openfused 0.3.23 → 0.4.1

package/dist/cli.js

@@ -8,7 +8,7 @@ import * as registry from "./registry.js";
 import { fingerprint } from "./crypto.js";
 import { resolve, join } from "node:path";
 import { readFile } from "node:fs/promises";
-import { parseValiditySections, buildValidityReport } from "./validity.js";
+import { WasmCore } from "./wasm-core.js";
 import { createRequire } from "node:module";
 const VERSION = createRequire(import.meta.url)("../package.json").version;
 // Enable proxy support: Node.js built-in fetch doesn't respect HTTP_PROXY env vars.
@@ -305,20 +305,8 @@ program
     const store = new ContextStore(resolve(opts.dir));
     let prunedCount = 0;
     if (opts.pruneStale) {
-        // Soft-expiry pruning: rewrite CONTEXT.md with stale sections stripped
-        const content = await store.readContext();
-        const sections = parseValiditySections(content);
-        const staleSections = sections.filter((s) => s.expired);
-        if (staleSections.length > 0) {
-            // Remove stale annotated sections from file
-            let updated = content;
-            for (const s of staleSections) {
-                // Strip the section text from the file (simple text removal)
-                updated = updated.replace(s.sectionText, "[STALE — archived by openfuse compact --prune-stale]");
-            }
-            await store.writeContext(updated);
-            prunedCount = staleSections.length;
-        }
+        const core = new WasmCore(resolve(opts.dir));
+        prunedCount = await core.pruneStale();
     }
     const { moved, kept } = await store.compactContext();
     if (moved === 0 && prunedCount === 0) {
@@ -345,29 +333,29 @@ program
         console.error("No context store found. Run `openfuse init` first.");
         process.exit(1);
     }
-    const content = await store.readContext();
-    const sections = parseValiditySections(content);
-    const report = buildValidityReport(sections);
+    const core = new WasmCore(resolve(opts.dir));
+    const report = await core.validate();
     if (opts.json) {
         console.log(JSON.stringify(report, null, 2));
         return;
     }
-    if (report.total === 0) {
+    const total = report.entries.length;
+    if (total === 0) {
         console.log("No validity-annotated sections found.");
         console.log("Add `<!-- validity: 6h -->` before time-sensitive context entries.");
         return;
     }
-    console.log(`Validity check: ${report.fresh} fresh, ${report.stale} stale (of ${report.total} annotated)`);
+    console.log(`Validity check: ${report.fresh} fresh, ${report.stale} stale (of ${total} annotated)`);
     if (report.stale > 0) {
-        console.log("\nStale sections (confidence < 0.1):");
+        console.log("\nStale sections (confidence < 0.5):");
         for (const e of report.entries.filter((e) => e.expired)) {
-            const age = e.addedAt ? ` written ${e.addedAt}` : "";
-            console.log(`  [${e.ttlLabel} TTL${age}] ${e.preview}`);
+            const age = e.added ? ` written ${e.added}` : "";
+            console.log(`  [${e.ttl_str} TTL${age}] ${e.header}`);
         }
         console.log("\nRun `openfuse compact --prune-stale` to archive stale sections.");
     }
     else {
-        console.log("All annotated sections are within their validity windows. ✓");
+        console.log("All annotated sections are within their validity windows.");
     }
 });
 // --- share ---

package/dist/crypto.d.ts

@@ -23,8 +23,6 @@ export declare function generateKeys(storeRoot: string): Promise<{
 export declare function hasKeys(storeRoot: string): Promise<boolean>;
 export declare function fingerprint(publicKey: string): string;
 export declare function loadAgeRecipient(storeRoot: string): Promise<string>;
-/** Sign a raw challenge string — used for outbox authentication.
- * Returns { signature, publicKey } without the full SignedMessage envelope. */
 export declare function signChallenge(storeRoot: string, challenge: string): Promise<{
     signature: string;
     publicKey: string;

package/dist/crypto.js

@@ -1,39 +1,20 @@
-// --- Why Ed25519 + age? ---
-// Ed25519: fast, deterministic, no padding oracle attacks, widely supported (SSH, FIDO2, libsodium).
-// age over PGP: simpler API, no config footguns, no Web of Trust baggage — just X25519+ChaCha20-Poly1305.
-// Two separate keypairs because signing (Ed25519) and encryption (X25519) are distinct operations;
-// combining them would violate key-separation best practice.
