WhatsApp: add listen-only / hooks-only mode for inbound messages without agent runs

[skocher]

Summary

Please add a first-class WhatsApp listen-only / hooks-only mode for inbound messages.

The goal is to receive WhatsApp messages and emit message_received plugin hooks for archival/ETL plugins, without creating agent runs, calling an LLM, or producing any outbound WhatsApp activity.

Use case

Supplier price collection / archival.

A business may need to listen to hundreds of WhatsApp supplier groups and direct chats, archive price lists, parse attachments/text, and update internal systems. These messages should be processed by a plugin/hook pipeline, not by the conversational agent.

Routing every inbound WhatsApp message through the agent is both risky and expensive:

• unnecessary token usage;
• accidental agent sessions for noisy supplier groups;
• risk of unintended replies or reactions;
• hard-to-debug interaction between groupPolicy, dmPolicy, and plugin hooks.

Desired behavior

For selected WhatsApp accounts and/or routes:

• receive inbound WhatsApp group and direct messages;
• emit message_received plugin hooks;
• do not create agent sessions/runs;
• do not call any LLM/model;
• do not send replies;
• do not send typing indicators;
• do not send reactions/ack reactions;
• do not send read receipts;
• do not send pairing messages;
• allow group messages to reach hooks even when normal conversational group processing is disabled.

Suggested config shape

One possible shape:

{
  "channels": {
    "whatsapp": {
      "accounts": {
        "supplier_prices": {
          "enabled": true,
          "mode": "listenOnly",
          "emitMessageReceivedHooks": true,
          "agentPipeline": false,
          "sendReadReceipts": false,
          "reactionLevel": "off",
          "groupPolicy": "listenOnly",
          "dmPolicy": "listenOnly"
        }
      }
    }
  }
}

Or equivalent explicit fields:

• emitMessageReceivedHooks: true
• processWithAgent: false
• allowGroupsForHooksOnly: true
• allowDirectsForHooksOnly: true
• sendReadReceipts: false
• sendTyping: false
• sendReactions: false

Current workaround / pain points

Today this requires local runtime patching or fragile configuration:

1. Group messages may be blocked by access control (groupPolicy: disabled) before message_received hooks can see them.
2. Direct messages need to reach hooks but must return before the agent/reply pipeline.
3. Hook opt-in boundaries are not obvious: plugin config vs channel/account config can be confusing.
4. It is hard to guarantee "no tokens, no replies, hooks only" as a supported invariant.

Acceptance criteria

• Incoming WhatsApp group messages can reach plugin hooks while normal group replies remain disabled.
• Incoming WhatsApp direct messages can reach plugin hooks while normal DM replies remain disabled.
• No agent run/session is created for listen-only messages.
• No LLM/model call happens.
• No outbound WhatsApp activity happens: no replies, read receipts, typing, reactions, polls, pairing messages.
• Status/health clearly shows listen-only accounts as connected and hook-capable.
• Config validation and docs explain where hook opt-in belongs.

Why this matters

This would make WhatsApp useful as a safe ingestion channel, not only as a conversational channel. It would also remove the need for downstream users to patch runtime internals to build read-only archival workflows.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 1, 2026, 1:12 AM ET / 05:12 UTC.

Summary
Codex review failed: codex execution failed.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Include the exact command, prompt, or workflow that triggered it.
• Add expected vs actual behavior.

Next step
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Remaining risk / open question:

• No close action taken because the review did not complete.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 12d5043913f7.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.

Evidence reviewed

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this issue with exit 1.
• codex stdout: Per-item Codex failure; continuing with the rest of the shard.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[barnacle-openclaw]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[skocher]

Still relevant as of 2026-05-31.

We still need a supported WhatsApp listen-only / hooks-only mode for supplier price ingestion. Current production use case: manager WhatsApp accounts listen to allowlisted supplier groups/direct chats, emit message_received hooks for archival/parsing, and must not enter the agent/LLM/reply pipeline.

Expected:

• inbound group/direct messages reach message_received hooks;
• no agent session/run is created;
• no model call happens;
• no outbound WhatsApp activity happens: replies, typing, reactions, read receipts, pairing messages.

Actual today:

• groupPolicy / dmPolicy can block messages before hooks see them, or allowing them risks routing into conversational/agent paths;
• we still need a local runtime workaround to guarantee hooks-only / no-reply behavior.

Please keep this open and remove stale. If appropriate, this should probably be labeled enhancement or no-stale because it is a supported feature request for a safe ingestion mode, not an abandoned bug report.

[skocher]

Related implementation PR for the WhatsApp outbound guard / read-only account mode: #90360.

That PR adds readOnly: true for WhatsApp accounts and guards outbound WhatsApp activity, including messages, media sends, reactions, typing/presence, pairing replies, and owner slash-command replies. It covers the silent-account / no-outbound side of this issue; the remaining hooks-only/no-agent-run parts can still be tracked separately here.