npm - agentbnb - Versions diffs - 3.0.0 → 3.1.1 - Mend

agentbnb 3.0.0 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/{card-P5C36VBD.js → card-EWIXC377.js} +1 -1
package/dist/{chunk-V7M6GIJZ.js → chunk-2ETVQXP7.js} +13 -193
package/dist/chunk-3Y36WQDV.js +70 -0
package/dist/{chunk-TQMI73LL.js → chunk-7RU5INZI.js} +1 -0
package/dist/chunk-MGHI67GR.js +257 -0
package/dist/chunk-MZCNJ5PY.js +192 -0
package/dist/{chunk-PJSYSVKN.js → chunk-QAY6XTT7.js} +4 -6
package/dist/{chunk-EZB4RUIG.js → chunk-VCW7IDJM.js} +1 -1
package/dist/cli/index.js +1176 -470
package/dist/{conduct-JZJS2ZHA.js → conduct-5T3LGXMF.js} +10 -8
package/dist/{conductor-mode-DJ3RIJ5T.js → conductor-mode-GPLAM2XO.js} +4 -3
package/dist/execute-NZXTSSVV.js +9 -0
package/dist/index.d.ts +1052 -10
package/dist/index.js +1488 -249
package/dist/websocket-client-5TIQDYQ4.js +275 -0
package/package.json +16 -1

package/dist/index.js CHANGED Viewed

@@ -432,6 +432,30 @@ function getCard(db, id) {
   if (!row) return null;
   return JSON.parse(row.data);
 }
+function updateCard(db, id, owner, updates) {
+  const existing = getCard(db, id);
+  if (!existing) {
+    throw new AgentBnBError(`Card not found: ${id}`, "NOT_FOUND");
+  }
+  if (existing.owner !== owner) {
+    throw new AgentBnBError("Forbidden: you do not own this card", "FORBIDDEN");
+  }
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const merged = { ...existing, ...updates, updated_at: now };
+  const parsed = CapabilityCardSchema.safeParse(merged);
+  if (!parsed.success) {
+    throw new AgentBnBError(
+      `Card validation failed: ${parsed.error.message}`,
+      "VALIDATION_ERROR"
+    );
+  }
+  const stmt = db.prepare(`
+    UPDATE capability_cards
+    SET data = ?, updated_at = ?
+    WHERE id = ?
+  `);
+  stmt.run(JSON.stringify(parsed.data), now, id);
+}
 function updateReputation(db, cardId, success, latencyMs) {
   const existing = getCard(db, cardId);
   if (!existing) return;
@@ -455,6 +479,18 @@ function updateReputation(db, cardId, success, latencyMs) {
   `);
   stmt.run(JSON.stringify(updatedCard), now, cardId);
 }
+function listCards(db, owner) {
+  let stmt;
+  let rows;
+  if (owner !== void 0) {
+    stmt = db.prepare("SELECT data FROM capability_cards WHERE owner = ?");
+    rows = stmt.all(owner);
+  } else {
+    stmt = db.prepare("SELECT data FROM capability_cards");
+    rows = stmt.all();
+  }
+  return rows.map((row) => JSON.parse(row.data));
+}
 // src/registry/matcher.ts
 function searchCards(db, query, filters = {}) {
@@ -558,6 +594,8 @@ function recordEarning(db, owner, amount, _cardId, receiptNonce) {
 // src/gateway/server.ts
 import Fastify from "fastify";
+// src/gateway/execute.ts
 import { randomUUID as randomUUID3 } from "crypto";
 // src/credit/escrow.ts
@@ -729,6 +767,164 @@ function releaseRequesterEscrow(requesterDb, escrowId) {
   releaseEscrow(requesterDb, escrowId);
 }
+// src/gateway/execute.ts
+async function executeCapabilityRequest(opts) {
+  const {
+    registryDb,
+    creditDb,
+    cardId,
+    skillId,
+    params,
+    requester,
+    escrowReceipt: receipt,
+    skillExecutor,
+    handlerUrl,
+    timeoutMs = 3e4
+  } = opts;
+  const card = getCard(registryDb, cardId);
+  if (!card) {
+    return { success: false, error: { code: -32602, message: `Card not found: ${cardId}` } };
+  }
+  let creditsNeeded;
+  let cardName;
+  let resolvedSkillId;
+  const rawCard = card;
+  if (Array.isArray(rawCard["skills"])) {
+    const v2card = card;
+    const skill = skillId ? v2card.skills.find((s) => s.id === skillId) : v2card.skills[0];
+    if (!skill) {
+      return { success: false, error: { code: -32602, message: `Skill not found: ${skillId}` } };
+    }
+    creditsNeeded = skill.pricing.credits_per_call;
+    cardName = skill.name;
+    resolvedSkillId = skill.id;
+  } else {
+    creditsNeeded = card.pricing.credits_per_call;
+    cardName = card.name;
+  }
+  let escrowId = null;
+  let isRemoteEscrow = false;
+  if (receipt) {
+    const { signature, ...receiptData2 } = receipt;
+    const publicKeyBuf = Buffer.from(receipt.requester_public_key, "hex");
+    const valid = verifyEscrowReceipt(receiptData2, signature, publicKeyBuf);
+    if (!valid) {
+      return { success: false, error: { code: -32603, message: "Invalid escrow receipt signature" } };
+    }
+    if (receipt.amount < creditsNeeded) {
+      return { success: false, error: { code: -32603, message: "Insufficient escrow amount" } };
+    }
+    const receiptAge = Date.now() - new Date(receipt.timestamp).getTime();
+    if (receiptAge > 5 * 60 * 1e3) {
+      return { success: false, error: { code: -32603, message: "Escrow receipt expired" } };
+    }
+    isRemoteEscrow = true;
+  } else {
+    try {
+      const balance = getBalance(creditDb, requester);
+      if (balance < creditsNeeded) {
+        return { success: false, error: { code: -32603, message: "Insufficient credits" } };
+      }
+      escrowId = holdEscrow(creditDb, requester, creditsNeeded, cardId);
+    } catch (err) {
+      const msg = err instanceof AgentBnBError ? err.message : "Failed to hold escrow";
+      return { success: false, error: { code: -32603, message: msg } };
+    }
+  }
+  const startMs = Date.now();
+  const receiptData = isRemoteEscrow ? { receipt_released: true } : void 0;
+  const handleFailure = (status, latencyMs, message) => {
+    if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
+    updateReputation(registryDb, cardId, false, latencyMs);
+    try {
+      insertRequestLog(registryDb, {
+        id: randomUUID3(),
+        card_id: cardId,
+        card_name: cardName,
+        skill_id: resolvedSkillId,
+        requester,
+        status,
+        latency_ms: latencyMs,
+        credits_charged: 0,
+        created_at: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    } catch {
+    }
+    return {
+      success: false,
+      error: { code: -32603, message, ...receiptData ? { data: receiptData } : {} }
+    };
+  };
+  const handleSuccess = (result, latencyMs) => {
+    if (isRemoteEscrow && receipt) {
+      settleProviderEarning(creditDb, card.owner, receipt);
+    } else if (escrowId) {
+      settleEscrow(creditDb, escrowId, card.owner);
+    }
+    updateReputation(registryDb, cardId, true, latencyMs);
+    try {
+      insertRequestLog(registryDb, {
+        id: randomUUID3(),
+        card_id: cardId,
+        card_name: cardName,
+        skill_id: resolvedSkillId,
+        requester,
+        status: "success",
+        latency_ms: latencyMs,
+        credits_charged: creditsNeeded,
+        created_at: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    } catch {
+    }
+    const successResult = isRemoteEscrow ? {
+      ...typeof result === "object" && result !== null ? result : { data: result },
+      receipt_settled: true,
+      receipt_nonce: receipt.nonce
+    } : result;
+    return { success: true, result: successResult };
+  };
+  if (skillExecutor) {
+    const targetSkillId = resolvedSkillId ?? skillId ?? cardId;
+    try {
+      const execResult = await skillExecutor.execute(targetSkillId, params);
+      if (!execResult.success) {
+        return handleFailure("failure", execResult.latency_ms, execResult.error ?? "Execution failed");
+      }
+      return handleSuccess(execResult.result, execResult.latency_ms);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Execution error";
+      return handleFailure("failure", Date.now() - startMs, message);
+    }
+  }
+  if (!handlerUrl) {
+    return handleFailure("failure", Date.now() - startMs, "No skill executor or handler URL configured");
+  }
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetch(handlerUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ card_id: cardId, skill_id: resolvedSkillId, params }),
+      signal: controller.signal
+    });
+    clearTimeout(timer);
+    if (!response.ok) {
