release: develop → master 2026-06-08 (5 PRs)#521
Merged
Conversation
…f path (#513 review) PR #513 chatgpt-codex review (P2) caught a real gap that PR #509 introduced when it added the `maxKeys` cap to `userDevicesCache`: - PR #509 added `safeCacheSet` handling to the cache-population path in `messages-send.ts:528-548` (where USync fills the cache). - The OTHER call-site that writes to `userDevicesCache` — `messages-recv.ts:2240` in the device-notification handler ('add' / 'remove' tags) — was left unprotected. `@cacheable/node-cache`'s capacity check is `keyCount() + 1 > maxKeys` — applied BEFORE the engine checks whether the key already exists. So once the cache reaches its `maxKeys` ceiling (5,000 entries), even an UPDATE to an already-cached user throws ECACHEFULL. The guard `if (!existingCache.length) continue` at line 2210 doesn't help: it only short-circuits when the user is NOT cached. A device-list update for an already-cached user would still hit the `.set` and throw. Real impact under sustained gateway load: - Cache hits 5,000 entries (a few dozen active groups will get there). - A device-add/remove notification arrives for one of the cached users. - `userDevicesCache.set(...)` throws ECACHEFULL. - The throw propagates into the message-receive handler and lands in Baileys' outer error boundary — connection survives, but a log-level error is emitted and the affected user's device list is NOT updated in the cache. - Next message-send for that user fetches the fresh list via USync (`getUSyncDevices`), which IS guarded — so the durable behavior eventually recovers. The fix routes the device-notif write through the same `safeCacheSet` helper PR #509 used in messages-send.ts. Same swallow-ECACHEFULL semantics, same debug log, same `getUSyncDevices` fallback path. Symmetric handling across the two call-sites that update the cache. Test plan: - npm run build ✓ (3 phases pass, zero errors) - 1 line of production change in `messages-recv.ts:2240`, plus comment explaining the WHY. No test changes needed — `safeCacheSet`'s behavior is already covered by `cache-utils.test.ts`. Out of scope (intentionally NOT touched): - Carousel, lists, buttons, polls, view-once, biz quality_control, useLegacyLock, TC token custom flow, LID↔PN batched, Phase 9 multi-DB, lidDbMigrated:false, the cacheMetricsInterval memory-leak fix, schema migrations + statement cache + busy retry. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
chore(logs): compact recoverable Signal Protocol failures (#515)
Merges 6 PRs landed on `develop` since the previous master sync (2026-06-06), preserves the two auto-bumps that have since landed on master (#516, #517), and ships them together. PRs included in this release ============================ * #514 — chore(build): exclude .md from src→lib mirror Internal architecture notes (`src/Utils/multi-db-sqlite/ARCHITECTURE.md`, `USAGE.md`) no longer ship in the published package. Disk savings on consumer side + stops leaking internal phase planning into anyone that runs `npm install`. * #515 — chore(logs): compact recoverable Signal Protocol failures Recoverable Signal failures (Bad MAC, MessageCounterError, old counter, Invalid PreKey ID) are now compact one-liners at `warn` instead of three multi-KB `error` entries each. Per-event log output: ~10KB → ~250B. Unknown errors keep full stack + stanza. Net: error-dashboard noise drops dramatically without losing real signal. * #518 — feat(meta-ai): decrypt msmsg via empirically-validated WA Web Meta AI / FBID-bot replies (`<enc type="msmsg">`) now decrypt instead of NACKing with MissingMessageSecret. Algorithm reverse-engineered from `WAWebBotMessageSecret` via CDP and validated LIVE with a Meta AI "oi" capture. Five distinct bugs in upstream PR WhiskeySockets#2592 fixed (unbounded cache, cross-tenant leak, no FBID dispatch, drops streaming chunks, raw-id cache key, 12-strat brute force). Per-socket bounded LRU + `flushAll() + close()` on socket end to release the NodeCache timer. * #519 — feat(stickers): support lottieStickerMessage for animated .was Wraps + unwraps Lottie stickers (`application/was`) in `lottieStickerMessage` (FutureProofMessage at proto field 74), matching `WAWebE2EProtoGenerator`'s actual implementation. Mobile clients silently drop Lottie stickers in the unwrapped form; this makes them render on Android/iOS. Send-path `getMediaType` + DSM `messageContextInfo` reads both walk the wrap correctly. * #520 — fix(decode): preserve outer messageContextInfo when unwrapping deviceSentMessage Closes the codex P1 gap left deferred from #518. When WhatsApp delivers a fromMe-via-linked-device message, the OUTER `Message` carries `messageContextInfo.messageSecret` and the inner does not — the previous `msg = msg.deviceSentMessage?.message || msg` dropped that secret entirely. New `unwrapDeviceSentMessage` does a per-field merge matching WA Web's `l(e)` source exactly, including a length-check guard on `threadId` (protobuf decodes empty `repeated` as `[]` not `undefined` — naive `??` would lose the outer thread context). * #513 follow-up (already on master as `373a6f3622` from previous release) — the develop-side commit `50f9a77ef8` is the same change. Merge collapses both onto the master line; no behaviour change. Preserved from master (NOT touched by this merge) ================================================== * #516 — chore: update proto/version to v2.3000.1040989513 Auto-bumped `WAProto/WAProto.proto` + `baileys-version.json`. develop never touched these files, so the bump survives intact. * #517 — chore: update WhatsApp Web version to v2.3000.1040994085 Auto-bumped `baileys-version.json` again. Same — develop didn't touch it, master's value (`{"version":[2,3000,1040994085]}`) is preserved verbatim post-merge. Validation ========== * Auto-merge succeeded with ZERO conflicts — `messages-recv.ts` was the only file modified on both sides, but the edits were non-overlapping and git resolved them automatically. * `npm run build` clean on the merged tree. * 57/57 tests pass across the new-PR suites (dsm-context-info + meta-ai-msmsg + lottie-sticker-message + error-log-utils + process-message.protocol-guard). * `baileys-version.json` post-merge: `{"version":[2,3000,1040994085]}` — confirms master's auto-bump was preserved (NOT downgraded to develop's stale `1040973525`). Customizations preserved (NOT touched) ====================================== Carrossel, lists, buttons, polls, view-once, biz `quality_control`, `useLegacyLock`, TC token custom flow, LID↔PN batched, Phase 9 multi-DB, `lidDbMigrated:false`, `cacheMetricsInterval` memory-leak fix, schema migrations + statement cache + busy retry. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
Thanks for opening this pull request and contributing to the project! The next step is for the maintainers to review your changes. If everything looks good, it will be approved and merged into the main branch. In the meantime, anyone in the community is encouraged to test this pull request and provide feedback. ✅ How to confirm it worksIf you’ve tested this PR, please comment below with: This helps us speed up the review and merge process. 📦 To test this PR locally:If you encounter any issues or have feedback, feel free to comment as well. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdds WA Web–validated msmsg decryption with a per-socket secret cache, unwraps deviceSentMessage envelopes preserving DSM fields, supports Lottie sticker wrapping/unwrapping and DSM context, compacts error logging, wires defaults, and adds comprehensive tests. ChangesMeta AI msmsg decryption and Lottie sticker handling
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration. Warning Billing warning: we have not been able to collect payment for this subscription for more than 72 hours. Please update the payment method or pay any pending invoices in Billing to avoid service interruption. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bb614011c6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Pull request overview
This release PR synchronizes develop into master, bundling multiple recently-landed changes across build packaging, message decryption/handling, and operational logging.
