npm - agentbnb - Versions diffs - 8.2.0 → 8.2.2 - Mend

agentbnb 8.2.0 → 8.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/dist/{chunk-TBJ3FZKZ.js → chunk-4IPJJRTP.js} +1 -1
package/dist/chunk-CKOOVZOI.js +158 -0
package/dist/chunk-CQFBNTGT.js +145 -0
package/dist/{chunk-P4LOYSLA.js → chunk-DYQOFGGI.js} +331 -416
package/dist/{chunk-ALX4WS3A.js → chunk-EG6RS4JC.js} +70 -46
package/dist/{chunk-CUONY5TO.js → chunk-EJKW57ZV.js} +19 -1
package/dist/{chunk-5AAFG2V2.js → chunk-LKLKYXLV.js} +239 -24
package/dist/{chunk-7EF3HYVZ.js → chunk-MCED4GDW.js} +499 -86
package/dist/{chunk-YHY7OG6S.js → chunk-MWOXW7JQ.js} +7 -7
package/dist/{chunk-E2OKP5CY.js → chunk-QCGIG7WW.js} +182 -86
package/dist/{chunk-5GME4KJZ.js → chunk-QHZGOG3O.js} +148 -46
package/dist/{chunk-D6RKW2XG.js → chunk-RYISHSHB.js} +302 -4
package/dist/{chunk-O2OYBAVR.js → chunk-S3V6R3EN.js} +75 -39
package/dist/{chunk-X32NE6V4.js → chunk-WNXXLCV5.js} +1 -1
package/dist/{chunk-C537SFHV.js → chunk-XBGVQMQJ.js} +72 -48
package/dist/{chunk-FTZTEHYG.js → chunk-Z2GEFFDO.js} +135 -8
package/dist/cli/index.js +42 -67
package/dist/{client-HKV3QWZ3.js → client-XOLP5IUZ.js} +4 -2
package/dist/{conduct-W6XF6DJW.js → conduct-AZFLNUX3.js} +10 -11
package/dist/{conduct-YB64OHI6.js → conduct-VPUYTNEA.js} +10 -11
package/dist/{conductor-mode-AKREGDIU.js → conductor-mode-PLTB6MS3.js} +7 -8
package/dist/{conductor-mode-TFCVCQHU.js → conductor-mode-WKB42PYM.js} +6 -3
package/dist/{execute-EPE6MZLT.js → execute-NNDCXTN4.js} +3 -2
package/dist/{execute-AYQWORVH.js → execute-RIRHTIBU.js} +6 -5
package/dist/index.d.ts +8 -8
package/dist/index.js +637 -693
package/dist/{publish-capability-AH2HDW54.js → publish-capability-QDR2QIZ2.js} +2 -2
package/dist/{request-HCCXSKAY.js → request-NX7GSPIG.js} +31 -36
package/dist/{serve-skill-SZAQT5T5.js → serve-skill-E6EJQYAK.js} +10 -9
package/dist/{server-LMY2A3GT.js → server-VBCT32FC.js} +12 -18
package/dist/{service-coordinator-WGH6B2VT.js → service-coordinator-KMSA6BST.js} +137 -69
package/dist/skills/agentbnb/bootstrap.js +561 -247
package/package.json +13 -17
package/skills/agentbnb/bootstrap.test.ts +8 -6
package/skills/agentbnb/bootstrap.ts +21 -13
package/skills/agentbnb/install.sh +0 -0
package/dist/chunk-64AK4FJM.js +0 -84
package/dist/chunk-KF3TZHA5.js +0 -91
package/dist/chunk-LJM7FHPM.js +0 -138
package/dist/chunk-OH7BP5NP.js +0 -96

package/dist/{chunk-ALX4WS3A.js → chunk-EG6RS4JC.js} RENAMED Viewed

@@ -7,10 +7,13 @@ import {
   insertRequestLog,
   recordEarning,
   releaseEscrow,
+  resolveTargetCapability,
   settleEscrow,
-  updateReputation,
+  updateReputation
+} from "./chunk-MCED4GDW.js";
+import {
   verifyEscrowReceipt
-} from "./chunk-7EF3HYVZ.js";
+} from "./chunk-EJKW57ZV.js";
 import {
   loadConfig
 } from "./chunk-IVOYM3WG.js";
@@ -290,8 +293,12 @@ async function executeCapabilityBatch(options) {
     };
   }
   const executeItem = async (item, index) => {
-    const card = getCard(registryDb, item.skill_id);
-    if (!card) {
+    const resolved = await resolveTargetCapability(item.skill_id, {
+      registryDb,
+      registryUrl: options.registryUrl,
+      onlineOnly: true
+    });
+    if (!resolved) {
       return {
         request_index: index,
         status: "failed",
@@ -300,26 +307,11 @@ async function executeCapabilityBatch(options) {
         error: `Card/skill not found: ${item.skill_id}`
       };
     }
