agentbnb 4.0.0 → 4.0.2

package/dist/chunk-HH24WMFN.js

@@ -0,0 +1,373 @@
+import {
+  bootstrapAgent,
+  getBalance,
+  getTransactions,
+  holdEscrow,
+  migrateOwner,
+  openCreditDb,
+  releaseEscrow,
+  settleEscrow
+} from "./chunk-DNWT5FZQ.js";
+import {
+  signEscrowReceipt,
+  verifyEscrowReceipt
+} from "./chunk-5KFI5X7B.js";
+import {
+  AgentBnBError
+} from "./chunk-WGZ5AGOX.js";
+
+// src/credit/local-credit-ledger.ts
+var LocalCreditLedger = class {
+  constructor(db) {
+    this.db = db;
+  }
+  /**
+   * Holds credits in escrow during capability execution.
+   *
+   * @param owner - Agent identifier (requester).
+   * @param amount - Number of credits to hold.
+   * @param cardId - Capability Card ID being requested.
+   * @returns EscrowResult with the new escrowId.
+   * @throws {AgentBnBError} with code 'INSUFFICIENT_CREDITS' if balance < amount.
+   */
+  async hold(owner, amount, cardId) {
+    const escrowId = holdEscrow(this.db, owner, amount, cardId);
+    return { escrowId };
+  }
+  /**
+   * Settles an escrow — transfers held credits to the capability provider.
+   *
+   * @param escrowId - The escrow ID to settle.
+   * @param recipientOwner - Agent identifier who will receive the credits.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async settle(escrowId, recipientOwner) {
+    settleEscrow(this.db, escrowId, recipientOwner);
+  }
+  /**
+   * Releases an escrow — refunds credits back to the requester.
+   *
+   * @param escrowId - The escrow ID to release.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async release(escrowId) {
+    releaseEscrow(this.db, escrowId);
+  }
+  /**
+   * Returns the current credit balance for an agent.
+   *
+   * @param owner - Agent identifier.
+   * @returns Current balance in credits (0 if agent is unknown).
+   */
+  async getBalance(owner) {
+    return getBalance(this.db, owner);
+  }
+  /**
+   * Returns the transaction history for an agent, newest first.
+   *
+   * @param owner - Agent identifier.
+   * @param limit - Maximum number of transactions to return. Defaults to 100.
+   * @returns Array of credit transactions ordered newest first.
+   */
+  async getHistory(owner, limit) {
+    return getTransactions(this.db, owner, limit);
+  }
+  /**
+   * Grants initial credits to an agent (bootstrap grant).
+   * Idempotent — calling multiple times has no additional effect on balance.
+   *
+   * @param owner - Agent identifier.
+   * @param amount - Number of credits to grant. Defaults to 100.
+   */
+  async grant(owner, amount) {
+    bootstrapAgent(this.db, owner, amount);
+  }
+  async rename(oldOwner, newOwner) {
+    migrateOwner(this.db, oldOwner, newOwner);
+  }
+};
+
+// src/registry/identity-auth.ts
+var MAX_REQUEST_AGE_MS = 5 * 60 * 1e3;
+async function verifyIdentity(request, reply) {
+  const publicKeyHex = request.headers["x-agent-publickey"];
+  const signature = request.headers["x-agent-signature"];
+  const timestamp = request.headers["x-agent-timestamp"];
+  if (!publicKeyHex || !signature || !timestamp) {
+    await reply.code(401).send({ error: "Missing identity headers" });
+    return false;
+  }
+  const requestTime = new Date(timestamp).getTime();
+  if (isNaN(requestTime) || Math.abs(Date.now() - requestTime) > MAX_REQUEST_AGE_MS) {
+    await reply.code(401).send({ error: "Request expired" });
+    return false;
+  }
+  const payload = {
+    method: request.method,
+    path: request.url,
+    timestamp,
+    publicKey: publicKeyHex
+  };
+  let publicKeyBuffer;
+  try {
+    publicKeyBuffer = Buffer.from(publicKeyHex, "hex");
+  } catch {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
+  const valid = verifyEscrowReceipt(payload, signature, publicKeyBuffer);
+  if (!valid) {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
+  request.agentPublicKey = publicKeyHex;
+  return true;
+}
+function identityAuthPlugin(fastify) {
