agentbnb 3.1.1 → 3.1.3

package/dist/{card-EWIXC377.js → card-IE5UV5QX.js}

@@ -1,6 +1,6 @@
 import {
   CapabilityCardV2Schema
-} from "./chunk-7RU5INZI.js";
+} from "./chunk-XA63SD4T.js";
 
 // src/conductor/card.ts
 var CONDUCTOR_OWNER = "agentbnb-conductor";

package/dist/{chunk-VCW7IDJM.js → chunk-7OACGAFD.js}

@@ -3,7 +3,7 @@ import {
   requestCapability,
   scorePeers,
   searchCards
-} from "./chunk-2ETVQXP7.js";
+} from "./chunk-IZZ4FP45.js";
 
 // src/conductor/task-decomposer.ts
 import { randomUUID } from "crypto";

package/dist/{chunk-2ETVQXP7.js → chunk-IZZ4FP45.js}

@@ -5,11 +5,12 @@ import {
   getBalance,
   holdEscrow,
   releaseEscrow,
-  settleEscrow
-} from "./chunk-MZCNJ5PY.js";
+  settleEscrow,
+  signEscrowReceipt
+} from "./chunk-QHQPXO67.js";
 import {
   AgentBnBError
-} from "./chunk-7RU5INZI.js";
+} from "./chunk-XA63SD4T.js";
 
 // src/autonomy/tiers.ts
 import { randomUUID } from "crypto";
@@ -150,7 +151,7 @@ function filterCards(db, filters) {
 // src/gateway/client.ts
 import { randomUUID as randomUUID2 } from "crypto";
 async function requestCapability(opts) {
-  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt } = opts;
+  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt, identity } = opts;
   const id = randomUUID2();
   const payload = {
     jsonrpc: "2.0",
@@ -162,16 +163,22 @@ async function requestCapability(opts) {
       ...escrowReceipt ? { escrow_receipt: escrowReceipt } : {}
     }
   };
+  const headers = { "Content-Type": "application/json" };
+  if (identity) {
+    const signature = signEscrowReceipt(payload, identity.privateKey);
+    headers["X-Agent-Id"] = identity.agentId;
+    headers["X-Agent-Public-Key"] = identity.publicKey;
+    headers["X-Agent-Signature"] = signature;
+  } else if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), timeoutMs);
   let response;
   try {
     response = await fetch(`${gatewayUrl}/rpc`, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`
-      },
+      headers,
       body: JSON.stringify(payload),
       signal: controller.signal
     });

package/dist/{chunk-MZCNJ5PY.js → chunk-QHQPXO67.js}

@@ -1,6 +1,58 @@
 import {
   AgentBnBError
-} from "./chunk-7RU5INZI.js";
+} from "./chunk-XA63SD4T.js";
+
+// src/credit/signing.ts
+import { generateKeyPairSync, sign, verify, createPublicKey, createPrivateKey } from "crypto";
+import { writeFileSync, readFileSync, existsSync, chmodSync } from "fs";
+import { join } from "path";
+function generateKeyPair() {
+  const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
+    publicKeyEncoding: { type: "spki", format: "der" },
+    privateKeyEncoding: { type: "pkcs8", format: "der" }
+  });
+  return {
+    publicKey: Buffer.from(publicKey),
+    privateKey: Buffer.from(privateKey)
+  };
+}
+function saveKeyPair(configDir, keys) {
+  const privatePath = join(configDir, "private.key");
+  const publicPath = join(configDir, "public.key");
+  writeFileSync(privatePath, keys.privateKey);
+  chmodSync(privatePath, 384);
+  writeFileSync(publicPath, keys.publicKey);
+}
+function loadKeyPair(configDir) {
+  const privatePath = join(configDir, "private.key");
+  const publicPath = join(configDir, "public.key");
+  if (!existsSync(privatePath) || !existsSync(publicPath)) {
+    throw new AgentBnBError("Keypair not found. Run `agentbnb init` to generate one.", "KEYPAIR_NOT_FOUND");
+  }
+  return {
+    publicKey: readFileSync(publicPath),
+    privateKey: readFileSync(privatePath)
+  };
+}
+function canonicalJson(data) {
+  return JSON.stringify(data, Object.keys(data).sort());
+}
+function signEscrowReceipt(data, privateKey) {
+  const message = Buffer.from(canonicalJson(data), "utf-8");
+  const keyObject = createPrivateKey({ key: privateKey, format: "der", type: "pkcs8" });
+  const signature = sign(null, message, keyObject);
+  return signature.toString("base64url");
+}
+function verifyEscrowReceipt(data, signature, publicKey) {
+  try {
+    const message = Buffer.from(canonicalJson(data), "utf-8");
+    const keyObject = createPublicKey({ key: publicKey, format: "der", type: "spki" });
+    const sigBuffer = Buffer.from(signature, "base64url");
+    return verify(null, message, keyObject, sigBuffer);
+  } catch {
+    return false;
+  }
+}
 
