npm - let-them-talk - Versions diffs - 3.4.0 → 3.4.1 - Mend

let-them-talk 3.4.0 → 3.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,25 @@
 # Changelog
+## [3.4.1] - 2026-03-15
+### Added
+- **File-level mutex** — in-memory promise queue per file for serializing edit/delete operations
+- **Agent permissions enforcement** — `canSendTo()` checks in `send_message` and `broadcast`, `can_read` filtering in `get_history` and message delivery
+- **Read receipts** — auto-recorded when agents consume messages, visible as agent-initial dots under messages in dashboard
+### Security
+- HTTP 500 responses now return generic error instead of raw `err.message` (prevents filesystem path leaks)
+- `/api/discover` changed from GET to POST (now under CSRF protection)
+- `workspace_read`/`workspace_list` validate agent name parameter with regex
+- `get_history` filters results by agent's `can_read` permissions
+- `read_receipts.json` and `permissions.json` added to both MCP and dashboard reset cleanup
+- Dashboard workspace API regex aligned with server (`[a-zA-Z0-9_-]`)
+### Fixed
+- `toolWaitForReply` missing `markAsRead` calls (read receipts not recorded)
+- `toolBroadcast` bypassing permission checks entirely
+- `toolReset` not cleaning up `permissions.json` and `read_receipts.json`
 ## [3.4.0] - 2026-03-15
 ### Added — Dashboard Features

package/LICENSE CHANGED Viewed

@@ -6,7 +6,7 @@ License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
 Parameters
 Licensor:             Dekelelz
-Licensed Work:        Let Them Talk v3.4.0
+Licensed Work:        Let Them Talk v3.4.1
                       The Licensed Work is (c) 2024-2026 Dekelelz.
 Additional Use Grant: You may make use of the Licensed Work, provided that
                       you may not use the Licensed Work for a Commercial

package/cli.js CHANGED Viewed

@@ -8,7 +8,7 @@ const command = process.argv[2];
 function printUsage() {
   console.log(`
-  Let Them Talk — Agent Bridge v3.4.0
+  Let Them Talk — Agent Bridge v3.4.1
   MCP message broker for inter-agent communication
   Supports: Claude Code, Gemini CLI, Codex CLI

package/dashboard.html CHANGED Viewed

@@ -850,6 +850,27 @@
   .msg-content a:hover { text-decoration: underline; }
+  /* ===== READ RECEIPTS ===== */
+  .read-receipts {
+    display: flex;
+    gap: 2px;
+    margin-top: 4px;
+    align-items: center;
+  }
+  .read-receipt-dot {
+    width: 14px;
+    height: 14px;
+    border-radius: 50%;
+    background: var(--surface-3);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-size: 8px;
+    font-weight: 700;
+    color: var(--text-dim);
+    cursor: default;
+  }
   /* ===== MESSAGE INPUT ===== */
   .msg-input-bar {
     border-top: 1px solid var(--border);
@@ -2821,7 +2842,7 @@
   </div>
 </div>
 <div class="app-footer">
-  <span>Let Them Talk v3.4.0</span>
+  <span>Let Them Talk v3.4.1</span>
 </div>
 <div class="profile-popup" id="profile-popup" onclick="event.stopPropagation()">
   <div class="profile-popup-header">
@@ -3448,6 +3469,7 @@ function renderMessages(messages) {
           '</div>' +
           '<div class="msg-content">' + renderMarkdown(m.content) + '</div>' +
           buildReactionsHtml(m.id) +
+          buildReadReceipts(m.id) +
         '</div></div>';
       lastFrom = m.from;
       lastTo = m.to;
@@ -3469,6 +3491,7 @@ function renderMessages(messages) {
           '<div class="file-meta"><span class="file-icon">&#x1f4c4;</span>' + escapeHtml(fileName) + '<span class="file-size">' + fileSize + '</span></div>' +
           '<div class="msg-content">' + renderMarkdown(m.content) + '</div>' +
           buildReactionsHtml(m.id) +
+          buildReadReceipts(m.id) +
