npm - @sleep2agi/commhub-server - Versions diffs - 0.5.4-preview.0 → 0.7.0-preview.0 - Mend

@sleep2agi/commhub-server 0.5.4-preview.0 → 0.7.0-preview.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,202 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+   1. Definitions.
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+   END OF TERMS AND CONDITIONS
+   APPENDIX: How to apply the Apache License to your work.
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+   Copyright [yyyy] [name of copyright owner]
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md CHANGED Viewed

@@ -2,13 +2,13 @@
 CommHub: MCP Streamable HTTP + SSE push + REST API for an AI agent network. Single-process Bun server, SQLite-backed, zero config.
-**Current preview line.** The supported path is to install the `anet` CLI (`@sleep2agi/agent-network` 2.0.3-preview.4) and run `anet hub start`, which wires up port, the server token, the default account, and local config for you.
+The supported path is to install the `anet` CLI (`@sleep2agi/agent-network` 2.1.0) and run `anet hub start`, which wires up port, the server token, the default account, and local config for you.
 ## Quick start (verified)
 ```bash
 # Recommended — through the anet CLI
-npm install -g @sleep2agi/agent-network@preview
+npm install -g @sleep2agi/agent-network
 anet hub start
 #   • http://127.0.0.1:9200 by default
 #   • SQLite at ~/.commhub/commhub.db
@@ -35,9 +35,9 @@ Once running:
 | Package | Version |
 |---|---|
-| [`@sleep2agi/agent-network`](https://www.npmjs.com/package/@sleep2agi/agent-network) | 2.0.3-preview.4 |
-| [`@sleep2agi/agent-network-dashboard`](https://www.npmjs.com/package/@sleep2agi/agent-network-dashboard) | 0.2.1-preview.1 |
-| [`@sleep2agi/agent-node`](https://www.npmjs.com/package/@sleep2agi/agent-node) | 2.2.0-preview.1 |
+| [`@sleep2agi/agent-network`](https://www.npmjs.com/package/@sleep2agi/agent-network) | 2.1.0 |
+| [`@sleep2agi/agent-network-dashboard`](https://www.npmjs.com/package/@sleep2agi/agent-network-dashboard) | 0.3.0 |
+| [`@sleep2agi/agent-node`](https://www.npmjs.com/package/@sleep2agi/agent-node) | 2.3.0 |
 ## MCP tools (18)

package/bin/commhub.ts CHANGED Viewed

@@ -6,6 +6,7 @@
  *   npx @sleep2agi/commhub-server
  *   npx @sleep2agi/commhub-server --port 9200
  *   npx @sleep2agi/commhub-server --port 9200 --token my-secret
+ *   npx @sleep2agi/commhub-server --dev-open
  *   npx @sleep2agi/commhub-server --db ~/.commhub/commhub.db
  */
@@ -13,9 +14,11 @@ const args = process.argv.slice(2);
 for (let i = 0; i < args.length; i++) {
   if (args[i] === "--port" || args[i] === "-p") process.env.PORT = args[++i];
+  if (args[i] === "--host") process.env.HOST = args[++i];
   if (args[i] === "--token" || args[i] === "-t") process.env.COMMHUB_AUTH_TOKEN = args[++i];
   if (args[i] === "--db") process.env.COMMHUB_DB = args[++i];
   if (args[i] === "--cors") process.env.COMMHUB_CORS_ORIGINS = args[++i];
+  if (args[i] === "--dev-open") process.env.COMMHUB_DEV_OPEN = "1";
   if (args[i] === "--help" || args[i] === "-h") {
     console.log(`
 CommHub MCP Server — AI Agent 通信中枢
@@ -25,20 +28,26 @@ Usage:
 Options:
   --port, -p <port>       Port to listen on (default: 9200, env: PORT)
+  --host <host>           Host to bind (default: 127.0.0.1, env: HOST)
   --token, -t <token>     Auth token (env: COMMHUB_AUTH_TOKEN)
   --db <path>             SQLite database path (default: ~/.commhub/commhub.db, env: COMMHUB_DB)
   --cors <origins>        CORS origins, comma-separated (env: COMMHUB_CORS_ORIGINS)
+  --dev-open              Explicit unauthenticated local development mode
   --help, -h              Show this help
 Environment Variables:
   PORT                    Server port (default: 9200)
-  COMMHUB_AUTH_TOKEN      Bearer token for authentication
+  HOST                    Bind address (default: 127.0.0.1)
+  COMMHUB_AUTH_TOKEN      Bearer token for authentication (required unless --dev-open)
+  COMMHUB_DEV_OPEN        Set to 1 to allow unauthenticated dev mode
   COMMHUB_DB              SQLite database file path
   COMMHUB_CORS_ORIGINS    Allowed CORS origins (comma-separated)
+  COMMHUB_ENABLE_TMUX     Set to 1 to enable tmux HTTP/WebSocket endpoints
+  COMMHUB_TMUX_ALLOWLIST  Additional comma-separated client IPs allowed for tmux
 Examples:
-  commhub-server --port 9200
   commhub-server --port 9200 --token my-secret-token
+  commhub-server --port 9200 --dev-open
   PORT=9200 COMMHUB_AUTH_TOKEN=secret commhub-server
 `);
     process.exit(0);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sleep2agi/commhub-server",
-  "version": "0.5.4-preview.0",
+  "version": "0.7.0-preview.0",
   "description": "CommHub Server — AI Agent communication hub with MCP protocol, multi-network isolation, user auth, and 18 MCP tools.",
   "type": "module",
   "main": "src/index.ts",
@@ -28,13 +28,19 @@
     "license"
   ],
   "author": "sleep2agi",
-  "license": "MIT",
-  "homepage": "https://anet.vansin.me",
+  "license": "Apache-2.0",
+  "homepage": "https://anet.sh",
   "repository": {
     "type": "git",
     "url": "https://github.com/sleep2agi/agent-network",
     "directory": "server"
   },
+  "publishConfig": {
+    "access": "public"
+  },
+  "bugs": {
+    "url": "https://github.com/sleep2agi/agent-network/issues"
+  },
   "engines": {
     "bun": ">=1.2.0"
   },

package/src/db-adapter.ts CHANGED Viewed

@@ -110,16 +110,13 @@ export function sqliteToPostgres(sql: string): string {
 }
 /**
- * PostgreSQL adapter using a persistent worker subprocess.
