agentbnb 4.0.0 → 4.0.1

package/dist/cli/index.js

@@ -1,37 +1,50 @@
 #!/usr/bin/env node
 import {
-  executeCapabilityRequest,
-  releaseRequesterEscrow,
-  settleRequesterEscrow
-} from "../chunk-CUVIWPQO.js";
+  deriveAgentId,
+  ensureIdentity
+} from "../chunk-M3G5NR2Z.js";
 import {
-  RelayMessageSchema
-} from "../chunk-3Y36WQDV.js";
+  createLedger,
+  identityAuthPlugin
+} from "../chunk-ODBGCCEH.js";
+import {
+  interpolateObject
+} from "../chunk-3MJT4PZG.js";
 import {
   AutoRequestor,
   BudgetManager,
   DEFAULT_AUTONOMY_CONFIG,
   DEFAULT_BUDGET_CONFIG,
-  filterCards,
   getAutonomyTier,
   insertAuditEvent,
-  interpolateObject,
   listPendingRequests,
-  resolvePendingRequest,
+  resolvePendingRequest
+} from "../chunk-6K5WUVF3.js";
+import {
+  fetchRemoteCards,
+  filterCards,
+  mergeResults,
   searchCards
-} from "../chunk-UJWYE7VL.js";
+} from "../chunk-QJEOCKVF.js";
 import {
   requestCapability
-} from "../chunk-RSX4SCPN.js";
+} from "../chunk-KJG2UJV5.js";
 import {
   findPeer,
-  getConfigDir,
-  loadConfig,
   loadPeers,
   removePeer,
-  saveConfig,
   savePeer
-} from "../chunk-BEI5MTNZ.js";
+} from "../chunk-5AH3CMOX.js";
+import {
+  getConfigDir,
+  loadConfig,
+  saveConfig
+} from "../chunk-75OC6E4F.js";
+import {
+  executeCapabilityRequest,
+  releaseRequesterEscrow,
+  settleRequesterEscrow
+} from "../chunk-Q7HRI666.js";
 import {
   getActivityFeed,
   getCard,
@@ -44,129 +57,53 @@ import {
   updateCard,
   updateSkillAvailability,
   updateSkillIdleRate
-} from "../chunk-UOGDK2S2.js";
+} from "../chunk-TLU7ALCZ.js";
 import {
   bootstrapAgent,
   getBalance,
   getTransactions,
   holdEscrow,
   openCreditDb,
-  releaseEscrow
-} from "../chunk-QVV2P3FN.js";
+  releaseEscrow,
+  settleEscrow
+} from "../chunk-XQHN6ITI.js";
 import {
   generateKeyPair,
   loadKeyPair,
   saveKeyPair,
   signEscrowReceipt,
   verifyEscrowReceipt
-} from "../chunk-QO67IGCW.js";
+} from "../chunk-DVAS2443.js";
 import {
   AgentBnBError,
   AnyCardSchema,
   CapabilityCardV2Schema
-} from "../chunk-XA63SD4T.js";
+} from "../chunk-FNKBHBYK.js";
+import {
+  RelayMessageSchema
+} from "../chunk-QT7TEVNV.js";
 
 // src/cli/index.ts
 import { Command } from "commander";
-import { readFileSync as readFileSync5 } from "fs";
+import { readFileSync as readFileSync4 } from "fs";
 import { createRequire } from "module";
-import { randomBytes } from "crypto";
-import { join as join4 } from "path";
+import { randomBytes as randomBytes2 } from "crypto";
+import { join as join3 } from "path";
 import { networkInterfaces, homedir } from "os";
 import { createInterface as createInterface2 } from "readline";
 
-// src/identity/identity.ts
-import { z } from "zod";
-import { createHash } from "crypto";
-import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
-import { join } from "path";
-var AgentIdentitySchema = z.object({
-  /** Deterministic ID derived from public key: sha256(hex).slice(0, 16). */
-  agent_id: z.string().min(1),
-  /** Human-readable owner name (from config or init). */
-  owner: z.string().min(1),
-  /** Hex-encoded Ed25519 public key. */
-  public_key: z.string().min(1),
-  /** ISO 8601 timestamp of identity creation. */
-  created_at: z.string().datetime(),
-  /** Optional guarantor info if linked to a human. */
-  guarantor: z.object({
-    github_login: z.string().min(1),
-    verified_at: z.string().datetime()
-  }).optional()
-});
-var AgentCertificateSchema = z.object({
-  identity: AgentIdentitySchema,
-  /** ISO 8601 timestamp of certificate issuance. */
-  issued_at: z.string().datetime(),
-  /** ISO 8601 timestamp of certificate expiry. */
-  expires_at: z.string().datetime(),
-  /** Hex-encoded public key of the issuer (same as identity for self-signed). */
-  issuer_public_key: z.string().min(1),
-  /** Base64url Ed25519 signature over { identity, issued_at, expires_at, issuer_public_key }. */
-  signature: z.string().min(1)
-});
-var IDENTITY_FILENAME = "identity.json";
-function deriveAgentId(publicKeyHex) {
-  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
-}
-function createIdentity(configDir, owner) {
-  if (!existsSync(configDir)) {
-    mkdirSync(configDir, { recursive: true });
-  }
-  let keys;
-  try {
-    keys = loadKeyPair(configDir);
-  } catch {
-    keys = generateKeyPair();
-    saveKeyPair(configDir, keys);
-  }
-  const publicKeyHex = keys.publicKey.toString("hex");
-  const agentId = deriveAgentId(publicKeyHex);
-  const identity = {
-    agent_id: agentId,
-    owner,
-    public_key: publicKeyHex,
-    created_at: (/* @__PURE__ */ new Date()).toISOString()
-  };
-  saveIdentity(configDir, identity);
-  return identity;
-}
-function loadIdentity(configDir) {
-  const filePath = join(configDir, IDENTITY_FILENAME);
-  if (!existsSync(filePath)) return null;
-  try {
-    const raw = readFileSync(filePath, "utf-8");
-    return AgentIdentitySchema.parse(JSON.parse(raw));
-  } catch {
-    return null;
-  }
-}
-function saveIdentity(configDir, identity) {
-  if (!existsSync(configDir)) {
-    mkdirSync(configDir, { recursive: true });
-  }
-  const filePath = join(configDir, IDENTITY_FILENAME);
-  writeFileSync(filePath, JSON.stringify(identity, null, 2), "utf-8");
-}
-function ensureIdentity(configDir, owner) {
-  const existing = loadIdentity(configDir);
-  if (existing) return existing;
-  return createIdentity(configDir, owner);
-}
-
 // src/credit/escrow-receipt.ts
-import { z as z2 } from "zod";
+import { z } from "zod";
 import { randomUUID } from "crypto";
-var EscrowReceiptSchema = z2.object({
-  requester_owner: z2.string().min(1),
-  requester_public_key: z2.string().min(1),
-  amount: z2.number().positive(),
-  card_id: z2.string().min(1),
-  skill_id: z2.string().optional(),
-  timestamp: z2.string(),
-  nonce: z2.string().uuid(),
-  signature: z2.string().min(1)
+var EscrowReceiptSchema = z.object({
+  requester_owner: z.string().min(1),
+  requester_public_key: z.string().min(1),
+  amount: z.number().positive(),
+  card_id: z.string().min(1),
+  skill_id: z.string().optional(),
+  timestamp: z.string(),
+  nonce: z.string().uuid(),
+  signature: z.string().min(1)
 });
 function createSignedEscrowReceipt(db, privateKey, publicKey, opts) {
   const escrowId = holdEscrow(db, opts.owner, opts.amount, opts.cardId);
@@ -280,89 +217,6 @@ var IdleMonitor = class {
   }
 };
 
-// src/cli/remote-registry.ts
-var RegistryTimeoutError = class extends AgentBnBError {
-  constructor(url) {
-    super(
-      `Registry at ${url} did not respond within 5s. Showing local results only.`,
-      "REGISTRY_TIMEOUT"
-    );
-    this.name = "RegistryTimeoutError";
-  }
-};
-var RegistryConnectionError = class extends AgentBnBError {
-  constructor(url) {
-    super(
-      `Cannot reach ${url}. Is the registry running? Showing local results only.`,
-      "REGISTRY_CONNECTION"
-    );
-    this.name = "RegistryConnectionError";
-  }
-};
-var RegistryAuthError = class extends AgentBnBError {
-  constructor(url) {
-    super(
-      `Authentication failed for ${url}. Run \`agentbnb config set token <your-token>\`.`,
-      "REGISTRY_AUTH"
-    );
-    this.name = "RegistryAuthError";
-  }
-};
-async function fetchRemoteCards(registryUrl, params, timeoutMs = 5e3) {
-  let cardsUrl;
-  try {
-    cardsUrl = new URL("/cards", registryUrl);
-  } catch {
-    throw new AgentBnBError(`Invalid registry URL: ${registryUrl}`, "INVALID_REGISTRY_URL");
-  }
-  const searchParams = new URLSearchParams();
-  if (params.q !== void 0) searchParams.set("q", params.q);
-  if (params.level !== void 0) searchParams.set("level", String(params.level));
-  if (params.online !== void 0) searchParams.set("online", String(params.online));
-  if (params.tag !== void 0) searchParams.set("tag", params.tag);
-  searchParams.set("limit", "100");
-  cardsUrl.search = searchParams.toString();
-  const controller = new AbortController();
-  const timer = setTimeout(() => controller.abort(), timeoutMs);
-  let response;
-  try {
-    response = await fetch(cardsUrl.toString(), { signal: controller.signal });
-  } catch (err) {
-    clearTimeout(timer);
-    const isTimeout = err instanceof Error && err.name === "AbortError";
-    if (isTimeout) {
-      throw new RegistryTimeoutError(registryUrl);
-    }
-    throw new RegistryConnectionError(registryUrl);
-  } finally {
-    clearTimeout(timer);
-  }
-  if (response.status === 401 || response.status === 403) {
-    throw new RegistryAuthError(registryUrl);
-  }
-  if (!response.ok) {
-    throw new RegistryConnectionError(registryUrl);
-  }
-  const body = await response.json();
-  return body.items;
-}
-function mergeResults(localCards, remoteCards, hasQuery) {
-  const taggedLocal = localCards.map((c) => ({ ...c, source: "local" }));
-  const taggedRemote = remoteCards.map((c) => ({ ...c, source: "remote" }));
-  const localIds = new Set(localCards.map((c) => c.id));
-  const dedupedRemote = taggedRemote.filter((c) => !localIds.has(c.id));
-  if (!hasQuery) {
-    return [...taggedLocal, ...dedupedRemote];
-  }
-  const result = [];
-  const maxLen = Math.max(taggedLocal.length, dedupedRemote.length);
-  for (let i = 0; i < maxLen; i++) {
-    if (i < taggedLocal.length) result.push(taggedLocal[i]);
-    if (i < dedupedRemote.length) result.push(dedupedRemote[i]);
-  }
-  return result;
-}
-
 // src/cli/onboarding.ts
 import { randomUUID as randomUUID2 } from "crypto";
 import { createConnection } from "net";
@@ -534,8 +388,8 @@ function buildDraftCard(apiKey, owner) {
 
 // src/onboarding/index.ts
 import { randomUUID as randomUUID3 } from "crypto";
-import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
-import { join as join2 } from "path";
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
 
 // src/onboarding/capability-templates.ts
 var API_PATTERNS = [
@@ -650,9 +504,9 @@ var DOC_FILES = ["SOUL.md", "CLAUDE.md", "AGENTS.md", "README.md"];
 function detectCapabilities(opts = {}) {
   const cwd = opts.cwd ?? process.cwd();
   if (opts.fromFile) {
-    const filePath = opts.fromFile.startsWith("/") ? opts.fromFile : join2(cwd, opts.fromFile);
-    if (existsSync2(filePath)) {
-      const content = readFileSync2(filePath, "utf-8");
+    const filePath = opts.fromFile.startsWith("/") ? opts.fromFile : join(cwd, opts.fromFile);
+    if (existsSync(filePath)) {
+      const content = readFileSync(filePath, "utf-8");
       const capabilities = detectFromDocs(content);
       if (capabilities.length > 0) {
         return { source: "docs", capabilities, sourceFile: filePath };
@@ -661,9 +515,9 @@ function detectCapabilities(opts = {}) {
     return { source: "none", capabilities: [] };
   }
   for (const fileName of DOC_FILES) {
-    const filePath = join2(cwd, fileName);
-    if (!existsSync2(filePath)) continue;
-    const content = readFileSync2(filePath, "utf-8");
+    const filePath = join(cwd, fileName);
+    if (!existsSync(filePath)) continue;
+    const content = readFileSync(filePath, "utf-8");
     if (fileName === "SOUL.md") {
       return { source: "soul", capabilities: [], soulContent: content, sourceFile: filePath };
     }
@@ -707,8 +561,49 @@ function capabilitiesToV2Card(capabilities, owner, agentName) {
   return CapabilityCardV2Schema.parse(card);
 }
 
+// src/registry/pricing.ts
+function getPricingStats(db, query) {
+  const cards = searchCards(db, query);
+  const prices = [];
+  const queryLower = query.toLowerCase();
+  const queryWords = queryLower.split(/\s+/).filter((w) => w.length > 0);
+  for (const card of cards) {
+    const v2 = card;
+    if (v2.skills && v2.skills.length > 0) {
+      for (const skill of v2.skills) {
+        const nameMatch = skillMatchesQuery(skill, queryWords);
+        if (nameMatch) {
+          prices.push(skill.pricing.credits_per_call);
+        }
+      }
+    } else {
+      prices.push(card.pricing.credits_per_call);
+    }
+  }
+  if (prices.length === 0) {
+    return { min: 0, max: 0, median: 0, mean: 0, count: 0 };
+  }
+  prices.sort((a, b) => a - b);
+  const min = prices[0];
+  const max = prices[prices.length - 1];
+  const mean = prices.reduce((sum, p) => sum + p, 0) / prices.length;
+  const median = computeMedian(prices);
+  return { min, max, median, mean, count: prices.length };
+}
+function skillMatchesQuery(skill, queryWords) {
+  const text = `${skill.name} ${skill.description}`.toLowerCase();
+  return queryWords.some((word) => text.includes(word));
+}
+function computeMedian(sorted) {
+  const mid = Math.floor(sorted.length / 2);
+  if (sorted.length % 2 === 1) {
+    return sorted[mid];
+  }
+  return (sorted[mid - 1] + sorted[mid]) / 2;
+}
+
 // src/runtime/agent-runtime.ts
-import { readFileSync as readFileSync3, existsSync as existsSync3 } from "fs";
+import { readFileSync as readFileSync2, existsSync as existsSync2 } from "fs";
 
 // src/skills/executor.ts
 var SkillExecutor = class {
@@ -735,7 +630,7 @@ var SkillExecutor = class {
    * @param params - Input parameters for the skill.
    * @returns ExecutionResult including success, result/error, and latency_ms.
    */
-  async execute(skillId, params) {
+  async execute(skillId, params, onProgress) {
     const startTime = Date.now();
     const config = this.skillMap.get(skillId);
     if (!config) {
@@ -754,7 +649,7 @@ var SkillExecutor = class {
       };
     }
     try {
-      const modeResult = await mode.execute(config, params);
+      const modeResult = await mode.execute(config, params, onProgress);
       return {
         ...modeResult,
         latency_ms: Date.now() - startTime
@@ -791,98 +686,98 @@ function createSkillExecutor(configs, modes) {
 }
 
