agentbnb 3.1.2 → 3.1.4

package/dist/{chunk-P35546JW.js → chunk-7OACGAFD.js}

@@ -3,7 +3,7 @@ import {
   requestCapability,
   scorePeers,
   searchCards
-} from "./chunk-KTHJ5F3X.js";
+} from "./chunk-IZZ4FP45.js";
 
 // src/conductor/task-decomposer.ts
 import { randomUUID } from "crypto";

package/dist/{chunk-KTHJ5F3X.js → chunk-IZZ4FP45.js}

@@ -5,8 +5,9 @@ import {
   getBalance,
   holdEscrow,
   releaseEscrow,
-  settleEscrow
-} from "./chunk-QVV2P3FN.js";
+  settleEscrow,
+  signEscrowReceipt
+} from "./chunk-QHQPXO67.js";
 import {
   AgentBnBError
 } from "./chunk-XA63SD4T.js";
@@ -150,7 +151,7 @@ function filterCards(db, filters) {
 // src/gateway/client.ts
 import { randomUUID as randomUUID2 } from "crypto";
 async function requestCapability(opts) {
-  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt } = opts;
+  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt, identity } = opts;
   const id = randomUUID2();
   const payload = {
     jsonrpc: "2.0",
@@ -162,16 +163,22 @@ async function requestCapability(opts) {
       ...escrowReceipt ? { escrow_receipt: escrowReceipt } : {}
     }
   };
+  const headers = { "Content-Type": "application/json" };
+  if (identity) {
+    const signature = signEscrowReceipt(payload, identity.privateKey);
+    headers["X-Agent-Id"] = identity.agentId;
+    headers["X-Agent-Public-Key"] = identity.publicKey;
+    headers["X-Agent-Signature"] = signature;
+  } else if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), timeoutMs);
   let response;
   try {
     response = await fetch(`${gatewayUrl}/rpc`, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`
-      },
+      headers,
       body: JSON.stringify(payload),
       signal: controller.signal
     });

package/dist/{chunk-QVV2P3FN.js → chunk-QHQPXO67.js}

@@ -2,6 +2,58 @@ import {
   AgentBnBError
 } from "./chunk-XA63SD4T.js";
 
+// src/credit/signing.ts
+import { generateKeyPairSync, sign, verify, createPublicKey, createPrivateKey } from "crypto";
+import { writeFileSync, readFileSync, existsSync, chmodSync } from "fs";
+import { join } from "path";
+function generateKeyPair() {
+  const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
+    publicKeyEncoding: { type: "spki", format: "der" },
+    privateKeyEncoding: { type: "pkcs8", format: "der" }
+  });
+  return {
+    publicKey: Buffer.from(publicKey),
+    privateKey: Buffer.from(privateKey)
+  };
+}
+function saveKeyPair(configDir, keys) {
+  const privatePath = join(configDir, "private.key");
+  const publicPath = join(configDir, "public.key");
+  writeFileSync(privatePath, keys.privateKey);
+  chmodSync(privatePath, 384);
+  writeFileSync(publicPath, keys.publicKey);
+}
+function loadKeyPair(configDir) {
+  const privatePath = join(configDir, "private.key");
+  const publicPath = join(configDir, "public.key");
+  if (!existsSync(privatePath) || !existsSync(publicPath)) {
+    throw new AgentBnBError("Keypair not found. Run `agentbnb init` to generate one.", "KEYPAIR_NOT_FOUND");
+  }
+  return {
+    publicKey: readFileSync(publicPath),
+    privateKey: readFileSync(privatePath)
+  };
+}
+function canonicalJson(data) {
+  return JSON.stringify(data, Object.keys(data).sort());
+}
+function signEscrowReceipt(data, privateKey) {
+  const message = Buffer.from(canonicalJson(data), "utf-8");
+  const keyObject = createPrivateKey({ key: privateKey, format: "der", type: "pkcs8" });
+  const signature = sign(null, message, keyObject);
+  return signature.toString("base64url");
+}
+function verifyEscrowReceipt(data, signature, publicKey) {
+  try {
+    const message = Buffer.from(canonicalJson(data), "utf-8");
+    const keyObject = createPublicKey({ key: publicKey, format: "der", type: "spki" });
+    const sigBuffer = Buffer.from(signature, "base64url");
+    return verify(null, message, keyObject, sigBuffer);
+  } catch {
+    return false;
+  }
+}
+
 // src/credit/escrow.ts
 import { randomUUID } from "crypto";
 function holdEscrow(db, owner, amount, cardId) {
@@ -180,6 +232,11 @@ function recordEarning(db, owner, amount, _cardId, receiptNonce) {
 }
 
