agentbnb 8.4.3 → 8.4.5

package/dist/skills/agentbnb/bootstrap.js

@@ -14,16 +14,11 @@ import {
   orchestrate,
   requestViaTemporaryRelay,
   resolvePendingRequest
-} from "../../chunk-J46N2TCC.js";
+} from "../../chunk-OPRCWXD5.js";
 import {
-  generateKeyPair,
-  loadKeyPair,
   requestCapability,
-  requestViaRelay,
-  saveKeyPair,
-  signEscrowReceipt,
-  verifyEscrowReceipt
-} from "../../chunk-R4F4XII4.js";
+  requestViaRelay
+} from "../../chunk-YKMBFQC2.js";
 import {
   RelayClient,
   RelayMessageSchema
@@ -32,9 +27,15 @@ import {
   loadPeers
 } from "../../chunk-HLUEOLSZ.js";
 import {
+  createLedger,
+  deriveAgentId,
+  ensureIdentity,
   executeCapabilityBatch,
-  executeCapabilityRequest
-} from "../../chunk-PMRTQ2RL.js";
+  executeCapabilityRequest,
+  identityAuthPlugin,
+  loadOrRepairIdentity,
+  syncCreditsFromRegistry
+} from "../../chunk-5SIGMKOD.js";
 import {
   bootstrapAgent,
   buildReputationMap,
@@ -56,6 +57,12 @@ import {
   settleEscrow
 } from "../../chunk-NQANA6WH.js";
 import "../../chunk-6QMDJVMS.js";
+import {
+  generateKeyPair,
+  loadKeyPair,
+  signEscrowReceipt,
+  verifyEscrowReceipt
+} from "../../chunk-GIEJVKZZ.js";
 import {
   getConfigDir,
   loadConfig
@@ -81,17 +88,15 @@ import {
   updateSkillAvailability,
   updateSkillIdleRate
 } from "../../chunk-ZU2TP7CN.js";
-import {
-  lookupAgent
-} from "../../chunk-EE3V3DXK.js";
+import "../../chunk-EE3V3DXK.js";
 import {
   AgentBnBError,
   AnyCardSchema
 } from "../../chunk-I7KWA7OB.js";
 
 // skills/agentbnb/bootstrap.ts
-import { join as join7, basename as basename2, dirname as dirname4 } from "path";
-import { existsSync as existsSync8, writeFileSync as writeFileSync3 } from "fs";
+import { join as join6, basename as basename2, dirname as dirname4 } from "path";
+import { existsSync as existsSync7, writeFileSync as writeFileSync2 } from "fs";
 import { homedir as homedir4 } from "os";
 import { exec } from "child_process";
 import { promisify as promisify2 } from "util";
@@ -1373,7 +1378,7 @@ var AgentRuntime = class {
     }
     const modes = /* @__PURE__ */ new Map();
     if (this.conductorEnabled) {
-      const { ConductorMode } = await import("../../conductor-mode-PXTMYGK5.js");
+      const { ConductorMode } = await import("../../conductor-mode-2F5OP7Q4.js");
       const { registerConductorCard, CONDUCTOR_OWNER } = await import("../../card-BN643ZOY.js");
       const { loadPeers: loadPeers2 } = await import("../../peers-CJ7T4RJO.js");
       registerConductorCard(this.registryDb);
@@ -1690,11 +1695,11 @@ import swagger from "@fastify/swagger";
 import swaggerUi from "@fastify/swagger-ui";
 import fastifyStatic from "@fastify/static";
 import fastifyWebsocket from "@fastify/websocket";
-import { join as join3, dirname as dirname2 } from "path";
+import { join as join2, dirname as dirname2 } from "path";
 import { randomUUID as randomUUID7 } from "crypto";
 import { fileURLToPath } from "url";
-import { existsSync as existsSync4 } from "fs";
-import { z as z7 } from "zod";
+import { existsSync as existsSync3 } from "fs";
+import { z as z6 } from "zod";
 
 // src/registry/pricing.ts
 function getPricingStats(db, query) {
@@ -1737,566 +1742,6 @@ function computeMedian(sorted) {
   return (sorted[mid - 1] + sorted[mid]) / 2;
 }
 
