npm - @sym-bot/mesh-channel - Versions diffs - 0.1.18 → 0.1.19 - Mend

@sym-bot/mesh-channel 0.1.18 → 0.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/.claude-plugin/plugin.json +33 -0
package/.mcp.json +14 -0
package/CHANGELOG.md +18 -0
package/SECURITY.md +89 -0
package/package.json +5 -1
package/server.js +22 -0

package/.claude-plugin/plugin.json ADDED Viewed

@@ -0,0 +1,33 @@
+{
+  "name": "sym-mesh-channel",
+  "version": "0.1.19",
+  "description": "Real-time Claude-to-Claude mesh. Peer-to-peer cognitive signals over Bonjour LAN or WebSocket relay.",
+  "author": {
+    "name": "Hongwei Xu",
+    "email": "hongwei@sym.bot",
+    "url": "https://sym.bot"
+  },
+  "homepage": "https://sym.bot/spec/mmp",
+  "repository": "https://github.com/sym-bot/sym-mesh-channel",
+  "license": "Apache-2.0",
+  "keywords": ["mesh", "p2p", "mcp", "channel", "agents", "multi-agent", "bonjour", "cognitive", "svaf", "mmp"],
+  "channels": [
+    {
+      "server": "claude-sym-mesh",
+      "userConfig": {
+        "relay_url": {
+          "description": "SYM relay WebSocket URL for cross-network mesh (leave empty for LAN-only via Bonjour)",
+          "sensitive": false
+        },
+        "relay_token": {
+          "description": "Relay authentication token (leave empty for LAN-only)",
+          "sensitive": true
+        },
+        "allowed_peers": {
+          "description": "Comma-separated peer node names to accept (leave empty to accept all authenticated peers)",
+          "sensitive": false
+        }
+      }
+    }
+  ]
+}

package/.mcp.json ADDED Viewed

@@ -0,0 +1,14 @@
+{
+  "mcpServers": {
+    "claude-sym-mesh": {
+      "command": "node",
+      "args": ["./server.js"],
+      "cwd": "${CLAUDE_PLUGIN_ROOT}",
+      "env": {
+        "SYM_RELAY_URL": "${user_config.relay_url}",
+        "SYM_RELAY_TOKEN": "${user_config.relay_token}",
+        "SYM_ALLOWED_PEERS": "${user_config.allowed_peers}"
+      }
+    }
+  }
+}

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,23 @@
 # Changelog
+## 0.1.19
+### Added
+- **Claude Code plugin manifest** for Anthropic Channels allowlist
+  submission. `.claude-plugin/plugin.json` + `.mcp.json` following the
+  official single-repo pattern (Telegram/Discord). Submitted to
+  Anthropic Plugin Directory 10 Apr 2026.
+- **`SYM_ALLOWED_PEERS`** — optional peer allowlist (defense-in-depth).
+  Comma-separated node names; only listed peers can push to Claude's
+  context. Empty = accept all authenticated peers. SVAF still gates on
+  content relevance regardless.
+- **`SECURITY.md`** — 3-layer defense model documentation (transport
+  auth + SVAF content gate + peer allowlist) for Anthropic review.
+- **17 plugin tests** covering manifest validation, security checks
+  (no permission relay, no code execution, self-echo filtering, peer
+  allowlist), and lifecycle (shutdown handlers, identity collision).
 ## 0.1.18
 ### Changed