 // src/credit/escrow.ts
 import { randomUUID } from "crypto";
@@ -180,6 +232,11 @@ function recordEarning(db, owner, amount, _cardId, receiptNonce) {
 }
 
 export {
+  generateKeyPair,
+  saveKeyPair,
+  loadKeyPair,
+  signEscrowReceipt,
+  verifyEscrowReceipt,
   holdEscrow,
   settleEscrow,
   releaseEscrow,

package/dist/{chunk-MGHI67GR.js → chunk-QSPWE5AE.js}

@@ -2,74 +2,23 @@ import {
   getCard,
   insertRequestLog,
   updateReputation
-} from "./chunk-QAY6XTT7.js";
+} from "./chunk-UOGDK2S2.js";
 import {
   confirmEscrowDebit,
   getBalance,
   holdEscrow,
   recordEarning,
   releaseEscrow,
-  settleEscrow
-} from "./chunk-MZCNJ5PY.js";
+  settleEscrow,
+  verifyEscrowReceipt
+} from "./chunk-QHQPXO67.js";
 import {
   AgentBnBError
-} from "./chunk-7RU5INZI.js";
+} from "./chunk-XA63SD4T.js";
 
 // src/gateway/execute.ts
 import { randomUUID } from "crypto";
 
-// src/credit/signing.ts
-import { generateKeyPairSync, sign, verify, createPublicKey, createPrivateKey } from "crypto";
-import { writeFileSync, readFileSync, existsSync, chmodSync } from "fs";
-import { join } from "path";
-function generateKeyPair() {
-  const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
-    publicKeyEncoding: { type: "spki", format: "der" },
-    privateKeyEncoding: { type: "pkcs8", format: "der" }
-  });
-  return {
-    publicKey: Buffer.from(publicKey),
-    privateKey: Buffer.from(privateKey)
-  };
-}
-function saveKeyPair(configDir, keys) {
-  const privatePath = join(configDir, "private.key");
-  const publicPath = join(configDir, "public.key");
-  writeFileSync(privatePath, keys.privateKey);
-  chmodSync(privatePath, 384);
-  writeFileSync(publicPath, keys.publicKey);
-}
-function loadKeyPair(configDir) {
-  const privatePath = join(configDir, "private.key");
-  const publicPath = join(configDir, "public.key");
-  if (!existsSync(privatePath) || !existsSync(publicPath)) {
-    throw new AgentBnBError("Keypair not found. Run `agentbnb init` to generate one.", "KEYPAIR_NOT_FOUND");
-  }
-  return {
-    publicKey: readFileSync(publicPath),
-    privateKey: readFileSync(privatePath)
-  };
-}
-function canonicalJson(data) {
-  return JSON.stringify(data, Object.keys(data).sort());
-}
-function signEscrowReceipt(data, privateKey) {
-  const message = Buffer.from(canonicalJson(data), "utf-8");
-  const keyObject = createPrivateKey({ key: privateKey, format: "der", type: "pkcs8" });
-  const signature = sign(null, message, keyObject);
-  return signature.toString("base64url");
-}
-function verifyEscrowReceipt(data, signature, publicKey) {
-  try {
-    const message = Buffer.from(canonicalJson(data), "utf-8");
-    const keyObject = createPublicKey({ key: publicKey, format: "der", type: "spki" });
-    const sigBuffer = Buffer.from(signature, "base64url");
-    return verify(null, message, keyObject, sigBuffer);
-  } catch {
-    return false;
-  }
-}
-
 // src/credit/settlement.ts
 function settleProviderEarning(providerDb, providerOwner, receipt) {
   recordEarning(
@@ -247,10 +196,6 @@ async function executeCapabilityRequest(opts) {
 }
 