 export {
+  generateKeyPair,
+  saveKeyPair,
+  loadKeyPair,
+  signEscrowReceipt,
+  verifyEscrowReceipt,
   holdEscrow,
   settleEscrow,
   releaseEscrow,

package/dist/{chunk-SVEZBIGE.js → chunk-QSPWE5AE.js}

@@ -9,8 +9,9 @@ import {
   holdEscrow,
   recordEarning,
   releaseEscrow,
-  settleEscrow
-} from "./chunk-QVV2P3FN.js";
+  settleEscrow,
+  verifyEscrowReceipt
+} from "./chunk-QHQPXO67.js";
 import {
   AgentBnBError
 } from "./chunk-XA63SD4T.js";
@@ -18,58 +19,6 @@ import {
 // src/gateway/execute.ts
 import { randomUUID } from "crypto";
 
-// src/credit/signing.ts
-import { generateKeyPairSync, sign, verify, createPublicKey, createPrivateKey } from "crypto";
-import { writeFileSync, readFileSync, existsSync, chmodSync } from "fs";
-import { join } from "path";
-function generateKeyPair() {
-  const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
-    publicKeyEncoding: { type: "spki", format: "der" },
-    privateKeyEncoding: { type: "pkcs8", format: "der" }
-  });
-  return {
-    publicKey: Buffer.from(publicKey),
-    privateKey: Buffer.from(privateKey)
-  };
-}
-function saveKeyPair(configDir, keys) {
-  const privatePath = join(configDir, "private.key");
-  const publicPath = join(configDir, "public.key");
-  writeFileSync(privatePath, keys.privateKey);
-  chmodSync(privatePath, 384);
-  writeFileSync(publicPath, keys.publicKey);
-}
-function loadKeyPair(configDir) {
-  const privatePath = join(configDir, "private.key");
-  const publicPath = join(configDir, "public.key");
-  if (!existsSync(privatePath) || !existsSync(publicPath)) {
-    throw new AgentBnBError("Keypair not found. Run `agentbnb init` to generate one.", "KEYPAIR_NOT_FOUND");
-  }
-  return {
-    publicKey: readFileSync(publicPath),
-    privateKey: readFileSync(privatePath)
-  };
-}
-function canonicalJson(data) {
-  return JSON.stringify(data, Object.keys(data).sort());
-}
-function signEscrowReceipt(data, privateKey) {
-  const message = Buffer.from(canonicalJson(data), "utf-8");
-  const keyObject = createPrivateKey({ key: privateKey, format: "der", type: "pkcs8" });
-  const signature = sign(null, message, keyObject);
-  return signature.toString("base64url");
-}
-function verifyEscrowReceipt(data, signature, publicKey) {
-  try {
-    const message = Buffer.from(canonicalJson(data), "utf-8");
-    const keyObject = createPublicKey({ key: publicKey, format: "der", type: "spki" });
-    const sigBuffer = Buffer.from(signature, "base64url");
-    return verify(null, message, keyObject, sigBuffer);
-  } catch {
-    return false;
-  }
-}
-
 // src/credit/settlement.ts
 function settleProviderEarning(providerDb, providerOwner, receipt) {
   recordEarning(
@@ -247,10 +196,6 @@ async function executeCapabilityRequest(opts) {
 }
 
 export {
-  generateKeyPair,
-  saveKeyPair,
-  loadKeyPair,
-  signEscrowReceipt,
   settleRequesterEscrow,
   releaseRequesterEscrow,
   executeCapabilityRequest

