agentbnb 4.0.2 → 5.1.0

package/dist/service-coordinator-5R4LQW6L.js

@@ -0,0 +1,4917 @@
+import {
+  StructuredFeedbackSchema
+} from "./chunk-AUBHR7HH.js";
+import {
+  KNOWN_API_KEYS,
+  announceGateway,
+  buildDraftCard,
+  detectApiKeys,
+  getPricingStats,
+  stopAnnouncement
+} from "./chunk-MLS6IGGG.js";
+import {
+  deriveAgentId
+} from "./chunk-QITOPASZ.js";
+import {
+  createLedger,
+  identityAuthPlugin
+} from "./chunk-FLY3WIQR.js";
+import {
+  RelayMessageSchema
+} from "./chunk-QT7TEVNV.js";
+import {
+  interpolateObject
+} from "./chunk-3MJT4PZG.js";
+import {
+  DEFAULT_AUTONOMY_CONFIG,
+  getAutonomyTier,
+  insertAuditEvent,
+  listPendingRequests,
+  resolvePendingRequest
+} from "./chunk-CSATDXZC.js";
+import {
+  buildReputationMap,
+  computeReputation,
+  filterCards,
+  searchCards
+} from "./chunk-NH2FIERR.js";
+import {
+  getConfigDir
+} from "./chunk-75OC6E4F.js";
+import {
+  executeCapabilityBatch,
+  executeCapabilityRequest
+} from "./chunk-W5BZMKMF.js";
+import "./chunk-UKT6H7YT.js";
+import {
+  getActivityFeed,
+  getCard,
+  getEvolutionHistory,
+  getLatestEvolution,
+  getRequestLog,
+  getSkillRequestCount,
+  insertCard,
+  insertEvolution,
+  insertRequestLog,
+  listCards,
+  openDatabase,
+  updateCard,
+  updateSkillAvailability,
+  updateSkillIdleRate
+} from "./chunk-DFBX3BBD.js";
+import {
+  bootstrapAgent,
+  getBalance,
+  getFeedbackForProvider,
+  getFeedbackForSkill,
+  getTransactions,
+  holdEscrow,
+  insertFeedback,
+  migrateOwner,
+  openCreditDb,
+  releaseEscrow,
+  settleEscrow
+} from "./chunk-EANI2N2V.js";
+import {
+  generateKeyPair,
+  verifyEscrowReceipt
+} from "./chunk-5KFI5X7B.js";
+import {
+  AgentBnBError,
+  AnyCardSchema
+} from "./chunk-WGZ5AGOX.js";
+
+// src/runtime/agent-runtime.ts
+import { readFileSync, existsSync } from "fs";
+
+// src/skills/executor.ts
+var SkillExecutor = class {
+  skillMap;
+  modeMap;
+  /**
+   * @param configs - Parsed SkillConfig array (from parseSkillsFile).
+   * @param modes - Map from skill type string to its executor implementation.
+   */
+  constructor(configs, modes) {
+    this.skillMap = new Map(configs.map((c) => [c.id, c]));
+    this.modeMap = modes;
+  }
+  /**
+   * Execute a skill by ID with the given input parameters.
+   *
+   * Dispatch order:
+   * 1. Look up skill config by skillId.
+   * 2. Find executor mode by config.type.
+   * 3. Invoke mode.execute(), wrap with latency timing.
+   * 4. Catch any thrown errors and return as ExecutionResult with success:false.
+   *
+   * @param skillId - The ID of the skill to execute.
+   * @param params - Input parameters for the skill.
+   * @returns ExecutionResult including success, result/error, and latency_ms.
+   */
+  async execute(skillId, params, onProgress) {
+    const startTime = Date.now();
+    const config = this.skillMap.get(skillId);
+    if (!config) {
+      return {
+        success: false,
+        error: `Skill not found: "${skillId}"`,
+        latency_ms: Date.now() - startTime
+      };
+    }
+    const mode = this.modeMap.get(config.type);
+    if (!mode) {
+      return {
+        success: false,
+        error: `No executor registered for skill type "${config.type}" (skill: "${skillId}")`,
+        latency_ms: Date.now() - startTime
+      };
+    }
+    try {
+      const modeResult = await mode.execute(config, params, onProgress);
+      return {
+        ...modeResult,
+        latency_ms: Date.now() - startTime
+      };
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: message,
+        latency_ms: Date.now() - startTime
+      };
+    }
+  }
+  /**
+   * Returns the IDs of all registered skills.
+   *
+   * @returns Array of skill ID strings.
+   */
+  listSkills() {
+    return Array.from(this.skillMap.keys());
+  }
+  /**
+   * Returns the SkillConfig for a given skill ID, or undefined if not found.
+   *
+   * @param skillId - The skill ID to look up.
+   * @returns The SkillConfig or undefined.
+   */
+  getSkillConfig(skillId) {
+    return this.skillMap.get(skillId);
+  }
+};
+function createSkillExecutor(configs, modes) {
+  return new SkillExecutor(configs, modes);
+}
+
+// src/skills/skill-config.ts
+import { z } from "zod";
+import yaml from "js-yaml";
+var PricingSchema = z.object({
+  credits_per_call: z.number().nonnegative(),
+  credits_per_minute: z.number().nonnegative().optional(),
+  free_tier: z.number().nonnegative().optional()
+});
+var ApiAuthSchema = z.discriminatedUnion("type", [
+  z.object({
+    type: z.literal("bearer"),
+    token: z.string()
+  }),
+  z.object({
+    type: z.literal("apikey"),
+    header: z.string().default("X-API-Key"),
+    key: z.string()
+  }),
+  z.object({
+    type: z.literal("basic"),
+    username: z.string(),
+    password: z.string()
+  })
+]);
+var ApiSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("api"),
+  name: z.string().min(1),
+  endpoint: z.string().min(1),
+  method: z.enum(["GET", "POST", "PUT", "DELETE"]),
+  auth: ApiAuthSchema.optional(),
+  input_mapping: z.record(z.string()).default({}),
+  output_mapping: z.record(z.string()).default({}),
+  pricing: PricingSchema,
+  timeout_ms: z.number().positive().default(3e4),
+  retries: z.number().nonnegative().int().default(0),
+  provider: z.string().optional()
+});
+var PipelineStepSchema = z.union([
+  z.object({
+    skill_id: z.string().min(1),
+    input_mapping: z.record(z.string()).default({})
+  }),
+  z.object({
+    command: z.string().min(1),
+    input_mapping: z.record(z.string()).default({})
+  })
+]);
+var PipelineSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("pipeline"),
+  name: z.string().min(1),
+  steps: z.array(PipelineStepSchema).min(1),
+  pricing: PricingSchema,
+  timeout_ms: z.number().positive().optional()
+});
+var OpenClawSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("openclaw"),
+  name: z.string().min(1),
+  agent_name: z.string().min(1),
+  channel: z.enum(["telegram", "webhook", "process"]),
+  pricing: PricingSchema,
+  timeout_ms: z.number().positive().optional()
+});
+var CommandSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("command"),
+  name: z.string().min(1),
+  command: z.string().min(1),
+  output_type: z.enum(["json", "text", "file"]),
+  allowed_commands: z.array(z.string()).optional(),
+  working_dir: z.string().optional(),
+  timeout_ms: z.number().positive().default(3e4),
+  pricing: PricingSchema
+});
+var ConductorSkillConfigSchema = z.object({
+  id: z.string().min(1),
+  type: z.literal("conductor"),
+  name: z.string().min(1),
+  conductor_skill: z.enum(["orchestrate", "plan"]),
+  pricing: PricingSchema,
+  timeout_ms: z.number().positive().optional()
+});
+var SkillConfigSchema = z.discriminatedUnion("type", [
+  ApiSkillConfigSchema,
+  PipelineSkillConfigSchema,
+  OpenClawSkillConfigSchema,
+  CommandSkillConfigSchema,
+  ConductorSkillConfigSchema
+]);
+var SkillsFileSchema = z.object({
+  skills: z.array(SkillConfigSchema)
+});
+function expandEnvVars(value) {
+  return value.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
+    if (/[.a-z]/.test(varName)) {
+      return _match;
+    }
+    const envValue = process.env[varName];
+    if (envValue === void 0) {
+      throw new Error(`Environment variable "${varName}" is not defined`);
+    }
+    return envValue;
+  });
+}
+function expandEnvVarsDeep(value) {
+  if (typeof value === "string") {
+    return expandEnvVars(value);
+  }
+  if (Array.isArray(value)) {
+    return value.map(expandEnvVarsDeep);
+  }
+  if (value !== null && typeof value === "object") {
+    const result = {};
+    for (const [k, v] of Object.entries(value)) {
+      result[k] = expandEnvVarsDeep(v);
+    }
+    return result;
+  }
+  return value;
+}
+function parseSkillsFile(yamlContent) {
+  const raw = yaml.load(yamlContent);
+  const expanded = expandEnvVarsDeep(raw);
+  const result = SkillsFileSchema.parse(expanded);
+  return result.skills;
+}
+
+// src/skills/api-executor.ts
+function parseMappingTarget(mapping) {
+  const dotIndex = mapping.indexOf(".");
+  if (dotIndex < 0) {
+    throw new Error(`Invalid input_mapping format: "${mapping}" (expected "target.key")`);
+  }
+  const target = mapping.slice(0, dotIndex);
+  const key = mapping.slice(dotIndex + 1);
+  if (!["body", "query", "path", "header"].includes(target)) {
+    throw new Error(
+      `Invalid mapping target "${target}" in "${mapping}" (must be body|query|path|header)`
+    );
+  }
+  return { target, key };
+}
+function extractByPath(obj, dotPath) {
+  const normalizedPath = dotPath.startsWith("response.") ? dotPath.slice("response.".length) : dotPath;
+  const parts = normalizedPath.split(".");
+  let current = obj;
+  for (const part of parts) {
+    if (current === null || typeof current !== "object") {
+      return void 0;
+    }
+    current = current[part];
+  }
+  return current;
+}
+function buildAuthHeaders(auth) {
+  if (!auth) return {};
+  switch (auth.type) {
+    case "bearer":
+      return { Authorization: `Bearer ${auth.token}` };
+    case "apikey":
+      return { [auth.header]: auth.key };
+    case "basic": {
+      const encoded = Buffer.from(`${auth.username}:${auth.password}`).toString("base64");
+      return { Authorization: `Basic ${encoded}` };
+    }
+  }
+}
+function applyInputMapping(params, mapping) {
+  const body = {};
+  const query = {};
+  const pathParams = {};
+  const headers = {};
+  for (const [paramName, mappingValue] of Object.entries(mapping)) {
+    const value = params[paramName];
+    if (value === void 0) continue;
+    const { target, key } = parseMappingTarget(mappingValue);
+    switch (target) {
+      case "body":
+        body[key] = value;
+        break;
+      case "query":
+        query[key] = String(value);
+        break;
+      case "path":
+        pathParams[key] = String(value);
+        break;
+      case "header":
+        headers[key] = String(value).replace(/[\r\n]/g, "");
+        break;
+    }
+  }
+  return { body, query, pathParams, headers };
+}
+function sleep(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 500, 503]);
+var ApiExecutor = class {
+  /**
+   * Execute an API call described by the given skill config.
+   *
+   * @param config - The validated SkillConfig (must be ApiSkillConfig).
+   * @param params - Input parameters to map to the HTTP request.
+   * @returns Partial ExecutionResult (without latency_ms — added by SkillExecutor).
+   */
+  async execute(config, params) {
+    const apiConfig = config;
+    const { body, query, pathParams, headers: mappedHeaders } = applyInputMapping(
+      params,
+      apiConfig.input_mapping
+    );
+    let url = apiConfig.endpoint;
+    for (const [key, value] of Object.entries(pathParams)) {
+      url = url.replace(`{${key}}`, encodeURIComponent(value));
+    }
+    if (Object.keys(query).length > 0) {
+      const qs = new URLSearchParams(query).toString();
+      url = `${url}?${qs}`;
+    }
+    const authHeaders = buildAuthHeaders(apiConfig.auth);
+    const requestHeaders = {
+      ...authHeaders,
+      ...mappedHeaders
+    };
+    const hasBody = ["POST", "PUT"].includes(apiConfig.method);
+    if (hasBody) {
+      requestHeaders["Content-Type"] = "application/json";
+    }
+    const maxAttempts = (apiConfig.retries ?? 0) + 1;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+      if (attempt > 0) {
+        await sleep(100 * Math.pow(2, attempt - 1));
+      }
+      const controller = new AbortController();
+      const timeoutId = setTimeout(
+        () => controller.abort(),
+        apiConfig.timeout_ms ?? 3e4
+      );
+      let response;
+      try {
+        response = await fetch(url, {
+          method: apiConfig.method,
+          headers: requestHeaders,
+          body: hasBody ? JSON.stringify(body) : void 0,
+          signal: controller.signal
+        });
+      } catch (err) {
+        clearTimeout(timeoutId);
+        const message = err instanceof Error ? err.message : String(err);
+        const isAbort = err instanceof Error && err.name === "AbortError" || message.toLowerCase().includes("abort");
+        if (isAbort) {
+          return { success: false, error: `Request timeout after ${apiConfig.timeout_ms}ms` };
+        }
+        return { success: false, error: message };
+      } finally {
+        clearTimeout(timeoutId);
+      }
+      if (!response.ok && RETRYABLE_STATUSES.has(response.status) && attempt < maxAttempts - 1) {
+        continue;
+      }
+      if (!response.ok) {
+        return {
+          success: false,
+          error: `HTTP ${response.status} from ${apiConfig.endpoint}`
+        };
+      }
+      const responseBody = await response.json();
+      const outputMapping = apiConfig.output_mapping;
+      if (Object.keys(outputMapping).length === 0) {
+        return { success: true, result: responseBody };
+      }
+      const mappedOutput = {};
+      for (const [outputKey, path] of Object.entries(outputMapping)) {
+        mappedOutput[outputKey] = extractByPath(responseBody, path);
+      }
+      return { success: true, result: mappedOutput };
+    }
+    return { success: false, error: "Unexpected: retry loop exhausted" };
+  }
+};
+
+// src/skills/pipeline-executor.ts
+import { execFile } from "child_process";
+import { promisify } from "util";
+var execFileAsync = promisify(execFile);
+function shellEscape(value) {
+  return "'" + value.replace(/'/g, "'\\''") + "'";
+}
+function safeInterpolateCommand(template, context) {
+  return template.replace(/\$\{([^}]+)\}/g, (_match, expr) => {
+    const parts = expr.split(".");
+    let current = context;
+    for (const part of parts) {
+      if (current === null || typeof current !== "object") return "";
+      const bracketMatch = part.match(/^(\w+)\[(\d+)\]$/);
+      if (bracketMatch) {
+        current = current[bracketMatch[1]];
+        if (Array.isArray(current)) {
+          current = current[parseInt(bracketMatch[2], 10)];
+        } else {
+          return "";
+        }
+      } else {
+        current = current[part];
+      }
+    }
+    if (current === void 0 || current === null) return "";
+    return shellEscape(String(current));
+  });
+}
+var PipelineExecutor = class {
+  /**
+   * @param skillExecutor - The parent SkillExecutor used to dispatch sub-skill calls.
+   */
+  constructor(skillExecutor) {
+    this.skillExecutor = skillExecutor;
+  }
+  /**
+   * Execute a pipeline skill config sequentially.
+   *
+   * Algorithm:
+   * 1. Initialise context: { params, steps: [], prev: { result: null } }
+   * 2. For each step:
+   *    a. Resolve input_mapping keys against current context via interpolateObject.
+   *    b. If step has `skill_id`: dispatch via skillExecutor.execute(). On failure → stop.
+   *    c. If step has `command`: interpolate command string, run via exec(). On non-zero exit → stop.
+   *    d. Store step result in context.steps[i] and context.prev.
+   * 3. Return success with final step result (or null for empty pipeline).
+   *
+   * @param config - The PipelineSkillConfig for this skill.
+   * @param params - Input parameters from the caller.
+   * @returns Partial ExecutionResult (without latency_ms — added by SkillExecutor wrapper).
+   */
+  async execute(config, params, onProgress) {
+    const pipelineConfig = config;
+    const steps = pipelineConfig.steps ?? [];
+    if (steps.length === 0) {
+      return { success: true, result: null };
+    }
+    const context = {
+      params,
+      steps: [],
+      prev: { result: null }
+    };
+    for (let i = 0; i < steps.length; i++) {
+      const step = steps[i];
+      if (step === void 0) {
+        return {
+          success: false,
+          error: `Step ${i} failed: step definition is undefined`
+        };
+      }
+      const resolvedInputs = interpolateObject(
+        step.input_mapping,
+        context
+      );
+      let stepResult;
+      if ("skill_id" in step && step.skill_id) {
+        const subResult = await this.skillExecutor.execute(
+          step.skill_id,
+          resolvedInputs
+        );
+        if (!subResult.success) {
+          return {
+            success: false,
+            error: `Step ${i} failed: ${subResult.error ?? "unknown error"}`
+          };
+        }
+        stepResult = subResult.result;
+      } else if ("command" in step && step.command) {
+        const interpolatedCommand = safeInterpolateCommand(
+          step.command,
+          context
+        );
+        try {
+          const { stdout } = await execFileAsync("/bin/sh", ["-c", interpolatedCommand], { timeout: 3e4 });
+          stepResult = stdout.trim();
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          return {
+            success: false,
+            error: `Step ${i} failed: ${message}`
+          };
+        }
+      } else {
+        return {
+          success: false,
+          error: `Step ${i} failed: step must have either "skill_id" or "command"`
+        };
+      }
+      context.steps.push({ result: stepResult });
+      context.prev = { result: stepResult };
+      if (onProgress && i < steps.length - 1) {
+        onProgress({
+          step: i + 1,
+          total: steps.length,
+          message: `Completed step ${i + 1}/${steps.length}`
+        });
+      }
+    }
+    const lastStep = context.steps[context.steps.length - 1];
+    return {
+      success: true,
+      result: lastStep !== void 0 ? lastStep.result : null
+    };
+  }
+};
+
+// src/skills/openclaw-bridge.ts
+import { execFileSync } from "child_process";
+var DEFAULT_BASE_URL = "http://localhost:3000";
+var DEFAULT_TIMEOUT_MS = 6e4;
+function buildPayload(config, params) {
+  return {
+    task: config.name,
+    params,
+    source: "agentbnb",
+    skill_id: config.id
+  };
+}
+async function executeWebhook(config, payload) {
+  const baseUrl = process.env["OPENCLAW_BASE_URL"] ?? DEFAULT_BASE_URL;
+  const url = `${baseUrl}/openclaw/${config.agent_name}/task`;
+  const timeoutMs = config.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload),
+      signal: controller.signal
+    });
+    if (!response.ok) {
+      return {
+        success: false,
+        error: `Webhook returned HTTP ${response.status}: ${response.statusText}`
+      };
+    }
+    const result = await response.json();
+    return { success: true, result };
+  } catch (err) {
+    if (err instanceof Error && err.name === "AbortError") {
+      return {
+        success: false,
+        error: `OpenClaw webhook timed out after ${timeoutMs}ms`
+      };
+    }
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+function validateAgentName(name) {
+  return /^[a-zA-Z0-9._-]+$/.test(name);
+}
+function executeProcess(config, payload) {
+  const timeoutMs = config.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+  if (!validateAgentName(config.agent_name)) {
+    return {
+      success: false,
+      error: `Invalid agent name: "${config.agent_name}" (only alphanumeric, hyphens, underscores, dots allowed)`
+    };
+  }
+  const inputJson = JSON.stringify(payload);
+  try {
+    const stdout = execFileSync("openclaw", ["run", config.agent_name, "--input", inputJson], {
+      timeout: timeoutMs
+    });
+    const text = stdout.toString().trim();
+    const result = JSON.parse(text);
+    return { success: true, result };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  }
+}
+async function executeTelegram(config, payload) {
+  const token = process.env["TELEGRAM_BOT_TOKEN"];
+  if (!token) {
+    return {
+      success: false,
+      error: "TELEGRAM_BOT_TOKEN environment variable is not set"
+    };
+  }
+  const chatId = process.env["TELEGRAM_CHAT_ID"];
+  if (!chatId) {
+    return {
+      success: false,
+      error: "TELEGRAM_CHAT_ID environment variable is not set"
+    };
+  }
+  const text = `[AgentBnB] Skill: ${config.name} (${config.id})
+Agent: ${config.agent_name}
+Params: ${JSON.stringify(payload.params ?? {})}`;
+  const url = `https://api.telegram.org/bot${token}/sendMessage`;
+  try {
+    await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ chat_id: chatId, text })
+    });
+    return {
+      success: true,
+      result: { sent: true, channel: "telegram" }
+    };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  }
+}
+var OpenClawBridge = class {
+  /**
+   * Execute a skill with the given config and input parameters.
