agentbnb 7.0.0-beta.1 → 7.0.0

package/dist/index.js

@@ -17,6 +17,8 @@ var CapabilityCardSchema = z.object({
   spec_version: z.literal("1.0").default("1.0"),
   id: z.string().uuid(),
   owner: z.string().min(1),
+  /** V8: Cryptographic agent identity (Ed25519 public key hash). */
+  agent_id: z.string().optional(),
   name: z.string().min(1).max(100),
   description: z.string().max(500),
   level: z.union([z.literal(1), z.literal(2), z.literal(3)]),
@@ -139,6 +141,8 @@ var CapabilityCardV2Schema = z.object({
   spec_version: z.literal("2.0"),
   id: z.string().uuid(),
   owner: z.string().min(1),
+  /** V8: Cryptographic agent identity (Ed25519 public key hash). */
+  agent_id: z.string().optional(),
   /** Agent display name — was 'name' in v1.0. */
   agent_name: z.string().min(1).max(100),
   /** Short one-liner shown in Hub v2 Identity Header. */
@@ -856,6 +860,26 @@ function recordSuccessfulHire(db, providerOwner, consumerOwner) {
   ).run(repeatIncrement, now, providerOwner);
 }
 
+// src/identity/agent-identity.ts
+var AGENTS_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS agents (
+    agent_id TEXT PRIMARY KEY,
+    display_name TEXT NOT NULL,
+    public_key TEXT NOT NULL,
+    operator_id TEXT,
+    server_id TEXT,
+    legacy_owner TEXT,
+    created_at TEXT NOT NULL,
+    updated_at TEXT NOT NULL
+  );
+
+  CREATE INDEX IF NOT EXISTS idx_agents_operator ON agents(operator_id);
+  CREATE INDEX IF NOT EXISTS idx_agents_legacy_owner ON agents(legacy_owner);
+`;
+function ensureAgentsTable(db) {
+  db.exec(AGENTS_SCHEMA);
+}
+
 // src/credit/ledger.ts
 var CREDIT_SCHEMA = `
   CREATE TABLE IF NOT EXISTS credit_balances (
@@ -912,6 +936,7 @@ function openCreditDb(path = ":memory:") {
   } catch {
   }
   ensureReliabilityTable(db);
+  ensureAgentsTable(db);
   return db;
 }
 function getBalance(db, owner) {
@@ -2309,7 +2334,8 @@ var OpenClawBridge = class {
 };
 
 // src/skills/command-executor.ts
-import { execFile as execFile2 } from "child_process";
+import { spawn } from "child_process";
+var KILL_GRACE_MS = 5e3;
 function shellEscape2(value) {
   return "'" + value.replace(/'/g, "'\\''") + "'";
 }
@@ -2335,29 +2361,89 @@ function safeInterpolateCommand2(template, context) {
     return shellEscape2(String(current));
   });
 }
-function execFileAsync2(file, args, options) {
+function spawnWithKill(command, options, registry) {
   return new Promise((resolve, reject) => {
-    execFile2(file, args, options, (error, stdout, stderr) => {
-      const stdoutStr = typeof stdout === "string" ? stdout : stdout.toString();
-      const stderrStr = typeof stderr === "string" ? stderr : stderr.toString();
-      if (error) {
-        const enriched = Object.assign(error, { stderr: stderrStr });
-        reject(enriched);
+    const child = spawn("/bin/sh", ["-c", `${command} < /dev/null`], {
+      cwd: options.cwd,
+      env: options.env,
+      stdio: ["ignore", "pipe", "pipe"],
+      detached: true
+    });
+    registry.add(child);
+    let stdout = "";
+    let stderr = "";
+    let timedOut = false;
+    let killed = false;
+    let killTimer;
+    child.stdout.on("data", (chunk) => {
+      if (stdout.length < options.maxBuffer) {
+        stdout += chunk.toString();
+      }
+    });
+    child.stderr.on("data", (chunk) => {
+      if (stderr.length < options.maxBuffer) {
+        stderr += chunk.toString();
+      }
+    });
+    const killGroup = (signal) => {
+      try {
+        process.kill(-child.pid, signal);
+      } catch {
+        try {
+          child.kill(signal);
+        } catch {
+        }
+      }
+    };
