clawnexus 0.3.0 → 0.3.1

package/dist/agent/gateway.js

@@ -0,0 +1,298 @@
+"use strict";
+// Shared OpenClaw Gateway WebSocket connection helper
+// Handles Protocol v3 handshake: device identity, Ed25519 signing, connect frame format.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadOrCreateDeviceIdentity = loadOrCreateDeviceIdentity;
+exports.connectGateway = connectGateway;
+const crypto = __importStar(require("node:crypto"));
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const os = __importStar(require("node:os"));
+const ws_1 = require("ws");
+const node_crypto_1 = require("node:crypto");
+const CLAWNEXUS_DIR = path.join(os.homedir(), ".clawnexus");
+const IDENTITY_PATH = path.join(CLAWNEXUS_DIR, "oc-device-identity.json");
+const AUTH_TOKEN_DIR = path.join(CLAWNEXUS_DIR, "device-auth-tokens");
+const PROTOCOL_VERSION = 3;
+const ED25519_SPKI_PREFIX = Buffer.from("302a300506032b6570032100", "hex");
+function base64UrlEncode(buf) {
+    return buf.toString("base64").replaceAll("+", "-").replaceAll("/", "_").replace(/=+$/g, "");
+}
+function derivePublicKeyRaw(publicKeyPem) {
+    const spki = crypto.createPublicKey(publicKeyPem).export({ type: "spki", format: "der" });
+    if (spki.length === ED25519_SPKI_PREFIX.length + 32 &&
+        spki.subarray(0, ED25519_SPKI_PREFIX.length).equals(ED25519_SPKI_PREFIX)) {
+        return spki.subarray(ED25519_SPKI_PREFIX.length);
+    }
+    return spki;
+}
+function fingerprintPublicKey(publicKeyPem) {
+    const raw = derivePublicKeyRaw(publicKeyPem);
+    return crypto.createHash("sha256").update(raw).digest("hex");
+}
+function generateIdentity() {
+    const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519");
+    const publicKeyPem = publicKey.export({ type: "spki", format: "pem" }).toString();
+    const privateKeyPem = privateKey.export({ type: "pkcs8", format: "pem" }).toString();
+    return {
+        deviceId: fingerprintPublicKey(publicKeyPem),
+        publicKeyPem,
+        privateKeyPem,
+    };
+}
+function loadOrCreateDeviceIdentity() {
+    try {
+        if (fs.existsSync(IDENTITY_PATH)) {
+            const raw = fs.readFileSync(IDENTITY_PATH, "utf8");
+            const parsed = JSON.parse(raw);
+            if (parsed?.version === 1 && parsed.deviceId && parsed.publicKeyPem && parsed.privateKeyPem) {
+                return {
+                    deviceId: parsed.deviceId,
+                    publicKeyPem: parsed.publicKeyPem,
+                    privateKeyPem: parsed.privateKeyPem,
+                };
+            }
+        }
+    }
+    catch {
+        // Generate fresh identity
+    }
+    const identity = generateIdentity();
+    fs.mkdirSync(CLAWNEXUS_DIR, { recursive: true });
+    const stored = { version: 1, ...identity, createdAtMs: Date.now() };
+    fs.writeFileSync(IDENTITY_PATH, JSON.stringify(stored, null, 2) + "\n", { mode: 0o600 });
+    return identity;
+}
+// --- Device Auth Token Storage ---
+function authTokenPath(deviceId, role) {
+    return path.join(AUTH_TOKEN_DIR, `${deviceId}-${role}.json`);
+}
+function loadDeviceAuthToken(deviceId, role) {
+    try {
+        const p = authTokenPath(deviceId, role);
+        if (fs.existsSync(p)) {
+            const data = JSON.parse(fs.readFileSync(p, "utf8"));
+            return data?.token ?? null;
+        }
+    }
+    catch {
+        // Ignore
+    }
+    return null;
+}
+function storeDeviceAuthToken(deviceId, role, token) {
+    try {
+        fs.mkdirSync(AUTH_TOKEN_DIR, { recursive: true });
+        const p = authTokenPath(deviceId, role);
+        fs.writeFileSync(p, JSON.stringify({ token, role, storedAtMs: Date.now() }, null, 2), { mode: 0o600 });
+    }
+    catch {
+        // Non-fatal
+    }
+}
+// --- Protocol Helpers ---
+function signDevicePayload(privateKeyPem, payload) {
