npm - @dmsdc-ai/aigentry-telepty - Versions diffs - 0.1.52 → 0.1.54 - Mend

@dmsdc-ai/aigentry-telepty 0.1.52 → 0.1.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/BUS_EVENT_SCHEMA.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Telepty Bus Event Schema Standard
-Version: 1.0 (2026-03-15)
+Version: 2.0 (2026-03-15)
 Agreed by: telepty, deliberation, devkit, brain, orchestrator
 ## Transport
@@ -13,9 +13,11 @@ Agreed by: telepty, deliberation, devkit, brain, orchestrator
 ```json
 {
+  "version": 1,
   "message_id": "string (UUID or prefixed ID)",
   "kind": "string (event type)",
   "source": "string (sender identifier)",
+  "source_host": "string (machine_id of sender, e.g. hostname or Tailscale IP)",
   "target": "string | null (target session ID, optional @host suffix)",
   "ts": "ISO 8601 timestamp"
 }
@@ -25,12 +27,38 @@ Agreed by: telepty, deliberation, devkit, brain, orchestrator
 | Field | Type | Description |
 |-------|------|-------------|
+| `version` | number | Envelope schema version (currently 1) |
 | `kind` | string | Event type (NOT `type` — `kind` is canonical) |
 | `target` | string | Target telepty session ID. May include `@host` suffix for remote |
 | `source` | string | Sender identifier (format: `project:session_id`) |
+| `source_host` | string | Machine ID of sender (hostname or TELEPTY_MACHINE_ID) |
 | `message_id` | string | Unique message identifier |
 | `ts` | string | ISO 8601 timestamp |
+## Cross-Machine Addressing
+### Session Locator
+Every session is uniquely identified by a locator triple:
+```json
+{ "machine_id": "hostname", "session_id": "aigentry-devkit-001", "project_id": "aigentry-devkit" }
+```
+### Remote Target Format
+`target` field supports `@host` suffix: `aigentry-devkit-001@100.100.100.5`
+- Router strips suffix, resolves session on local daemon
+- For cross-machine relay (P3), daemon forwards to target host
+### Machine ID
+- Default: `os.hostname()`
+- Override: `TELEPTY_MACHINE_ID` env var
+- Exposed in: `GET /api/meta` (`machine_id` field), session `locator` object, bus event `source_host`
+### Peer Auth
+- Localhost: always trusted
+- Tailscale (100.x.y.z): trusted by default
+- Custom peers: `TELEPTY_PEER_ALLOWLIST=ip1,ip2` env var
+- All others: require `x-telepty-token` header
 ## Routable Events (Auto-Router)
 ### `turn_request`

package/cli.js CHANGED Viewed

@@ -208,6 +208,13 @@ function getDiscoveryHosts() {
     .filter(Boolean);
   extraHosts.forEach((host) => hosts.add(host));
+  // Also include relay peers for cross-machine session discovery
+  const relayPeers = String(process.env.TELEPTY_RELAY_PEERS || '')
+    .split(',')
+    .map((host) => host.trim())
+    .filter(Boolean);
+  relayPeers.forEach((host) => hosts.add(host));
   if (REMOTE_HOST && REMOTE_HOST !== '127.0.0.1') {
     return Array.from(hosts);
   }

package/daemon.js CHANGED Viewed

@@ -10,6 +10,7 @@ const { claimDaemonState, clearDaemonState } = require('./daemon-control');
 const config = getConfig();
 const EXPECTED_TOKEN = config.authToken;
+const MACHINE_ID = process.env.TELEPTY_MACHINE_ID || os.hostname();
 const fs = require('fs');
 const SESSION_PERSIST_PATH = require('path').join(os.homedir(), '.config', 'aigentry-telepty', 'sessions.json');
@@ -35,13 +36,58 @@ const app = express();
 app.use(cors());
 app.use(express.json());
+// Peer allowlist: comma-separated IPs/CIDRs in TELEPTY_PEER_ALLOWLIST env
+const PEER_ALLOWLIST = (process.env.TELEPTY_PEER_ALLOWLIST || '').split(',').map(s => s.trim()).filter(Boolean);
+// Cross-machine bus relay: forward bus events to peer daemons
+const RELAY_PEERS = (process.env.TELEPTY_RELAY_PEERS || '').split(',').map(s => s.trim()).filter(Boolean);
+const RELAY_SEEN = new Set(); // dedup by message_id
+function relayToPeers(msg) {
+  if (RELAY_PEERS.length === 0) return;
+  if (!msg.message_id) msg.message_id = crypto.randomUUID();
+  if (RELAY_SEEN.has(msg.message_id)) return; // already relayed
+  RELAY_SEEN.add(msg.message_id);
+  // Prevent unbounded growth
+  if (RELAY_SEEN.size > 10000) {
+    const arr = [...RELAY_SEEN];
+    arr.splice(0, 5000);
+    RELAY_SEEN.clear();
+    arr.forEach(id => RELAY_SEEN.add(id));
+  }
+  msg.source_host = msg.source_host || MACHINE_ID;
+  msg._relayed_from = MACHINE_ID;
+  for (const peer of RELAY_PEERS) {
+    fetch(`http://${peer}:${PORT}/api/bus/publish`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'x-telepty-token': EXPECTED_TOKEN },
+      body: JSON.stringify(msg),
+      signal: AbortSignal.timeout(3000)
+    }).catch(() => {}); // fire-and-forget
