feat: FUSE mount for relayfile VFS with permission enforcement (#13)

* feat: add FUSE mount for relayfile VFS with permission enforcement

Adds a FUSE-based filesystem mount backed by the relayfile HTTP API.
Every syscall (open, read, write, readdir, stat) becomes an API call
with a scoped Bearer token. Ignored files return ENOENT, readonly
files return EPERM on write. Includes local LRU cache with TTL and
WebSocket-based cache invalidation for real-time multi-agent sync.

- internal/mountfuse/: fs.go, dir.go, file.go, client.go, cache.go, wsinvalidate.go
- cmd/relayfile-mount: --fuse flag and --mode=fuse support
- Build tag //go:build !nofuse for conditional compilation
- Tests for cache and FUSE operations

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* ci: auto-create v* tag on publish to trigger release workflow

publish.yml now creates both sdk-v* and v* tags. The v* tag
triggers release.yml which builds Go binaries, publishes npm SDK,
and pushes Docker images — matching the relay repo's auto-release pattern.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* sync fixes

* fix: address 4 review finding(s)

wsinvalidate.go: Fix WebSocket endpoint path /fs/events/ws -> /fs/ws
dir.go: Return fuse.FOPEN_KEEP_CACHE instead of raw open flags
file.go: Remove duplicate putFile call before invalidate
file.go: Add RLock/RUnlock in fillEntry for thread safety

Co-Authored-By: My Senior Dev <dev@myseniordev.com>

* acl fixes

* fix: parse ACL permissions from file content when semantics field is empty

The bulk write endpoint doesn't persist the semantics field, so ACL
markers store permissions in the file content as JSON. The aclGetFile
function now falls back to parsing content when semantics.permissions
is empty.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* mount updates

* fix core package

* fix: address 12 review finding(s)

wsinvalidate.go: backoff reset after stable connection, ws/wss scheme support
file.go: writeGen generation counter to prevent flush/Write race condition
webhooks.ts: move nextRevision() after size check to avoid wasting revisions
dir.go, file.go fillEntry, wsinvalidate.go endpoint: previously resolved

Co-Authored-By: My Senior Dev <dev@myseniordev.com>

* publish updates

* feat: add permission denial logging to mount sync client

When a write is denied (403) or a file is reverted, the mount client
now writes to .relay/permissions-denied.log with timestamp, action,
file path, and reason. Agents can check this log for details.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: revert readonly files when agent modifies via chmod bypass

When a readonly file's hash differs from the tracked hash (agent
used chmod to bypass 444 and wrote to it), the sync client now
fetches the original content from relayfile and overwrites the
local file, restoring both content and chmod 444 permissions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: update HTTP 429 test expectation to match EAGAIN mapping

The mapError change correctly maps HTTP 429 to syscall.EAGAIN (retryable)
instead of syscall.EIO (fatal), but the test still expected EIO.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: address 14 security and reliability findings across 4 groups

Group 1 - HTTP API security/ACL hardening:
- Log warnings when using default dev secrets (server.go)
- Add ACL rule value validation with regex patterns (acl.go)
- Extend aclCheckPath for tree/query_files routes (server.go)
- Document TOCTOU-safe single-snapshot ACL resolution (server.go)
- Add 12 path normalization tests and 18 validation tests (acl_test.go)

Group 2 - SDK/core package security:
- Make webhook signature verification required by default (webhooks.ts)
- Move bearer token from WebSocket URL to auth message (sync.ts)

Group 3 - FUSE mount reliability:
- Add inode cache size limit with eviction (fs.go)
- Add WS read limit, auth error detection, max failure cap (wsinvalidate.go)
- Map HTTP 429 to EAGAIN instead of EIO (client.go)
- Enforce maxFileBytes limit on write buffer (file.go)

Group 4 - Mount command cleanup:
- Cancel derived context on FUSE exit to clean up WS (fuse_mount.go)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: update sync test to match token-in-auth-message change

The test expected the bearer token in the WebSocket URL query string,
but commit 1f87f7b moved it to a post-open auth message for security.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: mount syncer scope parsing, ReadOnly latch, .relay exclusion, and root version

- Rewrite scopeGrantsWrite to recognize manage/wildcard scopes
  (plane:resource:action:path segments), matching server-side scopeMatches
- Remove ReadOnly OR-latch so permissions reflect fresh scope evaluation
- Add conflicted entry after applyWriteDenied to prevent pullRemote override
- Skip .relay directory in scanLocalFiles walk
- Add version field to root package.json for CI npm version compatibility

