openfused 0.4.4 → 0.5.0

package/README.md

@@ -68,12 +68,10 @@ history/       — archived [DONE] context
 openfuse context
 openfuse context --append "## Update\nFinished the research phase."
 
-# Mark work as done, then compact to history/ (TS CLI only)
-# (edit CONTEXT.md, add [DONE] to the header, then:)
+# Mark work as done, then compact to history/# (edit CONTEXT.md, add [DONE] to the header, then:)
 openfuse compact
 
-# Add validity windows to time-sensitive context (TS CLI only)
-# <!-- validity: 6h --> for task state, 1d for sprint, 3d for architecture
+# Add validity windows to time-sensitive context# <!-- validity: 6h --> for task state, 1d for sprint, 3d for architecture
 openfuse validate                    # scan for stale entries
 openfuse compact --prune-stale       # archive expired validity windows
 
@@ -315,6 +313,18 @@ openfused serve --store ./my-context --token "$OPENFUSE_TOKEN" --gc-days 7
 
 Rate limiting, IP filtering, and TLS belong at the reverse proxy layer (nginx, Caddy, cloudflared). The daemon focuses on application logic.
 
+**Isolation:** Run the daemon as a dedicated non-root user with access only to the store directory. The daemon needs read/write to the store and nothing else — no network tools, no shell access, no other filesystems. In Docker this is automatic (container isolation). On bare metal:
+
+```bash
+# Create isolated user
+sudo useradd -r -s /usr/sbin/nologin -d /var/lib/openfused openfused
+sudo mkdir -p /var/lib/openfused/store
+sudo chown -R openfused: /var/lib/openfused
+
+# Run as that user
+sudo -u openfused openfused serve --store /var/lib/openfused/store --public --token "$TOKEN"
+```
+
 Endpoints:
 
