agentbnb 3.1.0 → 3.1.1

package/dist/index.js

@@ -479,6 +479,18 @@ function updateReputation(db, cardId, success, latencyMs) {
   `);
   stmt.run(JSON.stringify(updatedCard), now, cardId);
 }
+function listCards(db, owner) {
+  let stmt;
+  let rows;
+  if (owner !== void 0) {
+    stmt = db.prepare("SELECT data FROM capability_cards WHERE owner = ?");
+    rows = stmt.all(owner);
+  } else {
+    stmt = db.prepare("SELECT data FROM capability_cards");
+    rows = stmt.all();
+  }
+  return rows.map((row) => JSON.parse(row.data));
+}
 
 // src/registry/matcher.ts
 function searchCards(db, query, filters = {}) {
@@ -1978,6 +1990,22 @@ import { join as join3 } from "path";
 import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync, existsSync as existsSync2 } from "fs";
 import { homedir } from "os";
 import { join as join2 } from "path";
+function getConfigDir() {
+  return process.env["AGENTBNB_DIR"] ?? join2(homedir(), ".agentbnb");
+}
+function getConfigPath() {
+  return join2(getConfigDir(), "config.json");
+}
+function loadConfig() {
+  const configPath = getConfigPath();
+  if (!existsSync2(configPath)) return null;
+  try {
+    const raw = readFileSync2(configPath, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
 
 // src/autonomy/auto-request.ts
 function minMaxNormalize(values) {
@@ -2507,64 +2535,536 @@ function createSignedEscrowReceipt(db, privateKey, publicKey, opts) {
   return { escrowId, receipt };
 }
 
-// src/relay/types.ts
+// src/identity/identity.ts
 import { z as z4 } from "zod";
-var RegisterMessageSchema = z4.object({
-  type: z4.literal("register"),
+import { createHash } from "crypto";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, existsSync as existsSync4, mkdirSync as mkdirSync3 } from "fs";
+import { join as join4 } from "path";
+var AgentIdentitySchema = z4.object({
+  /** Deterministic ID derived from public key: sha256(hex).slice(0, 16). */
+  agent_id: z4.string().min(1),
+  /** Human-readable owner name (from config or init). */
   owner: z4.string().min(1),
-  token: z4.string().min(1),
-  card: z4.record(z4.unknown())
+  /** Hex-encoded Ed25519 public key. */
+  public_key: z4.string().min(1),
+  /** ISO 8601 timestamp of identity creation. */
+  created_at: z4.string().datetime(),
+  /** Optional guarantor info if linked to a human. */
+  guarantor: z4.object({
+    github_login: z4.string().min(1),
+    verified_at: z4.string().datetime()
+  }).optional()
+});
+var AgentCertificateSchema = z4.object({
+  identity: AgentIdentitySchema,
+  /** ISO 8601 timestamp of certificate issuance. */
+  issued_at: z4.string().datetime(),
+  /** ISO 8601 timestamp of certificate expiry. */
+  expires_at: z4.string().datetime(),
+  /** Hex-encoded public key of the issuer (same as identity for self-signed). */
+  issuer_public_key: z4.string().min(1),
+  /** Base64url Ed25519 signature over { identity, issued_at, expires_at, issuer_public_key }. */
+  signature: z4.string().min(1)
+});
+var IDENTITY_FILENAME = "identity.json";
+function deriveAgentId(publicKeyHex) {
+  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
+}
+function createIdentity(configDir, owner) {
+  if (!existsSync4(configDir)) {
+    mkdirSync3(configDir, { recursive: true });
+  }
+  let keys;
+  try {
+    keys = loadKeyPair(configDir);
+  } catch {
+    keys = generateKeyPair();
+    saveKeyPair(configDir, keys);
+  }
+  const publicKeyHex = keys.publicKey.toString("hex");
+  const agentId = deriveAgentId(publicKeyHex);
+  const identity = {
+    agent_id: agentId,
+    owner,
+    public_key: publicKeyHex,
+    created_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  saveIdentity(configDir, identity);
+  return identity;
+}
+function loadIdentity(configDir) {
+  const filePath = join4(configDir, IDENTITY_FILENAME);
+  if (!existsSync4(filePath)) return null;
+  try {
+    const raw = readFileSync4(filePath, "utf-8");
+    return AgentIdentitySchema.parse(JSON.parse(raw));
+  } catch {
+    return null;
