aimessage-app 1.0.0

package/bin/aimessage.js

@@ -0,0 +1,254 @@
+#!/usr/bin/env node
+
+const { execSync } = require("child_process");
+const path = require("path");
+const fs = require("fs");
+const os = require("os");
+
+const cmd = process.argv[2];
+
+if (!cmd || cmd === "setup") {
+  setup();
+} else if (cmd === "status") {
+  status();
+} else if (cmd === "proofs") {
+  proofs();
+} else if (cmd === "uninstall") {
+  uninstall();
+} else {
+  console.log(`
+  aimessage — Your AI asks before it acts.
+
+  Commands:
+    setup       Install the Claude Code hook
+    status      Check if hook is active
+    proofs      Show recent proofs
+    uninstall   Remove the hook
+  `);
+}
+
+function setup() {
+  console.log("\n  AiMessage Setup\n");
+
+  // Check macOS
+  if (process.platform !== "darwin") {
+    console.log("  ✗ AiMessage requires macOS (for iMessage).\n");
+    process.exit(1);
+  }
+
+  // Check Messages app access
+  try {
+    execSync('osascript -e \'tell application "Messages" to name\'', { stdio: "pipe" });
+    console.log("  ✓ Messages app accessible");
+  } catch {
+    console.log("  ✗ Can't access Messages app. Open Messages and sign in to iMessage first.\n");
+    process.exit(1);
+  }
+
+  // Get phone number
+  const readline = require("readline");
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+
+  rl.question("  Your phone number (for iMessage replies): ", (phone) => {
+    phone = phone.trim();
+    if (!phone) {
+      console.log("  ✗ Phone number required.\n");
+      process.exit(1);
+    }
+
+    // Save config
+    const configDir = path.join(os.homedir(), ".aimessage");
+    if (!fs.existsSync(configDir)) fs.mkdirSync(configDir, { recursive: true });
+
+    fs.writeFileSync(path.join(configDir, "config.json"), JSON.stringify({
+      phone,
+      createdAt: new Date().toISOString(),
+    }, null, 2));
+
+    console.log("  ✓ Phone saved");
+
+    // Create proof database
+    initDb(configDir);
+    console.log("  ✓ Proof database created");
+
+    // Install hook into Claude Code settings
+    installHook(configDir);
+    console.log("  ✓ Claude Code hook installed");
+
+    // Test iMessage
+    console.log("\n  Sending test message...");
+    try {
+      sendMessage(phone, 'AiMessage is set up. Reply "ok" to confirm.');
+      console.log("  ✓ Check your phone for the test message");
+    } catch (e) {
+      console.log("  ⚠ Couldn't send test message. Make sure Messages is open and signed in.");
+    }
+
+    console.log("\n  Done. Open Claude Code — every action will ask you first.\n");
+    rl.close();
+  });
+}
+
+function installHook(configDir) {
+  const hookScript = path.join(configDir, "hook.sh");
+  const nodeScript = path.join(configDir, "check.js");
+
+  // Write the check script (Node.js — handles iMessage + proofs)
+  fs.writeFileSync(nodeScript, fs.readFileSync(path.join(__dirname, "..", "lib", "check.js"), "utf8"));
+
+  // Write the shell hook
+  fs.writeFileSync(hookScript, `#!/bin/bash
+node "${nodeScript}"
+`, { mode: 0o755 });
+
+  // Update Claude Code settings.json
+  const claudeDir = path.join(os.homedir(), ".claude");
+  if (!fs.existsSync(claudeDir)) fs.mkdirSync(claudeDir, { recursive: true });
+
+  const settingsPath = path.join(claudeDir, "settings.json");
+  let settings = {};
+  if (fs.existsSync(settingsPath)) {
+    try { settings = JSON.parse(fs.readFileSync(settingsPath, "utf8")); } catch {}
+  }
+
+  if (!settings.hooks) settings.hooks = {};
+  if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
+
+  // Remove existing aimessage hooks
+  settings.hooks.PreToolUse = settings.hooks.PreToolUse.filter(
+    h => !JSON.stringify(h).includes("aimessage")
+  );
+
+  // Add new hook
+  settings.hooks.PreToolUse.push({
+    matcher: "",
+    hooks: [{
+      type: "command",
+      command: hookScript,
+    }],
+  });
+
+  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
+}
+
+function initDb(configDir) {
+  const dbPath = path.join(configDir, "proofs.db");
+  try {
+    const Database = require("better-sqlite3");