 | Endpoint | Method | Auth | Purpose |

package/dist/cli.js

@@ -118,7 +118,38 @@ program
     const store = new ContextStore(resolve(opts.dir));
     if (opts.set) {
         await store.writeProfile(opts.set);
-        console.log("Profile updated.");
+        console.log("Profile updated locally.");
+        // Push to remote endpoint if agent has an HTTP peer for itself
+        const config = await store.readConfig();
+        const endpoint = config.peers?.find((p) => p.name === config.name && p.url?.startsWith("http"))?.url;
+        if (endpoint) {
+            try {
+                const { signChallenge } = await import("./crypto.js");
+                const timestamp = new Date().toISOString();
+                const challenge = `PROFILE:${config.name}:${timestamp}`;
+                const { signature, publicKey } = await signChallenge(store.root, challenge);
+                const resp = await fetch(`${endpoint}/profile/${encodeURIComponent(config.name)}`, {
+                    method: "PUT",
+                    headers: {
+                        "Content-Type": "text/plain",
+                        "X-OpenFuse-PublicKey": publicKey,
+                        "X-OpenFuse-Signature": signature,
+                        "X-OpenFuse-Timestamp": timestamp,
+                    },
+                    body: opts.set,
+                });
+                if (resp.ok) {
+                    console.log("Profile synced to hosted mailbox.");
+                }
+                else {
+                    const err = await resp.text();
+                    console.error(`Failed to sync profile to mailbox: ${err}`);
+                }
+            }
+            catch (e) {
+                console.error(`Failed to sync profile: ${e.message}`);
+            }
+        }
     }
     else {
         console.log(await store.readProfile());
@@ -131,19 +162,64 @@ inbox
     .description("List inbox messages")
     .option("-d, --dir <path>", "Context store directory", ".")
     .option("--raw", "Show raw content instead of wrapped")
+    .option("--all", "Show all messages including unverified (default: verified + subscribed)")
+    .option("--trusted", "Show only trusted messages")
+    .option("--no-sync", "Skip pulling from remote peers before listing")
     .action(async (opts) => {
     const store = new ContextStore(resolve(opts.dir));
-    const messages = await store.readInbox();
-    if (messages.length === 0) {
+    // Auto-sync: pull new messages from remote peers before listing
+    if (opts.sync !== false) {
+        try {
+            const config = await store.readConfig();
+            if (config.peers.length > 0) {
+                const { syncAll } = await import("./sync.js");
+                await syncAll(store);
+            }
+        }
+        catch { }
+    }
+    const allMessages = await store.readInbox();
+    // Default: show verified (trusted + subscribed). Use --all for everything.
+    let messages;
+    if (opts.all) {
+        messages = allMessages;
+    }
+    else if (opts.trusted) {
+        messages = allMessages.filter((m) => m.verified && m.trusted);
+    }
+    else {
+        messages = allMessages.filter((m) => m.verified && (m.trusted || m.subscribed));
+    }
+    const hidden = allMessages.length - messages.length;
+    if (messages.length === 0 && hidden === 0) {
         console.log("Inbox is empty.");
         return;
     }
+    if (messages.length === 0 && hidden > 0) {
+        console.log(`Inbox has ${hidden} message(s) from unsubscribed/untrusted senders.`);
+        console.log(`Run with --all to see them, or: openfuse key trust <name> / openfuse subscribe <name>`);
+        return;
+    }
     for (const msg of messages) {
-        const badge = msg.verified ? "[VERIFIED]" : "[UNVERIFIED]";
-        const enc = msg.encrypted ? " [ENCRYPTED]" : "";
-        console.log(`\n--- ${badge}${enc} From: ${msg.from} | ${msg.time} ---`);
+        // Build badge: [VERIFIED] [TRUSTED] [INTERNAL] etc.
+        const badges = [];
+        badges.push(msg.verified ? "[VERIFIED]" : "[UNVERIFIED]");
+        if (msg.trusted)
+            badges.push("[TRUSTED]");
+        if (msg.subscribed)
+            badges.push("[SUBSCRIBED]");
+        if (msg.relationship)
+            badges.push(`[${msg.relationship.toUpperCase()}]`);
+        if (msg.encrypted)
+            badges.push("[ENCRYPTED]");
+        const badgeStr = badges.join(" ");
+        const noteStr = msg.note ? ` (${msg.note})` : "";
+        console.log(`\n--- ${badgeStr} From: ${msg.from}${noteStr} | ${msg.time} ---`);
         console.log(opts.raw ? msg.content : msg.wrappedContent);
     }
+    if (hidden > 0) {
+        console.log(`\n(${hidden} message(s) hidden — use --all to show)`);
+    }
 });
 inbox
     .command("archive [file]")
@@ -185,15 +261,17 @@ inbox
     .option("-d, --dir <path>", "Context store directory", ".")
     .action(async (peerId, message, opts) => {
     const store = new ContextStore(resolve(opts.dir));
-    const filename = await store.sendInbox(peerId, message);
-    // Try immediate delivery — if peer is reachable, deliver now
-    const delivered = await deliverOne(store, peerId, filename);
-    if (delivered) {
-        console.log(`Delivered to ${peerId}.`);
-    }
-    else {
-        console.log(`Queued for ${peerId}. Will deliver on next sync.`);