 // src/skills/skill-config.ts
-import { z as z3 } from "zod";
+import { z as z2 } from "zod";
 import yaml from "js-yaml";
-var PricingSchema = z3.object({
-  credits_per_call: z3.number().nonnegative(),
-  credits_per_minute: z3.number().nonnegative().optional(),
-  free_tier: z3.number().nonnegative().optional()
+var PricingSchema = z2.object({
+  credits_per_call: z2.number().nonnegative(),
+  credits_per_minute: z2.number().nonnegative().optional(),
+  free_tier: z2.number().nonnegative().optional()
 });
-var ApiAuthSchema = z3.discriminatedUnion("type", [
-  z3.object({
-    type: z3.literal("bearer"),
-    token: z3.string()
+var ApiAuthSchema = z2.discriminatedUnion("type", [
+  z2.object({
+    type: z2.literal("bearer"),
+    token: z2.string()
   }),
-  z3.object({
-    type: z3.literal("apikey"),
-    header: z3.string().default("X-API-Key"),
-    key: z3.string()
+  z2.object({
+    type: z2.literal("apikey"),
+    header: z2.string().default("X-API-Key"),
+    key: z2.string()
   }),
-  z3.object({
-    type: z3.literal("basic"),
-    username: z3.string(),
-    password: z3.string()
+  z2.object({
+    type: z2.literal("basic"),
+    username: z2.string(),
+    password: z2.string()
   })
 ]);
-var ApiSkillConfigSchema = z3.object({
-  id: z3.string().min(1),
-  type: z3.literal("api"),
-  name: z3.string().min(1),
-  endpoint: z3.string().min(1),
-  method: z3.enum(["GET", "POST", "PUT", "DELETE"]),
+var ApiSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("api"),
+  name: z2.string().min(1),
+  endpoint: z2.string().min(1),
+  method: z2.enum(["GET", "POST", "PUT", "DELETE"]),
   auth: ApiAuthSchema.optional(),
-  input_mapping: z3.record(z3.string()).default({}),
-  output_mapping: z3.record(z3.string()).default({}),
+  input_mapping: z2.record(z2.string()).default({}),
+  output_mapping: z2.record(z2.string()).default({}),
   pricing: PricingSchema,
-  timeout_ms: z3.number().positive().default(3e4),
-  retries: z3.number().nonnegative().int().default(0),
-  provider: z3.string().optional()
+  timeout_ms: z2.number().positive().default(3e4),
+  retries: z2.number().nonnegative().int().default(0),
+  provider: z2.string().optional()
 });
-var PipelineStepSchema = z3.union([
-  z3.object({
-    skill_id: z3.string().min(1),
-    input_mapping: z3.record(z3.string()).default({})
+var PipelineStepSchema = z2.union([
+  z2.object({
+    skill_id: z2.string().min(1),
+    input_mapping: z2.record(z2.string()).default({})
   }),
-  z3.object({
-    command: z3.string().min(1),
-    input_mapping: z3.record(z3.string()).default({})
+  z2.object({
+    command: z2.string().min(1),
+    input_mapping: z2.record(z2.string()).default({})
   })
 ]);
-var PipelineSkillConfigSchema = z3.object({
-  id: z3.string().min(1),
-  type: z3.literal("pipeline"),
-  name: z3.string().min(1),
-  steps: z3.array(PipelineStepSchema).min(1),
+var PipelineSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("pipeline"),
+  name: z2.string().min(1),
+  steps: z2.array(PipelineStepSchema).min(1),
   pricing: PricingSchema,
-  timeout_ms: z3.number().positive().optional()
+  timeout_ms: z2.number().positive().optional()
 });
-var OpenClawSkillConfigSchema = z3.object({
-  id: z3.string().min(1),
-  type: z3.literal("openclaw"),
-  name: z3.string().min(1),
-  agent_name: z3.string().min(1),
-  channel: z3.enum(["telegram", "webhook", "process"]),
+var OpenClawSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("openclaw"),
+  name: z2.string().min(1),
+  agent_name: z2.string().min(1),
+  channel: z2.enum(["telegram", "webhook", "process"]),
   pricing: PricingSchema,
-  timeout_ms: z3.number().positive().optional()
+  timeout_ms: z2.number().positive().optional()
 });
-var CommandSkillConfigSchema = z3.object({
-  id: z3.string().min(1),
-  type: z3.literal("command"),
-  name: z3.string().min(1),
-  command: z3.string().min(1),
-  output_type: z3.enum(["json", "text", "file"]),
-  allowed_commands: z3.array(z3.string()).optional(),
-  working_dir: z3.string().optional(),
-  timeout_ms: z3.number().positive().default(3e4),
+var CommandSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("command"),
+  name: z2.string().min(1),
+  command: z2.string().min(1),
+  output_type: z2.enum(["json", "text", "file"]),
+  allowed_commands: z2.array(z2.string()).optional(),
+  working_dir: z2.string().optional(),
+  timeout_ms: z2.number().positive().default(3e4),
   pricing: PricingSchema
 });
-var ConductorSkillConfigSchema = z3.object({
-  id: z3.string().min(1),
-  type: z3.literal("conductor"),
-  name: z3.string().min(1),
-  conductor_skill: z3.enum(["orchestrate", "plan"]),
+var ConductorSkillConfigSchema = z2.object({
+  id: z2.string().min(1),
+  type: z2.literal("conductor"),
+  name: z2.string().min(1),
+  conductor_skill: z2.enum(["orchestrate", "plan"]),
   pricing: PricingSchema,
-  timeout_ms: z3.number().positive().optional()
+  timeout_ms: z2.number().positive().optional()
 });
-var SkillConfigSchema = z3.discriminatedUnion("type", [
+var SkillConfigSchema = z2.discriminatedUnion("type", [
   ApiSkillConfigSchema,
   PipelineSkillConfigSchema,
   OpenClawSkillConfigSchema,
   CommandSkillConfigSchema,
   ConductorSkillConfigSchema
 ]);
-var SkillsFileSchema = z3.object({
-  skills: z3.array(SkillConfigSchema)
+var SkillsFileSchema = z2.object({
+  skills: z2.array(SkillConfigSchema)
 });
 function expandEnvVars(value) {
   return value.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
@@ -1125,7 +1020,7 @@ var PipelineExecutor = class {
    * @param params - Input parameters from the caller.
    * @returns Partial ExecutionResult (without latency_ms — added by SkillExecutor wrapper).
    */
-  async execute(config, params) {
+  async execute(config, params, onProgress) {
     const pipelineConfig = config;
     const steps = pipelineConfig.steps ?? [];
     if (steps.length === 0) {
@@ -1184,6 +1079,13 @@ var PipelineExecutor = class {
       }
       context.steps.push({ result: stepResult });
       context.prev = { result: stepResult };
+      if (onProgress && i < steps.length - 1) {
+        onProgress({
+          step: i + 1,
+          total: steps.length,
+          message: `Completed step ${i + 1}/${steps.length}`
+        });
+      }
     }
     const lastStep = context.steps[context.steps.length - 1];
     return {
@@ -1519,20 +1421,20 @@ var AgentRuntime = class {
    * 3. Populate the Map with all 4 modes — SkillExecutor sees them via reference.
    */
   async initSkillExecutor() {
-    const hasSkillsYaml = this.skillsYamlPath && existsSync3(this.skillsYamlPath);
+    const hasSkillsYaml = this.skillsYamlPath && existsSync2(this.skillsYamlPath);
     if (!hasSkillsYaml && !this.conductorEnabled) {
       return;
     }
     let configs = [];
     if (hasSkillsYaml) {
-      const yamlContent = readFileSync3(this.skillsYamlPath, "utf8");
+      const yamlContent = readFileSync2(this.skillsYamlPath, "utf8");
       configs = parseSkillsFile(yamlContent);
     }
     const modes = /* @__PURE__ */ new Map();
     if (this.conductorEnabled) {
-      const { ConductorMode } = await import("../conductor-mode-XU7ONJWC.js");
-      const { registerConductorCard, CONDUCTOR_OWNER } = await import("../card-IE5UV5QX.js");
-      const { loadPeers: loadPeers2 } = await import("../peers-G36URZYB.js");
+      const { ConductorMode } = await import("../conductor-mode-3JS4VWCR.js");
+      const { registerConductorCard, CONDUCTOR_OWNER } = await import("../card-4XH4AOTE.js");
+      const { loadPeers: loadPeers2 } = await import("../peers-K7FSHPN3.js");
       registerConductorCard(this.registryDb);
       const resolveAgentUrl = (owner) => {
         const peers = loadPeers2();
@@ -1644,7 +1546,7 @@ function createGatewayServer(opts) {
     creditDb,
     tokens,
     handlerUrl,
-    timeoutMs = 3e4,
+    timeoutMs = 3e5,
     silent = false,
     skillExecutor
   } = opts;
@@ -1739,21 +1641,365 @@ function createGatewayServer(opts) {
 // src/registry/server.ts
 import Fastify2 from "fastify";
 import cors from "@fastify/cors";
+import swagger from "@fastify/swagger";
+import swaggerUi from "@fastify/swagger-ui";
 import fastifyStatic from "@fastify/static";
 import fastifyWebsocket from "@fastify/websocket";
-import { join as join3, dirname } from "path";
+import { join as join2, dirname } from "path";
 import { fileURLToPath } from "url";
-import { existsSync as existsSync4 } from "fs";
+import { existsSync as existsSync3 } from "fs";
 
 // src/relay/websocket-relay.ts
+import { randomUUID as randomUUID6 } from "crypto";
+
+// src/relay/relay-credit.ts
+function lookupCardPrice(registryDb, cardId, skillId) {
+  const row = registryDb.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
+  if (!row) return null;
+  let card;
+  try {
+    card = JSON.parse(row.data);
+  } catch {
+    return null;
+  }
+  if (skillId && Array.isArray(card.skills)) {
+    const skills = card.skills;
+    const skill = skills.find((s) => s.id === skillId);
+    if (skill) {
+      const skillPricing = skill.pricing;
+      if (skillPricing && typeof skillPricing.credits_per_call === "number") {
+        return skillPricing.credits_per_call;
+      }
+    }
+  }
+  const pricing = card.pricing;
+  if (!pricing || typeof pricing.credits_per_call !== "number") {
+    return null;
+  }
+  return pricing.credits_per_call;
+}
+function holdForRelay(creditDb, owner, amount, cardId) {
+  return holdEscrow(creditDb, owner, amount, cardId);
+}
+function settleForRelay(creditDb, escrowId, recipientOwner) {
+  settleEscrow(creditDb, escrowId, recipientOwner);
+}
+function calculateConductorFee(totalSubTaskCost) {
+  if (totalSubTaskCost <= 0) return 0;
+  const fee = Math.ceil(totalSubTaskCost * 0.1);
+  return Math.max(1, Math.min(20, fee));
+}
+function releaseForRelay(creditDb, escrowId) {
+  if (escrowId === void 0) return;
+  releaseEscrow(creditDb, escrowId);
+}
+
+// src/hub-agent/relay-bridge.ts
+import { randomUUID as randomUUID5 } from "crypto";
+
+// src/hub-agent/job-queue.ts
 import { randomUUID as randomUUID4 } from "crypto";
+function initJobQueue(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS hub_agent_jobs (
+      id TEXT PRIMARY KEY,
+      hub_agent_id TEXT NOT NULL,
+      skill_id TEXT NOT NULL,
+      requester_owner TEXT NOT NULL,
+      params TEXT,
+      status TEXT NOT NULL DEFAULT 'queued',
+      result TEXT,
+      escrow_id TEXT,
+      relay_owner TEXT,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    )
+  `);
+}
+function insertJob(db, input) {
+  const id = randomUUID4();
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const paramsJson = JSON.stringify(input.params);
+  db.prepare(`
+    INSERT INTO hub_agent_jobs (id, hub_agent_id, skill_id, requester_owner, params, status, escrow_id, relay_owner, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, 'queued', ?, ?, ?, ?)
+  `).run(
+    id,
+    input.hub_agent_id,
+    input.skill_id,
+    input.requester_owner,
+    paramsJson,
+    input.escrow_id ?? null,
+    input.relay_owner ?? null,
+    now,
+    now
+  );
+  return {
+    id,
+    hub_agent_id: input.hub_agent_id,
+    skill_id: input.skill_id,
+    requester_owner: input.requester_owner,
+    params: paramsJson,
+    status: "queued",
+    result: null,
+    escrow_id: input.escrow_id ?? null,
+    relay_owner: input.relay_owner ?? null,
+    created_at: now,
+    updated_at: now
+  };
+}
+function getJob(db, jobId) {
+  const row = db.prepare("SELECT * FROM hub_agent_jobs WHERE id = ?").get(jobId);
+  return row ?? null;
+}
+function listJobs(db, hubAgentId, status) {
+  if (status) {
+    return db.prepare(
+      "SELECT * FROM hub_agent_jobs WHERE hub_agent_id = ? AND status = ? ORDER BY created_at DESC"
+    ).all(hubAgentId, status);
+  }
+  return db.prepare(
+    "SELECT * FROM hub_agent_jobs WHERE hub_agent_id = ? ORDER BY created_at DESC"
+  ).all(hubAgentId);
+}
+function updateJobStatus(db, jobId, status, result) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  if (result !== void 0) {
+    db.prepare("UPDATE hub_agent_jobs SET status = ?, result = ?, updated_at = ? WHERE id = ?").run(status, result, now, jobId);
+  } else {
+    db.prepare("UPDATE hub_agent_jobs SET status = ?, updated_at = ? WHERE id = ?").run(status, now, jobId);
+  }
+}
+function getJobsByRelayOwner(db, relayOwner) {
+  return db.prepare(
+    "SELECT * FROM hub_agent_jobs WHERE relay_owner = ? AND status = ? ORDER BY created_at ASC"
+  ).all(relayOwner, "queued");
+}
+
+// src/hub-agent/crypto.ts
+import { createCipheriv, createDecipheriv, randomBytes } from "crypto";
+function getMasterKey() {
+  const hex = process.env.HUB_MASTER_KEY;
+  if (!hex || hex.length !== 64) {
+    throw new AgentBnBError(
+      "HUB_MASTER_KEY must be a 64-character hex string (32 bytes)",
+      "MISSING_MASTER_KEY"
+    );
+  }
+  return Buffer.from(hex, "hex");
+}
+function encrypt(plaintext, masterKey) {
+  const iv = randomBytes(12);
+  const cipher = createCipheriv("aes-256-gcm", masterKey, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return `${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted.toString("hex")}`;
+}
+function decrypt(encrypted, masterKey) {
+  const [ivHex, authTagHex, ciphertextHex] = encrypted.split(":");
+  const iv = Buffer.from(ivHex, "hex");
+  const authTag = Buffer.from(authTagHex, "hex");
+  const ciphertext = Buffer.from(ciphertextHex, "hex");
+  const decipher = createDecipheriv("aes-256-gcm", masterKey, iv);
+  decipher.setAuthTag(authTag);
+  const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+  return decrypted.toString("utf8");
+}
+
+// src/hub-agent/store.ts
+function initHubAgentTable(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS hub_agents (
+      agent_id TEXT PRIMARY KEY,
+      name TEXT NOT NULL,
+      owner_public_key TEXT NOT NULL,
+      public_key TEXT NOT NULL,
+      private_key_enc TEXT NOT NULL,
+      secrets_enc TEXT,
+      skill_routes TEXT NOT NULL DEFAULT '[]',
+      status TEXT NOT NULL DEFAULT 'active',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    )
+  `);
+}
+function createHubAgent(db, req, ownerPublicKey) {
+  const masterKey = getMasterKey();
+  const keys = generateKeyPair();
+  const publicKeyHex = keys.publicKey.toString("hex");
+  const agentId = deriveAgentId(publicKeyHex);
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const privateKeyEnc = encrypt(keys.privateKey.toString("hex"), masterKey);
+  const secretsEnc = req.secrets ? encrypt(JSON.stringify(req.secrets), masterKey) : null;
+  db.prepare(`
+    INSERT INTO hub_agents (agent_id, name, owner_public_key, public_key, private_key_enc, secrets_enc, skill_routes, status, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, 'active', ?, ?)
+  `).run(
+    agentId,
+    req.name,
+    ownerPublicKey,
+    publicKeyHex,
+    privateKeyEnc,
+    secretsEnc,
+    JSON.stringify(req.skill_routes),
+    now,
+    now
+  );
+  return {
+    agent_id: agentId,
+    name: req.name,
+    owner_public_key: ownerPublicKey,
+    public_key: publicKeyHex,
+    skill_routes: req.skill_routes,
+    status: "active",
+    created_at: now,
+    updated_at: now
+  };
+}
+function getHubAgent(db, agentId) {
+  const row = db.prepare("SELECT * FROM hub_agents WHERE agent_id = ?").get(agentId);
+  if (!row) return null;
+  const masterKey = getMasterKey();
+  const secrets = row.secrets_enc ? JSON.parse(decrypt(row.secrets_enc, masterKey)) : void 0;
+  return {
+    agent_id: row.agent_id,
+    name: row.name,
+    owner_public_key: row.owner_public_key,
+    public_key: row.public_key,
+    skill_routes: JSON.parse(row.skill_routes),
+    status: row.status,
+    created_at: row.created_at,
+    updated_at: row.updated_at,
+    ...secrets ? { secrets } : {}
+  };
+}
+function listHubAgents(db) {
+  const rows = db.prepare("SELECT agent_id, name, owner_public_key, public_key, skill_routes, status, created_at, updated_at FROM hub_agents ORDER BY created_at DESC").all();
+  return rows.map((row) => ({
+    agent_id: row.agent_id,
+    name: row.name,
+    owner_public_key: row.owner_public_key,
+    public_key: row.public_key,
+    skill_routes: JSON.parse(row.skill_routes),
+    status: row.status,
+    created_at: row.created_at,
+    updated_at: row.updated_at
+  }));
+}
+function updateHubAgent(db, agentId, updates) {
+  const existing = db.prepare("SELECT * FROM hub_agents WHERE agent_id = ?").get(agentId);
+  if (!existing) return null;
+  const masterKey = getMasterKey();
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const newName = updates.name ?? existing.name;
+  const newSkillRoutes = updates.skill_routes ? JSON.stringify(updates.skill_routes) : existing.skill_routes;
+  const newSecretsEnc = updates.secrets !== void 0 ? encrypt(JSON.stringify(updates.secrets), masterKey) : existing.secrets_enc;
+  db.prepare(`
+    UPDATE hub_agents SET name = ?, skill_routes = ?, secrets_enc = ?, updated_at = ?
+    WHERE agent_id = ?
+  `).run(newName, newSkillRoutes, newSecretsEnc, now, agentId);
+  const secrets = newSecretsEnc ? JSON.parse(decrypt(newSecretsEnc, masterKey)) : void 0;
+  return {
+    agent_id: existing.agent_id,
+    name: newName,
+    owner_public_key: existing.owner_public_key,
+    public_key: existing.public_key,
+    skill_routes: JSON.parse(newSkillRoutes),
+    status: existing.status,
+    created_at: existing.created_at,
+    updated_at: now,
+    ...secrets ? { secrets } : {}
+  };
+}
+function deleteHubAgent(db, agentId) {
+  const result = db.prepare("DELETE FROM hub_agents WHERE agent_id = ?").run(agentId);
+  return result.changes > 0;
+}
+
+// src/hub-agent/relay-bridge.ts
+var JOB_DISPATCH_TIMEOUT_MS = 3e5;
+function createRelayBridge(opts) {
+  const { registryDb, creditDb, sendMessage, pendingRequests, connections } = opts;
+  function onAgentOnline(owner) {
+    const jobs = getJobsByRelayOwner(registryDb, owner);
+    if (jobs.length === 0) return;
+    const targetWs = connections.get(owner);
+    if (!targetWs) return;
+    for (const job of jobs) {
+      updateJobStatus(registryDb, job.id, "dispatched");
+      const agent = getHubAgent(registryDb, job.hub_agent_id);
+      const cardId = agent ? agent.agent_id.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5") : job.hub_agent_id;
+      const requestId = randomUUID5();
+      let params = {};
+      try {
+        params = JSON.parse(job.params);
+      } catch {
+      }
+      const timeout = setTimeout(() => {
+        const pending = pendingRequests.get(requestId);
+        if (pending) {
+          pendingRequests.delete(requestId);
+          updateJobStatus(registryDb, job.id, "failed", JSON.stringify({ error: "dispatch timeout" }));
+          if (job.escrow_id) {
+            try {
+              releaseForRelay(creditDb, job.escrow_id);
+            } catch (e) {
+              console.error("[relay-bridge] escrow release on timeout failed:", e);
+            }
+          }
+        }
+      }, JOB_DISPATCH_TIMEOUT_MS);
+      pendingRequests.set(requestId, {
+        originOwner: job.requester_owner,
+        timeout,
+        escrowId: job.escrow_id ?? void 0,
+        targetOwner: owner,
+        jobId: job.id
+      });
+      sendMessage(targetWs, {
+        type: "incoming_request",
+        id: requestId,
+        from_owner: job.requester_owner,
+        card_id: cardId,
+        skill_id: job.skill_id,
+        params
+      });
+    }
+  }
+  return { onAgentOnline };
+}
+function handleJobRelayResponse(opts) {
+  const { registryDb, creditDb, jobId, escrowId, relayOwner, result, error } = opts;
+  if (error) {
+    updateJobStatus(registryDb, jobId, "failed", JSON.stringify(error));
+    if (escrowId) {
+      try {
+        releaseForRelay(creditDb, escrowId);
+      } catch (e) {
+        console.error("[relay-bridge] escrow release on error failed:", e);
+      }
+    }
+  } else {
+    updateJobStatus(registryDb, jobId, "completed", JSON.stringify(result));
+    if (escrowId) {
+      try {
+        settleForRelay(creditDb, escrowId, relayOwner);
+      } catch (e) {
+        console.error("[relay-bridge] escrow settle failed:", e);
+      }
+    }
+  }
+}
+
+// src/relay/websocket-relay.ts
 var RATE_LIMIT_MAX = 60;
 var RATE_LIMIT_WINDOW_MS = 6e4;
-var RELAY_TIMEOUT_MS = 3e4;
-function registerWebSocketRelay(server, db) {
+var RELAY_TIMEOUT_MS = 3e5;
+function registerWebSocketRelay(server, db, creditDb) {
   const connections = /* @__PURE__ */ new Map();
   const pendingRequests = /* @__PURE__ */ new Map();
   const rateLimits = /* @__PURE__ */ new Map();
+  let onAgentOnlineCallback;
   function checkRateLimit(owner) {
     const now = Date.now();
     const entry = rateLimits.get(owner);
@@ -1804,21 +2050,32 @@ function registerWebSocketRelay(server, db) {
     }
   }
   function upsertCard(cardData, owner) {
-    const cardId = cardData.id;
-    const existing = getCard(db, cardId);
+    const parsed = AnyCardSchema.safeParse(cardData);
+    if (!parsed.success) {
+      throw new AgentBnBError(
+        `Card validation failed: ${parsed.error.message}`,
+        "VALIDATION_ERROR"
+      );
+    }
+    const card = { ...parsed.data, availability: { ...parsed.data.availability, online: true } };
+    const cardId = card.id;
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const existing = db.prepare("SELECT id FROM capability_cards WHERE id = ?").get(cardId);
     if (existing) {
-      const updates = { ...cardData, availability: { ...cardData.availability ?? {}, online: true } };
-      updateCard(db, cardId, owner, updates);
+      db.prepare(
+        "UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?"
+      ).run(JSON.stringify(card), now, cardId);
     } else {
-      const card = { ...cardData, availability: { ...cardData.availability ?? {}, online: true } };
-      insertCard(db, card);
+      db.prepare(
+        "INSERT INTO capability_cards (id, owner, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?)"
+      ).run(cardId, owner, JSON.stringify(card), now, now);
     }
     return cardId;
   }
   function logAgentJoined(owner, cardName, cardId) {
     try {
       insertRequestLog(db, {
-        id: randomUUID4(),
+        id: randomUUID6(),
         card_id: cardId,
         card_name: cardName,
         requester: owner,
@@ -1849,10 +2106,25 @@ function registerWebSocketRelay(server, db) {
     const cardId = upsertCard(card, owner);
     const cardName = card.name ?? card.agent_name ?? owner;
     logAgentJoined(owner, cardName, cardId);
+    if (msg.cards && msg.cards.length > 0) {
+      for (const extraCard of msg.cards) {
+        try {
+          upsertCard(extraCard, owner);
+        } catch {
+        }
+      }
+    }
     markOwnerOnline(owner);
+    if (onAgentOnlineCallback) {
+      try {
+        onAgentOnlineCallback(owner);
+      } catch (e) {
+        console.error("[relay] onAgentOnline callback error:", e);
+      }
+    }
     sendMessage(ws, { type: "registered", agent_id: cardId });
   }
-  function handleRelayRequest(ws, msg, fromOwner) {
+  async function handleRelayRequest(ws, msg, fromOwner) {
     if (!checkRateLimit(fromOwner)) {
       sendMessage(ws, {
         type: "error",
@@ -1871,15 +2143,42 @@ function registerWebSocketRelay(server, db) {
       });
       return;
     }
+    let escrowId;
+    if (creditDb) {
+      try {
+        const price = lookupCardPrice(db, msg.card_id, msg.skill_id);
+        if (price !== null && price > 0) {
+          escrowId = holdForRelay(creditDb, fromOwner, price, msg.card_id);
+        }
+      } catch (err) {
+        if (err instanceof AgentBnBError && err.code === "INSUFFICIENT_CREDITS") {
+          sendMessage(ws, {
+            type: "response",
+            id: msg.id,
+            error: { code: -32603, message: "Insufficient credits" }
+          });
+          return;
+        }
+        console.error("[relay] credit hold error (non-fatal):", err);
+      }
+    }
     const timeout = setTimeout(() => {
+      const pending = pendingRequests.get(msg.id);
       pendingRequests.delete(msg.id);
+      if (pending?.escrowId && creditDb) {
+        try {
+          releaseForRelay(creditDb, pending.escrowId);
+        } catch (e) {
+          console.error("[relay] escrow release on timeout failed:", e);
+        }
+      }
       sendMessage(ws, {
         type: "response",
         id: msg.id,
         error: { code: -32603, message: "Relay request timeout" }
       });
     }, RELAY_TIMEOUT_MS);
-    pendingRequests.set(msg.id, { originOwner: fromOwner, timeout });
+    pendingRequests.set(msg.id, { originOwner: fromOwner, timeout, escrowId, targetOwner: msg.target_owner });
     sendMessage(targetWs, {
       type: "incoming_request",
       id: msg.id,
@@ -1891,18 +2190,98 @@ function registerWebSocketRelay(server, db) {
       escrow_receipt: msg.escrow_receipt
     });
   }
+  function handleRelayProgress(msg) {
+    const pending = pendingRequests.get(msg.id);
+    if (!pending) return;
+    clearTimeout(pending.timeout);
+    const newTimeout = setTimeout(() => {
+      const p = pendingRequests.get(msg.id);
+      pendingRequests.delete(msg.id);
+      if (p?.escrowId && creditDb) {
+        try {
+          releaseForRelay(creditDb, p.escrowId);
+        } catch (e) {
+          console.error("[relay] escrow release on progress timeout failed:", e);
+        }
+      }
+      const originWs2 = connections.get(pending.originOwner);
+      if (originWs2 && originWs2.readyState === 1) {
+        sendMessage(originWs2, {
+          type: "response",
+          id: msg.id,
+          error: { code: -32603, message: "Relay request timeout" }
+        });
+      }
+    }, RELAY_TIMEOUT_MS);
+    pending.timeout = newTimeout;
+    const originWs = connections.get(pending.originOwner);
+    if (originWs && originWs.readyState === 1) {
+      sendMessage(originWs, {
+        type: "relay_progress",
+        id: msg.id,
+        progress: msg.progress,
+        message: msg.message
+      });
+    }
+  }
   function handleRelayResponse(msg) {
     const pending = pendingRequests.get(msg.id);
     if (!pending) return;
     clearTimeout(pending.timeout);
     pendingRequests.delete(msg.id);
+    if (pending.jobId && creditDb) {
+      try {
+        handleJobRelayResponse({
+          registryDb: db,
+          creditDb,
+          jobId: pending.jobId,
+          escrowId: pending.escrowId,
+          relayOwner: pending.targetOwner ?? "",
+          result: msg.error === void 0 ? msg.result : void 0,
+          error: msg.error
+        });
+      } catch (e) {
+        console.error("[relay] job relay response handling failed:", e);
+      }
+      const originWs2 = connections.get(pending.originOwner);
+      if (originWs2 && originWs2.readyState === 1) {
+        sendMessage(originWs2, { type: "response", id: msg.id, result: msg.result, error: msg.error });
+      }
+      return;
+    }
+    if (pending.escrowId && creditDb) {
+      try {
+        if (msg.error === void 0) {
+          settleForRelay(creditDb, pending.escrowId, pending.targetOwner);
+        } else {
+          releaseForRelay(creditDb, pending.escrowId);
+        }
+      } catch (e) {
+        console.error("[relay] escrow settle/release on response failed:", e);
+      }
+    }
+    let conductorFee = 0;
+    if (creditDb && msg.error === void 0 && typeof msg.result === "object" && msg.result !== null && "total_credits" in msg.result && typeof msg.result.total_credits === "number") {
+      const totalCredits = msg.result.total_credits;
+      conductorFee = calculateConductorFee(totalCredits);
+      if (conductorFee > 0) {
+        try {
+          const feeEscrowId = holdForRelay(creditDb, pending.originOwner, conductorFee, msg.id);
+          settleForRelay(creditDb, feeEscrowId, pending.targetOwner);
+        } catch (e) {
+          console.error("[relay] conductor fee settlement failed (non-fatal):", e);
+          conductorFee = 0;
+        }
+      }
+    }
     const originWs = connections.get(pending.originOwner);
     if (originWs && originWs.readyState === 1) {
       sendMessage(originWs, {
         type: "response",
         id: msg.id,
         result: msg.result,
-        error: msg.error
+        error: msg.error,
+        ...conductorFee > 0 ? { conductor_fee: conductorFee } : {}
       });
     }
   }
@@ -1912,9 +2291,34 @@ function registerWebSocketRelay(server, db) {
     rateLimits.delete(owner);
     markOwnerOffline(owner);
     for (const [reqId, pending] of pendingRequests) {
-      if (pending.originOwner === owner) {
+      if (pending.targetOwner === owner) {
+        clearTimeout(pending.timeout);
+        pendingRequests.delete(reqId);
+        if (pending.escrowId && creditDb) {
+          try {
+            releaseForRelay(creditDb, pending.escrowId);
+          } catch (e) {
+            console.error("[relay] escrow release on disconnect failed:", e);
+          }
+        }
+        const originWs = connections.get(pending.originOwner);
+        if (originWs && originWs.readyState === 1) {
+          sendMessage(originWs, {
+            type: "response",
+            id: reqId,
+            error: { code: -32603, message: "Provider disconnected" }
+          });
+        }
+      } else if (pending.originOwner === owner) {
         clearTimeout(pending.timeout);
         pendingRequests.delete(reqId);
+        if (pending.escrowId && creditDb) {
+          try {
+            releaseForRelay(creditDb, pending.escrowId);
+          } catch (e) {
+            console.error("[relay] escrow release on requester disconnect failed:", e);
+          }
+        }
       }
     }
   }
@@ -1922,45 +2326,50 @@ function registerWebSocketRelay(server, db) {
     const socket = rawSocket;
     let registeredOwner;
     socket.on("message", (raw) => {
-      let data;
-      try {
-        data = JSON.parse(typeof raw === "string" ? raw : raw.toString("utf-8"));
-      } catch {
-        sendMessage(socket, { type: "error", code: "invalid_json", message: "Invalid JSON" });
-        return;
-      }
-      const parsed = RelayMessageSchema.safeParse(data);
-      if (!parsed.success) {
-        sendMessage(socket, {
-          type: "error",
-          code: "invalid_message",
-          message: `Invalid message: ${parsed.error.issues[0]?.message ?? "unknown error"}`
-        });
-        return;
-      }
-      const msg = parsed.data;
-      switch (msg.type) {
-        case "register":
-          registeredOwner = msg.owner;
-          handleRegister(socket, msg);
-          break;
-        case "relay_request":
-          if (!registeredOwner) {
-            sendMessage(socket, {
-              type: "error",
-              code: "not_registered",
-              message: "Must send register message before relay requests"
-            });
-            return;
-          }
-          handleRelayRequest(socket, msg, registeredOwner);
-          break;
-        case "relay_response":
-          handleRelayResponse(msg);
-          break;
-        default:
-          break;
-      }
+      void (async () => {
+        let data;
+        try {
+          data = JSON.parse(typeof raw === "string" ? raw : raw.toString("utf-8"));
+        } catch {
+          sendMessage(socket, { type: "error", code: "invalid_json", message: "Invalid JSON" });
+          return;
+        }
+        const parsed = RelayMessageSchema.safeParse(data);
+        if (!parsed.success) {
+          sendMessage(socket, {
+            type: "error",
+            code: "invalid_message",
+            message: `Invalid message: ${parsed.error.issues[0]?.message ?? "unknown error"}`
+          });
+          return;
+        }
+        const msg = parsed.data;
+        switch (msg.type) {
+          case "register":
+            registeredOwner = msg.owner;
+            handleRegister(socket, msg);
+            break;
+          case "relay_request":
+            if (!registeredOwner) {
+              sendMessage(socket, {
+                type: "error",
+                code: "not_registered",
+                message: "Must send register message before relay requests"
+              });
+              return;
+            }
+            await handleRelayRequest(socket, msg, registeredOwner);
+            break;
+          case "relay_response":
+            handleRelayResponse(msg);
+            break;
+          case "relay_progress":
+            handleRelayProgress(msg);
+            break;
+          default:
+            break;
+        }
+      })();
     });
     socket.on("close", () => {
       handleDisconnect(registeredOwner);
@@ -1985,21 +2394,29 @@ function registerWebSocketRelay(server, db) {
       }
       pendingRequests.clear();
       rateLimits.clear();
+    },
+    setOnAgentOnline: (cb) => {
+      onAgentOnlineCallback = cb;
+    },
+    getConnections: () => connections,
+    getPendingRequests: () => pendingRequests,
+    sendMessage: (ws, msg) => {
+      sendMessage(ws, msg);
     }
   };
 }
 
