403 Commits

Author	SHA1	Message	Date
Alejandro Gutiérrez	dad51870d9	feat(broker): file upload recipient picker in telegram bridge ... Instead of broadcasting files to all peers, the bot now uploads first then shows an inline keyboard: individual peers, Everyone, or Keep private. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 13:43:55 +01:00
Alejandro Gutiérrez	a6af0f2154	security(broker): harden telegram bridge for production ... - Validate JWT signature + expiry in /start (was only decoding, not verifying) - Constant-time signature comparison in telegram-token.ts (prevent timing attacks) - Rate limit /tg/token endpoint: 10 requests/hour per IP - Grammy bot.catch() error handler (prevent unhandled rejections crashing broker) - Cap WS reconnect attempts at 20 (prevent infinite retry loop) - Expire stale pendingDMs entries (prevent memory leak) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 13:20:59 +01:00
Alejandro Gutiérrez	0661e6223a	fix(web): correct LinkedIn URL on about page ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 13:17:24 +01:00
Alejandro Gutiérrez	05e3c43e29	fix(web): scope webpack SVG loader to packages/ui only ... Exclude app/ SVGs (icon.svg, opengraph) from @svgr/webpack — Next.js metadata loader handles those. Only transform flag/logo SVGs from packages/ui/. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 13:01:00 +01:00
Alejandro Gutiérrez	e3fa6e6a5e	feat(cli): register connect/disconnect telegram commands ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 12:44:32 +01:00
Alejandro Gutiérrez	17066b4f6c	fix(web): add webpack SVG loader (TURBOPACK=0 prod builds) ... turbopack.rules only applies to turbopack. When building with TURBOPACK=0 (required for Payload CMS), webpack has no SVG rule. Icons.UnitedKingdom returns an object → React #130. Adding a webpack config rule for @svgr/webpack fixes both bundler paths. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 12:43:44 +01:00
Alejandro Gutiérrez	8d1685e64d	fix(broker): upsert telegram bridge on reconnect (duplicate key) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 12:33:02 +01:00
Alejandro Gutiérrez	bb28e16c7d	fix(broker): increase healthcheck start-period, catch Grammy errors ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 11:14:44 +01:00
Alejandro Gutiérrez	ac59d2acfe	fix(broker): correct bot username claudemeshbot (no underscore) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 11:08:00 +01:00
Alejandro Gutiérrez	0a1af84712	fix(web): skip sherif postinstall in Docker build ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 10:56:42 +01:00
Alejandro Gutiérrez	18dc29aba1	feat(web): timeline section — 66 releases, every feature shipped ... Editorial timeline with vertical track, colored phase markers, 2-column feature grids per milestone. Shows v0.1→v0.8 evolution: Foundation → Groups → Shared Intelligence → Files → Data Platform → Platform. Anchored by '66 npm releases. Every feature below is in production today.' Dashed 'next' card at bottom for roadmap. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 10:50:52 +01:00
Alejandro Gutiérrez	795217093f	fix(broker): wire telegram bridge boot + token endpoint into index.ts ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 10:49:56 +01:00
Alejandro Gutiérrez	61b0813924	fix(broker): add grammy dependency for telegram bridge ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 10:43:12 +01:00
Alejandro Gutiérrez	126bbfeb2c	feat(broker+cli): multi-tenant telegram bridge with 4 entry points ... - DB: mesh.telegram_bridge table + migration - Broker: telegram-bridge.ts (Grammy bot + WS pool + routing) - Broker: telegram-token.ts (JWT connect tokens) - Broker: POST /tg/token endpoint + bridge boot on startup - CLI: claudemesh connect/disconnect telegram commands - Spec: docs/telegram-bridge-spec.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 10:03:11 +01:00
Alejandro Gutiérrez	a8b9348b36	feat(broker+cli): telegram bridge and file download proxy ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 02:57:02 +01:00
Alejandro Gutiérrez	c3dd4efe82	feat(cli): enforce context:fork via Agent tool instruction in prompts/get ... Claude Code's MCP prompts path doesn't support the context field natively. When a skill has context:"fork", prepend an instruction telling the model to use the Agent tool with the specified agent type and model. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 02:16:00 +01:00
