Alejandro Gutiérrez 96520394ff docs(spec): session capabilities — first-class concept ...

Spec for the gap #4 follow-up from the 1.34.x triage. Builds on
2026-04-15-per-peer-capabilities.md (member-keyed recipient grants)
by adding a sender-side cap subset on session attestations: parent
member signs {session_pubkey, allowed_caps[], expires_at}, broker
enforces intersection of recipient grants × session caps on every
protected operation.

v2 attestation alongside v1 (different canonical prefix
"claudemesh-session-attest-v2|..." → no collision). Default when
no caps subset is declared = full member caps (today's behavior;
opt-in restriction, not breaking).

CLI surface: claudemesh launch --caps dm,read. Bonus: set_state
gate (state-write cap) ships in the same release — closes the
"any session can clobber shared keys like current-pr" footgun.

Migration: dry-run mode for one release before flipping
enforcement. Mirrors the original per-peer-capabilities rollout.

Estimate: ~1 sprint + 1 week dry-run window.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-04 21:59:18 +01:00

..

2026-04-10-anthropic-vision-meshes-invites.md

feat: anthropic-style mesh + invite redesign (wave 1 checkpoint)

2026-04-10 13:41:11 +01:00

2026-04-10-cli-auth-device-code-pat.md

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

2026-04-10-cli-v2-pass2-facade-pattern.md

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

2026-04-10-cli-v2-pass2-final-vision.md

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

2026-04-10-cli-v2-pass2-local-first-storage.md

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

2026-04-10-cli-v2-pass2-shared-infrastructure.md

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

2026-04-10-cli-v2-pass2-ux-design.md

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

2026-04-11-cli-v2-pass1.md

refactor: rename cli-v2 → cli, archive legacy cli, plus broker-side grants + auto-migrate

2026-04-15 08:44:52 +01:00

2026-04-15-broker-ha-statelessness-audit.md

feat(ga): close remaining GA blockers (backcompat, HA prep, tests, docs)

2026-04-15 23:51:28 +01:00

2026-04-15-claude-code-rich-channel-ui-request.md

chore: wrap up the gap-closing session

2026-04-15 08:53:59 +01:00

2026-04-15-cli-distribution-pipeline.md

docs: specs for binary distribution pipeline + per-peer capabilities

2026-04-15 02:34:45 +01:00

2026-04-15-crypto-review-packet.md

feat(ga): close remaining GA blockers (backcompat, HA prep, tests, docs)

2026-04-15 23:51:28 +01:00

2026-04-15-invite-v2-cli-migration.md

chore: wrap up the gap-closing session

2026-04-15 08:53:59 +01:00

2026-04-15-per-peer-capabilities.md

docs: specs for binary distribution pipeline + per-peer capabilities

2026-04-15 02:34:45 +01:00

2026-05-01-mcp-tool-surface-trim.md

feat(cli): 1.5.0 — CLI-first architecture, tool-less MCP, policy engine

2026-05-02 01:18:19 +01:00

2026-05-02-architecture-north-star.md

feat(cli): 1.5.0 — CLI-first architecture, tool-less MCP, policy engine

2026-05-02 01:18:19 +01:00

2026-05-02-handoff-evening.md

docs(handoff): 2026-05-02 evening — v1.6.x + v1.7.0 demo cut state

2026-05-02 19:35:12 +01:00

2026-05-02-handoff.md

docs(handoff): 2026-05-02 — state after 1.5.0 + v0.2.0 backend

2026-05-02 15:55:53 +01:00

2026-05-02-roadmap.md

docs(roadmap): correct v3.0.0 — opt-in stays, only the form changes

2026-05-02 18:29:59 +01:00

2026-05-02-topic-key-onboarding.md

feat(broker+api+cli): per-topic E2E encryption — v0.3.0 phase 3 (CLI)

2026-05-02 21:03:11 +01:00

2026-05-02-v0.2.0-scope.md

docs(spec): v0.2.0 — humans-in-mesh interface is REST, not browser WS

2026-05-02 02:06:29 +01:00

2026-05-02-workspace-view.md

feat(cli+docs): colorize --help output + workspace view spec

2026-05-02 22:28:46 +01:00

2026-05-04-agentic-comms-architecture-v2.md

docs(specs): m1 — agentic-comms architecture spec (v1 + v2 frozen)

2026-05-04 18:11:29 +01:00

2026-05-04-agentic-comms-architecture.md

docs(specs): m1 — agentic-comms architecture spec (v1 + v2 frozen)

2026-05-04 18:11:29 +01:00

2026-05-04-per-session-presence.md

docs(spec): per-session broker presence (queued for 1.30.0)

2026-05-04 12:47:31 +01:00

2026-05-04-session-capabilities.md

docs(spec): session capabilities — first-class concept

2026-05-04 21:59:18 +01:00

2026-05-04-v2-roadmap-completion.md

feat(daemon): sprint 4 outbound routing + CLI thin-client + ambient mode

2026-05-04 01:36:16 +01:00