 // src/identity/guarantor.ts
-import { z as z4 } from "zod";
-import { randomUUID as randomUUID5 } from "crypto";
+import { z as z3 } from "zod";
+import { randomUUID as randomUUID7 } from "crypto";
 var MAX_AGENTS_PER_GUARANTOR = 10;
 var GUARANTOR_CREDIT_POOL = 50;
-var GuarantorRecordSchema = z4.object({
-  id: z4.string().uuid(),
-  github_login: z4.string().min(1),
-  agent_count: z4.number().int().nonnegative(),
-  credit_pool: z4.number().int().nonnegative(),
-  created_at: z4.string().datetime()
+var GuarantorRecordSchema = z3.object({
+  id: z3.string().uuid(),
+  github_login: z3.string().min(1),
+  agent_count: z3.number().int().nonnegative(),
+  credit_pool: z3.number().int().nonnegative(),
+  created_at: z3.string().datetime()
 });
 var GUARANTOR_SCHEMA = `
   CREATE TABLE IF NOT EXISTS guarantors (
@@ -2030,7 +2447,7 @@ function registerGuarantor(db, githubLogin) {
     );
   }
   const record = {
-    id: randomUUID5(),
+    id: randomUUID7(),
     github_login: githubLogin,
     agent_count: 0,
     credit_pool: GUARANTOR_CREDIT_POOL,
@@ -2104,10 +2521,849 @@ function getAgentGuarantor(db, agentId) {
 function initiateGithubAuth() {
   return {
     auth_url: "https://github.com/login/oauth/authorize?client_id=PLACEHOLDER&scope=read:user",
-    state: randomUUID5()
+    state: randomUUID7()
   };
 }
 
