fix: v0.1.15 — production hardening (7 fixes)

Broker:
- Sweep stale presences (3 missed pings = disconnect, 30s interval)
- Exclude sender from broadcast fan-out + queue drain

CLI:
- Decrypt fallback: try base64 plaintext if crypto_box fails
- Stable session keypair across WS reconnects
- Peer name cache (30s TTL) instead of list_peers per push
- Clean up orphaned tmpdirs from crashed sessions (>1 hour old)
- Read displayName from config file (not just env var)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

apps/broker/src/broker.ts

@@ -265,6 +265,23 @@ export async function refreshQueueDepth(): Promise<void> {
   metrics.queueDepth.set(Number(row?.n ?? 0));
 }
 
+/**
+ * Sweep stale presences: mark as disconnected if last_ping_at is older
+ * than 90s (3 missed pings at the 30s interval = dead session).
+ */
+export async function sweepStalePresences(): Promise<void> {
+  const cutoff = new Date(Date.now() - 90_000); // 3 missed pings
+  await db
+    .update(presence)
+    .set({ disconnectedAt: new Date() })
+    .where(
+      and(
+        isNull(presence.disconnectedAt),
+        lt(presence.lastPingAt, cutoff),
+      ),
+    );
+}
+
 /** Sweep expired pending_status entries. */
 export async function sweepPendingStatuses(): Promise<void> {
   const cutoff = new Date(Date.now() - PENDING_TTL_MS);
@@ -418,6 +435,7 @@ export async function setSummary(
 export interface QueueParams {
   meshId: string;
   senderMemberId: string;
+  senderSessionPubkey?: string;
   targetSpec: string;
   priority: Priority;
   nonce: string;
@@ -432,6 +450,7 @@ export async function queueMessage(params: QueueParams): Promise<string> {
     .values({
       meshId: params.meshId,
       senderMemberId: params.senderMemberId,
+      senderSessionPubkey: params.senderSessionPubkey ?? null,
       targetSpec: params.targetSpec,
       priority: params.priority,
       nonce: params.nonce,
@@ -473,6 +492,7 @@ export async function drainForMember(
   memberPubkey: string,
   status: PeerStatus,
   sessionPubkey?: string,
+  excludeSenderMemberId?: string,
 ): Promise<
   Array<{
     id: string;
@@ -514,13 +534,14 @@ export async function drainForMember(
           AND delivered_at IS NULL
           AND priority::text IN (${priorityList})
           AND (target_spec = ${memberPubkey} OR target_spec = '*'${sessionPubkey ? sql` OR target_spec = ${sessionPubkey}` : sql``})
+          ${excludeSenderMemberId ? sql`AND sender_member_id != ${excludeSenderMemberId}` : sql``}
         ORDER BY created_at ASC, id ASC
         FOR UPDATE SKIP LOCKED
       )
       AND m.id = mq.sender_member_id
       RETURNING mq.id, mq.priority, mq.nonce, mq.ciphertext,
                mq.created_at, mq.sender_member_id,
-               m.peer_pubkey AS sender_pubkey
+               COALESCE(mq.sender_session_pubkey, m.peer_pubkey) AS sender_pubkey
     )
     SELECT * FROM claimed ORDER BY created_at ASC, id ASC
   `);
@@ -551,6 +572,7 @@ export async function drainForMember(
 
 let ttlTimer: ReturnType<typeof setInterval> | null = null;
 let pendingTimer: ReturnType<typeof setInterval> | null = null;
+let staleTimer: ReturnType<typeof setInterval> | null = null;
 
 /** Start background sweepers. Idempotent. */
 export function startSweepers(): void {
@@ -563,14 +585,21 @@ export function startSweepers(): void {
       console.error("[broker] pending sweep:", e),
     );
   }, PENDING_SWEEP_INTERVAL_MS);
+  staleTimer = setInterval(() => {
+    sweepStalePresences().catch((e) =>
+      console.error("[broker] stale presence sweep:", e),
+    );
+  }, 30_000);
 }
 