+      return handleFailure("failure", Date.now() - startMs, `Handler returned ${response.status}`);
+    }
+    const result = await response.json();
+    return handleSuccess(result, Date.now() - startMs);
+  } catch (err) {
+    clearTimeout(timer);
+    const isTimeout = err instanceof Error && err.name === "AbortError";
+    return handleFailure(
+      isTimeout ? "timeout" : "failure",
+      Date.now() - startMs,
+      isTimeout ? "Execution timeout" : "Handler error"
+    );
+  }
+}
 // src/gateway/server.ts
 var VERSION = "0.0.1";
 function createGatewayServer(opts) {
@@ -793,258 +989,24 @@ function createGatewayServer(opts) {
         error: { code: -32602, message: "Invalid params: card_id required" }
       });
     }
-    const card = getCard(registryDb, cardId);
-    if (!card) {
-      return reply.send({
-        jsonrpc: "2.0",
-        id,
-        error: { code: -32602, message: `Card not found: ${cardId}` }
-      });
-    }
     const requester = params.requester ?? "unknown";
-    let creditsNeeded;
-    let cardName;
-    let resolvedSkillId;
-    const rawCard = card;
-    if (Array.isArray(rawCard["skills"])) {
-      const v2card = card;
-      const skill = skillId ? v2card.skills.find((s) => s.id === skillId) : v2card.skills[0];
-      if (!skill) {
-        return reply.send({
-          jsonrpc: "2.0",
-          id,
-          error: { code: -32602, message: `Skill not found: ${skillId}` }
-        });
-      }
-      creditsNeeded = skill.pricing.credits_per_call;
-      cardName = skill.name;
-      resolvedSkillId = skill.id;
-    } else {
-      creditsNeeded = card.pricing.credits_per_call;
-      cardName = card.name;
-    }
     const receipt = params.escrow_receipt;
-    let escrowId = null;
-    let isRemoteEscrow = false;
-    if (receipt) {
-      const { signature, ...receiptData } = receipt;
-      const publicKeyBuf = Buffer.from(receipt.requester_public_key, "hex");
-      const valid = verifyEscrowReceipt(receiptData, signature, publicKeyBuf);
-      if (!valid) {
-        return reply.send({
-          jsonrpc: "2.0",
-          id,
-          error: { code: -32603, message: "Invalid escrow receipt signature" }
-        });
-      }
-      if (receipt.amount < creditsNeeded) {
-        return reply.send({
-          jsonrpc: "2.0",
-          id,
-          error: { code: -32603, message: "Insufficient escrow amount" }
-        });
-      }
-      const receiptAge = Date.now() - new Date(receipt.timestamp).getTime();
-      if (receiptAge > 5 * 60 * 1e3) {
-        return reply.send({
-          jsonrpc: "2.0",
-          id,
-          error: { code: -32603, message: "Escrow receipt expired" }
-        });
-      }
-      isRemoteEscrow = true;
+    const result = await executeCapabilityRequest({
+      registryDb,
+      creditDb,
+      cardId,
+      skillId,
+      params,
+      requester,
+      escrowReceipt: receipt,
+      skillExecutor,
+      handlerUrl,
+      timeoutMs
+    });
+    if (result.success) {
+      return reply.send({ jsonrpc: "2.0", id, result: result.result });
     } else {
-      try {
-        const balance = getBalance(creditDb, requester);
-        if (balance < creditsNeeded) {
-          return reply.send({
-            jsonrpc: "2.0",
-            id,
-            error: { code: -32603, message: "Insufficient credits" }
-          });
-        }
-        escrowId = holdEscrow(creditDb, requester, creditsNeeded, cardId);
-      } catch (err) {
-        const msg = err instanceof AgentBnBError ? err.message : "Failed to hold escrow";
-        return reply.send({
-          jsonrpc: "2.0",
-          id,
-          error: { code: -32603, message: msg }
-        });
-      }
-    }
-    const startMs = Date.now();
-    if (skillExecutor) {
-      const targetSkillId = resolvedSkillId ?? skillId ?? cardId;
-      let execResult;
-      try {
-        execResult = await skillExecutor.execute(targetSkillId, params);
-      } catch (err) {
-        if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
-        updateReputation(registryDb, cardId, false, Date.now() - startMs);
-        try {
-          insertRequestLog(registryDb, {
-            id: randomUUID3(),
-            card_id: cardId,
-            card_name: cardName,
-            skill_id: resolvedSkillId,
-            requester,
-            status: "failure",
-            latency_ms: Date.now() - startMs,
-            credits_charged: 0,
-            created_at: (/* @__PURE__ */ new Date()).toISOString()
-          });
-        } catch {
-        }
-        const message = err instanceof Error ? err.message : "Execution error";
-        return reply.send({
-          jsonrpc: "2.0",
-          id,
-          error: {
-            code: -32603,
-            message,
-            ...isRemoteEscrow ? { data: { receipt_released: true } } : {}
-          }
-        });
-      }
-      if (!execResult.success) {
-        if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
-        updateReputation(registryDb, cardId, false, execResult.latency_ms);
-        try {
-          insertRequestLog(registryDb, {
-            id: randomUUID3(),
-            card_id: cardId,
-            card_name: cardName,
-            skill_id: resolvedSkillId,
-            requester,
-            status: "failure",
-            latency_ms: execResult.latency_ms,
-            credits_charged: 0,
-            created_at: (/* @__PURE__ */ new Date()).toISOString()
-          });
-        } catch {
-        }
-        return reply.send({
-          jsonrpc: "2.0",
-          id,
-          error: {
-            code: -32603,
-            message: execResult.error ?? "Execution failed",
-            ...isRemoteEscrow ? { data: { receipt_released: true } } : {}
-          }
-        });
-      }
-      if (isRemoteEscrow && receipt) {
-        settleProviderEarning(creditDb, card.owner, receipt);
-      } else if (escrowId) {
-        settleEscrow(creditDb, escrowId, card.owner);
-      }
-      updateReputation(registryDb, cardId, true, execResult.latency_ms);
-      try {
-        insertRequestLog(registryDb, {
-          id: randomUUID3(),
-          card_id: cardId,
-          card_name: cardName,
-          skill_id: resolvedSkillId,
-          requester,
-          status: "success",
-          latency_ms: execResult.latency_ms,
-          credits_charged: creditsNeeded,
-          created_at: (/* @__PURE__ */ new Date()).toISOString()
-        });
-      } catch {
-      }
-      const successResult = isRemoteEscrow ? { ...typeof execResult.result === "object" && execResult.result !== null ? execResult.result : { data: execResult.result }, receipt_settled: true, receipt_nonce: receipt.nonce } : execResult.result;
-      return reply.send({ jsonrpc: "2.0", id, result: successResult });
-    }
-    const controller = new AbortController();
-    const timer = setTimeout(() => controller.abort(), timeoutMs);
-    try {
-      const response = await fetch(handlerUrl, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ card_id: cardId, skill_id: resolvedSkillId, params }),
-        signal: controller.signal
-      });
-      clearTimeout(timer);
-      if (!response.ok) {
-        if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
-        updateReputation(registryDb, cardId, false, Date.now() - startMs);
-        try {
-          insertRequestLog(registryDb, {
-            id: randomUUID3(),
-            card_id: cardId,
-            card_name: cardName,
-            skill_id: resolvedSkillId,
-            requester,
-            status: "failure",
-            latency_ms: Date.now() - startMs,
-            credits_charged: 0,
-            created_at: (/* @__PURE__ */ new Date()).toISOString()
-          });
-        } catch {
-        }
-        return reply.send({
-          jsonrpc: "2.0",
-          id,
-          error: {
-            code: -32603,
-            message: `Handler returned ${response.status}`,
