meshcode 1.8.6__tar.gz → 1.8.9__tar.gz

{meshcode-1.8.6 → meshcode-1.8.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 1.8.6
+Version: 1.8.9
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT

{meshcode-1.8.6 → meshcode-1.8.9}/meshcode/__init__.py

@@ -1,2 +1,2 @@
 """MeshCode — Real-time communication between AI agents."""
-__version__ = "1.8.6"
+__version__ = "1.8.9"

{meshcode-1.8.6 → meshcode-1.8.9}/meshcode/comms_v4.py

@@ -47,8 +47,8 @@ from urllib.parse import quote
 # Production defaults baked in. The publishable key is the anon/public key
 # (RLS-protected, safe to ship — same one the frontend at meshcode.io uses
 # in the browser). Override via env vars or ~/.meshcode/env if you self-host.
-_DEFAULT_SUPABASE_URL = "https://wwgzzmydrwrjgaebspdo.supabase.co"
-_DEFAULT_SUPABASE_KEY = "sb_publishable_0qf0U1GURopPIxLR8Vu7eQ_5grflPP4"
+_DEFAULT_SUPABASE_URL = "https://gjinagyyjttyxnaoavnz.supabase.co"
+_DEFAULT_SUPABASE_KEY = "sb_publishable_qwN9PO1L7jUXhhbhhVk2CQ_z1FXG2Qf"
 
 def _load_env_file():
     """Read SUPABASE_URL/KEY from ~/.meshcode/env if present (overrides defaults)."""
@@ -190,7 +190,7 @@ def log_msg(text):
     try:
         with open(LOG_FILE, "a") as f:
             f.write(f"[{now()}] {text}\n")
-    except:
+    except (IOError, OSError):
         pass
 
 
@@ -198,12 +198,61 @@ def ensure_sessions():
     SESSIONS_DIR.mkdir(parents=True, exist_ok=True)
 
 
+def _load_api_key_for_cli() -> str:
+    """Pull the user's api key from the keychain (or env fallback) so the
+    CLI can call SECURITY DEFINER RPCs that use api_key auth instead of
+    relying on the publishable anon key + RLS, which is what CLI verbs
+    used to do and which always failed because the CLI has no JWT context.
+    """
+    # 1) explicit env override
+    k = os.environ.get("MESHCODE_API_KEY", "").strip()
+    if k:
+        return k
+    # 2) keychain via secrets module
+    try:
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+        profile = os.environ.get("MESHCODE_KEYCHAIN_PROFILE") or secrets_mod.DEFAULT_PROFILE
+        key = secrets_mod.get_api_key(profile=profile) or ""
+        if key:
+            return key
+    except Exception:
+        pass
+    return ""
+
+
 def get_project_id(project_name):
-    """Get or create project, return its UUID."""
+    """Resolve a project's UUID for the authenticated CLI user.
+
+    Resolution order:
+      1. api_key + mc_resolve_project RPC (SECURITY DEFINER, the only
+         path that actually works for an authenticated CLI session)
+      2. legacy publishable-anon SELECT (only useful for shared/public
+         projects; will fail under RLS for owned projects)
+      3. legacy publishable-anon INSERT (will fail under RLS — kept as
+         last resort for backwards compat with very old test scripts)
+    """
+    api_key = _load_api_key_for_cli()
+    if api_key:
+        try:
+            r = sb_rpc("mc_resolve_project", {
+                "p_api_key": api_key,
+                "p_project_name": project_name,
+            })
+            if isinstance(r, dict) and r.get("project_id"):
+                return r["project_id"]
+            # Some deployments return rows
+            if isinstance(r, list) and r and r[0].get("project_id"):
+                return r[0]["project_id"]
+        except Exception:
+            pass
+
     rows = sb_select("mc_projects", f"name=eq.{quote(project_name)}")
     if rows:
         return rows[0]["id"]
-    # Create project
+
+    # Last resort: try to create. Will fail under RLS for unauthenticated
+    # contexts, but kept for legacy callers + admin tooling.
     result = sb_insert("mc_projects", {"name": project_name})
     if result and len(result) > 0:
         return result[0]["id"]
@@ -227,7 +276,7 @@ def can_nudge(project, name):
             last = float(nf.read_text().strip())
             if (time.time() - last) < NUDGE_COOLDOWN:
                 return False
-        except:
+        except (ValueError, IOError, OSError):
             pass
     return True
 