+    const key = crypto.createPrivateKey(privateKeyPem);
+    return base64UrlEncode(crypto.sign(null, Buffer.from(payload, "utf8"), key));
+}
+function publicKeyRawBase64Url(publicKeyPem) {
+    return base64UrlEncode(derivePublicKeyRaw(publicKeyPem));
+}
+function buildDeviceAuthPayloadV3(params) {
+    const platform = (params.platform || "").toLowerCase();
+    const deviceFamily = (params.deviceFamily || "").toLowerCase();
+    return [
+        "v3",
+        params.deviceId,
+        params.clientId,
+        params.clientMode,
+        params.role,
+        params.scopes.join(","),
+        String(params.signedAtMs),
+        params.token ?? "",
+        params.nonce,
+        platform,
+        deviceFamily,
+    ].join("|");
+}
+/**
+ * Connect to the OpenClaw Gateway using Protocol v3 handshake.
+ * Handles device identity, Ed25519 signing, and device token storage.
+ */
+function connectGateway(opts = {}) {
+    const gatewayUrl = opts.gatewayUrl ?? "ws://127.0.0.1:18789";
+    const connectTimeoutMs = opts.connectTimeoutMs ?? 10_000;
+    const requestTimeoutMs = opts.requestTimeoutMs ?? 30_000;
+    const role = opts.role ?? "operator";
+    const scopes = opts.scopes ?? ["operator.read", "operator.write"];
+    const identity = loadOrCreateDeviceIdentity();
+    return new Promise((resolve, reject) => {
+        const ws = new ws_1.WebSocket(gatewayUrl);
+        const pendingRequests = new Map();
+        const connectTimeout = setTimeout(() => {
+            ws.close();
+            reject(new Error("Gateway connection timeout"));
+        }, connectTimeoutMs);
+        ws.on("error", (err) => {
+            clearTimeout(connectTimeout);
+            reject(new Error(`Gateway connection error: ${err.message}`));
+        });
+        ws.on("close", () => {
+            clearTimeout(connectTimeout);
+            // Reject all pending requests
+            for (const [, pending] of pendingRequests) {
+                pending.reject(new Error("Gateway connection closed"));
+            }
+            pendingRequests.clear();
+        });
+        ws.on("message", (data) => {
+            let msg;
+            try {
+                msg = JSON.parse(data.toString());
+            }
+            catch {
+                return;
+            }
+            const type = msg.type;
+            // Handshake: connect.challenge → connect → hello-ok
+            if (type === "event" && msg.event === "connect.challenge") {
+                const payload = msg.payload;
+                const nonce = payload?.nonce ?? (0, node_crypto_1.randomUUID)();
+                const signedAtMs = Date.now();
+                const clientId = "gateway-client";
+                const clientMode = "backend";
+                // Load stored device auth token
+                const storedToken = loadDeviceAuthToken(identity.deviceId, role);
+                const envToken = process.env.OPENCLAW_GATEWAY_TOKEN?.trim() || undefined;
+                const authToken = envToken ?? storedToken ?? undefined;
+                // Build device signature
+                const authPayload = buildDeviceAuthPayloadV3({
+                    deviceId: identity.deviceId,
+                    clientId,
+                    clientMode,
+                    role,
+                    scopes,
+                    signedAtMs,
+                    token: authToken ?? null,
+                    nonce,
+                    platform: process.platform,
+                });
+                const signature = signDevicePayload(identity.privateKeyPem, authPayload);
+                const connectId = (0, node_crypto_1.randomUUID)();
+                const frame = {
+                    type: "req",
+                    id: connectId,
+                    method: "connect",
