agentbnb 4.0.0 → 4.0.1

package/dist/chunk-M3G5NR2Z.js

@@ -0,0 +1,90 @@
+import {
+  generateKeyPair,
+  loadKeyPair,
+  saveKeyPair
+} from "./chunk-DVAS2443.js";
+
+// src/identity/identity.ts
+import { z } from "zod";
+import { createHash } from "crypto";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+var AgentIdentitySchema = z.object({
+  /** Deterministic ID derived from public key: sha256(hex).slice(0, 16). */
+  agent_id: z.string().min(1),
+  /** Human-readable owner name (from config or init). */
+  owner: z.string().min(1),
+  /** Hex-encoded Ed25519 public key. */
+  public_key: z.string().min(1),
+  /** ISO 8601 timestamp of identity creation. */
+  created_at: z.string().datetime(),
+  /** Optional guarantor info if linked to a human. */
+  guarantor: z.object({
+    github_login: z.string().min(1),
+    verified_at: z.string().datetime()
+  }).optional()
+});
+var AgentCertificateSchema = z.object({
+  identity: AgentIdentitySchema,
+  /** ISO 8601 timestamp of certificate issuance. */
+  issued_at: z.string().datetime(),
+  /** ISO 8601 timestamp of certificate expiry. */
+  expires_at: z.string().datetime(),
+  /** Hex-encoded public key of the issuer (same as identity for self-signed). */
+  issuer_public_key: z.string().min(1),
+  /** Base64url Ed25519 signature over { identity, issued_at, expires_at, issuer_public_key }. */
+  signature: z.string().min(1)
+});
+var IDENTITY_FILENAME = "identity.json";
+function deriveAgentId(publicKeyHex) {
+  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
+}
+function createIdentity(configDir, owner) {
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  let keys;
+  try {
+    keys = loadKeyPair(configDir);
+  } catch {
+    keys = generateKeyPair();
+    saveKeyPair(configDir, keys);
+  }
+  const publicKeyHex = keys.publicKey.toString("hex");
+  const agentId = deriveAgentId(publicKeyHex);
+  const identity = {
+    agent_id: agentId,
+    owner,
+    public_key: publicKeyHex,
+    created_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  saveIdentity(configDir, identity);
+  return identity;
+}
+function loadIdentity(configDir) {
+  const filePath = join(configDir, IDENTITY_FILENAME);
+  if (!existsSync(filePath)) return null;
+  try {
+    const raw = readFileSync(filePath, "utf-8");
+    return AgentIdentitySchema.parse(JSON.parse(raw));
+  } catch {
+    return null;
+  }
+}
+function saveIdentity(configDir, identity) {
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const filePath = join(configDir, IDENTITY_FILENAME);
+  writeFileSync(filePath, JSON.stringify(identity, null, 2), "utf-8");
+}
+function ensureIdentity(configDir, owner) {
+  const existing = loadIdentity(configDir);
+  if (existing) return existing;
+  return createIdentity(configDir, owner);
+}
+
+export {
+  deriveAgentId,
+  ensureIdentity
+};

package/dist/{chunk-HEVXCYCY.js → chunk-MQKYGY5I.js}

@@ -1,11 +1,16 @@
 import {
-  interpolateObject,
-  scorePeers,
+  interpolateObject
+} from "./chunk-3MJT4PZG.js";
+import {
+  scorePeers
+} from "./chunk-6K5WUVF3.js";
+import {
+  fetchRemoteCards,
   searchCards
-} from "./chunk-UJWYE7VL.js";
+} from "./chunk-QJEOCKVF.js";
 import {
   requestCapability
-} from "./chunk-RSX4SCPN.js";
+} from "./chunk-KJG2UJV5.js";
 
 // src/conductor/task-decomposer.ts
 import { randomUUID } from "crypto";
@@ -118,10 +123,17 @@ function decompose(task, _availableCapabilities) {
 
