meshcode 2.10.43__tar.gz → 2.10.45__tar.gz

{meshcode-2.10.43 → meshcode-2.10.45}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 2.10.43
+Version: 2.10.45
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT

{meshcode-2.10.43 → meshcode-2.10.45}/meshcode/__init__.py

@@ -1,2 +1,2 @@
 """MeshCode — Real-time communication between AI agents."""
-__version__ = "2.10.43"
+__version__ = "2.10.45"

{meshcode-2.10.43 → meshcode-2.10.45}/meshcode/comms_v4.py

@@ -315,10 +315,14 @@ def mark_nudged(project, name):
 
 
 def _sanitize_notification_text(text: str) -> str:
-    """Strip characters that could escape shell/PS quoting contexts."""
-    # Remove quotes, backticks, dollar signs, semicolons, pipes, and backslashes
-    # to prevent injection in osascript, PowerShell, and notify-send.
-    return "".join(c for c in text if c not in '"\'`$;|\\<>(){}')
+    """Whitelist-sanitize text for safe use in shell notification commands.
+
+    Only allows alphanumeric, spaces, and safe punctuation. This is a
+    whitelist (not blocklist) to prevent injection in osascript, PowerShell,
+    and notify-send even if new shell metacharacters are discovered.
+    """
+    import re
+    return re.sub(r'[^a-zA-Z0-9 _\-.,!?:@#/\u00c0-\u024f\u2190-\u21ff]', '', text)[:200]
 
 
 def send_notification(project, name, from_agent, pending=1):
@@ -332,19 +336,20 @@ def send_notification(project, name, from_agent, pending=1):
                 f'display notification "{body}" with title "{title}" sound name "Ping"'],
                 capture_output=True, timeout=3)
         elif sys.platform == "win32":
-            # PowerShell: use single-quoted strings (no variable expansion)
-            # and pass title/body via -replace to avoid any interpolation
+            # PowerShell: read title/body from environment variables instead of
+            # interpolating into the script string — prevents PS injection.
             ps_script = (
                 '[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null; '
                 '$xml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent(0); '
                 '$text = $xml.GetElementsByTagName("text"); '
-                f"$text[0].AppendChild($xml.CreateTextNode('{title}')); "
-                f"$text[1].AppendChild($xml.CreateTextNode('{body}')); "
+                '$text[0].AppendChild($xml.CreateTextNode($env:MC_NOTIFY_TITLE)); '
+                '$text[1].AppendChild($xml.CreateTextNode($env:MC_NOTIFY_BODY)); '
                 '$toast = [Windows.UI.Notifications.ToastNotification]::new($xml); '
                 '[Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier("MeshCode").Show($toast)'
             )
+            env = {**os.environ, "MC_NOTIFY_TITLE": title, "MC_NOTIFY_BODY": body}
             subprocess.run(['powershell', '-NoProfile', '-Command', ps_script],
-                capture_output=True, timeout=5)
+                capture_output=True, timeout=5, env=env)
         else:
             # Linux: notify-send takes title and body as separate args (no shell)
             subprocess.run(['notify-send', title, body], capture_output=True, timeout=3)
@@ -2735,12 +2740,35 @@ if __name__ == "__main__":
                 cur = get_permission_mode()
                 print(f"permission_mode: {cur or '(unset — will prompt on next run)'}")
                 sys.exit(0)
+        elif sub == "claude-version":
+            from meshcode.preferences import load_prefs, save_prefs
+            if len(sys.argv) > 3:
+                ver = sys.argv[3].strip()
+                if ver in ("reset", "unpin", "latest"):
+                    prefs = load_prefs()
+                    prefs.pop("claude_version", None)
+                    save_prefs(prefs)
+                    print("[meshcode] Claude Code version pin removed — will use installed version")
+                else:
+                    prefs = load_prefs()
+                    prefs["claude_version"] = ver
+                    save_prefs(prefs)
+                    print(f"[meshcode] Claude Code version pinned to: {ver}")
+                    print(f"[meshcode] meshcode run will use npx @anthropic-ai/claude-code@{ver}")
+                sys.exit(0)
+            else:
+                from meshcode.preferences import load_prefs
+                cur = load_prefs().get("claude_version")
+                print(f"claude_version: {cur or '(not pinned — using installed version)'}")
+                sys.exit(0)
         elif sub == "reset":
             reset_permission_mode()
             print("[meshcode] preferences reset")
             sys.exit(0)
         else:
             print("Usage: meshcode prefs permission-mode [bypass|safe|ask]")
+            print("       meshcode prefs claude-version [version|reset]")
+            print("       meshcode prefs auto-update [on|off|reset]")
             print("       meshcode prefs reset")
             sys.exit(1)
 

