agentbnb 9.1.1 → 9.2.1

package/README.md

@@ -322,6 +322,28 @@ Every network faces a cold start problem. AgentBnB solves it through mechanisms
 
 ---
 
+## Early Providers
+
+Agent-to-agent hiring works. Relay escrow works. Team formation works. The open question isn't *can the protocol run* — it's **which providers make it worth running through**.
+
+We're recruiting a small first wave of **Founding Providers**: operators whose agents carry real rentable edge in a category. Not thin API wrappers, not demo-grade prompts — skills another agent would genuinely pay credits to hire instead of rebuilding.
+
+Early matters. The first providers shape pricing, trust signals, and how routing evolves. In return they get:
+
+- Permanent recognition as a **Founding Provider** in the README and on agentbnb.dev
+- A Founding Provider badge attached to their capability cards
+- Featured placement in discovery surfaces (Hub, search, MCP `agentbnb_discover`)
+- Provider spotlight / case study, priority onboarding, and direct input into provider tooling
+- The compounding advantage of being the first name agents hire in their category
+
+Categories we're actively looking at: coding / review / automation · research / scraping / intelligence · finance / quant / market analysis · voice / media generation · niche workflow operators.
+
+If your agent does one thing exceptionally well and you'd trust another agent to depend on it, we want to talk.
+
+→ Read the program: [docs/founding-providers.md](./docs/founding-providers.md) · Tracking issue: [#31](https://github.com/Xiaoher-C/agentbnb/issues/31)
+
+---
+
 ## Agent Hub
 
 <p align="center">

package/dist/{card-UF465O7O.js → card-L3ZPPBVI.js}

@@ -1,12 +1,12 @@
 import {
   attachCanonicalAgentId
-} from "./chunk-7VZ4M4CT.js";
+} from "./chunk-QE42IJC4.js";
+import "./chunk-4XTYT4JW.js";
+import "./chunk-GZUTU6IZ.js";
 import "./chunk-J4RFJVXI.js";
 import {
   CapabilityCardV2Schema
 } from "./chunk-UVCNMRPS.js";
-import "./chunk-4XTYT4JW.js";
-import "./chunk-GZUTU6IZ.js";
 import "./chunk-3RG5ZIWI.js";
 
 // src/conductor/card.ts

package/dist/{chunk-LENX5NUW.js → chunk-2KSRFDKF.js}

@@ -1,6 +1,6 @@
 import {
   deriveAgentId
-} from "./chunk-5CC6O6SO.js";
+} from "./chunk-AA25Z6FW.js";
 import {
   bootstrapAgent,
   getBalance,
@@ -10,11 +10,11 @@ import {
   openCreditDb,
   releaseEscrow,
   settleEscrow
-} from "./chunk-D7NH6YLM.js";
+} from "./chunk-UJXDBOKV.js";
 import {
   signEscrowReceipt,
   verifyEscrowReceipt
-} from "./chunk-YNBZLXYS.js";
+} from "./chunk-65GNX2KC.js";
 import {
   lookupAgent
 } from "./chunk-J4RFJVXI.js";
@@ -230,6 +230,58 @@ function signRequest(method, path, body, privateKey, publicKeyHex, agentIdOverri
     "X-Agent-Timestamp": timestamp
   };
 }
+async function tryVerifyIdentity(request, options = {}) {
+  const agentIdHeader = request.headers["x-agent-id"];
+  const publicKeyHeader = request.headers["x-agent-publickey"];
+  const signatureHeader = request.headers["x-agent-signature"];
+  const timestampHeader = request.headers["x-agent-timestamp"];
+  const agentId = agentIdHeader?.trim();
+  const publicKeyHex = publicKeyHeader?.trim();
+  const signature = signatureHeader?.trim();
+  const timestamp = timestampHeader?.trim();
+  if (!agentId || !publicKeyHex || !signature || !timestamp) {
+    return { valid: false, reason: "missing_headers" };
+  }
+  const requestTime = new Date(timestamp).getTime();
+  if (isNaN(requestTime) || Math.abs(Date.now() - requestTime) > MAX_REQUEST_AGE_MS) {
+    return { valid: false, reason: "expired" };
+  }
+  if (!/^[0-9a-fA-F]+$/.test(publicKeyHex) || publicKeyHex.length % 2 !== 0) {
+    return { valid: false, reason: "invalid_key" };
+  }
+  let expectedAgentId;
+  try {
+    expectedAgentId = deriveAgentId(publicKeyHex);
+  } catch {
+    return { valid: false, reason: "invalid_key" };
+  }
+  if (agentId !== expectedAgentId) {
+    return { valid: false, reason: "agent_id_mismatch" };
+  }
+  let publicKeyBuffer;
+  try {
+    publicKeyBuffer = Buffer.from(publicKeyHex, "hex");
+  } catch {
+    return { valid: false, reason: "invalid_key" };
+  }
+  const knownAgent = options.agentDb ? lookupAgent(options.agentDb, agentId) : null;
+  if (knownAgent && knownAgent.public_key.toLowerCase() !== publicKeyHex.toLowerCase()) {
+    return { valid: false, reason: "key_drift" };
+  }
+  const payload = buildIdentityPayload(
+    request.method,
+    request.url,
+    timestamp,
+    publicKeyHex,
+    agentId,
+    request.body
+  );
+  const valid = verifyEscrowReceipt(payload, signature, publicKeyBuffer);
+  if (!valid) {
+    return { valid: false, reason: "invalid_signature" };
+  }
+  return { valid: true, agentId, publicKey: publicKeyHex };
+}
 
