* fix: detect view-once media (image/video/audio) on stanza 1 for linked devices
When a view-once arrives at a linked device (InfiniteAPI), the server sends:
- Stanza 1: enc payload with full media metadata (mediaKey, directPath) wrapped in
viewOnceMessage > imageMessage/videoMessage/audioMessage with viewOnce: true
- Stanza 2: unavailable view_once fanout placeholder (already handled)
Previously only stanza 2 set key.isViewOnce = true. Stanza 1 was emitted as
plain media with no view-once indicator, making it indistinguishable from regular
media on the consumer side (messages.upsert).
This fix inspects the decrypted proto for viewOnceMessage (v1/v2/v2Ext) wrappers
containing a media message with viewOnce=true and propagates key.isViewOnce=true.
The viewOnceMessage wrapper is also used for interactive messages (carousel,
buttons, lists) but those carry interactiveMessage/listMessage inside -- never
imageMessage.viewOnce / videoMessage.viewOnce / audioMessage.viewOnce.
The distinction is unambiguous and does not affect interactive message handling.
Verified via WA Desktop
- history.ts: add Origin: DEFAULT_ORIGIN to CDN DELETE request headers —
the download path injects it internally but options does not carry it
- socket.ts: fix lowServerCount comparison — was preKeyCount <= topUpAmount
which triggered uploads even when above MIN_PREKEY_COUNT (e.g. 250 prekeys
→ topUp=550 → 250<=550=true → unnecessary upload). Now uses correct
threshold: preKeyCount < MIN_PREKEY_COUNT
- socket.ts: guard scheduleNextKeepAlive() with !closed check to prevent
orphan timers when end() was called concurrently on a different path
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- history.ts: move CDN DELETE from downloadHistory() to
downloadAndProcessHistorySyncNotification(), after processHistoryMessage()
succeeds — prevents permanent history loss if processing throws post-download
- history.ts: fix fetch spread order: { ...options, method: 'DELETE' } so
options.method cannot shadow the intended DELETE verb
- socket.ts: add early return after void end() in onKeepAliveTick to prevent
scheduleNextKeepAlive() from leaking a timer while connection is closing
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1. USyncQuery: extract raw_id attr from node attrs into rawId field; implement
side_list parsing (was TODO/commented) reusing shared parseNodeList helper
2. getUSyncDevices: add 4th LID→PN source via raw_id pairing from device-list
WA Business sends zero phoneNumberToLidMappings in HistorySync — raw_id is
the only way to resolve LID↔PN for those accounts during message send
3. MIN_PREKEY_COUNT: 5 → 25 (WA Business maintains ~812; 5 was too low a buffer
before triggering replenishment upload)
4. startKeepAliveRequest: replace fixed setInterval with recursive setTimeout
+ ±15% jitter, matching WA Desktop's ~25-30s variable heartbeat pattern;
clearInterval → clearTimeout for the handle
5. downloadHistory: fire-and-forget DELETE to CDN after successful download,
mirroring WA Desktop behaviour (server-side one-time file cleanup)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: histsync LID improvements — raw_id mapping, prekeys, keepalive jitter, CDN DELETE
* fix: prekey pool strategy — 800 initial, top-up to 800 when below 200
- INITIAL_PREKEY_COUNT: 812 → 800 (rounded, matches WA Business ~812 from CDP capture)
- MIN_PREKEY_COUNT: 25 → 200 (replenishment trigger threshold)
- uploadPreKeysToServerIfRequired: top-up to INITIAL_PREKEY_COUNT instead of
uploading a flat MIN_PREKEY_COUNT — restores full 800-key pool on each replenish
- handleEncryptNotification: same top-up logic (INITIAL_PREKEY_COUNT - count)
so server notification path also restores to 800, not just adds 200
uploadPreKeys(5) in error recovery path intentionally left unchanged.
Two bugs fixed compared to prior implementation:
1. history.ts — normalize userJid LID→PN
pastParticipants[].userJid may arrive as a LID identifier (e.g. "46802258641027@lid").
The consumer expects a phone number. After building the lidPnMap from conversations
and phoneNumberToLidMappings, each userJid is resolved to its PN equivalent.
If the mapping is not available the original value is preserved (no data loss).