         '</div></div>';
       lastFrom = m.from;
       lastTo = m.to;
@@ -3486,6 +3509,7 @@ function renderMessages(messages) {
           '</div>' +
           '<div class="msg-content">' + renderMarkdown(m.content) + '</div>' +
           buildReactionsHtml(m.id) +
+          buildReadReceipts(m.id) +
         '</div></div>';
       lastFrom = m.from;
       lastTo = m.to;
@@ -3582,6 +3606,33 @@ function onSearch() {
   renderMessages(cachedHistory);
 }
+// ==================== READ RECEIPTS ====================
+var cachedReadReceipts = {};
+function fetchReadReceipts() {
+  var pq = activeProject ? '?project=' + encodeURIComponent(activeProject) : '';
+  fetch('/api/read-receipts' + pq).then(function(r) { return r.json(); }).then(function(data) {
+    cachedReadReceipts = data || {};
+  }).catch(function() {});
+}
+function buildReadReceipts(msgId) {
+  var receipts = cachedReadReceipts[msgId];
+  if (!receipts) return '';
+  var agents = Object.keys(receipts);
+  if (!agents.length) return '';
+  var html = '<div class="read-receipts">';
+  for (var i = 0; i < agents.length; i++) {
+    var agent = agents[i];
+    var time = receipts[agent] ? new Date(receipts[agent]).toLocaleTimeString() : '';
+    var color = getColor(agent);
+    html += '<div class="read-receipt-dot" style="background:' + color + '" title="Read by ' + escapeHtml(agent) + (time ? ' at ' + time : '') + '">' + initial(agent) + '</div>';
+  }
+  html += '</div>';
+  return html;
+}
 // ==================== REACTIONS ====================
 var REACTION_EMOJIS = ['\ud83d\udc4d', '\u2705', '\u2764\ufe0f', '\ud83e\udd14', '\ud83d\udd25'];
@@ -4774,6 +4825,7 @@ function poll() {
     if (activeView === 'workspaces') fetchWorkspaces();
     if (activeView === 'workflows') fetchWorkflows();
     if (activeView === 'stats') fetchStats();
+    fetchReadReceipts();
   }).catch(function(e) {
     console.error('Poll failed:', e);
     document.getElementById('conn-detail').textContent = ' ERR: ' + e.message;
@@ -4918,7 +4970,7 @@ function discoverProjects() {
   resultsEl.style.display = 'block';
   resultsEl.innerHTML = '<div style="font-size:11px;color:var(--text-muted);padding:4px;">Scanning...</div>';
-  fetch('/api/discover').then(function(r) { return r.json(); }).then(function(found) {
+  fetch('/api/discover', { method: 'POST' }).then(function(r) { return r.json(); }).then(function(found) {
     if (!found.length) {
       resultsEl.innerHTML = '<div style="font-size:11px;color:var(--text-muted);padding:4px;">No new projects found (all discovered projects already added)</div>';
       setTimeout(function() { resultsEl.style.display = 'none'; }, 3000);

package/dashboard.js CHANGED Viewed

@@ -5,6 +5,15 @@ const path = require('path');
 const os = require('os');
 const { spawn } = require('child_process');
+// --- File-level mutex for serializing read-then-write operations ---
+const lockMap = new Map();
+function withFileLock(filePath, fn) {
+  const prev = lockMap.get(filePath) || Promise.resolve();
+  const next = prev.then(fn, fn);
+  lockMap.set(filePath, next.then(() => {}, () => {}));
+  return next;
+}
 const PORT = parseInt(process.env.AGENT_BRIDGE_PORT || '3000', 10);
 const LAN_STATE_FILE = path.join(__dirname, '.lan-mode');
 let LAN_MODE = process.env.AGENT_BRIDGE_LAN === 'true' || (fs.existsSync(LAN_STATE_FILE) && fs.readFileSync(LAN_STATE_FILE, 'utf8').trim() === 'true');
@@ -299,7 +308,7 @@ function apiStats(query) {
 function apiReset(query) {
   const projectPath = query.get('project') || null;
   const dataDir = resolveDataDir(projectPath);
