fix(whatsapp): periodic delivery-queue drain so enqueued items don't wait for next reconnect

[Oviemudiaga]

Summary

drainPendingDeliveries for WhatsApp is only invoked from the reconnect handler in extensions/whatsapp/src/auto-reply/monitor.ts (around the Listening for personal WhatsApp inbound messages. log line). When a delivery is enqueued via enqueueDelivery while the provider is already connected, nothing triggers the drain — the entry stays in ~/.openclaw/delivery-queue/ until the next reconnect.

In production this caused a ~26-minute delay: a queued user-facing message sat until a coincidental status 428 Precondition Required reconnect happened to drain the queue.

Fix

Add a 30s periodic drain inside the WhatsApp connect block, with cleanup on close. The new interval uses the same selectEntry predicate as the reconnect drain (filter by channel + accountId), with bypassBackoff: false so retry/backoff semantics are unchanged.

// after the existing reconnect drain
const periodicDrainInterval = setInterval(() => {
  void drainPendingDeliveries({
    drainKey: `whatsapp:${normalizedAccountId}`,
    logLabel: "WhatsApp periodic drain",
    cfg,
    log: reconnectLogger,
    selectEntry: (entry) => ({
      match:
        entry.channel === "whatsapp" &&
        normalizeReconnectAccountId(entry.accountId) === normalizedAccountId,
      bypassBackoff: false,
    }),
  }).catch((err) => {
    reconnectLogger.warn(
      { connectionId: connection.connectionId, error: String(err) },
      "periodic drain failed",
    );
  });
}, 30_000);

// keep-alive guard cleans up immediately:
if (!keepAlive) {
  clearInterval(periodicDrainInterval);
  await controller.shutdown();
  return;
}

// long-lived path cleans up when the close promise settles:
const reason = await controller
  .waitForClose()
  .finally(() => clearInterval(periodicDrainInterval));

Why a periodic timer instead of post-enqueueDelivery drain

Considered draining immediately after enqueueDelivery when the matching provider is connected — that gives near-zero latency on the happy path but requires enqueueDelivery callers (and/or enqueueDelivery itself) to know which providers are connected, crossing concerns. A periodic timer is local to the WhatsApp monitor, self-contained, and good enough for the user-visible problem. Happy to switch approaches if maintainers prefer the post-enqueue trigger.

Optional follow-up: make the interval configurable via cfg (e.g. whatsapp.periodicDrainMs, default 30_000). Not included here to keep the diff minimal.

Backwards compatibility

• Reconnect drain behavior is unchanged.
• Backoff/retry semantics are unchanged (drainPendingDeliveries already honors isEntryEligibleForRecoveryRetry).
• No new public API.

Test plan

• Maintainers may want unit tests for the periodic-drain behavior — happy to add them with guidance on the preferred test setup for monitor.ts (existing tests in this directory use a specific harness pattern; wanted to keep this PR focused on the fix).
• Manual repro: an entry enqueued while WhatsApp was already connected sat in ~/.openclaw/delivery-queue/ until a coincidental reconnect drained it. With this patch (validated against the compiled dist as a hot-patch), the entry is drained within ~30s.

Notes

This was originally hot-patched against the installed @openclaw/whatsapp/dist/monitor-*.js for our environment (script available on request). Once this PR lands and we upgrade past the release that includes it, we can drop the hot-patch.

Real behavior proof

Behavior or issue addressed: Outbound WhatsApp deliveries enqueued while the provider is already connected sit in ~/.openclaw/delivery-queue/ indefinitely. They only send on the next reconnect, with a real-world ~26-minute delay observed.

Real environment tested: OpenClaw 2026.5.6 (c97b9f7) on Linux WSL2, Node 22.x, with WhatsApp channel LINKED against a real Baileys connection. Hot-patched dist file @openclaw/whatsapp/dist/monitor-Ce7y4e_6.js to mirror this diff.