Fixes: 3000084339, 3000241814, 3000241892, 3000241978

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: fsnotify, path-aware scopes, canReadPath, agentdeny, full test coverage

- fsnotify file watcher for instant local change detection (replaces polling)
- Path-aware scopeMatchesPath in auth.go (fixes .env leak — token with
  relayfile:fs:read:/src/app.ts no longer grants read to all files)
- canReadPath in mount client filters pulls by token scopes
- .agentdeny command filter via shell preexec hook
- Readonly revert in pushSingleFile when hash differs
- Full test coverage: scope matching, read filtering, write rejection,
  agentdeny, fsnotify watcher
- Fixed TestWriteRejectionRevertsFile to use read-only scopes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* permission test coverage

* devin feedback

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: khaliqgant

.claude/settings.json

@@ -0,0 +1,7 @@
+{
+  "permissions": {
+    "allow": [
+      "mcp__relaycast__*"
+    ]
+  }
+}

.github/workflows/publish.yml

@@ -3,6 +3,16 @@ name: Publish Package
 on:
   workflow_dispatch:
     inputs:
+      package:
+        description: "Package to publish"
+        required: true
+        type: choice
+        options:
+          - all
+          - core
+          - sdk
+          - cli
+        default: "all"
       version:
         description: "Version bump type"
         required: true
@@ -56,6 +66,7 @@ env:
   NPM_CONFIG_FUND: false
 
 jobs:
+  # Build all packages once, version them, and upload
   build:
     name: Build & Version
     runs-on: ubuntu-latest
@@ -74,16 +85,13 @@ jobs:
         with:
           node-version: "22"
           cache: "npm"
-          cache-dependency-path: packages/sdk/package-lock.json
           registry-url: "https://registry.npmjs.org"
 
       - name: Install dependencies
-        working-directory: packages/sdk
         run: npm ci
 
-      - name: Version bump
+      - name: Version all packages
         id: bump
-        working-directory: packages/sdk
         run: |
           CUSTOM_VERSION="${{ github.event.inputs.custom_version }}"
           VERSION_TYPE="${{ github.event.inputs.version }}"
@@ -109,29 +117,60 @@ jobs:
             echo "is_prerelease=false" >> "$GITHUB_OUTPUT"
           fi
 
-      - name: Build package
-        working-directory: packages/sdk
-        run: npm run build
-
-      - name: Typecheck package
-        working-directory: packages/sdk
-        run: npx tsc --noEmit
+          # Sync all package versions and internal dependencies
+          node -e "
+            const fs = require('fs');
+            const path = require('path');
+            const version = '$NEW_VERSION';
+
+            const packagesDir = 'packages';
+            for (const dir of fs.readdirSync(packagesDir)) {
+              const pkgPath = path.join(packagesDir, dir, 'package.json');
+              if (fs.existsSync(pkgPath)) {
+                const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+                pkg.version = version;
+                console.log(pkg.name + ' -> v' + version);
+                for (const depType of ['dependencies', 'devDependencies']) {
+                  for (const dep of Object.keys(pkg[depType] || {})) {
+                    if (dep.startsWith('@relayfile/')) {
+                      pkg[depType][dep] = version;
+                    }
+                  }
+                }
+                fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
+              }
+            }
+          "
+
+      - name: Build packages
+        run: |
+          npm run build --workspace=packages/core
+          npm run build --workspace=packages/sdk
 
       - name: Upload build artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: sdk-build
+          name: build-output
           path: |
-            packages/sdk/package.json
-            packages/sdk/package-lock.json
-            packages/sdk/dist/
-            packages/sdk/README.md
+            package.json
+            packages/*/package.json
+            packages/*/dist/
           retention-days: 1
 
-  publish:
-    name: Publish @relayfile/sdk
+  # Publish all packages in parallel
+  publish-packages:
+    name: Publish ${{ matrix.package }}
     needs: build
     runs-on: ubuntu-latest
+    if: github.event.inputs.package == 'all'
+    strategy:
+      fail-fast: false
+      max-parallel: 10
+      matrix:
+        package:
+          - core
+          - sdk
+          - cli
 
     steps:
       - name: Checkout code
@@ -146,59 +185,76 @@ jobs:
       - name: Download build artifacts
         uses: actions/download-artifact@v4
         with:
-          name: sdk-build
-          path: _artifacts
-
-      - name: Overlay build artifacts onto checkout
-        run: cp -r _artifacts/* . && rm -rf _artifacts
+          name: build-output
+          path: .
 