+  }
+}
+function saveIdentity(configDir, identity) {
+  if (!existsSync4(configDir)) {
+    mkdirSync3(configDir, { recursive: true });
+  }
+  const filePath = join4(configDir, IDENTITY_FILENAME);
+  writeFileSync4(filePath, JSON.stringify(identity, null, 2), "utf-8");
+}
+function issueAgentCertificate(identity, privateKey) {
+  const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const expiresAt = new Date(Date.now() + 365 * 24 * 60 * 60 * 1e3).toISOString();
+  const payload = {
+    identity,
+    issued_at: issuedAt,
+    expires_at: expiresAt,
+    issuer_public_key: identity.public_key
+  };
+  const signature = signEscrowReceipt(payload, privateKey);
+  return {
+    identity,
+    issued_at: issuedAt,
+    expires_at: expiresAt,
+    issuer_public_key: identity.public_key,
+    signature
+  };
+}
+function verifyAgentCertificate(cert) {
+  if (new Date(cert.expires_at) < /* @__PURE__ */ new Date()) {
+    return false;
+  }
+  const publicKeyHex = cert.issuer_public_key;
+  const publicKeyBuf = Buffer.from(publicKeyHex, "hex");
+  const payload = {
+    identity: cert.identity,
+    issued_at: cert.issued_at,
+    expires_at: cert.expires_at,
+    issuer_public_key: cert.issuer_public_key
+  };
+  return verifyEscrowReceipt(payload, cert.signature, publicKeyBuf);
+}
+function ensureIdentity(configDir, owner) {
+  const existing = loadIdentity(configDir);
+  if (existing) return existing;
+  return createIdentity(configDir, owner);
+}
+
+// src/sdk/consumer.ts
+var AgentBnBConsumer = class {
+  configDir;
+  identity = null;
+  keys = null;
+  creditDb = null;
+  constructor(opts) {
+    this.configDir = opts?.configDir ?? getConfigDir();
+  }
+  /**
+   * Loads agent identity and keypair from disk.
+   * Creates identity if none exists (uses owner from config.json or generates one).
+   *
+   * @returns The loaded AgentIdentity.
+   * @throws {AgentBnBError} if keypair is missing and cannot be created.
+   */
+  authenticate() {
+    const config = loadConfig();
+    const owner = config?.owner ?? `agent-${Date.now().toString(36)}`;
+    this.identity = ensureIdentity(this.configDir, owner);
+    this.keys = loadKeyPair(this.configDir);
+    return this.identity;
+  }
+  /**
+   * Returns the cached identity. Throws if not yet authenticated.
+   */
+  getIdentity() {
+    if (!this.identity) {
+      throw new AgentBnBError("Not authenticated. Call authenticate() first.", "NOT_AUTHENTICATED");
+    }
+    return this.identity;
+  }
+  /**
+   * Requests a capability from a remote agent with full escrow lifecycle.
+   *
+   * 1. Creates a signed escrow receipt (holds credits locally)
+   * 2. Sends the request to the target gateway
+   * 3. Settles escrow on success, releases on failure
+   *
+   * @param opts - Request options including target, card, credits, and params.
+   * @returns The result from the capability execution.
+   * @throws {AgentBnBError} on insufficient credits, network error, or RPC error.
+   */
+  async request(opts) {
+    const identity = this.getIdentity();
+    if (!this.keys) {
+      throw new AgentBnBError("Keypair not loaded. Call authenticate() first.", "NOT_AUTHENTICATED");
+    }
+    const db = this.getCreditDb();
+    const { escrowId, receipt } = createSignedEscrowReceipt(
+      db,
+      this.keys.privateKey,
+      this.keys.publicKey,
+      {
+        owner: identity.owner,
+        amount: opts.credits,
+        cardId: opts.cardId,
+        skillId: opts.skillId
+      }
+    );
+    try {
+      const result = await requestCapability({
+        gatewayUrl: opts.gatewayUrl,
+        token: opts.token,
+        cardId: opts.cardId,
+        params: opts.params,
+        timeoutMs: opts.timeoutMs,
+        escrowReceipt: receipt
+      });
+      settleRequesterEscrow(db, escrowId);
+      return result;
+    } catch (err) {
+      releaseRequesterEscrow(db, escrowId);
+      throw err;
+    }
+  }
+  /**
+   * Returns the current credit balance for this agent.