Alejandro Gutiérrez	a7d9ecab15	feat(broker): add cli-sync, member-api, jwt modules + DB schema updates ... New broker endpoints for CLI auth sync flow (POST /cli-sync), member profile management, and mesh settings. Includes JWT verification for dashboard-issued sync tokens. DB schema adds member profile fields and mesh policy columns. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 01:54:50 +01:00
Alejandro Gutiérrez	d263fe0f26	fix(cli): delay welcome notification for MCP init handshake ... Welcome was silently dropped when sent before Claude Code's notifications/initialized. Add 2s delay after WS connects to ensure the MCP handshake is complete. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 01:25:10 +01:00
Alejandro Gutiérrez	3226493e6d	fix(cli): catch unhandled rejection in background wirePushHandlers ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 01:15:09 +01:00
Alejandro Gutiérrez	4cb5a97512	perf(cli): instant MCP startup — WS connects in background ... Move startClients() to run after server.connect(), not before. MCP server is available to Claude Code in <0.5s instead of ~30s. Tool handlers gracefully return errors until WS is ready. Push event wiring happens in background callback. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 01:11:50 +01:00
Alejandro Gutiérrez	c080bc517f	fix(web): stub all static asset extensions (.svg, .png, fonts) in ESM loader	2026-04-09 01:09:38 +01:00
Alejandro Gutiérrez	471e88b3e6	fix(web): stub .scss/.sass/.less in addition to .css in ESM loader	2026-04-09 00:52:39 +01:00
Alejandro Gutiérrez	c66e3adf67	fix(web): use absolute path for CSS stub loader in Docker	2026-04-09 00:43:07 +01:00
Alejandro Gutiérrez	3f46a6657a	fix(web): add CSS stub loader for Payload CMS route collection in Docker ... Node ESM can't handle .css imports during Next.js route collection. This loader intercepts .css resolutions and returns empty modules, fixing the build for all Payload deps (richtext-lexical, react-image-crop, etc.) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-09 00:35:04 +01:00
Alejandro Gutiérrez	83ba1aa373	fix(web): restore serverExternalPackages for Payload + use --webpack for build ... Root cause: Next.js 16 defaults to Turbopack for builds, but Payload CMS's richtext-lexical imports .css files that fail during route collection in Node ESM context. Fix: add @payloadcms/richtext-lexical and @payloadcms/next back to serverExternalPackages so Next.js skips their internal imports during route collection. Use --webpack explicitly since Turbopack production builds are incompatible with Payload (payloadcms/payload#14786). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-09 00:26:06 +01:00
Alejandro Gutiérrez	7430e4ffe0	fix(web): header nav links → real pages (docs, blog, about, changelog) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 00:24:33 +01:00
Alejandro Gutiérrez	d72e49b8fd	fix(web): header GitHub link → claudemesh-cli repo ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 00:18:53 +01:00
Alejandro Gutiérrez	3f57944921	chore(cli): bump version to 0.9.0 ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 00:01:58 +01:00
Alejandro Gutiérrez	b31aab8aeb	feat(cli+broker): expose mesh skills as MCP prompts and skill:// resources ... Claudemesh MCP server now declares prompts:{} and resources:{} capabilities. Mesh skills auto-appear as /claudemesh:skill-name slash commands in Claude Code via prompts/list+get, and as skill://claudemesh/{name} resources for the upcoming MCP_SKILLS protocol. share_skill accepts optional metadata (when_to_use, allowed_tools, model, context, agent) stored in the manifest jsonb column. Change notifications sent on share/remove so Claude Code refreshes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 00:01:06 +01:00
Alejandro Gutiérrez	26c4502277	fix(cli): display system push messages without decryption ... System messages (watch_triggered, mcp_deployed, peer_joined, etc.) have senderPubkey='system' with empty ciphertext. The push handler now formats them as readable plaintext instead of failing to decrypt. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 19:12:49 +01:00
Alejandro Gutiérrez	bfc62b9a72	fix(cli): display system push messages without decryption ... System messages (watch_triggered, mcp_deployed, peer_joined, etc.) have senderPubkey='system' with empty ciphertext. The push handler now formats them as readable plaintext instead of failing to decrypt. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 18:51:12 +01:00
