Commit Graph

2 Commits

Author SHA1 Message Date
MarekWo 9967980521 docs(technotes): Document contact type differences in add_pending behavior
Added comprehensive documentation of discovered differences between CLI and ROOM
contact types when using the add_pending command.

Key findings from real-world testing (2025-12-29):

CLI Contacts (flexible matching):
-  Full name works: "StNMobile T1000e"
-  Name prefix works: "StN"
-  Public key prefix works: "2ce5514"
-  Full public key works

ROOM Contacts (strict matching):
-  Full name fails: "TK room cwiczebny🔆" (UTF-8 issues)
-  Name prefix fails: "TK room"
-  Public key prefix fails: "b3fec489"
-  ONLY full public key works

Root cause: meshcli uses different matching logic for different contact types,
likely to prevent accidental approval of group rooms which have different
security/privacy implications.

Recommendation: UI should always send full public_key (not name) when calling
POST /add_pending to ensure compatibility with all contact types.

Updated sections:
- Selector formats with CLI/ROOM compatibility notes
- New "Important Discovery: Contact Type Differences" section
- Updated test commands with real-world results
- JavaScript code examples for UI implementation
- Best practices for UI design

This documentation will guide the next phase: UI implementation for pending
contact management.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-29 08:57:16 +01:00
MarekWo c0f6fd7dfc feat(bridge): Enable manual_add_contacts mode in session init
Enabled manual contact approval mode in meshcli session initialization.
This requires explicit approval for new contacts attempting to connect,
providing enhanced security and network access control.

Changes:
- Added 'set manual_add_contacts on' to _init_session_settings()
- Updates session init log message to include manual_add_contacts status
- Created comprehensive technical documentation (technotes/pending-contacts-api.md)

Benefits:
- DoS prevention - blocks flooding with fake contact requests
- Network privacy - control who can see your node
- Trust model - explicit approval for all new contacts
- Spam filtering - reject unwanted connection attempts

Technical notes document includes:
- Problem statement and solution overview
- API endpoint specifications and examples
- Testing procedures and expected workflows
- Future UI integration plans
- Security considerations and recommendations
- Meshcli command reference

When manual approval is enabled, new contacts appear in pending list
(accessible via GET /pending_contacts) and must be approved via
POST /add_pending before they can communicate with the node.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-29 08:20:49 +01:00