+   */
+  getBalance() {
+    const identity = this.getIdentity();
+    const db = this.getCreditDb();
+    return getBalance(db, identity.owner);
+  }
+  /**
+   * Returns basic reputation data from the local credit database.
+   * Note: success_rate is computed from local request history only.
+   */
+  getReputation() {
+    const identity = this.getIdentity();
+    const db = this.getCreditDb();
+    const stmt = db.prepare(`
+      SELECT
+        COUNT(*) as total,
+        SUM(CASE WHEN status = 'settled' THEN 1 ELSE 0 END) as settled
+      FROM credit_escrow
+      WHERE owner = ?
+    `);
+    const row = stmt.get(identity.owner);
+    const total = row?.total ?? 0;
+    const settled = row?.settled ?? 0;
+    return {
+      success_rate: total > 0 ? settled / total : 1,
+      total_requests: total
+    };
+  }
+  /**
+   * Closes the credit database connection. Call when done.
+   */
+  close() {
+    if (this.creditDb) {
+      this.creditDb.close();
+      this.creditDb = null;
+    }
+  }
+  /** Lazily opens and caches the credit database. */
+  getCreditDb() {
+    if (!this.creditDb) {
+      const config = loadConfig();
+      const creditDbPath = config?.credit_db_path ?? `${this.configDir}/credit.db`;
+      this.creditDb = openCreditDb(creditDbPath);
+    }
+    return this.creditDb;
+  }
+};
+
+// src/sdk/provider.ts
+var AgentBnBProvider = class {
+  configDir;
+  identity = null;
+  registryDb = null;
+  creditDb = null;
+  gateway = null;
+  constructor(opts) {
+    this.configDir = opts?.configDir ?? getConfigDir();
+  }
+  /**
+   * Loads agent identity from disk.
+   * Creates identity if none exists.
+   *
+   * @returns The loaded AgentIdentity.
+   */
+  authenticate() {
+    const config = loadConfig();
+    const owner = config?.owner ?? `agent-${Date.now().toString(36)}`;
+    this.identity = ensureIdentity(this.configDir, owner);
+    return this.identity;
+  }
+  /**
+   * Returns the cached identity. Throws if not yet authenticated.
+   */
+  getIdentity() {
+    if (!this.identity) {
+      throw new AgentBnBError("Not authenticated. Call authenticate() first.", "NOT_AUTHENTICATED");
+    }
+    return this.identity;
+  }
+  /**
+   * Starts the gateway server to share capabilities.
+   *
+   * @param opts - Optional port and host configuration.
+   * @returns Context with the gateway server and port.
+   */
+  async startSharing(opts) {
+    this.getIdentity();
+    const config = loadConfig();
+    const port = opts?.port ?? config?.gateway_port ?? 7700;
+    const host = opts?.host ?? "0.0.0.0";
+    const registryDb = this.getRegistryDb();
+    const creditDb = this.getCreditDb();
+    const token = config?.token ?? "";
+    const gateway = createGatewayServer({
+      registryDb,
+      creditDb,
+      tokens: [token],
+      handlerUrl: `http://localhost:${port}`,
+      silent: true
+    });
+    await gateway.listen({ port, host });
+    this.gateway = gateway;
+    return { gateway, port };
+  }
+  /**
+   * Stops the gateway server.
+   */
+  async stopSharing() {
+    if (this.gateway) {
+      await this.gateway.close();
+      this.gateway = null;
+    }
+  }
+  /**
+   * Returns all capability cards owned by this agent.
+   */
+  listCapabilities() {
+    const identity = this.getIdentity();
+    const db = this.getRegistryDb();
+    return listCards(db, identity.owner);
+  }
+  /**
+   * Returns the current credit balance for this agent.
+   */
+  getBalance() {
+    const identity = this.getIdentity();
+    const db = this.getCreditDb();
+    return getBalance(db, identity.owner);
+  }
+  /**
+   * Closes all database connections and stops the gateway. Call when done.
