agentbnb 9.0.3 → 9.1.1

package/dist/{service-coordinator-4JAUUNUL.js → service-coordinator-FB44QL7L.js}

@@ -1,3 +1,6 @@
+import {
+  StructuredFeedbackSchema
+} from "./chunk-AUBHR7HH.js";
 import {
   ApiSkillConfigSchema,
   parseSkillsFile
@@ -11,11 +14,9 @@ import {
 } from "./chunk-3MJT4PZG.js";
 import {
   executeCapabilityBatch,
-  executeCapabilityRequest
-} from "./chunk-76YORWFJ.js";
-import {
-  StructuredFeedbackSchema
-} from "./chunk-AUBHR7HH.js";
+  executeCapabilityRequest,
+  notifyProviderEvent
+} from "./chunk-RVOZHVM7.js";
 import {
   announceGateway,
   stopAnnouncement
@@ -28,7 +29,7 @@ import {
   buildDraftCard,
   detectApiKeys,
   getPricingStats
-} from "./chunk-FUGWPKXN.js";
+} from "./chunk-G4TF4LB4.js";
 import {
   listPendingRequests,
   resolvePendingRequest
@@ -40,23 +41,24 @@ import {
 } from "./chunk-G5WKW3ED.js";
 import {
   syncCreditsFromRegistry
-} from "./chunk-FMKBCO2Q.js";
+} from "./chunk-ZYOMPJGG.js";
 import {
   createLedger,
   identityAuthPlugin
-} from "./chunk-74OZGLIT.js";
+} from "./chunk-LENX5NUW.js";
 import {
   deriveAgentId
 } from "./chunk-5CC6O6SO.js";
-import "./chunk-ERT77HKY.js";
+import "./chunk-O44N3KR7.js";
 import "./chunk-ELFGYC22.js";
 import {
   buildReputationMap,
   computeReputation,
   filterCards,
   searchCards
-} from "./chunk-QEDVPJKP.js";
+} from "./chunk-I4E5ERDN.js";
 import {
+  NETWORK_FEE_RATE,
   bootstrapAgent,
   getBalance,
   getTransactions,
@@ -68,47 +70,61 @@ import {
   openCreditDb,
   releaseEscrow,
   settleEscrow
-} from "./chunk-Z4IDXMSP.js";
-import {
-  RelayMessageSchema
-} from "./chunk-3466S65P.js";
-import {
-  generateKeyPair,
-  verifyEscrowReceipt
-} from "./chunk-YNBZLXYS.js";
-import "./chunk-YDGXKH2T.js";
-import {
-  getConfigDir
-} from "./chunk-3XPBFF6H.js";
+} from "./chunk-D7NH6YLM.js";
 import {
   attachCanonicalAgentId,
-  getActivityFeed,
   getCard,
   getCardsBySkillCapability,
   getEvolutionHistory,
   getFeedbackForProvider,
   getFeedbackForSkill,
   getLatestEvolution,
-  getRequestLog,
-  getSkillRequestCount,
   insertCard,
   insertEvolution,
   insertFeedback,
-  insertRequestLog,
   listCards,
   openDatabase,
   updateCard,
   updateSkillAvailability,
   updateSkillIdleRate
-} from "./chunk-NLQCHO7N.js";
+} from "./chunk-7VZ4M4CT.js";
+import {
+  RelayMessageSchema,
+  SESSION_MESSAGE_TYPES,
+  SessionEndMessageSchema,
+  SessionMessageMessageSchema,
+  SessionOpenMessageSchema,
+  loadSessionConfig
+} from "./chunk-Q5OFZ2JR.js";
+import {
+  loadCoreConfig
+} from "./chunk-QXRNW4OJ.js";
+import {
+  generateKeyPair,
+  verifyEscrowReceipt
+} from "./chunk-YNBZLXYS.js";
+import "./chunk-YDGXKH2T.js";
 import "./chunk-J4RFJVXI.js";
 import {
   AgentBnBError,
   AnyCardSchema
 } from "./chunk-UVCNMRPS.js";
+import {
+  getConfigDir
+} from "./chunk-3XPBFF6H.js";
+import {
+  getActivityFeed,
+  getRequestLog,
+  getSkillRequestCount,
+  insertRequestLog
+} from "./chunk-4XTYT4JW.js";
+import {
+  emitProviderEvent
+} from "./chunk-GZUTU6IZ.js";
+import "./chunk-3RG5ZIWI.js";
 
 // src/runtime/agent-runtime.ts
-import { readFileSync, existsSync } from "fs";
+import { readFileSync as readFileSync2, existsSync } from "fs";
 
 // src/skills/executor.ts
 function buildTimeoutError(skillId, timeoutMs) {
@@ -554,9 +570,42 @@ var PipelineExecutor = class {
 };
 
 // src/skills/openclaw-bridge.ts
-import { execFileSync } from "child_process";
+import { spawnSync } from "child_process";
 var DEFAULT_BASE_URL = "http://localhost:3000";
 var DEFAULT_TIMEOUT_MS = 6e4;
+function isOpenClawJsonResponse(value) {
+  return typeof value === "object" && value !== null && "payloads" in value && Array.isArray(value.payloads) && "meta" in value;
+}
+function parseOpenClawResponse(raw) {
+  if (!isOpenClawJsonResponse(raw)) {
+    return raw;
+  }
+  const { payloads, meta } = raw;
+  const texts = payloads.map((p) => p.text).filter((t) => typeof t === "string" && t.length > 0);
+  const mediaUrls = payloads.map((p) => p.mediaUrl).filter((u) => typeof u === "string" && u.length > 0);
+  const openclawMeta = {
+    duration_ms: meta.durationMs,
+    model: meta.agentMeta?.model,
+    provider: meta.agentMeta?.provider
+  };
+  if (texts.length === 0) {
+    return { text: "", media_urls: mediaUrls, _openclaw_meta: openclawMeta };
+  }
+  const lastText = texts[texts.length - 1];
+  try {
+    const structured = JSON.parse(lastText);
+    if (typeof structured === "object" && structured !== null) {
+      return { ...structured, _openclaw_meta: openclawMeta };
+    }
+    return { result: structured, _openclaw_meta: openclawMeta };
+  } catch {
+    return {
+      text: texts.join("\n\n"),
+      media_urls: mediaUrls.length > 0 ? mediaUrls : void 0,
+      _openclaw_meta: openclawMeta
+    };
+  }
+}
 function buildPayload(config, params) {
   return {
     task: config.name,
@@ -623,7 +672,7 @@ Do NOT include explanations, markdown formatting, or code blocks.
