meshcode 1.4.0__tar.gz → 1.5.1__tar.gz

{meshcode-1.4.0 → meshcode-1.5.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 1.4.0
+Version: 1.5.1
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT
@@ -21,6 +21,7 @@ Description-Content-Type: text/markdown
 Requires-Dist: mcp[cli]>=1.0.0
 Requires-Dist: websockets>=12.0
 Requires-Dist: realtime>=2.0.0
+Requires-Dist: keyring>=24.0
 
 # MeshCode
 

{meshcode-1.4.0 → meshcode-1.5.1}/meshcode/__init__.py

@@ -1,2 +1,2 @@
 """MeshCode — Real-time communication between AI agents."""
-__version__ = "1.4.0"
+__version__ = "1.5.1"

{meshcode-1.4.0 → meshcode-1.5.1}/meshcode/comms_v4.py

@@ -1396,13 +1396,13 @@ def connect(project, name, hook_target="claude", role=""):
     print(f"[MESHCODE] Plataforma detectada: {os_name}")
     print(f"[MESHCODE] Conectando a meshwork '{project}' como '{name}'...")
 
-    # Check for saved credentials
-    creds_path = Path.home() / ".meshcode" / "credentials.json"
-    if creds_path.exists():
+    # Show logged-in user (from non-secret metadata, NOT the api key file)
+    meta_path = Path.home() / ".meshcode" / "profile_meta.json"
+    if meta_path.exists():
         try:
-            creds = json.loads(creds_path.read_text())
-            print(f"[MESHCODE] Autenticado como {creds.get('display_name', creds.get('email', '?'))}")
-        except:
+            meta = json.loads(meta_path.read_text())
+            print(f"[MESHCODE] Autenticado como {meta.get('display_name', meta.get('email', '?'))}")
+        except Exception:
             pass
 
     # Register agent
@@ -1453,23 +1453,57 @@ def connect(project, name, hook_target="claude", role=""):
 
 
 def login(api_key):
-    """Authenticate with API key and save credentials locally."""
+    """Authenticate with API key and save it to the OS keychain.
+
+    1.4.1+ stores api keys in the OS keychain (macOS Keychain, Linux
+    libsecret, Windows Credential Manager) instead of plain text on disk.
+    A small metadata file at ~/.meshcode/profile_meta.json holds the
+    user_id / email / display_name (no secrets) so the rest of the CLI
+    can show "Logged in as ..." without hitting Supabase every call.
+    """
     result = sb_rpc("mc_validate_api_key", {"p_api_key": api_key})
     if not result or not result.get("valid"):
         print("[MESHCODE] API key inválida o expirada")
         return False
 
-    # Save credentials
+    # Lazy import to avoid pulling keyring at every CLI startup if not needed
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+    except Exception as e:
+        print(f"[MESHCODE] ERROR: cannot load secrets module: {e}")
+        return False
+
+    meta = {
+        "user_id": result.get("user_id"),
+        "email": result.get("email"),
+        "display_name": result.get("display_name"),
+    }
+    if not secrets_mod.set_api_key(api_key, profile=secrets_mod.DEFAULT_PROFILE, meta=meta):
+        print("[MESHCODE] ERROR: could not store api key in keychain")
+        return False
+
+    # Also persist non-secret metadata so we can show the logged-in user
     config_dir = Path.home() / ".meshcode"
     config_dir.mkdir(exist_ok=True)
-    creds = {
-        "api_key": api_key,
-        "user_id": result["user_id"],
-        "email": result["email"],
-        "display_name": result["display_name"]
-    }
-    (config_dir / "credentials.json").write_text(json.dumps(creds, indent=2))
+    meta_path = config_dir / "profile_meta.json"
+    meta_path.write_text(json.dumps(meta, indent=2))
+    try:
+        os.chmod(meta_path, 0o600)
+    except Exception:
+        pass
+
+    # Drop the migration flag so we don't try to re-migrate next run
+    flag = config_dir / ".migrated_to_keychain"
+    if not flag.exists():
+        try:
+            flag.write_text("login")
+        except Exception:
+            pass
+
+    backend = secrets_mod.keyring_status().get("backend", "?")
     print(f"[MESHCODE] Autenticado como {result['display_name']} ({result['email']})")
+    print(f"[MESHCODE]   API key stored in OS keychain ({backend})")
     return True
 
 
@@ -1658,6 +1692,14 @@ def parse_flags(argv):
 
 
 if __name__ == "__main__":
+    # One-shot migration: pre-1.4.1 plain-text credentials.json → OS keychain.
+    # Idempotent and safe; runs once per machine then drops a flag file.
+    try:
+        import importlib as _imp
+        _imp.import_module("meshcode.secrets").migrate_legacy_credentials()
+    except Exception:
+        pass
+
     if len(sys.argv) < 2:
         show_help()
         sys.exit(0)
@@ -1908,6 +1950,66 @@ if __name__ == "__main__":
         _run = importlib.import_module("meshcode.run_agent").run
         sys.exit(_run(agent, project=proj_override, editor_override=editor_override))
 
