agentbnb 9.1.1 → 9.2.1

package/dist/skills/agentbnb/bootstrap.js

@@ -1,14 +1,3 @@
-import {
-  createLedger,
-  deriveAgentId,
-  ensureIdentity,
-  executeCapabilityBatch,
-  executeCapabilityRequest,
-  identityAuthPlugin,
-  loadOrRepairIdentity,
-  notifyProviderEvent,
-  syncCreditsFromRegistry
-} from "../../chunk-2HH2F3DM.js";
 import {
   AutoRequestor,
   BudgetController,
@@ -27,7 +16,19 @@ import {
   requestViaTemporaryRelay,
   resolvePendingRequest,
   verifyUCAN
-} from "../../chunk-F2CIPAN2.js";
+} from "../../chunk-OTAZIF65.js";
+import {
+  createLedger,
+  deriveAgentId,
+  ensureIdentity,
+  executeCapabilityBatch,
+  executeCapabilityRequest,
+  identityAuthPlugin,
+  loadOrRepairIdentity,
+  notifyProviderEvent,
+  syncCreditsFromRegistry,
+  tryVerifyIdentity
+} from "../../chunk-NLGLGR2K.js";
 import {
   NETWORK_FEE_RATE,
   bootstrapAgent,
@@ -37,6 +38,7 @@ import {
   fetchRemoteCards,
   filterCards,
   getBalance,
+  getEscrowStatus,
   getTransactions,
   holdEscrow,
   markEscrowAbandoned,
@@ -48,7 +50,7 @@ import {
   releaseEscrow,
   searchCards,
   settleEscrow
-} from "../../chunk-MPS4RE7T.js";
+} from "../../chunk-DT2IEL5U.js";
 import {
   attachCanonicalAgentId,
   getCard,
@@ -80,13 +82,13 @@ import "../../chunk-EE3V3DXK.js";
 import {
   requestCapability,
   requestViaRelay
-} from "../../chunk-W6LOCBWQ.js";
+} from "../../chunk-IWAK4WHK.js";
 import {
   generateKeyPair,
   loadKeyPair,
   signEscrowReceipt,
   verifyEscrowReceipt
-} from "../../chunk-YNBZLXYS.js";
+} from "../../chunk-65GNX2KC.js";
 import {
   AgentBnBError,
   AnyCardSchema
@@ -1504,7 +1506,7 @@ var AgentRuntime = class {
     }
     const modes = /* @__PURE__ */ new Map();
     if (this.conductorEnabled) {
-      const { ConductorMode } = await import("../../conductor-mode-UJKMO2GW.js");
+      const { ConductorMode } = await import("../../conductor-mode-HJHU4XLT.js");
       const { registerConductorCard, CONDUCTOR_OWNER } = await import("../../card-U2HQRPYN.js");
       const { loadPeers: loadPeers2 } = await import("../../peers-IOVCBWAI.js");
       registerConductorCard(this.registryDb);
@@ -3776,6 +3778,75 @@ function initiateGithubAuth() {
   };
 }
 
+// src/registry/hub-identities.ts
+import { randomBytes as randomBytes2, createHash } from "crypto";
+var HUB_IDENTITIES_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS hub_identities (
+    email TEXT PRIMARY KEY,
+    agent_id TEXT NOT NULL UNIQUE,
+    public_key TEXT NOT NULL,
+    encrypted_private_key TEXT NOT NULL,
+    kdf_salt TEXT NOT NULL,
+    display_name TEXT NOT NULL,
+    created_at TEXT NOT NULL
+  );
+
+  CREATE INDEX IF NOT EXISTS idx_hub_identities_agent_id
+    ON hub_identities(agent_id);
+`;
+var CHALLENGES_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS hub_challenges (
+    challenge TEXT PRIMARY KEY,
+    expires_at TEXT NOT NULL,
+    consumed_at TEXT
+  );
+`;
+function ensureHubIdentitiesTables(db) {
+  db.exec(HUB_IDENTITIES_SCHEMA);
+  db.exec(CHALLENGES_SCHEMA);
+}
+function deriveAgentId2(publicKeyHex) {
+  const hash = createHash("sha256").update(publicKeyHex, "hex").digest("hex");
+  return `agent-${hash.slice(0, 16)}`;
+}
+var CHALLENGE_TTL_MS = 10 * 60 * 1e3;
+function createChallenge(db) {
+  const challenge = randomBytes2(32).toString("hex");
+  const expires_at = new Date(Date.now() + CHALLENGE_TTL_MS).toISOString();
+  db.prepare("INSERT INTO hub_challenges (challenge, expires_at) VALUES (?, ?)").run(challenge, expires_at);
+  return { challenge, expires_at };
+}
+function consumeChallenge(db, challenge) {
+  const row = db.prepare("SELECT expires_at, consumed_at FROM hub_challenges WHERE challenge = ?").get(challenge);
+  if (!row) return false;
+  if (row.consumed_at) return false;
+  if (new Date(row.expires_at).getTime() < Date.now()) return false;