 The JSON should contain the output fields specified in your SKILL.md.
 If you cannot complete the task, return: {"error": "reason"}`;
   try {
-    const stdout = execFileSync("openclaw", [
+    const proc = spawnSync("openclaw", [
       "agent",
       "--agent",
       config.agent_name,
@@ -632,21 +681,37 @@ If you cannot complete the task, return: {"error": "reason"}`;
       "--json",
       "--local"
     ], {
-      timeout: timeoutMs
+      timeout: timeoutMs,
+      maxBuffer: 10 * 1024 * 1024
+      // 10 MB
     });
-    const text = stdout.toString().trim();
+    if (proc.error) {
+      return { success: false, error: proc.error.message };
+    }
+    const stderrText = proc.stderr?.toString() ?? "";
+    const stdoutText = proc.stdout?.toString() ?? "";
+    const text = (stderrText || stdoutText).trim();
+    if (!text) {
+      return {
+        success: false,
+        error: `OpenClaw process channel returned empty output (exit code ${proc.status})`
+      };
+    }
+    const jsonStart = text.lastIndexOf("\n{");
+    const jsonText = jsonStart >= 0 ? text.slice(jsonStart + 1) : text;
     try {
-      const parsed = JSON.parse(text);
-      return { success: true, result: parsed };
+      const parsed = JSON.parse(jsonText);
+      const result = parseOpenClawResponse(parsed);
+      return { success: true, result };
     } catch {
       return {
         success: false,
-        error: `OpenClaw process channel returned invalid JSON: ${text}`
+        error: `OpenClaw process channel returned invalid JSON: ${jsonText.slice(0, 500)}`
       };
     }
   } catch (err) {
-    const message2 = err instanceof Error ? err.message : String(err);
-    return { success: false, error: message2 };
+    const errMsg = err instanceof Error ? err.message : String(err);
+    return { success: false, error: errMsg };
   }
 }
 async function executeTelegram(config, payload) {
@@ -714,7 +779,30 @@ var OpenClawBridge = class {
 
 // src/skills/command-executor.ts
 import { spawn } from "child_process";
+import { readFileSync, statSync } from "fs";
+import { basename, extname } from "path";
 var KILL_GRACE_MS = 5e3;
+var MAX_INLINE_FILE_BYTES = 5 * 1024 * 1024;
+var MIME_TYPES = {
+  ".mp3": "audio/mpeg",
+  ".wav": "audio/wav",
+  ".ogg": "audio/ogg",
+  ".m4a": "audio/mp4",
+  ".pdf": "application/pdf",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".webp": "image/webp",
+  ".svg": "image/svg+xml",
+  ".json": "application/json",
+  ".txt": "text/plain",
+  ".md": "text/markdown",
+  ".csv": "text/csv"
+};
+function guessMimeType(filePath) {
+  return MIME_TYPES[extname(filePath).toLowerCase()] ?? "application/octet-stream";
+}
 function shellEscape2(value) {
   return "'" + value.replace(/'/g, "'\\''") + "'";
 }
@@ -930,8 +1018,34 @@ var CommandExecutor = class {
           };
         }
       }
-      case "file":
-        return { success: true, result: { file_path: rawOutput } };
+      case "file": {
+        try {
+          const stats = statSync(rawOutput);
+          if (stats.size > MAX_INLINE_FILE_BYTES) {
+            return {
+              success: false,
+              error: `File too large for inline return: ${stats.size} bytes (max ${MAX_INLINE_FILE_BYTES})`
+            };
+          }
+          const buffer = readFileSync(rawOutput);
+          return {
+            success: true,
+            result: {
+              file: {
+                name: basename(rawOutput),
+                mime_type: guessMimeType(rawOutput),
+                size_bytes: stats.size,
+                data_base64: buffer.toString("base64")
+              },
+              // Keep file_path for backward compat (local workflows)
+              file_path: rawOutput
+            }
+          };
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          return { success: false, error: `Failed to read file "${rawOutput}": ${msg}` };
+        }
+      }
       default:
         return {
           success: false,
@@ -1060,14 +1174,14 @@ var AgentRuntime = class {
     }
     let configs = [];
     if (hasSkillsYaml) {
-      const yamlContent = readFileSync(this.skillsYamlPath, "utf8");
+      const yamlContent = readFileSync2(this.skillsYamlPath, "utf8");
