npm - agentbnb - Versions diffs - 9.1.1 → 9.2.0 - Mend

agentbnb 9.1.1 → 9.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/dist/{service-coordinator-FB44QL7L.js → service-coordinator-ZOZTW2U6.js} RENAMED Viewed

@@ -1,3 +1,8 @@
+import {
+  executeCapabilityBatch,
+  executeCapabilityRequest,
+  notifyProviderEvent
+} from "./chunk-53Q2HHHH.js";
 import {
   StructuredFeedbackSchema
 } from "./chunk-AUBHR7HH.js";
@@ -12,15 +17,13 @@ import {
 import {
   interpolateObject
 } from "./chunk-3MJT4PZG.js";
-import {
-  executeCapabilityBatch,
-  executeCapabilityRequest,
-  notifyProviderEvent
-} from "./chunk-RVOZHVM7.js";
 import {
   announceGateway,
   stopAnnouncement
 } from "./chunk-TA73FIZU.js";
+import {
+  syncCreditsFromRegistry
+} from "./chunk-KKFP5Y2Z.js";
 import {
   resolveSelfCli
 } from "./chunk-7S4ZLFVI.js";
@@ -29,34 +32,32 @@ import {
   buildDraftCard,
   detectApiKeys,
   getPricingStats
-} from "./chunk-G4TF4LB4.js";
+} from "./chunk-UPWAXWY2.js";
+import {
+  createLedger,
+  identityAuthPlugin,
+  tryVerifyIdentity
+} from "./chunk-Z7XWQ63B.js";
+import {
+  deriveAgentId
+} from "./chunk-AA25Z6FW.js";
 import {
   listPendingRequests,
   resolvePendingRequest
 } from "./chunk-5PV5YCSN.js";
+import "./chunk-FK54LVDR.js";
+import "./chunk-ELFGYC22.js";
 import {
   DEFAULT_AUTONOMY_CONFIG,
   getAutonomyTier,
   insertAuditEvent
 } from "./chunk-G5WKW3ED.js";
-import {
-  syncCreditsFromRegistry
-} from "./chunk-ZYOMPJGG.js";
-import {
-  createLedger,
-  identityAuthPlugin
-} from "./chunk-LENX5NUW.js";
-import {
-  deriveAgentId
-} from "./chunk-5CC6O6SO.js";
-import "./chunk-O44N3KR7.js";
-import "./chunk-ELFGYC22.js";
 import {
   buildReputationMap,
   computeReputation,
   filterCards,
   searchCards
-} from "./chunk-I4E5ERDN.js";
+} from "./chunk-EC6DIVE5.js";
 import {
   NETWORK_FEE_RATE,
   bootstrapAgent,
@@ -87,7 +88,10 @@ import {
   updateCard,
   updateSkillAvailability,
   updateSkillIdleRate
-} from "./chunk-7VZ4M4CT.js";
+} from "./chunk-C56X7EFJ.js";
+import {
+  emitProviderEvent
+} from "./chunk-GZUTU6IZ.js";
 import {
   RelayMessageSchema,
   SESSION_MESSAGE_TYPES,
@@ -102,7 +106,7 @@ import {
 import {
   generateKeyPair,
   verifyEscrowReceipt
-} from "./chunk-YNBZLXYS.js";
+} from "./chunk-65GNX2KC.js";
 import "./chunk-YDGXKH2T.js";
 import "./chunk-J4RFJVXI.js";
 import {
@@ -118,9 +122,6 @@ import {
   getSkillRequestCount,
   insertRequestLog
 } from "./chunk-4XTYT4JW.js";
-import {
-  emitProviderEvent
-} from "./chunk-GZUTU6IZ.js";
 import "./chunk-3RG5ZIWI.js";
 // src/runtime/agent-runtime.ts
@@ -1179,8 +1180,8 @@ var AgentRuntime = class {
     }
     const modes = /* @__PURE__ */ new Map();
     if (this.conductorEnabled) {
-      const { ConductorMode } = await import("./conductor-mode-3WLLERB4.js");
-      const { registerConductorCard, CONDUCTOR_OWNER } = await import("./card-UF465O7O.js");
+      const { ConductorMode } = await import("./conductor-mode-PFO2VLH6.js");
+      const { registerConductorCard, CONDUCTOR_OWNER } = await import("./card-VVXNKHDX.js");
       const { loadPeers } = await import("./peers-7BMU2775.js");
       registerConductorCard(this.registryDb);
       const resolveAgentUrl = (owner) => {
@@ -3265,6 +3266,75 @@ function initiateGithubAuth() {
   };
 }
+// src/registry/hub-identities.ts
+import { randomBytes as randomBytes2, createHash } from "crypto";
+var HUB_IDENTITIES_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS hub_identities (
+    email TEXT PRIMARY KEY,
+    agent_id TEXT NOT NULL UNIQUE,
+    public_key TEXT NOT NULL,
+    encrypted_private_key TEXT NOT NULL,
+    kdf_salt TEXT NOT NULL,
+    display_name TEXT NOT NULL,
+    created_at TEXT NOT NULL
+  );
