feat(crypto): client-side direct-message encryption with crypto_box
Direct messages between peers are now end-to-end encrypted. The
broker only ever sees {nonce, ciphertext} — plaintext lives on the
two endpoints.
apps/cli/src/crypto/envelope.ts:
- encryptDirect(message, recipientPubkeyHex, senderSecretKeyHex)
→ {nonce, ciphertext} via crypto_box_easy, 24-byte fresh nonce
- decryptDirect(envelope, senderPubkeyHex, recipientSecretKeyHex)
→ plaintext or null (null on MAC failure / malformed input)
- ed25519 keys (from Step 17) are converted to X25519 on the fly via
crypto_sign_ed25519_{pk,sk}_to_curve25519 — one signing keypair
covers both signing + encryption roles.
BrokerClient.send():
- if targetSpec is a 64-hex pubkey → encrypt via crypto_box
- else (broadcast "*" or channel "#foo") → base64-wrapped plaintext
(shared-key encryption for channels lands in a later step)
InboundPush now carries:
- plaintext: string | null (decrypted body, null if decryption failed
OR it's a non-direct message)
- kind: "direct" | "broadcast" | "channel" | "unknown"
MCP check_messages formatter reads plaintext directly.
side-fixes pulled in during 18a:
- apps/broker/scripts/seed-test-mesh.ts now generates real ed25519
keypairs (the previous "aaaa…" / "bbbb…" fillers weren't valid
curve points, so crypto_sign_ed25519_pk_to_curve25519 rejected
them). Seed output now includes secretKey for each peer.
- apps/broker/src/broker.ts drainForMember wraps the atomic claim in
a CTE + outer ORDER BY so FIFO ordering is SQL-sourced, not
JS-sorted (Postgres microsecond timestamps collapse to the same
Date.getTime() milliseconds otherwise).
- vitest.config.ts fileParallelism: false — test files share
DB state via cleanupAllTestMeshes afterAll, so running them in
parallel caused one file's cleanup to race another's inserts.
- integration/health.test.ts "returns 200" now uses waitFullyHealthy
(a 200-only waiter) instead of waitHealthyOrAny — prevents a race
with the startup DB ping.
verified live:
- apps/cli/scripts/roundtrip.ts (direct A→B): ciphertext in DB is
opaque bytes (not base64-plaintext), decrypted correctly on arrival
- apps/cli/scripts/join-roundtrip.ts (full join → encrypted send):
PASSED
- 48/48 broker tests green
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alejandro Gutiérrez
@@ -29,7 +29,7 @@ execSync(`rm -rf "${process.env.CLAUDEMESH_CONFIG_DIR}"`, {
|
||||
|
||||
const seed = JSON.parse(readFileSync("/tmp/cli-seed.json", "utf-8")) as {
|
||||
meshId: string;
|
||||
peerB: { memberId: string; pubkey: string };
|
||||
peerB: { memberId: string; pubkey: string; secretKey: string };
|
||||
};
|
||||
|
||||
async function main(): Promise<void> {
|
||||
@@ -65,18 +65,20 @@ async function main(): Promise<void> {
|
||||
);
|
||||
|
||||
// 4. Connect also as peer-B (the target) so we can observe receipt.
|
||||
// Uses the real keypair from the seed (needed for crypto_box decrypt).
|
||||
const targetMesh: JoinedMesh = {
|
||||
...joinedMesh,
|
||||
memberId: seed.peerB.memberId,
|
||||
slug: "rt-join-b",
|
||||
pubkey: seed.peerB.pubkey,
|
||||
secretKey: seed.peerB.secretKey,
|
||||
};
|
||||
const joiner = new BrokerClient(joinedMesh);
|
||||
const target = new BrokerClient(targetMesh);
|
||||
|
||||
let received = "";
|
||||
target.onPush((m) => {
|
||||
received = Buffer.from(m.ciphertext, "base64").toString("utf-8");
|
||||
received = m.plaintext ?? "";
|
||||
console.log(`[rt] target got: "${received}"`);
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user