@chipallen2/snazi 0.1.0 → 0.1.1

package/README.md

@@ -40,32 +40,18 @@ cannot approve a sender or reveal content for a non-approved one.
 
 ## Install
 
-> **Not on npm yet.** Install from source (below). Once published,
-> `npm install -g snazi` becomes the one-liner.
-
-### From source (works today)
-
 macOS, Windows, or Linux (Node 18+):
 
 ```bash
-git clone https://github.com/chipallen2/snazi.git
-cd snazi/packages/snazi
-./install.sh        # npm install + build, links `snazi` onto your PATH
-```
-
-On Windows (no bash), run this instead of `./install.sh`:
-
-```bash
-npm install && npm run build && npm link
-```
-
-Then configure and verify — no hand-edited JSON:
-
-```bash
+npm install -g @chipallen2/snazi
 snazi init          # writes ~/.snazi/config.json (deployment URL + READ token)
 snazi doctor        # checks Node, config, connectivity, and channel access
 ```
 
+> The npm package is **scoped** (`@chipallen2/snazi`) but the command you run is
+> just `snazi`. (The bare name `snazi` was too close to an existing npm package
+> to publish unscoped.)
+
 `snazi init` asks for two things: your **deployment URL** (default
 `https://snazi.dev`) and your **account READ token** (sign up at `/signup`, then
 copy it from the `/account` page). There is **no admin key** — approvals happen
@@ -79,10 +65,13 @@ snazi init --api-url https://snazi.dev --token <READ_TOKEN> --yes
 your terminal (or the `node` binary) in System Settings → Privacy & Security →
 Full Disk Access. `snazi doctor` flags it if missing.
 
-### Once published to npm
+### From source (contributors)
 
 ```bash
-npm install -g snazi
+git clone https://github.com/chipallen2/snazi.git
+cd snazi/packages/snazi
+./install.sh        # npm install + build, links `snazi` onto your PATH
+                    # Windows (no bash): npm install && npm run build && npm link
 snazi init && snazi doctor
 ```
 
@@ -94,6 +83,7 @@ snazi init && snazi doctor
 | `snazi doctor` | Diagnose Node, config, connectivity, and channel access. |
 | `snazi list-new [--channel <id>] [--since <min>] [--fresh]` | Distinct inbound senders, counts, timestamps, approval status, and display label. **No text.** Default window 60 min. |
 | `snazi read <sender> [--channel <id>] [--since <min>] [--fresh]` | Message text for one sender — **only if approved**. Otherwise errors with `No messages for you.` |
+| `snazi send <recipient> --text <message> [--channel <id>]` | Send a message. **Never gated** — you can always send to anyone. |
 | `snazi check <sender> --channel <id> [--fresh]` | One sender's approval status and display label (`approved`/`denied`/`unknown`). |
 | `snazi channels list` | Configured channels plus adapter availability on this machine. |
 | `snazi channels add <channel>` | Add a channel (e.g. `snazi channels add imessage`). |
@@ -105,6 +95,7 @@ snazi init && snazi doctor
 | `snazi remote-list-new [--channel <id>] [--since <min>]` | WHO messaged on the remote host + status + label. |
 | `snazi remote-check <sender> --channel <id>` | One sender's status and label, via remote serve. |
 | `snazi remote-read <sender> [--channel <id>] [--since <min>]` | Message text via remote serve — only if approved. |
+| `snazi remote-send <recipient> --text <message> [--channel <id>]` | Send a message via remote serve — never gated. |
 | `snazi remote-resolve [<name>] --channel <id>` | Resolve a name → sender address(es). Empty name = full address book. |
 | `snazi remote-label <sender> --name <name> --channel <id>` | Set a sender's display label (UPDATE-only; cannot open the gate). |
 
@@ -134,6 +125,9 @@ curl -s -H "x-api-key: $READ_TOKEN" \
 snazi read "+15551234567"
 # { "sender": "+15551234567", "status": "approved", "since_minutes": 60,
 #   "messages": [ { "date": "...", "text": "hey are we still on for lunch?" } ] }
+
+snazi send "+15551234567" --text "On my way!"
+# { "ok": true, "channel": "imessage", "recipient": "+15551234567" }
 ```
 
 ## Serve mode — least-privilege HTTP gate over a tailnet
@@ -154,6 +148,7 @@ privilege.
