meshcode 2.10.41__tar.gz → 2.10.43__tar.gz

{meshcode-2.10.41 → meshcode-2.10.43}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 2.10.41
+Version: 2.10.43
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT

{meshcode-2.10.41 → meshcode-2.10.43}/meshcode/__init__.py

@@ -1,2 +1,2 @@
 """MeshCode — Real-time communication between AI agents."""
-__version__ = "2.10.41"
+__version__ = "2.10.43"

{meshcode-2.10.41 → meshcode-2.10.43}/meshcode/comms_v4.py

@@ -74,7 +74,11 @@ SUPABASE_KEY = os.environ.get("SUPABASE_KEY") or _env_file.get("SUPABASE_KEY") o
 SCHEMA = "meshcode"
 
 # Local paths for session/TTY tracking (still needed for nudge)
-COMMS_DIR = Path(__file__).parent
+# NEVER use Path(__file__).parent — writing into the package directory
+# creates residual files that turn site-packages/meshcode/ into a
+# namespace package, breaking editable installs and __version__ imports.
+COMMS_DIR = Path.home() / ".meshcode"
+COMMS_DIR.mkdir(parents=True, exist_ok=True)
 SESSIONS_DIR = COMMS_DIR / "sessions"
 LOG_FILE = COMMS_DIR / "comms.log"
 
@@ -310,34 +314,86 @@ def mark_nudged(project, name):
         nf.write_text(str(time.time()), encoding="utf-8")
 
 
+def _sanitize_notification_text(text: str) -> str:
+    """Strip characters that could escape shell/PS quoting contexts."""
+    # Remove quotes, backticks, dollar signs, semicolons, pipes, and backslashes
+    # to prevent injection in osascript, PowerShell, and notify-send.
+    return "".join(c for c in text if c not in '"\'`$;|\\<>(){}')
+
+
 def send_notification(project, name, from_agent, pending=1):
     """Cross-platform notification: macOS (osascript), Windows (PowerShell toast), Linux (notify-send)."""
-    title = f"MeshCode [{project}] → {name}"
-    body = f"{pending} mensaje(s) pendiente(s) de {from_agent}"
+    title = _sanitize_notification_text(f"MeshCode [{project}] → {name}")
+    body = _sanitize_notification_text(f"{pending} mensaje(s) pendiente(s) de {from_agent}")
     try:
         if sys.platform == "darwin":
+            # osascript: pass as -e argument, quotes are stripped by sanitizer
             subprocess.run(['osascript', '-e',
                 f'display notification "{body}" with title "{title}" sound name "Ping"'],
                 capture_output=True, timeout=3)
         elif sys.platform == "win32":
+            # PowerShell: use single-quoted strings (no variable expansion)
+            # and pass title/body via -replace to avoid any interpolation
             ps_script = (
-                f'[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null; '
-                f'$xml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent(0); '
-                f'$text = $xml.GetElementsByTagName("text"); '
-                f'$text[0].AppendChild($xml.CreateTextNode("{title}")); '
-                f'$text[1].AppendChild($xml.CreateTextNode("{body}")); '
-                f'$toast = [Windows.UI.Notifications.ToastNotification]::new($xml); '
-                f'[Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier("MeshCode").Show($toast)'
+                '[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null; '
+                '$xml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent(0); '
+                '$text = $xml.GetElementsByTagName("text"); '
+                f"$text[0].AppendChild($xml.CreateTextNode('{title}')); "
+                f"$text[1].AppendChild($xml.CreateTextNode('{body}')); "
+                '$toast = [Windows.UI.Notifications.ToastNotification]::new($xml); '
+                '[Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier("MeshCode").Show($toast)'
             )
-            subprocess.run(['powershell', '-Command', ps_script],
+            subprocess.run(['powershell', '-NoProfile', '-Command', ps_script],
                 capture_output=True, timeout=5)
         else:
-            # Linux
+            # Linux: notify-send takes title and body as separate args (no shell)
             subprocess.run(['notify-send', title, body], capture_output=True, timeout=3)
     except (subprocess.TimeoutExpired, subprocess.SubprocessError, OSError):
         pass
 
 
+def _nudge_windows_terminal(name, pending, tty, pid):
+    """Activate the agent's terminal window on Windows.
+
+    Uses PowerShell + kernel32 to find the console window by process ID and
+    bring it to the foreground. Does NOT send keystrokes — that would risk
+    confirming prompts or interrupting bypass mode. The window activation
+    combined with the desktop notification is enough to alert the user.
+    """
+    if not pid:
+        return
+    try:
+        pid = int(pid)
+    except (ValueError, TypeError):
+        return
+    try:
+        ps_script = f'''
+$proc = Get-Process -Id {pid} -ErrorAction SilentlyContinue
+if ($proc -and $proc.MainWindowHandle -ne 0) {{
+    Add-Type @"
+    using System;
+    using System.Runtime.InteropServices;
+    public class WinApi {{
+        [DllImport("user32.dll")] public static extern bool SetForegroundWindow(IntPtr hWnd);
+        [DllImport("user32.dll")] public static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);
+    }}
+"@
+    [WinApi]::ShowWindow($proc.MainWindowHandle, 9)
+    [WinApi]::SetForegroundWindow($proc.MainWindowHandle)
+}}
+'''
+        subprocess.run(
+            ["powershell", "-NoProfile", "-Command", ps_script],
+            stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL,
+            timeout=10,
+        )
+        log_msg(f"[nudge] Windows: activated terminal for {name} (pid={pid})")
+    except subprocess.TimeoutExpired:
+        log_msg(f"[nudge] Windows: PowerShell timed out for {name}")
+    except Exception as e:
+        log_msg(f"[nudge] Windows: failed for {name}: {e}")
+
+
 def _is_pid_alive(pid):
     """Return True iff the given pid corresponds to a live process."""
     if not pid:
@@ -782,8 +838,10 @@ def nudge_agent(project, name, from_agent=""):
     message = f"Tienes {pending} mensaje(s). Revisa: meshcode read {project} {name}"
     escaped_message = message.replace('\\', '\\\\').replace('"', '\\"')
 
-    # Only attempt AppleScript nudge on macOS
+    # Non-macOS: use platform-specific terminal nudge
     if sys.platform != "darwin":
+        if sys.platform == "win32":
+            _nudge_windows_terminal(name, pending, tty, cached_pid)
         send_notification(project, name, from_agent, pending)
         mark_nudged(project, name)
         return True