-    const rawCard = card;
-    let creditsNeeded;
-    let resolvedSkillId;
-    if (Array.isArray(rawCard["skills"])) {
-      const v2card = card;
-      const skill = v2card.skills[0];
-      if (!skill) {
-        return {
-          request_index: index,
-          status: "failed",
-          credits_spent: 0,
-          credits_refunded: 0,
-          error: `No skills defined on card: ${item.skill_id}`
-        };
-      }
-      creditsNeeded = skill.pricing.credits_per_call;
-      resolvedSkillId = skill.id;
-    } else {
-      creditsNeeded = card.pricing.credits_per_call;
-    }
+    const localCard = getCard(registryDb, resolved.cardId);
+    const localCardRaw = localCard;
+    const cardName = typeof localCardRaw?.["name"] === "string" ? localCardRaw["name"] : typeof localCardRaw?.["agent_name"] === "string" ? localCardRaw["agent_name"] : resolved.cardId;
+    const creditsNeeded = resolved.credits_per_call;
+    const resolvedSkillId = resolved.skillId;
     if (creditsNeeded > item.max_credits) {
       return {
         request_index: index,
@@ -341,7 +333,7 @@ async function executeCapabilityBatch(options) {
           error: "Insufficient credits"
         };
       }
-      escrowId = holdEscrow(creditDb, owner, creditsNeeded, card.id);
+      escrowId = holdEscrow(creditDb, owner, creditsNeeded, resolved.cardId);
     } catch (err) {
       const msg = err instanceof AgentBnBError ? err.message : "Failed to hold escrow";
       return {
@@ -353,30 +345,62 @@ async function executeCapabilityBatch(options) {
       };
     }
     const startMs = Date.now();
-    const latencyMs = Date.now() - startMs;
-    settleEscrow(creditDb, escrowId, card.owner);
-    updateReputation(registryDb, card.id, true, latencyMs);
     try {
-      insertRequestLog(registryDb, {
-        id: randomUUID(),
-        card_id: card.id,
-        card_name: card.name,
-        skill_id: resolvedSkillId,
-        requester: owner,
+      const result = options.dispatchRequest ? await options.dispatchRequest({
+        target: resolved,
+        params: item.params,
+        requester: owner
+      }) : { card_id: resolved.cardId, skill_id: resolvedSkillId };
+      const latencyMs = Date.now() - startMs;
+      settleEscrow(creditDb, escrowId, resolved.owner);
+      updateReputation(registryDb, resolved.cardId, true, latencyMs);
+      try {
+        insertRequestLog(registryDb, {
+          id: randomUUID(),
+          card_id: resolved.cardId,
+          card_name: cardName,
+          skill_id: resolvedSkillId,
+          requester: owner,
+          status: "success",
+          latency_ms: latencyMs,
+          credits_charged: creditsNeeded,
+          created_at: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      } catch {
+      }
+      return {
+        request_index: index,
         status: "success",
-        latency_ms: latencyMs,
-        credits_charged: creditsNeeded,
-        created_at: (/* @__PURE__ */ new Date()).toISOString()
-      });
-    } catch {
+        result,
+        credits_spent: creditsNeeded,
+        credits_refunded: 0
+      };
+    } catch (err) {
+      releaseEscrow(creditDb, escrowId);
+      const latencyMs = Date.now() - startMs;
+      try {
+        insertRequestLog(registryDb, {
+          id: randomUUID(),
+          card_id: resolved.cardId,
+          card_name: cardName,