2. event-buffer.ts — deduplicate by groupJid + userJid across chunks
Multiple HistorySync chunks can contain the same group. The previous approach
concatenated blindly, producing duplicate entries. Now a keyed map
{ [groupJid]: IPastParticipant[] } is used so each group appears once and
each participant within a group appears at most once.
Types updated (Events.ts):
- messaging-history.set event includes pastParticipants?: IPastParticipants[]
- BufferedEventData.historySets.pastParticipants typed as keyed map
- Add interactive message detection helpers (getButtonType, isCarouselMessage, etc.)
- Inject biz node with interactive/native_flow for non-carousel interactive messages
- Inject biz + quality_control with decision_id for carousel messages
- Skip bot node for native_flow/carousel/catalog (breaks Web rendering)
- Force device-identity inclusion for carousel messages
- Append deferred biz/bot/quality_control nodes after device-identity and tctoken
- Store tctoken under both LID and PN for reliable lookup
Two fixes:
1. Stanza type="media" for carousel messages — WhatsApp Web needs this
to render carousel in real-time. Without it, only shows header until
page refresh (F5).
2. Fix jimp detection: typeof Jimp === 'function' (not just 'object')
so jpegThumbnail is generated for card images.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
7 corrections based on reverse-engineering of WhatsApp Business Android:
1. resolveCanonicalJid: PN→LID resolution for transaction lock keys (prevent race conditions)
2. Retain PN session during LID migration (avoid No Session errors)
3. Delayed PreKey deletion with 5-min grace period (prevent Invalid PreKey ID races)
4. Surgical session cleanup: only delete the specific corrupted device, not all devices
5. Identity dual storage: save identity key in both LID and PN addresses
6. MAC error cooldown reduced 10s→1s (faster recovery, aligned with WABA)
7. Allow session recreation on first retry (retryCount >= 1 instead of > 1)
* fix: remove unused jidDecode import from decode-wa-message.ts
* fix: add try/catch to delayed PreKey deletion to prevent unhandled rejection
The setTimeout async callback in removePreKey could cause unhandled promise
rejection if the keystore was destroyed (connection closed) before the
5-min grace period expired.
The web protocol (WA\x06\x03) requires a web-compatible UserAgent.
Using SMB_ANDROID in the UserAgent caused pair code registration to
fail with "cannot connect device" even though the phone confirmation
appeared. The Android identity is now only set in DeviceProps.platformType
(ANDROID_PHONE) in the registration node, which correctly determines
the display name in "Linked Devices" as "Android (14)".
Changes:
- getUserAgent(): always returns MACOS platform and Desktop device
- getClientPayload(): always includes webInfo (no longer skipped for Android)
- Remove unused isAndroidBrowser import from validate-connection.ts
- Update pair code comments documenting tested platform IDs
- Add structured logging to pair code request
* feat: add Android browser preset for companion device registration
Add Browsers.android(apiLevel) preset that identifies as an Android
companion device (SMB_ANDROID platform, ANDROID_PHONE device type).
Validated against Frida captures of real WhatsApp Android protocol.
* feat: support BAILEYS_BROWSER env var for browser selection
Allows selecting Android companion mode via environment variable
without code changes. Set BAILEYS_BROWSER=android (or android:15
for a specific API level) to register as an Android device.
* fix: auto-detect Android browser in pair code and fall back to Chrome
Pair code companion registration fails with Android browser because the
WA server rejects the ANDROID_PHONE companion_platform_id over the web
Noise protocol. When Android is detected, requestPairingCode() now
transparently uses Chrome/macOS platform values for the pair code stanza
while QR code pairing continues to work as Android (SMB_ANDROID).
* docs: add android to isValidBrowserPreset JSDoc
* fix: break infinite Bad MAC + session recreation loop
Remove aggressive session cleanup from the decryption hot path that caused
cascading failures when multiple messages from the same contact arrived
simultaneously. The Signal Protocol naturally recovers via retry+pkmsg flow.
Changes:
- Remove cleanupCorruptedSession() from per-message error handler (hot path)
- Move session cleanup to retry-exhausted handler as safety net
- Add per-JID retry request deduplication (5s window)
- Add 10s cooldown on MAC error session recreation
- Export cleanupCorruptedSession/getDecryptionJid for use in messages-recv
Tested: corrupted session with fake keys → Bad MAC → retry receipt →
pkmsg recovery → all 7 messages delivered, zero infinite loop.
