edge-book 0.8.0 → 0.9.0

package/dist/edge-book.js

@@ -49,6 +49,9 @@ var FEED_FILE = "feed-items.json";
 var APPROVALS_FILE = "approvals.json";
 var ESCALATIONS_FILE = "escalations.json";
 var CONTACT_MUTES_FILE = "contact-mutes.json";
+var REPORTS_FILE = "reports.json";
+var INVITE_CODES_FILE = "invite-codes.json";
+var INBOUND_RATE_FILE = "inbound-rate.json";
 var ATTESTATIONS_FILE = "attestations.json";
 var ENDORSEMENTS_FILE = "endorsements.json";
 var SIGNALS_FILE = "signals.json";
@@ -175,6 +178,15 @@ function resolveFieldVisibility(profile, field) {
 function resolveSocialVisibility(profile, label) {
   return profile.visibility?.[label] ?? profile.visibility?.["*"] ?? "friends";
 }
+function projectProfileFields(profile, includeField) {
+  const out = {};
+  if (profile.name && includeField(resolveFieldVisibility(profile, "name"))) out.name = profile.name;
+  if (profile.bio && includeField(resolveFieldVisibility(profile, "bio"))) out.bio = profile.bio;
+  if (profile.location && includeField(resolveFieldVisibility(profile, "location"))) out.location = profile.location;
+  const socials = (profile.socials ?? []).filter((s) => includeField(resolveSocialVisibility(profile, s.label)));
+  if (socials.length) out.socials = socials;
+  return out;
+}
 function computeLifecycle(expiresAt, hard, current) {
   if (current === "expired" || current === "cancelled" || current === "tombstoned") {
     return current;
@@ -276,6 +288,10 @@ var EdgeBookStore = class {
     if (input.direct_url !== void 0) next.direct_url = input.direct_url;
     if (input.relay_url !== void 0) next.relay_url = input.relay_url;
     if (input.notify_on_friend_request !== void 0) next.notify_on_friend_request = input.notify_on_friend_request;
+    if (input.open_friend_requests !== void 0) next.open_friend_requests = input.open_friend_requests;
+    if (input.inbound_max_per_peer !== void 0) next.inbound_max_per_peer = input.inbound_max_per_peer;
+    if (input.inbound_max_global !== void 0) next.inbound_max_global = input.inbound_max_global;
+    if (input.inbound_window_ms !== void 0) next.inbound_window_ms = input.inbound_window_ms;
     await writeJson(this.file(CONFIG_FILE), next);
     return next;
   }
@@ -287,15 +303,9 @@ var EdgeBookStore = class {
     if (config.relay_url) transports.push({ mode: "relay", endpoint: config.relay_url });
     const caps = Object.values(await this.capabilities()).map((c) => ({ name: c.name, version: c.version, summary: c.summary, status: c.status }));
     const prof = defaultProfile(identity);
-    const pubInclude = (field) => resolveFieldVisibility(prof, field) === "public";
-    const pubSocials = (prof.socials ?? []).filter((s) => resolveSocialVisibility(prof, s.label) === "public");
-    const publicProfile = {
-      ...prof.name && pubInclude("name") ? { name: prof.name } : {},
-      ...prof.bio && pubInclude("bio") ? { bio: prof.bio } : {},
-      ...prof.location && pubInclude("location") ? { location: prof.location } : {},
-      ...pubSocials.length ? { socials: pubSocials } : {}
-    };
-    const publicName = prof.name && pubInclude("name") ? prof.name : void 0;
+    const publicFields = projectProfileFields(prof, (v) => v === "public");
+    const publicProfile = { ...publicFields };
+    const publicName = publicFields.name;
     const unsigned = {
       schema: "openclaw-agent-card/0.1",
       agent_id: identity.agent_id,
@@ -326,18 +336,12 @@ var EdgeBookStore = class {
   async buildFriendProfile() {
     const identity = await this.identity();
     const profile = defaultProfile(identity);
-    const include = (field) => resolveFieldVisibility(profile, field) !== "off";
-    const socials = (profile.socials ?? []).filter(
-      (s) => resolveSocialVisibility(profile, s.label) !== "off"
-    );
+    const friendFields = projectProfileFields(profile, (v) => v !== "off");
     const unsigned = {
       schema: "openclaw-friend-profile/0.1",
       agent_id: identity.agent_id,
       profile_version: profile.profile_version ?? 1,
-      ...profile.name && include("name") ? { name: profile.name } : {},
-      ...profile.bio && include("bio") ? { bio: profile.bio } : {},
-      ...profile.location && include("location") ? { location: profile.location } : {},
-      ...socials.length ? { socials } : {},
+      ...friendFields,
       issued_at: now()
     };
     return { ...unsigned, signature: signPayload(unsigned, identity.private_key_pem) };
@@ -462,7 +466,7 @@ var EdgeBookStore = class {
     await this.audit(`relationship.${type}`, peerAgentId, { previous, next: nextState, reason });
     return event;
   }
-  async createFriendRequest(targetCard, note = "") {
+  async createFriendRequest(targetCard, note = "", inviteCode = "") {
     const identity = await this.identity();
     validateCard(targetCard);
     const existing = (await this.contacts())[targetCard.agent_id];
@@ -470,6 +474,7 @@ var EdgeBookStore = class {
     await this.upsertContactFromCard(targetCard, "request_sent");
     await this.setRelationship(targetCard.agent_id, "request_sent", "FriendRequest", note);
     const card = await this.writeCard();
+    const body = { card, note, ...inviteCode ? { invite_code: inviteCode } : {} };
     return this.signEnvelope({
       type: "friend_request",
       to_agent_id: targetCard.agent_id,
@@ -477,15 +482,56 @@ var EdgeBookStore = class {
       capability_id: "",
       ref: "",
       transport: "local",
-      body: { card, note }
+      body
     });
   }
+  // NOTE — concurrency + sybil-defense assumptions (v1):
+  // The GLOBAL cap (inbound_max_global) is the real sybil defense: it limits total
+  // inbound load regardless of how many distinct identities an attacker mints.
