agentbnb 4.0.1 → 4.0.4

package/dist/skills/agentbnb/bootstrap.js

@@ -0,0 +1,2001 @@
+import {
+  DEFAULT_AUTONOMY_CONFIG,
+  generateKeyPair,
+  getAutonomyTier,
+  getBalance,
+  holdEscrow,
+  insertAuditEvent,
+  interpolateObject,
+  loadKeyPair,
+  openCreditDb,
+  recordEarning,
+  releaseEscrow,
+  saveKeyPair,
+  settleEscrow,
+  verifyEscrowReceipt
+} from "../../chunk-JXEOE7HX.js";
+import {
+  AgentBnBError,
+  CapabilityCardV2Schema
+} from "../../chunk-UB2NPFC7.js";
+
+// skills/agentbnb/bootstrap.ts
+import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
+import { randomUUID as randomUUID4 } from "crypto";
+import { homedir } from "os";
+import { join as join2 } from "path";
+
+// src/runtime/agent-runtime.ts
+import { readFileSync, existsSync } from "fs";
+
+// src/registry/store.ts
+import Database from "better-sqlite3";
+
+// src/registry/request-log.ts
+function createRequestLogTable(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS request_log (
+      id TEXT PRIMARY KEY,
+      card_id TEXT NOT NULL,
+      card_name TEXT NOT NULL,
+      requester TEXT NOT NULL,
+      status TEXT NOT NULL CHECK(status IN ('success', 'failure', 'timeout')),
+      latency_ms INTEGER NOT NULL,
+      credits_charged INTEGER NOT NULL,
+      created_at TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS request_log_created_at_idx
+      ON request_log (created_at DESC);
+  `);
+  try {
+    db.exec("ALTER TABLE request_log ADD COLUMN skill_id TEXT");
+  } catch {
+  }
+  try {
+    db.exec("ALTER TABLE request_log ADD COLUMN action_type TEXT");
+  } catch {
+  }
+  try {
+    db.exec("ALTER TABLE request_log ADD COLUMN tier_invoked INTEGER");
+  } catch {
+  }
+}
+function insertRequestLog(db, entry) {
+  const stmt = db.prepare(`
+    INSERT INTO request_log (id, card_id, card_name, requester, status, latency_ms, credits_charged, created_at, skill_id, action_type, tier_invoked)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `);
+  stmt.run(
+    entry.id,
+    entry.card_id,
+    entry.card_name,
+    entry.requester,
+    entry.status,
+    entry.latency_ms,
+    entry.credits_charged,
+    entry.created_at,
+    entry.skill_id ?? null,
+    entry.action_type ?? null,
+    entry.tier_invoked ?? null
+  );
+}
+function getSkillRequestCount(db, skillId, windowMs) {
+  const cutoff = new Date(Date.now() - windowMs).toISOString();
+  const stmt = db.prepare(
+    `SELECT COUNT(*) as cnt FROM request_log
+     WHERE skill_id = ? AND created_at >= ? AND status = 'success' AND action_type IS NULL`
+  );
+  const row = stmt.get(skillId, cutoff);
+  return row.cnt;
+}
+
+// src/registry/store.ts
+var V2_FTS_TRIGGERS = `
+  DROP TRIGGER IF EXISTS cards_ai;
+  DROP TRIGGER IF EXISTS cards_au;
+  DROP TRIGGER IF EXISTS cards_ad;
+
+  CREATE TRIGGER cards_ai AFTER INSERT ON capability_cards BEGIN
+    INSERT INTO cards_fts(rowid, id, owner, name, description, tags)
+    VALUES (
+      new.rowid,
+      new.id,
+      new.owner,
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.name'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        json_extract(new.data, '$.name'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.description'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        json_extract(new.data, '$.description'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        (SELECT group_concat(value, ' ')
+         FROM json_each(json_extract(new.data, '$.metadata.tags'))),
+        ''
+      )
+    );
+  END;
+
+  CREATE TRIGGER cards_au AFTER UPDATE ON capability_cards BEGIN
+    INSERT INTO cards_fts(cards_fts, rowid, id, owner, name, description, tags)
+    VALUES (
+      'delete',
+      old.rowid,
+      old.id,
+      old.owner,
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.name'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        json_extract(old.data, '$.name'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.description'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        json_extract(old.data, '$.description'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        (SELECT group_concat(value, ' ')
+         FROM json_each(json_extract(old.data, '$.metadata.tags'))),
+        ''
+      )
+    );
+    INSERT INTO cards_fts(rowid, id, owner, name, description, tags)
+    VALUES (
+      new.rowid,
+      new.id,
+      new.owner,
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.name'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        json_extract(new.data, '$.name'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.description'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        json_extract(new.data, '$.description'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
+         FROM json_each(json_extract(new.data, '$.skills'))),
+        (SELECT group_concat(value, ' ')
+         FROM json_each(json_extract(new.data, '$.metadata.tags'))),
+        ''
+      )
+    );
+  END;
+
+  CREATE TRIGGER cards_ad AFTER DELETE ON capability_cards BEGIN
+    INSERT INTO cards_fts(cards_fts, rowid, id, owner, name, description, tags)
+    VALUES (
+      'delete',
+      old.rowid,
+      old.id,
+      old.owner,
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.name'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        json_extract(old.data, '$.name'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.description'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        json_extract(old.data, '$.description'),
+        ''
+      ),
+      COALESCE(
+        (SELECT group_concat(json_extract(value, '$.metadata.tags'), ' ')
+         FROM json_each(json_extract(old.data, '$.skills'))),
+        (SELECT group_concat(value, ' ')
+         FROM json_each(json_extract(old.data, '$.metadata.tags'))),
+        ''
+      )
+    );
+  END;
+`;
+function openDatabase(path = ":memory:") {
+  const db = new Database(path);
+  db.pragma("journal_mode = WAL");
+  db.pragma("foreign_keys = ON");
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS capability_cards (
+      id TEXT PRIMARY KEY,
+      owner TEXT NOT NULL,
+      data TEXT NOT NULL,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS pending_requests (
+      id TEXT PRIMARY KEY,
+      skill_query TEXT NOT NULL,
+      max_cost_credits REAL NOT NULL,
+      selected_peer TEXT,
+      selected_card_id TEXT,
+      selected_skill_id TEXT,
+      credits REAL NOT NULL,
+      status TEXT NOT NULL DEFAULT 'pending',
+      params TEXT,
+      created_at TEXT NOT NULL,
+      resolved_at TEXT
+    );
+
+    CREATE VIRTUAL TABLE IF NOT EXISTS cards_fts USING fts5(
+      id UNINDEXED,
+      owner,
+      name,
+      description,
+      tags,
+      content=""
+    );
+  `);
+  createRequestLogTable(db);
+  runMigrations(db);
+  return db;
+}
+function runMigrations(db) {
+  const version = db.pragma("user_version")[0]?.user_version ?? 0;
+  if (version < 2) {
+    migrateV1toV2(db);
+  }
+}
+function migrateV1toV2(db) {
+  const migrate = db.transaction(() => {
+    const rows = db.prepare("SELECT rowid, id, data FROM capability_cards").all();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    for (const row of rows) {
+      const parsed = JSON.parse(row.data);
+      if (parsed["spec_version"] === "2.0") continue;
+      const v1 = parsed;
+      const v2 = {
+        spec_version: "2.0",
+        id: v1.id,
+        owner: v1.owner,
+        agent_name: v1.name,
+        skills: [
+          {
+            id: `skill-${v1.id}`,
+            name: v1.name,
+            description: v1.description,
+            level: v1.level,
+            inputs: v1.inputs,
+            outputs: v1.outputs,
+            pricing: v1.pricing,
+            availability: { online: v1.availability.online },
+            powered_by: v1.powered_by,
+            metadata: v1.metadata,
+            _internal: v1._internal
+          }
+        ],
+        availability: v1.availability,
+        created_at: v1.created_at,
+        updated_at: now
+      };
+      db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(
+        JSON.stringify(v2),
+        now,
+        v2.id
+      );
+    }
+    db.exec(V2_FTS_TRIGGERS);
+    db.exec(`INSERT INTO cards_fts(cards_fts) VALUES('delete-all')`);
+    const allRows = db.prepare("SELECT rowid, id, owner, data FROM capability_cards").all();
+    const ftsInsert = db.prepare(
+      "INSERT INTO cards_fts(rowid, id, owner, name, description, tags) VALUES (?, ?, ?, ?, ?, ?)"