+                    params: {
+                        minProtocol: PROTOCOL_VERSION,
+                        maxProtocol: PROTOCOL_VERSION,
+                        client: {
+                            id: clientId,
+                            version: "0.3.0",
+                            platform: process.platform,
+                            mode: clientMode,
+                        },
+                        role,
+                        scopes,
+                        auth: authToken ? { token: authToken, deviceToken: storedToken ?? undefined } : undefined,
+                        device: {
+                            id: identity.deviceId,
+                            publicKey: publicKeyRawBase64Url(identity.publicKeyPem),
+                            signature,
+                            signedAt: signedAtMs,
+                            nonce,
+                        },
+                    },
+                };
+                // Track this as a pending request
+                pendingRequests.set(connectId, {
+                    resolve: (payload) => {
+                        clearTimeout(connectTimeout);
+                        // Store device token if returned
+                        const helloOk = payload;
+                        const authInfo = helloOk?.auth;
+                        if (authInfo?.deviceToken && typeof authInfo.deviceToken === "string") {
+                            storeDeviceAuthToken(identity.deviceId, authInfo.role ?? role, authInfo.deviceToken);
+                        }
+                        const conn = {
+                            ws,
+                            deviceId: identity.deviceId,
+                            request(method, params) {
+                                return new Promise((res, rej) => {
+                                    const id = (0, node_crypto_1.randomUUID)();
+                                    const timer = setTimeout(() => {
+                                        pendingRequests.delete(id);
+                                        rej(new Error(`Gateway request timeout: ${method} (${requestTimeoutMs}ms)`));
+                                    }, requestTimeoutMs);
+                                    pendingRequests.set(id, {
+                                        resolve: (v) => { clearTimeout(timer); res(v); },
+                                        reject: (e) => { clearTimeout(timer); rej(e); },
+                                    });
+                                    ws.send(JSON.stringify({ type: "req", id, method, params: params ?? {} }));
+                                });
+                            },
+                            close() {
+                                ws.close();
+                            },
+                        };
+                        resolve(conn);
+                    },
+                    reject: (err) => {
+                        clearTimeout(connectTimeout);
+                        reject(err);
+                    },
+                });
+                ws.send(JSON.stringify(frame));
+                return;
+            }
+            // Response frame
+            if (type === "res") {
+                const id = msg.id;
+                const pending = pendingRequests.get(id);
+                if (pending) {
+                    pendingRequests.delete(id);
+                    if (msg.ok === true) {
+                        pending.resolve(msg.payload);
+                    }
+                    else {
+                        const error = msg.error;
+                        pending.reject(new Error(error?.message ?? `Gateway request failed: ${error?.code ?? "unknown"}`));
+                    }
+                }
+            }
+        });
+    });
+}