+    const timeoutId = setTimeout(() => {
+      timedOut = true;
+      killGroup("SIGTERM");
+      killTimer = setTimeout(() => {
+        if (!killed) {
+          killGroup("SIGKILL");
+        }
+      }, KILL_GRACE_MS);
+      killTimer.unref();
+    }, options.timeout);
+    child.on("close", (_code, _signal) => {
+      killed = true;
+      clearTimeout(timeoutId);
+      if (killTimer) clearTimeout(killTimer);
+      registry.delete(child);
+      if (timedOut) {
+        const err = new Error(`Command timed out after ${options.timeout}ms`);
+        err.code = "ETIMEDOUT";
+        reject(err);
+      } else if (_code !== 0) {
+        const err = new Error(stderr.trim() || `Process exited with code ${_code}`);
+        Object.assign(err, { stderr: stderr.trim() });
+        reject(err);
       } else {
-        resolve({ stdout: stdoutStr, stderr: stderrStr });
+        resolve({ stdout, stderr });
       }
     });
+    child.on("error", (err) => {
+      killed = true;
+      clearTimeout(timeoutId);
+      registry.delete(child);
+      reject(err);
+    });
   });
 }
 var CommandExecutor = class {
+  /** Active child processes — killed on shutdown(). */
+  activeProcesses = /* @__PURE__ */ new Set();
+  /** In-flight execution count per skill ID for concurrency limiting. */
+  inflight = /* @__PURE__ */ new Map();
   /**
    * Execute a command skill with the provided parameters.
    *
    * Steps:
-   * 1. Security check: base command must be in `allowed_commands` if set.
-   * 2. Interpolate `config.command` using `{ params }` context.
-   * 3. Run via `child_process.exec` with timeout and cwd.
-   * 4. Parse stdout based on `output_type`: text | json | file.
+   * 1. Concurrency check: reject if at capacity.max_concurrent limit.
+   * 2. Security check: base command must be in `allowed_commands` if set.
+   * 3. Interpolate `config.command` using `{ params }` context.
+   * 4. Run via spawn with SIGTERM→SIGKILL timeout handling.
+   * 5. Parse stdout based on `output_type`: text | json | file.
    *
    * @param config - Validated CommandSkillConfig.
    * @param params - Input parameters passed by the caller.
@@ -2365,6 +2451,16 @@ var CommandExecutor = class {
    */
   async execute(config, params) {
     const cmdConfig = config;
+    const maxConcurrent = cmdConfig.capacity?.max_concurrent;
+    if (maxConcurrent !== void 0) {
+      const current = this.inflight.get(cmdConfig.id) ?? 0;
+      if (current >= maxConcurrent) {
+        return {
+          success: false,
+          error: `Skill "${cmdConfig.id}" at max concurrency (${maxConcurrent}). Try again later.`
+        };
+      }
+    }
     const baseCommand = cmdConfig.command.trim().split(/\s+/)[0] ?? "";
     if (cmdConfig.allowed_commands && cmdConfig.allowed_commands.length > 0) {
       const effectiveAllowed = cmdConfig.claude_code ? [.../* @__PURE__ */ new Set([...cmdConfig.allowed_commands, "claude"])] : cmdConfig.allowed_commands;
@@ -2395,31 +2491,33 @@ var CommandExecutor = class {
     }
     const timeout = cmdConfig.timeout_ms ?? 3e4;
     const cwd = cmdConfig.working_dir ?? process.cwd();
-    let stdout;
     const env = { ...process.env };
     delete env["CLAUDECODE"];
+    this.inflight.set(cmdConfig.id, (this.inflight.get(cmdConfig.id) ?? 0) + 1);
+    let stdout;
     try {
-      const result = await execFileAsync2("/bin/sh", ["-c", `${interpolatedCommand} < /dev/null`], {
+      const result = await spawnWithKill(interpolatedCommand, {
         timeout,
         cwd,
         env,
         maxBuffer: 10 * 1024 * 1024
         // 10 MB
-      });