-            ...isRemoteEscrow ? { data: { receipt_released: true } } : {}
-          }
-        });
-      }
-      const result = await response.json();
-      if (isRemoteEscrow && receipt) {
-        settleProviderEarning(creditDb, card.owner, receipt);
-      } else if (escrowId) {
-        settleEscrow(creditDb, escrowId, card.owner);
-      }
-      updateReputation(registryDb, cardId, true, Date.now() - startMs);
-      try {
-        insertRequestLog(registryDb, {
-          id: randomUUID3(),
-          card_id: cardId,
-          card_name: cardName,
-          skill_id: resolvedSkillId,
-          requester,
-          status: "success",
-          latency_ms: Date.now() - startMs,
-          credits_charged: creditsNeeded,
-          created_at: (/* @__PURE__ */ new Date()).toISOString()
-        });
-      } catch {
-      }
-      const successResult = isRemoteEscrow ? { ...typeof result === "object" && result !== null ? result : { data: result }, receipt_settled: true, receipt_nonce: receipt.nonce } : result;
-      return reply.send({ jsonrpc: "2.0", id, result: successResult });
-    } catch (err) {
-      clearTimeout(timer);
-      if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
-      updateReputation(registryDb, cardId, false, Date.now() - startMs);
-      const isTimeout = err instanceof Error && err.name === "AbortError";
-      try {
-        insertRequestLog(registryDb, {
-          id: randomUUID3(),
-          card_id: cardId,
-          card_name: cardName,
-          skill_id: resolvedSkillId,
-          requester,
-          status: isTimeout ? "timeout" : "failure",
-          latency_ms: Date.now() - startMs,
-          credits_charged: 0,
-          created_at: (/* @__PURE__ */ new Date()).toISOString()
-        });
-      } catch {
-      }
-      return reply.send({
-        jsonrpc: "2.0",
-        id,
-        error: {
-          code: -32603,
-          message: isTimeout ? "Execution timeout" : "Handler error",
-          ...isRemoteEscrow ? { data: { receipt_released: true } } : {}
-        }
-      });
+      return reply.send({ jsonrpc: "2.0", id, error: result.error });
     }
   });
   return fastify;
@@ -1992,6 +1954,27 @@ async function requestCapability(opts) {
   }
   return body.result;
 }
+async function requestViaRelay(relay, opts) {
+  try {
+    return await relay.request({
+      targetOwner: opts.targetOwner,
+      cardId: opts.cardId,
+      skillId: opts.skillId,
+      params: opts.params ?? {},
+      escrowReceipt: opts.escrowReceipt,
+      timeoutMs: opts.timeoutMs
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    if (message.includes("timeout")) {
+      throw new AgentBnBError(message, "TIMEOUT");
+    }
+    if (message.includes("offline")) {
+      throw new AgentBnBError(message, "AGENT_OFFLINE");
+    }
+    throw new AgentBnBError(message, "RELAY_ERROR");
+  }
+}
 // src/autonomy/tiers.ts
 import { randomUUID as randomUUID6 } from "crypto";
@@ -2007,6 +1990,22 @@ import { join as join3 } from "path";
 import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync, existsSync as existsSync2 } from "fs";
 import { homedir } from "os";
 import { join as join2 } from "path";
+function getConfigDir() {
+  return process.env["AGENTBNB_DIR"] ?? join2(homedir(), ".agentbnb");
+}
+function getConfigPath() {
+  return join2(getConfigDir(), "config.json");
+}
+function loadConfig() {
+  const configPath = getConfigPath();
+  if (!existsSync2(configPath)) return null;
+  try {
+    const raw = readFileSync2(configPath, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
 // src/autonomy/auto-request.ts
 function minMaxNormalize(values) {
@@ -2535,7 +2534,1223 @@ function createSignedEscrowReceipt(db, privateKey, publicKey, opts) {
   };
   return { escrowId, receipt };
 }
+// src/identity/identity.ts
+import { z as z4 } from "zod";
+import { createHash } from "crypto";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, existsSync as existsSync4, mkdirSync as mkdirSync3 } from "fs";
+import { join as join4 } from "path";
+var AgentIdentitySchema = z4.object({
+  /** Deterministic ID derived from public key: sha256(hex).slice(0, 16). */
+  agent_id: z4.string().min(1),
+  /** Human-readable owner name (from config or init). */
+  owner: z4.string().min(1),
+  /** Hex-encoded Ed25519 public key. */
+  public_key: z4.string().min(1),
+  /** ISO 8601 timestamp of identity creation. */
+  created_at: z4.string().datetime(),
+  /** Optional guarantor info if linked to a human. */
+  guarantor: z4.object({
+    github_login: z4.string().min(1),
+    verified_at: z4.string().datetime()
+  }).optional()
+});
+var AgentCertificateSchema = z4.object({
+  identity: AgentIdentitySchema,
+  /** ISO 8601 timestamp of certificate issuance. */
+  issued_at: z4.string().datetime(),
+  /** ISO 8601 timestamp of certificate expiry. */
+  expires_at: z4.string().datetime(),
+  /** Hex-encoded public key of the issuer (same as identity for self-signed). */
+  issuer_public_key: z4.string().min(1),
+  /** Base64url Ed25519 signature over { identity, issued_at, expires_at, issuer_public_key }. */
+  signature: z4.string().min(1)
+});
+var IDENTITY_FILENAME = "identity.json";
+function deriveAgentId(publicKeyHex) {
+  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
+}
+function createIdentity(configDir, owner) {
+  if (!existsSync4(configDir)) {
+    mkdirSync3(configDir, { recursive: true });
+  }
+  let keys;
+  try {
+    keys = loadKeyPair(configDir);
+  } catch {
+    keys = generateKeyPair();
+    saveKeyPair(configDir, keys);
+  }
+  const publicKeyHex = keys.publicKey.toString("hex");
+  const agentId = deriveAgentId(publicKeyHex);
+  const identity = {
+    agent_id: agentId,
+    owner,
+    public_key: publicKeyHex,
+    created_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  saveIdentity(configDir, identity);
+  return identity;
+}
+function loadIdentity(configDir) {
+  const filePath = join4(configDir, IDENTITY_FILENAME);
+  if (!existsSync4(filePath)) return null;
+  try {
+    const raw = readFileSync4(filePath, "utf-8");
+    return AgentIdentitySchema.parse(JSON.parse(raw));
+  } catch {
+    return null;
+  }
+}
+function saveIdentity(configDir, identity) {
+  if (!existsSync4(configDir)) {
+    mkdirSync3(configDir, { recursive: true });
+  }
+  const filePath = join4(configDir, IDENTITY_FILENAME);
+  writeFileSync4(filePath, JSON.stringify(identity, null, 2), "utf-8");
+}
+function issueAgentCertificate(identity, privateKey) {
+  const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const expiresAt = new Date(Date.now() + 365 * 24 * 60 * 60 * 1e3).toISOString();
+  const payload = {
+    identity,
+    issued_at: issuedAt,
+    expires_at: expiresAt,
+    issuer_public_key: identity.public_key
+  };
+  const signature = signEscrowReceipt(payload, privateKey);
+  return {
+    identity,
+    issued_at: issuedAt,
+    expires_at: expiresAt,
+    issuer_public_key: identity.public_key,
+    signature
+  };
+}
+function verifyAgentCertificate(cert) {
+  if (new Date(cert.expires_at) < /* @__PURE__ */ new Date()) {
+    return false;
+  }
+  const publicKeyHex = cert.issuer_public_key;
+  const publicKeyBuf = Buffer.from(publicKeyHex, "hex");
+  const payload = {
+    identity: cert.identity,
+    issued_at: cert.issued_at,
+    expires_at: cert.expires_at,
+    issuer_public_key: cert.issuer_public_key
+  };
+  return verifyEscrowReceipt(payload, cert.signature, publicKeyBuf);
+}
+function ensureIdentity(configDir, owner) {
+  const existing = loadIdentity(configDir);
+  if (existing) return existing;
+  return createIdentity(configDir, owner);
+}
+// src/sdk/consumer.ts
+var AgentBnBConsumer = class {
+  configDir;
+  identity = null;
+  keys = null;
+  creditDb = null;
+  constructor(opts) {
+    this.configDir = opts?.configDir ?? getConfigDir();
+  }
+  /**
+   * Loads agent identity and keypair from disk.
