agentbnb 4.0.0 → 4.0.2

package/dist/index.js

@@ -83,12 +83,45 @@ var SkillSchema = z.object({
    */
   _internal: z.record(z.unknown()).optional()
 });
+var SuitabilitySchema = z.object({
+  /** Use cases this agent/skill is optimised for. */
+  ideal_for: z.array(z.string()).optional(),
+  /** Scenarios this agent/skill cannot reliably handle. */
+  not_suitable_for: z.array(z.string()).optional(),
+  /** Domains explicitly excluded (used for routing exclusions in later phases). */
+  excluded_domains: z.array(z.string()).optional(),
+  /** Conditions that increase failure risk, shown as warnings in the Hub. */
+  risk_conditions: z.array(z.string()).optional(),
+  /** Recommended alternative when this agent is unsuitable. */
+  fallback_recommendation: z.string().optional()
+});
+var LearningSchema = z.object({
+  /** Known limitations that may affect reliability (self-declared). */
+  known_limitations: z.array(z.string()).optional(),
+  /** Common failure patterns observed by the provider. */
+  common_failure_patterns: z.array(z.string()).optional(),
+  /** Version-tagged improvements the provider has shipped. */
+  recent_improvements: z.array(z.object({
+    version: z.string(),
+    summary: z.string(),
+    timestamp: z.string()
+  })).optional(),
+  /** Structured critiques from external sources (phase 2+). */
+  critiques: z.array(z.object({
+    type: z.literal("structured"),
+    summary: z.string(),
+    source_tier: z.string(),
+    timestamp: z.string()
+  })).optional()
+});
 var CapabilityCardV2Schema = z.object({
   spec_version: z.literal("2.0"),
   id: z.string().uuid(),
   owner: z.string().min(1),
   /** Agent display name — was 'name' in v1.0. */
   agent_name: z.string().min(1).max(100),
+  /** Short one-liner shown in Hub v2 Identity Header. */
+  short_description: z.string().max(200).optional(),
   /** At least one skill is required. */
   skills: z.array(SkillSchema).min(1),
   availability: z.object({
@@ -100,6 +133,10 @@ var CapabilityCardV2Schema = z.object({
     runtime: z.string(),
     region: z.string().optional()
   }).optional(),
+  /** Suitability metadata for Hub v2 profile and future routing warnings. */
+  suitability: SuitabilitySchema.optional(),
+  /** Learning signals — self-declared limitations, improvements, critiques. */
+  learning: LearningSchema.optional(),
   /**
    * Private per-card metadata. Stripped from all API and CLI responses —
    * never transmitted beyond the local store.
@@ -436,30 +473,6 @@ function getCard(db, id) {
   if (!row) return null;
   return JSON.parse(row.data);
 }
-function updateCard(db, id, owner, updates) {
-  const existing = getCard(db, id);
-  if (!existing) {
-    throw new AgentBnBError(`Card not found: ${id}`, "NOT_FOUND");
-  }
-  if (existing.owner !== owner) {
-    throw new AgentBnBError("Forbidden: you do not own this card", "FORBIDDEN");
-  }
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const merged = { ...existing, ...updates, updated_at: now };
-  const parsed = CapabilityCardSchema.safeParse(merged);
-  if (!parsed.success) {
-    throw new AgentBnBError(
-      `Card validation failed: ${parsed.error.message}`,
-      "VALIDATION_ERROR"
-    );
-  }
-  const stmt = db.prepare(`
-    UPDATE capability_cards
-    SET data = ?, updated_at = ?
-    WHERE id = ?
-  `);
-  stmt.run(JSON.stringify(parsed.data), now, id);
-}
 function updateReputation(db, cardId, success, latencyMs) {
   const existing = getCard(db, cardId);
   if (!existing) return;
@@ -783,7 +796,8 @@ async function executeCapabilityRequest(opts) {
     escrowReceipt: receipt,
     skillExecutor,
     handlerUrl,
-    timeoutMs = 3e4
+    timeoutMs = 3e5,
+    onProgress
   } = opts;
   const card = getCard(registryDb, cardId);
   if (!card) {
@@ -890,7 +904,7 @@ async function executeCapabilityRequest(opts) {
   if (skillExecutor) {
     const targetSkillId = resolvedSkillId ?? skillId ?? cardId;
     try {
-      const execResult = await skillExecutor.execute(targetSkillId, params);
+      const execResult = await skillExecutor.execute(targetSkillId, params, onProgress);
       if (!execResult.success) {
         return handleFailure("failure", execResult.latency_ms, execResult.error ?? "Execution failed");
       }
@@ -937,7 +951,7 @@ function createGatewayServer(opts) {
     creditDb,
     tokens,
     handlerUrl,
-    timeoutMs = 3e4,
+    timeoutMs = 3e5,
     silent = false,
     skillExecutor
   } = opts;
@@ -1054,7 +1068,7 @@ var SkillExecutor = class {
    * @param params - Input parameters for the skill.
    * @returns ExecutionResult including success, result/error, and latency_ms.