+    );
+    for (const row of allRows) {
+      const data = JSON.parse(row.data);
+      const skills = data["skills"] ?? [];
+      let name;
+      let description;
+      let tags;
+      if (skills.length > 0) {
+        name = skills.map((s) => String(s["name"] ?? "")).join(" ");
+        description = skills.map((s) => String(s["description"] ?? "")).join(" ");
+        tags = skills.flatMap((s) => {
+          const meta = s["metadata"];
+          return meta?.["tags"] ?? [];
+        }).join(" ");
+      } else {
+        name = String(data["name"] ?? "");
+        description = String(data["description"] ?? "");
+        const meta = data["metadata"];
+        const rawTags = meta?.["tags"] ?? [];
+        tags = rawTags.join(" ");
+      }
+      ftsInsert.run(row.rowid, row.id, row.owner, name, description, tags);
+    }
+    db.pragma("user_version = 2");
+  });
+  migrate();
+}
+function getCard(db, id) {
+  const stmt = db.prepare("SELECT data FROM capability_cards WHERE id = ?");
+  const row = stmt.get(id);
+  if (!row) return null;
+  return JSON.parse(row.data);
+}
+function updateReputation(db, cardId, success, latencyMs) {
+  const existing = getCard(db, cardId);
+  if (!existing) return;
+  const ALPHA = 0.1;
+  const observed = success ? 1 : 0;
+  const prevSuccessRate = existing.metadata?.success_rate;
+  const prevLatency = existing.metadata?.avg_latency_ms;
+  const newSuccessRate = prevSuccessRate === void 0 ? observed : ALPHA * observed + (1 - ALPHA) * prevSuccessRate;
+  const newLatency = prevLatency === void 0 ? latencyMs : ALPHA * latencyMs + (1 - ALPHA) * prevLatency;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const updatedMetadata = {
+    ...existing.metadata,
+    success_rate: Math.round(newSuccessRate * 1e3) / 1e3,
+    avg_latency_ms: Math.round(newLatency)
+  };
+  const updatedCard = { ...existing, metadata: updatedMetadata, updated_at: now };
+  const stmt = db.prepare(`
+    UPDATE capability_cards
+    SET data = ?, updated_at = ?
+    WHERE id = ?
+  `);
+  stmt.run(JSON.stringify(updatedCard), now, cardId);
+}
+function updateSkillAvailability(db, cardId, skillId, online) {
+  const row = db.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
+  if (!row) return;
+  const card = JSON.parse(row.data);
+  const skills = card["skills"];
+  if (!skills) return;
+  const skill = skills.find((s) => s["id"] === skillId);
+  if (!skill) return;
+  const existing = skill["availability"] ?? {};
+  skill["availability"] = { ...existing, online };
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(
+    JSON.stringify(card),
+    now,
+    cardId
+  );
+}
+function updateSkillIdleRate(db, cardId, skillId, idleRate) {
+  const row = db.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
+  if (!row) return;
+  const card = JSON.parse(row.data);
+  const skills = card["skills"];
+  if (!skills) return;
+  const skill = skills.find((s) => s["id"] === skillId);
+  if (!skill) return;
+  const existing = skill["_internal"] ?? {};
+  skill["_internal"] = {
+    ...existing,
+    idle_rate: idleRate,
+    idle_rate_computed_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(
+    JSON.stringify(card),
+    now,
+    cardId
+  );
+}
+function listCards(db, owner) {
+  let stmt;
+  let rows;
+  if (owner !== void 0) {
+    stmt = db.prepare("SELECT data FROM capability_cards WHERE owner = ?");
+    rows = stmt.all(owner);
+  } else {
+    stmt = db.prepare("SELECT data FROM capability_cards");
+    rows = stmt.all();
+  }
+  return rows.map((row) => JSON.parse(row.data));
+}
+
+// src/skills/executor.ts
+var SkillExecutor = class {
+  skillMap;
+  modeMap;
+  /**
+   * @param configs - Parsed SkillConfig array (from parseSkillsFile).
+   * @param modes - Map from skill type string to its executor implementation.
+   */
+  constructor(configs, modes) {
+    this.skillMap = new Map(configs.map((c) => [c.id, c]));
+    this.modeMap = modes;
+  }
+  /**
+   * Execute a skill by ID with the given input parameters.
+   *
+   * Dispatch order:
+   * 1. Look up skill config by skillId.
+   * 2. Find executor mode by config.type.
+   * 3. Invoke mode.execute(), wrap with latency timing.
+   * 4. Catch any thrown errors and return as ExecutionResult with success:false.
+   *
+   * @param skillId - The ID of the skill to execute.
+   * @param params - Input parameters for the skill.
+   * @returns ExecutionResult including success, result/error, and latency_ms.
+   */
+  async execute(skillId, params, onProgress) {
+    const startTime = Date.now();
+    const config = this.skillMap.get(skillId);
+    if (!config) {
+      return {
+        success: false,
+        error: `Skill not found: "${skillId}"`,
+        latency_ms: Date.now() - startTime
+      };
+    }
+    const mode = this.modeMap.get(config.type);
+    if (!mode) {
+      return {
+        success: false,
+        error: `No executor registered for skill type "${config.type}" (skill: "${skillId}")`,
+        latency_ms: Date.now() - startTime
+      };
+    }
+    try {
+      const modeResult = await mode.execute(config, params, onProgress);
+      return {
+        ...modeResult,
+        latency_ms: Date.now() - startTime
+      };
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: message,
+        latency_ms: Date.now() - startTime
+      };
+    }
+  }
+  /**
+   * Returns the IDs of all registered skills.
+   *
+   * @returns Array of skill ID strings.
+   */
+  listSkills() {
+    return Array.from(this.skillMap.keys());
+  }
+  /**
+   * Returns the SkillConfig for a given skill ID, or undefined if not found.
+   *
+   * @param skillId - The skill ID to look up.
+   * @returns The SkillConfig or undefined.