 // src/credit/registry-credit-ledger.ts
 var HTTP_TIMEOUT_MS = 1e4;
@@ -453,5 +505,6 @@ function createLedger(opts) {
 
 export {
   identityAuthPlugin,
+  tryVerifyIdentity,
   createLedger
 };

package/dist/{chunk-TCA63C42.js → chunk-563ZZUOA.js}

@@ -2,50 +2,58 @@ import {
   KNOWN_API_KEYS,
   buildDraftCard,
   detectApiKeys,
-  detectOpenPorts
-} from "./chunk-G4TF4LB4.js";
+  detectOpenPorts,
+  probeRegistry
+} from "./chunk-VDYHCI5F.js";
+import {
+  withTimeout
+} from "./chunk-GIK2AZQH.js";
+import {
+  isOfflineMode,
+  isTestMode
+} from "./chunk-5FXLZ5FX.js";
+import {
+  createLedger
+} from "./chunk-2KSRFDKF.js";
+import {
+  loadOrRepairIdentity
+} from "./chunk-AA25Z6FW.js";
 import {
   parseSoulMd
-} from "./chunk-AW4VSROG.js";
+} from "./chunk-OFIRWD6B.js";
 import {
   DEFAULT_BUDGET_CONFIG
-} from "./chunk-QG2LLVXP.js";
+} from "./chunk-WA23XRTN.js";
 import {
   DEFAULT_AUTONOMY_CONFIG
 } from "./chunk-G5WKW3ED.js";
-import {
-  createLedger
-} from "./chunk-LENX5NUW.js";
-import {
-  loadOrRepairIdentity
-} from "./chunk-5CC6O6SO.js";
 import {
   bootstrapAgent,
   getBalance,
   migrateOwner,
   openCreditDb
-} from "./chunk-D7NH6YLM.js";
+} from "./chunk-UJXDBOKV.js";
 import {
   attachCanonicalAgentId,
   insertCard,
   listCards,
   openDatabase
-} from "./chunk-7VZ4M4CT.js";
+} from "./chunk-QE42IJC4.js";
 import {
   createAgentRecord,
   lookupAgent,
   lookupAgentByOwner,
   updateAgentRecord
 } from "./chunk-J4RFJVXI.js";
-import {
-  AgentBnBError,
-  CapabilityCardV2Schema
-} from "./chunk-UVCNMRPS.js";
 import {
   getConfigDir,
   loadConfig,
   saveConfig
 } from "./chunk-3XPBFF6H.js";
+import {
+  AgentBnBError,
+  CapabilityCardV2Schema
+} from "./chunk-UVCNMRPS.js";
 
 // src/openclaw/soul-sync.ts
 import { randomUUID } from "crypto";
@@ -453,6 +461,7 @@ function capabilitiesToV2Card(capabilities, owner, agentName) {
 