 // src/conductor/capability-matcher.ts
 var MAX_ALTERNATIVES = 2;
-function matchSubTasks(opts) {
-  const { db, subtasks, conductorOwner } = opts;
-  return subtasks.map((subtask) => {
-    const cards = searchCards(db, subtask.required_capability, { online: true });
+async function matchSubTasks(opts) {
+  const { db, subtasks, conductorOwner, registryUrl } = opts;
+  return Promise.all(subtasks.map(async (subtask) => {
+    let cards = searchCards(db, subtask.required_capability, { online: true });
+    if (cards.length === 0 && registryUrl) {
+      try {
+        cards = await fetchRemoteCards(registryUrl, { q: subtask.required_capability, online: true });
+      } catch {
+        cards = [];
+      }
+    }
     const candidates = [];
     for (const card of cards) {
       const cardAsV2 = card;
@@ -163,11 +175,12 @@ function matchSubTasks(opts) {
       subtask_id: subtask.id,
       selected_agent: top.card.owner,
       selected_skill: top.skillId ?? "",
+      selected_card_id: top.card.id,
       score: top.rawScore,
       credits: top.cost,
       alternatives
     };
-  });
+  }));
 }
 
 // src/conductor/budget-controller.ts
@@ -262,7 +275,7 @@ function computeWaves(subtasks) {
   return waves;
 }
 async function orchestrate(opts) {
-  const { subtasks, matches, gatewayToken, resolveAgentUrl, timeoutMs = 3e4, maxBudget } = opts;
+  const { subtasks, matches, gatewayToken, resolveAgentUrl, timeoutMs = 3e5, maxBudget, relayClient, requesterOwner } = opts;
   const startTime = Date.now();
   if (subtasks.length === 0) {
     return {
@@ -313,26 +326,50 @@ async function orchestrate(opts) {
         );
         const primary = resolveAgentUrl(m.selected_agent);
         try {
-          const res = await requestCapability({
-            gatewayUrl: primary.url,
-            token: gatewayToken,
-            cardId: primary.cardId,
-            params: interpolatedParams,
-            timeoutMs
-          });
+          let res;
+          if (primary.url.startsWith("relay://") && relayClient) {
+            const targetOwner = primary.url.replace("relay://", "");
+            res = await relayClient.request({
+              targetOwner,
+              cardId: primary.cardId,
+              params: interpolatedParams,
+              requester: requesterOwner,
+              timeoutMs
+            });
+          } else {
+            res = await requestCapability({
+              gatewayUrl: primary.url,
+              token: gatewayToken,
+              cardId: primary.cardId,
+              params: interpolatedParams,
+              timeoutMs
+            });
+          }
           return { taskId, result: res, credits: m.credits };
         } catch (primaryErr) {
           if (m.alternatives.length > 0) {
             const alt = m.alternatives[0];
             const altAgent = resolveAgentUrl(alt.agent);
             try {
-              const altRes = await requestCapability({
-                gatewayUrl: altAgent.url,
-                token: gatewayToken,
-                cardId: altAgent.cardId,
-                params: interpolatedParams,
-                timeoutMs
-              });
+              let altRes;
+              if (altAgent.url.startsWith("relay://") && relayClient) {
+                const targetOwner = altAgent.url.replace("relay://", "");
+                altRes = await relayClient.request({
+                  targetOwner,
+                  cardId: altAgent.cardId,
+                  params: interpolatedParams,
+                  requester: requesterOwner,
+                  timeoutMs
+                });
+              } else {
+                altRes = await requestCapability({
+                  gatewayUrl: altAgent.url,
+                  token: gatewayToken,
+                  cardId: altAgent.cardId,
+                  params: interpolatedParams,
+                  timeoutMs
+                });
+              }
               return { taskId, result: altRes, credits: alt.credits };
             } catch (altErr) {
               throw new Error(