+   */
+  getSkillConfig(skillId) {
+    return this.skillMap.get(skillId);
+  }
+};
+function createSkillExecutor(configs, modes) {
+  return new SkillExecutor(configs, modes);
+}
+
+// src/skills/skill-config.ts
+import { z } from "zod";
+import yaml from "js-yaml";
+var PricingSchema = z.object({
+  credits_per_call: z.number().nonnegative(),
+  credits_per_minute: z.number().nonnegative().optional(),
+  free_tier: z.number().nonnegative().optional()
+});
+var ApiAuthSchema = z.discriminatedUnion("type", [
+  z.object({
+    type: z.literal("bearer"),
+    token: z.string()
+  }),
+  z.object({
+    type: z.literal("apikey"),
+    header: z.string().default("X-API-Key"),
+    key: z.string()
+  }),
+  z.object({
+    type: z.literal("basic"),
+    username: z.string(),
+    password: z.string()
+  })
+]);
+var ApiSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("api"),
+  name: z.string().min(1),
+  endpoint: z.string().min(1),
+  method: z.enum(["GET", "POST", "PUT", "DELETE"]),
+  auth: ApiAuthSchema.optional(),
+  input_mapping: z.record(z.string()).default({}),
+  output_mapping: z.record(z.string()).default({}),
+  pricing: PricingSchema,
+  timeout_ms: z.number().positive().default(3e4),
+  retries: z.number().nonnegative().int().default(0),
+  provider: z.string().optional()
+});
+var PipelineStepSchema = z.union([
+  z.object({
+    skill_id: z.string().min(1),
+    input_mapping: z.record(z.string()).default({})
+  }),
+  z.object({
+    command: z.string().min(1),
+    input_mapping: z.record(z.string()).default({})
+  })
+]);
+var PipelineSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("pipeline"),
+  name: z.string().min(1),
+  steps: z.array(PipelineStepSchema).min(1),
+  pricing: PricingSchema,
+  timeout_ms: z.number().positive().optional()
+});
+var OpenClawSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("openclaw"),
+  name: z.string().min(1),
+  agent_name: z.string().min(1),
+  channel: z.enum(["telegram", "webhook", "process"]),
+  pricing: PricingSchema,
+  timeout_ms: z.number().positive().optional()
+});
+var CommandSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("command"),
+  name: z.string().min(1),
+  command: z.string().min(1),
+  output_type: z.enum(["json", "text", "file"]),
+  allowed_commands: z.array(z.string()).optional(),
+  working_dir: z.string().optional(),
+  timeout_ms: z.number().positive().default(3e4),
+  pricing: PricingSchema
+});
+var ConductorSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("conductor"),
+  name: z.string().min(1),
+  conductor_skill: z.enum(["orchestrate", "plan"]),
+  pricing: PricingSchema,
+  timeout_ms: z.number().positive().optional()
+});
+var SkillConfigSchema = z.discriminatedUnion("type", [
+  ApiSkillConfigSchema,
+  PipelineSkillConfigSchema,
+  OpenClawSkillConfigSchema,
+  CommandSkillConfigSchema,
+  ConductorSkillConfigSchema
+]);
+var SkillsFileSchema = z.object({
+  skills: z.array(SkillConfigSchema)
+});
+function expandEnvVars(value) {
+  return value.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
+    if (/[.a-z]/.test(varName)) {
+      return _match;
+    }
+    const envValue = process.env[varName];
+    if (envValue === void 0) {
+      throw new Error(`Environment variable "${varName}" is not defined`);
+    }
+    return envValue;
+  });
+}
+function expandEnvVarsDeep(value) {
+  if (typeof value === "string") {
+    return expandEnvVars(value);
+  }
+  if (Array.isArray(value)) {
+    return value.map(expandEnvVarsDeep);
+  }
+  if (value !== null && typeof value === "object") {
+    const result = {};
+    for (const [k, v] of Object.entries(value)) {
+      result[k] = expandEnvVarsDeep(v);
+    }
+    return result;
+  }
+  return value;
+}
+function parseSkillsFile(yamlContent) {
+  const raw = yaml.load(yamlContent);
+  const expanded = expandEnvVarsDeep(raw);
+  const result = SkillsFileSchema.parse(expanded);
+  return result.skills;
+}
+
+// src/skills/api-executor.ts
+function parseMappingTarget(mapping) {
+  const dotIndex = mapping.indexOf(".");
+  if (dotIndex < 0) {
+    throw new Error(`Invalid input_mapping format: "${mapping}" (expected "target.key")`);
+  }
+  const target = mapping.slice(0, dotIndex);
+  const key = mapping.slice(dotIndex + 1);
+  if (!["body", "query", "path", "header"].includes(target)) {
+    throw new Error(
+      `Invalid mapping target "${target}" in "${mapping}" (must be body|query|path|header)`
+    );
+  }
+  return { target, key };
+}
+function extractByPath(obj, dotPath) {
+  const normalizedPath = dotPath.startsWith("response.") ? dotPath.slice("response.".length) : dotPath;
+  const parts = normalizedPath.split(".");
+  let current = obj;
+  for (const part of parts) {
+    if (current === null || typeof current !== "object") {
+      return void 0;
+    }
+    current = current[part];
+  }
+  return current;
+}
+function buildAuthHeaders(auth) {
+  if (!auth) return {};
+  switch (auth.type) {
+    case "bearer":
+      return { Authorization: `Bearer ${auth.token}` };
+    case "apikey":
+      return { [auth.header]: auth.key };
+    case "basic": {
+      const encoded = Buffer.from(`${auth.username}:${auth.password}`).toString("base64");
+      return { Authorization: `Basic ${encoded}` };
+    }
+  }
+}
+function applyInputMapping(params, mapping) {
+  const body = {};
+  const query = {};
+  const pathParams = {};
+  const headers = {};
+  for (const [paramName, mappingValue] of Object.entries(mapping)) {
+    const value = params[paramName];
+    if (value === void 0) continue;
+    const { target, key } = parseMappingTarget(mappingValue);
+    switch (target) {
+      case "body":
+        body[key] = value;
+        break;
+      case "query":
+        query[key] = String(value);
+        break;
+      case "path":
+        pathParams[key] = String(value);
+        break;
+      case "header":
+        headers[key] = String(value).replace(/[\r\n]/g, "");
+        break;
+    }
+  }
+  return { body, query, pathParams, headers };
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 500, 503]);
+var ApiExecutor = class {
+  /**
+   * Execute an API call described by the given skill config.
+   *
+   * @param config - The validated SkillConfig (must be ApiSkillConfig).
+   * @param params - Input parameters to map to the HTTP request.
+   * @returns Partial ExecutionResult (without latency_ms — added by SkillExecutor).
+   */
+  async execute(config, params) {
+    const apiConfig = config;
+    const { body, query, pathParams, headers: mappedHeaders } = applyInputMapping(
+      params,
+      apiConfig.input_mapping
+    );
+    let url = apiConfig.endpoint;
+    for (const [key, value] of Object.entries(pathParams)) {
+      url = url.replace(`{${key}}`, encodeURIComponent(value));
+    }
+    if (Object.keys(query).length > 0) {
+      const qs = new URLSearchParams(query).toString();
+      url = `${url}?${qs}`;
+    }
+    const authHeaders = buildAuthHeaders(apiConfig.auth);
+    const requestHeaders = {
+      ...authHeaders,
+      ...mappedHeaders
+    };
+    const hasBody = ["POST", "PUT"].includes(apiConfig.method);
+    if (hasBody) {
+      requestHeaders["Content-Type"] = "application/json";
+    }
+    const maxAttempts = (apiConfig.retries ?? 0) + 1;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+      if (attempt > 0) {
+        await sleep(100 * Math.pow(2, attempt - 1));
+      }
+      const controller = new AbortController();
+      const timeoutId = setTimeout(
+        () => controller.abort(),
+        apiConfig.timeout_ms ?? 3e4
+      );
+      let response;
+      try {
+        response = await fetch(url, {
+          method: apiConfig.method,
+          headers: requestHeaders,
+          body: hasBody ? JSON.stringify(body) : void 0,
+          signal: controller.signal
+        });
+      } catch (err) {
+        clearTimeout(timeoutId);
+        const message = err instanceof Error ? err.message : String(err);
+        const isAbort = err instanceof Error && err.name === "AbortError" || message.toLowerCase().includes("abort");
+        if (isAbort) {
+          return { success: false, error: `Request timeout after ${apiConfig.timeout_ms}ms` };
+        }
+        return { success: false, error: message };
+      } finally {
+        clearTimeout(timeoutId);
+      }
+      if (!response.ok && RETRYABLE_STATUSES.has(response.status) && attempt < maxAttempts - 1) {
+        continue;
+      }
+      if (!response.ok) {
+        return {
+          success: false,
+          error: `HTTP ${response.status} from ${apiConfig.endpoint}`
+        };
+      }
+      const responseBody = await response.json();
+      const outputMapping = apiConfig.output_mapping;
+      if (Object.keys(outputMapping).length === 0) {
+        return { success: true, result: responseBody };
+      }
+      const mappedOutput = {};
+      for (const [outputKey, path] of Object.entries(outputMapping)) {
+        mappedOutput[outputKey] = extractByPath(responseBody, path);
+      }
+      return { success: true, result: mappedOutput };
+    }
+    return { success: false, error: "Unexpected: retry loop exhausted" };
+  }
+};
+
+// src/skills/pipeline-executor.ts
+import { execFile } from "child_process";
+import { promisify } from "util";
+var execFileAsync = promisify(execFile);
+function shellEscape(value) {
+  return "'" + value.replace(/'/g, "'\\''") + "'";
+}
+function safeInterpolateCommand(template, context) {
+  return template.replace(/\$\{([^}]+)\}/g, (_match, expr) => {
+    const parts = expr.split(".");
+    let current = context;
+    for (const part of parts) {
+      if (current === null || typeof current !== "object") return "";
+      const bracketMatch = part.match(/^(\w+)\[(\d+)\]$/);
+      if (bracketMatch) {
+        current = current[bracketMatch[1]];
+        if (Array.isArray(current)) {
+          current = current[parseInt(bracketMatch[2], 10)];
+        } else {
+          return "";
+        }
+      } else {
+        current = current[part];
+      }
+    }
+    if (current === void 0 || current === null) return "";
+    return shellEscape(String(current));
+  });
+}
+var PipelineExecutor = class {
+  /**
+   * @param skillExecutor - The parent SkillExecutor used to dispatch sub-skill calls.
