agentbnb 3.1.6 → 4.0.1

package/dist/{chunk-7OACGAFD.js → chunk-MQKYGY5I.js}

@@ -1,9 +1,16 @@
 import {
-  interpolateObject,
-  requestCapability,
-  scorePeers,
+  interpolateObject
+} from "./chunk-3MJT4PZG.js";
+import {
+  scorePeers
+} from "./chunk-6K5WUVF3.js";
+import {
+  fetchRemoteCards,
   searchCards
-} from "./chunk-IZZ4FP45.js";
+} from "./chunk-QJEOCKVF.js";
+import {
+  requestCapability
+} from "./chunk-KJG2UJV5.js";
 
 // src/conductor/task-decomposer.ts
 import { randomUUID } from "crypto";
@@ -116,10 +123,17 @@ function decompose(task, _availableCapabilities) {
 
 // src/conductor/capability-matcher.ts
 var MAX_ALTERNATIVES = 2;
-function matchSubTasks(opts) {
-  const { db, subtasks, conductorOwner } = opts;
-  return subtasks.map((subtask) => {
-    const cards = searchCards(db, subtask.required_capability, { online: true });
+async function matchSubTasks(opts) {
+  const { db, subtasks, conductorOwner, registryUrl } = opts;
+  return Promise.all(subtasks.map(async (subtask) => {
+    let cards = searchCards(db, subtask.required_capability, { online: true });
+    if (cards.length === 0 && registryUrl) {
+      try {
+        cards = await fetchRemoteCards(registryUrl, { q: subtask.required_capability, online: true });
+      } catch {
+        cards = [];
+      }
+    }
     const candidates = [];
     for (const card of cards) {
       const cardAsV2 = card;
@@ -161,11 +175,12 @@ function matchSubTasks(opts) {
       subtask_id: subtask.id,
       selected_agent: top.card.owner,
       selected_skill: top.skillId ?? "",
+      selected_card_id: top.card.id,
       score: top.rawScore,
       credits: top.cost,
       alternatives
     };
-  });
+  }));
 }
 
 // src/conductor/budget-controller.ts
@@ -260,7 +275,7 @@ function computeWaves(subtasks) {
   return waves;
 }
 async function orchestrate(opts) {
-  const { subtasks, matches, gatewayToken, resolveAgentUrl, timeoutMs = 3e4, maxBudget } = opts;
+  const { subtasks, matches, gatewayToken, resolveAgentUrl, timeoutMs = 3e5, maxBudget, relayClient, requesterOwner } = opts;
   const startTime = Date.now();
   if (subtasks.length === 0) {
     return {
@@ -311,26 +326,50 @@ async function orchestrate(opts) {
         );
         const primary = resolveAgentUrl(m.selected_agent);
         try {
-          const res = await requestCapability({
-            gatewayUrl: primary.url,
-            token: gatewayToken,
-            cardId: primary.cardId,
-            params: interpolatedParams,
-            timeoutMs
-          });
+          let res;
+          if (primary.url.startsWith("relay://") && relayClient) {
+            const targetOwner = primary.url.replace("relay://", "");
+            res = await relayClient.request({
+              targetOwner,
+              cardId: primary.cardId,
+              params: interpolatedParams,
+              requester: requesterOwner,
+              timeoutMs
+            });
+          } else {
+            res = await requestCapability({
+              gatewayUrl: primary.url,
+              token: gatewayToken,
+              cardId: primary.cardId,
+              params: interpolatedParams,
+              timeoutMs
+            });
+          }
           return { taskId, result: res, credits: m.credits };
         } catch (primaryErr) {
           if (m.alternatives.length > 0) {
             const alt = m.alternatives[0];
             const altAgent = resolveAgentUrl(alt.agent);
             try {
-              const altRes = await requestCapability({
-                gatewayUrl: altAgent.url,
-                token: gatewayToken,
-                cardId: altAgent.cardId,
-                params: interpolatedParams,
-                timeoutMs
-              });
+              let altRes;
+              if (altAgent.url.startsWith("relay://") && relayClient) {
+                const targetOwner = altAgent.url.replace("relay://", "");
+                altRes = await relayClient.request({
+                  targetOwner,
+                  cardId: altAgent.cardId,
+                  params: interpolatedParams,
+                  requester: requesterOwner,
+                  timeoutMs
+                });
+              } else {
+                altRes = await requestCapability({
+                  gatewayUrl: altAgent.url,
+                  token: gatewayToken,
+                  cardId: altAgent.cardId,
+                  params: interpolatedParams,
+                  timeoutMs
+                });
+              }
               return { taskId, result: altRes, credits: alt.credits };
             } catch (altErr) {
               throw new Error(