{meshcode-2.10.41 → meshcode-2.10.43}/meshcode/meshcode_mcp/backend.py

@@ -23,49 +23,114 @@ from urllib.request import Request, urlopen
 # ── Circuit Breaker ──────────────────────────────────────────────
 # Protects against cascading failures when Supabase is down.
 # States: CLOSED (normal) → OPEN (reject fast) → HALF_OPEN (probe)
+#
+# v2 fixes (2026-04-18):
+#   1. Rolling failure window — only recent failures count toward threshold
+#   2. Exponential backoff — half-open probe failure doubles recovery timeout
+#   3. Max open duration — force-resets after 5 min regardless of probe results
+#   4. Pool flush on recovery — clears stale sockets before half-open probe
+#   5. sb_rpc records ONE failure per call, not one per retry attempt
 class _CircuitBreaker:
     CLOSED = "closed"
     OPEN = "open"
     HALF_OPEN = "half_open"
 
-    def __init__(self, failure_threshold: int = 5, recovery_timeout: float = 30.0):
+    def __init__(self, failure_threshold: int = 5, recovery_timeout: float = 10.0,
+                 max_recovery_timeout: float = 60.0, window_seconds: float = 60.0,
+                 max_open_seconds: float = 300.0):
         self.failure_threshold = failure_threshold
-        self.recovery_timeout = recovery_timeout
+        self._base_recovery_timeout = recovery_timeout
+        self._max_recovery_timeout = max_recovery_timeout
+        self._window_seconds = window_seconds
+        self._max_open_seconds = max_open_seconds
         self.state = self.CLOSED
-        self.failure_count = 0
+        self._failures: list = []
+        self._current_recovery_timeout = recovery_timeout
+        self._opened_at = 0.0
         self.last_failure_time = 0.0
         self._lock = _threading.Lock()
+        self._pool_ref = None
+
+    def set_pool(self, pool):
+        self._pool_ref = pool
+
+    def _prune_old_failures(self):
+        cutoff = _time.monotonic() - self._window_seconds
+        self._failures = [t for t in self._failures if t > cutoff]
+
+    def _flush_pool(self):
+        if self._pool_ref:
+            try:
+                self._pool_ref.close()
+            except Exception:
+                pass
 
     def can_execute(self) -> bool:
         with self._lock:
             if self.state == self.CLOSED:
                 return True
+            now = _time.monotonic()
             if self.state == self.OPEN:
-                if _time.monotonic() - self.last_failure_time >= self.recovery_timeout:
+                if now - self._opened_at >= self._max_open_seconds:
+                    log.warning("circuit breaker: max open duration (%ds) reached — force half-open",
+                                int(self._max_open_seconds))
                     self.state = self.HALF_OPEN
+                    self._failures.clear()
+                    self._current_recovery_timeout = self._base_recovery_timeout
+                    self._flush_pool()
+                    return True
+                if now - self.last_failure_time >= self._current_recovery_timeout:
+                    log.info("circuit breaker: recovery timeout elapsed — half-open probe")
+                    self.state = self.HALF_OPEN
+                    self._flush_pool()
                     return True
                 return False
-            # HALF_OPEN: allow one probe
             return True
 
     def record_success(self) -> None:
         with self._lock:
-            self.failure_count = 0
+            prev = self.state
+            self._failures.clear()
             self.state = self.CLOSED
+            self._current_recovery_timeout = self._base_recovery_timeout
+            if prev != self.CLOSED:
+                log.info("circuit breaker: recovered — back to CLOSED")
 
     def record_failure(self) -> None:
         with self._lock:
-            self.failure_count += 1
-            self.last_failure_time = _time.monotonic()
-            if self.failure_count >= self.failure_threshold:
+            now = _time.monotonic()
+            self._failures.append(now)
+            self.last_failure_time = now
+            self._prune_old_failures()
+            if self.state == self.HALF_OPEN:
+                self.state = self.OPEN
+                self._opened_at = now
+                self._current_recovery_timeout = min(
+                    self._current_recovery_timeout * 2,
+                    self._max_recovery_timeout
+                )
+                log.warning("circuit breaker: half-open probe failed — OPEN (next probe in %ds)",
+                            int(self._current_recovery_timeout))
+            elif len(self._failures) >= self.failure_threshold:
                 self.state = self.OPEN
+                self._opened_at = now
+                log.warning("circuit breaker: %d failures in %ds window — OPEN",
+                            len(self._failures), int(self._window_seconds))
 
     @property
     def is_open(self) -> bool:
         return self.state == self.OPEN
 
+    @property
+    def failure_count(self) -> int:
+        with self._lock:
+            self._prune_old_failures()
+            return len(self._failures)
+
 
-_circuit = _CircuitBreaker(failure_threshold=5, recovery_timeout=10.0)
+_circuit = _CircuitBreaker(failure_threshold=5, recovery_timeout=10.0,
+                           max_recovery_timeout=60.0, window_seconds=60.0,
+                           max_open_seconds=300.0)
 
 # Bake in production defaults — RLS-protected publishable key, safe to ship.
 _DEFAULT_SUPABASE_URL = "https://gjinagyyjttyxnaoavnz.supabase.co"
@@ -180,6 +245,7 @@ class _ConnectionPool:
 
 
 _pool = _ConnectionPool(SUPABASE_URL, pool_size=3)
+_circuit.set_pool(_pool)
 
 
 def _now_iso() -> str:
@@ -309,16 +375,15 @@ def sb_rpc(fn_name: str, params: Dict, *, _max_retries: int = 3) -> Any:
                     _bg_record("error", {"rpc": fn_name, "error": raw[:200]})
                 return result
             else:
-                _circuit.record_failure()
                 last_err = raw[:200]
         except (URLError, OSError, TimeoutError, http.client.HTTPException) as e:
-            _circuit.record_failure()
             last_err = str(getattr(e, 'reason', e))
         # Retry with jitter for transient errors (5xx, network)
         if attempt < _max_retries - 1:
             delay = (2 ** attempt) + _random.uniform(0, 1)
             _time.sleep(delay)
-    # All retries exhausted
+    # All retries exhausted — record ONE failure for the entire call
+    _circuit.record_failure()
     if _recording_enabled and fn_name not in _SKIP_RECORDING:
         _bg_record("error", {"rpc": fn_name, "error": str(last_err)[:200], "retries_exhausted": True})
     return {"_error": str(last_err)[:200] if last_err else "request failed after retries"}
@@ -409,34 +474,75 @@ def register_agent(project: str, name: str, role: str = "", api_key: Optional[st
     }
 
