meshcode 1.7.0__tar.gz → 1.8.2__tar.gz

{meshcode-1.7.0 → meshcode-1.8.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 1.7.0
+Version: 1.8.2
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT

{meshcode-1.7.0 → meshcode-1.8.2}/meshcode/__init__.py

@@ -1,2 +1,2 @@
 """MeshCode — Real-time communication between AI agents."""
-__version__ = "1.7.0"
+__version__ = "1.8.2"

{meshcode-1.7.0 → meshcode-1.8.2}/meshcode/comms_v4.py

@@ -1946,9 +1946,14 @@ if __name__ == "__main__":
         agent = sys.argv[2]
         proj_override = flags.get("project")
         editor_override = flags.get("editor")
+        perm_override = flags.get("permission")  # bypass | safe | ask
+        if "--bypass" in sys.argv:
+            perm_override = "bypass"
+        elif "--safe" in sys.argv:
+            perm_override = "safe"
         import importlib
         _run = importlib.import_module("meshcode.run_agent").run
-        sys.exit(_run(agent, project=proj_override, editor_override=editor_override))
+        sys.exit(_run(agent, project=proj_override, editor_override=editor_override, permission_override=perm_override))
 
     elif cmd == "invite":
         # meshcode invite <project> <agent> [--role "..."] [--days N]
@@ -2017,6 +2022,36 @@ if __name__ == "__main__":
             sys.exit(1)
         login(key)
 
+    elif cmd == "prefs":
+        # meshcode prefs permission-mode [bypass|safe|ask]   (no arg = show)
+        # meshcode prefs reset
+        from meshcode.preferences import (
+            get_permission_mode, set_permission_mode, reset_permission_mode,
+            VALID_PERMISSION_MODES,
+        )
+        sub = sys.argv[2] if len(sys.argv) > 2 else ""
+        if sub == "permission-mode":
+            if len(sys.argv) > 3:
+                mode = sys.argv[3].lower()
+                if mode not in VALID_PERMISSION_MODES:
+                    print(f"[ERROR] mode must be one of: {', '.join(sorted(VALID_PERMISSION_MODES))}")
+                    sys.exit(1)
+                ok = set_permission_mode(mode)
+                print(f"[meshcode] permission_mode = {mode}" if ok else "[ERROR] failed to save")
+                sys.exit(0 if ok else 1)
+            else:
+                cur = get_permission_mode()
+                print(f"permission_mode: {cur or '(unset — will prompt on next run)'}")
+                sys.exit(0)
+        elif sub == "reset":
+            reset_permission_mode()
+            print("[meshcode] preferences reset")
+            sys.exit(0)
+        else:
+            print("Usage: meshcode prefs permission-mode [bypass|safe|ask]")
+            print("       meshcode prefs reset")
+            sys.exit(1)
+
     elif cmd == "launcher":
         # meshcode launcher {install|uninstall|start|stop|restart|status|logs|test}
         try:

{meshcode-1.7.0 → meshcode-1.8.2}/meshcode/meshcode_mcp/backend.py

@@ -164,7 +164,7 @@ def register_agent(project: str, name: str, role: str = "") -> Dict:
     }
 
 
-def send_message(project_id: str, from_agent: str, to_agent: str, payload: Any, msg_type: str = "msg", parent_msg_id: Optional[str] = None) -> Dict:
+def send_message(project_id: str, from_agent: str, to_agent: str, payload: Any, msg_type: str = "msg", parent_msg_id: Optional[str] = None, sensitive: bool = False) -> Dict:
     if not isinstance(payload, dict):
         payload = {"text": str(payload)}
     msg = {
@@ -177,6 +177,8 @@ def send_message(project_id: str, from_agent: str, to_agent: str, payload: Any,
     }
     if parent_msg_id:
         msg["parent_msg_id"] = parent_msg_id
+    if sensitive:
+        msg["is_sensitive"] = True
     result = sb_insert("mc_messages", msg)
     if isinstance(result, dict) and result.get("_error"):
         return {"error": result["_error"]}

{meshcode-1.7.0 → meshcode-1.8.2}/meshcode/meshcode_mcp/server.py

@@ -363,6 +363,14 @@ meshcode_wait / meshcode_check / meshcode_read now includes an `id` field
 (use it for in_reply_to) and a `parent_id` field (so you can see whether
 the message you received is itself a reply to something).
 