+    elif cmd == "invite":
+        # meshcode invite <project> <agent> [--role "..."] [--days N]
+        if len(pos) < 2:
+            print("Usage: meshcode invite <project> <agent> [--role \"...\"] [--days 7]")
+            sys.exit(1)
+        proj = pos[0]
+        agent = pos[1]
+        role = flags.get("role", "")
+        days = int(flags.get("days", "7") or 7)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_invite(proj, agent, role=role, days=days))
+
+    elif cmd == "join":
+        # meshcode join <invite-token> [--display-name "alice"]
+        if len(sys.argv) < 3:
+            print("Usage: meshcode join <invite-token> [--display-name \"your name\"]")
+            sys.exit(1)
+        token = sys.argv[2] if not sys.argv[2].startswith("--") else (pos[0] if pos else "")
+        display = flags.get("display-name") or flags.get("name")
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_join(token, display_name=display))
+
+    elif cmd == "invites":
+        # meshcode invites <project> — list outstanding invites
+        if len(pos) < 1:
+            print("Usage: meshcode invites <project>")
+            sys.exit(1)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_list_invites(pos[0]))
+
+    elif cmd == "members":
+        # meshcode members <project> — list members
+        if len(pos) < 1:
+            print("Usage: meshcode members <project>")
+            sys.exit(1)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_list_members(pos[0]))
+
+    elif cmd == "revoke-invite":
+        # meshcode revoke-invite <invite-id>
+        if len(pos) < 1:
+            print("Usage: meshcode revoke-invite <invite-id>")
+            sys.exit(1)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_revoke_invite(pos[0]))
+
+    elif cmd == "revoke-member":
+        # meshcode revoke-member <project> <member-user-id>
+        if len(pos) < 2:
+            print("Usage: meshcode revoke-member <project> <member-user-id>")
+            sys.exit(1)
+        import importlib
+        _inv = importlib.import_module("meshcode.invites")
+        sys.exit(_inv.cmd_revoke_member(pos[0], pos[1]))
+
     elif cmd == "login":
         key = sys.argv[2] if len(sys.argv) > 2 else ""
         if not key:

meshcode-1.5.1/meshcode/invites.py

@@ -0,0 +1,363 @@
+"""Invite + join CLI helpers (Phase 7B).
+
+Lets users:
+  meshcode invite <project> <agent> [--role "..."] [--days 7]
+      → owner generates an invite token + share URL for one specific
+        agent slot in their meshwork
+
+  meshcode join <token> [--display-name "alice"]
+      → friend redeems the invite, gets a scoped api key tied to one
+        meshwork + one agent name, stores it in the OS keychain under
+        a per-mesh profile, and creates a workspace ready to launch
+
+  meshcode invites <project>
+      → list outstanding + redeemed invites for a meshwork
+
+  meshcode members <project>
+      → list members of a meshwork
+
+  meshcode revoke-invite <invite-id>
+      → cancel an outstanding invite (or kick the redeemer if already in)
+
+  meshcode revoke-member <project> <member-user-id>
+      → kick a member out of a meshwork
+
+All RPCs run via the publishable Supabase key + the user's own api_key
+for ownership validation. Scoped guest keys never see the owner's main
+key — they get a narrow key that only works on their one agent slot.
+"""
+from __future__ import annotations
+
+import json
+import os
+import sys
+from pathlib import Path
+from typing import Any, Dict, Optional
+from urllib.error import HTTPError, URLError
+from urllib.request import Request, urlopen
+
+
+# ============================================================
+# Supabase RPC helpers
+# ============================================================
+
+_DEFAULT_SUPABASE_URL = "https://wwgzzmydrwrjgaebspdo.supabase.co"
+_DEFAULT_SUPABASE_KEY = "sb_publishable_0qf0U1GURopPIxLR8Vu7eQ_5grflPP4"
+
+
+def _sb() -> Dict[str, str]:
+    url = os.environ.get("SUPABASE_URL", "") or _DEFAULT_SUPABASE_URL
+    key = os.environ.get("SUPABASE_KEY", "") or _DEFAULT_SUPABASE_KEY
+    return {"url": url, "key": key}
+
+
+def _rpc(name: str, body: Dict[str, Any]) -> Optional[Dict[str, Any]]:
+    sb = _sb()
+    req = Request(
+        f"{sb['url']}/rest/v1/rpc/{name}",
+        data=json.dumps(body).encode(),
+        method="POST",
+        headers={
+            "apikey": sb["key"],
+            "Authorization": f"Bearer {sb['key']}",
+            "Content-Type": "application/json",
+        },
+    )
+    try:
+        with urlopen(req, timeout=15) as resp:
+            return json.loads(resp.read().decode())
+    except HTTPError as e:
+        try:
+            err_body = e.read().decode()
+            return json.loads(err_body)
+        except Exception:
+            print(f"[meshcode] HTTP {e.code} from {name}: {e.reason}", file=sys.stderr)
+            return None
+    except URLError as e:
+        print(f"[meshcode] network error calling {name}: {e.reason}", file=sys.stderr)
+        return None
+
+
+def _get_default_api_key() -> Optional[str]:
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+        return secrets_mod.get_api_key(profile="default")
+    except Exception:
+        return None
+
+
+# ============================================================
+# meshcode invite — owner creates an invite
+# ============================================================
+
+def cmd_invite(project: str, agent: str, role: str = "", days: int = 7) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in. Run `meshcode login <api_key>` first.", file=sys.stderr)
+        return 2
+
+    result = _rpc("mc_create_invite", {
+        "p_api_key": api_key,
+        "p_meshwork_name": project,
+        "p_agent_name": agent,
+        "p_role_description": role,
+        "p_expires_in_days": int(days),
+    })
+    if not isinstance(result, dict):
+        print("[meshcode] ERROR: invite RPC returned no data", file=sys.stderr)
+        return 1
+    if result.get("error"):
+        print(f"[meshcode] ERROR: {result['error']}", file=sys.stderr)
+        return 1
+
+    print()
+    print(f"[meshcode] ✓ Invite created for agent '{agent}' in meshwork '{project}'")
+    print(f"[meshcode]")
+    print(f"[meshcode]   Role:       {result.get('role') or '(unset)'}")
+    print(f"[meshcode]   Expires:    {result.get('expires_at')}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   Share this URL with your teammate:")
+    print(f"[meshcode]     {result.get('join_url')}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   Or share the CLI command:")
+    print(f"[meshcode]     {result.get('cli_command')}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   The token is single-use. After they redeem it, they'll have a")
+    print(f"[meshcode]   scoped api key that only works for the '{agent}' agent in this")
+    print(f"[meshcode]   meshwork. You can revoke them anytime from the dashboard.")
+    print()
+    return 0
+
+
+# ============================================================
+# meshcode join — friend redeems an invite
+# ============================================================
+
+def cmd_join(token: str, display_name: Optional[str] = None) -> int:
+    if not token or not token.startswith("mc_inv_"):
+        print(f"[meshcode] ERROR: that doesn't look like an invite token (expected mc_inv_...)", file=sys.stderr)
+        return 2
+
+    # 1. Inspect first so the user sees what they're joining BEFORE we mint a key
+    inspect = _rpc("mc_inspect_invite", {"p_token": token})
+    if not isinstance(inspect, dict):
+        print("[meshcode] ERROR: could not reach meshcode.io", file=sys.stderr)
+        return 1
+    if inspect.get("error"):
+        print(f"[meshcode] ERROR: {inspect['error']}", file=sys.stderr)
+        return 1
+
+    print()
+    print(f"[meshcode] You're about to join:")
+    print(f"[meshcode]   Meshwork: {inspect.get('meshwork')}")
+    print(f"[meshcode]   Agent:    {inspect.get('agent_name')}")
+    print(f"[meshcode]   Role:     {inspect.get('role') or '(unset)'}")
+    print(f"[meshcode]   Invited by: {inspect.get('invited_by')}")
+    print(f"[meshcode]   Expires:  {inspect.get('expires_at')}")
+    print()
+
+    # 2. Redeem (anonymous — creates a guest user under the hood)
+    redeem = _rpc("mc_redeem_invite", {
+        "p_token": token,
+        "p_display_name": display_name or "",
+    })
+    if not isinstance(redeem, dict):
+        print("[meshcode] ERROR: could not redeem invite", file=sys.stderr)
+        return 1
+    if redeem.get("error"):
+        print(f"[meshcode] ERROR: {redeem['error']}", file=sys.stderr)
+        return 1
+
+    scoped_key = redeem.get("api_key")
+    project = redeem.get("meshwork")
+    agent = redeem.get("agent_name")
+    if not scoped_key or not project or not agent:
+        print("[meshcode] ERROR: redeem succeeded but response was incomplete", file=sys.stderr)
+        return 1
+
+    # 3. Store scoped key in OS keychain under a per-mesh profile
+    profile_name = f"mesh:{project}:{agent}"
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+    except Exception as e:
+        print(f"[meshcode] ERROR: cannot load secrets module: {e}", file=sys.stderr)
+        return 1
+
+    if not secrets_mod.set_api_key(scoped_key, profile=profile_name, meta={
+        "type": "scoped",
+        "meshwork": project,
+        "agent": agent,
+        "role": redeem.get("role") or "",
+        "expires_at": redeem.get("expires_at"),
+        "display_name": redeem.get("display_name"),
+        "guest_user_id": redeem.get("guest_user_id"),
+    }):
+        print(f"[meshcode] ERROR: could not store scoped api key in keychain", file=sys.stderr)
+        return 1
+
+    # 4. Create the workspace dir with this profile baked in
+    try:
+        sc = importlib.import_module("meshcode.setup_clients")
+        rc = sc.setup_workspace(
+            project, agent,
+            role=redeem.get("role") or "",
+            keychain_profile=profile_name,
+        )
+        if rc != 0:
+            return rc
+    except Exception as e:
+        print(f"[meshcode] WARNING: workspace creation failed ({e}); manual setup needed", file=sys.stderr)
+
+    print()
+    print(f"[meshcode] 🎉 You've joined '{project}' as '{agent}'")
+    print(f"[meshcode]")
+    print(f"[meshcode]   To launch your agent now:")
+    print(f"[meshcode]     meshcode run {agent}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   Your scoped api key is in the OS keychain under profile:")
+    print(f"[meshcode]     {profile_name}")
+    print(f"[meshcode]")
+    print(f"[meshcode]   This key only works for the '{agent}' agent in '{project}'.")
+    print(f"[meshcode]   It cannot create new meshworks, see other agents' messages,")
+    print(f"[meshcode]   or affect the inviter's billing.")
+    print()
+    return 0
+
+
+# ============================================================
+# meshcode invites <project> — list outstanding invites
+# ============================================================
+
+def cmd_list_invites(project: str) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in", file=sys.stderr)
+        return 2
+
+    # Resolve project_id by name first
+    pid = _rpc("mc_resolve_project", {
+        "p_api_key": api_key, "p_project_name": project,
+    })
+    if not isinstance(pid, dict) or not pid.get("project_id"):
+        print(f"[meshcode] ERROR: meshwork '{project}' not found or not yours", file=sys.stderr)
+        return 1
+
+    result = _rpc("mc_list_invites", {
+        "p_api_key": api_key,
+        "p_meshwork_id": pid["project_id"],
+    })
+    if not isinstance(result, dict) or result.get("error"):
+        print(f"[meshcode] ERROR: {(result or {}).get('error', 'rpc failed')}", file=sys.stderr)
+        return 1
+
+    invites = result.get("invites") or []
+    if not invites:
+        print(f"[meshcode] No invites for '{project}' yet.")
+        print(f"[meshcode] Create one with: meshcode invite {project} <agent>")
+        return 0
+
+    print()
+    print(f"[meshcode] Invites for '{project}':")
+    print()
+    for inv in invites:
+        status = "REDEEMED" if inv.get("redeemed") else ("REVOKED" if inv.get("revoked") else "OPEN")
+        print(f"  [{status}] {inv.get('token_prefix')}…  agent={inv.get('agent_name')}  expires={inv.get('expires_at')}")
+        if inv.get("role"):
+            print(f"           role: {inv['role']}")
+    print()
+    return 0
+
+
+# ============================================================
+# meshcode members <project> — list members
+# ============================================================
+
+def cmd_list_members(project: str) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in", file=sys.stderr)
+        return 2
+
+    pid = _rpc("mc_resolve_project", {
+        "p_api_key": api_key, "p_project_name": project,
+    })
+    if not isinstance(pid, dict) or not pid.get("project_id"):
+        print(f"[meshcode] ERROR: meshwork '{project}' not found or not yours", file=sys.stderr)
+        return 1
+
+    result = _rpc("mc_list_members", {
+        "p_api_key": api_key,
+        "p_meshwork_id": pid["project_id"],
+    })
+    if not isinstance(result, dict) or result.get("error"):
+        print(f"[meshcode] ERROR: {(result or {}).get('error', 'rpc failed')}", file=sys.stderr)
+        return 1
+
+    members = result.get("members") or []
+    if not members:
+        print(f"[meshcode] No members in '{project}' yet (only you).")
+        return 0
+
+    print()
+    print(f"[meshcode] Members of '{project}':")
+    print()
+    for m in members:
+        guest_tag = " (guest)" if m.get("is_guest") else ""
+        agent_tag = f"  [{m.get('agent_name')}]" if m.get("agent_name") else ""
+        print(f"  • {m.get('display_name')}{guest_tag} — {m.get('role')}{agent_tag}")
+        print(f"      user_id: {m.get('user_id')}")
+        print(f"      joined:  {m.get('joined_at')}")
+    print()
+    return 0
+
+
+# ============================================================
+# meshcode revoke-invite <invite-id>
+# ============================================================
+
+def cmd_revoke_invite(invite_id: str) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in", file=sys.stderr)
+        return 2
+
+    result = _rpc("mc_revoke_invite", {
+        "p_api_key": api_key,
+        "p_invite_id": invite_id,
+    })
+    if not isinstance(result, dict) or result.get("error"):
+        print(f"[meshcode] ERROR: {(result or {}).get('error', 'rpc failed')}", file=sys.stderr)
+        return 1
+    print(f"[meshcode] ✓ Invite {invite_id} revoked")
+    return 0
+
+
+# ============================================================
+# meshcode revoke-member <project> <member-user-id>
+# ============================================================
+
+def cmd_revoke_member(project: str, member_user_id: str) -> int:
+    api_key = _get_default_api_key()
+    if not api_key:
+        print("[meshcode] ERROR: not logged in", file=sys.stderr)
+        return 2
+
+    pid = _rpc("mc_resolve_project", {
+        "p_api_key": api_key, "p_project_name": project,
+    })
+    if not isinstance(pid, dict) or not pid.get("project_id"):
+        print(f"[meshcode] ERROR: meshwork '{project}' not found or not yours", file=sys.stderr)
+        return 1
+
+    result = _rpc("mc_revoke_member", {
+        "p_api_key": api_key,
+        "p_meshwork_id": pid["project_id"],
+        "p_member_user_id": member_user_id,
+    })
+    if not isinstance(result, dict) or result.get("error"):
+        print(f"[meshcode] ERROR: {(result or {}).get('error', 'rpc failed')}", file=sys.stderr)
+        return 1
+    print(f"[meshcode] ✓ Member {member_user_id} removed from '{project}'")
+    return 0