+   * Creates identity if none exists (uses owner from config.json or generates one).
+   *
+   * @returns The loaded AgentIdentity.
+   * @throws {AgentBnBError} if keypair is missing and cannot be created.
+   */
+  authenticate() {
+    const config = loadConfig();
+    const owner = config?.owner ?? `agent-${Date.now().toString(36)}`;
+    this.identity = ensureIdentity(this.configDir, owner);
+    this.keys = loadKeyPair(this.configDir);
+    return this.identity;
+  }
+  /**
+   * Returns the cached identity. Throws if not yet authenticated.
+   */
+  getIdentity() {
+    if (!this.identity) {
+      throw new AgentBnBError("Not authenticated. Call authenticate() first.", "NOT_AUTHENTICATED");
+    }
+    return this.identity;
+  }
+  /**
+   * Requests a capability from a remote agent with full escrow lifecycle.
+   *
+   * 1. Creates a signed escrow receipt (holds credits locally)
+   * 2. Sends the request to the target gateway
+   * 3. Settles escrow on success, releases on failure
+   *
+   * @param opts - Request options including target, card, credits, and params.
+   * @returns The result from the capability execution.
+   * @throws {AgentBnBError} on insufficient credits, network error, or RPC error.
+   */
+  async request(opts) {
+    const identity = this.getIdentity();
+    if (!this.keys) {
+      throw new AgentBnBError("Keypair not loaded. Call authenticate() first.", "NOT_AUTHENTICATED");
+    }
+    const db = this.getCreditDb();
+    const { escrowId, receipt } = createSignedEscrowReceipt(
+      db,
+      this.keys.privateKey,
+      this.keys.publicKey,
+      {
+        owner: identity.owner,
+        amount: opts.credits,
+        cardId: opts.cardId,
+        skillId: opts.skillId
+      }
+    );
+    try {
+      const result = await requestCapability({
+        gatewayUrl: opts.gatewayUrl,
+        token: opts.token,
+        cardId: opts.cardId,
+        params: opts.params,
+        timeoutMs: opts.timeoutMs,
+        escrowReceipt: receipt
+      });
+      settleRequesterEscrow(db, escrowId);
+      return result;
+    } catch (err) {
+      releaseRequesterEscrow(db, escrowId);
+      throw err;
+    }
+  }
+  /**
+   * Returns the current credit balance for this agent.
+   */
+  getBalance() {
+    const identity = this.getIdentity();
+    const db = this.getCreditDb();
+    return getBalance(db, identity.owner);
+  }
+  /**
+   * Returns basic reputation data from the local credit database.
+   * Note: success_rate is computed from local request history only.
+   */
+  getReputation() {
+    const identity = this.getIdentity();
+    const db = this.getCreditDb();
+    const stmt = db.prepare(`
+      SELECT
+        COUNT(*) as total,
+        SUM(CASE WHEN status = 'settled' THEN 1 ELSE 0 END) as settled
+      FROM credit_escrow
+      WHERE owner = ?
+    `);
+    const row = stmt.get(identity.owner);
+    const total = row?.total ?? 0;
+    const settled = row?.settled ?? 0;
+    return {
+      success_rate: total > 0 ? settled / total : 1,
+      total_requests: total
+    };
+  }
+  /**
+   * Closes the credit database connection. Call when done.
+   */
+  close() {
+    if (this.creditDb) {
+      this.creditDb.close();
+      this.creditDb = null;
+    }
+  }
+  /** Lazily opens and caches the credit database. */
+  getCreditDb() {
+    if (!this.creditDb) {
+      const config = loadConfig();
+      const creditDbPath = config?.credit_db_path ?? `${this.configDir}/credit.db`;
+      this.creditDb = openCreditDb(creditDbPath);
+    }
+    return this.creditDb;
+  }
+};
+// src/sdk/provider.ts
+var AgentBnBProvider = class {
+  configDir;
+  identity = null;
+  registryDb = null;
+  creditDb = null;
+  gateway = null;
+  constructor(opts) {
+    this.configDir = opts?.configDir ?? getConfigDir();
+  }
+  /**
+   * Loads agent identity from disk.
+   * Creates identity if none exists.
+   *
+   * @returns The loaded AgentIdentity.
+   */
+  authenticate() {
+    const config = loadConfig();
+    const owner = config?.owner ?? `agent-${Date.now().toString(36)}`;
+    this.identity = ensureIdentity(this.configDir, owner);
+    return this.identity;
+  }
+  /**
+   * Returns the cached identity. Throws if not yet authenticated.
+   */
+  getIdentity() {
+    if (!this.identity) {
+      throw new AgentBnBError("Not authenticated. Call authenticate() first.", "NOT_AUTHENTICATED");
+    }
+    return this.identity;
+  }
+  /**
+   * Starts the gateway server to share capabilities.
+   *
+   * @param opts - Optional port and host configuration.
+   * @returns Context with the gateway server and port.
+   */
+  async startSharing(opts) {
+    this.getIdentity();
+    const config = loadConfig();
+    const port = opts?.port ?? config?.gateway_port ?? 7700;
+    const host = opts?.host ?? "0.0.0.0";
+    const registryDb = this.getRegistryDb();
+    const creditDb = this.getCreditDb();
+    const token = config?.token ?? "";
+    const gateway = createGatewayServer({
+      registryDb,
+      creditDb,
+      tokens: [token],
+      handlerUrl: `http://localhost:${port}`,
+      silent: true
+    });
+    await gateway.listen({ port, host });
+    this.gateway = gateway;
+    return { gateway, port };
+  }
+  /**
+   * Stops the gateway server.
+   */
+  async stopSharing() {
+    if (this.gateway) {
+      await this.gateway.close();
+      this.gateway = null;
+    }
+  }
+  /**
+   * Returns all capability cards owned by this agent.
+   */
+  listCapabilities() {
+    const identity = this.getIdentity();
+    const db = this.getRegistryDb();
+    return listCards(db, identity.owner);
+  }
+  /**
+   * Returns the current credit balance for this agent.
+   */
+  getBalance() {
+    const identity = this.getIdentity();
+    const db = this.getCreditDb();
+    return getBalance(db, identity.owner);
+  }
+  /**
+   * Closes all database connections and stops the gateway. Call when done.
+   */
+  async close() {
+    await this.stopSharing();
+    if (this.registryDb) {
+      this.registryDb.close();
+      this.registryDb = null;
+    }
+    if (this.creditDb) {
+      this.creditDb.close();
+      this.creditDb = null;
+    }
+  }
+  /** Lazily opens and caches the registry database. */
+  getRegistryDb() {
+    if (!this.registryDb) {
+      const config = loadConfig();
+      const dbPath = config?.db_path ?? `${this.configDir}/registry.db`;
+      this.registryDb = openDatabase(dbPath);
+    }
+    return this.registryDb;
+  }
+  /** Lazily opens and caches the credit database. */
+  getCreditDb() {
+    if (!this.creditDb) {
+      const config = loadConfig();
+      const creditDbPath = config?.credit_db_path ?? `${this.configDir}/credit.db`;
+      this.creditDb = openCreditDb(creditDbPath);
+    }
+    return this.creditDb;
+  }
+};
+// src/identity/guarantor.ts
+import { z as z5 } from "zod";
+import { randomUUID as randomUUID9 } from "crypto";
+var MAX_AGENTS_PER_GUARANTOR = 10;
+var GUARANTOR_CREDIT_POOL = 50;
+var GuarantorRecordSchema = z5.object({
+  id: z5.string().uuid(),
+  github_login: z5.string().min(1),
+  agent_count: z5.number().int().nonnegative(),
+  credit_pool: z5.number().int().nonnegative(),
+  created_at: z5.string().datetime()
+});
+var GUARANTOR_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS guarantors (
+    id TEXT PRIMARY KEY,
+    github_login TEXT UNIQUE NOT NULL,
+    agent_count INTEGER NOT NULL DEFAULT 0,
+    credit_pool INTEGER NOT NULL DEFAULT ${GUARANTOR_CREDIT_POOL},
+    created_at TEXT NOT NULL
+  );
+  CREATE TABLE IF NOT EXISTS agent_guarantors (
+    agent_id TEXT PRIMARY KEY,
+    guarantor_id TEXT NOT NULL,
+    linked_at TEXT NOT NULL,
+    FOREIGN KEY (guarantor_id) REFERENCES guarantors(id)
+  );
+`;
+function ensureGuarantorTables(db) {
+  db.exec(GUARANTOR_SCHEMA);
+}
+function registerGuarantor(db, githubLogin) {
+  ensureGuarantorTables(db);
+  const existing = db.prepare("SELECT * FROM guarantors WHERE github_login = ?").get(githubLogin);
+  if (existing) {
+    throw new AgentBnBError(
+      `Guarantor already registered: ${githubLogin}`,
+      "GUARANTOR_EXISTS"
+    );
+  }
+  const record = {
+    id: randomUUID9(),
+    github_login: githubLogin,
+    agent_count: 0,
+    credit_pool: GUARANTOR_CREDIT_POOL,
+    created_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  db.prepare(
+    "INSERT INTO guarantors (id, github_login, agent_count, credit_pool, created_at) VALUES (?, ?, ?, ?, ?)"
