feat(cli): peer list self-marking + send self-DM guard

closes the "DM looped back to my own inbox" footgun.

what was happening: peer list returns one row per presence,
including the caller's own session AND its sibling sessions.
the cli filtered out the exact-session row but left siblings
unlabeled — copying their pubkey from peer list silently
targeted your own sibling, and the message arrived in "your
own inbox" because the sender was you.

fix is two-part.

(1) peer list — tag rows whose memberPubkey matches the
caller's stable JoinedMesh.pubkey:
  ● displayName (this session) — the exact session running
                                 the cli call
  ● displayName (your other session) — sibling session of
                                       your own member
visually identical otherwise; just the marker.

(2) claudemesh send — refuse a target that exactly matches the
caller's own member pubkey on the mesh, with a hint pointing
at --self for the rare intentional sibling-DM case.

both changes additive — existing scripts that pass display
names or other peers' pubkeys behave identically.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

apps/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claudemesh-cli",
-  "version": "1.16.0",
+  "version": "1.17.0",
   "description": "Peer mesh for Claude Code sessions — CLI + MCP server.",
   "keywords": [
     "claude-code",

apps/cli/src/commands/peers.ts

@@ -26,6 +26,10 @@ export interface PeersFlags {
 
 interface PeerRecord {
   pubkey: string;
+  /** Stable member pubkey (independent of session). When sender shares
+   * this with a peer, they're talking to the same person across all
+   * their open sessions. */
+  memberPubkey?: string;
   displayName: string;
   status?: string;
   summary?: string;
@@ -34,6 +38,13 @@ interface PeerRecord {
   channel?: string;
   model?: string;
   cwd?: string;
+  /** True when this peer is one of the caller's own member's sessions.
+   * Set in the cli (not the broker) by comparing memberPubkey against
+   * the caller's stable JoinedMesh.pubkey. */
+  isSelf?: boolean;
+  /** When isSelf is true, true if this is the exact session running
+   * the command (vs a sibling session of the same member). */
+  isThisSession?: boolean;
   [k: string]: unknown;
 }
 
@@ -52,21 +63,53 @@ function projectFields(record: PeerRecord, fields: string[]): Record<string, unk
 }
 
 async function listPeersForMesh(slug: string): Promise<PeerRecord[]> {
+  const config = readConfig();
+  const joined = config.meshes.find((m) => m.slug === slug);
+  const selfMemberPubkey = joined?.pubkey ?? null;
+
   // Try warm path first.
   const bridged = await tryBridge(slug, "peers");
   if (bridged && bridged.ok) {
-    return bridged.result as PeerRecord[];
+    const peers = bridged.result as PeerRecord[];
+    return peers.map((p) => annotateSelf(p, selfMemberPubkey, null));
   }
   // Cold path — open our own WS.
   let result: PeerRecord[] = [];
   await withMesh({ meshSlug: slug }, async (client) => {
-    const all = await client.listPeers();
-    const selfPubkey = client.getSessionPubkey();
-    result = (selfPubkey ? all.filter((p) => p.pubkey !== selfPubkey) : all) as unknown as PeerRecord[];
+    const all = (await client.listPeers()) as unknown as PeerRecord[];
+    const selfSessionPubkey = client.getSessionPubkey();
+    result = all.map((p) =>
+      annotateSelf(p, selfMemberPubkey, selfSessionPubkey),
+    );
   });
   return result;
 }
 