package/dist/chunk-ODBGCCEH.js

@@ -0,0 +1,358 @@
+import {
+  bootstrapAgent,
+  getBalance,
+  getTransactions,
+  holdEscrow,
+  openCreditDb,
+  releaseEscrow,
+  settleEscrow
+} from "./chunk-XQHN6ITI.js";
+import {
+  signEscrowReceipt,
+  verifyEscrowReceipt
+} from "./chunk-DVAS2443.js";
+import {
+  AgentBnBError
+} from "./chunk-FNKBHBYK.js";
+
+// src/credit/local-credit-ledger.ts
+var LocalCreditLedger = class {
+  constructor(db) {
+    this.db = db;
+  }
+  /**
+   * Holds credits in escrow during capability execution.
+   *
+   * @param owner - Agent identifier (requester).
+   * @param amount - Number of credits to hold.
+   * @param cardId - Capability Card ID being requested.
+   * @returns EscrowResult with the new escrowId.
+   * @throws {AgentBnBError} with code 'INSUFFICIENT_CREDITS' if balance < amount.
+   */
+  async hold(owner, amount, cardId) {
+    const escrowId = holdEscrow(this.db, owner, amount, cardId);
+    return { escrowId };
+  }
+  /**
+   * Settles an escrow — transfers held credits to the capability provider.
+   *
+   * @param escrowId - The escrow ID to settle.
+   * @param recipientOwner - Agent identifier who will receive the credits.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async settle(escrowId, recipientOwner) {
+    settleEscrow(this.db, escrowId, recipientOwner);
+  }
+  /**
+   * Releases an escrow — refunds credits back to the requester.
+   *
+   * @param escrowId - The escrow ID to release.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async release(escrowId) {
+    releaseEscrow(this.db, escrowId);
+  }
+  /**
+   * Returns the current credit balance for an agent.
+   *
+   * @param owner - Agent identifier.
+   * @returns Current balance in credits (0 if agent is unknown).
+   */
+  async getBalance(owner) {
+    return getBalance(this.db, owner);
+  }
+  /**
+   * Returns the transaction history for an agent, newest first.
+   *
+   * @param owner - Agent identifier.
+   * @param limit - Maximum number of transactions to return. Defaults to 100.
+   * @returns Array of credit transactions ordered newest first.
+   */
+  async getHistory(owner, limit) {
+    return getTransactions(this.db, owner, limit);
+  }
+  /**
+   * Grants initial credits to an agent (bootstrap grant).
+   * Idempotent — calling multiple times has no additional effect on balance.
+   *
+   * @param owner - Agent identifier.
+   * @param amount - Number of credits to grant. Defaults to 100.
+   */
+  async grant(owner, amount) {
+    bootstrapAgent(this.db, owner, amount);
+  }
+};
+
+// src/registry/identity-auth.ts
+var MAX_REQUEST_AGE_MS = 5 * 60 * 1e3;
+async function verifyIdentity(request, reply) {
+  const publicKeyHex = request.headers["x-agent-publickey"];
+  const signature = request.headers["x-agent-signature"];
+  const timestamp = request.headers["x-agent-timestamp"];
+  if (!publicKeyHex || !signature || !timestamp) {
+    await reply.code(401).send({ error: "Missing identity headers" });
+    return false;
+  }
+  const requestTime = new Date(timestamp).getTime();
+  if (isNaN(requestTime) || Math.abs(Date.now() - requestTime) > MAX_REQUEST_AGE_MS) {
+    await reply.code(401).send({ error: "Request expired" });
+    return false;
+  }
+  const payload = {
+    method: request.method,
+    path: request.url,
+    timestamp,
+    publicKey: publicKeyHex
+  };
+  let publicKeyBuffer;
+  try {
+    publicKeyBuffer = Buffer.from(publicKeyHex, "hex");
+  } catch {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
+  const valid = verifyEscrowReceipt(payload, signature, publicKeyBuffer);
+  if (!valid) {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
+  request.agentPublicKey = publicKeyHex;
