@chipallen2/snazi 0.1.0

package/dist/cli.js

@@ -0,0 +1,516 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * snazi — on-demand message gate.
+ *
+ *   "No messages for you."
+ *
+ * This CLI is the LOCAL gate. It runs on demand (NOT a daemon).
+ * - init     : create/update ~/.snazi/config.json (interactive or via flags).
+ * - doctor   : diagnose Node, config, connectivity, and per-channel access.
+ * - list-new : reveals WHO sent recent messages + their approval status. Never WHAT.
+ * - read     : reveals message TEXT for ONE sender, but ONLY if approved by the server.
+ * - check    : prints a single sender's approval status.
+ * - channels : list/add configured channels + show adapter availability here.
+ * - status   : prints config + platform + server connectivity.
+ *
+ * Local message sources are pluggable CHANNEL ADAPTERS (see src/channels). The
+ * CLI itself is cross-platform; a channel that can't run on this OS (e.g.
+ * iMessage off macOS) reports itself unavailable instead of crashing.
+ *
+ * Approvals are READ-ONLY here: a sender is approved/denied in the web
+ * dashboard or via a signed /decide link, never from this CLI. The token in
+ * ~/.snazi/config.json is a per-account READ token that cannot mutate the list.
+ *
+ * The server stores no messages. This CLI stores no message content; it keeps
+ * only a short-lived approval-STATUS cache (~/.snazi/check-cache.json) so it
+ * needn't re-check every call. Content is read live from the local Messages
+ * database and printed only when the gate opens.
+ */
+const config_1 = require("./config");
+const address_1 = require("./address");
+const api_1 = require("./api");
+const cache_1 = require("./cache");
+const channels_1 = require("./channels");
+const server_1 = require("./server");
+const client_1 = require("./client");
+const daemon_1 = require("./daemon");
+const init_1 = require("./init");
+const doctor_1 = require("./doctor");
+const DEFAULT_CHANNEL = 'imessage';
+function parseSince(args, def = 60) {
+    const i = args.indexOf('--since');
+    if (i !== -1 && args[i + 1]) {
+        const n = parseInt(args[i + 1], 10);
+        if (!Number.isNaN(n) && n > 0)
+            return n;
+    }
+    return def;
+}
+/** Read a named --flag's value. */
+function flag(args, name) {
+    const i = args.indexOf(name);
+    if (i !== -1 && args[i + 1] && !args[i + 1].startsWith('--')) {
+        return args[i + 1];
+    }
+    return undefined;
+}
+/** True if a boolean --flag is present. */
+function hasFlag(args, name) {
+    return args.includes(name);
+}
+function parsePort(args) {
+    const v = flag(args, '--port');
+    if (v == null)
+        return undefined;
+    const n = parseInt(v, 10);
+    if (Number.isNaN(n))
+        return undefined;
+    return n;
+}
+function out(obj) {
+    console.log(JSON.stringify(obj, null, 2));
+}
+async function cmdListNew(args) {
+    const since = parseSince(args, 60);
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    const fresh = hasFlag(args, '--fresh');
+    const cfg = (0, config_1.loadConfig)();
+    const { adapter, error } = (0, channels_1.resolveReadableAdapter)(channel);
+    if (!adapter) {
+        out({ error });
+        return 1;
+    }
+    const senders = adapter.listInboundSenders(since);
+    const labels = await (0, api_1.buildLabelMap)(cfg, channel);
+    const results = [];
+    for (const s of senders) {
+        let status = 'unknown';
+        let checkError;
+        try {
+            status = await (0, cache_1.checkSenderCached)(cfg, channel, s.sender, { fresh });
+        }
+        catch (e) {
+            checkError = String(e instanceof Error ? e.message : e);
+        }
+        const entry = {
+            sender: s.sender,
+            message_count: s.message_count,
+            latest_at: s.latest_at,
+            status,
+            label: labels.get((0, address_1.normalizeAddress)(s.sender)) ?? null,
+        };
+        if (checkError)
+            entry.error = checkError;
+        results.push(entry);
+    }
+    out(results);
+    return 0;
+}
+async function cmdRead(args) {
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const target = (0, address_1.normalizeAddress)(positionals[0]);
+    if (!target) {
+        out({ error: 'Usage: snazi read <sender> [--channel <id>] [--since <minutes>]' });
+        return 2;
+    }
+    const since = parseSince(args, 60);
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    const fresh = hasFlag(args, '--fresh');
+    const cfg = (0, config_1.loadConfig)();
+    // Resolve the local source first so an unsupported channel/platform fails
+    // with a clear message (and never touches the network or any message text).