       - name: Update npm for OIDC support
         run: npm install -g npm@latest
 
-      - name: Verify build artifacts
-        working-directory: packages/sdk
-        run: |
-          echo "=== Verifying dist/ contents ==="
-          if [ ! -d "dist" ]; then
-            echo "ERROR: dist/ directory is missing!"
-            exit 1
-          fi
-          FILE_COUNT=$(find dist -name '*.js' -o -name '*.d.ts' | wc -l)
-          echo "Found $FILE_COUNT output files in dist/"
-          if [ "$FILE_COUNT" -lt 1 ]; then
-            echo "ERROR: dist/ contains no .js or .d.ts files!"
-            exit 1
-          fi
-          ls -la dist/
-          echo ""
-          echo "=== Dry run to verify package contents ==="
-          npm pack --dry-run
-
       - name: Dry run check
         if: github.event.inputs.dry_run == 'true'
-        working-directory: packages/sdk
+        working-directory: packages/${{ matrix.package }}
+        run: |
+          PACKAGE_NAME=$(node -p "require('./package.json').name")
+          echo "Dry run - would publish ${PACKAGE_NAME}"
+          npm publish --dry-run --access public --tag ${{ github.event.inputs.tag }} --ignore-scripts
+
+      - name: Publish to NPM
+        if: github.event.inputs.dry_run != 'true'
+        working-directory: packages/${{ matrix.package }}
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NPM_TAG: ${{ github.event.inputs.tag }}
-          NEW_VERSION: ${{ needs.build.outputs.new_version }}
+        run: npm publish --access public --provenance --tag ${{ github.event.inputs.tag }} --ignore-scripts
+
+  # Publish single package (when not 'all')
+  publish-single:
+    name: Publish single package
+    needs: build
+    runs-on: ubuntu-latest
+    if: github.event.inputs.package != 'all'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: build-output
+          path: .
+
+      - name: Update npm for OIDC support
+        run: npm install -g npm@latest
+
+      - name: Dry run check
+        if: github.event.inputs.dry_run == 'true'
+        working-directory: packages/${{ github.event.inputs.package }}
         run: |
           PACKAGE_NAME=$(node -p "require('./package.json').name")
-          echo "Dry run - would publish ${PACKAGE_NAME}@${NEW_VERSION}"
-          npm publish --dry-run --access public --tag "$NPM_TAG" --ignore-scripts
+          echo "Dry run - would publish ${PACKAGE_NAME}"
+          npm publish --dry-run --access public --tag ${{ github.event.inputs.tag }} --ignore-scripts
 
-      - name: Publish to npm with provenance
+      - name: Publish to NPM
         if: github.event.inputs.dry_run != 'true'
-        working-directory: packages/sdk
+        working-directory: packages/${{ github.event.inputs.package }}
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NPM_TAG: ${{ github.event.inputs.tag }}
-        run: npm publish --access public --provenance --tag "$NPM_TAG" --ignore-scripts
+        run: npm publish --access public --provenance --tag ${{ github.event.inputs.tag }} --ignore-scripts
 
   create-release:
     name: Create Release
-    needs: [build, publish]
+    needs: [build, publish-packages, publish-single]
     runs-on: ubuntu-latest
-    if: github.event.inputs.dry_run != 'true' && needs.publish.result == 'success'
+    if: |
+      always() &&
+      github.event.inputs.dry_run != 'true' &&
+      (needs.publish-packages.result == 'success' || needs.publish-single.result == 'success')
 
     steps:
       - name: Checkout code
@@ -210,11 +266,8 @@ jobs:
       - name: Download build artifacts
         uses: actions/download-artifact@v4
         with:
-          name: sdk-build
-          path: _artifacts
-
-      - name: Overlay build artifacts onto checkout
-        run: cp -r _artifacts/* . && rm -rf _artifacts
+          name: build-output
+          path: .
 