+  ).run(record.id, record.github_login, record.agent_count, record.credit_pool, record.created_at);
+  return record;
+}
+function linkAgentToGuarantor(db, agentId, githubLogin) {
+  ensureGuarantorTables(db);
+  const guarantor = db.prepare("SELECT * FROM guarantors WHERE github_login = ?").get(githubLogin);
+  if (!guarantor) {
+    throw new AgentBnBError(
+      `Guarantor not found: ${githubLogin}`,
+      "GUARANTOR_NOT_FOUND"
+    );
+  }
+  if (guarantor["agent_count"] >= MAX_AGENTS_PER_GUARANTOR) {
+    throw new AgentBnBError(
+      `Maximum agents per guarantor reached (${MAX_AGENTS_PER_GUARANTOR})`,
+      "MAX_AGENTS_EXCEEDED"
+    );
+  }
+  const existingLink = db.prepare("SELECT * FROM agent_guarantors WHERE agent_id = ?").get(agentId);
+  if (existingLink) {
+    throw new AgentBnBError(
+      `Agent ${agentId} is already linked to a guarantor`,
+      "AGENT_ALREADY_LINKED"
+    );
+  }
+  db.transaction(() => {
+    db.prepare("INSERT INTO agent_guarantors (agent_id, guarantor_id, linked_at) VALUES (?, ?, ?)").run(
+      agentId,
+      guarantor["id"],
+      (/* @__PURE__ */ new Date()).toISOString()
+    );
+    db.prepare("UPDATE guarantors SET agent_count = agent_count + 1 WHERE id = ?").run(guarantor["id"]);
+  })();
+  return getGuarantor(db, githubLogin);
+}
+function getGuarantor(db, githubLogin) {
+  ensureGuarantorTables(db);
+  const row = db.prepare("SELECT * FROM guarantors WHERE github_login = ?").get(githubLogin);
+  if (!row) return null;
+  return {
+    id: row["id"],
+    github_login: row["github_login"],
+    agent_count: row["agent_count"],
+    credit_pool: row["credit_pool"],
+    created_at: row["created_at"]
+  };
+}
+function getAgentGuarantor(db, agentId) {
+  ensureGuarantorTables(db);
+  const link = db.prepare(
+    `SELECT g.* FROM guarantors g
+       JOIN agent_guarantors ag ON ag.guarantor_id = g.id
+       WHERE ag.agent_id = ?`
+  ).get(agentId);
+  if (!link) return null;
+  return {
+    id: link["id"],
+    github_login: link["github_login"],
+    agent_count: link["agent_count"],
+    credit_pool: link["credit_pool"],
+    created_at: link["created_at"]
+  };
+}
+function initiateGithubAuth() {
+  return {
+    auth_url: "https://github.com/login/oauth/authorize?client_id=PLACEHOLDER&scope=read:user",
+    state: randomUUID9()
+  };
+}
+// src/relay/types.ts
+import { z as z6 } from "zod";
+var RegisterMessageSchema = z6.object({
+  type: z6.literal("register"),
+  owner: z6.string().min(1),
+  token: z6.string().min(1),
+  card: z6.record(z6.unknown())
+  // CapabilityCard (validated separately)
+});
+var RegisteredMessageSchema = z6.object({
+  type: z6.literal("registered"),
+  agent_id: z6.string()
+});
+var RelayRequestMessageSchema = z6.object({
+  type: z6.literal("relay_request"),
+  id: z6.string().uuid(),
+  target_owner: z6.string().min(1),
+  card_id: z6.string(),
+  skill_id: z6.string().optional(),
+  params: z6.record(z6.unknown()).default({}),
+  requester: z6.string().optional(),
+  escrow_receipt: z6.record(z6.unknown()).optional()
+});
+var IncomingRequestMessageSchema = z6.object({
+  type: z6.literal("incoming_request"),
+  id: z6.string().uuid(),
+  from_owner: z6.string().min(1),
+  card_id: z6.string(),
+  skill_id: z6.string().optional(),
+  params: z6.record(z6.unknown()).default({}),
+  requester: z6.string().optional(),
+  escrow_receipt: z6.record(z6.unknown()).optional()
+});
+var RelayResponseMessageSchema = z6.object({
+  type: z6.literal("relay_response"),
+  id: z6.string().uuid(),
+  result: z6.unknown().optional(),
+  error: z6.object({
+    code: z6.number(),
+    message: z6.string()
+  }).optional()
+});
+var ResponseMessageSchema = z6.object({
+  type: z6.literal("response"),
+  id: z6.string().uuid(),
+  result: z6.unknown().optional(),
+  error: z6.object({
+    code: z6.number(),
+    message: z6.string()
+  }).optional()
+});
+var ErrorMessageSchema = z6.object({
+  type: z6.literal("error"),
+  code: z6.string(),
+  message: z6.string(),
+  request_id: z6.string().optional()
+});
+var RelayMessageSchema = z6.discriminatedUnion("type", [
+  RegisterMessageSchema,
+  RegisteredMessageSchema,
+  RelayRequestMessageSchema,
+  IncomingRequestMessageSchema,
+  RelayResponseMessageSchema,
+  ResponseMessageSchema,
+  ErrorMessageSchema
+]);
+// src/relay/websocket-relay.ts
+import { randomUUID as randomUUID10 } from "crypto";
+var RATE_LIMIT_MAX = 60;
+var RATE_LIMIT_WINDOW_MS = 6e4;
+var RELAY_TIMEOUT_MS = 3e4;
+function registerWebSocketRelay(server, db) {
+  const connections = /* @__PURE__ */ new Map();
+  const pendingRequests = /* @__PURE__ */ new Map();
+  const rateLimits = /* @__PURE__ */ new Map();
+  function checkRateLimit(owner) {
+    const now = Date.now();
+    const entry = rateLimits.get(owner);
+    if (!entry || now >= entry.resetTime) {
+      rateLimits.set(owner, { count: 1, resetTime: now + RATE_LIMIT_WINDOW_MS });
+      return true;
+    }
+    if (entry.count >= RATE_LIMIT_MAX) {
+      return false;
+    }
+    entry.count++;
+    return true;
+  }
+  function markOwnerOffline(owner) {
+    try {
+      const stmt = db.prepare("SELECT id, data FROM capability_cards WHERE owner = ?");
+      const rows = stmt.all(owner);
+      for (const row of rows) {
+        try {
+          const card = JSON.parse(row.data);
+          if (card.availability?.online) {
+            card.availability.online = false;
+            card.updated_at = (/* @__PURE__ */ new Date()).toISOString();
+            const updateStmt = db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?");
+            updateStmt.run(JSON.stringify(card), card.updated_at, row.id);
+          }
+        } catch {
+        }
+      }
+    } catch {
+    }
+  }
+  function markOwnerOnline(owner) {
+    try {
+      const stmt = db.prepare("SELECT id, data FROM capability_cards WHERE owner = ?");
+      const rows = stmt.all(owner);
+      for (const row of rows) {
+        try {
+          const card = JSON.parse(row.data);
+          card.availability = { ...card.availability, online: true };
+          card.updated_at = (/* @__PURE__ */ new Date()).toISOString();
+          const updateStmt = db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?");
+          updateStmt.run(JSON.stringify(card), card.updated_at, row.id);
+        } catch {
+        }
+      }
+    } catch {
+    }
+  }
+  function upsertCard(cardData, owner) {
+    const cardId = cardData.id;
+    const existing = getCard(db, cardId);
+    if (existing) {
+      const updates = { ...cardData, availability: { ...cardData.availability ?? {}, online: true } };
+      updateCard(db, cardId, owner, updates);
+    } else {
+      const card = { ...cardData, availability: { ...cardData.availability ?? {}, online: true } };
+      insertCard(db, card);
+    }
+    return cardId;
+  }
+  function logAgentJoined(owner, cardName, cardId) {
+    try {
+      insertRequestLog(db, {
+        id: randomUUID10(),
+        card_id: cardId,
+        card_name: cardName,
