* refactor(sessions): migrate runtime storage to sqlite * test(sessions): fix sqlite CI regressions * test(sessions): align remaining sqlite fixtures * fix(codex): require sqlite trajectory recorder * test(sessions): align orphan recovery sqlite fixture * test(sessions): align sqlite rebase fixtures * fix(sessions): finish current-main integration of the sqlite flip Resolve the whole-store SDK removal across its owner boundary: drop the loadSessionStore re-export and the registry whole-store wrappers, wire hasTrackedActiveSessionRun into gateway chat, complete the preserveLockedHarnessIds cleanup contract, flip the codex thread-history import to storePath targets, and port remaining main-side tests from file-store helpers to session accessor reads. * chore: drop committed pebbles log, revert plugin-inspector bump, refresh generated docs Remove the 1.8k-line .pebbles/events.jsonl work log from the branch, restore the plugin-inspector advisory lane to main's pinned 0.3.10 so the supply-chain bump gets its own review, and regenerate docs_map, the plugin SDK API baseline, and the export-surface ratchet for the merged tree. * feat(sessions): keep archived transcripts by default with zstd cold storage Codex-style retention: deleting or resetting a session archives its transcript as a zstd-compressed JSONL artifact (plain when the runtime lacks node:zlib zstd) and keeps it until the disk budget evicts oldest first. resetArchiveRetention now governs both deleted and reset archives and defaults to keep; maxDiskBytes defaults to 2gb so retention stays bounded, with archives evicted before live sessions. The cron reaper follows the same knob instead of deleting archives on its own timer. * fix(state): converge agent DB migration lineages and bound database growth Merge coherence: run both structure-gated legacy memory-schema repairs (flip-lineage drop, main-lineage identity rebuild) before the flip migration so pre-flip v1/v2 and pre-merge flip v1/v4 databases all converge, and hoist foreign_keys=OFF outside the schema transaction where the pragma was silently ignored and the v1 sessions rebuild cascade-deleted session_entries. Growth guards: fresh agent DBs enable auto_vacuum=INCREMENTAL, WAL maintenance releases freed pages in bounded passes (never a blocking full VACUUM), and doctor reports state/agent DB bloat from freelist stats. * fix(codex): resolve the store path for thread-history import via the SDK The supervision catalog passed the legacy sessionFile locator to the storePath-targeted transcript mirror; resolve the agent store path with the session-store SDK helper instead of a runtime-object seam so test fakes and headless callers need no extra surface. Drop the obsolete missing-session-id preprocessing case: sessions rows are NOT NULL on session_id and upsert repairs id-less patches at write time. * fix(sessions): fail safe on malformed disk-budget config and doctor stat errors A malformed explicit maxDiskBytes disables the budget instead of falling back to the destructive 2gb default the user never chose, and the doctor bloat check skips databases whose paths stat-fail instead of aborting doctor. * fix(sessions): complete sqlite conflict translations * test(sqlite): align hardening checks with maintenance * test(sessions): inspect compressed transcript archives * fix(tests): await session seeds and drop unused helpers flagged by CI lint The five unawaited writeSessionStoreSeed calls raced their SQLite seeds against the assertions, failing compact shards; the bloat probe drops a useless initializer and the merged tests drop now-unused helpers. * test(sessions): type legacy proof events directly * test(sessions): align hardening contracts * perf(sessions): read usage transcript sizes from SQL aggregates Usage/cost scans walked every session and materialized every transcript event just to re-stringify it for a byte estimate — the #86718 stall class reborn on the DB. readTranscriptStatsSync sums stored JSON bytes in SQLite without loading a single row. * fix(sessions): re-root foreign-root transcript paths onto the current sessions dir Restored backups, moved OPENCLAW_STATE_DIR, and rehearsal copies carry absolute sessionFile paths from the old root; the containment fallback kept those foreign paths, so migration read (and would archive) files in the original root and reported local copies missing. Re-root the canonical agents/<id>/sessions suffix onto the current dir when the file exists there; genuine cross-root layouts still fall through unchanged. * test(agents): seed harness admission through sqlite * fix(sqlite): close agent db on pragma setup failure * fix(doctor): compact and retrofit incremental auto-vacuum after session import The migration is the sanctioned offline window: post-import compact reclaims import churn and applies auto_vacuum=INCREMENTAL to databases created before the fresh-DB pragma existed, so runtime maintenance can release pages in bounded passes on every install. --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
6.6 KiB
summary, read_when, title, sidebarTitle
| summary | read_when | title | sidebarTitle | |||
|---|---|---|---|---|---|---|
| WhatsApp group message handling — activation, allowlists, sessions, and context injection |
|
WhatsApp group messages | WhatsApp groups |
For the cross-channel groups model (Discord, iMessage, Matrix, Microsoft Teams, QQBot, Signal, Slack, Telegram, WhatsApp, Zalo), see Groups. This page covers the WhatsApp-specific behavior on top of that model: activation, group allowlists, per-group session keys, and pending-message context injection.
