Skip to content

Re-vendor wacli to upstream openclaw/wacli v0.11.0#6

Merged
mattmezza merged 11 commits into
mainfrom
feat/revendor-wacli-upstream
Jun 7, 2026
Merged

Re-vendor wacli to upstream openclaw/wacli v0.11.0#6
mattmezza merged 11 commits into
mainfrom
feat/revendor-wacli-upstream

Conversation

@mattmezza

@mattmezza mattmezza commented Jun 7, 2026

Copy link
Copy Markdown
Owner

Fixes #3.

Re-points the WhatsApp integration from the stale pre-0.5 vendored snapshot
(github.com/steipete/wacli, 0.5.0-Unreleased, whatsmeow pinned Feb 2026)
to a pinned upstream binary (github.com/openclaw/wacli@v0.11.0). The three
known pains — auth loss, stale sync, lock contention — are all fixed upstream.

Note: the issue suggested v0.11.1, but the latest published upstream tag is
v0.11.0 (2026-05-22). Pinned to v0.11.0; bump the single WACLI_VERSION
when a newer tag ships.

Changes

  • De-vendor. Removed the tools/wacli/ source tree (73 files). The Docker
    image now go installs the pinned tag (WACLI_VERSION ARG, CGO + sqlite_fts5)
    into /usr/local/bin. Dropped nodejs/npm/corepack/pnpm — only the vendored
    build needed them. make dev-wa installs the same tag into ~/go/bin.
  • Patches → config. The vendored main.go device-label patch is replaced by
    WACLI_DEVICE_LABEL=MPA (native since 0.2.0), set via Docker ENV and injected
    by the wrapper/executor. The client.go +-strip and wait-for-Connected patches
    are dropped (native E.164 canonicalization since 0.9.0; presence/connect handling
    since 0.10.0).
  • Hardened wrapper (core/wacli.py). --lock-wait 30s on every call (wait for
    the store lock instead of fail-fast); --read-only on pure reads (auth status,
    messages list) to skip the session lock. Binary resolves via WACLI_BIN → PATH → ~/go/bin.
  • Executor (core/executor.py). Same binary resolution; injects the device
    label for agent-run wacli commands.
  • Docs/skill. Documented v0.11 global flags (--read-only, --lock-wait,
    --account, --events) and newer commands (messages forward/revoke,
    send status, calls list); added an "Upgrading wacli" section covering the
    405-driven re-auth. Fixed the stale upstream link and tools/wacli/ references.

Operator action after merge

Crossing the 405/protocol boundary invalidates the session: re-authenticate
once (admin UI → Channels → WhatsApp → rescan QR). Only session.db changes;
the message store (wacli.db) is preserved — back it up first.

Verification

  • go install ...@v0.11.0 builds clean (CGO + sqlite_fts5); resulting binary
    reports 0.11.0 and exposes all wrapper flags.
  • ruff check . clean; pytest 252 passed.

mattmezza added 11 commits June 7, 2026 21:41
@mattmezza
fix(skills): update himalaya skill for CLI v1.2.0
04d4e2d 
- Search: replace removed raw-IMAP `-- "..."` with positional query DSL
- message move/copy: TARGET folder first, then ID (-f is source)
- Sending: drop interactive editor traps; use non-interactive template
  pipe and raw `message send`
- Cover read preview (-p), flags, delete, spam-via-move, reply-all (-A)
- Note shared SMTP/IMAP app-password env var