+   */
+  constructor(skillExecutor) {
+    this.skillExecutor = skillExecutor;
+  }
+  /**
+   * Execute a pipeline skill config sequentially.
+   *
+   * Algorithm:
+   * 1. Initialise context: { params, steps: [], prev: { result: null } }
+   * 2. For each step:
+   *    a. Resolve input_mapping keys against current context via interpolateObject.
+   *    b. If step has `skill_id`: dispatch via skillExecutor.execute(). On failure → stop.
+   *    c. If step has `command`: interpolate command string, run via exec(). On non-zero exit → stop.
+   *    d. Store step result in context.steps[i] and context.prev.
+   * 3. Return success with final step result (or null for empty pipeline).
+   *
+   * @param config - The PipelineSkillConfig for this skill.
+   * @param params - Input parameters from the caller.
+   * @returns Partial ExecutionResult (without latency_ms — added by SkillExecutor wrapper).
+   */
+  async execute(config, params, onProgress) {
+    const pipelineConfig = config;
+    const steps = pipelineConfig.steps ?? [];
+    if (steps.length === 0) {
+      return { success: true, result: null };
+    }
+    const context = {
+      params,
+      steps: [],
+      prev: { result: null }
+    };
+    for (let i = 0; i < steps.length; i++) {
+      const step = steps[i];
+      if (step === void 0) {
+        return {
+          success: false,
+          error: `Step ${i} failed: step definition is undefined`
+        };
+      }
+      const resolvedInputs = interpolateObject(
+        step.input_mapping,
+        context
+      );
+      let stepResult;
+      if ("skill_id" in step && step.skill_id) {
+        const subResult = await this.skillExecutor.execute(
+          step.skill_id,
+          resolvedInputs
+        );
+        if (!subResult.success) {
+          return {
+            success: false,
+            error: `Step ${i} failed: ${subResult.error ?? "unknown error"}`
+          };
+        }
+        stepResult = subResult.result;
+      } else if ("command" in step && step.command) {
+        const interpolatedCommand = safeInterpolateCommand(
+          step.command,
+          context
+        );
+        try {
+          const { stdout } = await execFileAsync("/bin/sh", ["-c", interpolatedCommand], { timeout: 3e4 });
+          stepResult = stdout.trim();
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          return {
+            success: false,
+            error: `Step ${i} failed: ${message}`
+          };
+        }
+      } else {
+        return {
+          success: false,
+          error: `Step ${i} failed: step must have either "skill_id" or "command"`
+        };
+      }
+      context.steps.push({ result: stepResult });
+      context.prev = { result: stepResult };
+      if (onProgress && i < steps.length - 1) {
+        onProgress({
+          step: i + 1,
+          total: steps.length,
+          message: `Completed step ${i + 1}/${steps.length}`
+        });
+      }
+    }
+    const lastStep = context.steps[context.steps.length - 1];
+    return {
+      success: true,
+      result: lastStep !== void 0 ? lastStep.result : null
+    };
+  }
+};
+
+// src/skills/openclaw-bridge.ts
+import { execFileSync } from "child_process";
+var DEFAULT_BASE_URL = "http://localhost:3000";
+var DEFAULT_TIMEOUT_MS = 6e4;
+function buildPayload(config, params) {
+  return {
+    task: config.name,
+    params,
+    source: "agentbnb",
+    skill_id: config.id
+  };
+}
+async function executeWebhook(config, payload) {
+  const baseUrl = process.env["OPENCLAW_BASE_URL"] ?? DEFAULT_BASE_URL;
+  const url = `${baseUrl}/openclaw/${config.agent_name}/task`;
+  const timeoutMs = config.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload),
+      signal: controller.signal
+    });
+    if (!response.ok) {
+      return {
+        success: false,
+        error: `Webhook returned HTTP ${response.status}: ${response.statusText}`
+      };
+    }
+    const result = await response.json();
+    return { success: true, result };
+  } catch (err) {
+    if (err instanceof Error && err.name === "AbortError") {
+      return {
+        success: false,
+        error: `OpenClaw webhook timed out after ${timeoutMs}ms`
+      };
+    }
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+function validateAgentName(name) {
+  return /^[a-zA-Z0-9._-]+$/.test(name);
+}
+function executeProcess(config, payload) {
+  const timeoutMs = config.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+  if (!validateAgentName(config.agent_name)) {
+    return {
+      success: false,
+      error: `Invalid agent name: "${config.agent_name}" (only alphanumeric, hyphens, underscores, dots allowed)`
+    };
+  }
+  const inputJson = JSON.stringify(payload);
+  try {
+    const stdout = execFileSync("openclaw", ["run", config.agent_name, "--input", inputJson], {
+      timeout: timeoutMs
+    });
+    const text = stdout.toString().trim();
+    const result = JSON.parse(text);
+    return { success: true, result };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  }
+}
+async function executeTelegram(config, payload) {
+  const token = process.env["TELEGRAM_BOT_TOKEN"];
+  if (!token) {
+    return {
+      success: false,
+      error: "TELEGRAM_BOT_TOKEN environment variable is not set"
+    };
+  }
+  const chatId = process.env["TELEGRAM_CHAT_ID"];
+  if (!chatId) {
+    return {
+      success: false,
+      error: "TELEGRAM_CHAT_ID environment variable is not set"
+    };
+  }
+  const text = `[AgentBnB] Skill: ${config.name} (${config.id})
+Agent: ${config.agent_name}
+Params: ${JSON.stringify(payload.params ?? {})}`;
+  const url = `https://api.telegram.org/bot${token}/sendMessage`;
+  try {
+    await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ chat_id: chatId, text })
+    });
+    return {
+      success: true,
+      result: { sent: true, channel: "telegram" }
+    };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  }
+}
+var OpenClawBridge = class {
+  /**
+   * Execute a skill with the given config and input parameters.
+   *
+   * @param config - The SkillConfig for this skill (must be type 'openclaw').
+   * @param params - Input parameters passed by the caller.
+   * @returns Partial ExecutionResult without latency_ms.
+   */
+  async execute(config, params) {
+    const ocConfig = config;
+    const payload = buildPayload(ocConfig, params);
+    switch (ocConfig.channel) {
+      case "webhook":
+        return executeWebhook(ocConfig, payload);
+      case "process":
+        return executeProcess(ocConfig, payload);
+      case "telegram":
+        return executeTelegram(ocConfig, payload);
+      default: {
+        const unknownChannel = ocConfig.channel;
+        return {
+          success: false,
+          error: `Unknown OpenClaw channel: "${String(unknownChannel)}"`
+        };
+      }
+    }
+  }
+};
+
+// src/skills/command-executor.ts
+import { execFile as execFile2 } from "child_process";
+function shellEscape2(value) {
+  return "'" + value.replace(/'/g, "'\\''") + "'";
+}
+function safeInterpolateCommand2(template, context) {
+  return template.replace(/\$\{([^}]+)\}/g, (_match, expr) => {
+    const parts = expr.split(".");
+    let current = context;
+    for (const part of parts) {
+      if (current === null || typeof current !== "object") return "";
+      const bracketMatch = part.match(/^(\w+)\[(\d+)\]$/);
+      if (bracketMatch) {
+        current = current[bracketMatch[1]];
+        if (Array.isArray(current)) {
+          current = current[parseInt(bracketMatch[2], 10)];
+        } else {
+          return "";
+        }
+      } else {
+        current = current[part];
+      }
+    }
+    if (current === void 0 || current === null) return "";
+    return shellEscape2(String(current));
+  });
+}
+function execFileAsync2(file, args, options) {
+  return new Promise((resolve, reject) => {
+    execFile2(file, args, options, (error, stdout, stderr) => {
+      const stdoutStr = typeof stdout === "string" ? stdout : stdout.toString();
+      const stderrStr = typeof stderr === "string" ? stderr : stderr.toString();
+      if (error) {
+        const enriched = Object.assign(error, { stderr: stderrStr });
+        reject(enriched);
+      } else {
+        resolve({ stdout: stdoutStr, stderr: stderrStr });
+      }
+    });
+  });
+}
+var CommandExecutor = class {
+  /**
+   * Execute a command skill with the provided parameters.
