PyPI - meshcode - Versions diffs - 1.3.0__tar.gz → 1.5.0__tar.gz - Mend

meshcode 1.3.0tar.gz → 1.5.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

{meshcode-1.3.0 → meshcode-1.5.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 1.3.0
+Version: 1.5.0
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT
@@ -21,6 +21,7 @@ Description-Content-Type: text/markdown
 Requires-Dist: mcp[cli]>=1.0.0
 Requires-Dist: websockets>=12.0
 Requires-Dist: realtime>=2.0.0
+Requires-Dist: keyring>=24.0
 # MeshCode

{meshcode-1.3.0 → meshcode-1.5.0}/meshcode/__init__.py RENAMED Viewed

@@ -1,2 +1,2 @@
 """MeshCode — Real-time communication between AI agents."""
-__version__ = "1.3.0"
+__version__ = "1.5.0"

{meshcode-1.3.0 → meshcode-1.5.0}/meshcode/comms_v4.py RENAMED Viewed

@@ -1396,13 +1396,13 @@ def connect(project, name, hook_target="claude", role=""):
     print(f"[MESHCODE] Plataforma detectada: {os_name}")
     print(f"[MESHCODE] Conectando a meshwork '{project}' como '{name}'...")
-    # Check for saved credentials
-    creds_path = Path.home() / ".meshcode" / "credentials.json"
-    if creds_path.exists():
+    # Show logged-in user (from non-secret metadata, NOT the api key file)
+    meta_path = Path.home() / ".meshcode" / "profile_meta.json"
+    if meta_path.exists():
         try:
-            creds = json.loads(creds_path.read_text())
-            print(f"[MESHCODE] Autenticado como {creds.get('display_name', creds.get('email', '?'))}")
-        except:
+            meta = json.loads(meta_path.read_text())
+            print(f"[MESHCODE] Autenticado como {meta.get('display_name', meta.get('email', '?'))}")
+        except Exception:
             pass
     # Register agent
@@ -1453,23 +1453,57 @@ def connect(project, name, hook_target="claude", role=""):
 def login(api_key):
-    """Authenticate with API key and save credentials locally."""
+    """Authenticate with API key and save it to the OS keychain.
+    1.4.1+ stores api keys in the OS keychain (macOS Keychain, Linux
+    libsecret, Windows Credential Manager) instead of plain text on disk.
+    A small metadata file at ~/.meshcode/profile_meta.json holds the
+    user_id / email / display_name (no secrets) so the rest of the CLI
+    can show "Logged in as ..." without hitting Supabase every call.
+    """
     result = sb_rpc("mc_validate_api_key", {"p_api_key": api_key})
     if not result or not result.get("valid"):
         print("[MESHCODE] API key inválida o expirada")
         return False
-    # Save credentials
+    # Lazy import to avoid pulling keyring at every CLI startup if not needed
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+    except Exception as e:
+        print(f"[MESHCODE] ERROR: cannot load secrets module: {e}")
+        return False
+    meta = {
+        "user_id": result.get("user_id"),
+        "email": result.get("email"),
+        "display_name": result.get("display_name"),
+    }
+    if not secrets_mod.set_api_key(api_key, profile=secrets_mod.DEFAULT_PROFILE, meta=meta):
+        print("[MESHCODE] ERROR: could not store api key in keychain")
+        return False
+    # Also persist non-secret metadata so we can show the logged-in user
     config_dir = Path.home() / ".meshcode"
     config_dir.mkdir(exist_ok=True)
-    creds = {
-        "api_key": api_key,
-        "user_id": result["user_id"],
-        "email": result["email"],
-        "display_name": result["display_name"]
-    }
-    (config_dir / "credentials.json").write_text(json.dumps(creds, indent=2))
+    meta_path = config_dir / "profile_meta.json"
+    meta_path.write_text(json.dumps(meta, indent=2))
+    try:
+        os.chmod(meta_path, 0o600)
+    except Exception:
+        pass
+    # Drop the migration flag so we don't try to re-migrate next run
+    flag = config_dir / ".migrated_to_keychain"
+    if not flag.exists():
+        try:
+            flag.write_text("login")
+        except Exception:
+            pass
+    backend = secrets_mod.keyring_status().get("backend", "?")
     print(f"[MESHCODE] Autenticado como {result['display_name']} ({result['email']})")
+    print(f"[MESHCODE]   API key stored in OS keychain ({backend})")
     return True
@@ -1658,6 +1692,14 @@ def parse_flags(argv):
 if __name__ == "__main__":
+    # One-shot migration: pre-1.4.1 plain-text credentials.json → OS keychain.
+    # Idempotent and safe; runs once per machine then drops a flag file.
+    try:
+        import importlib as _imp
+        _imp.import_module("meshcode.secrets").migrate_legacy_credentials()
+    except Exception:
+        pass
     if len(sys.argv) < 2:
         show_help()
         sys.exit(0)
@@ -1908,6 +1950,66 @@ if __name__ == "__main__":
         _run = importlib.import_module("meshcode.run_agent").run
         sys.exit(_run(agent, project=proj_override, editor_override=editor_override))
+    elif cmd == "invite":
+        # meshcode invite <project> <agent> [--role "..."] [--days N]
+        if len(pos) < 2:
+            print("Usage: meshcode invite <project> <agent> [--role \"...\"] [--days 7]")
+            sys.exit(1)
+        proj = pos[0]
+        agent = pos[1]
+        role = flags.get("role", "")
+        days = int(flags.get("days", "7") or 7)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_invite(proj, agent, role=role, days=days))
+    elif cmd == "join":
+        # meshcode join <invite-token> [--display-name "alice"]
+        if len(sys.argv) < 3:
+            print("Usage: meshcode join <invite-token> [--display-name \"your name\"]")
+            sys.exit(1)
+        token = sys.argv[2] if not sys.argv[2].startswith("--") else (pos[0] if pos else "")
+        display = flags.get("display-name") or flags.get("name")
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_join(token, display_name=display))
+    elif cmd == "invites":
+        # meshcode invites <project> — list outstanding invites
+        if len(pos) < 1:
+            print("Usage: meshcode invites <project>")
+            sys.exit(1)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_list_invites(pos[0]))
+    elif cmd == "members":
+        # meshcode members <project> — list members
+        if len(pos) < 1:
+            print("Usage: meshcode members <project>")
+            sys.exit(1)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_list_members(pos[0]))
+    elif cmd == "revoke-invite":
+        # meshcode revoke-invite <invite-id>
+        if len(pos) < 1:
+            print("Usage: meshcode revoke-invite <invite-id>")
+            sys.exit(1)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_revoke_invite(pos[0]))
+    elif cmd == "revoke-member":
+        # meshcode revoke-member <project> <member-user-id>
+        if len(pos) < 2:
+            print("Usage: meshcode revoke-member <project> <member-user-id>")
+            sys.exit(1)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_revoke_member(pos[0], pos[1]))
     elif cmd == "login":
         key = sys.argv[2] if len(sys.argv) > 2 else ""
         if not key:

meshcode-1.5.0/meshcode/invites.py ADDED Viewed

@@ -0,0 +1,363 @@
+"""Invite + join CLI helpers (Phase 7B).
+Lets users:
+  meshcode invite <project> <agent> [--role "..."] [--days 7]
+      → owner generates an invite token + share URL for one specific
+        agent slot in their meshwork
+  meshcode join <token> [--display-name "alice"]
+      → friend redeems the invite, gets a scoped api key tied to one
+        meshwork + one agent name, stores it in the OS keychain under
+        a per-mesh profile, and creates a workspace ready to launch
+  meshcode invites <project>
+      → list outstanding + redeemed invites for a meshwork
+  meshcode members <project>
+      → list members of a meshwork
+  meshcode revoke-invite <invite-id>
+      → cancel an outstanding invite (or kick the redeemer if already in)
+  meshcode revoke-member <project> <member-user-id>
+      → kick a member out of a meshwork
+All RPCs run via the publishable Supabase key + the user's own api_key
+for ownership validation. Scoped guest keys never see the owner's main
+key — they get a narrow key that only works on their one agent slot.
+"""
+from __future__ import annotations
+import json
+import os
+import sys
+from pathlib import Path
+from typing import Any, Dict, Optional
+from urllib.error import HTTPError, URLError
+from urllib.request import Request, urlopen
+# ============================================================
+# Supabase RPC helpers
+# ============================================================
+_DEFAULT_SUPABASE_URL = "https://wwgzzmydrwrjgaebspdo.supabase.co"
+_DEFAULT_SUPABASE_KEY = "sb_publishable_0qf0U1GURopPIxLR8Vu7eQ_5grflPP4"
+def _sb() -> Dict[str, str]:
+    url = os.environ.get("SUPABASE_URL", "") or _DEFAULT_SUPABASE_URL
+    key = os.environ.get("SUPABASE_KEY", "") or _DEFAULT_SUPABASE_KEY
+    return {"url": url, "key": key}
+def _rpc(name: str, body: Dict[str, Any]) -> Optional[Dict[str, Any]]:
+    sb = _sb()
+    req = Request(
+        f"{sb['url']}/rest/v1/rpc/{name}",
+        data=json.dumps(body).encode(),
+        method="POST",
+        headers={
+            "apikey": sb["key"],
+            "Authorization": f"Bearer {sb['key']}",
+            "Content-Type": "application/json",
+        },
+    )
+    try:
+        with urlopen(req, timeout=15) as resp:
+            return json.loads(resp.read().decode())
+    except HTTPError as e:
+        try:
+            err_body = e.read().decode()
+            return json.loads(err_body)
+        except Exception:
+            print(f"[meshcode] HTTP {e.code} from {name}: {e.reason}", file=sys.stderr)
+            return None
+    except URLError as e:
+        print(f"[meshcode] network error calling {name}: {e.reason}", file=sys.stderr)
+        return None
+def _get_default_api_key() -> Optional[str]:
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+        return secrets_mod.get_api_key(profile="default")
+    except Exception:
+        return None
+# ============================================================
+# meshcode invite — owner creates an invite
+# ============================================================
+def cmd_invite(project: str, agent: str, role: str = "", days: int = 7) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in. Run `meshcode login <api_key>` first.", file=sys.stderr)
+        return 2
+    result = _rpc("mc_create_invite", {
+        "p_api_key": api_key,
+        "p_meshwork_name": project,
+        "p_agent_name": agent,
+        "p_role_description": role,
+        "p_expires_in_days": int(days),
+    })
+    if not isinstance(result, dict):
+        print("[meshcode] ERROR: invite RPC returned no data", file=sys.stderr)
+        return 1
+    if result.get("error"):
+        print(f"[meshcode] ERROR: {result['error']}", file=sys.stderr)
+        return 1
+    print()
+    print(f"[meshcode] ✓ Invite created for agent '{agent}' in meshwork '{project}'")
+    print(f"[meshcode]")
+    print(f"[meshcode]   Role:       {result.get('role') or '(unset)'}")
+    print(f"[meshcode]   Expires:    {result.get('expires_at')}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   Share this URL with your teammate:")
+    print(f"[meshcode]     {result.get('join_url')}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   Or share the CLI command:")
+    print(f"[meshcode]     {result.get('cli_command')}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   The token is single-use. After they redeem it, they'll have a")