+// src/registry/free-tier.ts
+function initFreeTierTable(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS credit_free_tier_usage (
+      agent_public_key TEXT NOT NULL,
+      skill_id TEXT NOT NULL,
+      usage_count INTEGER NOT NULL DEFAULT 0,
+      last_used_at TEXT NOT NULL,
+      PRIMARY KEY (agent_public_key, skill_id)
+    )
+  `);
+}
+
+// src/registry/credit-routes.ts
+async function creditRoutesPlugin(fastify, options) {
+  const { creditDb } = options;
+  creditDb.exec(`
+    CREATE TABLE IF NOT EXISTS credit_grants (
+      public_key TEXT PRIMARY KEY,
+      granted_at TEXT NOT NULL
+    )
+  `);
+  initFreeTierTable(creditDb);
+  await fastify.register(async (scope) => {
+    identityAuthPlugin(scope);
+    scope.post("/api/credits/hold", {
+      schema: {
+        tags: ["credits"],
+        summary: "Hold credits in escrow during capability execution",
+        security: [{ ed25519Auth: [] }],
+        body: {
+          type: "object",
+          properties: {
+            owner: { type: "string" },
+            amount: { type: "number" },
+            cardId: { type: "string" }
+          },
+          required: ["owner", "amount", "cardId"]
+        },
+        response: {
+          200: { type: "object", properties: { escrowId: { type: "string" } } },
+          400: { type: "object", properties: { error: { type: "string" }, code: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const owner = typeof body.owner === "string" ? body.owner.trim() : "";
+      const amount = typeof body.amount === "number" ? body.amount : NaN;
+      const cardId = typeof body.cardId === "string" ? body.cardId.trim() : "";
+      if (!owner || isNaN(amount) || amount <= 0 || !cardId) {
+        return reply.code(400).send({ error: "Missing or invalid required fields: owner, amount (>0), cardId" });
+      }
+      try {
+        const escrowId = holdEscrow(creditDb, owner, amount, cardId);
+        return reply.send({ escrowId });
+      } catch (err) {
+        if (err instanceof AgentBnBError && err.code === "INSUFFICIENT_CREDITS") {
+          return reply.code(400).send({ error: err.message, code: "INSUFFICIENT_CREDITS" });
+        }
+        throw err;
+      }
+    });
+    scope.post("/api/credits/settle", {
+      schema: {
+        tags: ["credits"],
+        summary: "Transfer held credits to provider on success",
+        security: [{ ed25519Auth: [] }],
+        body: {
+          type: "object",
+          properties: {
+            escrowId: { type: "string" },
+            recipientOwner: { type: "string" }
+          },
+          required: ["escrowId", "recipientOwner"]
+        },
+        response: {
+          200: { type: "object", properties: { ok: { type: "boolean" } } },
+          400: { type: "object", properties: { error: { type: "string" }, code: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const escrowId = typeof body.escrowId === "string" ? body.escrowId.trim() : "";
+      const recipientOwner = typeof body.recipientOwner === "string" ? body.recipientOwner.trim() : "";
+      if (!escrowId || !recipientOwner) {
+        return reply.code(400).send({ error: "escrowId and recipientOwner are required" });
+      }
+      try {
+        settleEscrow(creditDb, escrowId, recipientOwner);
+        return reply.send({ ok: true });
+      } catch (err) {
+        if (err instanceof AgentBnBError) {
+          return reply.code(400).send({ error: err.message, code: err.code });
+        }
+        throw err;
+      }
+    });
+    scope.post("/api/credits/release", {
+      schema: {
+        tags: ["credits"],
+        summary: "Refund held credits to requester on failure",
+        security: [{ ed25519Auth: [] }],
+        body: {
+          type: "object",
+          properties: { escrowId: { type: "string" } },
+          required: ["escrowId"]
+        },
+        response: {
+          200: { type: "object", properties: { ok: { type: "boolean" } } },
+          400: { type: "object", properties: { error: { type: "string" }, code: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const escrowId = typeof body.escrowId === "string" ? body.escrowId.trim() : "";
+      if (!escrowId) {
+        return reply.code(400).send({ error: "escrowId is required" });
+      }
+      try {
+        releaseEscrow(creditDb, escrowId);
+        return reply.send({ ok: true });
+      } catch (err) {
+        if (err instanceof AgentBnBError) {
+          return reply.code(400).send({ error: err.message, code: err.code });
+        }
+        throw err;
+      }
+    });
+    scope.post("/api/credits/grant", {
+      schema: {
+        tags: ["credits"],
+        summary: "Bootstrap grant of 50 credits (once per identity)",
+        security: [{ ed25519Auth: [] }],
+        body: {
+          type: "object",
+          properties: {
+            owner: { type: "string" },
+            amount: { type: "number" }
+          },
+          required: ["owner"]
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              ok: { type: "boolean" },
+              granted: { type: "number" },
+              reason: { type: "string" }
+            }
+          },
+          400: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const owner = typeof body.owner === "string" ? body.owner.trim() : "";
+      const amount = typeof body.amount === "number" ? body.amount : 50;
+      const publicKey = request.agentPublicKey;
+      if (!owner) {
+        return reply.code(400).send({ error: "owner is required" });
+      }
+      const existing = creditDb.prepare("SELECT public_key FROM credit_grants WHERE public_key = ?").get(publicKey);
+      if (existing) {
+        return reply.send({ ok: true, granted: 0, reason: "already_granted" });
+      }
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      bootstrapAgent(creditDb, owner, amount);
+      creditDb.prepare("INSERT INTO credit_grants (public_key, granted_at) VALUES (?, ?)").run(publicKey, now);
+      return reply.send({ ok: true, granted: amount });
+    });
+    scope.get("/api/credits/:owner", {
+      schema: {
+        tags: ["credits"],
+        summary: "Get current credit balance for an agent",
+        security: [{ ed25519Auth: [] }],
+        params: { type: "object", properties: { owner: { type: "string" } }, required: ["owner"] },
+        response: { 200: { type: "object", properties: { balance: { type: "number" } } } }
+      }
+    }, async (request, reply) => {
+      const { owner } = request.params;
+      const balance = getBalance(creditDb, owner);
+      return reply.send({ balance });
+    });
+    scope.get("/api/credits/:owner/history", {
+      schema: {
+        tags: ["credits"],
+        summary: "Get paginated transaction history",
+        security: [{ ed25519Auth: [] }],
+        params: { type: "object", properties: { owner: { type: "string" } }, required: ["owner"] },
+        querystring: {
+          type: "object",
+          properties: { limit: { type: "integer", description: "Max entries (default 20, max 100)" } }
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: { transactions: { type: "array" }, limit: { type: "integer" } }
+          }
+        }
+      }
+    }, async (request, reply) => {
+      const { owner } = request.params;
+      const query = request.query;
+      const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+      const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+      const transactions = getTransactions(creditDb, owner, limit);
+      return reply.send({ transactions, limit });
+    });
+  });
+}
+
+// src/hub-agent/executor.ts
+var HubAgentExecutor = class {
+  constructor(registryDb, creditDb) {
+    this.registryDb = registryDb;
+    this.creditDb = creditDb;
+    initJobQueue(this.registryDb);
+  }
+  /**
+   * Execute a skill on a Hub Agent.
+   *
+   * @param agentId - The Hub Agent ID.
+   * @param skillId - The skill_id to execute from the agent's routing table.
+   * @param params - Input parameters for the skill.
+   * @param requesterOwner - Optional requester identifier for credit escrow.
+   * @returns ExecutionResult with success status, result/error, and latency_ms.
+   */
+  async execute(agentId, skillId, params, requesterOwner) {
+    const startTime = Date.now();
+    const agent = getHubAgent(this.registryDb, agentId);
+    if (!agent) {
+      return { success: false, error: "Hub Agent not found", latency_ms: Date.now() - startTime };
+    }
+    if (agent.status === "paused") {
+      return { success: false, error: "Hub Agent is paused", latency_ms: Date.now() - startTime };
+    }
+    const route = agent.skill_routes.find((r) => r.skill_id === skillId);
+    if (!route) {
+      return { success: false, error: "Skill not found in routing table", latency_ms: Date.now() - startTime };
+    }
+    switch (route.mode) {
+      case "relay":
+        return this.executeRelay(route, agent, params, requesterOwner, startTime);
+      case "queue":
+        return this.executeQueue(route, agent, params, requesterOwner, startTime);
+      case "direct_api":
+        return this.executeDirectApi(route, agent, params, requesterOwner, startTime);
+    }
+  }
+  /**
+   * Relay mode: If the target relay agent is offline, queue the job.
+   * If online, still queue (actual dispatch happens via relay bridge).
+   */
+  async executeRelay(route, agent, params, requesterOwner, startTime) {
+    const relayOwner = route.config.relay_owner;
+    if (this.isRelayOwnerOnline(relayOwner)) {
+      return { success: false, error: "relay mode requires connected session agent", latency_ms: 0 };
+    }
+    return this.queueJob(agent, route.skill_id, params, requesterOwner, relayOwner, startTime);
+  }
+  /**
+   * Queue mode: Always queue the job for later dispatch.
+   */
+  async executeQueue(route, agent, params, requesterOwner, startTime) {
+    const relayOwner = route.config.relay_owner;
+    return this.queueJob(agent, route.skill_id, params, requesterOwner, relayOwner, startTime);
+  }
+  /**
+   * Queue a job with optional credit escrow.
+   */
+  queueJob(agent, skillId, params, requesterOwner, relayOwner, startTime) {
+    const cardId = agent.agent_id.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5");
+    let escrowId;
+    if (requesterOwner) {
+      const price = lookupCardPrice(this.registryDb, cardId, skillId);
+      if (price !== null && price > 0) {
+        escrowId = holdEscrow(this.creditDb, requesterOwner, price, cardId);
+      }
+    }
+    const job = insertJob(this.registryDb, {
+      hub_agent_id: agent.agent_id,
+      skill_id: skillId,
+      requester_owner: requesterOwner ?? "anonymous",
+      params,
+      escrow_id: escrowId,
+      relay_owner: relayOwner
+    });
+    return {
+      success: true,
+      result: { queued: true, job_id: job.id },
+      latency_ms: Date.now() - startTime
+    };
+  }
+  /**
+   * Check if a relay owner has any online cards in the registry.
+   *
+   * @param owner - The relay owner identifier.
+   * @returns true if any card for this owner is online.
+   */
+  isRelayOwnerOnline(owner) {
+    const rows = this.registryDb.prepare(
+      "SELECT data FROM capability_cards WHERE owner = ?"
+    ).all(owner);
+    for (const row of rows) {
+      try {
+        const card = JSON.parse(row.data);
+        const availability = card.availability;
+        if (availability?.online === true) {
+          return true;
+        }
+      } catch {
+      }
+    }
+    return false;
+  }
+  /**
+   * Execute a direct_api skill route via ApiExecutor.
+   * Handles secret injection and credit escrow.
+   */
+  async executeDirectApi(route, agent, params, requesterOwner, startTime) {
+    const config = this.injectSecrets(route.config, agent.secrets);
+    const pricing = route.config.pricing;
+    const creditsPerCall = pricing?.credits_per_call ?? 0;
+    let escrowId;
+    if (requesterOwner && creditsPerCall > 0) {
+      const cardId = agent.agent_id.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5");
+      escrowId = holdEscrow(this.creditDb, requesterOwner, creditsPerCall, cardId);
+    }
+    try {
+      const apiExecutor = new ApiExecutor();
+      const modeResult = await apiExecutor.execute(config, params);
+      const result = {
+        ...modeResult,
+        latency_ms: Date.now() - startTime
+      };
+      if (escrowId) {
+        if (result.success) {
+          settleEscrow(this.creditDb, escrowId, agent.agent_id);
+        } else {
+          releaseEscrow(this.creditDb, escrowId);
+        }
+      }
+      return result;
+    } catch (err) {
+      if (escrowId) {
+        releaseEscrow(this.creditDb, escrowId);
+      }
+      const message = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: message,
+        latency_ms: Date.now() - startTime
+      };
+    }
+  }
+  /**
+   * Injects decrypted secrets into the API skill config's auth field.
+   * If secrets contain 'api_key' and auth type is 'bearer', replaces the token.
+   * If secrets contain 'api_key' and auth type is 'apikey', replaces the key.
+   */
+  injectSecrets(config, secrets) {
+    if (!secrets || Object.keys(secrets).length === 0) {
+      return config;
+    }
+    const injected = JSON.parse(JSON.stringify(config));
+    const apiKey = secrets.api_key ?? secrets.API_KEY;
+    if (apiKey && injected.auth) {
+      switch (injected.auth.type) {
+        case "bearer":
+          injected.auth.token = apiKey;
+          break;
+        case "apikey":
+          injected.auth.key = apiKey;
+          break;
+      }
+    }
+    return injected;
+  }
+};
+
+// src/hub-agent/types.ts
+import { z as z4 } from "zod";
+var SkillRouteSchema = z4.discriminatedUnion("mode", [
+  z4.object({
+    skill_id: z4.string().min(1),
+    mode: z4.literal("direct_api"),
+    config: ApiSkillConfigSchema
+  }),
+  z4.object({
+    skill_id: z4.string().min(1),
+    mode: z4.literal("relay"),
+    config: z4.object({ relay_owner: z4.string().min(1) })
+  }),
+  z4.object({
+    skill_id: z4.string().min(1),
+    mode: z4.literal("queue"),
+    config: z4.object({ relay_owner: z4.string().min(1) }).passthrough()
+  })
+]);
+var HubAgentSchema = z4.object({
+  agent_id: z4.string().min(1),
+  name: z4.string().min(1),
+  owner_public_key: z4.string().min(1),
+  public_key: z4.string().min(1),
+  skill_routes: z4.array(SkillRouteSchema),
+  status: z4.enum(["active", "paused"]),
+  created_at: z4.string(),
+  updated_at: z4.string()
+});
+var CreateAgentRequestSchema = z4.object({
+  name: z4.string().min(1),
+  skill_routes: z4.array(SkillRouteSchema),
+  secrets: z4.record(z4.string()).optional()
+});
+
+// src/hub-agent/routes.ts
+function buildCapabilityCard(agentId, name, publicKey, skillRoutes) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const skills = skillRoutes.map((route) => ({
+    id: route.skill_id,
+    name: route.mode === "direct_api" ? route.config.name : route.skill_id,
+    description: route.mode === "direct_api" ? `API skill: ${route.config.name}` : `${route.mode} skill: ${route.skill_id}`,
+    level: 1,
+    inputs: [],
+    outputs: [],
+    pricing: route.mode === "direct_api" ? route.config.pricing : { credits_per_call: 10 }
+  }));
+  if (skills.length === 0) {
+    skills.push({
+      id: "default",
+      name,
+      description: `Hub Agent: ${name}`,
+      level: 1,
+      inputs: [],
+      outputs: [],
+      pricing: { credits_per_call: 10 }
+    });
+  }
+  return {
+    spec_version: "2.0",
+    id: agentId.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5"),
+    owner: publicKey.slice(0, 16),
+    agent_name: name,
+    skills,
+    availability: { online: true },
+    created_at: now,
+    updated_at: now
+  };
+}
+function upsertCardRaw(db, cardData, owner) {
+  const parsed = AnyCardSchema.safeParse(cardData);
+  if (!parsed.success) {
+    throw new AgentBnBError(
+      `Card validation failed: ${parsed.error.message}`,
+      "VALIDATION_ERROR"
+    );
+  }
+  const card = parsed.data;
+  const cardId = card.id;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const existing = db.prepare("SELECT id FROM capability_cards WHERE id = ?").get(cardId);
+  if (existing) {
+    db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(JSON.stringify(card), now, cardId);
+  } else {
+    db.prepare("INSERT INTO capability_cards (id, owner, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?)").run(cardId, owner, JSON.stringify(card), now, now);
+  }
+  return cardId;
+}
+function sanitizeAgent(agent) {
+  const { secrets, private_key_enc, ...safe } = agent;
+  if (secrets && typeof secrets === "object") {
+    return { ...safe, secret_keys: Object.keys(secrets) };
+  }
+  return safe;
+}
+async function hubAgentRoutesPlugin(fastify, options) {
+  const { registryDb, creditDb } = options;
+  initHubAgentTable(registryDb);
+  initJobQueue(registryDb);
+  fastify.post("/api/hub-agents", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Create a new Hub Agent with Ed25519 identity",
+      body: {
+        type: "object",
+        required: ["name"],
+        properties: {
+          name: { type: "string", minLength: 1 },
+          skill_routes: { type: "array" },
+          secrets: { type: "object" }
+        }
+      },
+      response: {
+        201: {
+          type: "object",
+          properties: {
+            agent_id: { type: "string" },
+            name: { type: "string" },
+            public_key: { type: "string" },
+            skill_routes: { type: "array" },
+            status: { type: "string" },
+            created_at: { type: "string" },
+            updated_at: { type: "string" }
+          }
+        },
+        400: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const parseResult = CreateAgentRequestSchema.safeParse(request.body);
+    if (!parseResult.success) {
+      return reply.code(400).send({ error: parseResult.error.message });
+    }
+    const req = parseResult.data;
+    const ownerPublicKey = "hub-server";
+    try {
+      const agent = createHubAgent(registryDb, req, ownerPublicKey);
+      bootstrapAgent(creditDb, agent.agent_id, 50);
+      const cardData = buildCapabilityCard(agent.agent_id, agent.name, agent.public_key, agent.skill_routes);
+      try {
+        upsertCardRaw(registryDb, cardData, agent.agent_id);
+      } catch {
+      }
+      return reply.code(201).send(sanitizeAgent(agent));
+    } catch (err) {
+      if (err instanceof AgentBnBError) {
+        return reply.code(400).send({ error: err.message });
+      }
+      throw err;
+    }
+  });
+  fastify.get("/api/hub-agents", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "List all Hub Agents",
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            agents: { type: "array" }
+          }
+        }
+      }
+    }
+  }, async (_request, reply) => {
+    const agents = listHubAgents(registryDb);
+    return reply.send({ agents });
+  });
+  fastify.get("/api/hub-agents/:id", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Get a single Hub Agent by ID",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            agent_id: { type: "string" },
+            name: { type: "string" },
+            public_key: { type: "string" },
+            skill_routes: { type: "array" },
+            status: { type: "string" },
+            secret_keys: { type: "array", items: { type: "string" } }
+          }
+        },
+        404: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const agent = getHubAgent(registryDb, id);
+    if (!agent) {
+      return reply.code(404).send({ error: "Hub Agent not found" });
+    }
+    return reply.send(sanitizeAgent(agent));
+  });
+  fastify.put("/api/hub-agents/:id", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Update a Hub Agent",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      body: {
+        type: "object",
+        properties: {
+          name: { type: "string" },
+          skill_routes: { type: "array" },
+          secrets: { type: "object" }
+        }
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            agent_id: { type: "string" },
+            name: { type: "string" },
+            skill_routes: { type: "array" },
+            status: { type: "string" }
+          }
+        },
+        404: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const body = request.body;
+    const updates = {};
+    if (typeof body.name === "string") updates.name = body.name;
+    if (Array.isArray(body.skill_routes)) updates.skill_routes = body.skill_routes;
+    if (body.secrets && typeof body.secrets === "object") updates.secrets = body.secrets;
+    const agent = updateHubAgent(registryDb, id, updates);
+    if (!agent) {
+      return reply.code(404).send({ error: "Hub Agent not found" });
+    }
+    if (updates.skill_routes) {
+      const cardData = buildCapabilityCard(agent.agent_id, agent.name, agent.public_key, agent.skill_routes);
+      try {
+        upsertCardRaw(registryDb, cardData, agent.agent_id);
+      } catch {
+      }
+    }
+    return reply.send(sanitizeAgent(agent));
+  });
+  fastify.delete("/api/hub-agents/:id", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Delete a Hub Agent",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: { ok: { type: "boolean" } }
+        },
+        404: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const agent = getHubAgent(registryDb, id);
+    if (!agent) {
+      return reply.code(404).send({ error: "Hub Agent not found" });
+    }
+    deleteHubAgent(registryDb, id);
+    const cardId = id.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5");
+    try {
+      registryDb.prepare("DELETE FROM capability_cards WHERE id = ?").run(cardId);
+    } catch {
+    }
+    return reply.send({ ok: true });
+  });
+  fastify.post("/api/hub-agents/:id/execute", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Execute a skill on a Hub Agent",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      body: {
+        type: "object",
+        required: ["skill_id"],
+        properties: {
+          skill_id: { type: "string" },
+          params: { type: "object" },
+          requester_owner: { type: "string" }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const body = request.body;
+    const executor = new HubAgentExecutor(registryDb, creditDb);
+    const result = await executor.execute(
+      id,
+      body.skill_id,
+      body.params ?? {},
+      body.requester_owner
+    );
+    if (!result.success && result.error === "Hub Agent not found") {
+      return reply.code(404).send(result);
+    }
+    if (!result.success) {
+      return reply.code(400).send(result);
+    }
+    return reply.send(result);
+  });
+  fastify.get("/api/hub-agents/:id/jobs", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "List jobs for a Hub Agent",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      querystring: {
+        type: "object",
+        properties: {
+          status: { type: "string", enum: ["queued", "dispatched", "completed", "failed"] }
+        }
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            jobs: { type: "array" }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const { status } = request.query ?? {};
+    const jobs = listJobs(registryDb, id, status);
+    return reply.send({ jobs });
+  });
+  fastify.get("/api/hub-agents/:id/jobs/:jobId", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Get a single job by ID",
+      params: {
+        type: "object",
+        properties: {
+          id: { type: "string" },
+          jobId: { type: "string" }
+        },
+        required: ["id", "jobId"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            id: { type: "string" },
+            hub_agent_id: { type: "string" },
+            skill_id: { type: "string" },
+            status: { type: "string" }
+          }
+        },
+        404: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { jobId } = request.params;
+    const job = getJob(registryDb, jobId);
+    if (!job) {
+      return reply.code(404).send({ error: "Job not found" });
+    }
+    return reply.send(job);
+  });
+}
+
+// src/registry/openapi-gpt-actions.ts
+function convertToGptActions(openapiSpec, serverUrl) {
+  const spec = JSON.parse(JSON.stringify(openapiSpec));
+  spec.servers = [{ url: serverUrl }];
+  const paths = spec.paths;
+  if (paths) {
+    const filteredPaths = {};
+    for (const [path, methods] of Object.entries(paths)) {
+      if (path.startsWith("/me") || path.startsWith("/draft") || path.startsWith("/docs") || path.startsWith("/ws") || path.startsWith("/api/credits")) {
+        continue;
+      }
+      const filteredMethods = {};
+      for (const [method, operation] of Object.entries(methods)) {
+        if (method === "get" || method === "post") {
+          const op = operation;
+          if (!op.operationId) {
+            op.operationId = deriveOperationId(method, path);
+          }
+          delete op.security;
+          filteredMethods[method] = op;
+        }
+      }
+      if (Object.keys(filteredMethods).length > 0) {
+        filteredPaths[path] = filteredMethods;
+      }
+    }
+    spec.paths = filteredPaths;
+  }
+  const components = spec.components;
+  if (components) {
+    delete components.securitySchemes;
+  }
+  const usedTags = /* @__PURE__ */ new Set();
+  if (spec.paths) {
+    for (const methods of Object.values(spec.paths)) {
+      for (const op of Object.values(methods)) {
+        const operation = op;
+        if (Array.isArray(operation.tags)) {
+          for (const tag of operation.tags) {
+            usedTags.add(tag);
+          }
+        }
+      }
+    }
+  }
+  if (Array.isArray(spec.tags)) {
+    spec.tags = spec.tags.filter((t) => usedTags.has(t.name));
+  }
+  return spec;
+}
+function deriveOperationId(method, path) {
+  const segments = path.split("/").filter((s) => s.length > 0).map((s) => {
+    if (s.startsWith("{") || s.startsWith(":")) {
+      const paramName = s.replace(/[{}:]/g, "");
+      return "By" + paramName.charAt(0).toUpperCase() + paramName.slice(1);
+    }
+    return s.split("-").map((part, i) => i === 0 ? part.charAt(0).toUpperCase() + part.slice(1) : part.charAt(0).toUpperCase() + part.slice(1)).join("");
+  });
+  return method + segments.join("");
+}
+
 // src/registry/server.ts
 function stripInternal(card) {
   const { _internal: _, ...publicCard } = card;
@@ -2116,25 +3372,76 @@ function stripInternal(card) {