                                                 │  /read      (bearer)  │
                                                 │  /resolve   (bearer)  │
                                                 │  POST /label (bearer) │
+                                                │  POST /send  (bearer) │
                                                 │     │                 │
                                                 │     ▼ same gate (api)  │
                                                 │  approved? → text      │
@@ -171,6 +166,7 @@ privilege.
 | `GET /list-new?channel=imessage&since=<min>` | bearer | `{ channel, since_minutes, senders: [{ sender, message_count, latest_at, status, label }] }`. On check failure: `status` is `unknown` and an `error` field describes the failure. **Never message text.** |
 | `GET /check?sender=<addr>&channel=imessage` | bearer | `{ channel, sender, status, label }`. On check failure: HTTP 502 with `{ error }`. |
 | `GET /read?sender=<addr>&channel=imessage&since=<min>` | bearer | `{ sender, channel, status, since_minutes, messages }` **only if approved**; otherwise `403 { error: "Sender not approved. No messages for you.", status }`. On check failure: HTTP 502 with `{ error }`. |
+| `POST /send` body `{ recipient, channel, text }` | bearer | Send an outbound message. **Never gated** — you can always send to anyone. Returns `{ ok: true, channel, recipient }` on success. |
 | `GET /resolve?name=<q>&channel=imessage` | bearer | `{ channel, query, matches: [{ sender_address, label, status }] }`. Empty/omitted `name` returns every labelled sender. **Never message text.** |
 | `POST /label` body `{ sender, channel, name }` | bearer | Set a sender's display label via an UPDATE-only web endpoint. **Cannot create a row or change `status`**, so it cannot open the gate. 404 if the sender is not on the list yet. |
 
@@ -190,9 +186,10 @@ params → `400`. Unsupported methods → `405`.
 - **Read-only surface.** No shell, no arbitrary file reads, no path traversal —
   only the same channel adapters the CLI uses. Params are validated
   (`channel`/`sender` charset-checked, `since` clamped to ≤ 7 days).
-- **Same gate.** `/read` calls the server list API (`api.ts`) *before* touching
-  any text — identical to `snazi read`. The gate is the product; it is not
-  bypassed.
+- **Same gate for reading.** `/read` calls the server list API (`api.ts`) *before*
+  touching any text — identical to `snazi read`. The gate is the product; it is
+  not bypassed. **Sending is never gated** — `/send` and `snazi send` work for
+  any recipient.
 - **No storage.** Content is read live from `chat.db` and returned in the
   response only. Nothing is persisted on either side.
 
@@ -251,6 +248,7 @@ snazi remote-status
 snazi remote-list-new --since 120
 snazi remote-check "+15551234567" --channel imessage
 snazi remote-read  "+15551234567"
+snazi remote-send  "+15551234567" --text "On my way!"
 snazi remote-resolve "Dan" --channel imessage
 snazi remote-label "+15551234567" --name "Dan" --channel imessage
 ```
@@ -268,6 +266,8 @@ curl -s -H "Authorization: Bearer $TOKEN" "$BASE/read?sender=%2B15551234567&chan
 curl -s -H "Authorization: Bearer $TOKEN" "$BASE/resolve?name=Dan&channel=imessage"
 curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
   -d '{"sender":"+15551234567","channel":"imessage","name":"Dan"}' "$BASE/label"
+curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
+  -d '{"recipient":"+15551234567","channel":"imessage","text":"On my way!"}' "$BASE/send"
 # Unknown/denied sender on /read → 403 { "error": "Sender not approved. No messages for you.", ... }
 ```
 

package/dist/address.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.normalizeAddress = normalizeAddress;
+exports.validateRecipientAddress = validateRecipientAddress;
 /**
  * Normalize a sender address so the SAME person resolves to the SAME row
  * whether they were added via the dashboard, a /decide link, the CLI, or read
@@ -59,3 +60,32 @@ function normalizeAddress(raw) {
 function defaultCountryCode() {
     return (process.env.SNAZI_DEFAULT_COUNTRY_CODE ?? '1').replace(/\D/g, '');
 }
+/**
+ * Validate and normalize a recipient address for outbound send.
+ * Phone numbers must normalize to E.164; emails must look like emails.
+ * Throws with a clear message on invalid input.
