Feat/members messaging

.github/workflows/deploy.yml

@@ -1,10 +1,18 @@
 name: deploy
 
 # Fully autonomous, idempotent deploy. On every push to main (or manual
-# dispatch) this SSHes to the bbs.profullstack.com droplet and re-runs the
-# idempotent provisioner (setup.sh), which pulls origin, rebuilds the Go
-# binaries, and restarts the agentbbs service that answers
-# `ssh join@bbs.profullstack.com`. Re-running is always safe.
+# dispatch) this builds the Go binaries ON THE RUNNER (which has plenty of
+# RAM), ships them to the bbs.profullstack.com droplet, and re-runs the
+# idempotent provisioner (setup.sh) with SKIP_BUILD=1 so the tiny droplet
+# never has to compile. setup.sh still pulls origin, refreshes config/assets,
+# and restarts the agentbbs service that answers `ssh join@bbs.profullstack.com`.
+# Re-running is always safe.
+#
+# Why build on the runner: the droplet is a ~458MB box also running ergo,
+# forgejo, tor, podman and the live agentbbs. The Go linker's peak memory was
+# OOM-killing the build — and with it the sshd serving the deploy session,
+# surfacing as "Connection closed by remote host" (exit 255). Compiling on the
+# 16GB runner removes that failure mode entirely.
 #
 # Required repo secrets (Settings -> Secrets and variables -> Actions):
 #   DEPLOY_SSH_KEY   private key whose public half is in the droplet admin
@@ -30,6 +38,8 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v4
+
       - name: Configure SSH
         env:
           DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
@@ -43,7 +53,55 @@ jobs:
           chmod 600 ~/.ssh/id_deploy
           ssh-keyscan -p "$DEPLOY_PORT" -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null
 
-      - name: Provision / redeploy (idempotent)
+      - name: Detect droplet architecture
+        id: arch
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+          DEPLOY_USER: ${{ secrets.DEPLOY_USER || 'root' }}
+          DEPLOY_PORT: ${{ secrets.DEPLOY_PORT || '2202' }}
+        run: |
+          uname_m="$(ssh -i ~/.ssh/id_deploy -p "$DEPLOY_PORT" \
+            -o BatchMode=yes -o StrictHostKeyChecking=yes \
+            "${DEPLOY_USER}@${DEPLOY_HOST}" 'uname -m')"
+          case "$uname_m" in
+            x86_64|amd64)  goarch=amd64 ;;
+            aarch64|arm64) goarch=arm64 ;;
+            *) echo "::error::unsupported droplet arch '$uname_m'"; exit 1 ;;
+          esac
+          echo "goarch=$goarch" >> "$GITHUB_OUTPUT"
+          echo "::notice::droplet arch $uname_m -> GOARCH=$goarch"
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+
+      - name: Build binaries (on the runner, not the droplet)
+        env:
+          GOOS: linux
+          GOARCH: ${{ steps.arch.outputs.goarch }}
+          CGO_ENABLED: '0'   # pure-Go (modernc sqlite) — static, portable binary
+        run: |
+          mkdir -p dist
+          go build -trimpath -o dist/agentbbs   ./cmd/agentbbs
+          go build -trimpath -o dist/ascii-live ./cmd/ascii-live
+          file dist/* || true
+
+      - name: Ship binaries to the droplet
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+          DEPLOY_USER: ${{ secrets.DEPLOY_USER || 'root' }}
+          DEPLOY_PORT: ${{ secrets.DEPLOY_PORT || '2202' }}
+        run: |
+          # scp can only name one remote target; copy each binary explicitly.
+          scp -i ~/.ssh/id_deploy -P "$DEPLOY_PORT" \
+              -o BatchMode=yes -o StrictHostKeyChecking=yes \
+              dist/agentbbs "${DEPLOY_USER}@${DEPLOY_HOST}:/tmp/agentbbs-deploy-agentbbs"
+          scp -i ~/.ssh/id_deploy -P "$DEPLOY_PORT" \
+              -o BatchMode=yes -o StrictHostKeyChecking=yes \
+              dist/ascii-live "${DEPLOY_USER}@${DEPLOY_HOST}:/tmp/agentbbs-deploy-ascii-live"
+
+      - name: Provision / redeploy (idempotent, SKIP_BUILD=1)
         env:
           DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
           DEPLOY_USER: ${{ secrets.DEPLOY_USER || 'root' }}
@@ -76,7 +134,11 @@ jobs:
           fi
           git -C "$SRC" fetch --depth 1 origin "$BRANCH"
           git -C "$SRC" reset --hard "origin/$BRANCH"
-          exec env BRANCH="$BRANCH" \
+          # Install the runner-built binaries, then tell setup.sh not to compile.
+          install -m 0755 /tmp/agentbbs-deploy-agentbbs   /usr/local/bin/agentbbs
+          install -m 0755 /tmp/agentbbs-deploy-ascii-live /usr/local/bin/ascii-live
+          rm -f /tmp/agentbbs-deploy-agentbbs /tmp/agentbbs-deploy-ascii-live
+          exec env BRANCH="$BRANCH" SKIP_BUILD=1 \
             COINPAY_API_KEY="${COINPAY_API_KEY:-}" \
             COINPAY_MERCHANT_ID="${COINPAY_MERCHANT_ID:-}" \
             AGENTBBS_QRYPT_ISSUER_KEY="${AGENTBBS_QRYPT_ISSUER_KEY:-}" \