+  const consumed_at = (/* @__PURE__ */ new Date()).toISOString();
+  db.prepare("UPDATE hub_challenges SET consumed_at = ? WHERE challenge = ?").run(consumed_at, challenge);
+  return true;
+}
+function pruneChallenges(db) {
+  const cutoff = new Date(Date.now() - 24 * 60 * 60 * 1e3).toISOString();
+  db.prepare("DELETE FROM hub_challenges WHERE expires_at < ? OR consumed_at IS NOT NULL").run(cutoff);
+}
+function registerHubIdentity(db, input) {
+  const agent_id = deriveAgentId2(input.public_key);
+  const created_at = (/* @__PURE__ */ new Date()).toISOString();
+  db.prepare(`
+    INSERT INTO hub_identities (email, agent_id, public_key, encrypted_private_key, kdf_salt, display_name, created_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+  `).run(input.email, agent_id, input.public_key, input.encrypted_private_key, input.kdf_salt, input.display_name, created_at);
+  return { ...input, agent_id, created_at };
+}
+function getHubIdentityByEmail(db, email) {
+  const row = db.prepare("SELECT * FROM hub_identities WHERE email = ?").get(email);
+  return row ?? null;
+}
+function getHubIdentityByAgentId(db, agent_id) {
+  const row = db.prepare("SELECT * FROM hub_identities WHERE agent_id = ?").get(agent_id);
+  return row ?? null;
+}
+
 // src/registry/free-tier.ts
 function initFreeTierTable(db) {
   db.exec(`
@@ -3873,6 +3944,39 @@ async function creditRoutesPlugin(fastify, options) {
     const transactions = getTransactions(creditDb, owner, { limit, after: since });
     return reply.send({ owner, transactions, limit });
   });
+  fastify.get("/api/credits/escrow/:id", {
+    schema: {
+      tags: ["credits"],
+      summary: "Get escrow status by ID (public, no auth required)",
+      params: {
+        type: "object",
+        properties: { id: { type: "string" } },
+        required: ["id"]
+      },
+      response: {
+        200: {
+          type: "object",
+          properties: {
+            id: { type: "string" },
+            owner: { type: "string" },
+            amount: { type: "number" },
+            card_id: { type: "string" },
+            status: { type: "string" },
+            created_at: { type: "string" },
+            settled_at: { type: ["string", "null"] }
+          }
+        },
+        404: { type: "object", properties: { error: { type: "string" } } }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const escrow = getEscrowStatus(creditDb, id);
+    if (!escrow) {
+      return reply.code(404).send({ error: "Escrow record not found" });
+    }
+    return reply.send(escrow);
+  });
   await fastify.register(async (scope) => {
     identityAuthPlugin(scope, { agentDb: creditDb });
     scope.post("/api/credits/hold", {
@@ -5805,6 +5909,121 @@ function createRegistryServer(opts) {
         throw err;
       }
     });
+    ensureHubIdentitiesTables(db);
+    try {
+      pruneChallenges(db);
+    } catch {
+    }
+    api.get("/api/agents/challenge", {
+      schema: {
+        tags: ["hub-auth"],
+        summary: "Get a registration challenge",
+        response: {
+          200: {
+            type: "object",
+            properties: {
+              challenge: { type: "string" },
+              expires_at: { type: "string" }
+            }
+          }
+        }
+      }
+    }, async (_request, reply) => {
+      const { challenge, expires_at } = createChallenge(db);
+      return reply.send({ challenge, expires_at });
+    });
+    api.post("/api/agents/register", {
+      schema: {
+        tags: ["hub-auth"],
+        summary: "Register a new Hub-managed agent identity",
+        body: {
+          type: "object",
+          required: ["email", "public_key", "encrypted_private_key", "kdf_salt", "display_name", "challenge", "signature"],
+          properties: {