+  return true;
+}
+function identityAuthPlugin(fastify) {
+  fastify.addHook("onRequest", async (request, reply) => {
+    await verifyIdentity(request, reply);
+  });
+}
+function signRequest(method, path, body, privateKey, publicKeyHex) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const payload = {
+    method,
+    path,
+    timestamp,
+    publicKey: publicKeyHex
+  };
+  void body;
+  const signature = signEscrowReceipt(payload, privateKey);
+  return {
+    "X-Agent-PublicKey": publicKeyHex,
+    "X-Agent-Signature": signature,
+    "X-Agent-Timestamp": timestamp
+  };
+}
+
+// src/credit/registry-credit-ledger.ts
+var HTTP_TIMEOUT_MS = 1e4;
+var RegistryCreditLedger = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Holds credits in escrow during capability execution.
+   *
+   * @param owner - Agent identifier (requester).
+   * @param amount - Number of credits to hold.
+   * @param cardId - Capability Card ID being requested.
+   * @returns EscrowResult with the new escrowId.
+   * @throws {AgentBnBError} with code 'INSUFFICIENT_CREDITS' if balance < amount.
+   */
+  async hold(owner, amount, cardId) {
+    if (this.config.mode === "direct") {
+      const escrowId = holdEscrow(this.config.db, owner, amount, cardId);
+      return { escrowId };
+    }
+    const data = await this.post("/api/credits/hold", owner, {
+      owner,
+      amount,
+      cardId
+    });
+    return { escrowId: data.escrowId };
+  }
+  /**
+   * Settles an escrow — transfers held credits to the capability provider.
+   *
+   * @param escrowId - The escrow ID to settle.
+   * @param recipientOwner - Agent identifier who will receive the credits.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async settle(escrowId, recipientOwner) {
+    if (this.config.mode === "direct") {
+      settleEscrow(this.config.db, escrowId, recipientOwner);
+      return;
+    }
+    await this.post("/api/credits/settle", null, { escrowId, recipientOwner });
+  }
+  /**
+   * Releases an escrow — refunds credits back to the requester.
+   *
+   * @param escrowId - The escrow ID to release.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async release(escrowId) {
+    if (this.config.mode === "direct") {
+      releaseEscrow(this.config.db, escrowId);
+      return;
+    }
+    await this.post("/api/credits/release", null, { escrowId });
+  }
+  /**
+   * Returns the current credit balance for an agent.
+   *
+   * @param owner - Agent identifier.
+   * @returns Current balance in credits (0 if agent is unknown).
+   */
+  async getBalance(owner) {
+    if (this.config.mode === "direct") {
+      return getBalance(this.config.db, owner);
+    }
+    const data = await this.get(`/api/credits/${owner}`, owner);
+    return data.balance;
+  }
+  /**
+   * Returns the transaction history for an agent, newest first.
+   *
+   * @param owner - Agent identifier.
+   * @param limit - Maximum number of transactions to return. Defaults to 100.
+   * @returns Array of credit transactions ordered newest first.
+   */
+  async getHistory(owner, limit = 100) {
+    if (this.config.mode === "direct") {
+      return getTransactions(this.config.db, owner, limit);
+    }
+    const data = await this.get(
+      `/api/credits/${owner}/history?limit=${limit}`,
+      owner
+    );
+    return data.transactions;
+  }
+  /**
+   * Grants initial credits to an agent (bootstrap grant).
+   * Idempotent — calling multiple times has no additional effect on balance.
+   *
+   * @param owner - Agent identifier.
+   * @param amount - Number of credits to grant. Defaults to 100.
+   */
+  async grant(owner, amount = 100) {
+    if (this.config.mode === "direct") {