+    const { adapter, error } = (0, channels_1.resolveReadableAdapter)(channel);
+    if (!adapter) {
+        out({ error });
+        return 1;
+    }
+    // GATE: check approval BEFORE touching any message text.
+    let status;
+    try {
+        status = await (0, cache_1.checkSenderCached)(cfg, channel, target, { fresh });
+    }
+    catch (e) {
+        out({ error: `Approval check failed: ${String(e)}` });
+        return 1;
+    }
+    if (status !== 'approved') {
+        out({ error: 'Sender not approved. No messages for you.', status });
+        return 1;
+    }
+    const messages = adapter.readMessagesFrom(target, since);
+    out({ sender: target, status, since_minutes: since, messages });
+    return 0;
+}
+async function cmdCheck(args) {
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const target = (0, address_1.normalizeAddress)(positionals[0]);
+    if (!target) {
+        out({ error: 'Usage: snazi check <sender> --channel <id>' });
+        return 2;
+    }
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    const fresh = hasFlag(args, '--fresh');
+    const cfg = (0, config_1.loadConfig)();
+    try {
+        const status = await (0, cache_1.checkSenderCached)(cfg, channel, target, { fresh });
+        const labels = await (0, api_1.buildLabelMap)(cfg, channel);
+        const label = labels.get(target) ?? null;
+        out({ channel, sender: target, status, label });
+        return 0;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
+async function cmdCache(args) {
+    const sub = args[0];
+    if (sub === 'clear') {
+        (0, cache_1.clearCache)();
+        out({ ok: true, cleared: true });
+        return 0;
+    }
+    out({ error: `Unknown cache subcommand: ${sub ?? '(none)'}. Use 'clear'.` });
+    return 2;
+}
+async function cmdChannels(args) {
+    const sub = args[0];
+    if (sub === 'list' || sub === undefined) {
+        // Works even before `snazi init` (read config leniently, don't exit).
+        const cfg = (0, config_1.readConfigIfPresent)();
+        const adapters = (0, channels_1.listAdapters)().map((a) => {
+            const av = a.availability();
+            return {
+                id: a.id,
+                display_name: a.displayName,
+                platforms: a.platforms,
+                available_here: av.available,
+                reason: av.reason ?? null,
+            };
+        });
+        out({ configured: cfg?.channels ?? [], adapters });
+        return 0;
+    }
+    if (sub === 'add') {
+        const channel = args[1];
+        if (!channel) {
+            out({ error: 'Usage: snazi channels add <channel>' });
+            return 2;
+        }
+        const cfg = (0, config_1.loadConfig)();
+        const channels = new Set(cfg.channels ?? []);
+        channels.add(channel);
+        cfg.channels = [...channels];
+        (0, config_1.saveConfig)(cfg);
+        const known = (0, channels_1.getAdapter)(channel);
+        out({
+            ok: true,
+            channels: cfg.channels,
+            note: known
+                ? undefined
+                : `'${channel}' has no local adapter yet; it can still be used with remote-* against a host that supports it.`,
+        });
+        return 0;
+    }
+    out({ error: `Unknown channels subcommand: ${sub}. Use 'list' or 'add'.` });
+    return 2;
+}
+async function cmdInit(args) {
+    const { code, result } = await (0, init_1.runInit)({
+        apiUrl: flag(args, '--api-url'),
+        token: flag(args, '--token'),
+        channel: flag(args, '--channel'),
+        force: hasFlag(args, '--force'),
+        yes: hasFlag(args, '--yes') || hasFlag(args, '-y'),
+    });
+    out(result);
+    return code;
+}
+async function cmdDoctor() {
+    const { code, report } = await (0, doctor_1.runDoctor)();
+    out(report);
+    return code;
+}
+async function cmdServe(args) {
+    const cfg = (0, config_1.loadConfig)();
+    const bind = flag(args, '--bind');
+    const port = parsePort(args);
+    if (hasFlag(args, '--install-daemon')) {
+        if (process.platform !== 'darwin') {
+            out({
+                error: 'serve --install-daemon is macOS-only (it installs a launchd LaunchAgent). ' +
+                    'On Windows/Linux, run `snazi serve` under your own process manager (e.g. a ' +
+                    'Windows Service, systemd unit, or pm2).',
+            });
+            return 2;
+        }
+        try {
+            const r = (0, daemon_1.installDaemon)(cfg, { bind, port });
+            out({
+                ok: true,
+                installed: r.plistPath,
+                label: daemon_1.LABEL,
+                bind: r.bind,
+                port: r.port,
+                node: r.node,
+                cli: r.cli,
+                next_steps: [
+                    `launchctl load -w ${r.plistPath}`,
+                    `# stop:   launchctl unload -w ${r.plistPath}`,
+                    `# Grant Full Disk Access to the node binary: ${r.node}`,
+                    `#   System Settings > Privacy & Security > Full Disk Access`,
+                ],
+            });
+            return 0;
+        }
+        catch (e) {
+            out({ error: String(e instanceof Error ? e.message : e) });
+            return 1;
+        }
+    }
+    try {
+        const { server } = await (0, server_1.startServer)(cfg, { bind, port });
+        // Keep the process alive until signalled; shut down cleanly.