cmd/agentbbs/main.go

@@ -8,6 +8,8 @@
 //	                emailed code, then offers $99 Founding Lifetime (CoinPay)
 //	ssh pod@host    your personal Linux pod — free for verified members
 //	ssh domain@host point your own domain at your homepage (Premium; add/rm/list)
+//	ssh <name>@host (from another account) prints a finger card for that member
+//	ssh msg@host U  leave member U a message: `ssh msg@host U hi` or pipe stdin
 //	ssh admin@host  the operator admin console ($AGENTBBS_ADMINS only)
 //	ssh game@host G AgentGames: play game G (e.g. ttt, c4) over NDJSON; rated,
 //	                agent-vs-agent (also on wss://host/play). See docs/agentgames.md
@@ -72,6 +74,7 @@ import (
 	"github.com/profullstack/agentbbs/plugins/about"
 	"github.com/profullstack/agentbbs/plugins/agentgames"
 	"github.com/profullstack/agentbbs/plugins/arcade"
+	"github.com/profullstack/agentbbs/plugins/members"
 	qryptinviteplugin "github.com/profullstack/agentbbs/plugins/qryptinvite"
 )
 
@@ -171,7 +174,7 @@ func main() {
 	a.mm = games.NewMatchmaker(a.gamesReg, a.st,
 		time.Duration(envInt("AGENTBBS_GAME_MOVE_TIMEOUT", 15))*time.Second,
 		time.Duration(envInt("AGENTBBS_GAME_QUEUE_WAIT", 120))*time.Second)
-	a.registry = []plugin.Plugin{arcade.Plugin{}, agentgames.New(a.gamesReg), qryptinviteplugin.Plugin{}, about.Plugin{}}
+	a.registry = []plugin.Plugin{arcade.Plugin{}, agentgames.New(a.gamesReg), members.Plugin{}, qryptinviteplugin.Plugin{}, about.Plugin{}}
 