 function createRegistryServer(opts) {
   const { registryDb: db, silent = false } = opts;
   const server = Fastify2({ logger: !silent });
+  void server.register(swagger, {
+    openapi: {
+      openapi: "3.0.3",
+      info: {
+        title: "AgentBnB Registry API",
+        description: "P2P Agent Capability Sharing Protocol \u2014 discover, publish, and exchange agent capabilities",
+        version: "3.1.6"
+      },
+      servers: [{ url: "/", description: "Registry server" }],
+      tags: [
+        { name: "cards", description: "Capability card CRUD" },
+        { name: "credits", description: "Credit hold/settle/release (Ed25519 auth required)" },
+        { name: "agents", description: "Agent profiles and reputation" },
+        { name: "identity", description: "Agent identity and guarantor registration" },
+        { name: "owner", description: "Owner-only endpoints (Bearer auth required)" },
+        { name: "system", description: "Health and stats" },
+        { name: "pricing", description: "Market pricing statistics" }
+      ],
+      components: {
+        securitySchemes: {
+          bearerAuth: { type: "http", scheme: "bearer" },
+          ed25519Auth: {
+            type: "apiKey",
+            in: "header",
+            name: "X-Agent-PublicKey",
+            description: "Ed25519 public key (hex). Also requires X-Agent-Signature and X-Agent-Timestamp headers."
+          }
+        }
+      }
+    }
+  });
+  void server.register(swaggerUi, {
+    routePrefix: "/docs",
+    uiConfig: { docExpansion: "list", deepLinking: true }
+  });
   void server.register(cors, {
     origin: true,
     methods: ["GET", "POST", "PATCH", "OPTIONS"],
-    allowedHeaders: ["Content-Type", "Authorization"]
+    allowedHeaders: ["Content-Type", "Authorization", "X-Agent-PublicKey", "X-Agent-Signature", "X-Agent-Timestamp"]
   });
   void server.register(fastifyWebsocket);
   let relayState = null;
   if (opts.creditDb) {
-    relayState = registerWebSocketRelay(server, db);
+    relayState = registerWebSocketRelay(server, db, opts.creditDb);
+  }
+  if (opts.creditDb) {
+    void server.register(creditRoutesPlugin, { creditDb: opts.creditDb });
+  }
+  if (opts.creditDb) {
+    void server.register(hubAgentRoutesPlugin, { registryDb: db, creditDb: opts.creditDb });
+    if (relayState?.setOnAgentOnline && relayState.getConnections && relayState.getPendingRequests && relayState.sendMessage) {
+      const bridge = createRelayBridge({
+        registryDb: db,
+        creditDb: opts.creditDb,
+        sendMessage: relayState.sendMessage,
+        pendingRequests: relayState.getPendingRequests(),
+        connections: relayState.getConnections()
+      });
+      relayState.setOnAgentOnline(bridge.onAgentOnline);
+    }
   }
   const __filename = fileURLToPath(import.meta.url);
   const __dirname = dirname(__filename);
   const hubDistCandidates = [
-    join3(__dirname, "../../hub/dist"),
+    join2(__dirname, "../../hub/dist"),
     // When running from dist/registry/server.js
-    join3(__dirname, "../../../hub/dist")
+    join2(__dirname, "../../../hub/dist")
     // Fallback for alternative layouts
   ];
-  const hubDistDir = hubDistCandidates.find((p) => existsSync4(p));
+  const hubDistDir = hubDistCandidates.find((p) => existsSync3(p));
   if (hubDistDir) {
     void server.register(fastifyStatic, {
       root: hubDistDir,
@@ -2153,44 +3460,82 @@ function createRegistryServer(opts) {
       return reply.code(404).send({ error: "Not found" });
     });
   }
-  server.get("/health", async (_request, reply) => {
-    return reply.send({ status: "ok" });
-  });
-  server.get("/cards", async (request, reply) => {
-    const query = request.query;
-    const q = query.q?.trim() ?? "";
-    const levelRaw = query.level !== void 0 ? parseInt(query.level, 10) : void 0;
-    const level = levelRaw === 1 || levelRaw === 2 || levelRaw === 3 ? levelRaw : void 0;
-    const onlineRaw = query.online;
-    const online = onlineRaw === "true" ? true : onlineRaw === "false" ? false : void 0;
-    const tag = query.tag?.trim();
-    const minSuccessRate = query.min_success_rate !== void 0 ? parseFloat(query.min_success_rate) : void 0;
-    const maxLatencyMs = query.max_latency_ms !== void 0 ? parseFloat(query.max_latency_ms) : void 0;
-    const sort = query.sort;
-    const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
-    const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
-    const rawOffset = query.offset !== void 0 ? parseInt(query.offset, 10) : 0;
-    const offset = isNaN(rawOffset) || rawOffset < 0 ? 0 : rawOffset;
-    let cards;
-    if (q.length > 0) {
-      cards = searchCards(db, q, { level, online });
-    } else {
-      cards = filterCards(db, { level, online });
-    }
-    if (tag !== void 0 && tag.length > 0) {
-      cards = cards.filter((c) => c.metadata?.tags?.includes(tag));
-    }
-    if (minSuccessRate !== void 0 && !isNaN(minSuccessRate)) {
-      cards = cards.filter(
-        (c) => (c.metadata?.success_rate ?? -1) >= minSuccessRate
-      );
-    }
-    if (maxLatencyMs !== void 0 && !isNaN(maxLatencyMs)) {
-      cards = cards.filter(
-        (c) => (c.metadata?.avg_latency_ms ?? Infinity) <= maxLatencyMs
-      );
-    }
-    const usesStmt = db.prepare(`
+  void server.register(async (api) => {
+    api.get("/health", {
+      schema: {
+        tags: ["system"],
+        summary: "Liveness probe",
+        response: { 200: { type: "object", properties: { status: { type: "string" } } } }
+      }
+    }, async (_request, reply) => {
+      return reply.send({ status: "ok" });
+    });
+    api.get("/cards", {
+      schema: {
+        tags: ["cards"],
+        summary: "List and search capability cards",
+        querystring: {
+          type: "object",
+          properties: {
+            q: { type: "string", description: "Full-text search query" },
+            level: { type: "integer", enum: [1, 2, 3], description: "Capability level filter" },
+            online: { type: "string", enum: ["true", "false"], description: "Availability filter" },
+            tag: { type: "string", description: "Filter by metadata tag" },
+            min_success_rate: { type: "number", description: "Minimum success rate (0-1)" },
+            max_latency_ms: { type: "number", description: "Maximum average latency in ms" },
+            sort: { type: "string", enum: ["popular", "rated", "success_rate", "cheapest", "newest", "latency"], description: "Sort order" },
+            limit: { type: "integer", default: 20, description: "Max items per page (max 100)" },
+            offset: { type: "integer", default: 0, description: "Pagination offset" }
+          }
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              total: { type: "integer" },
+              limit: { type: "integer" },
+              offset: { type: "integer" },
+              items: { type: "array" },
+              uses_this_week: { type: "object", additionalProperties: { type: "number" } }
+            }
+          }
+        }
+      }
+    }, async (request, reply) => {
+      const query = request.query;
+      const q = query.q?.trim() ?? "";
+      const levelRaw = query.level !== void 0 ? parseInt(query.level, 10) : void 0;
+      const level = levelRaw === 1 || levelRaw === 2 || levelRaw === 3 ? levelRaw : void 0;
+      const onlineRaw = query.online;
+      const online = onlineRaw === "true" ? true : onlineRaw === "false" ? false : void 0;
+      const tag = query.tag?.trim();
+      const minSuccessRate = query.min_success_rate !== void 0 ? parseFloat(query.min_success_rate) : void 0;
+      const maxLatencyMs = query.max_latency_ms !== void 0 ? parseFloat(query.max_latency_ms) : void 0;
+      const sort = query.sort;
+      const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+      const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+      const rawOffset = query.offset !== void 0 ? parseInt(query.offset, 10) : 0;
+      const offset = isNaN(rawOffset) || rawOffset < 0 ? 0 : rawOffset;
+      let cards;
+      if (q.length > 0) {
+        cards = searchCards(db, q, { level, online });
+      } else {
+        cards = filterCards(db, { level, online });
+      }
+      if (tag !== void 0 && tag.length > 0) {
+        cards = cards.filter((c) => c.metadata?.tags?.includes(tag));
+      }
+      if (minSuccessRate !== void 0 && !isNaN(minSuccessRate)) {
+        cards = cards.filter(
+          (c) => (c.metadata?.success_rate ?? -1) >= minSuccessRate
+        );
+      }
+      if (maxLatencyMs !== void 0 && !isNaN(maxLatencyMs)) {
+        cards = cards.filter(
+          (c) => (c.metadata?.avg_latency_ms ?? Infinity) <= maxLatencyMs
+        );
+      }
+      const usesStmt = db.prepare(`
       SELECT card_id, skill_id, COUNT(*) as cnt
       FROM request_log
       WHERE status = 'success'
@@ -2198,57 +3543,63 @@ function createRegistryServer(opts) {
         AND (action_type IS NULL OR action_type = 'auto_share')
       GROUP BY card_id, skill_id
     `);
-    const usesRows = usesStmt.all();
-    const usesMap = /* @__PURE__ */ new Map();
-    for (const row of usesRows) {
-      usesMap.set(row.card_id, (usesMap.get(row.card_id) ?? 0) + row.cnt);
-      if (row.skill_id) {
-        usesMap.set(row.skill_id, (usesMap.get(row.skill_id) ?? 0) + row.cnt);
-      }
-    }
-    if (sort === "popular") {
-      cards = [...cards].sort((a, b) => {
-        const aUses = usesMap.get(a.id) ?? 0;
-        const bUses = usesMap.get(b.id) ?? 0;
-        return bUses - aUses;
-      });
-    } else if (sort === "rated" || sort === "success_rate") {
-      cards = [...cards].sort((a, b) => {
-        const aRate = a.metadata?.success_rate ?? -1;
-        const bRate = b.metadata?.success_rate ?? -1;
-        return bRate - aRate;
-      });
-    } else if (sort === "cheapest") {
-      cards = [...cards].sort((a, b) => {
-        return a.pricing.credits_per_call - b.pricing.credits_per_call;
-      });
-    } else if (sort === "newest") {
-      const createdStmt = db.prepare("SELECT id, created_at FROM capability_cards");
-      const createdRows = createdStmt.all();
-      const createdMap = new Map(createdRows.map((r) => [r.id, r.created_at]));
-      cards = [...cards].sort((a, b) => {
-        const aDate = createdMap.get(a.id) ?? "";
-        const bDate = createdMap.get(b.id) ?? "";
-        return bDate.localeCompare(aDate);
-      });
-    } else if (sort === "latency") {
-      cards = [...cards].sort((a, b) => {
-        const aLatency = a.metadata?.avg_latency_ms ?? Infinity;
-        const bLatency = b.metadata?.avg_latency_ms ?? Infinity;
-        return aLatency - bLatency;
-      });
-    }
-    const total = cards.length;
-    const items = cards.slice(offset, offset + limit).map(stripInternal);
-    const usesThisWeek = {};
-    for (const [key, count] of usesMap) {
-      if (count > 0) usesThisWeek[key] = count;
-    }
-    const result = { total, limit, offset, items, uses_this_week: usesThisWeek };
-    return reply.send(result);
-  });
-  server.get("/api/cards/trending", async (_request, reply) => {
-    const trendingStmt = db.prepare(`
+      const usesRows = usesStmt.all();
+      const usesMap = /* @__PURE__ */ new Map();
+      for (const row of usesRows) {
+        usesMap.set(row.card_id, (usesMap.get(row.card_id) ?? 0) + row.cnt);
+        if (row.skill_id) {
+          usesMap.set(row.skill_id, (usesMap.get(row.skill_id) ?? 0) + row.cnt);
+        }
+      }
+      if (sort === "popular") {
+        cards = [...cards].sort((a, b) => {
+          const aUses = usesMap.get(a.id) ?? 0;
+          const bUses = usesMap.get(b.id) ?? 0;
+          return bUses - aUses;
+        });
+      } else if (sort === "rated" || sort === "success_rate") {
+        cards = [...cards].sort((a, b) => {
+          const aRate = a.metadata?.success_rate ?? -1;
+          const bRate = b.metadata?.success_rate ?? -1;
+          return bRate - aRate;
+        });
+      } else if (sort === "cheapest") {
+        cards = [...cards].sort((a, b) => {
+          return a.pricing.credits_per_call - b.pricing.credits_per_call;
+        });
+      } else if (sort === "newest") {
+        const createdStmt = db.prepare("SELECT id, created_at FROM capability_cards");
+        const createdRows = createdStmt.all();
+        const createdMap = new Map(createdRows.map((r) => [r.id, r.created_at]));
+        cards = [...cards].sort((a, b) => {
+          const aDate = createdMap.get(a.id) ?? "";
+          const bDate = createdMap.get(b.id) ?? "";
+          return bDate.localeCompare(aDate);
+        });
+      } else if (sort === "latency") {
+        cards = [...cards].sort((a, b) => {
+          const aLatency = a.metadata?.avg_latency_ms ?? Infinity;
+          const bLatency = b.metadata?.avg_latency_ms ?? Infinity;
+          return aLatency - bLatency;
+        });
+      }
+      const total = cards.length;
+      const items = cards.slice(offset, offset + limit).map(stripInternal);
+      const usesThisWeek = {};
+      for (const [key, count] of usesMap) {
+        if (count > 0) usesThisWeek[key] = count;
+      }
+      const result = { total, limit, offset, items, uses_this_week: usesThisWeek };
+      return reply.send(result);
+    });
+    api.get("/api/cards/trending", {
+      schema: {
+        tags: ["cards"],
+        summary: "Top 10 trending skills by recent usage",
+        response: { 200: { type: "object", properties: { items: { type: "array" } } } }
+      }
+    }, async (_request, reply) => {
+      const trendingStmt = db.prepare(`
       SELECT rl.card_id, COUNT(*) as recent_requests
       FROM request_log rl
       WHERE rl.status = 'success'
@@ -2258,350 +3609,656 @@ function createRegistryServer(opts) {
       ORDER BY recent_requests DESC
       LIMIT 10
     `);
-    const trendingRows = trendingStmt.all();
-    const items = trendingRows.map((row) => {
-      const card = getCard(db, row.card_id);
-      if (!card) return null;
-      return { ...stripInternal(card), uses_this_week: row.recent_requests };
-    }).filter((item) => item !== null);
-    return reply.send({ items });
-  });
-  server.get("/cards/:id", async (request, reply) => {
-    const { id } = request.params;
-    const card = getCard(db, id);
-    if (!card) {
-      return reply.code(404).send({ error: "Not found" });
-    }
-    return reply.send(stripInternal(card));
-  });
-  server.post("/cards", async (request, reply) => {
-    const body = request.body;
-    if (!body.spec_version) {
-      body.spec_version = "1.0";
-    }
-    const result = AnyCardSchema.safeParse(body);
-    if (!result.success) {
-      return reply.code(400).send({
-        error: "Card validation failed",
-        issues: result.error.issues
+      const trendingRows = trendingStmt.all();
+      const items = trendingRows.map((row) => {
+        const card = getCard(db, row.card_id);
+        if (!card) return null;
+        return { ...stripInternal(card), uses_this_week: row.recent_requests };
+      }).filter((item) => item !== null);
+      return reply.send({ items });
+    });
+    api.get("/api/pricing", {
+      schema: {
+        tags: ["pricing"],
+        summary: "Aggregate pricing statistics for skills matching a query",
+        querystring: {
+          type: "object",
+          properties: { q: { type: "string", description: "Search query (required)" } },
+          required: ["q"]
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              query: { type: "string" },
+              min: { type: "number" },
+              max: { type: "number" },
+              median: { type: "number" },
+              mean: { type: "number" },
+              count: { type: "integer" }
+            }
+          },
+          400: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const query = request.query;
+      const q = query.q?.trim();
+      if (!q) {
+        return reply.code(400).send({ error: "q parameter is required" });
+      }
+      const stats = getPricingStats(db, q);
+      return reply.send({ query: q, ...stats });
+    });
+    api.get("/cards/:id", {
+      schema: {
+        tags: ["cards"],
+        summary: "Get a capability card by ID",
+        params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+        response: {
+          200: { type: "object", additionalProperties: true },
+          404: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const { id } = request.params;
+      const card = getCard(db, id);
+      if (!card) {
+        return reply.code(404).send({ error: "Not found" });
+      }
+      return reply.send(stripInternal(card));
+    });
+    api.post("/cards", {
+      schema: {
+        tags: ["cards"],
+        summary: "Publish a capability card",
+        body: { type: "object", additionalProperties: true, description: "Capability card JSON (v1.0 or v2.0)" },
+        response: {
+          201: { type: "object", properties: { ok: { type: "boolean" }, id: { type: "string" } } },
+          400: { type: "object", properties: { error: { type: "string" }, issues: { type: "array" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      if (!body.spec_version) {
+        body.spec_version = "1.0";
+      }
+      const result = AnyCardSchema.safeParse(body);
+      if (!result.success) {
+        return reply.code(400).send({
+          error: "Card validation failed",
+          issues: result.error.issues
+        });
+      }
+      const card = result.data;
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      if (card.spec_version === "2.0") {
+        const cardWithTimestamps = {
+          ...card,
+          created_at: card.created_at ?? now,
+          updated_at: now
+        };
+        db.prepare(
+          `INSERT OR REPLACE INTO capability_cards (id, owner, data, created_at, updated_at)
+         VALUES (?, ?, ?, ?, ?)`
+        ).run(
+          cardWithTimestamps.id,
+          cardWithTimestamps.owner,
+          JSON.stringify(cardWithTimestamps),
+          cardWithTimestamps.created_at,
+          cardWithTimestamps.updated_at
+        );
+      } else {
+        try {
+          insertCard(db, card);
+        } catch (err) {
+          if (err instanceof AgentBnBError && err.code === "VALIDATION_ERROR") {
+            return reply.code(400).send({ error: err.message });
+          }
+          throw err;
+        }
+      }
+      return reply.code(201).send({ ok: true, id: card.id });
+    });
+    api.delete("/cards/:id", {
+      schema: {
+        tags: ["cards"],
+        summary: "Delete a capability card",
+        params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+        response: {
+          200: { type: "object", properties: { ok: { type: "boolean" }, id: { type: "string" } } },
+          404: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const { id } = request.params;
+      const card = getCard(db, id);
+      if (!card) {
+        return reply.code(404).send({ error: "Not found" });
+      }
+      db.prepare("DELETE FROM capability_cards WHERE id = ?").run(id);
+      return reply.send({ ok: true, id });
+    });
+    api.get("/api/agents", {
+      schema: {
+        tags: ["agents"],
+        summary: "List all agent profiles sorted by reputation",
+        response: {
+          200: {
+            type: "object",
+            properties: { items: { type: "array" }, total: { type: "integer" } }
+          }
+        }
+      }
+    }, async (_request, reply) => {
+      const allCards = listCards(db);
+      const ownerMap = /* @__PURE__ */ new Map();
+      for (const card of allCards) {
+        const existing = ownerMap.get(card.owner) ?? [];
+        existing.push(card);
+        ownerMap.set(card.owner, existing);
+      }
+      const creditsStmt = db.prepare(`
+      SELECT cc.owner,
+             SUM(CASE WHEN rl.status = 'success' THEN rl.credits_charged ELSE 0 END) as credits_earned
+      FROM capability_cards cc
+      LEFT JOIN request_log rl ON rl.card_id = cc.id
+      GROUP BY cc.owner
+    `);
+      const creditsRows = creditsStmt.all();
+      const creditsMap = new Map(creditsRows.map((r) => [r.owner, r.credits_earned ?? 0]));
+      const agents = Array.from(ownerMap.entries()).map(([owner, cards]) => {
+        const skillCount = cards.reduce((sum, card) => sum + (card.skills?.length ?? 1), 0);
+        const successRates = cards.map((c) => c.metadata?.success_rate).filter((r) => r != null);
+        const avgSuccessRate = successRates.length > 0 ? successRates.reduce((a, b) => a + b, 0) / successRates.length : null;
+        const memberStmt = db.prepare(
+          "SELECT MIN(created_at) as earliest FROM capability_cards WHERE owner = ?"
+        );
+        const memberRow = memberStmt.get(owner);
+        return {
+          owner,
+          skill_count: skillCount,
+          success_rate: avgSuccessRate,
+          total_earned: creditsMap.get(owner) ?? 0,
+          member_since: memberRow?.earliest ?? (/* @__PURE__ */ new Date()).toISOString()
+        };
       });
-    }
-    const card = result.data;
-    const now = (/* @__PURE__ */ new Date()).toISOString();
-    if (card.spec_version === "2.0") {
-      const cardWithTimestamps = {
-        ...card,
-        created_at: card.created_at ?? now,
-        updated_at: now
+      agents.sort((a, b) => {
+        const aRate = a.success_rate ?? -1;
+        const bRate = b.success_rate ?? -1;
+        if (bRate !== aRate) return bRate - aRate;
+        return b.total_earned - a.total_earned;
+      });
+      return reply.send({ items: agents, total: agents.length });
+    });
+    api.get("/api/agents/:owner", {
+      schema: {
+        tags: ["agents"],
+        summary: "Get agent profile, skills, and recent activity",
+        params: { type: "object", properties: { owner: { type: "string" } }, required: ["owner"] },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              profile: { type: "object", additionalProperties: true },
+              skills: { type: "array" },
+              recent_activity: { type: "array" }
+            }
+          },
+          404: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const { owner } = request.params;
+      const ownerCards = listCards(db, owner);
+      if (ownerCards.length === 0) {
+        return reply.status(404).send({ error: "Agent not found" });
+      }
+      const skillCount = ownerCards.reduce((sum, card) => sum + (card.skills?.length ?? 1), 0);
+      const successRates = ownerCards.map((c) => c.metadata?.success_rate).filter((r) => r != null);
+      const avgSuccessRate = successRates.length > 0 ? successRates.reduce((a, b) => a + b, 0) / successRates.length : null;
+      const creditsStmt = db.prepare(`
+      SELECT SUM(CASE WHEN rl.status = 'success' THEN rl.credits_charged ELSE 0 END) as credits_earned
+      FROM capability_cards cc
+      LEFT JOIN request_log rl ON rl.card_id = cc.id
+      WHERE cc.owner = ?
+    `);
+      const creditsRow = creditsStmt.get(owner);
+      const memberStmt = db.prepare(
+        "SELECT MIN(created_at) as earliest FROM capability_cards WHERE owner = ?"
+      );
+      const memberRow = memberStmt.get(owner);
+      const activityStmt = db.prepare(`
+      SELECT rl.id, rl.card_name, rl.requester, rl.status, rl.credits_charged, rl.created_at
+      FROM request_log rl
+      INNER JOIN capability_cards cc ON rl.card_id = cc.id
+      WHERE cc.owner = ?
+      ORDER BY rl.created_at DESC
+      LIMIT 10
+    `);
+      const recentActivity = activityStmt.all(owner);
+      const profile = {
+        owner,
+        skill_count: skillCount,
+        success_rate: avgSuccessRate,
+        total_earned: creditsRow?.credits_earned ?? 0,
+        member_since: memberRow?.earliest ?? (/* @__PURE__ */ new Date()).toISOString()
       };
-      db.prepare(
-        `INSERT OR REPLACE INTO capability_cards (id, owner, data, created_at, updated_at)
-         VALUES (?, ?, ?, ?, ?)`
-      ).run(
-        cardWithTimestamps.id,
-        cardWithTimestamps.owner,
-        JSON.stringify(cardWithTimestamps),
-        cardWithTimestamps.created_at,
-        cardWithTimestamps.updated_at
+      return reply.send({
+        profile,
+        skills: ownerCards,
+        recent_activity: recentActivity
+      });
+    });
+    api.get("/api/activity", {
+      schema: {
+        tags: ["system"],
+        summary: "Paginated public activity feed of exchange events",
+        querystring: {
+          type: "object",
+          properties: {
+            limit: { type: "integer", default: 20, description: "Max items (max 100)" },
+            since: { type: "string", description: "ISO 8601 timestamp for polling" }
+          }
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              items: { type: "array" },
+              total: { type: "integer" },
+              limit: { type: "integer" }
+            }
+          }
+        }
+      }
+    }, async (request, reply) => {
+      const query = request.query;
+      const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+      const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+      const since = query.since?.trim() || void 0;
+      const items = getActivityFeed(db, limit, since);
+      return reply.send({ items, total: items.length, limit });
+    });
+    api.get("/api/stats", {
+      schema: {
+        tags: ["system"],
+        summary: "Aggregate network statistics",
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              agents_online: { type: "integer" },
+              total_capabilities: { type: "integer" },
+              total_exchanges: { type: "integer" }
+            }
+          }
+        }
+      }
+    }, async (_request, reply) => {
+      const allCards = listCards(db);
+      const onlineOwners = /* @__PURE__ */ new Set();
+      if (relayState) {
+        for (const owner of relayState.getOnlineOwners()) {
+          onlineOwners.add(owner);
+        }
+      }
+      for (const card of allCards) {
+        if (card.availability.online) {
+          onlineOwners.add(card.owner);
+        }
+      }
+      const exchangeStmt = db.prepare(
+        "SELECT COUNT(*) as count FROM request_log WHERE status = 'success' AND (action_type IS NULL OR action_type = 'auto_share')"
       );
-    } else {
+      const exchangeRow = exchangeStmt.get();
+      return reply.send({
