From a2568ad9f407e0a83c6d2ef4a1e8c9ed5d3f0e41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20Guti=C3=A9rrez?=
 <35082514+alezmad@users.noreply.github.com>
Date: Sun, 3 May 2026 20:24:32 +0100
Subject: [PATCH] =?UTF-8?q?chore(release):=20cli=201.22.0=20=E2=80=94=20da?=
 =?UTF-8?q?emon=20v0.9.0=20+=20housekeeping?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Bump apps/cli/package.json to 1.22.0 (additive feature: claudemesh
  daemon long-lived runtime).
- CHANGELOG entry for 1.22.0 covering subcommands, idempotency wiring,
  crash recovery, and the deferred Sprint 7 broker hardening.
- Roadmap entry for v0.9.0 daemon foundation right above the v2.0.0
  daemon redesign section, so the bridge release is documented as the
  shipped step toward the larger architectural shift.
- Move shipped daemon specs (v1..v10 iteration trail + locked v0.9.0
  spec + broker-hardening followups) from .artifacts/specs/ to
  .artifacts/shipped/ per the project artifact-pipeline convention.

Not in this commit: npm publish and the cli-v1.22.0 GitHub release tag
— both are public-distribution actions and require explicit user
approval.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../2026-05-03-daemon-final-spec-v10.md       |  0
 .../2026-05-03-daemon-final-spec-v2.md        |  0
 .../2026-05-03-daemon-final-spec-v3.md        |  0
 .../2026-05-03-daemon-final-spec-v4.md        |  0
 .../2026-05-03-daemon-final-spec-v5.md        |  0
 .../2026-05-03-daemon-final-spec-v6.md        |  0
 .../2026-05-03-daemon-final-spec-v7.md        |  0
 .../2026-05-03-daemon-final-spec-v8.md        |  0
 .../2026-05-03-daemon-final-spec-v9.md        |  0
 .../2026-05-03-daemon-final-spec.md           |  0
 ...-daemon-spec-broker-hardening-followups.md |  0
 .../2026-05-03-daemon-spec-v0.9.0.md          |  0
 apps/cli/CHANGELOG.md                         | 41 +++++++++++++++++++
 apps/cli/package.json                         |  2 +-
 docs/roadmap.md                               | 39 ++++++++++++++++++
 15 files changed, 81 insertions(+), 1 deletion(-)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec-v10.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec-v2.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec-v3.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec-v4.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec-v5.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec-v6.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec-v7.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec-v8.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec-v9.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-final-spec.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-spec-broker-hardening-followups.md (100%)
 rename .artifacts/{specs => shipped}/2026-05-03-daemon-spec-v0.9.0.md (100%)

diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec-v10.md b/.artifacts/shipped/2026-05-03-daemon-final-spec-v10.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec-v10.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec-v10.md
diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec-v2.md b/.artifacts/shipped/2026-05-03-daemon-final-spec-v2.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec-v2.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec-v2.md
diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec-v3.md b/.artifacts/shipped/2026-05-03-daemon-final-spec-v3.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec-v3.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec-v3.md
diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec-v4.md b/.artifacts/shipped/2026-05-03-daemon-final-spec-v4.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec-v4.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec-v4.md
diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec-v5.md b/.artifacts/shipped/2026-05-03-daemon-final-spec-v5.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec-v5.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec-v5.md
diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec-v6.md b/.artifacts/shipped/2026-05-03-daemon-final-spec-v6.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec-v6.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec-v6.md
diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec-v7.md b/.artifacts/shipped/2026-05-03-daemon-final-spec-v7.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec-v7.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec-v7.md
diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec-v8.md b/.artifacts/shipped/2026-05-03-daemon-final-spec-v8.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec-v8.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec-v8.md
diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec-v9.md b/.artifacts/shipped/2026-05-03-daemon-final-spec-v9.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec-v9.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec-v9.md
diff --git a/.artifacts/specs/2026-05-03-daemon-final-spec.md b/.artifacts/shipped/2026-05-03-daemon-final-spec.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-final-spec.md
rename to .artifacts/shipped/2026-05-03-daemon-final-spec.md
diff --git a/.artifacts/specs/2026-05-03-daemon-spec-broker-hardening-followups.md b/.artifacts/shipped/2026-05-03-daemon-spec-broker-hardening-followups.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-spec-broker-hardening-followups.md
rename to .artifacts/shipped/2026-05-03-daemon-spec-broker-hardening-followups.md
diff --git a/.artifacts/specs/2026-05-03-daemon-spec-v0.9.0.md b/.artifacts/shipped/2026-05-03-daemon-spec-v0.9.0.md
similarity index 100%
rename from .artifacts/specs/2026-05-03-daemon-spec-v0.9.0.md
rename to .artifacts/shipped/2026-05-03-daemon-spec-v0.9.0.md
diff --git a/apps/cli/CHANGELOG.md b/apps/cli/CHANGELOG.md
index 4ad6e0d..f62bc4f 100644
--- a/apps/cli/CHANGELOG.md
+++ b/apps/cli/CHANGELOG.md
@@ -1,5 +1,46 @@
 # Changelog
 