+   */
+  async close() {
+    await this.stopSharing();
+    if (this.registryDb) {
+      this.registryDb.close();
+      this.registryDb = null;
+    }
+    if (this.creditDb) {
+      this.creditDb.close();
+      this.creditDb = null;
+    }
+  }
+  /** Lazily opens and caches the registry database. */
+  getRegistryDb() {
+    if (!this.registryDb) {
+      const config = loadConfig();
+      const dbPath = config?.db_path ?? `${this.configDir}/registry.db`;
+      this.registryDb = openDatabase(dbPath);
+    }
+    return this.registryDb;
+  }
+  /** Lazily opens and caches the credit database. */
+  getCreditDb() {
+    if (!this.creditDb) {
+      const config = loadConfig();
+      const creditDbPath = config?.credit_db_path ?? `${this.configDir}/credit.db`;
+      this.creditDb = openCreditDb(creditDbPath);
+    }
+    return this.creditDb;
+  }
+};
+
+// src/identity/guarantor.ts
+import { z as z5 } from "zod";
+import { randomUUID as randomUUID9 } from "crypto";
+var MAX_AGENTS_PER_GUARANTOR = 10;
+var GUARANTOR_CREDIT_POOL = 50;
+var GuarantorRecordSchema = z5.object({
+  id: z5.string().uuid(),
+  github_login: z5.string().min(1),
+  agent_count: z5.number().int().nonnegative(),
+  credit_pool: z5.number().int().nonnegative(),
+  created_at: z5.string().datetime()
+});
+var GUARANTOR_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS guarantors (
+    id TEXT PRIMARY KEY,
+    github_login TEXT UNIQUE NOT NULL,
+    agent_count INTEGER NOT NULL DEFAULT 0,
+    credit_pool INTEGER NOT NULL DEFAULT ${GUARANTOR_CREDIT_POOL},
+    created_at TEXT NOT NULL
+  );
+
+  CREATE TABLE IF NOT EXISTS agent_guarantors (
+    agent_id TEXT PRIMARY KEY,
+    guarantor_id TEXT NOT NULL,
+    linked_at TEXT NOT NULL,
+    FOREIGN KEY (guarantor_id) REFERENCES guarantors(id)
+  );
+`;
+function ensureGuarantorTables(db) {
+  db.exec(GUARANTOR_SCHEMA);
+}
+function registerGuarantor(db, githubLogin) {
+  ensureGuarantorTables(db);
+  const existing = db.prepare("SELECT * FROM guarantors WHERE github_login = ?").get(githubLogin);
+  if (existing) {
+    throw new AgentBnBError(
+      `Guarantor already registered: ${githubLogin}`,
+      "GUARANTOR_EXISTS"
+    );
+  }
+  const record = {
+    id: randomUUID9(),
+    github_login: githubLogin,
+    agent_count: 0,
+    credit_pool: GUARANTOR_CREDIT_POOL,
+    created_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  db.prepare(
+    "INSERT INTO guarantors (id, github_login, agent_count, credit_pool, created_at) VALUES (?, ?, ?, ?, ?)"
+  ).run(record.id, record.github_login, record.agent_count, record.credit_pool, record.created_at);
+  return record;
+}
+function linkAgentToGuarantor(db, agentId, githubLogin) {
+  ensureGuarantorTables(db);
+  const guarantor = db.prepare("SELECT * FROM guarantors WHERE github_login = ?").get(githubLogin);
+  if (!guarantor) {
+    throw new AgentBnBError(
+      `Guarantor not found: ${githubLogin}`,
+      "GUARANTOR_NOT_FOUND"
+    );
+  }
+  if (guarantor["agent_count"] >= MAX_AGENTS_PER_GUARANTOR) {
+    throw new AgentBnBError(
+      `Maximum agents per guarantor reached (${MAX_AGENTS_PER_GUARANTOR})`,
+      "MAX_AGENTS_EXCEEDED"
+    );
+  }
+  const existingLink = db.prepare("SELECT * FROM agent_guarantors WHERE agent_id = ?").get(agentId);
+  if (existingLink) {
+    throw new AgentBnBError(
+      `Agent ${agentId} is already linked to a guarantor`,
+      "AGENT_ALREADY_LINKED"
+    );
+  }
+  db.transaction(() => {
+    db.prepare("INSERT INTO agent_guarantors (agent_id, guarantor_id, linked_at) VALUES (?, ?, ?)").run(
+      agentId,
