@chipallen2/snazi 0.1.0

package/dist/server.js

@@ -0,0 +1,466 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_PORT = void 0;
+exports.detectTailscaleIp = detectTailscaleIp;
+exports.resolveBind = resolveBind;
+exports.createServer = createServer;
+exports.startServer = startServer;
+/**
+ * snazi serve — least-privilege HTTP gate.
+ *
+ *   "No messages for you."
+ *
+ * Exposes ONLY the read-only gated message operations over HTTP so a REMOTE
+ * trusted agent (reachable only over a private Tailscale tailnet) can use them
+ * without an SSH shell. This is deliberately a tiny, read-only surface:
+ *
+ *   GET  /health                     -> { ok, version }            (no auth)
+ *   GET  /list-new?channel&since     -> WHO + status + label        (bearer)
+ *   GET  /read?sender&channel&since  -> text ONLY if approved       (bearer)
+ *   GET  /check?sender&channel       -> { status, label }           (bearer)
+ *   GET  /resolve?name&channel       -> name->address address book   (bearer)
+ *   POST /label {sender,channel,name}-> set a sender's display label (bearer)
+ *
+ * It REUSES the same gate (api.ts) and the same DB reader (chatdb.ts) as the
+ * CLI. There is no approve/deny here — APPROVAL mutations stay CLI/dashboard-
+ * only. The ONLY write this surface can make is POST /label, which sets a
+ * sender's non-privileged display name via an UPDATE-only web endpoint: it can
+ * never create a row or change `status`, so it cannot open the gate. There is
+ * no shell, no arbitrary file access, no path that bypasses the gate.
+ */
+const http = __importStar(require("http"));
+const crypto = __importStar(require("crypto"));
+const os = __importStar(require("os"));
+const api_1 = require("./api");
+const cache_1 = require("./cache");
+const channels_1 = require("./channels");
+const address_1 = require("./address");
+// Read version without importing JSON at compile time (keeps build simple).
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const VERSION = (() => {
+    try {
+        // dist/server.js -> ../package.json
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        return require('../package.json').version ?? '0.0.0';
+    }
+    catch {
+        return '0.0.0';
+    }
+})();
+exports.DEFAULT_PORT = 8787;
+const DEFAULT_CHANNEL = 'imessage';
+const MAX_SINCE_MIN = 7 * 24 * 60; // 7 days
+const DEFAULT_SINCE_MIN = 60;
+const MAX_SENDER_LEN = 128;
+const MAX_NAME_LEN = 64;
+// Cap POST bodies hard: /label only needs a few short fields.
+const MAX_BODY_BYTES = 4 * 1024;
+const CHANNEL_RE = /^[a-z0-9_-]+$/i;
+// iMessage senders are phone numbers (+1555…) or emails. Keep it tight.
+const SENDER_RE = /^[A-Za-z0-9_.+@-]+$/;
+// Names are free-form human text but must not carry control chars (defends
+// log/terminal injection) and are length-capped. Keep in sync with
+// packages/web/src/app/api/senders/label/route.ts (MAX_LABEL_LEN, LABEL_CTRL_RE).
+// eslint-disable-next-line no-control-regex
+const NAME_CTRL_RE = /[\u0000-\u001f\u007f]/;
+/**
+ * Find this host's Tailscale IP (CGNAT range 100.64.0.0/10) if present.
+ * Returns undefined if not on a tailnet.
+ */
+function detectTailscaleIp() {
+    const ifaces = os.networkInterfaces();
+    for (const addrs of Object.values(ifaces)) {
+        if (!addrs)
+            continue;
+        for (const a of addrs) {
+            if (a.family !== 'IPv4' || a.internal)
+                continue;
+            const parts = a.address.split('.').map((n) => parseInt(n, 10));
+            // 100.64.0.0/10  => first octet 100, second octet 64..127
+            if (parts[0] === 100 && parts[1] >= 64 && parts[1] <= 127) {
+                return a.address;
+            }
+        }
+    }
+    return undefined;
+}
+/**
+ * Resolve the bind address with the security policy:
+ *   flag/config override  ->  tailscale IP  ->  127.0.0.1
+ * NEVER 0.0.0.0 (or ::) — that would expose the gate beyond the tailnet.
