@chipallen2/snazi 0.1.0 → 0.2.0

package/README.md

@@ -40,32 +40,18 @@ cannot approve a sender or reveal content for a non-approved one.
 
 ## Install
 
-> **Not on npm yet.** Install from source (below). Once published,
-> `npm install -g snazi` becomes the one-liner.
-
-### From source (works today)
-
 macOS, Windows, or Linux (Node 18+):
 
 ```bash
-git clone https://github.com/chipallen2/snazi.git
-cd snazi/packages/snazi
-./install.sh        # npm install + build, links `snazi` onto your PATH
-```
-
-On Windows (no bash), run this instead of `./install.sh`:
-
-```bash
-npm install && npm run build && npm link
-```
-
-Then configure and verify — no hand-edited JSON:
-
-```bash
+npm install -g @chipallen2/snazi
 snazi init          # writes ~/.snazi/config.json (deployment URL + READ token)
 snazi doctor        # checks Node, config, connectivity, and channel access
 ```
 
+> The npm package is **scoped** (`@chipallen2/snazi`) but the command you run is
+> just `snazi`. (The bare name `snazi` was too close to an existing npm package
+> to publish unscoped.)
+
 `snazi init` asks for two things: your **deployment URL** (default
 `https://snazi.dev`) and your **account READ token** (sign up at `/signup`, then
 copy it from the `/account` page). There is **no admin key** — approvals happen
@@ -79,10 +65,13 @@ snazi init --api-url https://snazi.dev --token <READ_TOKEN> --yes
 your terminal (or the `node` binary) in System Settings → Privacy & Security →
 Full Disk Access. `snazi doctor` flags it if missing.
 
-### Once published to npm
+### From source (contributors)
 
 ```bash
-npm install -g snazi
+git clone https://github.com/chipallen2/snazi.git
+cd snazi/packages/snazi
+./install.sh        # npm install + build, links `snazi` onto your PATH
+                    # Windows (no bash): npm install && npm run build && npm link
 snazi init && snazi doctor
 ```
 
@@ -92,9 +81,10 @@ snazi init && snazi doctor
 | --- | --- |
 | `snazi init [--api-url <url>] [--token <tok>] [--channel <id>]` | Create or update `~/.snazi/config.json`. |
 | `snazi doctor` | Diagnose Node, config, connectivity, and channel access. |
-| `snazi list-new [--channel <id>] [--since <min>] [--fresh]` | Distinct inbound senders, counts, timestamps, approval status, and display label. **No text.** Default window 60 min. |
+| `snazi list-new [--channel <id>] [--since <min>] [--fresh]` | Distinct inbound senders, counts, timestamps, approval status, display label, and local Contacts `contact_name`. **No text.** Default window 60 min. |
 | `snazi read <sender> [--channel <id>] [--since <min>] [--fresh]` | Message text for one sender — **only if approved**. Otherwise errors with `No messages for you.` |
-| `snazi check <sender> --channel <id> [--fresh]` | One sender's approval status and display label (`approved`/`denied`/`unknown`). |
+| `snazi send <recipient> --text <message> [--channel <id>]` | Send a message. **Never gated** — you can always send to anyone. |
+| `snazi check <sender> --channel <id> [--fresh]` | One sender's approval status, display label, and local Contacts `contact_name` (`approved`/`denied`/`unknown`). |
 | `snazi channels list` | Configured channels plus adapter availability on this machine. |
 | `snazi channels add <channel>` | Add a channel (e.g. `snazi channels add imessage`). |
 | `snazi cache clear` | Drop cached approval statuses (force fresh checks after a revocation). |
@@ -105,6 +95,7 @@ snazi init && snazi doctor
 | `snazi remote-list-new [--channel <id>] [--since <min>]` | WHO messaged on the remote host + status + label. |
 | `snazi remote-check <sender> --channel <id>` | One sender's status and label, via remote serve. |
 | `snazi remote-read <sender> [--channel <id>] [--since <min>]` | Message text via remote serve — only if approved. |
+| `snazi remote-send <recipient> --text <message> [--channel <id>]` | Send a message via remote serve — never gated. |
 | `snazi remote-resolve [<name>] --channel <id>` | Resolve a name → sender address(es). Empty name = full address book. |
 | `snazi remote-label <sender> --name <name> --channel <id>` | Set a sender's display label (UPDATE-only; cannot open the gate). |
 
@@ -119,7 +110,8 @@ right after you revoke someone.
 snazi list-new --since 180
 # [
 #   { "sender": "+15551234567", "message_count": 3,
-#     "latest_at": "2026-06-23T22:10:04.000Z", "status": "unknown", "label": null }
+#     "latest_at": "2026-06-23T22:10:04.000Z", "status": "unknown",
+#     "label": null, "contact_name": "Jenny Tutone" }
 # ]
 
 snazi read "+15551234567"
@@ -134,6 +126,9 @@ curl -s -H "x-api-key: $READ_TOKEN" \
 snazi read "+15551234567"
 # { "sender": "+15551234567", "status": "approved", "since_minutes": 60,
 #   "messages": [ { "date": "...", "text": "hey are we still on for lunch?" } ] }
+
+snazi send "+15551234567" --text "On my way!"
+# { "ok": true, "channel": "imessage", "recipient": "+15551234567" }
 ```
 
 ## Serve mode — least-privilege HTTP gate over a tailnet
@@ -154,6 +149,7 @@ privilege.
                                                 │  /read      (bearer)  │
                                                 │  /resolve   (bearer)  │
                                                 │  POST /label (bearer) │
+                                                │  POST /send  (bearer) │
                                                 │     │                 │
                                                 │     ▼ same gate (api)  │
                                                 │  approved? → text      │
@@ -168,16 +164,42 @@ privilege.
