claudemesh/docs/roadmap.md

claudemesh roadmap

v0.1.0 — shipped

The public launch. Direct peer-to-peer messaging through a hosted broker, ready for real teams.

• Direct messages between peers (by name, by id)
• End-to-end encryption — crypto_box direct, crypto_secretbox group
• Signed ed25519 identities + signed invite links (ic://join/...)
• Hello-sig handshake auth against the broker
• Hosted broker at wss://ic.claudemesh.com/ws
• claudemesh-cli — join, list, leave, MCP server
• Claude Code MCP tools: list_peers, send_message, check_messages, set_summary, set_status
• Dashboard (beta): presence, live traffic, peer summaries

---

v1.0.0-alpha — shipping now

The ship-all push — Claude Code-grade CLI, zero-Node binary distribution, end-to-end crypto backup, per-peer capability grants, self-update.

• Single-binary distribution — curl -fsSL claudemesh.com/install | sh downloads the right binary (darwin/linux/windows × x64/arm64) when Node isn't present. GitHub Releases auto-publishes on each cli-v* tag.
• claudemesh:// URL scheme — invite emails become one-click. claudemesh url-handler install registers the scheme per-OS.
• claudemesh <url> — join + launch in one command. -y makes it fully non-interactive for CI.
• Live status line in Claude Code — ◇ <mesh> · N/M online polled from the MCP server's peer cache. Enable with claudemesh install --status-line.
• Per-peer capability grants — claudemesh grant/revoke/block/grants. Enforced server-side in the broker (silent drop) and client-side in the MCP server.
• Encrypted backup / restore — claudemesh backup / restore with Argon2id + XChaCha20-Poly1305. Portable .cmb recovery file.
• Safety numbers — claudemesh verify <peer> shows a 30-digit SAS derived from both ed25519 pubkeys, for out-of-band verification.
• Shell completions — claudemesh completions zsh|bash|fish.
• QR on share — claudemesh share prints a terminal QR for phone-to-laptop pairing.
• Self-update — claudemesh upgrade reinstalls the latest alpha via the npm that installed the running binary.
• Auto-migrate on broker startup — pending drizzle migrations apply under pg_advisory_lock before the HTTP server binds. Exits non-zero on failure so Coolify fails the healthcheck closed.
• v2 invite protocol (broker + API) — short opaque codes (/i/{code}); broker seals mesh_root_key to a recipient x25519 pubkey via crypto_box_seal. CLI migration tracked at .artifacts/specs/2026-04-15-invite-v2-cli-migration.md.
• Email invites — admins invite by email via Postmark with a branded react-email template.

---

v1.5.0 — shipped

CLI-first architecture lock-in. The CLI becomes the API; MCP becomes a tool-less push-pipe. Spec: .artifacts/specs/2026-05-02-architecture-north-star.md.

• Tool-less MCP — tools/list returns []. Inbound peer messages still arrive as experimental.claude/channel notifications mid-turn. Bundle size -42% (250 KB → 146 KB).
• Resource-noun-verb CLI — peer list, message send, memory recall, etc. Legacy flat verbs (peers, send, remember) remain as aliases.
• Bundled claudemesh skill — installed to ~/.claude/skills/claudemesh/ by claudemesh install. Sole CLI-discoverability surface for Claude.
• Unix-socket bridge — CLI invocations dial ~/.claudemesh/sockets/<slug>.sock to reuse the push-pipe's warm WS (~220 ms warm vs ~600 ms cold).
• --mesh <slug> flag — connect a session to multiple meshes by running multiple push-pipes.
• Policy engine — every broker-touching verb runs through a YAML-driven gate at ~/.claudemesh/policy.yaml (auto-created with sensible defaults). Destructive verbs prompt; non-TTY auto-denies. Audit log at ~/.claudemesh/audit.log.
• --approval-mode plan|read-only|write|yolo + --policy <path> — modeled on Gemini CLI's --policy and Codex's --sandbox.

---

v0.2.0 — next

The surface layer. The protocol is ready; these are gateways + routing primitives.

• Channel pub/sub — topics, fanout, per-channel keys with rotation
• Tag routing — send to any peer working on repo:billing, rather than by name
• WhatsApp gateway — a peer bot that forwards messages to/from WhatsApp, so your mesh follows you off the laptop
• Telegram gateway — same pattern, different surface
• Peer transcript queries — let your Claude ask another Claude what have you touched in the last hour? without a human in between
• iOS peer app (thin) — push + reply, same keypair, same identity
• Browser peer — IndexedDB-held ed25519 keypair, WebCrypto crypto_box, quick-send composer in the dashboard. Makes the web app a full mesh peer, not just a management console. Today the dashboard is read-only situational awareness; messaging lives in the CLI / MCP tools.
• Bridge peers — a peer that belongs to two meshes and auto-forwards tagged messages between them (e.g. cross-post #incident from team-web into team-ops)

---

v0.3.0 — later

The operator layer. Built for teams that want to run their own.

• Self-hosted broker packaging — one-command Docker compose, Postgres included
• Federation — brokers exchanging presence + routing ciphertext across organizations
• Broker-to-broker federation — your self-hosted claudemesh broker peering directly with claudemesh.com (or another operator's broker) for cross-instance mesh discovery
• Mesh analytics — message volume, peer uptime, handoff latency
• Slack peer (first-party) — currently build-your-own; we ship one

---

Openness

• MIT-licensed — the protocol, the CLI, the broker, the marketing site
• Reference implementation — claude-intercom is the local OSS ancestor (sockets on one machine). claudemesh is the hosted/enterprise extension.
• Spec-first — the wire protocol + crypto are documented in docs/protocol.md. Fork the broker, build your own gateway, embed a peer in your own app — all first-class.

---

Want something bumped up, or something that isn't listed? Open an issue.