+  // The per-peer cap only slows a single persistent identity; it provides weaker
+  // protection because `from_agent_id` is attacker-mintable (any key can be generated).
+  //
+  // The rate file is read-modify-write.  This is safe under the assumption that the
+  // receive loop is effectively serial for a single-owner edge agent (one active
+  // session at a time).  Concurrent receives — e.g. two simultaneous HTTP deliveries
+  // on a multi-machine deployment — could undercount hits, allowing bursts past the
+  // cap.  A shared atomic lock or external counter store is the follow-up (ea-claude-090).
+  async enforceInboundRate(peerAgentId) {
+    const config = await this.config();
+    const windowMs = config.inbound_window_ms ?? 36e5;
+    const maxPeer = config.inbound_max_per_peer ?? 5;
+    const maxGlobal = config.inbound_max_global ?? 60;
+    const cutoff = Date.now() - windowMs;
+    const all = await readJson(this.file(INBOUND_RATE_FILE), {});
+    for (const k of Object.keys(all)) {
+      all[k] = all[k].filter((t) => t > cutoff);
+      if (!all[k].length) delete all[k];
+    }
+    const peerCount = (all[peerAgentId] ?? []).length;
+    const globalCount = Object.values(all).reduce((n, arr) => n + arr.length, 0);
+    if (peerCount >= maxPeer || globalCount >= maxGlobal) {
+      await this.audit("inbound.rate_limited", peerAgentId, { peerCount, globalCount });
+      throw new EdgeBookError("rate_limited", "Inbound request rate limit exceeded");
+    }
+    all[peerAgentId] = [...all[peerAgentId] ?? [], Date.now()];
+    await writeJson(this.file(INBOUND_RATE_FILE), all);
+  }
   async receiveFriendRequest(envelope) {
     await this.verifyEnvelope(envelope);
     if (envelope.type !== "friend_request") throw new EdgeBookError("wrong_message_type", "Expected friend_request envelope");
+    await this.enforceInboundRate(envelope.from_agent_id);
     const body = envelope.body;
     validateCard(body.card);
     if (body.card.agent_id !== envelope.from_agent_id) throw new EdgeBookError("agent_id_mismatch", "Friend request card does not match sender");
+    if ((await this.config()).open_friend_requests === false) {
+      const ALLOWED_INVITE_BYPASS = ["request_sent", "friend"];
+      const known = (await this.contacts())[envelope.from_agent_id]?.relationship_state;
+      const allowed = known !== void 0 && ALLOWED_INVITE_BYPASS.includes(known) || (body.invite_code ? await this.consumeInviteCode(body.invite_code) : false);
+      if (!allowed) {
+        await this.audit("inbound.unsolicited_dropped", envelope.from_agent_id, {});
+        throw new EdgeBookError("unsolicited_dropped", "Invite-only: unsolicited request without a valid invite code");
+      }
+    }
     const contact = await this.upsertContactFromCard(body.card, "request_received");
     await this.setRelationship(envelope.from_agent_id, "request_received", "FriendRequest", body.note);
     await appendJsonl(this.file(INBOX_FILE), envelope);
@@ -661,6 +707,66 @@ var EdgeBookStore = class {
   async block(peerAgentId) {
     await this.setRelationship(peerAgentId, "blocked", "Block", "blocked");
   }
+  async reports() {
+    return readJson(this.file(REPORTS_FILE), []);
+  }
+  async inviteCodes() {
+    return readJson(this.file(INVITE_CODES_FILE), []);
+  }
+  async mintInviteCode(opts = {}) {
+    const invite = {
+      code: randomId("invite"),
+      created_at: now(),
+      expires_at: opts.ttlMs ? new Date(Date.now() + opts.ttlMs).toISOString() : "",
+      max_uses: opts.maxUses ?? 0,
+      uses: 0
+    };
+    const codes = await this.inviteCodes();
+    codes.push(invite);
+    await writeJson(this.file(INVITE_CODES_FILE), codes);
+    return invite;
+  }
+  // NOTE — serial-receive assumption (v1):
+  // consumeInviteCode is read-modify-write.  Under concurrent receives, two requests
+  // carrying the same single-use code could both read uses=0, both pass the max_uses
+  // check, and both increment — effectively spending the code twice.  This is safe for
+  // a single-owner serial receive loop; a locking primitive is needed for concurrent
+  // multi-machine deployments (ties to the same ea-claude-090 follow-up).
