diff --git a/.jules/scribe.md b/.jules/scribe.md index 48b090c..f0637e4 100644 --- a/.jules/scribe.md +++ b/.jules/scribe.md @@ -12,3 +12,8 @@ **Gap:** The documentation stated the SWIM protocol period was 1000ms (1s), but the implementation uses 5000ms (5s) in both `src/config.zig` and `src/discovery/swim.zig`. **Learning:** The documentation likely reflected an early design decision or standard SWIM defaults, but the implementation settled on a more conservative 5s interval for WAN stability, and docs were not updated. **Prevention:** Add a CI check that grep's `docs/guide/configuration.md` for values that match constants exported in `src/config.zig`. + +## 2026-03-06 - CLI reference missing command +**Gap:** `meshguard connect` command was missing from `docs/reference/cli.md` despite being implemented in `src/main.zig`. +**Learning:** Adding new commands in `src/main.zig` does not automatically update the CLI reference documentation since CLI parsing is manual. This creates a high risk of documentation drift. +**Prevention:** Check for undocumented commands by comparing `fn cmd...` implementations in `src/main.zig` against documented commands in `docs/reference/cli.md`. diff --git a/docs/reference/cli.md b/docs/reference/cli.md index 750324c..36868a7 100644 --- a/docs/reference/cli.md +++ b/docs/reference/cli.md @@ -137,6 +137,29 @@ meshguard config show --- +## `meshguard connect` + +Direct peer connection via token exchange (no seed node needed). Performs a coordinated UDP hole punch. + +```bash +meshguard connect --generate [--in ] +meshguard connect --join +``` + +| Flag | Description | +| -------------- | ---------------------------------------------- | +| `--generate` | Generate an initial token to share with a peer | +| `--join` | Accept a token and generate a response token | +| `--in ` | Delay until punch time (default: 1 minute) | + +**Flow:** +1. Initiator runs `--generate` and shares the `mg://` token with the peer. +2. Peer runs `--join ` and shares the generated response token back. +3. Initiator pastes the response token. +4. Both sides punch simultaneously (NTP-synced). + +--- + ## `meshguard service` Manage service access control policies (port-level allow/deny rules).