@sym-bot/mesh-channel 0.1.18 → 0.1.20

package/README.md

@@ -1,137 +1,183 @@
-# sym-mesh-channel
-
-[![npm](https://img.shields.io/npm/v/@sym-bot/mesh-channel)](https://www.npmjs.com/package/@sym-bot/mesh-channel)
-[![MMP Spec](https://img.shields.io/badge/protocol-MMP_v0.2.2-purple)](https://sym.bot/spec/mmp)
-[![arXiv](https://img.shields.io/badge/arXiv-2604.03955-b31b1b.svg)](https://arxiv.org/abs/2604.03955)
-[![License](https://img.shields.io/badge/license-Apache%202.0-blue)](LICENSE)
-[![Node](https://img.shields.io/badge/node-%3E%3D18-green)](https://nodejs.org)
-
-> MCP server that turns Claude Code into a peer node on the [SYM mesh](https://sym.bot) — the first non-Anthropic implementation of Claude Code Channels for real-time agent-to-agent cognition.
-
-Two Claude Code sessions on different machines discover each other via Bonjour mDNS, form a peer-to-peer mesh, and exchange structured cognitive signals in real-time. Each side is a full peer with its own cryptographic identity, its own [SVAF](https://arxiv.org/abs/2604.03955) receiver-side gating, and its own memory — not a thin client. Signals arrive mid-conversation as `<channel>` notifications. No polling, no shared server, no orchestrator.
-
-**Verified cross-platform:** Mac ↔ Windows on the same wifi, pure Bonjour, no relay, no token. Cross-network via optional WebSocket relay.
-
-- **SVAF paper**: [arxiv.org/abs/2604.03955](https://arxiv.org/abs/2604.03955)
-- **MMP spec**: [sym.bot/spec/mmp](https://sym.bot/spec/mmp)
-
-## What this looks like
-
-A Claude Code session on Mac broadcasts a structured signal: `focus: "echo loop between same-domain agents"`, `intent: "need architecture review before implementation"`. A session on Windows receives it in real-time as a `<channel>` notification — no tool call, it just appears mid-conversation. The Windows Claude reviews, responds with a detailed architecture analysis, and the Mac session sees the response land mid-turn. Two agents coordinated through typed cognitive signals on an open protocol, across machines, with zero human copy-paste.
-
-This isn't hypothetical. This README was coordinated by two Claude Code sessions working through the mesh it describes.
-
-## How real-time push works (Claude Code Channels + MMP)
-
-This MCP server composes two things:
-
-**[Claude Code Channels](https://code.claude.com/docs/en/mcp)** (Anthropic, shipped 2026-03-20) — an MCP capability that lets servers push events directly into Claude's conversation context mid-turn via `notifications/claude/channel`. Anthropic built it for the Telegram/Discord/iMessage integrations. We use it for agent-to-agent cognitive coupling.
-
-**[MMP — the Mesh Memory Protocol](https://sym.bot/spec/mmp)** — defines what gets pushed: typed seven-field cognitive bundles (CAT7: focus, issue, intent, motivation, commitment, perspective, mood), how receivers gate incoming signals ([SVAF](https://arxiv.org/abs/2604.03955)), and how peers maintain identity without a central orchestrator. MMP is the protocol; this MCP server is the reference implementation for Claude Code hosts.
-
-**The composition:** when a peer on the mesh broadcasts a CMB (Cognitive Memory Block), the SymNode inside this MCP evaluates it via SVAF. If accepted, the MCP fires a `notifications/claude/channel` notification to Claude Code, which surfaces it as a `<channel>` block in the conversation. Claude sees it, can react, and can broadcast back via `sym_send` or `sym_observe`. No polling. No tool calls. The mesh thinks together.