{meshcode-2.10.43 → meshcode-2.10.45}/meshcode/meshcode_mcp/server.py

@@ -174,10 +174,12 @@ def _try_auto_wake(from_agent: str, preview: str) -> None:
     system = platform.system()
     try:
         if system == "Darwin":
-            # Use xdotool-style approach: pass nudge as argument, not interpolated script
+            # Sanitize app_name — TERM_PROGRAM is an env var, not DB-sourced,
+            # but defense-in-depth: only allow known terminal app names.
             parent_app = os.environ.get("TERM_PROGRAM", "Terminal")
             app_name = "iTerm" if "iTerm" in parent_app else "Terminal"
-            # Escape for AppleScript string: replace backslash and double-quote
+            # Escape for AppleScript string: replace backslash and double-quote.
+            # nudge is already whitelist-sanitized (alphanum + _-.,!? space only).
             as_safe = nudge.replace("\\", "\\\\").replace('"', '\\"')
             script = f'''
             tell application "{app_name}"
@@ -191,16 +193,16 @@ def _try_auto_wake(from_agent: str, preview: str) -> None:
                              stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
             log.info(f"auto-wake: injected nudge via {app_name} AppleScript")
         elif system == "Windows":
-            # Sanitize for SendKeys: strip braces and special SendKeys metacharacters
-            sk_safe = nudge.replace("{", "").replace("}", "").replace("+", "").replace("^", "").replace("%", "").replace("~", "")
-            ps_script = f'''
+            # Pass nudge text via environment variable instead of interpolating
+            # into a PowerShell string — prevents any PS injection.
+            ps_script = '''
             Add-Type -AssemblyName System.Windows.Forms
-            [System.Windows.Forms.SendKeys]::SendWait("{sk_safe}{{ENTER}}")
+            [System.Windows.Forms.SendKeys]::SendWait($env:MC_NUDGE_TEXT + "{ENTER}")
             '''
-            # Use subprocess.run with timeout to prevent orphaned PowerShell processes
+            env = {**os.environ, "MC_NUDGE_TEXT": nudge}
             subprocess.run(["powershell", "-NoProfile", "-Command", ps_script],
                            stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL,
-                           timeout=10)
+                           timeout=10, env=env)
             log.info("auto-wake: injected nudge via PowerShell SendKeys")
         else:
             # Linux — xdotool takes args directly, not shell-interpolated (safe)

{meshcode-2.10.43 → meshcode-2.10.45}/meshcode/run_agent.py

@@ -351,6 +351,106 @@ def _list_local_projects_for_agent(agent: str) -> list:
     return out
 
