reply.send(result);
+  });
+  server.get("/cards/:id", async (request, reply) => {
+    const { id } = request.params;
+    const card = getCard(db, id);
+    if (!card) {
+      return reply.code(404).send({ error: "Not found" });
+    }
+    return reply.send(stripInternal(card));
+  });
+  server.get("/api/agents", async (_request, reply) => {
+    const allCards = listCards(db);
+    const ownerMap = /* @__PURE__ */ new Map();
+    for (const card of allCards) {
+      const existing = ownerMap.get(card.owner) ?? [];
+      existing.push(card);
+      ownerMap.set(card.owner, existing);
+    }
+    const creditsStmt = db.prepare(`
+      SELECT cc.owner,
+             SUM(CASE WHEN rl.status = 'success' THEN rl.credits_charged ELSE 0 END) as credits_earned
+      FROM capability_cards cc
+      LEFT JOIN request_log rl ON rl.card_id = cc.id
+      GROUP BY cc.owner
+    `);
+    const creditsRows = creditsStmt.all();
+    const creditsMap = new Map(creditsRows.map((r) => [r.owner, r.credits_earned ?? 0]));
+    const agents = Array.from(ownerMap.entries()).map(([owner, cards]) => {
+      const skillCount = cards.reduce((sum, card) => sum + (card.skills?.length ?? 1), 0);
+      const successRates = cards.map((c) => c.metadata?.success_rate).filter((r) => r != null);
+      const avgSuccessRate = successRates.length > 0 ? successRates.reduce((a, b) => a + b, 0) / successRates.length : null;
+      const memberStmt = db.prepare(
+        "SELECT MIN(created_at) as earliest FROM capability_cards WHERE owner = ?"
+      );
+      const memberRow = memberStmt.get(owner);
+      return {
+        owner,
+        skill_count: skillCount,
+        success_rate: avgSuccessRate,
+        total_earned: creditsMap.get(owner) ?? 0,
+        member_since: memberRow?.earliest ?? (/* @__PURE__ */ new Date()).toISOString()
+      };
+    });
+    agents.sort((a, b) => {
+      const aRate = a.success_rate ?? -1;
+      const bRate = b.success_rate ?? -1;
+      if (bRate !== aRate) return bRate - aRate;
+      return b.total_earned - a.total_earned;
+    });
+    return reply.send({ items: agents, total: agents.length });
+  });
+  server.get("/api/agents/:owner", async (request, reply) => {
+    const { owner } = request.params;
+    const ownerCards = listCards(db, owner);
+    if (ownerCards.length === 0) {
+      return reply.status(404).send({ error: "Agent not found" });
+    }
+    const skillCount = ownerCards.reduce((sum, card) => sum + (card.skills?.length ?? 1), 0);
+    const successRates = ownerCards.map((c) => c.metadata?.success_rate).filter((r) => r != null);
+    const avgSuccessRate = successRates.length > 0 ? successRates.reduce((a, b) => a + b, 0) / successRates.length : null;
+    const creditsStmt = db.prepare(`
+      SELECT SUM(CASE WHEN rl.status = 'success' THEN rl.credits_charged ELSE 0 END) as credits_earned
+      FROM capability_cards cc
+      LEFT JOIN request_log rl ON rl.card_id = cc.id
+      WHERE cc.owner = ?
+    `);
+    const creditsRow = creditsStmt.get(owner);
+    const memberStmt = db.prepare(
+      "SELECT MIN(created_at) as earliest FROM capability_cards WHERE owner = ?"
+    );
+    const memberRow = memberStmt.get(owner);
+    const activityStmt = db.prepare(`
+      SELECT rl.id, rl.card_name, rl.requester, rl.status, rl.credits_charged, rl.created_at
+      FROM request_log rl
+      INNER JOIN capability_cards cc ON rl.card_id = cc.id
+      WHERE cc.owner = ?
+      ORDER BY rl.created_at DESC
+      LIMIT 10
+    `);
+    const recentActivity = activityStmt.all(owner);
+    const profile = {
+      owner,
+      skill_count: skillCount,
+      success_rate: avgSuccessRate,
+      total_earned: creditsRow?.credits_earned ?? 0,
+      member_since: memberRow?.earliest ?? (/* @__PURE__ */ new Date()).toISOString()
+    };
+    return reply.send({
+      profile,
+      skills: ownerCards,
+      recent_activity: recentActivity
+    });
+  });
+  server.get("/api/activity", async (request, reply) => {
+    const query = request.query;
+    const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+    const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+    const since = query.since?.trim() || void 0;
+    const items = getActivityFeed(db, limit, since);
+    return reply.send({ items, total: items.length, limit });
+  });
+  if (opts.ownerApiKey && opts.ownerName) {
+    const ownerApiKey = opts.ownerApiKey;
+    const ownerName = opts.ownerName;
+    void server.register(async (ownerRoutes) => {
+      ownerRoutes.addHook("onRequest", async (request, reply) => {
+        const auth = request.headers.authorization;
+        const token = auth?.startsWith("Bearer ") ? auth.slice(7).trim() : null;
+        if (!token || token !== ownerApiKey) {
+          return reply.status(401).send({ error: "Unauthorized" });
+        }
+      });
+      ownerRoutes.get("/me", async (_request, reply) => {
+        const balance = opts.creditDb ? getBalance(opts.creditDb, ownerName) : 0;
+        return reply.send({ owner: ownerName, balance });
+      });
+      ownerRoutes.get("/requests", async (request, reply) => {
+        const query = request.query;
+        const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 10;
+        const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 10 : rawLimit, 100);
+        const sinceRaw = query.since;
+        const validSince = ["24h", "7d", "30d"];
+        const since = sinceRaw && validSince.includes(sinceRaw) ? sinceRaw : void 0;
+        const items = getRequestLog(db, limit, since);
+        return reply.send({ items, limit });
