openfused 0.3.15 → 0.3.17

package/README.md

@@ -154,11 +154,10 @@ The `age` format is interoperable — Rust CLI and TypeScript SDK use the same k
 Public registry at `registry.openfused.dev`. Any agent can register, discover others, and send messages.
 
 ```bash
-# Register your agent
-# Registers as yourname.openfused.net
+# Register (auto-names as yourname.openfused.net)
 openfuse register --endpoint https://your-server.com:2053
 
-# Or use your own domain:
+# Or register with a custom domain
 openfuse register --name yourname.company.com --endpoint https://yourname.company.com:2053
 
 # Discover an agent
@@ -334,6 +333,10 @@ Works over local filesystem, GCS buckets (gcsfuse), S3, or any FUSE-mountable st
 - **Any CLI agent** — if it can read files, it can use OpenFused
 - **Any cloud** — GCP, AWS, Azure, bare metal, your laptop
 
+## Community
+
+[Discord](https://discord.gg/gbR9TURc) · [GitHub Discussions](https://github.com/openfused/openfused/discussions) · [Contributing](CONTRIBUTING.md)
+
 ## Philosophy
 
 > *Intelligence is what happens when information flows through a sufficiently complex and appropriately organized system. The medium is not the message. The medium is just the medium. The message is the pattern.*

package/dist/store.js

@@ -192,10 +192,11 @@ export class ContextStore {
         else {
             signed = await signMessage(this.root, config.name, message);
         }
-        // Envelope filename encodes routing metadata so sync can match outbox files to peers
-        // without parsing JSON. Colons/dots replaced to stay filesystem-safe across OS.
+        // Envelope filename includes short fingerprint to disambiguate name collisions.
+        // Two agents named "carlos" with different keys get different filenames.
+        const shortFp = entry ? entry.fingerprint.replace(/:/g, "").slice(0, 8) : "unknown";
         const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
-        const filename = `${timestamp}_from-${config.name}_to-${peerId}.json`;
+        const filename = `${timestamp}_from-${config.name}_to-${peerId}-${shortFp}.json`;
         await writeFile(join(this.root, "outbox", filename), serializeSignedMessage(signed));
         return filename;
     }

package/dist/sync.js

@@ -32,6 +32,19 @@ export async function checkSsrf(url) {
     }
 }
 const execFile = promisify(execFileCb);
+// Strip dangerous HTML from peer content before writing to disk.
+// Peer-synced files get read by agents/LLMs — malicious HTML could execute
+// if rendered in a browser or trick an LLM into acting on injected instructions.
+function sanitizePeerContent(raw) {
+    return raw
+        .replace(/<script[\s\S]*?<\/script>/gi, "[REMOVED: script tag]")
+        .replace(/<iframe[\s\S]*?<\/iframe>/gi, "[REMOVED: iframe tag]")
+        .replace(/<object[\s\S]*?<\/object>/gi, "[REMOVED: object tag]")
+        .replace(/<embed[\s\S]*?>/gi, "[REMOVED: embed tag]")
+        .replace(/<link[\s\S]*?>/gi, "[REMOVED: link tag]")
+        .replace(/on\w+\s*=\s*["'][^"']*["']/gi, "[REMOVED: event handler]")
+        .replace(/javascript\s*:/gi, "[REMOVED: javascript URI]");
+}
 // Archive instead of delete: preserves audit trail and lets agents review what was sent.
 // Without this, sync would re-deliver the same message every cycle.
 async function archiveSent(outboxDir, fname) {
@@ -140,17 +153,28 @@ async function syncHttp(store, peer, baseUrl, peerDir) {
     const errors = [];
     // SSRF check: block requests to private/reserved IPs
     await checkSsrf(baseUrl);
+    // Try /read/{file} (full mode) then /profile (public mode) for PROFILE.md.