 	// Custom domains: maintain the symlink farm Caddy serves and answer its
 	// on-demand-TLS "ask" query so certs are only issued for mapped domains.
@@ -318,6 +321,8 @@ func (a *app) router() wish.Middleware {
 				a.handleNews(s)
 			case auth.IsMailName(user):
 				a.handleMail(s)
+			case auth.IsMsgName(user):
+				a.handleMsg(s)
 			case isVideo:
 				a.handleVideo(s, code)
 			case user == "agent":
@@ -345,7 +350,11 @@ func (a *app) hubMOTD(u auth.User) string {
 		return "You're browsing as a guest.\n" + body +
 			"\nssh join@" + a.host + " to claim a username, a pod & a homepage."
 	}
-	return "Welcome back, " + u.Name + ".\n" + body
+	welcome := "Welcome back, " + u.Name + "."
+	if n, err := a.st.UnreadCount(u.Name); err == nil && n > 0 {
+		welcome += fmt.Sprintf("  📬 %d unread — open Members ▸ inbox (i).", n)
+	}
+	return welcome + "\n" + body
 }
 
 // teaHandler builds the hub model for guests, members, and agents.
@@ -394,7 +403,7 @@ func (a *app) teaHandler(s ssh.Session) (tea.Model, []tea.ProgramOption) {
 	sessID, _ := a.st.RecordSession(u.StoreID, s.User(), remoteIP(s), "hub")
 	go func() { <-s.Context().Done(); _ = a.st.EndSession(sessID) }()
 
-	ctx := plugin.Context{Store: a.st, Sandbox: a.sandbox, AssetsDir: a.assets}
+	ctx := plugin.Context{Store: a.st, Sandbox: a.sandbox, AssetsDir: a.assets, Host: a.host}
 	if u.Kind != auth.Guest {
 		ctx.DataDir = filepath.Join(a.dataDir, "users", u.Name)
 		_ = os.MkdirAll(filepath.Join(ctx.DataDir, "wads"), 0o755)
@@ -1421,6 +1430,62 @@ func (a *app) handleChat(s ssh.Session) {
 	}
 }
 
+// handleMsg is the member-to-member messaging route: `ssh msg@host <user> [text]`
+// leaves a note in <user>'s BBS inbox. The body is the remaining args, or stdin
+// when none are given (so `echo hi | ssh msg@host bob` works). Members only;
+// the recipient reads it in the hub's Members ▸ inbox.
+func (a *app) handleMsg(s ssh.Session) {
+	fp := auth.Fingerprint(s.PublicKey())
+	if fp == "" {
+		wish.Println(s, "msg@ needs your registered SSH key. New here? ssh join@"+a.host)
+		_ = s.Exit(1)
+		return
+	}
+	from, found, err := a.st.UserByFingerprint(fp)
+	if err != nil || !found {
+		wish.Println(s, "key not registered — run: ssh join@"+a.host)
+		_ = s.Exit(1)
+		return
+	}
+	args := s.Command()
+	if len(args) == 0 {
+		wish.Println(s, "usage: ssh msg@"+a.host+" <user> [message]   (or pipe the message on stdin)")
+		_ = s.Exit(1)
+		return
+	}
+	to := strings.ToLower(args[0])
+	recipient, ok, err := a.st.UserByName(to)
+	if err != nil || !ok {
+		wish.Println(s, "no member named "+to+" — check the spelling (ssh "+to+"@"+a.host+" to finger).")
+		_ = s.Exit(1)
+		return
+	}
+	if recipient.Name == from.Name {
+		wish.Println(s, "you can't message yourself.")
+		_ = s.Exit(1)
+		return
+	}
+	body := strings.TrimSpace(strings.Join(args[1:], " "))
+	if body == "" {
+		// No inline text — read the message from stdin (piped, or typed then ^D).
+		b, _ := io.ReadAll(io.LimitReader(s, 64*1024))
+		body = strings.TrimSpace(string(b))
+	}
+	if body == "" {
+		wish.Println(s, "empty message — nothing sent.")
+		_ = s.Exit(1)
+		return
+	}
+	if err := a.st.SendMessage(from.Name, recipient.Name, body); err != nil {
+		wish.Println(s, "could not send: "+err.Error())
+		_ = s.Exit(1)
+		return
+	}
+	_, _ = a.st.RecordSession(from.ID, s.User(), remoteIP(s), "msg")
+	wish.Println(s, "✓ message left for "+recipient.Name+" — they'll see it in Members ▸ inbox.")
+	_ = s.Exit(0)
+}
+
 // handleFinger prints a classic finger card when someone ssh's to an
 // existing account name that isn't their own (e.g. ssh anthony@host).
 // Returns false when the route should fall through to the hub.

