alezmad/claudemesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
622ea569ad5a72801f673055ecbc9844e8bb21da
claudemesh/apps/cli/CHANGELOG.md
Alejandro Gutiérrez ee12510ef1
Some checks failed
CI / Lint (push) Has been cancelled
Details
CI / Typecheck (push) Has been cancelled
Details
CI / Broker tests (Postgres) (push) Has been cancelled
Details
CI / Docker build (linux/amd64) (push) Has been cancelled
Details
refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate 
- apps/cli/ is now the canonical CLI (was apps/cli-v2/).
- apps/cli/ legacy v0 archived as branch 'legacy-cli-archive' and tag
  'cli-v0-legacy-final' before deletion; git history preserves it too.
- .github/workflows/release-cli.yml paths updated.
- pnpm-lock.yaml regenerated.

Broker-side peer-grant enforcement (spec: 2026-04-15-per-peer-capabilities):
- 0020_peer-grants.sql adds peer_grants jsonb + GIN index on mesh.member.
- handleSend in broker fetches recipient grant maps once per send, drops
  messages silently when sender lacks the required capability.
- POST /cli/mesh/:slug/grants to update from CLI; broker_messages_dropped_by_grant_total metric.
- CLI grant/revoke/block now mirror to broker via syncToBroker.

Auto-migrate on broker startup:
- apps/broker/src/migrate.ts runs drizzle migrate with pg_advisory_lock
  before the HTTP server binds. Exits non-zero on failure so Coolify
  healthcheck fails closed.
- Dockerfile copies packages/db/migrations into /app/migrations.
- postgres 3.4.5 added as direct broker dep.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 08:44:52 +01:00

2.0 KiB
Raw Blame History

Changelog

1.0.0-alpha.0 (2026-04-13)

Architecture

  • Complete folder restructure: entrypoints/, cli/, commands/, services/ (17 feature-folders with facade pattern), ui/, mcp/, constants/, types/, utils/, locales/, templates/
  • 212 source files, 10,900 lines
  • ESM-only, Bun bundler, TypeScript strict mode

New CLI commands

  • claudemesh register — account creation via browser handoff
  • claudemesh login — device-code OAuth
  • claudemesh logout — revoke session + clear credentials
  • claudemesh whoami — identity check with --json support
  • claudemesh new <name> — create mesh from CLI (was dashboard-only)
  • claudemesh invite [email] — generate invite from CLI (was dashboard-only)

Ported from v1 (full feature parity)

  • All 79 MCP tools
  • All 85 WS message types (broker protocol unchanged)
  • Welcome wizard, launch flow, install/uninstall
  • Ed25519 + NaCl crypto (keypairs, crypto_box DMs, file encryption)
  • Reconnect with exponential backoff
  • Status priority engine, scheduled messages, URL watch
  • Doctor checks, Telegram bridge connect wizard

Security hardening (25 bugs fixed across 4 reviews)

  • execFile instead of exec for browser open (command injection fix)
  • ReDoS-safe pattern matching in peer file sharing
  • Atomic config writes via temp file + rename
  • Auth token stored with openSync(mode: 0o600) — no permission race
  • Decryption oracle collapsed to generic error in get_file
  • Download size limit (100MB) on file retrieval
  • Path traversal protection with realpathSync for symlink escapes
  • Callback listener double-resolve guard
  • Push buffer 1MB per-message truncation
  • makeReqId uses crypto.randomBytes instead of Math.random
  • Connect guard prevents double-connect race

Breaking changes from v0.10.x

  • Flat command namespace (no launch subcommand, no advanced prefix)
  • New config shape (same data, cleaner layout)
  • New --json output format with schema_version: "1.0"
  • New exit codes (see constants/exit-codes.ts)
Reference in New Issue View Git Blame Copy Permalink