@agfpd/iapeer 0.2.20 → 0.2.21

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agfpd/iapeer",
-  "version": "0.2.20",
+  "version": "0.2.21",
   "description": "Foundation core for the iapeer multi-agent ecosystem: identity, registry, storage, codec.",
   "type": "module",
   "bin": {

package/src/cli/cli.test.ts

@@ -153,6 +153,37 @@ describe('send validation', () => {
   })
 })
 
+describe('send → ephemeral target: M3 FIFO parity with the daemon path (iapeer-memory ask)', () => {
+  test('a CLI send to a wake_policy:ephemeral peer ENQUEUES (queued ack), no live/miss bypass', async () => {
+    // an ephemeral worker cwd (profile declares wake_policy) registered in the index
+    const cwd = mkdtempSync(join(tmpdir(), 'iapeer-cli-eph-'))
+    mkdirSync(join(cwd, '.iapeer'), { recursive: true })
+    writeFileSync(
+      join(cwd, '.iapeer', 'peer-profile.json'),
+      JSON.stringify({ personality: 'ephw', runtime: 'claude', runtimes: ['claude'], intelligence: 'artificial', wake_policy: 'ephemeral' }),
+    )
+    const e = env()
+    // routeSend resolves the peers index from the PROCESS env (transport reads
+    // readPeersIndex() bare) — point the process-level root at the sandbox too.
+    const prevRoot = process.env.IAPEER_ROOT
+    process.env.IAPEER_ROOT = root
+    try {
+      await upsertPeer({ personality: 'ephw', runtime: 'claude', cwd, intelligence: 'artificial' }, { rootDir: root })
+      await register('sender')
+      const r = await sendMessage({ from: 'claude-sender', target: 'ephw', message: 'task', env: e })
+      expect(r.queued).toBe(true) // serialized via the disk FIFO, exactly like the daemon path
+      expect(r.queueDepth).toBe(1)
+      // the task is durably on disk for the daemon tick to drain
+      const qdir = join(loadLifecycleConfig(e).stateDir, 'claude-ephw.queue')
+      expect(existsSync(qdir)).toBe(true)
+    } finally {
+      if (prevRoot !== undefined) process.env.IAPEER_ROOT = prevRoot
+      else delete process.env.IAPEER_ROOT
+      rmSync(cwd, { recursive: true, force: true })
+    }
+  })
+})
+
 describe('--help/-h global intercept (CLI hygiene — usage printed, NOTHING executed)', () => {
   let captured: string
   let origWrite: typeof process.stdout.write

package/src/cli/index.ts

@@ -323,9 +323,21 @@ export interface SendOptions extends CliEnvOptions {
 const cliWake: WakeFn = req =>
   wakeOrSpawn({ personality: req.personality, runtime: req.runtime, topic: req.topic, task: req.task })
 
-export async function sendMessage(opts: SendOptions): Promise<{ ok: true; delivered_to: { personality: string; runtime: string } }> {
+export async function sendMessage(
+  opts: SendOptions,
+): Promise<{ ok: true; delivered_to: { personality: string; runtime: string }; queued?: boolean; queueDepth?: number }> {
   const env = opts.env ?? process.env
   const caller = resolveCallerIdentity(parseIdentity(opts.from), readPeersIndex({ env }))
+  // wake_policy:ephemeral M3 parity (iapeer-memory ask, 10.06): the CLI path used
+  // to route an ephemeral target through the normal live/miss path — a notifier
+  // burst landed as TURNS in one live worker session instead of serializing
+  // through the disk FIFO the daemon path uses. Same seam, ONE difference: the
+  // drain kick is a NOOP here — a CLI process exits right after the ack, so an
+  // unawaited in-process wake would die with it; the daemon's supervise-tick
+  // drain scan (≤60 s) picks the queue up — the EXISTING retry path for failed
+  // kicks, not a new mechanism.
+  const { makeEphemeralRouteDeps } = await import('../daemon/main.ts')
+  const cfg = loadLifecycleConfig(env)
   const result = await routeSend(
     caller,
     {
@@ -335,10 +347,15 @@ export async function sendMessage(opts: SendOptions): Promise<{ ok: true; delive
       topic: opts.topic,
       attachments: opts.attachments,
     },
-    { wake: cliWake },
+    { wake: cliWake, ephemeral: makeEphemeralRouteDeps(cfg, env, () => {}) },
   )
   if (!result.ok) throw new Error(result.error.message)
-  return { ok: true, delivered_to: result.value.delivered_to }
+  return {
+    ok: true,
+    delivered_to: result.value.delivered_to,
+    queued: result.value.queued,
+    queueDepth: result.value.queueDepth,
+  }
 }
 
 function parseIdentity(identity: string): { personality: string; runtime: Runtime } {
@@ -714,7 +731,11 @@ export async function runCli(argv: string[], env: NodeJS.ProcessEnv = process.en
           attachments: attachments.length ? attachments : undefined,
           env,
         })
-        out(`delivered to ${r.delivered_to.personality} (${r.delivered_to.runtime})\n`)
+        out(
+          r.queued
+            ? `queued for ${r.delivered_to.personality} (${r.delivered_to.runtime}), depth ${r.queueDepth ?? '?'} — the daemon tick drains it\n`
+            : `delivered to ${r.delivered_to.personality} (${r.delivered_to.runtime})\n`,
+        )
         return 0
       }
       case 'version':

package/src/install/signing.ts

@@ -26,6 +26,18 @@ import { tmpdir } from 'os'
 import { join } from 'path'
 import { spawnSync } from 'child_process'
 
+/** CROSS-PRODUCT CONTRACT (agreed with iapeer-memory, 10.06): this CN is the
+ *  SHARED signing identity of the whole agfpd stack. Each product signs with its
+ *  OWN --identifier (foundation: com.agfpd.iapeer; memory: com.agfpd.iapeer-memory),
+ *  so TCC subjects stay separate while the host carries ONE key (one keychain
+ *  prompt ever). Creation is first-needs-creates with the IDENTICAL profile (EKU
+ *  codeSigning, system LibreSSL p12, import -T /usr/bin/codesign) on both sides.
+ *  Changing the CN or the creation profile is a COORDINATED change across repos.
+ *  Known shared costs: re-creating the identity (deleted/expired — cert is 10 y)
+ *  migrates the TCC grants of EVERY stack product at once; a concurrent
+ *  first-creation by two installers could duplicate the CN (codesign would then
+ *  report an ambiguous identity) — installs are operator-sequential, residual
+ *  risk accepted. */
 export const SIGNING_IDENTITY_CN = 'iapeer Local Codesign'
 export const SIGNING_IDENTIFIER = 'com.agfpd.iapeer'