* fix: address PR review — lint, dedup scope, and cleanup targeting
- Remove unused `autoCleanCorrupted` param from decryptMessageNode (lint fix)
- Scope retry dedup by participant JID in group chats (not group JID)
- Move dedup registration after early-return checks to avoid blocking
subsequent messages when max retries reached
- Use participant JID for session cleanup in groups (Signal sessions
are per-participant, not per-group)
* feat: centralized LID→PN normalization for all emitted events
WhatsApp's server increasingly uses LID (Linked ID) as the primary
addressing format. Consumers expect phone numbers (PN),
not opaque LID identifiers. This adds comprehensive LID→PN resolution
across all ev.emit() paths so downstream consumers always receive PN.
Key changes:
- Add resolveLidToPn() and normalizeKeyLidToPn() centralized helpers
in process-message.ts for consistent LID→PN resolution
- normalizeMessageJids() fast path: use alt JID directly from stanza
attributes (zero I/O, eliminates race condition with LIDMappingStore)
- Await storeLIDPNMappings() before normalization in message receipt
flow (was fire-and-forget, could race with subsequent getPNForLID)
- Normalize LID→PN in all event emission points:
* messages.upsert (keys, nested reaction/poll keys, participantAlt)
* presence.update (jid + participant)
* message-receipt.update (key + userJid)
* contacts.update (picture notifications)
* blocklist.update (blocklist JIDs)
* call events (chatId, from)
* group metadata (participants, owner, subjectOwner)
* group notifications (acting participant, add/remove/promote/demote)
* newsletter notifications (author, user JIDs)
* sync actions (mutation index normalization)
- Make handlePresenceUpdate and handleGroupNotification async to
support await on LID resolution
- Add normalizeGroupMetadata() helper in groups.ts for all
extractGroupMetadata call sites
Performance: ~0.01ms per message (LRU cache hit). No impact on
message sending. First-contact resolution ~2-5ms (one-time per contact).
* fix: normalize LID→PN in handleBadAck, media retry, and PDO recovery
Additional leak points found during final audit:
- handleBadAck: key.remoteJid from ack stanza could be LID
- messages.media-update: media retry key JIDs not normalized
- CTWA PDO recovery: webMessageInfo.key from phone response not normalized
* fix: address PR review — parallelize LID resolution, use helper consistently
- normalizeGroupMetadata: resolve participant LIDs with Promise.all
instead of sequential loop (perf on large groups)
- handleCall: resolve participant JIDs with Promise.all
- handleBadAck: use normalizeKeyLidToPn() helper instead of manual
resolveLidToPn + assignment (consistency with other code paths)
- CB:relay: resolve callCreator LID→PN before emitting
* fix: add timeout to fetchLatestBaileysVersion to prevent hanging connections
AbortController with 5s default timeout prevents indefinite blocking
when GitHub is unreachable (DNS failure, network issues). Falls back
to bundled version via existing catch block. Ref: Baileys#2385.
* fix: move clearTimeout to finally block in fetchLatestBaileysVersion
Ensures timer cleanup on both success and fetch rejection paths,
preventing dangling timers when DNS/network fails before abort fires.
In DMs, when the connected user sends a reaction, the inner key's
remoteJid could remain unnormalized (e.g. LID vs PN), preventing
correct matching with the original message. Also normalises participant
in groups for own messages — an improvement over upstream Baileys#2386.