package/dist/agent/protocol.js

@@ -155,5 +155,7 @@ function validatePayload(type, payload) {
 function isExpired(envelope) {
     const ttl = envelope.ttl ?? DEFAULT_TTL;
     const created = new Date(envelope.timestamp).getTime();
+    if (Number.isNaN(created))
+        return true;
     return Date.now() - created > ttl * 1000;
 }

package/dist/agent/router.d.ts

@@ -3,22 +3,27 @@ import type { RelayConnector } from "../relay/connector.js";
 import type { PolicyEngine } from "./engine.js";
 import type { TaskManager } from "./tasks.js";
 import type { LayerBEnvelope, ProposePayload, TaskRecord } from "./types.js";
+import type { SkillsRegistry } from "./services.js";
 export interface AgentRouterOptions {
     connector: RelayConnector;
     engine: PolicyEngine;
     tasks: TaskManager;
     localClawId: string;
+    skillsRegistry?: SkillsRegistry;
 }
 export declare class AgentRouter extends EventEmitter {
-    private readonly connector;
+    private connector;
     private readonly engine;
     private readonly tasks;
     private readonly localClawId;
+    private readonly skillsRegistry;
     private dataHandler;
     private inbox;
     constructor(opts: AgentRouterOptions);
     start(): void;
     stop(): void;
+    /** Replace the relay connector (e.g. after token refresh reconnection) */
+    setConnector(c: RelayConnector): void;
     sendMessage(roomId: string, envelope: LayerBEnvelope): boolean;
     /** Initiate a propose to a peer (outbound task) */
     propose(roomId: string, targetClawId: string, task: ProposePayload["task"]): TaskRecord;
@@ -28,6 +33,10 @@ export declare class AgentRouter extends EventEmitter {
     approveInbox(messageId: string): TaskRecord | null;
     /** Deny a queued inbound proposal */
     denyInbox(messageId: string, reason?: string): void;
+    /** Send a task report to a peer */
+    sendReport(roomId: string, targetClawId: string, taskId: string, status: "completed" | "failed", result?: unknown, error?: string): void;
+    /** Send a heartbeat for an executing task */
+    sendHeartbeat(roomId: string, targetClawId: string, taskId: string, progressPct?: number): void;
     /** Get pending inbox items */
     getInbox(): Array<{
         message_id: string;

package/dist/agent/router.js

@@ -10,6 +10,7 @@ class AgentRouter extends node_events_1.EventEmitter {
     engine;
     tasks;
     localClawId;
+    skillsRegistry;
     dataHandler = null;
     // Map queued message_id → { envelope, roomId } for manual approve/deny
     inbox = new Map();
@@ -19,6 +20,7 @@ class AgentRouter extends node_events_1.EventEmitter {
         this.engine = opts.engine;
         this.tasks = opts.tasks;
         this.localClawId = opts.localClawId;
+        this.skillsRegistry = opts.skillsRegistry ?? null;
     }
     start() {
         this.dataHandler = (roomId, plaintext) => {
@@ -32,6 +34,18 @@ class AgentRouter extends node_events_1.EventEmitter {
             this.dataHandler = null;
         }
     }
+    /** Replace the relay connector (e.g. after token refresh reconnection) */
+    setConnector(c) {
+        // Unbind from old connector
+        if (this.dataHandler) {
+            this.connector.off("data", this.dataHandler);
+        }
+        this.connector = c;
+        // Re-bind to new connector
+        if (this.dataHandler) {
+            this.connector.on("data", this.dataHandler);
+        }
+    }
     sendMessage(roomId, envelope) {
         return this.connector.sendData(roomId, JSON.stringify(envelope));
     }
@@ -83,6 +97,18 @@ class AgentRouter extends node_events_1.EventEmitter {
         const reply = (0, protocol_js_1.createEnvelope)(this.localClawId, entry.envelope.from, "reject", { task_id: entry.envelope.message_id, reason: "user_denied", message: reason }, { in_reply_to: entry.envelope.message_id });
         this.sendMessage(entry.roomId, reply);
     }
+    /** Send a task report to a peer */
+    sendReport(roomId, targetClawId, taskId, status, result, error) {
+        const payload = { task_id: taskId, status, result, error };
+        const envelope = (0, protocol_js_1.createEnvelope)(this.localClawId, targetClawId, "report", payload, { in_reply_to: taskId });
+        this.sendMessage(roomId, envelope);
+    }
+    /** Send a heartbeat for an executing task */
+    sendHeartbeat(roomId, targetClawId, taskId, progressPct) {
+        const payload = { task_id: taskId, progress_pct: progressPct };
+        const envelope = (0, protocol_js_1.createEnvelope)(this.localClawId, targetClawId, "heartbeat", payload, { in_reply_to: taskId });
+        this.sendMessage(roomId, envelope);
+    }
     /** Get pending inbox items */
     getInbox() {
         return Array.from(this.inbox.entries()).map(([id, entry]) => ({
@@ -132,6 +158,7 @@ class AgentRouter extends node_events_1.EventEmitter {
     }
     handleProposal(envelope, roomId) {
         const decision = this.engine.evaluate(envelope);
+        console.log(`[clawnexus] [Router] Proposal from ${envelope.from}: ${decision.result}`);
         this.emit("decision", envelope, decision, roomId);
         switch (decision.result) {
             case "accept":
@@ -171,8 +198,10 @@ class AgentRouter extends node_events_1.EventEmitter {
         return record;
     }
     handleQuery(envelope, roomId) {
-        // Respond with capability info (placeholder — actual capabilities from services.ts in future)
-        const reply = (0, protocol_js_1.createEnvelope)(this.localClawId, envelope.from, "capability", { capabilities: [] }, { in_reply_to: envelope.message_id });
+        const capabilities = this.skillsRegistry
+            ? this.skillsRegistry.getCapabilities()
+            : [];
+        const reply = (0, protocol_js_1.createEnvelope)(this.localClawId, envelope.from, "capability", { capabilities }, { in_reply_to: envelope.message_id });
         this.sendMessage(roomId, reply);
     }
 }

