iMessage plugin: selfAddresses in access.json should filter auto-discovered SELF addresses

Resolved 💬 3 comments Opened Mar 28, 2026 by stephanschoenig Closed Apr 27, 2026

Summary

The iMessage channel plugin auto-discovers the user's identities by querying chat.db at boot (both message.account and chat.last_addressed_handle). All discovered addresses are added to the SELF set and used for self-chat detection and permission prompt routing.

The selfAddresses field in access.json currently only adds to this set — it doesn't filter out unwanted addresses. This means old phone numbers from historical conversations (e.g. a foreign SIM from years ago) are always picked up, with no way to opt out.

Problem

  • A user with multiple phone numbers/emails in their Messages history has no way to control which identity the plugin uses for sending permission prompts
  • Old numbers discovered from chat.last_addressed_handle may incur SMS costs when the plugin sends to those chat GUIDs
  • The user cannot delete the old chat from Messages.app without losing conversation history

Proposed behaviour

When selfAddresses is set and non-empty in access.json, treat it as an exclusive list:

  1. After populating SELF from chat.db, intersect it with selfAddresses
  2. Remove any auto-discovered addresses not in selfAddresses
  3. Add any selfAddresses not yet discovered from chat.db

When selfAddresses is absent or empty, preserve the current behaviour (auto-discover everything).

This gives users explicit control over which identities the plugin considers "self" while remaining backwards-compatible.

Workaround

A local patch to server.ts (after the SELF population block) that reads selfAddresses from access.json and filters accordingly. This works but is overwritten on plugin updates.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