package/dist/cli/index.js

@@ -1,13 +1,9 @@
 #!/usr/bin/env node
 import {
   executeCapabilityRequest,
-  generateKeyPair,
-  loadKeyPair,
   releaseRequesterEscrow,
-  saveKeyPair,
-  settleRequesterEscrow,
-  signEscrowReceipt
-} from "../chunk-SVEZBIGE.js";
+  settleRequesterEscrow
+} from "../chunk-QSPWE5AE.js";
 import {
   RelayMessageSchema
 } from "../chunk-3Y36WQDV.js";
@@ -24,7 +20,7 @@ import {
   requestCapability,
   resolvePendingRequest,
   searchCards
-} from "../chunk-KTHJ5F3X.js";
+} from "../chunk-IZZ4FP45.js";
 import {
   findPeer,
   getConfigDir,
@@ -49,12 +45,17 @@ import {
 } from "../chunk-UOGDK2S2.js";
 import {
   bootstrapAgent,
+  generateKeyPair,
   getBalance,
   getTransactions,
   holdEscrow,
+  loadKeyPair,
   openCreditDb,
-  releaseEscrow
-} from "../chunk-QVV2P3FN.js";
+  releaseEscrow,
+  saveKeyPair,
+  signEscrowReceipt,
+  verifyEscrowReceipt
+} from "../chunk-QHQPXO67.js";
 import {
   AgentBnBError,
   AnyCardSchema,
@@ -1525,7 +1526,7 @@ var AgentRuntime = class {
     }
     const modes = /* @__PURE__ */ new Map();
     if (this.conductorEnabled) {
-      const { ConductorMode } = await import("../conductor-mode-6MIVMFBC.js");
+      const { ConductorMode } = await import("../conductor-mode-IO45PWMI.js");
       const { registerConductorCard, CONDUCTOR_OWNER } = await import("../card-IE5UV5QX.js");
       const { loadPeers: loadPeers2 } = await import("../peers-G36URZYB.js");
       registerConductorCard(this.registryDb);
@@ -1648,22 +1649,27 @@ function createGatewayServer(opts) {
   fastify.addHook("onRequest", async (request, reply) => {
     if (request.method === "GET" && request.url === "/health") return;
     const auth = request.headers.authorization;
-    if (!auth || !auth.startsWith("Bearer ")) {
-      await reply.status(401).send({
-        jsonrpc: "2.0",
-        id: null,
-        error: { code: -32e3, message: "Unauthorized: missing token" }
-      });
-      return;
-    }
-    const token = auth.slice("Bearer ".length).trim();
-    if (!tokenSet.has(token)) {
-      await reply.status(401).send({
-        jsonrpc: "2.0",
-        id: null,
-        error: { code: -32e3, message: "Unauthorized: invalid token" }
-      });
+    if (auth && auth.startsWith("Bearer ")) {
+      const token = auth.slice("Bearer ".length).trim();
+      if (tokenSet.has(token)) return;
+    }
+    const agentId = request.headers["x-agent-id"];
+    const publicKeyHex = request.headers["x-agent-public-key"];
+    const signature = request.headers["x-agent-signature"];
+    if (agentId && publicKeyHex && signature) {
+      try {
+        const publicKeyBuf = Buffer.from(publicKeyHex, "hex");
+        const body = request.body;
+        const valid = verifyEscrowReceipt(body, signature, publicKeyBuf);
+        if (valid) return;
+      } catch {
+      }
     }
+    await reply.status(401).send({
+      jsonrpc: "2.0",
+      id: null,
+      error: { code: -32e3, message: "Unauthorized: provide Bearer token or X-Agent-Id/Signature headers" }
+    });
   });
   fastify.get("/health", async () => {
     return { status: "ok", version: VERSION, uptime: process.uptime() };
