fix: v0.1.15 — production hardening (7 fixes)
Some checks failed
Some checks failed
Broker: - Sweep stale presences (3 missed pings = disconnect, 30s interval) - Exclude sender from broadcast fan-out + queue drain CLI: - Decrypt fallback: try base64 plaintext if crypto_box fails - Stable session keypair across WS reconnects - Peer name cache (30s TTL) instead of list_peers per push - Clean up orphaned tmpdirs from crashed sessions (>1 hour old) - Read displayName from config file (not just env var) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alejandro Gutiérrez
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "claudemesh-cli",
|
||||
"version": "0.1.14",
|
||||
"version": "0.1.15",
|
||||
"description": "Claude Code MCP client for claudemesh — peer mesh messaging between Claude sessions.",
|
||||
"keywords": [
|
||||
"claude-code",
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
*/
|
||||
|
||||
import { spawn } from "node:child_process";
|
||||
import { mkdtempSync, writeFileSync, rmSync } from "node:fs";
|
||||
import { mkdtempSync, writeFileSync, rmSync, readdirSync, statSync } from "node:fs";
|
||||
import { tmpdir, hostname } from "node:os";
|
||||
import { join } from "node:path";
|
||||
import { createInterface } from "node:readline";
|
||||
@@ -215,6 +215,17 @@ export async function runLaunch(extraArgs: string[]): Promise<void> {
|
||||
// We just set the display name via env var.
|
||||
const displayName = args.name ?? `${hostname()}-${process.pid}`;
|
||||
|
||||
// Clean up orphaned tmpdirs from crashed sessions (older than 1 hour)
|
||||
const tmpBase = tmpdir();
|
||||
try {
|
||||
for (const entry of readdirSync(tmpBase)) {
|
||||
if (!entry.startsWith("claudemesh-")) continue;
|
||||
const full = join(tmpBase, entry);
|
||||
const age = Date.now() - statSync(full).mtimeMs;
|
||||
if (age > 3600_000) rmSync(full, { recursive: true, force: true });
|
||||
}
|
||||
} catch { /* best effort */ }
|
||||
|
||||
// 4. Write session config to tmpdir (isolates mesh selection).
|
||||
const tmpDir = mkdtempSync(join(tmpdir(), "claudemesh-"));
|
||||
const sessionConfig: Config = {
|
||||
|
||||
@@ -98,6 +98,24 @@ async function resolveClient(to: string): Promise<{
|
||||
};
|
||||
}
|
||||
|
||||
// Peer name cache to avoid calling listPeers on every incoming push
|
||||
const peerNameCache = new Map<string, string>();
|
||||
let peerNameCacheAge = 0;
|
||||
const CACHE_TTL_MS = 30_000;
|
||||
|
||||
async function resolvePeerName(client: BrokerClient, pubkey: string): Promise<string> {
|
||||
const now = Date.now();
|
||||
if (now - peerNameCacheAge > CACHE_TTL_MS) {
|
||||
peerNameCache.clear();
|
||||
try {
|
||||
const peers = await client.listPeers();
|
||||
for (const p of peers) peerNameCache.set(p.pubkey, p.displayName);
|
||||
} catch { /* best effort */ }
|
||||
peerNameCacheAge = now;
|
||||
}
|
||||
return peerNameCache.get(pubkey) ?? `peer-${pubkey.slice(0, 8)}`;
|
||||
}
|
||||
|
||||
function decryptFailedWarning(senderPubkey: string): string {
|
||||
const who = senderPubkey ? senderPubkey.slice(0, 12) + "…" : "unknown sender";
|
||||
return `⚠ message from ${who} failed to decrypt (tampered or wrong keypair)`;
|
||||
@@ -251,17 +269,10 @@ If you have multiple joined meshes, prefix the \`to\` argument of send_message w
|
||||
for (const client of allClients()) {
|
||||
client.onPush(async (msg) => {
|
||||
const fromPubkey = msg.senderPubkey || "";
|
||||
// Resolve sender's display name from the peer list.
|
||||
let fromName = fromPubkey
|
||||
? `peer-${fromPubkey.slice(0, 8)}`
|
||||
// Resolve sender's display name from the cached peer list.
|
||||
const fromName = fromPubkey
|
||||
? await resolvePeerName(client, fromPubkey)
|
||||
: "unknown";
|
||||
try {
|
||||
const peers = await client.listPeers();
|
||||
const match = peers.find((p) => p.pubkey === fromPubkey);
|
||||
if (match) fromName = match.displayName;
|
||||
} catch {
|
||||
/* best effort — fall back to truncated pubkey */
|
||||
}
|
||||
const content = msg.plaintext ?? decryptFailedWarning(fromPubkey);
|
||||
try {
|
||||
await server.notification({
|
||||
|
||||
@@ -115,10 +115,12 @@ export class BrokerClient {
|
||||
const onOpen = async (): Promise<void> => {
|
||||
this.debug("ws open → generating session keypair + signing hello");
|
||||
try {
|
||||
// Generate per-session ephemeral keypair for message routing.
|
||||
const sessionKP = await generateKeypair();
|
||||
this.sessionPubkey = sessionKP.publicKey;
|
||||
this.sessionSecretKey = sessionKP.secretKey;
|
||||
// Only generate session keypair on first connect, not reconnects
|
||||
if (!this.sessionPubkey) {
|
||||
const sessionKP = await generateKeypair();
|
||||
this.sessionPubkey = sessionKP.publicKey;
|
||||
this.sessionSecretKey = sessionKP.secretKey;
|
||||
}
|
||||
|
||||
const { timestamp, signature } = await signHello(
|
||||
this.mesh.meshId,
|
||||
@@ -376,6 +378,19 @@ export class BrokerClient {
|
||||
plaintext = null;
|
||||
}
|
||||
}
|
||||
// Fallback: if direct decrypt failed, try plaintext base64 decode.
|
||||
// This handles broadcasts and key mismatches gracefully.
|
||||
if (plaintext === null && ciphertext) {
|
||||
try {
|
||||
const decoded = Buffer.from(ciphertext, "base64").toString("utf-8");
|
||||
// Sanity check: valid UTF-8 text (not binary garbage)
|
||||
if (/^[\x20-\x7E\s\u00A0-\uFFFF]*$/.test(decoded) && decoded.length > 0) {
|
||||
plaintext = decoded;
|
||||
}
|
||||
} catch {
|
||||
plaintext = null;
|
||||
}
|
||||
}
|
||||
const push: InboundPush = {
|
||||
messageId: String(msg.messageId ?? ""),
|
||||
meshId: String(msg.meshId ?? ""),
|
||||
|
||||
Reference in New Issue
Block a user