+  CREATE INDEX IF NOT EXISTS idx_hub_identities_agent_id
+    ON hub_identities(agent_id);
+`;
+var CHALLENGES_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS hub_challenges (
+    challenge TEXT PRIMARY KEY,
+    expires_at TEXT NOT NULL,
+    consumed_at TEXT
+  );
+`;
+function ensureHubIdentitiesTables(db) {
+  db.exec(HUB_IDENTITIES_SCHEMA);
+  db.exec(CHALLENGES_SCHEMA);
+}
+function deriveAgentId2(publicKeyHex) {
+  const hash = createHash("sha256").update(publicKeyHex, "hex").digest("hex");
+  return `agent-${hash.slice(0, 16)}`;
+}
+var CHALLENGE_TTL_MS = 10 * 60 * 1e3;
+function createChallenge(db) {
+  const challenge = randomBytes2(32).toString("hex");
+  const expires_at = new Date(Date.now() + CHALLENGE_TTL_MS).toISOString();
+  db.prepare("INSERT INTO hub_challenges (challenge, expires_at) VALUES (?, ?)").run(challenge, expires_at);
+  return { challenge, expires_at };
+}
+function consumeChallenge(db, challenge) {
+  const row = db.prepare("SELECT expires_at, consumed_at FROM hub_challenges WHERE challenge = ?").get(challenge);
+  if (!row) return false;
+  if (row.consumed_at) return false;
+  if (new Date(row.expires_at).getTime() < Date.now()) return false;
+  const consumed_at = (/* @__PURE__ */ new Date()).toISOString();
+  db.prepare("UPDATE hub_challenges SET consumed_at = ? WHERE challenge = ?").run(consumed_at, challenge);
+  return true;
+}
+function pruneChallenges(db) {
+  const cutoff = new Date(Date.now() - 24 * 60 * 60 * 1e3).toISOString();
+  db.prepare("DELETE FROM hub_challenges WHERE expires_at < ? OR consumed_at IS NOT NULL").run(cutoff);
+}
+function registerHubIdentity(db, input) {
+  const agent_id = deriveAgentId2(input.public_key);
+  const created_at = (/* @__PURE__ */ new Date()).toISOString();
+  db.prepare(`
+    INSERT INTO hub_identities (email, agent_id, public_key, encrypted_private_key, kdf_salt, display_name, created_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+  `).run(input.email, agent_id, input.public_key, input.encrypted_private_key, input.kdf_salt, input.display_name, created_at);
+  return { ...input, agent_id, created_at };
+}
+function getHubIdentityByEmail(db, email) {
+  const row = db.prepare("SELECT * FROM hub_identities WHERE email = ?").get(email);
+  return row ?? null;
+}
+function getHubIdentityByAgentId(db, agent_id) {
+  const row = db.prepare("SELECT * FROM hub_identities WHERE agent_id = ?").get(agent_id);
+  return row ?? null;
+}
 // src/registry/free-tier.ts
 function initFreeTierTable(db) {
   db.exec(`
@@ -5273,6 +5343,121 @@ function createRegistryServer(opts) {
         throw err;
       }
     });
+    ensureHubIdentitiesTables(db);
+    try {
+      pruneChallenges(db);
+    } catch {
+    }
+    api.get("/api/agents/challenge", {
+      schema: {
+        tags: ["hub-auth"],
+        summary: "Get a registration challenge",
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              challenge: { type: "string" },
+              expires_at: { type: "string" }
+            }
+          }
+        }
+      }
+    }, async (_request, reply) => {
+      const { challenge, expires_at } = createChallenge(db);
+      return reply.send({ challenge, expires_at });
+    });
+    api.post("/api/agents/register", {
+      schema: {
+        tags: ["hub-auth"],
+        summary: "Register a new Hub-managed agent identity",
+        body: {
+          type: "object",
+          required: ["email", "public_key", "encrypted_private_key", "kdf_salt", "display_name", "challenge", "signature"],
+          properties: {
+            email: { type: "string", format: "email" },
+            public_key: { type: "string" },
+            encrypted_private_key: { type: "string" },