+        agents_online: onlineOwners.size,
+        total_capabilities: allCards.reduce((sum, card) => {
+          const v2 = card;
+          return sum + (v2.skills?.length ?? 1);
+        }, 0),
+        total_exchanges: exchangeRow.count
+      });
+    });
+    api.post("/api/identity/register", {
+      schema: {
+        tags: ["identity"],
+        summary: "Register a human guarantor via GitHub login",
+        body: {
+          type: "object",
+          properties: { github_login: { type: "string" } },
+          required: ["github_login"]
+        },
+        response: {
+          201: { type: "object", additionalProperties: true },
+          400: { type: "object", properties: { error: { type: "string" } } },
+          409: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      if (!opts.creditDb) {
+        return reply.code(503).send({ error: "Credit database not configured" });
+      }
+      const body = request.body;
+      const githubLogin = typeof body.github_login === "string" ? body.github_login.trim() : "";
+      if (!githubLogin) {
+        return reply.code(400).send({ error: "github_login is required" });
+      }
+      try {
+        const record = registerGuarantor(opts.creditDb, githubLogin);
+        const auth = initiateGithubAuth();
+        return reply.code(201).send({ guarantor: record, oauth: auth });
+      } catch (err) {
+        if (err instanceof AgentBnBError && err.code === "GUARANTOR_EXISTS") {
+          return reply.code(409).send({ error: err.message });
+        }
+        throw err;
+      }
+    });
+    api.post("/api/identity/link", {
+      schema: {
+        tags: ["identity"],
+        summary: "Link an agent to a human guarantor",
+        body: {
+          type: "object",
+          properties: {
+            agent_id: { type: "string" },
+            github_login: { type: "string" }
+          },
+          required: ["agent_id", "github_login"]
+        },
+        response: {
+          200: { type: "object", additionalProperties: true },
+          400: { type: "object", properties: { error: { type: "string" } } },
+          404: { type: "object", properties: { error: { type: "string" } } },
+          409: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      if (!opts.creditDb) {
+        return reply.code(503).send({ error: "Credit database not configured" });
+      }
+      const body = request.body;
+      const agentId = typeof body.agent_id === "string" ? body.agent_id.trim() : "";
+      const githubLogin = typeof body.github_login === "string" ? body.github_login.trim() : "";
+      if (!agentId || !githubLogin) {
+        return reply.code(400).send({ error: "agent_id and github_login are required" });
+      }
       try {
-        insertCard(db, card);
+        const record = linkAgentToGuarantor(opts.creditDb, agentId, githubLogin);
+        return reply.send({ guarantor: record });
       } catch (err) {
-        if (err instanceof AgentBnBError && err.code === "VALIDATION_ERROR") {
-          return reply.code(400).send({ error: err.message });
+        if (err instanceof AgentBnBError) {
+          const statusMap = {
+            GUARANTOR_NOT_FOUND: 404,
+            MAX_AGENTS_EXCEEDED: 409,
+            AGENT_ALREADY_LINKED: 409
+          };
+          const status = statusMap[err.code] ?? 400;
+          return reply.code(status).send({ error: err.message });
         }
         throw err;
       }
-    }
-    return reply.code(201).send({ ok: true, id: card.id });
-  });
-  server.delete("/cards/:id", async (request, reply) => {
-    const { id } = request.params;
-    const card = getCard(db, id);
-    if (!card) {
-      return reply.code(404).send({ error: "Not found" });
-    }
-    db.prepare("DELETE FROM capability_cards WHERE id = ?").run(id);
-    return reply.send({ ok: true, id });
-  });
-  server.get("/api/agents", async (_request, reply) => {
-    const allCards = listCards(db);
-    const ownerMap = /* @__PURE__ */ new Map();
-    for (const card of allCards) {
-      const existing = ownerMap.get(card.owner) ?? [];
-      existing.push(card);
-      ownerMap.set(card.owner, existing);
-    }
-    const creditsStmt = db.prepare(`
-      SELECT cc.owner,
-             SUM(CASE WHEN rl.status = 'success' THEN rl.credits_charged ELSE 0 END) as credits_earned
-      FROM capability_cards cc
-      LEFT JOIN request_log rl ON rl.card_id = cc.id
-      GROUP BY cc.owner
-    `);
-    const creditsRows = creditsStmt.all();
-    const creditsMap = new Map(creditsRows.map((r) => [r.owner, r.credits_earned ?? 0]));
-    const agents = Array.from(ownerMap.entries()).map(([owner, cards]) => {
-      const skillCount = cards.reduce((sum, card) => sum + (card.skills?.length ?? 1), 0);
-      const successRates = cards.map((c) => c.metadata?.success_rate).filter((r) => r != null);
-      const avgSuccessRate = successRates.length > 0 ? successRates.reduce((a, b) => a + b, 0) / successRates.length : null;
-      const memberStmt = db.prepare(
-        "SELECT MIN(created_at) as earliest FROM capability_cards WHERE owner = ?"
-      );
-      const memberRow = memberStmt.get(owner);
-      return {
-        owner,
-        skill_count: skillCount,
-        success_rate: avgSuccessRate,
-        total_earned: creditsMap.get(owner) ?? 0,
-        member_since: memberRow?.earliest ?? (/* @__PURE__ */ new Date()).toISOString()
-      };
-    });
-    agents.sort((a, b) => {
-      const aRate = a.success_rate ?? -1;
-      const bRate = b.success_rate ?? -1;
-      if (bRate !== aRate) return bRate - aRate;
-      return b.total_earned - a.total_earned;
-    });
-    return reply.send({ items: agents, total: agents.length });
-  });
-  server.get("/api/agents/:owner", async (request, reply) => {
-    const { owner } = request.params;
-    const ownerCards = listCards(db, owner);
-    if (ownerCards.length === 0) {
-      return reply.status(404).send({ error: "Agent not found" });
-    }
-    const skillCount = ownerCards.reduce((sum, card) => sum + (card.skills?.length ?? 1), 0);
-    const successRates = ownerCards.map((c) => c.metadata?.success_rate).filter((r) => r != null);
-    const avgSuccessRate = successRates.length > 0 ? successRates.reduce((a, b) => a + b, 0) / successRates.length : null;
-    const creditsStmt = db.prepare(`
-      SELECT SUM(CASE WHEN rl.status = 'success' THEN rl.credits_charged ELSE 0 END) as credits_earned
-      FROM capability_cards cc
-      LEFT JOIN request_log rl ON rl.card_id = cc.id
-      WHERE cc.owner = ?
-    `);
-    const creditsRow = creditsStmt.get(owner);
-    const memberStmt = db.prepare(
-      "SELECT MIN(created_at) as earliest FROM capability_cards WHERE owner = ?"
-    );
-    const memberRow = memberStmt.get(owner);
-    const activityStmt = db.prepare(`
-      SELECT rl.id, rl.card_name, rl.requester, rl.status, rl.credits_charged, rl.created_at
-      FROM request_log rl
-      INNER JOIN capability_cards cc ON rl.card_id = cc.id
-      WHERE cc.owner = ?
-      ORDER BY rl.created_at DESC
-      LIMIT 10
-    `);
-    const recentActivity = activityStmt.all(owner);
-    const profile = {
-      owner,
-      skill_count: skillCount,
-      success_rate: avgSuccessRate,
-      total_earned: creditsRow?.credits_earned ?? 0,
-      member_since: memberRow?.earliest ?? (/* @__PURE__ */ new Date()).toISOString()
-    };
-    return reply.send({
-      profile,
-      skills: ownerCards,
-      recent_activity: recentActivity
     });
-  });
-  server.get("/api/activity", async (request, reply) => {
-    const query = request.query;
-    const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
-    const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
-    const since = query.since?.trim() || void 0;
-    const items = getActivityFeed(db, limit, since);
-    return reply.send({ items, total: items.length, limit });
-  });
-  server.get("/api/stats", async (_request, reply) => {
-    const allCards = listCards(db);
-    const onlineOwners = /* @__PURE__ */ new Set();
-    if (relayState) {
-      for (const owner of relayState.getOnlineOwners()) {
-        onlineOwners.add(owner);
+    api.get("/api/identity/:agent_id", {
+      schema: {
+        tags: ["identity"],
+        summary: "Get guarantor info for an agent",
+        params: { type: "object", properties: { agent_id: { type: "string" } }, required: ["agent_id"] },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              agent_id: { type: "string" },
+              guarantor: { oneOf: [{ type: "object", additionalProperties: true }, { type: "null" }] }
+            }
+          }
+        }
       }
-    }
-    for (const card of allCards) {
-      if (card.availability.online) {
-        onlineOwners.add(card.owner);
+    }, async (request, reply) => {
+      if (!opts.creditDb) {
+        return reply.code(503).send({ error: "Credit database not configured" });
       }
-    }
-    const exchangeStmt = db.prepare(
-      "SELECT COUNT(*) as count FROM request_log WHERE status = 'success' AND (action_type IS NULL OR action_type = 'auto_share')"
-    );
-    const exchangeRow = exchangeStmt.get();
-    return reply.send({
-      agents_online: onlineOwners.size,
-      total_capabilities: allCards.reduce((sum, card) => {
-        const v2 = card;
-        return sum + (v2.skills?.length ?? 1);
-      }, 0),
-      total_exchanges: exchangeRow.count
+      const { agent_id } = request.params;
+      const guarantor = getAgentGuarantor(opts.creditDb, agent_id);
+      return reply.send({ agent_id, guarantor });
     });
-  });
-  server.post("/api/identity/register", async (request, reply) => {
-    if (!opts.creditDb) {
-      return reply.code(503).send({ error: "Credit database not configured" });
-    }
-    const body = request.body;
-    const githubLogin = typeof body.github_login === "string" ? body.github_login.trim() : "";
-    if (!githubLogin) {
-      return reply.code(400).send({ error: "github_login is required" });
-    }
-    try {
-      const record = registerGuarantor(opts.creditDb, githubLogin);
-      const auth = initiateGithubAuth();
-      return reply.code(201).send({ guarantor: record, oauth: auth });
-    } catch (err) {
-      if (err instanceof AgentBnBError && err.code === "GUARANTOR_EXISTS") {
-        return reply.code(409).send({ error: err.message });
-      }
-      throw err;
-    }
-  });
-  server.post("/api/identity/link", async (request, reply) => {
-    if (!opts.creditDb) {
-      return reply.code(503).send({ error: "Credit database not configured" });
-    }
-    const body = request.body;
-    const agentId = typeof body.agent_id === "string" ? body.agent_id.trim() : "";
-    const githubLogin = typeof body.github_login === "string" ? body.github_login.trim() : "";
-    if (!agentId || !githubLogin) {
-      return reply.code(400).send({ error: "agent_id and github_login are required" });
-    }
-    try {
-      const record = linkAgentToGuarantor(opts.creditDb, agentId, githubLogin);
-      return reply.send({ guarantor: record });
-    } catch (err) {
-      if (err instanceof AgentBnBError) {
-        const statusMap = {
-          GUARANTOR_NOT_FOUND: 404,
-          MAX_AGENTS_EXCEEDED: 409,
-          AGENT_ALREADY_LINKED: 409
-        };
-        const status = statusMap[err.code] ?? 400;
-        return reply.code(status).send({ error: err.message });
+    api.get("/api/openapi/gpt-actions", {
+      schema: {
+        tags: ["system"],
+        summary: "GPT Actions-compatible OpenAPI schema",
+        description: "Returns a GPT Builder-importable OpenAPI spec with only public GET/POST endpoints",
+        querystring: {
+          type: "object",
+          properties: {
+            server_url: { type: "string", description: "Base URL for the server (required for absolute URLs in GPT Actions)" }
+          }
+        },
+        response: { 200: { type: "object", additionalProperties: true } }
       }
-      throw err;
-    }
-  });
-  server.get("/api/identity/:agent_id", async (request, reply) => {
-    if (!opts.creditDb) {
-      return reply.code(503).send({ error: "Credit database not configured" });
-    }
-    const { agent_id } = request.params;
-    const guarantor = getAgentGuarantor(opts.creditDb, agent_id);
-    return reply.send({ agent_id, guarantor });
-  });
-  if (opts.ownerApiKey && opts.ownerName) {
-    const ownerApiKey = opts.ownerApiKey;
-    const ownerName = opts.ownerName;
-    void server.register(async (ownerRoutes) => {
-      ownerRoutes.addHook("onRequest", async (request, reply) => {
-        const auth = request.headers.authorization;
-        const token = auth?.startsWith("Bearer ") ? auth.slice(7).trim() : null;
-        if (!token || token !== ownerApiKey) {
-          return reply.status(401).send({ error: "Unauthorized" });
-        }
-      });
-      ownerRoutes.get("/me", async (_request, reply) => {
-        const balance = opts.creditDb ? getBalance(opts.creditDb, ownerName) : 0;
-        return reply.send({ owner: ownerName, balance });
-      });
-      ownerRoutes.get("/requests", async (request, reply) => {
-        const query = request.query;
-        const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 10;
-        const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 10 : rawLimit, 100);
-        const sinceRaw = query.since;
-        const validSince = ["24h", "7d", "30d"];
-        const since = sinceRaw && validSince.includes(sinceRaw) ? sinceRaw : void 0;
-        const items = getRequestLog(db, limit, since);
-        return reply.send({ items, limit });
-      });
-      ownerRoutes.get("/draft", async (_request, reply) => {
-        const detectedKeys = detectApiKeys(KNOWN_API_KEYS);
-        const cards = detectedKeys.map((key) => buildDraftCard(key, ownerName)).filter((card) => card !== null);
-        return reply.send({ cards });
-      });
-      ownerRoutes.post("/cards/:id/toggle-online", async (request, reply) => {
-        const { id } = request.params;
-        const card = getCard(db, id);
-        if (!card) {
-          return reply.code(404).send({ error: "Not found" });
-        }
-        try {
-          const newOnline = !card.availability.online;
-          updateCard(db, id, ownerName, {
-            availability: { ...card.availability, online: newOnline }
-          });
-          return reply.send({ ok: true, online: newOnline });
-        } catch (err) {
-          if (err instanceof AgentBnBError && err.code === "FORBIDDEN") {
-            return reply.code(403).send({ error: "Forbidden" });
+    }, async (request, reply) => {
+      const query = request.query;
+      const serverUrl = query.server_url?.trim() || `${request.protocol}://${request.hostname}`;
+      const openapiSpec = server.swagger();
+      const gptActions = convertToGptActions(openapiSpec, serverUrl);
+      return reply.send(gptActions);
+    });
+    if (opts.ownerApiKey && opts.ownerName) {
+      const ownerApiKey = opts.ownerApiKey;
+      const ownerName = opts.ownerName;
+      void api.register(async (ownerRoutes) => {
+        ownerRoutes.addHook("onRequest", async (request, reply) => {
+          const auth = request.headers.authorization;
+          const token = auth?.startsWith("Bearer ") ? auth.slice(7).trim() : null;
+          if (!token || token !== ownerApiKey) {
+            return reply.status(401).send({ error: "Unauthorized" });
           }
-          throw err;
-        }
-      });
-      ownerRoutes.patch("/cards/:id", async (request, reply) => {
-        const { id } = request.params;
-        const body = request.body;
-        const updates = {};
-        if (body.description !== void 0) updates.description = body.description;
-        if (body.pricing !== void 0) updates.pricing = body.pricing;
-        try {
-          updateCard(db, id, ownerName, updates);
-          return reply.send({ ok: true });
-        } catch (err) {
-          if (err instanceof AgentBnBError) {
-            if (err.code === "FORBIDDEN") {
+        });
+        ownerRoutes.get("/me", {
+          schema: {
+            tags: ["owner"],
+            summary: "Get owner identity and credit balance",
+            security: [{ bearerAuth: [] }],
+            response: {
+              200: { type: "object", properties: { owner: { type: "string" }, balance: { type: "number" } } }
+            }
+          }
+        }, async (_request, reply) => {
+          let balance = 0;
+          if (opts.creditDb) {
+            const ledger = createLedger({ db: opts.creditDb });
+            balance = await ledger.getBalance(ownerName);
+          }
+          return reply.send({ owner: ownerName, balance });
+        });
+        ownerRoutes.get("/requests", {
+          schema: {
+            tags: ["owner"],
+            summary: "Paginated request log entries",
+            security: [{ bearerAuth: [] }],
+            querystring: {
+              type: "object",
+              properties: {
+                limit: { type: "integer", description: "Max entries (default 10, max 100)" },
+                since: { type: "string", enum: ["24h", "7d", "30d"], description: "Time window" }
+              }
+            },
+            response: { 200: { type: "object", properties: { items: { type: "array" }, limit: { type: "integer" } } } }
+          }
+        }, async (request, reply) => {
+          const query = request.query;
+          const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 10;
+          const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 10 : rawLimit, 100);
+          const sinceRaw = query.since;
+          const validSince = ["24h", "7d", "30d"];
+          const since = sinceRaw && validSince.includes(sinceRaw) ? sinceRaw : void 0;
+          const items = getRequestLog(db, limit, since);
+          return reply.send({ items, limit });
+        });
+        ownerRoutes.get("/draft", {
+          schema: {
+            tags: ["owner"],
+            summary: "Draft capability cards from auto-detected API keys",
+            security: [{ bearerAuth: [] }],
+            response: { 200: { type: "object", properties: { cards: { type: "array" } } } }
+          }
+        }, async (_request, reply) => {
+          const detectedKeys = detectApiKeys(KNOWN_API_KEYS);
+          const cards = detectedKeys.map((key) => buildDraftCard(key, ownerName)).filter((card) => card !== null);
+          return reply.send({ cards });
+        });
+        ownerRoutes.post("/cards/:id/toggle-online", {
+          schema: {
+            tags: ["owner"],
+            summary: "Toggle card online/offline status",
+            security: [{ bearerAuth: [] }],
+            params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+            response: {
+              200: { type: "object", properties: { ok: { type: "boolean" }, online: { type: "boolean" } } },
+              404: { type: "object", properties: { error: { type: "string" } } }
+            }
+          }
+        }, async (request, reply) => {
+          const { id } = request.params;
+          const card = getCard(db, id);
+          if (!card) {
+            return reply.code(404).send({ error: "Not found" });
+          }
+          try {
+            const newOnline = !card.availability.online;
+            updateCard(db, id, ownerName, {
+              availability: { ...card.availability, online: newOnline }
+            });
+            return reply.send({ ok: true, online: newOnline });
+          } catch (err) {
+            if (err instanceof AgentBnBError && err.code === "FORBIDDEN") {
               return reply.code(403).send({ error: "Forbidden" });
             }
-            if (err.code === "NOT_FOUND") {
-              return reply.code(404).send({ error: "Not found" });
+            throw err;
+          }
+        });
+        ownerRoutes.patch("/cards/:id", {
+          schema: {
+            tags: ["owner"],
+            summary: "Update card description or pricing",
+            security: [{ bearerAuth: [] }],
+            params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+            body: {
+              type: "object",
+              properties: {
+                description: { type: "string" },
+                pricing: { type: "object", additionalProperties: true }
+              },
+              additionalProperties: true
+            },
+            response: {
+              200: { type: "object", properties: { ok: { type: "boolean" } } },
+              403: { type: "object", properties: { error: { type: "string" } } },
+              404: { type: "object", properties: { error: { type: "string" } } }
             }
           }
-          throw err;
-        }
-      });
-      ownerRoutes.get("/me/pending-requests", async (_request, reply) => {
-        const rows = listPendingRequests(db);
-        return reply.send(rows);
-      });
-      ownerRoutes.post("/me/pending-requests/:id/approve", async (request, reply) => {
-        const { id } = request.params;
-        try {
-          resolvePendingRequest(db, id, "approved");
-          return reply.send({ status: "approved", id });
-        } catch (err) {
-          if (err instanceof AgentBnBError) return reply.status(404).send({ error: err.message });
-          throw err;
-        }
-      });
-      ownerRoutes.post("/me/pending-requests/:id/reject", async (request, reply) => {
-        const { id } = request.params;
-        try {
-          resolvePendingRequest(db, id, "rejected");
-          return reply.send({ status: "rejected", id });
-        } catch (err) {
-          if (err instanceof AgentBnBError) return reply.status(404).send({ error: err.message });
-          throw err;
-        }
-      });
-      ownerRoutes.get("/me/transactions", async (request, reply) => {
-        const query = request.query;
-        const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
-        const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
-        if (!opts.creditDb) {
-          return reply.send({ items: [], limit });
-        }
-        const items = getTransactions(opts.creditDb, ownerName, limit);
-        return reply.send({ items, limit });
+        }, async (request, reply) => {
+          const { id } = request.params;
+          const body = request.body;
+          const updates = {};
+          if (body.description !== void 0) updates.description = body.description;
+          if (body.pricing !== void 0) updates.pricing = body.pricing;
+          try {
+            updateCard(db, id, ownerName, updates);
+            return reply.send({ ok: true });
+          } catch (err) {
+            if (err instanceof AgentBnBError) {
+              if (err.code === "FORBIDDEN") {
+                return reply.code(403).send({ error: "Forbidden" });
+              }
+              if (err.code === "NOT_FOUND") {
+                return reply.code(404).send({ error: "Not found" });
+              }
+            }
+            throw err;
+          }
+        });
+        ownerRoutes.get("/me/pending-requests", {
+          schema: {
+            tags: ["owner"],
+            summary: "List pending Tier 3 approval queue entries",
+            security: [{ bearerAuth: [] }],
+            response: { 200: { type: "array" } }
+          }
+        }, async (_request, reply) => {
+          const rows = listPendingRequests(db);
+          return reply.send(rows);
+        });
+        ownerRoutes.post("/me/pending-requests/:id/approve", {
+          schema: {
+            tags: ["owner"],
+            summary: "Approve a pending Tier 3 request",
+            security: [{ bearerAuth: [] }],
+            params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+            response: {
+              200: { type: "object", properties: { status: { type: "string" }, id: { type: "string" } } },
+              404: { type: "object", properties: { error: { type: "string" } } }
+            }
+          }
+        }, async (request, reply) => {
+          const { id } = request.params;
+          try {
+            resolvePendingRequest(db, id, "approved");
+            return reply.send({ status: "approved", id });
+          } catch (err) {
+            if (err instanceof AgentBnBError) return reply.status(404).send({ error: err.message });
+            throw err;
+          }
+        });
+        ownerRoutes.post("/me/pending-requests/:id/reject", {
+          schema: {
+            tags: ["owner"],
+            summary: "Reject a pending Tier 3 request",
+            security: [{ bearerAuth: [] }],
+            params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+            response: {
+              200: { type: "object", properties: { status: { type: "string" }, id: { type: "string" } } },
+              404: { type: "object", properties: { error: { type: "string" } } }
+            }
+          }
+        }, async (request, reply) => {
+          const { id } = request.params;
+          try {
+            resolvePendingRequest(db, id, "rejected");
+            return reply.send({ status: "rejected", id });
+          } catch (err) {
+            if (err instanceof AgentBnBError) return reply.status(404).send({ error: err.message });
+            throw err;
+          }
+        });
+        ownerRoutes.get("/me/transactions", {
+          schema: {
+            tags: ["owner"],
+            summary: "Paginated credit transaction history",
+            security: [{ bearerAuth: [] }],
+            querystring: {
+              type: "object",
+              properties: { limit: { type: "integer", description: "Max entries (default 20, max 100)" } }
+            },
+            response: {
+              200: { type: "object", properties: { items: { type: "array" }, limit: { type: "integer" } } }
+            }
+          }
+        }, async (request, reply) => {
+          const query = request.query;
+          const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+          const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+          if (!opts.creditDb) {
+            return reply.send({ items: [], limit });
+          }
+          const ledger = createLedger({ db: opts.creditDb });
+          const items = await ledger.getHistory(ownerName, limit);
+          return reply.send({ items, limit });
+        });
       });
-    });
-  }
+    }
+  });
   return { server, relayState };
 }
 