Closes #2
@mattmezza
build: remove stale vendored wacli source tree
8ad5f48 
Vendored tools/wacli was a pre-0.5 snapshot (0.5.0-Unreleased, module
github.com/steipete/wacli, whatsmeow pinned Feb 2026). Upstream moved to
github.com/openclaw/wacli and is now v0.11.x. Drop the vendored tree in
favor of a pinned upstream binary.
@mattmezza
build: install pinned upstream wacli binary in image
4210507 
Replace the pnpm-built vendored binary with 'go install
github.com/openclaw/wacli/cmd/wacli@${WACLI_VERSION}' (pinned v0.11.0,
CGO + sqlite_fts5). Drop nodejs/npm/corepack/pnpm — only the vendored
wacli build needed them. Set WACLI_DEVICE_LABEL=MPA via ENV so the linked
device identity is native config, not a source patch.
@mattmezza
feat(wacli): harden subprocess wrapper for upstream v0.11
72f3427 
- Set WACLI_DEVICE_LABEL=MPA via env (replaces the vendored main.go patch).
- Add --lock-wait 30s to every call so reads/auth wait for the store lock
  instead of failing fast against a long-lived sync.
- Add --read-only to pure reads (auth status, messages list) to skip the
  session-store lock entirely.
- Drop the tools/wacli/dist fallback path; resolve via WACLI_BIN, PATH, or
  ~/go/bin (go install target).
@mattmezza
build: install upstream wacli via go install in dev-wa target
b3d7925 
Replace the pnpm vendored build with 'go install
github.com/openclaw/wacli/cmd/wacli@$(WACLI_VERSION)'. Pin matches the
Dockerfile. dev target no longer gates the wacli step on tools/wacli.
@mattmezza
docs(wacli): document v0.11 flags, lock-wait/read-only, new commands
20ca235 
Add global-flags and newer-commands sections (--read-only, --lock-wait,
--account, --events; messages forward/revoke, send status, calls list) and
correct the lock note (wait/skip instead of fail-fast). Update the
binary-not-found hint to point at 'make dev-wa' / WACLI_BIN.
@mattmezza
docs: document de-vendored wacli, pin bump + re-auth flow
1751bca 
- channels.mdx: correct upstream link (openclaw/wacli), explain the pinned
  WACLI_VERSION / WACLI_BIN / WACLI_DEVICE_LABEL model, and add an
  'Upgrading wacli' section covering the 405-driven re-auth.
- Drop stale tools/wacli ignore entries from .gitignore and .dockerignore.
@mattmezza
fix(executor): resolve wacli from PATH/go-bin, inject device label
9cbb8e6 
Drop the vendored tools/wacli/dist lookup; fall back to ~/go/bin (go
install target) after WACLI_BIN and PATH. Inject WACLI_DEVICE_LABEL=MPA
for agent-run wacli commands when not already set, so the linked device
identity holds in local dev too (Docker sets it via ENV).
@mattmezza
docs: update WhatsApp references for de-vendored wacli
ba0ce46 
README and pa.md pointed at the removed tools/wacli/ tree. Point at the
upstream repo and the pinned-install model instead.
@mattmezza
chore: remove dead static himalaya config path
898cb76 
Email config is materialized from the config store (Admin UI) to a runtime
Himalaya config; the executor always points HIMALAYA_CONFIG/XDG_CONFIG_HOME
at it, so the docker-compose-mounted cli-configs/himalaya.toml was never read.

- Drop the compose mount and Dockerfile config dir
- Delete cli-configs/ (himalaya.toml.example) and its .gitignore rules
- Remove now-unused HIMALAYA_*_PASSWORD env vars from .env.example
- Drop stale references from README and deployment docs
@mattmezza
fix(wacli): read auth QR from --events NDJSON on stderr
b85b94b 
wacli >=0.8 no longer prints the QR as JSON on stdout; it streams an
NDJSON `qr_code` event on stderr under --events (default qr-format writes
a terminal QR to stderr). The wrapper still parsed the old stdout shape,
so latest_qr was never set, the auth process idle-exited, and the UI fell
back to the misleading 'Auth not started' message.

- start_auth: spawn with --events, parse stderr; envelope is
  {event: qr_code, data: {code}}.
- fetch_latest_qr: drop the second competing 'auth' spawn (lock contention,
  wrong format); the streaming consumer is now the QR source.
- auth/start endpoint + UI: surface 'wacli not found' instead of silently
  no-opping when the binary is missing.
@mattmezza mattmezza merged commit a935510 into main Jun 7, 2026
1 check passed
@mattmezza mattmezza deleted the feat/revendor-wacli-upstream branch June 7, 2026 20:07
This was referenced Jun 7, 2026
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Re-vendor wacli to upstream openclaw/wacli v0.11.x (fixes auth loss, stale sync, lock contention)

1 participant

@mattmezza