    */
-  async execute(skillId, params) {
+  async execute(skillId, params, onProgress) {
     const startTime = Date.now();
     const config = this.skillMap.get(skillId);
     if (!config) {
@@ -1073,7 +1087,7 @@ var SkillExecutor = class {
       };
     }
     try {
-      const modeResult = await mode.execute(config, params);
+      const modeResult = await mode.execute(config, params, onProgress);
       return {
         ...modeResult,
         latency_ms: Date.now() - startTime
@@ -1493,7 +1507,7 @@ var PipelineExecutor = class {
    * @param params - Input parameters from the caller.
    * @returns Partial ExecutionResult (without latency_ms — added by SkillExecutor wrapper).
    */
-  async execute(config, params) {
+  async execute(config, params, onProgress) {
     const pipelineConfig = config;
     const steps = pipelineConfig.steps ?? [];
     if (steps.length === 0) {
@@ -1552,6 +1566,13 @@ var PipelineExecutor = class {
       }
       context.steps.push({ result: stepResult });
       context.prev = { result: stepResult };
+      if (onProgress && i < steps.length - 1) {
+        onProgress({
+          step: i + 1,
+          total: steps.length,
+          message: `Completed step ${i + 1}/${steps.length}`
+        });
+      }
     }
     const lastStep = context.steps[context.steps.length - 1];
     return {
@@ -1930,7 +1951,7 @@ function decompose(task, _availableCapabilities) {
 // src/gateway/client.ts
 import { randomUUID as randomUUID5 } from "crypto";
 async function requestCapability(opts) {
-  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e4, escrowReceipt, identity } = opts;
+  const { gatewayUrl, token, cardId, params = {}, timeoutMs = 3e5, escrowReceipt, identity } = opts;
   const id = randomUUID5();
   const payload = {
     jsonrpc: "2.0",
@@ -1984,6 +2005,7 @@ async function requestViaRelay(relay, opts) {
       cardId: opts.cardId,
       skillId: opts.skillId,
       params: opts.params ?? {},
+      requester: opts.requester,
       escrowReceipt: opts.escrowReceipt,
       timeoutMs: opts.timeoutMs
     });
@@ -2030,6 +2052,73 @@ function loadConfig() {
   }
 }
 
+// src/cli/remote-registry.ts
+var RegistryTimeoutError = class extends AgentBnBError {
+  constructor(url) {
+    super(
+      `Registry at ${url} did not respond within 5s. Showing local results only.`,
+      "REGISTRY_TIMEOUT"
+    );
+    this.name = "RegistryTimeoutError";
+  }
+};
+var RegistryConnectionError = class extends AgentBnBError {
+  constructor(url) {
+    super(
+      `Cannot reach ${url}. Is the registry running? Showing local results only.`,
+      "REGISTRY_CONNECTION"
+    );
+    this.name = "RegistryConnectionError";
+  }
+};
+var RegistryAuthError = class extends AgentBnBError {
+  constructor(url) {
+    super(
+      `Authentication failed for ${url}. Run \`agentbnb config set token <your-token>\`.`,
+      "REGISTRY_AUTH"
+    );
+    this.name = "RegistryAuthError";
+  }
+};
+async function fetchRemoteCards(registryUrl, params, timeoutMs = 5e3) {
+  let cardsUrl;
+  try {
+    cardsUrl = new URL("/cards", registryUrl);
+  } catch {
+    throw new AgentBnBError(`Invalid registry URL: ${registryUrl}`, "INVALID_REGISTRY_URL");
+  }
+  const searchParams = new URLSearchParams();
+  if (params.q !== void 0) searchParams.set("q", params.q);
+  if (params.level !== void 0) searchParams.set("level", String(params.level));
+  if (params.online !== void 0) searchParams.set("online", String(params.online));
+  if (params.tag !== void 0) searchParams.set("tag", params.tag);
+  searchParams.set("limit", "100");
+  cardsUrl.search = searchParams.toString();
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  let response;
+  try {
+    response = await fetch(cardsUrl.toString(), { signal: controller.signal });
+  } catch (err) {
+    clearTimeout(timer);
+    const isTimeout = err instanceof Error && err.name === "AbortError";
+    if (isTimeout) {
+      throw new RegistryTimeoutError(registryUrl);
+    }
+    throw new RegistryConnectionError(registryUrl);
+  } finally {
+    clearTimeout(timer);
+  }
+  if (response.status === 401 || response.status === 403) {
+    throw new RegistryAuthError(registryUrl);
+  }
+  if (!response.ok) {
+    throw new RegistryConnectionError(registryUrl);
+  }
+  const body = await response.json();
+  return body.items;
+}
+
 // src/autonomy/auto-request.ts
 function minMaxNormalize(values) {
   if (values.length === 0) return [];
@@ -2064,10 +2153,17 @@ function scorePeers(candidates, selfOwner) {
 
 // src/conductor/capability-matcher.ts
 var MAX_ALTERNATIVES = 2;
-function matchSubTasks(opts) {
-  const { db, subtasks, conductorOwner } = opts;
-  return subtasks.map((subtask) => {
-    const cards = searchCards(db, subtask.required_capability, { online: true });