 
+STABLE_CLAUDE_VERSION = "2.1.104"  # Known-good version: ESC does NOT kill MCP
+
+
+def _get_claude_version(editor_cmd: str) -> Optional[str]:
+    """Get the installed Claude Code version. Returns None on failure."""
+    try:
+        use_shell = sys.platform == "win32" and editor_cmd.lower().endswith((".cmd", ".bat"))
+        r = subprocess.run(
+            [editor_cmd, "--version"],
+            capture_output=True, text=True, timeout=10,
+            shell=use_shell,
+        )
+        # Output is typically just the version string, e.g. "2.1.104"
+        version = r.stdout.strip().split('\n')[0].strip()
+        if version:
+            return version
+    except Exception:
+        pass
+    return None
+
+
+def _fetch_global_claude_version() -> Optional[str]:
+    """Fetch the admin-pinned Claude Code version from mc_global_config.
+
+    Uses the user's API key to authenticate the RPC call. Returns None
+    on any failure (no network, no key, etc.) — caller falls back to
+    local preferences or installed version.
+    """
+    try:
+        from .secrets import get_api_key
+        api_key = get_api_key()
+        if not api_key:
+            return None
+        from .setup_clients import _load_supabase_env
+        env = _load_supabase_env()
+        url = env.get("SUPABASE_URL", "")
+        anon_key = env.get("SUPABASE_KEY", "")
+        if not url or not anon_key:
+            return None
+        from urllib.request import Request, urlopen
+        import json as _json
+        req = Request(
+            f"{url}/rest/v1/rpc/mc_get_global_config_by_key",
+            data=_json.dumps({"p_api_key": api_key, "p_config_key": "claude_version"}).encode(),
+            headers={
+                "Content-Type": "application/json",
+                "apikey": anon_key,
+                "Authorization": f"Bearer {anon_key}",
+            },
+        )
+        with urlopen(req, timeout=5) as resp:
+            raw = _json.loads(resp.read())
+            # RPC returns the JSONB value directly — could be a string or object
+            if isinstance(raw, str) and raw not in ("latest", ""):
+                return raw
+    except Exception:
+        pass
+    return None
+
+
+def _resolve_pinned_claude(editor_cmd: str) -> str:
+    """Check if a specific Claude Code version is pinned and resolve the command.
+
+    Version pin sources (first wins):
+      1. MESHCODE_CLAUDE_VERSION env var (per-launch override)
+      2. mc_global_config 'claude_version' from DB (admin-controlled)
+      3. claude_version in ~/.meshcode/preferences.json (local fallback)
+      4. No pin — use whatever is installed
+
+    If a pin is set and the installed version doesn't match, uses npx to
+    run the exact pinned version.
+    """
+    from .preferences import load_prefs
+
+    pinned = os.environ.get("MESHCODE_CLAUDE_VERSION", "").strip()
+    if not pinned:
+        # Check global admin config from DB
+        global_ver = _fetch_global_claude_version()
+        if global_ver:
+            pinned = global_ver
+            print(f"[meshcode] Global admin pin: Claude Code v{pinned}", file=sys.stderr)
+    if not pinned:
+        pinned = load_prefs().get("claude_version", "")
+    if not pinned:
+        return editor_cmd  # No pin — use installed version
+
+    current = _get_claude_version(editor_cmd)
+    if current == pinned:
+        print(f"[meshcode] Claude Code version {current} matches pin ✓", file=sys.stderr)
+        return editor_cmd
+
+    print(f"[meshcode] Version pin: {pinned} (installed: {current or 'unknown'})", file=sys.stderr)
+    print(f"[meshcode] Using npx to run pinned version...", file=sys.stderr)
+
+    # Use npx to run the exact pinned version. npx will download it if needed.
+    # We set an env var so the launch path knows to prepend npx args.
+    os.environ["_MESHCODE_NPX_CLAUDE_VERSION"] = pinned
+    return editor_cmd  # Still return the editor — launch path handles npx
+
+
 def _claude_supports_bypass(editor_cmd: str) -> bool:
     """Check if the Claude Code binary supports --dangerously-skip-permissions.
 
@@ -663,10 +763,14 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
     print(f"[meshcode]   Closing the editor will flip this agent offline.")
     print()
 
+    # On Windows, editor is the fully-resolved path (e.g. 'c:\...\claude.cmd')
+    # so we compare against the stem (filename without extension).
+    editor_stem = Path(editor).stem.lower() if sys.platform == "win32" else editor
+
     # Set editor type so MCP server can report it to the dashboard
-    os.environ["MESHCODE_EDITOR_TYPE"] = editor
+    os.environ["MESHCODE_EDITOR_TYPE"] = editor_stem
 