 /** Stop background sweepers and mark all active presences disconnected. */
 export async function stopSweepers(): Promise<void> {
   if (ttlTimer) clearInterval(ttlTimer);
   if (pendingTimer) clearInterval(pendingTimer);
+  if (staleTimer) clearInterval(staleTimer);
   ttlTimer = null;
   pendingTimer = null;
+  staleTimer = null;
   await db
     .update(presence)
     .set({ disconnectedAt: new Date() })

apps/broker/src/index.ts

@@ -81,7 +81,10 @@ function sendToPeer(presenceId: string, msg: WSServerMessage): void {
   }
 }
 
-async function maybePushQueuedMessages(presenceId: string): Promise<void> {
+async function maybePushQueuedMessages(
+  presenceId: string,
+  excludeSenderMemberId?: string,
+): Promise<void> {
   const conn = connections.get(presenceId);
   if (!conn) return;
   const status = await refreshStatusFromJsonl(
@@ -95,6 +98,7 @@ async function maybePushQueuedMessages(presenceId: string): Promise<void> {
     conn.memberPubkey,
     status,
     conn.sessionPubkey ?? undefined,
+    excludeSenderMemberId,
   );
   for (const m of messages) {
     const push: WSPushMessage = {
@@ -438,6 +442,7 @@ async function handleSend(
   const messageId = await queueMessage({
     meshId: conn.meshId,
     senderMemberId: conn.memberId,
+    senderSessionPubkey: conn.sessionPubkey ?? undefined,
     targetSpec: msg.targetSpec,
     priority: msg.priority,
     nonce: msg.nonce,
@@ -451,14 +456,21 @@ async function handleSend(
   };
   conn.ws.send(JSON.stringify(ack));
 
-  // Fan-out over connected peers in the same mesh.
+  // Find sender's presenceId to exclude from fan-out.
+  let senderPresenceId: string | undefined;
   for (const [pid, peer] of connections) {
+    if (peer.ws === conn.ws) { senderPresenceId = pid; break; }
+  }
+
+  // Fan-out over connected peers in the same mesh — skip sender.
+  for (const [pid, peer] of connections) {
+    if (pid === senderPresenceId) continue;
     if (peer.meshId !== conn.meshId) continue;
     if (msg.targetSpec !== "*"
         && peer.memberPubkey !== msg.targetSpec
         && peer.sessionPubkey !== msg.targetSpec)
       continue;
-    void maybePushQueuedMessages(pid);
+    void maybePushQueuedMessages(pid, conn.memberId);
   }
 }
 

apps/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claudemesh-cli",
-  "version": "0.1.10",
+  "version": "0.1.15",
   "description": "Claude Code MCP client for claudemesh — peer mesh messaging between Claude sessions.",
   "keywords": [
     "claude-code",

apps/cli/src/commands/launch.ts

@@ -11,7 +11,7 @@
  */
 
 import { spawn } from "node:child_process";
-import { mkdtempSync, writeFileSync, rmSync } from "node:fs";
+import { mkdtempSync, writeFileSync, rmSync, readdirSync, statSync } from "node:fs";
 import { tmpdir, hostname } from "node:os";
 import { join } from "node:path";
 import { createInterface } from "node:readline";
@@ -25,6 +25,7 @@ interface LaunchArgs {
   joinLink: string | null;
   meshSlug: string | null;
   quiet: boolean;
+  skipPermConfirm: boolean;
   claudeArgs: string[];
 }
 
@@ -34,6 +35,7 @@ function parseArgs(argv: string[]): LaunchArgs {
     joinLink: null,
     meshSlug: null,
     quiet: false,
+    skipPermConfirm: false,
     claudeArgs: [],
   };
 
@@ -54,6 +56,8 @@ function parseArgs(argv: string[]): LaunchArgs {
       result.meshSlug = arg.slice("--mesh=".length);
     } else if (arg === "--quiet") {
       result.quiet = true;
+    } else if (arg === "-y" || arg === "--yes") {
+      result.skipPermConfirm = true;
     } else if (arg === "--") {
       result.claudeArgs.push(...argv.slice(i + 1));
       break;
@@ -91,6 +95,41 @@ async function pickMesh(meshes: JoinedMesh[]): Promise<JoinedMesh> {
   });
 }
 
