111 Commits

Author	SHA1	Message	Date
Alejandro Gutiérrez	b1f428c44b	feat(cli): wss push → mcp channel injection + status hooks in install ... Full parity with claude-peers: 1. Push-injection (the "tap on shoulder" UX) - MCP server now declares experimental.claude/channel capability - BrokerClient onPush handlers emit server.notification({ method: "notifications/claude/channel", params: { content, meta: {from_id, from_name, mesh_slug, mesh_id, priority, sent_at, delivered_at, kind}} }) - Claude Code injects each push as <channel source="claudemesh"> system reminder, so the receiver session sees inbound messages WITHOUT calling check_messages manually - Updated MCP instructions with the "RESPOND IMMEDIATELY" framing (adapted from claude-peers) 2. Status hooks in install (default-on, --no-hooks to opt out) - new apps/cli/src/commands/hook.ts: reads stdin JSON (Claude Code hook payload), extracts cwd+session_id, POSTs /hook/set-status to every joined mesh's broker in parallel with process.ppid + 1s timeout per POST. Silent fail, fire-and-forget. - install.ts: writes to ~/.claude/settings.json registering `claudemesh hook idle` on Stop + `claudemesh hook working` on UserPromptSubmit. Idempotent, preserves other hook entries. - uninstall.ts: removes both hook entries + MCP entry; leaves unrelated hook/MCP entries alone. - dedupes by brokerUrl (multiple meshes on same broker → one POST) 3. CLI surface - new subcommand: `claudemesh hook <status>` (internal, but exposed so Claude Code can invoke it via the hook shell command) - `install --no-hooks` for users who want bare MCP registration - --help updated Coexistence with claude-peers: both tools register Stop and UserPromptSubmit hooks, each POSTs to its own broker. Claude Code fires multiple hooks per event without conflict. npm version 0.1.0 → 0.1.1 (patch). Verified: - install with hooks → 2 entries added to settings.json ✓ - install --no-hooks → "Hooks skipped" ✓ - uninstall → both MCP entry + 2 hook entries removed ✓ - `echo '{...}' | claudemesh hook idle` with no joined meshes → silent no-op ("no joined meshes, nothing to do") ✓ - MCP initialize response includes experimental.claude/channel ✓ Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-05 19:17:33 +01:00
Alejandro Gutiérrez	59e999535d	feat(cli): accept https://claudemesh.com/join/<token> invite URL format ... Pairs with claudemesh-2's new /join/[token] landing page. Users can now paste a clickable HTTPS URL instead of the dev-only ic:// scheme. apps/cli/src/invite/parse.ts — new extractInviteToken() handles four input formats before handing the raw base64url token to the existing parseInviteLink pipeline: - https://claudemesh.com/join/<token> (primary, clickable) - https://claudemesh.com/<locale>/join/<token> (i18n prefix) - ic://join/<token> (still supported, dev) - <raw-token> (last resort: bare base64url) User-facing strings updated to the HTTPS form: - cli help: "join <url>" - install success message - list (no-meshes) hint - MCP server "no meshes" error - README.md primary example - docs/QUICKSTART.md Path A + Path B Verified extractInviteToken() on all 4 formats — each returns the same base64url token → same broker /join lookup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-05 16:32:50 +01:00
Alejandro Gutiérrez	64ca600195	chore(cli): rename package to claudemesh-cli (unscoped) for npm publish ... @claudemesh/cli was already taken on npm by an unrelated project (claudemesh "domain packages", v1.0.7). PM picked option A: publish unscoped as claudemesh-cli. Binary name stays "claudemesh" — users type the natural thing on install: npm install -g claudemesh-cli claudemesh install claudemesh join ic://join/... renamed references everywhere: - apps/cli/package.json: name - apps/cli/README.md: title + install command - apps/cli/src/{index.ts, mcp/server.ts, commands/install.ts} headers - docs/QUICKSTART.md: install command, version banner, npx hint - docs/roadmap.md: package name also (PM journey-friction #5): surface the "restart Claude Code" step LOUDLY in install output. Added a yellow-bold warning line after the ✓ success lines so new users don't miss the restart step (MCP tools only load on Claude Code restart). ⚠ RESTART CLAUDE CODE for MCP tools to appear. ANSI colors gated on isTTY + NO_COLOR/TERM=dumb guards. bundle rebuilt. ready for npm publish pending user's `npm adduser`. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-05 14:41:59 +01:00