* feat: apply PR #2339 missing commits (ced3305 + fe5a37c)
Apply two Feb-19 commits from WhiskeySockets/Baileys PR #2339 that
were missing from the initial integration:
ced3305 — Prevent tctoken attachment to peer (AppStateSync) messages
- Add isPeerMessage guard: additionalAttributes?.['category'] === 'peer'
- Exclude peer messages from is1on1Send to fix error 479 (SmaxInvalid)
which was causing hundreds of rejections on multi-device sync JIDs
fe5a37c — Error 463 retry logic + blocking→non-blocking refactor
- Replace blocking await getPrivacyTokens() with fire-and-forget .then/.catch
so the send path is never delayed by a token fetch
- Add tcTokenRetriedMsgIds Set in messages-recv.ts to track retried msgIds
- On error 463 (MissingTcToken): wait 1.5s then relay the message once,
allowing the server's tctoken notification to arrive before resend
- Add retry_463_ok log event to baileys-logger for observability
- Add `yarn lint:fix` step before lint check to auto-fix prettier/import-sort
formatting issues (runs with continue-on-error to not block)
- Fix circular conflict between prettier and space-before-function-paren
rule in cache-utils.ts via eslint-disable comment
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Wire onNewJidStored callback in messages-send.ts so proactively
fetched tokens are registered in the pruning index
- Batch keystore reads in pruneExpiredTcTokens (1 query instead of N)
- Persist lastTcTokenPruneTs in keystore so 24h throttle survives restarts
- Replace parseInt() with Number() for safer timestamp parsing
- Normalize JIDs via jidNormalizedUser() before LID lookup in
resolveTcTokenJid to prevent device-suffix mismatches
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move INTERACTIVE_MESSAGES.md to docs/ folder
- Remove all third-party name references from code comments
- Temporarily remove docs from .gitignore to allow tracking
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously the same `text` field was used for both header.title and body.text,
causing duplicate content to appear. Now `title` controls the header (defaults
to a space like Pastorini) and `text` controls the body independently.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove messageContextInfo (deviceListMetadata) from viewOnceMessage wrapper
in generateButtonMessage and remove empty subtitle from header. This fixes
CTA mixed buttons (url, copy, call) not being delivered to iOS devices -
same pattern that fixed carousel messages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Flatten image validation nesting to max 4 levels (eslint max-depth)
- Collapse multi-line ternary to single line (prettier)
- Add missing blank line before statement
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Lint fixes:
- Replace `any` types with proper proto interfaces (IInteractiveMessage)
- Fix missing blank lines before statements (eslint padding-line-between-statements)
- Fix unused variable and indentation in protocol dump
- Remove pre-existing `any` casts in createParticipantNodes
Review feedback (Copilot/Codex):
- Gate protobuf roundtrip test and protocol dump behind debug level
(avoids CPU overhead and sensitive data exposure in production)
- Add empty array validation for nativeButtons (fixes [].every() edge case)
- Support headerTitle in quick_reply buttonsMessage (HeaderType.TEXT)
- Fix stale comment that said "wrap viewOnceMessage" when code sends direct
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Carousel (interactiveMessage):
- Remove messageContextInfo from carousel (breaks iOS delivery)
- Remove empty subtitle field from card headers
- Add jpegThumbnail/dimensions validation for card images
- Return direct interactiveMessage at root (no viewOnceMessage wrapper)
- Skip DSM (deviceSentMessage) for own devices (causes error 479)
- Skip bot node injection for carousel messages
Quick Reply Buttons (buttonsMessage):
- Separate quick_reply buttons from CTA buttons in generateWAMessageContent
- quick_reply (reply only) uses legacy buttonsMessage format (works on Android + iOS + Web)
- CTA buttons (url, copy, call) use nativeFlowMessage with viewOnceMessage wrapper
Stanza construction (messages-send.ts):
- Defer biz/bot nodes to be appended LAST (after device-identity, tctoken)
- Fix button name extraction for carousel (flatMap from cards)
- Add protobuf roundtrip test and protocol dump for debugging
Tested: Carousel renders on Android + iOS. Quick reply buttons render on Android + iOS + Web.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixed compatibility issue with lru-cache v11 which requires maxSize instead of max when using sizeCalculation.
Progress: Reduced test failures from 33 to 7 tests (79% improvement)
- Fixed all cache-utils tests
- Fixed 1 baileys-event-stream test
- Remaining 7 failures are pre-existing issues
https://claude.ai/code/session_015R3U3kiprQiNTTNNt31Sg6
Final fixes:
- Add eslint-disable for space-before-function-paren false positives in generic types
- All 68 original errors now resolved
- Build passes successfully
- No API logic or structure changes
Final status: 0 errors, 239 warnings (warnings are acceptable)
https://claude.ai/code/session_015R3U3kiprQiNTTNNt31Sg6