+    print(f"[meshcode]   scoped api key that only works for the '{agent}' agent in this")
+    print(f"[meshcode]   meshwork. You can revoke them anytime from the dashboard.")
+    print()
+    return 0
+# ============================================================
+# meshcode join — friend redeems an invite
+# ============================================================
+def cmd_join(token: str, display_name: Optional[str] = None) -> int:
+    if not token or not token.startswith("mc_inv_"):
+        print(f"[meshcode] ERROR: that doesn't look like an invite token (expected mc_inv_...)", file=sys.stderr)
+        return 2
+    # 1. Inspect first so the user sees what they're joining BEFORE we mint a key
+    inspect = _rpc("mc_inspect_invite", {"p_token": token})
+    if not isinstance(inspect, dict):
+        print("[meshcode] ERROR: could not reach meshcode.io", file=sys.stderr)
+        return 1
+    if inspect.get("error"):
+        print(f"[meshcode] ERROR: {inspect['error']}", file=sys.stderr)
+        return 1
+    print()
+    print(f"[meshcode] You're about to join:")
+    print(f"[meshcode]   Meshwork: {inspect.get('meshwork')}")
+    print(f"[meshcode]   Agent:    {inspect.get('agent_name')}")
+    print(f"[meshcode]   Role:     {inspect.get('role') or '(unset)'}")
+    print(f"[meshcode]   Invited by: {inspect.get('invited_by')}")
+    print(f"[meshcode]   Expires:  {inspect.get('expires_at')}")
+    print()
+    # 2. Redeem (anonymous — creates a guest user under the hood)
+    redeem = _rpc("mc_redeem_invite", {
+        "p_token": token,
+        "p_display_name": display_name or "",
+    })
+    if not isinstance(redeem, dict):
+        print("[meshcode] ERROR: could not redeem invite", file=sys.stderr)
+        return 1
+    if redeem.get("error"):
+        print(f"[meshcode] ERROR: {redeem['error']}", file=sys.stderr)
+        return 1
+    scoped_key = redeem.get("api_key")
+    project = redeem.get("meshwork")
+    agent = redeem.get("agent_name")
+    if not scoped_key or not project or not agent:
+        print("[meshcode] ERROR: redeem succeeded but response was incomplete", file=sys.stderr)
+        return 1
+    # 3. Store scoped key in OS keychain under a per-mesh profile
+    profile_name = f"mesh:{project}:{agent}"
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+    except Exception as e:
+        print(f"[meshcode] ERROR: cannot load secrets module: {e}", file=sys.stderr)
+        return 1
+    if not secrets_mod.set_api_key(scoped_key, profile=profile_name, meta={
+        "type": "scoped",
+        "meshwork": project,
+        "agent": agent,
+        "role": redeem.get("role") or "",
+        "expires_at": redeem.get("expires_at"),
+        "display_name": redeem.get("display_name"),
+        "guest_user_id": redeem.get("guest_user_id"),
+    }):
+        print(f"[meshcode] ERROR: could not store scoped api key in keychain", file=sys.stderr)
+        return 1
+    # 4. Create the workspace dir with this profile baked in
+    try:
+        sc = importlib.import_module("meshcode.setup_clients")
+        rc = sc.setup_workspace(
+            project, agent,
+            role=redeem.get("role") or "",
+            keychain_profile=profile_name,
+        )
+        if rc != 0:
+            return rc
+    except Exception as e:
+        print(f"[meshcode] WARNING: workspace creation failed ({e}); manual setup needed", file=sys.stderr)
+    print()
+    print(f"[meshcode] 🎉 You've joined '{project}' as '{agent}'")
+    print(f"[meshcode]")
+    print(f"[meshcode]   To launch your agent now:")
+    print(f"[meshcode]     meshcode run {agent}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   Your scoped api key is in the OS keychain under profile:")
+    print(f"[meshcode]     {profile_name}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   This key only works for the '{agent}' agent in '{project}'.")
+    print(f"[meshcode]   It cannot create new meshworks, see other agents' messages,")
+    print(f"[meshcode]   or affect the inviter's billing.")
+    print()
+    return 0
+# ============================================================
+# meshcode invites <project> — list outstanding invites
+# ============================================================
+def cmd_list_invites(project: str) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in", file=sys.stderr)
+        return 2
+    # Resolve project_id by name first