+async function matchSubTasks(opts) {
+  const { db, subtasks, conductorOwner, registryUrl } = opts;
+  return Promise.all(subtasks.map(async (subtask) => {
+    let cards = searchCards(db, subtask.required_capability, { online: true });
+    if (cards.length === 0 && registryUrl) {
+      try {
+        cards = await fetchRemoteCards(registryUrl, { q: subtask.required_capability, online: true });
+      } catch {
+        cards = [];
+      }
+    }
     const candidates = [];
     for (const card of cards) {
       const cardAsV2 = card;
@@ -2109,11 +2205,12 @@ function matchSubTasks(opts) {
       subtask_id: subtask.id,
       selected_agent: top.card.owner,
       selected_skill: top.skillId ?? "",
+      selected_card_id: top.card.id,
       score: top.rawScore,
       credits: top.cost,
       alternatives
     };
-  });
+  }));
 }
 
 // src/conductor/budget-controller.ts
@@ -2184,13 +2281,20 @@ var BudgetController = class {
 };
 
 // src/conductor/card.ts
+import { createHash } from "crypto";
 var CONDUCTOR_OWNER = "agentbnb-conductor";
 var CONDUCTOR_CARD_ID = "00000000-0000-4000-8000-000000000001";
-function buildConductorCard() {
+function ownerToCardId(owner) {
+  const hash = createHash("sha256").update(owner).digest("hex").slice(0, 32);
+  return `${hash.slice(0, 8)}-${hash.slice(8, 12)}-4${hash.slice(13, 16)}-8${hash.slice(17, 20)}-${hash.slice(20, 32)}`;
+}
+function buildConductorCard(owner) {
+  const cardOwner = owner ?? CONDUCTOR_OWNER;
+  const cardId = owner ? ownerToCardId(owner) : CONDUCTOR_CARD_ID;
   const card = {
     spec_version: "2.0",
-    id: CONDUCTOR_CARD_ID,
-    owner: CONDUCTOR_OWNER,
+    id: cardId,
+    owner: cardOwner,
     agent_name: "AgentBnB Conductor",
     skills: [
       {
@@ -2281,7 +2385,7 @@ function computeWaves(subtasks) {
   return waves;
 }
 async function orchestrate(opts) {
-  const { subtasks, matches, gatewayToken, resolveAgentUrl, timeoutMs = 3e4, maxBudget } = opts;
+  const { subtasks, matches, gatewayToken, resolveAgentUrl, timeoutMs = 3e5, maxBudget, relayClient, requesterOwner } = opts;
   const startTime = Date.now();
   if (subtasks.length === 0) {
     return {
@@ -2332,26 +2436,50 @@ async function orchestrate(opts) {
         );
         const primary = resolveAgentUrl(m.selected_agent);
         try {
-          const res = await requestCapability({
-            gatewayUrl: primary.url,
-            token: gatewayToken,
-            cardId: primary.cardId,
-            params: interpolatedParams,
-            timeoutMs
-          });
+          let res;
+          if (primary.url.startsWith("relay://") && relayClient) {
+            const targetOwner = primary.url.replace("relay://", "");
+            res = await relayClient.request({
+              targetOwner,
+              cardId: primary.cardId,
+              params: interpolatedParams,
+              requester: requesterOwner,
+              timeoutMs
+            });
+          } else {
+            res = await requestCapability({
+              gatewayUrl: primary.url,
+              token: gatewayToken,
+              cardId: primary.cardId,
+              params: interpolatedParams,
+              timeoutMs
+            });
+          }
           return { taskId, result: res, credits: m.credits };
         } catch (primaryErr) {
           if (m.alternatives.length > 0) {
             const alt = m.alternatives[0];
             const altAgent = resolveAgentUrl(alt.agent);
             try {
-              const altRes = await requestCapability({
-                gatewayUrl: altAgent.url,
-                token: gatewayToken,
-                cardId: altAgent.cardId,
-                params: interpolatedParams,
-                timeoutMs
-              });
+              let altRes;
+              if (altAgent.url.startsWith("relay://") && relayClient) {
+                const targetOwner = altAgent.url.replace("relay://", "");
+                altRes = await relayClient.request({
+                  targetOwner,
+                  cardId: altAgent.cardId,
+                  params: interpolatedParams,
+                  requester: requesterOwner,
+                  timeoutMs
+                });
+              } else {
+                altRes = await requestCapability({
+                  gatewayUrl: altAgent.url,
+                  token: gatewayToken,
+                  cardId: altAgent.cardId,
+                  params: interpolatedParams,
+                  timeoutMs
+                });
+              }
               return { taskId, result: altRes, credits: alt.credits };
             } catch (altErr) {
               throw new Error(
@@ -2452,7 +2580,7 @@ var ConductorMode = class {
    * @param params - Must include `task` string.
    * @returns Execution result without latency_ms (added by SkillExecutor).