+   *
+   * @param config - The SkillConfig for this skill (must be type 'openclaw').
+   * @param params - Input parameters passed by the caller.
+   * @returns Partial ExecutionResult without latency_ms.
+   */
+  async execute(config, params) {
+    const ocConfig = config;
+    const payload = buildPayload(ocConfig, params);
+    switch (ocConfig.channel) {
+      case "webhook":
+        return executeWebhook(ocConfig, payload);
+      case "process":
+        return executeProcess(ocConfig, payload);
+      case "telegram":
+        return executeTelegram(ocConfig, payload);
+      default: {
+        const unknownChannel = ocConfig.channel;
+        return {
+          success: false,
+          error: `Unknown OpenClaw channel: "${String(unknownChannel)}"`
+        };
+      }
+    }
+  }
+};
+
+// src/skills/command-executor.ts
+import { execFile as execFile2 } from "child_process";
+function shellEscape2(value) {
+  return "'" + value.replace(/'/g, "'\\''") + "'";
+}
+function safeInterpolateCommand2(template, context) {
+  return template.replace(/\$\{([^}]+)\}/g, (_match, expr) => {
+    const parts = expr.split(".");
+    let current = context;
+    for (const part of parts) {
+      if (current === null || typeof current !== "object") return "";
+      const bracketMatch = part.match(/^(\w+)\[(\d+)\]$/);
+      if (bracketMatch) {
+        current = current[bracketMatch[1]];
+        if (Array.isArray(current)) {
+          current = current[parseInt(bracketMatch[2], 10)];
+        } else {
+          return "";
+        }
+      } else {
+        current = current[part];
+      }
+    }
+    if (current === void 0 || current === null) return "";
+    return shellEscape2(String(current));
+  });
+}
+function execFileAsync2(file, args, options) {
+  return new Promise((resolve2, reject) => {
+    execFile2(file, args, options, (error, stdout, stderr) => {
+      const stdoutStr = typeof stdout === "string" ? stdout : stdout.toString();
+      const stderrStr = typeof stderr === "string" ? stderr : stderr.toString();
+      if (error) {
+        const enriched = Object.assign(error, { stderr: stderrStr });
+        reject(enriched);
+      } else {
+        resolve2({ stdout: stdoutStr, stderr: stderrStr });
+      }
+    });
+  });
+}
+var CommandExecutor = class {
+  /**
+   * Execute a command skill with the provided parameters.
+   *
+   * Steps:
+   * 1. Security check: base command must be in `allowed_commands` if set.
+   * 2. Interpolate `config.command` using `{ params }` context.
+   * 3. Run via `child_process.exec` with timeout and cwd.
+   * 4. Parse stdout based on `output_type`: text | json | file.
+   *
+   * @param config - Validated CommandSkillConfig.
+   * @param params - Input parameters passed by the caller.
+   * @returns Partial ExecutionResult (without latency_ms).
+   */
+  async execute(config, params) {
+    const cmdConfig = config;
+    const baseCommand = cmdConfig.command.trim().split(/\s+/)[0] ?? "";
+    if (cmdConfig.allowed_commands && cmdConfig.allowed_commands.length > 0) {
+      if (!cmdConfig.allowed_commands.includes(baseCommand)) {
+        return {
+          success: false,
+          error: `Command not allowed: "${baseCommand}". Allowed: ${cmdConfig.allowed_commands.join(", ")}`
+        };
+      }
+    }
+    const interpolatedCommand = safeInterpolateCommand2(cmdConfig.command, { params });
+    const timeout = cmdConfig.timeout_ms ?? 3e4;
+    const cwd = cmdConfig.working_dir ?? process.cwd();
+    let stdout;
+    try {
+      const result = await execFileAsync2("/bin/sh", ["-c", interpolatedCommand], {
+        timeout,
+        cwd,
+        maxBuffer: 10 * 1024 * 1024
+        // 10 MB
+      });
+      stdout = result.stdout;
+    } catch (err) {
+      if (err instanceof Error) {
+        const message = err.message;
+        const stderrContent = err.stderr ?? "";
+        if (message.includes("timed out") || message.includes("ETIMEDOUT") || err.code === "ETIMEDOUT") {
+          return {
+            success: false,
+            error: `Command timed out after ${timeout}ms`
+          };
+        }
+        return {
+          success: false,
+          error: stderrContent.trim() || message
+        };
+      }
+      return {
+        success: false,
+        error: String(err)
+      };
+    }
+    const rawOutput = stdout.trim();
+    switch (cmdConfig.output_type) {
+      case "text":
+        return { success: true, result: rawOutput };
+      case "json": {
+        try {
+          const parsed = JSON.parse(rawOutput);
+          return { success: true, result: parsed };
+        } catch {
+          return {
+            success: false,
+            error: `Failed to parse JSON output: ${rawOutput.slice(0, 100)}`
+          };
+        }
+      }
+      case "file":
+        return { success: true, result: { file_path: rawOutput } };
+      default:
+        return {
+          success: false,
+          error: `Unknown output_type: ${String(cmdConfig.output_type)}`
+        };
+    }
+  }
+};
+
+// src/runtime/agent-runtime.ts
+var AgentRuntime = class {
+  /** The registry SQLite database instance */
+  registryDb;
+  /** The credit SQLite database instance */
+  creditDb;
+  /** The agent owner identifier */
+  owner;
+  /** Registered background Cron jobs */
+  jobs = [];
+  /**
+   * The SkillExecutor instance, populated by start() if skillsYamlPath is set.
+   * Undefined if no skills.yaml was provided or the file does not exist.
+   */
+  skillExecutor;
+  draining = false;
+  orphanedEscrowAgeMinutes;
+  skillsYamlPath;
+  conductorEnabled;
+  conductorToken;
+  /**
+   * Creates a new AgentRuntime instance.
+   * Opens both databases with WAL mode, foreign_keys=ON, and busy_timeout=5000.
+   * Schema migrations are applied via openDatabase() and openCreditDb().
+   *
+   * @param options - Runtime configuration options.
+   */
+  constructor(options) {
+    this.owner = options.owner;
+    this.orphanedEscrowAgeMinutes = options.orphanedEscrowAgeMinutes ?? 10;
+    this.skillsYamlPath = options.skillsYamlPath;
+    this.conductorEnabled = options.conductorEnabled ?? false;
+    this.conductorToken = options.conductorToken ?? "";
+    this.registryDb = openDatabase(options.registryDbPath);
+    this.creditDb = openCreditDb(options.creditDbPath);
+    this.registryDb.pragma("busy_timeout = 5000");
+    this.creditDb.pragma("busy_timeout = 5000");
+  }
+  /**
+   * Registers a Cron job to be managed by this runtime.
+   * Registered jobs will be stopped automatically on shutdown().
+   *
+   * @param job - The Cron job instance to register.
+   */
+  registerJob(job) {
+    this.jobs.push(job);
+  }
+  /**
+   * Starts the runtime.
+   * Recovers orphaned escrows (held escrows older than orphanedEscrowAgeMinutes).
+   * If skillsYamlPath is set and the file exists, initializes SkillExecutor with
+   * all four executor modes (api, pipeline, openclaw, command).
+   *
+   * Call this after creating the runtime and before accepting requests.
+   */
+  async start() {
+    await this.recoverOrphanedEscrows();
+    await this.initSkillExecutor();
+  }
+  /**
+   * Initializes SkillExecutor from skills.yaml if skillsYamlPath is configured
+   * and the file exists on disk.
+   *
+   * Uses a mutable Map to handle the PipelineExecutor circular dependency:
+   * 1. Create an empty modes Map and a SkillExecutor (holds Map reference).
+   * 2. Create PipelineExecutor passing the SkillExecutor (for sub-skill dispatch).
+   * 3. Populate the Map with all 4 modes — SkillExecutor sees them via reference.
+   */
+  async initSkillExecutor() {
+    const hasSkillsYaml = this.skillsYamlPath && existsSync(this.skillsYamlPath);
+    if (!hasSkillsYaml && !this.conductorEnabled) {
+      return;
+    }
+    let configs = [];
+    if (hasSkillsYaml) {
+      const yamlContent = readFileSync(this.skillsYamlPath, "utf8");
+      configs = parseSkillsFile(yamlContent);
+    }
+    const modes = /* @__PURE__ */ new Map();
+    if (this.conductorEnabled) {
+      const { ConductorMode } = await import("./conductor-mode-OL2FNOYY.js");
+      const { registerConductorCard, CONDUCTOR_OWNER } = await import("./card-RSGDCHCV.js");
+      const { loadPeers } = await import("./peers-K7FSHPN3.js");
+      registerConductorCard(this.registryDb);
+      const resolveAgentUrl = (owner) => {
+        const peers = loadPeers();
+        const peer = peers.find((p) => p.name.toLowerCase() === owner.toLowerCase());
+        if (!peer) {
+          throw new Error(
+            `No peer found for agent owner "${owner}". Add with: agentbnb connect ${owner} <url> <token>`
+          );
+        }
+        const stmt = this.registryDb.prepare(
+          "SELECT id FROM capability_cards WHERE owner = ? LIMIT 1"
+        );
+        const row = stmt.get(owner);
+        const cardId = row?.id ?? owner;
+        return { url: peer.url, cardId };
+      };
+      const conductorMode = new ConductorMode({
+        db: this.registryDb,
+        creditDb: this.creditDb,
+        conductorOwner: CONDUCTOR_OWNER,
+        gatewayToken: this.conductorToken,
+        resolveAgentUrl,
+        maxBudget: 100
+      });
+      modes.set("conductor", conductorMode);
+      configs.push(
+        {
+          id: "orchestrate",
+          type: "conductor",
+          name: "Orchestrate",
+          conductor_skill: "orchestrate",
+          pricing: { credits_per_call: 5 }
+        },
+        {
+          id: "plan",
+          type: "conductor",
+          name: "Plan",
+          conductor_skill: "plan",
+          pricing: { credits_per_call: 1 }
+        }
+      );
+    }
+    const executor = createSkillExecutor(configs, modes);
+    if (hasSkillsYaml) {
+      const pipelineExecutor = new PipelineExecutor(executor);
+      modes.set("api", new ApiExecutor());
+      modes.set("pipeline", pipelineExecutor);
+      modes.set("openclaw", new OpenClawBridge());
+      modes.set("command", new CommandExecutor());
+    }
+    this.skillExecutor = executor;
+  }
+  /**
+   * Recovers orphaned escrows by releasing them.
+   * Orphaned escrows are 'held' escrows older than the configured age threshold.
+   * Errors during individual release are swallowed (escrow may have settled between query and release).
+   */
+  async recoverOrphanedEscrows() {
+    const cutoff = new Date(
+      Date.now() - this.orphanedEscrowAgeMinutes * 60 * 1e3
+    ).toISOString();
+    const orphaned = this.creditDb.prepare(
+      "SELECT id FROM credit_escrow WHERE status = 'held' AND created_at < ?"
+    ).all(cutoff);
+    for (const row of orphaned) {
+      try {
+        releaseEscrow(this.creditDb, row.id);
+      } catch {
+      }
+    }
+  }
+  /**
+   * Shuts down the runtime gracefully.
+   * Sets draining flag, stops all registered Cron jobs, and closes both databases.
+   * Idempotent — safe to call multiple times.
+   */
+  async shutdown() {
+    if (this.draining) {
+      return;
+    }
+    this.draining = true;
+    for (const job of this.jobs) {
+      job.stop();
+    }
+    try {
+      this.registryDb.close();
+    } catch {
+    }
+    try {
+      this.creditDb.close();
+    } catch {
+    }
+  }
+  /**
+   * Returns true if the runtime is shutting down or has shut down.
+   * Background handlers should check this before processing new requests.
+   */
+  get isDraining() {
+    return this.draining;
+  }
+};
+
+// src/gateway/server.ts
+import Fastify from "fastify";
+var VERSION = "0.0.1";
+function createGatewayServer(opts) {
+  const {
+    registryDb,
+    creditDb,
+    tokens,
+    handlerUrl,
+    timeoutMs = 3e5,
+    silent = false,
+    skillExecutor
+  } = opts;
+  const fastify = Fastify({ logger: !silent });
+  const tokenSet = new Set(tokens);
+  fastify.addHook("onRequest", async (request) => {
+    if (request.method === "GET" && request.url === "/health") return;
+    const auth = request.headers.authorization;
+    if (auth && auth.startsWith("Bearer ")) {
+      const token = auth.slice("Bearer ".length).trim();
+      if (tokenSet.has(token)) {
+        request._authenticated = true;
+      }
+    }
+  });
+  fastify.addHook("preHandler", async (request, reply) => {
+    if (request._authenticated) return;
+    if (request.method === "GET" && request.url === "/health") return;
+    const agentId = request.headers["x-agent-id"];
+    const publicKeyHex = request.headers["x-agent-public-key"];
+    const signature = request.headers["x-agent-signature"];
+    if (agentId && publicKeyHex && signature) {
+      try {
+        const publicKeyBuf = Buffer.from(publicKeyHex, "hex");
+        const body = request.body;
+        if (body && typeof body === "object") {
+          const valid = verifyEscrowReceipt(body, signature, publicKeyBuf);
+          if (valid) return;
+        }
+      } catch {
+      }
+    }
+    await reply.status(401).send({
+      jsonrpc: "2.0",
+      id: null,
+      error: { code: -32e3, message: "Unauthorized: provide Bearer token or X-Agent-Id/Signature headers" }
+    });
+  });
+  fastify.get("/health", async () => {
+    return { status: "ok", version: VERSION, uptime: process.uptime() };
+  });
+  fastify.post("/rpc", async (request, reply) => {
+    const body = request.body;
+    if (body.jsonrpc !== "2.0" || !body.method) {
+      return reply.status(400).send({
+        jsonrpc: "2.0",
+        id: body.id ?? null,
+        error: { code: -32600, message: "Invalid Request" }
+      });
+    }
+    const id = body.id ?? null;
+    if (body.method !== "capability.execute") {
+      return reply.send({
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32601, message: "Method not found" }
+      });
+    }
+    const params = body.params ?? {};
+    const cardId = params.card_id;
+    const skillId = params.skill_id;
+    if (!cardId) {
+      return reply.send({
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32602, message: "Invalid params: card_id required" }
+      });
+    }
+    const requester = params.requester ?? "unknown";
+    const receipt = params.escrow_receipt;
+    const result = await executeCapabilityRequest({
+      registryDb,
+      creditDb,
+      cardId,
+      skillId,
+      params,
+      requester,
+      escrowReceipt: receipt,
+      skillExecutor,
+      handlerUrl,
+      timeoutMs
+    });
+    if (result.success) {
+      return reply.send({ jsonrpc: "2.0", id, result: result.result });
+    } else {
+      return reply.send({ jsonrpc: "2.0", id, error: result.error });
+    }
+  });
+  return fastify;
+}
+
+// src/registry/server.ts
+import Fastify2 from "fastify";
+import cors from "@fastify/cors";
+import swagger from "@fastify/swagger";
+import swaggerUi from "@fastify/swagger-ui";
+import fastifyStatic from "@fastify/static";
+import fastifyWebsocket from "@fastify/websocket";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+import { existsSync as existsSync2 } from "fs";
+import { z as z5 } from "zod";
+
+// src/relay/websocket-relay.ts
+import { randomUUID as randomUUID3 } from "crypto";
+
+// src/relay/relay-credit.ts
+function lookupCardPrice(registryDb, cardId, skillId) {
+  const row = registryDb.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
+  if (!row) return null;
+  let card;
+  try {
+    card = JSON.parse(row.data);
+  } catch {
+    return null;
+  }
+  if (Array.isArray(card.skills) && card.skills.length > 0) {
+    const skills = card.skills;
+    if (skillId) {
+      const skill = skills.find((s) => s.id === skillId);
+      if (skill) {
+        const skillPricing = skill.pricing;
+        if (skillPricing && typeof skillPricing.credits_per_call === "number") {
+          return skillPricing.credits_per_call;
+        }
+      }
+    } else {
+      let minPrice = null;
+      for (const s of skills) {
+        const sp = s.pricing;
+        if (sp && typeof sp.credits_per_call === "number" && sp.credits_per_call > 0) {
+          if (minPrice === null || sp.credits_per_call < minPrice) {
+            minPrice = sp.credits_per_call;
+          }
+        }
+      }
+      if (minPrice !== null) return minPrice;
+    }
+  }
+  const pricing = card.pricing;
+  if (!pricing || typeof pricing.credits_per_call !== "number") {
+    return null;
+  }
+  return pricing.credits_per_call;
+}
+function holdForRelay(creditDb, owner, amount, cardId) {
+  return holdEscrow(creditDb, owner, amount, cardId);
+}
+function settleForRelay(creditDb, escrowId, recipientOwner) {
+  settleEscrow(creditDb, escrowId, recipientOwner);
+}
+function calculateConductorFee(totalSubTaskCost) {
+  if (totalSubTaskCost <= 0) return 0;
+  const fee = Math.ceil(totalSubTaskCost * 0.1);
+  return Math.max(1, Math.min(20, fee));
+}
+function releaseForRelay(creditDb, escrowId) {
+  if (escrowId === void 0) return;
+  releaseEscrow(creditDb, escrowId);
+}
+
+// src/hub-agent/relay-bridge.ts
+import { randomUUID as randomUUID2 } from "crypto";
+
+// src/hub-agent/job-queue.ts
+import { randomUUID } from "crypto";
+function initJobQueue(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS hub_agent_jobs (
+      id TEXT PRIMARY KEY,
+      hub_agent_id TEXT NOT NULL,
+      skill_id TEXT NOT NULL,
+      requester_owner TEXT NOT NULL,
+      params TEXT,
+      status TEXT NOT NULL DEFAULT 'queued',
+      result TEXT,
+      escrow_id TEXT,
+      relay_owner TEXT,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    )
+  `);
+}
+function insertJob(db, input) {
+  const id = randomUUID();
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const paramsJson = JSON.stringify(input.params);
+  db.prepare(`
+    INSERT INTO hub_agent_jobs (id, hub_agent_id, skill_id, requester_owner, params, status, escrow_id, relay_owner, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, 'queued', ?, ?, ?, ?)
+  `).run(
+    id,
+    input.hub_agent_id,
+    input.skill_id,
+    input.requester_owner,
+    paramsJson,
+    input.escrow_id ?? null,
+    input.relay_owner ?? null,
+    now,
+    now
+  );
+  return {
+    id,
+    hub_agent_id: input.hub_agent_id,
+    skill_id: input.skill_id,
+    requester_owner: input.requester_owner,
+    params: paramsJson,
+    status: "queued",
+    result: null,
+    escrow_id: input.escrow_id ?? null,
+    relay_owner: input.relay_owner ?? null,
+    created_at: now,
+    updated_at: now
+  };
+}
+function getJob(db, jobId) {
+  const row = db.prepare("SELECT * FROM hub_agent_jobs WHERE id = ?").get(jobId);
+  return row ?? null;
+}
+function listJobs(db, hubAgentId, status) {
+  if (status) {
+    return db.prepare(
+      "SELECT * FROM hub_agent_jobs WHERE hub_agent_id = ? AND status = ? ORDER BY created_at DESC"
+    ).all(hubAgentId, status);
+  }
+  return db.prepare(
+    "SELECT * FROM hub_agent_jobs WHERE hub_agent_id = ? ORDER BY created_at DESC"
+  ).all(hubAgentId);
+}
+function updateJobStatus(db, jobId, status, result) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  if (result !== void 0) {
+    db.prepare("UPDATE hub_agent_jobs SET status = ?, result = ?, updated_at = ? WHERE id = ?").run(status, result, now, jobId);
+  } else {
+    db.prepare("UPDATE hub_agent_jobs SET status = ?, updated_at = ? WHERE id = ?").run(status, now, jobId);
+  }
+}
+function getJobsByRelayOwner(db, relayOwner) {
+  return db.prepare(
+    "SELECT * FROM hub_agent_jobs WHERE relay_owner = ? AND status = ? ORDER BY created_at ASC"
+  ).all(relayOwner, "queued");
+}
+
+// src/hub-agent/crypto.ts
+import { createCipheriv, createDecipheriv, randomBytes } from "crypto";
+function getMasterKey() {
+  const hex = process.env.HUB_MASTER_KEY;
+  if (!hex || hex.length !== 64) {
+    throw new AgentBnBError(
+      "HUB_MASTER_KEY must be a 64-character hex string (32 bytes)",
+      "MISSING_MASTER_KEY"
+    );
+  }
+  return Buffer.from(hex, "hex");
+}
+function encrypt(plaintext, masterKey) {
+  const iv = randomBytes(12);
+  const cipher = createCipheriv("aes-256-gcm", masterKey, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return `${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted.toString("hex")}`;
+}
+function decrypt(encrypted, masterKey) {
+  const [ivHex, authTagHex, ciphertextHex] = encrypted.split(":");
+  const iv = Buffer.from(ivHex, "hex");
+  const authTag = Buffer.from(authTagHex, "hex");
+  const ciphertext = Buffer.from(ciphertextHex, "hex");
+  const decipher = createDecipheriv("aes-256-gcm", masterKey, iv);
+  decipher.setAuthTag(authTag);
+  const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+  return decrypted.toString("utf8");
+}
+
+// src/hub-agent/store.ts
+function initHubAgentTable(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS hub_agents (
+      agent_id TEXT PRIMARY KEY,
+      name TEXT NOT NULL,
+      owner_public_key TEXT NOT NULL,
+      public_key TEXT NOT NULL,
+      private_key_enc TEXT NOT NULL,
+      secrets_enc TEXT,
+      skill_routes TEXT NOT NULL DEFAULT '[]',
+      status TEXT NOT NULL DEFAULT 'active',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    )
+  `);
+}
+function createHubAgent(db, req, ownerPublicKey) {
+  const masterKey = getMasterKey();
+  const keys = generateKeyPair();
+  const publicKeyHex = keys.publicKey.toString("hex");
+  const agentId = deriveAgentId(publicKeyHex);
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const privateKeyEnc = encrypt(keys.privateKey.toString("hex"), masterKey);
+  const secretsEnc = req.secrets ? encrypt(JSON.stringify(req.secrets), masterKey) : null;
+  db.prepare(`
+    INSERT INTO hub_agents (agent_id, name, owner_public_key, public_key, private_key_enc, secrets_enc, skill_routes, status, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, 'active', ?, ?)