+          skill_id: resolvedSkillId,
+          requester: owner,
+          status: "failure",
+          latency_ms: latencyMs,
+          credits_charged: 0,
+          created_at: (/* @__PURE__ */ new Date()).toISOString(),
+          failure_reason: "not_found"
+        });
+      } catch {
+      }
+      return {
+        request_index: index,
+        status: "failed",
+        credits_spent: 0,
+        credits_refunded: creditsNeeded,
+        error: err instanceof Error ? err.message : String(err)
+      };
     }
-    return {
-      request_index: index,
-      status: "success",
-      result: { card_id: card.id, skill_id: resolvedSkillId },
-      credits_spent: creditsNeeded,
-      credits_refunded: 0
-    };
   };
   let results;
   if (strategy === "sequential") {

package/dist/{chunk-CUONY5TO.js → chunk-EJKW57ZV.js} RENAMED Viewed

@@ -35,7 +35,25 @@ function loadKeyPair(configDir) {
   };
 }
 function canonicalJson(data) {
-  return JSON.stringify(data, Object.keys(data).sort());
+  return JSON.stringify(sortForCanonicalJson(data));
+}
+function sortForCanonicalJson(value) {
+  if (Array.isArray(value)) {
+    return value.map((item) => sortForCanonicalJson(item));
+  }
+  if (value !== null && typeof value === "object") {
+    const proto = Object.getPrototypeOf(value);
+    if (proto === Object.prototype || proto === null) {
+      const input = value;
+      const output = {};
+      const sortedKeys = Object.keys(input).sort();
+      for (const key of sortedKeys) {
+        output[key] = sortForCanonicalJson(input[key]);
+      }
+      return output;
+    }
+  }
+  return value;
 }
 function signEscrowReceipt(data, privateKey) {
   const message = Buffer.from(canonicalJson(data), "utf-8");

package/dist/{chunk-5AAFG2V2.js → chunk-LKLKYXLV.js} RENAMED Viewed

@@ -3,19 +3,154 @@ import {
   getBalance,
   getTransactions,
   holdEscrow,
+  lookupAgent,
   migrateOwner,
   openCreditDb,
   releaseEscrow,
   settleEscrow
-} from "./chunk-D6RKW2XG.js";
+} from "./chunk-RYISHSHB.js";
 import {
+  generateKeyPair,
+  loadKeyPair,
+  saveKeyPair,
   signEscrowReceipt,
   verifyEscrowReceipt
-} from "./chunk-CUONY5TO.js";
+} from "./chunk-EJKW57ZV.js";
 import {
   AgentBnBError
 } from "./chunk-WVY2W7AA.js";
+// src/identity/identity.ts
+import { z } from "zod";
+import { createHash, createPrivateKey, createPublicKey } from "crypto";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+var AgentIdentitySchema = z.object({
+  /** Deterministic ID derived from public key: sha256(hex).slice(0, 16). */
+  agent_id: z.string().min(1),
+  /** Human-readable owner name (from config or init). */
+  owner: z.string().min(1),
+  /** Hex-encoded Ed25519 public key. */
+  public_key: z.string().min(1),
+  /** ISO 8601 timestamp of identity creation. */
+  created_at: z.string().datetime(),
+  /** Optional guarantor info if linked to a human. */
+  guarantor: z.object({
+    github_login: z.string().min(1),
+    verified_at: z.string().datetime()
+  }).optional()
+});
+var AgentCertificateSchema = z.object({
+  identity: AgentIdentitySchema,
+  /** ISO 8601 timestamp of certificate issuance. */
+  issued_at: z.string().datetime(),
+  /** ISO 8601 timestamp of certificate expiry. */
+  expires_at: z.string().datetime(),
+  /** Hex-encoded public key of the issuer (same as identity for self-signed). */