       configs = parseSkillsFile(yamlContent);
     }
     const modes = /* @__PURE__ */ new Map();
     if (this.conductorEnabled) {
-      const { ConductorMode } = await import("./conductor-mode-2UFN6BUL.js");
-      const { registerConductorCard, CONDUCTOR_OWNER } = await import("./card-NKQFB3HD.js");
-      const { loadPeers } = await import("./peers-F2EWUMVQ.js");
+      const { ConductorMode } = await import("./conductor-mode-3WLLERB4.js");
+      const { registerConductorCard, CONDUCTOR_OWNER } = await import("./card-UF465O7O.js");
+      const { loadPeers } = await import("./peers-7BMU2775.js");
       registerConductorCard(this.registryDb);
       const resolveAgentUrl = (owner) => {
         const peers = loadPeers();
@@ -1401,15 +1515,16 @@ import swaggerUi from "@fastify/swagger-ui";
 import fastifyStatic from "@fastify/static";
 import fastifyWebsocket from "@fastify/websocket";
 import { join, dirname } from "path";
-import { randomUUID as randomUUID6 } from "crypto";
+import { randomUUID as randomUUID7 } from "crypto";
 import { fileURLToPath } from "url";
 import { existsSync as existsSync2 } from "fs";
 import { z as z4 } from "zod";
 
 // src/relay/websocket-relay.ts
-import { randomUUID as randomUUID4 } from "crypto";
+import { randomUUID as randomUUID5 } from "crypto";
 
 // src/relay/relay-credit.ts
+var coreConductorFee = loadCoreConfig("economics");
 function lookupCardPrice(registryDb, cardId, skillId) {
   const row = registryDb.prepare("SELECT data FROM capability_cards WHERE id = ?").get(cardId);
   if (!row) return null;
@@ -1456,8 +1571,11 @@ function settleForRelay(creditDb, escrowId, recipientOwner) {
 }
 function calculateConductorFee(totalSubTaskCost) {
   if (totalSubTaskCost <= 0) return 0;
-  const fee = Math.ceil(totalSubTaskCost * 0.1);
-  return Math.max(1, Math.min(20, fee));
+  const rate = coreConductorFee?.conductor?.sub_task_fee_rate ?? 0.1;
+  const min = coreConductorFee?.conductor?.sub_task_fee_min ?? 1;
+  const max = coreConductorFee?.conductor?.sub_task_fee_max ?? 20;
+  const fee = Math.ceil(totalSubTaskCost * rate);
+  return Math.max(min, Math.min(max, fee));
 }
 function releaseForRelay(creditDb, escrowId) {
   if (escrowId === void 0) return;
@@ -1511,7 +1629,6 @@ function processEscrowSettle(creditDb, escrowId, success, providerAgentId, signa
   if (!escrowRow) {
     throw new Error(`Escrow not found or already settled: ${escrowId}`);
   }
-  const NETWORK_FEE_RATE = 0.05;
   if (success) {
     settleEscrow(creditDb, escrowId, providerAgentId);
     const networkFee = Math.floor(escrowRow.amount * NETWORK_FEE_RATE);
@@ -1835,12 +1952,467 @@ function handleJobRelayResponse(opts) {
   }
 }
 
+// src/session/session-manager.ts
+import { randomUUID as randomUUID4 } from "crypto";
+
+// src/session/session-escrow.ts
+var SessionEscrow = class {
+  constructor(creditDb) {
+    this.creditDb = creditDb;
+  }
+  /** escrowId → { budget, spent } */
+  tracking = /* @__PURE__ */ new Map();
+  /**
+   * Hold the full session budget in escrow.
+   * @returns The escrow ID for tracking.
+   */
+  holdBudget(owner, budget, cardId) {
+    const escrowId = holdEscrow(this.creditDb, owner, budget, cardId);
+    this.tracking.set(escrowId, { budget, spent: 0 });
+    return escrowId;
+  }
+  /**
+   * Record a per-message deduction against the session budget.
+   * Does not touch the DB — tracking is in-memory until settle.
+   */
+  deductMessage(escrowId, rate) {
+    return this.deduct(escrowId, rate);
+  }
+  /**
+   * Record a per-minute deduction against the session budget.
+   */
+  deductMinute(escrowId, rate) {
+    return this.deduct(escrowId, rate);
+  }
+  /**
+   * Settle the session escrow. Pays the provider the actual cost and
+   * refunds the remainder to the requester.
+   */
+  settle(escrowId, providerOwner) {
+    const t = this.tracking.get(escrowId);
+    if (!t) {
+      settleEscrow(this.creditDb, escrowId, providerOwner);
+      return;
+    }
+    if (t.spent <= 0) {
+      releaseEscrow(this.creditDb, escrowId);
+    } else {
+      settleEscrow(this.creditDb, escrowId, providerOwner);
+    }
+    this.tracking.delete(escrowId);
+  }
+  /**
+   * Release the escrow entirely — full refund to requester.
