openfused 0.1.2 → 0.2.1

package/README.md

@@ -1,10 +1,10 @@
-# OpenFuse
+# OpenFused
 
-Persistent, shareable, portable context for AI agents.
+Decentralized context mesh for AI agents. Persistent memory, signed messaging, FUSE filesystem. The protocol is files.
 
 ## What is this?
 
-AI agents lose their memory when conversations end. Context is trapped in chat windows, proprietary memory systems, and siloed cloud accounts. OpenFuse gives any AI agent a persistent context store that survives sessions and can be shared with other agents — through plain files.
+AI agents lose their memory when conversations end. Context is trapped in chat windows, proprietary memory systems, and siloed cloud accounts. OpenFused gives any AI agent persistent, shareable context — through plain files.
 
 No vendor lock-in. No proprietary protocol. Just a directory convention that any agent on any model on any cloud can read and write.
 
@@ -21,10 +21,12 @@ This creates a context store:
 CONTEXT.md     — working memory (what's happening now)
 SOUL.md        — agent identity, rules, capabilities
 inbox/         — messages from other agents
+outbox/        — sent message copies
 shared/        — files shared with the mesh
 knowledge/     — persistent knowledge base
 history/       — conversation & decision logs
-.mesh.json     — mesh config
+.keys/         — ed25519 signing keypair (auto-generated)
+.mesh.json     — mesh config, peers, trusted keys
 ```
 
 ## Usage
@@ -34,31 +36,76 @@ history/       — conversation & decision logs
 openfuse context
 openfuse context --append "## Update\nFinished the research phase."
 
-# Send a message to another agent
+# Send a signed message to another agent
 openfuse inbox send agent-bob "Check out shared/findings.md"
 
-# Watch for incoming messages
+# Read inbox (shows verified/unverified status)
+openfuse inbox list
+
+# Watch for incoming messages in real-time
 openfuse watch
 
 # Share a file with the mesh
 openfuse share ./report.pdf
 
+# Show your public key (share with peers)
+openfuse key
+
+# Trust a peer's public key
+openfuse peer trust ./bobs-key.pem
+
 # Manage peers
 openfuse peer add https://agent-bob.example.com
 openfuse peer list
 openfuse status
 ```
 
+## Security
+
+Every message is **Ed25519 signed**. When an agent receives a message:
+
+- **[VERIFIED]** — signature valid AND sender's key is in your trust list
+- **[UNVERIFIED]** — unsigned, invalid signature, or untrusted key
+
+All incoming messages are wrapped in `<external_message>` tags so the LLM knows what's trusted and what isn't:
+
+```xml
+<external_message from="agent-bob" verified="true" status="verified">
+Hey, the research is done. Check shared/findings.md
+</external_message>
+```
+
+Unsigned messages or prompt injection attempts are clearly marked `UNVERIFIED`.
+
+## FUSE Daemon (Rust)
+
+The `openfused` daemon lets agents mount each other's context stores as local directories:
+
+```bash
+# Agent A: serve your context store
+openfused serve --store ./my-context --port 9781
+
+# Agent B: mount Agent A's store locally (read-only)
+openfused mount http://agent-a:9781 ./peers/agent-a/
+```
+
+The daemon only exposes safe directories (`shared/`, `knowledge/`, `CONTEXT.md`, `SOUL.md`). Inbox, outbox, keys, and config are never served.
+
+Build from source:
+```bash
+cd daemon && cargo build --release
+```
+
 ## How agents communicate
 
 No APIs. No message bus. Just files.
 