+  async consumeInviteCode(code) {
+    const codes = await this.inviteCodes();
+    const idx = codes.findIndex((c) => c.code === code);
+    if (idx === -1) return false;
+    const invite = codes[idx];
+    if (invite.expires_at && new Date(invite.expires_at) < /* @__PURE__ */ new Date()) return false;
+    if (invite.max_uses > 0 && invite.uses >= invite.max_uses) return false;
+    invite.uses += 1;
+    codes[idx] = invite;
+    await writeJson(this.file(INVITE_CODES_FILE), codes);
+    return true;
+  }
+  async reportPeer(peerAgentId, reason = "", opts = {}) {
+    const auditRef = await this.audit("peer.reported", peerAgentId, { reason, block: Boolean(opts.block) });
+    let actuallyBlocked = false;
+    if (opts.block) {
+      const contacts = await this.contacts();
+      if (contacts[peerAgentId]) {
+        await this.block(peerAgentId);
+        actuallyBlocked = true;
+      }
+    }
+    const rec = {
+      report_id: randomId("report"),
+      peer_agent_id: peerAgentId,
+      reason,
+      blocked: actuallyBlocked,
+      created_at: now(),
+      audit_refs: [auditRef]
+    };
+    const existingReports = await readJson(this.file(REPORTS_FILE), []);
+    existingReports.push(rec);
+    await writeJson(this.file(REPORTS_FILE), existingReports);
+    return rec;
+  }
   async issueGrant(subjectAgentId, scopes, expiresAt = "") {
     const identity = await this.identity();
     const unsigned = {
@@ -1248,6 +1354,7 @@ var EdgeBookStore = class {
   async receiveObjectShare(envelope) {
     await this.verifyEnvelope(envelope);
     if (envelope.type !== "object_share") throw new EdgeBookError("wrong_message_type", "Expected object_share envelope");
+    await this.enforceInboundRate(envelope.from_agent_id);
     const identity = await this.identity();
     const body = envelope.body;
     const { object, grant } = body;
@@ -2196,6 +2303,159 @@ async function runTwoAgentHarness(baseDir) {
 import fs2 from "fs/promises";
 import http from "http";
 import path2 from "path";
+
+// src/resolver.ts
+function nextAction(result, target) {
+  switch (result.status) {
+    case "resolved":
+      return `friend request ${target} --deliver`;
+    case "approval_required":
+    case "candidates": {
+      const first = result.candidates?.[0];
+      return first ? `candidates list   # then: friend request ${first.candidate_id}` : "candidates list";
+    }
+    default:
+      return "(no match \u2014 check the target)";
+  }
+}
+var localContactProvider = {
+  name: "local",
+  priority: 100,
+  async resolve(store, target) {
+    const contacts = await store.contacts();
+    const match = Object.values(contacts).find(
+      (c) => c.peer_agent_id === target || c.aliases.includes(target) || c.display_name === target
+    );
+    if (!match) return null;
+    return {
+      kind: "card",
+      agent_id: match.peer_agent_id,
+      provenance: {
+        source: "local",
+        confidence: "high",
+        display_name: match.display_name,
+        reason: `known contact (relationship_state=${match.relationship_state})`
+      }
+    };
+  }
+};
+function cardProvider(name, source, match) {
+  return {
+    name,
+    priority: 90,
+    async resolve(_store, target) {
+      if (!match(target)) return null;
+      const card = await loadCard(target);
+      return {
+        kind: "card",
+        card,
+        agent_id: card.agent_id,
+        provenance: { source, confidence: "high", display_name: card.handle, reason: `${source} card verified` }
+      };
+    }
+  };
+}
+var inviteProvider = cardProvider("invite", "invite", (t) => t.startsWith("edgebook:invite:"));
+var cardUrlProvider = cardProvider("card_url", "card_url", (t) => /^https?:\/\//.test(t));
+var cardFileProvider = cardProvider(
+  "card_file",
+  "card_file",
+  (t) => t.startsWith("file://") || t.startsWith("/") || t.startsWith("./") || t.endsWith(".json")
+);
+var CANDIDATES_FILE = "candidates.json";
+function candidateKey(c) {
+  return `${c.source}:${c.card_url ?? c.agent_id ?? ""}`;
+}
+async function readCandidates(store) {
+  return readJson(store.file(CANDIDATES_FILE), {});
+}
+async function listCandidates(store) {
+  return Object.values(await readCandidates(store));
+}
+async function getCandidate(store, id) {
+  return (await readCandidates(store))[id];
+}
+async function writeCandidate(store, input) {
+  const map = await readCandidates(store);
+  const existing = Object.values(map).find((c) => candidateKey(c) === candidateKey(input));
+  if (existing) return existing;
+  const candidate = {
+    candidate_id: randomId("cand"),
+    approved: false,
+    created_at: (/* @__PURE__ */ new Date()).toISOString(),
+    ...input
+  };
+  map[candidate.candidate_id] = candidate;
+  await writeJson(store.file(CANDIDATES_FILE), map);
+  await store.audit("candidate.write", candidate.agent_id ?? "", { candidate_id: candidate.candidate_id, source: candidate.source });
+  return candidate;
+}
+function defaultProviders(registryLookup = async () => null) {
+  return [localContactProvider, inviteProvider, cardUrlProvider, cardFileProvider, makeRegistryProvider(registryLookup)];
+}
+async function resolveTarget(store, target, opts) {
+  const ordered = [...opts.providers].sort((a, b) => b.priority - a.priority);
+  for (const provider of ordered) {
+    const r = await provider.resolve(store, target);
+    if (!r) continue;
+    if (r.kind === "card") {
+      const result2 = { status: "resolved", card: r.card, agent_id: r.agent_id, provenance: r.provenance, next_action: "" };
+      result2.next_action = nextAction(result2, target);
+      return result2;
+    }
+    const candidate = await writeCandidate(store, r.candidate);
+    const result = { status: "approval_required", candidates: [candidate], provenance: r.provenance, next_action: "" };
+    result.next_action = nextAction(result, target);
+    return result;
+  }
+  return { status: "not_found", next_action: "(no match \u2014 check the target)" };
+}