+/**
+ * Tag each peer record with `isSelf` / `isThisSession` so the renderer
+ * (and downstream code that picks targets, e.g. `claudemesh send`) can
+ * tell sender's own sessions from real peers. The broker has always
+ * surfaced a sender's siblings as separate rows because they're separate
+ * presence rows; the cli just hadn't been making that visible.
+ */
+function annotateSelf(
+  peer: PeerRecord,
+  selfMemberPubkey: string | null,
+  selfSessionPubkey: string | null,
+): PeerRecord {
+  const isSelf = !!(
+    selfMemberPubkey &&
+    peer.memberPubkey &&
+    peer.memberPubkey === selfMemberPubkey
+  );
+  const isThisSession = !!(
+    isSelf &&
+    selfSessionPubkey &&
+    peer.pubkey === selfSessionPubkey
+  );
+  return { ...peer, isSelf, isThisSession };
+}
+
 export async function runPeers(flags: PeersFlags): Promise<void> {
   const config = readConfig();
   const slugs = flags.mesh ? [flags.mesh] : config.meshes.map((m) => m.slug);
@@ -122,7 +165,14 @@ export async function runPeers(flags: PeersFlags): Promise<void> {
         const metaStr = meta.length ? dim(` (${meta.join(", ")})`) : "";
         const summary = p.summary ? dim(`  — ${p.summary}`) : "";
         const pubkeyTag = dim(` · ${p.pubkey.slice(0, 16)}…`);
-        render.info(`${statusDot} ${name}${groups}${metaStr}${pubkeyTag}${summary}`);
+        const selfTag = p.isThisSession
+          ? dim(" ") + yellow("(this session)")
+          : p.isSelf
+            ? dim(" ") + yellow("(your other session)")
+            : "";
+        render.info(
+          `${statusDot} ${name}${selfTag}${groups}${metaStr}${pubkeyTag}${summary}`,
+        );
         if (p.cwd) render.info(dim(`   cwd: ${p.cwd}`));
       }
     } catch (e) {

apps/cli/src/commands/send.ts

@@ -22,6 +22,11 @@ export interface SendFlags {
   mesh?: string;
   priority?: string;
   json?: boolean;
+  /** Allow sending to a target that resolves to one of the caller's
+   * own sessions. Off by default — trying to message your own
+   * sibling session is almost always an accident (copying a hex
+   * pubkey from `peer list` without realizing it was your own row). */
+  self?: boolean;
 }
 
 export async function runSend(flags: SendFlags, to: string, message: string): Promise<void> {
@@ -42,6 +47,23 @@ export async function runSend(flags: SendFlags, to: string, message: string): Pr
     flags.mesh ??
     (config.meshes.length === 1 ? config.meshes[0]!.slug : null);
 
+  // Self-DM safety check: if target is a 64-char hex that matches the
+  // caller's own member pubkey (or any of the caller's session/member
+  // entries), refuse without --self. Catches the common pasted-from-
+  // peer-list-not-realizing-it-was-mine footgun.
+  if (!flags.self && meshSlug) {
+    const joined = config.meshes.find((m) => m.slug === meshSlug);
+    if (joined && /^[0-9a-f]{64}$/i.test(to) && to.toLowerCase() === joined.pubkey.toLowerCase()) {
+      render.err(
+        `Target "${to.slice(0, 16)}…" is your own member pubkey on mesh "${meshSlug}".`,
+      );
+      render.hint(
+        "Pass --self to message a sibling session of your own member, or pick a different peer's pubkey.",
+      );
+      process.exit(1);
+    }
+  }
+
   // Warm path — only when mesh is unambiguous.
   if (meshSlug) {
     const bridged = await tryBridge(meshSlug, "send", { to, message, priority });

apps/cli/src/entrypoints/cli.ts

@@ -318,7 +318,7 @@ async function main(): Promise<void> {
 
     // Messaging
     case "peers": { const { runPeers } = await import("~/commands/peers.js"); await runPeers({ mesh: flags.mesh as string, json: flags.json as boolean | string | undefined }); break; }
-    case "send": { const { runSend } = await import("~/commands/send.js"); await runSend({ mesh: flags.mesh as string, priority: flags.priority as string, json: !!flags.json }, positionals[0] ?? "", positionals.slice(1).join(" ")); break; }
+    case "send": { const { runSend } = await import("~/commands/send.js"); await runSend({ mesh: flags.mesh as string, priority: flags.priority as string, json: !!flags.json, self: !!flags.self }, positionals[0] ?? "", positionals.slice(1).join(" ")); break; }
     case "inbox": { const { runInbox } = await import("~/commands/inbox.js"); await runInbox({ json: !!flags.json }); break; }
     case "state": {
       const sub = positionals[0];