 export {
-  generateKeyPair,
-  saveKeyPair,
-  loadKeyPair,
-  signEscrowReceipt,
   settleRequesterEscrow,
   releaseRequesterEscrow,
   executeCapabilityRequest

package/dist/{chunk-QAY6XTT7.js → chunk-UOGDK2S2.js}

@@ -1,7 +1,7 @@
 import {
   AgentBnBError,
   CapabilityCardSchema
-} from "./chunk-7RU5INZI.js";
+} from "./chunk-XA63SD4T.js";
 
 // src/registry/request-log.ts
 var SINCE_MS = {

package/dist/{chunk-7RU5INZI.js → chunk-XA63SD4T.js}

@@ -39,6 +39,8 @@ var CapabilityCardSchema = z.object({
    * never transmitted beyond the local store.
    */
   _internal: z.record(z.unknown()).optional(),
+  /** Public gateway URL where this agent accepts requests. Populated on remote publish. */
+  gateway_url: z.string().url().optional(),
   metadata: z.object({
     apis_used: z.array(z.string()).optional(),
     avg_latency_ms: z.number().nonnegative().optional(),
@@ -103,6 +105,8 @@ var CapabilityCardV2Schema = z.object({
    * never transmitted beyond the local store.
    */
   _internal: z.record(z.unknown()).optional(),
+  /** Public gateway URL where this agent accepts requests. Populated on remote publish. */
+  gateway_url: z.string().url().optional(),
   created_at: z.string().datetime().optional(),
   updated_at: z.string().datetime().optional()
 });

package/dist/cli/index.js

@@ -1,13 +1,9 @@
 #!/usr/bin/env node
 import {
   executeCapabilityRequest,
-  generateKeyPair,
-  loadKeyPair,
   releaseRequesterEscrow,
-  saveKeyPair,
-  settleRequesterEscrow,
-  signEscrowReceipt
-} from "../chunk-MGHI67GR.js";
+  settleRequesterEscrow
+} from "../chunk-QSPWE5AE.js";
 import {
   RelayMessageSchema
 } from "../chunk-3Y36WQDV.js";
@@ -24,7 +20,7 @@ import {
   requestCapability,
   resolvePendingRequest,
   searchCards
-} from "../chunk-2ETVQXP7.js";
+} from "../chunk-IZZ4FP45.js";
 import {
   findPeer,
   getConfigDir,
@@ -46,20 +42,25 @@ import {
   updateCard,
   updateSkillAvailability,
   updateSkillIdleRate
-} from "../chunk-QAY6XTT7.js";
+} from "../chunk-UOGDK2S2.js";
 import {
   bootstrapAgent,
+  generateKeyPair,
   getBalance,
   getTransactions,
   holdEscrow,
+  loadKeyPair,
   openCreditDb,
-  releaseEscrow
-} from "../chunk-MZCNJ5PY.js";
+  releaseEscrow,
+  saveKeyPair,
+  signEscrowReceipt,
+  verifyEscrowReceipt
+} from "../chunk-QHQPXO67.js";
 import {
   AgentBnBError,
   AnyCardSchema,
   CapabilityCardV2Schema
-} from "../chunk-7RU5INZI.js";
+} from "../chunk-XA63SD4T.js";
 