+      bootstrapAgent(this.config.db, owner, amount);
+      return;
+    }
+    await this.post("/api/credits/grant", owner, { owner, amount });
+  }
+  // ─── Private HTTP helpers ─────────────────────────────────────────────────
+  /**
+   * Makes an authenticated POST request to the Registry HTTP API.
+   * Includes a 10s timeout via AbortController.
+   *
+   * @param path - API path (e.g., '/api/credits/hold').
+   * @param ownerForHeader - Agent owner identifier for X-Agent-Owner header, or null to omit.
+   * @param body - JSON body to send.
+   * @returns Parsed JSON response body.
+   * @throws {AgentBnBError} on non-2xx responses or network errors.
+   */
+  async post(path, ownerForHeader, body) {
+    const cfg = this.config;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
+    try {
+      const authHeaders = signRequest("POST", path, body, cfg.privateKey, cfg.ownerPublicKey);
+      const headers = {
+        "Content-Type": "application/json",
+        ...authHeaders
+      };
+      void ownerForHeader;
+      const res = await fetch(`${cfg.registryUrl}${path}`, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(body),
+        signal: controller.signal
+      });
+      return await this.handleResponse(res);
+    } catch (err) {
+      if (err instanceof AgentBnBError) throw err;
+      throw new AgentBnBError(
+        `Registry unreachable: ${err.message}`,
+        "REGISTRY_UNREACHABLE"
+      );
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  /**
+   * Makes an authenticated GET request to the Registry HTTP API.
+   * Includes a 10s timeout via AbortController.
+   *
+   * @param path - API path (e.g., '/api/credits/owner-id').
+   * @param owner - Agent owner identifier for X-Agent-Owner header.
+   * @returns Parsed JSON response body.
+   * @throws {AgentBnBError} on non-2xx responses or network errors.
+   */
+  async get(path, owner) {
+    const cfg = this.config;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
+    try {
+      const authHeaders = signRequest("GET", path, null, cfg.privateKey, cfg.ownerPublicKey);
+      void owner;
+      const res = await fetch(`${cfg.registryUrl}${path}`, {
+        method: "GET",
+        headers: {
+          "Content-Type": "application/json",
+          ...authHeaders
+        },
+        signal: controller.signal
+      });
+      return await this.handleResponse(res);
+    } catch (err) {
+      if (err instanceof AgentBnBError) throw err;
+      throw new AgentBnBError(
+        `Registry unreachable: ${err.message}`,
+        "REGISTRY_UNREACHABLE"
+      );
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  /**
+   * Handles an HTTP response — returns parsed JSON on 2xx, throws AgentBnBError on error.
+   */
+  async handleResponse(res) {
+    const json = await res.json();
+    if (!res.ok) {
+      const code = typeof json["code"] === "string" ? json["code"] : "REGISTRY_ERROR";
+      const message = typeof json["error"] === "string" ? json["error"] : `HTTP ${res.status}`;
+      throw new AgentBnBError(message, code);
+    }
+    return json;
+  }
+};
+
+// src/credit/create-ledger.ts
+function createLedger(opts) {
+  if ("registryUrl" in opts && opts.registryUrl !== void 0) {
+    return new RegistryCreditLedger({
+      mode: "http",
+      registryUrl: opts.registryUrl,
+      ownerPublicKey: opts.ownerPublicKey,
+      privateKey: opts.privateKey
+    });
+  }
+  if ("db" in opts && opts.db !== void 0) {
+    return new RegistryCreditLedger({
+      mode: "direct",
+      db: opts.db
+    });
+  }
+  const db = openCreditDb(opts.creditDbPath);
+  return new LocalCreditLedger(db);
+}
+
+export {
+  identityAuthPlugin,
+  createLedger
+};