+            email: { type: "string", format: "email" },
+            public_key: { type: "string" },
+            encrypted_private_key: { type: "string" },
+            kdf_salt: { type: "string" },
+            display_name: { type: "string" },
+            challenge: { type: "string" },
+            signature: { type: "string" }
+          }
+        },
+        response: {
+          201: { type: "object", additionalProperties: true },
+          400: { type: "object", properties: { error: { type: "string" } } },
+          409: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      if (!consumeChallenge(db, body.challenge)) {
+        return reply.code(400).send({ error: "Invalid or expired challenge" });
+      }
+      if (!/^[0-9a-fA-F]+$/.test(body.public_key) || body.public_key.length % 2 !== 0) {
+        return reply.code(400).send({ error: "Invalid public_key format" });
+      }
+      try {
+        const { verifyEscrowReceipt: verifyEscrowReceipt2 } = await import("../../signing-AQTKYJDB.js");
+        const publicKeyBuffer = Buffer.from(body.public_key, "hex");
+        const valid = verifyEscrowReceipt2({ challenge: body.challenge }, body.signature, publicKeyBuffer);
+        if (!valid) {
+          return reply.code(400).send({ error: "Invalid signature" });
+        }
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return reply.code(400).send({ error: `Signature verification failed: ${msg}` });
+      }
+      const existing = getHubIdentityByEmail(db, body.email.toLowerCase());
+      if (existing) {
+        return reply.code(409).send({ error: "Email already registered" });
+      }
+      const agent_id = deriveAgentId2(body.public_key);
+      const existingByAgentId = getHubIdentityByAgentId(db, agent_id);
+      if (existingByAgentId) {
+        return reply.code(409).send({ error: "Agent already registered" });
+      }
+      const identity = registerHubIdentity(db, {
+        email: body.email.toLowerCase(),
+        public_key: body.public_key,
+        encrypted_private_key: body.encrypted_private_key,
+        kdf_salt: body.kdf_salt,
+        display_name: body.display_name
+      });
+      return reply.code(201).send({
+        agent_id: identity.agent_id,
+        did: `did:agentbnb:${identity.agent_id}`,
+        created_at: identity.created_at
+      });
+    });
+    api.post("/api/agents/login", {
+      schema: {
+        tags: ["hub-auth"],
+        summary: "Fetch encrypted identity blob for login",
+        body: {
+          type: "object",
+          required: ["email"],
+          properties: { email: { type: "string", format: "email" } }
+        },
+        response: {
+          200: { type: "object", additionalProperties: true },
+          404: { type: "object", properties: { error: { type: "string" } } }
+        }
+      }
+    }, async (request, reply) => {
+      const body = request.body;
+      const identity = getHubIdentityByEmail(db, body.email.toLowerCase());
+      if (!identity) {
+        return reply.code(404).send({ error: "Identity not found" });
+      }
+      return reply.send({
+        agent_id: identity.agent_id,
+        public_key: identity.public_key,
+        encrypted_private_key: identity.encrypted_private_key,
+        kdf_salt: identity.kdf_salt,
+        display_name: identity.display_name
+      });
+    });
     api.post("/api/identity/link", {
       schema: {
         tags: ["identity"],
@@ -6104,7 +6323,7 @@ function createRegistryServer(opts) {
               });
               await relayClient.connect();
             }
-            const { requestViaRelay: requestViaRelay2 } = await import("../../client-XOSXFC7Q.js");
+            const { requestViaRelay: requestViaRelay2 } = await import("../../client-KL67WZVJ.js");