internal/auth/auth.go

@@ -103,6 +103,13 @@ func IsNewsName(u string) bool { return NewsNames[strings.ToLower(u)] }
 // IsMailName reports whether the SSH username requests the AgentMail client.
 func IsMailName(u string) bool { return MailNames[strings.ToLower(u)] }
 
+// MsgNames route a member-to-member message: `ssh msg@host <user>` leaves a
+// note in the recipient's BBS inbox (store-and-forward, see the Members plugin).
+var MsgNames = map[string]bool{"msg": true, "message": true}
+
+// IsMsgName reports whether the SSH username requests the messaging route.
+func IsMsgName(u string) bool { return MsgNames[strings.ToLower(u)] }
+
 // systemReserved are names that don't drive an SSH route but would still
 // collide with a per-user subdomain (<name>.<host>), the agent route, or common
 // infra hostnames — so members may not claim them as account names.
@@ -119,7 +126,8 @@ var systemReserved = map[string]bool{
 func IsReservedName(name string) bool {
 	n := strings.ToLower(name)
 	if GuestNames[n] || PodNames[n] || JoinNames[n] || DomainNames[n] || AdminNames[n] ||
-		TorURLNames[n] || TorIRCNames[n] || TorNames[n] || IRCNames[n] || NewsNames[n] || systemReserved[n] {
+		TorURLNames[n] || TorIRCNames[n] || TorNames[n] || IRCNames[n] || NewsNames[n] ||
+		MsgNames[n] || systemReserved[n] {
 		return true
 	}
 	return strings.HasPrefix(n, "video-") // video-<code> call routes

internal/plugin/plugin.go

@@ -22,6 +22,9 @@ type Context struct {
 	DataDir string
 	// AssetsDir is the read-only platform assets tree (wads, binaries).
 	AssetsDir string
+	// Host is the BBS hostname (e.g. bbs.profullstack.com), for building
+	// member homepage URLs (https://Host/~name) and similar links.
+	Host string
 }
 
 // Plugin is the only integration point between a feature and the hub.

internal/store/store.go

@@ -5,6 +5,7 @@ package store
 import (
 	"database/sql"
 	"errors"
+	"strings"
 	"time"
 
 	_ "modernc.org/sqlite"
@@ -45,6 +46,16 @@ func scanUser(sc interface{ Scan(...any) error }) (User, error) {
 	return u, nil
 }
 
+// Message is one member-to-member note in the store-and-forward inbox.
+type Message struct {
+	ID   int64
+	From string
+	To   string
+	Body string
+	Read bool
+	At   time.Time
+}
+
 // Score is one leaderboard entry.
 type Score struct {
 	User  string
@@ -100,6 +111,21 @@ type Store interface {
 	AddChat(userID int64, username, role, text string) error
 	RecentChats(username string, n int) ([]ChatMessage, error)
 
