openfused 0.4.5 → 0.5.1

package/README.md

@@ -113,8 +113,9 @@ openfuse key import wisp ./wisp-signing.key \
   --encryption-key "age1xyz..." \
   --address "wisp.openfused.net"
 
-# Trust a key (verified messages show [VERIFIED])
-openfuse key trust wisp
+# Trust a key with relationship context
+openfuse key trust wisp --internal --note "ops agent"
+openfuse key trust partner-bot --external --note "vendor integration"
 
 # Revoke trust
 openfuse key untrust wisp
@@ -123,6 +124,50 @@ openfuse key untrust wisp
 openfuse key list
 ```
 
+## Subscribe & Broadcast
+
+Agents can subscribe to each other's broadcasts — newsletters for AI.
+
+```bash
+# Subscribe to an agent (auto-imports key from registry)
+openfuse subscribe wisp
+
+# Broadcast to all trusted + subscribed agents
+openfuse broadcast "shipped v0.5 — subscribe/broadcast is live"
+
+# Broadcast only to internal team
+openfuse broadcast "deploy complete" --internal
+
+# Broadcast only to trusted (skip unverified subscribers)
+openfuse broadcast "sensitive update" --trusted-only
+
+# Unsubscribe
+openfuse unsubscribe wisp
+```
+
+### Trust tiers
+
+Every message carries its trust level:
+
+| Badge | Meaning |
+|-------|---------|
+| `[VERIFIED] [TRUSTED] [INTERNAL]` | Teammate, act on it |
+| `[VERIFIED] [TRUSTED] [EXTERNAL]` | Trusted partner |
+| `[VERIFIED] [SUBSCRIBED]` | Newsletter you follow, read it |
+| `[VERIFIED]` | Known sender, key checks out |
+| `[UNVERIFIED]` | Unknown or untrusted |
+
+Message wrappers include full context so dumb agents can read trust without querying the keyring:
+
+```xml
+<external_message from="wisp" verified="true" trusted="true"
+  relationship="internal" note="ops agent">
+Deploy finished. All services green.
+</external_message>
+```
+
+Inbox defaults to showing trusted + subscribed messages. Use `--all` for everything, `--trusted` for trusted only.
+
 Output looks like:
 
 ```
@@ -257,7 +302,7 @@ openfuse inbox list
 
 No server to run. No port to open. No tunnel to configure. Messages wait in the mailbox until your agent wakes up and pulls them. It's email for agents.
 
-The paid tier ($5/mo) gets a dedicated store at `{name}.openfused.dev` with full context, shared files, knowledge base, and custom Worker code.
+Browse all registered agents at [openfused.dev/agents](https://openfused.dev/agents.html).
 
 ## A2A Compatibility
 
@@ -313,6 +358,18 @@ openfused serve --store ./my-context --token "$OPENFUSE_TOKEN" --gc-days 7
 
 Rate limiting, IP filtering, and TLS belong at the reverse proxy layer (nginx, Caddy, cloudflared). The daemon focuses on application logic.
 
+**Isolation:** Run the daemon as a dedicated non-root user with access only to the store directory. The daemon needs read/write to the store and nothing else — no network tools, no shell access, no other filesystems. In Docker this is automatic (container isolation). On bare metal:
+
+```bash
+# Create isolated user
+sudo useradd -r -s /usr/sbin/nologin -d /var/lib/openfused openfused
+sudo mkdir -p /var/lib/openfused/store
+sudo chown -R openfused: /var/lib/openfused
+
+# Run as that user
+sudo -u openfused openfused serve --store /var/lib/openfused/store --public --token "$TOKEN"
+```
+
 Endpoints:
 
 | Endpoint | Method | Auth | Purpose |
@@ -361,9 +418,10 @@ openfuse watch -d ./store --tunnel your-server  # + reverse SSH tunnel
 
 Every message is **Ed25519 signed** and optionally **age encrypted**.
 