+ * PostgreSQL adapter using a synchronous subprocess bridge.
  *
- * Architecture: a single node child process holds a pg.Pool connection.
- * Queries are sent via stdin (JSON line), responses read from stdout.
- * Bun.spawnSync is used per-query for sync blocking, but the PG
- * connection is persistent (no reconnect overhead per query).
- *
- * For full production use, the adapter interface should be async.
- * This sync bridge works because all MCP handlers are async —
- * the future migration is adding `await` before db calls.
+ * TODO(P0-4): this is not transaction-safe. querySync currently starts a
+ * fresh `node -e` process for every statement, so BEGIN/COMMIT/ROLLBACK do
+ * not share one backend connection. PostgreSQL support is demoted behind
+ * SQLite for now; before advertising it as production-ready, replace this
+ * bridge with a long-lived worker or make DbAdapter async and use pg directly.
  */
 export class PgAdapter implements DbAdapter {
   readonly dialect = "postgres" as const;
@@ -196,6 +193,7 @@ export class PgAdapter implements DbAdapter {
   }
   transaction<T>(fn: () => T): T {
+    // Not atomic for PostgreSQL until P0-4 is implemented; see class TODO.
     this.querySync("BEGIN");
     try {
       const result = fn();

package/src/db.ts CHANGED Viewed

@@ -6,7 +6,7 @@ export const db: DbAdapter = createAdapter();
 db.exec(`
   CREATE TABLE IF NOT EXISTS sessions (
     resume_id     TEXT PRIMARY KEY,
-    alias         TEXT UNIQUE,
+    alias         TEXT,
     tmux_name     TEXT,
     server        TEXT DEFAULT 'unknown',
     ip            TEXT,
@@ -19,8 +19,10 @@ db.exec(`
     output        TEXT,
     progress      INTEGER DEFAULT 0,
     score         REAL,
+    network_id    TEXT NOT NULL DEFAULT 'default',
     registered_at TEXT NOT NULL DEFAULT (datetime('now')),
-    updated_at    TEXT NOT NULL DEFAULT (datetime('now'))
+    updated_at    TEXT NOT NULL DEFAULT (datetime('now')),
+    UNIQUE (network_id, alias)
   );
   CREATE TABLE IF NOT EXISTS inbox (
@@ -300,7 +302,82 @@ try {
 for (const table of ["sessions", "nodes", "tasks", "inbox", "task_events", "completions"]) {
   try { db.exec(`ALTER TABLE ${table} ADD COLUMN network_id TEXT`); } catch {}
 }
+// ── P0: sessions alias uniqueness is network-scoped.
+// Older SQLite databases created `alias TEXT UNIQUE`, which prevents the same
+// agent alias from existing in two networks. SQLite cannot drop a UNIQUE
+// constraint in place, so rebuild the table once with UNIQUE(network_id, alias).
+function migrateSessionsNetworkAliasUnique() {
+  try {
+    db.run("UPDATE sessions SET network_id = 'default' WHERE network_id IS NULL OR network_id = ''");
+  } catch {}
+  if (db.dialect === "postgres") {
+    try { db.exec("ALTER TABLE sessions ALTER COLUMN network_id SET DEFAULT 'default'"); } catch {}
+    try { db.exec("UPDATE sessions SET network_id = 'default' WHERE network_id IS NULL OR network_id = ''"); } catch {}
+    try { db.exec("ALTER TABLE sessions DROP CONSTRAINT IF EXISTS sessions_alias_key"); } catch {}
+    try { db.exec("CREATE UNIQUE INDEX IF NOT EXISTS idx_sessions_network_alias_unique ON sessions(network_id, alias)"); } catch {}
+    return;
+  }
+  let needsRebuild = true;
+  try {
+    const createSql = db.get<{ sql: string }>("SELECT sql FROM sqlite_master WHERE type = 'table' AND name = 'sessions'");
+    needsRebuild = !!createSql?.sql && !/UNIQUE\s*\(\s*network_id\s*,\s*alias\s*\)/i.test(createSql.sql);
+  } catch {}
+  if (!needsRebuild) return;
+  db.transaction(() => {
+    db.exec("DROP TABLE IF EXISTS sessions_migrated");
+    db.exec(`
+      CREATE TABLE sessions_migrated (
+        resume_id     TEXT PRIMARY KEY,
+        alias         TEXT,
+        tmux_name     TEXT,
+        server        TEXT DEFAULT 'unknown',
+        ip            TEXT,
+        hostname      TEXT,
+        agent         TEXT,
+        project_dir   TEXT,
+        version       TEXT,
+        status        TEXT DEFAULT 'offline',
+        task          TEXT,
+        output        TEXT,
+        progress      INTEGER DEFAULT 0,
+        score         REAL,
+        registered_at TEXT NOT NULL DEFAULT (datetime('now')),
+        updated_at    TEXT NOT NULL DEFAULT (datetime('now')),
+        node_id       TEXT,
+        session_id    TEXT,
+        config_path   TEXT,
+        channels      TEXT,
+        last_seen_at  TEXT,
+        network_id    TEXT NOT NULL DEFAULT 'default',
+        UNIQUE (network_id, alias)
+      )
+    `);
+    db.exec(`
+      INSERT OR REPLACE INTO sessions_migrated (
+        resume_id, alias, tmux_name, server, ip, hostname, agent, project_dir, version,
+        status, task, output, progress, score, registered_at, updated_at, node_id,
+        session_id, config_path, channels, last_seen_at, network_id
+      )
+      SELECT
+        resume_id, alias, tmux_name, server, ip, hostname, agent, project_dir, version,
+        status, task, output, progress, score, registered_at, updated_at, node_id,
+        session_id, config_path, channels, last_seen_at,
+        COALESCE(NULLIF(network_id, ''), 'default')
+      FROM sessions
+      ORDER BY updated_at
+    `);
+    db.exec("DROP TABLE sessions");
+    db.exec("ALTER TABLE sessions_migrated RENAME TO sessions");
+  });
+}
+migrateSessionsNetworkAliasUnique();
 try { db.exec("CREATE INDEX IF NOT EXISTS idx_sessions_network ON sessions(network_id)"); } catch {}
+try { db.exec("CREATE UNIQUE INDEX IF NOT EXISTS idx_sessions_network_alias_unique ON sessions(network_id, alias)"); } catch {}
 try { db.exec("CREATE INDEX IF NOT EXISTS idx_tasks_network ON tasks(network_id)"); } catch {}
 try { db.exec("CREATE INDEX IF NOT EXISTS idx_nodes_network ON nodes(network_id)"); } catch {}