+// --- Permission confirmation ---
+
+async function confirmPermissions(): Promise<void> {
+  const useColor =
+    !process.env.NO_COLOR && process.env.TERM !== "dumb" && process.stdout.isTTY;
+  const bold = (s: string): string => (useColor ? `\x1b[1m${s}\x1b[22m` : s);
+  const dim = (s: string): string => (useColor ? `\x1b[2m${s}\x1b[22m` : s);
+  const yellow = (s: string): string => (useColor ? `\x1b[33m${s}\x1b[39m` : s);
+
+  console.log(yellow(bold("  Autonomous mode")));
+  console.log("");
+  console.log("  Claude will send and receive peer messages without asking");
+  console.log("  you first. Peers exchange text only — no file access,");
+  console.log("  no tool calls, no code execution.");
+  console.log("");
+  console.log(dim("  Same as: claude --dangerously-skip-permissions"));
+  console.log(dim("  Skip this prompt: claudemesh launch -y"));
+  console.log("");
+
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve, reject) => {
+    rl.question(`  ${bold("Continue?")} [Y/n] `, (answer) => {
+      rl.close();
+      const a = answer.trim().toLowerCase();
+      if (a === "" || a === "y" || a === "yes") {
+        resolve();
+      } else {
+        console.log("\n  Aborted. Run without autonomous mode:");
+        console.log("    claude --dangerously-load-development-channels server:claudemesh\n");
+        process.exit(0);
+      }
+    });
+  });
+}
+
 // --- Banner ---
 
 function printBanner(name: string, meshSlug: string): void {
@@ -176,11 +215,23 @@ export async function runLaunch(extraArgs: string[]): Promise<void> {
   //    We just set the display name via env var.
   const displayName = args.name ?? `${hostname()}-${process.pid}`;
 
+  // Clean up orphaned tmpdirs from crashed sessions (older than 1 hour)
+  const tmpBase = tmpdir();
+  try {
+    for (const entry of readdirSync(tmpBase)) {
+      if (!entry.startsWith("claudemesh-")) continue;
+      const full = join(tmpBase, entry);
+      const age = Date.now() - statSync(full).mtimeMs;
+      if (age > 3600_000) rmSync(full, { recursive: true, force: true });
+    }
+  } catch { /* best effort */ }
+
   // 4. Write session config to tmpdir (isolates mesh selection).
   const tmpDir = mkdtempSync(join(tmpdir(), "claudemesh-"));
   const sessionConfig: Config = {
     version: 1,
     meshes: [mesh],
+    displayName,
   };
   writeFileSync(
     join(tmpDir, "config.json"),
@@ -188,16 +239,22 @@ export async function runLaunch(extraArgs: string[]): Promise<void> {
     "utf-8",
   );
 
-  // 5. Banner.
+  // 5. Banner + permission confirmation.
-  if (!args.quiet) printBanner(displayName, mesh.slug);
+  if (!args.quiet) {
+    printBanner(displayName, mesh.slug);
+    // Auto-permissions confirmation — needed for autonomous peer messaging.
+    if (!args.skipPermConfirm) {
+      await confirmPermissions();
+    }
+  }
 
-  // 6. Spawn claude with ephemeral config + dev channel + display name.
+  // 6. Spawn claude with ephemeral config + dev channel + auto-permissions.
-  //    Strip any user-supplied --dangerously-load-development-channels
+  //    Strip any user-supplied --dangerously flags to avoid duplicates.
-  //    to avoid duplicates — we always inject our own.
   const filtered: string[] = [];
   for (let i = 0; i < args.claudeArgs.length; i++) {
-    if (args.claudeArgs[i] === "--dangerously-load-development-channels") {
+    if (args.claudeArgs[i] === "--dangerously-load-development-channels"
-      i++; // skip the next arg (the channel value) too
+        || args.claudeArgs[i] === "--dangerously-skip-permissions") {
+      if (args.claudeArgs[i] === "--dangerously-load-development-channels") i++;
       continue;
     }
     filtered.push(args.claudeArgs[i]!);
@@ -205,6 +262,7 @@ export async function runLaunch(extraArgs: string[]): Promise<void> {
   const claudeArgs = [
     "--dangerously-load-development-channels",
     "server:claudemesh",
+    "--dangerously-skip-permissions",
     ...filtered,
   ];
 