+  fastify.addHook("onRequest", async (request, reply) => {
+    await verifyIdentity(request, reply);
+  });
+}
+function signRequest(method, path, body, privateKey, publicKeyHex) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const payload = {
+    method,
+    path,
+    timestamp,
+    publicKey: publicKeyHex
+  };
+  void body;
+  const signature = signEscrowReceipt(payload, privateKey);
+  return {
+    "X-Agent-PublicKey": publicKeyHex,
+    "X-Agent-Signature": signature,
+    "X-Agent-Timestamp": timestamp
+  };
+}
+
+// src/credit/registry-credit-ledger.ts
+var HTTP_TIMEOUT_MS = 1e4;
+var RegistryCreditLedger = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Holds credits in escrow during capability execution.
+   *
+   * @param owner - Agent identifier (requester).
+   * @param amount - Number of credits to hold.
+   * @param cardId - Capability Card ID being requested.
+   * @returns EscrowResult with the new escrowId.
+   * @throws {AgentBnBError} with code 'INSUFFICIENT_CREDITS' if balance < amount.
+   */
+  async hold(owner, amount, cardId) {
+    if (this.config.mode === "direct") {
+      const escrowId = holdEscrow(this.config.db, owner, amount, cardId);
+      return { escrowId };
+    }
+    const data = await this.post("/api/credits/hold", owner, {
+      owner,
+      amount,
+      cardId
+    });
+    return { escrowId: data.escrowId };
+  }
+  /**
+   * Settles an escrow — transfers held credits to the capability provider.
+   *
+   * @param escrowId - The escrow ID to settle.
+   * @param recipientOwner - Agent identifier who will receive the credits.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async settle(escrowId, recipientOwner) {
+    if (this.config.mode === "direct") {
+      settleEscrow(this.config.db, escrowId, recipientOwner);
+      return;
+    }
+    await this.post("/api/credits/settle", null, { escrowId, recipientOwner });
+  }
+  /**
+   * Releases an escrow — refunds credits back to the requester.
+   *
+   * @param escrowId - The escrow ID to release.
+   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
+   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
+   */
+  async release(escrowId) {
+    if (this.config.mode === "direct") {
+      releaseEscrow(this.config.db, escrowId);
+      return;
+    }
+    await this.post("/api/credits/release", null, { escrowId });
+  }
+  /**
+   * Returns the current credit balance for an agent.
+   *
+   * @param owner - Agent identifier.
+   * @returns Current balance in credits (0 if agent is unknown).
+   */
+  async getBalance(owner) {
+    if (this.config.mode === "direct") {
+      return getBalance(this.config.db, owner);
+    }
+    const data = await this.get(`/api/credits/${owner}`, owner);
+    return data.balance;
+  }
+  /**
+   * Returns the transaction history for an agent, newest first.
+   *
+   * @param owner - Agent identifier.
+   * @param limit - Maximum number of transactions to return. Defaults to 100.
+   * @returns Array of credit transactions ordered newest first.
+   */
+  async getHistory(owner, limit = 100) {
+    if (this.config.mode === "direct") {
+      return getTransactions(this.config.db, owner, limit);
+    }
+    const data = await this.get(
+      `/api/credits/${owner}/history?limit=${limit}`,
+      owner
+    );
+    return data.transactions;
+  }
+  /**
+   * Grants initial credits to an agent (bootstrap grant).
+   * Idempotent — calling multiple times has no additional effect on balance.
+   *
+   * @param owner - Agent identifier.
+   * @param amount - Number of credits to grant. Defaults to 100.
+   */
+  async grant(owner, amount = 100) {
+    if (this.config.mode === "direct") {
+      bootstrapAgent(this.config.db, owner, amount);
+      return;
+    }
+    await this.post("/api/credits/grant", owner, { owner, amount });
+  }
+  /**