-  const fixedFiles = ['messages.jsonl', 'history.jsonl', 'agents.json', 'acks.json', 'tasks.json', 'profiles.json', 'workflows.json', 'branches.json', 'plugins.json'];
+  const fixedFiles = ['messages.jsonl', 'history.jsonl', 'agents.json', 'acks.json', 'tasks.json', 'profiles.json', 'workflows.json', 'branches.json', 'plugins.json', 'read_receipts.json', 'permissions.json'];
   for (const f of fixedFiles) {
     const p = path.join(dataDir, f);
     if (fs.existsSync(p)) fs.unlinkSync(p);
@@ -734,7 +743,7 @@ function apiLaunchAgent(body) {
 }
 // --- v3.4: Message Edit ---
-function apiEditMessage(body, query) {
+async function apiEditMessage(body, query) {
   const projectPath = query.get('project') || null;
   const { id, content } = body;
   if (!id || !content) return { error: 'Missing "id" and/or "content" fields' };
@@ -747,36 +756,17 @@ function apiEditMessage(body, query) {
   let found = false;
   const now = new Date().toISOString();
-  // Update in history.jsonl
-  if (fs.existsSync(historyFile)) {
-    const lines = fs.readFileSync(historyFile, 'utf8').trim().split('\n').filter(Boolean);
-    const updated = lines.map(line => {
-      try {
-        const msg = JSON.parse(line);
-        if (msg.id === id) {
-          found = true;
-          if (!msg.edit_history) msg.edit_history = [];
-          msg.edit_history.push({ content: msg.content, edited_at: now });
-          msg.content = content;
-          msg.edited = true;
-          msg.edited_at = now;
-          return JSON.stringify(msg);
-        }
-        return line;
-      } catch { return line; }
-    });
-    if (found) fs.writeFileSync(historyFile, updated.join('\n') + '\n');
-  }
-  // Also update in messages.jsonl (for agents that haven't consumed yet)
-  if (found && fs.existsSync(messagesFile)) {
-    const raw = fs.readFileSync(messagesFile, 'utf8').trim();
-    if (raw) {
-      const lines = raw.split('\n');
+  // Update in history.jsonl (locked)
+  await withFileLock(historyFile, () => {
+    if (fs.existsSync(historyFile)) {
+      const lines = fs.readFileSync(historyFile, 'utf8').trim().split('\n').filter(Boolean);
       const updated = lines.map(line => {
         try {
           const msg = JSON.parse(line);
           if (msg.id === id) {
+            found = true;
+            if (!msg.edit_history) msg.edit_history = [];
+            msg.edit_history.push({ content: msg.content, edited_at: now });
             msg.content = content;
             msg.edited = true;
             msg.edited_at = now;
@@ -785,8 +775,33 @@ function apiEditMessage(body, query) {
           return line;
         } catch { return line; }
       });
-      fs.writeFileSync(messagesFile, updated.join('\n') + '\n');
+      if (found) fs.writeFileSync(historyFile, updated.join('\n') + '\n');
     }
+  });
+  // Also update in messages.jsonl (locked independently)
+  if (found) {
+    await withFileLock(messagesFile, () => {
+      if (fs.existsSync(messagesFile)) {
+        const raw = fs.readFileSync(messagesFile, 'utf8').trim();
+        if (raw) {
+          const lines = raw.split('\n');
+          const updated = lines.map(line => {
+            try {
+              const msg = JSON.parse(line);
+              if (msg.id === id) {
+                msg.content = content;
+                msg.edited = true;
+                msg.edited_at = now;
+                return JSON.stringify(msg);
+              }
+              return line;
+            } catch { return line; }
+          });
+          fs.writeFileSync(messagesFile, updated.join('\n') + '\n');
+        }
+      }
+    });
   }
   if (!found) return { error: 'Message not found' };
@@ -794,7 +809,7 @@ function apiEditMessage(body, query) {
 }