apps/cli/src/mcp/server.ts

@@ -98,6 +98,24 @@ async function resolveClient(to: string): Promise<{
   };
 }
 
+// Peer name cache to avoid calling listPeers on every incoming push
+const peerNameCache = new Map<string, string>();
+let peerNameCacheAge = 0;
+const CACHE_TTL_MS = 30_000;
+
+async function resolvePeerName(client: BrokerClient, pubkey: string): Promise<string> {
+  const now = Date.now();
+  if (now - peerNameCacheAge > CACHE_TTL_MS) {
+    peerNameCache.clear();
+    try {
+      const peers = await client.listPeers();
+      for (const p of peers) peerNameCache.set(p.pubkey, p.displayName);
+    } catch { /* best effort */ }
+    peerNameCacheAge = now;
+  }
+  return peerNameCache.get(pubkey) ?? `peer-${pubkey.slice(0, 8)}`;
+}
+
 function decryptFailedWarning(senderPubkey: string): string {
   const who = senderPubkey ? senderPubkey.slice(0, 12) + "…" : "unknown sender";
   return `⚠ message from ${who} failed to decrypt (tampered or wrong keypair)`;
@@ -122,7 +140,7 @@ export async function startMcpServer(): Promise<void> {
 
 IMPORTANT: When you receive a <channel source="claudemesh" ...> message, RESPOND IMMEDIATELY. Do not wait until your current task is finished. Pause what you are doing, reply to the message using send_message, then resume your work. Treat incoming peer messages like a coworker tapping you on the shoulder — answer right away, even if you're in the middle of something.
 
-Read the from_id, from_name, mesh_slug, and priority attributes to understand context. Reply by calling send_message with the same target (for direct messages the from_id is the sender's pubkey).
+Read the from_id, from_name, mesh_slug, and priority attributes to understand context. Reply by calling send_message with to set to the from_name (display name) of the sender.
 
 Available tools:
 - list_peers: see joined meshes + their connection status
@@ -251,8 +269,9 @@ If you have multiple joined meshes, prefix the \`to\` argument of send_message w
   for (const client of allClients()) {
     client.onPush(async (msg) => {
       const fromPubkey = msg.senderPubkey || "";
+      // Resolve sender's display name from the cached peer list.
       const fromName = fromPubkey
-        ? `peer-${fromPubkey.slice(0, 8)}`
+        ? await resolvePeerName(client, fromPubkey)
         : "unknown";
       const content = msg.plaintext ?? decryptFailedWarning(fromPubkey);
       try {

apps/cli/src/state/config.ts

@@ -31,6 +31,7 @@ export interface JoinedMesh {
 export interface Config {
   version: 1;
   meshes: JoinedMesh[];
+  displayName?: string; // per-session override, written by `claudemesh launch --name`
 }
 
 const CONFIG_DIR = env.CLAUDEMESH_CONFIG_DIR ?? join(homedir(), ".claudemesh");
@@ -46,7 +47,7 @@ export function loadConfig(): Config {
     if (!parsed || !Array.isArray(parsed.meshes)) {
       return { version: 1, meshes: [] };
     }
-    return { version: 1, meshes: parsed.meshes };
+    return { version: 1, meshes: parsed.meshes, displayName: parsed.displayName };
   } catch (e) {
     throw new Error(
       `Failed to load ${CONFIG_PATH}: ${e instanceof Error ? e.message : String(e)}`,