+   *
+   * Steps:
+   * 1. Security check: base command must be in `allowed_commands` if set.
+   * 2. Interpolate `config.command` using `{ params }` context.
+   * 3. Run via `child_process.exec` with timeout and cwd.
+   * 4. Parse stdout based on `output_type`: text | json | file.
+   *
+   * @param config - Validated CommandSkillConfig.
+   * @param params - Input parameters passed by the caller.
+   * @returns Partial ExecutionResult (without latency_ms).
+   */
+  async execute(config, params) {
+    const cmdConfig = config;
+    const baseCommand = cmdConfig.command.trim().split(/\s+/)[0] ?? "";
+    if (cmdConfig.allowed_commands && cmdConfig.allowed_commands.length > 0) {
+      if (!cmdConfig.allowed_commands.includes(baseCommand)) {
+        return {
+          success: false,
+          error: `Command not allowed: "${baseCommand}". Allowed: ${cmdConfig.allowed_commands.join(", ")}`
+        };
+      }
+    }
+    const interpolatedCommand = safeInterpolateCommand2(cmdConfig.command, { params });
+    const timeout = cmdConfig.timeout_ms ?? 3e4;
+    const cwd = cmdConfig.working_dir ?? process.cwd();
+    let stdout;
+    try {
+      const result = await execFileAsync2("/bin/sh", ["-c", interpolatedCommand], {
+        timeout,
+        cwd,
+        maxBuffer: 10 * 1024 * 1024
+        // 10 MB
+      });
+      stdout = result.stdout;
+    } catch (err) {
+      if (err instanceof Error) {
+        const message = err.message;
+        const stderrContent = err.stderr ?? "";
+        if (message.includes("timed out") || message.includes("ETIMEDOUT") || err.code === "ETIMEDOUT") {
+          return {
+            success: false,
+            error: `Command timed out after ${timeout}ms`
+          };
+        }
+        return {
+          success: false,
+          error: stderrContent.trim() || message
+        };
+      }
+      return {
+        success: false,
+        error: String(err)
+      };
+    }
+    const rawOutput = stdout.trim();
+    switch (cmdConfig.output_type) {
+      case "text":
+        return { success: true, result: rawOutput };
+      case "json": {
+        try {
+          const parsed = JSON.parse(rawOutput);
+          return { success: true, result: parsed };
+        } catch {
+          return {
+            success: false,
+            error: `Failed to parse JSON output: ${rawOutput.slice(0, 100)}`
+          };
+        }
+      }
+      case "file":
+        return { success: true, result: { file_path: rawOutput } };
+      default:
+        return {
+          success: false,
+          error: `Unknown output_type: ${String(cmdConfig.output_type)}`
+        };
+    }
+  }
+};
+
+// src/runtime/agent-runtime.ts
+var AgentRuntime = class {
+  /** The registry SQLite database instance */
+  registryDb;
+  /** The credit SQLite database instance */
+  creditDb;
+  /** The agent owner identifier */
+  owner;
+  /** Registered background Cron jobs */
+  jobs = [];
+  /**
+   * The SkillExecutor instance, populated by start() if skillsYamlPath is set.
+   * Undefined if no skills.yaml was provided or the file does not exist.
+   */
+  skillExecutor;
+  draining = false;
+  orphanedEscrowAgeMinutes;
+  skillsYamlPath;
+  conductorEnabled;
+  conductorToken;
+  /**
+   * Creates a new AgentRuntime instance.
+   * Opens both databases with WAL mode, foreign_keys=ON, and busy_timeout=5000.
+   * Schema migrations are applied via openDatabase() and openCreditDb().
+   *
+   * @param options - Runtime configuration options.
+   */
+  constructor(options) {
+    this.owner = options.owner;
+    this.orphanedEscrowAgeMinutes = options.orphanedEscrowAgeMinutes ?? 10;
+    this.skillsYamlPath = options.skillsYamlPath;
+    this.conductorEnabled = options.conductorEnabled ?? false;
+    this.conductorToken = options.conductorToken ?? "";
+    this.registryDb = openDatabase(options.registryDbPath);
+    this.creditDb = openCreditDb(options.creditDbPath);
+    this.registryDb.pragma("busy_timeout = 5000");
+    this.creditDb.pragma("busy_timeout = 5000");
+  }
+  /**
+   * Registers a Cron job to be managed by this runtime.
+   * Registered jobs will be stopped automatically on shutdown().
+   *
+   * @param job - The Cron job instance to register.
+   */
+  registerJob(job) {
+    this.jobs.push(job);
+  }
+  /**
+   * Starts the runtime.
+   * Recovers orphaned escrows (held escrows older than orphanedEscrowAgeMinutes).
+   * If skillsYamlPath is set and the file exists, initializes SkillExecutor with
+   * all four executor modes (api, pipeline, openclaw, command).
+   *
+   * Call this after creating the runtime and before accepting requests.
+   */
+  async start() {
+    await this.recoverOrphanedEscrows();
+    await this.initSkillExecutor();
+  }
+  /**
+   * Initializes SkillExecutor from skills.yaml if skillsYamlPath is configured
+   * and the file exists on disk.
+   *
+   * Uses a mutable Map to handle the PipelineExecutor circular dependency:
+   * 1. Create an empty modes Map and a SkillExecutor (holds Map reference).
+   * 2. Create PipelineExecutor passing the SkillExecutor (for sub-skill dispatch).
+   * 3. Populate the Map with all 4 modes — SkillExecutor sees them via reference.
+   */
+  async initSkillExecutor() {
+    const hasSkillsYaml = this.skillsYamlPath && existsSync(this.skillsYamlPath);
+    if (!hasSkillsYaml && !this.conductorEnabled) {
+      return;
+    }
+    let configs = [];
+    if (hasSkillsYaml) {
+      const yamlContent = readFileSync(this.skillsYamlPath, "utf8");
+      configs = parseSkillsFile(yamlContent);
+    }
+    const modes = /* @__PURE__ */ new Map();
+    if (this.conductorEnabled) {
+      const { ConductorMode } = await import("../../conductor-mode-ESGFZ6T5.js");
+      const { registerConductorCard, CONDUCTOR_OWNER } = await import("../../card-RNEWSAQ6.js");
+      const { loadPeers } = await import("../../peers-E4MKNNDN.js");
+      registerConductorCard(this.registryDb);
+      const resolveAgentUrl = (owner) => {
+        const peers = loadPeers();
+        const peer = peers.find((p) => p.name.toLowerCase() === owner.toLowerCase());
+        if (!peer) {
+          throw new Error(
+            `No peer found for agent owner "${owner}". Add with: agentbnb peers add ${owner} <url> <token>`
+          );
+        }
+        const stmt = this.registryDb.prepare(
+          "SELECT id FROM capability_cards WHERE owner = ? LIMIT 1"
+        );
+        const row = stmt.get(owner);
+        const cardId = row?.id ?? owner;
+        return { url: peer.url, cardId };
+      };
+      const conductorMode = new ConductorMode({
+        db: this.registryDb,
+        creditDb: this.creditDb,
+        conductorOwner: CONDUCTOR_OWNER,
+        gatewayToken: this.conductorToken,
+        resolveAgentUrl,
+        maxBudget: 100
+      });
+      modes.set("conductor", conductorMode);
+      configs.push(
+        {
+          id: "orchestrate",
+          type: "conductor",
+          name: "Orchestrate",
+          conductor_skill: "orchestrate",
+          pricing: { credits_per_call: 5 }
+        },
+        {
+          id: "plan",
+          type: "conductor",
+          name: "Plan",
+          conductor_skill: "plan",
+          pricing: { credits_per_call: 1 }
+        }
+      );
+    }
+    const executor = createSkillExecutor(configs, modes);
+    if (hasSkillsYaml) {
+      const pipelineExecutor = new PipelineExecutor(executor);
+      modes.set("api", new ApiExecutor());
+      modes.set("pipeline", pipelineExecutor);
+      modes.set("openclaw", new OpenClawBridge());
+      modes.set("command", new CommandExecutor());
+    }
+    this.skillExecutor = executor;
+  }
+  /**
+   * Recovers orphaned escrows by releasing them.