+        requester: owner,
+        status: "success",
+        latency_ms: 0,
+        credits_charged: 0,
+        created_at: (/* @__PURE__ */ new Date()).toISOString(),
+        action_type: "agent_joined"
+      });
+    } catch {
+    }
+  }
+  function sendMessage(ws, msg) {
+    if (ws.readyState === 1) {
+      ws.send(JSON.stringify(msg));
+    }
+  }
+  function handleRegister(ws, msg) {
+    const { owner, card } = msg;
+    const existing = connections.get(owner);
+    if (existing && existing !== ws) {
+      try {
+        existing.close(1e3, "Replaced by new connection");
+      } catch {
+      }
+    }
+    connections.set(owner, ws);
+    const cardId = upsertCard(card, owner);
+    const cardName = card.name ?? card.agent_name ?? owner;
+    logAgentJoined(owner, cardName, cardId);
+    markOwnerOnline(owner);
+    sendMessage(ws, { type: "registered", agent_id: cardId });
+  }
+  function handleRelayRequest(ws, msg, fromOwner) {
+    if (!checkRateLimit(fromOwner)) {
+      sendMessage(ws, {
+        type: "error",
+        code: "rate_limited",
+        message: `Rate limit exceeded: max ${RATE_LIMIT_MAX} requests per minute`,
+        request_id: msg.id
+      });
+      return;
+    }
+    const targetWs = connections.get(msg.target_owner);
+    if (!targetWs || targetWs.readyState !== 1) {
+      sendMessage(ws, {
+        type: "response",
+        id: msg.id,
+        error: { code: -32603, message: `Agent offline: ${msg.target_owner}` }
+      });
+      return;
+    }
+    const timeout = setTimeout(() => {
+      pendingRequests.delete(msg.id);
+      sendMessage(ws, {
+        type: "response",
+        id: msg.id,
+        error: { code: -32603, message: "Relay request timeout" }
+      });
+    }, RELAY_TIMEOUT_MS);
+    pendingRequests.set(msg.id, { originOwner: fromOwner, timeout });
+    sendMessage(targetWs, {
+      type: "incoming_request",
+      id: msg.id,
+      from_owner: fromOwner,
+      card_id: msg.card_id,
+      skill_id: msg.skill_id,
+      params: msg.params,
+      requester: msg.requester ?? fromOwner,
+      escrow_receipt: msg.escrow_receipt
+    });
+  }
+  function handleRelayResponse(msg) {
+    const pending = pendingRequests.get(msg.id);
+    if (!pending) return;
+    clearTimeout(pending.timeout);
+    pendingRequests.delete(msg.id);
+    const originWs = connections.get(pending.originOwner);
+    if (originWs && originWs.readyState === 1) {
+      sendMessage(originWs, {
+        type: "response",
+        id: msg.id,
+        result: msg.result,
+        error: msg.error
+      });
+    }
+  }
+  function handleDisconnect(owner) {
+    if (!owner) return;
+    connections.delete(owner);
+    rateLimits.delete(owner);
+    markOwnerOffline(owner);
+    for (const [reqId, pending] of pendingRequests) {
+      if (pending.originOwner === owner) {
+        clearTimeout(pending.timeout);
+        pendingRequests.delete(reqId);
+      }
+    }
+  }
+  server.get("/ws", { websocket: true }, (rawSocket, _request) => {
+    const socket = rawSocket;
+    let registeredOwner;
+    socket.on("message", (raw) => {
+      let data;
+      try {
+        data = JSON.parse(typeof raw === "string" ? raw : raw.toString("utf-8"));
+      } catch {
+        sendMessage(socket, { type: "error", code: "invalid_json", message: "Invalid JSON" });
+        return;
+      }
+      const parsed = RelayMessageSchema.safeParse(data);
+      if (!parsed.success) {
+        sendMessage(socket, {
+          type: "error",
+          code: "invalid_message",
+          message: `Invalid message: ${parsed.error.issues[0]?.message ?? "unknown error"}`
+        });
+        return;
+      }
+      const msg = parsed.data;
+      switch (msg.type) {
+        case "register":
+          registeredOwner = msg.owner;
+          handleRegister(socket, msg);
+          break;
+        case "relay_request":
+          if (!registeredOwner) {
+            sendMessage(socket, {
+              type: "error",
+              code: "not_registered",
+              message: "Must send register message before relay requests"
+            });
+            return;
+          }
+          handleRelayRequest(socket, msg, registeredOwner);
+          break;
+        case "relay_response":
+          handleRelayResponse(msg);
+          break;
+        default:
+          break;
+      }
+    });
+    socket.on("close", () => {
+      handleDisconnect(registeredOwner);
+    });
+    socket.on("error", () => {
+      handleDisconnect(registeredOwner);
+    });
+  });
+  return {
+    getOnlineCount: () => connections.size,
+    getOnlineOwners: () => Array.from(connections.keys()),
+    shutdown: () => {
+      for (const [, ws] of connections) {
+        try {
+          ws.close(1001, "Server shutting down");
+        } catch {
+        }
+      }
+      connections.clear();
+      for (const [, pending] of pendingRequests) {
+        clearTimeout(pending.timeout);
+      }
+      pendingRequests.clear();
+      rateLimits.clear();
+    }
+  };
+}
+// src/relay/websocket-client.ts
+import WebSocket from "ws";
+import { randomUUID as randomUUID11 } from "crypto";
+var RelayClient = class {
+  ws = null;
+  opts;
+  pendingRequests = /* @__PURE__ */ new Map();
+  reconnectAttempts = 0;
+  reconnectTimer = null;
+  intentionalClose = false;
+  registered = false;
+  pongTimeout = null;
+  pingInterval = null;
+  constructor(opts) {
+    this.opts = opts;
+  }
+  /**
+   * Connect to the registry relay and register.
+   * Resolves when registration is acknowledged.
+   */
+  async connect() {
+    return new Promise((resolve, reject) => {
+      this.intentionalClose = false;
+      this.registered = false;
+      const wsUrl = this.buildWsUrl();
+      this.ws = new WebSocket(wsUrl);
+      let resolved = false;
+      this.ws.on("open", () => {
+        this.reconnectAttempts = 0;
+        this.startPingInterval();
+        this.send({
+          type: "register",
+          owner: this.opts.owner,
+          token: this.opts.token,
+          card: this.opts.card
+        });
+      });
+      this.ws.on("message", (raw) => {
+        this.handleMessage(raw, (err) => {
+          if (!resolved) {
+            resolved = true;
+            if (err) reject(err);
+            else resolve();
+          }
+        });
+      });
+      this.ws.on("close", () => {
+        this.cleanup();
+        if (!this.intentionalClose) {
+          if (!resolved) {
+            resolved = true;
+            reject(new Error("WebSocket closed before registration"));
+          }
+          this.scheduleReconnect();
+        }
+      });
+      this.ws.on("error", (err) => {
+        if (!resolved) {
+          resolved = true;
+          reject(err);
+        }
+      });
+      setTimeout(() => {
+        if (!resolved) {
+          resolved = true;
+          reject(new Error("Connection timeout"));
+          this.ws?.close();
+        }
+      }, 1e4);
+    });
+  }
+  /**
+   * Disconnect from the registry relay.