+SENSITIVE DATA: when sharing API keys, credentials, customer data, personal
+information, secrets, or anything that should not be in a public log, set
+sensitive=True in your meshcode_send call. Sensitive messages are NEVER
+included in public meshwork exports, even if the meshwork owner publishes
+the meshwork. The flag is enforced at the database level — there is no way
+for a public viewer to read sensitive messages. Use this liberally — false
+positives are harmless, false negatives are a privacy leak.
+
 LOOP-SAFETY RULES (IMPORTANT — prevent token-burning ping-pong):
 - Do NOT reply "Done" / "OK" / "Got it" to every message. If a message
   is a status update or pure ack, just process it and call meshcode_wait
@@ -505,7 +513,8 @@ except Exception:
 # ----------------- TOOLS -----------------
 
 @mcp.tool()
-def meshcode_send(to: str, message: Any, in_reply_to: Optional[str] = None) -> Dict[str, Any]:
+def meshcode_send(to: str, message: Any, in_reply_to: Optional[str] = None,
+                  sensitive: bool = False) -> Dict[str, Any]:
     """Send a message to another agent in the meshwork.
 
     If you only have plain text, just pass it as a string and it will be
@@ -520,6 +529,13 @@ def meshcode_send(to: str, message: Any, in_reply_to: Optional[str] = None) -> D
             message is a threaded reply — the dashboard renders it under the
             original. Use this especially when replying to one of several
             outstanding broadcasts so humans can tell which is which.
+        sensitive: If True, this message will NEVER appear in a public meshwork
+            export, regardless of whether the meshwork is published. ALWAYS
+            set this to True when sharing API keys, credentials, customer
+            data, secrets, personal information, or anything that should not
+            be visible to anyone outside the meshwork. The owner can publish
+            the meshwork without leaking sensitive messages, because the
+            sensitive flag is enforced at the database level.
     """
     if isinstance(message, str):
         payload: Dict[str, Any] = {"text": message}
@@ -528,7 +544,7 @@ def meshcode_send(to: str, message: Any, in_reply_to: Optional[str] = None) -> D
     else:
         payload = {"text": str(message)}
     return be.send_message(_PROJECT_ID, AGENT_NAME, to, payload, msg_type="msg",
-                           parent_msg_id=in_reply_to)
+                           parent_msg_id=in_reply_to, sensitive=sensitive)
 
 
 @mcp.tool()