+      });
+      ownerRoutes.get("/draft", async (_request, reply) => {
+        const detectedKeys = detectApiKeys(KNOWN_API_KEYS);
+        const cards = detectedKeys.map((key) => buildDraftCard(key, ownerName)).filter((card) => card !== null);
+        return reply.send({ cards });
+      });
+      ownerRoutes.post("/cards/:id/toggle-online", async (request, reply) => {
+        const { id } = request.params;
+        const card = getCard(db, id);
+        if (!card) {
+          return reply.code(404).send({ error: "Not found" });
+        }
+        try {
+          const newOnline = !card.availability.online;
+          updateCard(db, id, ownerName, {
+            availability: { ...card.availability, online: newOnline }
+          });
+          return reply.send({ ok: true, online: newOnline });
+        } catch (err) {
+          if (err instanceof AgentBnBError && err.code === "FORBIDDEN") {
+            return reply.code(403).send({ error: "Forbidden" });
+          }
+          throw err;
+        }
+      });
+      ownerRoutes.patch("/cards/:id", async (request, reply) => {
+        const { id } = request.params;
+        const body = request.body;
+        const updates = {};
+        if (body.description !== void 0) updates.description = body.description;
+        if (body.pricing !== void 0) updates.pricing = body.pricing;
+        try {
+          updateCard(db, id, ownerName, updates);
+          return reply.send({ ok: true });
+        } catch (err) {
+          if (err instanceof AgentBnBError) {
+            if (err.code === "FORBIDDEN") {
+              return reply.code(403).send({ error: "Forbidden" });
+            }
+            if (err.code === "NOT_FOUND") {
+              return reply.code(404).send({ error: "Not found" });
+            }
+          }
+          throw err;
+        }
+      });
+      ownerRoutes.get("/me/pending-requests", async (_request, reply) => {
+        const rows = listPendingRequests(db);
+        return reply.send(rows);
+      });
+      ownerRoutes.post("/me/pending-requests/:id/approve", async (request, reply) => {
+        const { id } = request.params;
+        try {
+          resolvePendingRequest(db, id, "approved");
+          return reply.send({ status: "approved", id });
+        } catch (err) {
+          if (err instanceof AgentBnBError) return reply.status(404).send({ error: err.message });
+          throw err;
+        }
+      });
+      ownerRoutes.post("/me/pending-requests/:id/reject", async (request, reply) => {
+        const { id } = request.params;
+        try {
+          resolvePendingRequest(db, id, "rejected");
+          return reply.send({ status: "rejected", id });
+        } catch (err) {
+          if (err instanceof AgentBnBError) return reply.status(404).send({ error: err.message });
+          throw err;
+        }
+      });
+      ownerRoutes.get("/me/transactions", async (request, reply) => {
+        const query = request.query;
+        const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+        const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+        if (!opts.creditDb) {
+          return reply.send({ items: [], limit });
+        }
+        const items = getTransactions(opts.creditDb, ownerName, limit);
+        return reply.send({ items, limit });
+      });
+    });
+  }
+  return server;
+}
+
+// src/discovery/mdns.ts
+import { Bonjour } from "bonjour-service";
+var bonjourInstance = null;
+function getBonjour() {
+  if (bonjourInstance === null) {
+    bonjourInstance = new Bonjour();
+  }
+  return bonjourInstance;
+}
+function announceGateway(owner, port, metadata) {
+  const bonjour = getBonjour();
+  const txt = {
+    owner,
+    version: "1.0",
+    ...metadata
+  };
+  bonjour.publish({
+    name: owner,
+    type: "agentbnb",
+    port,
+    txt
+  });
+}
+function discoverLocalAgents(onFound, onDown) {
+  const bonjour = getBonjour();
+  const browser = bonjour.find({ type: "agentbnb" });
+  browser.on("up", (service) => {
+    const addresses = service.addresses ?? [];
+    const ipv4Addresses = addresses.filter((addr) => !addr.includes(":"));
+    const host = ipv4Addresses.length > 0 ? ipv4Addresses[0] : service.host;
+    const url = `http://${host}:${service.port}`;
+    const owner = service.txt?.owner ?? service.name;
+    onFound({
+      name: service.name,
+      url,
+      owner
+    });
+  });
+  if (onDown) {
+    browser.on("down", (service) => {
+      const addresses = service.addresses ?? [];
+      const ipv4Addresses = addresses.filter((addr) => !addr.includes(":"));
+      const host = ipv4Addresses.length > 0 ? ipv4Addresses[0] : service.host;
+      const url = `http://${host}:${service.port}`;
+      const owner = service.txt?.owner ?? service.name;
+      onDown({
+        name: service.name,
+        url,
+        owner
+      });
+    });
+  }
+  return {
+    stop: () => browser.stop()
+  };
+}
+async function stopAnnouncement() {
+  if (bonjourInstance === null) {
+    return;
+  }
+  const instance = bonjourInstance;
+  bonjourInstance = null;
+  await new Promise((resolve) => {
+    instance.unpublishAll(() => {
+      instance.destroy();
+      resolve();
+    });
+  });
+}
+
+// src/openclaw/soul-sync.ts
+import { randomUUID as randomUUID9 } from "crypto";
+
+// src/skills/publish-capability.ts
+import { randomUUID as randomUUID8 } from "crypto";
+function parseSoulMd(content) {
+  const lines = content.split("\n");
+  let name = "";
+  let description = "";
+  const capabilities = [];
+  const unknownSections = [];