Changes:
- Adjust build asset mirroring to avoid publishing repo-local Markdown docs into
lib/. - Add Meta AI / FBID
<enc type="msmsg">decryption support with a per-socket messageSecret cache, plus DSM context preservation and log compaction for recoverable Signal failures. - Add full send/receive support for Lottie
.wasstickers vialottieStickerMessagewrapping/unwrapping, including send-path metadata handling.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Utils/meta-ai-msmsg.ts | Implements msmsg stanza parsing, per-socket secret cache, HKDF+AES-GCM decryption, and secret auto-caching. |
| src/Utils/messages.ts | Wraps outgoing Lottie stickers in lottieStickerMessage and unwraps them during normalization. |
| src/Utils/index.ts | Re-exports newly added utilities (error logging + msmsg helpers) from the Utils barrel. |
| src/Utils/error-log-utils.ts | Adds compactError() helper to log recoverable errors without large stacks. |
| src/Utils/decode-wa-message.ts | Adds msmsg decode path, caches message secrets post-decrypt, preserves DSM outer messageContextInfo, and compacts logging for known recoverable failures. |
| src/Utils/cache-utils.ts | Exports isNodeCacheFullError so other modules can safely guard NodeCache saturation errors. |
| src/Utils/auth-utils.ts | Downgrades transaction rollback logging noise (error→trace) for expected rollback paths. |
| src/Socket/messages-send.ts | Ensures DSM context info is read correctly when sending wrapped Lottie stickers; fixes mediaType detection for the wrapper. |
| src/Socket/messages-recv.ts | Wires a per-socket msmsg secret cache into decrypt flow; removes unconditional msmsg NACK; compacts logs for recoverable session errors. |
| src/Defaults/index.ts | Adds default TTL/maxKeys for the msmsg secret cache. |
| src/tests/Utils/meta-ai-msmsg.test.ts | Adds unit tests covering cache keying, stanza parsing, error behavior, and crypto roundtrips for msmsg. |
| src/tests/Utils/lottie-sticker-message.test.ts | Adds round-trip and shape-pin tests for Lottie sticker wrapping/unwrapping and send-path contracts. |
| src/tests/Utils/error-log-utils.test.ts | Adds tests pinning compactError() formatting and “must never throw” behavior. |
| src/tests/Utils/dsm-context-info-preservation.test.ts | Adds regression tests pinning DSM outer/inner messageContextInfo merge semantics. |
| scripts/copy-assets.mjs | Excludes .md from src→lib mirroring to avoid shipping internal docs to consumers. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/Utils/auth-utils.ts (1)
710-714: ⚡ Quick winKeep compact rollback logs, but include structured error detail instead of message-only.
err?.messagedrops stack/name/code/cause, which reduces debuggability for unexpected rollback failures. Consider logging a compact structured form (e.g.,compactError(err)) at trace level to keep noise low without losing key diagnostics.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/Utils/auth-utils.ts` around lines 710 - 714, The rollback trace currently logs only err?.message which loses useful diagnostics; update the rollback logging (the logger.trace call that logs 'transactWith rolled back') to pass a compact structured error object instead (e.g., call a helper compactError(err) that preserves name/code/message/stack/cause but keeps it short) so trace-level output remains low-noise yet debuggable; implement compactError(err) (or reuse an existing error-formatter) and replace logger.trace({ err: (err as any)?.message }, 'transactWith rolled back') with logger.trace({ err: compactError(err) }, 'transactWith rolled back') in the transactWith/rollback path.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/Socket/messages-send.ts`:
- Around line 1190-1198: The retry-resend path rebuilds deviceSentMessage
without carrying over messageContextInfo, so replicate the same DSM context
logic used when constructing meMsg: compute dsmMessageContextInfo from
message.lottieStickerMessage?.message?.messageContextInfo ??
message.messageContextInfo and ensure any rebuilt deviceSentMessage (the object
created during the retry/resend flow) includes messageContextInfo:
dsmMessageContextInfo; update the retry/resend code path that reconstructs
deviceSentMessage to copy this messageContextInfo field so wrapped Lottie
stickers retain messageSecret/reporting tokens.