+        return await new Promise((resolve) => {
+            const shutdown = () => {
+                server.close(() => resolve(0));
+            };
+            process.on('SIGINT', shutdown);
+            process.on('SIGTERM', shutdown);
+        });
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
+async function cmdRemoteListNew(args) {
+    const since = parseSince(args, 60);
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    const cfg = (0, config_1.loadConfig)();
+    try {
+        const { status, json } = await (0, client_1.remoteListNew)(cfg, channel, since);
+        out(json);
+        return status >= 200 && status < 300 ? 0 : 1;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
+async function cmdRemoteRead(args) {
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const target = (0, address_1.normalizeAddress)(positionals[0]);
+    if (!target) {
+        out({ error: 'Usage: snazi remote-read <sender> [--channel <id>] [--since <minutes>]' });
+        return 2;
+    }
+    const since = parseSince(args, 60);
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    const cfg = (0, config_1.loadConfig)();
+    try {
+        const { status, json } = await (0, client_1.remoteRead)(cfg, target, channel, since);
+        out(json);
+        return status >= 200 && status < 300 ? 0 : 1;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
+async function cmdRemoteCheck(args) {
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const target = (0, address_1.normalizeAddress)(positionals[0]);
+    if (!target) {
+        out({ error: 'Usage: snazi remote-check <sender> --channel <id>' });
+        return 2;
+    }
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    const cfg = (0, config_1.loadConfig)();
+    try {
+        const { status, json } = await (0, client_1.remoteCheck)(cfg, target, channel);
+        out(json);
+        return status >= 200 && status < 300 ? 0 : 1;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
+async function cmdRemoteResolve(args) {
+    // Name may be empty (-> whole address book). Treat the first positional as
+    // the query; absent -> ''.
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const name = positionals[0] ?? '';
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    const cfg = (0, config_1.loadConfig)();
+    try {
+        const { status, json } = await (0, client_1.remoteResolve)(cfg, name, channel);
+        out(json);
+        return status >= 200 && status < 300 ? 0 : 1;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
+async function cmdRemoteLabel(args) {
+    const positionals = args.filter((a) => !a.startsWith('--'));
+    const target = (0, address_1.normalizeAddress)(positionals[0]);
+    const name = flag(args, '--name');
+    if (!target || !name) {
+        out({
+            error: 'Usage: snazi remote-label <sender> --name <name> [--channel <id>]',
+        });
+        return 2;
+    }
+    const channel = flag(args, '--channel') ?? DEFAULT_CHANNEL;
+    const cfg = (0, config_1.loadConfig)();
+    try {
+        const { status, json } = await (0, client_1.remoteLabel)(cfg, target, channel, name);
+        out(json);
+        return status >= 200 && status < 300 ? 0 : 1;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
+async function cmdRemoteStatus() {
+    const cfg = (0, config_1.loadConfig)();
+    try {
+        const { status, json } = await (0, client_1.remoteHealth)(cfg);
+        out({ remoteUrl: cfg.remoteUrl ?? null, health_status: status, health: json });
+        return status >= 200 && status < 300 ? 0 : 1;
+    }
+    catch (e) {
+        out({ error: String(e instanceof Error ? e.message : e) });
+        return 1;
+    }
+}
+async function cmdStatus() {
+    const cfg = (0, config_1.loadConfig)();
+    const reachable = await (0, api_1.ping)(cfg);
+    out({
+        config_path: config_1.CONFIG_PATH,
+        platform: `${process.platform}/${process.arch}`,
+        node: process.versions.node,
+        apiUrl: cfg.apiUrl,
+        apiKey: cfg.apiKey ? `${cfg.apiKey.slice(0, 6)}…(${cfg.apiKey.length})` : null,
+        channels: cfg.channels ?? [],
+        server_reachable: reachable,
+    });
+    return reachable ? 0 : 1;
+}
+function usage() {
+    console.log(`snazi — on-demand message gate ("No messages for you.")