    */
-  async execute(config, params) {
+  async execute(config, params, onProgress) {
     const conductorSkill = config.conductor_skill;
     if (conductorSkill !== "orchestrate" && conductorSkill !== "plan") {
       return {
@@ -2474,11 +2602,13 @@ var ConductorMode = class {
         error: "No template matches task"
       };
     }
-    const matchResults = matchSubTasks({
+    onProgress?.({ step: 1, total: 5, message: `Decomposed into ${subtasks.length} sub-tasks` });
+    const matchResults = await matchSubTasks({
       db: this.db,
       subtasks,
       conductorOwner: this.conductorOwner
     });
+    onProgress?.({ step: 2, total: 5, message: `Matched ${matchResults.length} sub-tasks to agents` });
     const budgetManager = new BudgetManager(this.creditDb, this.conductorOwner);
     const budgetController = new BudgetController(budgetManager, this.maxBudget);
     const executionBudget = budgetController.calculateBudget(matchResults);
@@ -2488,6 +2618,7 @@ var ConductorMode = class {
         error: `Budget exceeded: estimated ${executionBudget.estimated_total} cr, max ${this.maxBudget} cr`
       };
     }
+    onProgress?.({ step: 3, total: 5, message: `Budget approved: ${executionBudget.estimated_total} cr` });
     if (conductorSkill === "plan") {
       return {
         success: true,
@@ -2508,6 +2639,7 @@ var ConductorMode = class {
       resolveAgentUrl: this.resolveAgentUrl,
       maxBudget: this.maxBudget
     });
+    onProgress?.({ step: 4, total: 5, message: "Pipeline execution complete" });
     const resultObj = {};
     for (const [key, value] of orchResult.results) {
       resultObj[key] = value;
@@ -2560,7 +2692,7 @@ function createSignedEscrowReceipt(db, privateKey, publicKey, opts) {
 
 // src/identity/identity.ts
 import { z as z4 } from "zod";
-import { createHash } from "crypto";
+import { createHash as createHash2 } from "crypto";
 import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, existsSync as existsSync4, mkdirSync as mkdirSync3 } from "fs";
 import { join as join4 } from "path";
 var AgentIdentitySchema = z4.object({
@@ -2591,7 +2723,7 @@ var AgentCertificateSchema = z4.object({
 });
 var IDENTITY_FILENAME = "identity.json";
 function deriveAgentId(publicKeyHex) {
-  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
+  return createHash2("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
 }
 function createIdentity(configDir, owner) {
   if (!existsSync4(configDir)) {
@@ -2666,7 +2798,13 @@ function verifyAgentCertificate(cert) {
 }
 function ensureIdentity(configDir, owner) {
   const existing = loadIdentity(configDir);
-  if (existing) return existing;
+  if (existing) {
+    if (existing.owner !== owner) {
+      existing.owner = owner;
+      saveIdentity(configDir, existing);
+    }
+    return existing;
+  }
   return createIdentity(configDir, owner);
 }
 
@@ -3036,8 +3174,10 @@ var RegisterMessageSchema = z6.object({
   type: z6.literal("register"),
   owner: z6.string().min(1),
   token: z6.string().min(1),
-  card: z6.record(z6.unknown())
+  card: z6.record(z6.unknown()),
   // CapabilityCard (validated separately)
+  cards: z6.array(z6.record(z6.unknown())).optional()
+  // Additional cards (e.g., conductor card)
 });
 var RegisteredMessageSchema = z6.object({
   type: z6.literal("registered"),
@@ -3087,6 +3227,15 @@ var ErrorMessageSchema = z6.object({
   message: z6.string(),
   request_id: z6.string().optional()
 });
+var RelayProgressMessageSchema = z6.object({
+  type: z6.literal("relay_progress"),
+  id: z6.string().uuid(),
+  // request ID this progress relates to
+  progress: z6.number().min(0).max(100).optional(),
+  // optional percentage
+  message: z6.string().optional()
+  // optional status message
+});
 var RelayMessageSchema = z6.discriminatedUnion("type", [
   RegisterMessageSchema,
   RegisteredMessageSchema,
@@ -3094,18 +3243,118 @@ var RelayMessageSchema = z6.discriminatedUnion("type", [
   IncomingRequestMessageSchema,
   RelayResponseMessageSchema,
   ResponseMessageSchema,
-  ErrorMessageSchema
+  ErrorMessageSchema,
+  RelayProgressMessageSchema
 ]);
 
 // src/relay/websocket-relay.ts
+import { randomUUID as randomUUID12 } from "crypto";
+
+// src/relay/relay-credit.ts
+function lookupCardPrice(registryDb, cardId, skillId) {
+  const row = registryDb.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
+  if (!row) return null;
+  let card;
+  try {
+    card = JSON.parse(row.data);
+  } catch {
+    return null;
+  }
+  if (Array.isArray(card.skills) && card.skills.length > 0) {
+    const skills = card.skills;
+    if (skillId) {