 | Method + path | Auth | Returns |
 | --- | --- | --- |
 | `GET /health` | none | `{ ok: true, version }` — connectivity probe only, no data. |
-| `GET /list-new?channel=imessage&since=<min>` | bearer | `{ channel, since_minutes, senders: [{ sender, message_count, latest_at, status, label }] }`. On check failure: `status` is `unknown` and an `error` field describes the failure. **Never message text.** |
-| `GET /check?sender=<addr>&channel=imessage` | bearer | `{ channel, sender, status, label }`. On check failure: HTTP 502 with `{ error }`. |
-| `GET /read?sender=<addr>&channel=imessage&since=<min>` | bearer | `{ sender, channel, status, since_minutes, messages }` **only if approved**; otherwise `403 { error: "Sender not approved. No messages for you.", status }`. On check failure: HTTP 502 with `{ error }`. |
-| `GET /resolve?name=<q>&channel=imessage` | bearer | `{ channel, query, matches: [{ sender_address, label, status }] }`. Empty/omitted `name` returns every labelled sender. **Never message text.** |
+| `GET /list-new?channel=imessage&since=<min>` | bearer | `{ channel, since_minutes, senders: [{ sender, message_count, latest_at, status, label, contact_name }] }`. On check failure: `status` is `unknown` and an `error` field describes the failure. **Never message text.** |
+| `GET /check?sender=<addr>&channel=imessage` | bearer | `{ channel, sender, status, label, contact_name }`. On check failure: HTTP 502 with `{ error }`. |
+| `GET /read?sender=<addr>&channel=imessage&since=<min>` | bearer | `{ sender, channel, status, since_minutes, contact_name, messages }` **only if approved**; otherwise `403 { error: "Sender not approved. No messages for you.", status }`. On check failure: HTTP 502 with `{ error }`. |
+| `POST /send` body `{ recipient, channel, text }` | bearer | Send an outbound message. **Never gated** — you can always send to anyone. Returns `{ ok: true, channel, recipient }` on success. |
+| `GET /resolve?name=<q>&channel=imessage` | bearer | `{ channel, query, matches: [{ sender_address, label, status, contact_name }] }`. Empty/omitted `name` returns every labelled sender. **Never message text.** |
 | `POST /label` body `{ sender, channel, name }` | bearer | Set a sender's display label via an UPDATE-only web endpoint. **Cannot create a row or change `status`**, so it cannot open the gate. 404 if the sender is not on the list yet. |
 
 There is **no `approve`/`deny` over HTTP**. Approvals stay dashboard/`/decide`-only.
 `POST /label` is the only write — label metadata only. Unknown path → `404`. Bad
 params → `400`. Unsupported methods → `405`.
 
+### `contact_name` — local macOS Contacts enrichment (display only)
+
+`/list-new`, `/check`, `/resolve` (and the `200` body of `/read`) include a
+`contact_name` for each sender: the matching name from the serve host's **local
+macOS Contacts** (AddressBook), looked up by phone/email. It is attached for
+**every** sender **regardless of approval status**, so you can see *who* an
+`unknown`/`denied` caller is without reading their messages.
+
+- **Display-only, never a gate.** `contact_name` **never** affects `status`,
+  approval, or the read gate. Reading is still allowed **solely** when
+  `status === 'approved'` — a known contact name does **not** open the gate.
+- **Separate from `label`.** `label` = the name you set on your snazi.dev
+  account (privileged). `contact_name` = read locally from macOS Contacts. Both
+  fields are kept separate in the JSON; `null` when there's no match.
+- **Untrusted text.** A contact name is stripped of control characters and
+  length-capped (≤64) before it's ever returned — it can't carry a
+  terminal/log-injection payload.
+- **Degrades silently.** If Contacts is unreadable (no permission, non-macOS,
+  native module missing), `contact_name` is simply `null` and nothing breaks.
+
+**Contacts access on the serve host.** Reading the AddressBook DB needs the node
+binary to have **Contacts** access (or **Full Disk Access**, which already
+covers the AddressBook database). Full Disk Access is the simplest option since
+you already grant it for iMessage; without it `contact_name` just stays `null`.
+
 ### Security model
 
 - **Tailnet-only.** Default bind is this host's Tailscale IP (`100.64.0.0/10`) if
@@ -190,9 +212,10 @@ params → `400`. Unsupported methods → `405`.
 - **Read-only surface.** No shell, no arbitrary file reads, no path traversal —
   only the same channel adapters the CLI uses. Params are validated
   (`channel`/`sender` charset-checked, `since` clamped to ≤ 7 days).
-- **Same gate.** `/read` calls the server list API (`api.ts`) *before* touching
-  any text — identical to `snazi read`. The gate is the product; it is not
-  bypassed.
+- **Same gate for reading.** `/read` calls the server list API (`api.ts`) *before*
+  touching any text — identical to `snazi read`. The gate is the product; it is
+  not bypassed. **Sending is never gated** — `/send` and `snazi send` work for
+  any recipient.
 - **No storage.** Content is read live from `chat.db` and returned in the
   response only. Nothing is persisted on either side.
 
@@ -251,6 +274,7 @@ snazi remote-status
 snazi remote-list-new --since 120
 snazi remote-check "+15551234567" --channel imessage
 snazi remote-read  "+15551234567"
+snazi remote-send  "+15551234567" --text "On my way!"
 snazi remote-resolve "Dan" --channel imessage
 snazi remote-label "+15551234567" --name "Dan" --channel imessage
 ```
@@ -268,6 +292,8 @@ curl -s -H "Authorization: Bearer $TOKEN" "$BASE/read?sender=%2B15551234567&chan
 curl -s -H "Authorization: Bearer $TOKEN" "$BASE/resolve?name=Dan&channel=imessage"
 curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
   -d '{"sender":"+15551234567","channel":"imessage","name":"Dan"}' "$BASE/label"
+curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
+  -d '{"recipient":"+15551234567","channel":"imessage","text":"On my way!"}' "$BASE/send"
 # Unknown/denied sender on /read → 403 { "error": "Sender not approved. No messages for you.", ... }
 ```
 

package/dist/address.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.normalizeAddress = normalizeAddress;
+exports.validateRecipientAddress = validateRecipientAddress;
 /**
  * Normalize a sender address so the SAME person resolves to the SAME row
  * whether they were added via the dashboard, a /decide link, the CLI, or read
@@ -59,3 +60,32 @@ function normalizeAddress(raw) {
 function defaultCountryCode() {
     return (process.env.SNAZI_DEFAULT_COUNTRY_CODE ?? '1').replace(/\D/g, '');
 }
+/**
+ * Validate and normalize a recipient address for outbound send.
+ * Phone numbers must normalize to E.164; emails must look like emails.
+ * Throws with a clear message on invalid input.