+ */
+function resolveBind(cfg, opts) {
+    const requested = opts.bind ?? cfg.serveBind;
+    if (requested) {
+        const r = requested.trim();
+        if (r === '0.0.0.0' || r === '::' || r === '*') {
+            throw new Error(`Refusing to bind ${r}: that exposes the gate to every network. ` +
+                `Bind your Tailscale 100.x IP (tailnet-only) or 127.0.0.1 (with 'tailscale serve').`);
+        }
+        return r;
+    }
+    return detectTailscaleIp() ?? '127.0.0.1';
+}
+function resolvePort(cfg, opts) {
+    const p = opts.port ?? cfg.servePort ?? exports.DEFAULT_PORT;
+    if (!Number.isInteger(p) || p < 1 || p > 65535) {
+        throw new Error(`Invalid port: ${p}`);
+    }
+    return p;
+}
+/** Constant-time bearer check. Never logs the token. */
+function bearerOk(authHeader, expected) {
+    if (!expected)
+        return false;
+    if (!authHeader || !authHeader.startsWith('Bearer '))
+        return false;
+    // Exact token after the "Bearer " prefix — no trimming, so stray whitespace
+    // fails closed rather than silently authenticating.
+    const provided = authHeader.slice('Bearer '.length);
+    // Hash both to fixed length so we never branch on length and never throw on
+    // a length mismatch inside timingSafeEqual.
+    const a = crypto.createHash('sha256').update(provided).digest();
+    const b = crypto.createHash('sha256').update(expected).digest();
+    return crypto.timingSafeEqual(a, b);
+}
+function sendJson(res, status, body) {
+    const payload = JSON.stringify(body);
+    res.writeHead(status, {
+        'content-type': 'application/json; charset=utf-8',
+        'content-length': Buffer.byteLength(payload),
+        'cache-control': 'no-store',
+        // This is a private API surface; deny embedding/sniffing.
+        'x-content-type-options': 'nosniff',
+    });
+    res.end(payload);
+}
+function parseChannel(v) {
+    const c = (v ?? DEFAULT_CHANNEL).trim();
+    if (!CHANNEL_RE.test(c))
+        throw new Error('Invalid channel.');
+    return c;
+}
+function parseSender(v) {
+    const raw = (v ?? '').trim();
+    if (!raw)
+        throw new Error('Missing sender.');
+    if (raw.length > MAX_SENDER_LEN)
+        throw new Error('Sender too long.');
+    if (!SENDER_RE.test(raw))
+        throw new Error('Invalid sender.');
+    // Normalize so reads/checks key on the same string the server stored.
+    return (0, address_1.normalizeAddress)(raw);
+}
+function parseSince(v) {
+    if (v == null || v === '')
+        return DEFAULT_SINCE_MIN;
+    const n = parseInt(v, 10);
+    if (Number.isNaN(n) || n <= 0)
+        throw new Error('Invalid since (minutes).');
+    return Math.min(n, MAX_SINCE_MIN);
+}
+/**
+ * Validate a display name. `allowEmpty` lets /resolve treat a missing/blank
+ * name as "return the whole address book" rather than an error.
+ */
+function parseName(v, allowEmpty = false) {
+    const n = (v ?? '').trim();
+    if (!n) {
+        if (allowEmpty)
+            return '';
+        throw new Error('Missing name.');
+    }
+    if (n.length > MAX_NAME_LEN)
+        throw new Error('Name too long.');
+    if (NAME_CTRL_RE.test(n))
+        throw new Error('Invalid name.');
+    return n;
+}
+/** Read a request body with a hard size cap (fails closed on overflow). */
+function readBody(req, maxBytes) {
+    return new Promise((resolve, reject) => {
+        let size = 0;
+        const chunks = [];
+        req.on('data', (c) => {
+            size += c.length;
+            if (size > maxBytes) {
+                reject(new Error('Body too large.'));
+                req.destroy();
+                return;
+            }
+            chunks.push(c);
+        });
+        req.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
+        req.on('error', reject);
+    });
+}
+/** List inbound senders with approval status and display labels (no message text). */
+async function handleListNew(cfg, url) {
+    const channel = parseChannel(url.searchParams.get('channel'));
+    const since = parseSince(url.searchParams.get('since'));
+    const { adapter, error } = (0, channels_1.resolveReadableAdapter)(channel);
+    if (!adapter)
+        return { status: 501, body: { error } };
+    const senders = adapter.listInboundSenders(since);
+    // One list fetch -> address->label map (best-effort; null on any failure).
+    const labels = await (0, api_1.buildLabelMap)(cfg, channel);
+    const results = [];
+    for (const s of senders) {
+        let status = 'unknown';
+        let checkError;
+        try {
+            status = await (0, cache_1.checkSenderCached)(cfg, channel, s.sender);
+        }
+        catch (e) {
+            checkError = String(e instanceof Error ? e.message : e);
+        }
+        const entry = {
+            sender: s.sender,
+            message_count: s.message_count,
+            latest_at: s.latest_at,
+            status,
+            label: labels.get((0, address_1.normalizeAddress)(s.sender)) ?? null,
+        };
+        if (checkError)
+            entry.error = checkError;
+        results.push(entry);
+    }
+    return { status: 200, body: { channel, since_minutes: since, senders: results } };
+}
+async function handleRead(cfg, url) {
+    const sender = parseSender(url.searchParams.get('sender'));
+    const channel = parseChannel(url.searchParams.get('channel'));
+    const since = parseSince(url.searchParams.get('since'));
+    // Resolve the local source first so an unsupported channel/platform fails
+    // clearly (and we never touch the network or any message text).