-// src/credit/local-credit-ledger.ts
-var LocalCreditLedger = class {
-  constructor(db) {
-    this.db = db;
-  }
-  /**
-   * Holds credits in escrow during capability execution.
-   *
-   * @param owner - Agent identifier (requester).
-   * @param amount - Number of credits to hold.
-   * @param cardId - Capability Card ID being requested.
-   * @returns EscrowResult with the new escrowId.
-   * @throws {AgentBnBError} with code 'INSUFFICIENT_CREDITS' if balance < amount.
-   */
-  async hold(owner, amount, cardId) {
-    const escrowId = holdEscrow(this.db, owner, amount, cardId);
-    return { escrowId };
-  }
-  /**
-   * Settles an escrow — transfers held credits to the capability provider.
-   *
-   * @param escrowId - The escrow ID to settle.
-   * @param recipientOwner - Agent identifier who will receive the credits.
-   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
-   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
-   */
-  async settle(escrowId, recipientOwner) {
-    settleEscrow(this.db, escrowId, recipientOwner);
-  }
-  /**
-   * Releases an escrow — refunds credits back to the requester.
-   *
-   * @param escrowId - The escrow ID to release.
-   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
-   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
-   */
-  async release(escrowId) {
-    releaseEscrow(this.db, escrowId);
-  }
-  /**
-   * Returns the current credit balance for an agent.
-   *
-   * @param owner - Agent identifier.
-   * @returns Current balance in credits (0 if agent is unknown).
-   */
-  async getBalance(owner) {
-    return getBalance(this.db, owner);
-  }
-  /**
-   * Returns the transaction history for an agent, newest first.
-   *
-   * @param owner - Agent identifier.
-   * @param limit - Maximum number of transactions to return. Defaults to 100.
-   * @returns Array of credit transactions ordered newest first.
-   */
-  async getHistory(owner, limit) {
-    return getTransactions(this.db, owner, limit);
-  }
-  /**
-   * Grants initial credits to an agent (bootstrap grant).
-   * Idempotent — calling multiple times has no additional effect on balance.
-   *
-   * @param owner - Agent identifier.
-   * @param amount - Number of credits to grant. Defaults to 100.
-   */
-  async grant(owner, amount) {
-    bootstrapAgent(this.db, owner, amount);
-  }
-  async rename(oldOwner, newOwner) {
-    migrateOwner(this.db, oldOwner, newOwner);
-  }
-};
-
-// src/identity/identity.ts
-import { z as z2 } from "zod";
-import { createHash, createPrivateKey, createPublicKey } from "crypto";
-import { readFileSync as readFileSync3, writeFileSync as writeFileSync2, existsSync as existsSync3, mkdirSync as mkdirSync2 } from "fs";
-import { join as join2 } from "path";
-var AgentIdentitySchema = z2.object({
-  /** Deterministic ID derived from public key: sha256(hex).slice(0, 16). */
-  agent_id: z2.string().min(1),
-  /** Human-readable owner name (from config or init). */
-  owner: z2.string().min(1),
-  /** Hex-encoded Ed25519 public key. */
-  public_key: z2.string().min(1),
-  /** ISO 8601 timestamp of identity creation. */
-  created_at: z2.string().datetime(),
-  /** Optional guarantor info if linked to a human. */
-  guarantor: z2.object({
-    github_login: z2.string().min(1),
-    verified_at: z2.string().datetime()
-  }).optional()
-});
-var AgentCertificateSchema = z2.object({
-  identity: AgentIdentitySchema,
-  /** ISO 8601 timestamp of certificate issuance. */
-  issued_at: z2.string().datetime(),
-  /** ISO 8601 timestamp of certificate expiry. */
-  expires_at: z2.string().datetime(),
-  /** Hex-encoded public key of the issuer (same as identity for self-signed). */
-  issuer_public_key: z2.string().min(1),
-  /** Base64url Ed25519 signature over { identity, issued_at, expires_at, issuer_public_key }. */
-  signature: z2.string().min(1)
-});
-var IDENTITY_FILENAME = "identity.json";
-var PRIVATE_KEY_FILENAME = "private.key";
-var PUBLIC_KEY_FILENAME = "public.key";
-function derivePublicKeyFromPrivate(privateKey) {
-  const privateKeyObject = createPrivateKey({ key: privateKey, format: "der", type: "pkcs8" });
-  const publicKeyObject = createPublicKey(privateKeyObject);
-  const publicKey = publicKeyObject.export({ format: "der", type: "spki" });
-  return Buffer.from(publicKey);
-}
-function buildIdentityFromPublicKey(publicKey, owner, createdAt) {
-  const publicKeyHex = publicKey.toString("hex");
-  return {
-    agent_id: deriveAgentId(publicKeyHex),
-    owner,
-    public_key: publicKeyHex,
-    created_at: createdAt ?? (/* @__PURE__ */ new Date()).toISOString()
-  };
-}
-function generateFreshIdentity(configDir, owner) {
-  const keys = generateKeyPair();
-  saveKeyPair(configDir, keys);
-  const identity = buildIdentityFromPublicKey(keys.publicKey, owner);
-  saveIdentity(configDir, identity);
-  return { identity, keys, status: "generated" };
-}
-function deriveAgentId(publicKeyHex) {
-  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
-}
-function loadIdentity(configDir) {
-  const filePath = join2(configDir, IDENTITY_FILENAME);
-  if (!existsSync3(filePath)) return null;
-  try {
-    const raw = readFileSync3(filePath, "utf-8");
-    return AgentIdentitySchema.parse(JSON.parse(raw));
-  } catch {
-    return null;
-  }
-}
-function saveIdentity(configDir, identity) {
-  if (!existsSync3(configDir)) {
-    mkdirSync2(configDir, { recursive: true });
-  }
-  const filePath = join2(configDir, IDENTITY_FILENAME);
-  writeFileSync2(filePath, JSON.stringify(identity, null, 2), "utf-8");
-}
-function loadOrRepairIdentity(configDir, ownerHint) {
-  if (!existsSync3(configDir)) {
-    mkdirSync2(configDir, { recursive: true });
-  }
-  const identityPath = join2(configDir, IDENTITY_FILENAME);
-  const privateKeyPath = join2(configDir, PRIVATE_KEY_FILENAME);
-  const publicKeyPath = join2(configDir, PUBLIC_KEY_FILENAME);
-  const hasIdentity = existsSync3(identityPath);
-  const hasPrivateKey = existsSync3(privateKeyPath);
-  const hasPublicKey = existsSync3(publicKeyPath);
-  if (!hasIdentity || !hasPrivateKey || !hasPublicKey) {
-    return generateFreshIdentity(configDir, ownerHint ?? "agent");
-  }
-  let keys;
-  try {
-    keys = loadKeyPair(configDir);
-  } catch {
-    return generateFreshIdentity(configDir, ownerHint ?? "agent");
-  }
-  let derivedPublicKey;
-  try {
-    derivedPublicKey = derivePublicKeyFromPrivate(keys.privateKey);
-  } catch {
-    return generateFreshIdentity(configDir, ownerHint ?? "agent");
-  }
-  let keypairRepaired = false;
-  if (!keys.publicKey.equals(derivedPublicKey)) {
-    keypairRepaired = true;
-    keys = { privateKey: keys.privateKey, publicKey: derivedPublicKey };
-    saveKeyPair(configDir, keys);
-  }
-  const loadedIdentity = loadIdentity(configDir);
-  const expectedAgentId = deriveAgentId(derivedPublicKey.toString("hex"));
-  const expectedPublicKeyHex = derivedPublicKey.toString("hex");
-  const identityMismatch = !loadedIdentity || loadedIdentity.public_key !== expectedPublicKeyHex || loadedIdentity.agent_id !== expectedAgentId;
-  if (identityMismatch) {
-    const repairedIdentity = buildIdentityFromPublicKey(
-      derivedPublicKey,
-      loadedIdentity?.owner ?? ownerHint ?? "agent",
-      loadedIdentity?.created_at
-    );
-    saveIdentity(configDir, repairedIdentity);
-    return { identity: repairedIdentity, keys, status: "repaired" };
-  }
-  if (ownerHint && loadedIdentity.owner !== ownerHint) {
-    const updatedIdentity = { ...loadedIdentity, owner: ownerHint };
-    saveIdentity(configDir, updatedIdentity);
-    return { identity: updatedIdentity, keys, status: "repaired" };
-  }
-  return { identity: loadedIdentity, keys, status: keypairRepaired ? "repaired" : "existing" };
-}
-function ensureIdentity(configDir, owner) {
-  return loadOrRepairIdentity(configDir, owner).identity;
-}
-
-// src/registry/identity-auth.ts
-var MAX_REQUEST_AGE_MS = 5 * 60 * 1e3;
-function normalizeSignedParams(body) {
-  return body === void 0 ? null : body;
-}
-function buildIdentityPayload(method, path, timestamp, publicKeyHex, agentId, params) {
-  return {
-    method,
-    path,
-    timestamp,
-    publicKey: publicKeyHex,
-    agentId,
-    params: normalizeSignedParams(params)
-  };
-}
-function extractClaimedRequester(request) {
-  const extractFromObject = (obj) => {
-    const directOwner = typeof obj.owner === "string" ? obj.owner.trim() : "";
-    if (directOwner) return directOwner;
-    const directRequester = typeof obj.requester === "string" ? obj.requester.trim() : "";
-    if (directRequester) return directRequester;
-    const oldOwner = typeof obj.oldOwner === "string" ? obj.oldOwner.trim() : "";
-    if (oldOwner) return oldOwner;
-    const nestedParams = obj.params;
-    if (nestedParams && typeof nestedParams === "object" && !Array.isArray(nestedParams)) {
-      const nested = nestedParams;
-      const nestedOwner = typeof nested.owner === "string" ? nested.owner.trim() : "";
-      if (nestedOwner) return nestedOwner;
-      const nestedRequester = typeof nested.requester === "string" ? nested.requester.trim() : "";
-      if (nestedRequester) return nestedRequester;
-    }
-    return null;
-  };
-  if (request.body && typeof request.body === "object" && !Array.isArray(request.body)) {
-    const claimed = extractFromObject(request.body);
-    if (claimed) return claimed;
-  }
-  if (request.params && typeof request.params === "object" && !Array.isArray(request.params)) {
-    const claimed = extractFromObject(request.params);
-    if (claimed) return claimed;
-  }
-  return null;
-}
-async function verifyIdentity(request, reply, options) {
-  const agentIdHeader = request.headers["x-agent-id"];
-  const publicKeyHeader = request.headers["x-agent-publickey"];
-  const signatureHeader = request.headers["x-agent-signature"];
-  const timestampHeader = request.headers["x-agent-timestamp"];
-  const agentId = agentIdHeader?.trim();
-  const publicKeyHex = publicKeyHeader?.trim();
-  const signature = signatureHeader?.trim();
-  const timestamp = timestampHeader?.trim();
-  if (!agentId || !publicKeyHex || !signature || !timestamp) {
-    await reply.code(401).send({ error: "Missing identity headers" });
-    return false;
-  }
-  const requestTime = new Date(timestamp).getTime();
-  if (isNaN(requestTime) || Math.abs(Date.now() - requestTime) > MAX_REQUEST_AGE_MS) {
-    await reply.code(401).send({ error: "Request expired" });
-    return false;
-  }
-  if (!/^[0-9a-fA-F]+$/.test(publicKeyHex) || publicKeyHex.length % 2 !== 0) {
-    await reply.code(401).send({ error: "Invalid identity signature" });
-    return false;
-  }
-  let expectedAgentId;
-  try {
-    expectedAgentId = deriveAgentId(publicKeyHex);
-  } catch {
-    await reply.code(401).send({ error: "Invalid identity signature" });
-    return false;
-  }
-  if (agentId !== expectedAgentId) {
-    await reply.code(401).send({ error: "Invalid identity signature" });
-    return false;
-  }
-  let publicKeyBuffer;
-  try {
-    publicKeyBuffer = Buffer.from(publicKeyHex, "hex");
-  } catch {
-    await reply.code(401).send({ error: "Invalid identity signature" });
-    return false;
-  }
-  const knownAgent = options.agentDb ? lookupAgent(options.agentDb, agentId) : null;
-  if (knownAgent && knownAgent.public_key.toLowerCase() !== publicKeyHex.toLowerCase()) {
-    await reply.code(401).send({ error: "Invalid identity signature" });
-    return false;
-  }
-  const payload = buildIdentityPayload(
-    request.method,
-    request.url,
-    timestamp,
-    publicKeyHex,
-    agentId,
-    request.body
-  );
-  const valid = verifyEscrowReceipt(payload, signature, publicKeyBuffer);
-  if (!valid) {
-    await reply.code(401).send({ error: "Invalid identity signature" });
-    return false;
-  }
-  const claimedRequester = extractClaimedRequester(request);
-  if (claimedRequester && knownAgent !== null) {
-    const matchesAgentId = claimedRequester === agentId;
-    const matchesDisplayName = knownAgent.display_name === claimedRequester;
-    const matchesLegacyOwner = knownAgent.legacy_owner === claimedRequester;
-    if (!matchesAgentId && !matchesDisplayName && !matchesLegacyOwner) {
-      await reply.code(401).send({ error: "Identity does not match requester" });
-      return false;
-    }
-  }
-  request.agentPublicKey = publicKeyHex;
-  request.agentId = agentId;
-  return true;
-}
-function identityAuthPlugin(fastify, options = {}) {
-  fastify.addHook("preHandler", async (request, reply) => {
-    const ok = await verifyIdentity(request, reply, options);
-    if (!ok) {
-      return reply;
-    }
-  });
-}
-function signRequest(method, path, body, privateKey, publicKeyHex, agentIdOverride) {
-  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
-  const agentId = agentIdOverride ?? deriveAgentId(publicKeyHex);
-  const payload = buildIdentityPayload(method, path, timestamp, publicKeyHex, agentId, body);
-  const signature = signEscrowReceipt(payload, privateKey);
-  return {
-    "X-Agent-Id": agentId,
-    "X-Agent-PublicKey": publicKeyHex,
-    "X-Agent-Signature": signature,
-    "X-Agent-Timestamp": timestamp
-  };
-}
-
-// src/credit/registry-credit-ledger.ts
-var HTTP_TIMEOUT_MS = 1e4;
-var RegistryCreditLedger = class {
-  config;
-  constructor(config) {
-    this.config = config;
-  }
-  /**
-   * Holds credits in escrow during capability execution.
-   *
-   * @param owner - Agent identifier (requester).
-   * @param amount - Number of credits to hold.
-   * @param cardId - Capability Card ID being requested.
-   * @returns EscrowResult with the new escrowId.
-   * @throws {AgentBnBError} with code 'INSUFFICIENT_CREDITS' if balance < amount.
-   */
-  async hold(owner, amount, cardId) {
-    if (this.config.mode === "direct") {
-      const escrowId = holdEscrow(this.config.db, owner, amount, cardId);
-      return { escrowId };
-    }
-    const data = await this.post("/api/credits/hold", owner, {
-      owner,
-      amount,
-      cardId
-    });
-    return { escrowId: data.escrowId };
-  }
-  /**
-   * Settles an escrow — transfers held credits to the capability provider.
-   *
-   * @param escrowId - The escrow ID to settle.
-   * @param recipientOwner - Agent identifier who will receive the credits.
-   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
-   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
-   */
-  async settle(escrowId, recipientOwner) {
-    if (this.config.mode === "direct") {
-      settleEscrow(this.config.db, escrowId, recipientOwner);
-      return;
-    }
-    await this.post("/api/credits/settle", null, { escrowId, recipientOwner });
-  }
-  /**
-   * Releases an escrow — refunds credits back to the requester.
-   *
-   * @param escrowId - The escrow ID to release.
-   * @throws {AgentBnBError} with code 'ESCROW_NOT_FOUND' if escrow does not exist.
-   * @throws {AgentBnBError} with code 'ESCROW_ALREADY_SETTLED' if escrow is not in 'held' status.
-   */
-  async release(escrowId) {
-    if (this.config.mode === "direct") {
-      releaseEscrow(this.config.db, escrowId);
-      return;
-    }
-    await this.post("/api/credits/release", null, { escrowId });
-  }
-  /**
-   * Returns the current credit balance for an agent.
-   *
-   * @param owner - Agent identifier.
-   * @returns Current balance in credits (0 if agent is unknown).
-   */
-  async getBalance(owner) {
-    if (this.config.mode === "direct") {
-      return getBalance(this.config.db, owner);
-    }
-    const data = await this.get(`/api/credits/${owner}`, owner);
-    return data.balance;
-  }
-  /**
-   * Returns the transaction history for an agent, newest first.
-   *
-   * @param owner - Agent identifier.
-   * @param limit - Maximum number of transactions to return. Defaults to 100.
-   * @returns Array of credit transactions ordered newest first.
-   */
-  async getHistory(owner, limit = 100) {
-    if (this.config.mode === "direct") {
-      return getTransactions(this.config.db, owner, limit);
-    }
-    const data = await this.get(
-      `/api/credits/${owner}/history?limit=${limit}`,
-      owner
-    );
-    return data.transactions;
-  }
-  /**
-   * Grants initial credits to an agent (bootstrap grant).
-   * Idempotent — calling multiple times has no additional effect on balance.
-   *
-   * @param owner - Agent identifier.
-   * @param amount - Number of credits to grant. Defaults to 100.
-   */
-  async grant(owner, amount = 100) {
-    if (this.config.mode === "direct") {
-      bootstrapAgent(this.config.db, owner, amount);
-      return;
-    }
-    await this.post("/api/credits/grant", owner, { owner, amount });
-  }
-  /**
-   * Renames an owner — migrates balance, transactions, and escrows.
-   */
-  async rename(oldOwner, newOwner) {
-    if (oldOwner === newOwner) return;
-    if (this.config.mode === "direct") {
-      migrateOwner(this.config.db, oldOwner, newOwner);
-      return;
-    }
-    await this.post("/api/credits/rename", null, { oldOwner, newOwner });
-  }
-  // ─── Private HTTP helpers ─────────────────────────────────────────────────
-  /**
-   * Makes an authenticated POST request to the Registry HTTP API.
-   * Includes a 10s timeout via AbortController.
-   *
-   * @param path - API path (e.g., '/api/credits/hold').
-   * @param ownerForHeader - Agent owner identifier for X-Agent-Owner header, or null to omit.
-   * @param body - JSON body to send.
-   * @returns Parsed JSON response body.
-   * @throws {AgentBnBError} on non-2xx responses or network errors.
-   */
-  async post(path, ownerForHeader, body) {
-    const cfg = this.config;
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
-    try {
-      const authHeaders = signRequest("POST", path, body, cfg.privateKey, cfg.ownerPublicKey);
-      const headers = {
-        "Content-Type": "application/json",
-        ...authHeaders
-      };
-      void ownerForHeader;
-      const res = await fetch(`${cfg.registryUrl}${path}`, {
-        method: "POST",
-        headers,
-        body: JSON.stringify(body),
-        signal: controller.signal
-      });
-      return await this.handleResponse(res);
-    } catch (err) {
-      if (err instanceof AgentBnBError) throw err;
-      throw new AgentBnBError(
-        `Registry unreachable: ${err.message}`,
-        "REGISTRY_UNREACHABLE"
-      );
-    } finally {
-      clearTimeout(timeoutId);
-    }
-  }
-  /**
-   * Makes an authenticated GET request to the Registry HTTP API.
-   * Includes a 10s timeout via AbortController.
-   *
-   * @param path - API path (e.g., '/api/credits/owner-id').
-   * @param owner - Agent owner identifier for X-Agent-Owner header.
-   * @returns Parsed JSON response body.
-   * @throws {AgentBnBError} on non-2xx responses or network errors.
-   */
-  async get(path, owner) {
-    const cfg = this.config;
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
-    try {
-      const authHeaders = signRequest("GET", path, null, cfg.privateKey, cfg.ownerPublicKey);
-      void owner;
-      const res = await fetch(`${cfg.registryUrl}${path}`, {
-        method: "GET",
-        headers: {
-          "Content-Type": "application/json",
-          ...authHeaders
-        },
-        signal: controller.signal
-      });
-      return await this.handleResponse(res);
-    } catch (err) {
-      if (err instanceof AgentBnBError) throw err;
-      throw new AgentBnBError(
-        `Registry unreachable: ${err.message}`,
-        "REGISTRY_UNREACHABLE"
-      );
-    } finally {
-      clearTimeout(timeoutId);
-    }
-  }
-  /**
-   * Handles an HTTP response — returns parsed JSON on 2xx, throws AgentBnBError on error.
-   */
-  async handleResponse(res) {
-    const json = await res.json();
-    if (!res.ok) {
-      const code = typeof json["code"] === "string" ? json["code"] : "REGISTRY_ERROR";
-      const message = typeof json["error"] === "string" ? json["error"] : `HTTP ${res.status}`;
-      throw new AgentBnBError(message, code);
-    }
-    return json;
-  }
-};
-
-// src/credit/create-ledger.ts
-function createLedger(opts) {
-  if ("registryUrl" in opts && opts.registryUrl !== void 0) {
-    return new RegistryCreditLedger({
-      mode: "http",
-      registryUrl: opts.registryUrl,
-      ownerPublicKey: opts.ownerPublicKey,
-      privateKey: opts.privateKey
-    });
-  }
-  if ("db" in opts && opts.db !== void 0) {
-    return new RegistryCreditLedger({
-      mode: "direct",
-      db: opts.db
-    });
-  }
-  const db = openCreditDb(opts.creditDbPath);
-  return new LocalCreditLedger(db);
-}
-
 // src/cli/onboarding.ts
 import { randomUUID as randomUUID2 } from "crypto";
 import { createConnection } from "net";
@@ -3586,16 +3031,16 @@ function registerWebSocketRelay(server, db, creditDb) {
 }
 