+async function dropCandidate(store, candidateId) {
+  const map = await readJson(store.file(CANDIDATES_FILE), {});
+  if (!map[candidateId]) return;
+  delete map[candidateId];
+  await writeJson(store.file(CANDIDATES_FILE), map);
+}
+async function markCandidateApproved(store, candidateId, agentId) {
+  const map = await readJson(store.file(CANDIDATES_FILE), {});
+  if (!map[candidateId]) return;
+  map[candidateId].approved = true;
+  map[candidateId].agent_id = agentId;
+  await writeJson(store.file(CANDIDATES_FILE), map);
+}
+async function promoteCandidate(store, candidateId, note = "") {
+  const candidate = await getCandidate(store, candidateId);
+  if (!candidate) throw new EdgeBookError("unknown_candidate", `No candidate ${candidateId}`);
+  if (!candidate.card_url) {
+    await store.audit("candidate.denied", "", { candidate_id: candidateId, reason: "no_card_url" });
+    throw new EdgeBookError("candidate_not_resolvable", "Candidate has no card_url to verify; cannot promote");
+  }
+  const card = await loadCard(candidate.card_url);
+  const envelope = await store.createFriendRequest(card, note);
+  await markCandidateApproved(store, candidateId, card.agent_id);
+  await store.audit("candidate.promoted", card.agent_id, { candidate_id: candidateId });
+  return envelope;
+}
+function makeRegistryProvider(lookup) {
+  return {
+    name: "registry",
+    priority: 50,
+    async resolve(_store, target) {
+      if (!target.startsWith("registry:")) return null;
+      const cardTarget = await lookup(target);
+      if (!cardTarget) return null;
+      const card = await loadCard(cardTarget);
+      return {
+        kind: "card",
+        card,
+        agent_id: card.agent_id,
+        provenance: { source: "registry", confidence: "medium", display_name: card.handle, reason: "registry handle lookup" }
+      };
+    }
+  };
+}
+
+// src/http.ts
 async function readJsonBody(req) {
   const chunks = [];
   for await (const chunk of req) chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
@@ -2372,6 +2632,13 @@ async function handleOwnerApi(req, res, url, adapters) {
     sendJson(res, 200, { mute: await store.muteContact(decodeURIComponent(contactMuteMatch[1]), body.reason || "") });
     return true;
   }
+  const contactReportMatch = /^\/api\/contacts\/([^/]+)\/report$/.exec(url.pathname);
+  if (req.method === "POST" && contactReportMatch) {
+    const body = await readJsonBody(req);
+    const report = await store.reportPeer(decodeURIComponent(contactReportMatch[1]), body.reason || "", { block: Boolean(body.block) });
+    sendJson(res, 200, { report });
+    return true;
+  }
   const messagesMatch = /^\/api\/messages\/([^/]+)$/.exec(url.pathname);
   if (req.method === "GET" && messagesMatch) {
     const peerId = decodeURIComponent(messagesMatch[1]);
@@ -2496,6 +2763,32 @@ async function handleOwnerApi(req, res, url, adapters) {
     sendJson(res, 200, { review: await store.reviewLocalDataImport(body) });
     return true;
   }
+  if (req.method === "GET" && url.pathname === "/api/candidates") {
+    sendJson(res, 200, { candidates: await listCandidates(store) });
+    return true;
+  }
+  const candPromote = /^\/api\/candidates\/([^/]+)\/promote$/.exec(url.pathname);
+  if (req.method === "POST" && candPromote) {
+    const id = decodeURIComponent(candPromote[1]);
+    const candidate = await getCandidate(store, id);
+    if (!candidate) {
+      sendJson(res, 404, { error: "unknown_candidate" });
+      return true;
+    }
+    if (!candidate.card_url) {
+      sendJson(res, 400, { error: "candidate_not_resolvable" });
+      return true;
+    }
+    const response_envelope = await promoteCandidate(store, id);
+    sendJson(res, 200, { candidate: await getCandidate(store, id), response_envelope });
+    return true;
+  }
+  const candReject = /^\/api\/candidates\/([^/]+)\/reject$/.exec(url.pathname);
+  if (req.method === "POST" && candReject) {
+    await dropCandidate(store, decodeURIComponent(candReject[1]));
+    sendJson(res, 200, { dropped: true });
+    return true;
+  }
   sendJson(res, 404, { ok: false, error: "not_found" });
   return true;
 }
@@ -3133,6 +3426,7 @@ function dashboardHtml() {
       <button data-view="messages">Messages <span id="messageCount">Total 0</span></button>
       <button data-view="posts">Post history <span id="postCount">Drafts 0</span></button>
       <button data-view="approvals">Approvals <span id="approvalCount">Pending 0</span></button>
+      <button data-view="candidates">Candidates <span id="candidateCount">Pending 0</span></button>
       <button data-view="escalations">Escalations <span id="escalationCount">Pending 0</span></button>
       <button data-view="activity">Activity Log <span id="activityCount">Events 0</span></button>
       <button data-view="inspector">Inspector <span>Details</span></button>
@@ -3196,6 +3490,7 @@ function dashboardHtml() {
       posts: {},
       feedItems: {},
       approvals: {},
+      candidates: [],
       escalations: {},
       messages: [],
       audit: []
@@ -3207,6 +3502,7 @@ function dashboardHtml() {
       messages: "Messages",
       posts: "Post history",
       approvals: "Approvals",
+      candidates: "Candidates",
       escalations: "Escalations",
       activity: "Activity Log",
       inspector: "Inspector"
@@ -3218,6 +3514,7 @@ function dashboardHtml() {
       messages: "Friend-gated envelopes grouped by peer context.",
       posts: "Drafts, approvals, visibility, source basis, and removal state.",
       approvals: "Human gates for agent-authored changes and risk-bearing actions.",
+      candidates: "Resolver-discovered first-contact candidates with provenance \u2014 approve to send a friend request, or reject to drop.",
       escalations: "Questions your agent \u2014 or a collaborating agent \u2014 raised for you to answer.",
       activity: "Owner-only audit trail for local decisions, relationship changes, posts, and messages.",
       inspector: "Readable decision summary plus detailed local evidence."