+    const { adapter, error } = (0, channels_1.resolveReadableAdapter)(channel);
+    if (!adapter)
+        return { status: 501, body: { error } };
+    // GATE: check approval BEFORE touching any message text.
+    let status;
+    try {
+        status = await (0, cache_1.checkSenderCached)(cfg, channel, sender);
+    }
+    catch (e) {
+        return {
+            status: 502,
+            body: { error: `Approval check failed: ${String(e instanceof Error ? e.message : e)}` },
+        };
+    }
+    if (status !== 'approved') {
+        return {
+            status: 403,
+            body: { error: 'Sender not approved. No messages for you.', status },
+        };
+    }
+    const messages = adapter.readMessagesFrom(sender, since);
+    return {
+        status: 200,
+        body: { sender, channel, status, since_minutes: since, messages },
+    };
+}
+async function handleCheck(cfg, url) {
+    const sender = parseSender(url.searchParams.get('sender'));
+    const channel = parseChannel(url.searchParams.get('channel'));
+    let status;
+    try {
+        status = await (0, cache_1.checkSenderCached)(cfg, channel, sender);
+    }
+    catch (e) {
+        return {
+            status: 502,
+            body: { error: `Approval check failed: ${String(e instanceof Error ? e.message : e)}` },
+        };
+    }
+    // Best-effort label lookup for this one address (display only).
+    const labels = await (0, api_1.buildLabelMap)(cfg, channel);
+    const label = labels.get(sender) ?? null;
+    return { status: 200, body: { channel, sender, status, label } };
+}
+/**
+ * GET /resolve?name=<q>&channel=<id>
+ * Name->address "address book" lookup. Match = case-insensitive substring of a
+ * sender's label against the query. Empty/omitted name -> every sender that has
+ * a non-null label. Reveals only address+label+status (same sensitivity as
+ * /list-new) — never message text.
+ */
+async function handleResolve(cfg, url) {
+    const channel = parseChannel(url.searchParams.get('channel'));
+    const query = parseName(url.searchParams.get('name'), true);
+    const needle = query.toLowerCase();
+    const senders = await (0, api_1.listSenders)(cfg, channel);
+    const matches = senders
+        .filter((s) => {
+        if (s.label == null || s.label === '')
+            return false;
+        if (needle === '')
+            return true; // whole address book
+        return s.label.toLowerCase().includes(needle);
+    })
+        .map((s) => ({
+        sender_address: s.sender_address,
+        label: s.label,
+        status: s.status,
+    }));
+    return { status: 200, body: { channel, query, matches } };
+}
+/**
+ * POST /label  body: { sender, channel, name }
+ * Sets a sender's display label via the UPDATE-only web endpoint. This is the
+ * ONLY write this read-only gate can make. It is structurally incapable of
+ * creating a row or changing `status`, so it CANNOT open the gate — a label is
+ * non-privileged display metadata. Reading is always re-gated by status per
+ * address, so a wrong/forged label can never reveal message text.
+ */
+async function handleLabel(cfg, rawBody) {
+    let parsed;
+    try {
+        parsed = JSON.parse(rawBody || '{}');
+    }
+    catch {
+        return { status: 400, body: { error: 'Invalid JSON body.' } };
+    }
+    const b = (parsed ?? {});
+    const sender = parseSender(typeof b.sender === 'string' ? b.sender : null);
+    const channel = parseChannel(typeof b.channel === 'string' ? b.channel : null);
+    const name = parseName(typeof b.name === 'string' ? b.name : null);
+    try {
+        const result = await (0, api_1.setLabel)(cfg, channel, sender, name);
+        return { status: 200, body: { ok: true, channel, sender, label: name, result } };
+    }
+    catch (e) {
+        const msg = String(e instanceof Error ? e.message : e);
+        // Surface the web 404 (sender not on the list) as a 404 to the caller.
+        const code = /HTTP 404/.test(msg) ? 404 : 502;
+        return { status: code, body: { error: `Label failed: ${msg}` } };
+    }
+}
+/** Build (but do not start) the HTTP server. Exposed for tests. */
+function createServer(cfg) {
+    const token = cfg.serveToken ?? '';
+    return http.createServer((req, res) => {
+        void (async () => {
+            try {
+                const method = req.method ?? 'GET';
+                // Parse against a dummy base; we only use pathname + searchParams.