 // src/cli/index.ts
 import { Command } from "commander";
@@ -1525,8 +1526,8 @@ var AgentRuntime = class {
     }
     const modes = /* @__PURE__ */ new Map();
     if (this.conductorEnabled) {
-      const { ConductorMode } = await import("../conductor-mode-GPLAM2XO.js");
-      const { registerConductorCard, CONDUCTOR_OWNER } = await import("../card-EWIXC377.js");
+      const { ConductorMode } = await import("../conductor-mode-IO45PWMI.js");
+      const { registerConductorCard, CONDUCTOR_OWNER } = await import("../card-IE5UV5QX.js");
       const { loadPeers: loadPeers2 } = await import("../peers-G36URZYB.js");
       registerConductorCard(this.registryDb);
       const resolveAgentUrl = (owner) => {
@@ -1648,22 +1649,27 @@ function createGatewayServer(opts) {
   fastify.addHook("onRequest", async (request, reply) => {
     if (request.method === "GET" && request.url === "/health") return;
     const auth = request.headers.authorization;
-    if (!auth || !auth.startsWith("Bearer ")) {
-      await reply.status(401).send({
-        jsonrpc: "2.0",
-        id: null,
-        error: { code: -32e3, message: "Unauthorized: missing token" }
-      });
-      return;
-    }
-    const token = auth.slice("Bearer ".length).trim();
-    if (!tokenSet.has(token)) {
-      await reply.status(401).send({
-        jsonrpc: "2.0",
-        id: null,
-        error: { code: -32e3, message: "Unauthorized: invalid token" }
-      });
+    if (auth && auth.startsWith("Bearer ")) {
+      const token = auth.slice("Bearer ".length).trim();
+      if (tokenSet.has(token)) return;
+    }
+    const agentId = request.headers["x-agent-id"];
+    const publicKeyHex = request.headers["x-agent-public-key"];
+    const signature = request.headers["x-agent-signature"];
+    if (agentId && publicKeyHex && signature) {
+      try {
+        const publicKeyBuf = Buffer.from(publicKeyHex, "hex");
+        const body = request.body;
+        const valid = verifyEscrowReceipt(body, signature, publicKeyBuf);
+        if (valid) return;
+      } catch {
+      }
     }
+    await reply.status(401).send({
+      jsonrpc: "2.0",
+      id: null,
+      error: { code: -32e3, message: "Unauthorized: provide Bearer token or X-Agent-Id/Signature headers" }
+    });
   });
   fastify.get("/health", async () => {
     return { status: "ok", version: VERSION, uptime: process.uptime() };
@@ -3161,11 +3167,12 @@ program.command("publish <card.json>").description("Publish a Capability Card to
   let remoteSuccess = false;
   if (registryUrl) {
     const url = `${registryUrl.replace(/\/$/, "")}/cards`;
+    const remoteCard = { ...card, gateway_url: config.gateway_url };
     try {
       const response = await fetch(url, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(card)
+        body: JSON.stringify(remoteCard)
       });
       if (!response.ok) {
         const body = await response.text();
@@ -3190,6 +3197,77 @@ program.command("publish <card.json>").description("Publish a Capability Card to
   } else if (!registryUrl) {
   }
 });
+program.command("sync").description("Push all local capability cards to the configured remote registry").option("--registry <url>", "Remote registry URL (overrides config.registry)").option("--json", "Output as JSON").action(async (opts) => {
+  const config = loadConfig();
+  if (!config) {
+    console.error("Error: not initialized. Run `agentbnb init` first.");
+    process.exit(1);
+  }
+  const registryUrl = opts.registry ?? config.registry;
+  if (!registryUrl) {
+    console.error("Error: no remote registry configured.");
+    console.error("Set one with: agentbnb config set registry <url>");
+    process.exit(1);
+  }
+  const db = openDatabase(config.db_path);
