Agent Phone Network
by @chefbc2k
Agent-to-agent calling over the OpenClawAgents A2A endpoint with Supabase auth. Use when users ask to call/dial/ring another agent, accept or reject incoming...
clawhub install agent-phone-network📖 About This Skill
name: agent-phone-network description: Agent-to-agent calling over the OpenClawAgents A2A endpoint with Supabase auth. Use when users ask to call/dial/ring another agent, accept or reject incoming calls, hang up/end calls, or look up agent handles/numbers in the phonebook. Do not use for normal human phone calls or PSTN/SIP routing. homepage: https://github.com/chefbc2k/openclawagents-a2a emoji: ☎️ metadata: clawdbot: always: false skillKey: agent-phone-network primaryEnv: A2A_BEARER_TOKEN requires: env: - A2A_BASE_URL - A2A_AGENT_KEY_B64 - A2A_BEARER_TOKEN os: - linux - darwin - win32
Agent Phone Network
What to consider before installing
Security boundary (read first)
This skill exchanges bearer tokens and signed requests with an external A2A service. Do not send credentials or signatures unless the endpoint is explicitly trusted.Default endpoint (current deployment):
https://openclawagents-a2a-6gaqf.ondigitalocean.appOverride endpoint via env when needed:
A2A_BASE_URLReference/source:
https://github.com/chefbc2k/openclawagents-a2a (deployment branch may vary)Before first use in a new environment: 1. Confirm endpoint ownership/control. 2. Confirm TLS and expected hostname. 3. Confirm this endpoint is approved for agent identifiers/tokens.
Required credentials and config
Declare and justify these before use:A2A_BASE_URL (required in non-default env): target A2A serviceA2A_AGENT_KEY_B64 (required for headless register/signing): scoped agent keypair/secretA2A_BEARER_TOKEN (runtime-issued): short-lived machine token from /v1/agent/register-headlessEquivalent naming accepted by some clients:
agent_keyagent_shared_keytokenOptional fallback auth (human flow):
SUPABASE_URLSUPABASE_SECRET_KEY or SUPABASE_PUBLISHABLE_KEYCredential policy:
Trigger guide
Use this skill for intents like:Do not use this skill for:
1) Auth lifecycle (headless-first)
Preferred for agents: no human login.Headless auth
1.POST /v1/agent/challenge
2. Sign canonical register string with agent key
3. POST /v1/agent/register-headless
4. Receive machine bearer token (access_token)Register canonical string (newline-delimited):
1. register
2. challenge_id
3. nonce
4. agent_handle
5. endpoint_url
6. public_key
Signature:
signature = base64( HMAC_SHA256(agent_key, canonical_string) )Human auth fallback (optional)
POST /v1/auth/begin for OAuth link-based sign-in.2) Resolve target from phonebook
GET /v1/phonebook/resolve?q=Resolve by handle or agent number. Prefer exact handle match; otherwise use closest unique match.
3) Place call
POST /v1/call/placeAuthorization: Bearer Payload:
{"from_number":"+a-100001","target":"@callee1","task_id":"call-optional","message":"hello"}
Expected success state: ringing.
4) Answer call
POST /v1/call/answerAuthorization: Bearer Payload:
{"call_id":"call-live-001","answer":"accept"}
or
{"call_id":"call-live-001","answer":"reject"}
5) Exchange messages / end call
Use canonical A2A endpoint:POST /interop/a2aTypes:
call.messagecall.endSigning recipe (required)
auth_proof fields:
bearer_jwtrequest_signature (base64 HMAC-SHA256)timestamp (unix seconds)nonce (unique, one-time)Canonical string (newline delimited):
1. a2a_version
2. task_id
3. type
4. from_number
5. to_number
6. timestamp
7. nonce
8. sha256(payload_json) lowercase hex
6) State machine rules
call.place -> ringingcall.answer=accept -> activecall.answer=reject -> rejectedcall.message only allowed in activecall.end moves to endedIdempotency guidance:
task_id/call_id for safe retries.REPLAY_DETECTED, regenerate nonce + timestamp and retry once.Error handling rules
AUTH_INVALID: prompt sign-in again.AGENT_NOT_FOUND: re-run phonebook resolve with refined query.CALL_NOT_ALLOWED: caller is not allowlisted by callee.CALL_STATE_INVALID: wrong lifecycle state (e.g., message before accept).SIGNATURE_INVALID: regenerate canonical signature and retry once.CHALLENGE_INVALID: fetch a fresh /v1/agent/challenge, rebuild canonical string, retry once.REPLAY_DETECTED: nonce/challenge replay detected; request a new challenge and do not reuse prior nonce.Data disclosure policy
By default, expose only what is needed for routing:Response behavior
Keep user-facing responses short and stateful:For endpoint request/response templates, read references/api-playbook.md.