 try { db.exec("CREATE INDEX IF NOT EXISTS idx_inbox_network ON inbox(network_id)"); } catch {}

package/src/index.ts CHANGED Viewed

@@ -3,12 +3,26 @@ import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/
 import { z } from "zod/v4";
 import { registerTools } from "./tools.js";
 import { db, logTaskEvent, logAudit } from "./db.js";
-import { createSSEStream, pushEvent, pushBroadcast, getSSEStats } from "./push.js";
+import { createSSEStream, pushEvent, getSSEStats } from "./push.js";
 import { register, login, resolveToken, getUserNetworks, getUserAllNetworks, createNetwork, deleteNetwork, renameNetwork, changePassword, listTokens, createToken, revokeToken, getNetworkMembers, getUserNetworkRole, addNetworkMember, updateMemberRole, removeNetworkMember, createInvite, joinByInvite, createNetworkTokenForNode, type AuthUser } from "./auth.js";
 const PORT = Number(process.env.PORT) || 9200;
-const HOST = process.env.HOST || "0.0.0.0";
+const HOST = process.env.HOST || "127.0.0.1";
 const AUTH_TOKEN = process.env.COMMHUB_AUTH_TOKEN;
+const DEV_OPEN = process.argv.includes("--dev-open") || process.env.COMMHUB_DEV_OPEN === "1";
+const TMUX_ENABLED = process.env.COMMHUB_ENABLE_TMUX === "1";
+const SECURITY_LABEL = AUTH_TOKEN ? "🔒 secured" : "⚠️ DEV OPEN MODE";
+const TMUX_ALLOWLIST = new Set(
+  (process.env.COMMHUB_TMUX_ALLOWLIST || "")
+    .split(",")
+    .map((s) => s.trim())
+    .filter(Boolean)
+);
+if (!AUTH_TOKEN && !DEV_OPEN) {
+  console.error("[commhub] refusing to start without COMMHUB_AUTH_TOKEN. Use --dev-open or COMMHUB_DEV_OPEN=1 for local-only development.");
+  process.exit(1);
+}
 // Read version from package.json so banners and /health stay in sync.
 const SERVER_VERSION = (() => {
@@ -70,10 +84,19 @@ function createServer(clientIP?: string, enforceNetworkId?: string | null, enfor
 }
 // ── Auth helper ─────────────────────────────────────
-function requireAuth(req: Request): Response | null {
+function requestToken(req: Request): string {
   const header = req.headers.get("Authorization")?.replace("Bearer ", "");
   const url = new URL(req.url);
-  const token = header || url.searchParams.get("token") || "";
+  return header || url.searchParams.get("token") || "";
+}
+function isLegacyAuthToken(req: Request): boolean {
+  const token = requestToken(req);
+  return !!AUTH_TOKEN && token === AUTH_TOKEN;
+}
+function requireAuth(req: Request): Response | null {
+  const token = requestToken(req);
   // V3: check api_tokens first
   if (token) {
@@ -82,17 +105,46 @@ function requireAuth(req: Request): Response | null {
   }
   // Legacy: check global COMMHUB_AUTH_TOKEN
-  if (!AUTH_TOKEN) return null; // no token = open mode (dev)
+  if (!AUTH_TOKEN && DEV_OPEN) return null; // explicit local/dev open mode
   if (token === AUTH_TOKEN) return null;
   return Response.json({ error: "unauthorized" }, { status: 401 });
 }
+function getClientIP(req: Request, server?: any): string {
+  const direct = server?.requestIP?.(req)?.address;
+  if (direct) return direct;
+  const fwd = req.headers.get("x-forwarded-for");
+  return fwd ? fwd.split(",")[0].trim() : (req.headers.get("x-real-ip") ?? "unknown");
+}
+function isLocalhostIP(ip: string): boolean {
+  return ip === "127.0.0.1" || ip === "::1" || ip === "::ffff:127.0.0.1" || ip === "localhost";
+}
+function isTmuxAllowedIP(ip: string): boolean {
+  return isLocalhostIP(ip) || TMUX_ALLOWLIST.has(ip);
+}
+function requireAdminAuth(req: Request): Response | null {
+  const token = requestToken(req);
+  if (!token) return Response.json({ ok: false, error: "auth required" }, { status: 401 });
+  const resolved = resolveToken(token);
+  if (!resolved) return Response.json({ ok: false, error: "invalid token" }, { status: 401 });
+  if (resolved.user.role !== "admin") return Response.json({ ok: false, error: "admin required" }, { status: 403 });
+  return null;
+}
+function requireTmuxAccess(req: Request, server?: any): Response | null {
+  if (!TMUX_ENABLED) return Response.json({ ok: false, error: "tmux disabled" }, { status: 404 });
+  const ip = getClientIP(req, server);
+  if (!isTmuxAllowedIP(ip)) return Response.json({ ok: false, error: "tmux access denied from this ip" }, { status: 403 });
+  return requireAdminAuth(req);
+}
 // Extract user + network + token-binding identity from request token.
 function resolveRequestAuth(req: Request): { userId: string; networkId: string | null; username: string; tokenName: string | null } | null {
-  const header = req.headers.get("Authorization")?.replace("Bearer ", "");
-  const url = new URL(req.url);
-  const token = header || url.searchParams.get("token") || "";
+  const token = requestToken(req);
   if (!token) return null;
   const resolved = resolveToken(token);
   if (!resolved) return null;
@@ -243,17 +295,16 @@ Bun.serve({
     // ── WebSocket: tmux terminal ──
     const wsMatch = url.pathname.match(/^\/ws\/tmux\/([a-zA-Z0-9_-]+)$/);
     if (wsMatch) {
-      const authErr = requireAuth(req);
-      if (authErr) return withCors(req, authErr);
-      if (server.upgrade(req, { data: { tmuxName: wsMatch[1] } })) return;
+      const tmuxErr = requireTmuxAccess(req, server);
+      if (tmuxErr) return withCors(req, tmuxErr);
+      if (server.upgrade(req, { data: { tmuxName: wsMatch[1] } } as any)) return;
     }
     // ── MCP Streamable HTTP endpoint ──
     if (url.pathname === "/mcp") {
       const authErr = requireAuth(req);
       if (authErr) return withCors(req, authErr);
-      const fwd = req.headers.get("x-forwarded-for");
-      const clientIP = fwd ? fwd.split(",")[0].trim() : (req.headers.get("x-real-ip") ?? "unknown");
+      const clientIP = getClientIP(req, server);
       // V3: resolve token → enforce network_id in all MCP tools.