 // src/identity/guarantor.ts
-import { z as z3 } from "zod";
+import { z as z2 } from "zod";
 import { randomUUID as randomUUID6 } from "crypto";
 var MAX_AGENTS_PER_GUARANTOR = 10;
 var GUARANTOR_CREDIT_POOL = 50;
-var GuarantorRecordSchema = z3.object({
-  id: z3.string().uuid(),
-  github_login: z3.string().min(1),
-  agent_count: z3.number().int().nonnegative(),
-  credit_pool: z3.number().int().nonnegative(),
-  created_at: z3.string().datetime()
+var GuarantorRecordSchema = z2.object({
+  id: z2.string().uuid(),
+  github_login: z2.string().min(1),
+  agent_count: z2.number().int().nonnegative(),
+  credit_pool: z2.number().int().nonnegative(),
+  created_at: z2.string().datetime()
 });
 var GUARANTOR_SCHEMA = `
   CREATE TABLE IF NOT EXISTS guarantors (
@@ -3732,6 +3177,75 @@ async function creditRoutesPlugin(fastify, options) {
   } catch {
   }
   initFreeTierTable(creditDb);
+  if (!process.env.ADMIN_TOKEN) {
+    console.warn("[agentbnb] ADMIN_TOKEN not set \u2014 POST /api/credits/grant will return 401 for admin override grants");
+  }
+  fastify.get("/api/credits/balance", {
+    schema: {
+      tags: ["credits"],
+      summary: "Get credit balance by owner query param (public, no auth required)",
+      querystring: {
+        type: "object",
+        properties: { owner: { type: "string", description: "Agent owner name" } },
+        required: ["owner"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            owner: { type: "string" },
+            balance: { type: "number" }
+          }
+        },
+        400: { type: "object", properties: { error: { type: "string" } } }
+      }
+    }
+  }, async (request, reply) => {
+    const query = request.query;
+    const owner = typeof query.owner === "string" ? query.owner.trim() : "";
+    if (!owner) {
+      return reply.code(400).send({ error: "owner query param required" });
+    }
+    const balance = getBalance(creditDb, owner);
+    return reply.send({ owner, balance });
+  });
+  fastify.get("/api/credits/transactions", {
+    schema: {
+      tags: ["credits"],
+      summary: "Get transaction history by query params (public, no auth required)",
+      querystring: {
+        type: "object",
+        properties: {
+          owner: { type: "string", description: "Agent owner name" },
+          since: { type: "string", description: "ISO 8601 timestamp \u2014 only return transactions after this time" },
+          limit: { type: "integer", description: "Max entries (default 50, max 100)" }
+        },
+        required: ["owner"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            owner: { type: "string" },
+            transactions: { type: "array" },
+            limit: { type: "integer" }
+          }
+        },
+        400: { type: "object", properties: { error: { type: "string" } } }
+      }
+    }
+  }, async (request, reply) => {
+    const query = request.query;
+    const owner = typeof query.owner === "string" ? query.owner.trim() : "";
+    if (!owner) {
+      return reply.code(400).send({ error: "owner query param required" });
+    }
+    const rawLimit = query.limit !== void 0 ? parseInt(query.limit, 10) : 50;
+    const limit = Math.min(isNaN(rawLimit) || rawLimit < 1 ? 50 : rawLimit, 100);
+    const since = typeof query.since === "string" && query.since.trim() ? query.since.trim() : void 0;
+    const transactions = getTransactions(creditDb, owner, { limit, after: since });
+    return reply.send({ owner, transactions, limit });
+  });
   await fastify.register(async (scope) => {
     identityAuthPlugin(scope, { agentDb: creditDb });
     scope.post("/api/credits/hold", {
@@ -4127,38 +3641,38 @@ var HubAgentExecutor = class {
 };
 