 // --- v3.4: Message Delete ---
-function apiDeleteMessage(body, query) {
+async function apiDeleteMessage(body, query) {
   const projectPath = query.get('project') || null;
   const { id } = body;
   if (!id) return { error: 'Missing "id" field' };
@@ -806,16 +821,28 @@ function apiDeleteMessage(body, query) {
   let found = false;
   let msgFrom = null;
-  // Find the message first to check permissions
-  if (fs.existsSync(historyFile)) {
-    const lines = fs.readFileSync(historyFile, 'utf8').trim().split('\n');
-    for (const line of lines) {
-      try {
-        const msg = JSON.parse(line);
-        if (msg.id === id) { found = true; msgFrom = msg.from; break; }
-      } catch {}
+  // Find the message and remove from history.jsonl (locked)
+  await withFileLock(historyFile, () => {
+    if (fs.existsSync(historyFile)) {
+      const lines = fs.readFileSync(historyFile, 'utf8').trim().split('\n');
+      for (const line of lines) {
+        try {
+          const msg = JSON.parse(line);
+          if (msg.id === id) { found = true; msgFrom = msg.from; break; }
+        } catch {}
+      }
+      if (found) {
+        const allowed = ['Dashboard', 'dashboard', 'system', '__system__'];
+        if (allowed.includes(msgFrom)) {
+          const filtered = lines.filter(line => {
+            try { return JSON.parse(line).id !== id; } catch { return true; }
+          });
+          fs.writeFileSync(historyFile, filtered.join('\n') + (filtered.length ? '\n' : ''));
+        }
+      }
     }
-  }
+  });
   if (!found) return { error: 'Message not found' };
@@ -825,23 +852,16 @@ function apiDeleteMessage(body, query) {
     return { error: 'Can only delete messages sent from Dashboard or system' };
   }
-  // Remove from history.jsonl
-  if (fs.existsSync(historyFile)) {
-    const lines = fs.readFileSync(historyFile, 'utf8').trim().split('\n');
-    const filtered = lines.filter(line => {
-      try { return JSON.parse(line).id !== id; } catch { return true; }
-    });
-    fs.writeFileSync(historyFile, filtered.join('\n') + (filtered.length ? '\n' : ''));
-  }
-  // Remove from messages.jsonl
-  if (fs.existsSync(messagesFile)) {
-    const lines = fs.readFileSync(messagesFile, 'utf8').trim().split('\n');
-    const filtered = lines.filter(line => {
-      try { return JSON.parse(line).id !== id; } catch { return true; }
-    });
-    fs.writeFileSync(messagesFile, filtered.join('\n') + (filtered.length ? '\n' : ''));
-  }
+  // Remove from messages.jsonl (locked independently)
+  await withFileLock(messagesFile, () => {
+    if (fs.existsSync(messagesFile)) {
+      const lines = fs.readFileSync(messagesFile, 'utf8').trim().split('\n');
+      const filtered = lines.filter(line => {
+        try { return JSON.parse(line).id !== id; } catch { return true; }
+      });
+      fs.writeFileSync(messagesFile, filtered.join('\n') + (filtered.length ? '\n' : ''));
+    }
+  });
   return { success: true, id };
 }
@@ -1121,7 +1141,7 @@ const server = http.createServer(async (req, res) => {
       });
       res.end(html);
     }
-    else if (url.pathname === '/api/discover' && req.method === 'GET') {
+    else if (url.pathname === '/api/discover' && req.method === 'POST') {
       res.writeHead(200, { 'Content-Type': 'application/json' });
       res.end(JSON.stringify(apiDiscover()));
     }
@@ -1153,7 +1173,7 @@ const server = http.createServer(async (req, res) => {
     else if (url.pathname === '/api/workspaces' && req.method === 'GET') {
       const projectPath = url.searchParams.get('project') || null;
       const agentParam = url.searchParams.get('agent');
-      if (agentParam && !/^[a-zA-Z0-9]{1,20}$/.test(agentParam)) {
