docs(roadmap): record sprint A ships (1.26.0 through 1.29.0)

extend the v0.9.x section with a new "v1.26.0 → v1.29.0 — sprint A
toward v2" block listing what each release delivered. trim the
v2.0.0 section to just the remaining HKDF identity work; everything
else from the original v2 spec is now shipped.

queue 1.30.0 (launch wizard), 1.31.0 (setup wizard), 1.32.0 (full
workspace rename) as the explicit remaining items before HKDF
ships as 2.0.0 in its own sprint.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docs/roadmap.md

@@ -223,43 +223,80 @@ The v0.9.0 foundation got promoted in three quick releases:
   IPC accept time, drain is a forwarder. Adds `mesh`, `target_spec`,
   `nonce`, `ciphertext`, `priority` columns to the outbox.
 - **1.25.0** — CLI thin-client routing for `peer list`,
-  `skill list`, `skill get`. Same daemon-first / bridge / cold-path
+  `skill list`, `skill get`.
-  fallback shape as `trySendViaDaemon`.
 - **1.25.0** — ambient mode: raw `claude` Just Works after
-  `claudemesh install`. No more `claudemesh launch` ceremony for the
+  `claudemesh install`.
-  common case.
 
-What this leaves on the v2.0.0 redesign roadmap is documented at
+What this leaves on the v2.0.0 redesign is documented at
-`.artifacts/specs/2026-05-04-v2-roadmap-completion.md`: daemon
+`.artifacts/specs/2026-05-04-v2-roadmap-completion.md`.
-multi-mesh, full CLI-to-thin-client conversion, mesh→workspace
-rename, HKDF identity.
 
 ---
 
-## v2.0.0 — *the daemon redesign*
+## v1.26.0 → v1.29.0 — *Sprint A toward v2* — *shipped*
 
-The single largest architectural shift. Promotes the persistent
+The Sprint A push completed everything spec'd for v2.0.0 *except* HKDF
-thing (the user's account + identity) to a persistent process (the
+identity (deferred for security review).
-daemon), demotes the ephemeral thing (the Claude session) to a thin
-client. **Half-shipped via 1.24.0 + 1.25.0; remainder spec'd at
-`.artifacts/specs/2026-05-04-v2-roadmap-completion.md`.**
 
-- **`claudemesh-daemon`** — long-lived per-user launchd / systemd
+- **1.26.0** — multi-mesh daemon. One process attaches to every joined
-  unit. One WebSocket per workspace, persistent across reboots and
+  workspace simultaneously. Aggregate read routes (`/v1/peers`,
-  Claude restarts. Listens on `~/.claudemesh/sockets/<workspace>.sock`.
+  `/v1/skills`) tag each record with its mesh; explicit `?mesh=<slug>`
-- **HKDF-derived peer keypairs** — same identity across machines,
+  narrows server-side. Outbox dispatch picks the right broker via the
-  no key copy ritual. Web sign-up = CLI sign-up = same crypto identity.
+  `mesh` column.
-- **Stateless CLI verbs** — every existing command becomes a thin
+- **1.27.0** — thin-client expansion to state + memory. `state get`,
-  socket client of the daemon. ~3000 LoC removed.
+  `state set`, `state list`, `remember`, `recall`, `forget` all route
-- **MCP server shrinks to ~50 LoC** — just a daemon-socket →
+  through `/v1/state` and `/v1/memory`. First teaser of the
-  `experimental.claude/channel` adapter.
+  `claudemesh workspace <verb>` alias surface.
-- **`claudemesh launch` deprecated** — ambient mode means `claude`
+- **1.27.1** — wired six previously-dead launch flags through the CLI
-  works with no flags. Launch becomes a one-line alias that prints
+  entrypoint (`--role`, `--groups`, `--message-mode`, `--system-prompt`,
-  "ambient mode now, just run `claude`."
+  `--continue`, `--quiet`). Pure plumbing fix.
-- **"Mesh" → "workspace" public surface** — DB tables keep
+- **1.27.2** — bundled `SKILL.md` gains a canonical fully-populated
-  `mesh_*` names for migration sanity.
+  spawn template + per-flag annotation table for unattended scripting.
+- **1.27.3** — self-healing daemon lifecycle. Every CLI verb probes
+  `/v1/version` (no more stale-socket false positives), auto-spawns a
+  detached `daemon up` under a file-lock when down, polls until live.
+  30 s recently-failed marker prevents thundering-herd retries.
+- **1.28.0** — bridge tier deletion (~600 LoC dead code removed) +
+  per-process daemon policy: `--strict` (refuse cold fallback) and
+  `--no-daemon` (skip daemon entirely). Single chokepoint at
+  `withMesh`. Env equivalents.
+- **1.29.0** — per-session IPC tokens. Every `claudemesh launch` mints
+  a 32-byte token under tmpdir mode-0600, registers it with the
+  daemon, exposes the path via `CLAUDEMESH_IPC_TOKEN_FILE` to children.
+  Daemon resolves `Authorization: ClaudeMesh-Session <hex>` to a
+  `SessionInfo`. CLI invocations from inside a launched session
+  auto-scope to its workspace instead of aggregating across all
+  joined meshes (verified: `peer list` returns 1 workspace's peers
+  with token, all 3 without). Server-side `meshFromCtx()` plumbing
+  on every read route.
 
-Spec: `.artifacts/specs/2026-05-02-roadmap.md`.
+What's left for true v2.0.0 (next sessions):
+
+- **1.30.0** — launch wizard refactor (single render loop, daemon-as-
+  step probe panel, last-used persistence, drop `@ts-nocheck`).
+- **1.31.0** — setup wizard refactor (state-detection snapshot, four-
+  branch flow, daemon install offer, post-join panel).
+- **1.32.0** — full mesh→workspace public-surface rename in help/docs/
+  site; mesh aliases tagged deprecated; protocol/DB stay `mesh_*`.
+
+---
+
+## v2.0.0 — *HKDF cross-machine identity*
+
+The remaining v2 promise after Sprint A: the user's account secret
+derives a deterministic ed25519 keypair per workspace. Same identity
+across laptop + desktop + server, no key copy ritual.
+
+- **`HKDF(account_secret, info: "claudemesh/mesh/<mesh_id>/peer",
+  salt: <user_id>)`** — derived per-workspace.
+- **Broker `account_secret` distribution** — vended on first
+  authenticated install over TLS. Needs design review on key
+  compromise recovery story.
+- **Migration** — existing keypairs in config keep working. Opt-in
+  re-enrollment for users who want cross-machine sync.
+- **Hello-sig protocol** — unchanged.
+
+Reserved as its own sprint with an explicit security-review window.
+Estimated 2-3 weeks.
 
 ---