+  issuer_public_key: z.string().min(1),
+  /** Base64url Ed25519 signature over { identity, issued_at, expires_at, issuer_public_key }. */
+  signature: z.string().min(1)
+});
+var IDENTITY_FILENAME = "identity.json";
+var PRIVATE_KEY_FILENAME = "private.key";
+var PUBLIC_KEY_FILENAME = "public.key";
+function derivePublicKeyFromPrivate(privateKey) {
+  const privateKeyObject = createPrivateKey({ key: privateKey, format: "der", type: "pkcs8" });
+  const publicKeyObject = createPublicKey(privateKeyObject);
+  const publicKey = publicKeyObject.export({ format: "der", type: "spki" });
+  return Buffer.from(publicKey);
+}
+function buildIdentityFromPublicKey(publicKey, owner, createdAt) {
+  const publicKeyHex = publicKey.toString("hex");
+  return {
+    agent_id: deriveAgentId(publicKeyHex),
+    owner,
+    public_key: publicKeyHex,
+    created_at: createdAt ?? (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function generateFreshIdentity(configDir, owner) {
+  const keys = generateKeyPair();
+  saveKeyPair(configDir, keys);
+  const identity = buildIdentityFromPublicKey(keys.publicKey, owner);
+  saveIdentity(configDir, identity);
+  return { identity, keys, status: "generated" };
+}
+function deriveAgentId(publicKeyHex) {
+  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
+}
+function loadIdentity(configDir) {
+  const filePath = join(configDir, IDENTITY_FILENAME);
+  if (!existsSync(filePath)) return null;
+  try {
+    const raw = readFileSync(filePath, "utf-8");
+    return AgentIdentitySchema.parse(JSON.parse(raw));
+  } catch {
+    return null;
+  }
+}
+function saveIdentity(configDir, identity) {
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const filePath = join(configDir, IDENTITY_FILENAME);
+  writeFileSync(filePath, JSON.stringify(identity, null, 2), "utf-8");
+}
+function loadOrRepairIdentity(configDir, ownerHint) {
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const identityPath = join(configDir, IDENTITY_FILENAME);
+  const privateKeyPath = join(configDir, PRIVATE_KEY_FILENAME);
+  const publicKeyPath = join(configDir, PUBLIC_KEY_FILENAME);
+  const hasIdentity = existsSync(identityPath);
+  const hasPrivateKey = existsSync(privateKeyPath);
+  const hasPublicKey = existsSync(publicKeyPath);
+  if (!hasIdentity || !hasPrivateKey || !hasPublicKey) {
+    return generateFreshIdentity(configDir, ownerHint ?? "agent");
+  }
+  let keys;
+  try {
+    keys = loadKeyPair(configDir);
+  } catch {
+    return generateFreshIdentity(configDir, ownerHint ?? "agent");
+  }
+  let derivedPublicKey;
+  try {
+    derivedPublicKey = derivePublicKeyFromPrivate(keys.privateKey);
+  } catch {
+    return generateFreshIdentity(configDir, ownerHint ?? "agent");
+  }
+  let keypairRepaired = false;
+  if (!keys.publicKey.equals(derivedPublicKey)) {
+    keypairRepaired = true;
+    keys = { privateKey: keys.privateKey, publicKey: derivedPublicKey };
+    saveKeyPair(configDir, keys);
+  }
+  const loadedIdentity = loadIdentity(configDir);
+  const expectedAgentId = deriveAgentId(derivedPublicKey.toString("hex"));
+  const expectedPublicKeyHex = derivedPublicKey.toString("hex");
+  const identityMismatch = !loadedIdentity || loadedIdentity.public_key !== expectedPublicKeyHex || loadedIdentity.agent_id !== expectedAgentId;
+  if (identityMismatch) {
+    const repairedIdentity = buildIdentityFromPublicKey(