 
+# TTL cache for resolve_agent_name — avoids N+1 queries on every send().
+# Key: (project_id, name) → (resolved_name, expiry_ts).  Max 256 entries.
+_AGENT_NAME_CACHE: Dict[tuple, tuple] = {}
+_AGENT_NAME_CACHE_LOCK = _threading.Lock()
+_AGENT_NAME_CACHE_TTL = 300  # 5 minutes
+_AGENT_NAME_CACHE_MAX = 256
+
+
+def _agent_name_cache_get(project_id: str, name: str) -> Optional[str]:
+    key = (project_id, name)
+    with _AGENT_NAME_CACHE_LOCK:
+        entry = _AGENT_NAME_CACHE.get(key)
+        if entry and entry[1] > _time.time():
+            return entry[0]
+        _AGENT_NAME_CACHE.pop(key, None)
+    return None
+
+
+def _agent_name_cache_set(project_id: str, name: str, resolved: str) -> None:
+    key = (project_id, name)
+    with _AGENT_NAME_CACHE_LOCK:
+        if len(_AGENT_NAME_CACHE) >= _AGENT_NAME_CACHE_MAX:
+            # Evict oldest entries
+            now = _time.time()
+            expired = [k for k, v in _AGENT_NAME_CACHE.items() if v[1] <= now]
+            for k in expired:
+                del _AGENT_NAME_CACHE[k]
+            if len(_AGENT_NAME_CACHE) >= _AGENT_NAME_CACHE_MAX:
+                # Still full — evict first quarter by insertion order
+                to_evict = list(_AGENT_NAME_CACHE.keys())[:_AGENT_NAME_CACHE_MAX // 4]
+                for k in to_evict:
+                    del _AGENT_NAME_CACHE[k]
+        _AGENT_NAME_CACHE[key] = (resolved, _time.time() + _AGENT_NAME_CACHE_TTL)
+
+
 def resolve_agent_name(project_id: str, name: str) -> str:
     """Resolve a partial or exact agent name to the full registered name.
 
     Returns the exact match if found, or a unique prefix/substring match.
     Returns the original name unchanged if no match or ambiguous.
     Broadcast target '*' is passed through unchanged.
+    Uses a TTL cache to avoid repeated DB lookups.
     """
     if not name or name == "*":
         return name
+    cached = _agent_name_cache_get(project_id, name)
+    if cached is not None:
+        return cached
     # Exact match — fast path
     exact = sb_select("mc_agents",
                       f"project_id=eq.{project_id}&name=eq.{quote(name)}",
                       limit=1)
     if exact:
+        _agent_name_cache_set(project_id, name, name)
         return name
     # Fuzzy: prefix or substring match among registered agents
-    agents = sb_select("mc_agents", f"project_id=eq.{project_id}",
-                       columns="name")
+    agents = sb_select("mc_agents", f"project_id=eq.{project_id}&select=name")
     if not agents:
         return name
     all_names = [a["name"] for a in agents]
     # Try prefix match first
     prefix_matches = [n for n in all_names if n.startswith(name)]
     if len(prefix_matches) == 1:
+        _agent_name_cache_set(project_id, name, prefix_matches[0])
         return prefix_matches[0]
     # Try substring match
     sub_matches = [n for n in all_names if name in n]
     if len(sub_matches) == 1:
+        _agent_name_cache_set(project_id, name, sub_matches[0])
         return sub_matches[0]
     # Ambiguous or no match — return original
     return name
@@ -651,20 +757,34 @@ def count_pending(project_id: str, agent: str, api_key: Optional[str] = None) ->
 # Encryption helpers for sensitive mesh messages
 # ============================================================
 
-_mesh_key_cache: Dict[str, str] = {}  # project_id -> hex key
+# TTL + max-size cache for mesh encryption keys. Previous version was unbounded.
+_mesh_key_cache: Dict[str, tuple] = {}  # project_id -> (hex_key, expiry_ts)
+_MESH_KEY_CACHE_TTL = 600  # 10 minutes
+_MESH_KEY_CACHE_MAX = 64
 
 
 def get_mesh_key(api_key: str, project_id: str) -> Optional[str]:
     """Retrieve the per-meshwork encryption key (hex-encoded AES-256 key)."""
-    if project_id in _mesh_key_cache:
-        return _mesh_key_cache[project_id]
+    entry = _mesh_key_cache.get(project_id)
+    if entry and entry[1] > _time.time():
+        return entry[0]
+    _mesh_key_cache.pop(project_id, None)
     result = sb_rpc("mc_get_mesh_key", {
         "p_api_key": api_key,
         "p_project_id": project_id,
     })
     if isinstance(result, dict) and result.get("ok"):
         key = result["key"]
-        _mesh_key_cache[project_id] = key
+        if len(_mesh_key_cache) >= _MESH_KEY_CACHE_MAX:
+            # Evict expired, then oldest if still full
+            now = _time.time()
+            expired = [k for k, v in _mesh_key_cache.items() if v[1] <= now]
+            for k in expired:
+                del _mesh_key_cache[k]
+            if len(_mesh_key_cache) >= _MESH_KEY_CACHE_MAX:
+                oldest = min(_mesh_key_cache, key=lambda k: _mesh_key_cache[k][1])
+                del _mesh_key_cache[oldest]
+        _mesh_key_cache[project_id] = (key, _time.time() + _MESH_KEY_CACHE_TTL)
         return key
     return None
 
@@ -726,7 +846,11 @@ def decrypt_payload(encrypted_b64: str, hex_key: str, aad: Optional[str] = None)
 
 
 def get_board(project_id: str) -> List[Dict]:
-    return sb_select("mc_agents", f"project_id=eq.{project_id}", order="registered_at.asc")
+    return sb_select(
+        "mc_agents",
+        f"project_id=eq.{project_id}&select=name,role,status,task,last_heartbeat,registered_at",
+        order="registered_at.asc",
+    )
 
 
 def heartbeat(project_id: str, agent: str) -> Dict:

{meshcode-2.10.41 → meshcode-2.10.43}/meshcode/meshcode_mcp/server.py

@@ -108,14 +108,14 @@ _SEEN_TTL = 300.0  # 5 minutes
 # ============================================================
 # Auto-wake: when agent is NOT in meshcode_wait and a message
 # arrives, inject text into the terminal to wake the agent.
-# DEFAULT: ON. Disable with MESHCODE_AUTO_WAKE=0 if you don't want it.
 # ============================================================
 _IN_WAIT = False  # True while meshcode_wait is blocking
-# Default OFF as of 2.10.27 — the AppleScript/PowerShell keystroke injection
-# wrote nudge text directly into the user's terminal, which corrupts stdin on
-# terminals that don't interpret ANSI, interrupts the user mid-typing, and
-# duplicates what the dashboard already surfaces. Opt-in with
-# MESHCODE_AUTO_WAKE=1 for users who want the legacy behavior.
+# Default OFF — keystroke injection can corrupt stdin on some terminals.
+# The primary nudge path is now in comms_v4.nudge_agent() which uses
+# platform-specific window activation (SetForegroundWindow on Windows,
+# AppleScript on macOS) + desktop notification.
+# Set MESHCODE_AUTO_WAKE=1 to also inject text into the terminal from
+# the MCP server side (useful if comms_v4 nudge doesn't reach the agent).
 _AUTO_WAKE = os.environ.get("MESHCODE_AUTO_WAKE", "0").lower() in ("1", "true", "yes")
 
