feat(cli): claudemesh daemon — peer mesh runtime (v0.9.0)
Long-lived process that holds a persistent WS to the broker and exposes
a local IPC surface (UDS + bearer-auth TCP loopback). Implements the
v0.9.0 spec under .artifacts/specs/.
Core:
- daemon up | status | version | down | accept-host
- daemon outbox list [--failed|--pending|--inflight|--done|--aborted]
- daemon outbox requeue <id> [--new-client-id <id>]
- daemon install-service / uninstall-service (macOS launchd, Linux systemd)
IPC routes:
- /v1/version, /v1/health
- /v1/send (POST) — full §4.5.1 idempotency lookup table
- /v1/inbox (GET) — paged history
- /v1/events — SSE stream of message/peer_join/peer_leave/broker_status
- /v1/peers — broker passthrough
- /v1/profile — summary/status/visible/avatar/title/bio/capabilities
- /v1/outbox + /v1/outbox/requeue — operator recovery
Storage (SQLite via node:sqlite / bun:sqlite):
- outbox.db: pending/inflight/done/dead/aborted with audit columns
- inbox.db: dedupe by client_message_id, decrypts DMs via existing crypto
- BEGIN IMMEDIATE serialization for daemon-local accept races
Identity:
- host_fingerprint.json (machine-id || first-stable-mac)
- refuse-on-mismatch policy with `daemon accept-host` recovery
CLI integration:
- claudemesh send detects the daemon and routes through /v1/send when
present, falling back to bridge socket / cold path otherwise
Tests: 15-case coverage of the §4.5.1 IPC duplicate lookup table.
Spec arc preserved at .artifacts/specs/2026-05-03-daemon-{v1..v10}.md;
v0.9.0 implementation target locked at 2026-05-03-daemon-spec-v0.9.0.md;
deferred items at 2026-05-03-daemon-spec-broker-hardening-followups.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alejandro Gutiérrez
128
apps/cli/src/daemon/inbound.ts
Normal file
128
apps/cli/src/daemon/inbound.ts
Normal file
@@ -0,0 +1,128 @@
|
||||
// Decode incoming broker pushes and dedupe-insert them into the daemon
|
||||
// inbox. Publishes a `message` event to the daemon's event bus on every
|
||||
// new row (idempotent receives suppress the event).
|
||||
|
||||
import { randomUUID } from "node:crypto";
|
||||
|
||||
import type { SqliteDb } from "./db/sqlite.js";
|
||||
import { insertIfNew } from "./db/inbox.js";
|
||||
import type { EventBus } from "./events.js";
|
||||
import { decryptDirect } from "~/services/crypto/facade.js";
|
||||
|
||||
export interface InboundContext {
|
||||
db: SqliteDb;
|
||||
bus: EventBus;
|
||||
meshSlug: string;
|
||||
/** Daemon's mesh secret key hex, used to decrypt sealed DMs. */
|
||||
recipientSecretKeyHex?: string;
|
||||
/** Daemon's session secret key hex (rotates per connect). When the
|
||||
* sender encrypted to our session pubkey, decrypt with this instead. */
|
||||
sessionSecretKeyHex?: string;
|
||||
log?: (level: "info" | "warn" | "error", msg: string, meta?: Record<string, unknown>) => void;
|
||||
}
|
||||
|
||||
/**
|
||||
* Spec §4.5: dedupe by `client_message_id` (broker echoes it from the
|
||||
* sender's daemon). When the broker doesn't yet propagate the field
|
||||
* (Sprint 7 prereq), fall back to the broker's `messageId` as the
|
||||
* dedupe key — at-least-once still holds; we just lose the
|
||||
* sender-attested form.
|
||||
*/
|
||||
export async function handleBrokerPush(msg: Record<string, unknown>, ctx: InboundContext): Promise<void> {
|
||||
// System/topology pushes (peer_join, tick, …) — emit verbatim.