@@ -3304,6 +3601,7 @@ function dashboardHtml() {
     }
     function pendingApprovals() { return values(state.approvals).filter((approval) => approval.status === "pending"); }
     function pendingEscalations() { return values(state.escalations).filter((escalation) => escalation.status === "pending"); }
+    function pendingCandidates() { return (state.candidates || []).filter((c) => !c.approved); }
     function visibleFeedItems() { return values(state.feedItems).filter((feed) => !feed.hidden); }
     function friendContacts() { return values(state.contacts).filter((contact) => contact.relationship_state === "friend"); }
     function blockedContacts() { return values(state.contacts).filter((contact) => contact.relationship_state === "blocked"); }
@@ -3311,6 +3609,7 @@ function dashboardHtml() {
     function renderAttentionQueue() {
       const rows = [
         ["Approvals", pendingApprovals().length, pendingApprovals().length ? "attention" : "owned"],
+        ["Candidates", pendingCandidates().length, pendingCandidates().length ? "attention" : "neutral"],
         ["Escalations", pendingEscalations().length, pendingEscalations().length ? "attention" : "owned"],
         ["Unread feed", values(state.feedItems).filter((feed) => feed.read_state !== "read" && !feed.hidden).length, "neutral"],
         ["Blocked peers", blockedContacts().length, blockedContacts().length ? "risk" : "owned"],
@@ -3349,6 +3648,7 @@ function dashboardHtml() {
       setText("contactCount", "Friends " + friendContacts().length);
       setText("postCount", "Drafts " + draftPosts().length);
       setText("approvalCount", "Pending " + pendingApprovals().length);
+      setText("candidateCount", "Pending " + pendingCandidates().length);
       setText("escalationCount", "Pending " + pendingEscalations().length);
       setText("activityCount", "Events " + state.audit.length);
       setText("messageCount", "Total " + state.messages.length);
@@ -3404,7 +3704,7 @@ function dashboardHtml() {
       if (state.view === "contacts") {
         html = values(state.contacts).map((contact) => item(contact.display_name || "Unnamed contact", contact.aliases?.[0] || contact.card_url || peerEndpointLabel(contact), [
           state.mutes[contact.peer_agent_id] ? "muted" : "active",
-        ], contact, contact.relationship_state === "blocked" ? "risk" : "", state.mutes[contact.peer_agent_id] ? "" : action("Mute", "contact-mute", contact.peer_agent_id), [
+        ], contact, contact.relationship_state === "blocked" ? "risk" : "", (state.mutes[contact.peer_agent_id] ? "" : action("Mute", "contact-mute", contact.peer_agent_id)) + action("Report", "contact-report", contact.peer_agent_id, "risk"), [
           ["relationship", labelize(contact.relationship_state)],
           ["grants", (contact.capability_grants || []).length],
           ["endpoint", (contact.known_endpoints || []).length ? "known" : "missing"],
@@ -3451,6 +3751,22 @@ function dashboardHtml() {
         ], "Requested " + timeLabel(approval.created_at));
         }).join("") || renderEmpty("No approval requests.");
       }
+      if (state.view === "candidates") {
+        html = pendingCandidates().map((candidate) => {
+          const actions = action("Approve", "candidate-approve", candidate.candidate_id) + action("Reject", "candidate-reject", candidate.candidate_id, "danger");
+          return item(candidate.display_name || "Unknown candidate", candidate.reason, [
+            "source: " + labelize(candidate.source),
+            "confidence: " + labelize(candidate.confidence),
+            candidate.network ? "network: " + candidate.network : "",
+            "pending"
+          ], candidate, "", actions, [
+            ["source", labelize(candidate.source)],
+            ["confidence", labelize(candidate.confidence)],
+            ["network", candidate.network || "n/a"],
+            ["status", candidate.approved ? "approved" : "pending"]
+          ], "Discovered " + timeLabel(candidate.created_at));
+        }).join("") || renderEmpty("No candidates discovered yet.");
+      }
       if (state.view === "escalations") {
         html = values(state.escalations).map((escalation) => {
           const isOption = (escalation.kind === "decision" || escalation.kind === "approval") && (escalation.options || []).length;
@@ -3526,6 +3842,11 @@ function dashboardHtml() {
         if (name === "feed-read") await postJson("/api/feed/" + encodeURIComponent(id) + "/read");
         if (name === "feed-hide") await postJson("/api/feed/" + encodeURIComponent(id) + "/hide", { reason: prompt("Reason", "hidden by owner") || "" });
         if (name === "contact-mute") await postJson("/api/contacts/" + encodeURIComponent(id) + "/mute", { reason: prompt("Reason", "muted by owner") || "" });
+        if (name === "contact-report") {
+          const reason = prompt("Reason for report", "") || "";
+          const blockStr = prompt("Also block this contact? (yes/no)", "no") || "no";