 // src/hub-agent/types.ts
-import { z as z4 } from "zod";
-var SkillRouteSchema = z4.discriminatedUnion("mode", [
-  z4.object({
-    skill_id: z4.string().min(1),
-    mode: z4.literal("direct_api"),
+import { z as z3 } from "zod";
+var SkillRouteSchema = z3.discriminatedUnion("mode", [
+  z3.object({
+    skill_id: z3.string().min(1),
+    mode: z3.literal("direct_api"),
     config: ApiSkillConfigSchema
   }),
-  z4.object({
-    skill_id: z4.string().min(1),
-    mode: z4.literal("relay"),
-    config: z4.object({ relay_owner: z4.string().min(1) })
+  z3.object({
+    skill_id: z3.string().min(1),
+    mode: z3.literal("relay"),
+    config: z3.object({ relay_owner: z3.string().min(1) })
   }),
-  z4.object({
-    skill_id: z4.string().min(1),
-    mode: z4.literal("queue"),
-    config: z4.object({ relay_owner: z4.string().min(1) }).passthrough()
+  z3.object({
+    skill_id: z3.string().min(1),
+    mode: z3.literal("queue"),
+    config: z3.object({ relay_owner: z3.string().min(1) }).passthrough()
   })
 ]);
-var HubAgentSchema = z4.object({
-  agent_id: z4.string().min(1),
-  name: z4.string().min(1),
-  owner_public_key: z4.string().min(1),
-  public_key: z4.string().min(1),
-  skill_routes: z4.array(SkillRouteSchema),
-  status: z4.enum(["active", "paused"]),
-  created_at: z4.string(),
-  updated_at: z4.string()
+var HubAgentSchema = z3.object({
+  agent_id: z3.string().min(1),
+  name: z3.string().min(1),
+  owner_public_key: z3.string().min(1),
+  public_key: z3.string().min(1),
+  skill_routes: z3.array(SkillRouteSchema),
+  status: z3.enum(["active", "paused"]),
+  created_at: z3.string(),
+  updated_at: z3.string()
 });
-var CreateAgentRequestSchema = z4.object({
-  name: z4.string().min(1),
-  skill_routes: z4.array(SkillRouteSchema),
-  secrets: z4.record(z4.string()).optional()
+var CreateAgentRequestSchema = z3.object({
+  name: z3.string().min(1),
+  skill_routes: z3.array(SkillRouteSchema),
+  secrets: z3.record(z3.string()).optional()
 });
 