-import { generateKeyPairSync, sign, verify, createPrivateKey, createPublicKey, createHash } from "node:crypto";
-import { readFile, writeFile, mkdir } from "node:fs/promises";
+// Crypto module — delegates to Rust WASM core for all operations.
+// Keeps the same public API so cli.ts, sync.ts, watch.ts, registry.ts don't change.
+import { createHash, verify as cryptoVerify, createPublicKey } from "node:crypto";
+import { readFile } from "node:fs/promises";
 import { join } from "node:path";
 import { existsSync } from "node:fs";
-import { Encrypter, Decrypter, generateIdentity, identityToRecipient } from "age-encryption";
+import { WasmCore } from "./wasm-core.js";
 const KEY_DIR = ".keys";
 // --- Key generation ---
 export async function generateKeys(storeRoot) {
-    const keyDir = join(storeRoot, KEY_DIR);
-    await mkdir(keyDir, { recursive: true });
-    // Ed25519 signing keypair
-    const { publicKey: pubObj, privateKey: privObj } = generateKeyPairSync("ed25519");
-    const pubJwk = pubObj.export({ format: "jwk" });
-    const privJwk = privObj.export({ format: "jwk" });
-    const publicHex = Buffer.from(pubJwk.x, "base64url").toString("hex");
-    const privateHex = Buffer.from(privJwk.d, "base64url").toString("hex");
-    await writeFile(join(keyDir, "public.key"), publicHex, { mode: 0o644 });
-    await writeFile(join(keyDir, "private.key"), privateHex, { mode: 0o600 });
-    // age encryption keypair
-    const ageIdentity = await generateIdentity();
-    const ageRecipient = await identityToRecipient(ageIdentity);
-    await writeFile(join(keyDir, "age.key"), ageIdentity, { mode: 0o600 });
-    await writeFile(join(keyDir, "age.pub"), ageRecipient, { mode: 0o644 });
-    return { publicKey: publicHex, encryptionKey: ageRecipient };
+    const core = new WasmCore(storeRoot);
+    return core.generateKeys();
 }
 export async function hasKeys(storeRoot) {
     return existsSync(join(storeRoot, KEY_DIR, "private.key"));
 }
 // --- Fingerprint ---
-// SHA-256 truncated to 16 bytes, displayed as colon-separated hex pairs (GPG-style).
-// Human-readable so agents can verify identities out-of-band — same UX as SSH fingerprints.
 export function fingerprint(publicKey) {
     const hash = createHash("sha256").update(publicKey).digest();
     const pairs = [];
@@ -47,71 +28,27 @@ export function fingerprint(publicKey) {
     return groups.join(":");
 }
 // --- Signing ---
-async function loadPrivateKey(storeRoot) {
-    const privHex = (await readFile(join(storeRoot, KEY_DIR, "private.key"), "utf-8")).trim();
-    const pubHex = (await readFile(join(storeRoot, KEY_DIR, "public.key"), "utf-8")).trim();
-    const d = Buffer.from(privHex, "hex").toString("base64url");
-    const x = Buffer.from(pubHex, "hex").toString("base64url");
-    return createPrivateKey({ key: { kty: "OKP", crv: "Ed25519", d, x }, format: "jwk" });
-}
-async function loadPublicKeyHex(storeRoot) {
-    return (await readFile(join(storeRoot, KEY_DIR, "public.key"), "utf-8")).trim();
-}
 export async function loadAgeRecipient(storeRoot) {
     return (await readFile(join(storeRoot, KEY_DIR, "age.pub"), "utf-8")).trim();
 }
-async function loadAgeIdentity(storeRoot) {
-    return (await readFile(join(storeRoot, KEY_DIR, "age.key"), "utf-8")).trim();
-}
-/** Sign a raw challenge string — used for outbox authentication.
- * Returns { signature, publicKey } without the full SignedMessage envelope. */
 export async function signChallenge(storeRoot, challenge) {
-    const privateKey = await loadPrivateKey(storeRoot);
-    const publicKey = await loadPublicKeyHex(storeRoot);
-    const signature = sign(null, Buffer.from(challenge), privateKey).toString("base64");
-    return { signature, publicKey };
+    const core = new WasmCore(storeRoot);
+    return core.signChallenge(challenge);
 }
 export async function signMessage(storeRoot, from, message) {
-    const privateKey = await loadPrivateKey(storeRoot);
-    const publicKey = await loadPublicKeyHex(storeRoot);
-    const timestamp = new Date().toISOString();
-    const payload = Buffer.from(`${from}\n${timestamp}\n${message}`);
-    const signature = sign(null, payload, privateKey).toString("base64");
-    // Include our age public key so recipients can encrypt replies without DNS lookup
-    let encryptionKey;
-    try {
-        encryptionKey = await loadAgeRecipient(storeRoot);
-    }
-    catch { }
-    return { from, timestamp, message, signature, publicKey, encryptionKey, encrypted: false };
+    const core = new WasmCore(storeRoot);
+    return core.signMessage(from, message);
 }
-// --- Encrypt-then-sign ---
-// Encrypt first, then sign the ciphertext. This order matters:
-// 1. Proves WHO sent the ciphertext (non-repudiation on the encrypted blob)
-// 2. Prevents Surreptitious Forwarding — signature covers the encrypted form,
-//    so a relay can't strip the signature and re-sign for a different recipient.