{meshcode-1.4.0 → meshcode-1.5.1}/meshcode/meshcode_mcp/server.py

@@ -115,13 +115,51 @@ if not PROJECT_NAME or not AGENT_NAME:
     sys.exit(2)
 
 
+# ============================================================
+# API key resolution — keychain first, env var fallback
+# ============================================================
+#
+# 1.4.1+ stores api keys in the OS keychain. The setup_clients writer
+# bakes only MESHCODE_KEYCHAIN_PROFILE into the .mcp.json env block, NOT
+# the api key itself. The MCP server resolves the key at boot via the
+# secrets module. The env-var path is preserved as a fallback for users
+# whose OS doesn't have a keychain backend.
+
+_API_KEY_CACHE: Optional[str] = None
+
+def _get_api_key() -> str:
+    """Resolve the api_key for this MCP server process. Cached after first call."""
+    global _API_KEY_CACHE
+    if _API_KEY_CACHE is not None:
+        return _API_KEY_CACHE
+    # 1. Direct env var (legacy / fallback path)
+    val = os.environ.get("MESHCODE_API_KEY", "").strip()
+    if val:
+        _API_KEY_CACHE = val
+        return val
+    # 2. Keychain via profile name in env
+    profile = os.environ.get("MESHCODE_KEYCHAIN_PROFILE", "").strip()
+    if profile:
+        try:
+            import importlib
+            secrets_mod = importlib.import_module("meshcode.secrets")
+            kc_val = secrets_mod.get_api_key(profile=profile)
+            if kc_val:
+                _API_KEY_CACHE = kc_val
+                return kc_val
+        except Exception as e:
+            print(f"[meshcode-mcp] WARNING: keychain lookup failed for profile '{profile}': {e}", file=sys.stderr)
+    _API_KEY_CACHE = ""
+    return ""
+
+
 # Resolve project_id at startup. Try in order:
 #   1. MESHCODE_PROJECT_ID env var (baked by `meshcode setup`, fastest)
 #   2. mc_resolve_project RPC with the user's api_key (security definer, bypasses RLS)
 #   3. Direct SELECT via get_project_id (only works if RLS is open / user is admin)
 _PROJECT_ID: Optional[str] = os.environ.get("MESHCODE_PROJECT_ID") or None
 if not _PROJECT_ID:
-    _api_key = os.environ.get("MESHCODE_API_KEY", "")
+    _api_key = _get_api_key()
     if _api_key:
         try:
             _r = be.sb_rpc("mc_resolve_project", {
@@ -137,7 +175,7 @@ if not _PROJECT_ID:
 if not _PROJECT_ID:
     _PROJECT_ID = be.get_project_id(PROJECT_NAME)
 if not _PROJECT_ID:
-    print(f"[meshcode-mcp] ERROR: project '{PROJECT_NAME}' not found (check MESHCODE_API_KEY env var)", file=sys.stderr)
+    print(f"[meshcode-mcp] ERROR: project '{PROJECT_NAME}' not found (check MESHCODE_KEYCHAIN_PROFILE / MESHCODE_API_KEY)", file=sys.stderr)
     sys.exit(2)
 