+                const url = new URL(req.url ?? '/', 'http://localhost');
+                const pathname = url.pathname.replace(/\/+$/, '') || '/';
+                // /health is unauthenticated (connectivity probe only — no data).
+                // GET only — no body, no data.
+                if (method === 'GET' && pathname === '/health') {
+                    return sendJson(res, 200, { ok: true, version: VERSION });
+                }
+                // Only GET (reads) and POST /label (the single non-privileged write)
+                // are allowed on this surface.
+                if (method !== 'GET' && method !== 'POST') {
+                    return sendJson(res, 405, { error: 'Method not allowed.' });
+                }
+                // Everything past /health requires a valid bearer token — including the
+                // POST /label write.
+                if (!bearerOk(req.headers['authorization'], token)) {
+                    res.setHeader('www-authenticate', 'Bearer');
+                    return sendJson(res, 401, { error: 'Unauthorized.' });
+                }
+                if (method === 'POST') {
+                    if (pathname === '/label') {
+                        const rawBody = await readBody(req, MAX_BODY_BYTES);
+                        const r = await handleLabel(cfg, rawBody);
+                        return sendJson(res, r.status, r.body);
+                    }
+                    return sendJson(res, 404, { error: 'Not found.' });
+                }
+                switch (pathname) {
+                    case '/list-new': {
+                        const r = await handleListNew(cfg, url);
+                        return sendJson(res, r.status, r.body);
+                    }
+                    case '/read': {
+                        const r = await handleRead(cfg, url);
+                        return sendJson(res, r.status, r.body);
+                    }
+                    case '/check': {
+                        const r = await handleCheck(cfg, url);
+                        return sendJson(res, r.status, r.body);
+                    }
+                    case '/resolve': {
+                        const r = await handleResolve(cfg, url);
+                        return sendJson(res, r.status, r.body);
+                    }
+                    default:
+                        return sendJson(res, 404, { error: 'Not found.' });
+                }
+            }
+            catch (e) {
+                // Validation/handler errors → 400 with a safe message (never the token).
+                return sendJson(res, 400, {
+                    error: String(e instanceof Error ? e.message : e),
+                });
+            }
+        })();
+    });
+}
+/** Start `snazi serve`. Resolves when the server is listening. */
+async function startServer(cfg, opts) {
+    if (!cfg.serveToken) {
+        throw new Error('serveToken not set in ~/.snazi/config.json. Add a strong random token ' +
+            '(e.g. `openssl rand -hex 32`) before exposing the gate over HTTP.');
+    }
+    const bind = resolveBind(cfg, opts);
+    const port = resolvePort(cfg, opts);
+    const server = createServer(cfg);
+    await new Promise((resolve, reject) => {
+        server.once('error', reject);
+        server.listen(port, bind, () => {
+            server.off('error', reject);
+            resolve();
+        });
+    });
+    const onTailnet = bind.startsWith('100.') || bind === detectTailscaleIp();
+    console.error(JSON.stringify({
+        ok: true,
+        msg: 'snazi serve listening (read-only gate)',
+        bind,
+        port,
+        version: VERSION,
+        surface: ['/health', '/list-new', '/check', '/read', '/resolve', 'POST /label'],
+        reachable_on: bind === '127.0.0.1'
+            ? 'loopback only (front with `tailscale serve` for tailnet access)'
+            : onTailnet
+                ? 'tailnet only (100.x)'
+                : `custom bind ${bind}`,
+    }));
+    return { bind, port, server };
+}

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "@chipallen2/snazi",
+  "version": "0.1.0",
+  "description": "On-demand local gate for your messages. Reveals WHO contacted you; only reveals WHAT for approved senders. iMessage today, pluggable channels next.",
+  "license": "MIT",
+  "homepage": "https://snazi.dev",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/chipallen2/snazi.git",
+    "directory": "packages/snazi"
+  },
+  "bugs": {
+    "url": "https://github.com/chipallen2/snazi/issues"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "commonjs",
+  "bin": {
+    "snazi": "dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "com.soup-nazi.snazi-serve.plist",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "imessage",
+    "cli",
+    "ai-agent",
+    "prompt-injection",
+    "gate",
+    "macos"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/cli.js",
+    "prepare": "npm run build",
+    "test": "npm run build && node test/address.test.cjs && node test/cache.test.cjs && node test/both-sides.test.cjs && node test/serve-names.test.cjs && node test/channels.test.cjs"
+  },
+  "optionalDependencies": {
+    "better-sqlite3": "^11.3.0"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.11",
+    "@types/node": "^20.14.0",
+    "typescript": "^5.5.3"
+  }
+}