alezmad/claudemesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(cli): invite-link parsing + join flow + keypair generation

Browse Source 
End-to-end join: user runs `claudemesh join ic://join/<base64>` and
walks away with a signed member record + persistent keypair.

new modules:
- src/crypto/keypair.ts: libsodium ed25519 keypair generation. Format
  is crypto_sign_keypair raw bytes, hex-encoded (32-byte pub, 64-byte
  secret = seed || pub). Same format libsodium will need in Step 18
  for sign/verify.
- src/invite/parse.ts: ic://join/<base64url(JSON)> parser with Zod
  shape validation + expiry check. encodeInviteLink helper for tests.
- src/invite/enroll.ts: POST /join to broker, converts ws:// to http://
  transparently.

rewritten join command wires them together:
  1. parse invite → 2. generate keypair → 3. POST /join → 4. persist
  config → 5. print success.

state/config.ts: saveConfig now chmods the file to 0600 after write,
since it holds ed25519 secret keys. No-op on Windows.

signature verification (step 18) + invite-token one-time-use tracking
are deferred. For now the invite link is a plain bearer token; any
client with the link can join.

verified end-to-end via apps/cli/scripts/join-roundtrip.ts:
  build invite → run join subprocess → load new config → connect as
  new member → send A→B → receive push. Flow passes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alejandro Gutiérrez
2026-04-04 22:36:32 +01:00
parent 39b914bdce
commit 758ea0e42c
8 changed files with 400 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/cli/src/state/config.ts
View File

@@ -6,7 +6,13 @@
* and on every join/leave.
*/
import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
import {
readFileSync,
writeFileSync,
existsSync,
mkdirSync,
chmodSync,
} from "node:fs";
import { homedir } from "node:os";
import { join, dirname } from "node:path";
import { z } from "zod";
@@ -51,6 +57,12 @@ export function loadConfig(): Config {
export function saveConfig(config: Config): void {
mkdirSync(dirname(CONFIG_PATH), { recursive: true });
writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2) + "\n", "utf-8");
// Config holds ed25519 secret keys — restrict to owner read/write.
try {
chmodSync(CONFIG_PATH, 0o600);
} catch {
// Windows filesystems ignore chmod; that's fine.
}
}
export function getConfigPath(): string {