---
Nitpick comments:
In `@src/Utils/auth-utils.ts`:
- Around line 710-714: The rollback trace currently logs only err?.message which
loses useful diagnostics; update the rollback logging (the logger.trace call
that logs 'transactWith rolled back') to pass a compact structured error object
instead (e.g., call a helper compactError(err) that preserves
name/code/message/stack/cause but keeps it short) so trace-level output remains
low-noise yet debuggable; implement compactError(err) (or reuse an existing
error-formatter) and replace logger.trace({ err: (err as any)?.message },
'transactWith rolled back') with logger.trace({ err: compactError(err) },
'transactWith rolled back') in the transactWith/rollback path.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 34f07706-9fd2-4ff9-b023-e6fa96d5f8db
📒 Files selected for processing (15)
scripts/copy-assets.mjssrc/Defaults/index.tssrc/Socket/messages-recv.tssrc/Socket/messages-send.tssrc/Utils/auth-utils.tssrc/Utils/cache-utils.tssrc/Utils/decode-wa-message.tssrc/Utils/error-log-utils.tssrc/Utils/index.tssrc/Utils/messages.tssrc/Utils/meta-ai-msmsg.tssrc/__tests__/Utils/dsm-context-info-preservation.test.tssrc/__tests__/Utils/error-log-utils.test.tssrc/__tests__/Utils/lottie-sticker-message.test.tssrc/__tests__/Utils/meta-ai-msmsg.test.ts
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
5 issues found across 15 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="src/Utils/decode-wa-message.ts">
<violation number="1" location="src/Utils/decode-wa-message.ts:685">
P2: When `OrphanMsmsgError` is thrown (no `messageSecret` in cache), it propagates to the outer catch in `messages-recv.ts` which sends a generic error NACK. The previous code explicitly sent `NACK_REASONS.MissingMessageSecret` for msmsg stanzas. The generic NACK causes the server to enter the Signal retry path, which cannot recover a missing msmsg cache entry — the retry will fail identically each time. Consider catching `OrphanMsmsgError` specifically in the outer handler and sending `NACK_REASONS.MissingMessageSecret` to preserve the intended NACK semantics and avoid pointless retries.</violation>
</file>
<file name="src/Utils/messages.ts">
<violation number="1" location="src/Utils/messages.ts:1887">
P2: After the Lottie wrap (`m = { lottieStickerMessage: { message: m } }`), the top-level `m.messageContextInfo` is `undefined` — the secret moved inside the wrapper. The send path's reporting-token logic reads `reportingMessage.messageContextInfo?.messageSecret` from the top level, so Lottie sticker sends will silently skip the `reporting_token` attachment. Either preserve `messageContextInfo` at the top level of the wrapped message or teach the reporting-token path to look inside the wrapper (similar to the `dsmMessageContextInfo` fix applied for the DSM envelope).</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
5 findings from the release PR #521 audit applied before promoting develop → master. The release branch itself doesn't change; this PR lands the fixes on develop and the release branch will be refreshed to include them. P2 — Thread 1 (chatgpt) — reporting-token check reads outer wrap ================================================================ `messages-send.ts:1884` gated reporting-token attachment on `reportingMessage?.messageContextInfo?.messageSecret`. For Lottie stickers post-PR #519 that secret lives INSIDE the `lottieStickerMessage` wrap — the top-level read returns undefined and the token is silently skipped. Regression vs plain sticker behaviour. Fix: lift `messageContextInfo` from both locations the same way the initial-fanout DSM read does (the lift PR #519 already shipped on line ~1198): const reportingMessageSecret = reportingMessage?.lottieStickerMessage?.message ?.messageContextInfo?.messageSecret ?? reportingMessage?.messageContextInfo?.messageSecret Required adding `reportingMessage &&` to the surrounding `if` so TypeScript doesn't lose the narrowing it previously got from the inline property chain (the narrowing was the side-effect of reading `reportingMessage.messageContextInfo` in the condition itself). P2 — Thread 5 (coderabbit