+      const skill = skills.find((s) => s.id === skillId);
+      if (skill) {
+        const skillPricing = skill.pricing;
+        if (skillPricing && typeof skillPricing.credits_per_call === "number") {
+          return skillPricing.credits_per_call;
+        }
+      }
+    } else {
+      let minPrice = null;
+      for (const s of skills) {
+        const sp = s.pricing;
+        if (sp && typeof sp.credits_per_call === "number" && sp.credits_per_call > 0) {
+          if (minPrice === null || sp.credits_per_call < minPrice) {
+            minPrice = sp.credits_per_call;
+          }
+        }
+      }
+      if (minPrice !== null) return minPrice;
+    }
+  }
+  const pricing = card.pricing;
+  if (!pricing || typeof pricing.credits_per_call !== "number") {
+    return null;
+  }
+  return pricing.credits_per_call;
+}
+function holdForRelay(creditDb, owner, amount, cardId) {
+  return holdEscrow(creditDb, owner, amount, cardId);
+}
+function settleForRelay(creditDb, escrowId, recipientOwner) {
+  settleEscrow(creditDb, escrowId, recipientOwner);
+}
+function calculateConductorFee(totalSubTaskCost) {
+  if (totalSubTaskCost <= 0) return 0;
+  const fee = Math.ceil(totalSubTaskCost * 0.1);
+  return Math.max(1, Math.min(20, fee));
+}
+function releaseForRelay(creditDb, escrowId) {
+  if (escrowId === void 0) return;
+  releaseEscrow(creditDb, escrowId);
+}
+
+// src/hub-agent/relay-bridge.ts
+import { randomUUID as randomUUID11 } from "crypto";
+
+// src/hub-agent/job-queue.ts
 import { randomUUID as randomUUID10 } from "crypto";
+function updateJobStatus(db, jobId, status, result) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  if (result !== void 0) {
+    db.prepare("UPDATE hub_agent_jobs SET status = ?, result = ?, updated_at = ? WHERE id = ?").run(status, result, now, jobId);
+  } else {
+    db.prepare("UPDATE hub_agent_jobs SET status = ?, updated_at = ? WHERE id = ?").run(status, now, jobId);
+  }
+}
+
+// src/hub-agent/crypto.ts
+import { createCipheriv, createDecipheriv, randomBytes } from "crypto";
+
+// src/hub-agent/relay-bridge.ts
+function handleJobRelayResponse(opts) {
+  const { registryDb, creditDb, jobId, escrowId, relayOwner, result, error } = opts;
+  if (error) {
+    updateJobStatus(registryDb, jobId, "failed", JSON.stringify(error));
+    if (escrowId) {
+      try {
+        releaseForRelay(creditDb, escrowId);
+      } catch (e) {
+        console.error("[relay-bridge] escrow release on error failed:", e);
+      }
+    }
+  } else {
+    updateJobStatus(registryDb, jobId, "completed", JSON.stringify(result));
+    if (escrowId) {
+      try {
+        settleForRelay(creditDb, escrowId, relayOwner);
+      } catch (e) {
+        console.error("[relay-bridge] escrow settle failed:", e);
+      }
+    }
+  }
+}
+
+// src/relay/websocket-relay.ts
 var RATE_LIMIT_MAX = 60;
 var RATE_LIMIT_WINDOW_MS = 6e4;
-var RELAY_TIMEOUT_MS = 3e4;
-function registerWebSocketRelay(server, db) {
+var RELAY_TIMEOUT_MS = 3e5;
+function registerWebSocketRelay(server, db, creditDb) {
   const connections = /* @__PURE__ */ new Map();
   const pendingRequests = /* @__PURE__ */ new Map();
   const rateLimits = /* @__PURE__ */ new Map();
+  let onAgentOnlineCallback;
   function checkRateLimit(owner) {
     const now = Date.now();
     const entry = rateLimits.get(owner);
@@ -3156,21 +3405,32 @@ function registerWebSocketRelay(server, db) {
     }
   }
   function upsertCard(cardData, owner) {
-    const cardId = cardData.id;
-    const existing = getCard(db, cardId);
+    const parsed = AnyCardSchema.safeParse(cardData);
+    if (!parsed.success) {
+      throw new AgentBnBError(
+        `Card validation failed: ${parsed.error.message}`,
+        "VALIDATION_ERROR"
+      );
+    }
+    const card = { ...parsed.data, availability: { ...parsed.data.availability, online: true } };
+    const cardId = card.id;
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const existing = db.prepare("SELECT id FROM capability_cards WHERE id = ?").get(cardId);
     if (existing) {
-      const updates = { ...cardData, availability: { ...cardData.availability ?? {}, online: true } };
-      updateCard(db, cardId, owner, updates);
+      db.prepare(
+        "UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?"
+      ).run(JSON.stringify(card), now, cardId);
     } else {
-      const card = { ...cardData, availability: { ...cardData.availability ?? {}, online: true } };
-      insertCard(db, card);
+      db.prepare(
+        "INSERT INTO capability_cards (id, owner, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?)"