+ */
+function validateRecipientAddress(raw) {
+    const original = String(raw ?? '').trim();
+    if (!original) {
+        throw new Error('Missing recipient.');
+    }
+    const normalized = normalizeAddress(raw);
+    if (!normalized) {
+        throw new Error('Missing recipient.');
+    }
+    if (normalized.includes('@')) {
+        if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(normalized)) {
+            throw new Error('Invalid email address.');
+        }
+        return normalized;
+    }
+    if (!normalized.startsWith('+')) {
+        throw new Error('Invalid recipient. Use a phone number (+15551234567) or email address.');
+    }
+    // E.164: + followed by 7–15 digits (country code never starts with 0).
+    if (!/^\+[1-9]\d{6,14}$/.test(normalized)) {
+        throw new Error('Invalid phone number. Use E.164 (+15551234567) or a 10-digit national number.');
+    }
+    return normalized;
+}

package/dist/channels/imessage.js

@@ -44,4 +44,15 @@ exports.imessageAdapter = {
     readMessagesFrom(sender, sinceMinutes) {
         return chatdb().readMessagesFrom(sender, sinceMinutes);
     },
+    sendAvailability() {
+        // Lazy require keeps non-macOS installs free of send-side deps at import time.
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        const send = require('../imessage-send');
+        return send.probeSendAvailability();
+    },
+    sendMessage(recipient, text) {
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        const send = require('../imessage-send');
+        send.sendIMessage(recipient, text);
+    },
 };

package/dist/channels/index.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAdapter = getAdapter;
 exports.listAdapters = listAdapters;
 exports.resolveReadableAdapter = resolveReadableAdapter;
+exports.resolveSendableAdapter = resolveSendableAdapter;
 const imessage_1 = require("./imessage");
 const ADAPTERS = new Map([imessage_1.imessageAdapter].map((a) => [a.id, a]));
 /** Look up a registered adapter by channel id, or undefined. */
@@ -37,3 +38,29 @@ function resolveReadableAdapter(channel) {
     }
     return { adapter };
 }
+/**
+ * Resolve a channel id to an adapter that can SEND on this host.
+ * Never throws. Sending is never gated by the approval list.
+ */
+function resolveSendableAdapter(channel) {
+    const adapter = getAdapter(channel);
+    if (!adapter) {
+        const known = listAdapters()
+            .map((a) => a.id)
+            .join(', ');
+        return {
+            error: `Unknown channel '${channel}'. Known channels: ${known || '(none)'}.`,
+        };
+    }
+    if (!adapter.sendMessage) {
+        return { error: `Channel '${channel}' does not support sending.` };
+    }
+    const availability = adapter.sendAvailability?.() ?? { available: true };
+    if (!availability.available) {
+        const detail = availability.detail ? ` ${availability.detail}` : '';
+        return {
+            error: `Channel '${channel}' cannot send on this machine: ${availability.reason ?? 'unavailable'}.${detail}`,
+        };
+    }
+    return { adapter };
+}

package/dist/cli.js

@@ -11,6 +11,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
  * - doctor   : diagnose Node, config, connectivity, and per-channel access.
  * - list-new : reveals WHO sent recent messages + their approval status. Never WHAT.
  * - read     : reveals message TEXT for ONE sender, but ONLY if approved by the server.
+ * - send     : sends a message to ANY recipient (never gated).
  * - check    : prints a single sender's approval status.
  * - channels : list/add configured channels + show adapter availability here.
  * - status   : prints config + platform + server connectivity.
@@ -33,6 +34,7 @@ const address_1 = require("./address");
 const api_1 = require("./api");
 const cache_1 = require("./cache");
 const channels_1 = require("./channels");
+const contacts_1 = require("./contacts");
 const server_1 = require("./server");
 const client_1 = require("./client");
 const daemon_1 = require("./daemon");
@@ -84,6 +86,8 @@ async function cmdListNew(args) {
     }
     const senders = adapter.listInboundSenders(since);
     const labels = await (0, api_1.buildLabelMap)(cfg, channel);
+    // Local macOS Contacts enrichment (display-only; best-effort, empty on fail).
+    const contacts = (0, contacts_1.buildContactIndex)();
     const results = [];
     for (const s of senders) {
         let status = 'unknown';
@@ -99,7 +103,10 @@ async function cmdListNew(args) {
             message_count: s.message_count,
             latest_at: s.latest_at,
             status,
+            // `label` = snazi.dev account name; `contact_name` = local Contacts name.
+            // Both kept as SEPARATE fields; contact_name never affects the gate.
             label: labels.get((0, address_1.normalizeAddress)(s.sender)) ?? null,
+            contact_name: contacts.get(s.sender),
         };
         if (checkError)
             entry.error = checkError;
@@ -157,7 +164,44 @@ async function cmdCheck(args) {
         const status = await (0, cache_1.checkSenderCached)(cfg, channel, target, { fresh });
         const labels = await (0, api_1.buildLabelMap)(cfg, channel);
         const label = labels.get(target) ?? null;
-        out({ channel, sender: target, status, label });
+        // Display-only Contacts name; separate field, never gates reading.
+        const contact_name = (0, contacts_1.buildContactIndex)().get(target);
+        out({ channel, sender: target, status, label, contact_name });
+        return 0;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
+async function cmdSend(args) {
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const rawRecipient = positionals[0];
+    const text = flag(args, '--text');
+    if (!rawRecipient || text == null) {
+        out({
+            error: 'Usage: snazi send <recipient> --text <message> [--channel <id>]',
+        });
+        return 2;
+    }
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    let target;
+    try {
+        target = (0, address_1.validateRecipientAddress)(rawRecipient);
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 2;
+    }
+    // Sending is NEVER gated — the soup nazi only blocks reading.
+    const { adapter, error } = (0, channels_1.resolveSendableAdapter)(channel);
+    if (!adapter?.sendMessage) {
+        out({ error });
+        return 1;
+    }
+    try {
+        adapter.sendMessage(target, text);
+        out({ ok: true, channel, recipient: target });
         return 0;
     }
     catch (e) {
@@ -378,6 +422,36 @@ async function cmdRemoteLabel(args) {
         return 1;
     }
 }
+async function cmdRemoteSend(args) {
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const rawRecipient = positionals[0];
+    const text = flag(args, '--text');
+    if (!rawRecipient || text == null) {
+        out({
+            error: 'Usage: snazi remote-send <recipient> --text <message> [--channel <id>]',
+        });
+        return 2;
+    }
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    let target;
+    try {
+        target = (0, address_1.validateRecipientAddress)(rawRecipient);
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 2;
+    }
+    const cfg = (0, config_1.loadConfig)();
+    try {
+        const { status, json } = await (0, client_1.remoteSend)(cfg, target, channel, text);
+        out(json);
+        return status >= 200 && status < 300 ? 0 : 1;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
 async function cmdRemoteStatus() {
     const cfg = (0, config_1.loadConfig)();
     try {
@@ -415,6 +489,7 @@ Setup:
 Usage:
   snazi list-new [--channel <id>] [--since <minutes>]   Show WHO messaged + approval status (default 60m)
   snazi read <sender> [--channel <id>] [--since <min>]  Show message text — only if sender is approved
+  snazi send <recipient> --text <message> [--channel <id>]  Send a message (never gated)
   snazi check <sender> --channel <id>                   Print one sender's approval status
   snazi channels list                                   List configured channels + adapter availability here
   snazi channels add <channel>                          Add a channel (e.g. imessage)
@@ -430,7 +505,7 @@ Approvals are READ-ONLY here: approve/deny a sender in the web dashboard or via
 a signed /decide link. The config token is a per-account READ token.