+   * Renames an owner — migrates balance, transactions, and escrows.
+   */
+  async rename(oldOwner, newOwner) {
+    if (oldOwner === newOwner) return;
+    if (this.config.mode === "direct") {
+      migrateOwner(this.config.db, oldOwner, newOwner);
+      return;
+    }
+    await this.post("/api/credits/rename", null, { oldOwner, newOwner });
+  }
+  // ─── Private HTTP helpers ─────────────────────────────────────────────────
+  /**
+   * Makes an authenticated POST request to the Registry HTTP API.
+   * Includes a 10s timeout via AbortController.
+   *
+   * @param path - API path (e.g., '/api/credits/hold').
+   * @param ownerForHeader - Agent owner identifier for X-Agent-Owner header, or null to omit.
+   * @param body - JSON body to send.
+   * @returns Parsed JSON response body.
+   * @throws {AgentBnBError} on non-2xx responses or network errors.
+   */
+  async post(path, ownerForHeader, body) {
+    const cfg = this.config;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
+    try {
+      const authHeaders = signRequest("POST", path, body, cfg.privateKey, cfg.ownerPublicKey);
+      const headers = {
+        "Content-Type": "application/json",
+        ...authHeaders
+      };
+      void ownerForHeader;
+      const res = await fetch(`${cfg.registryUrl}${path}`, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(body),
+        signal: controller.signal
+      });
+      return await this.handleResponse(res);
+    } catch (err) {
+      if (err instanceof AgentBnBError) throw err;
+      throw new AgentBnBError(
+        `Registry unreachable: ${err.message}`,
+        "REGISTRY_UNREACHABLE"
+      );
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  /**
+   * Makes an authenticated GET request to the Registry HTTP API.
+   * Includes a 10s timeout via AbortController.
+   *
+   * @param path - API path (e.g., '/api/credits/owner-id').
+   * @param owner - Agent owner identifier for X-Agent-Owner header.
+   * @returns Parsed JSON response body.
+   * @throws {AgentBnBError} on non-2xx responses or network errors.
+   */
+  async get(path, owner) {
+    const cfg = this.config;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
+    try {
+      const authHeaders = signRequest("GET", path, null, cfg.privateKey, cfg.ownerPublicKey);
+      void owner;
+      const res = await fetch(`${cfg.registryUrl}${path}`, {
+        method: "GET",
+        headers: {
+          "Content-Type": "application/json",
+          ...authHeaders
+        },
+        signal: controller.signal
+      });
+      return await this.handleResponse(res);
+    } catch (err) {
+      if (err instanceof AgentBnBError) throw err;
+      throw new AgentBnBError(
+        `Registry unreachable: ${err.message}`,
+        "REGISTRY_UNREACHABLE"
+      );
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  /**
+   * Handles an HTTP response — returns parsed JSON on 2xx, throws AgentBnBError on error.
+   */
+  async handleResponse(res) {
+    const json = await res.json();
+    if (!res.ok) {
+      const code = typeof json["code"] === "string" ? json["code"] : "REGISTRY_ERROR";
+      const message = typeof json["error"] === "string" ? json["error"] : `HTTP ${res.status}`;
+      throw new AgentBnBError(message, code);
+    }
+    return json;
+  }
+};
+
+// src/credit/create-ledger.ts
+function createLedger(opts) {
+  if ("registryUrl" in opts && opts.registryUrl !== void 0) {
+    return new RegistryCreditLedger({
+      mode: "http",
+      registryUrl: opts.registryUrl,
+      ownerPublicKey: opts.ownerPublicKey,
+      privateKey: opts.privateKey
+    });
+  }
+  if ("db" in opts && opts.db !== void 0) {
+    return new RegistryCreditLedger({
+      mode: "direct",
+      db: opts.db
+    });
+  }
+  const db = openCreditDb(opts.creditDbPath);
+  return new LocalCreditLedger(db);
+}
+
+export {
+  identityAuthPlugin,
+  createLedger
+};