 _register_result = be.register_agent(PROJECT_NAME, AGENT_NAME, AGENT_ROLE or "MCP-connected agent")
@@ -149,7 +187,7 @@ if isinstance(_register_result, dict) and _register_result.get("error"):
 # bypass RLS — the publishable key has no JWT context and cannot UPDATE
 # mc_agents directly. The RPC validates ownership via api_key.
 def _flip_status(status: str, task: str = "") -> bool:
-    api_key = os.environ.get("MESHCODE_API_KEY", "")
+    api_key = _get_api_key()
     if not api_key:
         # Last-resort fallback: try the direct PATCH (may be denied by RLS)
         try:
@@ -186,7 +224,7 @@ import uuid as _uuid
 _INSTANCE_ID = f"mcp-{_uuid.uuid4().hex[:12]}"
 
 def _acquire_lease() -> bool:
-    api_key = os.environ.get("MESHCODE_API_KEY", "")
+    api_key = _get_api_key()
     if not api_key:
         return True  # legacy clients without api_key skip lease check
     try:
@@ -212,7 +250,7 @@ if not _acquire_lease():
 
 
 def _release_lease() -> None:
-    api_key = os.environ.get("MESHCODE_API_KEY", "")
+    api_key = _get_api_key()
     if not api_key:
         return
     try:

meshcode-1.5.1/meshcode/secrets.py

@@ -0,0 +1,337 @@
+"""OS keychain wrapper for MeshCode credentials.
+
+The user's MeshCode api key (mc_xxx) is sensitive and used to be stored
+in plain text at ~/.meshcode/credentials.json AND baked into every
+~/meshcode/<workspace>/.mcp.json AND passed through env vars to the
+MCP server subprocess (visible in `ps eauxww`). That was the equivalent
+of leaving your password in ~/Desktop/pass.txt + photocopying it on
+every wall.
+
+1.4.1+ stores api keys in the OS keychain via the `keyring` library:
+
+    macOS    → /usr/bin/security (Keychain Access)
+    Linux    → libsecret / kwallet (SecretService)
+    Windows  → Credential Manager (wincred)
+    Fallback → encrypted file via keyrings.cryptfile if no native backend
+
+The MCP server config files (.mcp.json) no longer contain the api key —
+they only contain a `MESHCODE_KEYCHAIN_PROFILE` env var that names the
+keychain entry to look up at boot time. The api key never appears in
+the filesystem, never in process env, never in `ps e`.
+
+Profile naming convention:
+    "default"                    — the user's primary api key (used for owned meshworks)
+    "mesh:<project>:<agent>"     — a per-agent scoped key (used for friend invites)
+
+The "default" profile is the one set by `meshcode login`. The
+per-agent profiles are set by `meshcode join <invite-token>` (Phase 7B).
+
+Backwards compatibility:
+- migrate_legacy_credentials() reads ~/.meshcode/credentials.json on
+  first 1.4.1 startup and moves it to keychain, then shreds the file.
+- get_api_key() falls back to credentials.json if keychain is unavailable
+  AND the file still exists. This keeps existing installs from breaking
+  if their OS doesn't have a usable keyring backend.
+"""
+from __future__ import annotations
+
+import json
+import os
+import secrets as _stdlib_secrets
+import sys
+from pathlib import Path
+from typing import Optional, Dict, Any
+
+SERVICE_NAME = "meshcode"
+DEFAULT_PROFILE = "default"
+LEGACY_CREDS_FILE = Path.home() / ".meshcode" / "credentials.json"
+
+
+# ============================================================
+# Keyring backend probe
+# ============================================================
+
+_KEYRING_AVAILABLE: Optional[bool] = None
+_KEYRING_BACKEND_NAME: Optional[str] = None
+
+
+def _probe_keyring() -> bool:
+    """Check whether the keyring library has a usable backend on this OS.
+
+    Returns True if we can read+write keychain entries. Caches the result.
+    """
+    global _KEYRING_AVAILABLE, _KEYRING_BACKEND_NAME
+    if _KEYRING_AVAILABLE is not None:
+        return _KEYRING_AVAILABLE
+    try:
+        import keyring  # type: ignore
+        from keyring.errors import KeyringError  # type: ignore
+        backend = keyring.get_keyring()
+        _KEYRING_BACKEND_NAME = type(backend).__name__
+        # Some installs report a "fail" backend on headless Linux. Probe with a
+        # write+read+delete round trip on a sentinel key.
+        sentinel_key = "meshcode_probe_sentinel"
+        sentinel_val = "ok"
+        try:
+            keyring.set_password(SERVICE_NAME, sentinel_key, sentinel_val)
+            got = keyring.get_password(SERVICE_NAME, sentinel_key)
+            keyring.delete_password(SERVICE_NAME, sentinel_key)
+            _KEYRING_AVAILABLE = (got == sentinel_val)
+        except KeyringError:
+            _KEYRING_AVAILABLE = False
+        except Exception:
+            _KEYRING_AVAILABLE = False
+    except ImportError:
+        _KEYRING_AVAILABLE = False
+        _KEYRING_BACKEND_NAME = "(keyring not installed)"
+    return _KEYRING_AVAILABLE
+
+
+def keyring_status() -> Dict[str, Any]:
+    """Return a small status dict for diagnostics."""
+    available = _probe_keyring()
+    return {
+        "available": available,
+        "backend": _KEYRING_BACKEND_NAME or "(unknown)",
+    }
+
+
+# ============================================================
+# Profile index — what profiles exist in keychain
+# ============================================================
+#
+# OS keychains let us SET and GET by (service, username) but listing all
+# usernames under a service is backend-specific (and often unavailable).
+# We keep a small JSON index at ~/.meshcode/profiles.json that lists which
+# profile names exist. This is metadata only — the index never contains
+# any secret values, just names. Mode 600.
+
+PROFILE_INDEX = Path.home() / ".meshcode" / "profiles.json"
+
+
+def _load_index() -> Dict[str, Any]:
+    if not PROFILE_INDEX.exists():
+        return {"profiles": {}}
+    try:
+        return json.loads(PROFILE_INDEX.read_text())
+    except Exception:
+        return {"profiles": {}}
+
+
+def _save_index(idx: Dict[str, Any]) -> None:
+    PROFILE_INDEX.parent.mkdir(parents=True, exist_ok=True)
+    tmp = PROFILE_INDEX.with_suffix(".tmp")
+    tmp.write_text(json.dumps(idx, indent=2))
+    try:
+        os.chmod(tmp, 0o600)
+    except Exception:
+        pass
+    tmp.replace(PROFILE_INDEX)
+
+
+def _index_set(profile: str, meta: Dict[str, Any]) -> None:
+    idx = _load_index()
+    idx.setdefault("profiles", {})[profile] = meta
+    _save_index(idx)
+
+
+def _index_remove(profile: str) -> None:
+    idx = _load_index()
+    if profile in idx.get("profiles", {}):
+        del idx["profiles"][profile]
+        _save_index(idx)
+
+
+def list_profiles() -> Dict[str, Dict[str, Any]]:
+    """Return all known keychain profiles with their metadata."""
+    return _load_index().get("profiles", {})
+
+
+# ============================================================
+# Get / set / delete api key
+# ============================================================
+
+def set_api_key(api_key: str, profile: str = DEFAULT_PROFILE,
+                meta: Optional[Dict[str, Any]] = None) -> bool:
+    """Store api_key under (SERVICE_NAME, profile) in the OS keychain.
+
+    Returns True on success. On failure, falls back to writing a mode-600
+    file at ~/.meshcode/credentials.<profile>.json (only as a last resort
+    when no keychain is available — prints a warning).
+    """
+    if not api_key or not isinstance(api_key, str):
+        return False
+
+    if _probe_keyring():
+        try:
+            import keyring  # type: ignore
+            keyring.set_password(SERVICE_NAME, profile, api_key)
+            _index_set(profile, {"backend": _KEYRING_BACKEND_NAME, **(meta or {})})
+            return True
+        except Exception as e:
+            print(f"[meshcode] WARNING: keychain write failed ({e}); falling back to file", file=sys.stderr)
+
+    # Fallback: mode-600 JSON file (legacy path, secured)
+    fallback_path = Path.home() / ".meshcode" / f"credentials.{profile}.json"
+    fallback_path.parent.mkdir(parents=True, exist_ok=True)
+    fallback_path.write_text(json.dumps({"api_key": api_key, **(meta or {})}, indent=2))
+    try:
+        os.chmod(fallback_path, 0o600)
+    except Exception:
+        pass
+    _index_set(profile, {"backend": "file-fallback", **(meta or {})})
+    return True
+
+
+def get_api_key(profile: str = DEFAULT_PROFILE) -> Optional[str]:
+    """Read api_key from the OS keychain (or fallback file).
+
+    Resolution order:
+    1. Keychain entry (SERVICE_NAME, profile)
+    2. ~/.meshcode/credentials.<profile>.json (fallback file from set_api_key)
+    3. ~/.meshcode/credentials.json (legacy pre-1.4.1 file, default profile only)
+    """
+    if _probe_keyring():
+        try:
+            import keyring  # type: ignore
+            val = keyring.get_password(SERVICE_NAME, profile)
+            if val:
+                return val
+        except Exception:
+            pass
+
+    # Fallback file for this profile
+    fallback_path = Path.home() / ".meshcode" / f"credentials.{profile}.json"
+    if fallback_path.exists():
+        try:
+            data = json.loads(fallback_path.read_text())
+            if isinstance(data, dict) and data.get("api_key"):
+                return data["api_key"]
+        except Exception:
+            pass
+
+    # Legacy pre-1.4.1 path: only valid for the default profile
+    if profile == DEFAULT_PROFILE and LEGACY_CREDS_FILE.exists():
+        try:
+            data = json.loads(LEGACY_CREDS_FILE.read_text())
+            if isinstance(data, dict) and data.get("api_key"):
+                return data["api_key"]
+        except Exception:
+            pass
+
+    return None
+
+
+def delete_api_key(profile: str = DEFAULT_PROFILE) -> bool:
+    """Remove the keychain entry + any fallback file for this profile."""
+    ok = False
+    if _probe_keyring():
+        try:
+            import keyring  # type: ignore
+            from keyring.errors import PasswordDeleteError  # type: ignore
+            try:
+                keyring.delete_password(SERVICE_NAME, profile)
+                ok = True
+            except PasswordDeleteError:
+                pass
+        except Exception:
+            pass
+
+    fallback_path = Path.home() / ".meshcode" / f"credentials.{profile}.json"
+    if fallback_path.exists():
+        try:
+            _shred_file(fallback_path)
+            ok = True
+        except Exception:
+            pass
+
+    _index_remove(profile)
+    return ok
+
+
+# ============================================================
+# Shred (overwrite + unlink) — for migration of plain text files
+# ============================================================
+
+def _shred_file(path: Path, passes: int = 3) -> None:
+    """Overwrite the file with random bytes then unlink it.
+
+    Not a guarantee against forensic recovery on SSDs (TRIM, wear leveling),
+    but raises the bar significantly compared to a plain unlink.
+    """
+    if not path.exists():
+        return
+    try:
+        size = path.stat().st_size
+        if size > 0:
+            with open(path, "r+b") as f:
+                for _ in range(passes):
+                    f.seek(0)
+                    f.write(_stdlib_secrets.token_bytes(size))
+                    f.flush()
+                    try:
+                        os.fsync(f.fileno())
+                    except Exception:
+                        pass
+    finally:
+        try:
+            path.unlink()
+        except Exception:
+            pass
+
+
+# ============================================================
+# Migration: pre-1.4.1 ~/.meshcode/credentials.json → keychain
+# ============================================================
+
+MIGRATION_FLAG = Path.home() / ".meshcode" / ".migrated_to_keychain"
+
+
+def migrate_legacy_credentials() -> bool:
+    """One-shot migration: move plain-text credentials.json to the OS keychain
+    and shred the original file. Idempotent — safe to call on every CLI start.
+
+    Returns True if a migration ran this call, False if nothing to do.
+    """
+    if MIGRATION_FLAG.exists():
+        return False
+    if not LEGACY_CREDS_FILE.exists():
+        # Nothing to migrate, but still drop the flag so we don't re-check forever
+        try:
+            MIGRATION_FLAG.parent.mkdir(parents=True, exist_ok=True)
+            MIGRATION_FLAG.write_text("no legacy file")
+        except Exception:
+            pass
+        return False
+
+    try:
+        data = json.loads(LEGACY_CREDS_FILE.read_text())
+    except Exception:
+        return False
+    api_key = (data or {}).get("api_key") if isinstance(data, dict) else None
+    if not api_key:
+        return False
+
+    meta = {k: v for k, v in data.items() if k != "api_key"} if isinstance(data, dict) else {}
+    ok = set_api_key(api_key, profile=DEFAULT_PROFILE, meta=meta)
+    if not ok:
+        # Don't shred the legacy file if the migration failed — user would
+        # be locked out. Leave it in place and try again next run.
+        return False
+
+    # Migration succeeded — shred the plain-text file
+    _shred_file(LEGACY_CREDS_FILE)
+
+    try:
+        MIGRATION_FLAG.parent.mkdir(parents=True, exist_ok=True)
+        MIGRATION_FLAG.write_text(json.dumps({
+            "migrated_at_unix": int(__import__("time").time()),
+            "backend": _KEYRING_BACKEND_NAME or "(unknown)",
+        }))
+    except Exception:
+        pass
+
+    print("[meshcode] ✓ Migrated your api key from plain text to OS keychain.", file=sys.stderr)
+    print(f"[meshcode]   Backend: {_KEYRING_BACKEND_NAME or '(file fallback)'}", file=sys.stderr)
+    print("[meshcode]   The old ~/.meshcode/credentials.json has been shredded.", file=sys.stderr)
+    return True