@@ -262,7 +311,7 @@ def send_notification(project, name, from_agent, pending=1):
         else:
             # Linux
             subprocess.run(['notify-send', title, body], capture_output=True, timeout=3)
-    except:
+    except (subprocess.TimeoutExpired, subprocess.SubprocessError, OSError):
         pass
 
 
@@ -598,7 +647,7 @@ def nudge_agent(project, name, from_agent=""):
 
     try:
         data = json.loads(session_file.read_text())
-    except:
+    except (json.JSONDecodeError, IOError, OSError):
         if _headless_spawn_allowed():
             log_msg(f"[{project}] NUDGE: {name} session file unreadable, spawning headless (opt-in)")
             ok = _spawn_headless_for_pending(project, name, from_agent)
@@ -704,7 +753,7 @@ end tell
                               capture_output=True, text=True, timeout=10)
         if result.returncode == 0:
             success = True
-    except:
+    except (subprocess.TimeoutExpired, subprocess.SubprocessError, OSError):
         pass
 
     if success:
@@ -737,7 +786,7 @@ def get_session_info():
                 check_pid = parent
             else:
                 break
-    except:
+    except (subprocess.SubprocessError, OSError, ValueError):
         pass
 
     if not my_tty:
@@ -750,7 +799,7 @@ def get_session_info():
                 session_tty = data.get("tty", "")
                 if session_tty and (session_tty in my_tty or my_tty in session_tty):
                     return data.get("project"), data.get("agent")
-            except:
+            except (json.JSONDecodeError, IOError, OSError):
                 continue
 
     return None, None
@@ -786,7 +835,7 @@ def register(project, name, role=""):
                 check_pid = parent
             else:
                 break
-    except:
+    except (subprocess.SubprocessError, OSError, ValueError):
         pass
 
     # Register agent via tier-aware RPC (enforces plan limits)

{meshcode-1.8.6 → meshcode-1.8.9}/meshcode/invites.py

@@ -41,8 +41,8 @@ from urllib.request import Request, urlopen
 # Supabase RPC helpers
 # ============================================================
 
-_DEFAULT_SUPABASE_URL = "https://wwgzzmydrwrjgaebspdo.supabase.co"
-_DEFAULT_SUPABASE_KEY = "sb_publishable_0qf0U1GURopPIxLR8Vu7eQ_5grflPP4"
+_DEFAULT_SUPABASE_URL = "https://gjinagyyjttyxnaoavnz.supabase.co"
+_DEFAULT_SUPABASE_KEY = "sb_publishable_qwN9PO1L7jUXhhbhhVk2CQ_z1FXG2Qf"
 
 
 def _sb() -> Dict[str, str]:

{meshcode-1.8.6 → meshcode-1.8.9}/meshcode/meshcode_mcp/backend.py

@@ -13,8 +13,8 @@ from urllib.parse import quote
 from urllib.request import Request, urlopen
 
 # Bake in production defaults — RLS-protected publishable key, safe to ship.
-_DEFAULT_SUPABASE_URL = "https://wwgzzmydrwrjgaebspdo.supabase.co"
-_DEFAULT_SUPABASE_KEY = "sb_publishable_0qf0U1GURopPIxLR8Vu7eQ_5grflPP4"
+_DEFAULT_SUPABASE_URL = "https://gjinagyyjttyxnaoavnz.supabase.co"
+_DEFAULT_SUPABASE_KEY = "sb_publishable_qwN9PO1L7jUXhhbhhVk2CQ_z1FXG2Qf"
 
 def _load_env_file() -> Dict[str, str]:
     env_path = Path.home() / ".meshcode" / "env"

{meshcode-1.8.6 → meshcode-1.8.9}/meshcode/meshcode_mcp/server.py

@@ -221,24 +221,32 @@ if not _flip_status("idle", ""):
 # Fire-and-forget flips so tool execution is never blocked.
 # ============================================================
 import functools as _functools
+import threading as _threading
+
+_flip_lock = _threading.Lock()
 
 
 async def _async_flip_status(status: str, task: str = "") -> None:
     try:
-        await asyncio.to_thread(_flip_status, status, task)
+        await asyncio.to_thread(_flip_status_locked, status, task)
     except Exception as e:
         log.debug(f"flip_status({status}) failed: {e}")
 