 // src/hub-agent/routes.ts
@@ -4586,24 +4100,24 @@ function deriveOperationId(method, path) {
 }
 
 // src/feedback/schema.ts
-import { z as z5 } from "zod";
-var StructuredFeedbackSchema = z5.object({
-  transaction_id: z5.string().uuid(),
+import { z as z4 } from "zod";
+var StructuredFeedbackSchema = z4.object({
+  transaction_id: z4.string().uuid(),
   // must match a request_log entry id
-  provider_agent: z5.string().min(1),
-  skill_id: z5.string().min(1),
-  requester_agent: z5.string().min(1),
-  rating: z5.number().int().min(1).max(5),
-  latency_ms: z5.number().int().min(0),
-  result_quality: z5.enum(["excellent", "good", "acceptable", "poor", "failed"]),
-  quality_details: z5.string().max(500).optional(),
-  would_reuse: z5.boolean(),
-  cost_value_ratio: z5.enum(["great", "fair", "overpriced"]),
-  timestamp: z5.string().datetime()
+  provider_agent: z4.string().min(1),
+  skill_id: z4.string().min(1),
+  requester_agent: z4.string().min(1),
+  rating: z4.number().int().min(1).max(5),
+  latency_ms: z4.number().int().min(0),
+  result_quality: z4.enum(["excellent", "good", "acceptable", "poor", "failed"]),
+  quality_details: z4.string().max(500).optional(),
+  would_reuse: z4.boolean(),
+  cost_value_ratio: z4.enum(["great", "fair", "overpriced"]),
+  timestamp: z4.string().datetime()
 });
-var FeedbackResponseSchema = z5.object({
-  feedback_id: z5.string().uuid(),
-  received_at: z5.string().datetime()
+var FeedbackResponseSchema = z4.object({
+  feedback_id: z4.string().uuid(),
+  received_at: z4.string().datetime()
 });
 
 // src/feedback/api.ts
@@ -4726,28 +4240,28 @@ var feedbackPlugin = async (fastify, opts) => {
 var api_default = feedbackPlugin;
 
 // src/evolution/schema.ts
-import { z as z6 } from "zod";
-var CoreMemoryEntrySchema = z6.object({
-  category: z6.string(),
-  importance: z6.number().min(0).max(1),
-  content: z6.string(),
-  scope: z6.string().optional()
+import { z as z5 } from "zod";
+var CoreMemoryEntrySchema = z5.object({
+  category: z5.string(),
+  importance: z5.number().min(0).max(1),
+  content: z5.string(),
+  scope: z5.string().optional()
 });
-var TemplateEvolutionSchema = z6.object({
+var TemplateEvolutionSchema = z5.object({
   /** e.g. "genesis-template" */
-  template_name: z6.string().min(1),
+  template_name: z5.string().min(1),
   /** Semantic version string, e.g. "1.2.3" */
-  template_version: z6.string().regex(/^\d+\.\d+\.\d+$/, "Must be a valid semver string (e.g. 1.2.3)"),
+  template_version: z5.string().regex(/^\d+\.\d+\.\d+$/, "Must be a valid semver string (e.g. 1.2.3)"),
   /** Identifier of the agent publishing this evolution */
-  publisher_agent: z6.string().min(1),
+  publisher_agent: z5.string().min(1),
   /** Human-readable description of what changed in this evolution */
-  changelog: z6.string().max(1e3),
+  changelog: z5.string().max(1e3),
   /** Snapshot of the agent's core memory at the time of evolution (max 50 entries) */
-  core_memory_snapshot: z6.array(CoreMemoryEntrySchema).max(50),
+  core_memory_snapshot: z5.array(CoreMemoryEntrySchema).max(50),
   /** Delta in fitness score from before evolution (range -1 to 1) */
-  fitness_improvement: z6.number().min(-1).max(1),
+  fitness_improvement: z5.number().min(-1).max(1),
   /** ISO 8601 datetime string */
-  timestamp: z6.string().datetime()
+  timestamp: z5.string().datetime()
 });
 