+  `).run(
+    agentId,
+    req.name,
+    ownerPublicKey,
+    publicKeyHex,
+    privateKeyEnc,
+    secretsEnc,
+    JSON.stringify(req.skill_routes),
+    now,
+    now
+  );
+  return {
+    agent_id: agentId,
+    name: req.name,
+    owner_public_key: ownerPublicKey,
+    public_key: publicKeyHex,
+    skill_routes: req.skill_routes,
+    status: "active",
+    created_at: now,
+    updated_at: now
+  };
+}
+function getHubAgent(db, agentId) {
+  const row = db.prepare("SELECT * FROM hub_agents WHERE agent_id = ?").get(agentId);
+  if (!row) return null;
+  const masterKey = getMasterKey();
+  const secrets = row.secrets_enc ? JSON.parse(decrypt(row.secrets_enc, masterKey)) : void 0;
+  return {
+    agent_id: row.agent_id,
+    name: row.name,
+    owner_public_key: row.owner_public_key,
+    public_key: row.public_key,
+    skill_routes: JSON.parse(row.skill_routes),
+    status: row.status,
+    created_at: row.created_at,
+    updated_at: row.updated_at,
+    ...secrets ? { secrets } : {}
+  };
+}
+function listHubAgents(db) {
+  const rows = db.prepare("SELECT agent_id, name, owner_public_key, public_key, skill_routes, status, created_at, updated_at FROM hub_agents ORDER BY created_at DESC").all();
+  return rows.map((row) => ({
+    agent_id: row.agent_id,
+    name: row.name,
+    owner_public_key: row.owner_public_key,
+    public_key: row.public_key,
+    skill_routes: JSON.parse(row.skill_routes),
+    status: row.status,
+    created_at: row.created_at,
+    updated_at: row.updated_at
+  }));
+}
+function updateHubAgent(db, agentId, updates) {
+  const existing = db.prepare("SELECT * FROM hub_agents WHERE agent_id = ?").get(agentId);
+  if (!existing) return null;
+  const masterKey = getMasterKey();
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const newName = updates.name ?? existing.name;
+  const newSkillRoutes = updates.skill_routes ? JSON.stringify(updates.skill_routes) : existing.skill_routes;
+  const newSecretsEnc = updates.secrets !== void 0 ? encrypt(JSON.stringify(updates.secrets), masterKey) : existing.secrets_enc;
+  db.prepare(`
+    UPDATE hub_agents SET name = ?, skill_routes = ?, secrets_enc = ?, updated_at = ?
+    WHERE agent_id = ?
+  `).run(newName, newSkillRoutes, newSecretsEnc, now, agentId);
+  const secrets = newSecretsEnc ? JSON.parse(decrypt(newSecretsEnc, masterKey)) : void 0;
+  return {
+    agent_id: existing.agent_id,
+    name: newName,
+    owner_public_key: existing.owner_public_key,
+    public_key: existing.public_key,
+    skill_routes: JSON.parse(newSkillRoutes),
+    status: existing.status,
+    created_at: existing.created_at,
+    updated_at: now,
+    ...secrets ? { secrets } : {}
+  };
+}
+function deleteHubAgent(db, agentId) {
+  const result = db.prepare("DELETE FROM hub_agents WHERE agent_id = ?").run(agentId);
+  return result.changes > 0;
+}
+
+// src/hub-agent/relay-bridge.ts
+var JOB_DISPATCH_TIMEOUT_MS = 3e5;
+function createRelayBridge(opts) {
+  const { registryDb, creditDb, sendMessage, pendingRequests, connections } = opts;
+  function onAgentOnline(owner) {
+    const jobs = getJobsByRelayOwner(registryDb, owner);
+    if (jobs.length === 0) return;
+    const targetWs = connections.get(owner);
+    if (!targetWs) return;
+    for (const job of jobs) {
+      updateJobStatus(registryDb, job.id, "dispatched");
+      const agent = getHubAgent(registryDb, job.hub_agent_id);
+      const cardId = agent ? agent.agent_id.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5") : job.hub_agent_id;
+      const requestId = randomUUID2();
+      let params = {};
+      try {
+        params = JSON.parse(job.params);
+      } catch {
+      }
+      const timeout = setTimeout(() => {
+        const pending = pendingRequests.get(requestId);
+        if (pending) {
+          pendingRequests.delete(requestId);
+          updateJobStatus(registryDb, job.id, "failed", JSON.stringify({ error: "dispatch timeout" }));
+          if (job.escrow_id) {
+            try {
+              releaseForRelay(creditDb, job.escrow_id);
+            } catch (e) {
+              console.error("[relay-bridge] escrow release on timeout failed:", e);
+            }
+          }
+        }
+      }, JOB_DISPATCH_TIMEOUT_MS);
+      pendingRequests.set(requestId, {
+        originOwner: job.requester_owner,
+        timeout,
+        escrowId: job.escrow_id ?? void 0,
+        targetOwner: owner,
+        jobId: job.id
+      });
+      sendMessage(targetWs, {
+        type: "incoming_request",
+        id: requestId,
+        from_owner: job.requester_owner,
+        card_id: cardId,
+        skill_id: job.skill_id,
+        params
+      });
+    }
+  }
+  return { onAgentOnline };
+}
+function handleJobRelayResponse(opts) {
+  const { registryDb, creditDb, jobId, escrowId, relayOwner, result, error } = opts;
+  if (error) {
+    updateJobStatus(registryDb, jobId, "failed", JSON.stringify(error));
+    if (escrowId) {
+      try {
+        releaseForRelay(creditDb, escrowId);
+      } catch (e) {
+        console.error("[relay-bridge] escrow release on error failed:", e);
+      }
+    }
+  } else {
+    updateJobStatus(registryDb, jobId, "completed", JSON.stringify(result));
+    if (escrowId) {
+      try {
+        settleForRelay(creditDb, escrowId, relayOwner);
+      } catch (e) {
+        console.error("[relay-bridge] escrow settle failed:", e);
+      }
+    }
+  }
+}
+
+// src/relay/websocket-relay.ts
+var RATE_LIMIT_MAX = 60;
+var RATE_LIMIT_WINDOW_MS = 6e4;
+var RELAY_TIMEOUT_MS = 3e5;
+function registerWebSocketRelay(server, db, creditDb) {
+  const connections = /* @__PURE__ */ new Map();
+  const pendingRequests = /* @__PURE__ */ new Map();
+  const rateLimits = /* @__PURE__ */ new Map();
+  let onAgentOnlineCallback;
+  function checkRateLimit(owner) {
+    const now = Date.now();
+    const entry = rateLimits.get(owner);
+    if (!entry || now >= entry.resetTime) {
+      rateLimits.set(owner, { count: 1, resetTime: now + RATE_LIMIT_WINDOW_MS });
+      return true;
+    }
+    if (entry.count >= RATE_LIMIT_MAX) {
+      return false;
+    }
+    entry.count++;
+    return true;
+  }
+  function markOwnerOffline(owner) {
+    try {
+      const stmt = db.prepare("SELECT id, data FROM capability_cards WHERE owner = ?");
+      const rows = stmt.all(owner);
+      for (const row of rows) {
+        try {
+          const card = JSON.parse(row.data);
+          if (card.availability?.online) {
+            card.availability.online = false;
+            card.updated_at = (/* @__PURE__ */ new Date()).toISOString();
+            const updateStmt = db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?");
+            updateStmt.run(JSON.stringify(card), card.updated_at, row.id);
+          }
+        } catch {
+        }
+      }
+    } catch {
+    }
+  }
+  function markOwnerOnline(owner) {
+    try {
+      const stmt = db.prepare("SELECT id, data FROM capability_cards WHERE owner = ?");
+      const rows = stmt.all(owner);
+      for (const row of rows) {
+        try {
+          const card = JSON.parse(row.data);
+          card.availability = { ...card.availability, online: true };
+          card.updated_at = (/* @__PURE__ */ new Date()).toISOString();
+          const updateStmt = db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?");
+          updateStmt.run(JSON.stringify(card), card.updated_at, row.id);
+        } catch {
+        }
+      }
+    } catch {
+    }
+  }
+  function upsertCard(cardData, owner) {
+    const parsed = AnyCardSchema.safeParse(cardData);
+    if (!parsed.success) {
+      throw new AgentBnBError(
+        `Card validation failed: ${parsed.error.message}`,
+        "VALIDATION_ERROR"
+      );
+    }
+    const card = { ...parsed.data, availability: { ...parsed.data.availability, online: true } };
+    const cardId = card.id;
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const existing = db.prepare("SELECT id FROM capability_cards WHERE id = ?").get(cardId);
+    if (existing) {
+      db.prepare(
+        "UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?"
+      ).run(JSON.stringify(card), now, cardId);
+    } else {
+      db.prepare(
+        "INSERT INTO capability_cards (id, owner, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?)"
+      ).run(cardId, owner, JSON.stringify(card), now, now);
+    }
+    return cardId;
+  }
+  function logAgentJoined(owner, cardName, cardId) {
+    try {
+      insertRequestLog(db, {
+        id: randomUUID3(),
+        card_id: cardId,
+        card_name: cardName,
+        requester: owner,
+        status: "success",
+        latency_ms: 0,
+        credits_charged: 0,
+        created_at: (/* @__PURE__ */ new Date()).toISOString(),
+        action_type: "agent_joined"
+      });
+    } catch {
+    }
+  }
+  function sendMessage(ws, msg) {
+    if (ws.readyState === 1) {
+      ws.send(JSON.stringify(msg));
+    }
+  }
+  function handleRegister(ws, msg) {
+    const { owner, card } = msg;
+    const existing = connections.get(owner);
+    if (existing && existing !== ws) {
+      try {
+        existing.close(1e3, "Replaced by new connection");
+      } catch {
+      }
+    }
+    connections.set(owner, ws);
+    let cardId;
+    try {
+      cardId = upsertCard(card, owner);
+    } catch (err) {
+      console.error(`[relay] card validation failed for ${owner}:`, err instanceof Error ? err.message : err);
+      cardId = card.id ?? owner;
+    }
+    const cardName = card.name ?? card.agent_name ?? owner;
+    logAgentJoined(owner, cardName, cardId);
+    if (msg.cards && msg.cards.length > 0) {
+      for (const extraCard of msg.cards) {
+        try {
+          upsertCard(extraCard, owner);
+        } catch {
+        }
+      }
+    }
+    markOwnerOnline(owner);
+    if (onAgentOnlineCallback) {
+      try {
+        onAgentOnlineCallback(owner);
+      } catch (e) {
+        console.error("[relay] onAgentOnline callback error:", e);
+      }
+    }
+    sendMessage(ws, { type: "registered", agent_id: cardId });
+  }
+  async function handleRelayRequest(ws, msg, fromOwner) {
+    if (!checkRateLimit(fromOwner)) {
+      sendMessage(ws, {
+        type: "error",
+        code: "rate_limited",
+        message: `Rate limit exceeded: max ${RATE_LIMIT_MAX} requests per minute`,
+        request_id: msg.id
+      });
+      return;
+    }
+    const targetWs = connections.get(msg.target_owner);
+    if (!targetWs || targetWs.readyState !== 1) {
+      sendMessage(ws, {
+        type: "response",
+        id: msg.id,
+        error: { code: -32603, message: `Agent offline: ${msg.target_owner}` }
+      });
+      return;
+    }
+    const creditOwner = msg.requester ?? fromOwner;
+    let escrowId;
+    if (creditDb) {
+      try {
+        const price = lookupCardPrice(db, msg.card_id, msg.skill_id);
+        if (price !== null && price > 0) {
+          escrowId = holdForRelay(creditDb, creditOwner, price, msg.card_id);
+        }
+      } catch (err) {
+        if (err instanceof AgentBnBError && err.code === "INSUFFICIENT_CREDITS") {
+          sendMessage(ws, {
+            type: "response",
+            id: msg.id,
+            error: { code: -32603, message: "Insufficient credits" }
+          });
+          return;
+        }
+        console.error("[relay] credit hold error (non-fatal):", err);
+      }
+    }
+    const timeout = setTimeout(() => {
+      const pending = pendingRequests.get(msg.id);
+      pendingRequests.delete(msg.id);
+      if (pending?.escrowId && creditDb) {
+        try {
+          releaseForRelay(creditDb, pending.escrowId);
+        } catch (e) {
+          console.error("[relay] escrow release on timeout failed:", e);
+        }
+      }
+      sendMessage(ws, {
+        type: "response",
+        id: msg.id,
+        error: { code: -32603, message: "Relay request timeout" }
+      });
+    }, RELAY_TIMEOUT_MS);
+    pendingRequests.set(msg.id, { originOwner: fromOwner, creditOwner, timeout, escrowId, targetOwner: msg.target_owner });
+    sendMessage(targetWs, {
+      type: "incoming_request",
+      id: msg.id,
+      from_owner: fromOwner,
+      card_id: msg.card_id,
+      skill_id: msg.skill_id,
+      params: msg.params,
+      requester: msg.requester ?? fromOwner,
+      escrow_receipt: msg.escrow_receipt
+    });
+  }
+  function handleRelayProgress(msg) {
+    const pending = pendingRequests.get(msg.id);
+    if (!pending) return;
+    clearTimeout(pending.timeout);
+    const newTimeout = setTimeout(() => {
+      const p = pendingRequests.get(msg.id);
+      pendingRequests.delete(msg.id);
+      if (p?.escrowId && creditDb) {
+        try {
+          releaseForRelay(creditDb, p.escrowId);
+        } catch (e) {
+          console.error("[relay] escrow release on progress timeout failed:", e);
+        }
+      }
+      const originWs2 = connections.get(pending.originOwner);
+      if (originWs2 && originWs2.readyState === 1) {
+        sendMessage(originWs2, {
+          type: "response",
+          id: msg.id,
+          error: { code: -32603, message: "Relay request timeout" }
+        });
+      }
+    }, RELAY_TIMEOUT_MS);
+    pending.timeout = newTimeout;
+    const originWs = connections.get(pending.originOwner);
+    if (originWs && originWs.readyState === 1) {
+      sendMessage(originWs, {
+        type: "relay_progress",
+        id: msg.id,
+        progress: msg.progress,
+        message: msg.message
+      });
+    }
+  }
+  function handleRelayResponse(msg) {
+    const pending = pendingRequests.get(msg.id);
+    if (!pending) return;
+    clearTimeout(pending.timeout);
+    pendingRequests.delete(msg.id);
+    if (pending.jobId && creditDb) {
+      try {
+        handleJobRelayResponse({
+          registryDb: db,
+          creditDb,
+          jobId: pending.jobId,
+          escrowId: pending.escrowId,
+          relayOwner: pending.targetOwner ?? "",
+          result: msg.error === void 0 ? msg.result : void 0,
+          error: msg.error
+        });
+      } catch (e) {
+        console.error("[relay] job relay response handling failed:", e);
+      }
+      const originWs2 = connections.get(pending.originOwner);
+      if (originWs2 && originWs2.readyState === 1) {
+        sendMessage(originWs2, { type: "response", id: msg.id, result: msg.result, error: msg.error });
+      }
+      return;
+    }
+    if (pending.escrowId && creditDb) {
+      try {
+        if (msg.error === void 0) {
+          settleForRelay(creditDb, pending.escrowId, pending.targetOwner);
+        } else {
+          releaseForRelay(creditDb, pending.escrowId);
+        }
+      } catch (e) {
+        console.error("[relay] escrow settle/release on response failed:", e);
+      }
+    }
+    let conductorFee = 0;
+    if (creditDb && msg.error === void 0 && typeof msg.result === "object" && msg.result !== null && "total_credits" in msg.result && typeof msg.result.total_credits === "number") {
+      const totalCredits = msg.result.total_credits;
+      conductorFee = calculateConductorFee(totalCredits);
+      if (conductorFee > 0) {
+        try {
+          const feeEscrowId = holdForRelay(creditDb, pending.creditOwner ?? pending.originOwner, conductorFee, msg.id);
+          settleForRelay(creditDb, feeEscrowId, pending.targetOwner);
+        } catch (e) {
+          console.error("[relay] conductor fee settlement failed (non-fatal):", e);
+          conductorFee = 0;
+        }
+      }
+    }
+    const originWs = connections.get(pending.originOwner);
+    if (originWs && originWs.readyState === 1) {
+      sendMessage(originWs, {
+        type: "response",
+        id: msg.id,
+        result: msg.result,
+        error: msg.error,
+        ...conductorFee > 0 ? { conductor_fee: conductorFee } : {}
+      });
+    }
+  }
+  function handleDisconnect(owner) {
+    if (!owner) return;
+    connections.delete(owner);
+    rateLimits.delete(owner);
+    markOwnerOffline(owner);
+    for (const [reqId, pending] of pendingRequests) {
+      if (pending.targetOwner === owner) {
+        clearTimeout(pending.timeout);
+        pendingRequests.delete(reqId);
+        if (pending.escrowId && creditDb) {
+          try {
+            releaseForRelay(creditDb, pending.escrowId);
+          } catch (e) {
+            console.error("[relay] escrow release on disconnect failed:", e);
+          }
+        }
+        const originWs = connections.get(pending.originOwner);
+        if (originWs && originWs.readyState === 1) {
+          sendMessage(originWs, {
+            type: "response",
+            id: reqId,
+            error: { code: -32603, message: "Provider disconnected" }
+          });
+        }
+      } else if (pending.originOwner === owner) {
+        clearTimeout(pending.timeout);
+        pendingRequests.delete(reqId);
+        if (pending.escrowId && creditDb) {
+          try {
+            releaseForRelay(creditDb, pending.escrowId);
+          } catch (e) {
+            console.error("[relay] escrow release on requester disconnect failed:", e);
+          }
+        }
+      }
+    }
+  }
+  void server.register(async (app) => {
+    app.get("/ws", { websocket: true }, (rawSocket, _request) => {
+      const socket = rawSocket;
+      let registeredOwner;
+      socket.on("message", (raw) => {
+        void (async () => {
+          let data;
+          try {
+            data = JSON.parse(typeof raw === "string" ? raw : raw.toString("utf-8"));
+          } catch {
+            sendMessage(socket, { type: "error", code: "invalid_json", message: "Invalid JSON" });
+            return;
+          }
+          const parsed = RelayMessageSchema.safeParse(data);
+          if (!parsed.success) {
+            sendMessage(socket, {
+              type: "error",
+              code: "invalid_message",
+              message: `Invalid message: ${parsed.error.issues[0]?.message ?? "unknown error"}`
+            });
+            return;
+          }
+          const msg = parsed.data;
+          switch (msg.type) {
+            case "register":
+              registeredOwner = msg.owner;
+              handleRegister(socket, msg);
+              break;
+            case "relay_request":
+              if (!registeredOwner) {
+                sendMessage(socket, {
+                  type: "error",
+                  code: "not_registered",
+                  message: "Must send register message before relay requests"
+                });
+                return;
+              }
+              await handleRelayRequest(socket, msg, registeredOwner);
+              break;
+            case "relay_response":
+              handleRelayResponse(msg);
+              break;
+            case "relay_progress":
+              handleRelayProgress(msg);
+              break;
+            default:
+              break;
+          }
+        })();
+      });
+      socket.on("close", () => {
+        handleDisconnect(registeredOwner);
+      });
+      socket.on("error", () => {
+        handleDisconnect(registeredOwner);
+      });
+    });
+  });
+  return {
+    getOnlineCount: () => connections.size,
+    getOnlineOwners: () => Array.from(connections.keys()),
+    shutdown: () => {
+      for (const [, ws] of connections) {
+        try {
+          ws.close(1001, "Server shutting down");
+        } catch {
+        }
+      }
+      connections.clear();
+      for (const [, pending] of pendingRequests) {
+        clearTimeout(pending.timeout);
+      }
+      pendingRequests.clear();
+      rateLimits.clear();
+    },
+    setOnAgentOnline: (cb) => {
+      onAgentOnlineCallback = cb;
+    },
+    getConnections: () => connections,
+    getPendingRequests: () => pendingRequests,
+    sendMessage: (ws, msg) => {
+      sendMessage(ws, msg);
+    }
+  };
+}
+
+// src/identity/guarantor.ts
+import { z as z2 } from "zod";
+import { randomUUID as randomUUID4 } from "crypto";
+var MAX_AGENTS_PER_GUARANTOR = 10;
+var GUARANTOR_CREDIT_POOL = 50;
+var GuarantorRecordSchema = z2.object({
+  id: z2.string().uuid(),
+  github_login: z2.string().min(1),
+  agent_count: z2.number().int().nonnegative(),
+  credit_pool: z2.number().int().nonnegative(),
+  created_at: z2.string().datetime()
+});
+var GUARANTOR_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS guarantors (
+    id TEXT PRIMARY KEY,
+    github_login TEXT UNIQUE NOT NULL,
+    agent_count INTEGER NOT NULL DEFAULT 0,
+    credit_pool INTEGER NOT NULL DEFAULT ${GUARANTOR_CREDIT_POOL},
+    created_at TEXT NOT NULL
+  );
+
+  CREATE TABLE IF NOT EXISTS agent_guarantors (
+    agent_id TEXT PRIMARY KEY,
+    guarantor_id TEXT NOT NULL,
+    linked_at TEXT NOT NULL,
+    FOREIGN KEY (guarantor_id) REFERENCES guarantors(id)
+  );
+`;
+function ensureGuarantorTables(db) {
+  db.exec(GUARANTOR_SCHEMA);
+}
+function registerGuarantor(db, githubLogin) {
+  ensureGuarantorTables(db);
+  const existing = db.prepare("SELECT * FROM guarantors WHERE github_login = ?").get(githubLogin);
+  if (existing) {
+    throw new AgentBnBError(
+      `Guarantor already registered: ${githubLogin}`,
+      "GUARANTOR_EXISTS"
+    );
+  }
+  const record = {
+    id: randomUUID4(),
+    github_login: githubLogin,
+    agent_count: 0,
+    credit_pool: GUARANTOR_CREDIT_POOL,
+    created_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  db.prepare(
+    "INSERT INTO guarantors (id, github_login, agent_count, credit_pool, created_at) VALUES (?, ?, ?, ?, ?)"