       // utok_ (user token, not network-bound) is allowed — the tool layer
       // scopes to the user's accessible networks. Without this Dashboard
@@ -268,11 +319,11 @@ Bun.serve({
       const transport = new WebStandardStreamableHTTPServerTransport({
         sessionIdGenerator: undefined,
       });
-      const server = createServer(clientIP, enforceNetId, authCtx?.userId || null, callerAlias);
-      await server.connect(transport);
+      const mcpServer = createServer(clientIP, enforceNetId, authCtx?.userId || null, callerAlias);
+      await mcpServer.connect(transport);
       const response = await transport.handleRequest(req);
       // Disconnect after response to prevent McpServer leak
-      setImmediate(() => server.close().catch(() => {}));
+      setImmediate(() => mcpServer.close().catch(() => {}));
       return response;
     }
@@ -283,7 +334,31 @@ Bun.serve({
       const authErr = requireAuth(req);
       if (authErr) return authErr;
       const sessionName = decodeURIComponent(eventsMatch[1]);
-      return createSSEStream(sessionName);
+      const authCtx = resolveRequestAuth(req);
+      const scopedNetId = authCtx?.networkId || url.searchParams.get("network_id");
+      if (!authCtx && isLegacyAuthToken(req)) {
+        if (scopedNetId) {
+          const session = db.get<any>(
+            "SELECT 1 FROM sessions WHERE alias = ?1 AND network_id = ?2",
+            sessionName, scopedNetId
+          );
+          if (!session) return withCors(req, Response.json({ ok: false, error: "session not in requested network" }, { status: 403 }));
+        }
+        return createSSEStream(sessionName, scopedNetId);
+      }
+      if (!authCtx || !scopedNetId) {
+        return withCors(req, Response.json({ ok: false, error: "network-scoped token required for SSE" }, { status: 403 }));
+      }
+      const role = getUserNetworkRole(authCtx.userId, scopedNetId);
+      if (!role) return withCors(req, Response.json({ ok: false, error: "not a member of this network" }, { status: 403 }));
+      const session = db.get<any>(
+        "SELECT 1 FROM sessions WHERE alias = ?1 AND network_id = ?2",
+        sessionName, scopedNetId
+      );
+      if (!session && authCtx.networkId !== scopedNetId) {
+        return withCors(req, Response.json({ ok: false, error: "session not in requested network" }, { status: 403 }));
+      }
+      return createSSEStream(sessionName, scopedNetId);
     }
     // ── V3: License endpoints ──
@@ -343,14 +418,14 @@ Bun.serve({
     if (url.pathname === "/api/auth/login" && req.method === "POST") {
       const clientIP = req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || "unknown";
       if (!checkRateLimit(clientIP, 10)) {
-        logAudit(null, null, "login_rate_limited", "auth", null, clientIP);
+        logAudit(null, null, "login_rate_limited", "auth", undefined, clientIP);
         return withCors(req, Response.json({ ok: false, error: "too many attempts, try again later" }, { status: 429 }));
       }
       try {
         const body = await req.json() as any;
         const result = login(body.username, body.password);
         if (result.ok) logAudit(result.user!.user_id, body.username, "login", "user", result.user!.user_id);
-        else logAudit(null, body.username, "login_failed", "user", null, "invalid credentials");
+        else logAudit(null, body.username, "login_failed", "user", undefined, "invalid credentials");
         return withCors(req, Response.json(result, { status: result.ok ? 200 : 401 }));
       } catch (e: any) {
         return withCors(req, Response.json({ ok: false, error: e.message }, { status: 400 }));
@@ -631,7 +706,9 @@ Bun.serve({
         sessions_count: count?.cnt ?? 0,
         sse_connections: sse.total,
         sse_sessions: sse.sessions,
-        auth: AUTH_TOKEN ? "enabled" : "disabled",
+        auth: AUTH_TOKEN ? "enabled" : "dev-open",
+        security: AUTH_TOKEN ? "secured" : "dev-open",
+        tmux: TMUX_ENABLED ? "enabled" : "disabled",
         v3_auth: true,
         multi_network: true,
         license: license?.type || "none",
@@ -734,7 +811,7 @@ Bun.serve({
       let sessionSql = "SELECT 1 FROM sessions WHERE alias = ?1";
       if (taskNetId) { sessionSql += " AND network_id = ?2"; sessionParams.push(taskNetId); }
       const targetSession = db.get<any>(sessionSql, ...sessionParams);
-      if (targetSession) pushEvent(body.alias, { type: "new_task", inbox_count: pending?.cnt ?? 1, priority: body.priority, from: fromSession });
+      if (targetSession) pushEvent(body.alias, { type: "new_task", inbox_count: pending?.cnt ?? 1, priority: body.priority, from: fromSession }, taskNetId);
       return withCors(req, Response.json({ ok: true, message_id: id }));
     }
@@ -773,13 +850,17 @@ Bun.serve({
         );
         ids.push(id);
       }
-      pushBroadcast(targets.map(t => t.alias), { type: "broadcast", inbox_count: 1, message: body.message.slice(0, 200) });
+      for (const t of targets) {
+        pushEvent(t.alias, { type: "broadcast", inbox_count: 1 }, t.network_id);
+      }
       return withCors(req, Response.json({ ok: true, recipients: targets.length, message_ids: ids }));
     }
     // ── REST: tmux capture-pane ──
     const tmuxCapture = url.pathname.match(/^\/api\/tmux\/([a-zA-Z0-9_-]+)$/);
     if (tmuxCapture && req.method === "GET") {
+      const tmuxErr = requireTmuxAccess(req, server);
+      if (tmuxErr) return withCors(req, tmuxErr);
       const name = tmuxCapture[1];
       const lines = Number(url.searchParams.get("lines")) || 30;
       try {
@@ -802,6 +883,8 @@ Bun.serve({
     // ── REST: tmux send-keys ──
     const tmuxSend = url.pathname.match(/^\/api\/tmux\/([a-zA-Z0-9_-]+)\/send$/);
     if (tmuxSend && req.method === "POST") {
+      const tmuxErr = requireTmuxAccess(req, server);
+      if (tmuxErr) return withCors(req, tmuxErr);
       const name = tmuxSend[1];
       let body: { text?: string; enter?: boolean };
       try { body = await req.json(); } catch {