+   */
+  refund(escrowId) {
+    releaseEscrow(this.creditDb, escrowId);
+    this.tracking.delete(escrowId);
+  }
+  /**
+   * Get remaining budget for a session escrow.
+   */
+  getRemainingBudget(escrowId) {
+    const t = this.tracking.get(escrowId);
+    if (!t) return 0;
+    return t.budget - t.spent;
+  }
+  /**
+   * Get total spent for a session escrow.
+   */
+  getSpent(escrowId) {
+    return this.tracking.get(escrowId)?.spent ?? 0;
+  }
+  /**
+   * Check if the budget is exhausted.
+   */
+  isBudgetExhausted(escrowId) {
+    return this.getRemainingBudget(escrowId) <= 0;
+  }
+  /**
+   * Calculate the cost for a single interaction based on pricing model.
+   */
+  calculateCost(pricingModel, rate, durationMinutes) {
+    switch (pricingModel) {
+      case "per_message":
+        return rate;
+      case "per_minute":
+        return Math.ceil(durationMinutes ?? 1) * rate;
+      case "per_session":
+        return rate;
+    }
+  }
+  deduct(escrowId, amount) {
+    const t = this.tracking.get(escrowId);
+    if (!t) {
+      throw new Error(`No session escrow tracking for ${escrowId}`);
+    }
+    t.spent += amount;
+    return { spent: t.spent, remaining: t.budget - t.spent };
+  }
+};
+
+// src/session/session-manager.ts
+var SessionManager = class {
+  sessions = /* @__PURE__ */ new Map();
+  idleTimers = /* @__PURE__ */ new Map();
+  durationTimers = /* @__PURE__ */ new Map();
+  escrow;
+  config;
+  sendToAgent;
+  registryDb;
+  /** Maps agent connection key → set of session IDs they participate in. */
+  agentSessions = /* @__PURE__ */ new Map();
+  constructor(opts) {
+    this.escrow = new SessionEscrow(opts.creditDb);
+    this.config = opts.config ?? loadSessionConfig();
+    this.sendToAgent = opts.sendToAgent;
+    this.registryDb = opts.registryDb ?? null;
+  }
+  /**
+   * Open a new session between requester and provider.
+   */
+  openSession(msg, requesterKey) {
+    const requesterSessions = this.agentSessions.get(requesterKey);
+    if (requesterSessions && requesterSessions.size >= this.config.abuse.max_concurrent_sessions_per_agent) {
+      this.sendToAgent(requesterKey, {
+        type: "session_error",
+        session_id: msg.session_id,
+        code: "MAX_CONCURRENT_SESSIONS",
+        message: `Maximum concurrent sessions (${this.config.abuse.max_concurrent_sessions_per_agent}) reached`
+      });
+      throw new Error("Max concurrent sessions reached");
+    }
+    const escrowId = this.escrow.holdBudget(msg.requester_id, msg.budget, msg.card_id);
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const session = {
+      id: msg.session_id,
+      requester_id: msg.requester_id,
+      provider_id: msg.provider_id,
+      skill_id: msg.skill_id,
+      card_id: msg.card_id,
+      status: "open",
+      escrow_id: escrowId,
+      budget: msg.budget,
+      spent: 0,
+      pricing_model: msg.pricing_model,
+      messages: [],
+      created_at: now,
+      updated_at: now
+    };
+    this.sessions.set(session.id, session);
+    this.trackAgentSession(requesterKey, session.id);
+    this.trackAgentSession(msg.provider_id, session.id);
+    this.sendToAgent(requesterKey, {
+      type: "session_ack",
+      session_id: session.id,
+      escrow_id: escrowId,
+      status: "open"
+    });
+    const initialMsg = this.createMessage(session.id, "requester", msg.initial_message);
+    session.messages.push(initialMsg);
+    session.status = "active";
+    session.updated_at = (/* @__PURE__ */ new Date()).toISOString();
+    this.sendToAgent(msg.provider_id, {
+      type: "session_message",
+      session_id: session.id,
+      sender: "requester",
+      content: msg.initial_message
+    });
+    if (session.pricing_model === "per_session") {
+      const cost = this.config.pricing.per_session_flat_rate;
+      this.escrow.deductMessage(escrowId, cost);
+      session.spent = cost;
+    }
+    this.resetIdleTimer(session.id);
+    this.startDurationTimer(session.id);
+    this.emitEvent({
+      event_type: "session.opened",
+      skill_id: session.skill_id,
+      session_id: session.id,
+      requester: session.requester_id,
+      credits: session.budget,
+      duration_ms: 0,
+      metadata: { engine: "session", pricing_model: session.pricing_model }
+    });
+    return session;
+  }
+  /**
+   * Route a message within an active session.