Alejandro Gutiérrez	f8c6f9ae74	feat(broker): add test endpoints for url watch validation ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 18:37:23 +01:00
Alejandro Gutiérrez	3497700fad	feat: url watch — broker polls URLs, notifies on change ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 18:29:43 +01:00
Alejandro Gutiérrez	4ee810242d	fix(broker): restore services in failed/crashed/restarting states too ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 16:30:15 +01:00
Alejandro Gutiérrez	b6224c4186	fix(broker): sync with runner on boot instead of re-deploying ... Boot restore now checks runner /health to see what's already running, then updates DB status to match. Fixes the bug where broker restart marked running services as 'failed' because it tried to re-deploy without shared source volume. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 16:26:43 +01:00
Alejandro Gutiérrez	4c385a16cc	fix(runner): use python -m for Python MCPs instead of CLI binary ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:38:31 +01:00
Alejandro Gutiérrez	4ae6a86bf6	fix(runner): retry MCP init for slow Python startup ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:37:04 +01:00
Alejandro Gutiérrez	c327c282e3	fix(runner): install mcp[cli] extras for Python MCPs ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:35:16 +01:00
Alejandro Gutiérrez	e645455b22	fix(runner): run Python venv binaries directly, not via node ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:34:29 +01:00
Alejandro Gutiérrez	45505a1635	fix(runner): fix uvx variable scoping bug ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:33:51 +01:00
Alejandro Gutiérrez	17e6361d64	fix(runner): uv venv --clear for redeployments ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:31:52 +01:00
Alejandro Gutiérrez	528e7e21b1	fix(runner): use uv pip install for Python venv ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:31:13 +01:00
Alejandro Gutiérrez	7b875de301	feat(runner): add uvxPackage source type for Python MCPs ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:30:30 +01:00
Alejandro Gutiérrez	8a3c96dc7c	fix(runner): prefer package-matching binary over utility bins ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:28:50 +01:00
Alejandro Gutiérrez	b0634b829c	fix(runner): set GIT_TERMINAL_PROMPT=0 for non-interactive clone ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 15:27:10 +01:00
Alejandro Gutiérrez	2bd388a5e2	fix(runner): add missing writeFileSync import ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 13:22:12 +01:00
Alejandro Gutiérrez	71c0767a1b	feat: runner accepts git/npx sources, broker delegates extraction ... Runner /load now accepts gitUrl, npxPackage, or sourcePath. It handles git clone and npm install internally. Broker no longer needs shared volume for source extraction — just tells the runner what to fetch. CLI mesh_mcp_deploy now supports npx_package as a third source type. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 13:18:25 +01:00
Alejandro Gutiérrez	6a3f087209	fix(runner): add unzip for bun install in Dockerfile ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 13:08:27 +01:00
Alejandro Gutiérrez	873f588057	feat: runner container + broker deploy pipeline ... - apps/runner/: Dockerfile (node22 + python3 + uv + bun) + supervisor.mjs (HTTP API for load/call/unload/health) - docker-compose: runner service with shared services-data volume - Broker mcp_deploy: git clone or zip extract → runner /load → MCP spawn - Broker mcp_call: routes managed services to runner via HTTP, falls back to live-proxy for peer-hosted servers - RUNNER_URL env var for broker → runner communication Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 13:06:43 +01:00
Alejandro Gutiérrez	070a3b7422	feat(broker): encrypt env vars at rest, restore on reboot ... - broker-crypto.ts: AES-256-GCM encrypt/decrypt with BROKER_ENCRYPTION_KEY - mcp_deploy stores env as _encryptedEnv in mesh.service.config (no plaintext in DB) - boot restore: decrypts _encryptedEnv and re-spawns services via service-manager - auto-generates ephemeral key if BROKER_ENCRYPTION_KEY not set (logs warning) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 12:25:48 +01:00