+   * Orphaned escrows are 'held' escrows older than the configured age threshold.
+   * Errors during individual release are swallowed (escrow may have settled between query and release).
+   */
+  async recoverOrphanedEscrows() {
+    const cutoff = new Date(
+      Date.now() - this.orphanedEscrowAgeMinutes * 60 * 1e3
+    ).toISOString();
+    const orphaned = this.creditDb.prepare(
+      "SELECT id FROM credit_escrow WHERE status = 'held' AND created_at < ?"
+    ).all(cutoff);
+    for (const row of orphaned) {
+      try {
+        releaseEscrow(this.creditDb, row.id);
+      } catch {
+      }
+    }
+  }
+  /**
+   * Shuts down the runtime gracefully.
+   * Sets draining flag, stops all registered Cron jobs, and closes both databases.
+   * Idempotent — safe to call multiple times.
+   */
+  async shutdown() {
+    if (this.draining) {
+      return;
+    }
+    this.draining = true;
+    for (const job of this.jobs) {
+      job.stop();
+    }
+    try {
+      this.registryDb.close();
+    } catch {
+    }
+    try {
+      this.creditDb.close();
+    } catch {
+    }
+  }
+  /**
+   * Returns true if the runtime is shutting down or has shut down.
+   * Background handlers should check this before processing new requests.
+   */
+  get isDraining() {
+    return this.draining;
+  }
+};
+
+// src/openclaw/soul-sync.ts
+import { randomUUID as randomUUID2 } from "crypto";
+
+// src/skills/publish-capability.ts
+import { randomUUID } from "crypto";
+function parseSoulMd(content) {
+  const lines = content.split("\n");
+  let name = "";
+  let description = "";
+  const capabilities = [];
+  const unknownSections = [];
+  let currentSection = null;
+  let currentCapabilityName = "";
+  let currentCapabilityLines = [];
+  let currentCapabilityPricing = void 0;
+  let descriptionLines = [];
+  let pastFirstH1 = false;
+  let pastFirstH2 = false;
+  const flushCapability = () => {
+    if (currentCapabilityName) {
+      const cap = {
+        name: currentCapabilityName,
+        description: currentCapabilityLines.join(" ").trim()
+      };
+      if (currentCapabilityPricing !== void 0) {
+        cap.pricing = currentCapabilityPricing;
+      }
+      capabilities.push(cap);
+      currentCapabilityName = "";
+      currentCapabilityLines = [];
+      currentCapabilityPricing = void 0;
+    }
+  };
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (/^# /.test(trimmed) && !pastFirstH1) {
+      name = trimmed.slice(2).trim();
+      pastFirstH1 = true;
+      currentSection = "preamble";
+      continue;
+    }
+    if (/^## /.test(trimmed)) {
+      flushCapability();
+      const capName = trimmed.slice(3).trim();
+      currentCapabilityName = capName;
+      currentSection = "capability";
+      pastFirstH2 = true;
+      continue;
+    }
+    if (/^#{3,} /.test(trimmed)) {
+      const sectionName = trimmed.replace(/^#+\s*/, "");
+      if (!unknownSections.includes(sectionName)) {
+        unknownSections.push(sectionName);
+      }
+      continue;
+    }
+    if (trimmed === "") continue;
+    if (currentSection === "preamble" && !pastFirstH2) {
+      descriptionLines.push(trimmed);
+    } else if (currentSection === "capability") {
+      const pricingMatch = trimmed.match(/^pricing:\s*(\d+(?:\.\d+)?)$/i);
+      if (pricingMatch) {
+        const val = parseFloat(pricingMatch[1]);
+        if (!isNaN(val) && val >= 0) {
+          currentCapabilityPricing = val;
+        }
+      } else {
+        currentCapabilityLines.push(trimmed);
+      }
+    }
+  }
+  flushCapability();
+  if (descriptionLines.length > 0) {
+    description = descriptionLines[0] ?? "";
+  }
+  return {
+    name,
+    description,
+    level: 2,
+    capabilities,
+    unknownSections
+  };
+}
+
+// src/openclaw/soul-sync.ts
+function parseSoulMdV2(content) {
+  const parsed = parseSoulMd(content);
+  const skills = parsed.capabilities.map((cap) => {
+    const sanitizedId = cap.name.toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "");
+    const id = sanitizedId.length > 0 ? sanitizedId : randomUUID2();
+    return {
+      id,
+      name: cap.name,
+      description: (cap.description.slice(0, 500) || cap.name).slice(0, 500),
+      level: 2,
+      inputs: [
+        {
+          name: "input",
+          type: "text",
+          description: "Input for the skill",
+          required: true
+        }
+      ],
+      outputs: [
+        {
+          name: "output",
+          type: "text",
+          description: "Output from the skill",
+          required: true
+        }
+      ],
+      pricing: { credits_per_call: cap.pricing !== void 0 ? cap.pricing : 10 },
+      availability: { online: true }
+    };
+  });
+  return {
+    agentName: parsed.name || "Unknown Agent",
+    description: parsed.description,
+    skills
+  };
+}
+function publishFromSoulV2(db, soulContent, owner) {
+  const { agentName, skills } = parseSoulMdV2(soulContent);
+  if (skills.length === 0) {
+    throw new AgentBnBError("SOUL.md has no H2 sections", "VALIDATION_ERROR");
+  }
+  const existingCards = listCards(db, owner);
+  const existingV2 = existingCards.find(
+    (c) => c.spec_version === "2.0"
+  );
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const cardId = existingV2?.id ?? randomUUID2();
+  const card = {
+    spec_version: "2.0",
+    id: cardId,
+    owner,
+    agent_name: agentName,
+    skills,
+    availability: { online: true },
+    created_at: existingV2?.created_at ?? now,
+    updated_at: now
+  };
+  CapabilityCardV2Schema.parse(card);
+  if (existingV2) {
+    db.prepare(
+      "UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?"
+    ).run(JSON.stringify(card), now, cardId);
+  } else {
+    db.prepare(
+      "INSERT INTO capability_cards (id, owner, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?)"