+    const db = new Database(dbPath);
+    db.exec(`
+      CREATE TABLE IF NOT EXISTS proofs (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        tool TEXT NOT NULL,
+        args TEXT,
+        decision TEXT NOT NULL,
+        timestamp TEXT NOT NULL,
+        prev_hash TEXT,
+        hash TEXT
+      )
+    `);
+    db.close();
+  } catch {
+    // If better-sqlite3 isn't available, we'll create on first use
+    fs.writeFileSync(path.join(configDir, "proofs.json"), "[]");
+  }
+}
+
+function sendMessage(phone, text) {
+  const escaped = text.replace(/"/g, '\\"');
+  execSync(`osascript -e '
+    tell application "Messages"
+      set targetBuddy to "${phone}"
+      set targetService to id of 1st account whose service type = iMessage
+      set theBuddy to participant targetBuddy of account id targetService
+      send "${escaped}" to theBuddy
+    end tell
+  '`, { stdio: "pipe" });
+}
+
+function status() {
+  const configDir = path.join(os.homedir(), ".aimessage");
+  const configPath = path.join(configDir, "config.json");
+
+  if (!fs.existsSync(configPath)) {
+    console.log("\n  AiMessage is not set up. Run: aimessage setup\n");
+    return;
+  }
+
+  const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
+  console.log(`\n  AiMessage Status`);
+  console.log(`  Phone: ${config.phone}`);
+  console.log(`  Since: ${new Date(config.createdAt).toLocaleDateString()}`);
+
+  // Check hook
+  const settingsPath = path.join(os.homedir(), ".claude", "settings.json");
+  if (fs.existsSync(settingsPath)) {
+    const settings = JSON.parse(fs.readFileSync(settingsPath, "utf8"));
+    const hasHook = JSON.stringify(settings.hooks || {}).includes("aimessage");
+    console.log(`  Hook: ${hasHook ? "active" : "not found"}`);
+  }
+
+  console.log("");
+}
+
+function proofs() {
+  const configDir = path.join(os.homedir(), ".aimessage");
+
+  // Try JSON fallback
+  const jsonPath = path.join(configDir, "proofs.json");
+  if (fs.existsSync(jsonPath)) {
+    const proofs = JSON.parse(fs.readFileSync(jsonPath, "utf8"));
+    if (proofs.length === 0) {
+      console.log("\n  No proofs yet.\n");
+      return;
+    }
+    console.log(`\n  Recent proofs (${proofs.length} total):\n`);
+    proofs.slice(-10).forEach(p => {
+      const icon = p.decision === "allow" ? "✓" : "✗";
+      console.log(`  ${icon} ${p.tool} — ${p.decision} — ${new Date(p.timestamp).toLocaleString()}`);
+    });
+    console.log("");
+    return;
+  }
+
+  // Try SQLite
+  try {
+    const Database = require("better-sqlite3");
+    const db = new Database(path.join(configDir, "proofs.db"));
+    const rows = db.prepare("SELECT * FROM proofs ORDER BY id DESC LIMIT 10").all();
+    db.close();
+
+    if (rows.length === 0) {
+      console.log("\n  No proofs yet.\n");
+      return;
+    }
+    console.log(`\n  Recent proofs:\n`);
+    rows.reverse().forEach(r => {
+      const icon = r.decision === "allow" ? "✓" : "✗";
+      console.log(`  ${icon} ${r.tool} — ${r.decision} — ${new Date(r.timestamp).toLocaleString()}`);
+    });
+    console.log("");
+  } catch {
+    console.log("\n  No proofs found.\n");
+  }
+}
+
+function uninstall() {
+  // Remove hook from settings
+  const settingsPath = path.join(os.homedir(), ".claude", "settings.json");
+  if (fs.existsSync(settingsPath)) {
+    try {
+      const settings = JSON.parse(fs.readFileSync(settingsPath, "utf8"));
+      if (settings.hooks?.PreToolUse) {
+        settings.hooks.PreToolUse = settings.hooks.PreToolUse.filter(
+          h => !JSON.stringify(h).includes("aimessage")
+        );
+      }
+      fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
+      console.log("\n  ✓ Hook removed from Claude Code");
+    } catch {}
+  }
+
+  console.log("  ✓ AiMessage uninstalled\n");
+  console.log("  Your proofs are still in ~/.aimessage/\n");
+}

package/lib/check.js

@@ -0,0 +1,213 @@
+#!/usr/bin/env node
+
+// AiMessage — PreToolUse hook for Claude Code
+// Reads tool call from stdin, sends iMessage, waits for reply, allows or denies.