+
+Setup:
+  snazi init [--api-url <url>] [--token <tok>] [--channel <id>] [--force] [--yes]
+                                                        Create/update ~/.snazi/config.json (interactive if a TTY)
+  snazi doctor                                          Diagnose Node, config, connectivity, and channel access
+
+Usage:
+  snazi list-new [--channel <id>] [--since <minutes>]   Show WHO messaged + approval status (default 60m)
+  snazi read <sender> [--channel <id>] [--since <min>]  Show message text — only if sender is approved
+  snazi check <sender> --channel <id>                   Print one sender's approval status
+  snazi channels list                                   List configured channels + adapter availability here
+  snazi channels add <channel>                          Add a channel (e.g. imessage)
+  snazi cache clear                                     Drop the cached approval statuses (force fresh checks)
+  snazi status                                          Show config + platform + server connectivity
+
+Approval status is cached on disk for a short TTL (default 5m; set
+checkCacheTtlMs in config.json or SNAZI_CHECK_CACHE_TTL_MS) so repeated calls
+don't re-hit the API. Pass --fresh to read/check/list-new to bypass it, or run
+'snazi cache clear' right after you revoke someone.
+
+Approvals are READ-ONLY here: approve/deny a sender in the web dashboard or via
+a signed /decide link. The config token is a per-account READ token.
+
+Serve mode (least-privilege HTTP gate for a remote agent over a tailnet):
+  snazi serve [--bind <ip>] [--port <n>]                Start read-only HTTP gate (/health,/list-new,/check,/read)
+  snazi serve --install-daemon [--bind <ip>] [--port <n>]  Install the launchd LaunchAgent (RunAtLoad/KeepAlive)
+
+Remote client (the trusted agent side, calls a remote 'snazi serve'):
+  snazi remote-status                                   Probe remoteUrl /health
+  snazi remote-list-new [--channel <id>] [--since <min>]  WHO messaged on the remote host + status
+  snazi remote-check <sender> --channel <id>            One sender's status (remote)
+  snazi remote-read <sender> [--channel <id>] [--since <min>]  Message text (remote) — only if approved
+  snazi remote-resolve [<name>] [--channel <id>]        Resolve a name → sender address(es) (empty = address book)
+  snazi remote-label <sender> --name <name> [--channel <id>]  Set a sender's display name (label only; cannot open the gate)
+
+The server manages an approve/deny list only. It stores no messages.
+serve is READ-ONLY (no approve/deny over HTTP), bearer-token protected, and
+binds the tailnet IP (100.x) or 127.0.0.1 — never 0.0.0.0.`);
+}
+async function main() {
+    const argv = process.argv.slice(2);
+    const cmd = argv[0];
+    const rest = argv.slice(1);
+    let code = 0;
+    switch (cmd) {
+        case 'init':
+            code = await cmdInit(rest);
+            break;
+        case 'doctor':
+            code = await cmdDoctor();
+            break;
+        case 'list-new':
+            code = await cmdListNew(rest);
+            break;
+        case 'read':
+            code = await cmdRead(rest);
+            break;
+        case 'check':
+            code = await cmdCheck(rest);
+            break;
+        case 'channels':
+            code = await cmdChannels(rest);
+            break;
+        case 'cache':
+            code = await cmdCache(rest);
+            break;
+        case 'status':
+            code = await cmdStatus();
+            break;
+        case 'serve':
+            code = await cmdServe(rest);
+            break;
+        case 'remote-list-new':
+            code = await cmdRemoteListNew(rest);
+            break;
+        case 'remote-read':
+            code = await cmdRemoteRead(rest);
+            break;
+        case 'remote-check':
+            code = await cmdRemoteCheck(rest);
+            break;
+        case 'remote-resolve':
+            code = await cmdRemoteResolve(rest);
+            break;
+        case 'remote-label':
+            code = await cmdRemoteLabel(rest);
+            break;
+        case 'remote-status':
+            code = await cmdRemoteStatus();
+            break;
+        case undefined:
+        case '-h':
+        case '--help':
+        case 'help':