+    pid = _rpc("mc_resolve_project", {
+        "p_api_key": api_key, "p_project_name": project,
+    })
+    if not isinstance(pid, dict) or not pid.get("project_id"):
+        print(f"[meshcode] ERROR: meshwork '{project}' not found or not yours", file=sys.stderr)
+        return 1
+    result = _rpc("mc_list_invites", {
+        "p_api_key": api_key,
+        "p_meshwork_id": pid["project_id"],
+    })
+    if not isinstance(result, dict) or result.get("error"):
+        print(f"[meshcode] ERROR: {(result or {}).get('error', 'rpc failed')}", file=sys.stderr)
+        return 1
+    invites = result.get("invites") or []
+    if not invites:
+        print(f"[meshcode] No invites for '{project}' yet.")
+        print(f"[meshcode] Create one with: meshcode invite {project} <agent>")
+        return 0
+    print()
+    print(f"[meshcode] Invites for '{project}':")
+    print()
+    for inv in invites:
+        status = "REDEEMED" if inv.get("redeemed") else ("REVOKED" if inv.get("revoked") else "OPEN")
+        print(f"  [{status}] {inv.get('token_prefix')}…  agent={inv.get('agent_name')}  expires={inv.get('expires_at')}")
+        if inv.get("role"):
+            print(f"           role: {inv['role']}")
+    print()
+    return 0
+# ============================================================
+# meshcode members <project> — list members
+# ============================================================
+def cmd_list_members(project: str) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in", file=sys.stderr)
+        return 2
+    pid = _rpc("mc_resolve_project", {
+        "p_api_key": api_key, "p_project_name": project,
+    })
+    if not isinstance(pid, dict) or not pid.get("project_id"):
+        print(f"[meshcode] ERROR: meshwork '{project}' not found or not yours", file=sys.stderr)
+        return 1
+    result = _rpc("mc_list_members", {
+        "p_api_key": api_key,
+        "p_meshwork_id": pid["project_id"],
+    })
+    if not isinstance(result, dict) or result.get("error"):
+        print(f"[meshcode] ERROR: {(result or {}).get('error', 'rpc failed')}", file=sys.stderr)
+        return 1
+    members = result.get("members") or []
+    if not members:
+        print(f"[meshcode] No members in '{project}' yet (only you).")
+        return 0
+    print()
+    print(f"[meshcode] Members of '{project}':")
+    print()
+    for m in members:
+        guest_tag = " (guest)" if m.get("is_guest") else ""
+        agent_tag = f"  [{m.get('agent_name')}]" if m.get("agent_name") else ""
+        print(f"  • {m.get('display_name')}{guest_tag} — {m.get('role')}{agent_tag}")
+        print(f"      user_id: {m.get('user_id')}")
+        print(f"      joined:  {m.get('joined_at')}")
+    print()
+    return 0
+# ============================================================
+# meshcode revoke-invite <invite-id>
+# ============================================================
+def cmd_revoke_invite(invite_id: str) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in", file=sys.stderr)
+        return 2
+    result = _rpc("mc_revoke_invite", {
+        "p_api_key": api_key,
+        "p_invite_id": invite_id,
+    })
+    if not isinstance(result, dict) or result.get("error"):
+        print(f"[meshcode] ERROR: {(result or {}).get('error', 'rpc failed')}", file=sys.stderr)
+        return 1
+    print(f"[meshcode] ✓ Invite {invite_id} revoked")
+    return 0
+# ============================================================
+# meshcode revoke-member <project> <member-user-id>
+# ============================================================
+def cmd_revoke_member(project: str, member_user_id: str) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in", file=sys.stderr)
+        return 2
+    pid = _rpc("mc_resolve_project", {
+        "p_api_key": api_key, "p_project_name": project,
+    })
+    if not isinstance(pid, dict) or not pid.get("project_id"):
+        print(f"[meshcode] ERROR: meshwork '{project}' not found or not yours", file=sys.stderr)
+        return 1
+    result = _rpc("mc_revoke_member", {
+        "p_api_key": api_key,
+        "p_meshwork_id": pid["project_id"],
+        "p_member_user_id": member_user_id,
+    })
+    if not isinstance(result, dict) or result.get("error"):
+        print(f"[meshcode] ERROR: {(result or {}).get('error', 'rpc failed')}", file=sys.stderr)
+        return 1
+    print(f"[meshcode] ✓ Member {member_user_id} removed from '{project}'")
+    return 0

