WhatsApp Bridge
Overview
Build a separate WhatsApp Web gateway (Baileys) that receives and sends WhatsApp messages and optionally forwards them to an AI service. Use this when the user explicitly wants a non-WhatsApp-Business integration and accepts the reliability and ban risk.
Workflow Decision Tree
- •If the user refuses Meta/Twilio, proceed with Baileys and confirm they accept account risk.
- •If the user wants "the Codex chat" mirrored, explain that the Codex UI cannot be wired directly and propose a small web UI mirror instead.
- •If the user needs outbound-only updates, implement only the send path and skip inbound processing.
- •If the user needs two-way chat, implement the full inbound and outbound pipeline with persistence.
- •If the user asks for a separate server, keep the gateway in its own repository or service and expose only an HTTP API to other systems.
Core Build Steps
- •Confirm requirements: one-way or two-way, target numbers or groups, storage expectations, and hosting target.
- •Set up a separate Node service and persist Baileys auth state on disk.
- •Implement inbound handling with dedupe, ignore bot messages, and basic rate limiting.
- •Implement outbound sending with simple retry logic and message queueing.
- •Add an LLM handler with per-JID state and message summarization.
- •Add health checks, logs, and a QR re-auth flow.
Quick Start (Template)
- •Use
scripts/init_gateway.sh --path <output-dir>to generate a ready-to-run gateway project fromassets/gateway-template. - •Deploy the generated gateway folder to a separate server, then run
/initto authenticate. - •For “talk to my Codex on my computer”, run the gateway on the same machine and set
REPLY_MODE=codex. - •Pair the owner account once: after
/init, sendPAIR <code>from your phone to the gateway number. - •If the gateway HTTP API is exposed, use
scripts/gateway_init.shandscripts/gateway_status.shfor remote onboarding and checks.
Reference: references/quickstart.md.
Skill Auto-Update (Local)
- •On skill start (or whenever the user asks), do a best-effort update check against GitHub.
- •If the user asks to “update the skill”, or types
update//update, runscripts/update_skill.shto pull the latest version from GitHub. - •If there are local changes, show them and ask whether to retry with
--force. - •After updating, re-open
SKILL.md(instructions may have changed).
Reference: references/cli-commands.md.
OpenClaw-Style Onboarding (/init)
- •▶️ Provide a
/initcommand that starts the onboarding flow. - •⚠️ Show a clear risk notice and require explicit user consent (yes/no) before starting WhatsApp.
- •✅ Only generate and display the QR code after consent is accepted.
- •🧭 Keep the flow stateful (
awaiting_consent,awaiting_qr_scan,connected). - •❌ If the user declines, exit cleanly and do not start Baileys.
Reference: references/init-onboarding.md.
CLI Commands (/update, /status)
- •Provide
/statusto display connection state, activation, and current number (gateway runtime). - •Optionally provide
/updatein the gateway runtime to update the gateway code viagit pull --ff-only. - •Keep outputs short and readable for terminal use.
Reference: references/cli-commands.md.
Message Pipeline Rules
- •Always ignore messages sent by the bot itself.
- •Deduplicate by message id and jid to avoid loops.
- •Normalize jids before storage and routing.
- •Limit outbound frequency per jid to avoid spam and bans.
Storage Guidance
- •Persist Baileys auth state on disk so the session survives restarts.
- •Store conversation state by jid in a durable store if you need continuity.
- •Keep a rolling summary to cap token usage.
Safety And Compliance
- •Require explicit opt-in and implement STOP or human escalation.
- •Avoid storing media unless required; prefer text only.
- •Do not hardcode secrets; load from environment variables.
- •Restrict access: use owner pairing (
PAIR <code>) orOWNER_*allowlists; ignore unknown senders. - •If exposing HTTP, bind to localhost by default and require
GATEWAY_ADMIN_TOKENfor admin endpoints. - •For a checklist, see
references/security.md.
References
- •
references/baileys-gateway.mdfor Baileys setup, auth state, and message events. - •
references/openai-bridge.mdfor the LLM call wrapper and conversation state pattern. - •
references/ops-runbook.mdfor deployment, restarts, and QR recovery. - •
references/web-ui-bridge.mdfor the optional web UI mirror. - •
references/init-onboarding.mdfor the/initonboarding flow and QR display. - •
references/cli-commands.mdfor/updateand/statuscommands. - •
references/quickstart.mdfor the simplest end-to-end setup. - •
references/security.mdfor hardening guidance.