From 7f61a711f104867259509f99401e7dba17444cf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Guti=C3=A9rrez?= <35082514+alezmad@users.noreply.github.com> Date: Mon, 4 May 2026 22:05:30 +0100 Subject: [PATCH] docs(roadmap): mark 1.34.x triage gaps 1-3 shipped, gap 4 spec'd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the "Known gaps tracked for follow-ups" subsection of the v1.34.x section to reflect the 2026-05-04 follow-up sprint: - Gap 1 (stale CLAUDEMESH_CONFIG_DIR) shipped in 1.34.14. - Gap 2 (peer list --mesh scope) shipped in 1.34.15. Notes the diagnosis correction — bug was CLI-side, not broker. - Gap 3 (kick no-op on control-plane) shipped in 1.34.15 as refuse-with-hint. Richer presence-pause verb deferred. - Gap 4 (session capabilities) has a written spec at .artifacts/specs/2026-05-04-session-capabilities.md; implementation queued behind v0.3.0 topic-encryption. Co-Authored-By: Claude Opus 4.7 (1M context) --- docs/roadmap.md | 56 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/docs/roadmap.md b/docs/roadmap.md index e3733d5..f067f38 100644 --- a/docs/roadmap.md +++ b/docs/roadmap.md @@ -382,24 +382,46 @@ one chokepoint per layer. | inbox.db | `recipient_pubkey` / `recipient_kind` columns | 1.34.11 | | outbox.db | `sender_session_pubkey` for routing | 1.34.0 | -### Known gaps tracked for follow-ups +### Known gaps — status after the 2026-05-04 follow-up sprint -- `claudemesh launch` exports `CLAUDEMESH_CONFIG_DIR` / - `CLAUDEMESH_IPC_TOKEN_FILE` into the parent shell; vars persist - after the launched session exits and silently break subsequent - CLI calls until unset. Fish lacks `unset`; users hit - `set -e CLAUDEMESH_CONFIG_DIR`. -- Broker `listPeers` ignores `--mesh` filter (server-side returns - global peer set across all meshes regardless of the query - param). Read-view noise only; doesn't affect correctness. -- `kick` on a daemon's control-plane WS is effectively a no-op - (it auto-reconnects within seconds). Wants either a mesh-admin - cap check or a `presence pause [--mesh X]` verb. -- Session capabilities don't exist as a first-class concept — a - launched session inherits ALL of its parent member's grants. - Parent attestation is just an existence proof; it doesn't carry - a capability subset. Worth filling in before any cross-org - use case lands. +Three of the four 1.34.x triage gaps shipped in 1.34.14 + 1.34.15 +(2026-05-04). Gap #4 is spec'd and queued. + +- ✅ **Stale `CLAUDEMESH_CONFIG_DIR` falls back** *(1.34.14)*. The + env var no longer silently breaks subsequent CLI calls. When the + inherited path points at a tmpdir that no longer exists, + `paths.ts` warns once on stderr (TTY-only) with a shell-specific + unset hint and falls back to `~/.claudemesh`. The dir-existence + check (not `config.json`) keeps fresh-launch first-write working. +- ✅ **`peer list --mesh ` actually scopes** *(1.34.15)*. + Diagnosis from the original triage was wrong — broker has been + scoping correctly since 1.26.0 via `conn.meshId`. Bug was CLI- + side: `tryListPeersViaDaemon()` was called with no argument in + `commands/peers.ts:140` and `commands/launch.ts:407`. Both now + forward the slug as `?mesh=`. `send.ts` cross-mesh hex- + prefix resolution intentionally untouched. +- ✅ **`kick` refuses no-op kicks on control-plane** *(1.34.15)*. + Broker now skips peers where `peerRole === "control-plane"` and + surfaces them in a new additive ack field + `skipped_control_plane`; CLI reads it and points the user at + `ban` (remove member) or `daemon down` (take a daemon offline + locally). Soft `disconnect` keeps old behavior — useful when + intentionally nudging a control-plane peer to re-authenticate. + `PeerConn` gains a `peerRole` slot populated at both + `connections.set` sites. The richer `presence pause [--mesh X]` + verb (option (b) from the triage) deferred as its own feature. +- 📋 **Session capabilities — spec only**. Launched sessions still + inherit all member grants transitively. Spec at + `.artifacts/specs/2026-05-04-session-capabilities.md` covers a v2 + parent attestation alongside v1 with an `allowed_caps[]` subset, + broker enforcement as `intersection(member.peerGrants, session. + allowed_caps)`, and a bonus `state-write` cap to close the "any + session can clobber shared keys like `current-pr`" footgun. + Default when no caps subset is declared = full member set + (today's behavior; opt-in restriction). Ships behind a 1-week + dry-run window before flipping enforcement, mirroring the + original per-peer-capabilities rollout. ~1 sprint of focused + work; queued behind v0.3.0 topic-encryption. ---