+    await store.sendInbox(peerId, message);
+    // Find the outbox file we just created
+    const outboxFile = findNewestOutboxFile(store.root, peerId);
+    if (outboxFile) {
+        const delivered = await deliverOne(store, peerId, outboxFile);
+        if (delivered) {
+            console.log(`Delivered to ${peerId}.`);
+            return;
+        }
     }
+    console.log(`Queued for ${peerId}. Will deliver on next sync.`);
 });
 // --- watch ---
 program
@@ -504,13 +582,25 @@ key
     .command("trust <query>")
     .description("Trust a key in the keyring (name, name:fingerprint, or fingerprint)")
     .option("-d, --dir <path>", "Context store directory", ".")
+    .option("--internal", "Mark as internal (same org/team)")
+    .option("--external", "Mark as external (partner/vendor)")
+    .option("--note <text>", "Private note about this peer")
     .action(async (query, opts) => {
     const store = new ContextStore(resolve(opts.dir));
     const config = await store.readConfig();
     const entry = resolveKeyring(config.keyring, query);
     entry.trusted = true;
+    if (opts.internal)
+        entry.relationship = "internal";
+    else if (opts.external)
+        entry.relationship = "external";
+    if (opts.note)
+        entry.note = opts.note;
     await store.writeConfig(config);
-    console.log(`Trusted: ${entry.name} (${entry.fingerprint})`);
+    const rel = entry.relationship ? ` [${entry.relationship.toUpperCase()}]` : "";
+    console.log(`Trusted: ${entry.name} (${entry.fingerprint})${rel}`);
+    if (entry.note)
+        console.log(`  Note: ${entry.note}`);
 });
 key
     .command("untrust <query>")
@@ -536,6 +626,141 @@ key
     console.log(`signing:${config.publicKey}`);
     console.log(`encryption:${config.encryptionKey}`);
 });
+// --- subscribe / unsubscribe / broadcast ---
+program
+    .command("subscribe <name>")
+    .description("Subscribe to an agent's broadcasts")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .option("-r, --registry <url>", "Registry URL")
+    .option("--note <text>", "Private note about this agent")
+    .action(async (name, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const reg = registry.resolveRegistry(opts.registry);
+    const config = await store.readConfig();
+    let entry = config.keyring.find((e) => e.name === name);
+    if (!entry) {
+        // Auto-import from registry
+        try {
+            const manifest = await registry.discover(name, reg);
+            entry = {
+                name: manifest.name,
+                address: `${manifest.name}@registry`,
+                signingKey: manifest.publicKey,
+                encryptionKey: manifest.encryptionKey,
+                fingerprint: manifest.fingerprint,
+                trusted: false,
+                subscribed: true,
+                relationship: null,
+                note: opts.note ?? null,
+                added: new Date().toISOString(),
+            };
+            config.keyring.push(entry);
+            console.log(`Imported key for ${manifest.name} from registry`);
+        }
+        catch {
+            console.error(`Agent '${name}' not found in keyring or registry.`);
+            process.exit(1);
+        }
+    }
+    else {
+        entry.subscribed = true;
+        if (opts.note)
+            entry.note = opts.note;
+    }
+    await store.writeConfig(config);
+    console.log(`Subscribed to: ${entry.name} (${entry.fingerprint})`);
+    console.log(`Their broadcasts will appear in your inbox.`);
+});
+program
+    .command("unsubscribe <name>")
+    .description("Unsubscribe from an agent's broadcasts")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .action(async (name, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    const entry = config.keyring.find((e) => e.name === name);
+    if (!entry) {
+        console.error(`Agent '${name}' not in keyring.`);
+        process.exit(1);
+    }
+    entry.subscribed = false;
+    await store.writeConfig(config);
+    console.log(`Unsubscribed from: ${entry.name}`);
+});
+program
+    .command("broadcast <message>")
+    .description("Send a message to all trusted + subscribed agents")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .option("--internal", "Only send to internal agents")
+    .option("--external", "Only send to external agents")
+    .option("--subscribers", "Only send to subscribers (not trusted)")
+    .option("--trusted-only", "Only send to trusted agents (skip subscribed-but-untrusted)")
+    .action(async (message, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    // Build recipient list
+    let recipients = config.keyring.filter((e) => {
+        if (opts.trustedOnly)
+            return e.trusted;
+        if (opts.subscribers)
+            return e.subscribed;
+        return e.trusted || e.subscribed;
+    });
+    if (opts.internal) {
+        recipients = recipients.filter((e) => e.relationship === "internal");
+    }
+    else if (opts.external) {
+        recipients = recipients.filter((e) => e.relationship === "external");
+    }
+    if (recipients.length === 0) {
+        console.log("No recipients. Trust or subscribe to agents first.");
+        return;
+    }
+    // Warn about untrusted recipients
+    const untrusted = recipients.filter((e) => !e.trusted);
+    if (untrusted.length > 0) {