 // src/evolution/api.ts
@@ -4935,14 +4449,14 @@ function createRegistryServer(opts) {
   const __filename = fileURLToPath(import.meta.url);
   const __dirname = dirname2(__filename);
   const hubDistCandidates = [
-    join3(__dirname, "../hub/dist"),
+    join2(__dirname, "../hub/dist"),
     // When in dist/ (tsup chunk, e.g. dist/server-XYZ.js)
-    join3(__dirname, "../../hub/dist"),
+    join2(__dirname, "../../hub/dist"),
     // When in dist/registry/ or dist/cli/
-    join3(__dirname, "../../../hub/dist")
+    join2(__dirname, "../../../hub/dist")
     // Fallback for alternative layouts
   ];
-  const hubDistDir = hubDistCandidates.find((p) => existsSync4(p));
+  const hubDistDir = hubDistCandidates.find((p) => existsSync3(p));
   if (hubDistDir) {
     void server.register(fastifyStatic, {
       root: hubDistDir,
@@ -5738,16 +5252,16 @@ function createRegistryServer(opts) {
       const gptActions = convertToGptActions(openapiSpec, serverUrl);
       return reply.send(gptActions);
     });
-    const BatchRequestBodySchema = z7.object({
-      requests: z7.array(
-        z7.object({
-          skill_id: z7.string().min(1),
-          params: z7.record(z7.unknown()).default({}),
-          max_credits: z7.number().positive()
+    const BatchRequestBodySchema = z6.object({
+      requests: z6.array(
+        z6.object({
+          skill_id: z6.string().min(1),
+          params: z6.record(z6.unknown()).default({}),
+          max_credits: z6.number().positive()
         })
       ).min(1),
-      strategy: z7.enum(["parallel", "sequential", "best_effort"]),
-      total_budget: z7.number().positive()
+      strategy: z6.enum(["parallel", "sequential", "best_effort"]),
+      total_budget: z6.number().positive()
     });
     api.post("/api/request/batch", {
       schema: {
@@ -5818,7 +5332,7 @@ function createRegistryServer(opts) {
               });
               await relayClient.connect();
             }
-            const { requestViaRelay: requestViaRelay2 } = await import("../../client-OKJJ3UP2.js");
+            const { requestViaRelay: requestViaRelay2 } = await import("../../client-UQBGCIPA.js");
             return requestViaRelay2(relayClient, {
               targetOwner: target.owner,
               cardId: target.cardId,
@@ -6287,10 +5801,10 @@ async function stopAnnouncement() {
 
 // src/runtime/resolve-self-cli.ts
 import { execFileSync as execFileSync2 } from "child_process";
-import { existsSync as existsSync5, realpathSync } from "fs";
+import { existsSync as existsSync4, realpathSync } from "fs";
 import { createRequire } from "module";
 import { homedir as homedir2 } from "os";
-import { basename, dirname as dirname3, isAbsolute, join as join4, resolve } from "path";
+import { basename, dirname as dirname3, isAbsolute, join as join3, resolve } from "path";
 function resolveSelfCli() {
   const require2 = createRequire(import.meta.url);
   return resolveSelfCliWithDeps({
@@ -6300,7 +5814,7 @@ function resolveSelfCli() {
     homeDir: homedir2(),
     envPath: process.env["PATH"],
     nodeExecDir: dirname3(process.execPath),
-    exists: existsSync5,
+    exists: existsSync4,
     realpath: realpathSync,
     runWhich: (pathEnv) => execFileSync2("which", ["agentbnb"], {
       encoding: "utf8",
@@ -6345,7 +5859,7 @@ function resolveSelfCliWithDeps(deps) {
   }
   if (deps.nodeExecDir) {
     const execDirCandidate = tryCandidate(
-      join4(deps.nodeExecDir, "agentbnb"),
+      join3(deps.nodeExecDir, "agentbnb"),
       "node-execpath-dir"
     );
     if (execDirCandidate) return execDirCandidate;
@@ -6376,9 +5890,9 @@ function buildFullPathEnv(pathEnv, homeDir, nodeExecDir) {
     "/bin",
     "/usr/sbin",
     "/sbin",
-    join4(homeDir, ".local", "bin"),
-    join4(homeDir, "Library", "pnpm"),
-    join4(homeDir, ".local", "share", "pnpm")
+    join3(homeDir, ".local", "bin"),
+    join3(homeDir, "Library", "pnpm"),
+    join3(homeDir, ".local", "share", "pnpm")
   ]) {
     values.add(extra);
   }
@@ -6397,13 +5911,13 @@ function safeRealpath(realpath, path) {
 function getPnpmGlobalCandidates(platform, homeDir) {
   const candidates = /* @__PURE__ */ new Set();
   if (platform === "darwin") {
-    candidates.add(join4(homeDir, "Library", "pnpm", "agentbnb"));
+    candidates.add(join3(homeDir, "Library", "pnpm", "agentbnb"));
   }
   if (platform === "linux") {
-    candidates.add(join4(homeDir, ".local", "share", "pnpm", "agentbnb"));
+    candidates.add(join3(homeDir, ".local", "share", "pnpm", "agentbnb"));
   }
-  candidates.add(join4(homeDir, "Library", "pnpm", "agentbnb"));
-  candidates.add(join4(homeDir, ".local", "share", "pnpm", "agentbnb"));
+  candidates.add(join3(homeDir, "Library", "pnpm", "agentbnb"));
+  candidates.add(join3(homeDir, ".local", "share", "pnpm", "agentbnb"));
   return [...candidates];
 }
 function looksLikeAgentbnbCli(path) {
@@ -6421,9 +5935,10 @@ function extractErrorMessage(err) {
 
 // src/runtime/service-coordinator.ts
 import { spawn as spawn2 } from "child_process";
-import { existsSync as existsSync6, readFileSync as readFileSync4 } from "fs";
-import { join as join5 } from "path";
+import { existsSync as existsSync5, readFileSync as readFileSync3 } from "fs";
+import { join as join4 } from "path";
 import { randomUUID as randomUUID8 } from "crypto";
+import { Cron as Cron2 } from "croner";
 function buildFallbackRelayCard(owner) {
   return {
     id: randomUUID8(),
@@ -6461,6 +5976,7 @@ var ServiceCoordinator = class {
   inProcessStartup = false;
   shutdownPromise = null;
   signalHandlersRegistered = false;
+  creditSyncJob = null;
   constructor(config, guard) {
     this.config = config;
     this.guard = guard;
@@ -6569,7 +6085,7 @@ var ServiceCoordinator = class {
     return {
       port: opts?.port ?? this.config.gateway_port,
       handlerUrl: opts?.handlerUrl ?? "http://localhost:8080",
-      skillsYamlPath: opts?.skillsYamlPath ?? join5(getConfigDir(), "skills.yaml"),
+      skillsYamlPath: opts?.skillsYamlPath ?? join4(getConfigDir(), "skills.yaml"),
       registryPort: opts?.registryPort ?? 7701,
       registryUrl: opts?.registryUrl ?? this.config.registry ?? "",
       relay: opts?.relay ?? true,
@@ -6625,6 +6141,22 @@ var ServiceCoordinator = class {
     const idleJob = idleMonitor.start();
     this.runtime.registerJob(idleJob);
     console.log("IdleMonitor started (60s poll interval, 70% idle threshold)");
+    if (this.config.registry) {
+      const startupSync = await syncCreditsFromRegistry(this.config, this.runtime.creditDb);
+      if (startupSync.synced) {
+        console.log(`[agentbnb] credits synced: ${startupSync.remoteBalance} (was ${startupSync.localWas})`);
+      } else {
+        console.warn(`[agentbnb] credit sync skipped: ${startupSync.error}`);
+      }
+      this.creditSyncJob = new Cron2("*/5 * * * *", async () => {
+        const result = await syncCreditsFromRegistry(this.config, this.runtime.creditDb);
+        if (result.synced) {
+          console.log(`[agentbnb] credits synced: ${result.remoteBalance} (was ${result.localWas})`);
+        } else {
+          console.warn(`[agentbnb] credit sync failed: ${result.error}`);
+        }
+      });
+    }
     this.gateway = createGatewayServer({
       port: opts.port,
       registryDb: this.runtime.registryDb,
@@ -6655,7 +6187,7 @@ var ServiceCoordinator = class {
     }
     if (opts.registryUrl && opts.relay) {
       const { RelayClient: RelayClient2 } = await import("../../websocket-client-SNDF3B6N.js");
-      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../../execute-UAD5T3BQ.js");
+      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../../execute-VRTABQ6F.js");
       const localCards = listCards(this.runtime.registryDb, this.config.owner);
       const { primaryCard, additionalCards } = buildRelayRegistrationCards(this.config.owner, localCards);
       if (this.config.conductor?.public) {
@@ -6714,6 +6246,10 @@ var ServiceCoordinator = class {
       return;
     }
     this.shutdownPromise = (async () => {
+      if (this.creditSyncJob) {
+        this.creditSyncJob.stop();
+        this.creditSyncJob = null;
+      }
       if (this.relayClient) {
         this.relayClient.disconnect();
         this.relayClient = null;
@@ -6909,10 +6445,10 @@ var ServiceCoordinator = class {
   };
 };
 function loadPersistedRuntime(configDir) {
-  const runtimePath = join5(configDir, "runtime.json");
-  if (!existsSync6(runtimePath)) return null;
+  const runtimePath = join4(configDir, "runtime.json");
+  if (!existsSync5(runtimePath)) return null;
   try {
-    const raw = readFileSync4(runtimePath, "utf8");
+    const raw = readFileSync3(runtimePath, "utf8");
     const parsed = JSON.parse(raw);
     const nodeExec = parsed["node_exec"];
     if (typeof nodeExec !== "string" || nodeExec.trim().length === 0) {
@@ -6952,18 +6488,18 @@ function sleep2(ms) {
 import { randomUUID as randomUUID10 } from "crypto";
 