+      guarantor["id"],
+      (/* @__PURE__ */ new Date()).toISOString()
+    );
+    db.prepare("UPDATE guarantors SET agent_count = agent_count + 1 WHERE id = ?").run(guarantor["id"]);
+  })();
+  return getGuarantor(db, githubLogin);
+}
+function getGuarantor(db, githubLogin) {
+  ensureGuarantorTables(db);
+  const row = db.prepare("SELECT * FROM guarantors WHERE github_login = ?").get(githubLogin);
+  if (!row) return null;
+  return {
+    id: row["id"],
+    github_login: row["github_login"],
+    agent_count: row["agent_count"],
+    credit_pool: row["credit_pool"],
+    created_at: row["created_at"]
+  };
+}
+function getAgentGuarantor(db, agentId) {
+  ensureGuarantorTables(db);
+  const link = db.prepare(
+    `SELECT g.* FROM guarantors g
+       JOIN agent_guarantors ag ON ag.guarantor_id = g.id
+       WHERE ag.agent_id = ?`
+  ).get(agentId);
+  if (!link) return null;
+  return {
+    id: link["id"],
+    github_login: link["github_login"],
+    agent_count: link["agent_count"],
+    credit_pool: link["credit_pool"],
+    created_at: link["created_at"]
+  };
+}
+function initiateGithubAuth() {
+  return {
+    auth_url: "https://github.com/login/oauth/authorize?client_id=PLACEHOLDER&scope=read:user",
+    state: randomUUID9()
+  };
+}
+
+// src/relay/types.ts
+import { z as z6 } from "zod";
+var RegisterMessageSchema = z6.object({
+  type: z6.literal("register"),
+  owner: z6.string().min(1),
+  token: z6.string().min(1),
+  card: z6.record(z6.unknown())
   // CapabilityCard (validated separately)
 });
-var RegisteredMessageSchema = z4.object({
-  type: z4.literal("registered"),
-  agent_id: z4.string()
+var RegisteredMessageSchema = z6.object({
+  type: z6.literal("registered"),
+  agent_id: z6.string()
 });
-var RelayRequestMessageSchema = z4.object({
-  type: z4.literal("relay_request"),
-  id: z4.string().uuid(),
-  target_owner: z4.string().min(1),
-  card_id: z4.string(),
-  skill_id: z4.string().optional(),
-  params: z4.record(z4.unknown()).default({}),
-  requester: z4.string().optional(),
-  escrow_receipt: z4.record(z4.unknown()).optional()
+var RelayRequestMessageSchema = z6.object({
+  type: z6.literal("relay_request"),
+  id: z6.string().uuid(),
+  target_owner: z6.string().min(1),
+  card_id: z6.string(),
+  skill_id: z6.string().optional(),
+  params: z6.record(z6.unknown()).default({}),
+  requester: z6.string().optional(),
+  escrow_receipt: z6.record(z6.unknown()).optional()
 });
-var IncomingRequestMessageSchema = z4.object({
-  type: z4.literal("incoming_request"),
-  id: z4.string().uuid(),
-  from_owner: z4.string().min(1),
-  card_id: z4.string(),
-  skill_id: z4.string().optional(),
-  params: z4.record(z4.unknown()).default({}),
-  requester: z4.string().optional(),
-  escrow_receipt: z4.record(z4.unknown()).optional()
+var IncomingRequestMessageSchema = z6.object({
+  type: z6.literal("incoming_request"),
+  id: z6.string().uuid(),
+  from_owner: z6.string().min(1),
+  card_id: z6.string(),
+  skill_id: z6.string().optional(),
+  params: z6.record(z6.unknown()).default({}),
+  requester: z6.string().optional(),
+  escrow_receipt: z6.record(z6.unknown()).optional()
 });
-var RelayResponseMessageSchema = z4.object({
-  type: z4.literal("relay_response"),
-  id: z4.string().uuid(),
-  result: z4.unknown().optional(),
-  error: z4.object({
-    code: z4.number(),
-    message: z4.string()
+var RelayResponseMessageSchema = z6.object({
+  type: z6.literal("relay_response"),
+  id: z6.string().uuid(),
+  result: z6.unknown().optional(),
+  error: z6.object({
+    code: z6.number(),
+    message: z6.string()