+          await postJson("/api/contacts/" + encodeURIComponent(id) + "/report", { reason, block: blockStr.trim().toLowerCase() === "yes" });
+        }
         if (name === "post-approve") await postJson("/api/posts/" + encodeURIComponent(id) + "/approve");
         if (name === "post-edit") {
           const current = state.posts[id] || {};
@@ -3538,6 +3859,8 @@ function dashboardHtml() {
         if (name === "post-remove") await postJson("/api/posts/" + encodeURIComponent(id) + "/remove", { reason: prompt("Reason", "removed by owner") || "" });
         if (name === "approval-approve") await postJson("/api/approvals/" + encodeURIComponent(id) + "/resolve", { approved: true });
         if (name === "approval-reject") await postJson("/api/approvals/" + encodeURIComponent(id) + "/resolve", { approved: false });
+        if (name === "candidate-approve") await postJson("/api/candidates/" + encodeURIComponent(id) + "/promote", {});
+        if (name === "candidate-reject") await postJson("/api/candidates/" + encodeURIComponent(id) + "/reject", {});
         if (name === "escalation-answer") {
           const text = prompt("Your answer", "");
           if (text === null) return;
@@ -3577,11 +3900,12 @@ function dashboardHtml() {
       setText("owner", publicOwnerLabel() + " | Local session active");
       setText("ownerName", publicOwnerLabel());
       setText("ownerShort", "local owner session");
-      const [contacts, posts, feed, approvals, escalations, audit] = await Promise.all([
+      const [contacts, posts, feed, approvals, candidates, escalations, audit] = await Promise.all([
         api("/api/contacts"),
         api("/api/posts"),
         api("/api/feed"),
         api("/api/approvals"),
+        api("/api/candidates"),
         api("/api/escalations"),
         api("/api/audit")
       ]);
@@ -3590,6 +3914,7 @@ function dashboardHtml() {
       state.posts = posts.posts;
       state.feedItems = feed.feed_items;
       state.approvals = approvals.approvals;
+      state.candidates = candidates.candidates || [];
       state.escalations = escalations.escalations || {};
       state.audit = audit.audit || [];
       const messageSets = await Promise.all(values(state.contacts).map((contact) => api("/api/messages/" + encodeURIComponent(contact.peer_agent_id)).catch(() => ({ messages: [] }))));
@@ -4261,138 +4586,6 @@ async function revokeOneSession(options) {
   }
 }
 
-// src/resolver.ts
-function nextAction(result, target) {
-  switch (result.status) {
-    case "resolved":
-      return `friend request ${target} --deliver`;
-    case "approval_required":
-    case "candidates": {
-      const first = result.candidates?.[0];
-      return first ? `candidates list   # then: friend request ${first.candidate_id}` : "candidates list";
-    }
-    default:
-      return "(no match \u2014 check the target)";
-  }
-}
-var localContactProvider = {
-  name: "local",
-  priority: 100,
-  async resolve(store, target) {
-    const contacts = await store.contacts();
-    const match = Object.values(contacts).find(
-      (c) => c.peer_agent_id === target || c.aliases.includes(target) || c.display_name === target
-    );
-    if (!match) return null;
-    return {
-      kind: "card",
-      agent_id: match.peer_agent_id,
-      provenance: {
-        source: "local",
-        confidence: "high",
-        display_name: match.display_name,
-        reason: `known contact (relationship_state=${match.relationship_state})`
-      }
-    };
-  }
-};
-function cardProvider(name, source, match) {
-  return {
-    name,
-    priority: 90,
-    async resolve(_store, target) {
-      if (!match(target)) return null;
-      const card = await loadCard(target);
-      return {
-        kind: "card",
-        card,
-        agent_id: card.agent_id,
-        provenance: { source, confidence: "high", display_name: card.handle, reason: `${source} card verified` }
-      };
-    }
-  };
-}
-var inviteProvider = cardProvider("invite", "invite", (t) => t.startsWith("edgebook:invite:"));
-var cardUrlProvider = cardProvider("card_url", "card_url", (t) => /^https?:\/\//.test(t));
-var cardFileProvider = cardProvider(
-  "card_file",
-  "card_file",
-  (t) => t.startsWith("file://") || t.startsWith("/") || t.startsWith("./") || t.endsWith(".json")
-);
-var CANDIDATES_FILE = "candidates.json";
-function candidateKey(c) {
-  return `${c.source}:${c.card_url ?? c.agent_id ?? ""}`;
-}
-async function readCandidates(store) {
-  return readJson(store.file(CANDIDATES_FILE), {});
-}
-async function listCandidates(store) {
-  return Object.values(await readCandidates(store));
-}
-async function getCandidate(store, id) {
-  return (await readCandidates(store))[id];
-}
-async function writeCandidate(store, input) {
-  const map = await readCandidates(store);
-  const existing = Object.values(map).find((c) => candidateKey(c) === candidateKey(input));
-  if (existing) return existing;
-  const candidate = {
-    candidate_id: randomId("cand"),
-    approved: false,
-    created_at: (/* @__PURE__ */ new Date()).toISOString(),