+  let localCards;
+  try {
+    localCards = listCards(db);
+  } finally {
+    db.close();
+  }
+  if (localCards.length === 0) {
+    if (opts.json) {
+      console.log(JSON.stringify({ synced: 0, failed: 0, registry: registryUrl }));
+    } else {
+      console.log("No local cards to sync.");
+    }
+    return;
+  }
+  const url = `${registryUrl.replace(/\/$/, "")}/cards`;
+  let synced = 0;
+  let failed = 0;
+  const results = [];
+  for (const card of localCards) {
+    const { _internal: _, ...publicCard } = card;
+    const remoteCard = { ...publicCard, gateway_url: config.gateway_url };
+    const displayName = card.name ?? card.agent_name ?? card.id;
+    try {
+      const response = await fetch(url, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(remoteCard)
+      });
+      if (response.ok) {
+        synced++;
+        results.push({ id: card.id, name: displayName, ok: true });
+        if (!opts.json) {
+          console.log(`  Synced: ${displayName} (${card.id.slice(0, 8)}...)`);
+        }
+      } else {
+        const body = await response.text();
+        failed++;
+        results.push({ id: card.id, name: displayName, ok: false, error: `${response.status}: ${body}` });
+        if (!opts.json) {
+          console.error(`  Failed: ${displayName} \u2014 ${response.status}`);
+        }
+      }
+    } catch (err) {
+      failed++;
+      const msg = err instanceof Error ? err.message : String(err);
+      results.push({ id: card.id, name: displayName, ok: false, error: msg });
+      if (!opts.json) {
+        console.error(`  Failed: ${displayName} \u2014 ${msg}`);
+      }
+    }
+  }
+  if (opts.json) {
+    console.log(JSON.stringify({ synced, failed, registry: registryUrl, results }, null, 2));
+  } else {
+    console.log(`
+Synced ${synced}/${localCards.length} cards to ${registryUrl}${failed > 0 ? ` (${failed} failed)` : ""}`);
+  }
+});
 program.command("discover [query]").description("Search available capabilities in the registry").option("--level <level>", "Filter by level (1, 2, or 3)").option("--online", "Only show online capabilities").option("--local", "Browse for agents on the local network via mDNS").option("--registry <url>", "Remote registry URL to query (e.g., http://host:7701)").option("--tag <tag>", "Filter by metadata tag").option("--json", "Output as JSON").action(async (query, opts) => {
   if (opts.local) {
     const discovered = [];
@@ -3361,7 +3439,8 @@ program.command("request [card-id]").description("Request a capability from anot
   }
   let gatewayUrl;
   let token;
-  const isPeerRequest = !!opts.peer;
+  let isRemoteRequest = false;
+  let identityAuth;
   if (opts.peer) {
     const peer = findPeer(opts.peer);
     if (!peer) {
@@ -3370,13 +3449,76 @@ program.command("request [card-id]").description("Request a capability from anot
     }
     gatewayUrl = peer.url;
     token = peer.token;
+    isRemoteRequest = true;
+    const configDir = getConfigDir();
+    const agentIdentity = loadIdentity(configDir);
+    if (agentIdentity) {
+      const keys = loadKeyPair(configDir);
+      identityAuth = {
+        agentId: agentIdentity.agent_id,
+        publicKey: agentIdentity.public_key,
+        privateKey: keys.privateKey
+      };
+    }
   } else {
-    gatewayUrl = config.gateway_url;
-    token = config.token;
+    const db = openDatabase(config.db_path);
+    let localCard;
+    try {
+      localCard = db.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId) ? JSON.parse(db.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId).data) : void 0;
+    } finally {
+      db.close();
+    }
+    if (localCard) {
+      gatewayUrl = config.gateway_url;
+      token = config.token;
+    } else {