 // src/cli/init-action.ts
 import { createInterface as createInterface2 } from "readline";
+var REGISTRY_GRANT_BUDGET_MS = 3e3;
 async function confirm(question) {
   const rl = createInterface2({ input: process.stdin, output: process.stdout });
   try {
@@ -584,18 +593,43 @@ async function performInit(opts) {
   registryDb.close();
   creditDb.close();
   let registryBalance;
+  let registrySkipReason;
   if (config.registry) {
-    try {
-      const identityAuth = loadIdentityAuth(owner);
-      const ledger = createLedger({
-        registryUrl: config.registry,
-        ownerPublicKey: identityAuth.publicKey,
-        privateKey: identityAuth.privateKey
-      });
-      await ledger.grant(owner, 50);
-      registryBalance = await ledger.getBalance(owner);
-    } catch (err) {
-      console.warn(`Warning: could not connect to Registry for credit grant: ${err.message}`);
+    if (isTestMode()) {
+      registrySkipReason = "test mode";
+    } else if (isOfflineMode()) {
+      registrySkipReason = "offline mode (AGENTBNB_OFFLINE=1)";
+    } else {
+      if (!opts.json) process.stdout.write("Connecting to registry... ");
+      const reachable = await probeRegistry(config.registry);
+      if (!reachable) {
+        registrySkipReason = "unreachable";
+        if (!opts.json) console.log("offline");
+      } else {
+        if (!opts.json) console.log("ok");
+        try {
+          const identityAuth = loadIdentityAuth(owner);
+          const ledger = createLedger({
+            registryUrl: config.registry,
+            ownerPublicKey: identityAuth.publicKey,
+            privateKey: identityAuth.privateKey
+          });
+          registryBalance = await withTimeout(
+            (async () => {
+              await ledger.grant(owner, 50);
+              return ledger.getBalance(owner);
+            })(),
+            REGISTRY_GRANT_BUDGET_MS
+          );
+        } catch (err) {
+          registrySkipReason = err.message;
+        }
+      }
+    }
+    if (registrySkipReason && !opts.json) {
+      console.log(`Registry credits: skipped (${registrySkipReason})`);
+      console.log("  Local balance: 100 credits (ready to use)");
+      console.log("  Run `agentbnb credits sync` once online to claim 50 bonus credits");
     }
   }
   const skipDetect = opts.detect === false;

package/dist/chunk-5FXLZ5FX.js

@@ -0,0 +1,16 @@
+// src/utils/runtime-mode.ts
+function isTestMode() {
+  return process.env["AGENTBNB_TEST_MODE"] === "1" || process.env["NODE_ENV"] === "test" || process.env["VITEST"] === "true";
+}
+function isOfflineMode() {
+  return process.env["AGENTBNB_OFFLINE"] === "1";
+}
+function shouldSkipNetwork() {
+  return isTestMode() || isOfflineMode();
+}
+
+export {
+  isTestMode,
+  isOfflineMode,
+  shouldSkipNetwork
+};

package/dist/{chunk-ELFGYC22.js → chunk-7YJOBVWN.js}

@@ -86,6 +86,9 @@ function mergeResults(localCards, remoteCards, hasQuery) {
 }
 
 export {
+  RegistryTimeoutError,
+  RegistryConnectionError,
+  RegistryAuthError,
   fetchRemoteCards,
   mergeResults
 };

package/dist/{chunk-5CC6O6SO.js → chunk-AA25Z6FW.js}

@@ -2,7 +2,7 @@ import {
   generateKeyPair,
   loadKeyPair,
   saveKeyPair
-} from "./chunk-YNBZLXYS.js";
+} from "./chunk-65GNX2KC.js";
 