+	// Member-to-member messaging (store-and-forward inbox).
+
+	// SendMessage leaves a note from→to in the recipient's inbox.
+	SendMessage(from, to, body string) error
+	// Inbox returns up to n messages addressed to username, newest first.
+	Inbox(username string, n int) ([]Message, error)
+	// UnreadCount reports how many unread messages username has waiting.
+	UnreadCount(username string) (int, error)
+	// MarkRead marks the given message ids read (scoped to username so a member
+	// can only clear their own mail). Empty ids is a no-op.
+	MarkRead(username string, ids []int64) error
+	// OnlineUsers reports the set of usernames with an open session (no
+	// ended_at), for the members directory presence dots.
+	OnlineUsers() (map[string]bool, error)
+
 	// Custom domains mapped to a member's homepage (public_html).
 	// MapDomain binds domain→username, returning ErrDomainTaken if it is
 	// already claimed by someone else (re-binding to the same owner is a no-op).
@@ -471,6 +497,15 @@ CREATE TABLE IF NOT EXISTS news_articles (
 );
 CREATE INDEX IF NOT EXISTS idx_news_articles_grp ON news_articles(grp, num);
 CREATE INDEX IF NOT EXISTS idx_news_articles_msgid ON news_articles(msg_id);
+CREATE TABLE IF NOT EXISTS messages (
+  id INTEGER PRIMARY KEY,
+  from_user TEXT NOT NULL,
+  to_user TEXT NOT NULL,
+  body TEXT NOT NULL,
+  read INTEGER NOT NULL DEFAULT 0,
+  created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ','now'))
+);
+CREATE INDEX IF NOT EXISTS idx_messages_to ON messages(to_user, id DESC);
 `
 
 func (s *sqliteStore) EnsureUser(name, kind, fp string) (User, error) {
@@ -686,6 +721,75 @@ func (s *sqliteStore) RecentChats(username string, n int) ([]ChatMessage, error)
 	return out, rows.Err()
 }
 
+func (s *sqliteStore) SendMessage(from, to, body string) error {
+	_, err := s.db.Exec(`INSERT INTO messages (from_user, to_user, body) VALUES (?,?,?)`,
+		from, to, body)
+	return err
+}
+
+func (s *sqliteStore) Inbox(username string, n int) ([]Message, error) {
+	if n <= 0 {
+		n = 50
+	}
+	rows, err := s.db.Query(`
+		SELECT id, from_user, to_user, body, read, created_at
+		FROM messages WHERE to_user = ? ORDER BY id DESC LIMIT ?`, username, n)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var out []Message
+	for rows.Next() {
+		var m Message
+		var read int
+		var at string
+		if err := rows.Scan(&m.ID, &m.From, &m.To, &m.Body, &read, &at); err != nil {
+			return nil, err
+		}
+		m.Read = read != 0
+		m.At, _ = time.Parse(time.RFC3339, at)
+		out = append(out, m)
+	}
+	return out, rows.Err()
+}
+
+func (s *sqliteStore) UnreadCount(username string) (int, error) {
+	var n int
+	err := s.db.QueryRow(`SELECT COUNT(*) FROM messages WHERE to_user = ? AND read = 0`, username).Scan(&n)
+	return n, err
+}
+
+func (s *sqliteStore) MarkRead(username string, ids []int64) error {
+	if len(ids) == 0 {
+		return nil
+	}
+	q := `UPDATE messages SET read = 1 WHERE to_user = ? AND id IN (?` + strings.Repeat(",?", len(ids)-1) + `)`
+	args := make([]any, 0, len(ids)+1)
+	args = append(args, username)
+	for _, id := range ids {
+		args = append(args, id)
+	}
+	_, err := s.db.Exec(q, args...)
+	return err
+}
+
+func (s *sqliteStore) OnlineUsers() (map[string]bool, error) {
+	rows, err := s.db.Query(`SELECT DISTINCT username FROM sessions WHERE ended_at IS NULL`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	online := map[string]bool{}
+	for rows.Next() {
+		var name string
+		if err := rows.Scan(&name); err != nil {
+			return nil, err
+		}
+		online[strings.ToLower(name)] = true
+	}
+	return online, rows.Err()
+}
+
 func (s *sqliteStore) MapDomain(domain, username string) error {
 	var owner string
 	err := s.db.QueryRow(`SELECT username FROM domains WHERE domain = ?`, domain).Scan(&owner)