+        console.log(`Warning: ${untrusted.length} recipient(s) are subscribed but NOT trusted:`);
+        for (const u of untrusted) {
+            console.log(`  ${u.name} (${u.fingerprint})`);
+        }
+        console.log(`Their keys have not been verified. Use --trusted-only to skip them.\n`);
+    }
+    console.log(`Broadcasting to ${recipients.length} agent(s)...`);
+    let delivered = 0;
+    let queued = 0;
+    for (const recipient of recipients) {
+        try {
+            await store.sendInbox(recipient.name, message);
+            // Try HTTP delivery
+            const peer = config.peers.find((p) => p.name === recipient.name && p.url?.startsWith("http"));
+            if (peer) {
+                const outboxFile = findNewestOutboxFile(store.root, recipient.name);
+                if (outboxFile) {
+                    const { checkSsrf } = await import("./sync.js");
+                    await checkSsrf(peer.url);
+                    const body = await readFile(join(store.root, "outbox", outboxFile), "utf-8");
+                    const inboxUrl = `${peer.url.replace(/\/$/, "")}/inbox/${encodeURIComponent(recipient.name)}`;
+                    const r = await fetch(inboxUrl, { method: "POST", headers: { "Content-Type": "application/json" }, body });
+                    if (r.ok) {
+                        const { mkdir, rename } = await import("node:fs/promises");
+                        const filePath = join(store.root, "outbox", outboxFile);
+                        const sentDir = join(filePath, "..", ".sent");
+                        const baseName = outboxFile.split("/").pop();
+                        await mkdir(sentDir, { recursive: true });
+                        await rename(filePath, join(sentDir, baseName));
+                        delivered++;
+                        continue;
+                    }
+                }
+            }
+            queued++;
+        }
+        catch {
+            queued++;
+        }
+    }
+    console.log(`Done. ${delivered} delivered, ${queued} queued for sync.`);
+});
 // --- sync ---
 program
     .command("sync [peer]")
@@ -578,6 +803,20 @@ program
     const config = await store.readConfig();
     const agentName = opts.name || `${config.name}.openfused.net`;
     const manifest = await registry.register(store, opts.endpoint || "", reg, agentName);
+    // Auto-add endpoint as a peer so sync/inbox list can pull from it
+    if (manifest.endpoint?.startsWith("http")) {
+        const config2 = await store.readConfig();
+        const selfName = config2.name;
+        if (!config2.peers.some((p) => p.url === manifest.endpoint && p.name === selfName)) {
+            config2.peers.push({
+                id: (await import("nanoid")).nanoid(12),
+                name: selfName,
+                url: manifest.endpoint,
+                access: "read",
+            });
+            await store.writeConfig(config2);
+        }
+    }
     console.log(`Registered: ${manifest.name} [SIGNED]`);
     if (manifest.endpoint)
         console.log(`  Endpoint:    ${manifest.endpoint}`);
@@ -593,8 +832,8 @@ program
 // --- discover ---
 program
     .command("discover <name>")
-    .description("Look up an agent by name in the registry")
-    .option("-r, --registry <url>", "Registry URL")
+    .description("Look up an agent by name via DNS")
+    .option("-r, --registry <url>", "Registry URL (fallback if DNS fails)")
     .action(async (name, opts) => {
     const reg = registry.resolveRegistry(opts.registry);
     const manifest = await registry.discover(name, reg);
@@ -643,6 +882,7 @@ program
     .option("-r, --registry <url>", "Registry URL")
     .option("--http", "Force HTTP delivery (uses registry endpoint)")
     .option("--ssh", "Force SSH delivery (uses local peer SSH URL)")
+    .option("--trust", "Auto-trust the recipient's key (skip manual fingerprint verification)")
     .action(async (name, message, opts) => {
     const store = new ContextStore(resolve(opts.dir));
     const reg = registry.resolveRegistry(opts.registry);
@@ -658,16 +898,24 @@ program
             if (manifest.endpoint?.startsWith("http"))
                 httpEndpoint = manifest.endpoint;
             // Auto-import key + add as peer
-            if (!config.keyring.some((e) => e.signingKey === manifest.publicKey)) {
+            const existing = config.keyring.find((e) => e.signingKey === manifest.publicKey);
+            if (!existing) {
                 config.keyring.push({
                     name: manifest.name,
                     address: `${manifest.name}@registry`,
                     signingKey: manifest.publicKey,
                     encryptionKey: manifest.encryptionKey,
                     fingerprint: manifest.fingerprint,
-                    trusted: false,
+                    trusted: !!opts.trust,
                     added: new Date().toISOString(),
                 });
+                if (opts.trust) {
+                    console.log(`Trusted ${manifest.name} (${manifest.fingerprint})`);
+                }
+            }
+            else if (opts.trust && !existing.trusted) {
+                existing.trusted = true;
+                console.log(`Trusted ${manifest.name} (${existing.fingerprint})`);
             }
             if (manifest.endpoint && !config.peers.some((p) => p.name === manifest.name)) {
                 config.peers.push({