+  ).run(record.id, record.github_login, record.agent_count, record.credit_pool, record.created_at);
+  return record;
+}
+function linkAgentToGuarantor(db, agentId, githubLogin) {
+  ensureGuarantorTables(db);
+  const guarantor = db.prepare("SELECT * FROM guarantors WHERE github_login = ?").get(githubLogin);
+  if (!guarantor) {
+    throw new AgentBnBError(
+      `Guarantor not found: ${githubLogin}`,
+      "GUARANTOR_NOT_FOUND"
+    );
+  }
+  if (guarantor["agent_count"] >= MAX_AGENTS_PER_GUARANTOR) {
+    throw new AgentBnBError(
+      `Maximum agents per guarantor reached (${MAX_AGENTS_PER_GUARANTOR})`,
+      "MAX_AGENTS_EXCEEDED"
+    );
+  }
+  const existingLink = db.prepare("SELECT * FROM agent_guarantors WHERE agent_id = ?").get(agentId);
+  if (existingLink) {
+    throw new AgentBnBError(
+      `Agent ${agentId} is already linked to a guarantor`,
+      "AGENT_ALREADY_LINKED"
+    );
+  }
+  db.transaction(() => {
+    db.prepare("INSERT INTO agent_guarantors (agent_id, guarantor_id, linked_at) VALUES (?, ?, ?)").run(
+      agentId,
+      guarantor["id"],
+      (/* @__PURE__ */ new Date()).toISOString()
+    );
+    db.prepare("UPDATE guarantors SET agent_count = agent_count + 1 WHERE id = ?").run(guarantor["id"]);
+  })();
+  return getGuarantor(db, githubLogin);
+}
+function getGuarantor(db, githubLogin) {
+  ensureGuarantorTables(db);
+  const row = db.prepare("SELECT * FROM guarantors WHERE github_login = ?").get(githubLogin);
+  if (!row) return null;
+  return {
+    id: row["id"],
+    github_login: row["github_login"],
+    agent_count: row["agent_count"],
+    credit_pool: row["credit_pool"],
+    created_at: row["created_at"]
+  };
+}
+function getAgentGuarantor(db, agentId) {
+  ensureGuarantorTables(db);
+  const link = db.prepare(
+    `SELECT g.* FROM guarantors g
+       JOIN agent_guarantors ag ON ag.guarantor_id = g.id
+       WHERE ag.agent_id = ?`
+  ).get(agentId);
+  if (!link) return null;
+  return {
+    id: link["id"],
+    github_login: link["github_login"],
+    agent_count: link["agent_count"],
+    credit_pool: link["credit_pool"],
+    created_at: link["created_at"]
+  };
+}
+function initiateGithubAuth() {
+  return {
+    auth_url: "https://github.com/login/oauth/authorize?client_id=PLACEHOLDER&scope=read:user",
+    state: randomUUID4()
+  };
+}
+
+// src/registry/free-tier.ts
+function initFreeTierTable(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS credit_free_tier_usage (
+      agent_public_key TEXT NOT NULL,
+      skill_id TEXT NOT NULL,
+      usage_count INTEGER NOT NULL DEFAULT 0,
+      last_used_at TEXT NOT NULL,
+      PRIMARY KEY (agent_public_key, skill_id)
+    )
+  `);
+}
+
+// src/registry/credit-routes.ts
+async function creditRoutesPlugin(fastify, options) {
+  const { creditDb } = options;
+  creditDb.exec(`
+    CREATE TABLE IF NOT EXISTS credit_grants (
+      public_key TEXT PRIMARY KEY,
+      granted_at TEXT NOT NULL,
+      owner TEXT
+    )
+  `);
+  try {
+    creditDb.exec("ALTER TABLE credit_grants ADD COLUMN owner TEXT");
+  } catch {
+  }
+  initFreeTierTable(creditDb);
+  await fastify.register(async (scope) => {
+    identityAuthPlugin(scope);
+    scope.post("/api/credits/hold", {
+      schema: {
+        tags: ["credits"],
+        summary: "Hold credits in escrow during capability execution",
+        security: [{ ed25519Auth: [] }],
+        body: {
+          type: "object",
+          properties: {
+            owner: { type: "string" },
+            amount: { type: "number" },
+            cardId: { type: "string" }
+          },
+          required: ["owner", "amount", "cardId"]
+        },
+        response: {
+          200: { type: "object", properties: { escrowId: { type: "string" } } },
+          400: { type: "object", properties: { error: { type: "string" }, code: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const owner = typeof body.owner === "string" ? body.owner.trim() : "";
+      const amount = typeof body.amount === "number" ? body.amount : NaN;
+      const cardId = typeof body.cardId === "string" ? body.cardId.trim() : "";
+      if (!owner || isNaN(amount) || amount <= 0 || !cardId) {
+        return reply.code(400).send({ error: "Missing or invalid required fields: owner, amount (>0), cardId" });
+      }
+      try {
+        const escrowId = holdEscrow(creditDb, owner, amount, cardId);
+        return reply.send({ escrowId });
+      } catch (err) {
+        if (err instanceof AgentBnBError && err.code === "INSUFFICIENT_CREDITS") {
+          return reply.code(400).send({ error: err.message, code: "INSUFFICIENT_CREDITS" });
+        }
+        throw err;
+      }
+    });
+    scope.post("/api/credits/settle", {
+      schema: {
+        tags: ["credits"],
+        summary: "Transfer held credits to provider on success",
+        security: [{ ed25519Auth: [] }],
+        body: {
+          type: "object",
+          properties: {
+            escrowId: { type: "string" },
+            recipientOwner: { type: "string" }
+          },
+          required: ["escrowId", "recipientOwner"]
+        },
+        response: {
+          200: { type: "object", properties: { ok: { type: "boolean" } } },
+          400: { type: "object", properties: { error: { type: "string" }, code: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const escrowId = typeof body.escrowId === "string" ? body.escrowId.trim() : "";
+      const recipientOwner = typeof body.recipientOwner === "string" ? body.recipientOwner.trim() : "";
+      if (!escrowId || !recipientOwner) {
+        return reply.code(400).send({ error: "escrowId and recipientOwner are required" });
+      }
+      try {
+        settleEscrow(creditDb, escrowId, recipientOwner);
+        return reply.send({ ok: true });
+      } catch (err) {
+        if (err instanceof AgentBnBError) {
+          return reply.code(400).send({ error: err.message, code: err.code });
+        }
+        throw err;
+      }
+    });
+    scope.post("/api/credits/release", {
+      schema: {
+        tags: ["credits"],
+        summary: "Refund held credits to requester on failure",
+        security: [{ ed25519Auth: [] }],
+        body: {
+          type: "object",
+          properties: { escrowId: { type: "string" } },
+          required: ["escrowId"]
+        },
+        response: {
+          200: { type: "object", properties: { ok: { type: "boolean" } } },
+          400: { type: "object", properties: { error: { type: "string" }, code: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const escrowId = typeof body.escrowId === "string" ? body.escrowId.trim() : "";
+      if (!escrowId) {
+        return reply.code(400).send({ error: "escrowId is required" });
+      }
+      try {
+        releaseEscrow(creditDb, escrowId);
+        return reply.send({ ok: true });
+      } catch (err) {
+        if (err instanceof AgentBnBError) {
+          return reply.code(400).send({ error: err.message, code: err.code });
+        }
+        throw err;
+      }
+    });
+    scope.post("/api/credits/grant", {
+      schema: {
+        tags: ["credits"],
+        summary: "Bootstrap grant of 50 credits (once per identity)",
+        security: [{ ed25519Auth: [] }],
+        body: {
+          type: "object",
+          properties: {
+            owner: { type: "string" },
+            amount: { type: "number" }
+          },
+          required: ["owner"]
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              ok: { type: "boolean" },
+              granted: { type: "number" },
+              reason: { type: "string" }
+            }
+          },
+          400: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const owner = typeof body.owner === "string" ? body.owner.trim() : "";
+      const amount = typeof body.amount === "number" ? body.amount : 50;
+      const publicKey = request.agentPublicKey;
+      if (!owner) {
+        return reply.code(400).send({ error: "owner is required" });
+      }
+      const existing = creditDb.prepare("SELECT public_key, owner FROM credit_grants WHERE public_key = ?").get(publicKey);
+      if (existing) {
+        if (existing.owner && existing.owner !== owner) {
+          migrateOwner(creditDb, existing.owner, owner);
+          creditDb.prepare("UPDATE credit_grants SET owner = ? WHERE public_key = ?").run(owner, publicKey);
+          return reply.send({ ok: true, granted: 0, reason: "renamed", from: existing.owner, to: owner });
+        }
+        return reply.send({ ok: true, granted: 0, reason: "already_granted" });
+      }
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      bootstrapAgent(creditDb, owner, amount);
+      creditDb.prepare("INSERT INTO credit_grants (public_key, granted_at, owner) VALUES (?, ?, ?)").run(publicKey, now, owner);
+      return reply.send({ ok: true, granted: amount });
+    });
+    scope.get("/api/credits/:owner", {
+      schema: {
+        tags: ["credits"],
+        summary: "Get current credit balance for an agent",
+        security: [{ ed25519Auth: [] }],
+        params: { type: "object", properties: { owner: { type: "string" } }, required: ["owner"] },
+        response: { 200: { type: "object", properties: { balance: { type: "number" } } } }
+      }
+    }, async (request, reply) => {
+      const { owner } = request.params;
+      const balance = getBalance(creditDb, owner);
+      return reply.send({ balance });
+    });
+    scope.get("/api/credits/:owner/history", {
+      schema: {
+        tags: ["credits"],
+        summary: "Get paginated transaction history",
+        security: [{ ed25519Auth: [] }],
+        params: { type: "object", properties: { owner: { type: "string" } }, required: ["owner"] },
+        querystring: {
+          type: "object",
+          properties: { limit: { type: "integer", description: "Max entries (default 20, max 100)" } }
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: { transactions: { type: "array" }, limit: { type: "integer" } }
+          }
+        }
+      }
+    }, async (request, reply) => {
+      const { owner } = request.params;
+      const query = request.query;
+      const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+      const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+      const transactions = getTransactions(creditDb, owner, limit);
+      return reply.send({ transactions, limit });
+    });
+    scope.post("/api/credits/rename", {
+      schema: {
+        tags: ["credits"],
+        summary: "Rename owner \u2014 migrate credits from old owner to new owner",
+        security: [{ ed25519Auth: [] }],
+        body: {
+          type: "object",
+          properties: {
+            oldOwner: { type: "string" },
+            newOwner: { type: "string" }
+          },
+          required: ["oldOwner", "newOwner"]
+        },
+        response: {
+          200: { type: "object", properties: { ok: { type: "boolean" }, migrated: { type: "boolean" } } },
+          400: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const oldOwner = typeof body.oldOwner === "string" ? body.oldOwner.trim() : "";
+      const newOwner = typeof body.newOwner === "string" ? body.newOwner.trim() : "";
+      if (!oldOwner || !newOwner || oldOwner === newOwner) {
+        return reply.code(400).send({ error: "oldOwner and newOwner must be different non-empty strings" });
+      }
+      const oldBalance = getBalance(creditDb, oldOwner);
+      if (oldBalance === 0) {
+        return reply.send({ ok: true, migrated: false });
+      }
+      migrateOwner(creditDb, oldOwner, newOwner);
+      return reply.send({ ok: true, migrated: true });
+    });
+  });
+}
+
+// src/hub-agent/executor.ts
+var HubAgentExecutor = class {
+  constructor(registryDb, creditDb) {
+    this.registryDb = registryDb;
+    this.creditDb = creditDb;
+    initJobQueue(this.registryDb);
+  }
+  /**
+   * Execute a skill on a Hub Agent.
+   *
+   * @param agentId - The Hub Agent ID.
+   * @param skillId - The skill_id to execute from the agent's routing table.
+   * @param params - Input parameters for the skill.
+   * @param requesterOwner - Optional requester identifier for credit escrow.
+   * @returns ExecutionResult with success status, result/error, and latency_ms.
+   */
+  async execute(agentId, skillId, params, requesterOwner) {
+    const startTime = Date.now();
+    const agent = getHubAgent(this.registryDb, agentId);
+    if (!agent) {
+      return { success: false, error: "Hub Agent not found", latency_ms: Date.now() - startTime };
+    }
+    if (agent.status === "paused") {
+      return { success: false, error: "Hub Agent is paused", latency_ms: Date.now() - startTime };
+    }
+    const route = agent.skill_routes.find((r) => r.skill_id === skillId);
+    if (!route) {
+      return { success: false, error: "Skill not found in routing table", latency_ms: Date.now() - startTime };
+    }
+    switch (route.mode) {
+      case "relay":
+        return this.executeRelay(route, agent, params, requesterOwner, startTime);
+      case "queue":
+        return this.executeQueue(route, agent, params, requesterOwner, startTime);
+      case "direct_api":
+        return this.executeDirectApi(route, agent, params, requesterOwner, startTime);
+    }
+  }
+  /**
+   * Relay mode: If the target relay agent is offline, queue the job.
+   * If online, still queue (actual dispatch happens via relay bridge).
+   */
+  async executeRelay(route, agent, params, requesterOwner, startTime) {
+    const relayOwner = route.config.relay_owner;
+    if (this.isRelayOwnerOnline(relayOwner)) {
+      return { success: false, error: "relay mode requires connected session agent", latency_ms: 0 };
+    }
+    return this.queueJob(agent, route.skill_id, params, requesterOwner, relayOwner, startTime);
+  }
+  /**
+   * Queue mode: Always queue the job for later dispatch.
+   */
+  async executeQueue(route, agent, params, requesterOwner, startTime) {
+    const relayOwner = route.config.relay_owner;
+    return this.queueJob(agent, route.skill_id, params, requesterOwner, relayOwner, startTime);
+  }
+  /**
+   * Queue a job with optional credit escrow.
+   */
+  queueJob(agent, skillId, params, requesterOwner, relayOwner, startTime) {
+    const cardId = agent.agent_id.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5");
+    let escrowId;
+    if (requesterOwner) {
+      const price = lookupCardPrice(this.registryDb, cardId, skillId);
+      if (price !== null && price > 0) {
+        escrowId = holdEscrow(this.creditDb, requesterOwner, price, cardId);
+      }
+    }
+    const job = insertJob(this.registryDb, {
+      hub_agent_id: agent.agent_id,
+      skill_id: skillId,
+      requester_owner: requesterOwner ?? "anonymous",
+      params,
+      escrow_id: escrowId,
+      relay_owner: relayOwner
+    });
+    return {
+      success: true,
+      result: { queued: true, job_id: job.id },
+      latency_ms: Date.now() - startTime
+    };
+  }
+  /**
+   * Check if a relay owner has any online cards in the registry.
+   *
+   * @param owner - The relay owner identifier.
+   * @returns true if any card for this owner is online.
+   */
+  isRelayOwnerOnline(owner) {
+    const rows = this.registryDb.prepare(
+      "SELECT data FROM capability_cards WHERE owner = ?"
+    ).all(owner);
+    for (const row of rows) {
+      try {
+        const card = JSON.parse(row.data);
+        const availability = card.availability;
+        if (availability?.online === true) {
+          return true;
+        }
+      } catch {
+      }
+    }
+    return false;
+  }
+  /**
+   * Execute a direct_api skill route via ApiExecutor.
+   * Handles secret injection and credit escrow.
+   */
+  async executeDirectApi(route, agent, params, requesterOwner, startTime) {
+    const config = this.injectSecrets(route.config, agent.secrets);
+    const pricing = route.config.pricing;
+    const creditsPerCall = pricing?.credits_per_call ?? 0;
+    let escrowId;
+    if (requesterOwner && creditsPerCall > 0) {
+      const cardId = agent.agent_id.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5");
+      escrowId = holdEscrow(this.creditDb, requesterOwner, creditsPerCall, cardId);
+    }
+    try {
+      const apiExecutor = new ApiExecutor();
+      const modeResult = await apiExecutor.execute(config, params);
+      const result = {
+        ...modeResult,
+        latency_ms: Date.now() - startTime
+      };
+      if (escrowId) {
+        if (result.success) {
+          settleEscrow(this.creditDb, escrowId, agent.agent_id);
+        } else {
+          releaseEscrow(this.creditDb, escrowId);
+        }
+      }
+      return result;
+    } catch (err) {
+      if (escrowId) {
+        releaseEscrow(this.creditDb, escrowId);
+      }
+      const message = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: message,
+        latency_ms: Date.now() - startTime
+      };
+    }
+  }
+  /**
+   * Injects decrypted secrets into the API skill config's auth field.
+   * If secrets contain 'api_key' and auth type is 'bearer', replaces the token.
+   * If secrets contain 'api_key' and auth type is 'apikey', replaces the key.