+            kdf_salt: { type: "string" },
+            display_name: { type: "string" },
+            challenge: { type: "string" },
+            signature: { type: "string" }
+          }
+        },
+        response: {
+          201: { type: "object", additionalProperties: true },
+          400: { type: "object", properties: { error: { type: "string" } } },
+          409: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      if (!consumeChallenge(db, body.challenge)) {
+        return reply.code(400).send({ error: "Invalid or expired challenge" });
+      }
+      if (!/^[0-9a-fA-F]+$/.test(body.public_key) || body.public_key.length % 2 !== 0) {
+        return reply.code(400).send({ error: "Invalid public_key format" });
+      }
+      try {
+        const { verifyEscrowReceipt: verifyEscrowReceipt2 } = await import("./signing-AQTKYJDB.js");
+        const publicKeyBuffer = Buffer.from(body.public_key, "hex");
+        const valid = verifyEscrowReceipt2({ challenge: body.challenge }, body.signature, publicKeyBuffer);
+        if (!valid) {
+          return reply.code(400).send({ error: "Invalid signature" });
+        }
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return reply.code(400).send({ error: `Signature verification failed: ${msg}` });
+      }
+      const existing = getHubIdentityByEmail(db, body.email.toLowerCase());
+      if (existing) {
+        return reply.code(409).send({ error: "Email already registered" });
+      }
+      const agent_id = deriveAgentId2(body.public_key);
+      const existingByAgentId = getHubIdentityByAgentId(db, agent_id);
+      if (existingByAgentId) {
+        return reply.code(409).send({ error: "Agent already registered" });
+      }
+      const identity = registerHubIdentity(db, {
+        email: body.email.toLowerCase(),
+        public_key: body.public_key,
+        encrypted_private_key: body.encrypted_private_key,
+        kdf_salt: body.kdf_salt,
+        display_name: body.display_name
+      });
+      return reply.code(201).send({
+        agent_id: identity.agent_id,
+        did: `did:agentbnb:${identity.agent_id}`,
+        created_at: identity.created_at
+      });
+    });
+    api.post("/api/agents/login", {
+      schema: {
+        tags: ["hub-auth"],
+        summary: "Fetch encrypted identity blob for login",
+        body: {
+          type: "object",
+          required: ["email"],
+          properties: { email: { type: "string", format: "email" } }
+        },
+        response: {
+          200: { type: "object", additionalProperties: true },
+          404: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const identity = getHubIdentityByEmail(db, body.email.toLowerCase());
+      if (!identity) {
+        return reply.code(404).send({ error: "Identity not found" });
+      }
+      return reply.send({
+        agent_id: identity.agent_id,
+        public_key: identity.public_key,
+        encrypted_private_key: identity.encrypted_private_key,
+        kdf_salt: identity.kdf_salt,
+        display_name: identity.display_name
+      });
+    });
     api.post("/api/identity/link", {
       schema: {
         tags: ["identity"],
@@ -5572,7 +5757,7 @@ function createRegistryServer(opts) {
               });
               await relayClient.connect();
             }
-            const { requestViaRelay } = await import("./client-XOSXFC7Q.js");
+            const { requestViaRelay } = await import("./client-KL67WZVJ.js");
             return requestViaRelay(relayClient, {
               targetOwner: target.owner,
               cardId: target.cardId,
@@ -5591,12 +5776,24 @@ function createRegistryServer(opts) {
       const ownerApiKey = opts.ownerApiKey;
       const ownerName = opts.ownerName;