-
-## Quick start
-
-```bash
-npm install -g @sym-bot/mesh-channel    # install + auto-configure ~/.claude.json
-claude --dangerously-load-development-channels server:claude-sym-mesh   # launch
-```
-
-Install auto-detects your hostname, creates a unique node identity, and configures the MCP server globally in `~/.claude.json`. If two people are on the same wifi, their sessions discover each other automatically. Verify inside Claude Code:
-
-```
-sym_status   →  Node: claude-yourhostname, Peers: 1
-sym_peers    →  1 peer(s): claude-theirhostname via bonjour
-sym_send "reviewing the auth module — found a race condition"
-```
-
-The other peer sees it arrive **in their Claude Code context as a real-time `<channel>` notification** — no polling, no tool call. It just appears mid-conversation. Their Claude can reason about it, respond, or act on it autonomously.
-
-For cross-network setup (different offices, remote team), see [Cross-network setup](#cross-network-setup-optional) below.
-
-## Requirements
-
-| | macOS | Linux | Windows |
-|---|---|---|---|
-| Node.js ≥ 18 | ✓ | ✓ | ✓ |
-| Claude Code ≥ 2.1.97 (Channels feature) | ✓ | ✓ | ✓ |
-| Bonjour / mDNS for LAN discovery | built-in | install `avahi-daemon` | built-in (Windows 10+) |
-
-The `--dangerously-load-development-channels` flag is required because this MCP server is not yet on Anthropic's public Channels allowlist. The flag opts your local Claude Code into receiving `notifications/claude/channel` from a non-allowlisted MCP server. Without it, the MCP loads but real-time push is silently dropped.
-
-## What you get
-
-Five MCP tools exposed to Claude Code, namespaced under `mcp__claude-sym-mesh__`:
-
-| Tool | What it does |
-|---|---|
-| `sym_send` | Broadcast a free-text message to all mesh peers. Arrives in receivers' contexts as a `<channel>` notification. |
-| `sym_observe` | Share a structured CAT7 observation: focus, issue, intent, motivation, commitment, perspective, mood. SVAF-gated on the receiving side. |
-| `sym_recall` | Search mesh memory for past CMBs. |
-| `sym_peers` | List discovered peers (via bonjour or relay). |
-| `sym_status` | Node identity, relay state, peer count, memory count. |
-
-Real-time push is bidirectional: peer events arrive in Claude's context without any tool call, while the session is mid-turn. This is the "Claude thinks with the mesh" property — not "Claude pokes the mesh occasionally."
-
-## How it works
-
-```
-Claude Code A                                              Claude Code B
-     ↕ (stdio + MCP)                                            ↕
-sym-mesh-channel (SymNode)  ←—  Bonjour mDNS  —→  sym-mesh-channel (SymNode)
-     ↕                          (LAN discovery)                 ↕
-     └────────────  optional WebSocket relay  ────────────────┘
-                    (cross-network, see below)
-```
-
-- **Stdio half**: Claude Code spawns the MCP server as a child process. MCP tool calls flow over stdio.
-- **Push half**: when a CMB arrives at the SymNode (via Bonjour or relay), the MCP server fires a `notifications/claude/channel` notification back over stdio. Claude Code surfaces it as a `<channel>` block in the conversation context.
-- **Identity**: each peer has its own Ed25519 keypair stored at `~/.sym/nodes/<name>/identity.json`. NodeIDs are UUID v7 + Ed25519 signatures, gossiped through the relay's directory and/or via Bonjour TXT records.
-- **SVAF**: incoming CMBs are evaluated by Symbolic-Vector Attention Fusion before they enter cognitive state. Low-relevance CMBs are gated out so the receiver's context doesn't drown.
-
-For the full architecture, see MMP spec sections 4-6.