+## 1.22.0 (2026-05-03) — daemon v0.9.0
+
+### New: `claudemesh daemon` — long-lived peer mesh runtime
+
+Persistent local process that holds the broker WS, durable outbox/inbox in
+SQLite, IPC over UDS (+ optional loopback TCP with bearer token), and SSE
+event stream. Surrogates wire-up; `claudemesh send` and friends route
+through the daemon when its socket is present, falling back to the
+existing bridge / cold paths otherwise.
+
+Subcommands:
+- `daemon up|start [--mesh <slug>] [--name ...] [--no-tcp] [--public-health]`
+- `daemon status [--json]`, `daemon down|stop`, `daemon version`
+- `daemon outbox list [--failed|--pending|--inflight|--done]`
+- `daemon outbox requeue <id> [--new-client-id <id>]`
+- `daemon accept-host` (per-host fingerprint pin)
+- `daemon install-service --mesh <slug>` (macOS launchd / Linux systemd-user)
+- `daemon uninstall-service`
+
+Idempotency end-to-end:
+- Caller-stable `client_message_id` + canonical `request_fingerprint`
+  (sha256 of envelope_version || dest_kind || dest_ref || reply_to ||
+  priority || canonical_meta_json || body_hash) attach on every send.
+- Broker persists both on `mesh.message_queue` (migration 0028, additive
+  + nullable) and echoes them on push, so receiving daemons dedupe their
+  inbox by `client_message_id`.
+- §4.5.1 IPC duplicate-lookup table (11 cases × no-row / 5 statuses ×
+  match/mismatch) covered by 15 unit tests.
+
+Crash recovery:
+- Outbox row transitions: `pending` → `inflight` → `done` / `dead` /
+  `aborted`. `BEGIN IMMEDIATE` serializes daemon-local writes; the drain
+  worker is wakeable via promise-replacement and backs off failed sends.
+- Decrypt path tries session secret key, then member secret key, then
+  base64 fallback, so legacy unencrypted pushes still inbox cleanly.
+
+Sprint 7 (broker-side dedupe enforcement: partial unique index +
+`mesh.client_message_dedupe` atomic-accept table) is intentionally
+deferred — see `.artifacts/shipped/2026-05-03-daemon-spec-broker-
+hardening-followups.md`.
+
 ## 1.0.0-alpha.0 (2026-04-13)
 
 ### Architecture
diff --git a/apps/cli/package.json b/apps/cli/package.json
index b0775e9..6d788e5 100644
--- a/apps/cli/package.json
+++ b/apps/cli/package.json
@@ -1,6 +1,6 @@
 {
   "name": "claudemesh-cli",
-  "version": "1.21.1",
+  "version": "1.22.0",
   "description": "Peer mesh for Claude Code sessions — CLI + MCP server.",
   "keywords": [
     "claude-code",
diff --git a/docs/roadmap.md b/docs/roadmap.md
index 8999168..a97b449 100644
--- a/docs/roadmap.md
+++ b/docs/roadmap.md
@@ -170,6 +170,45 @@ show to non-technical audiences. CLI v1.7.0 published to npm
 
 ---
 
+## v0.9.0 — *daemon foundation* — *shipped*
+
+The bridge release that lands the persistent local runtime without
+the v2.0.0 surgery. Existing flows (`claudemesh launch`, MCP, cold
+sends) keep working unchanged; opt-in by running `claudemesh daemon
+up` and the rest of the CLI starts routing through the local socket.
+
+- **`claudemesh daemon up`** — long-lived process holding one broker
+  WS per attached mesh, durable outbox/inbox in SQLite, IPC over UDS
+  (+ optional loopback TCP w/ bearer), SSE event stream.
+- **Caller-stable idempotency** — every send carries a
+  `client_message_id` and a canonical `request_fingerprint`
+  (sha256 over envelope shape). Broker persists both on
+  `mesh.message_queue` and echoes them on push. Receiving daemons
+  dedupe their inbox by `client_message_id`.
+- **§4.5.1 IPC duplicate-lookup table** — 11 cases × 5 statuses ×
+  match/mismatch covered by 15 unit tests.
+- **`claudemesh send` daemon routing** — daemon path tried first
+  when its UDS exists; falls back to bridge / cold path otherwise.
+  JSON output gains `via:"daemon"`.
+- **Service install** — `daemon install-service --mesh <slug>` writes
+  a launchd LaunchAgent on macOS / systemd-user unit on Linux.
+  Refuses CI envs unless `--allow-ci-persistent`.
+- **Outbox CLI** — `daemon outbox list [--failed|--pending|...]`,
+  `daemon outbox requeue <id>`. Atomic abort+insert with
+  `superseded_by` chain on requeue.
+- **Host-fingerprint pin** — `daemon accept-host` records a
+  sha256(machine-id || first-stable-mac) on first run; later restarts
+  refuse if the fingerprint shifts (accidental-clone detection).
+- **Sprint 7 deferred** — broker-side dedupe enforcement (partial
+  unique index on `(mesh_id, client_message_id)`,
+  `mesh.client_message_dedupe` atomic-accept table) intentionally
+  postponed; tracked at `.artifacts/shipped/2026-05-03-daemon-spec-
+  broker-hardening-followups.md`.
+
+Locked spec: `.artifacts/shipped/2026-05-03-daemon-spec-v0.9.0.md`.
+
+---
+
 ## v2.0.0 — *the daemon redesign*
 
 The single largest architectural shift. Promotes the persistent