Claude
Skills
Sign in
Back

imsg-rpc

Included with Lifetime
$97 forever

Set up, maintain, and debug the imsg-rpc Unix socket daemon that gives the gateway iMessage access via JSON-RPC. Covers FDA setup, code signing, launchd service, and the imsg source repo.

Code Reviewimessagegatewayimsglaunchdfdarpc

What this skill does


# imsg-rpc Skill

Manages the `com.joel.imsg-rpc` launchd service that bridges the gateway daemon to iMessage via a Unix socket.

## Architecture (ADR-0121)

```
gateway daemon (bun, no FDA)
    ↕ JSON-RPC over /tmp/imsg.sock
imsg-rpc (com.joel.imsg-rpc launchd agent, has FDA)
    ↕ SQLite reads
~/Library/Messages/chat.db
```

- **Source**: `~/Code/steipete/imsg` (we own it — modify freely)
- **Build binary**: `~/Code/steipete/imsg/bin/imsg`
- **Launch binary**: `/Applications/imsg-rpc.app/Contents/MacOS/imsg`
- **Socket**: `/tmp/imsg.sock`
- **launchd plist**: `~/Library/LaunchAgents/com.joel.imsg-rpc.plist`
- **Logs**: `/tmp/joelclaw/imsg-rpc.{log,err}`
- **Gateway channel**: `packages/gateway/src/channels/imessage.ts`

## Status Check

```bash
launchctl print gui/$(id -u)/com.joel.imsg-rpc | rg "state =|pid =|runs =|last exit code"
lsof -p "$(launchctl print gui/$(id -u)/com.joel.imsg-rpc | awk '/pid =/{print $3; exit}')" | rg "imsg.sock|chat.db"
lsof -nP -U | rg "imsg.sock|com.joel.gateway|/tmp/imsg.sock"  # gateway socket peer
tail -10 /tmp/joelclaw/gateway.log | rg imessage
```

Healthy state: PID present, exit code 0, gateway shows `watch.subscribe OK`.

## Restart

```bash
launchctl unload ~/Library/LaunchAgents/com.joel.imsg-rpc.plist
launchctl load ~/Library/LaunchAgents/com.joel.imsg-rpc.plist
```

## Rebuild imsg

Always use `build-local.sh` — NOT `make build` — so signing stays stable and `/Applications/imsg-rpc.app` stays in sync with source builds:

```bash
cd ~/Code/steipete/imsg && ./build-local.sh
```

`build-local.sh` now:
- builds `bin/imsg`
- signs with `imsg Local Signing`
- refreshes/signs `/Applications/imsg-rpc.app` via `scripts/install-rpc-app.sh`

## FDA Setup (new machine)

The `imsg` binary needs Full Disk Access. macOS requires a verifiable code signature to accept it.

### 1. Create local signing cert (once per machine)

```bash
cat > /tmp/imsg-ext.cnf << 'EOF'
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
[req_distinguished_name]
[v3_req]
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, codeSigning
basicConstraints = CA:FALSE
EOF

openssl req -x509 -newkey rsa:2048 \
  -keyout /tmp/imsg-key.pem -out /tmp/imsg-cert.pem \
  -days 3650 -nodes \
  -subj "/CN=imsg Local Signing/O=Joel Hooks" \
  -config /tmp/imsg-ext.cnf -extensions v3_req

openssl pkcs12 -export \
  -out /tmp/imsg-sign.p12 \
  -inkey /tmp/imsg-key.pem -in /tmp/imsg-cert.pem \
  -passout pass:imsg123 -name "imsg Local Signing" \
  -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -macalg sha1

security import /tmp/imsg-sign.p12 \
  -k ~/Library/Keychains/login.keychain-db \
  -P imsg123 -T /usr/bin/codesign

security add-trusted-cert -d -r trustRoot \
  -k ~/Library/Keychains/login.keychain-db /tmp/imsg-cert.pem

security find-identity -v -p codesigning  # should show "imsg Local Signing"
```

### 2. Build and sign

```bash
cd ~/Code/steipete/imsg && ./build-local.sh
```

### 3. Grant FDA in System Settings

```bash
open "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles"
```

- Click **+**
- Press **⌘⇧G**, paste `/Applications/imsg-rpc.app`, Enter
- Toggle **ON**

### 4. Load service

```bash
launchctl load ~/Library/LaunchAgents/com.joel.imsg-rpc.plist
```

Verify: `tail -f /tmp/joelclaw/gateway.log | grep imessage` — should show `watch.subscribe OK`.

## Troubleshooting

### `permissionDenied` in imsg-rpc.log

FDA is missing or csreq mismatch. Check:

```bash
sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db \
  "SELECT client, auth_value FROM access WHERE client LIKE '%imsg%';"
# auth_value 2 = allowed, 0 = denied

/usr/bin/log show --last 10m --style compact \
  --predicate 'process == "tccd" && (eventMessage CONTAINS "com.steipete.imsg" || eventMessage CONTAINS "kTCCServiceSystemPolicyAllFiles")' \
  | tail -80
```

If denied (0): go to System Settings → Full Disk Access → toggle imsg ON.
If missing: redo FDA setup step 3.
If `tccd` shows `AUTHREQ_RESULT ... authValue=2` for `/Applications/imsg-rpc.app/Contents/MacOS/imsg`, FDA is granted.