@@ -2899,6 +2905,22 @@ async function confirm(question) {
     rl.close();
   }
 }
+function loadIdentityAuth(owner) {
+  const configDir = getConfigDir();
+  let keys;
+  try {
+    keys = loadKeyPair(configDir);
+  } catch {
+    keys = generateKeyPair();
+    saveKeyPair(configDir, keys);
+  }
+  const identity = ensureIdentity(configDir, owner);
+  return {
+    agentId: identity.agent_id,
+    publicKey: identity.public_key,
+    privateKey: keys.privateKey
+  };
+}
 function getLanIp() {
   const nets = networkInterfaces();
   for (const ifaces of Object.values(nets)) {
@@ -3434,6 +3456,7 @@ program.command("request [card-id]").description("Request a capability from anot
   let gatewayUrl;
   let token;
   let isRemoteRequest = false;
+  let identityAuth;
   if (opts.peer) {
     const peer = findPeer(opts.peer);
     if (!peer) {
@@ -3443,6 +3466,7 @@ program.command("request [card-id]").description("Request a capability from anot
     gatewayUrl = peer.url;
     token = peer.token;
     isRemoteRequest = true;
+    identityAuth = loadIdentityAuth(config.owner);
   } else {
     const db = openDatabase(config.db_path);
     let localCard;
@@ -3481,6 +3505,7 @@ program.command("request [card-id]").description("Request a capability from anot
       gatewayUrl = remoteCard.gateway_url;
       token = "";
       isRemoteRequest = true;
+      identityAuth = loadIdentityAuth(config.owner);
       if (!opts.json) {
         const displayName = remoteCard.name ?? remoteCard.agent_name ?? cardId;
         console.log(`Found remote card: ${displayName} @ ${gatewayUrl}`);
@@ -3533,7 +3558,8 @@ program.command("request [card-id]").description("Request a capability from anot
       token,
       cardId,
       params: { ...params, ...opts.skill ? { skill_id: opts.skill } : {} },
-      escrowReceipt
+      escrowReceipt,
+      identity: identityAuth
     });
     if (useReceipt && escrowId) {
       const configDir = getConfigDir();
@@ -3704,7 +3730,7 @@ program.command("serve").description("Start the AgentBnB gateway server").option
     }
     if (opts.registry) {
       const { RelayClient } = await import("../websocket-client-5TIQDYQ4.js");
-      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../execute-HM25IOG7.js");
+      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../execute-SWWEHV2K.js");
       const cards = listCards(runtime.registryDb, config.owner);
       const card = cards[0] ?? {
         id: config.owner,
@@ -3973,7 +3999,7 @@ openclaw.command("rules").description("Print HEARTBEAT.md rules block (or inject
   }
 });
 program.command("conduct <task>").description("Orchestrate a complex task across the AgentBnB network").option("--plan-only", "Show execution plan without executing").option("--max-budget <credits>", "Maximum credits to spend", "100").option("--json", "Output as JSON").action(async (task, opts) => {
-  const { conductAction } = await import("../conduct-5XKKALNX.js");
+  const { conductAction } = await import("../conduct-IEQ567ET.js");
   const result = await conductAction(task, opts);
   if (opts.json) {
     console.log(JSON.stringify(result, null, 2));