+      }, this.activeProcesses);
       stdout = result.stdout;
     } catch (err) {
+      this.decrementInflight(cmdConfig.id);
       if (err instanceof Error) {
-        const message = err.message;
-        const stderrContent = err.stderr ?? "";
-        if (message.includes("timed out") || message.includes("ETIMEDOUT") || err.code === "ETIMEDOUT") {
+        const code = err.code;
+        if (code === "ETIMEDOUT" || err.message.includes("timed out")) {
           return {
             success: false,
             error: `Command timed out after ${timeout}ms`
           };
         }
+        const stderrContent = err.stderr ?? "";
         return {
           success: false,
-          error: stderrContent.trim() || message
+          error: stderrContent.trim() || err.message
         };
       }
       return {
@@ -2427,6 +2525,7 @@ var CommandExecutor = class {
         error: String(err)
       };
     }
+    this.decrementInflight(cmdConfig.id);
     const rawOutput = stdout.trim();
     switch (cmdConfig.output_type) {
       case "text":
@@ -2451,6 +2550,48 @@ var CommandExecutor = class {
         };
     }
   }
+  /**
+   * Kill all active child processes. Called during service shutdown
+   * to prevent zombie processes.
+   */
+  shutdown() {
+    for (const child of this.activeProcesses) {
+      try {
+        process.kill(-child.pid, "SIGTERM");
+      } catch {
+        try {
+          child.kill("SIGTERM");
+        } catch {
+        }
+      }
+      const pid = child.pid;
+      const timer = setTimeout(() => {
+        try {
+          process.kill(-pid, "SIGKILL");
+        } catch {
+        }
+      }, KILL_GRACE_MS);
+      timer.unref();
+    }
+    this.activeProcesses.clear();
+  }
+  /** Returns the number of currently active child processes. */
+  get activeCount() {
+    return this.activeProcesses.size;
+  }
+  /** Returns the in-flight count for a specific skill ID. */
+  getInflight(skillId) {
+    return this.inflight.get(skillId) ?? 0;
+  }
+  /** Decrement the inflight counter for a skill ID. */
+  decrementInflight(skillId) {
+    const current = this.inflight.get(skillId) ?? 0;
+    if (current <= 1) {
+      this.inflight.delete(skillId);
+    } else {
+      this.inflight.set(skillId, current - 1);
+    }
+  }
 };
 
 // src/conductor/task-decomposer.ts
@@ -3561,6 +3702,7 @@ import { z as z3 } from "zod";
 import { randomUUID as randomUUID12 } from "crypto";
 var EscrowReceiptSchema = z3.object({
   requester_owner: z3.string().min(1),
+  requester_agent_id: z3.string().optional(),
   requester_public_key: z3.string().min(1),
   amount: z3.number().positive(),
   card_id: z3.string().min(1),
@@ -3573,6 +3715,7 @@ function createSignedEscrowReceipt(db, privateKey, publicKey, opts) {
   const escrowId = holdEscrow(db, opts.owner, opts.amount, opts.cardId);
   const receiptData = {
     requester_owner: opts.owner,
+    ...opts.agent_id ? { requester_agent_id: opts.agent_id } : {},
     requester_public_key: publicKey.toString("hex"),
     amount: opts.amount,
     card_id: opts.cardId,
@@ -4071,11 +4214,22 @@ import { z as z6 } from "zod";
 var RegisterMessageSchema = z6.object({
   type: z6.literal("register"),
   owner: z6.string().min(1),
+  /** V8: Cryptographic agent identity. When present, used as the canonical key. */
+  agent_id: z6.string().optional(),
+  /** V8 Phase 3: Server identifier for multi-agent delegation. */
+  server_id: z6.string().optional(),
   token: z6.string().min(1),
   card: z6.record(z6.unknown()),
   // CapabilityCard (validated separately)
-  cards: z6.array(z6.record(z6.unknown())).optional()
