chore(release): cli 1.22.0 — daemon v0.9.0 + housekeeping

- Bump apps/cli/package.json to 1.22.0 (additive feature: claudemesh
  daemon long-lived runtime).
- CHANGELOG entry for 1.22.0 covering subcommands, idempotency wiring,
  crash recovery, and the deferred Sprint 7 broker hardening.
- Roadmap entry for v0.9.0 daemon foundation right above the v2.0.0
  daemon redesign section, so the bridge release is documented as the
  shipped step toward the larger architectural shift.
- Move shipped daemon specs (v1..v10 iteration trail + locked v0.9.0
  spec + broker-hardening followups) from .artifacts/specs/ to
  .artifacts/shipped/ per the project artifact-pipeline convention.

Not in this commit: npm publish and the cli-v1.22.0 GitHub release tag
— both are public-distribution actions and require explicit user
approval.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

apps/cli/CHANGELOG.md

@@ -1,5 +1,46 @@
 # Changelog
 
+## 1.22.0 (2026-05-03) — daemon v0.9.0
+
+### New: `claudemesh daemon` — long-lived peer mesh runtime
+
+Persistent local process that holds the broker WS, durable outbox/inbox in
+SQLite, IPC over UDS (+ optional loopback TCP with bearer token), and SSE
+event stream. Surrogates wire-up; `claudemesh send` and friends route
+through the daemon when its socket is present, falling back to the
+existing bridge / cold paths otherwise.
+
+Subcommands:
+- `daemon up|start [--mesh <slug>] [--name ...] [--no-tcp] [--public-health]`
+- `daemon status [--json]`, `daemon down|stop`, `daemon version`
+- `daemon outbox list [--failed|--pending|--inflight|--done]`
+- `daemon outbox requeue <id> [--new-client-id <id>]`
+- `daemon accept-host` (per-host fingerprint pin)
+- `daemon install-service --mesh <slug>` (macOS launchd / Linux systemd-user)
+- `daemon uninstall-service`
+
+Idempotency end-to-end:
+- Caller-stable `client_message_id` + canonical `request_fingerprint`
+  (sha256 of envelope_version || dest_kind || dest_ref || reply_to ||
+  priority || canonical_meta_json || body_hash) attach on every send.
+- Broker persists both on `mesh.message_queue` (migration 0028, additive
+  + nullable) and echoes them on push, so receiving daemons dedupe their
+  inbox by `client_message_id`.
+- §4.5.1 IPC duplicate-lookup table (11 cases × no-row / 5 statuses ×
+  match/mismatch) covered by 15 unit tests.
+
+Crash recovery:
+- Outbox row transitions: `pending` → `inflight` → `done` / `dead` /
+  `aborted`. `BEGIN IMMEDIATE` serializes daemon-local writes; the drain
+  worker is wakeable via promise-replacement and backs off failed sends.
+- Decrypt path tries session secret key, then member secret key, then
+  base64 fallback, so legacy unencrypted pushes still inbox cleanly.
+
+Sprint 7 (broker-side dedupe enforcement: partial unique index +
+`mesh.client_message_dedupe` atomic-accept table) is intentionally
+deferred — see `.artifacts/shipped/2026-05-03-daemon-spec-broker-
+hardening-followups.md`.
+
 ## 1.0.0-alpha.0 (2026-04-13)
 
 ### Architecture

apps/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claudemesh-cli",
-  "version": "1.21.1",
+  "version": "1.22.0",
   "description": "Peer mesh for Claude Code sessions — CLI + MCP server.",
   "keywords": [
     "claude-code",

docs/roadmap.md

@@ -170,6 +170,45 @@ show to non-technical audiences. CLI v1.7.0 published to npm
 
 ---
 
+## v0.9.0 — *daemon foundation* — *shipped*
+
+The bridge release that lands the persistent local runtime without
+the v2.0.0 surgery. Existing flows (`claudemesh launch`, MCP, cold
+sends) keep working unchanged; opt-in by running `claudemesh daemon
+up` and the rest of the CLI starts routing through the local socket.
+
+- **`claudemesh daemon up`** — long-lived process holding one broker
+  WS per attached mesh, durable outbox/inbox in SQLite, IPC over UDS
+  (+ optional loopback TCP w/ bearer), SSE event stream.
+- **Caller-stable idempotency** — every send carries a
+  `client_message_id` and a canonical `request_fingerprint`
+  (sha256 over envelope shape). Broker persists both on
+  `mesh.message_queue` and echoes them on push. Receiving daemons
+  dedupe their inbox by `client_message_id`.
+- **§4.5.1 IPC duplicate-lookup table** — 11 cases × 5 statuses ×
+  match/mismatch covered by 15 unit tests.
+- **`claudemesh send` daemon routing** — daemon path tried first
+  when its UDS exists; falls back to bridge / cold path otherwise.
+  JSON output gains `via:"daemon"`.
+- **Service install** — `daemon install-service --mesh <slug>` writes
+  a launchd LaunchAgent on macOS / systemd-user unit on Linux.
+  Refuses CI envs unless `--allow-ci-persistent`.
+- **Outbox CLI** — `daemon outbox list [--failed|--pending|...]`,
+  `daemon outbox requeue <id>`. Atomic abort+insert with
+  `superseded_by` chain on requeue.
+- **Host-fingerprint pin** — `daemon accept-host` records a
+  sha256(machine-id || first-stable-mac) on first run; later restarts
+  refuse if the fingerprint shifts (accidental-clone detection).
+- **Sprint 7 deferred** — broker-side dedupe enforcement (partial
+  unique index on `(mesh_id, client_message_id)`,
+  `mesh.client_message_dedupe` atomic-accept table) intentionally
+  postponed; tracked at `.artifacts/shipped/2026-05-03-daemon-spec-
+  broker-hardening-followups.md`.
+
+Locked spec: `.artifacts/shipped/2026-05-03-daemon-spec-v0.9.0.md`.
+
+---
+
 ## v2.0.0 — *the daemon redesign*
 
 The single largest architectural shift. Promotes the persistent