Skip to content

feat: unified CLI, agent stop, listen --shell, SAS confirmation, relay limits#26

Merged
YairEtzion merged 8 commits into
mainfrom
feat/headless-dx
Apr 9, 2026
Merged

feat: unified CLI, agent stop, listen --shell, SAS confirmation, relay limits#26
YairEtzion merged 8 commits into
mainfrom
feat/headless-dx

Conversation

@YairEtzion
Copy link
Copy Markdown
Contributor

@YairEtzion YairEtzion commented Apr 9, 2026
edited
Loading

Summary

  • Merge agent into CLI — single amesh binary replaces amesh + amesh-agent
  • Add amesh agent start/stop for daemon management, amesh listen --shell for auto-grant, amesh reset for recovery
  • SAS confirmation protocol prevents one-sided trust: controller waits for target to verify before committing
  • Relay hardened with 5MB per-session data cap and 2 shell sessions/min per IP

Changes

packages/cli: New commands (agent/start, agent/stop, reset), --shell flag on listen, SAS confirmation in handshake, unified SEA entry point
packages/agent: Deleted — merged into CLI
packages/keystore: No functional changes
packages/relay: 5MB session data cap, 2 shell/min rate limit
docs + landpage: All amesh-agent references updated to amesh
packaging: Build scripts, Homebrew formula, nfpm updated for single binary

Test plan

  • bun run build && bun run test — all pass
  • amesh agent start / amesh agent stop — PID file created/removed, graceful shutdown
  • amesh listen --shell — auto-grants shell permission after pairing
  • amesh invite <code> — waits for SAS confirmation, aborts cleanly if target rejects
  • amesh reset — stops running agent, clears stale state
  • Relay disconnects session after 5MB transferred

@YairEtzion
feat: agent stop, listen --shell, SAS confirmation, reset, file transfer
bbdbc28 
P1: Add `amesh-agent agent stop` — writes PID file on start, reads it
    on stop, sends SIGTERM for graceful shutdown.

P1.5: SAS confirmation protocol — controller now waits for target to
      verify the SAS code before adding to allow list. Prevents
      one-sided trust when target rejects or disconnects.

P2: Add `--shell` and `--files` flags to `amesh listen` — auto-grants
    permissions after pairing completes.

P0: Add `amesh reset` / `amesh-agent reset` — clears ephemeral state
    (stops running agent, removes stale PID) without affecting identity
    or pairings.

P3: Add `amesh cp` file transfer — push local files to paired devices
    over the encrypted relay tunnel. Reuses shell session infrastructure
    (ECDH handshake, ChaCha20-Poly1305). New frame types: FILE_META,
    FILE_CHUNK, FILE_ACK, FILE_ERROR. Requires `--files` permission.
@YairEtzion
refactor: merge agent into CLI — single amesh binary
60e9119 
Remove @authmesh/agent package entirely. All agent functionality
(agent start/stop, reset, file transfer handler) now lives in
@authmesh/cli under the unified amesh binary.

Before: amesh (controller) + amesh-agent (target) — two binaries
After:  amesh (everything) — one binary, agent start enables target mode

Updated all references across docs, landpage, packaging, and CI.
@YairEtzion
chore: update lockfile after agent package removal
a2e099b
@YairEtzion
fix: reduce file transfer chunk size to fit relay 64KB maxPayload
76eafdf
@YairEtzion
revert: remove file transfer (amesh cp) — relay cost risk without P2P
5a1f793
@YairEtzion
security: add 10MB per-session data cap on relay to prevent cost abuse
bc14dec
@YairEtzion
security: tighten relay limits — 5MB/session, 2 shell/min per IP
de14575
@YairEtzion YairEtzion changed the title feat: unified CLI with agent, file transfer, SAS confirmation feat: unified CLI, agent stop, listen --shell, SAS confirmation, relay limits Apr 9, 2026
@YairEtzion YairEtzion merged commit 2bec65d into main Apr 9, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@YairEtzion