 // src/credit/escrow-receipt.ts
-import { z as z8 } from "zod";
+import { z as z7 } from "zod";
 import { randomUUID as randomUUID9 } from "crypto";
-var EscrowReceiptSchema = z8.object({
-  requester_owner: z8.string().min(1),
-  requester_agent_id: z8.string().optional(),
-  requester_public_key: z8.string().min(1),
-  amount: z8.number().positive(),
-  card_id: z8.string().min(1),
-  skill_id: z8.string().optional(),
-  timestamp: z8.string(),
-  nonce: z8.string().uuid(),
-  signature: z8.string().min(1)
+var EscrowReceiptSchema = z7.object({
+  requester_owner: z7.string().min(1),
+  requester_agent_id: z7.string().optional(),
+  requester_public_key: z7.string().min(1),
+  amount: z7.number().positive(),
+  card_id: z7.string().min(1),
+  skill_id: z7.string().optional(),
+  timestamp: z7.string(),
+  nonce: z7.string().uuid(),
+  signature: z7.string().min(1)
 });
 function createSignedEscrowReceipt(db, privateKey, publicKey, opts) {
   const escrowId = holdEscrow(db, opts.owner, opts.amount, opts.cardId);
@@ -7329,16 +6865,16 @@ function isNetworkError(err) {
 }
 
 // skills/agentbnb/openclaw-tools.ts
-import { readFileSync as readFileSync5, existsSync as existsSync7 } from "fs";
-import { join as join6 } from "path";
+import { readFileSync as readFileSync4, existsSync as existsSync6 } from "fs";
+import { join as join5 } from "path";
 import { homedir as homedir3 } from "os";
 
 // src/mcp/tools/discover.ts
-import { z as z9 } from "zod";
+import { z as z8 } from "zod";
 var discoverInputSchema = {
-  query: z9.string().describe("Natural language search query"),
-  level: z9.number().optional().describe("Filter by capability level (1=Atomic, 2=Pipeline, 3=Environment)"),
-  online_only: z9.boolean().optional().describe("Only show online agents")
+  query: z8.string().describe("Natural language search query"),
+  level: z8.number().optional().describe("Filter by capability level (1=Atomic, 2=Pipeline, 3=Environment)"),
+  online_only: z8.boolean().optional().describe("Only show online agents")
 };
 async function handleDiscover(args, ctx) {
   try {
@@ -7396,14 +6932,14 @@ async function handleDiscover(args, ctx) {
 }
 
 // src/mcp/tools/request.ts
-import { z as z10 } from "zod";
+import { z as z9 } from "zod";
 var requestInputSchema = {
-  query: z10.string().optional().describe("Search query to find a matching capability (auto-request mode)"),
-  card_id: z10.string().optional().describe("Direct card ID to request (skips search)"),
-  skill_id: z10.string().optional().describe("Specific skill within a v2.0 card"),
-  params: z10.record(z10.unknown()).optional().describe("Input parameters for the capability"),
-  max_cost: z10.number().optional().default(50).describe("Maximum credits to spend"),
-  timeout_ms: z10.number().positive().optional().describe("Requester timeout override in milliseconds")
+  query: z9.string().optional().describe("Search query to find a matching capability (auto-request mode)"),
+  card_id: z9.string().optional().describe("Direct card ID to request (skips search)"),
+  skill_id: z9.string().optional().describe("Specific skill within a v2.0 card"),
+  params: z9.record(z9.unknown()).optional().describe("Input parameters for the capability"),
+  max_cost: z9.number().optional().default(50).describe("Maximum credits to spend"),
+  timeout_ms: z9.number().positive().optional().describe("Requester timeout override in milliseconds")
 };
 function parsePositiveNumber(value) {
   return typeof value === "number" && value > 0 ? value : void 0;
@@ -7603,7 +7139,7 @@ async function handleRequest(args, ctx) {
 }
 
 // src/mcp/tools/conduct.ts
-import { z as z11 } from "zod";
+import { z as z10 } from "zod";
 
 // src/cli/conduct.ts
 async function conductAction(task, opts) {
@@ -7741,9 +7277,9 @@ async function conductAction(task, opts) {
 
 // src/mcp/tools/conduct.ts
 var conductInputSchema = {
-  task: z11.string().describe("Natural language task description"),
-  plan_only: z11.boolean().optional().default(false).describe("If true, return execution plan without executing"),
-  max_budget: z11.number().optional().default(100).describe("Maximum credits to spend")
+  task: z10.string().describe("Natural language task description"),
+  plan_only: z10.boolean().optional().default(false).describe("If true, return execution plan without executing"),
+  max_budget: z10.number().optional().default(100).describe("Maximum credits to spend")
 };
 async function handleConduct(args, _ctx) {
   try {
@@ -7763,14 +7299,26 @@ async function handleConduct(args, _ctx) {
 }
 