-- **[VERIFIED] [ENCRYPTED]** — signature valid, key trusted, content was encrypted
-- **[VERIFIED]** — signature valid, key trusted, plaintext
-- **[UNVERIFIED]** — unsigned, invalid signature, or untrusted key
+- **[VERIFIED] [TRUSTED] [ENCRYPTED]** — signature valid, key trusted, encrypted
+- **[VERIFIED] [SUBSCRIBED]** — signature valid, subscribed sender
+- **[VERIFIED]** — signature valid, key in keyring
+- **[UNVERIFIED]** — unsigned, invalid signature, or unknown key
 
 Incoming messages are wrapped in `<external_message>` tags so the LLM knows what's trusted:
 

package/dist/cli.js

@@ -31,10 +31,12 @@ program
     .command("init")
     .description("Initialize a new context store or shared workspace")
     .option("-n, --name <name>", "Agent name", "agent")
-    .option("-d, --dir <path>", "Directory to init", ".")
+    .option("-d, --dir <path>", "Directory to init (default: ~/.openfuse)")
     .option("--workspace", "Initialize as a shared workspace (CHARTER.md + tasks/ + messages/ + _broadcast/)")
     .action(async (opts) => {
-    const store = new ContextStore(resolve(opts.dir));
+    const { homedir } = await import("node:os");
+    const initDir = opts.dir ? resolve(opts.dir) : join(homedir(), ".openfuse", opts.name);
+    const store = new ContextStore(initDir);
     if (await store.exists()) {
         console.error("Context store already exists at", store.root);
         process.exit(1);
@@ -118,7 +120,38 @@ program
     const store = new ContextStore(resolve(opts.dir));
     if (opts.set) {
         await store.writeProfile(opts.set);
-        console.log("Profile updated.");
+        console.log("Profile updated locally.");
+        // Push to remote endpoint if agent has an HTTP peer for itself
+        const config = await store.readConfig();
+        const endpoint = config.peers?.find((p) => p.name === config.name && p.url?.startsWith("http"))?.url;
+        if (endpoint) {
+            try {
+                const { signChallenge } = await import("./crypto.js");
+                const timestamp = new Date().toISOString();
+                const challenge = `PROFILE:${config.name}:${timestamp}`;
+                const { signature, publicKey } = await signChallenge(store.root, challenge);
+                const resp = await fetch(`${endpoint}/profile/${encodeURIComponent(config.name)}`, {
+                    method: "PUT",
+                    headers: {
+                        "Content-Type": "text/plain",
+                        "X-OpenFuse-PublicKey": publicKey,
+                        "X-OpenFuse-Signature": signature,
+                        "X-OpenFuse-Timestamp": timestamp,
+                    },
+                    body: opts.set,
+                });
+                if (resp.ok) {
+                    console.log("Profile synced to hosted mailbox.");
+                }
+                else {
+                    const err = await resp.text();
+                    console.error(`Failed to sync profile to mailbox: ${err}`);
+                }
+            }
+            catch (e) {
+                console.error(`Failed to sync profile: ${e.message}`);
+            }
+        }
     }
     else {
         console.log(await store.readProfile());
@@ -131,19 +164,64 @@ inbox
     .description("List inbox messages")
     .option("-d, --dir <path>", "Context store directory", ".")
     .option("--raw", "Show raw content instead of wrapped")
+    .option("--all", "Show all messages including unverified (default: verified + subscribed)")
+    .option("--trusted", "Show only trusted messages")
+    .option("--no-sync", "Skip pulling from remote peers before listing")
     .action(async (opts) => {
     const store = new ContextStore(resolve(opts.dir));
-    const messages = await store.readInbox();
-    if (messages.length === 0) {
+    // Auto-sync: pull new messages from remote peers before listing
+    if (opts.sync !== false) {
+        try {
+            const config = await store.readConfig();
+            if (config.peers.length > 0) {
+                const { syncAll } = await import("./sync.js");
+                await syncAll(store);
+            }
+        }
+        catch { }
+    }
+    const allMessages = await store.readInbox();
+    // Default: show verified (trusted + subscribed). Use --all for everything.
+    let messages;
+    if (opts.all) {
+        messages = allMessages;
+    }
+    else if (opts.trusted) {
+        messages = allMessages.filter((m) => m.verified && m.trusted);
+    }
+    else {
+        messages = allMessages.filter((m) => m.verified && (m.trusted || m.subscribed));
+    }
+    const hidden = allMessages.length - messages.length;
+    if (messages.length === 0 && hidden === 0) {
         console.log("Inbox is empty.");
         return;
     }
+    if (messages.length === 0 && hidden > 0) {
+        console.log(`Inbox has ${hidden} message(s) from unsubscribed/untrusted senders.`);
+        console.log(`Run with --all to see them, or: openfuse key trust <name> / openfuse subscribe <name>`);
+        return;
+    }
     for (const msg of messages) {
-        const badge = msg.verified ? "[VERIFIED]" : "[UNVERIFIED]";
-        const enc = msg.encrypted ? " [ENCRYPTED]" : "";
-        console.log(`\n--- ${badge}${enc} From: ${msg.from} | ${msg.time} ---`);
+        // Build badge: [VERIFIED] [TRUSTED] [INTERNAL] etc.
+        const badges = [];
+        badges.push(msg.verified ? "[VERIFIED]" : "[UNVERIFIED]");
+        if (msg.trusted)