+   */
+  routeMessage(msg, senderKey) {
+    const session = this.sessions.get(msg.session_id);
+    if (!session) {
+      this.sendToAgent(senderKey, {
+        type: "session_error",
+        session_id: msg.session_id,
+        code: "SESSION_NOT_FOUND",
+        message: "Session not found"
+      });
+      return;
+    }
+    if (session.status !== "active") {
+      this.sendToAgent(senderKey, {
+        type: "session_error",
+        session_id: msg.session_id,
+        code: "SESSION_NOT_ACTIVE",
+        message: `Session is ${session.status}, not active`
+      });
+      return;
+    }
+    if (session.messages.length >= this.config.pricing.max_messages_per_session) {
+      this.endSessionInternal(session, "budget_exhausted");
+      return;
+    }
+    if (session.pricing_model === "per_message" && msg.sender === "provider") {
+      const rate = this.config.pricing.per_message_base_rate;
+      const { remaining } = this.escrow.deductMessage(session.escrow_id, rate);
+      session.spent += rate;
+      if (remaining <= 0) {
+        const record2 = this.createMessage(session.id, msg.sender, msg.content, msg.metadata);
+        session.messages.push(record2);
+        session.updated_at = (/* @__PURE__ */ new Date()).toISOString();
+        const targetKey2 = this.getCounterpartyKey(session, msg.sender);
+        this.sendToAgent(targetKey2, {
+          type: "session_message",
+          session_id: session.id,
+          sender: msg.sender,
+          content: msg.content,
+          metadata: msg.metadata
+        });
+        this.endSessionInternal(session, "budget_exhausted");
+        return;
+      }
+    }
+    const record = this.createMessage(session.id, msg.sender, msg.content, msg.metadata);
+    session.messages.push(record);
+    session.updated_at = (/* @__PURE__ */ new Date()).toISOString();
+    const targetKey = this.getCounterpartyKey(session, msg.sender);
+    this.sendToAgent(targetKey, {
+      type: "session_message",
+      session_id: session.id,
+      sender: msg.sender,
+      content: msg.content,
+      metadata: msg.metadata
+    });
+    this.emitEvent({
+      event_type: "session.message",
+      skill_id: session.skill_id,
+      session_id: session.id,
+      requester: session.requester_id,
+      credits: session.spent,
+      duration_ms: Date.now() - new Date(session.created_at).getTime(),
+      metadata: { message_count: session.messages.length, running_cost: session.spent, sender: msg.sender }
+    });
+    this.resetIdleTimer(session.id);
+  }
+  /**
+   * End a session at the request of either party.
+   */
+  endSession(msg, _senderKey) {
+    const session = this.sessions.get(msg.session_id);
+    if (!session) return;
+    if (session.status === "settled" || session.status === "closed") return;
+    this.endSessionInternal(session, msg.reason);
+  }
+  /**
+   * Handle agent disconnection — end all their active sessions.
+   */
+  handleDisconnect(agentKey) {
+    const sessionIds = this.agentSessions.get(agentKey);
+    if (!sessionIds) return;
+    for (const sessionId of sessionIds) {
+      const session = this.sessions.get(sessionId);
+      if (session && session.status !== "settled" && session.status !== "closed") {
+        this.endSessionInternal(session, "error");
+      }
+    }
+  }
+  /** Get a session by ID. */
+  getSession(sessionId) {
+    return this.sessions.get(sessionId);
+  }
+  /** List sessions, optionally filtered by agent. */
+  listSessions(agentId) {
+    if (!agentId) return Array.from(this.sessions.values());
+    return Array.from(this.sessions.values()).filter(
+      (s) => s.requester_id === agentId || s.provider_id === agentId
+    );
+  }
+  /** Clean up all timers (for graceful shutdown). */
+  shutdown() {
+    for (const timer of this.idleTimers.values()) clearTimeout(timer);
+    for (const timer of this.durationTimers.values()) clearTimeout(timer);
+    this.idleTimers.clear();
+    this.durationTimers.clear();
+  }
+  // -------------------------------------------------------------------------
+  // Event emission
+  // -------------------------------------------------------------------------
+  /** Emit a provider event + Telegram notification. Silently no-ops on failure. */
+  emitEvent(event) {
+    if (!this.registryDb) return;
+    try {
+      const emitted = emitProviderEvent(this.registryDb, event);
+      notifyProviderEvent(emitted).catch(() => {
+      });
+    } catch {
+    }
+  }
+  // -------------------------------------------------------------------------
+  // Internal helpers
+  // -------------------------------------------------------------------------
+  endSessionInternal(session, reason) {
+    session.status = "closing";
+    session.end_reason = reason;
+    session.ended_at = (/* @__PURE__ */ new Date()).toISOString();
+    this.clearTimers(session.id);
+    if (session.spent > 0) {
+      this.escrow.settle(session.escrow_id, session.provider_id);
+    } else {
+      this.escrow.refund(session.escrow_id);
+    }
+    const durationMs = Date.now() - new Date(session.created_at).getTime();
+    const settledMsg = {