-Agent A writes to Agent B's inbox. Agent B's watcher picks it up and injects it as a user message. Agent B responds by writing to Agent A's inbox. That's a conversation — through files.
+Agent A writes to Agent B's inbox. Agent B's watcher picks it up, verifies the signature, wraps it in security tags, and injects it as a user message. Agent B responds by writing to Agent A's inbox.
 
 ```
-Agent A writes:  /shared-bucket/inbox/agent-b.md
-Agent B reads:   /shared-bucket/inbox/agent-b.md  → processes → responds
-Agent B writes:  /shared-bucket/inbox/agent-a.md
+Agent A writes:  /shared-bucket/inbox/agent-b.json  (signed)
+Agent B reads:   verifies signature → [VERIFIED] → processes → responds
+Agent B writes:  /shared-bucket/inbox/agent-a.json  (signed)
 ```
 
 Works over local filesystem, GCS buckets (gcsfuse), S3, or any FUSE-mountable storage.
@@ -67,7 +114,7 @@ Works over local filesystem, GCS buckets (gcsfuse), S3, or any FUSE-mountable st
 
 - **OpenClaw** — drop the context store in your workspace
 - **Claude Code** — reference paths in CLAUDE.md
-- **Any CLI agent** — if it can read files, it can use OpenFuse
+- **Any CLI agent** — if it can read files, it can use OpenFused
 - **Any cloud** — GCP, AWS, Azure, bare metal, your laptop
 
 ## Philosophy

package/dist/cli.js

@@ -7,8 +7,8 @@ import { resolve } from "node:path";
 const program = new Command();
 program
     .name("openfuse")
-    .description("Persistent, shareable, portable context for AI agents")
-    .version("0.1.0");
+    .description("Decentralized context mesh for AI agents. The protocol is files.")
+    .version("0.2.1");
 // --- init ---
 program
     .command("init")
@@ -24,8 +24,10 @@ program
     const id = nanoid(12);
     await store.init(opts.name, id);
     console.log(`Initialized context store: ${store.root}`);
+    const config = await store.readConfig();
     console.log(`  Agent ID: ${id}`);
     console.log(`  Name: ${opts.name}`);
+    console.log(`  Signing keys: generated (.keys/)`);
     console.log(`\nStructure:`);
     console.log(`  CONTEXT.md  — working memory (edit this)`);
     console.log(`  SOUL.md     — agent identity & rules`);
@@ -98,6 +100,7 @@ inbox
     .command("list")
     .description("List inbox messages")
     .option("-d, --dir <path>", "Context store directory", ".")
+    .option("--raw", "Show raw content instead of wrapped")
     .action(async (opts) => {
     const store = new ContextStore(resolve(opts.dir));
     const messages = await store.readInbox();
@@ -106,8 +109,9 @@ inbox
         return;
     }
     for (const msg of messages) {
-        console.log(`\n--- From: ${msg.from} | ${msg.time} ---`);
-        console.log(msg.content);
+        const badge = msg.verified ? "[VERIFIED]" : "[UNVERIFIED]";
+        console.log(`\n--- ${badge} From: ${msg.from} | ${msg.time} ---`);
+        console.log(opts.raw ? msg.content : msg.wrappedContent);
     }
 });
 inbox
@@ -203,4 +207,38 @@ peer
     await store.writeConfig(config);
     console.log(`Removed peer: ${id}`);
 });
+peer
+    .command("trust <publicKeyFile>")
+    .description("Trust a peer's public key (messages from them will show as verified)")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .action(async (publicKeyFile, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    const { readFile } = await import("node:fs/promises");
+    const pubKey = (await readFile(resolve(publicKeyFile), "utf-8")).trim();
+    if (!config.trustedKeys)
+        config.trustedKeys = [];
+    if (config.trustedKeys.includes(pubKey)) {
+        console.log("Key already trusted.");
+        return;
+    }
+    config.trustedKeys.push(pubKey);
+    await store.writeConfig(config);
+    console.log("Key trusted. Messages signed with this key will show as [VERIFIED].");
+});
+// --- key ---
+program
+    .command("key")
+    .description("Show this agent's public key (share with peers so they can trust you)")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .action(async (opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    if (config.publicKey) {
+        console.log(config.publicKey);
+    }
+    else {
+        console.error("No keys found. Run `openfuse init` first.");
+    }
+});
 program.parse();