-
-## Cross-network setup (optional)
-
-LAN-only is enough for two people sitting next to each other. To connect across networks (different offices, coffee shop ↔ home, etc.) you need a relay:
-
-```bash
-# Run your own relay (Render-friendly Dockerfile included)
-git clone https://github.com/sym-bot/sym-relay
-cd sym-relay && npm install && npm start
-# or deploy the Dockerfile to Render / Fly / Railway / etc
-```
-
-Then add the relay env vars to your `claude-sym-mesh` entry in `~/.claude.json`:
-
-```json
-"env": {
-  "SYM_NODE_NAME": "claude-mac",
-  "SYM_RELAY_URL": "wss://your-relay.example.com",
-  "SYM_RELAY_TOKEN": "your-shared-token"
-}
-```
-
-Both peers must use the same relay URL and token to be on the same channel. The relay supports per-token channel isolation so you can run a single relay for multiple groups.
-
-## Troubleshooting
-
-**Peers don't see each other on the same wifi.** Check Bonjour is running:
-- macOS: `dns-sd -B _sym._tcp` (built-in)
-- Linux: `avahi-browse -r _sym._tcp` (needs `avahi-daemon` running)
-- Windows: ensure Bonjour Print Services or iTunes-bundled Bonjour is installed; check Services → Bonjour Service is running
-
-Some corporate networks block mDNS multicast — try a hotspot or home wifi to verify. If LAN is blocked, fall back to a relay.
-
-**`<channel>` notifications never arrive even though peers are connected.** Verify Claude Code was launched with `--dangerously-load-development-channels server:claude-sym-mesh`. Without that exact flag, MCP push notifications are silently dropped.
-
-**`sym_status` says "Peers: 0" but `sym_peers` lists peers.** Snapshot timing — both views read the same `_peers` map at slightly different moments. The peer set is dynamic. If counts disagree consistently, file an issue.
-
-**`sym_status` says "Relay: connected" even though you didn't configure a relay.** Your shell profile (`~/.zshrc`, `~/.bashrc`, etc.) exports `SYM_RELAY_URL`. Claude Code's MCP env block is **additive** — omitting a key doesn't remove it from the child process. Fix: set `SYM_RELAY_URL` and `SYM_RELAY_TOKEN` to `""` (empty string) in the MCP env block to override the shell. The installer (`npx @sym-bot/mesh-channel init`) does this automatically as of v0.1.8.
-
-**Multiple Claude Code sessions on the same machine want to share an identity.** Don't. Each session should have a distinct `SYM_NODE_NAME`. As of `@sym-bot/sym 0.3.70`, the SymNode acquires an exclusive lockfile on its identity (`~/.sym/nodes/<name>/lock.pid`) and refuses to start a second process with the same name. If you see `EIDENTITYLOCK`, find and kill the other process or pick a different name.
-
-## License
-
-Apache 2.0 — SYM.BOT Ltd
+# sym-mesh-channel
+
+[![npm](https://img.shields.io/npm/v/@sym-bot/mesh-channel)](https://www.npmjs.com/package/@sym-bot/mesh-channel)
+[![MMP Spec](https://img.shields.io/badge/protocol-MMP_v0.2.2-purple)](https://sym.bot/spec/mmp)
+[![arXiv](https://img.shields.io/badge/arXiv-2604.03955-b31b1b.svg)](https://arxiv.org/abs/2604.03955)
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue)](LICENSE)
+[![Node](https://img.shields.io/badge/node-%3E%3D18-green)](https://nodejs.org)
+
+> MCP server that turns Claude Code into a peer node on the [SYM mesh](https://sym.bot) — the first non-Anthropic implementation of Claude Code Channels for real-time agent-to-agent cognition.
+
+Two Claude Code sessions on different machines discover each other via Bonjour mDNS, form a peer-to-peer mesh, and exchange structured cognitive signals in real-time. Each side is a full peer with its own cryptographic identity, its own [SVAF](https://arxiv.org/abs/2604.03955) receiver-side gating, and its own memory — not a thin client. Signals arrive mid-conversation as `<channel>` notifications. No polling, no shared server, no orchestrator.
+
+**Verified cross-platform:** Mac ↔ Windows on the same wifi, pure Bonjour, no relay, no token. Cross-network via optional WebSocket relay.