+  cards: z6.array(z6.record(z6.unknown())).optional(),
   // Additional cards (e.g., conductor card)
+  /** V8 Phase 3: Additional agents served by this server (multi-agent registration). */
+  agents: z6.array(z6.object({
+    agent_id: z6.string().min(1),
+    display_name: z6.string().min(1),
+    cards: z6.array(z6.record(z6.unknown())),
+    delegation_token: z6.record(z6.unknown()).optional()
+  })).optional()
 });
 var RegisteredMessageSchema = z6.object({
   type: z6.literal("registered"),
@@ -4085,6 +4239,8 @@ var RelayRequestMessageSchema = z6.object({
   type: z6.literal("relay_request"),
   id: z6.string().uuid(),
   target_owner: z6.string().min(1),
+  /** V8: Target agent's cryptographic identity. Preferred over target_owner. */
+  target_agent_id: z6.string().optional(),
   card_id: z6.string(),
   skill_id: z6.string().optional(),
   params: z6.record(z6.unknown()).default({}),
@@ -4155,6 +4311,52 @@ var HeartbeatMessageSchema = z6.object({
     })
   })
 });
+var EscrowHoldMessageSchema = z6.object({
+  type: z6.literal("escrow_hold"),
+  consumer_agent_id: z6.string().min(1),
+  provider_agent_id: z6.string().min(1),
+  skill_id: z6.string().min(1),
+  amount: z6.number().positive(),
+  request_id: z6.string().uuid(),
+  signature: z6.string().optional(),
+  public_key: z6.string().optional()
+});
+var EscrowHoldConfirmedMessageSchema = z6.object({
+  type: z6.literal("escrow_hold_confirmed"),
+  request_id: z6.string(),
+  escrow_id: z6.string(),
+  hold_amount: z6.number(),
+  consumer_remaining: z6.number()
+});
+var EscrowSettleMessageSchema = z6.object({
+  type: z6.literal("escrow_settle"),
+  escrow_id: z6.string().min(1),
+  request_id: z6.string().uuid(),
+  success: z6.boolean(),
+  failure_reason: z6.enum(["bad_execution", "overload", "timeout", "auth_error", "not_found"]).optional(),
+  result_hash: z6.string().optional(),
+  signature: z6.string().optional(),
+  public_key: z6.string().optional(),
+  consumer_agent_id: z6.string().optional()
+});
+var EscrowSettledMessageSchema = z6.object({
+  type: z6.literal("escrow_settled"),
+  escrow_id: z6.string(),
+  request_id: z6.string(),
+  provider_earned: z6.number(),
+  network_fee: z6.number(),
+  consumer_remaining: z6.number(),
+  provider_balance: z6.number()
+});
+var BalanceSyncMessageSchema = z6.object({
+  type: z6.literal("balance_sync"),
+  agent_id: z6.string().min(1)
+});
+var BalanceSyncResponseMessageSchema = z6.object({
+  type: z6.literal("balance_sync_response"),
+  agent_id: z6.string(),
+  balance: z6.number()
+});
 var RelayMessageSchema = z6.discriminatedUnion("type", [
   RegisterMessageSchema,
   RegisteredMessageSchema,
@@ -4164,7 +4366,13 @@ var RelayMessageSchema = z6.discriminatedUnion("type", [
   ResponseMessageSchema,
   ErrorMessageSchema,
   RelayProgressMessageSchema,
-  HeartbeatMessageSchema
+  HeartbeatMessageSchema,
+  EscrowHoldMessageSchema,
+  EscrowHoldConfirmedMessageSchema,
+  EscrowSettleMessageSchema,
+  EscrowSettledMessageSchema,
+  BalanceSyncMessageSchema,
+  BalanceSyncResponseMessageSchema
 ]);
 
 // src/relay/websocket-relay.ts
@@ -4225,6 +4433,78 @@ function releaseForRelay(creditDb, escrowId) {
   releaseEscrow(creditDb, escrowId);
 }
 
+// src/relay/relay-escrow.ts
+function verifyRelaySignature(data, signature, publicKeyHex) {
+  try {
+    const publicKeyBuf = Buffer.from(publicKeyHex, "hex");
+    return verifyEscrowReceipt(data, signature, publicKeyBuf);
+  } catch {
+    return false;
+  }
+}
+function processEscrowHold(creditDb, consumerAgentId, providerAgentId, skillId, amount, requestId, signature, publicKeyHex) {