+   */
+  injectSecrets(config, secrets) {
+    if (!secrets || Object.keys(secrets).length === 0) {
+      return config;
+    }
+    const injected = JSON.parse(JSON.stringify(config));
+    const apiKey = secrets.api_key ?? secrets.API_KEY;
+    if (apiKey && injected.auth) {
+      switch (injected.auth.type) {
+        case "bearer":
+          injected.auth.token = apiKey;
+          break;
+        case "apikey":
+          injected.auth.key = apiKey;
+          break;
+      }
+    }
+    return injected;
+  }
+};
+
+// src/hub-agent/types.ts
+import { z as z3 } from "zod";
+var SkillRouteSchema = z3.discriminatedUnion("mode", [
+  z3.object({
+    skill_id: z3.string().min(1),
+    mode: z3.literal("direct_api"),
+    config: ApiSkillConfigSchema
+  }),
+  z3.object({
+    skill_id: z3.string().min(1),
+    mode: z3.literal("relay"),
+    config: z3.object({ relay_owner: z3.string().min(1) })
+  }),
+  z3.object({
+    skill_id: z3.string().min(1),
+    mode: z3.literal("queue"),
+    config: z3.object({ relay_owner: z3.string().min(1) }).passthrough()
+  })
+]);
+var HubAgentSchema = z3.object({
+  agent_id: z3.string().min(1),
+  name: z3.string().min(1),
+  owner_public_key: z3.string().min(1),
+  public_key: z3.string().min(1),
+  skill_routes: z3.array(SkillRouteSchema),
+  status: z3.enum(["active", "paused"]),
+  created_at: z3.string(),
+  updated_at: z3.string()
+});
+var CreateAgentRequestSchema = z3.object({
+  name: z3.string().min(1),
+  skill_routes: z3.array(SkillRouteSchema),
+  secrets: z3.record(z3.string()).optional()
+});
+
+// src/hub-agent/routes.ts
+function buildCapabilityCard(agentId, name, publicKey, skillRoutes) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const skills = skillRoutes.map((route) => ({
+    id: route.skill_id,
+    name: route.mode === "direct_api" ? route.config.name : route.skill_id,
+    description: route.mode === "direct_api" ? `API skill: ${route.config.name}` : `${route.mode} skill: ${route.skill_id}`,
+    level: 1,
+    inputs: [],
+    outputs: [],
+    pricing: route.mode === "direct_api" ? route.config.pricing : { credits_per_call: 10 }
+  }));
+  if (skills.length === 0) {
+    skills.push({
+      id: "default",
+      name,
+      description: `Hub Agent: ${name}`,
+      level: 1,
+      inputs: [],
+      outputs: [],
+      pricing: { credits_per_call: 10 }
+    });
+  }
+  return {
+    spec_version: "2.0",
+    id: agentId.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5"),
+    owner: publicKey.slice(0, 16),
+    agent_name: name,
+    skills,
+    availability: { online: true },
+    created_at: now,
+    updated_at: now
+  };
+}
+function upsertCardRaw(db, cardData, owner) {
+  const parsed = AnyCardSchema.safeParse(cardData);
+  if (!parsed.success) {
+    throw new AgentBnBError(
+      `Card validation failed: ${parsed.error.message}`,
+      "VALIDATION_ERROR"
+    );
+  }
+  const card = parsed.data;
+  const cardId = card.id;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const existing = db.prepare("SELECT id FROM capability_cards WHERE id = ?").get(cardId);
+  if (existing) {
+    db.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(JSON.stringify(card), now, cardId);
+  } else {
+    db.prepare("INSERT INTO capability_cards (id, owner, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?)").run(cardId, owner, JSON.stringify(card), now, now);
+  }
+  return cardId;
+}
+function sanitizeAgent(agent) {
+  const { secrets, private_key_enc, ...safe } = agent;
+  if (secrets && typeof secrets === "object") {
+    return { ...safe, secret_keys: Object.keys(secrets) };
+  }
+  return safe;
+}
+async function hubAgentRoutesPlugin(fastify, options) {
+  const { registryDb, creditDb } = options;
+  initHubAgentTable(registryDb);
+  initJobQueue(registryDb);
+  fastify.post("/api/hub-agents", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Create a new Hub Agent with Ed25519 identity",
+      body: {
+        type: "object",
+        required: ["name"],
+        properties: {
+          name: { type: "string", minLength: 1 },
+          skill_routes: { type: "array" },
+          secrets: { type: "object" }
+        }
+      },
+      response: {
+        201: {
+          type: "object",
+          properties: {
+            agent_id: { type: "string" },
+            name: { type: "string" },
+            public_key: { type: "string" },
+            skill_routes: { type: "array" },
+            status: { type: "string" },
+            created_at: { type: "string" },
+            updated_at: { type: "string" }
+          }
+        },
+        400: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const parseResult = CreateAgentRequestSchema.safeParse(request.body);
+    if (!parseResult.success) {
+      return reply.code(400).send({ error: parseResult.error.message });
+    }
+    const req = parseResult.data;
+    const ownerPublicKey = "hub-server";
+    try {
+      const agent = createHubAgent(registryDb, req, ownerPublicKey);
+      bootstrapAgent(creditDb, agent.agent_id, 50);
+      const cardData = buildCapabilityCard(agent.agent_id, agent.name, agent.public_key, agent.skill_routes);
+      try {
+        upsertCardRaw(registryDb, cardData, agent.agent_id);
+      } catch {
+      }
+      return reply.code(201).send(sanitizeAgent(agent));
+    } catch (err) {
+      if (err instanceof AgentBnBError) {
+        return reply.code(400).send({ error: err.message });
+      }
+      throw err;
+    }
+  });
+  fastify.get("/api/hub-agents", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "List all Hub Agents",
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            agents: { type: "array" }
+          }
+        }
+      }
+    }
+  }, async (_request, reply) => {
+    const agents = listHubAgents(registryDb);
+    return reply.send({ agents });
+  });
+  fastify.get("/api/hub-agents/:id", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Get a single Hub Agent by ID",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            agent_id: { type: "string" },
+            name: { type: "string" },
+            public_key: { type: "string" },
+            skill_routes: { type: "array" },
+            status: { type: "string" },
+            secret_keys: { type: "array", items: { type: "string" } }
+          }
+        },
+        404: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const agent = getHubAgent(registryDb, id);
+    if (!agent) {
+      return reply.code(404).send({ error: "Hub Agent not found" });
+    }
+    return reply.send(sanitizeAgent(agent));
+  });
+  fastify.put("/api/hub-agents/:id", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Update a Hub Agent",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      body: {
+        type: "object",
+        properties: {
+          name: { type: "string" },
+          skill_routes: { type: "array" },
+          secrets: { type: "object" }
+        }
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            agent_id: { type: "string" },
+            name: { type: "string" },
+            skill_routes: { type: "array" },
+            status: { type: "string" }
+          }
+        },
+        404: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const body = request.body;
+    const updates = {};
+    if (typeof body.name === "string") updates.name = body.name;
+    if (Array.isArray(body.skill_routes)) updates.skill_routes = body.skill_routes;
+    if (body.secrets && typeof body.secrets === "object") updates.secrets = body.secrets;
+    const agent = updateHubAgent(registryDb, id, updates);
+    if (!agent) {
+      return reply.code(404).send({ error: "Hub Agent not found" });
+    }
+    if (updates.skill_routes) {
+      const cardData = buildCapabilityCard(agent.agent_id, agent.name, agent.public_key, agent.skill_routes);
+      try {
+        upsertCardRaw(registryDb, cardData, agent.agent_id);
+      } catch {
+      }
+    }
+    return reply.send(sanitizeAgent(agent));
+  });
+  fastify.delete("/api/hub-agents/:id", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Delete a Hub Agent",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: { ok: { type: "boolean" } }
+        },
+        404: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const agent = getHubAgent(registryDb, id);
+    if (!agent) {
+      return reply.code(404).send({ error: "Hub Agent not found" });
+    }
+    deleteHubAgent(registryDb, id);
+    const cardId = id.padEnd(32, "0").replace(/^(.{8})(.{4})(.{4})(.{4})(.{12}).*$/, "$1-$2-$3-$4-$5");
+    try {
+      registryDb.prepare("DELETE FROM capability_cards WHERE id = ?").run(cardId);
+    } catch {
+    }
+    return reply.send({ ok: true });
+  });
+  fastify.post("/api/hub-agents/:id/execute", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Execute a skill on a Hub Agent",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      body: {
+        type: "object",
+        required: ["skill_id"],
+        properties: {
+          skill_id: { type: "string" },
+          params: { type: "object" },
+          requester_owner: { type: "string" }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const body = request.body;
+    const executor = new HubAgentExecutor(registryDb, creditDb);
+    const result = await executor.execute(
+      id,
+      body.skill_id,
+      body.params ?? {},
+      body.requester_owner
+    );
+    if (!result.success && result.error === "Hub Agent not found") {
+      return reply.code(404).send(result);
+    }
+    if (!result.success) {
+      return reply.code(400).send(result);
+    }
+    return reply.send(result);
+  });
+  fastify.get("/api/hub-agents/:id/jobs", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "List jobs for a Hub Agent",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      querystring: {
+        type: "object",
+        properties: {
+          status: { type: "string", enum: ["queued", "dispatched", "completed", "failed"] }
+        }
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            jobs: { type: "array" }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const { status } = request.query ?? {};
+    const jobs = listJobs(registryDb, id, status);
+    return reply.send({ jobs });
+  });
+  fastify.get("/api/hub-agents/:id/jobs/:jobId", {
+    schema: {
+      tags: ["hub-agents"],
+      summary: "Get a single job by ID",
+      params: {
+        type: "object",
+        properties: {
+          id: { type: "string" },
+          jobId: { type: "string" }
+        },
+        required: ["id", "jobId"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            id: { type: "string" },
+            hub_agent_id: { type: "string" },
+            skill_id: { type: "string" },
+            status: { type: "string" }
+          }
+        },
+        404: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { jobId } = request.params;
+    const job = getJob(registryDb, jobId);
+    if (!job) {
+      return reply.code(404).send({ error: "Job not found" });
+    }
+    return reply.send(job);
+  });
+}
+
+// src/registry/openapi-gpt-actions.ts
+function convertToGptActions(openapiSpec, serverUrl) {
+  const spec = JSON.parse(JSON.stringify(openapiSpec));
+  spec.servers = [{ url: serverUrl }];
+  const paths = spec.paths;
+  if (paths) {
+    const filteredPaths = {};
+    for (const [path, methods] of Object.entries(paths)) {
+      if (path.startsWith("/me") || path.startsWith("/draft") || path.startsWith("/docs") || path.startsWith("/ws") || path.startsWith("/api/credits")) {
+        continue;
+      }
+      const filteredMethods = {};
+      for (const [method, operation] of Object.entries(methods)) {
+        if (method === "get" || method === "post") {
+          const op = operation;
+          if (!op.operationId) {
+            op.operationId = deriveOperationId(method, path);
+          }
+          delete op.security;
+          filteredMethods[method] = op;
+        }
+      }
+      if (Object.keys(filteredMethods).length > 0) {
+        filteredPaths[path] = filteredMethods;
+      }
+    }
+    spec.paths = filteredPaths;
+  }
+  const components = spec.components;
+  if (components) {
+    delete components.securitySchemes;
+  }
+  const usedTags = /* @__PURE__ */ new Set();
+  if (spec.paths) {
+    for (const methods of Object.values(spec.paths)) {
+      for (const op of Object.values(methods)) {
+        const operation = op;
+        if (Array.isArray(operation.tags)) {
+          for (const tag of operation.tags) {
+            usedTags.add(tag);
+          }
+        }
+      }
+    }
+  }
+  if (Array.isArray(spec.tags)) {
+    spec.tags = spec.tags.filter((t) => usedTags.has(t.name));
+  }
+  return spec;
+}
+function deriveOperationId(method, path) {
+  const segments = path.split("/").filter((s) => s.length > 0).map((s) => {
+    if (s.startsWith("{") || s.startsWith(":")) {
+      const paramName = s.replace(/[{}:]/g, "");
+      return "By" + paramName.charAt(0).toUpperCase() + paramName.slice(1);
+    }
+    return s.split("-").map((part, i) => i === 0 ? part.charAt(0).toUpperCase() + part.slice(1) : part.charAt(0).toUpperCase() + part.slice(1)).join("");
+  });
+  return method + segments.join("");
+}
+
+// src/feedback/api.ts
+var feedbackPlugin = async (fastify, opts) => {
+  const { db } = opts;
+  fastify.post("/api/feedback", {
+    schema: {
+      tags: ["feedback"],
+      summary: "Submit structured feedback for a completed transaction",
+      body: { type: "object", additionalProperties: true },
+      response: {
+        201: {
+          type: "object",
+          properties: {
+            feedback_id: { type: "string" },
+            received_at: { type: "string" }
+          }
+        },
+        400: { type: "object", properties: { error: { type: "string" }, issues: { type: "array" } } },
+        404: { type: "object", properties: { error: { type: "string" } } },
+        409: { type: "object", properties: { error: { type: "string" } } }
+      }
+    }
+  }, async (request, reply) => {
+    const parseResult = StructuredFeedbackSchema.safeParse(request.body);
+    if (!parseResult.success) {
+      return reply.code(400).send({
+        error: "Validation failed",
+        issues: parseResult.error.issues
+      });
+    }
+    const feedback = parseResult.data;
+    const txRow = db.prepare("SELECT id FROM request_log WHERE id = ?").get(feedback.transaction_id);
+    if (!txRow) {
+      return reply.code(404).send({ error: "transaction_not_found" });
+    }
+    const dupRow = db.prepare("SELECT id FROM feedback WHERE transaction_id = ?").get(feedback.transaction_id);
+    if (dupRow) {
+      return reply.code(409).send({ error: "feedback_already_submitted" });
+    }
+    const feedbackId = insertFeedback(db, feedback);
+    const receivedAt = (/* @__PURE__ */ new Date()).toISOString();
+    return reply.code(201).send({ feedback_id: feedbackId, received_at: receivedAt });
+  });
+  fastify.get("/api/feedback/:skill_id", {
+    schema: {
+      tags: ["feedback"],
+      summary: "List feedback for a specific skill",
+      params: {
+        type: "object",
+        properties: { skill_id: { type: "string" } },
+        required: ["skill_id"]
+      },
+      querystring: {
+        type: "object",
+        properties: {
+          limit: { type: "integer", default: 20, description: "Max entries (max 100)" },
+          since: { type: "string", description: "ISO datetime filter (optional)" }
+        }
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            feedbacks: { type: "array" },
+            count: { type: "integer" }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { skill_id } = request.params;
+    const query = request.query;
+    const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+    const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+    let feedbacks = getFeedbackForSkill(db, skill_id, limit);
+    const since = query.since?.trim();
+    if (since) {
+      const sinceDate = new Date(since).getTime();
+      if (!isNaN(sinceDate)) {
+        feedbacks = feedbacks.filter((f) => new Date(f.timestamp).getTime() > sinceDate);
+      }
+    }
+    return reply.send({ feedbacks, count: feedbacks.length });
+  });
+  fastify.get("/api/reputation/:agent_id", {
+    schema: {
+      tags: ["feedback"],
+      summary: "Get aggregated reputation score for an agent",
+      params: {
+        type: "object",
+        properties: { agent_id: { type: "string" } },
+        required: ["agent_id"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            agent_id: { type: "string" },
+            reputation_score: { type: "number" },
+            feedback_count: { type: "integer" },
+            last_updated: { type: "string" }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { agent_id } = request.params;
+    const feedbacks = getFeedbackForProvider(db, agent_id);
+    const reputationScore = computeReputation(feedbacks);
+    const lastUpdated = feedbacks.length > 0 ? feedbacks[0].timestamp : (/* @__PURE__ */ new Date()).toISOString();
+    return reply.send({
+      agent_id,
+      reputation_score: reputationScore,
+      feedback_count: feedbacks.length,
+      last_updated: lastUpdated
+    });
+  });
+};
+var api_default = feedbackPlugin;
+
+// src/evolution/schema.ts
+import { z as z4 } from "zod";
+var CoreMemoryEntrySchema = z4.object({
+  category: z4.string(),
+  importance: z4.number().min(0).max(1),
+  content: z4.string(),
+  scope: z4.string().optional()
+});
+var TemplateEvolutionSchema = z4.object({
+  /** e.g. "genesis-template" */
+  template_name: z4.string().min(1),
+  /** Semantic version string, e.g. "1.2.3" */
+  template_version: z4.string().regex(/^\d+\.\d+\.\d+$/, "Must be a valid semver string (e.g. 1.2.3)"),
+  /** Identifier of the agent publishing this evolution */
+  publisher_agent: z4.string().min(1),
+  /** Human-readable description of what changed in this evolution */
+  changelog: z4.string().max(1e3),
+  /** Snapshot of the agent's core memory at the time of evolution (max 50 entries) */
+  core_memory_snapshot: z4.array(CoreMemoryEntrySchema).max(50),
+  /** Delta in fitness score from before evolution (range -1 to 1) */
+  fitness_improvement: z4.number().min(-1).max(1),
+  /** ISO 8601 datetime string */
+  timestamp: z4.string().datetime()
+});
+
+// src/evolution/api.ts
+var evolutionPlugin = async (fastify, opts) => {
+  const { db } = opts;
+  fastify.post("/api/evolution/publish", {
+    schema: {
+      tags: ["evolution"],
+      summary: "Publish a new template evolution record",
+      body: { type: "object", additionalProperties: true },
+      response: {
+        201: {
+          type: "object",
+          properties: {
+            evolution_id: { type: "string" },
+            published_at: { type: "string" }
+          }
+        },
+        400: {
+          type: "object",
+          properties: {
+            error: { type: "string" },
+            issues: { type: "array" }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const parseResult = TemplateEvolutionSchema.safeParse(request.body);
+    if (!parseResult.success) {
+      return reply.code(400).send({
+        error: "Validation failed",
+        issues: parseResult.error.issues
+      });
+    }
+    const evolutionId = insertEvolution(db, parseResult.data);
+    const publishedAt = (/* @__PURE__ */ new Date()).toISOString();
+    return reply.code(201).send({ evolution_id: evolutionId, published_at: publishedAt });
+  });
+  fastify.get("/api/evolution/latest", {
+    schema: {
+      tags: ["evolution"],
+      summary: "Get latest evolution for a template",
+      querystring: {
+        type: "object",
+        properties: {
+          template: { type: "string", description: "Template name to query" }
+        },
+        required: ["template"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            evolution: {}
+          }
+        },
+        400: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const query = request.query;
+    const templateName = query.template?.trim();
+    if (!templateName) {
+      return reply.code(400).send({ error: "template query parameter is required" });
+    }
+    const evolution = getLatestEvolution(db, templateName);
+    return reply.send({ evolution });
+  });
+  fastify.get("/api/evolution/history", {
+    schema: {
+      tags: ["evolution"],
+      summary: "Get evolution history for a template",
+      querystring: {
+        type: "object",
+        properties: {
+          template: { type: "string", description: "Template name to query" },
+          limit: { type: "integer", default: 10, description: "Max entries (max 100)" }
+        },
+        required: ["template"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            evolutions: { type: "array" },
+            count: { type: "integer" }
+          }
+        },
+        400: {
+          type: "object",
+          properties: { error: { type: "string" } }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const query = request.query;
+    const templateName = query.template?.trim();
+    if (!templateName) {
+      return reply.code(400).send({ error: "template query parameter is required" });
+    }
+    const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 10;
+    const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 10 : rawLimit, 100);
+    const evolutions = getEvolutionHistory(db, templateName, limit);
+    return reply.send({ evolutions, count: evolutions.length });
+  });
+};
+var api_default2 = evolutionPlugin;
+
+// src/registry/server.ts
+function stripInternal(card) {
+  const { _internal: _, ...publicCard } = card;
+  return publicCard;
+}
+function createRegistryServer(opts) {
+  const { registryDb: db, silent = false } = opts;
+  const server = Fastify2({ logger: !silent });
+  void server.register(swagger, {
+    openapi: {
+      openapi: "3.0.3",
+      info: {
+        title: "AgentBnB Registry API",
+        description: "P2P Agent Capability Sharing Protocol \u2014 discover, publish, and exchange agent capabilities",
+        version: "3.1.6"
+      },
+      servers: [{ url: "/", description: "Registry server" }],
+      tags: [
+        { name: "cards", description: "Capability card CRUD" },
+        { name: "credits", description: "Credit hold/settle/release (Ed25519 auth required)" },
+        { name: "agents", description: "Agent profiles and reputation" },
+        { name: "identity", description: "Agent identity and guarantor registration" },
+        { name: "owner", description: "Owner-only endpoints (Bearer auth required)" },
+        { name: "system", description: "Health and stats" },
+        { name: "pricing", description: "Market pricing statistics" }
+      ],
+      components: {
+        securitySchemes: {
+          bearerAuth: { type: "http", scheme: "bearer" },
+          ed25519Auth: {
+            type: "apiKey",
+            in: "header",
+            name: "X-Agent-PublicKey",
+            description: "Ed25519 public key (hex). Also requires X-Agent-Signature and X-Agent-Timestamp headers."