package/dist/crypto.d.ts

@@ -0,0 +1,17 @@
+export interface SignedMessage {
+    from: string;
+    timestamp: string;
+    message: string;
+    signature: string;
+    publicKey: string;
+}
+export declare function generateKeys(storeRoot: string): Promise<{
+    publicKey: string;
+    privateKey: string;
+}>;
+export declare function hasKeys(storeRoot: string): Promise<boolean>;
+export declare function signMessage(storeRoot: string, from: string, message: string): Promise<SignedMessage>;
+export declare function verifyMessage(signed: SignedMessage): boolean;
+export declare function wrapExternalMessage(signed: SignedMessage, verified: boolean): string;
+export declare function serializeSignedMessage(signed: SignedMessage): string;
+export declare function deserializeSignedMessage(raw: string): SignedMessage | null;

package/dist/crypto.js

@@ -0,0 +1,65 @@
+import { generateKeyPairSync, sign, verify, createPrivateKey, createPublicKey } from "node:crypto";
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { join } from "node:path";
+import { existsSync } from "node:fs";
+const KEY_DIR = ".keys";
+export async function generateKeys(storeRoot) {
+    const keyDir = join(storeRoot, KEY_DIR);
+    await mkdir(keyDir, { recursive: true });
+    const { publicKey, privateKey } = generateKeyPairSync("ed25519", {
+        publicKeyEncoding: { type: "spki", format: "pem" },
+        privateKeyEncoding: { type: "pkcs8", format: "pem" },
+    });
+    await writeFile(join(keyDir, "public.pem"), publicKey, { mode: 0o644 });
+    await writeFile(join(keyDir, "private.pem"), privateKey, { mode: 0o600 });
+    return { publicKey, privateKey };
+}
+export async function hasKeys(storeRoot) {
+    return existsSync(join(storeRoot, KEY_DIR, "private.pem"));
+}
+async function loadPrivateKey(storeRoot) {
+    const pem = await readFile(join(storeRoot, KEY_DIR, "private.pem"), "utf-8");
+    return createPrivateKey(pem);
+}
+async function loadPublicKey(storeRoot) {
+    return readFile(join(storeRoot, KEY_DIR, "public.pem"), "utf-8");
+}
+export async function signMessage(storeRoot, from, message) {
+    const privateKey = await loadPrivateKey(storeRoot);
+    const publicKey = await loadPublicKey(storeRoot);
+    const timestamp = new Date().toISOString();
+    const payload = Buffer.from(`${from}\n${timestamp}\n${message}`);
+    const signature = sign(null, payload, privateKey).toString("base64");
+    return { from, timestamp, message, signature, publicKey };
+}
+export function verifyMessage(signed) {
+    try {
+        const payload = Buffer.from(`${signed.from}\n${signed.timestamp}\n${signed.message}`);
+        const pubKey = createPublicKey(signed.publicKey);
+        return verify(null, payload, pubKey, Buffer.from(signed.signature, "base64"));
+    }
+    catch {
+        return false;
+    }
+}
+// Wrap a message in security tags for the LLM
+export function wrapExternalMessage(signed, verified) {
+    const status = verified ? "verified" : "UNVERIFIED";
+    return `<external_message from="${signed.from}" verified="${verified}" time="${signed.timestamp}" status="${status}">
+${signed.message}
+</external_message>`;
+}
+// Format for writing to inbox files
+export function serializeSignedMessage(signed) {
+    return JSON.stringify(signed, null, 2);
+}
+export function deserializeSignedMessage(raw) {
+    try {
+        const parsed = JSON.parse(raw);
+        if (parsed.from && parsed.message && parsed.signature && parsed.publicKey) {
+            return parsed;
+        }
+    }
+    catch { }
+    return null;
+}