   }).optional()
 });
-var ResponseMessageSchema = z4.object({
-  type: z4.literal("response"),
-  id: z4.string().uuid(),
-  result: z4.unknown().optional(),
-  error: z4.object({
-    code: z4.number(),
-    message: z4.string()
+var ResponseMessageSchema = z6.object({
+  type: z6.literal("response"),
+  id: z6.string().uuid(),
+  result: z6.unknown().optional(),
+  error: z6.object({
+    code: z6.number(),
+    message: z6.string()
   }).optional()
 });
-var ErrorMessageSchema = z4.object({
-  type: z4.literal("error"),
-  code: z4.string(),
-  message: z4.string(),
-  request_id: z4.string().optional()
+var ErrorMessageSchema = z6.object({
+  type: z6.literal("error"),
+  code: z6.string(),
+  message: z6.string(),
+  request_id: z6.string().optional()
 });
-var RelayMessageSchema = z4.discriminatedUnion("type", [
+var RelayMessageSchema = z6.discriminatedUnion("type", [
   RegisterMessageSchema,
   RegisteredMessageSchema,
   RelayRequestMessageSchema,
@@ -2575,7 +3075,7 @@ var RelayMessageSchema = z4.discriminatedUnion("type", [
 ]);
 
 // src/relay/websocket-relay.ts
-import { randomUUID as randomUUID9 } from "crypto";
+import { randomUUID as randomUUID10 } from "crypto";
 var RATE_LIMIT_MAX = 60;
 var RATE_LIMIT_WINDOW_MS = 6e4;
 var RELAY_TIMEOUT_MS = 3e4;
@@ -2647,7 +3147,7 @@ function registerWebSocketRelay(server, db) {
   function logAgentJoined(owner, cardName, cardId) {
     try {
       insertRequestLog(db, {
-        id: randomUUID9(),
+        id: randomUUID10(),
         card_id: cardId,
         card_name: cardName,
         requester: owner,
@@ -2747,7 +3247,8 @@ function registerWebSocketRelay(server, db) {
       }
     }
   }
-  server.get("/ws", { websocket: true }, (socket) => {
+  server.get("/ws", { websocket: true }, (rawSocket, _request) => {
+    const socket = rawSocket;
     let registeredOwner;
     socket.on("message", (raw) => {
       let data;
@@ -2819,7 +3320,7 @@ function registerWebSocketRelay(server, db) {
 
 // src/relay/websocket-client.ts
 import WebSocket from "ws";
-import { randomUUID as randomUUID10 } from "crypto";
+import { randomUUID as randomUUID11 } from "crypto";
 var RelayClient = class {
   ws = null;
   opts;
@@ -2915,7 +3416,7 @@ var RelayClient = class {
     if (!this.ws || this.ws.readyState !== WebSocket.OPEN || !this.registered) {
       throw new Error("Not connected to registry relay");
     }
-    const id = randomUUID10();
+    const id = randomUUID11();
     const timeoutMs = opts.timeoutMs ?? 3e4;
     return new Promise((resolve, reject) => {
       const timeout = setTimeout(() => {
@@ -3085,7 +3586,171 @@ var RelayClient = class {
     }, delay);
   }
 };
+
+// src/onboarding/index.ts
+import { randomUUID as randomUUID13 } from "crypto";
+import { existsSync as existsSync5, readFileSync as readFileSync5 } from "fs";
+import { join as join5 } from "path";
+
+// src/cli/onboarding.ts
+import { randomUUID as randomUUID12 } from "crypto";
+import { createConnection } from "net";
+var KNOWN_API_KEYS = [
+  "OPENAI_API_KEY",
+  "ANTHROPIC_API_KEY",
+  "ELEVENLABS_API_KEY",
+  "KLING_API_KEY",
+  "STABILITY_API_KEY",
+  "REPLICATE_API_TOKEN",
+  "GOOGLE_API_KEY",
+  "AZURE_OPENAI_API_KEY",
+  "COHERE_API_KEY",
+  "MISTRAL_API_KEY"
+];
+function detectApiKeys(knownKeys) {
+  return knownKeys.filter((key) => key in process.env);
+}
+
+// src/onboarding/capability-templates.ts
+var API_PATTERNS = [
+  {
+    pattern: /openai|gpt-4|gpt-3|chatgpt|dall-e/i,
+    capability: { key: "openai", name: "OpenAI Text Generation", category: "Text Gen", credits_per_call: 3, tags: ["llm", "text", "generation"] }