+
+- **SVAF paper**: [arxiv.org/abs/2604.03955](https://arxiv.org/abs/2604.03955)
+- **MMP spec**: [sym.bot/spec/mmp](https://sym.bot/spec/mmp)
+
+## What this looks like
+
+A Claude Code session on Mac broadcasts a structured signal: `focus: "echo loop between same-domain agents"`, `intent: "need architecture review before implementation"`. A session on Windows receives it in real-time as a `<channel>` notification — no tool call, it just appears mid-conversation. The Windows Claude reviews, responds with a detailed architecture analysis, and the Mac session sees the response land mid-turn. Two agents coordinated through typed cognitive signals on an open protocol, across machines, with zero human copy-paste.
+
+This isn't hypothetical. This README was coordinated by two Claude Code sessions working through the mesh it describes.
+
+## How real-time push works (Claude Code Channels + MMP)
+
+This MCP server composes two things:
+
+**[Claude Code Channels](https://code.claude.com/docs/en/mcp)** (Anthropic, shipped 2026-03-20) — an MCP capability that lets servers push events directly into Claude's conversation context mid-turn via `notifications/claude/channel`. Anthropic built it for the Telegram/Discord/iMessage integrations. We use it for agent-to-agent cognitive coupling.
+
+**[MMP — the Mesh Memory Protocol](https://sym.bot/spec/mmp)** — defines what gets pushed: typed seven-field cognitive bundles (CAT7: focus, issue, intent, motivation, commitment, perspective, mood), how receivers gate incoming signals ([SVAF](https://arxiv.org/abs/2604.03955)), and how peers maintain identity without a central orchestrator. MMP is the protocol; this MCP server is the reference implementation for Claude Code hosts.
+
+**The composition:** when a peer on the mesh broadcasts a CMB (Cognitive Memory Block), the SymNode inside this MCP evaluates it via SVAF. If accepted, the MCP fires a `notifications/claude/channel` notification to Claude Code, which surfaces it as a `<channel>` block in the conversation. Claude sees it, can react, and can broadcast back via `sym_send` or `sym_observe`. No polling. No tool calls. The mesh thinks together.
+
+## Quick start
+
+### Via npm (available now)
+
+```bash
+npm install -g @sym-bot/mesh-channel    # install + auto-configure ~/.claude.json
+claude --dangerously-load-development-channels server:claude-sym-mesh   # launch
+```
+
+### Via Claude Code plugin (pending Anthropic approval)
+
+```
+/plugin install sym-mesh-channel
+```
+
+The plugin has been [submitted to the Anthropic Plugin Directory](https://claude.ai/settings/plugins/submit) and is pending review. Once approved, the `--dangerously-load-development-channels` flag is no longer needed.
+
+---
+
+Install auto-detects your hostname, creates a unique node identity (`claude-<hostname>`), and configures the MCP server globally in `~/.claude.json`. To customize your node name, set `SYM_NODE_NAME` before installing. If two people are on the same wifi, their sessions discover each other automatically. Verify inside Claude Code:
+
+```
+sym_status   →  Node: claude-yourhostname, Peers: 1
+sym_peers    →  1 peer(s): claude-theirhostname via bonjour
+sym_send "reviewing the auth module — found a race condition"
+```
+
+The other peer sees it arrive **in their Claude Code context as a real-time `<channel>` notification** — no polling, no tool call. It just appears mid-conversation. Their Claude can reason about it, respond, or act on it autonomously.
+
+For cross-network setup (different offices, remote team), see [Cross-network setup](#cross-network-setup-optional) below.