|
||||
if (msg.subtype === "system" && typeof msg.event === "string") {
|
||||
ctx.bus.publish(mapSystemEventKind(msg.event), {
|
||||
mesh: ctx.meshSlug,
|
||||
event: msg.event,
|
||||
...(msg.eventData as Record<string, unknown> | undefined ?? {}),
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
if (msg.type !== "push") return;
|
||||
|
||||
const brokerMessageId = stringOrNull(msg.messageId);
|
||||
const senderPubkey = stringOrNull(msg.senderPubkey) ?? "";
|
||||
const senderName = stringOrNull(msg.senderName) ?? senderPubkey.slice(0, 8);
|
||||
const topic = stringOrNull(msg.topic);
|
||||
const replyToId = stringOrNull(msg.replyToId);
|
||||
const ciphertext = stringOrNull(msg.ciphertext) ?? "";
|
||||
const nonce = stringOrNull(msg.nonce) ?? "";
|
||||
const createdAt = stringOrNull(msg.createdAt);
|
||||
// Forward-compat: Sprint 7 brokers will send client_message_id alongside.
|
||||
const clientMessageId = stringOrNull(msg.client_message_id) ?? brokerMessageId ?? randomUUID();
|
||||
const body = await decryptOrFallback({
|
||||
ciphertext, nonce, senderPubkey, ctx,
|
||||
});
|
||||
|
||||
const id = randomUUID();
|
||||
const inserted = insertIfNew(ctx.db, {
|
||||
id,
|
||||
client_message_id: clientMessageId,
|
||||
broker_message_id: brokerMessageId,
|
||||
mesh: ctx.meshSlug,
|
||||
topic,
|
||||
sender_pubkey: senderPubkey,
|
||||
sender_name: senderName,
|
||||
body,
|
||||
meta: createdAt ? JSON.stringify({ created_at: createdAt }) : null,
|
||||
received_at: Date.now(),
|
||||
reply_to_id: replyToId,
|
||||
});
|
||||
|
||||
if (!inserted) return; // already had this id; no event
|
||||
|
||||
ctx.bus.publish("message", {
|
||||
id,
|
||||
mesh: ctx.meshSlug,
|
||||
client_message_id: clientMessageId,
|
||||
broker_message_id: brokerMessageId,
|
||||
sender_pubkey: senderPubkey,
|
||||
sender_name: senderName,
|
||||
topic,
|
||||
reply_to_id: replyToId,
|
||||
body,
|
||||
created_at: createdAt,
|
||||
});
|
||||
}
|
||||
|
||||
async function decryptOrFallback(args: {
|
||||
ciphertext: string;
|
||||
nonce: string;
|
||||
senderPubkey: string;
|
||||
ctx: InboundContext;
|
||||
}): Promise<string | null> {
|
||||
const { ciphertext, nonce, senderPubkey, ctx } = args;
|
||||
if (!ciphertext) return null;
|
||||
|
||||
// Try DM decrypt first (sender used crypto_box against our session/member key).
|
||||
if (nonce && senderPubkey) {
|
||||
const envelope = { nonce, ciphertext };
|
||||
// Try session key (sender encrypted to our session pubkey, the common case).
|
||||
if (ctx.sessionSecretKeyHex) {
|
||||
const pt = await decryptDirect(envelope, senderPubkey, ctx.sessionSecretKeyHex);
|
||||
if (pt !== null) return pt;
|
||||
}
|
||||
// Fall back to member key (sender encrypted to our stable mesh pubkey).
|
||||
if (ctx.recipientSecretKeyHex) {
|
||||
const pt = await decryptDirect(envelope, senderPubkey, ctx.recipientSecretKeyHex);
|
||||
if (pt !== null) return pt;
|
||||
}
|
||||
}
|
||||
|
||||
// Fallback: broadcast/topic posts are base64 plaintext (existing CLI
|
||||
// pre-encryption convention for `*` and `@topic`). Sprint 7+ adds per-
|
||||
// topic symmetric keys.
|
||||
try { return Buffer.from(ciphertext, "base64").toString("utf8"); }
|
||||
catch (e) { ctx.log?.("warn", "inbound_b64_decode_failed", { err: String(e) }); return null; }
|
||||
}
|
||||
|
||||
function stringOrNull(v: unknown): string | null {
|
||||
return typeof v === "string" && v.length > 0 ? v : null;
|
||||
}
|
||||
|
||||
function mapSystemEventKind(event: string): "peer_join" | "peer_leave" | "system" {
|
||||
if (event === "peer_joined") return "peer_join";
|
||||
if (event === "peer_left") return "peer_leave";
|
||||
return "system";
|
||||
}
|
||||
Reference in New Issue
Block a user