@@ -988,14 +1071,14 @@ Endpoints:
   POST /mcp               - MCP Streamable HTTP (for Claude Code / Codex)
   GET  /events/:session   - SSE realtime push (Agent subscribes here)
   GET  /health            - Health check
-  GET  /api/status        - All sessions ${AUTH_TOKEN ? "(auth required)" : ""}
-  POST /api/task          - Send task via REST ${AUTH_TOKEN ? "(auth required)" : ""}
-  GET  /api/tasks         - Tasks table (V2) ${AUTH_TOKEN ? "(auth required)" : ""}
-  GET  /api/completions   - Recent completions ${AUTH_TOKEN ? "(auth required)" : ""}
-  GET  /api/tmux/:name    - Capture tmux pane output ${AUTH_TOKEN ? "(auth required)" : ""}
-  POST /api/tmux/:name/send - Send keys to tmux ${AUTH_TOKEN ? "(auth required)" : ""}
-Auth: ${AUTH_TOKEN ? "Bearer token enabled (set COMMHUB_AUTH_TOKEN)" : "disabled (set COMMHUB_AUTH_TOKEN to enable)"}
+  GET  /api/status        - All sessions (auth required)
+  POST /api/task          - Send task via REST (auth required)
+  GET  /api/tasks         - Tasks table (V2) (auth required)
+  GET  /api/completions   - Recent completions (auth required)
+  GET  /api/tmux/:name    - Capture tmux pane output (${TMUX_ENABLED ? "admin + localhost/allowlist required" : "disabled"})
+  POST /api/tmux/:name/send - Send keys to tmux (${TMUX_ENABLED ? "admin + localhost/allowlist required" : "disabled"})
+Security: ${SECURITY_LABEL}
 `,
       { status: 200, headers: { "Content-Type": "text/plain" } }
     ));
@@ -1004,7 +1087,7 @@ Auth: ${AUTH_TOKEN ? "Bearer token enabled (set COMMHUB_AUTH_TOKEN)" : "disabled
   // ── WebSocket handler for tmux terminal streaming ──
   websocket: {
     open(ws) {
-      const { tmuxName } = ws.data as { tmuxName: string };
+      const { tmuxName } = ws.data as unknown as { tmuxName: string };
       console.log(`[ws] tmux terminal opened: ${tmuxName}`);
       let lastOutput = "";
@@ -1049,7 +1132,7 @@ Auth: ${AUTH_TOKEN ? "Bearer token enabled (set COMMHUB_AUTH_TOKEN)" : "disabled
     },
     async message(ws, message) {
-      const { tmuxName } = ws.data as { tmuxName: string };
+      const { tmuxName } = ws.data as unknown as { tmuxName: string };
       try {
         const msg = JSON.parse(typeof message === "string" ? message : new TextDecoder().decode(message));
@@ -1075,7 +1158,7 @@ Auth: ${AUTH_TOKEN ? "Bearer token enabled (set COMMHUB_AUTH_TOKEN)" : "disabled
     },
     close(ws) {
-      const { tmuxName } = ws.data as { tmuxName: string };
+      const { tmuxName } = ws.data as unknown as { tmuxName: string };
       console.log(`[ws] tmux terminal closed: ${tmuxName}`);
       const interval = wsTmuxIntervals.get(ws);
       if (interval) { clearInterval(interval); wsTmuxIntervals.delete(ws); }
@@ -1096,7 +1179,8 @@ console.log(`
 ╔══════════════════════════════════════════════════╗
 ║   CommHub MCP Server v${SERVER_VERSION}                     ║
 ║   Transport: Streamable HTTP (Bun native)         ║
-║   Auth: ${AUTH_TOKEN ? "ENABLED (Bearer token)" : "DISABLED (set COMMHUB_AUTH_TOKEN)"}${"".padEnd(AUTH_TOKEN ? 5 : 0)}║
+║   Security: ${SECURITY_LABEL}${" ".repeat(Math.max(0, 33 - SECURITY_LABEL.length))}║
+║   Tmux: ${TMUX_ENABLED ? "ENABLED (admin + localhost/allowlist)" : "DISABLED (set COMMHUB_ENABLE_TMUX=1)"}${" ".repeat(Math.max(0, TMUX_ENABLED ? 0 : 2))}║
 ║                                                   ║
 ║   MCP:    http://${HOST}:${PORT}/mcp                 ║
 ║   REST:   http://${HOST}:${PORT}/api                 ║

package/src/push.ts CHANGED Viewed

@@ -15,23 +15,24 @@ function ts(): string {
 }
 /** 创建 SSE Response 并注册到 clients map */
-export function createSSEStream(sessionName: string): Response {
+export function createSSEStream(sessionName: string, networkId?: string | null): Response {
   const encoder = new TextEncoder();
   let ctrl: ReadableStreamDefaultController;
+  const key = clientKey(sessionName, networkId);
   const stream = new ReadableStream({
     start(controller) {
       ctrl = controller;
       const client: SSEClient = { controller, encoder };
-      if (!clients.has(sessionName)) {
-        clients.set(sessionName, []);
+      if (!clients.has(key)) {
+        clients.set(key, []);
       }
-      clients.get(sessionName)!.push(client);
-      console.log(`[${ts()}] SSE ← ${sessionName} connected (${clients.get(sessionName)!.length} clients)`);
+      clients.get(key)!.push(client);
+      console.log(`[${ts()}] SSE ← ${key} connected (${clients.get(key)!.length} clients)`);
       // 发送初始心跳
-      controller.enqueue(encoder.encode(`data: ${JSON.stringify({ type: "connected", session: sessionName })}\n\n`));
+      controller.enqueue(encoder.encode(`data: ${JSON.stringify({ type: "connected", session: sessionName, network_id: networkId ?? null })}\n\n`));
       // Periodic keepalive every 30s to prevent proxy/LB idle timeout
       const keepalive = setInterval(() => {
@@ -45,15 +46,15 @@ export function createSSEStream(sessionName: string): Response {
     },
     cancel() {
       // 断线清理
-      const arr = clients.get(sessionName);
+      const arr = clients.get(key);
       if (arr) {
         const idx = arr.findIndex(c => c.controller === ctrl);
         if (idx !== -1) {
           clearInterval((arr[idx] as any)._keepalive);
           arr.splice(idx, 1);
         }
-        if (arr.length === 0) clients.delete(sessionName);
-        console.log(`[${ts()}] SSE ✕ ${sessionName} disconnected (${arr.length} remaining)`);
+        if (arr.length === 0) clients.delete(key);
+        console.log(`[${ts()}] SSE ✕ ${key} disconnected (${arr.length} remaining)`);
       }
     },
   });
@@ -67,9 +68,13 @@ export function createSSEStream(sessionName: string): Response {
   });
 }
+function clientKey(sessionName: string, networkId?: string | null): string {
+  return `${networkId || "global"}:${sessionName}`;
+}
 /** 推送事件给指定 session 的所有 SSE 连接 */
-export function pushEvent(sessionName: string, event: Record<string, unknown>): void {
-  const arr = clients.get(sessionName);