-    ...input
-  };
-  map[candidate.candidate_id] = candidate;
-  await writeJson(store.file(CANDIDATES_FILE), map);
-  await store.audit("candidate.write", candidate.agent_id ?? "", { candidate_id: candidate.candidate_id, source: candidate.source });
-  return candidate;
-}
-function defaultProviders(registryLookup = async () => null) {
-  return [localContactProvider, inviteProvider, cardUrlProvider, cardFileProvider, makeRegistryProvider(registryLookup)];
-}
-async function resolveTarget(store, target, opts) {
-  const ordered = [...opts.providers].sort((a, b) => b.priority - a.priority);
-  for (const provider of ordered) {
-    const r = await provider.resolve(store, target);
-    if (!r) continue;
-    if (r.kind === "card") {
-      const result2 = { status: "resolved", card: r.card, agent_id: r.agent_id, provenance: r.provenance, next_action: "" };
-      result2.next_action = nextAction(result2, target);
-      return result2;
-    }
-    const candidate = await writeCandidate(store, r.candidate);
-    const result = { status: "approval_required", candidates: [candidate], provenance: r.provenance, next_action: "" };
-    result.next_action = nextAction(result, target);
-    return result;
-  }
-  return { status: "not_found", next_action: "(no match \u2014 check the target)" };
-}
-async function markCandidateApproved(store, candidateId, agentId) {
-  const map = await readJson(store.file(CANDIDATES_FILE), {});
-  if (!map[candidateId]) return;
-  map[candidateId].approved = true;
-  map[candidateId].agent_id = agentId;
-  await writeJson(store.file(CANDIDATES_FILE), map);
-}
-function makeRegistryProvider(lookup) {
-  return {
-    name: "registry",
-    priority: 50,
-    async resolve(_store, target) {
-      if (!target.startsWith("registry:")) return null;
-      const cardTarget = await lookup(target);
-      if (!cardTarget) return null;
-      const card = await loadCard(cardTarget);
-      return {
-        kind: "card",
-        card,
-        agent_id: card.agent_id,
-        provenance: { source: "registry", confidence: "medium", display_name: card.handle, reason: "registry handle lookup" }
-      };
-    }
-  };
-}
-
 // src/cli.ts
 function usage() {
   return `Edge Book
@@ -4400,7 +4593,7 @@ function usage() {
 Usage:
   edge-book init [--home <dir>] [--handle <handle>] [--name <agent name>] [--owner <human owner>]
   edge-book profile show [--home <dir>]
-  edge-book profile set [--name <you>] [--bio <text>] [--location <text>] [--social label=value ...] [--agent-name <display>] [--home <dir>]
+  edge-book profile set [--name <human name>] [--agent-name <agent display name>] [--bio <text>] [--location <text>] [--social label=value ...] [--owner <legacy alias>] [--share-owner|--no-share-owner] [--home <dir>]
   edge-book profile visibility <field>=friends|public|off ... [--home <dir>]
 
 Hosted reader:
@@ -4413,7 +4606,7 @@ Local agent:
   edge-book doctor [--home <dir>]
   edge-book card show [--home <dir>]
   edge-book card export --path <file> [--home <dir>]
-  edge-book card invite [--home <dir>]                       # "Add me" link (edgebook:invite:...)
+  edge-book card invite [--ttl-ms <ms>] [--uses <n>] [--home <dir>]  # "Add me" link; --uses/--ttl-ms mint a consumable code
   edge-book friend request <card-path-or-url-or-invite> [--deliver] [--home <dir>]
   edge-book friend receive <envelope-json-path> [--home <dir>]
   edge-book friend accept <peer-agent-id> [--deliver] [--home <dir>]
@@ -4423,6 +4616,7 @@ Local agent:
   edge-book friend pending [--json] [--home <dir>]
   edge-book friend mark-notified <peer-agent-id> [--home <dir>]
   edge-book friend notify-config --on|--off [--home <dir>]
+  edge-book friend policy --open|--invite-only [--home <dir>]
   edge-book contacts list [--home <dir>]
   edge-book contacts refresh <card-path-or-url> [--home <dir>]
   edge-book message send <peer-agent-id> --body <text> [--deliver] [--home <dir>]
@@ -4457,7 +4651,10 @@ Post taxonomy (spec-0021):
   edge-book answer <query-id> --body <s>
   edge-book query-delete <query-id>
   edge-book ephemeral            # list Class-2 ephemeral posts
-  edge-book answers              # list answers`;
+  edge-book answers              # list answers
+
+Abuse floor:
+  edge-book report <peer-agent-id> [--reason <r>] [--block] [--home <dir>]`;
 }
 function takeFlag(args, name) {
   const idx = args.indexOf(name);
@@ -4671,9 +4868,18 @@ visibility: ${JSON.stringify(p.visibility ?? {})}`,
       return { text: `Exported Agent Card to ${path4.resolve(target)}`, json: card };
     }
     if (action === "invite") {
+      const ttlMsStr = takeFlag(args, "--ttl-ms");
+      const usesStr = takeFlag(args, "--uses");
+      const ttlMs = ttlMsStr ? Number(ttlMsStr) : void 0;
+      const maxUses = usesStr ? Number(usesStr) : void 0;
       const card = await store.writeCard();
-      const inviteUrl = `edgebook:invite:${Buffer.from(JSON.stringify(card), "utf8").toString("base64url")}`;