       - name: Commit version bump and create tag
         env:
@@ -224,7 +277,7 @@ jobs:
           git config user.name "GitHub Actions"
           git config user.email "actions@github.com"
 
-          git add packages/sdk/package.json packages/sdk/package-lock.json
+          git add package.json packages/*/package.json
           if ! git diff --staged --quiet; then
             BRANCH="chore/release-v${NEW_VERSION}"
             git checkout -b "$BRANCH"
@@ -234,7 +287,6 @@ jobs:
               --body "Automated version bump to v${NEW_VERSION}" \
               --base main --head "$BRANCH"
             gh pr merge "$BRANCH" --auto --squash
-            # Wait for the squash-merge to complete on main
             for i in $(seq 1 30); do
               STATE=$(gh pr view "$BRANCH" --json state --jq '.state')
               if [ "$STATE" = "MERGED" ]; then
@@ -248,36 +300,40 @@ jobs:
             fi
           fi
 
-          # Tag on main so the tag is reachable from main's history
           git fetch origin main
-          git tag -a "sdk-v${NEW_VERSION}" origin/main -m "SDK v${NEW_VERSION}"
-          git push origin "sdk-v${NEW_VERSION}"
+          git tag -a "v${NEW_VERSION}" origin/main -m "Release v${NEW_VERSION}"
+          git push origin "v${NEW_VERSION}"
 
       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: sdk-v${{ needs.build.outputs.new_version }}
+          tag_name: v${{ needs.build.outputs.new_version }}
           name: v${{ needs.build.outputs.new_version }}
           body: |
-            ## @relayfile/sdk v${{ needs.build.outputs.new_version }}
+            ## relayfile v${{ needs.build.outputs.new_version }}
+
+            ### Packages
+            - `@relayfile/core@${{ needs.build.outputs.new_version }}`
+            - `@relayfile/sdk@${{ needs.build.outputs.new_version }}`
+            - `relayfile@${{ needs.build.outputs.new_version }}`
 
             ### Install
             ```bash
             npm install @relayfile/sdk@${{ needs.build.outputs.new_version }}
+            npm install relayfile@${{ needs.build.outputs.new_version }}
             ```
 
             ### Publish Details
             - Dist-tag: `${{ github.event.inputs.tag }}`
             - Provenance: enabled via `npm publish --provenance`
             - Registry: `https://registry.npmjs.org`
-            - Package: `@relayfile/sdk`
           generate_release_notes: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   summary:
     name: Summary
-    needs: [build, publish, create-release]
+    needs: [build, publish-packages, publish-single, create-release]
     runs-on: ubuntu-latest
     if: always()
 
@@ -286,22 +342,17 @@ jobs:
         run: |
           echo "## Publish Summary" >> "$GITHUB_STEP_SUMMARY"
           echo "" >> "$GITHUB_STEP_SUMMARY"
-          echo "**Package**: \`@relayfile/sdk\`" >> "$GITHUB_STEP_SUMMARY"
+          echo "**Package**: \`${{ github.event.inputs.package }}\`" >> "$GITHUB_STEP_SUMMARY"
           echo "**Version**: \`${{ needs.build.outputs.new_version }}\`" >> "$GITHUB_STEP_SUMMARY"
           echo "**NPM Tag**: \`${{ github.event.inputs.tag }}\`" >> "$GITHUB_STEP_SUMMARY"
           echo "**Prerelease**: \`${{ needs.build.outputs.is_prerelease }}\`" >> "$GITHUB_STEP_SUMMARY"
           echo "**Dry Run**: \`${{ github.event.inputs.dry_run }}\`" >> "$GITHUB_STEP_SUMMARY"
-          echo "**Registry**: \`https://registry.npmjs.org\`" >> "$GITHUB_STEP_SUMMARY"
           echo "**Provenance**: \`enabled\`" >> "$GITHUB_STEP_SUMMARY"
           echo "" >> "$GITHUB_STEP_SUMMARY"
           echo "### Results" >> "$GITHUB_STEP_SUMMARY"
           echo "| Stage | Status |" >> "$GITHUB_STEP_SUMMARY"
           echo "|-------|--------|" >> "$GITHUB_STEP_SUMMARY"
           echo "| Build & Version | ${{ needs.build.result == 'success' && 'SUCCESS' || 'FAILURE' }} |" >> "$GITHUB_STEP_SUMMARY"
-          echo "| Publish | ${{ needs.publish.result == 'success' && 'SUCCESS' || (needs.publish.result == 'skipped' && 'SKIPPED' || 'FAILURE') }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Publish All | ${{ needs.publish-packages.result == 'success' && 'SUCCESS' || (needs.publish-packages.result == 'skipped' && 'SKIPPED' || 'FAILURE') }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Publish Single | ${{ needs.publish-single.result == 'success' && 'SUCCESS' || (needs.publish-single.result == 'skipped' && 'SKIPPED' || 'FAILURE') }} |" >> "$GITHUB_STEP_SUMMARY"
           echo "| Create Release | ${{ needs.create-release.result == 'success' && 'SUCCESS' || (needs.create-release.result == 'skipped' && 'SKIPPED' || 'FAILURE') }} |" >> "$GITHUB_STEP_SUMMARY"
-          echo "" >> "$GITHUB_STEP_SUMMARY"
-          echo "### Install" >> "$GITHUB_STEP_SUMMARY"
-          echo "\`\`\`bash" >> "$GITHUB_STEP_SUMMARY"
-          echo "npm install @relayfile/sdk@${{ needs.build.outputs.new_version }}" >> "$GITHUB_STEP_SUMMARY"
-          echo "\`\`\`" >> "$GITHUB_STEP_SUMMARY"