             return requestViaRelay2(relayClient, {
               targetOwner: target.owner,
               cardId: target.cardId,
@@ -6123,12 +6342,24 @@ function createRegistryServer(opts) {
       const ownerApiKey = opts.ownerApiKey;
       const ownerName = opts.ownerName;
       void api.register(async (ownerRoutes) => {
-        ownerRoutes.addHook("onRequest", async (request, reply) => {
+        ownerRoutes.addHook("preHandler", async (request, reply) => {
           const auth = request.headers.authorization;
           const token = auth?.startsWith("Bearer ") ? auth.slice(7).trim() : null;
-          if (!token || token !== ownerApiKey) {
-            return reply.status(401).send({ error: "Unauthorized" });
+          if (token === ownerApiKey) {
+            request.agentId = ownerName;
+            return;
+          }
+          const didResult = await tryVerifyIdentity(request, {});
+          if (didResult.valid) {
+            const hubIdentity = getHubIdentityByAgentId(db, didResult.agentId);
+            if (!hubIdentity) {
+              return reply.status(401).send({ error: "Agent not registered on this Hub" });
+            }
+            request.agentId = didResult.agentId;
+            request.agentPublicKey = didResult.publicKey;
+            return;
           }
+          return reply.status(401).send({ error: "Unauthorized" });
         });
         ownerRoutes.get("/me", {
           schema: {
@@ -6139,13 +6370,14 @@ function createRegistryServer(opts) {
               200: { type: "object", properties: { owner: { type: "string" }, balance: { type: "number" } } }
             }
           }
-        }, async (_request, reply) => {
+        }, async (request, reply) => {
+          const identity = request.agentId ?? ownerName;
           let balance = 0;
           if (opts.creditDb) {
             const ledger = createLedger({ db: opts.creditDb });
-            balance = await ledger.getBalance(ownerName);
+            balance = await ledger.getBalance(identity);
           }
-          return reply.send({ owner: ownerName, balance });
+          return reply.send({ owner: identity, balance });
         });
         ownerRoutes.get("/requests", {
           schema: {
@@ -6767,6 +6999,56 @@ import { existsSync as existsSync5, readFileSync as readFileSync4 } from "fs";
 import { join as join4 } from "path";
 import { randomUUID as randomUUID9 } from "crypto";
 import { Cron as Cron2 } from "croner";
+
+// src/utils/runtime-mode.ts
+function isTestMode() {
+  return process.env["AGENTBNB_TEST_MODE"] === "1" || process.env["NODE_ENV"] === "test" || process.env["VITEST"] === "true";
+}
+function isOfflineMode() {
+  return process.env["AGENTBNB_OFFLINE"] === "1";
+}
+function shouldSkipNetwork() {
+  return isTestMode() || isOfflineMode();
+}
+
+// src/utils/network-probe.ts
+var PROBE_TIMEOUT_MS = 2e3;
+async function probeRegistry(registryUrl, timeoutMs = PROBE_TIMEOUT_MS) {
+  if (shouldSkipNetwork()) return false;
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const url = `${registryUrl.replace(/\/$/, "")}/health`;
+    const res = await fetch(url, { method: "GET", signal: controller.signal });
+    return res.ok;
+  } catch {
+    return false;
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+// src/utils/with-timeout.ts
+var TimeoutError = class extends Error {
+  constructor(timeoutMs) {
+    super(`Operation timed out after ${timeoutMs}ms`);
+    this.name = "TimeoutError";
+  }
+};
+async function withTimeout(promise, timeoutMs) {
+  let timer;
+  const timeoutPromise = new Promise((_, reject) => {
+    timer = setTimeout(() => reject(new TimeoutError(timeoutMs)), timeoutMs);
+  });
+  try {
+    return await Promise.race([promise, timeoutPromise]);
+  } finally {
+    if (timer) clearTimeout(timer);
+  }
+}
+