package/dist/store.d.ts

@@ -2,7 +2,9 @@ export interface MeshConfig {
     id: string;
     name: string;
     created: string;
+    publicKey?: string;
     peers: PeerConfig[];
+    trustedKeys?: string[];
 }
 export interface PeerConfig {
     id: string;
@@ -27,8 +29,10 @@ export declare class ContextStore {
     readInbox(): Promise<Array<{
         file: string;
         content: string;
+        wrappedContent: string;
         from: string;
         time: string;
+        verified: boolean;
     }>>;
     listShared(): Promise<string[]>;
     share(filename: string, content: string): Promise<void>;

package/dist/store.js

@@ -1,7 +1,8 @@
 import { readFile, writeFile, mkdir, readdir } from "node:fs/promises";
 import { join, resolve } from "node:path";
 import { existsSync } from "node:fs";
-const STORE_DIRS = ["history", "knowledge", "inbox", "shared"];
+import { generateKeys, signMessage, verifyMessage, deserializeSignedMessage, serializeSignedMessage, wrapExternalMessage } from "./crypto.js";
+const STORE_DIRS = ["history", "knowledge", "inbox", "outbox", "shared"];
 export class ContextStore {
     root;
     constructor(root) {
@@ -29,12 +30,16 @@ export class ContextStore {
                 await writeFile(destPath, content);
             }
         }
+        // Generate signing keypair
+        const keys = await generateKeys(this.root);
         // Write mesh config
         const config = {
             id,
             name,
             created: new Date().toISOString(),
+            publicKey: keys.publicKey,
             peers: [],
+            trustedKeys: [],
         };
         await this.writeConfig(config);
     }
@@ -57,26 +62,52 @@ export class ContextStore {
     async writeSoul(content) {
         await writeFile(join(this.root, "SOUL.md"), content);
     }
-    // --- Inbox ---
+    // --- Inbox (signed messages) ---
     async sendInbox(peerId, message) {
-        const inboxDir = join(this.root, "inbox");
+        const config = await this.readConfig();
+        const signed = await signMessage(this.root, config.id, message);
         const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
-        const filename = `${timestamp}_${peerId}.md`;
-        await writeFile(join(inboxDir, filename), message);
+        const filename = `${timestamp}_${peerId}.json`;
+        // Write to inbox (for the recipient) and outbox (our copy)
+        await writeFile(join(this.root, "inbox", filename), serializeSignedMessage(signed));
+        await writeFile(join(this.root, "outbox", filename), serializeSignedMessage(signed));
     }
     async readInbox() {
         const inboxDir = join(this.root, "inbox");
         if (!existsSync(inboxDir))
             return [];
+        const config = await this.readConfig();
         const files = await readdir(inboxDir);
         const messages = [];
-        for (const file of files.filter((f) => f.endsWith(".md"))) {
-            const content = await readFile(join(inboxDir, file), "utf-8");
-            // Parse filename: 2026-03-20T01-30-00-000Z_peer-id.md
-            const parts = file.replace(".md", "").split("_");
-            const from = parts.slice(1).join("_");
-            const time = parts[0].replace(/-/g, (m, i) => (i < 10 ? "-" : i < 13 ? "T" : i < 19 ? ":" : ".")).replace("Z", "");
-            messages.push({ file, content, from, time });
+        for (const file of files.filter((f) => f.endsWith(".json") || f.endsWith(".md"))) {
+            const raw = await readFile(join(inboxDir, file), "utf-8");
+            // Try parsing as signed message
+            const signed = deserializeSignedMessage(raw);
+            if (signed) {
+                const verified = verifyMessage(signed);
+                const trusted = config.trustedKeys?.some(k => k.trim() === signed.publicKey.trim()) ?? false;
+                messages.push({
+                    file,
+                    content: signed.message,
+                    wrappedContent: wrapExternalMessage(signed, verified && trusted),
+                    from: signed.from,
+                    time: signed.timestamp,
+                    verified: verified && trusted,
+                });
+            }
+            else {
+                // Unsigned message — mark as unverified
+                const parts = file.replace(/\.(md|json)$/, "").split("_");
+                const from = parts.slice(1).join("_");
+                messages.push({
+                    file,
+                    content: raw,
+                    wrappedContent: wrapExternalMessage({ from, timestamp: parts[0], message: raw, signature: "", publicKey: "" }, false),
+                    from,
+                    time: parts[0],
+                    verified: false,
+                });
+            }
         }
         return messages.sort((a, b) => a.time.localeCompare(b.time));
     }