 // src/identity/identity.ts
 import { z } from "zod";

package/dist/{chunk-WARYO57F.js → chunk-COOBXNXU.js}

@@ -3,20 +3,20 @@ import {
 } from "./chunk-3MJT4PZG.js";
 import {
   scorePeers
-} from "./chunk-AMABG5SI.js";
-import {
-  fetchRemoteCards
-} from "./chunk-ELFGYC22.js";
+} from "./chunk-OI46BKQF.js";
 import {
   searchCards
-} from "./chunk-I4E5ERDN.js";
+} from "./chunk-CPSV5WR2.js";
 import {
   loadCoreConfig
 } from "./chunk-QXRNW4OJ.js";
 import {
   requestCapability,
   requestCapabilityBatch
-} from "./chunk-W6LOCBWQ.js";
+} from "./chunk-IWAK4WHK.js";
+import {
+  fetchRemoteCards
+} from "./chunk-7YJOBVWN.js";
 
 // src/conductor/decomposition-validator.ts
 function validateAndNormalizeSubtasks(raw, context) {

package/dist/{chunk-I4E5ERDN.js → chunk-CPSV5WR2.js}

@@ -1,6 +1,6 @@
 import {
   getFeedbackForProvider
-} from "./chunk-7VZ4M4CT.js";
+} from "./chunk-QE42IJC4.js";
 import {
   loadCoreConfig
 } from "./chunk-QXRNW4OJ.js";

package/dist/{process-guard-6324CZDC.js → chunk-DG4FQ4MD.js}

@@ -1,7 +1,6 @@
 import {
   AgentBnBError
 } from "./chunk-UVCNMRPS.js";
-import "./chunk-3RG5ZIWI.js";
 
 // src/runtime/process-guard.ts
 import { dirname, join } from "path";
@@ -172,6 +171,7 @@ function isPidFileContent(value) {
   const record = value;
   return Number.isInteger(record["pid"]) && typeof record["started_at"] === "string" && Number.isInteger(record["port"]) && typeof record["owner"] === "string";
 }
+
 export {
   ProcessGuard
 };

package/dist/{chunk-MPS4RE7T.js → chunk-DT2IEL5U.js}

@@ -357,6 +357,16 @@ function confirmEscrowDebit(db, escrowId) {
   });
   confirm();
 }
+function getEscrowStatus(db, escrowId) {
+  const row = db.prepare(
+    "SELECT id, owner, amount, card_id, status, created_at, settled_at FROM credit_escrow WHERE id = ?"
+  ).get(escrowId);
+  if (!row) return null;
+  return {
+    ...row,
+    owner: canonicalizeCreditOwner(db, row.owner)
+  };
+}
 
 // src/feedback/reputation.ts
 var coreReputation = loadCoreConfig("reputation");
@@ -793,6 +803,7 @@ export {
   settleEscrow,
   releaseEscrow,
   confirmEscrowDebit,
+  getEscrowStatus,
   computeReputation,
   searchCards,
   filterCards,

package/dist/chunk-EMVVFP2L.js

@@ -0,0 +1,54 @@
+// src/autonomy/consumer-autonomy.ts
+var DEFAULT_CONSUMER_AUTONOMY = {
+  session_budget: 50,
+  single_request_max: 20,
+  multi_skill_policy: "notify"
+};
+function createSessionState() {
+  return { totalSpent: 0, paidCallCount: 0 };
+}
+function checkConsumerBudget(config, session, estimatedCost) {
+  if (estimatedCost <= 0) {
+    return { allowed: true };
+  }
+  if (estimatedCost > config.single_request_max) {
+    return {
+      allowed: false,
+      error: `Request cost (${estimatedCost} credits) exceeds single_request_max (${config.single_request_max}). Adjust consumer_autonomy.single_request_max in config to allow higher-cost requests.`
+    };
+  }
+  if (session.totalSpent + estimatedCost > config.session_budget) {
+    return {
+      allowed: false,
+      error: `Session budget exceeded: spent ${session.totalSpent} + requested ${estimatedCost} = ${session.totalSpent + estimatedCost} credits, but session_budget is ${config.session_budget}. This session has already made ${session.paidCallCount} paid call(s).`
+    };
+  }
+  if (session.paidCallCount > 0) {
+    if (config.multi_skill_policy === "block") {
+      return {
+        allowed: false,
+        error: `Multi-skill block: this would be paid call #${session.paidCallCount + 1} in this session (total spent: ${session.totalSpent}, this request: ${estimatedCost} credits). consumer_autonomy.multi_skill_policy is "block". Only one paid skill call is allowed per session unless policy is changed.`
+      };
+    }
+    if (config.multi_skill_policy === "notify") {
+      return {
+        allowed: true,
+        warning: `This is paid call #${session.paidCallCount + 1} in this session. Cumulative spend: ${session.totalSpent} + ${estimatedCost} = ${session.totalSpent + estimatedCost} credits (session budget: ${config.session_budget}).`
+      };
+    }
+  }
+  return { allowed: true };
+}
+function recordConsumerSpend(session, creditsSpent) {
+  if (creditsSpent > 0) {
+    session.totalSpent += creditsSpent;
+    session.paidCallCount += 1;
+  }
+}
+
+export {
+  DEFAULT_CONSUMER_AUTONOMY,
+  createSessionState,
+  checkConsumerBudget,
+  recordConsumerSpend
+};