+// src/runtime/service-coordinator.ts
+var STARTUP_SYNC_BUDGET_MS = 3e3;
 function buildFallbackRelayCard(owner) {
   return {
     id: randomUUID9(),
@@ -6970,11 +7252,28 @@ var ServiceCoordinator = class {
     this.runtime.registerJob(idleJob);
     console.log("IdleMonitor started (60s poll interval, 70% idle threshold)");
     if (this.config.registry) {
-      const startupSync = await syncCreditsFromRegistry(this.config, this.runtime.creditDb);
-      if (startupSync.synced) {
-        console.log(`[agentbnb] credits synced: ${startupSync.remoteBalance} (was ${startupSync.localWas})`);
+      if (shouldSkipNetwork()) {
+        console.warn("[agentbnb] credit sync skipped: test/offline mode");
       } else {
-        console.warn(`[agentbnb] credit sync skipped: ${startupSync.error}`);
+        const reachable = await probeRegistry(this.config.registry);
+        if (!reachable) {
+          console.warn("[agentbnb] credit sync skipped: registry unreachable (will retry every 5m)");
+        } else {
+          try {
+            const startupSync = await withTimeout(
+              syncCreditsFromRegistry(this.config, this.runtime.creditDb),
+              STARTUP_SYNC_BUDGET_MS
+            );
+            if (startupSync.synced) {
+              console.log(`[agentbnb] credits synced: ${startupSync.remoteBalance} (was ${startupSync.localWas})`);
+            } else {
+              console.warn(`[agentbnb] credit sync skipped: ${startupSync.error}`);
+            }
+          } catch (err) {
+            const reason = err instanceof TimeoutError ? `timeout after ${STARTUP_SYNC_BUDGET_MS}ms` : err.message;
+            console.warn(`[agentbnb] credit sync skipped: ${reason} (will retry every 5m)`);
+          }
+        }
       }
       this.creditSyncJob = new Cron2("*/5 * * * *", async () => {
         const result = await syncCreditsFromRegistry(this.config, this.runtime.creditDb);
@@ -7015,7 +7314,7 @@ var ServiceCoordinator = class {
     }
     if (opts.registryUrl && opts.relay) {
       const { RelayClient: RelayClient2 } = await import("../../websocket-client-RT4KLJL4.js");
-      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../../execute-3RADNI74.js");
+      const { executeCapabilityRequest: executeCapabilityRequest2 } = await import("../../execute-YMPHTJPN.js");
       const localCards = listCards(this.runtime.registryDb, this.config.owner);
       const { primaryCard, additionalCards } = buildRelayRegistrationCards(this.config.owner, localCards);
       if (this.config.conductor?.public) {
@@ -7761,6 +8060,56 @@ async function handleDiscover(args, ctx) {
 
 // src/mcp/tools/request.ts
 import { z as z9 } from "zod";
+
+// src/autonomy/consumer-autonomy.ts
+var DEFAULT_CONSUMER_AUTONOMY = {
+  session_budget: 50,
+  single_request_max: 20,
+  multi_skill_policy: "notify"
+};
+function createSessionState() {
+  return { totalSpent: 0, paidCallCount: 0 };
+}
+function checkConsumerBudget(config, session, estimatedCost) {
+  if (estimatedCost <= 0) {
+    return { allowed: true };
+  }
+  if (estimatedCost > config.single_request_max) {
+    return {
+      allowed: false,
+      error: `Request cost (${estimatedCost} credits) exceeds single_request_max (${config.single_request_max}). Adjust consumer_autonomy.single_request_max in config to allow higher-cost requests.`
+    };
+  }
+  if (session.totalSpent + estimatedCost > config.session_budget) {
+    return {
+      allowed: false,
+      error: `Session budget exceeded: spent ${session.totalSpent} + requested ${estimatedCost} = ${session.totalSpent + estimatedCost} credits, but session_budget is ${config.session_budget}. This session has already made ${session.paidCallCount} paid call(s).`
+    };
+  }
+  if (session.paidCallCount > 0) {
+    if (config.multi_skill_policy === "block") {