+  let currentSection = null;
+  let currentCapabilityName = "";
+  let currentCapabilityLines = [];
+  let descriptionLines = [];
+  let pastFirstH1 = false;
+  let pastFirstH2 = false;
+  const flushCapability = () => {
+    if (currentCapabilityName) {
+      capabilities.push({
+        name: currentCapabilityName,
+        description: currentCapabilityLines.join(" ").trim()
+      });
+      currentCapabilityName = "";
+      currentCapabilityLines = [];
+    }
+  };
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (/^# /.test(trimmed) && !pastFirstH1) {
+      name = trimmed.slice(2).trim();
+      pastFirstH1 = true;
+      currentSection = "preamble";
+      continue;
+    }
+    if (/^## /.test(trimmed)) {
+      flushCapability();
+      const capName = trimmed.slice(3).trim();
+      currentCapabilityName = capName;
+      currentSection = "capability";
+      pastFirstH2 = true;
+      continue;
+    }
+    if (/^#{3,} /.test(trimmed)) {
+      const sectionName = trimmed.replace(/^#+\s*/, "");
+      if (!unknownSections.includes(sectionName)) {
+        unknownSections.push(sectionName);
+      }
+      continue;
+    }
+    if (trimmed === "") continue;
+    if (currentSection === "preamble" && !pastFirstH2) {
+      descriptionLines.push(trimmed);
+    } else if (currentSection === "capability") {
+      currentCapabilityLines.push(trimmed);
+    }
+  }
+  flushCapability();
+  if (descriptionLines.length > 0) {
+    description = descriptionLines[0] ?? "";
+  }
+  return {
+    name,
+    description,
+    level: 2,
+    capabilities,
+    unknownSections
+  };
+}
+
+// src/openclaw/soul-sync.ts
+function parseSoulMdV2(content) {
+  const parsed = parseSoulMd(content);
+  const skills = parsed.capabilities.map((cap) => {
+    const sanitizedId = cap.name.toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "");
+    const id = sanitizedId.length > 0 ? sanitizedId : randomUUID9();
+    return {
+      id,
+      name: cap.name,
+      description: (cap.description.slice(0, 500) || cap.name).slice(0, 500),
+      level: 2,
+      inputs: [
+        {
+          name: "input",
+          type: "text",
+          description: "Input for the skill",
+          required: true
+        }
+      ],
+      outputs: [
+        {
+          name: "output",
+          type: "text",
+          description: "Output from the skill",
+          required: true
+        }
+      ],
+      pricing: { credits_per_call: 10 },
+      availability: { online: true }
+    };
+  });
+  return {
+    agentName: parsed.name || "Unknown Agent",
+    description: parsed.description,
+    skills
+  };
+}
+function publishFromSoulV2(db, soulContent, owner) {
+  const { agentName, skills } = parseSoulMdV2(soulContent);
+  if (skills.length === 0) {
+    throw new AgentBnBError("SOUL.md has no H2 sections", "VALIDATION_ERROR");
+  }
+  const existingCards = listCards(db, owner);
+  const existingV2 = existingCards.find(
+    (c) => c.spec_version === "2.0"
+  );
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const cardId = existingV2?.id ?? randomUUID9();
+  const card = {
+    spec_version: "2.0",
+    id: cardId,
+    owner,
+    agent_name: agentName,
+    skills,
+    availability: { online: true },
+    created_at: existingV2?.created_at ?? now,
+    updated_at: now
+  };
+  CapabilityCardV2Schema.parse(card);
+  if (existingV2) {
+    db.prepare(
+      "UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?"
+    ).run(JSON.stringify(card), now, cardId);
+  } else {
+    db.prepare(
+      "INSERT INTO capability_cards (id, owner, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?)"
+    ).run(cardId, owner, JSON.stringify(card), now, now);
+  }
+  return card;
+}
+
+// src/openclaw/heartbeat-writer.ts
+import { readFileSync as readFileSync5, writeFileSync as writeFileSync4, existsSync as existsSync6 } from "fs";
+var HEARTBEAT_MARKER_START = "<!-- agentbnb:start -->";
+var HEARTBEAT_MARKER_END = "<!-- agentbnb:end -->";
+function generateHeartbeatSection(autonomy, budget) {
+  const t1 = autonomy.tier1_max_credits;
+  const t2 = autonomy.tier2_max_credits;
+  const reserve = budget.reserve_credits;
+  return [
+    HEARTBEAT_MARKER_START,
+    "## AgentBnB Protocol",
+    "",
+    "You are a participant in the AgentBnB capability sharing network.",
+    "",
+    "### Sharing Rules",
+    "- When your idle_rate exceeds 70%, automatically share idle capabilities",
+    "- Accept incoming requests that match your published Capability Card",
+    "- Track credit earnings and report to owner weekly",
+    "",
+    "### Requesting Rules",
+    "- When you encounter a task you cannot complete with local skills:",
+    "  1. Query AgentBnB network for matching capabilities",
+    "  2. If found and credit sufficient, automatically request",
+    "  3. Integrate result into your current workflow",
+    "- Budget limits:",
+    `  - < ${t1} credits: auto-execute, no notification`,
+    `  - ${t1}-${t2} credits: execute, notify owner after`,
+    `  - > ${t2} credits: ask owner before executing`,
+    "",
+    "### Credit Management",
+    `- Maintain minimum balance of ${reserve} credits (reserve for emergencies)`,
+    `- If balance drops below ${reserve}, increase sharing priority`,
+    "- If balance exceeds 500, notify owner of surplus",
+    HEARTBEAT_MARKER_END
+  ].join("\n");
+}
+function injectHeartbeatSection(heartbeatPath, section) {
+  if (!existsSync6(heartbeatPath)) {
+    writeFileSync4(heartbeatPath, section + "\n", "utf-8");
+    return;
+  }
+  let content = readFileSync5(heartbeatPath, "utf-8");
