Expand description
The per-agent channel server and its decision logic.
Inbound flow, for each message drained from the bus: verify signature → sender on the allowlist? → addressed to me? → fresh? → not a replay? → dispatch.
An admitted peer is handled inline: the message is pushed straight into
the session as a <channel> event. A non-peer may only knock to pair;
anything else from a non-peer is dropped at the gate.
Structs§
- Dedupe
- A bounded set of recently-seen
msg_ids. Its main job is collapsing the bus’s at-least-once redelivery (the same message seen twice before it’s acked), which is a near-term window, so a bounded LRU suffices. It is not sized to cover the fullMAX_PAST_MSwindow: a replay older than this capacity but still within the past bound could slip through — an accepted tradeoff under the signed, trusted-tailnet threat model, in exchange for durable delivery to offline/slow peers. - Pair
Table - A bounded key→value table (drop-oldest), for pending pairing state: inbound knocks (sender key → claimed name) and outbound requests (target key → the grant we’ll assign them on accept). Bounded so a knock flood can’t grow it.
Enums§
- Dispatch
- What to do with a verified, authorized message.
- Reject
- Why a message was dropped. All of these are logged, none reach the model.
Constants§
- MAX_
FUTURE_ MS - How far ahead of local time a message may be dated — a tight clock-skew bound; a message from the future is a forgery/replay signal.
- MAX_
PAST_ MS - How long after signing a message may still be delivered. Generous, because the bus is a durable keep-until-ack store: an offline or slow peer (or a Claude Code stdio-server restart gap) can leave a legitimate message queued for a long time, and it must not be rejected as stale when it finally lands. The replay this widens is bounded in practice by the dedupe set and the trusted-tailnet threat model.
Functions§
- decide
- The full inbound gate.
meis this agent’s own id; the bus routes by key, but we re-check so a misrouted or spoofedtocan’t slip through.