+ */
+function validateRecipientAddress(raw) {
+    const original = String(raw ?? '').trim();
+    if (!original) {
+        throw new Error('Missing recipient.');
+    }
+    const normalized = normalizeAddress(raw);
+    if (!normalized) {
+        throw new Error('Missing recipient.');
+    }
+    if (normalized.includes('@')) {
+        if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(normalized)) {
+            throw new Error('Invalid email address.');
+        }
+        return normalized;
+    }
+    if (!normalized.startsWith('+')) {
+        throw new Error('Invalid recipient. Use a phone number (+15551234567) or email address.');
+    }
+    // E.164: + followed by 7–15 digits (country code never starts with 0).
+    if (!/^\+[1-9]\d{6,14}$/.test(normalized)) {
+        throw new Error('Invalid phone number. Use E.164 (+15551234567) or a 10-digit national number.');
+    }
+    return normalized;
+}

package/dist/channels/imessage.js

@@ -44,4 +44,15 @@ exports.imessageAdapter = {
     readMessagesFrom(sender, sinceMinutes) {
         return chatdb().readMessagesFrom(sender, sinceMinutes);
     },
+    sendAvailability() {
+        // Lazy require keeps non-macOS installs free of send-side deps at import time.
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        const send = require('../imessage-send');
+        return send.probeSendAvailability();
+    },
+    sendMessage(recipient, text) {
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        const send = require('../imessage-send');
+        send.sendIMessage(recipient, text);
+    },
 };

package/dist/channels/index.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAdapter = getAdapter;
 exports.listAdapters = listAdapters;
 exports.resolveReadableAdapter = resolveReadableAdapter;
+exports.resolveSendableAdapter = resolveSendableAdapter;
 const imessage_1 = require("./imessage");
 const ADAPTERS = new Map([imessage_1.imessageAdapter].map((a) => [a.id, a]));
 /** Look up a registered adapter by channel id, or undefined. */
@@ -37,3 +38,29 @@ function resolveReadableAdapter(channel) {
     }
     return { adapter };
 }
+/**
+ * Resolve a channel id to an adapter that can SEND on this host.
+ * Never throws. Sending is never gated by the approval list.
+ */
+function resolveSendableAdapter(channel) {
+    const adapter = getAdapter(channel);
+    if (!adapter) {
+        const known = listAdapters()
+            .map((a) => a.id)
+            .join(', ');
+        return {
+            error: `Unknown channel '${channel}'. Known channels: ${known || '(none)'}.`,
+        };
+    }
+    if (!adapter.sendMessage) {
+        return { error: `Channel '${channel}' does not support sending.` };
+    }
+    const availability = adapter.sendAvailability?.() ?? { available: true };
+    if (!availability.available) {
+        const detail = availability.detail ? ` ${availability.detail}` : '';
+        return {
+            error: `Channel '${channel}' cannot send on this machine: ${availability.reason ?? 'unavailable'}.${detail}`,
+        };
+    }
+    return { adapter };
+}

package/dist/cli.js

@@ -11,6 +11,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
  * - doctor   : diagnose Node, config, connectivity, and per-channel access.
  * - list-new : reveals WHO sent recent messages + their approval status. Never WHAT.
  * - read     : reveals message TEXT for ONE sender, but ONLY if approved by the server.
+ * - send     : sends a message to ANY recipient (never gated).
  * - check    : prints a single sender's approval status.
  * - channels : list/add configured channels + show adapter availability here.
  * - status   : prints config + platform + server connectivity.
@@ -165,6 +166,41 @@ async function cmdCheck(args) {
         return 1;
     }
 }
+async function cmdSend(args) {
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const rawRecipient = positionals[0];
+    const text = flag(args, '--text');
+    if (!rawRecipient || text == null) {
+        out({
+            error: 'Usage: snazi send <recipient> --text <message> [--channel <id>]',
+        });
+        return 2;
+    }
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    let target;
+    try {
+        target = (0, address_1.validateRecipientAddress)(rawRecipient);
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 2;
+    }
+    // Sending is NEVER gated — the soup nazi only blocks reading.