package/dist/{chunk-QSPWE5AE.js → chunk-Q7HRI666.js}

@@ -2,19 +2,21 @@ import {
   getCard,
   insertRequestLog,
   updateReputation
-} from "./chunk-UOGDK2S2.js";
+} from "./chunk-TLU7ALCZ.js";
 import {
   confirmEscrowDebit,
   getBalance,
   holdEscrow,
   recordEarning,
   releaseEscrow,
-  settleEscrow,
+  settleEscrow
+} from "./chunk-XQHN6ITI.js";
+import {
   verifyEscrowReceipt
-} from "./chunk-QHQPXO67.js";
+} from "./chunk-DVAS2443.js";
 import {
   AgentBnBError
-} from "./chunk-XA63SD4T.js";
+} from "./chunk-FNKBHBYK.js";
 
 // src/gateway/execute.ts
 import { randomUUID } from "crypto";
@@ -49,7 +51,8 @@ async function executeCapabilityRequest(opts) {
     escrowReceipt: receipt,
     skillExecutor,
     handlerUrl,
-    timeoutMs = 3e4
+    timeoutMs = 3e5,
+    onProgress
   } = opts;
   const card = getCard(registryDb, cardId);
   if (!card) {
@@ -156,7 +159,7 @@ async function executeCapabilityRequest(opts) {
   if (skillExecutor) {
     const targetSkillId = resolvedSkillId ?? skillId ?? cardId;
     try {
-      const execResult = await skillExecutor.execute(targetSkillId, params);
+      const execResult = await skillExecutor.execute(targetSkillId, params, onProgress);
       if (!execResult.success) {
         return handleFailure("failure", execResult.latency_ms, execResult.error ?? "Execution failed");
       }