Alejandro Gutiérrez	714d82e4e7	chore(cli): bundle for node, prep for npm publish ... Makes @claudemesh/cli installable globally via npm without requiring bun on user machines. (Bun stays the dev runtime; bundled output is node-compatible.) - bun build --target=node --outfile dist/index.js produces a 2.69MB standalone bundle with node-shebang banner - package.json: add description/keywords/author/license/homepage/ repository, set bin to ./dist/index.js, files=[dist, README, LICENSE], publishConfig.access=public, engines.node >=20 - prepublishOnly auto-runs the build - pin zod from catalog: to 4.1.13 (npm rejects catalog: refs) - swap Bun.spawnSync → node:child_process.spawnSync in install.ts (the only Bun-global usage in the package) - strip shebang from src/index.ts (banner supplies it post-bundle) install command now runs in two modes: - BUNDLED (npm i -g): detects dist/index.js path, writes MCP entry with command "claudemesh" (relies on the global bin shim on PATH) - SOURCE (bun src/index.ts, dev): preflights bun, writes MCP entry with command "bun <absolute-path> mcp" verified end-to-end: - node dist/index.js --help prints usage ✓ - node dist/index.js install writes correct ~/.claude.json ✓ - node dist/index.js mcp | tools/list returns all 5 tools ✓ - bun src/index.ts install (dev mode) still works ✓ NOT PUBLISHED YET — @claudemesh/cli is owned by an unrelated project on npm. Awaiting user decision on alternative name (claudemesh-cli, @alezmad/claudemesh-cli, or new org scope). Bundle is name-agnostic and will reuse regardless. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-05 14:31:27 +01:00
Alejandro Gutiérrez	47304d2a52	feat(cli): install command auto-writes ~/.claude.json MCP entry ... The previous flow printed a \`claude mcp add ...\` command and asked users to paste it. That's 2 steps, a typo surface, and a point of user dropoff. Replace with direct read-modify-write of ~/.claude.json. install: - preflights bun on PATH (clear error + Bun.com link if missing) - verifies the MCP entry file exists on disk - reads ~/.claude.json (empty object if absent) - adds/updates mcpServers.claudemesh with resolved absolute path - writes back with 0600 perms, creates parent dir if needed - read-back verification (bails loudly if post-write state is wrong) - idempotent: re-running returns "unchanged" if entry already matches - preserves existing mcpServers entries + other top-level config keys uninstall: - removes the claudemesh entry if present - no-ops cleanly when entry or config file doesn't exist - doesn't touch anything else Both print a clear post-action hint: "Restart Claude Code to load the MCP server. Then join a mesh with claudemesh join <invite-link>". verified locally with HOME=/tmp/fake-home: - fresh install → ✓ added, config emitted correctly - re-install → ✓ unchanged (idempotent) - install alongside existing "other-mcp" entry → both preserved, plus unrelated top-level keys kept verbatim - uninstall → ✓ removed, claudemesh gone, other entries intact - uninstall again → · not present (no error) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-05 14:19:58 +01:00
Alejandro Gutiérrez	0c4a9591fa	feat(broker): invite signature verification + atomic one-time-use ... Completes the v0.1.0 security model. Every /join is now gated by a signed invite that the broker re-verifies against the mesh owner's ed25519 pubkey, plus an atomic single-use counter. schema (migrations/0001_demonic_karnak.sql): - mesh.mesh.owner_pubkey: ed25519 hex of the invite signer - mesh.invite.token_bytes: canonical signed bytes (for re-verification) Both nullable; required for new meshes going forward. canonical invite format (signed bytes): `${v}|${mesh_id}|${mesh_slug}|${broker_url}|${expires_at}| ${mesh_root_key}|${role}|${owner_pubkey}` wire format — invite payload in ic://join/<base64url(JSON)> now has: owner_pubkey: "<64 hex>" signature: "<128 hex>" broker joinMesh() (apps/broker/src/broker.ts): 1. verify ed25519 signature over canonical bytes using payload's owner_pubkey → else invite_bad_signature 2. load mesh, ensure mesh.owner_pubkey matches payload's owner_pubkey → else invite_owner_mismatch (prevents a malicious admin from substituting their own owner key) 3. load invite row by token, verify mesh_id matches → else invite_mesh_mismatch 4. expiry check → else invite_expired 5. revoked check → else invite_revoked 6. idempotency: if pubkey is already a member, return existing id WITHOUT burning an invite use 7. atomic CAS: UPDATE used_count = used_count + 1 WHERE used_count < max_uses → if 0 rows affected, return invite_exhausted 8. insert member with role from payload cli side: - apps/cli/src/invite/parse.ts: zod-validated owner_pubkey + signature fields; client verifies signature immediately and rejects tampered links (fail-fast before even touching the broker) - buildSignedInvite() helper: owners sign invites client-side - enrollWithBroker sends {invite_token, invite_payload, peer_pubkey, display_name} (was: {mesh_id, peer_pubkey, display_name, role}) - parseInviteLink is now async (libsodium ready + verify) seed-test-mesh.ts generates an owner keypair, sets mesh.owner_pubkey, builds + signs an invite, stores the invite row, emits ownerPubkey + ownerSecretKey + inviteToken + inviteLink in the output JSON. tests — invite-signature.test.ts (9 new): - valid signed invite → join succeeds - tampered payload → invite_bad_signature - signer not the mesh owner → invite_owner_mismatch - expired invite → invite_expired - revoked invite → invite_revoked - exhausted (maxUses=2, 3rd join) → invite_exhausted - idempotent re-join doesn't burn a use - atomic single-use: 5 concurrent joins → exactly 1 success, 4 exhausted - mesh_id payload vs DB row mismatch → invite_mesh_mismatch verified live: tampered link blocked client-side with a clear error. Unmodified link joins cleanly end-to-end (roundtrip.ts + join-roundtrip.ts both pass). 64/64 tests green. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 23:02:12 +01:00
Alejandro Gutiérrez	9d3dbcecaf	feat(broker): verify ed25519 hello signature against member pubkey ... WS handshake is now authenticated end-to-end. The broker proves that every connected peer actually holds the secret key for the pubkey they claim as identity — not just that they know the pubkey. wire format change: {type:"hello", meshId, memberId, pubkey, sessionId, pid, cwd, timestamp, signature} where signature = ed25519_sign(canonical, secretKey) and canonical = `${meshId}|${memberId}|${pubkey}|${timestamp}` broker verifies on every hello: 1. timestamp within ±60s of broker clock → else close(1008, timestamp_skew) 2. pubkey is 64 hex chars, signature is 128 hex chars → else malformed 3. crypto_sign_verify_detached(signature, canonical, pubkey) → else bad_signature 4. (existing) mesh.member row exists for (meshId, pubkey) → else unauthorized All rejection paths close the WS with code 1008 + structured error message + metrics counter increment (connections_rejected_total by reason). new modules: - apps/broker/src/crypto.ts: canonicalHello, verifyHelloSignature, HELLO_SKEW_MS constant - apps/cli/src/crypto/hello-sig.ts: matching signHello helper clients updated: - apps/cli/src/ws/client.ts: signs hello before send - apps/broker/scripts/{peer-a,peer-b}.ts (smoke-test): sign hellos with seed-provided secret keys new regression tests — tests/hello-signature.test.ts (7): - valid signature accepted - bad signature (signed with wrong key) rejected - timestamp too old rejected (>60s) - timestamp too far in future rejected (>60s) - tampered canonical field (different meshId at verify time) rejected - malformed hex pubkey rejected - malformed signature length rejected verified live: - apps/broker/scripts/smoke-test.sh: full hello+ack+send+push flow - apps/cli/scripts/roundtrip.ts: signed hello + encrypted message - 55/55 tests pass Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 22:53:40 +01:00
Alejandro Gutiérrez	81a8d0714b	feat(crypto): client-side direct-message encryption with crypto_box ... Direct messages between peers are now end-to-end encrypted. The broker only ever sees {nonce, ciphertext} — plaintext lives on the two endpoints. apps/cli/src/crypto/envelope.ts: - encryptDirect(message, recipientPubkeyHex, senderSecretKeyHex) → {nonce, ciphertext} via crypto_box_easy, 24-byte fresh nonce - decryptDirect(envelope, senderPubkeyHex, recipientSecretKeyHex) → plaintext or null (null on MAC failure / malformed input) - ed25519 keys (from Step 17) are converted to X25519 on the fly via crypto_sign_ed25519_{pk,sk}_to_curve25519 — one signing keypair covers both signing + encryption roles. BrokerClient.send(): - if targetSpec is a 64-hex pubkey → encrypt via crypto_box - else (broadcast "*" or channel "#foo") → base64-wrapped plaintext (shared-key encryption for channels lands in a later step) InboundPush now carries: - plaintext: string | null (decrypted body, null if decryption failed OR it's a non-direct message) - kind: "direct" | "broadcast" | "channel" | "unknown" MCP check_messages formatter reads plaintext directly. side-fixes pulled in during 18a: - apps/broker/scripts/seed-test-mesh.ts now generates real ed25519 keypairs (the previous "aaaa…" / "bbbb…" fillers weren't valid curve points, so crypto_sign_ed25519_pk_to_curve25519 rejected them). Seed output now includes secretKey for each peer. - apps/broker/src/broker.ts drainForMember wraps the atomic claim in a CTE + outer ORDER BY so FIFO ordering is SQL-sourced, not JS-sorted (Postgres microsecond timestamps collapse to the same Date.getTime() milliseconds otherwise). - vitest.config.ts fileParallelism: false — test files share DB state via cleanupAllTestMeshes afterAll, so running them in parallel caused one file's cleanup to race another's inserts. - integration/health.test.ts "returns 200" now uses waitFullyHealthy (a 200-only waiter) instead of waitHealthyOrAny — prevents a race with the startup DB ping. verified live: - apps/cli/scripts/roundtrip.ts (direct A→B): ciphertext in DB is opaque bytes (not base64-plaintext), decrypted correctly on arrival - apps/cli/scripts/join-roundtrip.ts (full join → encrypted send): PASSED - 48/48 broker tests green Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 22:48:33 +01:00
