Problem
Adding a new node to the network requires the anchor operator to manually run `peer add` followed by `peer approve`. There's no self-service join flow.
Solution
Implement pre-auth key support using the existing `preAuthKey` record type in the protocol:
- `meshd preauth create` — anchor generates a pre-auth token, writes it as an encrypted `network/preAuthKey` record
- `meshd network join --token ` — new node presents the token to join without manual approval
- The anchor validates the token, auto-creates the node record, and delivers the context key
- Tokens should support: expiration, single-use vs multi-use, optional labels
References
- `protocols/wireguard-mesh.json` — `preAuthKey` record type already defined
- `schemas/` — needs a `pre-auth-key.json` schema
- `cmd/meshd/main.go` — `network join`, `peer add`, `peer approve` commands
Problem
Adding a new node to the network requires the anchor operator to manually run `peer add` followed by `peer approve`. There's no self-service join flow.
Solution
Implement pre-auth key support using the existing `preAuthKey` record type in the protocol:
References