Major) — retry-resend DSM drops messageContextInfo ============================================================================ `messages-send.ts:1580` rebuilds the `deviceSentMessage` envelope on the retry-resend path WITHOUT carrying `messageContextInfo` along. The initial-fanout path got the lift in PR #519 (line ~1198); the retry path was missed. Concrete impact: when a companion device receives the RETRY of a Lottie sticker via DSM, our own `unwrapDeviceSentMessage` finds: - inner = messageToSend = { lottieStickerMessage: { message: { stickerMessage, messageContextInfo } } } - inner.messageContextInfo = undefined (it's nested in the wrap) - outer.messageContextInfo = undefined (the retry envelope omitted it) → messageSecret = undefined, reporting token / encrypted-edit decryption material lost on the companion's copy. Fix: same lift inline at the retry envelope build site. P2 — Thread 2 (chatgpt) — OrphanMsmsgError stub goes to Signal retry path ========================================================================= When `decryptMsmsgBotMessage` raises `OrphanMsmsgError` (cache miss), the catch in `decode-wa-message.ts` sets `messageStubType = CIPHERTEXT` and `messageStubParameters[0] = String(err.message)`. The receive handler at `messages-recv.ts:3115` checks for known stub-param strings and falls through to the Signal retry / PDO placeholder-resend path when none match — burning retry budget asking the bot for prekeys it has no business issuing, for a problem (missing CACHE entry) that a Signal retry can never fix. Fix: add a guard for `messageStubParameters[0]?.startsWith('decryptMsmsgBotMessage:')` right after the `MISSING_KEYS_ERROR_TEXT` branch. Plain ACK (no NACK, no retry) so the server considers the message delivered. The next bot reply that arrives after the outgoing-secret cache populates will decrypt cleanly. NOT a NACK MissingMessageSecret: that would tell the server to retransmit, and the retransmission will hit the same orphan state until the outgoing-side cache is populated (deferred per PR #518). P3 — Thread 4 (copilot) — `__internal` export not consumed ========================================================== `src/Utils/meta-ai-msmsg.ts` exported an `__internal` bag of helpers (`BOT_MESSAGE_INFO`, `KEY_LENGTH`, `isMeJid`, `deriveKeyAndDecrypt`, `decodeDecryptedMsmsg`, `userOnlyJid`, `isJidGroup`) that no file in the repo actually imports. Grep confirms zero call sites. Removed — the helpers stay module-private as intended. P3 — Thread 3 (copilot) — `(err as any)?.message` in auth-utils =============================================================== `src/Utils/auth-utils.ts:714` (the trace I added in PR #515 to log `transactWith rolled back` without duplicating the stack) used a plain `(err as any)?.message` cast. Tightened to `err instanceof Error ? err.message : String(err)` — no runtime change, just removes the `any` cast and gives string fallback for non-Error throws. Validation ========== * `npm run build` clean (TS narrowing fixed via explicit `reportingMessage &&` guard). * 57/57 tests pass across the new-PR suites (dsm-context-info-preservation + meta-ai-msmsg + lottie-sticker-message + error-log-utils + process-message.protocol-guard). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Two findings from the cubic re-review on PR #521 that the previous audit-fix commit (cherry-picked from closed PR #522) didn't cover. Issue D (P2) — test re-implemented production helper ==================================================== cubic thread 8: `dsm-context-info-preservation.test.ts` kept a local copy of `unwrapDeviceSentMessage` and asserted against it. Comment claimed "if rules change in decode-wa-message.ts these break first" but that was wrong — the assertions tested the LOCAL copy, not production. Reverting `decode-wa-message.ts` to the old `msg = msg.deviceSentMessage?.message || msg` would leave all 10 tests green. The tests were validating themselves. Fix: * `decode-wa-message.ts` — flipped the helper from module-private `const` to `export const unwrapDeviceSentMessage`. The function is a leaf utility; exporting it surfaces nothing operational beyond