+
+### Advanced: per-project node identity
+
+By default every Claude Code session on a machine shares one mesh identity (set globally in `~/.claude.json`). If you run several Claude Code sessions in parallel from distinct project directories and want each to appear as its own peer on the mesh — e.g. a "research" session and a "strategy" session on the same laptop — install per-project instead:
+
+```bash
+cd path/to/your/project
+SYM_NODE_NAME=claude-myproject-win sym-mesh-channel init --project
+```
+
+This writes `<project>/.mcp.json` and merges `<project>/.claude/settings.local.json` instead of touching `~/.claude.json`. Claude Code loads project-scoped `.mcp.json` on launch and its entries override the global one when you're running from that directory, so each project gets its own `SYM_NODE_NAME` without stepping on siblings. Rerun from each project root with a distinct `SYM_NODE_NAME` to register each one as a separate peer.
+
+Normal one-machine-one-peer usage does **not** need `--project` — the default global install is correct for most users.
+
+## Requirements
+
+| | macOS | Linux | Windows |
+|---|---|---|---|
+| Node.js ≥ 18 | ✓ | ✓ | ✓ |
+| Claude Code ≥ 2.1.97 (Channels feature) | ✓ | ✓ | ✓ |
+| Bonjour / mDNS for LAN discovery | built-in | install `avahi-daemon` | built-in (Windows 10+) |
+
+The `--dangerously-load-development-channels` flag is required during the review period. Once the plugin is approved on the Anthropic Plugin Directory, this flag is no longer needed — install via `/plugin install` and launch normally.
+
+## What you get
+
+Five MCP tools exposed to Claude Code, namespaced under `mcp__claude-sym-mesh__`:
+
+| Tool | What it does |
+|---|---|
+| `sym_send` | Broadcast a free-text message to all mesh peers. Arrives in receivers' contexts as a `<channel>` notification. |
+| `sym_observe` | Share a structured CAT7 observation: focus, issue, intent, motivation, commitment, perspective, mood. SVAF-gated on the receiving side. |
+| `sym_recall` | Search mesh memory for past CMBs. |
+| `sym_peers` | List discovered peers (via bonjour or relay). |
+| `sym_status` | Node identity, relay state, peer count, memory count. |
+
+Real-time push is bidirectional: peer events arrive in Claude's context without any tool call, while the session is mid-turn. This is the "Claude thinks with the mesh" property — not "Claude pokes the mesh occasionally."
+
+## How it works
+
+```
+Claude Code A                                              Claude Code B
+     ↕ (stdio + MCP)                                            ↕
+sym-mesh-channel (SymNode)  ←—  Bonjour mDNS  —→  sym-mesh-channel (SymNode)
+     ↕                          (LAN discovery)                 ↕
+     └────────────  optional WebSocket relay  ────────────────┘
+                    (cross-network, see below)
+```
+
+- **Stdio half**: Claude Code spawns the MCP server as a child process. MCP tool calls flow over stdio.
+- **Push half**: when a CMB arrives at the SymNode (via Bonjour or relay), the MCP server fires a `notifications/claude/channel` notification back over stdio. Claude Code surfaces it as a `<channel>` block in the conversation context.
+- **Identity**: each peer has its own Ed25519 keypair stored at `~/.sym/nodes/<name>/identity.json`. NodeIDs are UUID v7 + Ed25519 signatures, gossiped through the relay's directory and/or via Bonjour TXT records.
+- **SVAF**: incoming CMBs are evaluated by Symbolic-Vector Attention Fusion before they enter cognitive state. Low-relevance CMBs are gated out so the receiver's context doesn't drown.
+
+For the full architecture, see MMP spec sections 4-6.
+
+## Cross-network setup (optional)
+
+LAN-only is enough for two people sitting next to each other. To connect across networks (different offices, coffee shop ↔ home, etc.) you need a relay:
+
+```bash
+# Run your own relay (Render-friendly Dockerfile included)
+git clone https://github.com/sym-bot/sym-relay
+cd sym-relay && npm install && npm start
+# or deploy the Dockerfile to Render / Fly / Railway / etc
+```
+
+Then add the relay env vars to your `claude-sym-mesh` entry in `~/.claude.json`:
+
+```json
+"env": {
+  "SYM_NODE_NAME": "claude-mac",
+  "SYM_RELAY_URL": "wss://your-relay.example.com",
+  "SYM_RELAY_TOKEN": "your-shared-token"
+}
+```
+
+Both peers must use the same relay URL and token to be on the same channel. The relay supports per-token channel isolation so you can run a single relay for multiple groups.