@@ -2676,10 +4333,10 @@ async function stopAnnouncement() {
 }
 
 // src/openclaw/soul-sync.ts
-import { randomUUID as randomUUID7 } from "crypto";
+import { randomUUID as randomUUID9 } from "crypto";
 
 // src/skills/publish-capability.ts
-import { randomUUID as randomUUID6 } from "crypto";
+import { randomUUID as randomUUID8 } from "crypto";
 function parseSoulMd(content) {
   const lines = content.split("\n");
   let name = "";
@@ -2689,17 +4346,23 @@ function parseSoulMd(content) {
   let currentSection = null;
   let currentCapabilityName = "";
   let currentCapabilityLines = [];
+  let currentCapabilityPricing = void 0;
   let descriptionLines = [];
   let pastFirstH1 = false;
   let pastFirstH2 = false;
   const flushCapability = () => {
     if (currentCapabilityName) {
-      capabilities.push({
+      const cap = {
         name: currentCapabilityName,
         description: currentCapabilityLines.join(" ").trim()
-      });
+      };
+      if (currentCapabilityPricing !== void 0) {
+        cap.pricing = currentCapabilityPricing;
+      }
+      capabilities.push(cap);
       currentCapabilityName = "";
       currentCapabilityLines = [];
+      currentCapabilityPricing = void 0;
     }
   };
   for (const line of lines) {
@@ -2729,7 +4392,15 @@ function parseSoulMd(content) {
     if (currentSection === "preamble" && !pastFirstH2) {
       descriptionLines.push(trimmed);
     } else if (currentSection === "capability") {
-      currentCapabilityLines.push(trimmed);
+      const pricingMatch = trimmed.match(/^pricing:\s*(\d+(?:\.\d+)?)$/i);
+      if (pricingMatch) {
+        const val = parseFloat(pricingMatch[1]);
+        if (!isNaN(val) && val >= 0) {
+          currentCapabilityPricing = val;
+        }
+      } else {
+        currentCapabilityLines.push(trimmed);
+      }
     }
   }
   flushCapability();
@@ -2750,7 +4421,7 @@ function parseSoulMdV2(content) {
   const parsed = parseSoulMd(content);
   const skills = parsed.capabilities.map((cap) => {
     const sanitizedId = cap.name.toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "");
-    const id = sanitizedId.length > 0 ? sanitizedId : randomUUID7();
+    const id = sanitizedId.length > 0 ? sanitizedId : randomUUID9();
     return {
       id,
       name: cap.name,
@@ -2772,7 +4443,7 @@ function parseSoulMdV2(content) {
           required: true
         }
       ],
-      pricing: { credits_per_call: 10 },
+      pricing: { credits_per_call: cap.pricing !== void 0 ? cap.pricing : 10 },
       availability: { online: true }
     };
   });
@@ -2792,7 +4463,7 @@ function publishFromSoulV2(db, soulContent, owner) {
     (c) => c.spec_version === "2.0"
   );
   const now = (/* @__PURE__ */ new Date()).toISOString();
-  const cardId = existingV2?.id ?? randomUUID7();
+  const cardId = existingV2?.id ?? randomUUID9();
   const card = {
     spec_version: "2.0",
     id: cardId,
@@ -2817,7 +4488,7 @@ function publishFromSoulV2(db, soulContent, owner) {
 }
 
 // src/openclaw/heartbeat-writer.ts
-import { readFileSync as readFileSync4, writeFileSync as writeFileSync2, existsSync as existsSync5 } from "fs";
+import { readFileSync as readFileSync3, writeFileSync, existsSync as existsSync4 } from "fs";
 var HEARTBEAT_MARKER_START = "<!-- agentbnb:start -->";
 var HEARTBEAT_MARKER_END = "<!-- agentbnb:end -->";
 function generateHeartbeatSection(autonomy, budget) {
@@ -2853,11 +4524,11 @@ function generateHeartbeatSection(autonomy, budget) {
   ].join("\n");
 }
 function injectHeartbeatSection(heartbeatPath, section) {
-  if (!existsSync5(heartbeatPath)) {
-    writeFileSync2(heartbeatPath, section + "\n", "utf-8");
+  if (!existsSync4(heartbeatPath)) {
+    writeFileSync(heartbeatPath, section + "\n", "utf-8");
     return;
   }
-  let content = readFileSync4(heartbeatPath, "utf-8");
+  let content = readFileSync3(heartbeatPath, "utf-8");
   const startIdx = content.indexOf(HEARTBEAT_MARKER_START);
   const endIdx = content.indexOf(HEARTBEAT_MARKER_END);
   if (startIdx !== -1 && endIdx !== -1) {
@@ -2865,7 +4536,7 @@ function injectHeartbeatSection(heartbeatPath, section) {
   } else {
     content = content + "\n" + section + "\n";
   }
-  writeFileSync2(heartbeatPath, content, "utf-8");
+  writeFileSync(heartbeatPath, content, "utf-8");
 }
 