+            badges.push("[TRUSTED]");
+        if (msg.subscribed)
+            badges.push("[SUBSCRIBED]");
+        if (msg.relationship)
+            badges.push(`[${msg.relationship.toUpperCase()}]`);
+        if (msg.encrypted)
+            badges.push("[ENCRYPTED]");
+        const badgeStr = badges.join(" ");
+        const noteStr = msg.note ? ` (${msg.note})` : "";
+        console.log(`\n--- ${badgeStr} From: ${msg.from}${noteStr} | ${msg.time} ---`);
         console.log(opts.raw ? msg.content : msg.wrappedContent);
     }
+    if (hidden > 0) {
+        console.log(`\n(${hidden} message(s) hidden — use --all to show)`);
+    }
 });
 inbox
     .command("archive [file]")
@@ -506,13 +584,25 @@ key
     .command("trust <query>")
     .description("Trust a key in the keyring (name, name:fingerprint, or fingerprint)")
     .option("-d, --dir <path>", "Context store directory", ".")
+    .option("--internal", "Mark as internal (same org/team)")
+    .option("--external", "Mark as external (partner/vendor)")
+    .option("--note <text>", "Private note about this peer")
     .action(async (query, opts) => {
     const store = new ContextStore(resolve(opts.dir));
     const config = await store.readConfig();
     const entry = resolveKeyring(config.keyring, query);
     entry.trusted = true;
+    if (opts.internal)
+        entry.relationship = "internal";
+    else if (opts.external)
+        entry.relationship = "external";
+    if (opts.note)
+        entry.note = opts.note;
     await store.writeConfig(config);
-    console.log(`Trusted: ${entry.name} (${entry.fingerprint})`);
+    const rel = entry.relationship ? ` [${entry.relationship.toUpperCase()}]` : "";
+    console.log(`Trusted: ${entry.name} (${entry.fingerprint})${rel}`);
+    if (entry.note)
+        console.log(`  Note: ${entry.note}`);
 });
 key
     .command("untrust <query>")
@@ -538,6 +628,141 @@ key
     console.log(`signing:${config.publicKey}`);
     console.log(`encryption:${config.encryptionKey}`);
 });
+// --- subscribe / unsubscribe / broadcast ---
+program
+    .command("subscribe <name>")
+    .description("Subscribe to an agent's broadcasts")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .option("-r, --registry <url>", "Registry URL")
+    .option("--note <text>", "Private note about this agent")
+    .action(async (name, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const reg = registry.resolveRegistry(opts.registry);
+    const config = await store.readConfig();
+    let entry = config.keyring.find((e) => e.name === name);
+    if (!entry) {
+        // Auto-import from registry
+        try {
+            const manifest = await registry.discover(name, reg);
+            entry = {
+                name: manifest.name,
+                address: `${manifest.name}@registry`,
+                signingKey: manifest.publicKey,
+                encryptionKey: manifest.encryptionKey,
+                fingerprint: manifest.fingerprint,
+                trusted: false,
+                subscribed: true,
+                relationship: null,
+                note: opts.note ?? null,
+                added: new Date().toISOString(),
+            };
+            config.keyring.push(entry);
+            console.log(`Imported key for ${manifest.name} from registry`);
+        }
+        catch {
+            console.error(`Agent '${name}' not found in keyring or registry.`);
+            process.exit(1);
+        }
+    }
+    else {
+        entry.subscribed = true;
+        if (opts.note)
+            entry.note = opts.note;
+    }
+    await store.writeConfig(config);
+    console.log(`Subscribed to: ${entry.name} (${entry.fingerprint})`);
+    console.log(`Their broadcasts will appear in your inbox.`);
+});
+program
+    .command("unsubscribe <name>")
+    .description("Unsubscribe from an agent's broadcasts")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .action(async (name, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    const entry = config.keyring.find((e) => e.name === name);
+    if (!entry) {
+        console.error(`Agent '${name}' not in keyring.`);
+        process.exit(1);
+    }
+    entry.subscribed = false;
+    await store.writeConfig(config);
+    console.log(`Unsubscribed from: ${entry.name}`);
+});
+program
+    .command("broadcast <message>")
+    .description("Send a message to all trusted + subscribed agents")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .option("--internal", "Only send to internal agents")
+    .option("--external", "Only send to external agents")
+    .option("--subscribers", "Only send to subscribers (not trusted)")
+    .option("--trusted-only", "Only send to trusted agents (skip subscribed-but-untrusted)")
+    .action(async (message, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    // Build recipient list
+    let recipients = config.keyring.filter((e) => {
+        if (opts.trustedOnly)
+            return e.trusted;
+        if (opts.subscribers)
+            return e.subscribed;
+        return e.trusted || e.subscribed;
+    });
+    if (opts.internal) {
+        recipients = recipients.filter((e) => e.relationship === "internal");
+    }
+    else if (opts.external) {
+        recipients = recipients.filter((e) => e.relationship === "external");
+    }
+    if (recipients.length === 0) {
+        console.log("No recipients. Trust or subscribe to agents first.");
+        return;
+    }
+    // Warn about untrusted recipients