package/dist/{websocket-client-5TIQDYQ4.js → chunk-JOY533UH.js}

@@ -1,6 +1,6 @@
 import {
   RelayMessageSchema
-} from "./chunk-3Y36WQDV.js";
+} from "./chunk-QT7TEVNV.js";
 
 // src/relay/websocket-client.ts
 import WebSocket from "ws";
@@ -36,7 +36,8 @@ var RelayClient = class {
           type: "register",
           owner: this.opts.owner,
           token: this.opts.token,
-          card: this.opts.card
+          card: this.opts.card,
+          ...this.opts.cards && this.opts.cards.length > 0 ? { cards: this.opts.cards } : {}
         });
       });
       this.ws.on("message", (raw) => {
@@ -101,13 +102,13 @@ var RelayClient = class {
       throw new Error("Not connected to registry relay");
     }
     const id = randomUUID();
-    const timeoutMs = opts.timeoutMs ?? 3e4;
+    const timeoutMs = opts.timeoutMs ?? 3e5;
     return new Promise((resolve, reject) => {
       const timeout = setTimeout(() => {
         this.pendingRequests.delete(id);
         reject(new Error("Relay request timeout"));
       }, timeoutMs);
-      this.pendingRequests.set(id, { resolve, reject, timeout });
+      this.pendingRequests.set(id, { resolve, reject, timeout, timeoutMs, onProgress: opts.onProgress });
       this.send({
         type: "relay_request",
         id,
@@ -120,6 +121,22 @@ var RelayClient = class {
       });
     });
   }
+  /**
+   * Send a relay_progress message to the relay server for a given request.
+   * Used by the onRequest handler to forward SkillExecutor progress updates
+   * to the requesting agent so it can reset its timeout window.
+   *
+   * @param requestId - The relay request ID to associate progress with.
+   * @param info - Progress details (step, total, message).
+   */
+  sendProgress(requestId, info) {
+    this.send({
+      type: "relay_progress",
+      id: requestId,
+      progress: Math.round(info.step / info.total * 100),
+      message: info.message
+    });
+  }
   /** Whether the client is connected and registered */
   get isConnected() {
     return this.ws !== null && this.ws.readyState === WebSocket.OPEN && this.registered;
@@ -166,6 +183,9 @@ var RelayClient = class {
       case "error":
         this.handleError(msg);
         break;
+      case "relay_progress":
+        this.handleProgress(msg);
+        break;
       default:
         break;
     }
@@ -211,6 +231,19 @@ var RelayClient = class {
       }
     }
   }
+  handleProgress(msg) {
+    const pending = this.pendingRequests.get(msg.id);
+    if (!pending) return;
+    clearTimeout(pending.timeout);
+    const newTimeout = setTimeout(() => {
+      this.pendingRequests.delete(msg.id);
+      pending.reject(new Error("Relay request timeout"));
+    }, pending.timeoutMs);
+    pending.timeout = newTimeout;
+    if (pending.onProgress) {
+      pending.onProgress({ id: msg.id, progress: msg.progress, message: msg.message });
+    }
+  }
   send(msg) {
     if (this.ws && this.ws.readyState === WebSocket.OPEN) {
       this.ws.send(JSON.stringify(msg));
@@ -270,6 +303,7 @@ var RelayClient = class {
     }, delay);
   }
 };
+
 export {
   RelayClient
 };