-// 3. Signature is verifiable by anyone without needing the decryption key.
 export async function signAndEncrypt(storeRoot, from, plaintext, recipientAgeKey) {
-    const ciphertext = await ageEncrypt(plaintext, recipientAgeKey);
-    const encoded = Buffer.from(ciphertext).toString("base64");
-    const privateKey = await loadPrivateKey(storeRoot);
-    const publicKey = await loadPublicKeyHex(storeRoot);
-    const timestamp = new Date().toISOString();
-    const payload = Buffer.from(`${from}\n${timestamp}\n${encoded}`);
-    const signature = sign(null, payload, privateKey).toString("base64");
-    let encryptionKey;
-    try {
-        encryptionKey = await loadAgeRecipient(storeRoot);
-    }
-    catch { }
-    return { from, timestamp, message: encoded, signature, publicKey, encryptionKey, encrypted: true };
+    const core = new WasmCore(storeRoot);
+    return core.signAndEncrypt(from, plaintext, recipientAgeKey);
 }
 export function verifyMessage(signed) {
     try {
         const payload = Buffer.from(`${signed.from}\n${signed.timestamp}\n${signed.message}`);
         const x = Buffer.from(signed.publicKey.trim(), "hex").toString("base64url");
         const pubKey = createPublicKey({ key: { kty: "OKP", crv: "Ed25519", x }, format: "jwk" });
-        return verify(null, payload, pubKey, Buffer.from(signed.signature, "base64"));
+        return cryptoVerify(null, payload, pubKey, Buffer.from(signed.signature, "base64"));
     }
     catch {
         return false;
@@ -120,24 +57,10 @@ export function verifyMessage(signed) {
 export async function decryptMessage(storeRoot, signed) {
     if (!signed.encrypted)
         return signed.message;
-    const ciphertext = Buffer.from(signed.message, "base64");
-    return await ageDecrypt(ciphertext, storeRoot);
-}
-// --- age encryption ---
-async function ageEncrypt(plaintext, recipientKey) {
-    const e = new Encrypter();
-    e.addRecipient(recipientKey);
-    return await e.encrypt(plaintext);
-}
-async function ageDecrypt(ciphertext, storeRoot) {
-    const identity = await loadAgeIdentity(storeRoot);
-    const d = new Decrypter();
-    d.addIdentity(identity);
-    return await d.decrypt(ciphertext, "text");
+    const core = new WasmCore(storeRoot);
+    return core.decryptMessage(signed);
 }
 // --- Helpers ---
-// XML envelope wrapping — gives LLMs a structured, parseable format with clear
-// trust signals (verified/UNVERIFIED). HTML-escaped to prevent injection into prompts.
 export function wrapExternalMessage(signed, verified) {
     const status = verified ? "verified" : "UNVERIFIED";
     const esc = (s) => s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");

package/dist/store.d.ts

@@ -1,4 +1,5 @@
 import { type KeyringEntry } from "./crypto.js";
+export type { KeyringEntry } from "./crypto.js";
 export interface MeshConfig {
     id: string;
     name: string;
@@ -25,6 +26,7 @@ export declare function validateName(name: string, label?: string): string;
 export declare function resolveKeyring(keyring: KeyringEntry[], query: string): KeyringEntry;
 export declare class ContextStore {
     readonly root: string;
+    private core;
     constructor(root: string);
     get configPath(): string;
     exists(): Promise<boolean>;

package/dist/store.js

@@ -1,21 +1,9 @@
-// --- Store convention ---
-// The context store IS the protocol. Every agent is a directory on disk with a known layout:
-//   CONTEXT.md  — working memory (mutable, private)
-//   PROFILE.md  — public address card (replaces SOUL.md: "soul" implied private identity,
-//                 but this file is shared with peers — "profile" is honest about its visibility)
-//   inbox/      — append-only message queue from other agents
-//   outbox/     — signed envelopes waiting to be delivered
-//   shared/     — files explicitly published to peers
-//   history/    — conversation logs
-//   knowledge/  — reference docs
-//   .keys/      — Ed25519 + age keypairs (gitignored)
-//   .mesh.json  — config, peer list, keyring
-// No database, no daemon required. `ls` is your status command.