+export function pushEvent(sessionName: string, event: Record<string, unknown>, networkId?: string | null): void {
+  const arr = clients.get(clientKey(sessionName, networkId ?? (event.network_id as string | null | undefined)));
   if (!arr || arr.length === 0) return;
   const data = `data: ${JSON.stringify(event)}\n\n`;
@@ -87,14 +92,7 @@ export function pushEvent(sessionName: string, event: Record<string, unknown>):
   for (let i = dead.length - 1; i >= 0; i--) {
     arr.splice(dead[i], 1);
   }
-  if (arr.length === 0) clients.delete(sessionName);
-}
-/** 广播给多个 session */
-export function pushBroadcast(sessionNames: string[], event: Record<string, unknown>): void {
-  for (const name of sessionNames) {
-    pushEvent(name, event);
-  }
+  if (arr.length === 0) clients.delete(clientKey(sessionName, networkId ?? (event.network_id as string | null | undefined)));
 }
 /** 获取当前 SSE 连接统计 */

package/src/tools.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { z } from "zod/v4";
 import { db, uuidv4, logTaskEvent, chainReplyToParent } from "./db.js";
-import { pushEvent, pushBroadcast } from "./push.js";
+import { pushEvent } from "./push.js";
 import { getUserNetworkRole } from "./auth.js";
 function ts(): string {
@@ -36,6 +36,44 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     return sql;
   };
+  type ReadScope = { networkId?: string | null; networkIds?: string[] | null; denied?: string };
+  const getReadableNetworkIds = (): string[] => {
+    if (!enforceUserId) return [];
+    return db.all<{ network_id: string }>(
+      "SELECT network_id FROM network_members WHERE user_id = ?1",
+      enforceUserId
+    ).map((row) => row.network_id);
+  };
+  const resolveReadScope = (clientNetId?: string | null): ReadScope => {
+    if (!enforceUserId) return { networkId: clientNetId ?? null, networkIds: null };
+    if (enforceNetworkId) {
+      const role = getUserNetworkRole(enforceUserId, enforceNetworkId);
+      return role ? { networkId: enforceNetworkId, networkIds: null } : { denied: "not a member of token network" };
+    }
+    if (clientNetId) {
+      const role = getUserNetworkRole(enforceUserId, clientNetId);
+      return role ? { networkId: clientNetId, networkIds: null } : { denied: "access denied to requested network" };
+    }
+    return { networkId: null, networkIds: getReadableNetworkIds() };
+  };
+  const addReadScope = (sql: string, params: any[], scope: ReadScope, column = "network_id"): string => {
+    if (scope.networkId) {
+      sql += ` AND ${column} = ?${params.length + 1}`;
+      params.push(scope.networkId);
+      return sql;
+    }
+    if (scope.networkIds) {
+      if (scope.networkIds.length === 0) return `${sql} AND 1=0`;
+      const placeholders = scope.networkIds.map((_, i) => `?${params.length + i + 1}`).join(", ");
+      sql += ` AND ${column} IN (${placeholders})`;
+      params.push(...scope.networkIds);
+    }
+    return sql;
+  };
   const scopedSessionStatus = (alias: string, networkId?: string | null) => {
     const params: any[] = [alias];
     let sql = "SELECT status FROM sessions WHERE alias = ?1";
@@ -74,6 +112,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     },
     async ({ resume_id, alias, status, task, output, score, progress, server: srv, hostname: hn, agent: ag, project_dir: pd, version: ver, tmux_name: tmux, node_id, session_id, config_path, channels, model: mdl, node_name: nn, network_id: netId }) => {
       const effectiveNetId = getNetworkId(netId);
+      const sessionNetId = effectiveNetId ?? "default";
       if (!canWrite(effectiveNetId)) {
         return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
       }
@@ -82,11 +121,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       db.transaction(() => {
         // Only delete same-alias sessions within the same network
-        if (effectiveNetId) {
-          db.run("DELETE FROM sessions WHERE alias = ?1 AND resume_id != ?2 AND network_id = ?3", [alias, resume_id, effectiveNetId]);
-        } else {
-          db.run("DELETE FROM sessions WHERE alias = ?1 AND resume_id != ?2", [alias, resume_id]);
-        }
+        db.run("DELETE FROM sessions WHERE alias = ?1 AND resume_id != ?2 AND network_id = ?3", [alias, resume_id, sessionNetId]);
         db.run(
           `INSERT INTO sessions (resume_id, alias, tmux_name, server, ip, hostname, agent, project_dir, version, status, task, output, progress, score, node_id, session_id, config_path, channels, network_id, last_seen_at, updated_at)
            VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13, ?14, ?15, ?16, ?17, ?18, ?19, datetime('now'), datetime('now'))
@@ -101,7 +136,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
              session_id = COALESCE(?16, sessions.session_id), config_path = COALESCE(?17, sessions.config_path),
              channels = COALESCE(?18, sessions.channels), network_id = COALESCE(?19, sessions.network_id),
              last_seen_at = datetime('now'), updated_at = datetime('now')`,
-          [resume_id, alias, tmux ?? null, srv ?? null, clientIP ?? null, hn ?? null, ag ?? null, pd ?? null, ver ?? null, status, task ?? null, trimmedOutput ?? null, progress ?? null, score ?? null, node_id ?? null, session_id ?? null, config_path ?? null, channels ?? null, effectiveNetId ?? null]
+          [resume_id, alias, tmux ?? null, srv ?? null, clientIP ?? null, hn ?? null, ag ?? null, pd ?? null, ver ?? null, status, task ?? null, trimmedOutput ?? null, progress ?? null, score ?? null, node_id ?? null, session_id ?? null, config_path ?? null, channels ?? null, sessionNetId]
         );
       });
@@ -244,7 +279,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
               [parentChain.parent_task_id]
             );
             if (parent?.from_name && parent.from_name !== "hub" && parent.from_name !== "api") {
-              pushEvent(parent.from_name, { type: "chained_reply", parent_task_id: parent.task_id, child_task_id: updatedTaskId, child_alias: alias });