 
@@ -197,8 +197,10 @@ def _try_auto_wake(from_agent: str, preview: str) -> None:
             Add-Type -AssemblyName System.Windows.Forms
             [System.Windows.Forms.SendKeys]::SendWait("{sk_safe}{{ENTER}}")
             '''
-            subprocess.Popen(["powershell", "-Command", ps_script],
-                             stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+            # Use subprocess.run with timeout to prevent orphaned PowerShell processes
+            subprocess.run(["powershell", "-NoProfile", "-Command", ps_script],
+                           stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL,
+                           timeout=10)
             log.info("auto-wake: injected nudge via PowerShell SendKeys")
         else:
             # Linux — xdotool takes args directly, not shell-interpolated (safe)
@@ -382,6 +384,30 @@ if not PROJECT_NAME or not AGENT_NAME:
     )
     sys.exit(2)
 
+# ============================================================
+# CWD check — warn if user opened Claude from the wrong directory
+# ============================================================
+# On Windows (and sometimes macOS), users open Claude Code from their home
+# directory instead of the workspace where .mcp.json lives. The MCP server
+# still loads (env vars come from .mcp.json), but the agent can't access
+# workspace files. Warn early so the user knows to use `meshcode run`.
+
+_cwd = os.getcwd()
+_cwd_has_mcp = os.path.exists(os.path.join(_cwd, ".mcp.json"))
+_home = os.path.expanduser("~")
+if not _cwd_has_mcp and os.path.normpath(_cwd) == os.path.normpath(_home):
+    _mc_log(
+        f"Current directory is your home folder ({_cwd}). "
+        f"This agent's workspace may be elsewhere. "
+        f"For best results, use: meshcode run {AGENT_NAME}",
+        "warn",
+    )
+elif not _cwd_has_mcp:
+    _mc_log(
+        f"No .mcp.json found in {_cwd}. "
+        f"If tools can't find your files, try: meshcode run {AGENT_NAME}",
+        "warn",
+    )
 
 # ============================================================
 # API key resolution — keychain first, env var fallback
@@ -1120,24 +1146,69 @@ async def _on_new_message(msg: Dict[str, Any]) -> None:
 # Stashed MCP session for silent auto-wake (works when agent is idle, no active tool call)
 _STASHED_SESSION = None
 
+# Store the main asyncio event loop reference for use in the heartbeat daemon
+# thread.  On Windows (ProactorEventLoop), asyncio.get_event_loop() inside a
+# non-main thread returns a NEW, non-running loop — so is_running() is always
+# False and run_coroutine_threadsafe silently does nothing.  By capturing the
+# loop at lifespan start we guarantee the heartbeat thread can schedule
+# Realtime restarts on the correct loop regardless of platform.
+_MAIN_LOOP: asyncio.AbstractEventLoop | None = None
+
 _heartbeat_stop = _threading.Event()
 
+# Windows CPU tracking: (Get-Process).CPU returns cumulative seconds, not a
+# real-time percentage like Unix `ps -o %cpu`.  We track the previous reading
+# and timestamp so we can derive Δcpu/Δtime as a percentage.
+_win_prev_cpu: float | None = None
+_win_prev_ts: float | None = None
+
 
 def _get_parent_cpu() -> float:
-    """Check parent process CPU usage to detect if LLM is actively generating."""
+    """Return approximate real-time CPU usage (%) of the parent process.
+
+    On Unix this delegates to ``ps -o %cpu`` which returns a percentage
+    directly.  On Windows, ``(Get-Process).CPU`` returns *total CPU seconds*
+    since process start — a monotonically increasing number.  To get a
+    meaningful percentage we compute ``(Δcpu / Δtime) * 100`` between two
+    consecutive heartbeat calls.
+    """
+    global _win_prev_cpu, _win_prev_ts
     try:
         import subprocess as _sp, platform as _pl
         ppid = os.getppid()
         if _pl.system() == "Windows":
-            r = _sp.run(["wmic", "process", "where", f"processid={ppid}", "get", "percentprocessortime"],
-                       capture_output=True, text=True, timeout=5)
-            lines = [l.strip() for l in r.stdout.strip().split("\n") if l.strip()]
-            return float(lines[-1]) if len(lines) > 1 else 0.0
+            now = _time.time()
+            r = _sp.run(
+                ["powershell", "-NoProfile", "-Command",
+                 f"(Get-Process -Id {ppid} -ErrorAction SilentlyContinue).CPU"],
+                capture_output=True, text=True, timeout=5,
+            )
+            val = r.stdout.strip()
+            if not val:
+                log.debug(f"Windows CPU: empty output for ppid={ppid}")
+                return 0.0
+            cpu_total = float(val)
+            if _win_prev_cpu is None or _win_prev_ts is None:
+                # First reading — store baseline, return 0
+                _win_prev_cpu = cpu_total
+                _win_prev_ts = now
+                log.debug(f"Windows CPU baseline: {cpu_total:.2f}s (ppid={ppid})")
+                return 0.0
+            dt = now - _win_prev_ts
+            dcpu = cpu_total - _win_prev_cpu
+            _win_prev_cpu = cpu_total
+            _win_prev_ts = now
+            if dt <= 0:
+                return 0.0
+            pct = (dcpu / dt) * 100.0
+            log.debug(f"Windows CPU: Δcpu={dcpu:.3f}s Δt={dt:.1f}s → {pct:.1f}%")
+            return max(pct, 0.0)
         else:
             r = _sp.run(["ps", "-p", str(ppid), "-o", "%cpu"], capture_output=True, text=True, timeout=5)
             lines = [l.strip() for l in r.stdout.strip().split("\n") if l.strip()]
             return float(lines[-1]) if len(lines) > 1 else 0.0
-    except Exception:
+    except Exception as e:
+        log.debug(f"CPU detection failed: {e}")
         return 0.0
 