package/dist/chunk-ODBGCCEH.js

@@ -0,0 +1,358 @@
+import {
+  bootstrapAgent,
+  getBalance,
+  getTransactions,
+  holdEscrow,
+  openCreditDb,
+  releaseEscrow,
+  settleEscrow
+} from "./chunk-XQHN6ITI.js";
+import {
+  signEscrowReceipt,
+  verifyEscrowReceipt
+} from "./chunk-DVAS2443.js";
+import {
+  AgentBnBError
+} from "./chunk-FNKBHBYK.js";
+
+// src/credit/local-credit-ledger.ts
+var LocalCreditLedger = class {
+  constructor(db) {
+    this.db = db;
+  }
+  /**
+   * Holds credits in escrow during capability execution.
+   *
+   * @param owner - Agent identifier (requester).
+   * @param amount - Number of credits to hold.
+   * @param cardId - Capability Card ID being requested.
+   * @returns EscrowResult with the new escrowId.
+   * @throws {AgentBnBError} with code 'INSUFFICIENT_CREDITS' if balance < amount.
+   */
+  async hold(owner, amount, cardId) {
+    const escrowId = holdEscrow(this.db, owner, amount, cardId);
+    return { escrowId };
+  }
+  /**
+   * Settles an escrow — transfers held credits to the capability provider.
+   *
+   * @param escrowId - The escrow ID to settle.
+   * @param recipientOwner - Agent identifier who will receive the credits.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async settle(escrowId, recipientOwner) {
+    settleEscrow(this.db, escrowId, recipientOwner);
+  }
+  /**
+   * Releases an escrow — refunds credits back to the requester.
+   *
+   * @param escrowId - The escrow ID to release.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async release(escrowId) {
+    releaseEscrow(this.db, escrowId);
+  }
+  /**
+   * Returns the current credit balance for an agent.
+   *
+   * @param owner - Agent identifier.
+   * @returns Current balance in credits (0 if agent is unknown).
+   */
+  async getBalance(owner) {
+    return getBalance(this.db, owner);
+  }
+  /**
+   * Returns the transaction history for an agent, newest first.
+   *
+   * @param owner - Agent identifier.
+   * @param limit - Maximum number of transactions to return. Defaults to 100.
+   * @returns Array of credit transactions ordered newest first.
+   */
+  async getHistory(owner, limit) {
+    return getTransactions(this.db, owner, limit);
+  }
+  /**
+   * Grants initial credits to an agent (bootstrap grant).
+   * Idempotent — calling multiple times has no additional effect on balance.
+   *
+   * @param owner - Agent identifier.
+   * @param amount - Number of credits to grant. Defaults to 100.
+   */
+  async grant(owner, amount) {
+    bootstrapAgent(this.db, owner, amount);
+  }
+};
+
+// src/registry/identity-auth.ts
+var MAX_REQUEST_AGE_MS = 5 * 60 * 1e3;
+async function verifyIdentity(request, reply) {
+  const publicKeyHex = request.headers["x-agent-publickey"];
+  const signature = request.headers["x-agent-signature"];
+  const timestamp = request.headers["x-agent-timestamp"];
+  if (!publicKeyHex || !signature || !timestamp) {
+    await reply.code(401).send({ error: "Missing identity headers" });
+    return false;
+  }
+  const requestTime = new Date(timestamp).getTime();
+  if (isNaN(requestTime) || Math.abs(Date.now() - requestTime) > MAX_REQUEST_AGE_MS) {
+    await reply.code(401).send({ error: "Request expired" });
+    return false;
+  }
+  const payload = {
+    method: request.method,
+    path: request.url,
+    timestamp,
+    publicKey: publicKeyHex
+  };
+  let publicKeyBuffer;
+  try {
+    publicKeyBuffer = Buffer.from(publicKeyHex, "hex");
+  } catch {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
+  const valid = verifyEscrowReceipt(payload, signature, publicKeyBuffer);
+  if (!valid) {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
+  request.agentPublicKey = publicKeyHex;
+  return true;
+}
+function identityAuthPlugin(fastify) {
+  fastify.addHook("onRequest", async (request, reply) => {
+    await verifyIdentity(request, reply);
+  });
+}
+function signRequest(method, path, body, privateKey, publicKeyHex) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const payload = {
+    method,
+    path,
+    timestamp,
+    publicKey: publicKeyHex
+  };
+  void body;
+  const signature = signEscrowReceipt(payload, privateKey);
+  return {
+    "X-Agent-PublicKey": publicKeyHex,
+    "X-Agent-Signature": signature,
+    "X-Agent-Timestamp": timestamp
+  };
+}
+
+// src/credit/registry-credit-ledger.ts
+var HTTP_TIMEOUT_MS = 1e4;
+var RegistryCreditLedger = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Holds credits in escrow during capability execution.
+   *
+   * @param owner - Agent identifier (requester).
+   * @param amount - Number of credits to hold.
+   * @param cardId - Capability Card ID being requested.
+   * @returns EscrowResult with the new escrowId.
+   * @throws {AgentBnBError} with code 'INSUFFICIENT_CREDITS' if balance < amount.
+   */
+  async hold(owner, amount, cardId) {
+    if (this.config.mode === "direct") {
+      const escrowId = holdEscrow(this.config.db, owner, amount, cardId);
+      return { escrowId };
+    }
+    const data = await this.post("/api/credits/hold", owner, {
+      owner,
+      amount,
+      cardId
+    });
+    return { escrowId: data.escrowId };
+  }
+  /**
+   * Settles an escrow — transfers held credits to the capability provider.
+   *
+   * @param escrowId - The escrow ID to settle.
+   * @param recipientOwner - Agent identifier who will receive the credits.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async settle(escrowId, recipientOwner) {
+    if (this.config.mode === "direct") {