meshcode-1.8.2/meshcode/preferences.py

@@ -0,0 +1,171 @@
+"""Per-user CLI preferences for MeshCode.
+
+Stores small non-secret settings (like permission_mode for `meshcode run`)
+in ~/.meshcode/preferences.json with mode 600. Not the same as the API key
+storage in secrets.py — that goes to the OS keychain. This file is for
+opinion/UX preferences only, no credentials.
+
+Currently tracked:
+  permission_mode  one of "bypass" | "safe" | "ask" | None (unset)
+                   - "bypass": meshcode run passes --dangerously-skip-permissions
+                     to Claude Code so the autonomous loop runs without prompts.
+                   - "safe":   meshcode run does NOT pass that flag, so Claude
+                     prompts the user to approve every tool call. Kills the
+                     autonomous loop in practice — exists for paranoid users.
+                   - "ask":    prompt every launch.
+                   - None:     never set; meshcode run prompts on first use,
+                     saves the choice, and uses it from then on.
+"""
+from __future__ import annotations
+
+import json
+import os
+import sys
+import time
+from pathlib import Path
+from typing import Any, Dict, Optional
+
+PREFS_PATH = Path.home() / ".meshcode" / "preferences.json"
+
+VALID_PERMISSION_MODES = {"bypass", "safe", "ask"}
+DEFAULT_PERMISSION_MODE_FOR_NON_TTY = "bypass"
+
+
+def load_prefs() -> Dict[str, Any]:
+    """Load the prefs file. Returns {} if missing or unparseable."""
+    if not PREFS_PATH.exists():
+        return {}
+    try:
+        return json.loads(PREFS_PATH.read_text())
+    except Exception:
+        return {}
+
+
+def save_prefs(prefs: Dict[str, Any]) -> bool:
+    """Atomic write of the prefs file with mode 600."""
+    try:
+        PREFS_PATH.parent.mkdir(parents=True, exist_ok=True)
+        tmp = PREFS_PATH.with_suffix(".tmp")
+        tmp.write_text(json.dumps(prefs, indent=2))
+        try:
+            os.chmod(tmp, 0o600)
+        except Exception:
+            pass
+        tmp.replace(PREFS_PATH)
+        return True
+    except Exception as e:
+        print(f"[meshcode] WARNING: could not save prefs: {e}", file=sys.stderr)
+        return False
+
+
+def get_permission_mode() -> Optional[str]:
+    """Returns 'bypass' / 'safe' / 'ask' / None."""
+    val = load_prefs().get("permission_mode")
+    if isinstance(val, str) and val in VALID_PERMISSION_MODES:
+        return val
+    return None
+
+
+def set_permission_mode(mode: str) -> bool:
+    """Persist a new permission mode. Returns True on success."""
+    if mode not in VALID_PERMISSION_MODES:
+        print(f"[meshcode] ERROR: invalid permission mode '{mode}'. Use: {', '.join(sorted(VALID_PERMISSION_MODES))}", file=sys.stderr)
+        return False
+    prefs = load_prefs()
+    prefs["permission_mode"] = mode
+    prefs["permission_mode_set_at"] = int(time.time())
+    return save_prefs(prefs)
+
+
+def reset_permission_mode() -> bool:
+    """Forget the permission mode so the next launch prompts again."""
+    prefs = load_prefs()
+    prefs.pop("permission_mode", None)
+    prefs.pop("permission_mode_set_at", None)
+    return save_prefs(prefs)
+
+
+def prompt_permission_mode() -> str:
+    """Interactive first-run prompt. Returns the chosen mode and saves it.
+
+    If stdin is not a TTY (CI, automation, no terminal), silently picks
+    DEFAULT_PERMISSION_MODE_FOR_NON_TTY ('bypass') and saves it. The user
+    can change it later with `meshcode prefs permission-mode <mode>`.
+    """
+    if not sys.stdin.isatty():
+        set_permission_mode(DEFAULT_PERMISSION_MODE_FOR_NON_TTY)
+        return DEFAULT_PERMISSION_MODE_FOR_NON_TTY
+
+    print("", file=sys.stderr)
+    print("[meshcode] PERMISSION MODE — choose once (saved for future runs)", file=sys.stderr)
+    print("[meshcode]", file=sys.stderr)
+    print("[meshcode]   Mesh agents work best with bypass mode: tools run without", file=sys.stderr)
+    print("[meshcode]   confirmation prompts, so the autonomous loop is not interrupted.", file=sys.stderr)
+    print("[meshcode]   Equivalent to running `claude --dangerously-skip-permissions`.", file=sys.stderr)
+    print("[meshcode]", file=sys.stderr)
+    print("[meshcode]   In bypass mode, your agents can run shell commands, edit files,", file=sys.stderr)
+    print("[meshcode]   and access the network without asking. Only use bypass in", file=sys.stderr)
+    print("[meshcode]   directories where you're OK with the agent acting as you.", file=sys.stderr)
+    print("[meshcode]", file=sys.stderr)
+    print("[meshcode]   [B] Bypass mode  (recommended for autonomous mesh agents)", file=sys.stderr)
+    print("[meshcode]   [s] Safe mode    (you approve every tool call — kills the loop)", file=sys.stderr)
+    print("[meshcode]   [a] Ask me each launch", file=sys.stderr)
+    print("[meshcode]", file=sys.stderr)
+    try:
+        ans = input("[meshcode]   Pick [B/s/a] (default B): ").strip().lower()
+    except (EOFError, KeyboardInterrupt):
+        ans = ""
+
+    if ans in ("", "b", "bypass"):
+        chosen = "bypass"
+    elif ans in ("s", "safe"):
+        chosen = "safe"
+    elif ans in ("a", "ask"):
+        chosen = "ask"
+    else:
+        print(f"[meshcode]   '{ans}' not recognized — defaulting to bypass.", file=sys.stderr)
+        chosen = "bypass"
+
+    set_permission_mode(chosen)
+    print(f"[meshcode]   ✓ Saved as '{chosen}'. Change later with: meshcode prefs permission-mode <mode>", file=sys.stderr)
+    print("", file=sys.stderr)
+    return chosen
+
+
+def resolve_permission_mode(per_launch_override: Optional[str] = None) -> str:
+    """Resolve the effective permission mode for a single launch.
+
+    Order:
+      1. per-launch override (--bypass / --safe flag) wins
+      2. saved preference
+      3. interactive prompt (saves choice if user is at a TTY)
+      4. fallback to 'bypass' for non-TTY environments
+    """
+    if per_launch_override in VALID_PERMISSION_MODES:
+        return per_launch_override
+
+    saved = get_permission_mode()
+    if saved == "ask":
+        # The user opted into being prompted every launch
+        return prompt_permission_mode_quick()
+    if saved in ("bypass", "safe"):
+        return saved
+
+    # Unset → first-run prompt + save
+    return prompt_permission_mode()
+
+
+def prompt_permission_mode_quick() -> str:
+    """One-line prompt for users who picked 'ask each launch'.
+
+    Does NOT save — the saved preference stays as 'ask'.
+    """
+    if not sys.stdin.isatty():
+        return DEFAULT_PERMISSION_MODE_FOR_NON_TTY
+    try:
+        ans = input("[meshcode] Permission mode for this launch [B/s] (default B): ").strip().lower()
+    except (EOFError, KeyboardInterrupt):
+        ans = ""
+    if ans in ("s", "safe"):
+        return "safe"
+    return "bypass"