+      ).run(cardId, owner, JSON.stringify(card), now, now);
     }
     return cardId;
   }
   function logAgentJoined(owner, cardName, cardId) {
     try {
       insertRequestLog(db, {
-        id: randomUUID10(),
+        id: randomUUID12(),
         card_id: cardId,
         card_name: cardName,
         requester: owner,
@@ -3198,13 +3458,34 @@ function registerWebSocketRelay(server, db) {
       }
     }
     connections.set(owner, ws);
-    const cardId = upsertCard(card, owner);
+    let cardId;
+    try {
+      cardId = upsertCard(card, owner);
+    } catch (err) {
+      console.error(`[relay] card validation failed for ${owner}:`, err instanceof Error ? err.message : err);
+      cardId = card.id ?? owner;
+    }
     const cardName = card.name ?? card.agent_name ?? owner;
     logAgentJoined(owner, cardName, cardId);
+    if (msg.cards && msg.cards.length > 0) {
+      for (const extraCard of msg.cards) {
+        try {
+          upsertCard(extraCard, owner);
+        } catch {
+        }
+      }
+    }
     markOwnerOnline(owner);
+    if (onAgentOnlineCallback) {
+      try {
+        onAgentOnlineCallback(owner);
+      } catch (e) {
+        console.error("[relay] onAgentOnline callback error:", e);
+      }
+    }
     sendMessage(ws, { type: "registered", agent_id: cardId });
   }
-  function handleRelayRequest(ws, msg, fromOwner) {
+  async function handleRelayRequest(ws, msg, fromOwner) {
     if (!checkRateLimit(fromOwner)) {
       sendMessage(ws, {
         type: "error",
@@ -3223,15 +3504,43 @@ function registerWebSocketRelay(server, db) {
       });
       return;
     }
+    const creditOwner = msg.requester ?? fromOwner;
+    let escrowId;
+    if (creditDb) {
+      try {
+        const price = lookupCardPrice(db, msg.card_id, msg.skill_id);
+        if (price !== null && price > 0) {
+          escrowId = holdForRelay(creditDb, creditOwner, price, msg.card_id);
+        }
+      } catch (err) {
+        if (err instanceof AgentBnBError && err.code === "INSUFFICIENT_CREDITS") {
+          sendMessage(ws, {
+            type: "response",
+            id: msg.id,
+            error: { code: -32603, message: "Insufficient credits" }
+          });
+          return;
+        }
+        console.error("[relay] credit hold error (non-fatal):", err);
+      }
+    }
     const timeout = setTimeout(() => {
+      const pending = pendingRequests.get(msg.id);
       pendingRequests.delete(msg.id);
+      if (pending?.escrowId && creditDb) {
+        try {
+          releaseForRelay(creditDb, pending.escrowId);
+        } catch (e) {
+          console.error("[relay] escrow release on timeout failed:", e);
+        }
+      }
       sendMessage(ws, {
         type: "response",
         id: msg.id,
         error: { code: -32603, message: "Relay request timeout" }
       });
     }, RELAY_TIMEOUT_MS);
-    pendingRequests.set(msg.id, { originOwner: fromOwner, timeout });
+    pendingRequests.set(msg.id, { originOwner: fromOwner, creditOwner, timeout, escrowId, targetOwner: msg.target_owner });
     sendMessage(targetWs, {
       type: "incoming_request",
       id: msg.id,
@@ -3243,18 +3552,98 @@ function registerWebSocketRelay(server, db) {
       escrow_receipt: msg.escrow_receipt
     });
   }
+  function handleRelayProgress(msg) {
+    const pending = pendingRequests.get(msg.id);
+    if (!pending) return;
+    clearTimeout(pending.timeout);
+    const newTimeout = setTimeout(() => {
+      const p = pendingRequests.get(msg.id);
+      pendingRequests.delete(msg.id);
+      if (p?.escrowId && creditDb) {
+        try {
+          releaseForRelay(creditDb, p.escrowId);
+        } catch (e) {
+          console.error("[relay] escrow release on progress timeout failed:", e);
+        }
+      }
+      const originWs2 = connections.get(pending.originOwner);
+      if (originWs2 && originWs2.readyState === 1) {
+        sendMessage(originWs2, {
+          type: "response",
+          id: msg.id,
+          error: { code: -32603, message: "Relay request timeout" }
+        });
+      }
+    }, RELAY_TIMEOUT_MS);
+    pending.timeout = newTimeout;
+    const originWs = connections.get(pending.originOwner);
+    if (originWs && originWs.readyState === 1) {
+      sendMessage(originWs, {
+        type: "relay_progress",
+        id: msg.id,
+        progress: msg.progress,
+        message: msg.message
+      });
+    }
+  }
   function handleRelayResponse(msg) {
     const pending = pendingRequests.get(msg.id);
     if (!pending) return;
     clearTimeout(pending.timeout);
     pendingRequests.delete(msg.id);
+    if (pending.jobId && creditDb) {
+      try {
+        handleJobRelayResponse({
+          registryDb: db,
+          creditDb,
+          jobId: pending.jobId,
+          escrowId: pending.escrowId,
+          relayOwner: pending.targetOwner ?? "",
+          result: msg.error === void 0 ? msg.result : void 0,
+          error: msg.error
+        });
+      } catch (e) {
+        console.error("[relay] job relay response handling failed:", e);
+      }
+      const originWs2 = connections.get(pending.originOwner);
+      if (originWs2 && originWs2.readyState === 1) {
+        sendMessage(originWs2, { type: "response", id: msg.id, result: msg.result, error: msg.error });