+    const { adapter, error } = (0, channels_1.resolveSendableAdapter)(channel);
+    if (!adapter?.sendMessage) {
+        out({ error });
+        return 1;
+    }
+    try {
+        adapter.sendMessage(target, text);
+        out({ ok: true, channel, recipient: target });
+        return 0;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
 async function cmdCache(args) {
     const sub = args[0];
     if (sub === 'clear') {
@@ -378,6 +414,36 @@ async function cmdRemoteLabel(args) {
         return 1;
     }
 }
+async function cmdRemoteSend(args) {
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const rawRecipient = positionals[0];
+    const text = flag(args, '--text');
+    if (!rawRecipient || text == null) {
+        out({
+            error: 'Usage: snazi remote-send <recipient> --text <message> [--channel <id>]',
+        });
+        return 2;
+    }
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    let target;
+    try {
+        target = (0, address_1.validateRecipientAddress)(rawRecipient);
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 2;
+    }
+    const cfg = (0, config_1.loadConfig)();
+    try {
+        const { status, json } = await (0, client_1.remoteSend)(cfg, target, channel, text);
+        out(json);
+        return status >= 200 && status < 300 ? 0 : 1;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
 async function cmdRemoteStatus() {
     const cfg = (0, config_1.loadConfig)();
     try {
@@ -415,6 +481,7 @@ Setup:
 Usage:
   snazi list-new [--channel <id>] [--since <minutes>]   Show WHO messaged + approval status (default 60m)
   snazi read <sender> [--channel <id>] [--since <min>]  Show message text — only if sender is approved
+  snazi send <recipient> --text <message> [--channel <id>]  Send a message (never gated)
   snazi check <sender> --channel <id>                   Print one sender's approval status
   snazi channels list                                   List configured channels + adapter availability here
   snazi channels add <channel>                          Add a channel (e.g. imessage)
@@ -430,7 +497,7 @@ Approvals are READ-ONLY here: approve/deny a sender in the web dashboard or via
 a signed /decide link. The config token is a per-account READ token.
 
 Serve mode (least-privilege HTTP gate for a remote agent over a tailnet):
-  snazi serve [--bind <ip>] [--port <n>]                Start read-only HTTP gate (/health,/list-new,/check,/read)
+  snazi serve [--bind <ip>] [--port <n>]                Start HTTP gate (/health,/list-new,/check,/read,POST /send)
   snazi serve --install-daemon [--bind <ip>] [--port <n>]  Install the launchd LaunchAgent (RunAtLoad/KeepAlive)
 
 Remote client (the trusted agent side, calls a remote 'snazi serve'):
@@ -438,12 +505,13 @@ Remote client (the trusted agent side, calls a remote 'snazi serve'):
   snazi remote-list-new [--channel <id>] [--since <min>]  WHO messaged on the remote host + status
   snazi remote-check <sender> --channel <id>            One sender's status (remote)
   snazi remote-read <sender> [--channel <id>] [--since <min>]  Message text (remote) — only if approved
+  snazi remote-send <recipient> --text <msg> [--channel <id>]  Send a message (remote; never gated)
   snazi remote-resolve [<name>] [--channel <id>]        Resolve a name → sender address(es) (empty = address book)
   snazi remote-label <sender> --name <name> [--channel <id>]  Set a sender's display name (label only; cannot open the gate)
 
 The server manages an approve/deny list only. It stores no messages.