+  const startIdx = content.indexOf(HEARTBEAT_MARKER_START);
+  const endIdx = content.indexOf(HEARTBEAT_MARKER_END);
+  if (startIdx !== -1 && endIdx !== -1) {
+    content = content.slice(0, startIdx) + section + content.slice(endIdx + HEARTBEAT_MARKER_END.length);
+  } else {
+    content = content + "\n" + section + "\n";
+  }
+  writeFileSync4(heartbeatPath, content, "utf-8");
+}
+
+// src/openclaw/skill.ts
+function getOpenClawStatus(config, db, creditDb) {
+  const autonomy = config.autonomy ?? DEFAULT_AUTONOMY_CONFIG;
+  const budget = config.budget ?? DEFAULT_BUDGET_CONFIG;
+  const balance = getBalance(creditDb, config.owner);
+  const allCards = listCards(db, config.owner);
+  const skills = [];
+  for (const card of allCards) {
+    const anyCard = card;
+    if (anyCard.spec_version !== "2.0" || !Array.isArray(anyCard.skills)) continue;
+    for (const skill of anyCard.skills) {
+      const internal = skill["_internal"] ?? {};
+      const idleRate = typeof internal["idle_rate"] === "number" ? internal["idle_rate"] : null;
+      const availability = skill["availability"];
+      const online = availability?.online ?? false;
+      skills.push({
+        id: String(skill["id"] ?? ""),
+        name: String(skill["name"] ?? ""),
+        idle_rate: idleRate,
+        online
+      });
+    }
+  }
+  return {
+    installed: true,
+    owner: config.owner,
+    gateway_url: config.gateway_url,
+    tier: autonomy,
+    balance,
+    reserve: budget.reserve_credits,
+    skills
+  };
+}
+
+// src/cli/index.ts
+var require2 = createRequire(import.meta.url);
+var pkg = require2("../../package.json");
+async function confirm(question) {
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  try {
+    return await new Promise((resolve) => {
+      rl.question(question, (answer) => {
+        resolve(answer.trim().toLowerCase() === "y");
+      });
+    });
+  } finally {
+    rl.close();
+  }
+}
+function getLanIp() {
+  const nets = networkInterfaces();
+  for (const ifaces of Object.values(nets)) {
+    for (const iface of ifaces ?? []) {
+      if (iface.family === "IPv4" && !iface.internal) return iface.address;
+    }
+  }
+  return "localhost";
+}
+var program = new Command();
+program.name("agentbnb").description("P2P Agent Capability Sharing Protocol \u2014 Airbnb for AI agent pipelines").version(pkg.version);
+program.command("init").description("Initialize AgentBnB config and create agent identity").option("--owner <name>", "Agent owner name").option("--port <port>", "Gateway port", "7700").option("--host <ip>", "Override gateway host IP (default: auto-detected LAN IP)").option("--yes", "Auto-confirm all draft cards (non-interactive)").option("--no-detect", "Skip API key detection").option("--json", "Output as JSON").action(async (opts) => {
+  const owner = opts.owner ?? `agent-${randomBytes(4).toString("hex")}`;
+  const token = randomBytes(32).toString("hex");
+  const configDir = getConfigDir();
+  const dbPath = join5(configDir, "registry.db");
+  const creditDbPath = join5(configDir, "credit.db");
+  const port = parseInt(opts.port, 10);
+  const ip = opts.host ?? getLanIp();
+  const existingConfig = loadConfig();
+  const api_key = existingConfig?.api_key ?? randomBytes(32).toString("hex");
+  const config = {
+    owner,
+    gateway_url: `http://${ip}:${port}`,
+    gateway_port: port,
+    db_path: dbPath,
+    credit_db_path: creditDbPath,
+    token,
+    api_key
+  };
+  saveConfig(config);
+  let keypairStatus = "existing";
+  try {
+    loadKeyPair(configDir);
+  } catch {
+    const keys = generateKeyPair();
+    saveKeyPair(configDir, keys);
+    keypairStatus = "generated";
+  }
+  const creditDb = openCreditDb(creditDbPath);
+  bootstrapAgent(creditDb, owner, 100);
+  creditDb.close();
+  const skipDetect = opts.detect === false;
+  let detectedKeys = [];
+  let detectedPorts = [];
+  const publishedCards = [];
+  if (!skipDetect) {
+    detectedKeys = detectApiKeys(KNOWN_API_KEYS);
+    detectedPorts = await detectOpenPorts([7700, 7701, 8080, 3e3, 8e3, 11434]);
+    if (detectedKeys.length > 0) {
+      if (!opts.json) {
+        console.log(`
+Detected ${detectedKeys.length} API key${detectedKeys.length > 1 ? "s" : ""}: ${detectedKeys.join(", ")}`);
+      }
+      if (detectedPorts.length > 0 && !opts.json) {
+        console.log(`Found services on ports: ${detectedPorts.join(", ")}`);
+      }
+      const drafts = detectedKeys.map((key) => buildDraftCard(key, owner)).filter((card) => card !== null);
+      if (opts.yes) {
+        const db = openDatabase(dbPath);
+        try {
+          for (const card of drafts) {
+            insertCard(db, card);
+            publishedCards.push({ id: card.id, name: card.name });
+            if (!opts.json) {
+              console.log(`Published: ${card.name} (${card.id})`);
+            }
+          }
+        } finally {
+          db.close();
+        }
+      } else if (process.stdout.isTTY) {
+        const db = openDatabase(dbPath);
+        try {
+          for (const card of drafts) {
+            const yes = await confirm(`Publish "${card.name}"? [y/N] `);
+            if (yes) {
+              insertCard(db, card);
+              publishedCards.push({ id: card.id, name: card.name });
+              console.log(`Published: ${card.name} (${card.id})`);
+            } else {
+              console.log(`Skipped: ${card.name}`);
+            }
+          }
+        } finally {
+          db.close();
+        }
+      } else {
+        if (!opts.json) {