+      derivedPublicKey,
+      loadedIdentity?.owner ?? ownerHint ?? "agent",
+      loadedIdentity?.created_at
+    );
+    saveIdentity(configDir, repairedIdentity);
+    return { identity: repairedIdentity, keys, status: "repaired" };
+  }
+  if (ownerHint && loadedIdentity.owner !== ownerHint) {
+    const updatedIdentity = { ...loadedIdentity, owner: ownerHint };
+    saveIdentity(configDir, updatedIdentity);
+    return { identity: updatedIdentity, keys, status: "repaired" };
+  }
+  return { identity: loadedIdentity, keys, status: keypairRepaired ? "repaired" : "existing" };
+}
+function ensureIdentity(configDir, owner) {
+  return loadOrRepairIdentity(configDir, owner).identity;
+}
 // src/credit/local-credit-ledger.ts
 var LocalCreditLedger = class {
   constructor(db) {
@@ -91,11 +226,57 @@ var LocalCreditLedger = class {
 // src/registry/identity-auth.ts
 var MAX_REQUEST_AGE_MS = 5 * 60 * 1e3;
-async function verifyIdentity(request, reply) {
-  const publicKeyHex = request.headers["x-agent-publickey"];
-  const signature = request.headers["x-agent-signature"];
-  const timestamp = request.headers["x-agent-timestamp"];
-  if (!publicKeyHex || !signature || !timestamp) {
+function normalizeSignedParams(body) {
+  return body === void 0 ? null : body;
+}
+function buildIdentityPayload(method, path, timestamp, publicKeyHex, agentId, params) {
+  return {
+    method,
+    path,
+    timestamp,
+    publicKey: publicKeyHex,
+    agentId,
+    params: normalizeSignedParams(params)
+  };
+}
+function extractClaimedRequester(request) {
+  const extractFromObject = (obj) => {
+    const directOwner = typeof obj.owner === "string" ? obj.owner.trim() : "";
+    if (directOwner) return directOwner;
+    const directRequester = typeof obj.requester === "string" ? obj.requester.trim() : "";
+    if (directRequester) return directRequester;
+    const oldOwner = typeof obj.oldOwner === "string" ? obj.oldOwner.trim() : "";
+    if (oldOwner) return oldOwner;
+    const nestedParams = obj.params;
+    if (nestedParams && typeof nestedParams === "object" && !Array.isArray(nestedParams)) {
+      const nested = nestedParams;
+      const nestedOwner = typeof nested.owner === "string" ? nested.owner.trim() : "";
+      if (nestedOwner) return nestedOwner;
+      const nestedRequester = typeof nested.requester === "string" ? nested.requester.trim() : "";
+      if (nestedRequester) return nestedRequester;
+    }
+    return null;
+  };
+  if (request.body && typeof request.body === "object" && !Array.isArray(request.body)) {
+    const claimed = extractFromObject(request.body);
+    if (claimed) return claimed;
+  }
+  if (request.params && typeof request.params === "object" && !Array.isArray(request.params)) {
+    const claimed = extractFromObject(request.params);
+    if (claimed) return claimed;
+  }
+  return null;
+}
+async function verifyIdentity(request, reply, options) {
+  const agentIdHeader = request.headers["x-agent-id"];
+  const publicKeyHeader = request.headers["x-agent-publickey"];
+  const signatureHeader = request.headers["x-agent-signature"];
+  const timestampHeader = request.headers["x-agent-timestamp"];
+  const agentId = agentIdHeader?.trim();
+  const publicKeyHex = publicKeyHeader?.trim();
+  const signature = signatureHeader?.trim();
+  const timestamp = timestampHeader?.trim();
+  if (!agentId || !publicKeyHex || !signature || !timestamp) {