 
@@ -1171,6 +1242,15 @@ def _heartbeat_thread_fn():
 def _heartbeat_loop_inner():
     """Single iteration of the heartbeat loop. Separated so the outer
     wrapper can catch any exception and restart cleanly."""
+    import platform as _pl
+    _is_windows = _pl.system() == "Windows"
+    if _is_windows:
+        log.info(
+            f"[WIN-DEBUG] heartbeat thread started on Windows — "
+            f"agent={AGENT_NAME} ppid={os.getppid()} "
+            f"loop_captured={_MAIN_LOOP is not None} "
+            f"realtime={'connected' if _REALTIME and _REALTIME.is_connected else 'none/disconnected'}"
+        )
     lease_counter = 0
     while not _heartbeat_stop.is_set():
         try:
@@ -1182,6 +1262,16 @@ def _heartbeat_loop_inner():
             in_wait = _IN_WAIT
             idle_secs = _time.time() - _last_tool_at
 
+            if _is_windows and lease_counter % 12 == 0:
+                # Periodic Windows debug dump (every ~60s on pro, ~180s on free)
+                log.info(
+                    f"[WIN-DEBUG] cpu={parent_cpu:.1f}% state={cur_state} "
+                    f"in_wait={in_wait} idle={idle_secs:.0f}s "
+                    f"rt_conn={_REALTIME.is_connected if _REALTIME else 'N/A'} "
+                    f"rt_sub={_REALTIME.is_subscribed if _REALTIME else 'N/A'} "
+                    f"loop_running={_MAIN_LOOP.is_running() if _MAIN_LOOP else False}"
+                )
+
             if in_wait:
                 # Actually in meshcode_wait right now — listening for messages
                 if cur_state != "waiting":
@@ -1206,26 +1296,29 @@ def _heartbeat_loop_inner():
             try:
                 be.set_status(_PROJECT_ID, AGENT_NAME, _current_state, _current_tool, api_key=_get_api_key())
             except Exception as e:
-                log.debug(f"status sync failed: {e}")
+                log.warning(f"status sync failed (agent may show stale status): {e}")
             # Realtime subscription recovery: if the WebSocket is connected but
             # the channel subscription dropped (e.g. Supabase maintenance), or
             # the WebSocket itself disconnected, trigger a restart so agents
             # don't stay stuck in slow DB polling for the entire session.
+            #
+            # Use _MAIN_LOOP (captured at lifespan start) instead of
+            # asyncio.get_event_loop() — on Windows the latter returns a new,
+            # non-running loop inside daemon threads, silently preventing
+            # Realtime restarts.
             if _REALTIME:
                 if not _REALTIME.is_connected:
                     log.warning("heartbeat ok (HTTP) but WebSocket disconnected — scheduling Realtime restart")
                     try:
-                        loop = asyncio.get_event_loop()
-                        if loop.is_running():
-                            asyncio.run_coroutine_threadsafe(_REALTIME.restart(), loop)
+                        if _MAIN_LOOP and _MAIN_LOOP.is_running():
+                            asyncio.run_coroutine_threadsafe(_REALTIME.restart(), _MAIN_LOOP)
                     except Exception as e:
                         log.debug(f"Realtime restart scheduling failed: {e}")
                 elif not _REALTIME.is_subscribed:
                     log.warning("WebSocket connected but subscription lost — scheduling Realtime restart")
                     try:
-                        loop = asyncio.get_event_loop()
-                        if loop.is_running():
-                            asyncio.run_coroutine_threadsafe(_REALTIME.restart(), loop)
+                        if _MAIN_LOOP and _MAIN_LOOP.is_running():
+                            asyncio.run_coroutine_threadsafe(_REALTIME.restart(), _MAIN_LOOP)
                     except Exception as e:
                         log.debug(f"Realtime restart scheduling failed: {e}")
                 else:
@@ -1258,7 +1351,17 @@ def _heartbeat_loop_inner():
 @asynccontextmanager
 async def lifespan(_app):
     """Start the Realtime listener when the MCP server boots; stop on shutdown."""
-    global _REALTIME
+    global _REALTIME, _MAIN_LOOP
+    _MAIN_LOOP = asyncio.get_running_loop()
+
+    import platform as _pl
+    if _pl.system() == "Windows":
+        log.info(
+            f"[WIN-DEBUG] lifespan start — loop={type(_MAIN_LOOP).__name__} "
+            f"policy={type(asyncio.get_event_loop_policy()).__name__} "
+            f"agent={AGENT_NAME}"
+        )
+
     _REALTIME = RealtimeListener(
         supabase_url=be.SUPABASE_URL,
         supabase_key=be.SUPABASE_KEY,
@@ -1914,7 +2017,6 @@ async def _meshcode_wait_inner(actual_timeout: int, include_acks: bool) -> Dict[
         _mark_realtime_msgs_read_in_db(deduped)
         out: Dict[str, Any] = {
             "got_message": True,
-            "source": "realtime",
             **split,
         }
         done = _detect_global_done(deduped)
@@ -1971,7 +2073,7 @@ async def _meshcode_wait_inner(actual_timeout: int, include_acks: bool) -> Dict[
                                 if not include_acks:
                                     split["acks"] = []
                                 if split["messages"] or split["done_signals"]:
-                                    return {"got_message": True, "source": "db_poll_fallback", **split}
+                                    return {"got_message": True, **split}
             except Exception as e:
                 log.debug(f"DB poll fallback error: {e}")
 
@@ -1995,7 +2097,7 @@ async def _meshcode_wait_inner(actual_timeout: int, include_acks: bool) -> Dict[
                         if not include_acks:
                             split["acks"] = []
                         if split["messages"] or split["done_signals"]:
-                            return {"got_message": True, "source": "db_fallback", **split}
+                            return {"got_message": True, **split}
     except Exception as e:
         log.debug(f"final DB fallback error: {e}")
 
@@ -2081,10 +2183,6 @@ def meshcode_check(include_acks: bool = False, since: Optional[str] = None) -> D
         split["acks"] = []
     result = {
         "pending": pending if not effective_since else len(split.get("messages", [])),
-        "agent": AGENT_NAME,
-        "project": PROJECT_NAME,
-        "realtime_connected": _REALTIME.is_connected if _REALTIME else False,
-        "realtime_subscribed": _REALTIME.is_subscribed if _REALTIME else False,
         **split,
     }
     # Auto-inject pending tasks
@@ -2100,7 +2198,6 @@ def meshcode_status() -> Dict[str, Any]:
     """List all agents with status, role, and current task."""
     agents = be.get_board(_PROJECT_ID)
     return {
-        "project": PROJECT_NAME,
         "agents": [
             {
                 "name": a["name"],
@@ -2871,7 +2968,7 @@ def meshcode_recall(key: Optional[str] = None) -> Dict[str, Any]:
             if isinstance(reference, dict) and reference.get("ok"):
                 ref_keys = [m.get("key") for m in reference.get("memories", [])]
             critical["reference_keys"] = ref_keys
-            critical["tip"] = "Use meshcode_recall_search(query) to search episodic memories."
+            # tip removed — already in system prompt, saves ~20 tokens per call
         return critical
 