+      settleEscrow(this.config.db, escrowId, recipientOwner);
+      return;
+    }
+    await this.post("/api/credits/settle", null, { escrowId, recipientOwner });
+  }
+  /**
+   * Releases an escrow — refunds credits back to the requester.
+   *
+   * @param escrowId - The escrow ID to release.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async release(escrowId) {
+    if (this.config.mode === "direct") {
+      releaseEscrow(this.config.db, escrowId);
+      return;
+    }
+    await this.post("/api/credits/release", null, { escrowId });
+  }
+  /**
+   * Returns the current credit balance for an agent.
+   *
+   * @param owner - Agent identifier.
+   * @returns Current balance in credits (0 if agent is unknown).
+   */
+  async getBalance(owner) {
+    if (this.config.mode === "direct") {
+      return getBalance(this.config.db, owner);
+    }
+    const data = await this.get(`/api/credits/${owner}`, owner);
+    return data.balance;
+  }
+  /**
+   * Returns the transaction history for an agent, newest first.
+   *
+   * @param owner - Agent identifier.
+   * @param limit - Maximum number of transactions to return. Defaults to 100.
+   * @returns Array of credit transactions ordered newest first.
+   */
+  async getHistory(owner, limit = 100) {
+    if (this.config.mode === "direct") {
+      return getTransactions(this.config.db, owner, limit);
+    }
+    const data = await this.get(
+      `/api/credits/${owner}/history?limit=${limit}`,
+      owner
+    );
+    return data.transactions;
+  }
+  /**
+   * Grants initial credits to an agent (bootstrap grant).
+   * Idempotent — calling multiple times has no additional effect on balance.
+   *
+   * @param owner - Agent identifier.
+   * @param amount - Number of credits to grant. Defaults to 100.
+   */
+  async grant(owner, amount = 100) {
+    if (this.config.mode === "direct") {
+      bootstrapAgent(this.config.db, owner, amount);
+      return;
+    }
+    await this.post("/api/credits/grant", owner, { owner, amount });
+  }
+  // ─── Private HTTP helpers ─────────────────────────────────────────────────
+  /**
+   * Makes an authenticated POST request to the Registry HTTP API.
+   * Includes a 10s timeout via AbortController.
+   *
+   * @param path - API path (e.g., '/api/credits/hold').
+   * @param ownerForHeader - Agent owner identifier for X-Agent-Owner header, or null to omit.
+   * @param body - JSON body to send.
+   * @returns Parsed JSON response body.
+   * @throws {AgentBnBError} on non-2xx responses or network errors.
+   */
+  async post(path, ownerForHeader, body) {
+    const cfg = this.config;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
+    try {
+      const authHeaders = signRequest("POST", path, body, cfg.privateKey, cfg.ownerPublicKey);
+      const headers = {
+        "Content-Type": "application/json",
+        ...authHeaders
+      };
+      void ownerForHeader;
+      const res = await fetch(`${cfg.registryUrl}${path}`, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(body),
+        signal: controller.signal
+      });
+      return await this.handleResponse(res);
+    } catch (err) {
+      if (err instanceof AgentBnBError) throw err;
+      throw new AgentBnBError(
+        `Registry unreachable: ${err.message}`,
+        "REGISTRY_UNREACHABLE"
+      );
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  /**
+   * Makes an authenticated GET request to the Registry HTTP API.
+   * Includes a 10s timeout via AbortController.
+   *
+   * @param path - API path (e.g., '/api/credits/owner-id').
+   * @param owner - Agent owner identifier for X-Agent-Owner header.
+   * @returns Parsed JSON response body.
+   * @throws {AgentBnBError} on non-2xx responses or network errors.
+   */
+  async get(path, owner) {
+    const cfg = this.config;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
+    try {
+      const authHeaders = signRequest("GET", path, null, cfg.privateKey, cfg.ownerPublicKey);
+      void owner;
+      const res = await fetch(`${cfg.registryUrl}${path}`, {
+        method: "GET",
+        headers: {
+          "Content-Type": "application/json",
+          ...authHeaders
+        },
+        signal: controller.signal
+      });
+      return await this.handleResponse(res);
+    } catch (err) {
+      if (err instanceof AgentBnBError) throw err;
+      throw new AgentBnBError(
+        `Registry unreachable: ${err.message}`,
+        "REGISTRY_UNREACHABLE"
+      );
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  /**
+   * Handles an HTTP response — returns parsed JSON on 2xx, throws AgentBnBError on error.
+   */
+  async handleResponse(res) {
+    const json = await res.json();
+    if (!res.ok) {
+      const code = typeof json["code"] === "string" ? json["code"] : "REGISTRY_ERROR";
+      const message = typeof json["error"] === "string" ? json["error"] : `HTTP ${res.status}`;
+      throw new AgentBnBError(message, code);
+    }
+    return json;
+  }
+};
+
+// src/credit/create-ledger.ts
+function createLedger(opts) {
+  if ("registryUrl" in opts && opts.registryUrl !== void 0) {
+    return new RegistryCreditLedger({
+      mode: "http",
+      registryUrl: opts.registryUrl,
+      ownerPublicKey: opts.ownerPublicKey,
+      privateKey: opts.privateKey
+    });
+  }
+  if ("db" in opts && opts.db !== void 0) {
+    return new RegistryCreditLedger({
+      mode: "direct",
+      db: opts.db
+    });
+  }
+  const db = openCreditDb(opts.creditDbPath);
+  return new LocalCreditLedger(db);
+}
+
+export {
+  identityAuthPlugin,
+  createLedger
+};