{meshcode-1.4.0 → meshcode-1.5.1}/meshcode/setup_clients.py

@@ -23,12 +23,50 @@ from pathlib import Path
 from typing import Dict, Any, Optional
 
 
-def _load_credentials() -> Dict[str, str]:
-    creds_path = Path.home() / ".meshcode" / "credentials.json"
-    if not creds_path.exists():
+def _load_credentials(profile: str = "default") -> Dict[str, str]:
+    """Load the api key + non-secret metadata for the given keychain profile.
+
+    1.4.1+ stores api keys in the OS keychain. The api key is read from there
+    via the secrets module. Non-secret metadata (user_id / email / display_name)
+    lives in ~/.meshcode/profile_meta.json. Falls back to the legacy
+    credentials.json file if the migration hasn't run yet (e.g. first run after
+    upgrade).
+    """
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+    except Exception as e:
+        print(f"[meshcode] ERROR: cannot load secrets module: {e}", file=sys.stderr)
+        sys.exit(2)
+
+    api_key = secrets_mod.get_api_key(profile=profile)
+    if not api_key:
         print("[meshcode] ERROR: No credentials found. Run `meshcode login <api_key>` first.", file=sys.stderr)
         sys.exit(2)
-    return json.loads(creds_path.read_text())
+
+    meta_path = Path.home() / ".meshcode" / "profile_meta.json"
+    meta: Dict[str, Any] = {"api_key": api_key}
+    if meta_path.exists():
+        try:
+            extra = json.loads(meta_path.read_text())
+            if isinstance(extra, dict):
+                meta.update({k: v for k, v in extra.items() if v is not None})
+        except Exception:
+            pass
+    # Legacy fallback (pre-1.4.1): if profile_meta.json doesn't exist, try the
+    # old credentials.json for non-secret fields. The api key itself is already
+    # in keychain by now (via migrate_legacy_credentials).
+    legacy_path = Path.home() / ".meshcode" / "credentials.json"
+    if legacy_path.exists() and not meta_path.exists():
+        try:
+            legacy = json.loads(legacy_path.read_text())
+            if isinstance(legacy, dict):
+                for k in ("user_id", "email", "display_name"):
+                    if legacy.get(k) and not meta.get(k):
+                        meta[k] = legacy[k]
+        except Exception:
+            pass
+    return meta
 
 
 def _load_supabase_env() -> Dict[str, str]:
@@ -84,19 +122,41 @@ def _resolve_project_id(api_key: str, project: str, sb: Dict[str, str]) -> str:
 