+
+const { execSync } = require("child_process");
+const fs = require("fs");
+const path = require("path");
+const os = require("os");
+const crypto = require("crypto");
+
+const CONFIG_DIR = path.join(os.homedir(), ".aimessage");
+const CONFIG_PATH = path.join(CONFIG_DIR, "config.json");
+const PROOFS_PATH = path.join(CONFIG_DIR, "proofs.json");
+const ALLOWED_PATH = path.join(CONFIG_DIR, "allowed.json");
+
+// Read-only tools that don't need approval
+const SKIP_TOOLS = new Set([
+  "Read", "Glob", "Grep", "WebSearch", "WebFetch",
+  "mcp__Claude_Preview__preview_screenshot",
+  "mcp__Claude_Preview__preview_snapshot",
+  "mcp__Claude_Preview__preview_inspect",
+  "mcp__Claude_Preview__preview_logs",
+  "mcp__Claude_Preview__preview_console_logs",
+  "mcp__Claude_Preview__preview_network",
+  "mcp__Claude_Preview__preview_list",
+  "TaskOutput",
+]);
+
+async function main() {
+  // Read stdin (Claude Code sends JSON with tool info)
+  let input = "";
+  for await (const chunk of process.stdin) input += chunk;
+
+  let data;
+  try { data = JSON.parse(input); } catch { process.exit(0); } // Can't parse = allow
+
+  const tool = data.tool_name || data.tool || "unknown";
+  const args = data.tool_input || data.input || {};
+
+  // Skip read-only tools
+  if (SKIP_TOOLS.has(tool)) process.exit(0);
+
+  // Load config
+  if (!fs.existsSync(CONFIG_PATH)) {
+    process.stderr.write("AiMessage not set up. Run: aimessage setup\n");
+    process.exit(0); // Allow if not configured (don't block)
+  }
+
+  const config = JSON.parse(fs.readFileSync(CONFIG_PATH, "utf8"));
+  const phone = config.phone;
+
+  // Check if already allowed
+  const allowed = loadAllowed();
+  if (allowed.has(tool)) {
+    recordProof(tool, args, "allow", "previously approved");
+    process.exit(0);
+  }
+
+  // Build human-readable message
+  const summary = buildSummary(tool, args);
+  const msg = `🔒 ${summary}\n\nReply: YES (always) / ONCE / NO`;
+
+  // Send iMessage
+  try {
+    sendMessage(phone, msg);
+  } catch (e) {
+    process.stderr.write(`AiMessage: couldn't send iMessage: ${e.message}\n`);
+    process.exit(0); // Allow if can't message (don't block work)
+  }
+
+  // Wait for reply (poll Messages for up to 120 seconds)
+  const reply = await waitForReply(phone, 120);
+
+  if (!reply) {
+    // Timeout — deny
+    recordProof(tool, args, "deny", "timeout");
+    sendMessage(phone, "⏰ Timed out. Action denied.");
+    process.stderr.write("AiMessage: timed out waiting for reply. Denied.\n");
+    process.exit(2);
+  }
+
+  const answer = reply.trim().toUpperCase();
+
+  if (answer === "YES" || answer === "Y") {
+    // Always allow this tool
+    allowed.add(tool);
+    saveAllowed(allowed);
+    recordProof(tool, args, "allow", "always");
+    sendMessage(phone, "✅ Allowed (always).");
+    process.exit(0);
+  } else if (answer === "ONCE" || answer === "1") {
+    // Allow once
+    recordProof(tool, args, "allow", "once");
+    sendMessage(phone, "✅ Allowed (once).");
+    process.exit(0);
+  } else {
+    // Deny
+    recordProof(tool, args, "deny", "denied by user");
+    sendMessage(phone, "❌ Denied.");
+    process.stderr.write("AiMessage: denied by user.\n");
+    process.exit(2);
+  }
+}
+
+function buildSummary(tool, args) {
+  const name = tool.replace(/[_-]/g, " ");
+
+  if (args.file_path || args.path) return `${name}: ${args.file_path || args.path}`;
+  if (args.command) return `${name}: $ ${String(args.command).slice(0, 80)}`;
+  if (args.url) return `${name}: ${args.url}`;
+  if (args.query) return `${name}: "${String(args.query).slice(0, 60)}"`;
+  if (args.content && args.file_path) return `${name}: write to ${args.file_path}`;