 
 Serve mode (least-privilege HTTP gate for a remote agent over a tailnet):
-  snazi serve [--bind <ip>] [--port <n>]                Start read-only HTTP gate (/health,/list-new,/check,/read)
+  snazi serve [--bind <ip>] [--port <n>]                Start HTTP gate (/health,/list-new,/check,/read,POST /send)
   snazi serve --install-daemon [--bind <ip>] [--port <n>]  Install the launchd LaunchAgent (RunAtLoad/KeepAlive)
 
 Remote client (the trusted agent side, calls a remote 'snazi serve'):
@@ -438,12 +513,13 @@ Remote client (the trusted agent side, calls a remote 'snazi serve'):
   snazi remote-list-new [--channel <id>] [--since <min>]  WHO messaged on the remote host + status
   snazi remote-check <sender> --channel <id>            One sender's status (remote)
   snazi remote-read <sender> [--channel <id>] [--since <min>]  Message text (remote) — only if approved
+  snazi remote-send <recipient> --text <msg> [--channel <id>]  Send a message (remote; never gated)
   snazi remote-resolve [<name>] [--channel <id>]        Resolve a name → sender address(es) (empty = address book)
   snazi remote-label <sender> --name <name> [--channel <id>]  Set a sender's display name (label only; cannot open the gate)
 
 The server manages an approve/deny list only. It stores no messages.
-serve is READ-ONLY (no approve/deny over HTTP), bearer-token protected, and
-binds the tailnet IP (100.x) or 127.0.0.1 — never 0.0.0.0.`);
+Reading is gated; sending is not. serve binds the tailnet IP (100.x) or
+127.0.0.1 — never 0.0.0.0.`);
 }
 async function main() {
     const argv = process.argv.slice(2);
@@ -463,6 +539,9 @@ async function main() {
         case 'read':
             code = await cmdRead(rest);
             break;
+        case 'send':
+            code = await cmdSend(rest);
+            break;
         case 'check':
             code = await cmdCheck(rest);
             break;
@@ -484,6 +563,9 @@ async function main() {
         case 'remote-read':
             code = await cmdRemoteRead(rest);
             break;
+        case 'remote-send':
+            code = await cmdRemoteSend(rest);
+            break;
         case 'remote-check':
             code = await cmdRemoteCheck(rest);
             break;

package/dist/client.js

@@ -5,6 +5,7 @@ exports.remoteRead = remoteRead;
 exports.remoteResolve = remoteResolve;
 exports.remoteLabel = remoteLabel;
 exports.remoteCheck = remoteCheck;
+exports.remoteSend = remoteSend;
 exports.remoteHealth = remoteHealth;
 const NO_STORE = { cache: 'no-store' };
 function remoteBase(cfg) {
@@ -88,6 +89,11 @@ async function remoteCheck(cfg, sender, channel) {
     const q = `/check?sender=${encodeURIComponent(sender)}&channel=${encodeURIComponent(channel)}`;
     return getJson(url, token, q);
 }
+/** Remote equivalent of `snazi send` (never gated). */
+async function remoteSend(cfg, recipient, channel, text) {
+    const { url, token } = remoteBase(cfg);
+    return postJson(url, token, '/send', { recipient, channel, text });
+}
 /** Connectivity probe against a remote serve `/health`. */
 async function remoteHealth(cfg) {
     if (!cfg.remoteUrl) {

package/dist/contacts.js

@@ -0,0 +1,337 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeContactName = sanitizeContactName;
+exports.addressBookDbPaths = addressBookDbPaths;
+exports.buildContactIndex = buildContactIndex;
+exports.probeContacts = probeContacts;
+/**
+ * macOS Contacts (AddressBook) name enrichment — DISPLAY METADATA ONLY.
+ *
+ * Reads the local macOS AddressBook SQLite DB(s) read-only to build a
+ * Map<normalizedAddress, displayName> so the serve host can attach a
+ * `contact_name` to each sender it reports. This is purely cosmetic.
+ *
+ * SECURITY INVARIANTS (must hold everywhere this module is used):
+ *   1. `contact_name` is DISPLAY-ONLY. It MUST NEVER influence approval
+ *      status, the read gate, or routing. Reading message text stays gated
+ *      solely by `status === 'approved'` over in server.ts/handleRead.
+ *   2. A contact name is UNTRUSTED display text: every name is stripped of
+ *      control characters and length-capped (see sanitizeContactName) exactly
+ *      like the server's parseName/NAME_CTRL_RE handling, so it can never carry
+ *      a terminal/log-injection payload. It is never executed or interpreted.
+ *   3. If Contacts is unavailable (no DB, no permission, better-sqlite3
+ *      missing, or non-macOS) every export DEGRADES to "empty" and NEVER
+ *      throws. The gate keeps working with zero Contacts access.
+ *
+ * This mirrors chatdb.ts: better-sqlite3 (a native module) is required LAZILY
+ * inside functions, and the DB path honors env overrides so tests can point at
+ * a synthetic AddressBook:
+ *   - SNAZI_ADDRESSBOOK_DB  : a single .abcddb file (used directly; tests).
+ *   - SNAZI_ADDRESSBOOK_DIR : base AddressBook dir to scan (defaults to the
+ *                             real ~/Library/Application Support/AddressBook).
+ */
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const fs = __importStar(require("fs"));
+const address_1 = require("./address");
+// Keep in sync with server.ts MAX_NAME_LEN / parseName: a contact name is the
+// same kind of untrusted, length-capped, control-char-free display text.