+   */
+  disconnect() {
+    this.intentionalClose = true;
+    this.cleanup();
+    if (this.ws) {
+      try {
+        this.ws.close(1e3, "Client disconnect");
+      } catch {
+      }
+      this.ws = null;
+    }
+    for (const [id, pending] of this.pendingRequests) {
+      clearTimeout(pending.timeout);
+      pending.reject(new Error("Client disconnected"));
+      this.pendingRequests.delete(id);
+    }
+  }
+  /**
+   * Send a relay request to another agent via the registry.
+   * @returns The result from the target agent.
+   */
+  async request(opts) {
+    if (!this.ws || this.ws.readyState !== WebSocket.OPEN || !this.registered) {
+      throw new Error("Not connected to registry relay");
+    }
+    const id = randomUUID11();
+    const timeoutMs = opts.timeoutMs ?? 3e4;
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pendingRequests.delete(id);
+        reject(new Error("Relay request timeout"));
+      }, timeoutMs);
+      this.pendingRequests.set(id, { resolve, reject, timeout });
+      this.send({
+        type: "relay_request",
+        id,
+        target_owner: opts.targetOwner,
+        card_id: opts.cardId,
+        skill_id: opts.skillId,
+        params: opts.params,
+        requester: opts.requester ?? this.opts.owner,
+        escrow_receipt: opts.escrowReceipt
+      });
+    });
+  }
+  /** Whether the client is connected and registered */
+  get isConnected() {
+    return this.ws !== null && this.ws.readyState === WebSocket.OPEN && this.registered;
+  }
+  // ── Private methods ─────────────────────────────────────────────────────────
+  buildWsUrl() {
+    let url = this.opts.registryUrl;
+    if (url.startsWith("http://")) {
+      url = "ws://" + url.slice(7);
+    } else if (url.startsWith("https://")) {
+      url = "wss://" + url.slice(8);
+    } else if (!url.startsWith("ws://") && !url.startsWith("wss://")) {
+      url = "wss://" + url;
+    }
+    if (!url.endsWith("/ws")) {
+      url = url.replace(/\/$/, "") + "/ws";
+    }
+    return url;
+  }
+  handleMessage(raw, onRegistered) {
+    let data;
+    try {
+      data = JSON.parse(typeof raw === "string" ? raw : raw.toString("utf-8"));
+    } catch {
+      return;
+    }
+    const parsed = RelayMessageSchema.safeParse(data);
+    if (!parsed.success) return;
+    const msg = parsed.data;
+    switch (msg.type) {
+      case "registered":
+        this.registered = true;
+        if (!this.opts.silent) {
+          console.log(`  \u2713 Registered with registry (agent_id: ${msg.agent_id})`);
+        }
+        onRegistered?.();
+        break;
+      case "incoming_request":
+        this.handleIncomingRequest(msg);
+        break;
+      case "response":
+        this.handleResponse(msg);
+        break;
+      case "error":
+        this.handleError(msg);
+        break;
+      default:
+        break;
+    }
+  }
+  async handleIncomingRequest(msg) {
+    try {
+      const result = await this.opts.onRequest(msg);
+      this.send({
+        type: "relay_response",
+        id: msg.id,
+        result: result.result,
+        error: result.error
+      });
+    } catch (err) {
+      this.send({
+        type: "relay_response",
+        id: msg.id,
+        error: {
+          code: -32603,
+          message: err instanceof Error ? err.message : "Internal error"
+        }
+      });
+    }
+  }
+  handleResponse(msg) {
+    const pending = this.pendingRequests.get(msg.id);
+    if (!pending) return;
+    clearTimeout(pending.timeout);
+    this.pendingRequests.delete(msg.id);
+    if (msg.error) {
+      pending.reject(new Error(msg.error.message));
+    } else {
+      pending.resolve(msg.result);
+    }
+  }
+  handleError(msg) {
+    if (msg.request_id) {
+      const pending = this.pendingRequests.get(msg.request_id);
+      if (pending) {
+        clearTimeout(pending.timeout);
+        this.pendingRequests.delete(msg.request_id);
+        pending.reject(new Error(`${msg.code}: ${msg.message}`));
+      }
+    }
+  }
+  send(msg) {
+    if (this.ws && this.ws.readyState === WebSocket.OPEN) {
+      this.ws.send(JSON.stringify(msg));
+    }
+  }
+  startPingInterval() {
+    this.stopPingInterval();
+    this.pingInterval = setInterval(() => {
+      if (this.ws && this.ws.readyState === WebSocket.OPEN) {
+        this.ws.ping();
+        this.pongTimeout = setTimeout(() => {
+          if (!this.opts.silent) {
+            console.log("  \u26A0 Registry pong timeout, reconnecting...");
+          }
+          this.ws?.terminate();
+        }, 15e3);
+      }
+    }, 3e4);
+    this.ws?.on("pong", () => {
+      if (this.pongTimeout) {
+        clearTimeout(this.pongTimeout);
+        this.pongTimeout = null;
+      }
+    });
+  }
+  stopPingInterval() {
+    if (this.pingInterval) {
+      clearInterval(this.pingInterval);
+      this.pingInterval = null;
+    }
+    if (this.pongTimeout) {
+      clearTimeout(this.pongTimeout);
+      this.pongTimeout = null;
+    }
+  }
+  cleanup() {
+    this.stopPingInterval();
+    this.registered = false;
+  }
+  scheduleReconnect() {
+    if (this.intentionalClose) return;
+    if (this.reconnectTimer) return;
+    const delay = Math.min(1e3 * Math.pow(2, this.reconnectAttempts), 3e4);
+    this.reconnectAttempts++;
+    if (!this.opts.silent) {
+      console.log(`  \u21BB Reconnecting to registry in ${delay / 1e3}s...`);
+    }
+    this.reconnectTimer = setTimeout(async () => {
+      this.reconnectTimer = null;
+      try {
+        await this.connect();
+        if (!this.opts.silent) {
+          console.log("  \u2713 Reconnected to registry");
+        }
+      } catch {
+      }
+    }, delay);
+  }
+};
+// src/onboarding/index.ts
+import { randomUUID as randomUUID13 } from "crypto";
+import { existsSync as existsSync5, readFileSync as readFileSync5 } from "fs";
+import { join as join5 } from "path";
+// src/cli/onboarding.ts
+import { randomUUID as randomUUID12 } from "crypto";
+import { createConnection } from "net";
+var KNOWN_API_KEYS = [
+  "OPENAI_API_KEY",
+  "ANTHROPIC_API_KEY",
+  "ELEVENLABS_API_KEY",
+  "KLING_API_KEY",
+  "STABILITY_API_KEY",
+  "REPLICATE_API_TOKEN",
+  "GOOGLE_API_KEY",
+  "AZURE_OPENAI_API_KEY",
+  "COHERE_API_KEY",
+  "MISTRAL_API_KEY"
+];
+function detectApiKeys(knownKeys) {
+  return knownKeys.filter((key) => key in process.env);
+}
+// src/onboarding/capability-templates.ts
+var API_PATTERNS = [
+  {
+    pattern: /openai|gpt-4|gpt-3|chatgpt|dall-e/i,
+    capability: { key: "openai", name: "OpenAI Text Generation", category: "Text Gen", credits_per_call: 3, tags: ["llm", "text", "generation"] }
+  },
+  {
+    pattern: /elevenlabs|eleven.?labs/i,
+    capability: { key: "elevenlabs", name: "ElevenLabs TTS", category: "TTS", credits_per_call: 5, tags: ["tts", "audio", "voice"] }
+  },
+  {
+    pattern: /anthropic|claude/i,
+    capability: { key: "anthropic", name: "Anthropic Claude", category: "Text Gen", credits_per_call: 3, tags: ["llm", "text", "generation"] }
