Alejandro Gutiérrez 96520394ff docs(spec): session capabilities — first-class concept ...

Spec for the gap #4 follow-up from the 1.34.x triage. Builds on
2026-04-15-per-peer-capabilities.md (member-keyed recipient grants)
by adding a sender-side cap subset on session attestations: parent
member signs {session_pubkey, allowed_caps[], expires_at}, broker
enforces intersection of recipient grants × session caps on every
protected operation.

v2 attestation alongside v1 (different canonical prefix
"claudemesh-session-attest-v2|..." → no collision). Default when
no caps subset is declared = full member caps (today's behavior;
opt-in restriction, not breaking).

CLI surface: claudemesh launch --caps dm,read. Bonus: set_state
gate (state-write cap) ships in the same release — closes the
"any session can clobber shared keys like current-pr" footgun.

Migration: dry-run mode for one release before flipping
enforcement. Mirrors the original per-peer-capabilities rollout.

Estimate: ~1 sprint + 1 week dry-run window.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-04 21:59:18 +01:00

..

backlog

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

hero-animation

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

ideas

feat(cli+broker): three-tier peer removal: disconnect, kick, ban

2026-04-20 09:55:05 +01:00

prompts

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

shipped

chore(release): cli 1.22.0 — daemon v0.9.0 + housekeeping

2026-05-03 20:24:32 +01:00

specs

docs(spec): session capabilities — first-class concept

2026-05-04 21:59:18 +01:00