+const MAX_CONTACT_NAME_LEN = 64;
+// eslint-disable-next-line no-control-regex
+const NAME_CTRL_RE = /[\u0000-\u001f\u007f]/g;
+/**
+ * Sanitize a raw Contacts name into safe display text, or null if there is
+ * nothing usable left. Strips ALL control chars (defends terminal/log
+ * injection) and hard-caps the length. Mirrors the server's name handling —
+ * the difference is we STRIP rather than reject, so one weird contact never
+ * breaks enrichment for everyone else.
+ */
+function sanitizeContactName(raw) {
+    if (raw == null)
+        return null;
+    // Remove control chars first, then collapse surrounding whitespace.
+    const stripped = String(raw).replace(NAME_CTRL_RE, '').trim();
+    if (stripped === '')
+        return null;
+    const capped = stripped.slice(0, MAX_CONTACT_NAME_LEN).trim();
+    return capped === '' ? null : capped;
+}
+/** Default macOS AddressBook base directory. */
+function defaultAddressBookDir() {
+    return path.join(os.homedir(), 'Library', 'Application Support', 'AddressBook');
+}
+/**
+ * Resolve every AddressBook .abcddb file to union across. Honors env overrides.
+ * Never throws — returns [] on any filesystem hiccup.
+ *
+ * Real layout (any/all may exist):
+ *   <base>/AddressBook-v22.abcddb
+ *   <base>/Sources/<UUID>/AddressBook-v22.abcddb   (one per account/source)
+ */
+function addressBookDbPaths() {
+    try {
+        const single = process.env.SNAZI_ADDRESSBOOK_DB;
+        if (single && single.trim() !== '') {
+            return fs.existsSync(single) ? [single] : [];
+        }
+        const base = process.env.SNAZI_ADDRESSBOOK_DIR &&
+            process.env.SNAZI_ADDRESSBOOK_DIR.trim() !== ''
+            ? process.env.SNAZI_ADDRESSBOOK_DIR
+            : defaultAddressBookDir();
+        const found = [];
+        const topLevel = path.join(base, 'AddressBook-v22.abcddb');
+        if (fs.existsSync(topLevel))
+            found.push(topLevel);
+        const sourcesDir = path.join(base, 'Sources');
+        let sources = [];
+        try {
+            sources = fs.readdirSync(sourcesDir);
+        }
+        catch {
+            sources = [];
+        }
+        for (const sub of sources) {
+            const p = path.join(sourcesDir, sub, 'AddressBook-v22.abcddb');
+            if (fs.existsSync(p))
+                found.push(p);
+        }
+        // Deterministic union order so "first non-empty name wins" is stable.
+        return [...new Set(found)].sort();
+    }
+    catch {
+        return [];
+    }
+}
+/** Lazy native require — only loaded when we actually touch Contacts. */
+function loadSqlite() {
+    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    return require('better-sqlite3');
+}
+/** Last 10 digits of an address, or '' if it isn't a >=10-digit phone. */
+function last10(address) {
+    const digits = address.replace(/\D/g, '');
+    return digits.length >= 10 ? digits.slice(-10) : '';
+}
+/** Empty index used on every failure/degradation path. */
+const EMPTY_INDEX = {
+    size: 0,
+    get() {
+        return null;
+    },
+};
+function makeIndex(byNorm, byLast10) {
+    return {
+        size: byNorm.size,
+        get(address) {
+            const norm = (0, address_1.normalizeAddress)(address);
+            if (norm === '')
+                return null;
+            const exact = byNorm.get(norm);
+            if (exact)
+                return exact;
+            // Phone fallback: match by trailing 10 digits. This MUST be restricted to
+            // phone-like inputs: an email such as "john5551234567@gmail.com" still
+            // contains >=10 digits, and without this guard it would false-match a
+            // phone contact's trailing-10 key — attaching a TRUSTED contact name to an
+            // UNTRUSTED email address (a decide-time display-spoofing vector). Emails
+            // resolve by exact normalized address ONLY.
+            if (norm.includes('@'))
+                return null;
+            const tail = last10(norm);
+            if (tail !== '') {
+                const byTail = byLast10.get(tail);
+                if (byTail)
+                    return byTail;
+            }
+            return null;
+        },
+    };
+}
+/** Compose a record's display name: "First Last" -> nickname -> organization. */
+function recordDisplayName(r) {
+    const first = (r.ZFIRSTNAME ?? '').trim();
+    const last = (r.ZLASTNAME ?? '').trim();
+    const full = `${first} ${last}`.trim();
+    if (full !== '')
+        return full;
+    const nick = (r.ZNICKNAME ?? '').trim();
+    if (nick !== '')
+        return nick;
+    const org = (r.ZORGANIZATION ?? '').trim();
+    if (org !== '')
+        return org;
+    return null;
+}
+/**
+ * Index one AddressBook DB into the provided maps. "First non-empty name wins":
+ * we never overwrite an existing key, so union order (sorted db paths, then
+ * Z_PK order) is deterministic. Best-effort: any failure on a single DB is
+ * swallowed so the rest still contribute.
+ */
+function indexOneDb(dbPath, byNorm, byLast10) {
+    const Database = loadSqlite();
+    let db;
+    try {
+        db = new Database(dbPath, { readonly: true, fileMustExist: true });
+        const records = db
+            .prepare('SELECT Z_PK, ZFIRSTNAME, ZLASTNAME, ZORGANIZATION, ZNICKNAME FROM ZABCDRECORD')
+            .all();
+        const nameByPk = new Map();
+        for (const r of records) {
+            const name = sanitizeContactName(recordDisplayName(r));
+            if (name)
+                nameByPk.set(r.Z_PK, name);
+        }
+        const addKey = (map, key, name) => {
+            if (key === '')
+                return;
+            if (!map.has(key))
+                map.set(key, name); // first non-empty wins
+        };
+        // Phones — normalize, plus a last-10 fallback key.
+        const phones = db
+            .prepare('SELECT ZOWNER, ZFULLNUMBER FROM ZABCDPHONENUMBER WHERE ZFULLNUMBER IS NOT NULL')
+            .all();
+        for (const p of phones) {
+            if (p.ZOWNER == null)
+                continue;
+            const name = nameByPk.get(p.ZOWNER);
+            if (!name)
+                continue;
+            const norm = (0, address_1.normalizeAddress)(p.ZFULLNUMBER);
+            addKey(byNorm, norm, name);
+            addKey(byLast10, last10(norm), name);
+        }
+        // Emails — normalize (trim+lowercase).