+      const registryUrl = config.registry;
+      if (!registryUrl) {
+        console.error("Error: card not found locally and no remote registry configured.");
+        console.error("Set one with: agentbnb config set registry <url>");
+        process.exit(1);
+      }
+      const cardUrl = `${registryUrl.replace(/\/$/, "")}/cards/${cardId}`;
+      let remoteCard;
+      try {
+        const resp = await fetch(cardUrl);
+        if (!resp.ok) {
+          console.error(`Error: card ${cardId} not found on remote registry (${resp.status}).`);
+          process.exit(1);
+        }
+        remoteCard = await resp.json();
+      } catch (err) {
+        console.error(`Error: cannot reach registry: ${err.message}`);
+        process.exit(1);
+      }
+      if (!remoteCard.gateway_url || typeof remoteCard.gateway_url !== "string") {
+        console.error("Error: remote card has no gateway_url. The provider needs to re-publish with `agentbnb sync`.");
+        process.exit(1);
+      }
+      gatewayUrl = remoteCard.gateway_url;
+      token = "";
+      isRemoteRequest = true;
+      const configDir = getConfigDir();
+      const agentIdentity = loadIdentity(configDir);
+      if (!agentIdentity) {
+        console.error("Error: no agent identity found. Run `agentbnb init` first.");
+        process.exit(1);
+      }
+      const keys = loadKeyPair(configDir);
+      identityAuth = {
+        agentId: agentIdentity.agent_id,
+        publicKey: agentIdentity.public_key,
+        privateKey: keys.privateKey
+      };
+      if (!opts.json) {
+        const displayName = remoteCard.name ?? remoteCard.agent_name ?? cardId;
+        console.log(`Found remote card: ${displayName} @ ${gatewayUrl}`);
+      }
+    }
   }
-  const useReceipt = isPeerRequest && opts.receipt !== false;
+  const useReceipt = isRemoteRequest && opts.receipt !== false;
   if (useReceipt && !opts.cost) {
-    console.error("Error: --cost <credits> is required for peer requests. Specify the credits to commit.");
+    console.error("Error: --cost <credits> is required for remote requests. Specify the credits to commit.");
     process.exit(1);
   }
   let escrowId;
@@ -3420,7 +3562,8 @@ program.command("request [card-id]").description("Request a capability from anot
       token,
       cardId,
       params: { ...params, ...opts.skill ? { skill_id: opts.skill } : {} },
-      escrowReceipt
+      escrowReceipt,
+      identity: identityAuth
     });
     if (useReceipt && escrowId) {
       const configDir = getConfigDir();
@@ -3591,7 +3734,7 @@ program.command("serve").description("Start the AgentBnB gateway server").option
     }
     if (opts.registry) {
       const { RelayClient } = await import("../websocket-client-5TIQDYQ4.js");
-      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../execute-NZXTSSVV.js");
+      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../execute-SWWEHV2K.js");
       const cards = listCards(runtime.registryDb, config.owner);
       const card = cards[0] ?? {
         id: config.owner,
@@ -3860,7 +4003,7 @@ openclaw.command("rules").description("Print HEARTBEAT.md rules block (or inject
   }
 });
 program.command("conduct <task>").description("Orchestrate a complex task across the AgentBnB network").option("--plan-only", "Show execution plan without executing").option("--max-budget <credits>", "Maximum credits to spend", "100").option("--json", "Output as JSON").action(async (task, opts) => {
-  const { conductAction } = await import("../conduct-5T3LGXMF.js");
+  const { conductAction } = await import("../conduct-IEQ567ET.js");
   const result = await conductAction(task, opts);
   if (opts.json) {
     console.log(JSON.stringify(result, null, 2));

