feat: add sticker sends#164
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed July 11, 2026, 2:17 PM ET / 18:17 UTC. Summary Reproducibility: not applicable. This PR introduces a new capability rather than repairing established behavior. The earlier proof head is convincingly demonstrated, but equivalent validation is still needed for the current integrated head. Review metrics: 4 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review findings
Review detailsBest possible solution: Integrate the strict, fail-closed sticker surface with current main without losing either side's bridge behavior, remove the release-owned changelog edit, and validate both standalone and attached sends on the resulting exact head before adoption. Do we have a high-confidence way to reproduce the issue? Not applicable: this PR introduces a new capability rather than repairing established behavior. The earlier proof head is convincingly demonstrated, but equivalent validation is still needed for the current integrated head. Is this the best way to solve the issue? Yes, conditionally: one strictly validated and capability-gated CLI/RPC surface is narrower and more maintainable than aliases or semantic fallbacks, provided conflict resolution preserves its trust boundaries and the final head is re-proven. Full review comments:
Overall correctness: patch is correct AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 0b5dea7efdca. Label changesLabel changes:
Label justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (13 earlier review cycles; latest 8 shown)
|
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
5b5c5dd to
f199379
Compare
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review |
# Conflicts: # Sources/IMsgHelper/IMsgInjected.m
|
Merged via Final proof:
Thanks @omarshahine! |
Summary
imsg send-stickerand JSON-RPCsend.stickerstickerSend/stickerAttachselector capabilitiesMaintainer rewrite
This branch keeps Omar's native reverse-engineering and runtime findings, but rewrites the public contract and trust boundaries:
sticker,attachments.sendSticker, andsticker.sendaliasesopenatvalidation; 500 KiB, 618x618, 100-frame, and 25-million-decoded-pixel capsStickeraccessibility metadata; local source basenames are not transmittedRedacted exact-head proof
Recipient-visible screenshot artifact:
The screenshot shows the recipient-side Messages transcript with the PR164 proof text and a rendered sticker attached over the target message bubble. It contains no phone numbers or handles beyond the test chat display name.
Proof was collected on refreshed branch head
0f1924cin the realLobster Test GroupiMessage group, with private handles and local paths redacted in the summary below.Runtime capability after relaunching the branch helper:
{ "bridge_version": 2, "v2_ready": true, "selectors": { "stickerSend": true, "stickerAttach": true, "stickerAssociatedMessage": true, "stickerAttachmentMessage": true, "stickerReplyTo": false }, "rpc_methods": ["send.sticker"] }Standalone sticker send returned:
{ "messageGuid": "B73CDFAE-0423-49B8-A594-0391EDCC9521", "transferGuid": "DAB8D310-8BB6-42D5-B327-6ECC47FADEA3", "selectedMessageGuid": "", "targetPartIndex": 0 }Exact-part attached sticker send to that standalone sticker message returned:
{ "messageGuid": "48C121B6-C87D-4B1D-8487-C4DBE97950E5", "transferGuid": "5A736866-8E7E-4D14-8DDE-9B059B6883C4", "selectedMessageGuid": "B73CDFAE-0423-49B8-A594-0391EDCC9521", "targetPartIndex": 0 }Redacted DB proof for the attached row:
{ "ROWID": 6893, "guid": "48C121B6-C87D-4B1D-8487-C4DBE97950E5", "is_from_me": 1, "associated_message_guid": "p:0/B73CDFAE-0423-49B8-A594-0391EDCC9521", "associated_message_type": 1000, "cache_has_attachments": 1, "chat_guid": "any;+;<redacted-group-id>" }Redacted attachment join proof:
{ "message_guid": "48C121B6-C87D-4B1D-8487-C4DBE97950E5", "attachment_guid": "5A736866-8E7E-4D14-8DDE-9B059B6883C4", "filename": "~/Library/Messages/Attachments/imsg/stickers/<redacted>/13285d97dc50e851dff55277f6a87527baae1bcb194f0e98431d89494696b48a.png", "mime_type": "image/png", "uti": "public.png", "total_bytes": 6902, "is_sticker": 1, "hide_attachment": 0 }imsg history --attachmentsdecoded both rows as sticker attachments and resolved the attached row back to the exact parent:{ "id": 6893, "guid": "48C121B6-C87D-4B1D-8487-C4DBE97950E5", "reply_to_guid": "B73CDFAE-0423-49B8-A594-0391EDCC9521", "attachments": [{ "is_sticker": true, "mime_type": "image/png", "uti": "public.png", "total_bytes": 6902 }] }This proof also found and fixed two exact-head issues before the final run:
O_NOFOLLOWproblem as rich links; it now anchors below the trusted imsg sticker root and walks only descendants withopenat(... O_NOFOLLOW)setReplyToGUID:selector; the associated-message initializer path is sufficient and is what produced the attached sticker row aboveVerification
make build- passed; universal release artifacts built (imsg: arm64 + x86_64; helper: arm64e + arm64 + x86_64)DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer make lint- passed; 9 existing SwiftLint warnings, 0 seriousDEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer make test- passed; 432 testsgit diff --check- passedApple's public sticker constraints are documented in MSSticker.