package/dist/chunk-QITOPASZ.js

@@ -0,0 +1,96 @@
+import {
+  generateKeyPair,
+  loadKeyPair,
+  saveKeyPair
+} from "./chunk-5KFI5X7B.js";
+
+// src/identity/identity.ts
+import { z } from "zod";
+import { createHash } from "crypto";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+var AgentIdentitySchema = z.object({
+  /** Deterministic ID derived from public key: sha256(hex).slice(0, 16). */
+  agent_id: z.string().min(1),
+  /** Human-readable owner name (from config or init). */
+  owner: z.string().min(1),
+  /** Hex-encoded Ed25519 public key. */
+  public_key: z.string().min(1),
+  /** ISO 8601 timestamp of identity creation. */
+  created_at: z.string().datetime(),
+  /** Optional guarantor info if linked to a human. */
+  guarantor: z.object({
+    github_login: z.string().min(1),
+    verified_at: z.string().datetime()
+  }).optional()
+});
+var AgentCertificateSchema = z.object({
+  identity: AgentIdentitySchema,
+  /** ISO 8601 timestamp of certificate issuance. */
+  issued_at: z.string().datetime(),
+  /** ISO 8601 timestamp of certificate expiry. */
+  expires_at: z.string().datetime(),
+  /** Hex-encoded public key of the issuer (same as identity for self-signed). */
+  issuer_public_key: z.string().min(1),
+  /** Base64url Ed25519 signature over { identity, issued_at, expires_at, issuer_public_key }. */
+  signature: z.string().min(1)
+});
+var IDENTITY_FILENAME = "identity.json";
+function deriveAgentId(publicKeyHex) {
+  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
+}
+function createIdentity(configDir, owner) {
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  let keys;
+  try {
+    keys = loadKeyPair(configDir);
+  } catch {
+    keys = generateKeyPair();
+    saveKeyPair(configDir, keys);
+  }
+  const publicKeyHex = keys.publicKey.toString("hex");
+  const agentId = deriveAgentId(publicKeyHex);
+  const identity = {
+    agent_id: agentId,
+    owner,
+    public_key: publicKeyHex,
+    created_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  saveIdentity(configDir, identity);
+  return identity;
+}
+function loadIdentity(configDir) {
+  const filePath = join(configDir, IDENTITY_FILENAME);
+  if (!existsSync(filePath)) return null;
+  try {
+    const raw = readFileSync(filePath, "utf-8");
+    return AgentIdentitySchema.parse(JSON.parse(raw));
+  } catch {
+    return null;
+  }
+}
+function saveIdentity(configDir, identity) {
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const filePath = join(configDir, IDENTITY_FILENAME);
+  writeFileSync(filePath, JSON.stringify(identity, null, 2), "utf-8");
+}
+function ensureIdentity(configDir, owner) {
+  const existing = loadIdentity(configDir);
+  if (existing) {
+    if (existing.owner !== owner) {
+      existing.owner = owner;
+      saveIdentity(configDir, existing);
+    }
+    return existing;
+  }
+  return createIdentity(configDir, owner);
+}
+
+export {
+  deriveAgentId,
+  ensureIdentity
+};

package/dist/{chunk-3Y36WQDV.js → chunk-QT7TEVNV.js}

@@ -4,8 +4,10 @@ var RegisterMessageSchema = z.object({
   type: z.literal("register"),
   owner: z.string().min(1),
   token: z.string().min(1),
-  card: z.record(z.unknown())
+  card: z.record(z.unknown()),
   // CapabilityCard (validated separately)
+  cards: z.array(z.record(z.unknown())).optional()
+  // Additional cards (e.g., conductor card)
 });
 var RegisteredMessageSchema = z.object({
   type: z.literal("registered"),
@@ -55,6 +57,15 @@ var ErrorMessageSchema = z.object({
   message: z.string(),
   request_id: z.string().optional()
 });
+var RelayProgressMessageSchema = z.object({
+  type: z.literal("relay_progress"),
+  id: z.string().uuid(),
+  // request ID this progress relates to
+  progress: z.number().min(0).max(100).optional(),
+  // optional percentage
+  message: z.string().optional()
+  // optional status message
+});
 var RelayMessageSchema = z.discriminatedUnion("type", [
   RegisterMessageSchema,
   RegisteredMessageSchema,
@@ -62,7 +73,8 @@ var RelayMessageSchema = z.discriminatedUnion("type", [
   IncomingRequestMessageSchema,
   RelayResponseMessageSchema,
   ResponseMessageSchema,
-  ErrorMessageSchema
+  ErrorMessageSchema,
+  RelayProgressMessageSchema
 ]);
 
 export {

package/dist/{chunk-UOGDK2S2.js → chunk-T7NS2J2B.js}

@@ -1,7 +1,7 @@
 import {
   AgentBnBError,
   CapabilityCardSchema
-} from "./chunk-XA63SD4T.js";
+} from "./chunk-WGZ5AGOX.js";
 