+          }
+        }
+      }
+    }
+  });
+  void server.register(swaggerUi, {
+    routePrefix: "/docs",
+    uiConfig: { docExpansion: "list", deepLinking: true }
+  });
+  void server.register(cors, {
+    origin: true,
+    methods: ["GET", "POST", "PATCH", "OPTIONS"],
+    allowedHeaders: ["Content-Type", "Authorization", "X-Agent-PublicKey", "X-Agent-Signature", "X-Agent-Timestamp"]
+  });
+  void server.register(fastifyWebsocket);
+  let relayState = null;
+  if (opts.creditDb) {
+    relayState = registerWebSocketRelay(server, db, opts.creditDb);
+  }
+  if (opts.creditDb) {
+    void server.register(creditRoutesPlugin, { creditDb: opts.creditDb });
+  }
+  if (opts.creditDb) {
+    void server.register(hubAgentRoutesPlugin, { registryDb: db, creditDb: opts.creditDb });
+    if (relayState?.setOnAgentOnline && relayState.getConnections && relayState.getPendingRequests && relayState.sendMessage) {
+      const bridge = createRelayBridge({
+        registryDb: db,
+        creditDb: opts.creditDb,
+        sendMessage: relayState.sendMessage,
+        pendingRequests: relayState.getPendingRequests(),
+        connections: relayState.getConnections()
+      });
+      relayState.setOnAgentOnline(bridge.onAgentOnline);
+    }
+  }
+  const __filename = fileURLToPath(import.meta.url);
+  const __dirname = dirname(__filename);
+  const hubDistCandidates = [
+    join(__dirname, "../../hub/dist"),
+    // When running from dist/registry/server.js
+    join(__dirname, "../../../hub/dist")
+    // Fallback for alternative layouts
+  ];
+  const hubDistDir = hubDistCandidates.find((p) => existsSync2(p));
+  if (hubDistDir) {
+    void server.register(fastifyStatic, {
+      root: hubDistDir,
+      prefix: "/hub/"
+    });
+    server.get("/", async (_request, reply) => {
+      return reply.redirect("/hub/");
+    });
+    server.get("/hub", async (_request, reply) => {
+      return reply.redirect("/hub/");
+    });
+    server.setNotFoundHandler(async (request, reply) => {
+      if (request.url.startsWith("/hub/")) {
+        return reply.sendFile("index.html");
+      }
+      return reply.code(404).send({ error: "Not found" });
+    });
+  }
+  void server.register(api_default, { db });
+  void server.register(api_default2, { db });
+  void server.register(async (api) => {
+    api.get("/health", {
+      schema: {
+        tags: ["system"],
+        summary: "Liveness probe",
+        response: { 200: { type: "object", properties: { status: { type: "string" } } } }
+      }
+    }, async (_request, reply) => {
+      return reply.send({ status: "ok" });
+    });
+    api.get("/cards", {
+      schema: {
+        tags: ["cards"],
+        summary: "List and search capability cards",
+        querystring: {
+          type: "object",
+          properties: {
+            q: { type: "string", description: "Full-text search query" },
+            level: { type: "integer", enum: [1, 2, 3], description: "Capability level filter" },
+            online: { type: "string", enum: ["true", "false"], description: "Availability filter" },
+            tag: { type: "string", description: "Filter by metadata tag" },
+            min_success_rate: { type: "number", description: "Minimum success rate (0-1)" },
+            max_latency_ms: { type: "number", description: "Maximum average latency in ms" },
+            min_reputation: { type: "number", description: "Minimum reputation score (0-1) based on peer feedback" },
+            sort: { type: "string", enum: ["popular", "rated", "success_rate", "cheapest", "newest", "latency", "reputation_desc", "reputation_asc"], description: "Sort order" },
+            limit: { type: "integer", default: 20, description: "Max items per page (max 100)" },
+            offset: { type: "integer", default: 0, description: "Pagination offset" }
+          }
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              total: { type: "integer" },
+              limit: { type: "integer" },
+              offset: { type: "integer" },
+              items: { type: "array" },
+              uses_this_week: { type: "object", additionalProperties: { type: "number" } }
+            }
+          }
+        }
+      }
+    }, async (request, reply) => {
+      const query = request.query;
+      const q = query.q?.trim() ?? "";
+      const levelRaw = query.level !== void 0 ? parseInt(query.level, 10) : void 0;
+      const level = levelRaw === 1 || levelRaw === 2 || levelRaw === 3 ? levelRaw : void 0;
+      const onlineRaw = query.online;
+      const online = onlineRaw === "true" ? true : onlineRaw === "false" ? false : void 0;
+      const tag = query.tag?.trim();
+      const minSuccessRate = query.min_success_rate !== void 0 ? parseFloat(query.min_success_rate) : void 0;
+      const maxLatencyMs = query.max_latency_ms !== void 0 ? parseFloat(query.max_latency_ms) : void 0;
+      const minReputation = query.min_reputation !== void 0 ? parseFloat(query.min_reputation) : void 0;
+      const sort = query.sort;
+      const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+      const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+      const rawOffset = query.offset !== void 0 ? parseInt(query.offset, 10) : 0;
+      const offset = isNaN(rawOffset) || rawOffset < 0 ? 0 : rawOffset;
+      let cards;
+      if (q.length > 0) {
+        cards = searchCards(db, q, { level, online, min_reputation: minReputation });
+      } else {
+        cards = filterCards(db, { level, online, min_reputation: minReputation });
+      }
+      if (tag !== void 0 && tag.length > 0) {
+        cards = cards.filter((c) => {
+          const rootTags = c.metadata?.tags ?? [];
+          const skillTags = c.skills?.flatMap((s) => s.metadata?.tags ?? []) ?? [];
+          return [...rootTags, ...skillTags].includes(tag);
+        });
+      }
+      if (maxLatencyMs !== void 0 && !isNaN(maxLatencyMs)) {
+        cards = cards.filter(
+          (c) => (c.metadata?.avg_latency_ms ?? Infinity) <= maxLatencyMs
+        );
+      }
+      const usesStmt = db.prepare(`
+      SELECT card_id, skill_id, COUNT(*) as cnt
+      FROM request_log
+      WHERE status = 'success'
+        AND created_at > datetime('now', '-7 days')
+        AND (action_type IS NULL OR action_type = 'auto_share')
+      GROUP BY card_id, skill_id
+    `);
+      const usesRows = usesStmt.all();
+      const usesMap = /* @__PURE__ */ new Map();
+      for (const row of usesRows) {
+        usesMap.set(row.card_id, (usesMap.get(row.card_id) ?? 0) + row.cnt);
+        if (row.skill_id) {
+          usesMap.set(row.skill_id, (usesMap.get(row.skill_id) ?? 0) + row.cnt);
+        }
+      }
+      const ownerTrustMap = /* @__PURE__ */ new Map();
+      const uniqueOwners = [...new Set(cards.map((c) => c.owner))];
+      if (uniqueOwners.length > 0) {
+        const placeholders = uniqueOwners.map(() => "?").join(",");
+        const trustStmt = db.prepare(`
+        SELECT cc.owner,
+          COUNT(rl.id) as total_exec,
+          SUM(CASE WHEN rl.status IN ('success','failure','timeout','refunded') THEN 1 ELSE 0 END) as terminal_exec,
+          SUM(CASE WHEN rl.status = 'success' THEN 1 ELSE 0 END) as success_exec,
+          AVG(CASE WHEN rl.status = 'success' THEN rl.latency_ms END) as avg_latency
+        FROM capability_cards cc
+        LEFT JOIN request_log rl ON rl.card_id = cc.id AND rl.action_type IS NULL
+        WHERE cc.owner IN (${placeholders})
+        GROUP BY cc.owner
+      `);
+        const trustRows = trustStmt.all(...uniqueOwners);
+        for (const row of trustRows) {
+          const terminalExec = row.terminal_exec ?? 0;
+          const successExec = row.success_exec ?? 0;
+          const successRate = terminalExec > 0 ? successExec / terminalExec : 0;
+          let tier = 0;
+          if (row.total_exec > 10) tier = 1;
+          if (row.total_exec > 50 && successRate >= 0.85) tier = 2;
+          ownerTrustMap.set(row.owner, {
+            performance_tier: tier,
+            authority_source: "self",
+            // Phase 1: all self-declared
+            success_rate: successRate,
+            avg_latency_ms: Math.round(row.avg_latency ?? 0),
+            terminal_exec: terminalExec
+          });
+        }
+      }
+      if (minSuccessRate !== void 0 && !isNaN(minSuccessRate)) {
+        cards = cards.filter((c) => {
+          const trust = ownerTrustMap.get(c.owner);
+          if (!trust || trust.terminal_exec === 0) return false;
+          return trust.success_rate >= minSuccessRate;
+        });
+      }
+      if (sort === "popular") {
+        cards = [...cards].sort((a, b) => {
+          const aUses = usesMap.get(a.id) ?? 0;
+          const bUses = usesMap.get(b.id) ?? 0;
+          return bUses - aUses;
+        });
+      } else if (sort === "rated" || sort === "success_rate") {
+        cards = [...cards].sort((a, b) => {
+          const aRate = a.metadata?.success_rate ?? -1;
+          const bRate = b.metadata?.success_rate ?? -1;
+          return bRate - aRate;
+        });
+      } else if (sort === "cheapest") {
+        cards = [...cards].sort((a, b) => {
+          const aCard = a;
+          const bCard = b;
+          const aPrice = aCard.pricing?.credits_per_call ?? aCard.skills?.[0]?.pricing?.credits_per_call ?? Infinity;
+          const bPrice = bCard.pricing?.credits_per_call ?? bCard.skills?.[0]?.pricing?.credits_per_call ?? Infinity;
+          return aPrice - bPrice;
+        });
+      } else if (sort === "newest") {
+        const createdStmt = db.prepare("SELECT id, created_at FROM capability_cards");
+        const createdRows = createdStmt.all();
+        const createdMap = new Map(createdRows.map((r) => [r.id, r.created_at]));
+        cards = [...cards].sort((a, b) => {
+          const aDate = createdMap.get(a.id) ?? "";
+          const bDate = createdMap.get(b.id) ?? "";
+          return bDate.localeCompare(aDate);
+        });
+      } else if (sort === "latency") {
+        cards = [...cards].sort((a, b) => {
+          const aLatency = a.metadata?.avg_latency_ms ?? Infinity;
+          const bLatency = b.metadata?.avg_latency_ms ?? Infinity;
+          return aLatency - bLatency;
+        });
+      } else if (sort === "reputation_desc" || sort === "reputation_asc") {
+        const repMap = buildReputationMap(db, cards.map((c) => c.owner));
+        const dir = sort === "reputation_desc" ? -1 : 1;
+        cards = [...cards].sort((a, b) => {
+          const aScore = repMap.get(a.owner) ?? 0.5;
+          const bScore = repMap.get(b.owner) ?? 0.5;
+          return dir * (bScore - aScore);
+        });
+      }
+      const total = cards.length;
+      const pagedCards = cards.slice(offset, offset + limit);
+      const pageRepMap = buildReputationMap(db, pagedCards.map((c) => c.owner));
+      const items = pagedCards.map((card) => {
+        const trust = ownerTrustMap.get(card.owner);
+        const stripped = stripInternal(card);
+        return {
+          ...stripped,
+          performance_tier: trust?.performance_tier ?? 0,
+          authority_source: trust?.authority_source ?? "self",
+          reputation_score: pageRepMap.get(card.owner) ?? 0.5,
+          // Enrich metadata with live execution-based success_rate if available
+          metadata: trust && trust.terminal_exec > 0 ? {
+            ...stripped.metadata,
+            success_rate: trust.success_rate,
+            avg_latency_ms: trust.avg_latency_ms || stripped.metadata?.avg_latency_ms
+          } : stripped.metadata
+        };
+      });
+      const usesThisWeek = {};
+      for (const [key, count] of usesMap) {
+        if (count > 0) usesThisWeek[key] = count;
+      }
+      const result = { total, limit, offset, items, uses_this_week: usesThisWeek };
+      return reply.send(result);
+    });
+    api.get("/api/cards/trending", {
+      schema: {
+        tags: ["cards"],
+        summary: "Top 10 trending skills by recent usage",
+        response: { 200: { type: "object", properties: { items: { type: "array" } } } }
+      }
+    }, async (_request, reply) => {
+      const trendingStmt = db.prepare(`
+      SELECT rl.card_id, COUNT(*) as recent_requests
+      FROM request_log rl
+      WHERE rl.status = 'success'
+        AND rl.created_at > datetime('now', '-7 days')
+        AND (rl.action_type IS NULL OR rl.action_type = 'auto_share')
+      GROUP BY rl.card_id
+      ORDER BY recent_requests DESC
+      LIMIT 10
+    `);
+      const trendingRows = trendingStmt.all();
+      const items = trendingRows.map((row) => {
+        const card = getCard(db, row.card_id);
+        if (!card) return null;
+        return { ...stripInternal(card), uses_this_week: row.recent_requests };
+      }).filter((item) => item !== null);
+      return reply.send({ items });
+    });
+    api.get("/api/pricing", {
+      schema: {
+        tags: ["pricing"],
+        summary: "Aggregate pricing statistics for skills matching a query",
+        querystring: {
+          type: "object",
+          properties: { q: { type: "string", description: "Search query (required)" } },
+          required: ["q"]
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              query: { type: "string" },
+              min: { type: "number" },
+              max: { type: "number" },
+              median: { type: "number" },
+              mean: { type: "number" },
+              count: { type: "integer" }
+            }
+          },
+          400: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const query = request.query;
+      const q = query.q?.trim();
+      if (!q) {
+        return reply.code(400).send({ error: "q parameter is required" });
+      }
+      const stats = getPricingStats(db, q);
+      return reply.send({ query: q, ...stats });
+    });
+    api.get("/cards/:id", {
+      schema: {
+        tags: ["cards"],
+        summary: "Get a capability card by ID",
+        params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+        response: {
+          200: { type: "object", additionalProperties: true },
+          404: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const { id } = request.params;
+      const card = getCard(db, id);
+      if (!card) {
+        return reply.code(404).send({ error: "Not found" });
+      }
+      return reply.send(stripInternal(card));
+    });
+    api.post("/cards", {
+      schema: {
+        tags: ["cards"],
+        summary: "Publish a capability card",
+        body: { type: "object", additionalProperties: true, description: "Capability card JSON (v1.0 or v2.0)" },
+        response: {
+          201: { type: "object", properties: { ok: { type: "boolean" }, id: { type: "string" } } },
+          400: { type: "object", properties: { error: { type: "string" }, issues: { type: "array" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      if (!body.spec_version) {
+        body.spec_version = "1.0";
+      }
+      const result = AnyCardSchema.safeParse(body);
+      if (!result.success) {
+        return reply.code(400).send({
+          error: "Card validation failed",
+          issues: result.error.issues
+        });
+      }
+      const card = result.data;
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      if (card.spec_version === "2.0") {
+        const cardWithTimestamps = {
+          ...card,
+          created_at: card.created_at ?? now,
+          updated_at: now
+        };
+        db.prepare(
+          `INSERT OR REPLACE INTO capability_cards (id, owner, data, created_at, updated_at)
+         VALUES (?, ?, ?, ?, ?)`
+        ).run(
+          cardWithTimestamps.id,
+          cardWithTimestamps.owner,
+          JSON.stringify(cardWithTimestamps),
+          cardWithTimestamps.created_at,
+          cardWithTimestamps.updated_at
+        );
+      } else {
+        try {
+          insertCard(db, card);
+        } catch (err) {
+          if (err instanceof AgentBnBError && err.code === "VALIDATION_ERROR") {
+            return reply.code(400).send({ error: err.message });
+          }
+          throw err;
+        }
+      }
+      return reply.code(201).send({ ok: true, id: card.id });
+    });
+    api.delete("/cards/:id", {
+      schema: {
+        tags: ["cards"],
+        summary: "Delete a capability card",
+        params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+        response: {
+          200: { type: "object", properties: { ok: { type: "boolean" }, id: { type: "string" } } },
+          404: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const { id } = request.params;
+      const card = getCard(db, id);
+      if (!card) {
+        return reply.code(404).send({ error: "Not found" });
+      }
+      db.prepare("DELETE FROM capability_cards WHERE id = ?").run(id);
+      return reply.send({ ok: true, id });
+    });
+    api.get("/api/agents", {
+      schema: {
+        tags: ["agents"],
+        summary: "List all agent profiles sorted by reputation",
+        response: {
+          200: {
+            type: "object",
+            properties: { items: { type: "array" }, total: { type: "integer" } }
+          }
+        }
+      }
+    }, async (_request, reply) => {
+      const allCards = listCards(db);
+      const ownerMap = /* @__PURE__ */ new Map();
+      for (const card of allCards) {
+        const existing = ownerMap.get(card.owner) ?? [];
+        existing.push(card);
+        ownerMap.set(card.owner, existing);
+      }
+      const creditsStmt = db.prepare(`
+      SELECT cc.owner,
+             SUM(CASE WHEN rl.status = 'success' THEN rl.credits_charged ELSE 0 END) as credits_earned
+      FROM capability_cards cc
+      LEFT JOIN request_log rl ON rl.card_id = cc.id
+      GROUP BY cc.owner
+    `);
+      const creditsRows = creditsStmt.all();
+      const creditsMap = new Map(creditsRows.map((r) => [r.owner, r.credits_earned ?? 0]));
+      const agents = Array.from(ownerMap.entries()).map(([owner, cards]) => {
+        const skillCount = cards.reduce((sum, card) => sum + (card.skills?.length ?? 1), 0);
+        const successRates = cards.map((c) => c.metadata?.success_rate).filter((r) => r != null);
+        const avgSuccessRate = successRates.length > 0 ? successRates.reduce((a, b) => a + b, 0) / successRates.length : null;
+        const memberStmt = db.prepare(
+          "SELECT MIN(created_at) as earliest FROM capability_cards WHERE owner = ?"
+        );
+        const memberRow = memberStmt.get(owner);
+        return {
+          owner,
+          skill_count: skillCount,
+          success_rate: avgSuccessRate,
+          total_earned: creditsMap.get(owner) ?? 0,
+          member_since: memberRow?.earliest ?? (/* @__PURE__ */ new Date()).toISOString()
+        };
+      });
+      agents.sort((a, b) => {
+        const aRate = a.success_rate ?? -1;
+        const bRate = b.success_rate ?? -1;
+        if (bRate !== aRate) return bRate - aRate;
+        return b.total_earned - a.total_earned;
+      });
+      return reply.send({ items: agents, total: agents.length });
+    });
+    api.get("/api/agents/:owner", {
+      schema: {
+        tags: ["agents"],
+        summary: "Get agent profile, skills, and recent activity (AgentProfileV2)",
+        params: { type: "object", properties: { owner: { type: "string" } }, required: ["owner"] },
+        response: {
+          200: { type: "object", additionalProperties: true },
+          404: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const { owner } = request.params;
+      const ownerCards = listCards(db, owner);
+      if (ownerCards.length === 0) {
+        return reply.status(404).send({ error: "Agent not found" });
+      }
+      const memberStmt = db.prepare(
+        "SELECT MIN(created_at) as earliest, MAX(created_at) as latest FROM capability_cards WHERE owner = ?"
+      );
+      const memberRow = memberStmt.get(owner);
+      const joinedAt = memberRow?.earliest ?? (/* @__PURE__ */ new Date()).toISOString();
+      const lastActiveStmt = db.prepare(`
+      SELECT MAX(rl.created_at) as last_req
+      FROM request_log rl
+      INNER JOIN capability_cards cc ON rl.card_id = cc.id
+      WHERE cc.owner = ?