+  if (signature && publicKeyHex) {
+    const signData = {
+      consumer_agent_id: consumerAgentId,
+      provider_agent_id: providerAgentId,
+      skill_id: skillId,
+      amount,
+      request_id: requestId
+    };
+    if (!verifyRelaySignature(signData, signature, publicKeyHex)) {
+      throw new Error("Invalid consumer signature on escrow hold");
+    }
+  }
+  const escrowId = holdEscrow(creditDb, consumerAgentId, amount, `${providerAgentId}:${skillId}`);
+  const remaining = getBalance(creditDb, consumerAgentId);
+  return {
+    escrow_id: escrowId,
+    hold_amount: amount,
+    consumer_remaining: remaining
+  };
+}
+function processEscrowSettle(creditDb, escrowId, success, providerAgentId, signature, publicKeyHex, consumerAgentId) {
+  if (signature && publicKeyHex && consumerAgentId) {
+    const signData = {
+      escrow_id: escrowId,
+      success,
+      consumer_agent_id: consumerAgentId
+    };
+    if (!verifyRelaySignature(signData, signature, publicKeyHex)) {
+      throw new Error("Invalid consumer signature on escrow settle");
+    }
+  }
+  const escrowRow = creditDb.prepare("SELECT amount, owner FROM credit_escrow WHERE id = ? AND status = ?").get(escrowId, "held");
+  if (!escrowRow) {
+    throw new Error(`Escrow not found or already settled: ${escrowId}`);
+  }
+  const NETWORK_FEE_RATE2 = 0.05;
+  if (success) {
+    settleEscrow(creditDb, escrowId, providerAgentId);
+    const networkFee = Math.floor(escrowRow.amount * NETWORK_FEE_RATE2);
+    const providerAmount = escrowRow.amount - networkFee;
+    return {
+      escrow_id: escrowId,
+      provider_earned: providerAmount,
+      network_fee: networkFee,
+      consumer_remaining: getBalance(creditDb, escrowRow.owner),
+      provider_balance: getBalance(creditDb, providerAgentId)
+    };
+  } else {
+    releaseEscrow(creditDb, escrowId);
+    return {
+      escrow_id: escrowId,
+      provider_earned: 0,
+      network_fee: 0,
+      consumer_remaining: getBalance(creditDb, escrowRow.owner),
+      provider_balance: getBalance(creditDb, providerAgentId)
+    };
+  }
+}
+function settleWithNetworkFee(creditDb, escrowId, providerOwner) {
+  return processEscrowSettle(creditDb, escrowId, true, providerOwner);
+}
+
 // src/hub-agent/relay-bridge.ts
 import { randomUUID as randomUUID15 } from "crypto";
 
@@ -4272,10 +4552,17 @@ var RATE_LIMIT_WINDOW_MS = 6e4;
 var RELAY_TIMEOUT_MS = 3e5;
 function registerWebSocketRelay(server, db, creditDb) {
   const connections = /* @__PURE__ */ new Map();
+  const agentIdToOwner = /* @__PURE__ */ new Map();
   const pendingRequests = /* @__PURE__ */ new Map();
   const rateLimits = /* @__PURE__ */ new Map();
   const agentCapacities = /* @__PURE__ */ new Map();
   let onAgentOnlineCallback;
+  function resolveConnectionKey(target) {
+    const ownerFromAgentId = agentIdToOwner.get(target);
+    if (ownerFromAgentId && connections.has(ownerFromAgentId)) return ownerFromAgentId;
+    if (connections.has(target)) return target;
+    return void 0;
+  }
   function checkRateLimit(owner) {
     const now = Date.now();
     const entry = rateLimits.get(owner);
@@ -4379,6 +4666,20 @@ function registerWebSocketRelay(server, db, creditDb) {
       }
     }
     connections.set(owner, ws);
+    if (msg.agent_id) {
+      agentIdToOwner.set(msg.agent_id, owner);
+    }
+    if (msg.agents && msg.agents.length > 0) {
+      for (const agentEntry of msg.agents) {
+        agentIdToOwner.set(agentEntry.agent_id, owner);
+        for (const agentCard of agentEntry.cards) {
+          try {
+            upsertCard(agentCard, owner);