+          console.log("Non-interactive environment detected. Re-run with --yes to auto-publish draft cards.");
+        }
+      }
+    } else {
+      if (!opts.json) {
+        console.log("\nNo API keys detected. You can manually publish cards with `agentbnb publish`.");
+      }
+    }
+  }
+  if (opts.json) {
+    const jsonOutput = {
+      success: true,
+      owner,
+      config_dir: configDir,
+      token,
+      gateway_url: config.gateway_url,
+      keypair: keypairStatus
+    };
+    if (!skipDetect) {
+      jsonOutput.detected_keys = detectedKeys;
+      jsonOutput.published_cards = publishedCards;
+    }
+    console.log(JSON.stringify(jsonOutput, null, 2));
+  } else {
+    console.log(`AgentBnB initialized.`);
+    console.log(`  Owner:   ${owner}`);
+    console.log(`  Token:   ${token}`);
+    console.log(`  Config:  ${configDir}/config.json`);
+    console.log(`  Credits: 100 (starter grant)`);
+    console.log(`  Keypair: ${keypairStatus === "generated" ? "generated (Ed25519)" : "preserved (existing)"}`);
+    console.log(`  Gateway: http://${ip}:${port}`);
+  }
+});
+program.command("publish <card.json>").description("Publish a Capability Card to the registry").option("--json", "Output as JSON").action(async (cardPath, opts) => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  let raw;
+  try {
+    raw = readFileSync6(cardPath, "utf-8");
+  } catch {
+    console.error(`Error: cannot read file: ${cardPath}`);
+    process.exit(1);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    console.error("Error: invalid JSON in card file.");
+    process.exit(1);
+  }
+  const result = CapabilityCardSchema.safeParse(parsed);
+  if (!result.success) {
+    if (opts.json) {
+      console.log(JSON.stringify({ success: false, errors: result.error.issues }, null, 2));
+    } else {
+      console.error("Error: card validation failed:");
+      for (const issue of result.error.issues) {
+        console.error(`  - ${issue.path.join(".")}: ${issue.message}`);
+      }
+    }
+    process.exit(1);
+  }
+  const db = openDatabase(config.db_path);
+  try {
+    insertCard(db, result.data);
+  } finally {
+    db.close();
+  }
+  if (opts.json) {
+    console.log(JSON.stringify({ success: true, id: result.data.id, name: result.data.name }, null, 2));
+  } else {
+    console.log(`Published: ${result.data.name} (${result.data.id})`);
+  }
+});
+program.command("discover [query]").description("Search available capabilities in the registry").option("--level <level>", "Filter by level (1, 2, or 3)").option("--online", "Only show online capabilities").option("--local", "Browse for agents on the local network via mDNS").option("--registry <url>", "Remote registry URL to query (e.g., http://host:7701)").option("--tag <tag>", "Filter by metadata tag").option("--json", "Output as JSON").action(async (query, opts) => {
+  if (opts.local) {
+    const discovered = [];
+    const browser = discoverLocalAgents((agent) => {
+      discovered.push(agent);
+    });
+    await new Promise((resolve) => setTimeout(resolve, 3e3));
+    browser.stop();
+    if (opts.json) {
+      console.log(JSON.stringify(discovered, null, 2));
+      return;
+    }
+    if (discovered.length === 0) {
+      console.log("No agents found on local network.");
+      return;
+    }
+    const col2 = (s, w) => s.slice(0, w).padEnd(w);
+    console.log(col2("Name", 24) + "  " + col2("URL", 32) + "  " + col2("Owner", 20));
+    console.log("-".repeat(80));
+    for (const agent of discovered) {
+      console.log(col2(agent.name, 24) + "  " + col2(agent.url, 32) + "  " + col2(agent.owner, 20));
+    }
+    console.log(`
+${discovered.length} agent(s) found on local network`);
+    return;
+  }
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  const db = openDatabase(config.db_path);
+  let localCards;
+  try {
+    const level = opts.level ? parseInt(opts.level, 10) : void 0;
+    const filters = { level, online: opts.online };
+    if (query && query.trim().length > 0) {
+      localCards = searchCards(db, query, filters);
+    } else {
+      localCards = filterCards(db, filters);
+    }
+  } finally {
+    db.close();
+  }
+  if (opts.tag) {
+    localCards = localCards.filter((c) => c.metadata?.tags?.includes(opts.tag));
+  }
+  localCards = localCards.map(({ _internal: _, ...rest }) => rest);
+  const registryUrl = opts.registry ?? config.registry ?? void 0;
+  const isExplicitRegistry = Boolean(opts.registry);
+  let outputCards;
+  let hasRemote = false;
+  if (registryUrl) {
+    try {
+      let remoteCards = await fetchRemoteCards(registryUrl, {
+        q: query,
+        level: opts.level ? parseInt(opts.level, 10) : void 0,
+        online: opts.online,
+        tag: opts.tag
+      });
+      remoteCards = remoteCards.map(({ _internal: _, ...rest }) => rest);
+      hasRemote = true;
+      outputCards = mergeResults(localCards, remoteCards, Boolean(query && query.trim().length > 0));
+    } catch (err) {
+      if (isExplicitRegistry) {
+        const msg = err instanceof Error ? err.message : String(err);
+        console.error(msg);
+        process.exit(1);
+        return;
+      } else {
+        const msg = err instanceof Error ? err.message : String(err);
+        console.error(`Warning: ${msg}`);
+        outputCards = localCards.map((c) => ({ ...c, source: "local" }));
+      }
+    }
+  } else {
+    outputCards = localCards;
+  }
+  if (opts.json) {
+    console.log(JSON.stringify(outputCards, null, 2));
+    return;
+  }
+  if (outputCards.length === 0) {
+    console.log("No capabilities found.");
+    return;
+  }