package/dist/{conduct-5T3LGXMF.js → conduct-IEQ567ET.js}

@@ -4,21 +4,21 @@ import {
   decompose,
   matchSubTasks,
   orchestrate
-} from "./chunk-VCW7IDJM.js";
+} from "./chunk-7OACGAFD.js";
 import {
   BudgetManager
-} from "./chunk-2ETVQXP7.js";
+} from "./chunk-IZZ4FP45.js";
 import {
   loadConfig,
   loadPeers
 } from "./chunk-BEI5MTNZ.js";
 import {
   openDatabase
-} from "./chunk-QAY6XTT7.js";
+} from "./chunk-UOGDK2S2.js";
 import {
   openCreditDb
-} from "./chunk-MZCNJ5PY.js";
-import "./chunk-7RU5INZI.js";
+} from "./chunk-QHQPXO67.js";
+import "./chunk-XA63SD4T.js";
 
 // src/cli/conduct.ts
 async function conductAction(task, opts) {

package/dist/{conductor-mode-GPLAM2XO.js → conductor-mode-IO45PWMI.js}

@@ -3,13 +3,13 @@ import {
   decompose,
   matchSubTasks,
   orchestrate
-} from "./chunk-VCW7IDJM.js";
+} from "./chunk-7OACGAFD.js";
 import {
   BudgetManager
-} from "./chunk-2ETVQXP7.js";
+} from "./chunk-IZZ4FP45.js";
 import "./chunk-BEI5MTNZ.js";
-import "./chunk-MZCNJ5PY.js";
-import "./chunk-7RU5INZI.js";
+import "./chunk-QHQPXO67.js";
+import "./chunk-XA63SD4T.js";
 
 // src/conductor/conductor-mode.ts
 var ConductorMode = class {

package/dist/execute-SWWEHV2K.js

@@ -0,0 +1,9 @@
+import {
+  executeCapabilityRequest
+} from "./chunk-QSPWE5AE.js";
+import "./chunk-UOGDK2S2.js";
+import "./chunk-QHQPXO67.js";
+import "./chunk-XA63SD4T.js";
+export {
+  executeCapabilityRequest
+};

package/dist/index.d.ts

@@ -96,6 +96,8 @@ declare const CapabilityCardSchema: z.ZodObject<{
      * never transmitted beyond the local store.
      */
     _internal: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    /** Public gateway URL where this agent accepts requests. Populated on remote publish. */
+    gateway_url: z.ZodOptional<z.ZodString>;
     metadata: z.ZodOptional<z.ZodObject<{
         apis_used: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
         avg_latency_ms: z.ZodOptional<z.ZodNumber>;
@@ -150,6 +152,7 @@ declare const CapabilityCardSchema: z.ZodObject<{
         tier?: string | undefined;
     }[] | undefined;
     _internal?: Record<string, unknown> | undefined;
+    gateway_url?: string | undefined;
     metadata?: {
         apis_used?: string[] | undefined;
         avg_latency_ms?: number | undefined;
@@ -194,6 +197,7 @@ declare const CapabilityCardSchema: z.ZodObject<{
         tier?: string | undefined;
     }[] | undefined;
     _internal?: Record<string, unknown> | undefined;
+    gateway_url?: string | undefined;
     metadata?: {
         apis_used?: string[] | undefined;
         avg_latency_ms?: number | undefined;
@@ -444,6 +448,8 @@ declare const CapabilityCardV2Schema: z.ZodObject<{
      * never transmitted beyond the local store.
      */
     _internal: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    /** Public gateway URL where this agent accepts requests. Populated on remote publish. */
+    gateway_url: z.ZodOptional<z.ZodString>;
     created_at: z.ZodOptional<z.ZodString>;
     updated_at: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
@@ -500,6 +506,7 @@ declare const CapabilityCardV2Schema: z.ZodObject<{
         category?: string | undefined;
     }[];
     _internal?: Record<string, unknown> | undefined;
+    gateway_url?: string | undefined;
     created_at?: string | undefined;
     updated_at?: string | undefined;
     environment?: {
@@ -560,6 +567,7 @@ declare const CapabilityCardV2Schema: z.ZodObject<{
         category?: string | undefined;
     }[];
     _internal?: Record<string, unknown> | undefined;
+    gateway_url?: string | undefined;
     created_at?: string | undefined;
     updated_at?: string | undefined;
     environment?: {