package/dist/agent/services.d.ts

@@ -0,0 +1,36 @@
+import { EventEmitter } from "node:events";
+import type { AgentSkill } from "../a2a/card.js";
+import type { ServiceCapability } from "./types.js";
+declare const DEFAULT_SKILL: AgentSkill;
+export interface SkillsRegistryOptions {
+    gatewayUrl?: string;
+    refreshIntervalMs?: number;
+}
+export declare class SkillsRegistry extends EventEmitter {
+    private readonly gatewayUrl;
+    private readonly refreshIntervalMs;
+    private skills;
+    private lastRefreshed;
+    private refreshTimer;
+    private closed;
+    constructor(opts?: SkillsRegistryOptions);
+    /** Start the registry — initial refresh + periodic timer */
+    start(): void;
+    /** Stop the registry */
+    stop(): void;
+    /** Get current skills (returns DEFAULT_SKILL if none fetched) */
+    getSkills(): AgentSkill[];
+    /** Get skills as ServiceCapability[] for Layer B capability responses */
+    getCapabilities(): ServiceCapability[];
+    /** Get registry status */
+    getStatus(): {
+        skill_count: number;
+        last_refreshed: string | null;
+        source: "gateway" | "default";
+    };
+    /** Refresh skills from the Gateway. Returns true if successful. */
+    refresh(): Promise<boolean>;
+    /** Connect to Gateway, call tools.catalog, disconnect */
+    private fetchToolsCatalog;
+}
+export { DEFAULT_SKILL };