Exact steps or command run after this patch:

1. Apply this diff's equivalent to the installed dist (script: scripts/apply_bug51_patch.sh).
2. Restart the gateway: openclaw restart.
3. Enqueue an outbound WhatsApp message while the channel is already connected (no forced reconnect).
4. Inspect the live queue and runtime log: ls ~/.openclaw/delivery-queue/ and journalctl --user -u openclaw -f.

Evidence after fix: Redacted live runtime log and queue listing from the patched setup:

[whatsapp] WhatsApp periodic drain
  drainKey=whatsapp:default selectEntry.match=true bypassBackoff=false
  drained=1 acked=1

$ ls ~/.openclaw/delivery-queue/
f53726fb-...json    # pre-patch: sat ~26 min until a coincidental 428 reconnect

$ ls ~/.openclaw/delivery-queue/
(empty within 30s of enqueue, post-patch)

Observed result after fix: Outbound WhatsApp message drained and delivered within one 30s tick of the new periodic timer (vs. ~26 min worst case pre-patch). Reconnect drain path unchanged; backoff/retry semantics preserved (bypassBackoff: false). Recipient confirmed receipt; phone number redacted.

What was not tested: The configurable-interval follow-up (whatsapp.periodicDrainMs) and multi-account WhatsApp setups beyond a single default account.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR adds a WhatsApp monitor interval that drains matching pending outbound delivery-queue entries every 30 seconds while connected, clears it on close, adds a focused e2e test, and records a changelog entry.

Reproducibility: yes. by source inspection and supplied live logs: current main write-ahead queues sends and WhatsApp only drains on reconnect, while the PR body shows a redacted WSL2/Baileys hot-patch draining within one 30s tick. I did not run a live WhatsApp repro in this read-only review.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Summary: Strong real-world log proof and a focused patch make this a good merge candidate after the remaining CI and cadence decision.

Rank-up moves:

• Wait for the in-progress Critical Quality (network-runtime-boundary) check to finish before merge.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🥚 common Tiny Test Hopper

       /\  .---.  /\         
      /  \/     \/  \        
     /   ( -   - )   \       
    |       ._.       |      
    |   /|  ===  |\   |      
     \  \|______/|/  /       
      '._  `--'  _.'         
         '-.__.-'            
       _/|_|  |_|\_          
      /__|      |__\         
       .-----------.         
      '-------------'        

Rarity: 🥚 common.
Trait: hums during re-review.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Tiny Test Hopper in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (logs): The PR body includes redacted live runtime logs and queue listings from a real WhatsApp/Baileys setup showing an equivalent hot patch draining a queued delivery within one 30s tick.

Risk before merge
Why this matters: - The fixed 30s periodic drain intentionally changes connected-state WhatsApp replay cadence, so maintainers should accept that policy before merge.

• Live proof covers a single default WhatsApp account; multi-account behavior is supported by selector logic and test coverage rather than live multi-account proof.
• Critical Quality (network-runtime-boundary) was still in progress when checked, so merge should wait for that shard to finish.

Maintainer options:

1. Land the WhatsApp-local timer after CI (recommended)
   Accept the 30s connected-state drain if the remaining check finishes cleanly, because the patch reuses the existing queue drain, selector, active-claim, and backoff contracts.
2. Require cadence control before merge
   If operators need control over periodic recovery work, ask for a config-backed interval and fresh default-plus-config coverage before merging.

Next step before merge
This PR is already the implementation candidate; no repair lane is needed, but a maintainer should accept the 30s WhatsApp replay cadence and wait for the remaining CI shard.

Security
Cleared: The diff only changes WhatsApp delivery-queue scheduling, a focused test, and changelog text; I found no new dependency, secret, permission, CI, or supply-chain risk.

Review details

Best possible solution:

Land the WhatsApp-local periodic drain once the remaining CI completes, unless maintainers want to require a config-backed cadence before accepting connected-state replay.

Do we have a high-confidence way to reproduce the issue?

Yes by source inspection and supplied live logs: current main write-ahead queues sends and WhatsApp only drains on reconnect, while the PR body shows a redacted WSL2/Baileys hot-patch draining within one 30s tick. I did not run a live WhatsApp repro in this read-only review.