+      return {
+        allowed: false,
+        error: `Multi-skill block: this would be paid call #${session.paidCallCount + 1} in this session (total spent: ${session.totalSpent}, this request: ${estimatedCost} credits). consumer_autonomy.multi_skill_policy is "block". Only one paid skill call is allowed per session unless policy is changed.`
+      };
+    }
+    if (config.multi_skill_policy === "notify") {
+      return {
+        allowed: true,
+        warning: `This is paid call #${session.paidCallCount + 1} in this session. Cumulative spend: ${session.totalSpent} + ${estimatedCost} = ${session.totalSpent + estimatedCost} credits (session budget: ${config.session_budget}).`
+      };
+    }
+  }
+  return { allowed: true };
+}
+function recordConsumerSpend(session, creditsSpent) {
+  if (creditsSpent > 0) {
+    session.totalSpent += creditsSpent;
+    session.paidCallCount += 1;
+  }
+}
+
+// src/mcp/tools/request.ts
 var requestInputSchema = {
   query: z9.string().optional().describe("Search query to find a matching capability (auto-request mode)"),
   card_id: z9.string().optional().describe("Direct card ID to request (skips search)"),
@@ -7798,7 +8147,17 @@ function deriveTimeoutHintFromCard(remoteCard, skillId) {
 async function handleRequest(args, ctx) {
   try {
     const maxCost = args.max_cost ?? 50;
+    const consumerConfig = ctx.config.consumer_autonomy ?? DEFAULT_CONSUMER_AUTONOMY;
+    if (!ctx.consumerSession) {
+      ctx.consumerSession = createSessionState();
+    }
     if (args.query) {
+      const budgetCheck = checkConsumerBudget(consumerConfig, ctx.consumerSession, maxCost);
+      if (!budgetCheck.allowed) {
+        return {
+          content: [{ type: "text", text: JSON.stringify({ success: false, error: budgetCheck.error, budget_exceeded: true }) }]
+        };
+      }
       const registryDb = openDatabase(ctx.config.db_path);
       const creditDb = openCreditDb(ctx.config.credit_db_path);
       registryDb.pragma("busy_timeout = 5000");
@@ -7822,8 +8181,12 @@ async function handleRequest(args, ctx) {
           maxCostCredits: maxCost,
           params: args.params
         });
+        const creditsUsed = typeof result?.creditsSpent === "number" ? result.creditsSpent : 0;
+        recordConsumerSpend(ctx.consumerSession, creditsUsed);
+        const response = { success: true, ...result };
+        if (budgetCheck.warning) response.spend_warning = budgetCheck.warning;
         return {
-          content: [{ type: "text", text: JSON.stringify({ success: true, ...result }, null, 2) }]
+          content: [{ type: "text", text: JSON.stringify(response, null, 2) }]
         };
       } finally {
         registryDb.close();
@@ -7890,17 +8253,23 @@ async function handleRequest(args, ctx) {
       const targetAgentId = typeof remoteCard["agent_id"] === "string" ? remoteCard["agent_id"] : void 0;
       const gatewayUrl = remoteCard["gateway_url"];
       const timeoutHint = deriveTimeoutHintFromCard(remoteCard, args.skill_id);
+      let remoteCost = 0;
+      const remoteSkills = remoteCard["skills"];
+      if (Array.isArray(remoteSkills)) {
+        const matchedSkill = args.skill_id ? remoteSkills.find((s) => s.id === args.skill_id) : remoteSkills[0];
+        remoteCost = matchedSkill?.pricing?.credits_per_call ?? 0;
+      } else {
+        const remotePricing = remoteCard["pricing"];
+        remoteCost = remotePricing?.credits_per_call ?? 0;
+      }
       if (gatewayUrl) {
-        let remoteCost = 0;
-        const remoteSkills = remoteCard["skills"];
-        if (Array.isArray(remoteSkills)) {
-          const matchedSkill = args.skill_id ? remoteSkills.find((s) => s.id === args.skill_id) : remoteSkills[0];
-          remoteCost = matchedSkill?.pricing?.credits_per_call ?? 0;