+
+## Troubleshooting
+
+**Peers don't see each other on the same wifi.** Check Bonjour is running:
+- macOS: `dns-sd -B _sym._tcp` (built-in)
+- Linux: `avahi-browse -r _sym._tcp` (needs `avahi-daemon` running)
+- Windows 10+: mDNS is built-in. If discovery fails, check Windows Firewall allows mDNS (port 5353 UDP).
+
+Some corporate networks block mDNS multicast — try a hotspot or home wifi to verify. If LAN is blocked, fall back to a relay.
+
+**`<channel>` notifications never arrive even though peers are connected.** Verify Claude Code was launched with `--dangerously-load-development-channels server:claude-sym-mesh`. Without that exact flag, MCP push notifications are silently dropped.
+
+**`sym_status` says "Peers: 0" but `sym_peers` lists peers.** Snapshot timing — both views read the same `_peers` map at slightly different moments. The peer set is dynamic. If counts disagree consistently, file an issue.
+
+**`sym_status` says "Relay: connected" even though you didn't configure a relay.** Your shell profile (`~/.zshrc`, `~/.bashrc`, etc.) exports `SYM_RELAY_URL`. Claude Code's MCP env block is **additive** — omitting a key doesn't remove it from the child process. Fix: set `SYM_RELAY_URL` and `SYM_RELAY_TOKEN` to `""` (empty string) in the MCP env block to override the shell. The installer (`npx @sym-bot/mesh-channel init`) does this automatically as of v0.1.8.
+
+**Multiple Claude Code sessions on the same machine want to share an identity.** Don't. Each session should have a distinct `SYM_NODE_NAME`. As of `@sym-bot/sym 0.3.70`, the SymNode acquires an exclusive lockfile on its identity (`~/.sym/nodes/<name>/lock.pid`) and refuses to start a second process with the same name. If you see `EIDENTITYLOCK`, find and kill the other process or pick a different name.
+
+## Security
+
+Defense in depth — three layers, all must pass before a mesh signal reaches Claude's context:
+
+1. **Transport**: Ed25519 peer identity (LAN) + relay token auth (cross-network). Unauthenticated sources cannot reach `pushChannel()`.
+2. **Protocol**: [SVAF](https://arxiv.org/abs/2604.03955) per-field content gating — evaluates each incoming CMB across 7 semantic dimensions and rejects irrelevant signals.
+3. **Application**: text-only context injection, no code execution, no permission relay (`claude/channel/permission` is explicitly not declared).
+
+**Optional peer allowlist**: set `SYM_ALLOWED_PEERS=claude-mac,claude-win` to restrict which authenticated peers can push to Claude's context. When empty (default), all authenticated peers are accepted.
+
+See [SECURITY.md](SECURITY.md) for the full security model.
+
+## References
+
+- [SVAF paper (arXiv:2604.03955)](https://arxiv.org/abs/2604.03955) — Xu, 2026. Symbolic-Vector Attention Fusion for Collective Intelligence.
+- [MMP spec v0.2.2](https://sym.bot/spec/mmp) — Mesh Memory Protocol specification.
+- [sym-swift](https://github.com/sym-bot/sym-swift) — iOS/macOS SDK implementing the same protocol.
+- [sym-relay](https://github.com/sym-bot/sym-relay) — WebSocket relay for cross-network mesh.
+
+**Verified cross-platform:** Mac ↔ Windows on the same wifi (April 2026).