+      if (agentParam && !/^[a-zA-Z0-9_-]{1,20}$/.test(agentParam)) {
         res.writeHead(400, { 'Content-Type': 'application/json' });
         res.end(JSON.stringify({ error: 'Invalid agent name' }));
         return;
@@ -1258,14 +1278,14 @@ const server = http.createServer(async (req, res) => {
     // --- v3.4: Message Edit ---
     else if (url.pathname === '/api/message' && req.method === 'PUT') {
       const body = await parseBody(req);
-      const result = apiEditMessage(body, url.searchParams);
+      const result = await apiEditMessage(body, url.searchParams);
       res.writeHead(result.error ? 400 : 200, { 'Content-Type': 'application/json' });
       res.end(JSON.stringify(result));
     }
     // --- v3.4: Message Delete ---
     else if (url.pathname === '/api/message' && req.method === 'DELETE') {
       const body = await parseBody(req);
-      const result = apiDeleteMessage(body, url.searchParams);
+      const result = await apiDeleteMessage(body, url.searchParams);
       res.writeHead(result.error ? 400 : 200, { 'Content-Type': 'application/json' });
       res.end(JSON.stringify(result));
     }
@@ -1292,6 +1312,12 @@ const server = http.createServer(async (req, res) => {
       res.writeHead(result.error ? 400 : 200, { 'Content-Type': 'application/json' });
       res.end(JSON.stringify(result));
     }
+    // --- v3.4: Read Receipts ---
+    else if (url.pathname === '/api/read-receipts' && req.method === 'GET') {
+      const projectPath = url.searchParams.get('project') || null;
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(readJson(filePath('read_receipts.json', projectPath))));
+    }
     // Server info (LAN mode detection for frontend)
     else if (url.pathname === '/api/server-info' && req.method === 'GET') {
       res.writeHead(200, { 'Content-Type': 'application/json' });
@@ -1367,8 +1393,9 @@ const server = http.createServer(async (req, res) => {
       res.end(JSON.stringify({ error: 'Not found' }));
     }
   } catch (err) {
+    console.error('Server error:', err.message);
     res.writeHead(500, { 'Content-Type': 'application/json' });
-    res.end(JSON.stringify({ error: err.message }));
+    res.end(JSON.stringify({ error: 'Internal server error' }));
   }
 });
@@ -1420,7 +1447,7 @@ server.listen(PORT, LAN_MODE ? '0.0.0.0' : '127.0.0.1', () => {
   const dataDir = resolveDataDir();
   const lanIP = getLanIP();
   console.log('');
-  console.log('  Let Them Talk - Agent Bridge Dashboard v3.4.0');
+  console.log('  Let Them Talk - Agent Bridge Dashboard v3.4.1');
   console.log('  ============================================');
   console.log('  Dashboard:  http://localhost:' + PORT);
   if (LAN_MODE && lanIP) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "let-them-talk",
-  "version": "3.4.0",
+  "version": "3.4.1",
   "description": "MCP message broker + web dashboard for inter-agent communication. Let AI CLI agents talk to each other.",
   "main": "server.js",
   "bin": {

package/server.js CHANGED Viewed

@@ -273,14 +273,61 @@ function autoCompact() {
   } catch {}
 }
+// --- Permissions helpers ---
+const PERMISSIONS_FILE = path.join(DATA_DIR, 'permissions.json');
+function getPermissions() {
+  if (!fs.existsSync(PERMISSIONS_FILE)) return {};
+  try { return JSON.parse(fs.readFileSync(PERMISSIONS_FILE, 'utf8')); } catch { return {}; }
+}
+function canSendTo(sender, recipient) {
+  const perms = getPermissions();
+  // If no permissions set, allow everything (backward compatible)
+  if (!perms[sender] && !perms[recipient]) return true;
+  // Check sender's write permissions
+  if (perms[sender] && perms[sender].can_write_to) {