package/dist/{conduct-5XKKALNX.js → conduct-IEQ567ET.js}

@@ -4,10 +4,10 @@ import {
   decompose,
   matchSubTasks,
   orchestrate
-} from "./chunk-P35546JW.js";
+} from "./chunk-7OACGAFD.js";
 import {
   BudgetManager
-} from "./chunk-KTHJ5F3X.js";
+} from "./chunk-IZZ4FP45.js";
 import {
   loadConfig,
   loadPeers
@@ -17,7 +17,7 @@ import {
 } from "./chunk-UOGDK2S2.js";
 import {
   openCreditDb
-} from "./chunk-QVV2P3FN.js";
+} from "./chunk-QHQPXO67.js";
 import "./chunk-XA63SD4T.js";
 
 // src/cli/conduct.ts

package/dist/{conductor-mode-6MIVMFBC.js → conductor-mode-IO45PWMI.js}

@@ -3,12 +3,12 @@ import {
   decompose,
   matchSubTasks,
   orchestrate
-} from "./chunk-P35546JW.js";
+} from "./chunk-7OACGAFD.js";
 import {
   BudgetManager
-} from "./chunk-KTHJ5F3X.js";
+} from "./chunk-IZZ4FP45.js";
 import "./chunk-BEI5MTNZ.js";
-import "./chunk-QVV2P3FN.js";
+import "./chunk-QHQPXO67.js";
 import "./chunk-XA63SD4T.js";
 
 // src/conductor/conductor-mode.ts

package/dist/{execute-HM25IOG7.js → execute-SWWEHV2K.js}

@@ -1,8 +1,8 @@
 import {
   executeCapabilityRequest
-} from "./chunk-SVEZBIGE.js";
+} from "./chunk-QSPWE5AE.js";
 import "./chunk-UOGDK2S2.js";
-import "./chunk-QVV2P3FN.js";
+import "./chunk-QHQPXO67.js";
 import "./chunk-XA63SD4T.js";
 export {
   executeCapabilityRequest

package/dist/index.js

@@ -946,22 +946,27 @@ function createGatewayServer(opts) {
   fastify.addHook("onRequest", async (request, reply) => {
     if (request.method === "GET" && request.url === "/health") return;
     const auth = request.headers.authorization;
-    if (!auth || !auth.startsWith("Bearer ")) {
-      await reply.status(401).send({
-        jsonrpc: "2.0",
-        id: null,
-        error: { code: -32e3, message: "Unauthorized: missing token" }
-      });
-      return;
-    }
-    const token = auth.slice("Bearer ".length).trim();
-    if (!tokenSet.has(token)) {
-      await reply.status(401).send({
-        jsonrpc: "2.0",
-        id: null,
-        error: { code: -32e3, message: "Unauthorized: invalid token" }
-      });
+    if (auth && auth.startsWith("Bearer ")) {
+      const token = auth.slice("Bearer ".length).trim();
+      if (tokenSet.has(token)) return;
+    }
+    const agentId = request.headers["x-agent-id"];
+    const publicKeyHex = request.headers["x-agent-public-key"];
+    const signature = request.headers["x-agent-signature"];
+    if (agentId && publicKeyHex && signature) {
+      try {
+        const publicKeyBuf = Buffer.from(publicKeyHex, "hex");
+        const body = request.body;
+        const valid = verifyEscrowReceipt(body, signature, publicKeyBuf);
+        if (valid) return;
+      } catch {
+      }
     }
+    await reply.status(401).send({
+      jsonrpc: "2.0",
+      id: null,
+      error: { code: -32e3, message: "Unauthorized: provide Bearer token or X-Agent-Id/Signature headers" }
+    });
   });
   fastify.get("/health", async () => {
     return { status: "ok", version: VERSION, uptime: process.uptime() };
@@ -1917,7 +1922,7 @@ function decompose(task, _availableCapabilities) {
 // src/gateway/client.ts
 import { randomUUID as randomUUID5 } from "crypto";
 async function requestCapability(opts) {
-  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt } = opts;
+  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt, identity } = opts;
   const id = randomUUID5();
   const payload = {
     jsonrpc: "2.0",
@@ -1929,16 +1934,22 @@ async function requestCapability(opts) {
       ...escrowReceipt ? { escrow_receipt: escrowReceipt } : {}
     }
   };
+  const headers = { "Content-Type": "application/json" };
+  if (identity) {
+    const signature = signEscrowReceipt(payload, identity.privateKey);
+    headers["X-Agent-Id"] = identity.agentId;
+    headers["X-Agent-Public-Key"] = identity.publicKey;
+    headers["X-Agent-Signature"] = signature;
+  } else if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), timeoutMs);
   let response;
   try {
     response = await fetch(`${gatewayUrl}/rpc`, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`
-      },
+      headers,
       body: JSON.stringify(payload),
       signal: controller.signal
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentbnb",
-  "version": "3.1.2",
+  "version": "3.1.4",
   "description": "P2P Agent Capability Sharing Protocol — Airbnb for AI agent pipelines",
   "type": "module",
   "main": "dist/index.js",