+  },
+  {
+    pattern: /recraft/i,
+    capability: { key: "recraft", name: "Recraft V4 Image Gen", category: "Image Gen", credits_per_call: 8, tags: ["image", "generation", "design"] }
+  },
+  {
+    pattern: /kling/i,
+    capability: { key: "kling", name: "Kling AI Video Gen", category: "Video Gen", credits_per_call: 10, tags: ["video", "generation"] }
+  },
+  {
+    pattern: /stable.?diffusion|sdxl|comfyui/i,
+    capability: { key: "stable-diffusion", name: "Stable Diffusion Image Gen", category: "Image Gen", credits_per_call: 6, tags: ["image", "generation", "diffusion"] }
+  },
+  {
+    pattern: /whisper|speech.?to.?text|stt/i,
+    capability: { key: "whisper", name: "Whisper Speech-to-Text", category: "STT", credits_per_call: 3, tags: ["stt", "audio", "transcription"] }
+  },
+  {
+    pattern: /puppeteer|playwright|selenium/i,
+    capability: { key: "puppeteer", name: "Web Scraping & Automation", category: "Web Scraping", credits_per_call: 2, tags: ["scraping", "automation", "browser"] }
+  },
+  {
+    pattern: /ffmpeg/i,
+    capability: { key: "ffmpeg", name: "FFmpeg Media Processing", category: "Media Processing", credits_per_call: 3, tags: ["media", "audio", "video", "processing"] }
+  },
+  {
+    pattern: /tesseract|ocr/i,
+    capability: { key: "tesseract", name: "OCR Text Extraction", category: "OCR", credits_per_call: 4, tags: ["ocr", "text", "extraction"] }
+  }
+];
+var INTERACTIVE_TEMPLATES = [
+  { key: "openai", name: "Text Generation (GPT-4o / Claude / Gemini)", category: "Text Gen", credits_per_call: 3, tags: ["llm", "text", "generation"] },
+  { key: "image-gen", name: "Image Generation (DALL-E / Recraft / Stable Diffusion)", category: "Image Gen", credits_per_call: 8, tags: ["image", "generation"] },
+  { key: "tts", name: "TTS / Voice (ElevenLabs / Google TTS)", category: "TTS", credits_per_call: 5, tags: ["tts", "audio", "voice"] },
+  { key: "video-gen", name: "Video Generation (Kling / Runway)", category: "Video Gen", credits_per_call: 10, tags: ["video", "generation"] },
+  { key: "code-review", name: "Code Review / Analysis", category: "Code", credits_per_call: 3, tags: ["code", "review", "analysis"] },
+  { key: "scraping", name: "Web Scraping / Data Extraction", category: "Web Scraping", credits_per_call: 2, tags: ["scraping", "data", "extraction"] },
+  { key: "translation", name: "Translation", category: "Translation", credits_per_call: 3, tags: ["translation", "language", "text"] },
+  { key: "custom", name: "Custom (describe it)", category: "Custom", credits_per_call: 5, tags: ["custom"] }
+];
+// src/onboarding/detect-from-docs.ts
+function detectFromDocs(content) {
+  if (!content || content.trim().length === 0) {
+    return [];
+  }
+  const seen = /* @__PURE__ */ new Set();
+  const results = [];
+  for (const entry of API_PATTERNS) {
+    if (entry.pattern.test(content) && !seen.has(entry.capability.key)) {
+      seen.add(entry.capability.key);
+      results.push({ ...entry.capability });
+    }
+  }
+  return results;
+}
+// src/onboarding/interactive.ts
+import { createInterface } from "readline";
+// src/onboarding/index.ts
+var DOC_FILES = ["SOUL.md", "CLAUDE.md", "AGENTS.md", "README.md"];
+function detectCapabilities(opts = {}) {
+  const cwd = opts.cwd ?? process.cwd();
+  if (opts.fromFile) {
+    const filePath = opts.fromFile.startsWith("/") ? opts.fromFile : join5(cwd, opts.fromFile);
+    if (existsSync5(filePath)) {
+      const content = readFileSync5(filePath, "utf-8");
+      const capabilities = detectFromDocs(content);
+      if (capabilities.length > 0) {
+        return { source: "docs", capabilities, sourceFile: filePath };
+      }
+    }
+    return { source: "none", capabilities: [] };
+  }
+  for (const fileName of DOC_FILES) {
+    const filePath = join5(cwd, fileName);
+    if (!existsSync5(filePath)) continue;
+    const content = readFileSync5(filePath, "utf-8");
+    if (fileName === "SOUL.md") {
+      return { source: "soul", capabilities: [], soulContent: content, sourceFile: filePath };
+    }
+    const capabilities = detectFromDocs(content);
+    if (capabilities.length > 0) {
+      return { source: "docs", capabilities, sourceFile: filePath };
+    }
+  }
+  const envKeys = detectApiKeys(KNOWN_API_KEYS);
+  if (envKeys.length > 0) {
+    return { source: "env", capabilities: [], envKeys };
+  }
+  return { source: "none", capabilities: [] };
+}
+function capabilitiesToV2Card(capabilities, owner, agentName) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const skills = capabilities.map((cap) => ({
+    id: cap.key,
+    name: cap.name,
+    description: `${cap.name} capability \u2014 ${cap.category}`,
+    level: 1,
+    category: cap.category.toLowerCase().replace(/\s+/g, "_"),
+    inputs: [{ name: "input", type: "text", required: true }],
+    outputs: [{ name: "output", type: "text", required: true }],
+    pricing: { credits_per_call: cap.credits_per_call },
+    availability: { online: true },
+    metadata: {
+      tags: cap.tags
+    }
+  }));
+  const card = {
+    spec_version: "2.0",
+    id: randomUUID13(),
+    owner,
+    agent_name: agentName ?? owner,
+    skills,
+    availability: { online: true },
+    created_at: now,
+    updated_at: now
+  };
+  return CapabilityCardV2Schema.parse(card);
+}
 export {
+  API_PATTERNS,
+  AgentBnBConsumer,
+  AgentBnBProvider,
+  AgentCertificateSchema,
+  AgentIdentitySchema,
   ApiExecutor,
   ApiSkillConfigSchema,
   BudgetController,
@@ -2546,11 +3761,17 @@ export {
   ConductorMode,
   ConductorSkillConfigSchema,
   EscrowReceiptSchema,
+  GUARANTOR_CREDIT_POOL,
+  GuarantorRecordSchema,
+  INTERACTIVE_TEMPLATES,
+  MAX_AGENTS_PER_GUARANTOR,
   ORCHESTRATION_FEE,
   OpenClawBridge,
   OpenClawSkillConfigSchema,
   PipelineExecutor,
   PipelineSkillConfigSchema,
+  RelayClient,
+  RelayMessageSchema,
   SkillConfigSchema,
   SkillExecutor,
   SkillsFileSchema,
@@ -2558,18 +3779,31 @@ export {
   applyInputMapping,
   buildAuthHeaders,
   buildConductorCard,
+  capabilitiesToV2Card,
   createGatewayServer,
+  createIdentity,
   createSignedEscrowReceipt,
   createSkillExecutor,
   decompose,
+  deriveAgentId,
+  detectCapabilities,
+  detectFromDocs,
+  ensureIdentity,
+  executeCapabilityRequest,
   expandEnvVars,
   extractByPath,
   generateKeyPair,
+  getAgentGuarantor,
   getBalance,
   getCard,
+  getGuarantor,
+  initiateGithubAuth,
   insertCard,
   interpolate,
   interpolateObject,
+  issueAgentCertificate,
+  linkAgentToGuarantor,
+  loadIdentity,
   loadKeyPair,
   matchSubTasks,
   openCreditDb,
@@ -2577,12 +3811,17 @@ export {
   orchestrate,
   parseSkillsFile,
   registerConductorCard,
+  registerGuarantor,
+  registerWebSocketRelay,
   releaseRequesterEscrow,
+  requestViaRelay,
   resolvePath,
+  saveIdentity,
   saveKeyPair,
   searchCards,
   settleProviderEarning,
   settleRequesterEscrow,
   signEscrowReceipt,
+  verifyAgentCertificate,
   verifyEscrowReceipt
 };