+  const col = (s, w) => s.slice(0, w).padEnd(w);
+  if (hasRemote) {
+    console.log(
+      col("ID", 16) + "  " + col("Name", 28) + "  " + col("Lvl", 3) + "  " + col("Credits", 7) + "  " + col("Online", 6) + "  " + col("Source", 8)
+    );
+    console.log("-".repeat(80));
+    for (const card of outputCards) {
+      const shortId = card.id.slice(0, 8) + "...";
+      const source = "source" in card ? card.source : "local";
+      const sourceTag = source === "remote" ? "[remote]" : "[local]";
+      console.log(
+        col(shortId, 16) + "  " + col(card.name, 28) + "  " + col(String(card.level), 3) + "  " + col(String(card.pricing.credits_per_call), 7) + "  " + col(card.availability.online ? "yes" : "no", 6) + "  " + col(sourceTag, 8)
+      );
+    }
+  } else {
+    console.log(
+      col("ID", 16) + "  " + col("Name", 32) + "  " + col("Lvl", 3) + "  " + col("Credits", 7) + "  " + col("Online", 6)
+    );
+    console.log("-".repeat(72));
+    for (const card of outputCards) {
+      const shortId = card.id.slice(0, 8) + "...";
+      console.log(
+        col(shortId, 16) + "  " + col(card.name, 32) + "  " + col(String(card.level), 3) + "  " + col(String(card.pricing.credits_per_call), 7) + "  " + col(card.availability.online ? "yes" : "no", 6)
+      );
+    }
+  }
+  console.log(`
+${outputCards.length} result(s)`);
+});
+program.command("request [card-id]").description("Request a capability from another agent \u2014 direct (card-id) or auto (--query)").option("--params <json>", "Input parameters as JSON string", "{}").option("--peer <name>", "Peer name to send request to (resolves URL+token from peer registry)").option("--query <text>", "Search query for capability gap (triggers auto-request flow)").option("--max-cost <credits>", "Maximum credits to spend on auto-request (default: 50)").option("--json", "Output as JSON").action(async (cardId, opts) => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  if (opts.query) {
+    let queryParams;
+    if (opts.params && opts.params !== "{}") {
+      try {
+        queryParams = JSON.parse(opts.params);
+      } catch {
+        console.error("Error: --params must be valid JSON.");
+        process.exit(1);
+      }
+    }
+    const registryDb = openDatabase(join5(getConfigDir(), "registry.db"));
+    const creditDb = openCreditDb(join5(getConfigDir(), "credit.db"));
+    registryDb.pragma("busy_timeout = 5000");
+    creditDb.pragma("busy_timeout = 5000");
+    try {
+      const budgetManager = new BudgetManager(creditDb, config.owner, config.budget ?? DEFAULT_BUDGET_CONFIG);
+      const requestor = new AutoRequestor({
+        owner: config.owner,
+        registryDb,
+        creditDb,
+        autonomyConfig: config.autonomy ?? DEFAULT_AUTONOMY_CONFIG,
+        budgetManager
+      });
+      const result = await requestor.requestWithAutonomy({
+        query: opts.query,
+        maxCostCredits: Number(opts.maxCost ?? 50),
+        params: queryParams
+      });
+      console.log(JSON.stringify(result, null, 2));
+    } finally {
+      registryDb.close();
+      creditDb.close();
+    }
+    return;
+  }
+  if (!cardId) {
+    console.error("Error: provide a <card-id> for direct request, or use --query for auto-request.");
+    process.exit(1);
+  }
+  let params;
+  try {
+    params = JSON.parse(opts.params);
+  } catch {
+    console.error("Error: --params must be valid JSON.");
+    process.exit(1);
+  }
+  let gatewayUrl;
+  let token;
+  if (opts.peer) {
+    const peer = findPeer(opts.peer);
+    if (!peer) {
+      console.error(`Error: Peer not found: ${opts.peer}. Run \`agentbnb peers\` to see registered peers.`);
+      process.exit(1);
+    }
+    gatewayUrl = peer.url;
+    token = peer.token;
+  } else {
+    gatewayUrl = config.gateway_url;
+    token = config.token;
+  }
+  try {
+    const result = await requestCapability({
+      gatewayUrl,
+      token,
+      cardId,
+      params
+    });
+    if (opts.json) {
+      console.log(JSON.stringify({ success: true, result }, null, 2));
+    } else {
+      console.log("Result:");
+      console.log(JSON.stringify(result, null, 2));
+    }
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (opts.json) {
+      console.log(JSON.stringify({ success: false, error: msg }, null, 2));
+    } else {
+      console.error(`Error: ${msg}`);
+    }
+    process.exit(1);
+  }
+});
+program.command("status").description("Show credit balance and recent transactions").option("--json", "Output as JSON").action(async (opts) => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  const creditDb = openCreditDb(config.credit_db_path);
+  let balance;
+  let transactions;
+  let heldEscrows;
+  try {
+    balance = getBalance(creditDb, config.owner);
+    transactions = getTransactions(creditDb, config.owner, 5);
+    heldEscrows = creditDb.prepare("SELECT id, amount, card_id, created_at FROM credit_escrow WHERE owner = ? AND status = ?").all(config.owner, "held");
+  } finally {
+    creditDb.close();
+  }
+  if (opts.json) {
+    console.log(JSON.stringify({ owner: config.owner, balance, held_escrows: heldEscrows, recent_transactions: transactions }, null, 2));
+    return;
+  }
+  console.log(`Owner:   ${config.owner}`);
+  console.log(`Balance: ${balance} credits`);
+  if (heldEscrows.length > 0) {
+    console.log(`
+Active Escrows (${heldEscrows.length}):`);
+    for (const e of heldEscrows) {
+      console.log(`  ${e.id.slice(0, 8)}...  ${e.amount} credits  card=${e.card_id.slice(0, 8)}...`);
+    }
+  } else {
+    console.log("Active Escrows: none");
+  }