Is this the best way to solve the issue?

Yes. The WhatsApp monitor owns listener readiness, and a local timer reuses the existing drain/backoff/active-claim contracts without making enqueueDelivery provider-aware; configurable cadence is an optional maintainer policy choice, not required for the narrow fix.

Label justifications:

• P1: The PR addresses a user-facing WhatsApp outbound delivery delay where queued messages can wait until the next reconnect.
• merge-risk: 🚨 message-delivery: The patch changes when queued WhatsApp messages are replayed while connected, so a bad implementation could affect delivery timing or duplication behavior.

Acceptance criteria:

• CI for head 5382490, especially Critical Quality (network-runtime-boundary)
• Focused WhatsApp monitor test added by the PR
• Existing outbound delivery-queue reconnect-drain tests for active-claim duplicate protection

What I checked:

• Current main only drains on reconnect: On current main, monitorWebChannel calls drainPendingDeliveries once after connection setup and then waits for close; there is no connected-state periodic drain in this block. (extensions/whatsapp/src/auto-reply/monitor.ts:525, a559ccc0844a)
• Queue eligibility supports replaying fresh entries: enqueueDelivery persists entries with retryCount: 0, and recovery treats a first replay with no lastAttemptAt as eligible, which explains why a connected-state drain can recover an otherwise stranded fresh entry. (src/infra/outbound/delivery-queue-storage.ts:145, a559ccc0844a)
• PR implementation reuses existing drain contract: The PR patch adds a 30s setInterval inside the WhatsApp connect block, filters by channel/account, keeps bypassBackoff: false, logs failures, and clears the interval on non-keepalive and close paths. (extensions/whatsapp/src/auto-reply/monitor.ts:541, 538249090767)
• Regression coverage added: The PR adds a monitor test that verifies the reconnect drain still runs, the periodic drain fires after 30 seconds with the expected selector, and no further drain occurs after close. (extensions/whatsapp/src/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts:266, 538249090767)
• Duplicate-send guard is already present on main: Current main holds an active delivery claim around live queued sends, and an existing regression test confirms reconnect drains skip in-flight live deliveries, which addresses the main duplication risk for adding a periodic drain. (src/infra/outbound/deliver.ts:1241, a559ccc0844a)
• History provenance: The WhatsApp reconnect drain behavior appears to date to commit 95d4673, which moved WhatsApp to the generic drainPendingDeliveries reconnect path. (extensions/whatsapp/src/auto-reply/monitor.ts:525, 95d467398e46)

Likely related people:

• mcaxtr: Introduced the current WhatsApp reconnect drain path in 95d4673 and added the latest PR test commit on this branch. (role: introduced behavior and recent test contributor; confidence: high; commits: 95d467398e46, 538249090767, 4cba08df01ea; files: extensions/whatsapp/src/auto-reply/monitor.ts, extensions/whatsapp/src/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts, src/infra/outbound/delivery-queue-recovery.ts)
• steipete: Carried recent WhatsApp monitor/reconnect fixes and merged the active-delivery-claim work that makes periodic drains safe around in-flight sends. (role: recent adjacent owner; confidence: high; commits: aa27a9474fa3, ac7e1c36eb55, 7a6f73a8aae9; files: src/infra/outbound/deliver.ts, src/infra/outbound/delivery-queue.reconnect-drain.test.ts, extensions/whatsapp/src/auto-reply/monitor.ts)
• vincentkoc: Recent WhatsApp reconnect and auth-conflict recovery commits touch the same monitor/runtime area, so they are a plausible reviewer for behavior interactions. (role: adjacent WhatsApp reconnect contributor; confidence: medium; commits: 21a92ea0f636, 7950a1802510; files: extensions/whatsapp/src/auto-reply/monitor.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against a559ccc0844a.

[mcaxtr]

Merged via squash.

• Prepared head SHA: 9a619bb9d953ddd38da0b44f2c30ea9a67455f21
• Merge commit: e9989f3a92e5ab28c900d962ea6058fabb94bee7

Thanks @Oviemudiaga!