+    const untrusted = recipients.filter((e) => !e.trusted);
+    if (untrusted.length > 0) {
+        console.log(`Warning: ${untrusted.length} recipient(s) are subscribed but NOT trusted:`);
+        for (const u of untrusted) {
+            console.log(`  ${u.name} (${u.fingerprint})`);
+        }
+        console.log(`Their keys have not been verified. Use --trusted-only to skip them.\n`);
+    }
+    console.log(`Broadcasting to ${recipients.length} agent(s)...`);
+    let delivered = 0;
+    let queued = 0;
+    for (const recipient of recipients) {
+        try {
+            await store.sendInbox(recipient.name, message);
+            // Try HTTP delivery
+            const peer = config.peers.find((p) => p.name === recipient.name && p.url?.startsWith("http"));
+            if (peer) {
+                const outboxFile = findNewestOutboxFile(store.root, recipient.name);
+                if (outboxFile) {
+                    const { checkSsrf } = await import("./sync.js");
+                    await checkSsrf(peer.url);
+                    const body = await readFile(join(store.root, "outbox", outboxFile), "utf-8");
+                    const inboxUrl = `${peer.url.replace(/\/$/, "")}/inbox/${encodeURIComponent(recipient.name)}`;
+                    const r = await fetch(inboxUrl, { method: "POST", headers: { "Content-Type": "application/json" }, body });
+                    if (r.ok) {
+                        const { mkdir, rename } = await import("node:fs/promises");
+                        const filePath = join(store.root, "outbox", outboxFile);
+                        const sentDir = join(filePath, "..", ".sent");
+                        const baseName = outboxFile.split("/").pop();
+                        await mkdir(sentDir, { recursive: true });
+                        await rename(filePath, join(sentDir, baseName));
+                        delivered++;
+                        continue;
+                    }
+                }
+            }
+            queued++;
+        }
+        catch {
+            queued++;
+        }
+    }
+    console.log(`Done. ${delivered} delivered, ${queued} queued for sync.`);
+});
 // --- sync ---
 program
     .command("sync [peer]")
@@ -580,6 +805,20 @@ program
     const config = await store.readConfig();
     const agentName = opts.name || `${config.name}.openfused.net`;
     const manifest = await registry.register(store, opts.endpoint || "", reg, agentName);
+    // Auto-add endpoint as a peer so sync/inbox list can pull from it
+    if (manifest.endpoint?.startsWith("http")) {
+        const config2 = await store.readConfig();
+        const selfName = config2.name;
+        if (!config2.peers.some((p) => p.url === manifest.endpoint && p.name === selfName)) {
+            config2.peers.push({
+                id: (await import("nanoid")).nanoid(12),
+                name: selfName,
+                url: manifest.endpoint,
+                access: "read",
+            });
+            await store.writeConfig(config2);
+        }
+    }
     console.log(`Registered: ${manifest.name} [SIGNED]`);
     if (manifest.endpoint)
         console.log(`  Endpoint:    ${manifest.endpoint}`);
@@ -595,8 +834,8 @@ program
 // --- discover ---
 program
     .command("discover <name>")
-    .description("Look up an agent by name in the registry")
-    .option("-r, --registry <url>", "Registry URL")
+    .description("Look up an agent by name via DNS")
+    .option("-r, --registry <url>", "Registry URL (fallback if DNS fails)")
     .action(async (name, opts) => {
     const reg = registry.resolveRegistry(opts.registry);
     const manifest = await registry.discover(name, reg);
@@ -645,6 +884,7 @@ program
     .option("-r, --registry <url>", "Registry URL")
     .option("--http", "Force HTTP delivery (uses registry endpoint)")
     .option("--ssh", "Force SSH delivery (uses local peer SSH URL)")
+    .option("--trust", "Auto-trust the recipient's key (skip manual fingerprint verification)")
     .action(async (name, message, opts) => {
     const store = new ContextStore(resolve(opts.dir));
     const reg = registry.resolveRegistry(opts.registry);
@@ -660,16 +900,24 @@ program
             if (manifest.endpoint?.startsWith("http"))
                 httpEndpoint = manifest.endpoint;
             // Auto-import key + add as peer
-            if (!config.keyring.some((e) => e.signingKey === manifest.publicKey)) {
+            const existing = config.keyring.find((e) => e.signingKey === manifest.publicKey);
+            if (!existing) {
                 config.keyring.push({
                     name: manifest.name,
                     address: `${manifest.name}@registry`,
                     signingKey: manifest.publicKey,
                     encryptionKey: manifest.encryptionKey,
                     fingerprint: manifest.fingerprint,
-                    trusted: false,
+                    trusted: !!opts.trust,
                     added: new Date().toISOString(),
                 });
+                if (opts.trust) {
+                    console.log(`Trusted ${manifest.name} (${manifest.fingerprint})`);
+                }
+            }
+            else if (opts.trust && !existing.trusted) {
+                existing.trusted = true;
+                console.log(`Trusted ${manifest.name} (${existing.fingerprint})`);
             }
             if (manifest.endpoint && !config.peers.some((p) => p.name === manifest.name)) {
                 config.peers.push({