+      type: "session_settled",
+      session_id: session.id,
+      total_cost: session.spent,
+      messages_count: session.messages.length,
+      duration_seconds: Math.round(durationMs / 1e3),
+      refunded: session.budget - session.spent
+    };
+    session.status = "settled";
+    session.updated_at = (/* @__PURE__ */ new Date()).toISOString();
+    const isFailed = reason === "error";
+    const eventMetadata = {
+      total_messages: session.messages.length,
+      reason,
+      refunded: session.budget - session.spent
+    };
+    if (isFailed) {
+      eventMetadata["last_messages"] = session.messages.slice(-3).map((m) => ({
+        sender: m.sender,
+        content: m.content.slice(0, 200)
+      }));
+    }
+    this.emitEvent({
+      event_type: isFailed ? "session.failed" : "session.ended",
+      skill_id: session.skill_id,
+      session_id: session.id,
+      requester: session.requester_id,
+      credits: session.spent,
+      duration_ms: durationMs,
+      metadata: eventMetadata
+    });
+    this.sendToAgent(session.requester_id, settledMsg);
+    this.sendToAgent(session.provider_id, settledMsg);
+    session.status = "closed";
+    this.untrackAgentSession(session.requester_id, session.id);
+    this.untrackAgentSession(session.provider_id, session.id);
+  }
+  resetIdleTimer(sessionId) {
+    const existing = this.idleTimers.get(sessionId);
+    if (existing) clearTimeout(existing);
+    const timer = setTimeout(() => {
+      const session = this.sessions.get(sessionId);
+      if (session && session.status === "active") {
+        this.endSessionInternal(session, "timeout");
+      }
+    }, this.config.timeouts.idle_timeout_ms);
+    this.idleTimers.set(sessionId, timer);
+  }
+  startDurationTimer(sessionId) {
+    const timer = setTimeout(() => {
+      const session = this.sessions.get(sessionId);
+      if (session && session.status !== "settled" && session.status !== "closed") {
+        this.endSessionInternal(session, "timeout");
+      }
+    }, this.config.timeouts.max_session_duration_ms);
+    this.durationTimers.set(sessionId, timer);
+  }
+  clearTimers(sessionId) {
+    const idle = this.idleTimers.get(sessionId);
+    if (idle) {
+      clearTimeout(idle);
+      this.idleTimers.delete(sessionId);
+    }
+    const dur = this.durationTimers.get(sessionId);
+    if (dur) {
+      clearTimeout(dur);
+      this.durationTimers.delete(sessionId);
+    }
+  }
+  createMessage(sessionId, sender, content, metadata) {
+    return {
+      id: randomUUID4(),
+      session_id: sessionId,
+      sender,
+      content,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      metadata
+    };
+  }
+  getCounterpartyKey(session, sender) {
+    return sender === "requester" ? session.provider_id : session.requester_id;
+  }
+  trackAgentSession(agentKey, sessionId) {
+    let set = this.agentSessions.get(agentKey);
+    if (!set) {
+      set = /* @__PURE__ */ new Set();
+      this.agentSessions.set(agentKey, set);
+    }
+    set.add(sessionId);
+  }
+  untrackAgentSession(agentKey, sessionId) {
+    const set = this.agentSessions.get(agentKey);
+    if (set) {
+      set.delete(sessionId);
+      if (set.size === 0) this.agentSessions.delete(agentKey);
+    }
+  }
+};
+
+// src/session/session-relay.ts
+function attachSessionHandler(opts) {
+  const { sessionManager } = opts;
+  return {
+    handleSessionMessage(msg, senderKey) {
+      if (!SESSION_MESSAGE_TYPES.has(msg.type)) return false;
+      switch (msg.type) {
+        case "session_open": {
+          const parsed = SessionOpenMessageSchema.parse(msg);
+          sessionManager.openSession(parsed, senderKey);
+          return true;
+        }
+        case "session_message": {
+          const parsed = SessionMessageMessageSchema.parse(msg);
+          sessionManager.routeMessage(parsed, senderKey);
+          return true;
+        }
+        case "session_end": {
+          const parsed = SessionEndMessageSchema.parse(msg);
+          sessionManager.endSession(parsed, senderKey);
+          return true;
+        }
+        // session_ack, session_settled, session_error are relay→agent only
+        // They should not arrive from agents, but we silently absorb them
+        case "session_ack":
+        case "session_settled":
+        case "session_error":
+          return true;
+        default:
+          return false;
+      }
+    }
+  };
+}
+
 // src/relay/websocket-relay.ts
-var RATE_LIMIT_MAX = 60;
-var RATE_LIMIT_WINDOW_MS = 6e4;
-var RELAY_IDLE_TIMEOUT_MS = 3e4;
-var RELAY_HARD_TIMEOUT_MS = 3e5;
-var RELAY_DISCONNECT_GRACE_MS = RELAY_HARD_TIMEOUT_MS + 3e4;
+var coreRelay = loadCoreConfig("relay");
+var RATE_LIMIT_MAX = coreRelay?.rate_limit_max ?? 60;
+var RATE_LIMIT_WINDOW_MS = coreRelay?.rate_limit_window_ms ?? 6e4;
+var RELAY_IDLE_TIMEOUT_MS = coreRelay?.relay_idle_timeout_ms ?? 3e4;
+var RELAY_HARD_TIMEOUT_MS = coreRelay?.relay_hard_timeout_ms ?? 3e5;
+var RELAY_DISCONNECT_GRACE_MS = coreRelay?.relay_disconnect_grace_ms ?? RELAY_HARD_TIMEOUT_MS + 3e4;
 function readTimeoutOverride(envKey, fallbackMs) {
   const raw = process.env[envKey];