+          } catch {
+          }
+        }
+      }
+    }
     const isEphemeral = owner.includes(":req:");
     if (isEphemeral) {
       const cardId2 = card.id ?? owner;
@@ -4422,12 +4723,13 @@ function registerWebSocketRelay(server, db, creditDb) {
       });
       return;
     }
-    const targetWs = connections.get(msg.target_owner);
+    const targetKey = resolveConnectionKey(msg.target_agent_id ?? msg.target_owner);
+    const targetWs = targetKey ? connections.get(targetKey) : void 0;
     if (!targetWs || targetWs.readyState !== 1) {
       sendMessage(ws, {
         type: "response",
         id: msg.id,
-        error: { code: -32603, message: `Agent offline: ${msg.target_owner}` }
+        error: { code: -32603, message: `Agent offline: ${msg.target_agent_id ?? msg.target_owner}` }
       });
       return;
     }
@@ -4541,7 +4843,7 @@ function registerWebSocketRelay(server, db, creditDb) {
     if (pending.escrowId && creditDb) {
       try {
         if (msg.error === void 0) {
-          settleForRelay(creditDb, pending.escrowId, pending.targetOwner);
+          settleWithNetworkFee(creditDb, pending.escrowId, pending.targetOwner);
         } else {
           releaseForRelay(creditDb, pending.escrowId);
         }
@@ -4579,6 +4881,12 @@ function registerWebSocketRelay(server, db, creditDb) {
     connections.delete(owner);
     rateLimits.delete(owner);
     agentCapacities.delete(owner);
+    for (const [agentId, o] of agentIdToOwner) {
+      if (o === owner) {
+        agentIdToOwner.delete(agentId);
+        break;
+      }
+    }
     markOwnerOffline(owner);
     for (const [reqId, pending] of pendingRequests) {
       if (pending.targetOwner === owner) {
@@ -4615,6 +4923,96 @@ function registerWebSocketRelay(server, db, creditDb) {
   function handleHeartbeat(msg) {
     agentCapacities.set(msg.owner, msg.capacity);
   }
+  function handleEscrowHold(ws, msg) {
+    if (!creditDb) {
+      sendMessage(ws, { type: "error", code: "no_credit_db", message: "Credit system not available" });
+      return;
+    }
+    try {
+      const result = processEscrowHold(
+        creditDb,
+        msg.consumer_agent_id,
+        msg.provider_agent_id,
+        msg.skill_id,
+        msg.amount,
+        msg.request_id,
+        msg.signature,
+        msg.public_key
+      );
+      sendMessage(ws, {
+        type: "escrow_hold_confirmed",
+        request_id: msg.request_id,
+        escrow_id: result.escrow_id,
+        hold_amount: result.hold_amount,
+        consumer_remaining: result.consumer_remaining
+      });
+    } catch (err) {
+      const errMsg = err instanceof Error ? err.message : "Escrow hold failed";
+      const code = errMsg.includes("INSUFFICIENT_CREDITS") ? "insufficient_credits" : "escrow_hold_failed";
+      sendMessage(ws, { type: "error", code, message: errMsg, request_id: msg.request_id });
+    }
+  }
+  function handleEscrowSettle(ws, msg) {
+    if (!creditDb) {
+      sendMessage(ws, { type: "error", code: "no_credit_db", message: "Credit system not available" });
+      return;
+    }
+    try {
+      const escrow = creditDb.prepare("SELECT card_id FROM credit_escrow WHERE id = ? AND status = ?").get(msg.escrow_id, "held");
+      if (!escrow) {
+        sendMessage(ws, { type: "error", code: "escrow_not_found", message: `Escrow not found: ${msg.escrow_id}`, request_id: msg.request_id });
+        return;
+      }
+      const providerAgentId = escrow.card_id.split(":")[0];
+      const result = processEscrowSettle(
+        creditDb,
+        msg.escrow_id,
+        msg.success,
+        providerAgentId,