{meshcode-1.3.0 → meshcode-1.5.0}/meshcode/meshcode_mcp/realtime.py RENAMED Viewed

@@ -44,6 +44,9 @@ class RealtimeListener:
         self._task: Optional[asyncio.Task] = None
         self._stop = asyncio.Event()
         self._connected = False
+        # Event fired whenever a new message is appended to the queue.
+        # meshcode_wait awaits this instead of polling → zero-cost idle.
+        self.message_event = asyncio.Event()
     @property
     def ws_url(self) -> str:
@@ -163,6 +166,11 @@ class RealtimeListener:
                         "id": record.get("id"),
                     }
                     self.queue.append(enriched)
+                    # Wake any meshcode_wait blocked on this event.
+                    try:
+                        self.message_event.set()
+                    except Exception:
+                        pass
                     log.info(f"new message from {enriched['from']}")
                     if self.notify_callback:
                         try:
@@ -174,8 +182,26 @@ class RealtimeListener:
         """Pop and return all queued messages."""
         out = list(self.queue)
         self.queue.clear()
+        # Queue is empty → reset the wake event so the next wait blocks again.
+        try:
+            self.message_event.clear()
+        except Exception:
+            pass
         return out
+    async def wait_for_message(self, timeout: Optional[float] = None) -> bool:
+        """Block until a new message lands in the queue (or timeout).
+        Returns True if woken by a message, False on timeout. This is the
+        core of the zero-cost idle loop: while awaiting, the event loop
+        does ZERO work — no polling, no Supabase calls, no token cost.
+        """
+        try:
+            await asyncio.wait_for(self.message_event.wait(), timeout=timeout)
+            return True
+        except asyncio.TimeoutError:
+            return False
     @property
     def is_connected(self) -> bool:
         return self._connected

meshcode 1.3.0__tar.gz → 1.5.0__tar.gz

meshcode 1.3.0tar.gz → 1.5.0tar.gz