+        const emails = db
+            .prepare('SELECT ZOWNER, ZADDRESS FROM ZABCDEMAILADDRESS WHERE ZADDRESS IS NOT NULL')
+            .all();
+        for (const e of emails) {
+            if (e.ZOWNER == null)
+                continue;
+            const name = nameByPk.get(e.ZOWNER);
+            if (!name)
+                continue;
+            addKey(byNorm, (0, address_1.normalizeAddress)(e.ZADDRESS), name);
+        }
+    }
+    catch {
+        // Schema variance, locked DB, missing permission — skip this source.
+    }
+    finally {
+        try {
+            db?.close();
+        }
+        catch {
+            // ignore close errors
+        }
+    }
+}
+/**
+ * Build a ContactIndex from every available local AddressBook DB.
+ * NEVER throws — returns an empty index when Contacts can't be read for ANY
+ * reason (non-macOS, no DB, no permission, better-sqlite3 missing). Callers
+ * should treat a miss as `contact_name: null` and carry on.
+ */
+function buildContactIndex() {
+    try {
+        const paths = addressBookDbPaths();
+        if (paths.length === 0)
+            return EMPTY_INDEX;
+        const byNorm = new Map();
+        const byLast10 = new Map();
+        for (const p of paths)
+            indexOneDb(p, byNorm, byLast10);
+        if (byNorm.size === 0)
+            return EMPTY_INDEX;
+        return makeIndex(byNorm, byLast10);
+    }
+    catch {
+        return EMPTY_INDEX;
+    }
+}
+/**
+ * Non-throwing readability probe (mirrors chatdb.probeChatDb). Reports whether
+ * at least one AddressBook DB exists and can be opened+queried read-only.
+ * Purely diagnostic — enrichment itself always degrades silently.
+ */
+function probeContacts() {
+    try {
+        const paths = addressBookDbPaths();
+        if (paths.length === 0) {
+            return { ok: false, reason: 'No macOS AddressBook database found.' };
+        }
+        let Database;
+        try {
+            Database = loadSqlite();
+        }
+        catch (e) {
+            return {
+                ok: false,
+                reason: `better-sqlite3 unavailable: ${String(e instanceof Error ? e.message : e)}`,
+            };
+        }
+        for (const p of paths) {
+            let db;
+            try {
+                db = new Database(p, { readonly: true, fileMustExist: true });
+                db.prepare('SELECT 1 FROM ZABCDRECORD LIMIT 1').get();
+                return { ok: true };
+            }
+            catch {
+                // try the next source
+            }
+            finally {
+                try {
+                    db?.close();
+                }
+                catch {
+                    // ignore
+                }
+            }
+        }
+        return {
+            ok: false,
+            reason: 'AddressBook database(s) present but not readable (grant Contacts / Full Disk Access).',
+        };
+    }
+    catch (e) {
+        return {
+            ok: false,
+            reason: `Contacts probe failed: ${String(e instanceof Error ? e.message : e)}`,
+        };
+    }
+}

package/dist/doctor.js

@@ -62,15 +62,21 @@ async function runDoctor() {
             };
         }
         const av = adapter.availability();
+        const sendAv = adapter.sendAvailability?.();
         if (!av.available) {
             warnings.push(`Channel '${id}' is not readable locally: ${av.reason}`);
         }
+        if (adapter.sendMessage && sendAv && !sendAv.available) {
+            warnings.push(`Channel '${id}' cannot send locally: ${sendAv.reason}`);
+        }
         return {
             id,
             known: true,
             available: av.available,
             reason: av.reason ?? null,
             detail: av.detail ?? null,
+            send_available: sendAv?.available ?? null,
+            send_reason: sendAv?.reason ?? null,
         };
     });
     const report = {

package/dist/imessage-send.js

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_MESSAGE_LEN = void 0;
+exports.escapeAppleScriptString = escapeAppleScriptString;
+exports.probeSendAvailability = probeSendAvailability;
+exports.sendIMessage = sendIMessage;
+/**
+ * Send iMessage via Messages.app (macOS only).
+ *
+ * Outbound messages are NEVER gated by the approval list — the soup nazi only
+ * blocks reading. Sending uses AppleScript (`osascript`) and does not require
+ * Full Disk Access to chat.db; it may require Automation permission for Messages.
+ */
+const child_process_1 = require("child_process");
+const address_1 = require("./address");
+exports.MAX_MESSAGE_LEN = 10000;
+/** Escape a string for embedding in an AppleScript double-quoted literal. */
+function escapeAppleScriptString(s) {
+    return s.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+}
+const AUTOMATION_HINT = 'Grant Automation permission for Messages in System Settings > Privacy & ' +
+    'Security > Automation (or allow the terminal/node to control Messages).';
+/** Can iMessage be sent from this host right now? */
+function probeSendAvailability() {
+    if (process.platform !== 'darwin') {
+        return {
+            available: false,
+            reason: `iMessage can only be sent on macOS (this host is ${process.platform}).`,
+        };
+    }
+    try {
+        const out = (0, child_process_1.execFileSync)('osascript', ['-e', 'application "Messages" exists'], { encoding: 'utf8', timeout: 5000 }).trim();
+        if (out !== 'true') {
+            return {
+                available: false,
+                reason: 'Messages.app is not installed on this Mac.',
+            };
+        }
+        return { available: true };
+    }
+    catch (e) {
+        return {
+            available: false,
+            reason: `Cannot reach Messages.app: ${String(e instanceof Error ? e.message : e)}`,
+            detail: AUTOMATION_HINT,
+        };
+    }
+}
+/**
+ * Send one iMessage. Throws on validation or delivery failure.
+ * Never checks the approval list — sending is always allowed.
+ */
+function sendIMessage(rawRecipient, text) {
+    const recipient = (0, address_1.validateRecipientAddress)(rawRecipient);
+    if (recipient.length > 128) {
+        throw new Error('Recipient too long.');
+    }
+    const body = String(text ?? '');
+    if (!body.trim()) {
+        throw new Error('Missing message text.');
+    }
+    if (body.length > exports.MAX_MESSAGE_LEN) {
+        throw new Error(`Message too long (max ${exports.MAX_MESSAGE_LEN} characters).`);
+    }
+    // Block control chars (except common whitespace) to keep logs/terminals safe.