package/dist/agent/services.js

@@ -0,0 +1,153 @@
+"use strict";
+// Layer B — Skills Registry
+// Connects to local OpenClaw Gateway, fetches installed tools via tools.catalog,
+// and exposes them as AgentSkill[] for Agent Card and capability queries.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_SKILL = exports.SkillsRegistry = void 0;
+const node_events_1 = require("node:events");
+const gateway_js_1 = require("./gateway.js");
+const DEFAULT_REFRESH_INTERVAL_MS = 5 * 60 * 1000; // 5 minutes
+const DEFAULT_SKILL = {
+    id: "general-assistant",
+    name: "General Assistant",
+    description: "General-purpose AI assistant",
+    tags: ["general"],
+};
+exports.DEFAULT_SKILL = DEFAULT_SKILL;
+class SkillsRegistry extends node_events_1.EventEmitter {
+    gatewayUrl;
+    refreshIntervalMs;
+    skills = [];
+    lastRefreshed = null;
+    refreshTimer = null;
+    closed = false;
+    constructor(opts = {}) {
+        super();
+        this.gatewayUrl = opts.gatewayUrl ?? "ws://127.0.0.1:18789";
+        this.refreshIntervalMs = opts.refreshIntervalMs ?? DEFAULT_REFRESH_INTERVAL_MS;
+    }
+    /** Start the registry — initial refresh + periodic timer */
+    start() {
+        // Initial refresh (async, non-blocking)
+        this.refresh().catch((err) => {
+            console.log(`[clawnexus] [Skills] Initial refresh failed (non-fatal): ${err}`);
+        });
+        // Periodic refresh
+        this.refreshTimer = setInterval(() => {
+            this.refresh().catch((err) => {
+                console.log(`[clawnexus] [Skills] Periodic refresh failed (non-fatal): ${err}`);
+            });
+        }, this.refreshIntervalMs);
+    }
+    /** Stop the registry */
+    stop() {
+        this.closed = true;
+        if (this.refreshTimer) {
+            clearInterval(this.refreshTimer);
+            this.refreshTimer = null;
+        }
+    }
+    /** Get current skills (returns DEFAULT_SKILL if none fetched) */
+    getSkills() {
+        return this.skills.length > 0 ? this.skills : [DEFAULT_SKILL];
+    }
+    /** Get skills as ServiceCapability[] for Layer B capability responses */
+    getCapabilities() {
+        return this.getSkills().map((skill) => ({
+            service_type: skill.id,
+            description: skill.description,
+        }));
+    }
+    /** Get registry status */
+    getStatus() {
+        return {
+            skill_count: this.skills.length > 0 ? this.skills.length : 1,
+            last_refreshed: this.lastRefreshed,
+            source: this.skills.length > 0 ? "gateway" : "default",
+        };
+    }
+    /** Refresh skills from the Gateway. Returns true if successful. */
+    async refresh() {
+        if (this.closed)
+            return false;
+        try {
+            const tools = await this.fetchToolsCatalog();
+            this.skills = tools.map(toolToSkill);
+            this.lastRefreshed = new Date().toISOString();
+            this.emit("refreshed", this.skills);
+            console.log(`[clawnexus] [Skills] Refreshed: ${this.skills.length} skill(s) from Gateway`);
+            return true;
+        }
+        catch (err) {
+            this.emit("refresh_error", err);
+            // Keep existing skills (or default) — don't clear on failure
+            return false;
+        }
+    }
+    /** Connect to Gateway, call tools.catalog, disconnect */
+    async fetchToolsCatalog() {
+        const conn = await (0, gateway_js_1.connectGateway)({
+            gatewayUrl: this.gatewayUrl,
+            scopes: ["operator.read"],
+        });
+        try {
+            const result = await conn.request("tools.catalog", {});
+            // v3 catalog returns { groups: [{ tools: [...] }] }
+            const groups = result?.groups;
+            if (Array.isArray(groups)) {
+                const tools = [];
+                for (const group of groups) {
+                    const groupTools = group.tools;
+                    if (Array.isArray(groupTools)) {
+                        tools.push(...groupTools);
+                    }
+                }
+                return tools;
+            }
+            // Fallback: flat array
+            if (Array.isArray(result)) {
+                return result;
+            }
+            return [];
+        }
+        finally {
+            conn.close();
+        }
+    }
+}
+exports.SkillsRegistry = SkillsRegistry;
+/** Convert an OpenClaw tool entry to AgentSkill */
+function toolToSkill(tool) {
+    const id = tool.id ?? tool.name ?? "unknown";
+    const label = tool.label ?? tool.name ?? id;
+    return {
+        id,
+        name: formatSkillName(label),
+        description: tool.description ?? "",
+        tags: inferTags(id),
+    };
+}
+/** Convert snake_case/kebab-case tool name to human-readable */
+function formatSkillName(name) {
+    return name
+        .replace(/[_-]/g, " ")
+        .replace(/\b\w/g, (c) => c.toUpperCase());
+}
+/** Infer tags from tool name */
+function inferTags(name) {
+    const lower = name.toLowerCase();
+    const tags = [];
+    if (lower.includes("web") || lower.includes("search") || lower.includes("browse"))
+        tags.push("web");
+    if (lower.includes("file") || lower.includes("read") || lower.includes("write"))
+        tags.push("filesystem");
+    if (lower.includes("code") || lower.includes("exec") || lower.includes("run"))
+        tags.push("code");
+    if (lower.includes("image") || lower.includes("draw") || lower.includes("vision"))
+        tags.push("media");
+    if (lower.includes("api") || lower.includes("http") || lower.includes("fetch"))
+        tags.push("network");
+    if (tags.length === 0)
+        tags.push("general");
+    return tags;
+}