+  if (transactions.length > 0) {
+    console.log("\nRecent Transactions:");
+    for (const tx of transactions) {
+      const sign2 = tx.amount > 0 ? "+" : "";
+      console.log(`  ${tx.created_at.slice(0, 19)}  ${sign2}${tx.amount}  ${tx.reason}`);
+    }
+  }
+});
+program.command("serve").description("Start the AgentBnB gateway server").option("--port <port>", "Port to listen on (overrides config)").option("--handler-url <url>", "Local capability handler URL", "http://localhost:8080").option("--skills-yaml <path>", "Path to skills.yaml (default: ~/.agentbnb/skills.yaml)").option("--registry-port <port>", "Public registry API port (0 to disable)", "7701").option("--announce", "Announce this gateway on the local network via mDNS").action(async (opts) => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  const port = opts.port ? parseInt(opts.port, 10) : config.gateway_port;
+  const registryPort = parseInt(opts.registryPort, 10);
+  const skillsYamlPath = opts.skillsYaml ?? join5(homedir2(), ".agentbnb", "skills.yaml");
+  const runtime = new AgentRuntime({
+    registryDbPath: config.db_path,
+    creditDbPath: config.credit_db_path,
+    owner: config.owner,
+    skillsYamlPath
+  });
+  await runtime.start();
+  if (runtime.skillExecutor) {
+    console.log(`SkillExecutor initialized from ${skillsYamlPath}`);
+  }
+  const autonomyConfig = config.autonomy ?? DEFAULT_AUTONOMY_CONFIG;
+  const idleMonitor = new IdleMonitor({
+    owner: config.owner,
+    db: runtime.registryDb,
+    autonomyConfig
+  });
+  const idleJob = idleMonitor.start();
+  runtime.registerJob(idleJob);
+  console.log("IdleMonitor started (60s poll interval, 70% idle threshold)");
+  const server = createGatewayServer({
+    port,
+    registryDb: runtime.registryDb,
+    creditDb: runtime.creditDb,
+    tokens: [config.token],
+    handlerUrl: opts.handlerUrl,
+    skillExecutor: runtime.skillExecutor
+  });
+  let registryServer = null;
+  const gracefulShutdown = async () => {
+    console.log("\nShutting down...");
+    if (opts.announce) {
+      await stopAnnouncement();
+    }
+    if (registryServer) {
+      await registryServer.close();
+    }
+    await server.close();
+    await runtime.shutdown();
+    process.exit(0);
+  };
+  process.on("SIGINT", () => {
+    void gracefulShutdown();
+  });
+  process.on("SIGTERM", () => {
+    void gracefulShutdown();
+  });
+  try {
+    await server.listen({ port, host: "0.0.0.0" });
+    console.log(`Gateway running on port ${port}`);
+    if (registryPort > 0) {
+      if (!config.api_key) {
+        console.warn("No API key found. Run `agentbnb init` to enable dashboard features.");
+      }
+      registryServer = createRegistryServer({
+        registryDb: runtime.registryDb,
+        silent: false,
+        ownerName: config.owner,
+        ownerApiKey: config.api_key,
+        creditDb: runtime.creditDb
+      });
+      await registryServer.listen({ port: registryPort, host: "0.0.0.0" });
+      console.log(`Registry API: http://0.0.0.0:${registryPort}/cards`);
+    }
+    if (opts.announce) {
+      announceGateway(config.owner, port);
+      console.log("Announcing on local network via mDNS");
+    }
+  } catch (err) {
+    console.error("Failed to start:", err);
+    if (registryServer) {
+      await registryServer.close().catch(() => {
+      });
+    }
+    await runtime.shutdown();
+    process.exit(1);
+  }
+});
+program.command("connect <name> <url> <token>").description("Register a remote peer agent (store URL + token for reuse)").option("--json", "Output as JSON").action(async (name, url, token, opts) => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  savePeer({ name, url, token, added_at: (/* @__PURE__ */ new Date()).toISOString() });
+  if (opts.json) {
+    console.log(JSON.stringify({ success: true, name, url }, null, 2));
+  } else {
+    console.log(`Connected to peer: ${name} at ${url}`);
+  }
+});
+var peersCommand = program.command("peers").description("List registered peer agents");
+peersCommand.option("--json", "Output as JSON").action(async (opts) => {
+  const peers = loadPeers();
+  if (opts.json) {
+    console.log(JSON.stringify(peers, null, 2));
+    return;
+  }
+  if (peers.length === 0) {
+    console.log("No peers registered. Use `agentbnb connect` to add one.");
+    return;
+  }
+  const col = (s, w) => s.slice(0, w).padEnd(w);
+  console.log(col("Name", 20) + "  " + col("URL", 36) + "  " + col("Added", 20));
+  console.log("-".repeat(80));
+  for (const peer of peers) {
+    console.log(col(peer.name, 20) + "  " + col(peer.url, 36) + "  " + col(peer.added_at.slice(0, 19), 20));
+  }
+  console.log(`
+${peers.length} peer(s)`);
+});
+peersCommand.command("remove <name>").description("Remove a registered peer").action(async (name) => {
+  const removed = removePeer(name);
+  if (removed) {
+    console.log(`Peer removed: ${name}`);
+  } else {
+    console.error(`Peer not found: ${name}`);
+    process.exit(1);
+  }
+});
+var configCmd = program.command("config").description("Get or set AgentBnB configuration values");
+configCmd.command("set <key> <value>").description("Set a configuration value").action((key, value) => {
+  const allowedKeys = ["registry", "tier1", "tier2", "reserve", "idle-threshold"];
+  if (!allowedKeys.includes(key)) {
+    console.error(`Unknown config key: ${key}. Valid keys: ${allowedKeys.join(", ")}`);
+    process.exit(1);
+  }
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  if (key === "tier1" || key === "tier2") {
+    const parsed = parseInt(value, 10);
+    if (isNaN(parsed) || parsed < 0) {