 // src/openclaw/skill.ts
@@ -2945,11 +4616,11 @@ function getLanIp() {
 var program = new Command();
 program.name("agentbnb").description("P2P Agent Capability Sharing Protocol \u2014 Airbnb for AI agent pipelines").version(pkg.version);
 program.command("init").description("Initialize AgentBnB config and create agent identity").option("--owner <name>", "Agent owner name").option("--port <port>", "Gateway port", "7700").option("--host <ip>", "Override gateway host IP (default: auto-detected LAN IP)").option("--yes", "Auto-confirm all draft cards (non-interactive)").option("--no-detect", "Skip API key detection").option("--from <file>", "Parse a specific file for capability detection").option("--json", "Output as JSON").action(async (opts) => {
-  const owner = opts.owner ?? `agent-${randomBytes(4).toString("hex")}`;
-  const token = randomBytes(32).toString("hex");
+  const owner = opts.owner ?? `agent-${randomBytes2(4).toString("hex")}`;
+  const token = randomBytes2(32).toString("hex");
   const configDir = getConfigDir();
-  const dbPath = join4(configDir, "registry.db");
-  const creditDbPath = join4(configDir, "credit.db");
+  const dbPath = join3(configDir, "registry.db");
+  const creditDbPath = join3(configDir, "credit.db");
   const port = parseInt(opts.port, 10);
   const ip = opts.host ?? getLanIp();
   const existingConfig = loadConfig();
@@ -2963,7 +4634,7 @@ program.command("init").description("Initialize AgentBnB config and create agent
     credit_db_path: creditDbPath,
     token: existingConfig?.token ?? token,
     // Preserve existing token
-    api_key: existingConfig?.api_key ?? randomBytes(32).toString("hex")
+    api_key: existingConfig?.api_key ?? randomBytes2(32).toString("hex")
   };
   saveConfig(config);
   let keypairStatus = "existing";
@@ -2978,6 +4649,21 @@ program.command("init").description("Initialize AgentBnB config and create agent
   const creditDb = openCreditDb(creditDbPath);
   bootstrapAgent(creditDb, owner, 100);
   creditDb.close();
+  let registryBalance;
+  if (existingConfig?.registry) {
+    try {
+      const identityAuth = loadIdentityAuth(owner);
+      const ledger = createLedger({
+        registryUrl: existingConfig.registry,
+        ownerPublicKey: identityAuth.publicKey,
+        privateKey: identityAuth.privateKey
+      });
+      await ledger.grant(owner, 50);
+      registryBalance = await ledger.getBalance(owner);
+    } catch (err) {
+      console.warn(`Warning: could not connect to Registry for credit grant: ${err.message}`);
+    }
+  }
   const skipDetect = opts.detect === false;
   const publishedCards = [];
   let detectedSource = "none";
@@ -3123,6 +4809,9 @@ Publish these ${card.skills.length} capabilities? [y/N] `);
       keypair: keypairStatus,
       agent_id: identity.agent_id
     };
+    if (registryBalance !== void 0) {
+      jsonOutput.registry_balance = registryBalance;
+    }
     if (!skipDetect) {
       jsonOutput.detected_source = detectedSource;
       jsonOutput.published_cards = publishedCards;
@@ -3133,7 +4822,11 @@ Publish these ${card.skills.length} capabilities? [y/N] `);
     console.log(`  Owner:   ${owner}`);
     console.log(`  Token:   ${token}`);
     console.log(`  Config:  ${configDir}/config.json`);
-    console.log(`  Credits: 100 (starter grant)`);
+    if (registryBalance !== void 0) {
+      console.log(`  Registry balance: ${registryBalance} credits`);
+    } else {
+      console.log(`  Credits: 100 (starter grant)`);
+    }
     console.log(`  Keypair: ${keypairStatus === "generated" ? "generated (Ed25519)" : "preserved (existing)"}`);
     console.log(`  Agent ID: ${identity.agent_id}`);
     console.log(`  Gateway: http://${ip}:${port}`);
@@ -3147,7 +4840,7 @@ program.command("publish <card.json>").description("Publish a Capability Card to
   }
   let raw;
   try {
-    raw = readFileSync5(cardPath, "utf-8");
+    raw = readFileSync4(cardPath, "utf-8");
   } catch {
     console.error(`Error: cannot read file: ${cardPath}`);
     process.exit(1);
@@ -3176,6 +4869,27 @@ program.command("publish <card.json>").description("Publish a Capability Card to
   }
   const card = result.data;
   const cardName = card.spec_version === "2.0" ? card.agent_name : card.name;
+  if (card.spec_version === "2.0") {
+    const v2card = card;
+    const invalidSkill = v2card.skills?.find((s) => s.pricing.credits_per_call < 1);
+    if (invalidSkill) {
+      if (opts.json) {
+        console.log(JSON.stringify({ success: false, error: "Minimum price is 1 credit per call", skill_id: invalidSkill.id }, null, 2));
+      } else {
+        console.error(`Error: Minimum price is 1 credit per call (skill "${invalidSkill.id}" has credits_per_call=${invalidSkill.pricing.credits_per_call})`);
+      }
+      process.exit(1);
+    }
+  } else {
+    if (card.pricing.credits_per_call < 1) {
+      if (opts.json) {
+        console.log(JSON.stringify({ success: false, error: "Minimum price is 1 credit per call" }, null, 2));
+      } else {
+        console.error(`Error: Minimum price is 1 credit per call (card has credits_per_call=${card.pricing.credits_per_call})`);
+      }
+      process.exit(1);
+    }
+  }
   const db = openDatabase(config.db_path);
   try {
     if (card.spec_version === "2.0") {
@@ -3431,8 +5145,8 @@ program.command("request [card-id]").description("Request a capability from anot
         process.exit(1);
       }
     }
-    const registryDb = openDatabase(join4(getConfigDir(), "registry.db"));
-    const creditDb = openCreditDb(join4(getConfigDir(), "credit.db"));
+    const registryDb = openDatabase(join3(getConfigDir(), "registry.db"));
+    const creditDb = openCreditDb(join3(getConfigDir(), "credit.db"));
     registryDb.pragma("busy_timeout = 5000");
     creditDb.pragma("busy_timeout = 5000");
     try {
@@ -3442,7 +5156,8 @@ program.command("request [card-id]").description("Request a capability from anot
         registryDb,
         creditDb,
         autonomyConfig: config.autonomy ?? DEFAULT_AUTONOMY_CONFIG,
-        budgetManager
+        budgetManager,
+        registryUrl: config.registry
       });
       const result = await requestor.requestWithAutonomy({
         query: opts.query,
@@ -3535,68 +5250,105 @@ program.command("request [card-id]").description("Request a capability from anot
     }
   }
   const useReceipt = isRemoteRequest && opts.receipt !== false;
+  const useRegistryLedger = isRemoteRequest && !!config.registry && !!gatewayUrl;
   if (useReceipt && !opts.cost) {
     console.error("Error: --cost <credits> is required for remote requests. Specify the credits to commit.");
     process.exit(1);
   }
   let escrowId;
   let escrowReceipt;
+  let requestLedger;
   if (useReceipt) {
-    const configDir = getConfigDir();
-    const creditDb = openCreditDb(join4(configDir, "credit.db"));
-    creditDb.pragma("busy_timeout = 5000");
-    try {
-      const keys = loadKeyPair(configDir);
-      const amount = Number(opts.cost);
-      if (isNaN(amount) || amount <= 0) {
-        console.error("Error: --cost must be a positive number.");
+    const amount = Number(opts.cost);
+    if (isNaN(amount) || amount <= 0) {
+      console.error("Error: --cost must be a positive number.");
+      process.exit(1);
+    }
+    if (useRegistryLedger) {
+      const reqIdentityAuth = loadIdentityAuth(config.owner);
+      requestLedger = createLedger({
+        registryUrl: config.registry,
+        ownerPublicKey: reqIdentityAuth.publicKey,
+        privateKey: reqIdentityAuth.privateKey
+      });
+      try {
+        const { escrowId: heldId } = await requestLedger.hold(config.owner, amount, cardId);
+        escrowId = heldId;
+        if (!opts.json) {
+          console.log(`Escrow: ${amount} credits held via Registry (ID: ${escrowId.slice(0, 8)}...)`);
+        }
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        if (opts.json) {
+          console.log(JSON.stringify({ success: false, error: msg }, null, 2));
+        } else {
+          console.error(`Error creating escrow via Registry: ${msg}`);
+        }
         process.exit(1);
       }
-      const receiptResult = createSignedEscrowReceipt(creditDb, keys.privateKey, keys.publicKey, {
-        owner: config.owner,
-        amount,
-        cardId,
-        skillId: opts.skill
-      });
-      escrowId = receiptResult.escrowId;
-      escrowReceipt = receiptResult.receipt;
-      if (!opts.json) {
-        console.log(`Escrow: ${amount} credits held (ID: ${escrowId.slice(0, 8)}...)`);
+    } else if (gatewayUrl) {
+      const configDir = getConfigDir();
+      const creditDb = openCreditDb(join3(configDir, "credit.db"));
+      creditDb.pragma("busy_timeout = 5000");
+      try {
+        const keys = loadKeyPair(configDir);
+        const receiptResult = createSignedEscrowReceipt(creditDb, keys.privateKey, keys.publicKey, {
+          owner: config.owner,
+          amount,
+          cardId,
+          skillId: opts.skill
+        });
+        escrowId = receiptResult.escrowId;
+        escrowReceipt = receiptResult.receipt;
+        if (!opts.json) {
+          console.log(`Escrow: ${amount} credits held (ID: ${escrowId.slice(0, 8)}...)`);
+        }
+      } catch (err) {
+        creditDb.close();
+        const msg = err instanceof Error ? err.message : String(err);
+        if (opts.json) {
+          console.log(JSON.stringify({ success: false, error: msg }, null, 2));
+        } else {
+          console.error(`Error creating escrow receipt: ${msg}`);
+        }
+        process.exit(1);
       }
-    } catch (err) {
       creditDb.close();
-      const msg = err instanceof Error ? err.message : String(err);
-      if (opts.json) {
-        console.log(JSON.stringify({ success: false, error: msg }, null, 2));
-      } else {
-        console.error(`Error creating escrow receipt: ${msg}`);
-      }
-      process.exit(1);
     }
   }
-  const settleEscrow = () => {
+  const settleEscrow2 = async () => {
     if (useReceipt && escrowId) {
-      const configDir = getConfigDir();
-      const creditDb = openCreditDb(join4(configDir, "credit.db"));
-      creditDb.pragma("busy_timeout = 5000");
-      try {
-        settleRequesterEscrow(creditDb, escrowId);
+      if (requestLedger) {
+        await requestLedger.settle(escrowId, targetOwner ?? config.owner);
         if (!opts.json) console.log(`Escrow settled: ${opts.cost} credits deducted.`);
-      } finally {
-        creditDb.close();
+      } else if (escrowReceipt) {
+        const configDir = getConfigDir();
+        const creditDb = openCreditDb(join3(configDir, "credit.db"));
+        creditDb.pragma("busy_timeout = 5000");
+        try {
+          settleRequesterEscrow(creditDb, escrowId);
+          if (!opts.json) console.log(`Escrow settled: ${opts.cost} credits deducted.`);
+        } finally {
+          creditDb.close();
+        }
       }
     }
   };
-  const releaseEscrow2 = () => {
+  const releaseEscrow2 = async () => {
     if (useReceipt && escrowId) {
-      const configDir = getConfigDir();
-      const creditDb = openCreditDb(join4(configDir, "credit.db"));
-      creditDb.pragma("busy_timeout = 5000");
-      try {
-        releaseRequesterEscrow(creditDb, escrowId);
+      if (requestLedger) {
+        await requestLedger.release(escrowId);
         if (!opts.json) console.log("Escrow released: credits refunded.");
-      } finally {
-        creditDb.close();
+      } else if (escrowReceipt) {
+        const configDir = getConfigDir();
+        const creditDb = openCreditDb(join3(configDir, "credit.db"));
+        creditDb.pragma("busy_timeout = 5000");
+        try {
+          releaseRequesterEscrow(creditDb, escrowId);
+          if (!opts.json) console.log("Escrow released: credits refunded.");
+        } finally {
+          creditDb.close();
+        }
       }
     }
   };
@@ -3613,8 +5365,8 @@ program.command("request [card-id]").description("Request a capability from anot
     return msg.includes("NETWORK_ERROR") || msg.includes("ECONNREFUSED") || msg.includes("fetch failed") || msg.includes("Network error");
   };
   const tryViaRelay = async () => {
-    const { RelayClient } = await import("../websocket-client-5TIQDYQ4.js");
-    const { requestViaRelay } = await import("../client-IOTK6GOS.js");
+    const { RelayClient } = await import("../websocket-client-6IIDGXKB.js");
+    const { requestViaRelay } = await import("../client-BTPIFY7E.js");
     const tempRelay = new RelayClient({
       registryUrl: config.registry,
       owner: config.owner,
@@ -3661,10 +5413,10 @@ program.command("request [card-id]").description("Request a capability from anot
         }
       }
     }
-    settleEscrow();
+    await settleEscrow2();
     printResult(result);
   } catch (err) {
-    releaseEscrow2();
+    await releaseEscrow2();
     const msg = err instanceof Error ? err.message : String(err);
     if (opts.json) {
       console.log(JSON.stringify({ success: false, error: msg }, null, 2));
@@ -3684,12 +5436,28 @@ program.command("status").description("Show credit balance and recent transactio
   let balance;
   let transactions;
   let heldEscrows;
-  try {
-    balance = getBalance(creditDb, config.owner);
-    transactions = getTransactions(creditDb, config.owner, 5);
-    heldEscrows = creditDb.prepare("SELECT id, amount, card_id, created_at FROM credit_escrow WHERE owner = ? AND status = ?").all(config.owner, "held");
-  } finally {
-    creditDb.close();
+  if (config.registry) {
+    const statusIdentityAuth = loadIdentityAuth(config.owner);
+    const statusLedger = createLedger({
+      registryUrl: config.registry,
+      ownerPublicKey: statusIdentityAuth.publicKey,
+      privateKey: statusIdentityAuth.privateKey
+    });
+    try {
+      balance = await statusLedger.getBalance(config.owner);
+      transactions = await statusLedger.getHistory(config.owner, 5);
+      heldEscrows = creditDb.prepare("SELECT id, amount, card_id, created_at FROM credit_escrow WHERE owner = ? AND status = ?").all(config.owner, "held");
+    } finally {
+      creditDb.close();
+    }
+  } else {
+    try {
+      balance = getBalance(creditDb, config.owner);
+      transactions = getTransactions(creditDb, config.owner, 5);
+      heldEscrows = creditDb.prepare("SELECT id, amount, card_id, created_at FROM credit_escrow WHERE owner = ? AND status = ?").all(config.owner, "held");
+    } finally {
+      creditDb.close();
+    }
   }
   if (opts.json) {
     console.log(JSON.stringify({ owner: config.owner, balance, held_escrows: heldEscrows, recent_transactions: transactions }, null, 2));
@@ -3722,7 +5490,7 @@ program.command("serve").description("Start the AgentBnB gateway server").option
   }
   const port = opts.port ? parseInt(opts.port, 10) : config.gateway_port;
   const registryPort = parseInt(opts.registryPort, 10);
-  const skillsYamlPath = opts.skillsYaml ?? join4(homedir(), ".agentbnb", "skills.yaml");
+  const skillsYamlPath = opts.skillsYaml ?? join3(homedir(), ".agentbnb", "skills.yaml");
   const runtime = new AgentRuntime({
     registryDbPath: config.db_path,
     creditDbPath: config.credit_db_path,
@@ -3738,6 +5506,19 @@ program.command("serve").description("Start the AgentBnB gateway server").option
   if (opts.conductor) {
     console.log("Conductor mode enabled \u2014 orchestrate/plan skills available via gateway");
   }
+  if (opts.conductor && config.conductor?.public) {
+    const { buildConductorCard } = await import("../card-4XH4AOTE.js");
+    const { AnyCardSchema: AnyCard } = await import("../types-FGBUZ3QV.js");
+    const conductorCard = buildConductorCard(config.owner);
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const existing = runtime.registryDb.prepare("SELECT id FROM capability_cards WHERE id = ?").get(conductorCard.id);
+    if (existing) {
+      runtime.registryDb.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(JSON.stringify(conductorCard), now, conductorCard.id);
+    } else {
+      runtime.registryDb.prepare("INSERT INTO capability_cards (id, owner, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?)").run(conductorCard.id, config.owner, JSON.stringify(conductorCard), now, now);
+    }
+    console.log("Conductor card registered locally (conductor.public: true)");
+  }
   const autonomyConfig = config.autonomy ?? DEFAULT_AUTONOMY_CONFIG;
   const idleMonitor = new IdleMonitor({
     owner: config.owner,
@@ -3801,8 +5582,8 @@ program.command("serve").description("Start the AgentBnB gateway server").option
     }
     const relayUrl = opts.registry ?? config.registry;
     if (relayUrl && opts.relay !== false) {
-      const { RelayClient } = await import("../websocket-client-5TIQDYQ4.js");
-      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../execute-GDGBU6DJ.js");
+      const { RelayClient } = await import("../websocket-client-6IIDGXKB.js");
+      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../execute-EXOITLHN.js");
       const cards = listCards(runtime.registryDb, config.owner);
       const card = cards[0] ?? {
         id: config.owner,
@@ -3816,12 +5597,23 @@ program.command("serve").description("Start the AgentBnB gateway server").option
         pricing: { credits_per_call: 0 },
         availability: { online: true }
       };
+      const additionalCards = [];
+      if (config.conductor?.public) {
+        const { buildConductorCard } = await import("../card-4XH4AOTE.js");
+        const conductorCard = buildConductorCard(config.owner);
+        additionalCards.push(conductorCard);
+        console.log("Conductor card will be published to registry (conductor.public: true)");
+      }
       relayClient = new RelayClient({
         registryUrl: relayUrl,
         owner: config.owner,
         token: config.token,
         card,
+        cards: additionalCards.length > 0 ? additionalCards : void 0,
         onRequest: async (req) => {
+          const onProgress = (info) => {
+            relayClient.sendProgress(req.id, info);
+          };
           const result = await executeCapabilityRequest2({
             registryDb: runtime.registryDb,
             creditDb: runtime.creditDb,
@@ -3831,7 +5623,8 @@ program.command("serve").description("Start the AgentBnB gateway server").option
             requester: req.requester ?? req.from_owner,
             escrowReceipt: req.escrow_receipt,
             skillExecutor: runtime.skillExecutor,
-            handlerUrl: opts.handlerUrl
+            handlerUrl: opts.handlerUrl,
+            onProgress
           });
           if (result.success) {
             return { result: result.result };
@@ -3906,7 +5699,7 @@ peersCommand.command("remove <name>").description("Remove a registered peer").ac
 });
 var configCmd = program.command("config").description("Get or set AgentBnB configuration values");
 configCmd.command("set <key> <value>").description("Set a configuration value").action((key, value) => {
-  const allowedKeys = ["registry", "tier1", "tier2", "reserve", "idle-threshold"];
+  const allowedKeys = ["registry", "tier1", "tier2", "reserve", "idle-threshold", "conductor-public"];
   if (!allowedKeys.includes(key)) {
     console.error(`Unknown config key: ${key}. Valid keys: ${allowedKeys.join(", ")}`);
     process.exit(1);
@@ -3971,6 +5764,17 @@ configCmd.command("set <key> <value>").description("Set a configuration value").
     console.log(`Set idle-threshold = ${parsed} (idle rate threshold for auto-share)`);
     return;
   }
+  if (key === "conductor-public") {
+    const boolVal = value === "true";
+    if (value !== "true" && value !== "false") {
+      console.error('Error: conductor-public must be "true" or "false"');
+      process.exit(1);
+    }
+    config.conductor = { public: boolVal };
+    saveConfig(config);
+    console.log(`Set conductor-public = ${boolVal} (conductor card ${boolVal ? "will be" : "will NOT be"} published to registry)`);
+    return;
+  }
   config[key] = value;
   saveConfig(config);
   console.log(`Set ${key} = ${value}`);
@@ -3998,6 +5802,10 @@ configCmd.command("get <key>").description("Get a configuration value").action((
     console.log(val !== void 0 ? String(val) : "0.70");
     return;
   }
+  if (key === "conductor-public") {
+    console.log(String(config.conductor?.public ?? false));
+    return;
+  }
   const value = config[key];
   console.log(value !== void 0 ? String(value) : "(not set)");
 });
@@ -4010,7 +5818,7 @@ openclaw.command("sync").description("Read SOUL.md and publish/update a v2.0 cap
   }
   let content;
   try {
-    content = readFileSync5(opts.soulPath, "utf-8");
+    content = readFileSync4(opts.soulPath, "utf-8");
   } catch {
     console.error(`Error: cannot read SOUL.md at ${opts.soulPath}`);
     process.exit(1);
@@ -4019,6 +5827,14 @@ openclaw.command("sync").description("Read SOUL.md and publish/update a v2.0 cap
   try {
     const card = publishFromSoulV2(db, content, config.owner);
     console.log(`Published card ${card.id} with ${card.skills.length} skill(s)`);
+    for (const skill of card.skills) {
+      const stats = getPricingStats(db, skill.name);
+      if (stats.count > 0) {
+        console.log(`  ${skill.name}: ${skill.pricing.credits_per_call} cr (market: ${stats.min}-${stats.max} cr, median ${stats.median}, ${stats.count} providers)`);
+      } else {
+        console.log(`  ${skill.name}: ${skill.pricing.credits_per_call} cr (no market data yet)`);
+      }
+    }
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     console.error(`Error: ${msg}`);
@@ -4071,7 +5887,7 @@ openclaw.command("rules").description("Print HEARTBEAT.md rules block (or inject
   }
 });
 program.command("conduct <task>").description("Orchestrate a complex task across the AgentBnB network").option("--plan-only", "Show execution plan without executing").option("--max-budget <credits>", "Maximum credits to spend", "100").option("--json", "Output as JSON").action(async (task, opts) => {
-  const { conductAction } = await import("../conduct-IQYAT6ZU.js");
+  const { conductAction } = await import("../conduct-FXLVGKD5.js");
   const result = await conductAction(task, opts);
   if (opts.json) {
     console.log(JSON.stringify(result, null, 2));
@@ -4104,4 +5920,8 @@ Total credits spent: ${result.total_credits ?? 0} cr`);
     }
   }
 });
+program.command("mcp-server").description("Start an MCP (Model Context Protocol) server for IDE integration").action(async () => {
+  const { startMcpServer } = await import("../server-2LWHL24P.js");
+  await startMcpServer();
+});
 await program.parseAsync(process.argv);