+    `);
+      const lastActiveRow = lastActiveStmt.get(owner);
+      const lastActive = lastActiveRow?.last_req ?? memberRow?.latest ?? joinedAt;
+      const metricsStmt = db.prepare(`
+      SELECT
+        COUNT(*) as total,
+        SUM(CASE WHEN rl.status = 'success' THEN 1 ELSE 0 END) as successes,
+        AVG(CASE WHEN rl.status = 'success' THEN rl.latency_ms END) as avg_latency,
+        COUNT(DISTINCT rl.requester) as unique_requesters,
+        COUNT(DISTINCT CASE WHEN rl.status = 'success' THEN rl.requester END) as repeat_success_requesters
+      FROM request_log rl
+      INNER JOIN capability_cards cc ON rl.card_id = cc.id
+      WHERE cc.owner = ? AND rl.action_type IS NULL
+    `);
+      const metricsRow = metricsStmt.get(owner);
+      const totalExec = metricsRow?.total ?? 0;
+      const successExec = metricsRow?.successes ?? 0;
+      const successRate = totalExec > 0 ? successExec / totalExec : 0;
+      const avgLatency = metricsRow?.avg_latency ?? 0;
+      const refundRate = totalExec > 0 ? (totalExec - successExec) / totalExec : 0;
+      const uniqueReq = metricsRow?.unique_requesters ?? 0;
+      const repeatRate = uniqueReq > 0 ? (metricsRow?.repeat_success_requesters ?? 0) / uniqueReq : 0;
+      const trendStmt = db.prepare(`
+      SELECT
+        DATE(rl.created_at) as day,
+        COUNT(*) as count,
+        SUM(CASE WHEN rl.status = 'success' THEN 1 ELSE 0 END) as success
+      FROM request_log rl
+      INNER JOIN capability_cards cc ON rl.card_id = cc.id
+      WHERE cc.owner = ? AND rl.action_type IS NULL
+        AND rl.created_at >= DATE('now', '-7 days')
+      GROUP BY DATE(rl.created_at)
+      ORDER BY day ASC
+    `);
+      const trend_7d = trendStmt.all(owner).map((r) => ({ date: r.day, count: r.count, success: r.success }));
+      let performanceTier = 0;
+      if (totalExec > 10) performanceTier = 1;
+      if (totalExec > 50 && successRate >= 0.85) performanceTier = 2;
+      const proofsStmt = db.prepare(`
+      SELECT rl.card_name, rl.status, rl.latency_ms, rl.id, rl.created_at
+      FROM request_log rl
+      INNER JOIN capability_cards cc ON rl.card_id = cc.id
+      WHERE cc.owner = ? AND rl.action_type IS NULL
+      ORDER BY rl.created_at DESC
+      LIMIT 10
+    `);
+      const proofRows = proofsStmt.all(owner);
+      const statusToOutcomeClass = (s) => {
+        if (s === "success") return "completed";
+        if (s === "timeout") return "cancelled";
+        return "failed";
+      };
+      const executionProofs = proofRows.map((r) => ({
+        action: r.card_name,
+        status: r.status === "timeout" ? "timeout" : r.status,
+        outcome_class: statusToOutcomeClass(r.status),
+        latency_ms: r.latency_ms,
+        receipt_id: r.id,
+        proof_source: "request_log",
+        timestamp: r.created_at
+      }));
+      const v2Card = ownerCards.find((c) => c.spec_version === "2.0");
+      const suitability = v2Card?.suitability;
+      const learning = {
+        known_limitations: v2Card?.learning?.known_limitations ?? [],
+        common_failure_patterns: v2Card?.learning?.common_failure_patterns ?? [],
+        recent_improvements: v2Card?.learning?.recent_improvements ?? [],
+        critiques: v2Card?.learning?.critiques ?? []
+      };
+      const activityStmt = db.prepare(`
+      SELECT rl.id, rl.card_name, rl.requester, rl.status, rl.credits_charged, rl.created_at
+      FROM request_log rl
+      INNER JOIN capability_cards cc ON rl.card_id = cc.id
+      WHERE cc.owner = ?
+      ORDER BY rl.created_at DESC
+      LIMIT 10
+    `);
+      const recentActivity = activityStmt.all(owner);
+      const skillCount = ownerCards.reduce((sum, card) => sum + (card.skills?.length ?? 1), 0);
+      const creditsStmt = db.prepare(`
+      SELECT SUM(CASE WHEN rl.status = 'success' THEN rl.credits_charged ELSE 0 END) as credits_earned
+      FROM capability_cards cc
+      LEFT JOIN request_log rl ON rl.card_id = cc.id
+      WHERE cc.owner = ?
+    `);
+      const creditsRow = creditsStmt.get(owner);
+      const response = {
+        owner,
+        agent_name: v2Card?.agent_name,
+        short_description: v2Card?.short_description,
+        joined_at: joinedAt,
+        last_active: lastActive,
+        performance_tier: performanceTier,
+        verification_badges: [],
+        // Phase 1: no verification mechanism yet
+        authority: {
+          authority_source: "self",
+          verification_status: "none"
+        },
+        suitability,
+        trust_metrics: {
+          total_executions: totalExec,
+          successful_executions: successExec,
+          success_rate: successRate,
+          avg_latency_ms: Math.round(avgLatency),
+          refund_rate: refundRate,
+          repeat_use_rate: repeatRate,
+          trend_7d,
+          snapshot_at: null,
+          aggregation_window: "all"
+        },
+        execution_proofs: executionProofs,
+        learning,
+        skills: ownerCards,
+        recent_activity: recentActivity
+      };
+      return reply.send({
+        ...response,
+        profile: {
+          owner,
+          skill_count: skillCount,
+          success_rate: successRate > 0 ? successRate : null,
+          total_earned: creditsRow?.credits_earned ?? 0,
+          member_since: joinedAt
+        }
+      });
+    });
+    api.get("/api/activity", {
+      schema: {
+        tags: ["system"],
+        summary: "Paginated public activity feed of exchange events",
+        querystring: {
+          type: "object",
+          properties: {
+            limit: { type: "integer", default: 20, description: "Max items (max 100)" },
+            since: { type: "string", description: "ISO 8601 timestamp for polling" }
+          }
+        },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              items: { type: "array" },
+              total: { type: "integer" },
+              limit: { type: "integer" }
+            }
+          }
+        }
+      }
+    }, async (request, reply) => {
+      const query = request.query;
+      const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+      const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+      const since = query.since?.trim() || void 0;
+      const items = getActivityFeed(db, limit, since);
+      return reply.send({ items, total: items.length, limit });
+    });
+    api.get("/api/stats", {
+      schema: {
+        tags: ["system"],
+        summary: "Aggregate network statistics",
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              agents_online: { type: "integer" },
+              total_capabilities: { type: "integer" },
+              total_exchanges: { type: "integer" },
+              executions_7d: { type: "integer" },
+              verified_providers_count: { type: "integer" }
+            }
+          }
+        }
+      }
+    }, async (_request, reply) => {
+      const allCards = listCards(db);
+      const onlineOwners = /* @__PURE__ */ new Set();
+      if (relayState) {
+        for (const owner of relayState.getOnlineOwners()) {
+          onlineOwners.add(owner);
+        }
+      }
+      for (const card of allCards) {
+        if (card.availability.online) {
+          onlineOwners.add(card.owner);
+        }
+      }
+      const exchangeStmt = db.prepare(
+        "SELECT COUNT(*) as count FROM request_log WHERE status = 'success' AND (action_type IS NULL OR action_type = 'auto_share')"
+      );
+      const exchangeRow = exchangeStmt.get();
+      const exec7dStmt = db.prepare(
+        "SELECT COUNT(*) as count FROM request_log WHERE action_type IS NULL AND created_at >= DATE('now', '-7 days')"
+      );
+      const exec7dRow = exec7dStmt.get();
+      return reply.send({
+        agents_online: onlineOwners.size,
+        total_capabilities: allCards.reduce((sum, card) => {
+          const v2 = card;
+          return sum + (v2.skills?.length ?? 1);
+        }, 0),
+        total_exchanges: exchangeRow.count,
+        executions_7d: exec7dRow.count,
+        verified_providers_count: 0
+        // Phase 1: no verification mechanism yet
+      });
+    });
+    api.post("/api/identity/register", {
+      schema: {
+        tags: ["identity"],
+        summary: "Register a human guarantor via GitHub login",
+        body: {
+          type: "object",
+          properties: { github_login: { type: "string" } },
+          required: ["github_login"]
+        },
+        response: {
+          201: { type: "object", additionalProperties: true },
+          400: { type: "object", properties: { error: { type: "string" } } },
+          409: { type: "object", properties: { error: { type: "string" } } },
+          503: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      if (!opts.creditDb) {
+        return reply.code(503).send({ error: "Credit database not configured" });
+      }
+      const body = request.body;
+      const githubLogin = typeof body.github_login === "string" ? body.github_login.trim() : "";
+      if (!githubLogin) {
+        return reply.code(400).send({ error: "github_login is required" });
+      }
+      try {
+        const record = registerGuarantor(opts.creditDb, githubLogin);
+        const auth = initiateGithubAuth();
+        return reply.code(201).send({ guarantor: record, oauth: auth });
+      } catch (err) {
+        if (err instanceof AgentBnBError && err.code === "GUARANTOR_EXISTS") {
+          return reply.code(409).send({ error: err.message });
+        }
+        throw err;
+      }
+    });
+    api.post("/api/identity/link", {
+      schema: {
+        tags: ["identity"],
+        summary: "Link an agent to a human guarantor",
+        body: {
+          type: "object",
+          properties: {
+            agent_id: { type: "string" },
+            github_login: { type: "string" }
+          },
+          required: ["agent_id", "github_login"]
+        },
+        response: {
+          200: { type: "object", additionalProperties: true },
+          400: { type: "object", properties: { error: { type: "string" } } },
+          404: { type: "object", properties: { error: { type: "string" } } },
+          409: { type: "object", properties: { error: { type: "string" } } },
+          503: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      if (!opts.creditDb) {
+        return reply.code(503).send({ error: "Credit database not configured" });
+      }
+      const body = request.body;
+      const agentId = typeof body.agent_id === "string" ? body.agent_id.trim() : "";
+      const githubLogin = typeof body.github_login === "string" ? body.github_login.trim() : "";
+      if (!agentId || !githubLogin) {
+        return reply.code(400).send({ error: "agent_id and github_login are required" });
+      }
+      try {
+        const record = linkAgentToGuarantor(opts.creditDb, agentId, githubLogin);
+        return reply.send({ guarantor: record });
+      } catch (err) {
+        if (err instanceof AgentBnBError) {
+          const statusMap = {
+            GUARANTOR_NOT_FOUND: 404,
+            MAX_AGENTS_EXCEEDED: 409,
+            AGENT_ALREADY_LINKED: 409
+          };
+          const status = statusMap[err.code] ?? 400;
+          return reply.code(status).send({ error: err.message });
+        }
+        throw err;
+      }
+    });
+    api.get("/api/identity/:agent_id", {
+      schema: {
+        tags: ["identity"],
+        summary: "Get guarantor info for an agent",
+        params: { type: "object", properties: { agent_id: { type: "string" } }, required: ["agent_id"] },
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              agent_id: { type: "string" },
+              guarantor: { oneOf: [{ type: "object", additionalProperties: true }, { type: "null" }] }
+            }
+          },
+          503: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      if (!opts.creditDb) {
+        return reply.code(503).send({ error: "Credit database not configured" });
+      }
+      const { agent_id } = request.params;
+      const guarantor = getAgentGuarantor(opts.creditDb, agent_id);
+      return reply.send({ agent_id, guarantor });
+    });
+    api.get("/api/openapi/gpt-actions", {
+      schema: {
+        tags: ["system"],
+        summary: "GPT Actions-compatible OpenAPI schema",
+        description: "Returns a GPT Builder-importable OpenAPI spec with only public GET/POST endpoints",
+        querystring: {
+          type: "object",
+          properties: {
+            server_url: { type: "string", description: "Base URL for the server (required for absolute URLs in GPT Actions)" }
+          }
+        },
+        response: { 200: { type: "object", additionalProperties: true } }
+      }
+    }, async (request, reply) => {
+      const query = request.query;
+      const serverUrl = query.server_url?.trim() || `${request.protocol}://${request.hostname}`;
+      const openapiSpec = server.swagger();
+      const gptActions = convertToGptActions(openapiSpec, serverUrl);
+      return reply.send(gptActions);
+    });
+    const BatchRequestBodySchema = z5.object({
+      requests: z5.array(
+        z5.object({
+          skill_id: z5.string().min(1),
+          params: z5.record(z5.unknown()).default({}),
+          max_credits: z5.number().positive()
+        })
+      ).min(1),
+      strategy: z5.enum(["parallel", "sequential", "best_effort"]),
+      total_budget: z5.number().positive()
+    });
+    api.post("/api/request/batch", {
+      schema: {
+        tags: ["cards"],
+        summary: "Execute multiple capability requests in one batch call",
+        body: { type: "object", additionalProperties: true },
+        response: {
+          200: { type: "object", additionalProperties: true },
+          400: { type: "object", properties: { error: { type: "string" } } },
+          401: { type: "object", properties: { error: { type: "string" } } },
+          503: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      if (!opts.creditDb) {
+        return reply.code(503).send({ error: "Credit database not configured" });
+      }
+      const auth = request.headers.authorization;
+      const owner = auth?.startsWith("Bearer ") ? auth.slice(7).trim() : null;
+      if (!owner) {
+        return reply.code(401).send({ error: "Authorization header with Bearer <owner> is required" });
+      }
+      const parseResult = BatchRequestBodySchema.safeParse(request.body);
+      if (!parseResult.success) {
+        return reply.code(400).send({
+          error: "Request body validation failed",
+          issues: parseResult.error.issues
+        });
+      }
+      const { requests, strategy, total_budget } = parseResult.data;
+      const batchResult = await executeCapabilityBatch({
+        requests,
+        strategy,
+        total_budget,
+        registryDb: db,
+        creditDb: opts.creditDb,
+        owner
+      });
+      return reply.send(batchResult);
+    });
+    if (opts.ownerApiKey && opts.ownerName) {
+      const ownerApiKey = opts.ownerApiKey;
+      const ownerName = opts.ownerName;
+      void api.register(async (ownerRoutes) => {
+        ownerRoutes.addHook("onRequest", async (request, reply) => {
+          const auth = request.headers.authorization;
+          const token = auth?.startsWith("Bearer ") ? auth.slice(7).trim() : null;
+          if (!token || token !== ownerApiKey) {
+            return reply.status(401).send({ error: "Unauthorized" });
+          }
+        });
+        ownerRoutes.get("/me", {
+          schema: {
+            tags: ["owner"],
+            summary: "Get owner identity and credit balance",
+            security: [{ bearerAuth: [] }],
+            response: {
+              200: { type: "object", properties: { owner: { type: "string" }, balance: { type: "number" } } }
+            }
+          }
+        }, async (_request, reply) => {
+          let balance = 0;
+          if (opts.creditDb) {
+            const ledger = createLedger({ db: opts.creditDb });
+            balance = await ledger.getBalance(ownerName);
+          }
+          return reply.send({ owner: ownerName, balance });
+        });
+        ownerRoutes.get("/requests", {
+          schema: {
+            tags: ["owner"],
+            summary: "Paginated request log entries",
+            security: [{ bearerAuth: [] }],
+            querystring: {
+              type: "object",
+              properties: {
+                limit: { type: "integer", description: "Max entries (default 10, max 100)" },
+                since: { type: "string", enum: ["24h", "7d", "30d"], description: "Time window" }
+              }
+            },
+            response: { 200: { type: "object", properties: { items: { type: "array" }, limit: { type: "integer" } } } }
+          }
+        }, async (request, reply) => {
+          const query = request.query;
+          const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 10;
+          const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 10 : rawLimit, 100);
+          const sinceRaw = query.since;
+          const validSince = ["24h", "7d", "30d"];
+          const since = sinceRaw && validSince.includes(sinceRaw) ? sinceRaw : void 0;
+          const items = getRequestLog(db, limit, since);
+          return reply.send({ items, limit });
+        });
+        ownerRoutes.get("/draft", {
+          schema: {
+            tags: ["owner"],
+            summary: "Draft capability cards from auto-detected API keys",
+            security: [{ bearerAuth: [] }],
+            response: { 200: { type: "object", properties: { cards: { type: "array" } } } }
+          }
+        }, async (_request, reply) => {
+          const detectedKeys = detectApiKeys(KNOWN_API_KEYS);
+          const cards = detectedKeys.map((key) => buildDraftCard(key, ownerName)).filter((card) => card !== null);
+          return reply.send({ cards });
+        });
+        ownerRoutes.post("/cards/:id/toggle-online", {
+          schema: {
+            tags: ["owner"],
+            summary: "Toggle card online/offline status",
+            security: [{ bearerAuth: [] }],
+            params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+            response: {
+              200: { type: "object", properties: { ok: { type: "boolean" }, online: { type: "boolean" } } },
+              403: { type: "object", properties: { error: { type: "string" } } },
+              404: { type: "object", properties: { error: { type: "string" } } }
+            }
+          }
+        }, async (request, reply) => {
+          const { id } = request.params;
+          const card = getCard(db, id);
+          if (!card) {
+            return reply.code(404).send({ error: "Not found" });
+          }
+          try {
+            const newOnline = !card.availability.online;
+            updateCard(db, id, ownerName, {
+              availability: { ...card.availability, online: newOnline }
+            });
+            return reply.send({ ok: true, online: newOnline });
+          } catch (err) {
+            if (err instanceof AgentBnBError && err.code === "FORBIDDEN") {
+              return reply.code(403).send({ error: "Forbidden" });
+            }
+            throw err;
+          }
+        });
+        ownerRoutes.patch("/cards/:id", {
+          schema: {
+            tags: ["owner"],
+            summary: "Update card description or pricing",
+            security: [{ bearerAuth: [] }],
+            params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+            body: {
+              type: "object",
+              properties: {
+                description: { type: "string" },
+                pricing: { type: "object", additionalProperties: true }
+              },
+              additionalProperties: true
+            },
+            response: {
+              200: { type: "object", properties: { ok: { type: "boolean" } } },
+              403: { type: "object", properties: { error: { type: "string" } } },
+              404: { type: "object", properties: { error: { type: "string" } } }
+            }
+          }
+        }, async (request, reply) => {
+          const { id } = request.params;
+          const body = request.body;
+          const updates = {};
+          if (body.description !== void 0) updates.description = body.description;
+          if (body.pricing !== void 0) updates.pricing = body.pricing;
+          try {
+            updateCard(db, id, ownerName, updates);
+            return reply.send({ ok: true });
+          } catch (err) {
+            if (err instanceof AgentBnBError) {
+              if (err.code === "FORBIDDEN") {
+                return reply.code(403).send({ error: "Forbidden" });
+              }
+              if (err.code === "NOT_FOUND") {
+                return reply.code(404).send({ error: "Not found" });
+              }
+            }
+            throw err;
+          }
+        });
+        ownerRoutes.get("/me/pending-requests", {
+          schema: {
+            tags: ["owner"],
+            summary: "List pending Tier 3 approval queue entries",
+            security: [{ bearerAuth: [] }],
+            response: { 200: { type: "array" } }
+          }
+        }, async (_request, reply) => {
+          const rows = listPendingRequests(db);
+          return reply.send(rows);
+        });
+        ownerRoutes.post("/me/pending-requests/:id/approve", {
+          schema: {
+            tags: ["owner"],
+            summary: "Approve a pending Tier 3 request",
+            security: [{ bearerAuth: [] }],
+            params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+            response: {
+              200: { type: "object", properties: { status: { type: "string" }, id: { type: "string" } } },
+              404: { type: "object", properties: { error: { type: "string" } } }
+            }
+          }
+        }, async (request, reply) => {
+          const { id } = request.params;
+          try {
+            resolvePendingRequest(db, id, "approved");
+            return reply.send({ status: "approved", id });
+          } catch (err) {
+            if (err instanceof AgentBnBError) return reply.status(404).send({ error: err.message });
+            throw err;
+          }
+        });
+        ownerRoutes.post("/me/pending-requests/:id/reject", {
+          schema: {
+            tags: ["owner"],
+            summary: "Reject a pending Tier 3 request",
+            security: [{ bearerAuth: [] }],
+            params: { type: "object", properties: { id: { type: "string" } }, required: ["id"] },
+            response: {
+              200: { type: "object", properties: { status: { type: "string" }, id: { type: "string" } } },
+              404: { type: "object", properties: { error: { type: "string" } } }
+            }
+          }
+        }, async (request, reply) => {
+          const { id } = request.params;
+          try {
+            resolvePendingRequest(db, id, "rejected");
+            return reply.send({ status: "rejected", id });
+          } catch (err) {
+            if (err instanceof AgentBnBError) return reply.status(404).send({ error: err.message });
+            throw err;
+          }
+        });
+        ownerRoutes.get("/me/transactions", {
+          schema: {
+            tags: ["owner"],
+            summary: "Paginated credit transaction history",
+            security: [{ bearerAuth: [] }],
+            querystring: {
+              type: "object",
+              properties: { limit: { type: "integer", description: "Max entries (default 20, max 100)" } }
+            },
+            response: {
+              200: { type: "object", properties: { items: { type: "array" }, limit: { type: "integer" } } }
+            }
+          }
+        }, async (request, reply) => {
+          const query = request.query;
+          const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 20;
+          const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 20 : rawLimit, 100);
+          if (!opts.creditDb) {
+            return reply.send({ items: [], limit });
+          }
+          const ledger = createLedger({ db: opts.creditDb });
+          const items = await ledger.getHistory(ownerName, limit);
+          return reply.send({ items, limit });
+        });
+      });
+    }
+  });
+  return { server, relayState };
+}
+
+// src/autonomy/idle-monitor.ts
+import { Cron } from "croner";
+var IdleMonitor = class {
+  job;
+  owner;
+  db;
+  idleThreshold;
+  autonomyConfig;
+  /**
+   * Creates a new IdleMonitor instance. The Cron job is constructed paused.
+   * Call `start()` to activate polling.
+   *
+   * @param opts - IdleMonitor configuration options.