package/dist/agent/tasks.js

@@ -50,7 +50,7 @@ const TASK_TIMEOUT_S = 600; // 10 minutes default
 // Valid state transitions
 const TRANSITIONS = {
     pending: ["accepted", "rejected", "cancelled", "timeout"],
-    accepted: ["executing", "cancelled", "timeout"],
+    accepted: ["executing", "completed", "failed", "cancelled", "timeout"],
     executing: ["completed", "failed", "cancelled", "timeout"],
     completed: [],
     failed: [],
@@ -101,6 +101,8 @@ class TaskManager extends node_events_1.EventEmitter {
         this.tasks.set(record.task_id, record);
         this.scheduleDirtyFlush();
         this.emit("created", record);
+        // Also emit stateChange so listeners (e.g. TaskExecutor) can react to initial state
+        this.emit("stateChange", record, record.state);
     }
     updateState(taskId, newState, extra) {
         const task = this.tasks.get(taskId);
@@ -241,7 +243,7 @@ class TaskManager extends node_events_1.EventEmitter {
                 if (!ACTIVE_STATES.has(task.state))
                     continue;
                 const maxDuration = (task.task.constraints?.max_duration_s ?? TASK_TIMEOUT_S) * 1000;
-                const elapsed = now - new Date(task.updated_at).getTime();
+                const elapsed = now - new Date(task.created_at).getTime();
                 if (elapsed > maxDuration) {
                     this.updateState(task.task_id, "timeout");
                     this.emit("timeout", task);

package/dist/api/server.d.ts

@@ -8,17 +8,21 @@ import type { UnreachableInstance } from "../types.js";
 import { PolicyEngine } from "../agent/engine.js";
 import { TaskManager } from "../agent/tasks.js";
 import { AgentRouter } from "../agent/router.js";
+import { TaskExecutor } from "../agent/executor.js";
 import { BroadcastDiscovery } from "../discovery/broadcast.js";
 import type { IdentityKeys } from "../crypto/keys.js";
 import { RegistryClient } from "../registry/client.js";
 import { AutoRegister } from "../registry/auto-register.js";
 import { RemoteDiscovery } from "../registry/discovery.js";
 import { RelayConnector } from "../relay/connector.js";
-export declare function registerRelayRoutes(app: FastifyInstance, getConnector: () => RelayConnector | null): void;
+import { SkillsRegistry } from "../agent/services.js";
+export declare function registerRelayRoutes(app: FastifyInstance, getConnector: () => RelayConnector | null, getTokenRefresher?: () => (() => Promise<string>) | null): void;
 export interface AgentDeps {
     engine: PolicyEngine;
     tasks: TaskManager;
     getRouter: () => AgentRouter | null;
+    getExecutor: () => TaskExecutor | null;
+    skillsRegistry?: SkillsRegistry;
 }
 export declare function registerAgentRoutes(app: FastifyInstance, deps: AgentDeps): void;
 export interface RegistryDeps {
@@ -39,7 +43,7 @@ export interface DiagnosticsDeps {
     unreachable: UnreachableInstance[];
 }
 export declare function registerDiagnosticsRoutes(app: FastifyInstance, deps: DiagnosticsDeps): void;
-export declare function registerA2aRoutes(app: FastifyInstance, store: RegistryStore, daemonVersion: string): void;
+export declare function registerA2aRoutes(app: FastifyInstance, store: RegistryStore, daemonVersion: string, skillsRegistry?: SkillsRegistry): void;
 export interface DaemonOptions {
     port?: number;
     host?: string;
@@ -57,6 +61,7 @@ export interface DaemonHandle {
     engine: PolicyEngine;
     tasks: TaskManager;
     getRouter: () => AgentRouter | null;
+    skillsRegistry: SkillsRegistry;
     registryClient: RegistryClient | null;
     autoRegister: AutoRegister | null;
     remoteDiscovery: RemoteDiscovery | null;