+      console.error(`Error: ${key} must be a non-negative integer, got: ${value}`);
+      process.exit(1);
+    }
+    if (!config.autonomy) {
+      config.autonomy = { ...DEFAULT_AUTONOMY_CONFIG };
+    }
+    if (key === "tier1") {
+      config.autonomy.tier1_max_credits = parsed;
+      if (parsed >= config.autonomy.tier2_max_credits && config.autonomy.tier2_max_credits > 0) {
+        console.warn(
+          `Warning: tier1 (${parsed}) >= tier2 (${config.autonomy.tier2_max_credits}). Tier 2 will never be reached \u2014 consider increasing tier2.`
+        );
+      }
+      saveConfig(config);
+      console.log(`Set tier1 = ${parsed} (auto-execute threshold: <${parsed} credits)`);
+    } else {
+      config.autonomy.tier2_max_credits = parsed;
+      if (config.autonomy.tier1_max_credits >= parsed && parsed > 0) {
+        console.warn(
+          `Warning: tier2 (${parsed}) <= tier1 (${config.autonomy.tier1_max_credits}). Tier 2 will never be reached \u2014 consider decreasing tier1.`
+        );
+      }
+      saveConfig(config);
+      console.log(`Set tier2 = ${parsed} (notify threshold: <${parsed} credits)`);
+    }
+    return;
+  }
+  if (key === "reserve") {
+    const parsed = parseInt(value, 10);
+    if (isNaN(parsed) || parsed < 0) {
+      console.error(`Error: reserve must be a non-negative integer, got: ${value}`);
+      process.exit(1);
+    }
+    if (!config.budget) {
+      config.budget = { ...DEFAULT_BUDGET_CONFIG };
+    }
+    config.budget.reserve_credits = parsed;
+    saveConfig(config);
+    console.log(`Set reserve = ${parsed} (credit reserve floor: ${parsed} credits)`);
+    return;
+  }
+  if (key === "idle-threshold") {
+    const parsed = parseFloat(value);
+    if (isNaN(parsed) || parsed < 0 || parsed > 1) {
+      console.error("Error: idle-threshold must be a number between 0 and 1");
+      process.exit(1);
+    }
+    config["idle_threshold"] = parsed;
+    saveConfig(config);
+    console.log(`Set idle-threshold = ${parsed} (idle rate threshold for auto-share)`);
+    return;
+  }
+  config[key] = value;
+  saveConfig(config);
+  console.log(`Set ${key} = ${value}`);
+});
+configCmd.command("get <key>").description("Get a configuration value").action((key) => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  if (key === "tier1") {
+    console.log(String(config.autonomy?.tier1_max_credits ?? 0));
+    return;
+  }
+  if (key === "tier2") {
+    console.log(String(config.autonomy?.tier2_max_credits ?? 0));
+    return;
+  }
+  if (key === "reserve") {
+    console.log(String(config.budget?.reserve_credits ?? DEFAULT_BUDGET_CONFIG.reserve_credits));
+    return;
+  }
+  if (key === "idle-threshold") {
+    const val = config["idle_threshold"];
+    console.log(val !== void 0 ? String(val) : "0.70");
+    return;
+  }
+  const value = config[key];
+  console.log(value !== void 0 ? String(value) : "(not set)");
+});
+var openclaw = program.command("openclaw").description("OpenClaw integration commands");
+openclaw.command("sync").description("Read SOUL.md and publish/update a v2.0 capability card").option("--soul-path <path>", "Path to SOUL.md", "./SOUL.md").action(async (opts) => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  let content;
+  try {
+    content = readFileSync6(opts.soulPath, "utf-8");
+  } catch {
+    console.error(`Error: cannot read SOUL.md at ${opts.soulPath}`);
+    process.exit(1);
+  }
+  const db = openDatabase(config.db_path);
+  try {
+    const card = publishFromSoulV2(db, content, config.owner);
+    console.log(`Published card ${card.id} with ${card.skills.length} skill(s)`);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(`Error: ${msg}`);
+    process.exit(1);
+  } finally {
+    db.close();
+  }
+});
+openclaw.command("status").description("Show OpenClaw integration status, tier config, and skill idle rates").action(async () => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  const db = openDatabase(config.db_path);
+  const creditDb = openCreditDb(config.credit_db_path);
+  try {
+    const status = getOpenClawStatus(config, db, creditDb);
+    console.log("AgentBnB OpenClaw Status");
+    console.log(`Owner: ${status.owner}`);
+    console.log(`Gateway: ${status.gateway_url}`);
+    console.log(`Tier 1 (auto): < ${status.tier.tier1_max_credits} credits`);
+    console.log(`Tier 2 (notify): ${status.tier.tier1_max_credits}-${status.tier.tier2_max_credits} credits`);
+    console.log(`Tier 3 (ask): > ${status.tier.tier2_max_credits} credits`);
+    console.log(`Balance: ${status.balance} credits`);
+    console.log(`Reserve: ${status.reserve} credits`);
+    console.log(`Skills: ${status.skills.length}`);
+    for (const skill of status.skills) {
+      console.log(`  - ${skill.id}: ${skill.name} (idle: ${skill.idle_rate ?? "N/A"}, online: ${skill.online})`);
+    }
+  } finally {
+    db.close();
+    creditDb.close();
+  }
+});
+openclaw.command("rules").description("Print HEARTBEAT.md rules block (or inject into a file with --inject)").option("--inject <path>", "Path to HEARTBEAT.md file to patch with rules block").action(async (opts) => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  const autonomy = config.autonomy ?? DEFAULT_AUTONOMY_CONFIG;
+  const budget = config.budget ?? DEFAULT_BUDGET_CONFIG;
+  const section = generateHeartbeatSection(autonomy, budget);
+  if (opts.inject) {
+    injectHeartbeatSection(opts.inject, section);
+    console.log(`Injected AgentBnB rules into ${opts.inject}`);
+  } else {
+    console.log(section);
+  }
+});
+await program.parseAsync(process.argv);