   if (!raw) return fallbackMs;
@@ -2071,7 +2643,7 @@ function registerWebSocketRelay(server, db, creditDb) {
   function logAgentJoined(owner, cardName, cardId) {
     try {
       insertRequestLog(db, {
-        id: randomUUID4(),
+        id: randomUUID5(),
         card_id: cardId,
         card_name: cardName,
         requester: owner,
@@ -2089,6 +2661,19 @@ function registerWebSocketRelay(server, db, creditDb) {
       ws.send(JSON.stringify(msg));
     }
   }
+  function sendToAgentByKey(agentKey, msg) {
+    const connKey = resolveConnectionKey(agentKey);
+    const ws = connKey ? connections.get(connKey) : void 0;
+    if (ws && ws.readyState === 1) {
+      ws.send(JSON.stringify(msg));
+    }
+  }
+  const sessionManager = creditDb ? new SessionManager({
+    creditDb,
+    sendToAgent: sendToAgentByKey,
+    isAgentOnline: (key) => !!resolveConnectionKey(key)
+  }) : void 0;
+  const sessionHandler = sessionManager ? attachSessionHandler({ sessionManager }) : void 0;
   function handleRegister(ws, msg) {
     const { owner, card } = msg;
     const existing = connections.get(owner);
@@ -2308,6 +2893,9 @@ function registerWebSocketRelay(server, db, creditDb) {
       }
     }
     markOwnerOffline(owner);
+    if (sessionManager) {
+      sessionManager.handleDisconnect(owner);
+    }
     for (const [reqId, pending] of pendingRequests) {
       if (pending.targetOwner === owner) {
         clearPendingTimers(pending);
@@ -2502,6 +3090,13 @@ function registerWebSocketRelay(server, db, creditDb) {
               handleBalanceSync(socket, msg);
               break;
             default:
+              if (sessionHandler && registeredOwner) {
+                const handled = sessionHandler.handleSessionMessage(
+                  msg,
+                  registeredOwner
+                );
+                if (handled) break;
+              }
               break;
           }
         })();
@@ -2536,6 +3131,7 @@ function registerWebSocketRelay(server, db, creditDb) {
       pendingRequests.clear();
       rateLimits.clear();
       agentCapacities.clear();
+      if (sessionManager) sessionManager.shutdown();
     },
     setOnAgentOnline: (cb) => {
       onAgentOnlineCallback = cb;
@@ -2552,7 +3148,7 @@ function registerWebSocketRelay(server, db, creditDb) {
 
 // src/identity/guarantor.ts
 import { z } from "zod";
-import { randomUUID as randomUUID5 } from "crypto";
+import { randomUUID as randomUUID6 } from "crypto";
 var MAX_AGENTS_PER_GUARANTOR = 10;
 var GUARANTOR_CREDIT_POOL = 50;
 var GuarantorRecordSchema = z.object({
@@ -2591,7 +3187,7 @@ function registerGuarantor(db, githubLogin) {
     );
   }
   const record = {
-    id: randomUUID5(),
+    id: randomUUID6(),
     github_login: githubLogin,
     agent_count: 0,
     credit_pool: GUARANTOR_CREDIT_POOL,
@@ -2665,7 +3261,7 @@ function getAgentGuarantor(db, agentId) {
 function initiateGithubAuth() {
   return {
     auth_url: "https://github.com/login/oauth/authorize?client_id=PLACEHOLDER&scope=read:user",
-    state: randomUUID5()
+    state: randomUUID6()
   };
 }
 
@@ -4954,14 +5550,14 @@ function createRegistryServer(opts) {
               return { card_id: target.cardId, skill_id: target.skillId };
             }
             if (!relayClient) {
-              const { RelayClient } = await import("./websocket-client-5CRE36Z5.js");
+              const { RelayClient } = await import("./websocket-client-FCPZOE4S.js");
               relayClient = new RelayClient({
                 registryUrl: relayRegistryUrl,
                 owner: relayRequesterOwner,
                 token: "batch-token",
                 card: {
                   spec_version: "1.0",
-                  id: randomUUID6(),
+                  id: randomUUID7(),
                   owner: relayRequesterOwner,
                   name: relayRequesterOwner,
                   description: "Batch requester",
@@ -4976,7 +5572,7 @@ function createRegistryServer(opts) {
               });
               await relayClient.connect();
             }
-            const { requestViaRelay } = await import("./client-YB3IYO3S.js");
+            const { requestViaRelay } = await import("./client-XOSXFC7Q.js");
             return requestViaRelay(relayClient, {
               targetOwner: target.owner,
               cardId: target.cardId,
@@ -5204,6 +5800,62 @@ function createRegistryServer(opts) {
           const items = await ledger.getHistory(ownerName, limit);
           return reply.send({ items, limit });
         });
+        ownerRoutes.get("/me/events", {
+          schema: {
+            tags: ["owner"],
+            summary: "Provider event stream",
+            security: [{ bearerAuth: [] }],
+            querystring: {
+              type: "object",
+              properties: {
+                limit: { type: "integer", description: "Max entries (default 50)" },
+                since: { type: "string", description: "ISO timestamp for cursor-based polling" },
+                event_type: { type: "string", description: "Filter by event type" }
+              }
+            }
+          }
+        }, async (request, reply) => {