-serve is READ-ONLY (no approve/deny over HTTP), bearer-token protected, and
-binds the tailnet IP (100.x) or 127.0.0.1 — never 0.0.0.0.`);
+Reading is gated; sending is not. serve binds the tailnet IP (100.x) or
+127.0.0.1 — never 0.0.0.0.`);
 }
 async function main() {
     const argv = process.argv.slice(2);
@@ -463,6 +531,9 @@ async function main() {
         case 'read':
             code = await cmdRead(rest);
             break;
+        case 'send':
+            code = await cmdSend(rest);
+            break;
         case 'check':
             code = await cmdCheck(rest);
             break;
@@ -484,6 +555,9 @@ async function main() {
         case 'remote-read':
             code = await cmdRemoteRead(rest);
             break;
+        case 'remote-send':
+            code = await cmdRemoteSend(rest);
+            break;
         case 'remote-check':
             code = await cmdRemoteCheck(rest);
             break;

package/dist/client.js

@@ -5,6 +5,7 @@ exports.remoteRead = remoteRead;
 exports.remoteResolve = remoteResolve;
 exports.remoteLabel = remoteLabel;
 exports.remoteCheck = remoteCheck;
+exports.remoteSend = remoteSend;
 exports.remoteHealth = remoteHealth;
 const NO_STORE = { cache: 'no-store' };
 function remoteBase(cfg) {
@@ -88,6 +89,11 @@ async function remoteCheck(cfg, sender, channel) {
     const q = `/check?sender=${encodeURIComponent(sender)}&channel=${encodeURIComponent(channel)}`;
     return getJson(url, token, q);
 }
+/** Remote equivalent of `snazi send` (never gated). */
+async function remoteSend(cfg, recipient, channel, text) {
+    const { url, token } = remoteBase(cfg);
+    return postJson(url, token, '/send', { recipient, channel, text });
+}
 /** Connectivity probe against a remote serve `/health`. */
 async function remoteHealth(cfg) {
     if (!cfg.remoteUrl) {

package/dist/doctor.js

@@ -62,15 +62,21 @@ async function runDoctor() {
             };
         }
         const av = adapter.availability();
+        const sendAv = adapter.sendAvailability?.();
         if (!av.available) {
             warnings.push(`Channel '${id}' is not readable locally: ${av.reason}`);
         }
+        if (adapter.sendMessage && sendAv && !sendAv.available) {
+            warnings.push(`Channel '${id}' cannot send locally: ${sendAv.reason}`);
+        }
         return {
             id,
             known: true,
             available: av.available,
             reason: av.reason ?? null,
             detail: av.detail ?? null,
+            send_available: sendAv?.available ?? null,
+            send_reason: sendAv?.reason ?? null,
         };
     });
     const report = {

package/dist/imessage-send.js

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_MESSAGE_LEN = void 0;
+exports.escapeAppleScriptString = escapeAppleScriptString;
+exports.probeSendAvailability = probeSendAvailability;
+exports.sendIMessage = sendIMessage;
+/**
+ * Send iMessage via Messages.app (macOS only).
+ *
+ * Outbound messages are NEVER gated by the approval list — the soup nazi only
+ * blocks reading. Sending uses AppleScript (`osascript`) and does not require
+ * Full Disk Access to chat.db; it may require Automation permission for Messages.
+ */
+const child_process_1 = require("child_process");
+const address_1 = require("./address");
+exports.MAX_MESSAGE_LEN = 10000;
+/** Escape a string for embedding in an AppleScript double-quoted literal. */
+function escapeAppleScriptString(s) {
+    return s.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+}
+const AUTOMATION_HINT = 'Grant Automation permission for Messages in System Settings > Privacy & ' +
+    'Security > Automation (or allow the terminal/node to control Messages).';
+/** Can iMessage be sent from this host right now? */
+function probeSendAvailability() {
+    if (process.platform !== 'darwin') {
+        return {
+            available: false,
+            reason: `iMessage can only be sent on macOS (this host is ${process.platform}).`,
+        };
+    }
+    try {
+        const out = (0, child_process_1.execFileSync)('osascript', ['-e', 'application "Messages" exists'], { encoding: 'utf8', timeout: 5000 }).trim();
+        if (out !== 'true') {
+            return {
+                available: false,
+                reason: 'Messages.app is not installed on this Mac.',
+            };
+        }
+        return { available: true };
+    }
+    catch (e) {
+        return {
+            available: false,
+            reason: `Cannot reach Messages.app: ${String(e instanceof Error ? e.message : e)}`,
+            detail: AUTOMATION_HINT,
+        };
+    }
+}
+/**
+ * Send one iMessage. Throws on validation or delivery failure.
+ * Never checks the approval list — sending is always allowed.
+ */
+function sendIMessage(rawRecipient, text) {
+    const recipient = (0, address_1.validateRecipientAddress)(rawRecipient);
+    if (recipient.length > 128) {
+        throw new Error('Recipient too long.');
+    }
+    const body = String(text ?? '');
+    if (!body.trim()) {
+        throw new Error('Missing message text.');
+    }
+    if (body.length > exports.MAX_MESSAGE_LEN) {
+        throw new Error(`Message too long (max ${exports.MAX_MESSAGE_LEN} characters).`);
+    }
+    // Block control chars (except common whitespace) to keep logs/terminals safe.