 
@@ -2931,6 +3028,25 @@ def meshcode_recall_search(query: str) -> Dict[str, Any]:
     })
 
 
+# ----------------- BUG REPORTING -----------------
+
+@mcp.tool()
+@with_working_status
+def meshcode_report_bug(description: str) -> Dict[str, Any]:
+    """Report a bug from within the mesh. Visible in admin panel.
+
+    Args:
+        description: What went wrong — include steps to reproduce if possible.
+    """
+    api_key = _get_api_key()
+    return be.sb_rpc("mc_report_bug", {
+        "p_api_key": api_key,
+        "p_description": description,
+        "p_meshwork_name": PROJECT_NAME,
+        "p_agent_name": AGENT_NAME,
+    })
+
+
 # ----------------- HEALTH CHECK -----------------
 
 @mcp.tool()
@@ -2938,8 +3054,6 @@ def meshcode_health() -> Dict[str, Any]:
     """Check MCP server health: DB connectivity, Realtime status, circuit breaker state, uptime."""
     import time as _t
     health: Dict[str, Any] = {
-        "agent": AGENT_NAME,
-        "project": PROJECT_NAME,
         "instance_id": _INSTANCE_ID,
         "sdk_version": _SDK_VERSION,
     }

{meshcode-2.10.41 → meshcode-2.10.43}/meshcode/preferences.py

@@ -44,17 +44,34 @@ def load_prefs() -> Dict[str, Any]:
         return {}
 
 
+def _restrict_file_permissions(path: "Path") -> None:
+    """Restrict file to owner-only access on all platforms."""
+    try:
+        if sys.platform == "win32":
+            import subprocess
+            # icacls: remove inherited ACLs, grant only current user Full Control
+            username = os.environ.get("USERNAME", os.environ.get("USER", ""))
+            if username:
+                subprocess.run(
+                    ["icacls", str(path), "/inheritance:r",
+                     "/grant:r", f"{username}:(F)"],
+                    capture_output=True, timeout=5,
+                )
+        else:
+            os.chmod(path, 0o600)
+    except Exception:
+        pass
+
+
 def save_prefs(prefs: Dict[str, Any]) -> bool:
-    """Atomic write of the prefs file with mode 600."""
+    """Atomic write of the prefs file with restricted permissions."""
     try:
         PREFS_PATH.parent.mkdir(parents=True, exist_ok=True)
         tmp = PREFS_PATH.with_suffix(".tmp")
         tmp.write_text(json.dumps(prefs, indent=2))
-        try:
-            os.chmod(tmp, 0o600)
-        except Exception:
-            pass
+        _restrict_file_permissions(tmp)
         tmp.replace(PREFS_PATH)
+        _restrict_file_permissions(PREFS_PATH)
         return True
     except Exception as e:
         print(f"[meshcode] WARNING: could not save prefs: {e}", file=sys.stderr)

{meshcode-2.10.41 → meshcode-2.10.43}/meshcode/run_agent.py

@@ -351,21 +351,65 @@ def _list_local_projects_for_agent(agent: str) -> list:
     return out
 
 
+def _claude_supports_bypass(editor_cmd: str) -> bool:
+    """Check if the Claude Code binary supports --dangerously-skip-permissions.
+
+    Runs ``claude --help`` and looks for the flag. Returns False on any
+    error (timeout, not found, old version) so the caller can degrade
+    gracefully instead of crashing.
+
+    On Windows, .cmd/.bat wrappers need shell=True to execute correctly —
+    without it the subprocess silently fails and bypass never activates.
+    """
+    try:
+        use_shell = sys.platform == "win32" and editor_cmd.lower().endswith((".cmd", ".bat"))
+        print(f"[meshcode] bypass-detect: checking '{editor_cmd}' (shell={use_shell})", file=sys.stderr)
+        r = subprocess.run(
+            [editor_cmd, "--help"],
+            capture_output=True, text=True, timeout=10,
+            shell=use_shell,
+        )
+        found = "--dangerously-skip-permissions" in r.stdout
+        if found:
+            print(f"[meshcode] bypass-detect: ✓ flag found — bypass mode available", file=sys.stderr)
+        else:
+            stdout_len = len(r.stdout)
+            stderr_preview = (r.stderr or "")[:200]
+            print(f"[meshcode] bypass-detect: ✗ flag NOT found in --help output ({stdout_len} chars, exit={r.returncode})", file=sys.stderr)
+            if stderr_preview:
+                print(f"[meshcode] bypass-detect: stderr: {stderr_preview}", file=sys.stderr)
+        return found
+    except subprocess.TimeoutExpired:
+        print(f"[meshcode] bypass-detect: ✗ '{editor_cmd} --help' timed out after 10s", file=sys.stderr)
+        return False
+    except FileNotFoundError:
+        print(f"[meshcode] bypass-detect: ✗ '{editor_cmd}' not found in PATH", file=sys.stderr)
+        return False
+    except Exception as e:
+        print(f"[meshcode] bypass-detect: ✗ unexpected error: {e}", file=sys.stderr)
+        return False
+
+
 def _detect_editor() -> Optional[str]:
     """Pick the user's preferred MCP-aware editor."""
     override = os.environ.get("MESHCODE_EDITOR", "").strip().lower()
     if override:
-        if shutil.which(override):
-            return override
+        resolved = shutil.which(override)
+        if resolved:
+            # On Windows, return resolved path to preserve .cmd/.bat extension
+            return resolved if sys.platform == "win32" else override
         print(f"[meshcode] WARNING: MESHCODE_EDITOR='{override}' not found in PATH", file=sys.stderr)
 
     # Detection order: most likely to be installed + best per-workspace MCP
     # support first. codex is last because its MCP config is GLOBAL only —
     # launching it doesn't take a workspace-scoped .mcp.json, so it should
     # only be picked if nothing else is available.
+    # On Windows, return the fully-resolved path so .cmd/.bat extension is
+    # preserved — needed for shell=True detection in bypass and launch paths.
     for cmd in ("claude", "cursor", "code", "windsurf", "codex"):
-        if shutil.which(cmd):
-            return cmd
+        resolved = shutil.which(cmd)
+        if resolved:
+            return resolved if sys.platform == "win32" else cmd
 
     # Windows fallback: check common install locations not in PATH
     if sys.platform == "win32":
@@ -397,6 +441,77 @@ def _detect_editor() -> Optional[str]:
     return None
 