package/SECURITY.md ADDED Viewed

@@ -0,0 +1,89 @@
+# Security Model
+sym-mesh-channel implements defense in depth with three layers. No
+single layer is the sole gate — all three must pass before a mesh
+signal reaches Claude's conversation context.
+## Layer 1: Transport Authentication
+Only authenticated peers can send signals to this node.
+- **LAN (Bonjour)**: peers discover each other via mDNS on the local
+  network. Each peer has an Ed25519 keypair generated at first run
+  and stored at `~/.sym/nodes/<name>/identity.json`. Peer identity is
+  verified via cryptographic handshake (MMP Section 5).
+- **Relay (WebSocket)**: peers authenticate with a shared relay token
+  (`SYM_RELAY_TOKEN`). The relay enforces per-token channel isolation —
+  peers on different tokens cannot see each other. Unauthenticated
+  connections are rejected at the transport level.
+No unauthenticated source can reach `pushChannel()`.
+## Layer 2: Protocol-Level Content Gating (SVAF)
+Every incoming CMB is evaluated by Symbolic-Vector Attention Fusion
+before it enters cognitive state. SVAF computes per-field drift across
+7 semantic dimensions (CAT7: focus, issue, intent, motivation,
+commitment, perspective, mood) and operates in three regimes:
+- **Aligned** (drift < threshold): CMB is accepted and stored
+- **Guarded** (drift moderate): only the mood field is delivered (protocol guarantee R5)
+- **Rejected** (drift high): CMB is silently dropped
+This is analogous to a content-aware firewall: it doesn't just check
+who sent the signal — it evaluates whether the signal is semantically
+relevant to the receiver's current context. Low-relevance CMBs are
+gated out so Claude's context window doesn't drown.
+SVAF field weights are configurable per node (`svafFieldWeights` in
+server.js). The default weights are tuned for engineering-domain
+Claude Code sessions.
+## Layer 3: Application-Level Restrictions
+- **No code execution**: incoming mesh signals are text-only CMB fields.
+  No mesh peer can trigger Bash commands, file writes, or tool calls
+  on this node.
+- **No permission relay**: the `claude/channel/permission` capability is
+  explicitly NOT declared. Mesh peers cannot approve or deny tool
+  executions on this node.
+- **No arbitrary content injection**: incoming CMBs are formatted as
+  structured `[source] focus (mood)` text before being pushed to
+  Claude's context. Raw JSON is never injected.
+- **Self-echo filtering**: CMBs from this node's own identity are
+  dropped before `pushChannel()` (prevents feedback loops).
+## Optional: Peer Allowlist
+Set `SYM_ALLOWED_PEERS` (comma-separated node names) to restrict which
+authenticated peers can push to Claude's context. When set, only CMBs
+and messages from listed peers pass the gate. When empty (default), all
+authenticated peers are accepted — SVAF still gates on content relevance.
+Example:
+```
+SYM_ALLOWED_PEERS=claude-code-mac,claude-code-win
+```
+This is an additional layer, not a replacement for transport auth or
+SVAF. It provides explicit identity-level control for environments
+that require it.
+## Token Handling
+- `SYM_RELAY_TOKEN`: passed via environment variable, never logged,
+  never included in CMBs or channel notifications. In the plugin
+  manifest, marked `sensitive: true` (stored in system keychain).
+- Ed25519 private key: stored at `~/.sym/nodes/<name>/identity.json`,
+  never transmitted. Only the public key is shared during handshake.
+## Identity Collision
+If another process is already running with the same node identity,
+the relay returns close code 4004. The server exits cleanly with
+exit code 2 rather than competing for the identity.
+## References
+- [MMP v0.2.2 Specification](https://sym.bot/spec/mmp) — Sections 5 (Connection), 8 (CAT7), 9 (SVAF)
+- [SVAF Paper](https://arxiv.org/abs/2604.03955) — Xu, 2026

package/package.json CHANGED Viewed

@@ -1,17 +1,21 @@
 {
   "name": "@sym-bot/mesh-channel",
-  "version": "0.1.18",
+  "version": "0.1.19",
   "description": "MCP server — real-time agent-to-agent cognition for Claude Code remote teams via the SYM mesh.",
   "main": "server.js",
   "bin": {
     "sym-mesh-channel": "server.js"
   },
   "scripts": {
+    "test": "node test/plugin.test.js",
     "postinstall": "node bin/install.js init --postinstall"
   },
   "files": [
     "server.js",
     "bin/",
+    ".claude-plugin/",
+    ".mcp.json",
+    "SECURITY.md",
     "README.md",
     "CHANGELOG.md",
     "LICENSE"

package/server.js CHANGED Viewed

@@ -228,6 +228,21 @@ mcp.setRequestHandler(CallToolRequestSchema, async (request) => {
   }
 });
+// ── Peer Allowlist (optional, defense-in-depth) ─────────────
+// SYM_ALLOWED_PEERS is a comma-separated list of peer node names.
+// When set, only CMBs and messages from listed peers are pushed to
+// Claude's context. When empty/unset, all authenticated peers are
+// accepted (SVAF still gates on content relevance).
+const ALLOWED_PEERS = (process.env.SYM_ALLOWED_PEERS || '')
+  .split(',')
+  .map(s => s.trim())
+  .filter(Boolean);
+function isPeerAllowed(peerName) {
+  if (ALLOWED_PEERS.length === 0) return true; // no allowlist = accept all
+  return ALLOWED_PEERS.includes(peerName);
+}
 // ── Mesh Events → Channel Notifications ──────────────────────
 function pushChannel(eventType, data) {
@@ -247,12 +262,19 @@ node.on('cmb-accepted', (entry) => {
   if (entry.source === NODE_NAME || entry.cmb?.createdBy === NODE_NAME) return;
   const source = entry.source || entry.cmb?.createdBy || 'unknown';
+  // Peer allowlist gate (defense-in-depth, see SECURITY.md)
+  if (!isPeerAllowed(source)) return;
   const focus = entry.cmb?.fields?.focus?.text || entry.content || '';
   const mood = entry.cmb?.fields?.mood?.text || '';
   pushChannel('cmb', `[${source}] ${focus}${mood && mood !== 'neutral' ? ` (mood: ${mood})` : ''}`);
 });
 node.on('message', (from, content) => {
+  // Peer allowlist gate
+  if (!isPeerAllowed(from)) return;
   pushChannel('message', `[message from ${from}] ${content}`);
 });