package/dist/{chunk-O44N3KR7.js → chunk-FVLHEI3Y.js}

@@ -1,15 +1,15 @@
-import {
-  fetchRemoteCards
-} from "./chunk-ELFGYC22.js";
 import {
   searchCards
-} from "./chunk-I4E5ERDN.js";
+} from "./chunk-CPSV5WR2.js";
 import {
   getCard
-} from "./chunk-7VZ4M4CT.js";
+} from "./chunk-QE42IJC4.js";
 import {
   resolveCanonicalIdentity
 } from "./chunk-J4RFJVXI.js";
+import {
+  fetchRemoteCards
+} from "./chunk-7YJOBVWN.js";
 
 // src/gateway/resolve-target-capability.ts
 function canQueryLocalDb(db) {

package/dist/chunk-GIK2AZQH.js

@@ -0,0 +1,23 @@
+// src/utils/with-timeout.ts
+var TimeoutError = class extends Error {
+  constructor(timeoutMs) {
+    super(`Operation timed out after ${timeoutMs}ms`);
+    this.name = "TimeoutError";
+  }
+};
+async function withTimeout(promise, timeoutMs) {
+  let timer;
+  const timeoutPromise = new Promise((_, reject) => {
+    timer = setTimeout(() => reject(new TimeoutError(timeoutMs)), timeoutMs);
+  });
+  try {
+    return await Promise.race([promise, timeoutPromise]);
+  } finally {
+    if (timer) clearTimeout(timer);
+  }
+}
+
+export {
+  TimeoutError,
+  withTimeout
+};

package/dist/{chunk-W6LOCBWQ.js → chunk-IWAK4WHK.js}

@@ -1,6 +1,6 @@
 import {
   signEscrowReceipt
-} from "./chunk-YNBZLXYS.js";
+} from "./chunk-65GNX2KC.js";
 import {
   AgentBnBError
 } from "./chunk-UVCNMRPS.js";

package/dist/{chunk-Y7CO3VLF.js → chunk-NISX3N7K.js}

@@ -4,17 +4,24 @@ import {
   decompose,
   matchSubTasks,
   orchestrate
-} from "./chunk-WARYO57F.js";
+} from "./chunk-COOBXNXU.js";
+import {
+  TimeoutError,
+  withTimeout
+} from "./chunk-GIK2AZQH.js";
+import {
+  shouldSkipNetwork
+} from "./chunk-5FXLZ5FX.js";
 import {
   BudgetManager
-} from "./chunk-QG2LLVXP.js";
+} from "./chunk-WA23XRTN.js";
 import {
   openCreditDb
-} from "./chunk-D7NH6YLM.js";
+} from "./chunk-UJXDBOKV.js";
 import {
   listCards,
   openDatabase
-} from "./chunk-7VZ4M4CT.js";
+} from "./chunk-QE42IJC4.js";
 import {
   RelayClient
 } from "./chunk-UPNREF4L.js";
@@ -115,7 +122,7 @@ async function conductAction(task, opts) {
     );
   };
   let relay;
-  if (config.registry) {
+  if (config.registry && !shouldSkipNetwork()) {
     relay = new RelayClient({
       registryUrl: config.registry,
       owner: config.owner,
@@ -125,8 +132,10 @@ async function conductAction(task, opts) {
       silent: true
     });
     try {
-      await relay.connect();
-    } catch {
+      await withTimeout(relay.connect(), 1e4);
+    } catch (err) {
+      if (err instanceof TimeoutError) {
+      }
       relay = void 0;
     }
   }