+  },
+  {
+    pattern: /elevenlabs|eleven.?labs/i,
+    capability: { key: "elevenlabs", name: "ElevenLabs TTS", category: "TTS", credits_per_call: 5, tags: ["tts", "audio", "voice"] }
+  },
+  {
+    pattern: /anthropic|claude/i,
+    capability: { key: "anthropic", name: "Anthropic Claude", category: "Text Gen", credits_per_call: 3, tags: ["llm", "text", "generation"] }
+  },
+  {
+    pattern: /recraft/i,
+    capability: { key: "recraft", name: "Recraft V4 Image Gen", category: "Image Gen", credits_per_call: 8, tags: ["image", "generation", "design"] }
+  },
+  {
+    pattern: /kling/i,
+    capability: { key: "kling", name: "Kling AI Video Gen", category: "Video Gen", credits_per_call: 10, tags: ["video", "generation"] }
+  },
+  {
+    pattern: /stable.?diffusion|sdxl|comfyui/i,
+    capability: { key: "stable-diffusion", name: "Stable Diffusion Image Gen", category: "Image Gen", credits_per_call: 6, tags: ["image", "generation", "diffusion"] }
+  },
+  {
+    pattern: /whisper|speech.?to.?text|stt/i,
+    capability: { key: "whisper", name: "Whisper Speech-to-Text", category: "STT", credits_per_call: 3, tags: ["stt", "audio", "transcription"] }
+  },
+  {
+    pattern: /puppeteer|playwright|selenium/i,
+    capability: { key: "puppeteer", name: "Web Scraping & Automation", category: "Web Scraping", credits_per_call: 2, tags: ["scraping", "automation", "browser"] }
+  },
+  {
+    pattern: /ffmpeg/i,
+    capability: { key: "ffmpeg", name: "FFmpeg Media Processing", category: "Media Processing", credits_per_call: 3, tags: ["media", "audio", "video", "processing"] }
+  },
+  {
+    pattern: /tesseract|ocr/i,
+    capability: { key: "tesseract", name: "OCR Text Extraction", category: "OCR", credits_per_call: 4, tags: ["ocr", "text", "extraction"] }
+  }
+];
+var INTERACTIVE_TEMPLATES = [
+  { key: "openai", name: "Text Generation (GPT-4o / Claude / Gemini)", category: "Text Gen", credits_per_call: 3, tags: ["llm", "text", "generation"] },
+  { key: "image-gen", name: "Image Generation (DALL-E / Recraft / Stable Diffusion)", category: "Image Gen", credits_per_call: 8, tags: ["image", "generation"] },
+  { key: "tts", name: "TTS / Voice (ElevenLabs / Google TTS)", category: "TTS", credits_per_call: 5, tags: ["tts", "audio", "voice"] },
+  { key: "video-gen", name: "Video Generation (Kling / Runway)", category: "Video Gen", credits_per_call: 10, tags: ["video", "generation"] },
+  { key: "code-review", name: "Code Review / Analysis", category: "Code", credits_per_call: 3, tags: ["code", "review", "analysis"] },
+  { key: "scraping", name: "Web Scraping / Data Extraction", category: "Web Scraping", credits_per_call: 2, tags: ["scraping", "data", "extraction"] },
+  { key: "translation", name: "Translation", category: "Translation", credits_per_call: 3, tags: ["translation", "language", "text"] },
+  { key: "custom", name: "Custom (describe it)", category: "Custom", credits_per_call: 5, tags: ["custom"] }
+];
+
+// src/onboarding/detect-from-docs.ts
+function detectFromDocs(content) {
+  if (!content || content.trim().length === 0) {
+    return [];
+  }
+  const seen = /* @__PURE__ */ new Set();
+  const results = [];
+  for (const entry of API_PATTERNS) {
+    if (entry.pattern.test(content) && !seen.has(entry.capability.key)) {
+      seen.add(entry.capability.key);
+      results.push({ ...entry.capability });
+    }
+  }
+  return results;
+}
+
+// src/onboarding/interactive.ts
+import { createInterface } from "readline";
+
+// src/onboarding/index.ts
+var DOC_FILES = ["SOUL.md", "CLAUDE.md", "AGENTS.md", "README.md"];