+    // eslint-disable-next-line no-control-regex
+    if (/[\u0000-\u0008\u000b\u000c\u000e-\u001f\u007f]/.test(body)) {
+        throw new Error('Invalid message text.');
+    }
+    if (process.platform !== 'darwin') {
+        throw new Error(`iMessage can only be sent on macOS (this host is ${process.platform}).`);
+    }
+    const escapedRecipient = escapeAppleScriptString(recipient);
+    const escapedText = escapeAppleScriptString(body);
+    const script = [
+        'tell application "Messages"',
+        '  set targetService to 1st service whose service type = iMessage',
+        `  set targetBuddy to participant "${escapedRecipient}" of targetService`,
+        `  send "${escapedText}" to targetBuddy`,
+        'end tell',
+    ].join('\n');
+    try {
+        (0, child_process_1.execFileSync)('osascript', ['-e', script], { encoding: 'utf8', timeout: 30000 });
+    }
+    catch (e) {
+        const msg = String(e instanceof Error ? e.message : e);
+        if (/Not authorized|(-1743)/.test(msg)) {
+            throw new Error(`Messages automation denied. ${AUTOMATION_HINT}`);
+        }
+        throw new Error(`Send failed: ${msg}`);
+    }
+}

package/dist/server.js

@@ -53,6 +53,7 @@ exports.startServer = startServer;
  *   GET  /check?sender&channel       -> { status, label }           (bearer)
  *   GET  /resolve?name&channel       -> name->address address book   (bearer)
  *   POST /label {sender,channel,name}-> set a sender's display label (bearer)
+ *   POST /send  {recipient,channel,text} -> send a message (bearer, never gated)
  *
  * It REUSES the same gate (api.ts) and the same DB reader (chatdb.ts) as the
  * CLI. There is no approve/deny here — APPROVAL mutations stay CLI/dashboard-
@@ -68,6 +69,7 @@ const api_1 = require("./api");
 const cache_1 = require("./cache");
 const channels_1 = require("./channels");
 const address_1 = require("./address");
+const imessage_send_1 = require("./imessage-send");
 // Read version without importing JSON at compile time (keeps build simple).
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const VERSION = (() => {
@@ -96,6 +98,8 @@ const SENDER_RE = /^[A-Za-z0-9_.+@-]+$/;
 // packages/web/src/app/api/senders/label/route.ts (MAX_LABEL_LEN, LABEL_CTRL_RE).
 // eslint-disable-next-line no-control-regex
 const NAME_CTRL_RE = /[\u0000-\u001f\u007f]/;
+// eslint-disable-next-line no-control-regex
+const TEXT_CTRL_RE = /[\u0000-\u0008\u000b\u000c\u000e-\u001f\u007f]/;
 /**
  * Find this host's Tailscale IP (CGNAT range 100.64.0.0/10) if present.
  * Returns undefined if not on a tailnet.
@@ -209,6 +213,26 @@ function parseName(v, allowEmpty = false) {
         throw new Error('Invalid name.');
     return n;
 }
+function parseRecipient(v) {
+    const raw = (v ?? '').trim();
+    if (!raw)
+        throw new Error('Missing recipient.');
+    if (raw.length > MAX_SENDER_LEN)
+        throw new Error('Recipient too long.');
+    if (!SENDER_RE.test(raw))
+        throw new Error('Invalid recipient.');
+    return (0, address_1.validateRecipientAddress)(raw);
+}
+function parseText(v) {
+    const t = String(v ?? '');
+    if (!t.trim())
+        throw new Error('Missing text.');
+    if (t.length > imessage_send_1.MAX_MESSAGE_LEN)
+        throw new Error('Text too long.');
+    if (TEXT_CTRL_RE.test(t))
+        throw new Error('Invalid text.');
+    return t;
+}
 /** Read a request body with a hard size cap (fails closed on overflow). */
 function readBody(req, maxBytes) {
     return new Promise((resolve, reject) => {
@@ -368,6 +392,38 @@ async function handleLabel(cfg, rawBody) {
         return { status: code, body: { error: `Label failed: ${msg}` } };
     }
 }
+/**
+ * POST /send  body: { recipient, channel, text }
+ * Sends an outbound message. NEVER gated by the approval list — the soup nazi
+ * only blocks reading.