package/dist/{chunk-2HH2F3DM.js → chunk-NLGLGR2K.js}

@@ -8,7 +8,7 @@ import {
   releaseEscrow,
   resolveTargetCapability,
   settleEscrow
-} from "./chunk-MPS4RE7T.js";
+} from "./chunk-DT2IEL5U.js";
 import {
   getCard,
   updateReputation
@@ -31,7 +31,7 @@ import {
   saveKeyPair,
   signEscrowReceipt,
   verifyEscrowReceipt
-} from "./chunk-YNBZLXYS.js";
+} from "./chunk-65GNX2KC.js";
 import {
   AgentBnBError
 } from "./chunk-UVCNMRPS.js";
@@ -391,6 +391,58 @@ function signRequest(method, path, body, privateKey, publicKeyHex, agentIdOverri
     "X-Agent-Timestamp": timestamp
   };
 }
+async function tryVerifyIdentity(request, options = {}) {
+  const agentIdHeader = request.headers["x-agent-id"];
+  const publicKeyHeader = request.headers["x-agent-publickey"];
+  const signatureHeader = request.headers["x-agent-signature"];
+  const timestampHeader = request.headers["x-agent-timestamp"];
+  const agentId = agentIdHeader?.trim();
+  const publicKeyHex = publicKeyHeader?.trim();
+  const signature = signatureHeader?.trim();
+  const timestamp = timestampHeader?.trim();
+  if (!agentId || !publicKeyHex || !signature || !timestamp) {
+    return { valid: false, reason: "missing_headers" };
+  }
+  const requestTime = new Date(timestamp).getTime();
+  if (isNaN(requestTime) || Math.abs(Date.now() - requestTime) > MAX_REQUEST_AGE_MS) {
+    return { valid: false, reason: "expired" };
+  }
+  if (!/^[0-9a-fA-F]+$/.test(publicKeyHex) || publicKeyHex.length % 2 !== 0) {
+    return { valid: false, reason: "invalid_key" };
+  }
+  let expectedAgentId;
+  try {
+    expectedAgentId = deriveAgentId(publicKeyHex);
+  } catch {
+    return { valid: false, reason: "invalid_key" };
+  }
+  if (agentId !== expectedAgentId) {
+    return { valid: false, reason: "agent_id_mismatch" };
+  }
+  let publicKeyBuffer;
+  try {
+    publicKeyBuffer = Buffer.from(publicKeyHex, "hex");
+  } catch {
+    return { valid: false, reason: "invalid_key" };
+  }
+  const knownAgent = options.agentDb ? lookupAgent(options.agentDb, agentId) : null;
+  if (knownAgent && knownAgent.public_key.toLowerCase() !== publicKeyHex.toLowerCase()) {
+    return { valid: false, reason: "key_drift" };
+  }
+  const payload = buildIdentityPayload(
+    request.method,
+    request.url,
+    timestamp,
+    publicKeyHex,
+    agentId,
+    request.body
+  );
+  const valid = verifyEscrowReceipt(payload, signature, publicKeyBuffer);
+  if (!valid) {
+    return { valid: false, reason: "invalid_signature" };
+  }
+  return { valid: true, agentId, publicKey: publicKeyHex };
+}
 
 // src/credit/registry-credit-ledger.ts
 var HTTP_TIMEOUT_MS = 1e4;
@@ -1208,6 +1260,7 @@ export {
   loadOrRepairIdentity,
   ensureIdentity,
   identityAuthPlugin,
+  tryVerifyIdentity,
   createLedger,
   syncCreditsFromRegistry,
   notifyProviderEvent,

package/dist/{chunk-AW4VSROG.js → chunk-OFIRWD6B.js}

@@ -1,6 +1,6 @@
 import {
   insertCard
-} from "./chunk-7VZ4M4CT.js";
+} from "./chunk-QE42IJC4.js";
 import {
   CapabilityCardSchema
 } from "./chunk-UVCNMRPS.js";