+      }
+      return;
+    }
+    if (pending.escrowId && creditDb) {
+      try {
+        if (msg.error === void 0) {
+          settleForRelay(creditDb, pending.escrowId, pending.targetOwner);
+        } else {
+          releaseForRelay(creditDb, pending.escrowId);
+        }
+      } catch (e) {
+        console.error("[relay] escrow settle/release on response failed:", e);
+      }
+    }
+    let conductorFee = 0;
+    if (creditDb && msg.error === void 0 && typeof msg.result === "object" && msg.result !== null && "total_credits" in msg.result && typeof msg.result.total_credits === "number") {
+      const totalCredits = msg.result.total_credits;
+      conductorFee = calculateConductorFee(totalCredits);
+      if (conductorFee > 0) {
+        try {
+          const feeEscrowId = holdForRelay(creditDb, pending.creditOwner ?? pending.originOwner, conductorFee, msg.id);
+          settleForRelay(creditDb, feeEscrowId, pending.targetOwner);
+        } catch (e) {
+          console.error("[relay] conductor fee settlement failed (non-fatal):", e);
+          conductorFee = 0;
+        }
+      }
+    }
     const originWs = connections.get(pending.originOwner);
     if (originWs && originWs.readyState === 1) {
       sendMessage(originWs, {
         type: "response",
         id: msg.id,
         result: msg.result,
-        error: msg.error
+        error: msg.error,
+        ...conductorFee > 0 ? { conductor_fee: conductorFee } : {}
       });
     }
   }
@@ -3264,61 +3653,93 @@ function registerWebSocketRelay(server, db) {
     rateLimits.delete(owner);
     markOwnerOffline(owner);
     for (const [reqId, pending] of pendingRequests) {
-      if (pending.originOwner === owner) {
+      if (pending.targetOwner === owner) {
         clearTimeout(pending.timeout);
         pendingRequests.delete(reqId);
+        if (pending.escrowId && creditDb) {
+          try {
+            releaseForRelay(creditDb, pending.escrowId);
+          } catch (e) {
+            console.error("[relay] escrow release on disconnect failed:", e);
+          }
+        }
+        const originWs = connections.get(pending.originOwner);
+        if (originWs && originWs.readyState === 1) {
+          sendMessage(originWs, {
+            type: "response",
+            id: reqId,
+            error: { code: -32603, message: "Provider disconnected" }
+          });
+        }
+      } else if (pending.originOwner === owner) {
+        clearTimeout(pending.timeout);
+        pendingRequests.delete(reqId);
+        if (pending.escrowId && creditDb) {
+          try {
+            releaseForRelay(creditDb, pending.escrowId);
+          } catch (e) {
+            console.error("[relay] escrow release on requester disconnect failed:", e);
+          }
+        }
       }
     }
   }
-  server.get("/ws", { websocket: true }, (rawSocket, _request) => {
-    const socket = rawSocket;
-    let registeredOwner;
-    socket.on("message", (raw) => {
-      let data;
-      try {
-        data = JSON.parse(typeof raw === "string" ? raw : raw.toString("utf-8"));
-      } catch {
-        sendMessage(socket, { type: "error", code: "invalid_json", message: "Invalid JSON" });
-        return;
-      }
-      const parsed = RelayMessageSchema.safeParse(data);
-      if (!parsed.success) {
-        sendMessage(socket, {
-          type: "error",
-          code: "invalid_message",
-          message: `Invalid message: ${parsed.error.issues[0]?.message ?? "unknown error"}`
-        });
-        return;
-      }
-      const msg = parsed.data;
-      switch (msg.type) {
-        case "register":
-          registeredOwner = msg.owner;
-          handleRegister(socket, msg);
-          break;
-        case "relay_request":
-          if (!registeredOwner) {
+  void server.register(async (app) => {
+    app.get("/ws", { websocket: true }, (rawSocket, _request) => {
+      const socket = rawSocket;
+      let registeredOwner;
+      socket.on("message", (raw) => {
+        void (async () => {
+          let data;
+          try {
+            data = JSON.parse(typeof raw === "string" ? raw : raw.toString("utf-8"));
+          } catch {
+            sendMessage(socket, { type: "error", code: "invalid_json", message: "Invalid JSON" });
+            return;
+          }
+          const parsed = RelayMessageSchema.safeParse(data);
+          if (!parsed.success) {
             sendMessage(socket, {
               type: "error",
-              code: "not_registered",
-              message: "Must send register message before relay requests"
+              code: "invalid_message",
+              message: `Invalid message: ${parsed.error.issues[0]?.message ?? "unknown error"}`
             });
             return;
           }
-          handleRelayRequest(socket, msg, registeredOwner);
-          break;
-        case "relay_response":
-          handleRelayResponse(msg);
-          break;
-        default:
-          break;
-      }
-    });
-    socket.on("close", () => {
-      handleDisconnect(registeredOwner);
-    });
-    socket.on("error", () => {
-      handleDisconnect(registeredOwner);
+          const msg = parsed.data;
+          switch (msg.type) {
+            case "register":
+              registeredOwner = msg.owner;