 
 def _build_server_block(project: str, project_id: str, agent: str, role: str,
-                         api_key: str, sb: Dict[str, str]) -> Dict[str, Any]:
+                         api_key: str, sb: Dict[str, str],
+                         keychain_profile: str = "default") -> Dict[str, Any]:
+    """Build the MCP server config block for an agent.
+
+    1.4.1+ does NOT bake the api key into the env. Instead it bakes a
+    `MESHCODE_KEYCHAIN_PROFILE` env var that names the keychain entry the
+    MCP server should look up at boot. The api key never appears in any
+    file on disk and never in process env / `ps eauxww`.
+
+    For backwards compatibility, if the keychain isn't available on this
+    OS, the api key falls back to the env var (legacy path).
+    """
+    env: Dict[str, str] = {
+        "MESHCODE_PROJECT": project,
+        "MESHCODE_PROJECT_ID": project_id,
+        "MESHCODE_AGENT": agent,
+        "MESHCODE_ROLE": role or "MCP-connected agent",
+        "MESHCODE_KEYCHAIN_PROFILE": keychain_profile,
+        "SUPABASE_URL": sb["SUPABASE_URL"],
+        "SUPABASE_KEY": sb["SUPABASE_KEY"],
+    }
+    # Belt-and-suspenders fallback: if the OS doesn't have a keychain backend
+    # the MCP server can't read the key from there, so we still need to pass
+    # it via env. Probe and only include it as a fallback path.
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+        if not secrets_mod.keyring_status().get("available", False):
+            env["MESHCODE_API_KEY"] = api_key
+    except Exception:
+        env["MESHCODE_API_KEY"] = api_key
     return {
         "command": sys.executable or "python3",
         "args": ["-m", "meshcode.meshcode_mcp", "serve"],
-        "env": {
-            "MESHCODE_PROJECT": project,
-            "MESHCODE_PROJECT_ID": project_id,
-            "MESHCODE_AGENT": agent,
-            "MESHCODE_ROLE": role or "MCP-connected agent",
-            "MESHCODE_API_KEY": api_key,
-            "SUPABASE_URL": sb["SUPABASE_URL"],
-            "SUPABASE_KEY": sb["SUPABASE_KEY"],
-        },
+        "env": env,
     }
 
 
@@ -118,19 +178,43 @@ def _workspace_dir(project: str, agent: str) -> Path:
     return WORKSPACES_ROOT / f"{project}-{agent}"
 
 
-def setup_workspace(project: str, agent: str, role: str = "") -> int:
+def setup_workspace(project: str, agent: str, role: str = "",
+                     keychain_profile: str = "default") -> int:
     """Create an isolated workspace dir at ~/meshcode/<project>-<agent>/ with
     .mcp.json containing ONLY this agent's server entry. Universal for any
     MCP-compatible editor that supports per-directory configs (Claude Code via
     --mcp-config flag, Cursor + Cline via .cursor/mcp.json + .vscode/mcp.json).
+
+    keychain_profile: which entry in the OS keychain holds the api key for
+    this agent. Defaults to "default" (the user's main login). For a
+    friend who joined via `meshcode join <token>`, this is set to
+    "mesh:<project>:<agent>" so the workspace uses the scoped guest key
+    instead of the inviter's main key.
     """
-    creds = _load_credentials()
     sb = _load_supabase_env()
-    api_key = creds.get("api_key", "")
+
+    # Resolve api_key from the named keychain profile (NOT always 'default')
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+        api_key = secrets_mod.get_api_key(profile=keychain_profile) or ""
+    except Exception as e:
+        print(f"[meshcode] ERROR: cannot load secrets module: {e}", file=sys.stderr)
+        return 2
+
+    if not api_key:
+        print(f"[meshcode] ERROR: no api key found in keychain profile '{keychain_profile}'", file=sys.stderr)
+        if keychain_profile == "default":
+            print("[meshcode]   Run `meshcode login <api_key>` first.", file=sys.stderr)
+        else:
+            print(f"[meshcode]   This profile is created by `meshcode join <token>`.", file=sys.stderr)
+        return 2
+
     project_id = _resolve_project_id(api_key, project, sb)
 
     server_id = f"meshcode-{project}-{agent}"
-    server_block = _build_server_block(project, project_id, agent, role, api_key, sb)
+    server_block = _build_server_block(project, project_id, agent, role, api_key, sb,
+                                         keychain_profile=keychain_profile)
 
     ws = _workspace_dir(project, agent)
     ws.mkdir(parents=True, exist_ok=True)

{meshcode-1.4.0 → meshcode-1.5.1}/meshcode.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 1.4.0
+Version: 1.5.1
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT
@@ -21,6 +21,7 @@ Description-Content-Type: text/markdown
 Requires-Dist: mcp[cli]>=1.0.0
 Requires-Dist: websockets>=12.0
 Requires-Dist: realtime>=2.0.0
+Requires-Dist: keyring>=24.0
 
 # MeshCode
 

{meshcode-1.4.0 → meshcode-1.5.1}/meshcode.egg-info/SOURCES.txt

@@ -3,10 +3,12 @@ pyproject.toml
 meshcode/__init__.py
 meshcode/cli.py
 meshcode/comms_v4.py
+meshcode/invites.py
 meshcode/launcher.py
 meshcode/launcher_install.py
 meshcode/protocol_v2.py
 meshcode/run_agent.py
+meshcode/secrets.py
 meshcode/setup_clients.py
 meshcode.egg-info/PKG-INFO
 meshcode.egg-info/SOURCES.txt

{meshcode-1.4.0 → meshcode-1.5.1}/meshcode.egg-info/requires.txt

@@ -1,3 +1,4 @@
 mcp[cli]>=1.0.0
 websockets>=12.0
 realtime>=2.0.0
+keyring>=24.0

{meshcode-1.4.0 → meshcode-1.5.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "meshcode"
-version = "1.4.0"
+version = "1.5.1"
 description = "Real-time communication between AI agents — Supabase-backed CLI"
 readme = "README.md"
 license = {text = "MIT"}
@@ -15,6 +15,7 @@ dependencies = [
     "mcp[cli]>=1.0.0",
     "websockets>=12.0",
     "realtime>=2.0.0",
+    "keyring>=24.0",
 ]
 classifiers = [
     "Development Status :: 4 - Beta",