 // src/mcp/tools/status.ts
-import { z as z12 } from "zod";
+import { z as z11 } from "zod";
 var statusInputSchema = {
-  _unused: z12.string().optional().describe("No parameters needed")
+  _unused: z11.string().optional().describe("No parameters needed")
 };
+function readLocalBalance(creditDbPath, creditKey) {
+  const creditDb = openCreditDb(creditDbPath);
+  try {
+    return getBalance(creditDb, creditKey);
+  } catch {
+    return 0;
+  } finally {
+    creditDb.close();
+  }
+}
 async function handleStatus(ctx) {
   try {
-    let balance = 0;
     const creditKey = ctx.identity.agent_id ?? ctx.identity.owner;
+    const local_balance = readLocalBalance(ctx.config.credit_db_path, creditKey);
+    let registry_balance = null;
+    let sync_needed = false;
     if (ctx.config.registry) {
       try {
         const keys = loadKeyPair(ctx.configDir);
@@ -7779,28 +7327,19 @@ async function handleStatus(ctx) {
           ownerPublicKey: ctx.identity.public_key,
           privateKey: keys.privateKey
         });
-        balance = await ledger.getBalance(creditKey);
+        registry_balance = await ledger.getBalance(creditKey);
+        sync_needed = Math.abs(registry_balance - local_balance) > 1;
       } catch {
-        const creditDb = openCreditDb(ctx.config.credit_db_path);
-        try {
-          balance = getBalance(creditDb, creditKey);
-        } finally {
-          creditDb.close();
-        }
-      }
-    } else {
-      const creditDb = openCreditDb(ctx.config.credit_db_path);
-      try {
-        balance = getBalance(creditDb, creditKey);
-      } finally {
-        creditDb.close();
       }
     }
+    const balance = registry_balance ?? local_balance;
     const result = {
       agent_id: ctx.identity.agent_id,
       owner: ctx.identity.owner,
       public_key: ctx.identity.public_key,
       balance,
+      local_balance,
+      ...ctx.config.registry ? { registry_balance, sync_needed } : {},
       registry_url: ctx.config.registry ?? null,
       config_dir: ctx.configDir
     };
@@ -7816,9 +7355,9 @@ async function handleStatus(ctx) {
 }
 
 // src/mcp/tools/publish.ts
-import { z as z13 } from "zod";
+import { z as z12 } from "zod";
 var publishInputSchema = {
-  card_json: z13.string().describe("JSON string of the capability card to publish")
+  card_json: z12.string().describe("JSON string of the capability card to publish")
 };
 async function handlePublish(args, ctx) {
   try {
@@ -7898,24 +7437,24 @@ async function handlePublish(args, ctx) {
 var contextCache = /* @__PURE__ */ new Map();
 function resolveConfigDir(toolCtx) {
   if (toolCtx.agentDir) {
-    return toolCtx.agentDir.endsWith(".agentbnb") ? toolCtx.agentDir : join6(toolCtx.agentDir, ".agentbnb");
+    return toolCtx.agentDir.endsWith(".agentbnb") ? toolCtx.agentDir : join5(toolCtx.agentDir, ".agentbnb");
   }
   if (toolCtx.workspaceDir) {
-    return join6(toolCtx.workspaceDir, ".agentbnb");
+    return join5(toolCtx.workspaceDir, ".agentbnb");
   }
-  return join6(homedir3(), ".agentbnb");
+  return join5(homedir3(), ".agentbnb");
 }
 function buildMcpContext(toolCtx) {
   const configDir = resolveConfigDir(toolCtx);
   const cached = contextCache.get(configDir);
   if (cached) return cached;
-  const configPath = join6(configDir, "config.json");
-  if (!existsSync7(configPath)) {
+  const configPath = join5(configDir, "config.json");
+  if (!existsSync6(configPath)) {
     throw new Error(
       `AgentBnB not initialized at ${configDir}. Run \`agentbnb init\` or activate the plugin first.`
     );
   }
-  const config = JSON.parse(readFileSync5(configPath, "utf-8"));
+  const config = JSON.parse(readFileSync4(configPath, "utf-8"));
   const identity = ensureIdentity(configDir, config.owner);
   const ctx = { configDir, config, identity };
   contextCache.set(configDir, ctx);
@@ -8075,18 +7614,18 @@ function resolveWorkspaceDir() {
   if (process.env["AGENTBNB_DIR"]) {
     return process.env["AGENTBNB_DIR"];
   }
-  const openclawAgentsDir = join7(homedir4(), ".openclaw", "agents");
+  const openclawAgentsDir = join6(homedir4(), ".openclaw", "agents");
   const cwd = process.cwd();
   if (cwd.startsWith(openclawAgentsDir + "/")) {
     const relative = cwd.slice(openclawAgentsDir.length + 1);
     const agentName = relative.split("/")[0];
-    return join7(openclawAgentsDir, agentName, ".agentbnb");
+    return join6(openclawAgentsDir, agentName, ".agentbnb");
   }
-  return join7(homedir4(), ".agentbnb");
+  return join6(homedir4(), ".agentbnb");
 }
 function registerDecomposerCard(configDir, owner) {
   try {
-    const db = openDatabase(join7(configDir, "registry.db"));
+    const db = openDatabase(join6(configDir, "registry.db"));
     const existing = db.prepare(
       "SELECT id FROM capability_cards WHERE owner = ? AND json_extract(data, '$.capability_type') = ?"
     ).get(owner, "task_decomposition");
@@ -8216,7 +7755,7 @@ function writeBootstrapMd(bootstrapPath, configDir) {
     "---",
     "_Generated by AgentBnB bootstrap on first install._"
   ].join("\n");
-  writeFileSync3(bootstrapPath, content, "utf-8");
+  writeFileSync2(bootstrapPath, content, "utf-8");
 }
 async function activate(config = {}, _onboardDeps) {
   const debug = process.env["AGENTBNB_DEBUG"] === "1";
@@ -8225,7 +7764,7 @@ async function activate(config = {}, _onboardDeps) {
     if (debug) process.stderr.write(`[agentbnb] AGENTBNB_DIR set from config.agentDir: ${config.agentDir}
 `);
   } else if (config.workspaceDir) {
-    const derived = join7(config.workspaceDir, ".agentbnb");
+    const derived = join6(config.workspaceDir, ".agentbnb");
     process.env["AGENTBNB_DIR"] = derived;
     if (debug) process.stderr.write(`[agentbnb] AGENTBNB_DIR derived from config.workspaceDir: ${derived}
 `);
@@ -8245,11 +7784,11 @@ async function activate(config = {}, _onboardDeps) {
   let agentConfig = loadConfig();
   if (!agentConfig) {
     const agentName = deriveAgentName(configDir);
-    const brainsDir = join7(homedir4(), ".openclaw", "workspace", "brains");
-    const brainDir = join7(brainsDir, agentName);
-    if (existsSync8(brainDir)) {
-      const bootstrapPath = join7(brainDir, "BOOTSTRAP.md");
-      if (!existsSync8(bootstrapPath)) {
+    const brainsDir = join6(homedir4(), ".openclaw", "workspace", "brains");
+    const brainDir = join6(brainsDir, agentName);
+    if (existsSync7(brainDir)) {
+      const bootstrapPath = join6(brainDir, "BOOTSTRAP.md");
+      if (!existsSync7(bootstrapPath)) {
         try {
           writeBootstrapMd(bootstrapPath, configDir);
           if (debug) process.stderr.write("[agentbnb] Created BOOTSTRAP.md for first-run setup\n");
@@ -8265,7 +7804,7 @@ async function activate(config = {}, _onboardDeps) {
 `
     );
   }
-  const guard = new ProcessGuard(join7(configDir, ".pid"));
+  const guard = new ProcessGuard(join6(configDir, ".pid"));
   const coordinator = new ServiceCoordinator(agentConfig, guard);
   const service = new AgentBnBService(coordinator, agentConfig);
   const opts = {