+   */
+  constructor(opts) {
+    this.owner = opts.owner;
+    this.db = opts.db;
+    this.idleThreshold = opts.idleThreshold ?? 0.7;
+    this.autonomyConfig = opts.autonomyConfig ?? DEFAULT_AUTONOMY_CONFIG;
+    this.job = new Cron("0 * * * * *", { paused: true }, () => {
+      void this.poll();
+    });
+  }
+  /**
+   * Starts the Cron polling loop by resuming the paused job.
+   *
+   * @returns The Cron job instance, for registration with AgentRuntime.registerJob().
+   */
+  start() {
+    this.job.resume();
+    return this.job;
+  }
+  /**
+   * Returns the underlying Cron job instance.
+   * Used for testing or for registering with AgentRuntime.registerJob() without starting.
+   *
+   * @returns The Cron job instance.
+   */
+  getJob() {
+    return this.job;
+  }
+  /**
+   * Polls the registry for all v2.0 cards owned by this agent, computes per-skill
+   * idle rates from the past hour of request_log data, and triggers auto-share if eligible.
+   *
+   * Called automatically by the Cron job every 60 seconds.
+   * Can be called directly in tests without needing to wait for the timer.
+   */
+  async poll() {
+    const cards = listCards(this.db, this.owner);
+    for (const card of cards) {
+      const maybeV2 = card;
+      if (!Array.isArray(maybeV2.skills)) {
+        continue;
+      }
+      for (const skill of maybeV2.skills) {
+        const capacity = skill.metadata?.capacity?.calls_per_hour ?? 60;
+        const count = getSkillRequestCount(this.db, skill.id, 60 * 60 * 1e3);
+        const idleRate = Math.max(0, 1 - count / capacity);
+        updateSkillIdleRate(this.db, card.id, skill.id, idleRate);
+        const isOnline = skill.availability?.online ?? false;
+        if (idleRate >= this.idleThreshold && !isOnline) {
+          const tier = getAutonomyTier(0, this.autonomyConfig);
+          if (tier === 1) {
+            updateSkillAvailability(this.db, card.id, skill.id, true);
+            insertAuditEvent(this.db, {
+              type: "auto_share",
+              skill_id: skill.id,
+              tier_invoked: 1,
+              idle_rate: idleRate
+            });
+          } else if (tier === 2) {
+            updateSkillAvailability(this.db, card.id, skill.id, true);
+            insertAuditEvent(this.db, {
+              type: "auto_share_notify",
+              skill_id: skill.id,
+              tier_invoked: 2,
+              idle_rate: idleRate
+            });
+          } else {
+            insertAuditEvent(this.db, {
+              type: "auto_share_pending",
+              skill_id: skill.id,
+              tier_invoked: 3,
+              idle_rate: idleRate
+            });
+          }
+        }
+      }
+    }
+  }
+};
+
+// src/runtime/service-coordinator.ts
+import { spawn } from "child_process";
+import { createRequire } from "module";
+import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
+import { fileURLToPath as fileURLToPath2 } from "url";
+import { dirname as dirname2, join as join2, resolve } from "path";
+import { homedir } from "os";
+import { randomUUID as randomUUID5 } from "crypto";
+var ServiceCoordinator = class {
+  config;
+  guard;
+  runtime = null;
+  gateway = null;
+  registryFastify = null;
+  relayClient = null;
+  announceEnabled = false;
+  inProcessStartup = false;
+  shutdownPromise = null;
+  signalHandlersRegistered = false;
+  constructor(config, guard) {
+    this.config = config;
+    this.guard = guard;
+  }
+  async ensureRunning(opts) {
+    const running = this.guard.getRunningMeta();
+    if (running) {
+      const health = await this.healthCheckForPort(running.port, running.owner);
+      if (health.ok && health.agentbnb) {
+        return "already_running";
+      }
+      throw new AgentBnBError(
+        `AgentBnB lock exists but health check failed (pid=${running.pid}, port=${running.port})`,
+        "SERVICE_UNHEALTHY"
+      );
+    }
+    if (opts?.foreground) {
+      return this.startInProcess(opts);
+    }
+    let child = null;
+    try {
+      child = this.spawnManagedProcess(opts);
+      const expectedPort = opts?.port ?? this.config.gateway_port;
+      await this.waitUntilHealthy(expectedPort, 1e4);
+      return "started";
+    } catch (err) {
+      await this.rollbackManagedStartup(child);
+      throw err;
+    }
+  }
+  async getStatus() {
+    const meta = this.guard.getRunningMeta();
+    if (!meta) {
+      return {
+        state: "stopped",
+        pid: null,
+        port: null,
+        owner: null,
+        relayConnected: false,
+        uptime_ms: null
+      };
+    }
+    const health = await this.healthCheckForPort(meta.port, meta.owner);
+    const startedAtMs = Date.parse(meta.started_at);
+    const uptimeMs = Number.isFinite(startedAtMs) ? Date.now() - startedAtMs : null;
+    return {
+      state: health.ok ? "running" : "unknown",
+      pid: meta.pid,
+      port: meta.port,
+      owner: meta.owner,
+      relayConnected: this.relayClient !== null,
+      uptime_ms: uptimeMs
+    };
+  }
+  async stop() {
+    if (this.inProcessStartup) {
+      await this.shutdownInProcess();
+      return;
+    }
+    const meta = this.guard.getRunningMeta();
+    if (!meta) return;
+    try {
+      process.kill(meta.pid, "SIGTERM");
+    } catch (err) {
+      const killErr = err;
+      if (killErr.code !== "ESRCH") {
+        throw err;
+      }
+    }
+    await this.waitForPidExit(meta.pid, 1e4);
+    this.guard.release();
+  }
+  async restart(opts) {
+    await this.stop();
+    await this.ensureRunning(opts);
+  }
+  async healthCheck() {
+    const meta = this.guard.getRunningMeta();
+    const port = meta?.port ?? this.config.gateway_port;
+    return this.healthCheckForPort(port, meta?.owner);
+  }
+  async startInProcess(opts) {
+    const resolved = this.resolveOptions(opts);
+    const lockMeta = {
+      started_at: (/* @__PURE__ */ new Date()).toISOString(),
+      port: resolved.port,
+      owner: this.config.owner
+    };
+    this.guard.acquire(lockMeta);
+    try {
+      await this.startServiceStack(resolved);
+      this.inProcessStartup = true;
+      this.registerSignalHandlers();
+      return "started";
+    } catch (err) {
+      await this.shutdownInProcess();
+      this.guard.release();
+      throw err;
+    }
+  }
+  resolveOptions(opts) {
+    return {
+      port: opts?.port ?? this.config.gateway_port,
+      handlerUrl: opts?.handlerUrl ?? "http://localhost:8080",
+      skillsYamlPath: opts?.skillsYamlPath ?? join2(homedir(), ".agentbnb", "skills.yaml"),
+      registryPort: opts?.registryPort ?? 7701,
+      registryUrl: opts?.registryUrl ?? this.config.registry ?? "",
+      relay: opts?.relay ?? true,
+      conductorEnabled: opts?.conductorEnabled ?? false,
+      announce: opts?.announce ?? false
+    };
+  }
+  async startServiceStack(opts) {
+    this.runtime = new AgentRuntime({
+      registryDbPath: this.config.db_path,
+      creditDbPath: this.config.credit_db_path,
+      owner: this.config.owner,
+      skillsYamlPath: opts.skillsYamlPath,
+      conductorEnabled: opts.conductorEnabled,
+      conductorToken: this.config.token
+    });
+    await this.runtime.start();
+    if (this.runtime.skillExecutor) {
+      console.log(`SkillExecutor initialized from ${opts.skillsYamlPath}`);
+    }
+    if (opts.conductorEnabled) {
+      console.log("Conductor mode enabled \u2014 orchestrate/plan skills available via gateway");
+    }
+    if (opts.conductorEnabled && this.config.conductor?.public) {
+      const { buildConductorCard } = await import("./card-RSGDCHCV.js");
+      const conductorCard = buildConductorCard(this.config.owner);
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const existing = this.runtime.registryDb.prepare("SELECT id FROM capability_cards WHERE id = ?").get(conductorCard.id);
+      if (existing) {
+        this.runtime.registryDb.prepare("UPDATE capability_cards SET data = ?, updated_at = ? WHERE id = ?").run(JSON.stringify(conductorCard), now, conductorCard.id);
+      } else {
+        this.runtime.registryDb.prepare(
+          "INSERT INTO capability_cards (id, owner, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?)"
+        ).run(
+          conductorCard.id,
+          this.config.owner,
+          JSON.stringify(conductorCard),
+          now,
+          now
+        );
+      }
+      console.log("Conductor card registered locally (conductor.public: true)");
+    }
+    const autonomyConfig = this.config.autonomy ?? DEFAULT_AUTONOMY_CONFIG;
+    const idleMonitor = new IdleMonitor({
+      owner: this.config.owner,
+      db: this.runtime.registryDb,
+      autonomyConfig
+    });
+    const idleJob = idleMonitor.start();
+    this.runtime.registerJob(idleJob);
+    console.log("IdleMonitor started (60s poll interval, 70% idle threshold)");
+    this.gateway = createGatewayServer({
+      port: opts.port,
+      registryDb: this.runtime.registryDb,
+      creditDb: this.runtime.creditDb,
+      tokens: [this.config.token],
+      handlerUrl: opts.handlerUrl,
+      skillExecutor: this.runtime.skillExecutor
+    });
+    await this.gateway.listen({ port: opts.port, host: "0.0.0.0" });
+    console.log(`Gateway running on port ${opts.port}`);
+    if (opts.registryPort > 0) {
+      if (!this.config.api_key) {
+        console.warn("No API key found. Run `agentbnb init` to enable dashboard features.");
+      }
+      const { server: regServer, relayState } = createRegistryServer({
+        registryDb: this.runtime.registryDb,
+        silent: false,
+        ownerName: this.config.owner,
+        ownerApiKey: this.config.api_key,
+        creditDb: this.runtime.creditDb
+      });
+      this.registryFastify = regServer;
+      await this.registryFastify.listen({ port: opts.registryPort, host: "0.0.0.0" });
+      console.log(`Registry API: http://0.0.0.0:${opts.registryPort}/cards`);
+      if (relayState) {
+        console.log("WebSocket relay active on /ws");
+      }
+    }
+    if (opts.registryUrl && opts.relay) {
+      const { RelayClient } = await import("./websocket-client-6IIDGXKB.js");
+      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("./execute-CPFSOOO3.js");
+      const cards = listCards(this.runtime.registryDb, this.config.owner);
+      const card = cards[0] ?? {
+        id: randomUUID5(),
+        owner: this.config.owner,
+        name: this.config.owner,
+        description: "Agent registered via CLI",
+        spec_version: "1.0",
+        level: 1,
+        inputs: [],
+        outputs: [],
+        pricing: { credits_per_call: 1 },
+        availability: { online: true }
+      };
+      const additionalCards = [];
+      if (this.config.conductor?.public) {
+        const { buildConductorCard } = await import("./card-RSGDCHCV.js");
+        additionalCards.push(
+          buildConductorCard(this.config.owner)
+        );
+        console.log("Conductor card will be published to registry (conductor.public: true)");
+      }
+      this.relayClient = new RelayClient({
+        registryUrl: opts.registryUrl,
+        owner: this.config.owner,
+        token: this.config.token,
+        card,
+        cards: additionalCards.length > 0 ? additionalCards : void 0,
+        onRequest: async (req) => {
+          const onProgress = (info) => {
+            this.relayClient.sendProgress(req.id, info);
+          };
+          const result = await executeCapabilityRequest2({
+            registryDb: this.runtime.registryDb,
+            creditDb: this.runtime.creditDb,
+            cardId: req.card_id,
+            skillId: req.skill_id,
+            params: req.params,
+            requester: req.requester ?? req.from_owner,
+            escrowReceipt: req.escrow_receipt,
+            skillExecutor: this.runtime.skillExecutor,
+            handlerUrl: opts.handlerUrl,
+            onProgress,
+            relayAuthorized: true
+          });
+          if (result.success) {
+            return { result: result.result };
+          }
+          return { error: { code: result.error.code, message: result.error.message } };
+        }
+      });
+      try {
+        await this.relayClient.connect();
+        console.log(`Connected to registry: ${opts.registryUrl}`);
+      } catch (err) {
+        console.warn(
+          `Warning: could not connect to registry ${opts.registryUrl}: ${err instanceof Error ? err.message : err}`
+        );
+        console.warn("Will auto-reconnect in background...");
+      }
+    }
+    if (opts.announce) {
+      announceGateway(this.config.owner, opts.port);
+      this.announceEnabled = true;
+      console.log("Announcing on local network via mDNS");
+    }
+  }
+  async shutdownInProcess() {
+    if (this.shutdownPromise) {
+      await this.shutdownPromise;
+      return;
+    }
+    this.shutdownPromise = (async () => {
+      if (this.relayClient) {
+        this.relayClient.disconnect();
+        this.relayClient = null;
+      }
+      if (this.announceEnabled) {
+        await stopAnnouncement();
+        this.announceEnabled = false;
+      }
+      if (this.registryFastify) {
+        await this.registryFastify.close().catch(() => void 0);
+        this.registryFastify = null;
+      }
+      if (this.gateway) {
+        await this.gateway.close().catch(() => void 0);
+        this.gateway = null;
+      }
+      if (this.runtime) {
+        await this.runtime.shutdown().catch(() => void 0);
+        this.runtime = null;
+      }
+      this.unregisterSignalHandlers();
+      this.inProcessStartup = false;
+      this.guard.release();
+    })();
+    try {
+      await this.shutdownPromise;
+    } finally {
+      this.shutdownPromise = null;
+    }
+  }
+  spawnManagedProcess(opts) {
+    const runtime = loadPersistedRuntime(getConfigDir());
+    const nodeExec = resolveNodeExecutable(runtime);
+    const cliArgs = resolveCliLaunchArgs(this.buildServeArgs(opts));
+    const child = spawn(nodeExec, cliArgs, {
+      detached: true,
+      stdio: "ignore",
+      env: { ...process.env }
+    });
+    child.unref();
+    return child;
+  }
+  buildServeArgs(opts) {
+    const args = [];
+    if (opts?.port !== void 0) args.push("--port", String(opts.port));
+    if (opts?.handlerUrl) args.push("--handler-url", opts.handlerUrl);
+    if (opts?.skillsYamlPath) args.push("--skills-yaml", opts.skillsYamlPath);
+    if (opts?.registryPort !== void 0) {
+      args.push("--registry-port", String(opts.registryPort));
+    }
+    if (opts?.registryUrl) args.push("--registry", opts.registryUrl);
+    if (opts?.conductorEnabled) args.push("--conductor");
+    if (opts?.announce) args.push("--announce");
+    if (opts?.relay === false) args.push("--no-relay");
+    return args;
+  }
+  async rollbackManagedStartup(child) {
+    if (child?.pid) {
+      try {
+        process.kill(child.pid, "SIGTERM");
+      } catch (err) {
+        const killErr = err;
+        if (killErr.code !== "ESRCH") {
+          throw err;
+        }
+      }
+      await this.waitForPidExit(child.pid, 3e3).catch(() => void 0);
+    }
+    this.guard.release();
+  }
+  async waitUntilHealthy(port, timeoutMs) {
+    const start = Date.now();
+    while (Date.now() - start < timeoutMs) {
+      const health = await this.healthCheckForPort(port, this.config.owner);
+      if (health.ok && health.agentbnb) {
+        return;
+      }
+      await sleep2(250);
+    }
+    throw new AgentBnBError(
+      `Timed out waiting for AgentBnB service on port ${port}`,
+      "SERVICE_START_TIMEOUT"
+    );
+  }
+  async healthCheckForPort(port, owner) {
+    const startedAt = Date.now();
+    const baseUrl = this.getGatewayBaseUrl(port);
+    try {
+      const healthResponse = await this.fetchWithTimeout(`${baseUrl}/health`, {
+        method: "GET"
+      });
+      if (!healthResponse.ok) {
+        return {
+          ok: false,
+          agentbnb: false,
+          latency_ms: Date.now() - startedAt,
+          owner
+        };
+      }
+      const body = await healthResponse.json();
+      if (body.status !== "ok") {
+        return {
+          ok: false,
+          agentbnb: false,
+          latency_ms: Date.now() - startedAt,
+          version: body.version,
+          owner
+        };
+      }
+      const probeId = "agentbnb-health-signature";
+      const probeResponse = await this.fetchWithTimeout(`${baseUrl}/rpc`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.config.token}`
+        },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          id: probeId,
+          method: "agentbnb.signature.probe",
+          params: {}
+        })
+      });
+      let agentbnb = false;
+      if (probeResponse.ok) {
+        const probe = await probeResponse.json();
+        agentbnb = probe.jsonrpc === "2.0" && probe.id === probeId && probe.error?.code === -32601;
+      }
+      return {
+        ok: body.status === "ok" && agentbnb,
+        agentbnb,
+        latency_ms: Date.now() - startedAt,
+        version: body.version,
+        owner
+      };
+    } catch {
+      return {
+        ok: false,
+        agentbnb: false,
+        latency_ms: Date.now() - startedAt,
+        owner
+      };
+    }
+  }
+  async fetchWithTimeout(url, init, timeoutMs = 3e3) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+      return await fetch(url, { ...init, signal: controller.signal });
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+  getGatewayBaseUrl(port) {
+    try {
+      const configured = new URL(this.config.gateway_url);
+      return `${configured.protocol}//${configured.hostname}:${port}`;
+    } catch {
+      return `http://127.0.0.1:${port}`;
+    }
+  }
+  async waitForPidExit(pid, timeoutMs) {
+    const started = Date.now();
+    while (Date.now() - started < timeoutMs) {
+      if (!isPidAlive(pid)) return;
+      await sleep2(100);
+    }
+    if (isPidAlive(pid)) {
+      throw new AgentBnBError(
+        `Timed out waiting for process ${pid} to exit`,
+        "PROCESS_STOP_TIMEOUT"
+      );
+    }
+  }
+  registerSignalHandlers() {
+    if (this.signalHandlersRegistered) return;
+    process.once("SIGTERM", this.handleSignal);
+    process.once("SIGINT", this.handleSignal);
+    this.signalHandlersRegistered = true;
+  }
+  unregisterSignalHandlers() {
+    if (!this.signalHandlersRegistered) return;
+    process.removeListener("SIGTERM", this.handleSignal);
+    process.removeListener("SIGINT", this.handleSignal);
+    this.signalHandlersRegistered = false;
+  }
+  handleSignal = () => {
+    void (async () => {
+      await this.shutdownInProcess();
+      process.exit(0);
+    })();
+  };
+};
+var require2 = createRequire(import.meta.url);
+function loadPersistedRuntime(configDir) {
+  const runtimePath = join2(configDir, "runtime.json");
+  if (!existsSync3(runtimePath)) return null;
+  try {
+    const raw = readFileSync2(runtimePath, "utf8");
+    const parsed = JSON.parse(raw);
+    const nodeExec = parsed["node_exec"];
+    if (typeof nodeExec !== "string" || nodeExec.trim().length === 0) {
+      return null;
+    }
+    return {
+      node_exec: nodeExec,
+      node_version: typeof parsed["node_version"] === "string" ? parsed["node_version"] : void 0,
+      source: typeof parsed["source"] === "string" ? parsed["source"] : void 0,
+      detected_at: typeof parsed["detected_at"] === "string" ? parsed["detected_at"] : void 0
+    };
+  } catch {
+    return null;
+  }
+}
+function resolveNodeExecutable(runtime) {
+  if (runtime?.node_exec) {
+    return runtime.node_exec;
+  }
+  return process.execPath;
+}
+function resolveCliLaunchArgs(serveArgs) {
+  const projectRoot = resolve(dirname2(fileURLToPath2(import.meta.url)), "..", "..");
+  const distCli = join2(projectRoot, "dist", "cli", "index.js");
+  if (existsSync3(distCli)) {
+    return [distCli, "serve", ...serveArgs];
+  }
+  const srcCli = join2(projectRoot, "src", "cli", "index.ts");
+  if (existsSync3(srcCli)) {
+    const tsxCli = require2.resolve("tsx/dist/cli.mjs");
+    return [tsxCli, srcCli, "serve", ...serveArgs];
+  }
+  throw new AgentBnBError(
+    "Unable to locate AgentBnB CLI entry (dist/cli/index.js or src/cli/index.ts)",
+    "CLI_ENTRY_NOT_FOUND"
+  );
+}
+function isPidAlive(pid) {
+  if (!Number.isInteger(pid) || pid <= 0) return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (err) {
+    const killErr = err;
+    return killErr.code === "EPERM";
+  }
+}
+function sleep2(ms) {
+  return new Promise((resolveSleep) => setTimeout(resolveSleep, ms));
+}
+export {
+  ServiceCoordinator,
+  loadPersistedRuntime,
+  resolveNodeExecutable
+};