+ */
+async function handleSend(_cfg, rawBody) {
+    let parsed;
+    try {
+        parsed = JSON.parse(rawBody || '{}');
+    }
+    catch {
+        return { status: 400, body: { error: 'Invalid JSON body.' } };
+    }
+    const b = (parsed ?? {});
+    const recipient = parseRecipient(typeof b.recipient === 'string' ? b.recipient : null);
+    const channel = parseChannel(typeof b.channel === 'string' ? b.channel : null);
+    const text = parseText(typeof b.text === 'string' ? b.text : null);
+    const { adapter, error } = (0, channels_1.resolveSendableAdapter)(channel);
+    if (!adapter?.sendMessage) {
+        return { status: 501, body: { error } };
+    }
+    try {
+        adapter.sendMessage(recipient, text);
+        return { status: 200, body: { ok: true, channel, recipient } };
+    }
+    catch (e) {
+        return {
+            status: 502,
+            body: { error: String(e instanceof Error ? e.message : e) },
+        };
+    }
+}
 /** Build (but do not start) the HTTP server. Exposed for tests. */
 function createServer(cfg) {
     const token = cfg.serveToken ?? '';
@@ -383,23 +439,25 @@ function createServer(cfg) {
                 if (method === 'GET' && pathname === '/health') {
                     return sendJson(res, 200, { ok: true, version: VERSION });
                 }
-                // Only GET (reads) and POST /label (the single non-privileged write)
-                // are allowed on this surface.
+                // Only GET (reads) and POST /label, POST /send are allowed on this surface.
                 if (method !== 'GET' && method !== 'POST') {
                     return sendJson(res, 405, { error: 'Method not allowed.' });
                 }
-                // Everything past /health requires a valid bearer token — including the
-                // POST /label write.
+                // Everything past /health requires a valid bearer token — including writes.
                 if (!bearerOk(req.headers['authorization'], token)) {
                     res.setHeader('www-authenticate', 'Bearer');
                     return sendJson(res, 401, { error: 'Unauthorized.' });
                 }
                 if (method === 'POST') {
+                    const rawBody = await readBody(req, MAX_BODY_BYTES);
                     if (pathname === '/label') {
-                        const rawBody = await readBody(req, MAX_BODY_BYTES);
                         const r = await handleLabel(cfg, rawBody);
                         return sendJson(res, r.status, r.body);
                     }
+                    if (pathname === '/send') {
+                        const r = await handleSend(cfg, rawBody);
+                        return sendJson(res, r.status, r.body);
+                    }
                     return sendJson(res, 404, { error: 'Not found.' });
                 }
                 switch (pathname) {
@@ -451,11 +509,11 @@ async function startServer(cfg, opts) {
     const onTailnet = bind.startsWith('100.') || bind === detectTailscaleIp();
     console.error(JSON.stringify({
         ok: true,
-        msg: 'snazi serve listening (read-only gate)',
+        msg: 'snazi serve listening (gated read + ungated send)',
         bind,
         port,
         version: VERSION,
-        surface: ['/health', '/list-new', '/check', '/read', '/resolve', 'POST /label'],
+        surface: ['/health', '/list-new', '/check', '/read', '/resolve', 'POST /label', 'POST /send'],
         reachable_on: bind === '127.0.0.1'
             ? 'loopback only (front with `tailscale serve` for tailnet access)'
             : onTailnet

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chipallen2/snazi",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "On-demand local gate for your messages. Reveals WHO contacted you; only reveals WHAT for approved senders. iMessage today, pluggable channels next.",
   "license": "MIT",
   "homepage": "https://snazi.dev",
@@ -39,7 +39,10 @@
     "build": "tsc",
     "start": "node dist/cli.js",
     "prepare": "npm run build",
-    "test": "npm run build && node test/address.test.cjs && node test/cache.test.cjs && node test/both-sides.test.cjs && node test/serve-names.test.cjs && node test/channels.test.cjs"
+    "test": "npm run build && node test/address.test.cjs && node test/cache.test.cjs && node test/both-sides.test.cjs && node test/serve-names.test.cjs && node test/channels.test.cjs && node test/send.test.cjs",
+    "release:patch": "npm version patch -m \"release: v%s\" && git push --follow-tags",
+    "release:minor": "npm version minor -m \"release: v%s\" && git push --follow-tags",
+    "release:major": "npm version major -m \"release: v%s\" && git push --follow-tags"
   },
   "optionalDependencies": {
     "better-sqlite3": "^11.3.0"