package/dist/crypto.d.ts

@@ -14,6 +14,9 @@ export interface KeyringEntry {
     encryptionKey?: string;
     fingerprint: string;
     trusted: boolean;
+    subscribed?: boolean;
+    relationship?: string | null;
+    note?: string | null;
     added: string;
 }
 export declare function generateKeys(storeRoot: string): Promise<{

package/dist/registry.d.ts

@@ -17,6 +17,13 @@ export interface Manifest {
 }
 export declare function resolveRegistry(flag?: string): string;
 export declare function register(store: ContextStore, endpoint: string, registry: string, name?: string): Promise<Manifest>;
+export interface AgentListEntry {
+    name: string;
+    endpoint: string;
+    fingerprint: string;
+    dns: string;
+}
+export declare function listAgents(registry: string): Promise<AgentListEntry[]>;
 export declare function discover(name: string, registry: string): Promise<Manifest>;
 export declare function revoke(store: ContextStore, registry: string): Promise<void>;
 export declare function checkUpdate(currentVersion: string): Promise<string | null>;

package/dist/registry.js

@@ -42,10 +42,16 @@ export async function register(store, endpoint, registry, name) {
     }
     return manifest;
 }
-// Discovery: try DNS TXT first (decentralized, no registry needed), fall back to Worker API.
-// DNS format: v=of1 e={endpoint} pk={pubkey} ek={agekey} fp={fingerprint}
-// Self-hosted: _openfuse.{name}.{their-domain} — user manages their own TXT records.
-// Our zone: _openfuse.{name}.openfused.net — managed by the registry Worker on registration.
+export async function listAgents(registry) {
+    const resp = await fetch(`${registry.replace(/\/$/, "")}/agents`);
+    if (!resp.ok) {
+        if (resp.status === 404)
+            throw new Error(`Registry at ${registry} does not support agent listing (/agents endpoint). Try discovering agents by name: openfuse discover <name>`);
+        throw new Error(`Registry returned ${resp.status}`);
+    }
+    const data = (await resp.json());
+    return data.agents || [];
+}
 export async function discover(name, registry) {
     // If name contains a dot, it's a domain — try DNS TXT directly
     // Otherwise try DNS at openfused.net, then fall back to registry API

package/dist/sync.js

@@ -247,7 +247,9 @@ async function syncHttp(store, peer, baseUrl, peerDir) {
                 // Sanitize outboxFile — it comes from the remote peer's response and could
                 // contain path traversal characters (e.g., "../../inbox/important.json").
                 const rawOutboxFile = msg._outboxFile || "";
-                const outboxFile = rawOutboxFile.replace(/[^a-zA-Z0-9_\-. ]/g, "");
+                // Allow / for subdir paths (e.g., "name-FP/filename.json") but strip
+                // path traversal (..) and other dangerous chars.
+                const outboxFile = rawOutboxFile.replace(/\.\./g, "").replace(/[^a-zA-Z0-9_\-./ ]/g, "");
                 const dest = join(inboxDir, fname);
                 if (!existsSync(dest)) {
                     // Strip the _outboxFile metadata before saving
@@ -340,9 +342,14 @@ async function syncSsh(store, peer, host, remotePath, peerDir) {
     const pulled = [];
     const pushed = [];
     const errors = [];
+    const esc = (s) => s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
     for (const file of ["CONTEXT.md", "PROFILE.md"]) {
         try {
             await execFile("rsync", ["-az", `${host}:${remotePath}/${file}`, join(peerDir, file)]);
+            // Wrap in unverified tags — SSH-synced content is untrusted external input
+            const raw = sanitizePeerContent(await readFile(join(peerDir, file), "utf-8"));
+            const wrapped = `<external_content_unverified from="${esc(peer.name)}" file="${esc(file)}">\n${raw}\n</external_content_unverified>`;
+            await writeFile(join(peerDir, file), wrapped);
             pulled.push(file);
         }
         catch (e) {
@@ -354,6 +361,17 @@ async function syncSsh(store, peer, host, remotePath, peerDir) {
         await mkdir(localDir, { recursive: true });
         try {
             await execFile("rsync", ["-az", "--delete", `${host}:${remotePath}/${dir}/`, `${localDir}/`]);
+            // Wrap each file in unverified tags
+            const { readdirSync } = await import("node:fs");
+            for (const fname of readdirSync(localDir)) {
+                const fpath = join(localDir, fname);
+                try {
+                    const raw = sanitizePeerContent(await readFile(fpath, "utf-8"));
+                    const wrapped = `<external_content_unverified from="${esc(peer.name)}" file="${esc(`${dir}/${fname}`)}">\n${raw}\n</external_content_unverified>`;
+                    await writeFile(fpath, wrapped);
+                }
+                catch { }
+            }
             pulled.push(`${dir}/`);
         }
         catch (e) {

package/dist/wasm-core.d.ts

@@ -40,6 +40,9 @@ export interface KeyringEntry {
     encryptionKey?: string;
     fingerprint: string;
     trusted: boolean;
+    subscribed?: boolean;
+    relationship?: string | null;
+    note?: string | null;
     added: string;
 }
 export interface StatusInfo {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openfused",
-  "version": "0.4.4",
+  "version": "0.5.0",
   "mcpName": "io.github.openfused/openfuse-mcp",
   "description": "The file protocol for AI agent context. Encrypted, signed, peer-to-peer.",
   "license": "MIT",