+  }
+}
+function isAllowedPeer(ip) {
+  if (!ip) return false;
+  const cleanIp = ip.replace('::ffff:', '');
+  // Localhost always allowed
+  if (cleanIp === '127.0.0.1' || ip === '::1') return true;
+  // Tailscale range (100.x.y.z)
+  if (cleanIp.startsWith('100.')) return true;
+  // Peer allowlist
+  if (PEER_ALLOWLIST.length > 0) return PEER_ALLOWLIST.includes(cleanIp);
+  // No allowlist = allow all authenticated
+  return false;
+}
 // Authentication Middleware
 app.use((req, res, next) => {
-  const isLocalhost = req.ip === '127.0.0.1' || req.ip === '::1' || req.ip === '::ffff:127.0.0.1';
-  const isTailscale = req.ip && req.ip.startsWith('100.');
-  if (isLocalhost || isTailscale) {
-    return next(); // Trust local and Tailscale networks
+  const clientIp = req.ip;
+  if (isAllowedPeer(clientIp)) {
+    return next(); // Trust local, Tailscale, and allowlisted peers
   }
   const token = req.headers['x-telepty-token'] || req.query.token;
@@ -49,7 +95,7 @@ app.use((req, res, next) => {
     return next();
   }
-  console.warn(`[AUTH] Rejected unauthorized request from ${req.ip}`);
+  console.warn(`[AUTH] Rejected unauthorized request from ${clientIp}`);
   res.status(401).json({ error: 'Unauthorized: Invalid or missing token.' });
 });
@@ -295,8 +341,10 @@ app.get('/api/sessions', (req, res) => {
   const now = Date.now();
   let list = Object.entries(sessions).map(([id, session]) => {
     const idleSeconds = session.lastActivityAt ? Math.floor((now - new Date(session.lastActivityAt).getTime()) / 1000) : null;
+    const projectId = session.cwd ? session.cwd.split('/').pop() : null;
     return {
       id,
+      locator: { machine_id: MACHINE_ID, session_id: id, project_id: projectId },
       type: session.type || 'spawned',
       command: session.command,
       cwd: session.cwd,
@@ -318,8 +366,10 @@ app.get('/api/sessions/:id', (req, res) => {
   if (!resolvedId) return res.status(404).json({ error: 'Session not found' });
   const session = sessions[resolvedId];
   const idleSeconds = session.lastActivityAt ? Math.floor((Date.now() - new Date(session.lastActivityAt).getTime()) / 1000) : null;
+  const projectId = session.cwd ? session.cwd.split('/').pop() : null;
   res.json({
     id: resolvedId,
+    locator: { machine_id: MACHINE_ID, session_id: resolvedId, project_id: projectId },
     alias: requestedId !== resolvedId ? requestedId : null,
     type: session.type || 'spawned',
     command: session.command,
@@ -340,6 +390,7 @@ app.get('/api/meta', (req, res) => {
     pid: process.pid,
     host: HOST,
     port: Number(PORT),
+    machine_id: MACHINE_ID,
     capabilities: ['sessions', 'wrapped-sessions', 'skill-installer', 'singleton-daemon', 'handoff-inbox', 'deliberation-threads']
   });
 });
@@ -924,6 +975,7 @@ function busAutoRoute(msg) {
     type: 'inject_written',
     inject_id,
     sender: 'daemon',
+    source_host: MACHINE_ID,
     target_agent: targetId,
     source_type: 'bus_auto_route',
     delivered,
@@ -954,6 +1006,8 @@ app.post('/api/bus/publish', (req, res) => {
   // Auto-route if this is a turn_request
   busAutoRoute(payload);
+  // Relay to peer daemons (dedup prevents loops)
+  if (!payload._relayed_from) relayToPeers(payload);
   res.json({ success: true, delivered: deliveredCount });
 });
@@ -1364,6 +1418,8 @@ busWss.on('connection', (ws, req) => {
       // Auto-route turn_request events (shared logic with HTTP publish)
       busAutoRoute(msg);
+      // Relay to peer daemons (dedup prevents loops)
+      if (!msg._relayed_from) relayToPeers(msg);
     } catch (e) {
       console.error('[BUS] Invalid message format', e);
     }
@@ -1379,10 +1435,7 @@ server.on('upgrade', (req, socket, head) => {
   const url = new URL(req.url, 'http://' + req.headers.host);
   const token = url.searchParams.get('token');
-  const isLocalhost = req.socket.remoteAddress === '127.0.0.1' || req.socket.remoteAddress === '::1' || req.socket.remoteAddress === '::ffff:127.0.0.1';
-  const isTailscale = req.socket.remoteAddress && req.socket.remoteAddress.startsWith('100.');
-  if (!isLocalhost && !isTailscale && token !== EXPECTED_TOKEN) {
+  if (!isAllowedPeer(req.socket.remoteAddress) && token !== EXPECTED_TOKEN) {
     socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
     socket.destroy();
     return;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dmsdc-ai/aigentry-telepty",
-  "version": "0.1.52",
+  "version": "0.1.54",
   "main": "daemon.js",
   "bin": {
     "aigentry-telepty": "install.js",