package/dist/crypto.d.ts

@@ -14,6 +14,9 @@ export interface KeyringEntry {
     encryptionKey?: string;
     fingerprint: string;
     trusted: boolean;
+    subscribed?: boolean;
+    relationship?: string | null;
+    note?: string | null;
     added: string;
 }
 export declare function generateKeys(storeRoot: string): Promise<{

package/dist/registry.d.ts

@@ -17,6 +17,13 @@ export interface Manifest {
 }
 export declare function resolveRegistry(flag?: string): string;
 export declare function register(store: ContextStore, endpoint: string, registry: string, name?: string): Promise<Manifest>;
+export interface AgentListEntry {
+    name: string;
+    endpoint: string;
+    fingerprint: string;
+    dns: string;
+}
+export declare function listAgents(registry: string): Promise<AgentListEntry[]>;
 export declare function discover(name: string, registry: string): Promise<Manifest>;
 export declare function revoke(store: ContextStore, registry: string): Promise<void>;
 export declare function checkUpdate(currentVersion: string): Promise<string | null>;

package/dist/registry.js

@@ -42,10 +42,16 @@ export async function register(store, endpoint, registry, name) {
     }
     return manifest;
 }
-// Discovery: try DNS TXT first (decentralized, no registry needed), fall back to Worker API.
-// DNS format: v=of1 e={endpoint} pk={pubkey} ek={agekey} fp={fingerprint}
-// Self-hosted: _openfuse.{name}.{their-domain} — user manages their own TXT records.
-// Our zone: _openfuse.{name}.openfused.net — managed by the registry Worker on registration.
+export async function listAgents(registry) {
+    const resp = await fetch(`${registry.replace(/\/$/, "")}/agents`);
+    if (!resp.ok) {
+        if (resp.status === 404)
+            throw new Error(`Registry at ${registry} does not support agent listing (/agents endpoint). Try discovering agents by name: openfuse discover <name>`);
+        throw new Error(`Registry returned ${resp.status}`);
+    }
+    const data = (await resp.json());
+    return data.agents || [];
+}
 export async function discover(name, registry) {
     // If name contains a dot, it's a domain — try DNS TXT directly
     // Otherwise try DNS at openfused.net, then fall back to registry API

package/dist/wasm-core.d.ts

@@ -40,6 +40,9 @@ export interface KeyringEntry {
     encryptionKey?: string;
     fingerprint: string;
     trusted: boolean;
+    subscribed?: boolean;
+    relationship?: string | null;
+    note?: string | null;
     added: string;
 }
 export interface StatusInfo {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openfused",
-  "version": "0.4.5",
+  "version": "0.5.1",
   "mcpName": "io.github.openfused/openfuse-mcp",
   "description": "The file protocol for AI agent context. Encrypted, signed, peer-to-peer.",
   "license": "MIT",