+    ).run(cardId, owner, JSON.stringify(card), now, now);
+  }
+  return card;
+}
+
+// src/gateway/server.ts
+import Fastify from "fastify";
+
+// src/gateway/execute.ts
+import { randomUUID as randomUUID3 } from "crypto";
+
+// src/credit/settlement.ts
+function settleProviderEarning(providerDb, providerOwner, receipt) {
+  recordEarning(
+    providerDb,
+    providerOwner,
+    receipt.amount,
+    receipt.card_id,
+    receipt.nonce
+  );
+  return { settled: true };
+}
+
+// src/gateway/execute.ts
+async function executeCapabilityRequest(opts) {
+  const {
+    registryDb,
+    creditDb,
+    cardId,
+    skillId,
+    params,
+    requester,
+    escrowReceipt: receipt,
+    skillExecutor,
+    handlerUrl,
+    timeoutMs = 3e5,
+    onProgress,
+    relayAuthorized = false
+  } = opts;
+  const card = getCard(registryDb, cardId);
+  if (!card) {
+    return { success: false, error: { code: -32602, message: `Card not found: ${cardId}` } };
+  }
+  let creditsNeeded;
+  let cardName;
+  let resolvedSkillId;
+  const rawCard = card;
+  if (Array.isArray(rawCard["skills"])) {
+    const v2card = card;
+    const skill = skillId ? v2card.skills.find((s) => s.id === skillId) : v2card.skills[0];
+    if (!skill) {
+      return { success: false, error: { code: -32602, message: `Skill not found: ${skillId}` } };
+    }
+    creditsNeeded = skill.pricing.credits_per_call;
+    cardName = skill.name;
+    resolvedSkillId = skill.id;
+  } else {
+    creditsNeeded = card.pricing.credits_per_call;
+    cardName = card.name;
+  }
+  let escrowId = null;
+  let isRemoteEscrow = false;
+  if (relayAuthorized) {
+  } else if (receipt) {
+    const { signature, ...receiptData2 } = receipt;
+    const publicKeyBuf = Buffer.from(receipt.requester_public_key, "hex");
+    const valid = verifyEscrowReceipt(receiptData2, signature, publicKeyBuf);
+    if (!valid) {
+      return { success: false, error: { code: -32603, message: "Invalid escrow receipt signature" } };
+    }
+    if (receipt.amount < creditsNeeded) {
+      return { success: false, error: { code: -32603, message: "Insufficient escrow amount" } };
+    }
+    const receiptAge = Date.now() - new Date(receipt.timestamp).getTime();
+    if (receiptAge > 5 * 60 * 1e3) {
+      return { success: false, error: { code: -32603, message: "Escrow receipt expired" } };
+    }
+    isRemoteEscrow = true;
+  } else {
+    try {
+      const balance = getBalance(creditDb, requester);
+      if (balance < creditsNeeded) {
+        return { success: false, error: { code: -32603, message: "Insufficient credits" } };
+      }
+      escrowId = holdEscrow(creditDb, requester, creditsNeeded, cardId);
+    } catch (err) {
+      const msg = err instanceof AgentBnBError ? err.message : "Failed to hold escrow";
+      return { success: false, error: { code: -32603, message: msg } };
+    }
+  }
+  const startMs = Date.now();
+  const receiptData = isRemoteEscrow ? { receipt_released: true } : void 0;
+  const handleFailure = (status, latencyMs, message) => {
+    if (!isRemoteEscrow && escrowId) releaseEscrow(creditDb, escrowId);
+    updateReputation(registryDb, cardId, false, latencyMs);
+    try {
+      insertRequestLog(registryDb, {
+        id: randomUUID3(),
+        card_id: cardId,
+        card_name: cardName,
+        skill_id: resolvedSkillId,
+        requester,
+        status,
+        latency_ms: latencyMs,
+        credits_charged: 0,
+        created_at: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    } catch {
+    }
+    return {
+      success: false,
+      error: { code: -32603, message, ...receiptData ? { data: receiptData } : {} }
+    };
+  };
+  const handleSuccess = (result, latencyMs) => {
+    if (isRemoteEscrow && receipt) {
+      settleProviderEarning(creditDb, card.owner, receipt);
+    } else if (escrowId) {
+      settleEscrow(creditDb, escrowId, card.owner);
+    }
+    updateReputation(registryDb, cardId, true, latencyMs);
+    try {
+      insertRequestLog(registryDb, {
+        id: randomUUID3(),
+        card_id: cardId,
+        card_name: cardName,
+        skill_id: resolvedSkillId,
+        requester,
+        status: "success",
+        latency_ms: latencyMs,
+        credits_charged: creditsNeeded,
+        created_at: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    } catch {
+    }
+    const successResult = isRemoteEscrow ? {
+      ...typeof result === "object" && result !== null ? result : { data: result },
+      receipt_settled: true,
+      receipt_nonce: receipt.nonce
+    } : result;
+    return { success: true, result: successResult };
+  };
+  if (skillExecutor) {
+    const targetSkillId = resolvedSkillId ?? skillId ?? cardId;
+    try {
+      const execResult = await skillExecutor.execute(targetSkillId, params, onProgress);
+      if (!execResult.success) {
+        return handleFailure("failure", execResult.latency_ms, execResult.error ?? "Execution failed");
+      }
+      return handleSuccess(execResult.result, execResult.latency_ms);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Execution error";
+      return handleFailure("failure", Date.now() - startMs, message);
+    }
+  }
+  if (!handlerUrl) {
+    return handleFailure("failure", Date.now() - startMs, "No skill executor or handler URL configured");
+  }
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetch(handlerUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ card_id: cardId, skill_id: resolvedSkillId, params }),
+      signal: controller.signal
+    });
+    clearTimeout(timer);
+    if (!response.ok) {
+      return handleFailure("failure", Date.now() - startMs, `Handler returned ${response.status}`);
+    }
+    const result = await response.json();
+    return handleSuccess(result, Date.now() - startMs);
+  } catch (err) {
+    clearTimeout(timer);
+    const isTimeout = err instanceof Error && err.name === "AbortError";
+    return handleFailure(
+      isTimeout ? "timeout" : "failure",
+      Date.now() - startMs,
+      isTimeout ? "Execution timeout" : "Handler error"
+    );
+  }
+}
+
+// src/gateway/server.ts
+var VERSION = "0.0.1";
+function createGatewayServer(opts) {
+  const {
+    registryDb,
+    creditDb,
+    tokens,
+    handlerUrl,
+    timeoutMs = 3e5,
+    silent = false,
+    skillExecutor
+  } = opts;
+  const fastify = Fastify({ logger: !silent });
+  const tokenSet = new Set(tokens);
+  fastify.addHook("onRequest", async (request) => {
+    if (request.method === "GET" && request.url === "/health") return;
+    const auth = request.headers.authorization;
+    if (auth && auth.startsWith("Bearer ")) {
+      const token = auth.slice("Bearer ".length).trim();
+      if (tokenSet.has(token)) {
+        request._authenticated = true;
+      }
+    }
+  });
+  fastify.addHook("preHandler", async (request, reply) => {
+    if (request._authenticated) return;
+    if (request.method === "GET" && request.url === "/health") return;
+    const agentId = request.headers["x-agent-id"];
+    const publicKeyHex = request.headers["x-agent-public-key"];
+    const signature = request.headers["x-agent-signature"];
+    if (agentId && publicKeyHex && signature) {
+      try {
+        const publicKeyBuf = Buffer.from(publicKeyHex, "hex");
+        const body = request.body;
+        if (body && typeof body === "object") {
+          const valid = verifyEscrowReceipt(body, signature, publicKeyBuf);
+          if (valid) return;
+        }
+      } catch {
+      }
+    }
+    await reply.status(401).send({
+      jsonrpc: "2.0",
+      id: null,
+      error: { code: -32e3, message: "Unauthorized: provide Bearer token or X-Agent-Id/Signature headers" }
+    });
+  });
+  fastify.get("/health", async () => {
+    return { status: "ok", version: VERSION, uptime: process.uptime() };
+  });
+  fastify.post("/rpc", async (request, reply) => {
+    const body = request.body;
+    if (body.jsonrpc !== "2.0" || !body.method) {
+      return reply.status(400).send({
+        jsonrpc: "2.0",
+        id: body.id ?? null,
+        error: { code: -32600, message: "Invalid Request" }
+      });
+    }
+    const id = body.id ?? null;
+    if (body.method !== "capability.execute") {
+      return reply.send({
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32601, message: "Method not found" }
+      });
+    }
+    const params = body.params ?? {};
+    const cardId = params.card_id;
+    const skillId = params.skill_id;
+    if (!cardId) {
+      return reply.send({
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32602, message: "Invalid params: card_id required" }
+      });
+    }
+    const requester = params.requester ?? "unknown";
+    const receipt = params.escrow_receipt;
+    const result = await executeCapabilityRequest({
+      registryDb,
+      creditDb,
+      cardId,
+      skillId,
+      params,
+      requester,
+      escrowReceipt: receipt,
+      skillExecutor,
+      handlerUrl,
+      timeoutMs
+    });
+    if (result.success) {
+      return reply.send({ jsonrpc: "2.0", id, result: result.result });
+    } else {
+      return reply.send({ jsonrpc: "2.0", id, error: result.error });
+    }
+  });
+  return fastify;
+}
+
+// src/autonomy/idle-monitor.ts
+import { Cron } from "croner";
+var IdleMonitor = class {
+  job;
+  owner;
+  db;
+  idleThreshold;
+  autonomyConfig;
+  /**
+   * Creates a new IdleMonitor instance. The Cron job is constructed paused.