     await reply.code(401).send({ error: "Missing identity headers" });
     return false;
   }
@@ -104,12 +285,21 @@ async function verifyIdentity(request, reply) {
     await reply.code(401).send({ error: "Request expired" });
     return false;
   }
-  const payload = {
-    method: request.method,
-    path: request.url,
-    timestamp,
-    publicKey: publicKeyHex
-  };
+  if (!/^[0-9a-fA-F]+$/.test(publicKeyHex) || publicKeyHex.length % 2 !== 0) {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
+  let expectedAgentId;
+  try {
+    expectedAgentId = deriveAgentId(publicKeyHex);
+  } catch {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
+  if (agentId !== expectedAgentId) {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
   let publicKeyBuffer;
   try {
     publicKeyBuffer = Buffer.from(publicKeyHex, "hex");
@@ -117,30 +307,52 @@ async function verifyIdentity(request, reply) {
     await reply.code(401).send({ error: "Invalid identity signature" });
     return false;
   }
+  const knownAgent = options.agentDb ? lookupAgent(options.agentDb, agentId) : null;
+  if (knownAgent && knownAgent.public_key.toLowerCase() !== publicKeyHex.toLowerCase()) {
+    await reply.code(401).send({ error: "Invalid identity signature" });
+    return false;
+  }
+  const payload = buildIdentityPayload(
+    request.method,
+    request.url,
+    timestamp,
+    publicKeyHex,
+    agentId,
+    request.body
+  );
   const valid = verifyEscrowReceipt(payload, signature, publicKeyBuffer);
   if (!valid) {
     await reply.code(401).send({ error: "Invalid identity signature" });
     return false;
   }
+  const claimedRequester = extractClaimedRequester(request);
+  if (claimedRequester) {
+    const matchesAgentId = claimedRequester === agentId;
+    const matchesLegacyOwner = knownAgent?.legacy_owner === claimedRequester;
+    if (!matchesAgentId && !matchesLegacyOwner) {
+      await reply.code(401).send({ error: "Identity does not match requester" });
+      return false;
+    }
+  }
   request.agentPublicKey = publicKeyHex;
+  request.agentId = agentId;
   return true;
 }
-function identityAuthPlugin(fastify) {
-  fastify.addHook("onRequest", async (request, reply) => {
-    await verifyIdentity(request, reply);
+function identityAuthPlugin(fastify, options = {}) {
+  fastify.addHook("preHandler", async (request, reply) => {
+    const ok = await verifyIdentity(request, reply, options);
+    if (!ok) {
+      return reply;
+    }
   });
 }
-function signRequest(method, path, body, privateKey, publicKeyHex) {
+function signRequest(method, path, body, privateKey, publicKeyHex, agentIdOverride) {
   const timestamp = (/* @__PURE__ */ new Date()).toISOString();
-  const payload = {
-    method,
-    path,
-    timestamp,
-    publicKey: publicKeyHex
-  };
-  void body;
+  const agentId = agentIdOverride ?? deriveAgentId(publicKeyHex);
+  const payload = buildIdentityPayload(method, path, timestamp, publicKeyHex, agentId, body);
   const signature = signEscrowReceipt(payload, privateKey);
   return {
+    "X-Agent-Id": agentId,
     "X-Agent-PublicKey": publicKeyHex,
     "X-Agent-Signature": signature,
     "X-Agent-Timestamp": timestamp
@@ -368,6 +580,9 @@ function createLedger(opts) {
 }
 export {
+  deriveAgentId,
+  loadOrRepairIdentity,
+  ensureIdentity,
   identityAuthPlugin,
   createLedger
 };