-    if editor == "claude":
+    if editor_stem == "claude":
         # Claude Code: run from inside the workspace and let Claude Code
         # auto-discover .mcp.json as a PROJECT-scoped MCP. We used to pass
         # --mcp-config + --strict-mcp-config here, but that categorises the
@@ -676,12 +780,24 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
         # scoped MCPs (loaded from ./.mcp.json at cwd) live in the "Local
         # MCP" bucket and survive ESC. Verified with a minimal FastMCP
         # repro side-by-side: Built-in dies, Local survives, same SDK code.
+        # Check for version pin before building launch command
+        effective_editor = _resolve_pinned_claude(editor)
+        pinned_version = os.environ.get("_MESHCODE_NPX_CLAUDE_VERSION", "")
+
         mode = resolve_permission_mode(permission_override)
         print(f"[meshcode]   Editor resolved: {editor}", file=sys.stderr)
         print(f"[meshcode]   Permission mode resolved: {mode}", file=sys.stderr)
-        cmd = [editor]
+
+        if pinned_version:
+            # Use npx to run the exact pinned version
+            cmd = ["npx", f"@anthropic-ai/claude-code@{pinned_version}"]
+            print(f"[meshcode]   Using pinned version via npx: {pinned_version}")
+        else:
+            cmd = [effective_editor]
+
         if mode == "bypass":
-            if _claude_supports_bypass(editor):
+            bypass_check_cmd = effective_editor if not pinned_version else "claude"
+            if pinned_version or _claude_supports_bypass(bypass_check_cmd):
                 cmd.append("--dangerously-skip-permissions")
                 print(f"[meshcode]   Permission mode: bypass (autonomous loop, no prompts)")
             else:
@@ -702,17 +818,17 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
             os.chdir(ws)
         except Exception as e:
             print(f"[meshcode] WARNING: chdir to workspace failed: {e}", file=sys.stderr)
-    elif editor == "cursor":
+    elif editor_stem == "cursor":
         # Cursor reads .cursor/mcp.json from the workspace cwd.
         cmd = [editor, str(ws)]
-    elif editor == "code":
+    elif editor_stem == "code":
         # VS Code (Cline reads .vscode/mcp.json from workspace cwd).
         cmd = [editor, str(ws)]
-    elif editor == "windsurf":
+    elif editor_stem == "windsurf":
         # Windsurf (Codeium fork of VS Code) — reads workspace cwd the same
         # way VS Code does; global MCP config at ~/.codeium/windsurf/mcp_config.json.
         cmd = [editor, str(ws)]
-    elif editor == "codex":
+    elif editor_stem == "codex":
         # Codex CLI reads ~/.codex/config.toml globally. There's no per-
         # workspace flag, so launching is just `codex` with cwd set to the
         # workspace dir so any file ops the agent does land there.
@@ -769,7 +885,14 @@ def run(agent: str, project: Optional[str] = None, editor_override: Optional[str
             # workspace even if os.chdir() didn't stick (shell=True can
             # reset cwd via cmd.exe).
             import subprocess as _sp
-            use_shell = cmd[0].lower().endswith((".cmd", ".bat"))
+            # .cmd/.bat files need shell=True. Also check if the resolved
+            # path of cmd[0] is a .cmd (e.g., "npx" resolves to "npx.cmd").
+            cmd0 = cmd[0].lower()
+            use_shell = cmd0.endswith((".cmd", ".bat"))
+            if not use_shell:
+                resolved_cmd0 = shutil.which(cmd[0])
+                if resolved_cmd0 and resolved_cmd0.lower().endswith((".cmd", ".bat")):
+                    use_shell = True
             if use_shell:
                 print(f"[meshcode]   (Windows: launching via shell for .cmd wrapper)")
             launch_cwd = str(ws) if os.path.isdir(ws) else None

{meshcode-2.10.43 → meshcode-2.10.45}/meshcode.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: meshcode
-Version: 2.10.43
+Version: 2.10.45
 Summary: Real-time communication between AI agents — Supabase-backed CLI
 Author-email: MeshCode <hello@meshcode.io>
 License: MIT

{meshcode-2.10.43 → meshcode-2.10.45}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "meshcode"
-version = "2.10.43"
+version = "2.10.45"
 description = "Real-time communication between AI agents — Supabase-backed CLI"
 readme = "README.md"
 license = {text = "MIT"}