+
+## License
+
+Apache 2.0 — SYM.BOT Ltd

package/SECURITY.md

@@ -0,0 +1,89 @@
+# Security Model
+
+sym-mesh-channel implements defense in depth with three layers. No
+single layer is the sole gate — all three must pass before a mesh
+signal reaches Claude's conversation context.
+
+## Layer 1: Transport Authentication
+
+Only authenticated peers can send signals to this node.
+
+- **LAN (Bonjour)**: peers discover each other via mDNS on the local
+  network. Each peer has an Ed25519 keypair generated at first run
+  and stored at `~/.sym/nodes/<name>/identity.json`. Peer identity is
+  verified via cryptographic handshake (MMP Section 5).
+- **Relay (WebSocket)**: peers authenticate with a shared relay token
+  (`SYM_RELAY_TOKEN`). The relay enforces per-token channel isolation —
+  peers on different tokens cannot see each other. Unauthenticated
+  connections are rejected at the transport level.
+
+No unauthenticated source can reach `pushChannel()`.
+
+## Layer 2: Protocol-Level Content Gating (SVAF)
+
+Every incoming CMB is evaluated by Symbolic-Vector Attention Fusion
+before it enters cognitive state. SVAF computes per-field drift across
+7 semantic dimensions (CAT7: focus, issue, intent, motivation,
+commitment, perspective, mood) and operates in three regimes:
+
+- **Aligned** (drift < threshold): CMB is accepted and stored
+- **Guarded** (drift moderate): only the mood field is delivered (protocol guarantee R5)
+- **Rejected** (drift high): CMB is silently dropped
+
+This is analogous to a content-aware firewall: it doesn't just check
+who sent the signal — it evaluates whether the signal is semantically
+relevant to the receiver's current context. Low-relevance CMBs are
+gated out so Claude's context window doesn't drown.
+
+SVAF field weights are configurable per node (`svafFieldWeights` in
+server.js). The default weights are tuned for engineering-domain
+Claude Code sessions.
+
+## Layer 3: Application-Level Restrictions
+
+- **No code execution**: incoming mesh signals are text-only CMB fields.
+  No mesh peer can trigger Bash commands, file writes, or tool calls
+  on this node.
+- **No permission relay**: the `claude/channel/permission` capability is
+  explicitly NOT declared. Mesh peers cannot approve or deny tool
+  executions on this node.
+- **No arbitrary content injection**: incoming CMBs are formatted as
+  structured `[source] focus (mood)` text before being pushed to
+  Claude's context. Raw JSON is never injected.
+- **Self-echo filtering**: CMBs from this node's own identity are
+  dropped before `pushChannel()` (prevents feedback loops).
+
+## Optional: Peer Allowlist
+
+Set `SYM_ALLOWED_PEERS` (comma-separated node names) to restrict which
+authenticated peers can push to Claude's context. When set, only CMBs
+and messages from listed peers pass the gate. When empty (default), all
+authenticated peers are accepted — SVAF still gates on content relevance.
+
+Example:
+```
+SYM_ALLOWED_PEERS=claude-code-mac,claude-code-win
+```
+
+This is an additional layer, not a replacement for transport auth or
+SVAF. It provides explicit identity-level control for environments
+that require it.
+
+## Token Handling
+
+- `SYM_RELAY_TOKEN`: passed via environment variable, never logged,
+  never included in CMBs or channel notifications. In the plugin
+  manifest, marked `sensitive: true` (stored in system keychain).
+- Ed25519 private key: stored at `~/.sym/nodes/<name>/identity.json`,
+  never transmitted. Only the public key is shared during handshake.
+
+## Identity Collision
+
+If another process is already running with the same node identity,
+the relay returns close code 4004. The server exits cleanly with
+exit code 2 rather than competing for the identity.
+
+## References
+
+- [MMP v0.2.2 Specification](https://sym.bot/spec/mmp) — Sections 5 (Connection), 8 (CAT7), 9 (SVAF)
+- [SVAF Paper](https://arxiv.org/abs/2604.03955) — Xu, 2026