       void api.register(async (ownerRoutes) => {
-        ownerRoutes.addHook("onRequest", async (request, reply) => {
+        ownerRoutes.addHook("preHandler", async (request, reply) => {
           const auth = request.headers.authorization;
           const token = auth?.startsWith("Bearer ") ? auth.slice(7).trim() : null;
-          if (!token || token !== ownerApiKey) {
-            return reply.status(401).send({ error: "Unauthorized" });
+          if (token === ownerApiKey) {
+            request.agentId = ownerName;
+            return;
+          }
+          const didResult = await tryVerifyIdentity(request, {});
+          if (didResult.valid) {
+            const hubIdentity = getHubIdentityByAgentId(db, didResult.agentId);
+            if (!hubIdentity) {
+              return reply.status(401).send({ error: "Agent not registered on this Hub" });
+            }
+            request.agentId = didResult.agentId;
+            request.agentPublicKey = didResult.publicKey;
+            return;
           }
+          return reply.status(401).send({ error: "Unauthorized" });
         });
         ownerRoutes.get("/me", {
           schema: {
@@ -5607,13 +5804,14 @@ function createRegistryServer(opts) {
               200: { type: "object", properties: { owner: { type: "string" }, balance: { type: "number" } } }
             }
           }
-        }, async (_request, reply) => {
+        }, async (request, reply) => {
+          const identity = request.agentId ?? ownerName;
           let balance = 0;
           if (opts.creditDb) {
             const ledger = createLedger({ db: opts.creditDb });
-            balance = await ledger.getBalance(ownerName);
+            balance = await ledger.getBalance(identity);
           }
-          return reply.send({ owner: ownerName, balance });
+          return reply.send({ owner: identity, balance });
         });
         ownerRoutes.get("/requests", {
           schema: {
@@ -6235,7 +6433,7 @@ var ServiceCoordinator = class {
       console.log("Conductor mode enabled \u2014 orchestrate/plan skills available via gateway");
     }
     if (opts.conductorEnabled && this.config.conductor?.public) {
-      const { buildConductorCard } = await import("./card-UF465O7O.js");
+      const { buildConductorCard } = await import("./card-VVXNKHDX.js");
       const conductorCard = attachCanonicalAgentId(
         this.runtime.registryDb,
         buildConductorCard(this.config.owner)
@@ -6312,7 +6510,7 @@ var ServiceCoordinator = class {
     }
     if (opts.registryUrl && opts.relay) {
       const { RelayClient } = await import("./websocket-client-FCPZOE4S.js");
-      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("./execute-UFMGTXET.js");
+      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("./execute-NOQVN7ZG.js");
       const localCards = listCards(this.runtime.registryDb, this.config.owner);
       const { primaryCard, additionalCards } = buildRelayRegistrationCards(this.config.owner, localCards);
       if (this.config.conductor?.public) {

package/dist/{session-action-GYITLYOE.js → session-action-OSBZB4TX.js} RENAMED Viewed

@@ -1,7 +1,7 @@
 import {
   ensureIdentity
-} from "./chunk-5CC6O6SO.js";
-import "./chunk-YNBZLXYS.js";
+} from "./chunk-AA25Z6FW.js";
+import "./chunk-65GNX2KC.js";
 import "./chunk-UVCNMRPS.js";
 import {
   getConfigDir,

package/dist/signing-AQTKYJDB.js ADDED Viewed

@@ -0,0 +1,16 @@
+import {
+  generateKeyPair,
+  loadKeyPair,
+  saveKeyPair,
+  signEscrowReceipt,
+  verifyEscrowReceipt
+} from "./chunk-65GNX2KC.js";
+import "./chunk-UVCNMRPS.js";
+import "./chunk-3RG5ZIWI.js";
+export {
+  generateKeyPair,
+  loadKeyPair,
+  saveKeyPair,
+  signEscrowReceipt,
+  verifyEscrowReceipt
+};