Goal: let OpenClaw sit in WhatsApp groups, wake up only when pinged, and keep that thread separate from the personal DM session.
`agents.list[].groupChat.mentionPatterns` is shared with the other channels' mention gating. For multi-agent setups, set it per agent, or use `messages.groupChat.mentionPatterns` as a global fallback. With neither set, patterns are derived from the agent identity name/emoji.Behavior
- Activation modes:
mention(default) oralways.mentionrequires a ping: a real WhatsApp @-mention (mentionedJids), a configured regex pattern, the bot's E.164 digits anywhere in the text, or a quoted reply to one of the bot's messages (except shared-number self-chat setups).alwayswakes the agent on every message, but the injected group prompt tells it to reply only when it adds value and to return the exact silent tokenNO_REPLY(case-insensitive) otherwise. Defaults come from config (channels.whatsapp.groupsrequireMention) and can be overridden per group via/activation. - Group allowlist: when
channels.whatsapp.groupsis set, only listed group JIDs are admitted (include"*"to allow all); messages from unlisted groups are dropped with a log hint. - Group policy:
channels.whatsapp.groupPolicycontrols whether group messages are accepted (open|disabled|allowlist).allowlistuseschannels.whatsapp.groupAllowFrom(fallback: explicitchannels.whatsapp.allowFrom). Default isallowlist(blocked until you add senders). - Per-group sessions: session keys look like
agent:<agentId>:whatsapp:group:<jid>(non-default accounts append:thread:whatsapp-account-<accountId>), so directives such as/verbose on,/trace on, or/think high(sent as standalone messages) are scoped to that group; personal DM state is untouched. - Context injection: pending-only group messages (default 50) that did not trigger a run are prefixed under
[Chat messages since your last reply - for context], with the triggering line under[Current message - respond to this]. The pending window is cleared after the run; messages already in the session are not re-injected. - Sender attribution: each group line carries the sender label inside the message envelope, e.g.
[WhatsApp <groupJid> <timestamp>] Alice (+447700900123): text, and sender identity plus group subject/members ride along in the untrusted conversation-metadata block. - Ephemeral/view-once: wrappers are unwrapped before extracting text/mentions, so pings inside them still trigger.
- Group system prompt: the first turn of a group session (and any turn after
/activationchanges the mode) injects activation guidance into the system prompt (Activation: trigger-only ...orActivation: always-on ..., plus "address the specific sender"). Persistent group-chat delivery guidance ("You are in a WhatsApp group chat...") is always included.
Config example (WhatsApp)
Make display-name pings work even when WhatsApp strips the visual @ from the text body:
{
channels: {
whatsapp: {
groups: {
"*": { requireMention: true },
},
historyLimit: 50, // pending group context window (default 50)
},
},
agents: {
list: [
{
id: "main",
groupChat: {
mentionPatterns: ["@?openclaw", "\\+?15555550123"],
},
},
],
},
}
Notes:
- The regexes are case-insensitive and use the same safe-regex guardrails as other config regex surfaces; invalid patterns and unsafe nested repetition are ignored.
- WhatsApp still sends canonical mentions via
mentionedJidswhen someone taps the contact, so the number fallback is rarely needed but is a useful safety net. - The pending-context window resolves as
channels.whatsapp.accounts.<id>.historyLimit→channels.whatsapp.historyLimit→messages.groupChat.historyLimit→ 50.
Activation command (owner-only)
Use the group chat command:
/activation mention/activation always
Only owner numbers (from channels.whatsapp.allowFrom, or the bot's own E.164 when unset) can change this; /activation from anyone else is ignored and stored as context only. Send /status as a standalone message in the group to see the current activation mode.
How to use
- Add your WhatsApp account (the one running OpenClaw) to the group.
- Say
@openclaw ...(or include the number). Only allowlisted senders can trigger it unless you setgroupPolicy: "open". - The agent prompt includes the pending group context plus sender-labeled lines so it can address the right person.
- Session directives (
/verbose on,/trace on,/think high,/newor/reset,/compact) apply only to that group's session; send them as standalone messages so they register. Your personal DM session stays independent.
Testing / verification
- Manual smoke:
- Send an
@openclawping in the group and confirm a reply that references the sender name. - Send a second ping and verify the history block is included, then cleared on the next turn.
- Send an
- Check gateway logs (run with
--verbose) forinbound web messageentries showingfrom: <groupJid>and the sender-labeled body.
Known considerations
- Heartbeats run in the agent's main session; group sessions never get heartbeat runs.
- Echo suppression remembers the combined prompt (history + current message) per session so the bot's own delivered messages do not retrigger it; an identical repeated batch can be skipped as an echo.
- Session store entries appear as
agent:<agentId>:whatsapp:group:<jid>in the per-agent SQLite session store; a missing entry just means the group has not triggered a run yet. - Typing indicators follow
session.typingMode/agents.defaults.typingMode. When visible replies are opted into message-tool-only mode, typing starts immediately by default so group members can see the agent working even if no automatic final reply is posted. Explicit typing-mode config still wins.