apps/cli/src/ws/client.ts

@@ -86,6 +86,7 @@ export class BrokerClient {
     private mesh: JoinedMesh,
     private opts: {
       onStatusChange?: (status: ConnStatus) => void;
+      displayName?: string;
       debug?: boolean;
     } = {},
   ) {}
@@ -114,10 +115,12 @@ export class BrokerClient {
       const onOpen = async (): Promise<void> => {
         this.debug("ws open → generating session keypair + signing hello");
         try {
-          // Generate per-session ephemeral keypair for message routing.
+          // Only generate session keypair on first connect, not reconnects
-          const sessionKP = await generateKeypair();
+          if (!this.sessionPubkey) {
-          this.sessionPubkey = sessionKP.publicKey;
+            const sessionKP = await generateKeypair();
-          this.sessionSecretKey = sessionKP.secretKey;
+            this.sessionPubkey = sessionKP.publicKey;
+            this.sessionSecretKey = sessionKP.secretKey;
+          }
 
           const { timestamp, signature } = await signHello(
             this.mesh.meshId,
@@ -132,7 +135,7 @@ export class BrokerClient {
               memberId: this.mesh.memberId,
               pubkey: this.mesh.pubkey,
               sessionPubkey: this.sessionPubkey,
-              displayName: process.env.CLAUDEMESH_DISPLAY_NAME || undefined,
+              displayName: process.env.CLAUDEMESH_DISPLAY_NAME || this.opts.displayName || undefined,
               sessionId: `${process.pid}-${Date.now()}`,
               pid: process.pid,
               cwd: process.cwd(),
@@ -375,6 +378,19 @@ export class BrokerClient {
             plaintext = null;
           }
         }
+        // Fallback: if direct decrypt failed, try plaintext base64 decode.
+        // This handles broadcasts and key mismatches gracefully.
+        if (plaintext === null && ciphertext) {
+          try {
+            const decoded = Buffer.from(ciphertext, "base64").toString("utf-8");
+            // Sanity check: valid UTF-8 text (not binary garbage)
+            if (/^[\x20-\x7E\s\u00A0-\uFFFF]*$/.test(decoded) && decoded.length > 0) {
+              plaintext = decoded;
+            }
+          } catch {
+            plaintext = null;
+          }
+        }
         const push: InboundPush = {
           messageId: String(msg.messageId ?? ""),
           meshId: String(msg.meshId ?? ""),

apps/cli/src/ws/manager.ts

@@ -11,12 +11,13 @@ import type { Config, JoinedMesh } from "../state/config";
 import { env } from "../env";
 
 const clients = new Map<string, BrokerClient>();
+let configDisplayName: string | undefined;
 
 /** Ensure a BrokerClient exists + is connecting/open for this mesh. */
 export async function ensureClient(mesh: JoinedMesh): Promise<BrokerClient> {
   const existing = clients.get(mesh.meshId);
   if (existing) return existing;
-  const client = new BrokerClient(mesh, { debug: env.CLAUDEMESH_DEBUG });
+  const client = new BrokerClient(mesh, { debug: env.CLAUDEMESH_DEBUG, displayName: configDisplayName });
   clients.set(mesh.meshId, client);
   try {
     await client.connect();
@@ -29,6 +30,7 @@ export async function ensureClient(mesh: JoinedMesh): Promise<BrokerClient> {
 
 /** Start clients for every joined mesh. Called once on MCP server start. */
 export async function startClients(config: Config): Promise<void> {
+  configDisplayName = config.displayName;
   await Promise.allSettled(config.meshes.map(ensureClient));
 }
 

packages/db/migrations/0006_add-sender-session-pubkey.sql

@@ -0,0 +1 @@
+ALTER TABLE "mesh"."message_queue" ADD COLUMN "sender_session_pubkey" text;

packages/db/src/schema/mesh.ts

@@ -222,6 +222,7 @@ export const messageQueue = meshSchema.table("message_queue", {
   senderMemberId: text()
     .references(() => meshMember.id, { onDelete: "cascade", onUpdate: "cascade" })
     .notNull(),
+  senderSessionPubkey: text(),
   targetSpec: text().notNull(),
   priority: messagePriorityEnum().notNull().default("next"),
   nonce: text().notNull(),