what tests need. * `dsm-context-info-preservation.test.ts` — deleted the re-derived copy, imported from `../../Utils/decode-wa-message`. Header comment updated to explain WHY we now import (production parity) instead of re-derive. Issue E (P3) — `if (!err)` too broad in compactError ==================================================== cubic thread 9: `error-log-utils.ts:33` short-circuited every falsy input (including `0`, `''`, `false`, `NaN`) to the literal string `'Unknown'`. Those are unusual but valid thrown values — code that does `throw 0` would get its actual value erased. Operational impact near zero (Signal Protocol throws `Error` instances), but the contract is wrong. Fix: * `error-log-utils.ts` — `if (!err)` → `if (err == null)`. Comment added explaining the nullish-only narrowing. * `error-log-utils.test.ts` — new test `preserves falsy primitives that are NOT null/undefined` pins the new contract: `compactError(0)` → `'0'`, `compactError(false)` → `'false'`, etc. Validation ========== * `npm run build` clean * 58/58 tests pass (5 suites: dsm-context-info + error-log-utils + meta-ai-msmsg + lottie-sticker-message + process-message). Was 57; +1 from the new falsy-primitives test. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/Utils/error-log-utils.ts`:
- Line 36: Replace the loose equality check "if (err == null) return 'Unknown'"
with an explicit nullish check to satisfy ESLint eqeqeq: detect both null and
undefined (e.g., use "err === null || err === undefined") and return 'Unknown'
in that case; update the condition in the same spot where the variable err is
checked in error-log-utils.ts so behavior is unchanged but linting passes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 1fda62ed-1070-42c3-b550-b724a718d301
📒 Files selected for processing (8)
src/Socket/messages-recv.tssrc/Socket/messages-send.tssrc/Utils/auth-utils.tssrc/Utils/decode-wa-message.tssrc/Utils/error-log-utils.tssrc/Utils/meta-ai-msmsg.tssrc/__tests__/Utils/dsm-context-info-preservation.test.tssrc/__tests__/Utils/error-log-utils.test.ts
💤 Files with no reviewable changes (1)
- src/Utils/meta-ai-msmsg.ts
🚧 Files skipped from review as they are similar to previous changes (3)
- src/tests/Utils/error-log-utils.test.ts
- src/Socket/messages-recv.ts
- src/Utils/decode-wa-message.ts
There was a problem hiding this comment.
2 issues found across 8 files (changes from recent commits).
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
CI lint failed on the previous commit:
- error-log-utils.ts:36 — `if (err == null)` violated the codebase's
`eqeqeq` rule even though `== null` is the idiomatic nullish check.
Expanded to `if (err === null || err === undefined)` for the same
semantics with strict-equality compliance.
- meta-ai-msmsg.ts:46 — `isJidGroup` was imported but its only
consumer (the now-removed `__internal` export bag from cubic
audit thread 4) is gone. Removed from the import list.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
cubic re-review (thread 13, confidence 9) caught that the previous
ACK guard was too broad:
if (msg?.messageStubParameters?.[0]?.startsWith('decryptMsmsgBotMessage:'))
`decryptMsmsgBotMessage` throws with a `decryptMsmsgBotMessage:` prefix
for several distinct conditions, not just `OrphanMsmsgError`:
- `'decryptMsmsgBotMessage: no messageSecret for ${cacheKey}'`
← OrphanMsmsgError — cache miss, ACK + wait for cache to populate
- `'decryptMsmsgBotMessage: missing meta.target_id'`
← malformed stanza — deserves NACK/retry
- `'decryptMsmsgBotMessage: MessageSecretMessage missing encIv/encPayload'`
← malformed proto — deserves NACK/retry
- real AES-GCM auth-tag mismatch (string varies but may also start
with `decryptMsmsgBotMessage:` if wrapped)
← deserves the Signal retry path
The broader prefix silently ACK'd all of those, hiding real protocol
failures from the server-side retry machinery. Narrow the match to
the exact substring that uniquely identifies the orphan-cache case:
startsWith('decryptMsmsgBotMessage: no messageSecret for ')
Other `decryptMsmsgBotMessage:` failures now flow normally to the
Signal retry / PDO placeholder-resend path (where they belong).