+    // eslint-disable-next-line no-control-regex
+    if (/[\u0000-\u0008\u000b\u000c\u000e-\u001f\u007f]/.test(body)) {
+        throw new Error('Invalid message text.');
+    }
+    if (process.platform !== 'darwin') {
+        throw new Error(`iMessage can only be sent on macOS (this host is ${process.platform}).`);
+    }
+    const escapedRecipient = escapeAppleScriptString(recipient);
+    const escapedText = escapeAppleScriptString(body);
+    const script = [
+        'tell application "Messages"',
+        '  set targetService to 1st service whose service type = iMessage',
+        `  set targetBuddy to participant "${escapedRecipient}" of targetService`,
+        `  send "${escapedText}" to targetBuddy`,
+        'end tell',
+    ].join('\n');
+    try {
+        (0, child_process_1.execFileSync)('osascript', ['-e', script], { encoding: 'utf8', timeout: 30000 });
+    }
+    catch (e) {
+        const msg = String(e instanceof Error ? e.message : e);
+        if (/Not authorized|(-1743)/.test(msg)) {
+            throw new Error(`Messages automation denied. ${AUTOMATION_HINT}`);
+        }
+        throw new Error(`Send failed: ${msg}`);
+    }
+}

package/dist/server.js

@@ -53,6 +53,7 @@ exports.startServer = startServer;
  *   GET  /check?sender&channel       -> { status, label }           (bearer)
  *   GET  /resolve?name&channel       -> name->address address book   (bearer)
  *   POST /label {sender,channel,name}-> set a sender's display label (bearer)
+ *   POST /send  {recipient,channel,text} -> send a message (bearer, never gated)
  *
  * It REUSES the same gate (api.ts) and the same DB reader (chatdb.ts) as the
  * CLI. There is no approve/deny here — APPROVAL mutations stay CLI/dashboard-
@@ -68,6 +69,26 @@ const api_1 = require("./api");
 const cache_1 = require("./cache");
 const channels_1 = require("./channels");
 const address_1 = require("./address");
+const imessage_send_1 = require("./imessage-send");
+const contacts_1 = require("./contacts");
+/**
+ * Build the macOS Contacts index for ONE request, best-effort. NEVER throws:
+ * any failure (no DB, no permission, non-macOS, better-sqlite3 missing) yields
+ * an empty index so enrichment degrades to `contact_name: null` and the gate
+ * keeps working with zero Contacts access.
+ *
+ * SECURITY: the returned name is DISPLAY-ONLY. It is never consulted by the
+ * read gate (handleRead checks `status === 'approved'` and nothing else) and
+ * is already sanitized (control-char-stripped + length-capped) by contacts.ts.
+ */
+function contactIndexForRequest() {
+    try {
+        return (0, contacts_1.buildContactIndex)();
+    }
+    catch {
+        return { size: 0, get: () => null };
+    }
+}
 // Read version without importing JSON at compile time (keeps build simple).
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const VERSION = (() => {
@@ -96,6 +117,8 @@ const SENDER_RE = /^[A-Za-z0-9_.+@-]+$/;
 // packages/web/src/app/api/senders/label/route.ts (MAX_LABEL_LEN, LABEL_CTRL_RE).
 // eslint-disable-next-line no-control-regex
 const NAME_CTRL_RE = /[\u0000-\u001f\u007f]/;
+// eslint-disable-next-line no-control-regex
+const TEXT_CTRL_RE = /[\u0000-\u0008\u000b\u000c\u000e-\u001f\u007f]/;
 /**
  * Find this host's Tailscale IP (CGNAT range 100.64.0.0/10) if present.
  * Returns undefined if not on a tailnet.
@@ -209,6 +232,26 @@ function parseName(v, allowEmpty = false) {
         throw new Error('Invalid name.');
     return n;
 }
+function parseRecipient(v) {
+    const raw = (v ?? '').trim();
+    if (!raw)
+        throw new Error('Missing recipient.');
+    if (raw.length > MAX_SENDER_LEN)
+        throw new Error('Recipient too long.');
+    if (!SENDER_RE.test(raw))
+        throw new Error('Invalid recipient.');
+    return (0, address_1.validateRecipientAddress)(raw);
+}
+function parseText(v) {
+    const t = String(v ?? '');
+    if (!t.trim())
+        throw new Error('Missing text.');
+    if (t.length > imessage_send_1.MAX_MESSAGE_LEN)
+        throw new Error('Text too long.');
+    if (TEXT_CTRL_RE.test(t))
+        throw new Error('Invalid text.');
+    return t;
+}
 /** Read a request body with a hard size cap (fails closed on overflow). */
 function readBody(req, maxBytes) {
     return new Promise((resolve, reject) => {
@@ -237,6 +280,8 @@ async function handleListNew(cfg, url) {
     const senders = adapter.listInboundSenders(since);
     // One list fetch -> address->label map (best-effort; null on any failure).
     const labels = await (0, api_1.buildLabelMap)(cfg, channel);
+    // Build the Contacts index ONCE per request (best-effort, empty on failure).
+    const contacts = contactIndexForRequest();
     const results = [];
     for (const s of senders) {
         let status = 'unknown';
@@ -252,7 +297,12 @@ async function handleListNew(cfg, url) {
             message_count: s.message_count,
             latest_at: s.latest_at,
             status,
+            // `label` = user's snazi.dev account-set name (privileged display).
             label: labels.get((0, address_1.normalizeAddress)(s.sender)) ?? null,
+            // `contact_name` = local macOS Contacts name (display-only metadata).
+            // Kept SEPARATE from `label`; included regardless of approval status.
+            // It NEVER affects `status` or the read gate.
+            contact_name: contacts.get(s.sender),
         };
         if (checkError)
             entry.error = checkError;
@@ -281,15 +331,20 @@ async function handleRead(cfg, url) {
         };
     }
     if (status !== 'approved') {
+        // GATE: reading is denied SOLELY on approval status. `contact_name` is
+        // deliberately NOT consulted here — a known Contacts name must never open
+        // the gate. We don't even compute it on the denied path.
         return {
             status: 403,
             body: { error: 'Sender not approved. No messages for you.', status },
         };
     }
     const messages = adapter.readMessagesFrom(sender, since);
+    // Gate already passed; attach display-only Contacts name (best-effort).