+        msg.signature,
+        msg.public_key,
+        msg.consumer_agent_id
+      );
+      sendMessage(ws, {
+        type: "escrow_settled",
+        escrow_id: result.escrow_id,
+        request_id: msg.request_id,
+        provider_earned: result.provider_earned,
+        network_fee: result.network_fee,
+        consumer_remaining: result.consumer_remaining,
+        provider_balance: result.provider_balance
+      });
+      const providerKey = resolveConnectionKey(providerAgentId);
+      if (providerKey) {
+        const providerWs = connections.get(providerKey);
+        if (providerWs && providerWs.readyState === 1) {
+          sendMessage(providerWs, {
+            type: "escrow_settled",
+            escrow_id: result.escrow_id,
+            request_id: msg.request_id,
+            provider_earned: result.provider_earned,
+            network_fee: result.network_fee,
+            consumer_remaining: result.consumer_remaining,
+            provider_balance: result.provider_balance
+          });
+        }
+      }
+    } catch (err) {
+      sendMessage(ws, { type: "error", code: "escrow_settle_failed", message: err instanceof Error ? err.message : "Settlement failed", request_id: msg.request_id });
+    }
+  }
+  function handleBalanceSync(ws, msg) {
+    if (!creditDb) {
+      sendMessage(ws, { type: "error", code: "no_credit_db", message: "Credit system not available" });
+      return;
+    }
+    const balance = getBalance(creditDb, msg.agent_id);
+    sendMessage(ws, {
+      type: "balance_sync_response",
+      agent_id: msg.agent_id,
+      balance
+    });
+  }
   void server.register(async (app) => {
     app.get("/ws", { websocket: true }, (rawSocket, _request) => {
       const socket = rawSocket;
@@ -4663,6 +5061,16 @@ function registerWebSocketRelay(server, db, creditDb) {
             case "heartbeat":
               handleHeartbeat(msg);
               break;
+            // V8 Phase 2: Explicit escrow messages
+            case "escrow_hold":
+              handleEscrowHold(socket, msg);
+              break;
+            case "escrow_settle":
+              handleEscrowSettle(socket, msg);
+              break;
+            case "balance_sync":
+              handleBalanceSync(socket, msg);
+              break;
             default:
               break;
           }
@@ -4745,9 +5153,12 @@ var RelayClient = class {
         this.send({
           type: "register",
           owner: this.opts.owner,
+          ...this.opts.agent_id ? { agent_id: this.opts.agent_id } : {},
+          ...this.opts.server_id ? { server_id: this.opts.server_id } : {},
           token: this.opts.token,
           card: this.opts.card,
-          ...this.opts.cards && this.opts.cards.length > 0 ? { cards: this.opts.cards } : {}
+          ...this.opts.cards && this.opts.cards.length > 0 ? { cards: this.opts.cards } : {},
+          ...this.opts.agents && this.opts.agents.length > 0 ? { agents: this.opts.agents } : {}
         });
       });
       this.ws.on("message", (raw) => {
@@ -4823,6 +5234,7 @@ var RelayClient = class {
         type: "relay_request",
         id,
         target_owner: opts.targetOwner,
+        ...opts.targetAgentId ? { target_agent_id: opts.targetAgentId } : {},
         card_id: opts.cardId,
         skill_id: opts.skillId,
         params: opts.params,

package/dist/{process-guard-QCCBGILS.js → process-guard-GH5LRNWO.js}

@@ -1,6 +1,6 @@
 import {
   AgentBnBError
-} from "./chunk-3CIMVISQ.js";
+} from "./chunk-WVY2W7AA.js";
 
 // src/runtime/process-guard.ts
 import { dirname, join } from "path";