alezmad/claudemesh
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: v0.1.10 — per-session ephemeral keypairs
Some checks failed
CI / Lint (push) Has been cancelled
Details
CI / Typecheck (push) Has been cancelled
Details
CI / Broker tests (Postgres) (push) Has been cancelled
Details
CI / Docker build (linux/amd64) (push) Has been cancelled
Details
Release / Publish multi-arch images (push) Has been cancelled
Details

Browse Source 
Each WS connection generates its own ed25519 keypair (sessionPubkey)
sent in the hello handshake. The broker stores it on the presence
row and uses it for message routing + list_peers. This gives every
`claudemesh launch` a unique crypto identity without burning invite
uses — member auth stays permanent, session identity is ephemeral.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alejandro Gutiérrez
2026-04-06 11:14:33 +01:00
parent c8682dd700
commit af8f8ed1f9
9 changed files with 49 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/broker/src/broker.ts
View File

@@ -307,6 +307,7 @@ export async function refreshStatusFromJsonl(
export interface ConnectParams {
memberId: string;
sessionId: string;
sessionPubkey?: string;
displayName?: string;
pid: number;
cwd: string;
@@ -322,6 +323,7 @@ export async function connectPresence(
.values({
memberId: params.memberId,
sessionId: params.sessionId,
sessionPubkey: params.sessionPubkey ?? null,
displayName: params.displayName ?? null,
pid: params.pid,
cwd: params.cwd,
@@ -371,7 +373,8 @@ export async function listPeersInMesh(
> {
const rows = await db
.select({
pubkey: memberTable.peerPubkey,
memberPubkey: memberTable.peerPubkey,
sessionPubkey: presence.sessionPubkey,
memberDisplayName: memberTable.displayName,
presenceDisplayName: presence.displayName,
status: presence.status,
@@ -388,9 +391,9 @@ export async function listPeersInMesh(
),
)
.orderBy(asc(presence.connectedAt));
// Prefer per-session displayName over member-level displayName.
// Prefer session pubkey for routing, session displayName for display.
return rows.map((r) => ({
pubkey: r.pubkey,
pubkey: r.sessionPubkey || r.memberPubkey,
displayName: r.presenceDisplayName || r.memberDisplayName,
status: r.status,
summary: r.summary,
@@ -469,6 +472,7 @@ export async function drainForMember(
_memberId: string,
memberPubkey: string,
status: PeerStatus,
sessionPubkey?: string,
): Promise<
Array<{
id: string;
@@ -509,7 +513,7 @@ export async function drainForMember(
WHERE mesh_id = ${meshId}
AND delivered_at IS NULL
AND priority::text IN (${priorityList})
AND (target_spec = ${memberPubkey} OR target_spec = '*')
AND (target_spec = ${memberPubkey} OR target_spec = '*'${sessionPubkey ? sql` OR target_spec = ${sessionPubkey}` : sql``})
ORDER BY created_at ASC, id ASC
FOR UPDATE SKIP LOCKED
)