@wipcomputer/wip-ldm-os 0.4.85-alpha.14 → 0.4.85-alpha.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/scripts/test-crc-e2ee-session-route.mjs +7 -0
  3. package/src/hosted-mcp/server.mjs +7 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@wipcomputer/wip-ldm-os",
3
- "version": "0.4.85-alpha.14",
3
+ "version": "0.4.85-alpha.15",
4
4
  "type": "module",
5
5
  "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
6
6
  "engines": {
package/scripts/test-crc-e2ee-session-route.mjs CHANGED
@@ -30,11 +30,18 @@ assertContains("return openCodexWebClientsForKey(codexRelayKey(agentId, routeId)
30
30
  assertContains("const targets = resolveCodexWebClientsForDaemonFrame(identity.agentId, sessionId);", "daemon frames use route resolver");
31
31
  assertContains("for (const target of targets) {", "daemon frames send to every resolved target");
32
32
  assertContains("if (isCodexE2eeEnvelope(envelope) && envelope.session) {", "web e2ee messages are detected");
33
+ assertContains("envelope.route_thread_id = threadId;", "relay injects ticket-bound thread into e2ee hello");
34
+ assertContains("text = JSON.stringify(envelope);", "relay forwards the route-bound e2ee hello");
33
35
  assertContains("registerCodexE2eeSessionRoute(identity.agentId, envelope.session, threadId, ws);", "web e2ee session is registered");
34
36
  assertContains("const clientCount = addCodexWebClient(key, ws);", "new web connections are added without replacing existing clients");
35
37
  assertContains("removeCodexWebClient(key, ws);", "close cleanup removes only the closing socket");
36
38
  assertContains("removeCodexE2eeRoutesForWeb(identity.agentId, threadId, ws);", "close cleanup");
37
39
  assertContains("if (route.webKey === webKey && (!ws || route.ws === ws)) {", "cleanup only removes routes owned by the closing socket");
40
+ assertBefore(
41
+ "envelope.route_thread_id = threadId;",
42
+ "daemonWs.send(text);",
43
+ "web route thread is injected before forwarding to daemon",
44
+ );
38
45
  assertBefore(
39
46
  "registerCodexE2eeSessionRoute(identity.agentId, envelope.session, threadId, ws);",
40
47
  "daemonWs.send(text);",
package/src/hosted-mcp/server.mjs CHANGED
@@ -3129,10 +3129,16 @@ httpServer.on("upgrade", (req, socket, head) => {
3129
3129
  const clientCount = addCodexWebClient(key, ws);
3130
3130
  console.log("codex-relay: web online " + key + " clients=" + clientCount);
3131
3131
  ws.on("message", (data) => {
3132
- const text = data.toString();
3132
+ let text = data.toString();
3133
3133
  let envelope = null;
3134
3134
  try { envelope = JSON.parse(text); } catch {}
3135
3135
  if (isCodexE2eeEnvelope(envelope) && envelope.session) {
3136
+ // The browser cannot be allowed to choose this value. The relay
3137
+ // owns the route because it consumed the ticket for this URL
3138
+ // thread. The daemon uses this metadata to bind the encrypted
3139
+ // session before it decrypts any session.* command.
3140
+ envelope.route_thread_id = threadId;
3141
+ text = JSON.stringify(envelope);
3136
3142
  registerCodexE2eeSessionRoute(identity.agentId, envelope.session, threadId, ws);
3137
3143
  }
3138
3144
  const daemonWs = codexDaemons.get(identity.agentId);