package/dist/{chunk-CUVIWPQO.js → chunk-Q7HRI666.js}

@@ -2,7 +2,7 @@ import {
   getCard,
   insertRequestLog,
   updateReputation
-} from "./chunk-UOGDK2S2.js";
+} from "./chunk-TLU7ALCZ.js";
 import {
   confirmEscrowDebit,
   getBalance,
@@ -10,13 +10,13 @@ import {
   recordEarning,
   releaseEscrow,
   settleEscrow
-} from "./chunk-QVV2P3FN.js";
+} from "./chunk-XQHN6ITI.js";
 import {
   verifyEscrowReceipt
-} from "./chunk-QO67IGCW.js";
+} from "./chunk-DVAS2443.js";
 import {
   AgentBnBError
-} from "./chunk-XA63SD4T.js";
+} from "./chunk-FNKBHBYK.js";
 
 // src/gateway/execute.ts
 import { randomUUID } from "crypto";
@@ -51,7 +51,8 @@ async function executeCapabilityRequest(opts) {
     escrowReceipt: receipt,
     skillExecutor,
     handlerUrl,
-    timeoutMs = 3e4
+    timeoutMs = 3e5,
+    onProgress
   } = opts;
   const card = getCard(registryDb, cardId);
   if (!card) {
@@ -158,7 +159,7 @@ async function executeCapabilityRequest(opts) {
   if (skillExecutor) {
     const targetSkillId = resolvedSkillId ?? skillId ?? cardId;
     try {
-      const execResult = await skillExecutor.execute(targetSkillId, params);
+      const execResult = await skillExecutor.execute(targetSkillId, params, onProgress);
       if (!execResult.success) {
         return handleFailure("failure", execResult.latency_ms, execResult.error ?? "Execution failed");
       }