-import { readFile, writeFile, mkdir, readdir, appendFile } from "node:fs/promises";
-import { join, resolve } from "node:path";
+// --- Store module ---
+// Delegates to Rust WASM core for all store operations.
+// Same public API — cli.ts, sync.ts, mcp.ts, watch.ts don't change.
+import { resolve } from "node:path";
 import { existsSync } from "node:fs";
-import { generateKeys, signMessage, signAndEncrypt, verifyMessage, decryptMessage, deserializeSignedMessage, serializeSignedMessage, wrapExternalMessage, fingerprint, } from "./crypto.js";
-const STORE_DIRS = ["history", "knowledge", "inbox", "outbox", "shared", ".peers"];
+import { WasmCore } from "./wasm-core.js";
 /** Validate agent/peer names: alphanumeric + hyphens + underscores + dots, 1-64 chars.
  *  Rejects path traversal (../, /, \) and rsync glob chars (*, ?, [). */
 export function validateName(name, label = "Name") {
@@ -36,7 +24,6 @@ export function resolveKeyring(keyring, query) {
     let name;
     let fpPrefix;
     if (query.includes(":")) {
-        // name:FINGERPRINT format — split on LAST colon group that looks like hex
         const colonIdx = query.lastIndexOf(":");
         const maybeFp = query.slice(colonIdx + 1);
         if (/^[0-9a-fA-F]{4,16}$/.test(maybeFp)) {
@@ -50,14 +37,11 @@ export function resolveKeyring(keyring, query) {
     else {
         name = query;
     }
-    // Match by name (or address prefix)
     let matches = keyring.filter((k) => k.name === name || k.address.startsWith(`${name}@`));
-    // If no name match, try bare fingerprint prefix
     if (matches.length === 0 && /^[0-9a-fA-F]{4,16}$/.test(query)) {
         const upper = query.toUpperCase();
         matches = keyring.filter((k) => k.fingerprint.replace(/:/g, "").startsWith(upper));
     }
-    // Filter by fingerprint prefix if provided
     if (fpPrefix && matches.length > 1) {
         matches = matches.filter((k) => k.fingerprint.replace(/:/g, "").startsWith(fpPrefix));
     }
@@ -72,264 +56,65 @@ export function resolveKeyring(keyring, query) {
 }
 export class ContextStore {
     root;
+    core;
     constructor(root) {
         this.root = resolve(root);
+        this.core = new WasmCore(this.root);
     }
     get configPath() {
-        return join(this.root, ".mesh.json");
+        return `${this.root}/.mesh.json`;
     }
     async exists() {
         return existsSync(this.configPath);
     }
     async init(name, id) {
-        await mkdir(this.root, { recursive: true });
-        for (const dir of STORE_DIRS) {
-            await mkdir(join(this.root, dir), { recursive: true });
-        }
-        // Copy templates
-        const templatesDir = new URL("../templates/", import.meta.url).pathname;
-        for (const file of ["CONTEXT.md", "PROFILE.md"]) {
-            const templatePath = join(templatesDir, file);
-            const destPath = join(this.root, file);
-            if (!existsSync(destPath)) {
-                const content = await readFile(templatePath, "utf-8");
-                await writeFile(destPath, content);
-            }
-        }
-        const keys = await generateKeys(this.root);
-        const config = {
-            id,
-            name,
-            created: new Date().toISOString(),
-            publicKey: keys.publicKey,
-            encryptionKey: keys.encryptionKey,
-            peers: [],
-            keyring: [],
-        };
-        await this.writeConfig(config);
+        await this.core.init(name, id);
     }
-    // Shared workspace: multiple agents mount the same directory.
-    // CHARTER.md = system prompt (purpose, rules). CONTEXT.md = shared working memory.