package/dist/index.js

@@ -39,6 +39,8 @@ var CapabilityCardSchema = z.object({
    * never transmitted beyond the local store.
    */
   _internal: z.record(z.unknown()).optional(),
+  /** Public gateway URL where this agent accepts requests. Populated on remote publish. */
+  gateway_url: z.string().url().optional(),
   metadata: z.object({
     apis_used: z.array(z.string()).optional(),
     avg_latency_ms: z.number().nonnegative().optional(),
@@ -103,6 +105,8 @@ var CapabilityCardV2Schema = z.object({
    * never transmitted beyond the local store.
    */
   _internal: z.record(z.unknown()).optional(),
+  /** Public gateway URL where this agent accepts requests. Populated on remote publish. */
+  gateway_url: z.string().url().optional(),
   created_at: z.string().datetime().optional(),
   updated_at: z.string().datetime().optional()
 });
@@ -942,22 +946,27 @@ function createGatewayServer(opts) {
   fastify.addHook("onRequest", async (request, reply) => {
     if (request.method === "GET" && request.url === "/health") return;
     const auth = request.headers.authorization;
-    if (!auth || !auth.startsWith("Bearer ")) {
-      await reply.status(401).send({
-        jsonrpc: "2.0",
-        id: null,
-        error: { code: -32e3, message: "Unauthorized: missing token" }
-      });
-      return;
-    }
-    const token = auth.slice("Bearer ".length).trim();
-    if (!tokenSet.has(token)) {
-      await reply.status(401).send({
-        jsonrpc: "2.0",
-        id: null,
-        error: { code: -32e3, message: "Unauthorized: invalid token" }
-      });
+    if (auth && auth.startsWith("Bearer ")) {
+      const token = auth.slice("Bearer ".length).trim();
+      if (tokenSet.has(token)) return;
+    }
+    const agentId = request.headers["x-agent-id"];
+    const publicKeyHex = request.headers["x-agent-public-key"];
+    const signature = request.headers["x-agent-signature"];
+    if (agentId && publicKeyHex && signature) {
+      try {
+        const publicKeyBuf = Buffer.from(publicKeyHex, "hex");
+        const body = request.body;
+        const valid = verifyEscrowReceipt(body, signature, publicKeyBuf);
+        if (valid) return;
+      } catch {
+      }
     }
+    await reply.status(401).send({
+      jsonrpc: "2.0",
+      id: null,
+      error: { code: -32e3, message: "Unauthorized: provide Bearer token or X-Agent-Id/Signature headers" }
+    });
   });
   fastify.get("/health", async () => {
     return { status: "ok", version: VERSION, uptime: process.uptime() };
@@ -1913,7 +1922,7 @@ function decompose(task, _availableCapabilities) {
 // src/gateway/client.ts
 import { randomUUID as randomUUID5 } from "crypto";
 async function requestCapability(opts) {
-  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt } = opts;
+  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt, identity } = opts;
   const id = randomUUID5();
   const payload = {
     jsonrpc: "2.0",
@@ -1925,16 +1934,22 @@ async function requestCapability(opts) {
       ...escrowReceipt ? { escrow_receipt: escrowReceipt } : {}
     }
   };
+  const headers = { "Content-Type": "application/json" };
+  if (identity) {
+    const signature = signEscrowReceipt(payload, identity.privateKey);
+    headers["X-Agent-Id"] = identity.agentId;
+    headers["X-Agent-Public-Key"] = identity.publicKey;
+    headers["X-Agent-Signature"] = signature;
+  } else if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), timeoutMs);
   let response;
   try {
     response = await fetch(`${gatewayUrl}/rpc`, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`
-      },
+      headers,
       body: JSON.stringify(payload),
       signal: controller.signal
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentbnb",
-  "version": "3.1.1",
+  "version": "3.1.3",
   "description": "P2P Agent Capability Sharing Protocol — Airbnb for AI agent pipelines",
   "type": "module",
   "main": "dist/index.js",

package/dist/execute-NZXTSSVV.js

@@ -1,9 +0,0 @@
-import {
-  executeCapabilityRequest
-} from "./chunk-MGHI67GR.js";
-import "./chunk-QAY6XTT7.js";
-import "./chunk-MZCNJ5PY.js";
-import "./chunk-7RU5INZI.js";
-export {
-  executeCapabilityRequest
-};