{meshcode-1.7.0 → meshcode-1.8.2}/meshcode/run_agent.py

@@ -25,6 +25,8 @@ import sys
 from pathlib import Path
 from typing import Optional, Tuple
 
+from .preferences import resolve_permission_mode
+
 WORKSPACES_ROOT = Path.home() / "meshcode"
 REGISTRY_PATH = WORKSPACES_ROOT / ".registry.json"
 
@@ -97,7 +99,7 @@ def _detect_editor() -> Optional[str]:
     return None
 
 
-def run(agent: str, project: Optional[str] = None, editor_override: Optional[str] = None) -> int:
+def run(agent: str, project: Optional[str] = None, editor_override: Optional[str] = None, permission_override: Optional[str] = None) -> int:
     """Launch the user's editor with ONLY the named agent's MCP server loaded."""
     found = _find_agent_workspace(agent, project)
     if not found:
@@ -121,12 +123,18 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
     if editor == "claude":
         # Claude Code: pass --mcp-config to point at the workspace's .mcp.json
         # and --strict-mcp-config so it ignores ~/.claude.json's mcpServers.
+        mode = resolve_permission_mode(permission_override)
         cmd = [
             editor,
             "--mcp-config", str(ws / ".mcp.json"),
             "--strict-mcp-config",
-            "--dangerously-skip-permissions",
         ]
+        if mode == "bypass":
+            cmd.append("--dangerously-skip-permissions")
+            print(f"[meshcode]   Permission mode: bypass (autonomous loop, no prompts)")
+        else:
+            print(f"[meshcode]   Permission mode: safe (Claude will prompt for every tool call)")
+            print(f"[meshcode]   Tip: change with `meshcode prefs permission-mode bypass`")
         try:
             os.chdir(ws)
         except Exception:

{meshcode-1.7.0 → meshcode-1.8.2}/meshcode.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 1.7.0
+Version: 1.8.2
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT

{meshcode-1.7.0 → meshcode-1.8.2}/meshcode.egg-info/SOURCES.txt

@@ -6,6 +6,7 @@ meshcode/comms_v4.py
 meshcode/invites.py
 meshcode/launcher.py
 meshcode/launcher_install.py
+meshcode/preferences.py
 meshcode/protocol_v2.py
 meshcode/run_agent.py
 meshcode/secrets.py

{meshcode-1.7.0 → meshcode-1.8.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "meshcode"
-version = "1.7.0"
+version = "1.8.2"
 description = "Real-time communication between AI agents — Supabase-backed CLI"
 readme = "README.md"
 license = {text = "MIT"}