-    // tasks/ for coordination, messages/{agent}/ for DMs, _broadcast/ for all-hands.
     async initWorkspace(name, id) {
-        await mkdir(this.root, { recursive: true });
-        for (const dir of ["tasks", "messages", "_broadcast", "shared", "history"]) {
-            await mkdir(join(this.root, dir), { recursive: true });
-        }
-        const templatesDir = new URL("../templates/", import.meta.url).pathname;
-        for (const file of ["CHARTER.md", "CONTEXT.md"]) {
-            const templatePath = join(templatesDir, file);
-            const destPath = join(this.root, file);
-            if (!existsSync(destPath)) {
-                const content = await readFile(templatePath, "utf-8");
-                await writeFile(destPath, content);
-            }
-        }
-        // Workspaces auto-trust: all imported keys are trusted by default.
-        // Safe because workspaces are private — you control who joins.
-        const config = {
-            id,
-            name,
-            created: new Date().toISOString(),
-            peers: [],
-            keyring: [],
-            autoTrust: true,
-        };
-        await this.writeConfig(config);
+        await this.core.initWorkspace(name, id);
     }
     async readConfig() {
-        const raw = await readFile(this.configPath, "utf-8");
-        const config = JSON.parse(raw);
-        // Migrate legacy trustedKeys → keyring (v0.1 stored bare public keys in a flat array;
-        // v0.2+ uses a GPG-style keyring with trust levels, fingerprints, and encryption keys)
-        if (config.trustedKeys && config.trustedKeys.length > 0) {
-            if (!config.keyring)
-                config.keyring = [];
-            for (const key of config.trustedKeys) {
-                const k = key.trim();
-                if (!k || config.keyring.some((e) => e.signingKey === k))
-                    continue;
-                config.keyring.push({
-                    name: `migrated-${k.slice(0, 8)}`,
-                    address: "",
-                    signingKey: k,
-                    fingerprint: fingerprint(k),
-                    trusted: true,
-                    added: new Date().toISOString(),
-                });
-            }
-            delete config.trustedKeys;
-            await this.writeConfig(config);
-        }
+        const config = await this.core.readConfig();
+        // Rust skips empty arrays with skip_serializing_if — ensure keyring/peers always exist
         if (!config.keyring)
             config.keyring = [];
+        if (!config.peers)
+            config.peers = [];
         return config;
     }
     async writeConfig(config) {
-        await writeFile(this.configPath, JSON.stringify(config, null, 2) + "\n");
+        await this.core.writeConfig(config);
     }
     async readContext() {
-        return readFile(join(this.root, "CONTEXT.md"), "utf-8");
+        return this.core.readContext();
     }
     async writeContext(content) {
-        await writeFile(join(this.root, "CONTEXT.md"), content);
+        await this.core.writeContext(content);
     }
-    // --- Context compaction ---
-    // Agents mark sections as [DONE] when work is complete. `openfuse compact`
-    // moves done sections to history/YYYY-MM-DD.md, keeping CONTEXT.md lean.
-    // Sections are delimited by markdown headers (## or ###).
     async compactContext() {
-        const content = await this.readContext();
-        const lines = content.split("\n");
-        const kept = [];
-        const done = [];
-        let current = [];
-        let currentDone = false;
-        const flush = () => {
-            if (current.length > 0) {
-                (currentDone ? done : kept).push(current.join("\n"));
-                current = [];
-                currentDone = false;
-            }
-        };
-        for (const line of lines) {
-            if (/^#{1,3}\s/.test(line)) {
-                flush();
-                currentDone = /\[DONE\]/i.test(line);
-            }
-            current.push(line);
-        }
-        flush();
-        if (done.length === 0)
-            return { moved: 0, kept: kept.length };
-        // Write kept sections back to CONTEXT.md
-        await this.writeContext(kept.join("\n\n") || "# Context\n\n*Working memory — what's happening right now.*\n");
-        // Append done sections to history/YYYY-MM-DD.md
-        const historyDir = join(this.root, "history");
-        await mkdir(historyDir, { recursive: true });
-        const dateStr = new Date().toISOString().split("T")[0];
-        const historyFile = join(historyDir, `${dateStr}.md`);
-        const header = existsSync(historyFile) ? "\n---\n\n" : `# Context History — ${dateStr}\n\n`;
-        await appendFile(historyFile, header + done.join("\n\n") + "\n");
-        return { moved: done.length, kept: kept.length };
+        return this.core.compact();
     }
     async readProfile() {
-        return readFile(join(this.root, "PROFILE.md"), "utf-8");
+        return this.core.readProfile();
     }
     async writeProfile(content) {
-        await writeFile(join(this.root, "PROFILE.md"), content);
+        await this.core.writeProfile(content);
     }
-    // --- Inbox ---
     async sendInbox(peerId, message) {
         const config = await this.readConfig();
-        // Resolve recipient from keyring — supports name, name:fingerprint, or bare fingerprint.