+
+  return name;
+}
+
+function sendMessage(phone, text) {
+  const escaped = text.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+  execSync(`osascript <<'SCPT'
+tell application "Messages"
+  set targetService to id of 1st account whose service type = iMessage
+  set theBuddy to participant "${phone}" of account id targetService
+  send "${escaped}" to theBuddy
+end tell
+SCPT`, { stdio: "pipe", timeout: 10000 });
+}
+
+function waitForReply(phone, timeoutSeconds) {
+  return new Promise((resolve) => {
+    const start = Date.now();
+    const deadline = start + timeoutSeconds * 1000;
+
+    // Get current message count to know baseline
+    const baseline = getLatestMessage(phone);
+    const baselineText = baseline || "";
+    const baselineTime = Date.now();
+
+    const poll = setInterval(() => {
+      if (Date.now() > deadline) {
+        clearInterval(poll);
+        resolve(null);
+        return;
+      }
+
+      try {
+        const latest = getLatestMessage(phone);
+        // Check if it's a new message (different from baseline)
+        if (latest && latest !== baselineText) {
+          const upper = latest.trim().toUpperCase();
+          if (["YES", "Y", "NO", "N", "ONCE", "1"].includes(upper)) {
+            clearInterval(poll);
+            resolve(latest);
+            return;
+          }
+        }
+      } catch {}
+    }, 2000); // Poll every 2 seconds
+  });
+}
+
+function getLatestMessage(phone) {
+  try {
+    // Query Messages database directly for the most recent incoming message
+    const dbPath = path.join(os.homedir(), "Library", "Messages", "chat.db");
+    const result = execSync(`sqlite3 "${dbPath}" "
+      SELECT m.text FROM message m
+      JOIN handle h ON m.handle_id = h.ROWID
+      WHERE h.id LIKE '%${phone.replace(/[^0-9+]/g, "")}%'
+        AND m.is_from_me = 0
+      ORDER BY m.date DESC LIMIT 1;
+    "`, { stdio: "pipe", timeout: 5000 }).toString().trim();
+    return result || null;
+  } catch {
+    return null;
+  }
+}
+
+function loadAllowed() {
+  if (!fs.existsSync(ALLOWED_PATH)) return new Set();
+  try {
+    return new Set(JSON.parse(fs.readFileSync(ALLOWED_PATH, "utf8")));
+  } catch { return new Set(); }
+}
+
+function saveAllowed(set) {
+  fs.writeFileSync(ALLOWED_PATH, JSON.stringify([...set], null, 2));
+}
+
+function recordProof(tool, args, decision, reason) {
+  let proofs = [];
+  if (fs.existsSync(PROOFS_PATH)) {
+    try { proofs = JSON.parse(fs.readFileSync(PROOFS_PATH, "utf8")); } catch {}
+  }
+
+  const prevHash = proofs.length > 0 ? proofs[proofs.length - 1].hash : null;
+  const payload = JSON.stringify({ tool, decision, reason, timestamp: new Date().toISOString(), prevHash });
+  const hash = crypto.createHash("sha256").update(payload).digest("hex");
+
+  proofs.push({
+    tool,
+    args: typeof args === "object" ? JSON.stringify(args).slice(0, 500) : null,
+    decision,
+    reason,
+    timestamp: new Date().toISOString(),
+    prevHash,
+    hash,
+  });
+
+  fs.writeFileSync(PROOFS_PATH, JSON.stringify(proofs, null, 2));
+}
+
+main().catch(() => process.exit(0));

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "aimessage-app",
+  "version": "1.0.0",
+  "description": "Your AI asks before it acts. Approve or deny AI actions via iMessage.",
+  "bin": {
+    "aimessage": "./bin/aimessage.js"
+  },
+  "files": ["bin/", "lib/", "README.md"],
+  "keywords": ["ai", "imessage", "claude", "occ", "approval", "governance"],
+  "license": "MIT",
+  "author": "Mike Argento",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mikeargento/occ"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "better-sqlite3": "^11.0.0"
+  }
+}