+              pushEvent(parent.from_name, { type: "chained_reply", parent_task_id: parent.task_id, child_task_id: updatedTaskId, child_alias: alias }, effectiveNetId);
             }
           }
         } catch (e: any) {
@@ -266,16 +301,17 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       limit: z.number().min(1).max(100).optional().default(10),
     },
     async ({ alias, limit }) => {
-      const effectiveNetId = getNetworkId(null);
+      const readScope = resolveReadScope(null);
+      if (readScope.denied) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: readScope.denied }) }] };
       const countParams: any[] = [alias];
       let countSql = "SELECT COUNT(*) as cnt FROM inbox WHERE session_name = ?1 AND acked = 0";
-      countSql = addScope(countSql, countParams, effectiveNetId);
+      countSql = addReadScope(countSql, countParams, readScope);
       const rows0 = db.get<{ cnt: number }>(countSql, ...countParams);
       console.log(`[${ts()}] ${alias} → get_inbox: ${rows0?.cnt ?? 0} pending messages`);
       const rowsParams: any[] = [alias];
       let rowsSql = `SELECT id, type, priority, content, context, from_session, created_at, network_id
          FROM inbox WHERE session_name = ?1 AND acked = 0`;
-      rowsSql = addScope(rowsSql, rowsParams, effectiveNetId);
+      rowsSql = addReadScope(rowsSql, rowsParams, readScope);
       rowsSql += ` ORDER BY CASE priority WHEN 'high' THEN 0 WHEN 'normal' THEN 1 ELSE 2 END, created_at
          LIMIT ?${rowsParams.length + 1}`;
       rowsParams.push(limit);
@@ -335,19 +371,20 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       network_id: z.string().max(200).optional().describe("Filter by network"),
     },
     async ({ filter_status, filter_server, network_id: netId }) => {
-      const effectiveNetId = getNetworkId(netId);
-      console.log(`[${ts()}] hub → get_all_status${filter_status ? ": filter=" + filter_status : ""}${effectiveNetId ? " net=" + effectiveNetId.slice(0, 12) : ""}`);
+      const readScope = resolveReadScope(netId);
+      if (readScope.denied) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: readScope.denied }) }] };
+      console.log(`[${ts()}] hub → get_all_status${filter_status ? ": filter=" + filter_status : ""}${readScope.networkId ? " net=" + readScope.networkId.slice(0, 12) : ""}`);
       const sessions = db.transaction(() => {
         const cutoff = new Date(Date.now() - 10 * 60 * 1000).toISOString().replace("T", " ").slice(0, 19);
         const staleParams: any[] = [cutoff];
         let staleSql = "UPDATE sessions SET status = 'offline' WHERE updated_at < ?1 AND status != 'offline'";
-        staleSql = addScope(staleSql, staleParams, effectiveNetId);
+        staleSql = addReadScope(staleSql, staleParams, readScope);
         db.run(staleSql, staleParams);
         let sql = "SELECT * FROM sessions WHERE 1=1";
         const params: any[] = [];
-        if (effectiveNetId) { sql += " AND network_id = ?"; params.push(effectiveNetId); }
+        sql = addReadScope(sql, params, readScope);
         if (filter_status) { sql += " AND status = ?"; params.push(filter_status); }
         if (filter_server) { sql += " AND server = ?"; params.push(filter_server); }
         sql += " ORDER BY updated_at DESC";
@@ -356,7 +393,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       const summaryParams: any[] = [];
       let summarySql = "SELECT status, COUNT(*) as count FROM sessions WHERE 1=1";
-      summarySql = addScope(summarySql, summaryParams, effectiveNetId);
+      summarySql = addReadScope(summarySql, summaryParams, readScope);
       summarySql += " GROUP BY status";
       const summary = db.all(summarySql, ...summaryParams);
@@ -376,21 +413,22 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     "Get detailed status of a specific session by alias.",
     { alias: z.string().min(1).max(200).describe("Session alias") },
     async ({ alias }) => {
-      const effectiveNetId = getNetworkId(null);
+      const readScope = resolveReadScope(null);
+      if (readScope.denied) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: readScope.denied }) }] };
       console.log(`[${ts()}] hub → get_session_status: ${alias}`);
       const sessionParams: any[] = [alias];
       let sessionSql = "SELECT * FROM sessions WHERE alias = ?1";
-      sessionSql = addScope(sessionSql, sessionParams, effectiveNetId);
+      sessionSql = addReadScope(sessionSql, sessionParams, readScope);
       const session = db.get(sessionSql, ...sessionParams);
       const pendingParams: any[] = [alias];
       let pendingSql = "SELECT COUNT(*) as cnt FROM inbox WHERE session_name = ?1 AND acked = 0";
-      pendingSql = addScope(pendingSql, pendingParams, effectiveNetId);
+      pendingSql = addReadScope(pendingSql, pendingParams, readScope);
       const pending = db.get<{ cnt: number }>(pendingSql, ...pendingParams);
       const recentParams: any[] = [alias];
       let recentSql = "SELECT * FROM completions WHERE session_name = ?1";
-      recentSql = addScope(recentSql, recentParams, effectiveNetId);
+      recentSql = addReadScope(recentSql, recentParams, readScope);
       recentSql += " ORDER BY completed_at DESC LIMIT 5";
       const recent = db.all(recentSql, ...recentParams);
@@ -488,7 +526,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       let pendingSql = "SELECT COUNT(*) as cnt FROM inbox WHERE session_name = ?1 AND acked = 0";
       pendingSql = addScope(pendingSql, pendingParams, effectiveNetId);
       const pending = db.get<{ cnt: number }>(pendingSql, ...pendingParams);
-      pushEvent(alias, { type: "new_task", inbox_count: pending?.cnt ?? 1, priority, from: from_session });
+      pushEvent(alias, { type: "new_task", inbox_count: pending?.cnt ?? 1, priority, from: from_session }, effectiveNetId);
       return {
         content: [
@@ -526,7 +564,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       const session = scopedSessionStatus(alias, effectiveNetId);
-      pushEvent(alias, { type: "new_message", message, from: from_session, message_id: id });