+            usage();
+            code = 0;
+            break;
+        default:
+            out({ error: `Unknown command: ${cmd}` });
+            usage();
+            code = 2;
+    }
+    process.exit(code);
+}
+main().catch((e) => {
+    out({ error: String(e instanceof Error ? e.message : e) });
+    process.exit(1);
+});

package/dist/client.js

@@ -0,0 +1,106 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.remoteListNew = remoteListNew;
+exports.remoteRead = remoteRead;
+exports.remoteResolve = remoteResolve;
+exports.remoteLabel = remoteLabel;
+exports.remoteCheck = remoteCheck;
+exports.remoteHealth = remoteHealth;
+const NO_STORE = { cache: 'no-store' };
+function remoteBase(cfg) {
+    if (!cfg.remoteUrl) {
+        throw new Error('remoteUrl not set in ~/.snazi/config.json. Add the remote serve base URL ' +
+            '(e.g. "http://100.x.y.z:8787").');
+    }
+    if (!cfg.remoteToken) {
+        throw new Error('remoteToken not set in ~/.snazi/config.json. Add the bearer token that ' +
+            'matches the remote host\'s serveToken.');
+    }
+    return { url: cfg.remoteUrl.replace(/\/+$/, ''), token: cfg.remoteToken };
+}
+async function getJson(base, token, pathAndQuery) {
+    const res = await fetch(`${base}${pathAndQuery}`, {
+        headers: { authorization: `Bearer ${token}` },
+        ...NO_STORE,
+    });
+    let json;
+    try {
+        json = await res.json();
+    }
+    catch {
+        json = { error: `Non-JSON response: HTTP ${res.status}` };
+    }
+    return { status: res.status, json };
+}
+async function postJson(base, token, path, body) {
+    const res = await fetch(`${base}${path}`, {
+        method: 'POST',
+        headers: {
+            authorization: `Bearer ${token}`,
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify(body),
+        ...NO_STORE,
+    });
+    let json;
+    try {
+        json = await res.json();
+    }
+    catch {
+        json = { error: `Non-JSON response: HTTP ${res.status}` };
+    }
+    return { status: res.status, json };
+}
+/** Remote equivalent of `snazi list-new`. */
+async function remoteListNew(cfg, channel, since) {
+    const { url, token } = remoteBase(cfg);
+    const q = `/list-new?channel=${encodeURIComponent(channel)}&since=${since}`;
+    return getJson(url, token, q);
+}
+/** Remote equivalent of `snazi read` (gate enforced server-side). */
+async function remoteRead(cfg, sender, channel, since) {
+    const { url, token } = remoteBase(cfg);
+    const q = `/read?sender=${encodeURIComponent(sender)}&channel=${encodeURIComponent(channel)}&since=${since}`;
+    return getJson(url, token, q);
+}
+/**
+ * Resolve a name to sender address(es) via the remote serve /resolve endpoint.
+ * Empty/omitted name returns the whole address book (every labelled sender).
+ * Returns address+label+status only — never message text.
+ */
+async function remoteResolve(cfg, name, channel) {
+    const { url, token } = remoteBase(cfg);
+    const q = `/resolve?name=${encodeURIComponent(name)}&channel=${encodeURIComponent(channel)}`;
+    return getJson(url, token, q);
+}
+/**
+ * Set a sender's display label via the remote serve POST /label endpoint.
+ * The serve host performs an UPDATE-only write — it cannot create a row or
+ * change approval status, so this can never open the gate.
+ */
+async function remoteLabel(cfg, sender, channel, name) {
+    const { url, token } = remoteBase(cfg);
+    return postJson(url, token, '/label', { sender, channel, name });
+}
+/** Remote equivalent of `snazi check`. */
+async function remoteCheck(cfg, sender, channel) {
+    const { url, token } = remoteBase(cfg);
+    const q = `/check?sender=${encodeURIComponent(sender)}&channel=${encodeURIComponent(channel)}`;
+    return getJson(url, token, q);
+}
+/** Connectivity probe against a remote serve `/health`. */
+async function remoteHealth(cfg) {
+    if (!cfg.remoteUrl) {
+        throw new Error('remoteUrl not set in ~/.snazi/config.json.');
+    }
+    const base = cfg.remoteUrl.replace(/\/+$/, '');
+    const res = await fetch(`${base}/health`, { ...NO_STORE });
+    let json;
+    try {
+        json = await res.json();
+    }
+    catch {
+        json = { error: `Non-JSON response: HTTP ${res.status}` };
+    }
+    return { status: res.status, json };
+}