Comment expanded to document why the narrow match is required.
Validation:
* build clean
* 58/58 tests still pass
Thread 12 (P3) — `String(err)` in auth-utils.ts:714 — is cosmetic
and deferred per the audit recommendation.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
rsalcara
added a commit
that referenced
this pull request
Jun 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merges 6 PRs landed on `develop` since the previous master sync (2026-06-06), preserves the two auto-bumps that have since landed on master (#516, #517), and ships them together. Zero merge conflicts —
developnever touched the auto-bumped files.PRs in this release
chore(build): exclude.mdfrom src→lib mirror — stops shipping internal architecture notes to consumer node_moduleschore(logs): compact recoverable Signal Protocol failures — ~10KB → ~250B per event, levelerror→warnfor auto-recoverablefeat(meta-ai): decrypt msmsg via empirically-validated WA Web algorithm — Meta AI / FBID bot replies now decrypt instead of NACKingfeat(stickers): supportlottieStickerMessagefor animated.wasstickers — wraps/unwraps so mobile renders themfix(decode): preserve outer messageContextInfo when unwrapping deviceSentMessage — closes #518's codex P1 (outgoing-side msmsg secret cache)Preserved from master (NOT touched by this merge)
proto/versiontov2.3000.1040989513(WAProto/WAProto.proto+baileys-version.json)v2.3000.1040994085(baileys-version.json)Develop never touched these files, so both bumps survive intact. Post-merge
baileys-version.json:```json
{"version":[2,3000,1040994085]}
```
Validation
messages-recv.tswas the only file modified on both sides, edits were non-overlapping, git resolved automatically.baileys-version.jsonpost-merge confirms master's auto-bump preserved (NOT downgraded to develop's stale1040973525)Customizations preserved (NOT touched)
Carousel, lists, buttons, polls, view-once, biz
quality_control,useLegacyLock, TC token custom flow, LID↔PN batched, Phase 9 multi-DB,lidDbMigrated:false,cacheMetricsIntervalmemory-leak fix, schema migrations + statement cache + busy retry.🤖 Generated with Claude Code
Summary by cubic
Syncs develop to master with Meta AI
msmsgdecryption and Lottie animated sticker support, plus audit and lint fixes that preserve DSM context-info, cut noisy logs, and avoid pointless retries. Keeps master’s WA version bumps and stops shipping.mdfiles inlib/.New Features
<enc type="msmsg">for Meta AI/FBID bots using the WA Web algorithm with a per-socket secret cache (1h TTL, 500 keys) cleared/closed on disconnect.lottieStickerMessagesupport for.wasstickers: wrap on send and unwrap on read so mobile renders them; setmediatype="sticker"on send.Bug Fixes
messageContextInfoacrossdeviceSentMessageunwrap and DSM (initial and retry, incl. Lottie) somessageSecretand reporting tokens are retained.msmsgreplies (narrow match:no messageSecret for ...), while otherdecryptMsmsgBotMessagefailures follow the Signal retry path.warnviacompactError; downgradetransactWithrollback logs totrace.eqeqeqwith explicit null checks incompactError; remove an unused import inmeta-ai-msmsg.Written for commit 2ec8ba3. Summary will update on new commits.
Summary by CodeRabbit
New Features
Improvements
Chores
Tests