+      pushEvent(alias, { type: "new_message", from: from_session, message_id: id }, effectiveNetId);
       return {
         content: [
@@ -601,7 +639,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
               [parentChain.parent_task_id]
             );
             if (parent?.from_name && parent.from_name !== "hub" && parent.from_name !== "api") {
-              pushEvent(parent.from_name, { type: "chained_reply", parent_task_id: parent.task_id, child_task_id: in_reply_to, child_alias: alias });
+              pushEvent(parent.from_name, { type: "chained_reply", parent_task_id: parent.task_id, child_task_id: in_reply_to, child_alias: alias }, effectiveNetId);
             }
           }
         } catch (e: any) {
@@ -610,7 +648,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       }
       const session = scopedSessionStatus(alias, effectiveNetId);
-      pushEvent(alias, { type: "new_reply", from: from_session, message_id: id, in_reply_to, status: replyStatus });
+      pushEvent(alias, { type: "new_reply", from: from_session, message_id: id, in_reply_to, status: replyStatus }, effectiveNetId);
       return {
         content: [{
@@ -687,7 +725,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       });
       logTaskEvent(task_id, task.status, "delivered", from_session, "retry");
       // SSE push (unconditional — channel is keyed by alias, not network)
-      pushEvent(task.to_name, { type: "new_task", inbox_count: 1, priority: task.priority, from: from_session });
+      pushEvent(task.to_name, { type: "new_task", inbox_count: 1, priority: task.priority, from: from_session }, effectiveNetId ?? task.network_id ?? null);
       return {
         content: [{ type: "text" as const, text: JSON.stringify({ ok: true, task_id, retried_to: task.to_name }) }],
       };
@@ -702,10 +740,11 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       task_id: z.string().min(1).max(200).describe("Task ID to query"),
     },
     async ({ task_id }) => {
-      const effectiveNetId = getNetworkId(null);
+      const readScope = resolveReadScope(null);
+      if (readScope.denied) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: readScope.denied }) }] };
       const params: any[] = [task_id];
       let sql = "SELECT * FROM tasks WHERE task_id = ?1";
-      sql = addScope(sql, params, effectiveNetId);
+      sql = addReadScope(sql, params, readScope);
       const task = db.get<any>(sql, ...params);
       return {
         content: [{
@@ -728,10 +767,11 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       limit: z.number().min(1).max(100).optional().default(20),
     },
     async ({ alias, status, from_name, network_id: netId, limit }) => {
-      const effectiveNetId = getNetworkId(netId);
+      const readScope = resolveReadScope(netId);
+      if (readScope.denied) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: readScope.denied }) }] };
       let sql = "SELECT task_id, from_name, to_name, priority, status, content, result, created_at, completed_at FROM tasks WHERE 1=1";
       const params: any[] = [];
-      if (effectiveNetId) { sql += ` AND network_id = ?${params.length + 1}`; params.push(effectiveNetId); }
+      sql = addReadScope(sql, params, readScope);
       if (alias) { sql += ` AND to_name = ?${params.length + 1}`; params.push(alias); }
       if (status) { sql += ` AND status = ?${params.length + 1}`; params.push(status); }
       if (from_name) { sql += ` AND from_name = ?${params.length + 1}`; params.push(from_name); }
@@ -742,7 +782,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       // Stats
       const statsParams: any[] = [];
       let statsSql = "SELECT status, COUNT(*) as count FROM tasks WHERE 1=1";
-      statsSql = addScope(statsSql, statsParams, effectiveNetId);
+      statsSql = addReadScope(statsSql, statsParams, readScope);
       statsSql += " GROUP BY status";
       const stats = db.all(statsSql, ...statsParams);
@@ -826,7 +866,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
           [newInboxId, new_alias, task.priority, task.content, from_session, effectiveNetId ?? task.network_id ?? null]);
       });
       logTaskEvent(task_id, task.status, "delivered", from_session, `reassign: ${oldAlias} → ${new_alias}`);
-      pushEvent(new_alias, { type: "new_task", inbox_count: 1, priority: task.priority, from: from_session });
+      pushEvent(new_alias, { type: "new_task", inbox_count: 1, priority: task.priority, from: from_session }, effectiveNetId ?? task.network_id ?? null);
       return { content: [{ type: "text" as const, text: JSON.stringify({ ok: true, task_id, reassigned_from: oldAlias, reassigned_to: new_alias }) }] };
     }
   );
@@ -863,7 +903,9 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
         ids.push(id);
       }
-      pushBroadcast(targets.map(t => t.alias), { type: "broadcast", inbox_count: 1, message: message.slice(0, 200) });
+      for (const t of targets) {
+        pushEvent(t.alias, { type: "broadcast", inbox_count: 1 }, effectiveNetId ?? t.network_id ?? null);
+      }
       return {
         content: [
@@ -886,12 +928,13 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       limit: z.number().min(1).max(500).optional().default(50),
     },
     async ({ since, alias, network_id: netId, limit }) => {
-      const effectiveNetId = getNetworkId(netId);
+      const readScope = resolveReadScope(netId);
+      if (readScope.denied) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: readScope.denied }) }] };
       console.log(`[${ts()}] hub → get_completions${alias ? ": " + alias : ""}`);
       const cutoff = since ?? new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString();
       let sql = "SELECT * FROM completions WHERE completed_at >= ?1";
       const params: any[] = [cutoff];
-      sql = addScope(sql, params, effectiveNetId);
+      sql = addReadScope(sql, params, readScope);
       if (alias) {
         sql += ` AND session_name = ?${params.length + 1}`;