+    // CONTEXT.md 404s are silently skipped — peers in public mode don't serve it.
     for (const file of ["CONTEXT.md", "PROFILE.md"]) {
         try {
-            const resp = await fetch(`${baseUrl}/read/${file}`);
+            const url = file === "PROFILE.md"
+                ? `${baseUrl}/profile` // public mode serves /profile not /read/PROFILE.md
+                : `${baseUrl}/read/${file}`;
+            let resp = await fetch(url);
+            // Fallback: try /read/ path if /profile didn't work (full mode daemon)
+            if (!resp.ok && file === "PROFILE.md") {
+                resp = await fetch(`${baseUrl}/read/${file}`);
+            }
             if (resp.ok) {
-                await writeFile(join(peerDir, file), await resp.text());
+                const raw = sanitizePeerContent(await resp.text());
+                const esc = (s) => s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+                const wrapped = `<external_content_unverified from="${esc(peer.name)}" file="${esc(file)}">\n${raw}\n</external_content_unverified>`;
+                await writeFile(join(peerDir, file), wrapped);
                 pulled.push(file);
             }
+            // Don't report 404s as errors — peer may be in public mode
         }
-        catch (e) {
-            errors.push(`${file}: ${e.message}`);
-        }
+        catch { }
     }
     for (const dir of ["shared", "knowledge"]) {
         try {
@@ -170,7 +194,10 @@ async function syncHttp(store, peer, baseUrl, peerDir) {
                     continue;
                 const r = await fetch(`${baseUrl}/read/${dir}/${safeName}`);
                 if (r.ok) {
-                    await writeFile(join(localDir, safeName), Buffer.from(await r.arrayBuffer()));
+                    const raw = sanitizePeerContent(Buffer.from(await r.arrayBuffer()).toString("utf-8"));
+                    const esc = (s) => s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+                    const wrapped = `<external_content_unverified from="${esc(peer.name)}" file="${esc(safeName)}">\n${raw}\n</external_content_unverified>`;
+                    await writeFile(join(localDir, safeName), wrapped);
                     pulled.push(`${dir}/${safeName}`);
                 }
             }
@@ -241,7 +268,7 @@ async function syncHttp(store, peer, baseUrl, peerDir) {
         for (const fname of await readdir(outboxDir)) {
             if (!fname.endsWith(".json"))
                 continue;
-            if (!fname.includes(`_to-${peer.name}.json`) && !fname.includes(peer.id))
+            if (!fname.includes(`_to-${peer.name}-`) && !fname.includes(`_to-${peer.name}.json`) && !fname.includes(peer.id))
                 continue;
             try {
                 const body = await readFile(join(outboxDir, fname), "utf-8");
@@ -299,9 +326,10 @@ async function syncSsh(store, peer, host, remotePath, peerDir) {
     try {
         await execFile("rsync", [
             "-az", "--ignore-existing",
-            "--include", `*_to-${myName}.json`,
+            "--include", `*_to-${myName}-*.json`, // new format with fingerprint
+            "--include", `*_to-${myName}.json`, // legacy format without fingerprint
             "--include", `*_to-all.json`,
-            "--include", `*_${myName}.json`, // legacy format (pre-envelope)
+            "--include", `*_${myName}.json`, // pre-envelope legacy
             "--exclude", "*",
             `${host}:${remotePath}/outbox/`,
             `${inboxDir}/`,
@@ -319,7 +347,7 @@ async function syncSsh(store, peer, host, remotePath, peerDir) {
         for (const fname of await readdir(outboxDir)) {
             if (!fname.endsWith(".json"))
                 continue;
-            if (!fname.includes(`_to-${peer.name}.json`) && !fname.includes(peer.id))
+            if (!fname.includes(`_to-${peer.name}-`) && !fname.includes(`_to-${peer.name}.json`) && !fname.includes(peer.id))
                 continue;
             try {
                 await execFile("rsync", ["-az", join(outboxDir, fname), `${host}:${remotePath}/inbox/${fname}`]);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openfused",
-  "version": "0.3.15",
+  "version": "0.3.17",
   "description": "The file protocol for AI agent context. Encrypted, signed, peer-to-peer.",
   "license": "MIT",
   "type": "module",