package/dist/chunk-QJEOCKVF.js

@@ -0,0 +1,148 @@
+import {
+  AgentBnBError
+} from "./chunk-FNKBHBYK.js";
+
+// src/registry/matcher.ts
+function searchCards(db, query, filters = {}) {
+  const words = query.trim().split(/\s+/).map((w) => w.replace(/["*^{}():]/g, "")).filter((w) => w.length > 0);
+  if (words.length === 0) return [];
+  const ftsQuery = words.map((w) => `"${w}"`).join(" OR ");
+  const conditions = [];
+  const params = [ftsQuery];
+  if (filters.level !== void 0) {
+    conditions.push(`json_extract(cc.data, '$.level') = ?`);
+    params.push(filters.level);
+  }
+  if (filters.online !== void 0) {
+    conditions.push(`json_extract(cc.data, '$.availability.online') = ?`);
+    params.push(filters.online ? 1 : 0);
+  }
+  const whereClause = conditions.length > 0 ? `AND ${conditions.join(" AND ")}` : "";
+  const sql = `
+    SELECT cc.data
+    FROM capability_cards cc
+    JOIN cards_fts ON cc.rowid = cards_fts.rowid
+    WHERE cards_fts MATCH ?
+      ${whereClause}
+    ORDER BY bm25(cards_fts)
+    LIMIT 50
+  `;
+  const stmt = db.prepare(sql);
+  const rows = stmt.all(...params);
+  const results = rows.map((row) => JSON.parse(row.data));
+  if (filters.apis_used && filters.apis_used.length > 0) {
+    const requiredApis = filters.apis_used;
+    return results.filter((card) => {
+      const cardApis = card.metadata?.apis_used ?? [];
+      return requiredApis.every((api) => cardApis.includes(api));
+    });
+  }
+  return results;
+}
+function filterCards(db, filters) {
+  const conditions = [];
+  const params = [];
+  if (filters.level !== void 0) {
+    conditions.push(`json_extract(data, '$.level') = ?`);
+    params.push(filters.level);
+  }
+  if (filters.online !== void 0) {
+    conditions.push(`json_extract(data, '$.availability.online') = ?`);
+    params.push(filters.online ? 1 : 0);
+  }
+  const whereClause = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+  const sql = `SELECT data FROM capability_cards ${whereClause}`;
+  const stmt = db.prepare(sql);
+  const rows = stmt.all(...params);
+  return rows.map((row) => JSON.parse(row.data));
+}
+
+// src/cli/remote-registry.ts
+var RegistryTimeoutError = class extends AgentBnBError {
+  constructor(url) {
+    super(
+      `Registry at ${url} did not respond within 5s. Showing local results only.`,
+      "REGISTRY_TIMEOUT"
+    );
+    this.name = "RegistryTimeoutError";
+  }
+};
+var RegistryConnectionError = class extends AgentBnBError {
+  constructor(url) {
+    super(
+      `Cannot reach ${url}. Is the registry running? Showing local results only.`,
+      "REGISTRY_CONNECTION"
+    );
+    this.name = "RegistryConnectionError";
+  }
+};
+var RegistryAuthError = class extends AgentBnBError {
+  constructor(url) {
+    super(
+      `Authentication failed for ${url}. Run \`agentbnb config set token <your-token>\`.`,
+      "REGISTRY_AUTH"
+    );
+    this.name = "RegistryAuthError";
+  }
+};
+async function fetchRemoteCards(registryUrl, params, timeoutMs = 5e3) {
+  let cardsUrl;
+  try {
+    cardsUrl = new URL("/cards", registryUrl);
+  } catch {
+    throw new AgentBnBError(`Invalid registry URL: ${registryUrl}`, "INVALID_REGISTRY_URL");
+  }
+  const searchParams = new URLSearchParams();
+  if (params.q !== void 0) searchParams.set("q", params.q);
+  if (params.level !== void 0) searchParams.set("level", String(params.level));
+  if (params.online !== void 0) searchParams.set("online", String(params.online));
+  if (params.tag !== void 0) searchParams.set("tag", params.tag);
+  searchParams.set("limit", "100");
+  cardsUrl.search = searchParams.toString();
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  let response;
+  try {
+    response = await fetch(cardsUrl.toString(), { signal: controller.signal });
+  } catch (err) {
+    clearTimeout(timer);
+    const isTimeout = err instanceof Error && err.name === "AbortError";
+    if (isTimeout) {
+      throw new RegistryTimeoutError(registryUrl);
+    }
+    throw new RegistryConnectionError(registryUrl);
+  } finally {
+    clearTimeout(timer);
+  }
+  if (response.status === 401 || response.status === 403) {
+    throw new RegistryAuthError(registryUrl);
+  }
+  if (!response.ok) {
+    throw new RegistryConnectionError(registryUrl);
+  }
+  const body = await response.json();
+  return body.items;
+}
+function mergeResults(localCards, remoteCards, hasQuery) {
+  const taggedLocal = localCards.map((c) => ({ ...c, source: "local" }));
+  const taggedRemote = remoteCards.map((c) => ({ ...c, source: "remote" }));
+  const localIds = new Set(localCards.map((c) => c.id));
+  const dedupedRemote = taggedRemote.filter((c) => !localIds.has(c.id));
+  if (!hasQuery) {
+    return [...taggedLocal, ...dedupedRemote];
+  }
+  const result = [];
+  const maxLen = Math.max(taggedLocal.length, dedupedRemote.length);
+  for (let i = 0; i < maxLen; i++) {
+    if (i < taggedLocal.length) result.push(taggedLocal[i]);
+    if (i < dedupedRemote.length) result.push(dedupedRemote[i]);
+  }
+  return result;
+}
+
+export {
+  searchCards,
+  filterCards,
+  fetchRemoteCards,
+  mergeResults
+};