+              handleRegister(socket, msg);
+              break;
+            case "relay_request":
+              if (!registeredOwner) {
+                sendMessage(socket, {
+                  type: "error",
+                  code: "not_registered",
+                  message: "Must send register message before relay requests"
+                });
+                return;
+              }
+              await handleRelayRequest(socket, msg, registeredOwner);
+              break;
+            case "relay_response":
+              handleRelayResponse(msg);
+              break;
+            case "relay_progress":
+              handleRelayProgress(msg);
+              break;
+            default:
+              break;
+          }
+        })();
+      });
+      socket.on("close", () => {
+        handleDisconnect(registeredOwner);
+      });
+      socket.on("error", () => {
+        handleDisconnect(registeredOwner);
+      });
     });
   });
   return {
@@ -3337,13 +3758,21 @@ function registerWebSocketRelay(server, db) {
       }
       pendingRequests.clear();
       rateLimits.clear();
+    },
+    setOnAgentOnline: (cb) => {
+      onAgentOnlineCallback = cb;
+    },
+    getConnections: () => connections,
+    getPendingRequests: () => pendingRequests,
+    sendMessage: (ws, msg) => {
+      sendMessage(ws, msg);
     }
   };
 }
 
 // src/relay/websocket-client.ts
 import WebSocket from "ws";
-import { randomUUID as randomUUID11 } from "crypto";
+import { randomUUID as randomUUID13 } from "crypto";
 var RelayClient = class {
   ws = null;
   opts;
@@ -3375,7 +3804,8 @@ var RelayClient = class {
           type: "register",
           owner: this.opts.owner,
           token: this.opts.token,
-          card: this.opts.card
+          card: this.opts.card,
+          ...this.opts.cards && this.opts.cards.length > 0 ? { cards: this.opts.cards } : {}
         });
       });
       this.ws.on("message", (raw) => {
@@ -3439,14 +3869,14 @@ var RelayClient = class {
     if (!this.ws || this.ws.readyState !== WebSocket.OPEN || !this.registered) {
       throw new Error("Not connected to registry relay");
     }
-    const id = randomUUID11();
-    const timeoutMs = opts.timeoutMs ?? 3e4;
+    const id = randomUUID13();
+    const timeoutMs = opts.timeoutMs ?? 3e5;
     return new Promise((resolve, reject) => {
       const timeout = setTimeout(() => {
         this.pendingRequests.delete(id);
         reject(new Error("Relay request timeout"));
       }, timeoutMs);
-      this.pendingRequests.set(id, { resolve, reject, timeout });
+      this.pendingRequests.set(id, { resolve, reject, timeout, timeoutMs, onProgress: opts.onProgress });
       this.send({
         type: "relay_request",
         id,
@@ -3459,6 +3889,22 @@ var RelayClient = class {
       });
     });
   }
+  /**
+   * Send a relay_progress message to the relay server for a given request.
+   * Used by the onRequest handler to forward SkillExecutor progress updates
+   * to the requesting agent so it can reset its timeout window.
+   *
+   * @param requestId - The relay request ID to associate progress with.
+   * @param info - Progress details (step, total, message).
+   */
+  sendProgress(requestId, info) {
+    this.send({
+      type: "relay_progress",
+      id: requestId,
+      progress: Math.round(info.step / info.total * 100),
+      message: info.message
+    });
+  }
   /** Whether the client is connected and registered */
   get isConnected() {
     return this.ws !== null && this.ws.readyState === WebSocket.OPEN && this.registered;
@@ -3505,6 +3951,9 @@ var RelayClient = class {
       case "error":
         this.handleError(msg);
         break;
+      case "relay_progress":
+        this.handleProgress(msg);
+        break;
       default:
         break;
     }
@@ -3550,6 +3999,19 @@ var RelayClient = class {
       }
     }
   }
+  handleProgress(msg) {
+    const pending = this.pendingRequests.get(msg.id);
+    if (!pending) return;
+    clearTimeout(pending.timeout);
+    const newTimeout = setTimeout(() => {
+      this.pendingRequests.delete(msg.id);
+      pending.reject(new Error("Relay request timeout"));
+    }, pending.timeoutMs);
+    pending.timeout = newTimeout;
+    if (pending.onProgress) {
+      pending.onProgress({ id: msg.id, progress: msg.progress, message: msg.message });
+    }
+  }
   send(msg) {
     if (this.ws && this.ws.readyState === WebSocket.OPEN) {
       this.ws.send(JSON.stringify(msg));
@@ -3611,12 +4073,12 @@ var RelayClient = class {
 };
 
 // src/onboarding/index.ts
-import { randomUUID as randomUUID13 } from "crypto";
+import { randomUUID as randomUUID15 } from "crypto";
 import { existsSync as existsSync5, readFileSync as readFileSync5 } from "fs";
 import { join as join5 } from "path";
 
 // src/cli/onboarding.ts
-import { randomUUID as randomUUID12 } from "crypto";
+import { randomUUID as randomUUID14 } from "crypto";
 import { createConnection } from "net";
 var KNOWN_API_KEYS = [
   "OPENAI_API_KEY",
@@ -3758,7 +4220,7 @@ function capabilitiesToV2Card(capabilities, owner, agentName) {
   }));
   const card = {
     spec_version: "2.0",
-    id: randomUUID13(),
+    id: randomUUID15(),
     owner,
     agent_name: agentName ?? owner,
     skills,