 
+def _preflight_heartbeat(agent: str, project: str) -> None:
+    """Send a heartbeat + set status before the editor launches.
+
+    On Windows without bypass mode, Claude Code may delay spawning the
+    MCP server until the user approves the first tool call. During that
+    gap the agent shows as 'offline' in the dashboard. This direct RPC
+    call ensures the agent appears online immediately.
+
+    Best-effort: any failure is logged and swallowed — it must never
+    block or crash the launch.
+    """
+    try:
+        from .setup_clients import _load_supabase_env
+        import importlib
+        secrets_mod = importlib.import_module("meshcode.secrets")
+        from urllib.request import Request, urlopen
+
+        profile = os.environ.get("MESHCODE_KEYCHAIN_PROFILE") or "default"
+        api_key = secrets_mod.get_api_key(profile=profile)
+        if not api_key:
+            return
+
+        sb = _load_supabase_env()
+        headers = {
+            "apikey": sb["SUPABASE_KEY"],
+            "Authorization": f"Bearer {sb['SUPABASE_KEY']}",
+            "Content-Type": "application/json",
+            "Content-Profile": "meshcode",
+        }
+
+        # Resolve project_id
+        resolve_body = json.dumps({"p_api_key": api_key, "p_project_name": project})
+        req = Request(
+            f"{sb['SUPABASE_URL']}/rest/v1/rpc/mc_resolve_project",
+            data=resolve_body.encode(), method="POST", headers=headers,
+        )
+        with urlopen(req, timeout=5) as resp:
+            proj_data = json.loads(resp.read().decode())
+        project_id = proj_data.get("project_id") if proj_data else None
+        if not project_id:
+            return
+
+        # Send heartbeat
+        hb_body = json.dumps({"p_project_id": project_id, "p_agent_name": agent})
+        hb_req = Request(
+            f"{sb['SUPABASE_URL']}/rest/v1/rpc/mc_heartbeat",
+            data=hb_body.encode(), method="POST", headers=headers,
+        )
+        with urlopen(hb_req, timeout=5) as resp:
+            resp.read()
+
+        # Set status to 'online'
+        status_body = json.dumps({
+            "p_api_key": api_key,
+            "p_project_id": project_id,
+            "p_agent_name": agent,
+            "p_status": "online",
+            "p_task": "launching editor",
+        })
+        status_req = Request(
+            f"{sb['SUPABASE_URL']}/rest/v1/rpc/mc_agent_set_status_by_api_key",
+            data=status_body.encode(), method="POST", headers=headers,
+        )
+        with urlopen(status_req, timeout=5) as resp:
+            resp.read()
+
+        print(f"[meshcode]   Pre-flight heartbeat sent — agent visible in dashboard")
+    except Exception as e:
+        print(f"[meshcode]   Pre-flight heartbeat skipped: {e}", file=sys.stderr)
+
+
 def run(agent: str, project: Optional[str] = None, editor_override: Optional[str] = None, permission_override: Optional[str] = None) -> int:
     """Launch the user's editor with ONLY the named agent's MCP server loaded."""
     # Non-blocking self-update check (consumes prior result, may spawn bg pip)
@@ -509,7 +624,22 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
     # ── Welcome banner with unique ASCII art + personality ──────────
     try:
         from .ascii_art import generate_art, render_welcome
-        from . import __version__ as cli_version
+        cli_version = ""
+        try:
+            from . import __version__ as cli_version
+        except ImportError:
+            try:
+                from meshcode import __version__ as cli_version
+            except ImportError:
+                # Last resort: read __version__ directly from __init__.py
+                try:
+                    _init_path = Path(__file__).resolve().parent / "__init__.py"
+                    for _line in _init_path.read_text(encoding="utf-8").splitlines():
+                        if _line.startswith("__version__"):
+                            cli_version = _line.split("=", 1)[1].strip().strip('"').strip("'")
+                            break
+                except Exception:
+                    pass
         ascii_art, agent_role, profile_color = _fetch_or_generate_art(agent, resolved_project)
         _leader_haystack = (agent + ' ' + agent_role).lower()
         _LEADER_KW = ('commander', 'lead', 'orchestrat', 'coordinator', 'coordinat',
@@ -521,9 +651,11 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
             agent, resolved_project, ascii_art, cli_version,
             is_commander=is_cmd, role=agent_role, stats=agent_stats,
             profile_color=profile_color,
-        ))
-    except Exception:
-        pass  # Non-critical — skip banner on error
+        ), file=sys.stderr, flush=True)
+    except Exception as _banner_err:
+        import traceback as _tb
+        print(f"[meshcode] WARN: banner failed: {_banner_err}", file=sys.stderr)
+        _tb.print_exc(file=sys.stderr)
 
     print(f"[meshcode] Launching {editor} for agent '{agent}' (project: {resolved_project})")
     print(f"[meshcode]   Workspace: {ws}")
@@ -545,10 +677,17 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
         # MCP" bucket and survive ESC. Verified with a minimal FastMCP
         # repro side-by-side: Built-in dies, Local survives, same SDK code.
         mode = resolve_permission_mode(permission_override)
+        print(f"[meshcode]   Editor resolved: {editor}", file=sys.stderr)
+        print(f"[meshcode]   Permission mode resolved: {mode}", file=sys.stderr)
         cmd = [editor]
         if mode == "bypass":
-            cmd.append("--dangerously-skip-permissions")
-            print(f"[meshcode]   Permission mode: bypass (autonomous loop, no prompts)")
+            if _claude_supports_bypass(editor):
+                cmd.append("--dangerously-skip-permissions")
+                print(f"[meshcode]   Permission mode: bypass (autonomous loop, no prompts)")
+            else:
+                print(f"[meshcode]   Permission mode: bypass requested but --dangerously-skip-permissions")
+                print(f"[meshcode]   not supported by this Claude Code version. Agent will prompt for tools.")
+                print(f"[meshcode]   Upgrade Claude Code: npm install -g @anthropic-ai/claude-code@latest")
         else:
             print(f"[meshcode]   Permission mode: safe (Claude will prompt for every tool call)")
             print(f"[meshcode]   Tip: change with `meshcode prefs permission-mode bypass`")
@@ -557,10 +696,12 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
         # messages, claim tasks, greet peers) without waiting for user input.
         # Uses -- to separate options from the positional prompt argument.
         cmd.extend(["--", "boot"])
+        if not os.path.isdir(ws):
+            print(f"[meshcode] WARNING: workspace dir does not exist: {ws}", file=sys.stderr)
         try:
             os.chdir(ws)
-        except Exception:
-            pass
+        except Exception as e:
+            print(f"[meshcode] WARNING: chdir to workspace failed: {e}", file=sys.stderr)
     elif editor == "cursor":
         # Cursor reads .cursor/mcp.json from the workspace cwd.
         cmd = [editor, str(ws)]
@@ -575,10 +716,12 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
         # Codex CLI reads ~/.codex/config.toml globally. There's no per-
         # workspace flag, so launching is just `codex` with cwd set to the
         # workspace dir so any file ops the agent does land there.
+        if not os.path.isdir(ws):
+            print(f"[meshcode] WARNING: workspace dir does not exist: {ws}", file=sys.stderr)
         try:
             os.chdir(ws)
-        except Exception:
-            pass
+        except Exception as e:
+            print(f"[meshcode] WARNING: chdir to workspace failed: {e}", file=sys.stderr)
         cmd = [editor]
     else:
         cmd = [editor, str(ws)]
@@ -598,11 +741,39 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
         except OSError:
             pass  # No devnull (unlikely) — let the editor handle it
 
