abaa4bcf87
Long-lived process that holds a persistent WS to the broker and exposes
a local IPC surface (UDS + bearer-auth TCP loopback). Implements the
v0.9.0 spec under .artifacts/specs/.
Core:
- daemon up | status | version | down | accept-host
- daemon outbox list [--failed|--pending|--inflight|--done|--aborted]
- daemon outbox requeue <id> [--new-client-id <id>]
- daemon install-service / uninstall-service (macOS launchd, Linux systemd)
IPC routes:
- /v1/version, /v1/health
- /v1/send (POST) — full §4.5.1 idempotency lookup table
- /v1/inbox (GET) — paged history
- /v1/events — SSE stream of message/peer_join/peer_leave/broker_status
- /v1/peers — broker passthrough
- /v1/profile — summary/status/visible/avatar/title/bio/capabilities
- /v1/outbox + /v1/outbox/requeue — operator recovery
Storage (SQLite via node:sqlite / bun:sqlite):
- outbox.db: pending/inflight/done/dead/aborted with audit columns
- inbox.db: dedupe by client_message_id, decrypts DMs via existing crypto
- BEGIN IMMEDIATE serialization for daemon-local accept races
Identity:
- host_fingerprint.json (machine-id || first-stable-mac)
- refuse-on-mismatch policy with `daemon accept-host` recovery
CLI integration:
- claudemesh send detects the daemon and routes through /v1/send when
present, falling back to bridge socket / cold path otherwise
Tests: 15-case coverage of the §4.5.1 IPC duplicate lookup table.
Spec arc preserved at .artifacts/specs/2026-05-03-daemon-{v1..v10}.md;
v0.9.0 implementation target locked at 2026-05-03-daemon-spec-v0.9.0.md;
deferred items at 2026-05-03-daemon-spec-broker-hardening-followups.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
124 lines
4.5 KiB
TypeScript
124 lines
4.5 KiB
TypeScript
// Accidental-clone detection per spec §2.2. Catches restored backups
|
|
// and copy-pasted homedirs by comparing a stable host fingerprint
|
|
// against the one we wrote at first daemon start.
|
|
//
|
|
// NOT attacker-grade: anyone copying both the keypair AND the
|
|
// host_fingerprint defeats this. Threat model §16 says so explicitly.
|
|
|
|
import { existsSync, readFileSync, writeFileSync } from "node:fs";
|
|
import { join } from "node:path";
|
|
import { createHash, randomUUID } from "node:crypto";
|
|
import { networkInterfaces } from "node:os";
|
|
|
|
import { DAEMON_PATHS } from "./paths.js";
|
|
|
|
export type ClonePolicy = "refuse" | "warn" | "allow";
|
|
|
|
export interface FingerprintRecord {
|
|
schema_version: 1;
|
|
fingerprint: string; // sha256 hex
|
|
host_id: string; // raw, for diagnostics
|
|
stable_mac: string; // raw, for diagnostics
|
|
written_at: string; // ISO date
|
|
}
|
|
|
|
export interface FingerprintCheck {
|
|
result: "first_run" | "match" | "mismatch" | "unavailable";
|
|
current: FingerprintRecord;
|
|
stored?: FingerprintRecord;
|
|
}
|
|
|
|
const FILE_NAME = "host_fingerprint.json";
|
|
|
|
function path(): string { return join(DAEMON_PATHS.DAEMON_DIR, FILE_NAME); }
|
|
|
|
/** Compute (without writing) the current host fingerprint. */
|
|
export function computeCurrentFingerprint(): FingerprintRecord {
|
|
// Per spec §2.2 / followups doc: when neither host_id nor a stable MAC
|
|
// are readable we fall back to a persisted random UUID. We DO NOT mint
|
|
// a fresh random per call (that would make every restart look like a
|
|
// clone). Instead, leave host_id empty when unknown — the MAC alone
|
|
// identifies the host for accidental-clone detection.
|
|
const host_id = readHostId() ?? "";
|
|
const stable_mac = pickStableMac() ?? "";
|
|
const fp = createHash("sha256").update(host_id, "utf8").update("\0").update(stable_mac, "utf8").digest("hex");
|
|
return {
|
|
schema_version: 1,
|
|
fingerprint: fp,
|
|
host_id,
|
|
stable_mac,
|
|
written_at: new Date().toISOString(),
|
|
};
|
|
}
|
|
|
|
// `randomUUID` is no longer used after the random-fallback fix; keep the
|
|
// import only if other helpers need it.
|
|
void randomUUID;
|
|
|
|
/** Read or write the persisted fingerprint and report the result. */
|
|
export function checkFingerprint(): FingerprintCheck {
|
|
const current = computeCurrentFingerprint();
|
|
if (!existsSync(path())) {
|
|
writeFileSync(path(), JSON.stringify(current, null, 2), { mode: 0o600 });
|
|
return { result: "first_run", current };
|
|
}
|
|
let stored: FingerprintRecord;
|
|
try { stored = JSON.parse(readFileSync(path(), "utf8")) as FingerprintRecord; }
|
|
catch { return { result: "unavailable", current }; }
|
|
if (stored.fingerprint === current.fingerprint) return { result: "match", current, stored };
|
|
return { result: "mismatch", current, stored };
|
|
}
|
|
|
|
/** Re-write the fingerprint file. Used by `daemon accept-host`. */
|
|
export function acceptCurrentHost(): FingerprintRecord {
|
|
const current = computeCurrentFingerprint();
|
|
writeFileSync(path(), JSON.stringify(current, null, 2), { mode: 0o600 });
|
|
return current;
|
|
}
|
|
|
|
// ── platform helpers ───────────────────────────────────────────────────
|
|
|
|
function readHostId(): string | null {
|
|
// Linux: /etc/machine-id (or /var/lib/dbus/machine-id).
|
|
if (process.platform === "linux") {
|
|
for (const p of ["/etc/machine-id", "/var/lib/dbus/machine-id"]) {
|
|
try {
|
|
const raw = readFileSync(p, "utf8").trim();
|
|
if (raw) return `linux:${raw}`;
|
|
} catch { /* try next */ }
|
|
}
|
|
return null;
|
|
}
|
|
// macOS: IOPlatformUUID via ioreg. We avoid spawning by checking ENV.
|
|
if (process.platform === "darwin") {
|
|
// No reliable file; fall back to MAC-only fingerprint.
|
|
return null;
|
|
}
|
|
// Windows: HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid. Skip in v0.9.0.
|
|
return null;
|
|
}
|
|
|
|
function pickStableMac(): string | null {
|
|
const ifs = networkInterfaces();
|
|
const candidates: string[] = [];
|
|
for (const [name, addrs] of Object.entries(ifs)) {
|
|
if (!addrs) continue;
|
|
if (isIgnoredInterface(name)) continue;
|
|
for (const a of addrs) {
|
|
if (a.internal) continue;
|
|
if (!a.mac || a.mac === "00:00:00:00:00:00") continue;
|
|
candidates.push(`${name}::${a.mac}`);
|
|
break;
|
|
}
|
|
}
|
|
if (candidates.length === 0) return null;
|
|
candidates.sort(); // lex by interface name
|
|
const first = candidates[0]!;
|
|
const idx = first.indexOf("::");
|
|
return idx >= 0 ? first.slice(idx + 2) : first;
|
|
}
|
|
|
|
function isIgnoredInterface(name: string): boolean {
|
|
return /^(lo|docker|br-|veth|tap|tun|tailscale|wg|utun|ppp|vboxnet|vmnet|awdl|llw)/i.test(name);
|
|
}
|