Alejandro Gutiérrez	758ea0e42c	feat(cli): invite-link parsing + join flow + keypair generation ... End-to-end join: user runs `claudemesh join ic://join/<base64>` and walks away with a signed member record + persistent keypair. new modules: - src/crypto/keypair.ts: libsodium ed25519 keypair generation. Format is crypto_sign_keypair raw bytes, hex-encoded (32-byte pub, 64-byte secret = seed || pub). Same format libsodium will need in Step 18 for sign/verify. - src/invite/parse.ts: ic://join/<base64url(JSON)> parser with Zod shape validation + expiry check. encodeInviteLink helper for tests. - src/invite/enroll.ts: POST /join to broker, converts ws:// to http:// transparently. rewritten join command wires them together: 1. parse invite → 2. generate keypair → 3. POST /join → 4. persist config → 5. print success. state/config.ts: saveConfig now chmods the file to 0600 after write, since it holds ed25519 secret keys. No-op on Windows. signature verification (step 18) + invite-token one-time-use tracking are deferred. For now the invite link is a plain bearer token; any client with the link can join. verified end-to-end via apps/cli/scripts/join-roundtrip.ts: build invite → run join subprocess → load new config → connect as new member → send A→B → receive push. Flow passes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 22:36:32 +01:00
Alejandro Gutiérrez	20d968f989	feat(cli): websocket client + MCP tool integration ... broker-client: full WS client with hello handshake + ack, auto-reconnect with exponential backoff (1s → 30s capped), in-memory outbound queue (max 100) during reconnect, 500-entry push buffer for check_messages. MCP tool integration: - send_message: "slug:target" prefix or single-mesh fast path - check_messages: drains push buffers across all clients - set_status: fans manual override across all connected meshes - set_summary: stubbed (broker protocol extension needed) - list_peers: stubbed — lists connected mesh slugs + statuses manager module holds Map<meshId, BrokerClient>, starts on MCP server boot for every joined mesh in ~/.claudemesh/config.json. new CLI command: seed-test-mesh injects a mesh row for dev testing. also fixes a broker-side hello race: handleHello sent hello_ack before the caller closure assigned presenceId, so clients sending right after the ack hit the no_hello check. Fix: return presenceId, caller sets closure var, THEN sends hello_ack. Queue drain is fire-and-forget now. round-trip verified: two clients, A→B, push received with correct senderPubkey + ciphertext. 44/44 broker tests still pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 22:30:11 +01:00
Alejandro Gutiérrez	8931296e82	feat(cli): scaffold @claudemesh/cli MCP client package (stubs) ... The user-facing tool. Two invocation modes: - `claudemesh mcp` → MCP server (stdio), consumed by Claude Code - `claudemesh <subcommand>` → human CLI Layout: apps/cli/ ├── package.json bin: { claudemesh: ./src/index.ts } ├── README.md install + usage └── src/ ├── index.ts dispatcher (mcp | install | join | list | leave | --help) ├── env.ts CLAUDEMESH_BROKER_URL, CONFIG_DIR, DEBUG ├── mcp/ │ ├── server.ts MCP stdio server with 5 tools │ ├── tools.ts tool schemas (send_message, list_peers, │ │ check_messages, set_summary, set_status) │ └── types.ts ├── ws/client.ts broker connection (stub for 15b) ├── state/config.ts ~/.claudemesh/config.json (joined meshes + keys) └── commands/ ├── install.ts print `claude mcp add ...` instruction ├── join.ts parse ic://join/... (stub, Step 17) ├── list.ts show joined meshes └── leave.ts remove mesh from local config Tool stubs return "not connected, run `claudemesh join <invite-link>`" errors until 15b wires the WS client. Verified: - `bun src/index.ts --help` → prints usage - `bun src/index.ts install` → prints MCP add command with resolved path - `bun src/index.ts list` → "No meshes joined yet" - `bun src/index.ts mcp` (via stdin) → returns tools/list with all 5 tools Deps: @modelcontextprotocol/sdk, ws, libsodium-wrappers, zod. Lockfile regenerated in the same commit per claudemesh-3's flag — avoids breaking Coolify's --frozen-lockfile deploys. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 22:23:12 +01:00