### Socket exists but gateway can't subscribe

imsg-rpc crashed after accepting. Check `/tmp/joelclaw/imsg-rpc.err`. Restart service.

### `connect ENOENT /tmp/imsg.sock` but launchd says running

The daemon process can stay alive while the Unix socket path is unlinked. Gateway cannot connect until the socket path is recreated.

```bash
launchctl kickstart -k gui/$(id -u)/com.joel.imsg-rpc
ls -l /tmp/imsg.sock
```

Gateway now attempts this heal automatically on repeated ENOENT, but manual kickstart is the fastest recovery during incidents.

### FDA toggle didn't help after rebuild

You likely rebuilt without refreshing the app bundle. Re-run:

```bash
cd ~/Code/steipete/imsg && ./build-local.sh
```

### imsg-rpc keeps restarting (exit code 1)

Likely FDA denial. Run from terminal to test:

```bash
/Applications/imsg-rpc.app/Contents/MacOS/imsg chats --limit 1
```

If that works but launchd still fails → FDA entry is for wrong path or wrong signature.

## JSON-RPC Protocol Reference

The gateway uses these methods over `/tmp/imsg.sock`:

```json
// Subscribe to incoming messages
{"jsonrpc":"2.0","method":"watch.subscribe","params":{"participants":["handle"]},"id":1}

// Send a message
{"jsonrpc":"2.0","method":"send","params":{"to":"handle","text":"..."},"id":2}

// Inbound notification format
{"jsonrpc":"2.0","method":"message","params":{"subscription":1,"message":{...}}}
```

## Files

| Path | Purpose |
|------|---------|
| `~/Code/steipete/imsg/` | imsg source (we own) |
| `~/Code/steipete/imsg/bin/imsg` | built binary |
| `/Applications/imsg-rpc.app` | FDA target app bundle for launchd process |
| `~/Code/steipete/imsg/build-local.sh` | build + sign + app sync |
| `~/Code/steipete/imsg/scripts/install-rpc-app.sh` | creates/signs `/Applications/imsg-rpc.app` |
| `~/Library/LaunchAgents/com.joel.imsg-rpc.plist` | launchd service (not in git) |
| `packages/gateway/src/channels/imessage.ts` | gateway socket client |
| `apps/web/content/adrs/0121-imsg-rpc-socket-daemon.md` | ADR |
Files: 2
Size: 6.5 KB
Complexity: 16/100
Category: Code Review
Source: https://github.com/joelhooks/joelclaw/tree/main/skills/imsg-rpc

Related in Code Review

gstack

Included

Fast headless browser for QA testing and site dogfooding. Navigate pages, interact with elements, verify state, diff before/after, take annotated screenshots, test responsive layouts, forms, uploads, dialogs, and capture bug evidence. Use when asked to open or test a site, verify a deployment, dogfood a user flow, or file a bug with screenshots. (gstack)

Code Reviewscriptsfeatured

startup-due-diligence

Included

Legal due diligence review for seed-stage and Series A startups (US, Delaware C-Corp focus). Supports both investor and founder perspectives. Capabilities include: (1) Interactive document review and issue spotting; (2) Document request list generation; (3) Cap table and SAFE/convertible note analysis; (4) Red flag identification with severity ratings; (5) Diligence report generation. TRIGGERS: due diligence, DD, startup investment, cap table review, Series A, seed round, investor diligence, legal review startup, SAFE analysis, convertible note, 409A, founder vesting.

Code Reviewscripts

interview-master

Included

This skill should be used when the user asks to "generate interview questions", "prepare for interview", "optimize resume", "conduct mock interview", "analyze git commits for resume", "generate resume from code", "review my resume", or mentions interview preparation, career assistance, or extracting project experience from git history. Provides comprehensive interview and career development guidance for both job seekers and interviewers.

Code Reviewscripts

fix-issue

Included

Fixes GitHub issues using parallel analysis agents for root cause investigation, code exploration, and regression detection. Reads issue context from gh CLI, searches codebase and memory for related patterns, generates a fix with tests, and links the resolution back to the issue via PR. Includes prevention analysis to avoid recurrence. Use when debugging errors, resolving regressions, fixing bugs, or triaging issues.

Code Reviewscripts

sf-apex

Included

Generates and reviews Salesforce Apex code with 150-point scoring. TRIGGER when: user writes, reviews, or fixes Apex classes, triggers, test classes, batch/queueable/schedulable jobs, or touches .cls/.trigger files. DO NOT TRIGGER when: LWC JavaScript (use sf-lwc), Flow XML (use sf-flow), SOQL-only queries (use sf-soql), or non-Salesforce code.

Code Reviewscripts

swift-development

Included

Comprehensive Swift development for building, testing, and deploying iOS/macOS applications. Use when Claude needs to: (1) Build Swift packages or Xcode projects from command line, (2) Run tests with XCTest or Swift Testing framework, (3) Manage iOS simulators with simctl, (4) Handle code signing, provisioning profiles, and app distribution, (5) Format or lint Swift code with SwiftFormat/SwiftLint, (6) Work with Swift Package Manager (SPM), (7) Implement Swift 6 concurrency patterns (async/await, actors, Sendable), (8) Create SwiftUI views with MVVM architecture, (9) Set up Core Data or SwiftData persistence, or any other Swift/iOS/macOS development tasks.

Code Reviewscripts
Sign up & unlock — $97