+   * Call `start()` to activate polling.
+   *
+   * @param opts - IdleMonitor configuration options.
+   */
+  constructor(opts) {
+    this.owner = opts.owner;
+    this.db = opts.db;
+    this.idleThreshold = opts.idleThreshold ?? 0.7;
+    this.autonomyConfig = opts.autonomyConfig ?? DEFAULT_AUTONOMY_CONFIG;
+    this.job = new Cron("0 * * * * *", { paused: true }, () => {
+      void this.poll();
+    });
+  }
+  /**
+   * Starts the Cron polling loop by resuming the paused job.
+   *
+   * @returns The Cron job instance, for registration with AgentRuntime.registerJob().
+   */
+  start() {
+    this.job.resume();
+    return this.job;
+  }
+  /**
+   * Returns the underlying Cron job instance.
+   * Used for testing or for registering with AgentRuntime.registerJob() without starting.
+   *
+   * @returns The Cron job instance.
+   */
+  getJob() {
+    return this.job;
+  }
+  /**
+   * Polls the registry for all v2.0 cards owned by this agent, computes per-skill
+   * idle rates from the past hour of request_log data, and triggers auto-share if eligible.
+   *
+   * Called automatically by the Cron job every 60 seconds.
+   * Can be called directly in tests without needing to wait for the timer.
+   */
+  async poll() {
+    const cards = listCards(this.db, this.owner);
+    for (const card of cards) {
+      const maybeV2 = card;
+      if (!Array.isArray(maybeV2.skills)) {
+        continue;
+      }
+      for (const skill of maybeV2.skills) {
+        const capacity = skill.metadata?.capacity?.calls_per_hour ?? 60;
+        const count = getSkillRequestCount(this.db, skill.id, 60 * 60 * 1e3);
+        const idleRate = Math.max(0, 1 - count / capacity);
+        updateSkillIdleRate(this.db, card.id, skill.id, idleRate);
+        const isOnline = skill.availability?.online ?? false;
+        if (idleRate >= this.idleThreshold && !isOnline) {
+          const tier = getAutonomyTier(0, this.autonomyConfig);
+          if (tier === 1) {
+            updateSkillAvailability(this.db, card.id, skill.id, true);
+            insertAuditEvent(this.db, {
+              type: "auto_share",
+              skill_id: skill.id,
+              tier_invoked: 1,
+              idle_rate: idleRate
+            });
+          } else if (tier === 2) {
+            updateSkillAvailability(this.db, card.id, skill.id, true);
+            insertAuditEvent(this.db, {
+              type: "auto_share_notify",
+              skill_id: skill.id,
+              tier_invoked: 2,
+              idle_rate: idleRate
+            });
+          } else {
+            insertAuditEvent(this.db, {
+              type: "auto_share_pending",
+              skill_id: skill.id,
+              tier_invoked: 3,
+              idle_rate: idleRate
+            });
+          }
+        }
+      }
+    }
+  }
+};
+
+// src/identity/identity.ts
+import { z as z2 } from "zod";
+import { createHash } from "crypto";
+import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, mkdirSync } from "fs";
+import { join } from "path";
+var AgentIdentitySchema = z2.object({
+  /** Deterministic ID derived from public key: sha256(hex).slice(0, 16). */
+  agent_id: z2.string().min(1),
+  /** Human-readable owner name (from config or init). */
+  owner: z2.string().min(1),
+  /** Hex-encoded Ed25519 public key. */
+  public_key: z2.string().min(1),
+  /** ISO 8601 timestamp of identity creation. */
+  created_at: z2.string().datetime(),
+  /** Optional guarantor info if linked to a human. */
+  guarantor: z2.object({
+    github_login: z2.string().min(1),
+    verified_at: z2.string().datetime()
+  }).optional()
+});
+var AgentCertificateSchema = z2.object({
+  identity: AgentIdentitySchema,
+  /** ISO 8601 timestamp of certificate issuance. */
+  issued_at: z2.string().datetime(),
+  /** ISO 8601 timestamp of certificate expiry. */
+  expires_at: z2.string().datetime(),
+  /** Hex-encoded public key of the issuer (same as identity for self-signed). */
+  issuer_public_key: z2.string().min(1),
+  /** Base64url Ed25519 signature over { identity, issued_at, expires_at, issuer_public_key }. */
+  signature: z2.string().min(1)
+});
+var IDENTITY_FILENAME = "identity.json";
+function deriveAgentId(publicKeyHex) {
+  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
+}
+function createIdentity(configDir, owner) {
+  if (!existsSync2(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  let keys;
+  try {
+    keys = loadKeyPair(configDir);
+  } catch {
+    keys = generateKeyPair();
+    saveKeyPair(configDir, keys);
+  }
+  const publicKeyHex = keys.publicKey.toString("hex");
+  const agentId = deriveAgentId(publicKeyHex);
+  const identity = {
+    agent_id: agentId,
+    owner,
+    public_key: publicKeyHex,
+    created_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  saveIdentity(configDir, identity);
+  return identity;
+}
+function loadIdentity(configDir) {
+  const filePath = join(configDir, IDENTITY_FILENAME);
+  if (!existsSync2(filePath)) return null;
+  try {
+    const raw = readFileSync2(filePath, "utf-8");
+    return AgentIdentitySchema.parse(JSON.parse(raw));
+  } catch {
+    return null;
+  }
+}
+function saveIdentity(configDir, identity) {
+  if (!existsSync2(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const filePath = join(configDir, IDENTITY_FILENAME);
+  writeFileSync(filePath, JSON.stringify(identity, null, 2), "utf-8");
+}
+function ensureIdentity(configDir, owner) {
+  const existing = loadIdentity(configDir);
+  if (existing) {
+    if (existing.owner !== owner) {
+      existing.owner = owner;
+      saveIdentity(configDir, existing);
+    }
+    return existing;
+  }
+  return createIdentity(configDir, owner);
+}
+
+// skills/agentbnb/bootstrap.ts
+async function activate(config) {
+  const {
+    owner,
+    soulMdPath,
+    registryDbPath = join2(homedir(), ".agentbnb", "registry.db"),
+    creditDbPath = join2(homedir(), ".agentbnb", "credit.db"),
+    gatewayPort = 7700,
+    gatewayToken = randomUUID4(),
+    autonomyConfig = DEFAULT_AUTONOMY_CONFIG,
+    silent = false
+  } = config;
+  const identityRequired = config.identityRequired ?? false;
+  const handlerUrl = config.handlerUrl ?? `http://localhost:${gatewayPort}`;
+  if (!existsSync3(soulMdPath)) {
+    throw new AgentBnBError(`SOUL.md not found at path: ${soulMdPath}`, "FILE_NOT_FOUND");
+  }
+  const soulContent = readFileSync3(soulMdPath, "utf8");
+  const runtime = new AgentRuntime({ registryDbPath, creditDbPath, owner });
+  await runtime.start();
+  let identity = null;
+  if (identityRequired) {
+    const configDir = join2(homedir(), ".agentbnb");
+    identity = ensureIdentity(configDir, owner);
+  }
+  const card = publishFromSoulV2(runtime.registryDb, soulContent, owner);
+  const gateway = createGatewayServer({
+    port: gatewayPort,
+    registryDb: runtime.registryDb,
+    creditDb: runtime.creditDb,
+    tokens: [gatewayToken],
+    handlerUrl,
+    silent
+  });
+  await gateway.listen({ port: gatewayPort, host: "0.0.0.0" });
+  const idleMonitor = new IdleMonitor({ owner, db: runtime.registryDb, autonomyConfig });
+  const idleJob = idleMonitor.start();
+  runtime.registerJob(idleJob);
+  return { runtime, gateway, idleMonitor, card, identity };
+}
+async function deactivate(ctx) {
+  try {
+    await ctx.gateway.close();
+    await ctx.runtime.shutdown();
+  } catch {
+  }
+}
+export {
+  activate,
+  deactivate
+};