 
+def _flip_status_locked(status: str, task: str = "") -> bool:
+    """Thread-safe wrapper around _flip_status to prevent concurrent RPCs."""
+    with _flip_lock:
+        return _flip_status(status, task)
+
+
 def _schedule_flip(status: str, task: str = "") -> None:
     try:
         loop = asyncio.get_running_loop()
         loop.create_task(_async_flip_status(status, task))
     except RuntimeError:
         # No running loop (sync context) — run in a throwaway thread
-        import threading
-        threading.Thread(
-            target=_flip_status, args=(status, task), daemon=True
+        _threading.Thread(
+            target=_flip_status_locked, args=(status, task), daemon=True
         ).start()
 
 
@@ -434,6 +442,38 @@ LOOP-SAFETY RULES (IMPORTANT — prevent token-burning ping-pong):
 - If you find yourself sending more than ~10 messages on the same topic
   in a row, stop and reassess — you may be in a feedback loop.
 
+COMMUNICATION EFFICIENCY PROTOCOL (MANDATORY):
+
+1. TASKS OVER MESSAGES: use meshcode_task_create/claim/complete for all
+   trackable work assignments, NOT messages. Messages are only for short
+   signals: "review needed", "blocked on X", "approved", "question: ...".
+   The Tasks panel in the dashboard is where the human sees progress — if
+   there are no tasks, the human has no visibility into what you're doing.
+
+2. COMPRESSED REPORTS: when reporting findings, use structured JSON in the
+   payload, not prose:
+     {{"findings": [{{"severity":"high","file":"X","issue":"Y","fix":"Z"}}],
+      "commits":["abc1234"], "next":"awaiting_review"}}
+
+3. NO PROSE PADDING: never write "As you asked, I reviewed the schema and
+   found that..." — go straight to the data. Max 2 sentences of context,
+   then structured output. Every token costs money.
+
+4. SIGNAL-ONLY MESSAGES: meshcode_send messages must be <100 tokens. If you
+   need to communicate more, create a task with the full description and
+   send a signal: "task created: <title>".
+
+5. TASK STATUS AS SOURCE OF TRUTH: always create tasks for trackable work.
+   Claim them when you start. Complete them when done. The human watches the
+   task board, not the chat. No task = invisible work = wasted effort.
+
+6. POLL TASKS, DON'T WAIT FOR MESSAGES: when coordinating, use
+   meshcode_tasks() to check task status instead of waiting for a message.
+   If you assigned a task, poll the board to see if it's done — don't
+   assume the agent will message you. Messages can be missed; task status
+   is persistent and reliable. Check meshcode_tasks() before each
+   meshcode_wait() call to avoid stale waits.
+
 YOUR FIRST ACTIONS WHEN THIS SESSION STARTS:
 1. Call meshcode_status() once to see who else is in the meshwork.
 2. Call meshcode_set_status(status="online", task="ready") to announce
@@ -505,12 +545,37 @@ async def _on_new_message(msg: Dict[str, Any]) -> None:
 
 
 async def _heartbeat_loop():
+    """Send heartbeat every 30s via HTTP. Also renews the agent lease and
+    logs when the WebSocket is disconnected (heartbeat still works via HTTP
+    so the agent stays 'online' in the DB even during WS reconnects)."""
+    _lease_counter = 0
     while True:
         try:
             be.sb_rpc("mc_heartbeat", {"p_project_id": _PROJECT_ID, "p_agent_name": AGENT_NAME})
-            log.debug(f"heartbeat ok for {AGENT_NAME}")
+            # Log WS health for diagnostics
+            if _REALTIME and not _REALTIME.is_connected:
+                log.warning("heartbeat ok (HTTP) but WebSocket is disconnected — realtime messages may be delayed")
+            else:
+                log.debug(f"heartbeat ok for {AGENT_NAME}")
         except Exception as e:
             log.warning(f"heartbeat failed: {e}")
+
+        # Renew lease every ~2 minutes (every 4th heartbeat) to prevent
+        # another instance from stealing it during long sessions.
+        _lease_counter += 1
+        if _lease_counter % 4 == 0:
+            try:
+                api_key = _get_api_key()
+                if api_key:
+                    be.sb_rpc("mc_acquire_agent_lease", {
+                        "p_api_key": api_key,
+                        "p_project_id": _PROJECT_ID,
+                        "p_agent_name": AGENT_NAME,
+                        "p_instance_id": _INSTANCE_ID,
+                    })
+            except Exception as e:
+                log.warning(f"lease renewal failed: {e}")
+
         await asyncio.sleep(30)
 