+    # Pre-flight heartbeat: mark the agent as online BEFORE the editor
+    # subprocess spawns. On Windows without bypass mode, Claude Code may
+    # delay starting the MCP server until the user interacts — leaving the
+    # agent stuck as 'offline' in the dashboard. This direct RPC call
+    # ensures immediate visibility regardless of MCP spawn timing.
+    _preflight_heartbeat(agent, resolved_project)
+
+    # Flush all output before exec replaces this process — execvp does NOT
+    # flush Python file buffers, so any buffered stdout (e.g. the banner)
+    # would be silently lost.
+    sys.stdout.flush()
+    sys.stderr.flush()
+
+    # Effective cwd for the editor — log it for debugging (especially
+    # Windows where shell=True + os.chdir may not propagate).
+    effective_cwd = os.getcwd()
+    print(f"[meshcode]   Effective cwd: {effective_cwd}")
+
     try:
         if sys.platform == "win32":
-            # Windows: no execvp, use subprocess and wait
+            # Windows: no execvp, use subprocess and wait.
+            # .cmd/.bat files need shell=True for proper argument passing —
+            # without it, flags like --dangerously-skip-permissions can be
+            # mangled by Windows' CreateProcess argument splitting.
+            # Explicit cwd=str(ws) ensures the child process starts in the
+            # workspace even if os.chdir() didn't stick (shell=True can
+            # reset cwd via cmd.exe).
             import subprocess as _sp
-            result = _sp.run(cmd)
+            use_shell = cmd[0].lower().endswith((".cmd", ".bat"))
+            if use_shell:
+                print(f"[meshcode]   (Windows: launching via shell for .cmd wrapper)")
+            launch_cwd = str(ws) if os.path.isdir(ws) else None
+            result = _sp.run(cmd, shell=use_shell, cwd=launch_cwd)
             sys.exit(result.returncode)
         else:
             # Unix: replace this process with the editor

{meshcode-2.10.41 → meshcode-2.10.43}/meshcode/secrets.py

@@ -47,6 +47,33 @@ DEFAULT_PROFILE = "default"
 LEGACY_CREDS_FILE = Path.home() / ".meshcode" / "credentials.json"
 
 
+# ============================================================
+# File permission helpers
+# ============================================================
+
+
+def _restrict_perms(path: "Path") -> None:
+    """Restrict file to owner-only access on all platforms.
+
+    On Windows, os.chmod(0o600) is a no-op — must use icacls to remove
+    inherited ACLs and grant only the current user Full Control.
+    """
+    try:
+        if sys.platform == "win32":
+            import subprocess
+            username = os.environ.get("USERNAME", os.environ.get("USER", ""))
+            if username:
+                subprocess.run(
+                    ["icacls", str(path), "/inheritance:r",
+                     "/grant:r", f"{username}:(F)"],
+                    capture_output=True, timeout=5,
+                )
+        else:
+            os.chmod(path, 0o600)
+    except Exception:
+        pass
+
+
 # ============================================================
 # Keyring backend probe
 # ============================================================
@@ -129,10 +156,7 @@ def _save_index(idx: Dict[str, Any]) -> None:
     PROFILE_INDEX.parent.mkdir(parents=True, exist_ok=True)
     tmp = PROFILE_INDEX.with_suffix(".tmp")
     tmp.write_text(json.dumps(idx, indent=2), encoding="utf-8")
-    try:
-        os.chmod(tmp, 0o600)
-    except Exception:
-        pass
+    _restrict_perms(tmp)
     tmp.replace(PROFILE_INDEX)
 
 
@@ -182,10 +206,7 @@ def set_api_key(api_key: str, profile: str = DEFAULT_PROFILE,
     fallback_path = Path.home() / ".meshcode" / f"credentials.{profile}.json"
     fallback_path.parent.mkdir(parents=True, exist_ok=True)
     fallback_path.write_text(json.dumps({"api_key": api_key, **(meta or {})}, indent=2), encoding="utf-8")
-    try:
-        os.chmod(fallback_path, 0o600)
-    except Exception:
-        pass
+    _restrict_perms(fallback_path)
     _index_set(profile, {"backend": "file-fallback", **(meta or {})})
     return True
 

{meshcode-2.10.41 → meshcode-2.10.43}/meshcode/setup_clients.py

@@ -204,11 +204,31 @@ def _build_server_block(project: str, project_id: str, agent: str, role: str,
     }
 
 
+def _restrict_perms(path: Path) -> None:
+    """Restrict file to owner-only access (Windows-aware)."""
+    try:
+        if sys.platform == "win32":
+            import subprocess
+            username = os.environ.get("USERNAME", os.environ.get("USER", ""))
+            if username:
+                subprocess.run(
+                    ["icacls", str(path), "/inheritance:r",
+                     "/grant:r", f"{username}:(F)"],
+                    capture_output=True, timeout=5,
+                )
+        else:
+            os.chmod(path, 0o600)
+    except Exception:
+        pass
+
+
 def _atomic_write_json(path: Path, data: dict) -> None:
     path.parent.mkdir(parents=True, exist_ok=True)
     tmp = path.with_suffix(path.suffix + ".tmp")
     tmp.write_text(json.dumps(data, indent=2), encoding="utf-8")
+    _restrict_perms(tmp)
     tmp.replace(path)
+    _restrict_perms(path)
 
 
 def _toml_escape(s: str) -> str:

{meshcode-2.10.41 → meshcode-2.10.43}/meshcode.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 2.10.41
+Version: 2.10.43
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT

{meshcode-2.10.41 → meshcode-2.10.43}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "meshcode"
-version = "2.10.41"
+version = "2.10.43"
 description = "Real-time communication between AI agents — Supabase-backed CLI"
 readme = "README.md"
 license = {text = "MIT"}