package/dist/watch.d.ts

@@ -1,3 +1,3 @@
-export type InboxCallback = (from: string, message: string, file: string) => void;
+export type InboxCallback = (from: string, message: string, file: string, verified: boolean) => void;
 export declare function watchInbox(storeRoot: string, callback: InboxCallback): () => void;
 export declare function watchContext(storeRoot: string, callback: (content: string) => void): () => void;

package/dist/watch.js

@@ -1,36 +1,36 @@
 import { watch } from "chokidar";
 import { readFile } from "node:fs/promises";
 import { join, basename } from "node:path";
+import { deserializeSignedMessage, verifyMessage, wrapExternalMessage } from "./crypto.js";
 export function watchInbox(storeRoot, callback) {
     const inboxDir = join(storeRoot, "inbox");
-    const watcher = watch(inboxDir, {
-        ignoreInitial: true,
-        awaitWriteFinish: { stabilityThreshold: 500 },
-    });
-    watcher.on("add", async (filePath) => {
-        if (!filePath.endsWith(".md"))
-            return;
-        try {
-            const content = await readFile(filePath, "utf-8");
-            const filename = basename(filePath, ".md");
-            const parts = filename.split("_");
-            const from = parts.slice(1).join("_");
-            callback(from, content, filePath);
-        }
-        catch { }
-    });
-    watcher.on("change", async (filePath) => {
-        if (!filePath.endsWith(".md"))
+    const handleFile = async (filePath) => {
+        if (!filePath.endsWith(".json") && !filePath.endsWith(".md"))
             return;
         try {
-            const content = await readFile(filePath, "utf-8");
-            const filename = basename(filePath, ".md");
+            const raw = await readFile(filePath, "utf-8");
+            // Try signed message first
+            const signed = deserializeSignedMessage(raw);
+            if (signed) {
+                const verified = verifyMessage(signed);
+                callback(signed.from, wrapExternalMessage(signed, verified), filePath, verified);
+                return;
+            }
+            // Unsigned fallback — always unverified
+            const filename = basename(filePath).replace(/\.(md|json)$/, "");
             const parts = filename.split("_");
             const from = parts.slice(1).join("_");
-            callback(from, content, filePath);
+            const wrapped = `<external_message from="${from}" verified="false" status="UNVERIFIED">\n${raw}\n</external_message>`;
+            callback(from, wrapped, filePath, false);
         }
         catch { }
+    };
+    const watcher = watch(inboxDir, {
+        ignoreInitial: true,
+        awaitWriteFinish: { stabilityThreshold: 500 },
     });
+    watcher.on("add", handleFile);
+    watcher.on("change", handleFile);
     return () => watcher.close();
 }
 export function watchContext(storeRoot, callback) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "openfused",
-  "version": "0.1.2",
-  "description": "Persistent, shareable, portable context for AI agents. Decentralized mesh via files.",
+  "version": "0.2.1",
+  "description": "Decentralized context mesh for AI agents. Persistent memory, signed messaging, FUSE filesystem. The protocol is files.",
   "license": "MIT",
   "type": "module",
   "bin": {
@@ -53,6 +53,8 @@
     "mcp",
     "ai-agent",
     "shared-context",
-    "persistent-memory"
+    "persistent-memory",
+    "ed25519",
+    "signed-messages"
   ]
 }