 

{meshcode-1.8.6 → meshcode-1.8.9}/meshcode/run_agent.py

@@ -112,6 +112,16 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
     except Exception:
         pass
 
+    # Detect: are we already inside a Claude Code session? os.execvp(claude)
+    # from inside an existing claude won't work — claude needs a fresh
+    # interactive terminal it owns. Refuse with a clear message.
+    if os.environ.get("CLAUDECODE") == "1" or os.environ.get("CLAUDE_CODE_SESSION"):
+        print("[meshcode] ERROR: meshcode run cannot bootstrap a new agent from inside an", file=sys.stderr)
+        print("[meshcode]        existing Claude Code session.", file=sys.stderr)
+        print("[meshcode]        Open a fresh Terminal / iTerm window and run the command there.", file=sys.stderr)
+        print(f"[meshcode]        (or copy this exact line into a new terminal: meshcode run {agent})", file=sys.stderr)
+        return 2
+
     found = _find_agent_workspace(agent, project)
     if not found:
         return 2
@@ -138,7 +148,6 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
         cmd = [
             editor,
             "--mcp-config", str(ws / ".mcp.json"),
-            "--strict-mcp-config",
         ]
         if mode == "bypass":
             cmd.append("--dangerously-skip-permissions")

{meshcode-1.8.6 → meshcode-1.8.9}/meshcode/setup_clients.py

@@ -93,9 +93,9 @@ def _load_supabase_env() -> Dict[str, str]:
                     elif k == "SUPABASE_KEY" and not key:
                         key = v
     if not url:
-        url = "https://wwgzzmydrwrjgaebspdo.supabase.co"
+        url = "https://gjinagyyjttyxnaoavnz.supabase.co"
     if not key:
-        key = "sb_publishable_0qf0U1GURopPIxLR8Vu7eQ_5grflPP4"
+        key = "sb_publishable_qwN9PO1L7jUXhhbhhVk2CQ_z1FXG2Qf"
     return {"SUPABASE_URL": url, "SUPABASE_KEY": key}
 
 
@@ -300,10 +300,30 @@ def setup_workspace(project: str, agent: str, role: str = "",
         print(f"[meshcode] ERROR: cannot load secrets module: {e}", file=sys.stderr)
         return 2
 
+    if not api_key and keychain_profile == "default" and sys.stdin.isatty():
+        # No key in keychain — prompt inline instead of failing
+        print("[meshcode] No API key found. You can get one from meshcode.io/settings.", file=sys.stderr)
+        try:
+            api_key = input("[meshcode] Paste your API key (mc_...): ").strip()
+        except (EOFError, KeyboardInterrupt):
+            api_key = ""
+        if api_key:
+            # Store it so they never have to paste again
+            try:
+                import importlib as _il
+                _login = _il.import_module("meshcode.comms_v4").login
+                _login(api_key)
+            except Exception:
+                # Fallback: just store raw in keychain
+                try:
+                    secrets_mod.set_api_key(api_key, profile="default")
+                except Exception:
+                    pass
+
     if not api_key:
-        print(f"[meshcode] ERROR: no api key found in keychain profile '{keychain_profile}'", file=sys.stderr)
+        print(f"[meshcode] ERROR: no api key found.", file=sys.stderr)
         if keychain_profile == "default":
-            print("[meshcode]   Run `meshcode login <api_key>` first.", file=sys.stderr)
+            print("[meshcode]   Run `meshcode login <api_key>` or paste it when prompted.", file=sys.stderr)
         else:
             print(f"[meshcode]   This profile is created by `meshcode join <token>`.", file=sys.stderr)
         return 2

{meshcode-1.8.6 → meshcode-1.8.9}/meshcode.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 1.8.6
+Version: 1.8.9
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT

{meshcode-1.8.6 → meshcode-1.8.9}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "meshcode"
-version = "1.8.6"
+version = "1.8.9"
 description = "Real-time communication between AI agents — Supabase-backed CLI"
 readme = "README.md"
 license = {text = "MIT"}