-        } else {
-          const remotePricing = remoteCard["pricing"];
-          remoteCost = remotePricing?.credits_per_call ?? 0;
-        }
         if (remoteCost > 0) {
+          const budgetCheck = checkConsumerBudget(consumerConfig, ctx.consumerSession, remoteCost);
+          if (!budgetCheck.allowed) {
+            return {
+              content: [{ type: "text", text: JSON.stringify({ success: false, error: budgetCheck.error, budget_exceeded: true }) }]
+            };
+          }
           if (!targetOwner) {
             return {
               content: [{ type: "text", text: JSON.stringify({ success: false, error: "Paid remote request requires a target owner for relay routing" }) }]
@@ -7917,8 +8286,11 @@ async function handleRequest(args, ctx) {
             params: { ...args.params ?? {}, ...args.skill_id ? { skill_id: args.skill_id } : {}, requester: ctx.config.owner },
             timeoutMs: args.timeout_ms
           });
+          recordConsumerSpend(ctx.consumerSession, remoteCost);
+          const response = { success: true, result, creditsSpent: remoteCost };
+          if (budgetCheck.warning) response.spend_warning = budgetCheck.warning;
           return {
-            content: [{ type: "text", text: JSON.stringify({ success: true, result }, null, 2) }]
+            content: [{ type: "text", text: JSON.stringify(response, null, 2) }]
           };
         } else {
           const result = await requestCapability({
@@ -7936,6 +8308,14 @@ async function handleRequest(args, ctx) {
         }
       }
       if (targetOwner) {
+        if (remoteCost > 0) {
+          const budgetCheck = checkConsumerBudget(consumerConfig, ctx.consumerSession, remoteCost);
+          if (!budgetCheck.allowed) {
+            return {
+              content: [{ type: "text", text: JSON.stringify({ success: false, error: budgetCheck.error, budget_exceeded: true }) }]
+            };
+          }
+        }
         const result = await requestViaTemporaryRelay({
           registryUrl: ctx.config.registry,
           owner: ctx.config.owner,
@@ -7947,8 +8327,13 @@ async function handleRequest(args, ctx) {
           params: { ...args.params ?? {}, ...args.skill_id ? { skill_id: args.skill_id } : {} },
           timeoutMs: args.timeout_ms
         });
+        if (remoteCost > 0) {
+          recordConsumerSpend(ctx.consumerSession, remoteCost);
+        }
+        const response = { success: true, result };
+        if (remoteCost > 0) response.creditsSpent = remoteCost;
         return {
-          content: [{ type: "text", text: JSON.stringify({ success: true, result }, null, 2) }]
+          content: [{ type: "text", text: JSON.stringify(response, null, 2) }]
         };
       }
       return {
@@ -8059,7 +8444,7 @@ async function conductAction(task, opts) {
     );
   };
   let relay;
-  if (config.registry) {
+  if (config.registry && !shouldSkipNetwork()) {
     relay = new RelayClient({
       registryUrl: config.registry,
       owner: config.owner,
@@ -8069,8 +8454,10 @@ async function conductAction(task, opts) {
       silent: true
     });
     try {
-      await relay.connect();
-    } catch {
+      await withTimeout(relay.connect(), 1e4);
+    } catch (err) {
+      if (err instanceof TimeoutError) {
+      }
       relay = void 0;
     }
   }

package/dist/{store-C4DLIXYM.js → store-GJJFFEQZ.js}

@@ -12,11 +12,11 @@ import {
   updateReputation,
   updateSkillAvailability,
   updateSkillIdleRate
-} from "./chunk-7VZ4M4CT.js";
-import "./chunk-J4RFJVXI.js";
-import "./chunk-UVCNMRPS.js";
+} from "./chunk-QE42IJC4.js";
 import "./chunk-4XTYT4JW.js";
 import "./chunk-GZUTU6IZ.js";
+import "./chunk-J4RFJVXI.js";
+import "./chunk-UVCNMRPS.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   attachCanonicalAgentId,