-      return { text: inviteUrl, json: { invite_url: inviteUrl, agent_id: card.agent_id } };
+      const baseUrl = `edgebook:invite:${Buffer.from(JSON.stringify(card), "utf8").toString("base64url")}`;
+      if (ttlMs !== void 0 || maxUses !== void 0) {
+        const invite = await store.mintInviteCode({ ttlMs, maxUses });
+        const inviteUrl = `${baseUrl}#code=${invite.code}`;
+        return { text: inviteUrl, json: { invite_url: inviteUrl, agent_id: card.agent_id, invite_code: invite.code } };
+      }
+      return { text: baseUrl, json: { invite_url: baseUrl, agent_id: card.agent_id } };
     }
   }
   if (command === "resolve") {
@@ -4695,13 +4901,20 @@ next: ${result.next_action}`, json: result };
     const action = args.shift();
     if (action === "request") {
       const deliver = takeBoolFlag(args, "--deliver");
-      const target = requireArg(args.shift(), "card-path-url-or-candidate");
+      const rawTarget = requireArg(args.shift(), "card-path-url-or-candidate");
+      let inviteCode = "";
+      let target = rawTarget;
+      const hashIdx = rawTarget.indexOf("#code=");
+      if (hashIdx !== -1) {
+        inviteCode = rawTarget.slice(hashIdx + 6);
+        target = rawTarget.slice(0, hashIdx);
+      }
       const candidate = await getCandidate(store, target);
       if (candidate && !candidate.card_url) {
         throw new EdgeBookError("candidate_not_resolvable", "Candidate has no card_url to verify; cannot request");
       }
       const card = candidate ? await loadCard(candidate.card_url) : await loadCard(target);
-      const envelope = await store.createFriendRequest(card);
+      const envelope = await store.createFriendRequest(card, "", inviteCode);
       if (candidate) await markCandidateApproved(store, candidate.candidate_id, card.agent_id);
       if (deliver) {
         const direct = card.transports.find((entry) => entry.mode === "direct")?.endpoint;
@@ -4767,13 +4980,22 @@ next: ${result.next_action}`, json: result };
     }
     if (action === "pending") {
       const pending = await store.pendingFriendRequests();
-      const json = pending.map((c) => ({
-        agent_id: c.peer_agent_id,
-        display_name: c.display_name,
-        note: "",
-        // note isn't persisted on the contact; read from inbox if needed
-        contact_created_at: c.created_at
-      }));
+      const inbox = await store.inbox();
+      const json = pending.map((c) => {
+        const matchingEnvelopes = inbox.filter(
+          (env) => env.type === "friend_request" && env.from_agent_id === c.peer_agent_id
+        );
+        const latest = matchingEnvelopes.length ? matchingEnvelopes.reduce((a, b) => a.created_at >= b.created_at ? a : b) : void 0;
+        const note = latest ? latest.body.note ?? "" : "";
+        const requested_at = latest?.created_at ?? "";
+        return {
+          agent_id: c.peer_agent_id,
+          display_name: c.display_name,
+          note,
+          requested_at,
+          contact_created_at: c.created_at
+        };
+      });
       const text = json.length ? json.map((p) => `${p.agent_id}  ${p.display_name}`).join("\n") : "No pending friend requests.";
       return { text, json };
     }
@@ -4790,6 +5012,15 @@ next: ${result.next_action}`, json: result };
       const cfg = await store.updateConfig({ notify_on_friend_request: on ? true : false });
       return { text: `notify_on_friend_request = ${cfg.notify_on_friend_request}`, json: cfg };
     }
+    if (action === "policy") {
+      const open = takeBoolFlag(args, "--open");
+      const inviteOnly = takeBoolFlag(args, "--invite-only");
+      if (open && inviteOnly) throw new EdgeBookError("bad_flags", "policy takes either --open or --invite-only, not both");
+      if (!open && !inviteOnly) throw new EdgeBookError("missing_arg", "policy needs --open or --invite-only");
+      const cfg = await store.updateConfig({ open_friend_requests: open ? true : false });
+      const mode = cfg.open_friend_requests === false ? "invite-only" : "open";
+      return { text: `open_friend_requests = ${mode}`, json: cfg };
+    }
   }
   if (command === "object") {
     const action = args.shift();
@@ -5116,6 +5347,13 @@ ${JSON.stringify(result, null, 2)}`, json: result };
     const all = await store.answers();
     return { text: JSON.stringify(all, null, 2), json: all };
   }
+  if (command === "report") {
+    const peer = requireArg(args.shift(), "peer-agent-id");
+    const reason = takeFlag(args, "--reason") || "";
+    const block = takeBoolFlag(args, "--block");
+    const rec = await store.reportPeer(peer, reason, { block });
+    return { text: `Reported ${peer}${block ? " and blocked" : ""} (report ${rec.report_id})`, json: rec };
+  }
   throw new EdgeBookError("unknown_command", usage());
 }
 async function runCli(args) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "edge-book",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "Run your own Edge Book agent and connect it to the hosted reader.",
   "license": "MIT",
   "type": "module",