+          const { getProviderEvents: getEvents } = await import("./provider-events-GTTJPYHS.js");
+          const query = request.query;
+          const limit = query.limit ? parseInt(query.limit, 10) : void 0;
+          const events = getEvents(db, {
+            limit,
+            since: query.since,
+            event_type: query.event_type
+          });
+          return reply.send({ events });
+        });
+        ownerRoutes.get("/me/stats", {
+          schema: {
+            tags: ["owner"],
+            summary: "Aggregated provider stats",
+            security: [{ bearerAuth: [] }],
+            querystring: {
+              type: "object",
+              properties: { period: { type: "string", enum: ["24h", "7d", "30d"] } }
+            }
+          }
+        }, async (request, reply) => {
+          const { getProviderStats: getStats } = await import("./provider-events-GTTJPYHS.js");
+          const query = request.query;
+          const period = query.period ?? "7d";
+          const stats = getStats(db, period);
+          if (opts.creditDb) {
+            const periodMs = { "24h": 864e5, "7d": 6048e5, "30d": 2592e6 }[period];
+            const cutoff = new Date(Date.now() - periodMs).toISOString();
+            try {
+              const row = opts.creditDb.prepare(`
+              SELECT COALESCE(SUM(CASE WHEN amount < 0 AND reason IN ('escrow_hold', 'voucher_hold', 'network_fee') THEN -amount ELSE 0 END), 0) as spent
+              FROM credit_transactions
+              WHERE owner = ? AND created_at >= ?
+            `).get(ownerName, cutoff);
+              stats.total_spending = row?.spent ?? 0;
+              stats.net_pnl = stats.total_earnings - stats.total_spending;
+            } catch {
+            }
+          }
+          return reply.send(stats);
+        });
       });
     }
     api.get("/api/providers/:owner/reliability", {
@@ -5232,7 +5884,7 @@ function createRegistryServer(opts) {
       if (!opts.creditDb) {
         return reply.code(404).send({ error: "Credit system not enabled" });
       }
-      const { getReliabilityMetrics } = await import("./reliability-metrics-KKUFFVB6.js");
+      const { getReliabilityMetrics } = await import("./reliability-metrics-MIJ3TJWL.js");
       const metrics = getReliabilityMetrics(opts.creditDb, owner);
       if (!metrics) {
         return reply.code(404).send({ error: "No reliability data for this provider" });
@@ -5288,7 +5940,7 @@ function createRegistryServer(opts) {
           }
           let reliability = null;
           if (opts.creditDb) {
-            const { getReliabilityMetrics } = await import("./reliability-metrics-KKUFFVB6.js");
+            const { getReliabilityMetrics } = await import("./reliability-metrics-MIJ3TJWL.js");
             reliability = getReliabilityMetrics(opts.creditDb, providerIdentity);
           }
           agents.push({
@@ -5408,13 +6060,13 @@ var IdleMonitor = class {
 
 // src/runtime/service-coordinator.ts
 import { spawn as spawn2 } from "child_process";
-import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
+import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
 import { join as join2 } from "path";
-import { randomUUID as randomUUID7 } from "crypto";
+import { randomUUID as randomUUID8 } from "crypto";
 import { Cron as Cron2 } from "croner";
 function buildFallbackRelayCard(owner) {
   return {
-    id: randomUUID7(),
+    id: randomUUID8(),
     owner,
     name: owner,
     description: "Agent registered via CLI",
@@ -5583,7 +6235,7 @@ var ServiceCoordinator = class {
       console.log("Conductor mode enabled \u2014 orchestrate/plan skills available via gateway");
     }
     if (opts.conductorEnabled && this.config.conductor?.public) {
-      const { buildConductorCard } = await import("./card-NKQFB3HD.js");
+      const { buildConductorCard } = await import("./card-UF465O7O.js");
       const conductorCard = attachCanonicalAgentId(
         this.runtime.registryDb,
         buildConductorCard(this.config.owner)
@@ -5659,8 +6311,8 @@ var ServiceCoordinator = class {
       }
     }
     if (opts.registryUrl && opts.relay) {
-      const { RelayClient } = await import("./websocket-client-5CRE36Z5.js");
-      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("./execute-2Z3XIUHR.js");
+      const { RelayClient } = await import("./websocket-client-FCPZOE4S.js");
+      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("./execute-UFMGTXET.js");
       const localCards = listCards(this.runtime.registryDb, this.config.owner);
       const { primaryCard, additionalCards } = buildRelayRegistrationCards(this.config.owner, localCards);
       if (this.config.conductor?.public) {
@@ -5921,7 +6573,7 @@ function loadPersistedRuntime(configDir) {
   const runtimePath = join2(configDir, "runtime.json");
   if (!existsSync3(runtimePath)) return null;
   try {
-    const raw = readFileSync2(runtimePath, "utf8");
+    const raw = readFileSync3(runtimePath, "utf8");
     const parsed = JSON.parse(raw);
     const nodeExec = parsed["node_exec"];
     if (typeof nodeExec !== "string" || nodeExec.trim().length === 0) {