+    const contact_name = contactIndexForRequest().get(sender);
     return {
         status: 200,
-        body: { sender, channel, status, since_minutes: since, messages },
+        body: { sender, channel, status, since_minutes: since, contact_name, messages },
     };
 }
 async function handleCheck(cfg, url) {
@@ -308,7 +363,10 @@ async function handleCheck(cfg, url) {
     // Best-effort label lookup for this one address (display only).
     const labels = await (0, api_1.buildLabelMap)(cfg, channel);
     const label = labels.get(sender) ?? null;
-    return { status: 200, body: { channel, sender, status, label } };
+    // Display-only Contacts name. Kept separate from `label`; included no matter
+    // the approval status. It does NOT (and must not) affect `status`.
+    const contact_name = contactIndexForRequest().get(sender);
+    return { status: 200, body: { channel, sender, status, label, contact_name } };
 }
 /**
  * GET /resolve?name=<q>&channel=<id>
@@ -322,6 +380,8 @@ async function handleResolve(cfg, url) {
     const query = parseName(url.searchParams.get('name'), true);
     const needle = query.toLowerCase();
     const senders = await (0, api_1.listSenders)(cfg, channel);
+    // Build the Contacts index ONCE for this request (best-effort, empty on fail).
+    const contacts = contactIndexForRequest();
     const matches = senders
         .filter((s) => {
         if (s.label == null || s.label === '')
@@ -334,6 +394,8 @@ async function handleResolve(cfg, url) {
         sender_address: s.sender_address,
         label: s.label,
         status: s.status,
+        // Display-only macOS Contacts name; separate from `label`, never gates.
+        contact_name: contacts.get(s.sender_address),
     }));
     return { status: 200, body: { channel, query, matches } };
 }
@@ -368,6 +430,38 @@ async function handleLabel(cfg, rawBody) {
         return { status: code, body: { error: `Label failed: ${msg}` } };
     }
 }
+/**
+ * POST /send  body: { recipient, channel, text }
+ * Sends an outbound message. NEVER gated by the approval list — the soup nazi
+ * only blocks reading.
+ */
+async function handleSend(_cfg, rawBody) {
+    let parsed;
+    try {
+        parsed = JSON.parse(rawBody || '{}');
+    }
+    catch {
+        return { status: 400, body: { error: 'Invalid JSON body.' } };
+    }
+    const b = (parsed ?? {});
+    const recipient = parseRecipient(typeof b.recipient === 'string' ? b.recipient : null);
+    const channel = parseChannel(typeof b.channel === 'string' ? b.channel : null);
+    const text = parseText(typeof b.text === 'string' ? b.text : null);
+    const { adapter, error } = (0, channels_1.resolveSendableAdapter)(channel);
+    if (!adapter?.sendMessage) {
+        return { status: 501, body: { error } };
+    }
+    try {
+        adapter.sendMessage(recipient, text);
+        return { status: 200, body: { ok: true, channel, recipient } };
+    }
+    catch (e) {
+        return {
+            status: 502,
+            body: { error: String(e instanceof Error ? e.message : e) },
+        };
+    }
+}
 /** Build (but do not start) the HTTP server. Exposed for tests. */
 function createServer(cfg) {
     const token = cfg.serveToken ?? '';
@@ -383,23 +477,25 @@ function createServer(cfg) {
                 if (method === 'GET' && pathname === '/health') {
                     return sendJson(res, 200, { ok: true, version: VERSION });
                 }
-                // Only GET (reads) and POST /label (the single non-privileged write)
-                // are allowed on this surface.
+                // Only GET (reads) and POST /label, POST /send are allowed on this surface.
                 if (method !== 'GET' && method !== 'POST') {
                     return sendJson(res, 405, { error: 'Method not allowed.' });
                 }
-                // Everything past /health requires a valid bearer token — including the
-                // POST /label write.
+                // Everything past /health requires a valid bearer token — including writes.
                 if (!bearerOk(req.headers['authorization'], token)) {
                     res.setHeader('www-authenticate', 'Bearer');
                     return sendJson(res, 401, { error: 'Unauthorized.' });
                 }
                 if (method === 'POST') {
+                    const rawBody = await readBody(req, MAX_BODY_BYTES);
                     if (pathname === '/label') {
-                        const rawBody = await readBody(req, MAX_BODY_BYTES);
                         const r = await handleLabel(cfg, rawBody);
                         return sendJson(res, r.status, r.body);
                     }
+                    if (pathname === '/send') {
+                        const r = await handleSend(cfg, rawBody);
+                        return sendJson(res, r.status, r.body);
+                    }
                     return sendJson(res, 404, { error: 'Not found.' });
                 }
                 switch (pathname) {
@@ -451,11 +547,11 @@ async function startServer(cfg, opts) {
     const onTailnet = bind.startsWith('100.') || bind === detectTailscaleIp();
     console.error(JSON.stringify({
         ok: true,
-        msg: 'snazi serve listening (read-only gate)',
+        msg: 'snazi serve listening (gated read + ungated send)',
         bind,
         port,
         version: VERSION,
-        surface: ['/health', '/list-new', '/check', '/read', '/resolve', 'POST /label'],
+        surface: ['/health', '/list-new', '/check', '/read', '/resolve', 'POST /label', 'POST /send'],
         reachable_on: bind === '127.0.0.1'
             ? 'loopback only (front with `tailscale serve` for tailnet access)'
             : onTailnet

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chipallen2/snazi",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "On-demand local gate for your messages. Reveals WHO contacted you; only reveals WHAT for approved senders. iMessage today, pluggable channels next.",
   "license": "MIT",
   "homepage": "https://snazi.dev",
@@ -39,7 +39,10 @@
     "build": "tsc",
     "start": "node dist/cli.js",
     "prepare": "npm run build",
-    "test": "npm run build && node test/address.test.cjs && node test/cache.test.cjs && node test/both-sides.test.cjs && node test/serve-names.test.cjs && node test/channels.test.cjs"
+    "test": "npm run build && node test/address.test.cjs && node test/cache.test.cjs && node test/both-sides.test.cjs && node test/serve-names.test.cjs && node test/channels.test.cjs && node test/send.test.cjs && node test/contacts.test.cjs && node test/serve-contacts.test.cjs",
+    "release:patch": "bash scripts/release.sh patch",
+    "release:minor": "bash scripts/release.sh minor",
+    "release:major": "bash scripts/release.sh major"
   },
   "optionalDependencies": {
     "better-sqlite3": "^11.3.0"