-        // Throws if ambiguous or not found.
-        const entry = resolveKeyring(config.keyring, peerId);
-        let signed;
-        if (entry.encryptionKey) {
-            signed = await signAndEncrypt(this.root, config.name, message, entry.encryptionKey);
-        }
-        else {
-            signed = await signMessage(this.root, config.name, message);
-        }
-        const shortFp = entry.fingerprint.replace(/:/g, "").slice(0, 8);
-        const recipientDir = `${peerId}-${shortFp}`;
-        const outboxDir = join(this.root, "outbox", recipientDir);
-        await mkdir(outboxDir, { recursive: true });
-        const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
-        const filename = `${timestamp}_from-${config.name}.json`;
-        await writeFile(join(outboxDir, filename), serializeSignedMessage(signed));
-        return `${recipientDir}/${filename}`;
+        await this.core.sendInbox(peerId, message, config.name);
+        return peerId;
     }
     async readInbox() {
-        const inboxDir = join(this.root, "inbox");
-        if (!existsSync(inboxDir))
-            return [];
-        const config = await this.readConfig();
-        const files = await readdir(inboxDir);
-        const messages = [];
-        for (const file of files.filter((f) => f.endsWith(".json") || f.endsWith(".md"))) {
-            const raw = await readFile(join(inboxDir, file), "utf-8");
-            const signed = deserializeSignedMessage(raw);
-            if (signed) {
-                const sigValid = verifyMessage(signed);
-                // Identity binding: verify BOTH that the key is trusted AND that the claimed
-                // sender name matches the name we associated with that key in our keyring.
-                // Without this, a trusted agent could forge the "from" field and impersonate
-                // someone else while still showing [VERIFIED].
-                const keyMatchesName = (k) => k.signingKey.trim() === signed.publicKey.trim() &&
-                    (k.name === signed.from || k.address.startsWith(`${signed.from}@`));
-                const trusted = config.autoTrust
-                    ? config.keyring.some(keyMatchesName)
-                    : config.keyring.some((k) => k.trusted && keyMatchesName(k));
-                const verified = sigValid && trusted;
-                let content;
-                if (signed.encrypted) {
-                    try {
-                        content = await decryptMessage(this.root, signed);
-                    }
-                    catch {
-                        content = "[encrypted — cannot decrypt]";
-                    }
-                }
-                else {
-                    content = signed.message;
-                }
-                messages.push({
-                    file,
-                    content,
-                    wrappedContent: wrapExternalMessage(signed, verified),
-                    from: signed.from,
-                    time: signed.timestamp,
-                    verified,
-                    encrypted: !!signed.encrypted,
-                });
-            }
-            else {
-                const parts = file.replace(/\.(md|json)$/, "").split("_");
-                const from = parts.slice(1).join("_");
-                messages.push({
-                    file,
-                    content: raw,
-                    wrappedContent: wrapExternalMessage({ from, timestamp: parts[0], message: raw, signature: "", publicKey: "" }, false),
-                    from,
-                    time: parts[0],
-                    verified: false,
-                    encrypted: false,
-                });
-            }
-        }
-        return messages.sort((a, b) => a.time.localeCompare(b.time));
+        return this.core.readInbox();
     }
-    // --- Shared files ---
     async listShared() {
-        const sharedDir = join(this.root, "shared");
-        if (!existsSync(sharedDir))
-            return [];
-        return readdir(sharedDir);
+        return this.core.listShared();
     }
     async share(filename, content) {
-        // Path traversal defense: basename extraction + ".." rejection.
-        // Critical because MCP tools pass user-supplied filenames directly.
-        const base = filename.split("/").pop().split("\\").pop();
-        if (!base || base === "." || base === ".." || base.includes("..")) {
-            throw new Error(`Invalid filename: ${filename}`);
-        }
-        const sharedDir = join(this.root, "shared");
-        await mkdir(sharedDir, { recursive: true });
-        await writeFile(join(sharedDir, base), content);
+        await this.core.share(filename, content);
     }
-    // --- Status ---
     async status() {
-        const config = await this.readConfig();
-        const inbox = await this.readInbox();
-        const shared = await this.listShared();
-        return {
-            id: config.id,
-            name: config.name,
-            peers: config.peers.length,
-            inboxCount: inbox.length,
-            sharedCount: shared.length,
-        };
+        return this.core.status();
     }
 }