+function detectCapabilities(opts = {}) {
+  const cwd = opts.cwd ?? process.cwd();
+  if (opts.fromFile) {
+    const filePath = opts.fromFile.startsWith("/") ? opts.fromFile : join5(cwd, opts.fromFile);
+    if (existsSync5(filePath)) {
+      const content = readFileSync5(filePath, "utf-8");
+      const capabilities = detectFromDocs(content);
+      if (capabilities.length > 0) {
+        return { source: "docs", capabilities, sourceFile: filePath };
+      }
+    }
+    return { source: "none", capabilities: [] };
+  }
+  for (const fileName of DOC_FILES) {
+    const filePath = join5(cwd, fileName);
+    if (!existsSync5(filePath)) continue;
+    const content = readFileSync5(filePath, "utf-8");
+    if (fileName === "SOUL.md") {
+      return { source: "soul", capabilities: [], soulContent: content, sourceFile: filePath };
+    }
+    const capabilities = detectFromDocs(content);
+    if (capabilities.length > 0) {
+      return { source: "docs", capabilities, sourceFile: filePath };
+    }
+  }
+  const envKeys = detectApiKeys(KNOWN_API_KEYS);
+  if (envKeys.length > 0) {
+    return { source: "env", capabilities: [], envKeys };
+  }
+  return { source: "none", capabilities: [] };
+}
+function capabilitiesToV2Card(capabilities, owner, agentName) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const skills = capabilities.map((cap) => ({
+    id: cap.key,
+    name: cap.name,
+    description: `${cap.name} capability \u2014 ${cap.category}`,
+    level: 1,
+    category: cap.category.toLowerCase().replace(/\s+/g, "_"),
+    inputs: [{ name: "input", type: "text", required: true }],
+    outputs: [{ name: "output", type: "text", required: true }],
+    pricing: { credits_per_call: cap.credits_per_call },
+    availability: { online: true },
+    metadata: {
+      tags: cap.tags
+    }
+  }));
+  const card = {
+    spec_version: "2.0",
+    id: randomUUID13(),
+    owner,
+    agent_name: agentName ?? owner,
+    skills,
+    availability: { online: true },
+    created_at: now,
+    updated_at: now
+  };
+  return CapabilityCardV2Schema.parse(card);
+}
 export {
+  API_PATTERNS,
+  AgentBnBConsumer,
+  AgentBnBProvider,
+  AgentCertificateSchema,
+  AgentIdentitySchema,
   ApiExecutor,
   ApiSkillConfigSchema,
   BudgetController,
@@ -3096,6 +3761,10 @@ export {
   ConductorMode,
   ConductorSkillConfigSchema,
   EscrowReceiptSchema,
+  GUARANTOR_CREDIT_POOL,
+  GuarantorRecordSchema,
+  INTERACTIVE_TEMPLATES,
+  MAX_AGENTS_PER_GUARANTOR,
   ORCHESTRATION_FEE,
   OpenClawBridge,
   OpenClawSkillConfigSchema,
@@ -3110,19 +3779,31 @@ export {
   applyInputMapping,
   buildAuthHeaders,
   buildConductorCard,
+  capabilitiesToV2Card,
   createGatewayServer,
+  createIdentity,
   createSignedEscrowReceipt,
   createSkillExecutor,
   decompose,
+  deriveAgentId,
+  detectCapabilities,
+  detectFromDocs,
+  ensureIdentity,
   executeCapabilityRequest,
   expandEnvVars,
   extractByPath,
   generateKeyPair,
+  getAgentGuarantor,
   getBalance,
   getCard,
+  getGuarantor,
+  initiateGithubAuth,
   insertCard,
   interpolate,
   interpolateObject,
+  issueAgentCertificate,
+  linkAgentToGuarantor,
+  loadIdentity,
   loadKeyPair,
   matchSubTasks,
   openCreditDb,
@@ -3130,14 +3811,17 @@ export {
   orchestrate,
   parseSkillsFile,
   registerConductorCard,
+  registerGuarantor,
   registerWebSocketRelay,
   releaseRequesterEscrow,
   requestViaRelay,
   resolvePath,
+  saveIdentity,
   saveKeyPair,
   searchCards,
   settleProviderEarning,
   settleRequesterEscrow,
   signEscrowReceipt,
+  verifyAgentCertificate,
   verifyEscrowReceipt
 };