.msd-autofix-findings-summary.txt

@@ -1,4 +1,12 @@
-1. [MEDIUM] .github/workflows/contract.yml:35 — <!-- devin-review-comment {"id": "BUG_pr-review-job-ca1d91a9d6c74847bff18a6d13f94f7c_0001", "file_path": ".github/workfl
-2. [MEDIUM] packages/core/src/webhooks.ts:594 — <!-- devin-review-comment {"id": "BUG_pr-review-job-ccdef9cc24a84af5abb66d100b3ae3ca_0001", "file_path": "packages/core/
-3. [MEDIUM] packages/core/src/webhooks.ts:413 — <!-- devin-review-comment {"id": "BUG_pr-review-job-ccdef9cc24a84af5abb66d100b3ae3ca_0002", "file_path": "packages/core/
-4. [MEDIUM] packages/core/src/acl.ts:177 — <!-- devin-review-comment {"id": "BUG_pr-review-job-ccdef9cc24a84af5abb66d100b3ae3ca_0003", "file_path": "packages/core/
+1. [MEDIUM] internal/mountfuse/wsinvalidate.go:134 — <!-- devin-review-comment {"id": "BUG_pr-review-job-c2f61fc1a26f4c2395d9e6bdd2c66929_0001", "file_path": "internal/mount
+2. [MEDIUM] internal/mountfuse/dir.go:130 — <!-- devin-review-comment {"id": "BUG_pr-review-job-c2f61fc1a26f4c2395d9e6bdd2c66929_0002", "file_path": "internal/mount
+3. [MEDIUM] internal/mountfuse/file.go:248 — <!-- devin-review-comment {"id": "BUG_pr-review-job-c2f61fc1a26f4c2395d9e6bdd2c66929_0003", "file_path": "internal/mount
+4. [MEDIUM] internal/mountfuse/file.go:225 — <!-- devin-review-comment {"id": "BUG_pr-review-job-c2f61fc1a26f4c2395d9e6bdd2c66929_0004", "file_path": "internal/mount
+5. [MEDIUM] packages/core/src/webhooks.ts:387 — <!-- devin-review-comment {"id": "BUG_pr-review-job-0d58fd55531d4b52b5bcd4223e16c975_0002", "file_path": "packages/core/
+6. [MEDIUM] internal/mountfuse/wsinvalidate.go:71 — <!-- devin-review-comment {"id": "BUG_pr-review-job-0d58fd55531d4b52b5bcd4223e16c975_0003", "file_path": "internal/mount
+7. [MEDIUM] internal/mountfuse/dir.go:130 — ✅ **Resolved**: The current code at dir.go:130 now shows `return child, handle, fuse.FOPEN_KEEP_CACHE, 0`, which is the 
+8. [MEDIUM] internal/mountfuse/wsinvalidate.go:134 — ✅ **Resolved**: The current code at wsinvalidate.go:134 now shows `/v1/workspaces/%s/fs/ws` which is the correct endpoin
+9. [MEDIUM] internal/mountfuse/file.go:248 — ✅ **Resolved**: The current code at file.go:236-247 now includes `n.mu.RLock()` and `n.mu.RUnlock()` around the field re
+10. [MEDIUM] internal/mountfuse/file.go:225 — ✅ **Resolved**: The current code at file.go:223-225 shows `invalidate` then `putFile` then `updateFromBuffer` — the redu
+11. [MEDIUM] internal/mountfuse/file.go:231 — <!-- devin-review-comment {"id": "BUG_pr-review-job-d4770554ba7b4e5aa1f6896925a9822a_0001", "file_path": "internal/mount
+12. [MEDIUM] internal/mountfuse/wsinvalidate.go:133 — <!-- devin-review-comment {"id": "BUG_pr-review-job-f5948a9d2b7047af850e87ae1a144d2c_0003", "file_path": "internal/mount