 // src/registry/request-log.ts
 var SINCE_MS = {

package/dist/{chunk-XA63SD4T.js → chunk-WGZ5AGOX.js}

@@ -83,12 +83,45 @@ var SkillSchema = z.object({
    */
   _internal: z.record(z.unknown()).optional()
 });
+var SuitabilitySchema = z.object({
+  /** Use cases this agent/skill is optimised for. */
+  ideal_for: z.array(z.string()).optional(),
+  /** Scenarios this agent/skill cannot reliably handle. */
+  not_suitable_for: z.array(z.string()).optional(),
+  /** Domains explicitly excluded (used for routing exclusions in later phases). */
+  excluded_domains: z.array(z.string()).optional(),
+  /** Conditions that increase failure risk, shown as warnings in the Hub. */
+  risk_conditions: z.array(z.string()).optional(),
+  /** Recommended alternative when this agent is unsuitable. */
+  fallback_recommendation: z.string().optional()
+});
+var LearningSchema = z.object({
+  /** Known limitations that may affect reliability (self-declared). */
+  known_limitations: z.array(z.string()).optional(),
+  /** Common failure patterns observed by the provider. */
+  common_failure_patterns: z.array(z.string()).optional(),
+  /** Version-tagged improvements the provider has shipped. */
+  recent_improvements: z.array(z.object({
+    version: z.string(),
+    summary: z.string(),
+    timestamp: z.string()
+  })).optional(),
+  /** Structured critiques from external sources (phase 2+). */
+  critiques: z.array(z.object({
+    type: z.literal("structured"),
+    summary: z.string(),
+    source_tier: z.string(),
+    timestamp: z.string()
+  })).optional()
+});
 var CapabilityCardV2Schema = z.object({
   spec_version: z.literal("2.0"),
   id: z.string().uuid(),
   owner: z.string().min(1),
   /** Agent display name — was 'name' in v1.0. */
   agent_name: z.string().min(1).max(100),
+  /** Short one-liner shown in Hub v2 Identity Header. */
+  short_description: z.string().max(200).optional(),
   /** At least one skill is required. */
   skills: z.array(SkillSchema).min(1),
   availability: z.object({
@@ -100,6 +133,10 @@ var CapabilityCardV2Schema = z.object({
     runtime: z.string(),
     region: z.string().optional()
   }).optional(),
+  /** Suitability metadata for Hub v2 profile and future routing warnings. */
+  suitability: SuitabilitySchema.optional(),
+  /** Learning signals — self-declared limitations, improvements, critiques. */
+  learning: LearningSchema.optional(),
   /**
    * Private per-card metadata. Stripped from all API and CLI responses —
    * never transmitted beyond the local store.

package/dist/{chunk-RSX4SCPN.js → chunk-XND2DWTZ.js}

@@ -1,14 +1,14 @@
 import {
   signEscrowReceipt
-} from "./chunk-QO67IGCW.js";
+} from "./chunk-5KFI5X7B.js";
 import {
   AgentBnBError
-} from "./chunk-XA63SD4T.js";
+} from "./chunk-WGZ5AGOX.js";
 
 // src/gateway/client.ts
 import { randomUUID } from "crypto";
 async function requestCapability(opts) {
-  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt, identity } = opts;
+  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e5, escrowReceipt, identity } = opts;
   const id = randomUUID();
   const payload = {
     jsonrpc: "2.0",
@@ -62,6 +62,7 @@ async function requestViaRelay(relay, opts) {
       cardId: opts.cardId,
       skillId: opts.skillId,
       params: opts.params ?? {},
+      requester: opts.requester,
       escrowReceipt: opts.escrowReceipt,
       timeoutMs: opts.timeoutMs
     });