+    const allowed = perms[sender].can_write_to;
+    if (allowed !== '*' && Array.isArray(allowed) && !allowed.includes(recipient)) return false;
+  }
+  // Check recipient's read permissions
+  if (perms[recipient] && perms[recipient].can_read) {
+    const allowed = perms[recipient].can_read;
+    if (allowed !== '*' && Array.isArray(allowed) && !allowed.includes(sender)) return false;
+  }
+  return true;
+}
+// --- Read receipts helpers ---
+const READ_RECEIPTS_FILE = path.join(DATA_DIR, 'read_receipts.json');
+function getReadReceipts() {
+  if (!fs.existsSync(READ_RECEIPTS_FILE)) return {};
+  try { return JSON.parse(fs.readFileSync(READ_RECEIPTS_FILE, 'utf8')); } catch { return {}; }
+}
+function markAsRead(agentName, messageId) {
+  ensureDataDir();
+  const receipts = getReadReceipts();
+  if (!receipts[messageId]) receipts[messageId] = {};
+  receipts[messageId][agentName] = new Date().toISOString();
+  fs.writeFileSync(READ_RECEIPTS_FILE, JSON.stringify(receipts, null, 2));
+}
 // Get unconsumed messages for an agent (full scan — used by check_messages and initial load)
 function getUnconsumedMessages(agentName, fromFilter = null) {
   const messages = readJsonl(getMessagesFile(currentBranch));
   const consumed = getConsumedIds(agentName);
+  const perms = getPermissions();
   return messages.filter(m => {
     if (m.to !== agentName) return false;
     if (consumed.has(m.id)) return false;
     if (fromFilter && m.from !== fromFilter && !m.system) return false;
+    // Permission check: skip messages from senders this agent can't read
+    if (perms[agentName] && perms[agentName].can_read) {
+      const allowed = perms[agentName].can_read;
+      if (allowed !== '*' && Array.isArray(allowed) && !allowed.includes(m.from) && !m.system) return false;
+    }
     return true;
   });
 }
@@ -520,6 +567,11 @@ function toolSendMessage(content, to = null, reply_to = null) {
     return { error: 'Cannot send a message to yourself' };
   }
+  // Permission check
+  if (!canSendTo(registeredName, to)) {
+    return { error: `Permission denied: you are not allowed to send messages to "${to}"` };
+  }
   const sizeErr = validateContentSize(content);
   if (sizeErr) return sizeErr;
@@ -583,7 +635,9 @@ function toolBroadcast(content) {
   ensureDataDir();
   const ids = [];
+  const skipped = [];
   for (const to of otherAgents) {
+    if (!canSendTo(registeredName, to)) { skipped.push(to); continue; }
     messageSeq++;
     const msg = {
       id: generateId(),
@@ -600,7 +654,9 @@ function toolBroadcast(content) {
   }
   touchActivity();
-  return { success: true, sent_to: ids, recipient_count: otherAgents.length };
+  const result = { success: true, sent_to: ids, recipient_count: ids.length };
+  if (skipped.length > 0) result.skipped = skipped;
+  return result;
 }
 async function toolWaitForReply(timeoutSeconds = 300, from = null) {
@@ -618,6 +674,7 @@ async function toolWaitForReply(timeoutSeconds = 300, from = null) {
     const consumed = getConsumedIds(registeredName);
     consumed.add(msg.id);
     saveConsumedIds(registeredName, consumed);
+    markAsRead(registeredName, msg.id);
     const _mf1 = getMessagesFile(currentBranch);
     if (fs.existsSync(_mf1)) {
       lastReadOffset = fs.statSync(_mf1).size;
@@ -647,6 +704,7 @@ async function toolWaitForReply(timeoutSeconds = 300, from = null) {
       consumed.add(msg.id);
       saveConsumedIds(registeredName, consumed);
+      markAsRead(registeredName, msg.id);
       touchActivity();
       setListening(false);
       return buildMessageResponse(msg, consumed);
@@ -718,6 +776,7 @@ async function toolListen(from = null) {
     const consumed = getConsumedIds(registeredName);
     consumed.add(msg.id);
     saveConsumedIds(registeredName, consumed);
+    markAsRead(registeredName, msg.id);
     const _mfL1 = getMessagesFile(currentBranch);
     if (fs.existsSync(_mfL1)) {
       lastReadOffset = fs.statSync(_mfL1).size;
@@ -750,6 +809,7 @@ async function toolListen(from = null) {
         consumed.add(msg.id);
         saveConsumedIds(registeredName, consumed);
+        markAsRead(registeredName, msg.id);
         touchActivity();
         setListening(false);
         return buildMessageResponse(msg, consumed);
@@ -776,6 +836,7 @@ async function toolListenCodex(from = null) {
     const consumed = getConsumedIds(registeredName);
     consumed.add(msg.id);
     saveConsumedIds(registeredName, consumed);
+    markAsRead(registeredName, msg.id);
     const _mfC1 = getMessagesFile(currentBranch);
     if (fs.existsSync(_mfC1)) {
       lastReadOffset = fs.statSync(_mfC1).size;
@@ -804,6 +865,7 @@ async function toolListenCodex(from = null) {
       consumed.add(msg.id);
       saveConsumedIds(registeredName, consumed);
+      markAsRead(registeredName, msg.id);
       touchActivity();
       setListening(false);
       return buildMessageResponse(msg, consumed);
@@ -824,6 +886,16 @@ function toolGetHistory(limit = 50, thread_id = null) {
   if (thread_id) {
     history = history.filter(m => m.thread_id === thread_id || m.id === thread_id);
   }
+  // Filter by permissions — only show messages involving this agent or permitted senders
+  if (registeredName) {
+    const perms = getPermissions();
+    if (perms[registeredName] && perms[registeredName].can_read) {
+      const allowed = perms[registeredName].can_read;
+      if (allowed !== '*' && Array.isArray(allowed)) {
+        history = history.filter(m => m.from === registeredName || m.to === registeredName || allowed.includes(m.from));
+      }
+    }
+  }
   const recent = history.slice(-limit);
   const acks = getAcks();
@@ -1109,8 +1181,8 @@ function toolReset() {
       }
     }
   }
-  // Remove profiles, workflows, branches, plugins
-  for (const f of [PROFILES_FILE, WORKFLOWS_FILE, BRANCHES_FILE, PLUGINS_FILE]) {
+  // Remove profiles, workflows, branches, plugins, permissions, read receipts
+  for (const f of [PROFILES_FILE, WORKFLOWS_FILE, BRANCHES_FILE, PLUGINS_FILE, PERMISSIONS_FILE, READ_RECEIPTS_FILE]) {
     if (fs.existsSync(f)) fs.unlinkSync(f);
   }
   // Remove workspaces dir
@@ -1186,6 +1258,9 @@ function toolWorkspaceWrite(key, content) {
 function toolWorkspaceRead(key, agent) {
   if (!registeredName) return { error: 'You must call register() first' };
   const targetAgent = agent || registeredName;
+  if (targetAgent !== registeredName && !/^[a-zA-Z0-9_-]{1,20}$/.test(targetAgent)) {
+    return { error: 'Invalid agent name' };
+  }
   const ws = getWorkspace(targetAgent);
   if (key) {
@@ -1203,6 +1278,7 @@ function toolWorkspaceRead(key, agent) {
 function toolWorkspaceList(agent) {
   const agents = getAgents();
   if (agent) {
+    if (!/^[a-zA-Z0-9_-]{1,20}$/.test(agent)) return { error: 'Invalid agent name' };
     const ws = getWorkspace(agent);
     return { agent, keys: Object.keys(ws).map(k => ({ key: k, size: ws[k].content.length, updated_at: ws[k].updated_at })) };
   }
@@ -2021,7 +2097,7 @@ async function main() {
   loadPlugins();
   const transport = new StdioServerTransport();
   await server.connect(transport);
-  console.error('Agent Bridge MCP server v3.4.0 running (' + (27 + loadedPlugins.length) + ' tools)');
+  console.error('Agent Bridge MCP server v3.4.1 running (' + (27 + loadedPlugins.length) + ' tools)');
 }
 main().catch(console.error);