fix(whatsapp): serialize Error in auto-reply delivery log

[itsuzef]

Summary

The auto-reply delivery failed log path in extensions/whatsapp/src/auto-reply/monitor/inbound-dispatch.ts passes a raw Error under the err field. tslog renders bare Error instances as {} because Error's own data properties are non-enumerable. Every delivery failure in production logs err: {}, forcing operators to guess the underlying Baileys error from timestamp alone (observed 2026-05-22: two failures at 12:04:44.419/.421 cost ~30 min of code archaeology to recover what the error would have told us).

Fix

Add a small normalizeErrForLog helper that converts Error to { type, message, stack } plus own-enumerable properties, preserving Boom-style subclass diagnostics (output.statusCode, data) and custom delivery-error fields (stage, results). Non-Error values pass through unchanged.

Object.fromEntries(Object.entries(err)) is used in place of ...err to satisfy the repo's typescript(no-misused-spread) lint rule.

Error.cause is intentionally NOT walked here: it is non-enumerable and including it raises the risk of embedding a non-serializable value that breaks the logger's JSON.stringify (silently dropping the whole log line). Happy to add bounded cause-handling if maintainers want it.

Real behavior proof

The file-log transport at src/logging/logger.ts:568 does JSON.stringify(record) on the structured record. Reproduced that exact path with a Node probe so the on-disk log line can be compared directly before vs after the patch. All IDs/JIDs are redacted with <...> placeholders; the correlationId is a synthetic example mirroring the format actually used.

Case 1 — plain new Error("send failed") (the empirical production bug)

BEFORE (current upstream main):

{"level":"error","msg":"auto-reply delivery failed","replyKind":"final","correlationId":"3EB0928533C5D5C648ED88","connectionId":"<redacted>","conversationId":"<redacted-conv>","chatId":"<redacted>@g.us","to":"<redacted-to>","from":"<redacted-from>","err":{}}

err: {} — exactly what we observed in production logs on 2026-05-22. Useless for triage.

AFTER (this PR):

{"level":"error","msg":"auto-reply delivery failed","replyKind":"final","correlationId":"3EB0928533C5D5C648ED88","connectionId":"<redacted>","conversationId":"<redacted-conv>","chatId":"<redacted>@g.us","to":"<redacted-to>","from":"<redacted-from>","err":{"type":"Error","message":"send failed","stack":"Error: send failed\n    at file:///private/tmp/ve514-proof.mjs:34:39\n    at ModuleJob.run (node:internal/modules/esm/module_job:345:25)\n    ..."}}

err: { type, message, stack } — operator can now classify the failure at-a-glance.

Case 2 — Baileys/Boom-like subclass throwing a 408 timeout

BEFORE:

{..."err":{"name":"BoomLikeError","output":{"statusCode":408,"payload":{"error":"Request Time-out"}},"data":{"reason":"transport-stale"}}}

Some fields visible (own-enumerable) but message and stack still missing.

AFTER:

{..."err":{"name":"BoomLikeError","output":{"statusCode":408,"payload":{"error":"Request Time-out"}},"data":{"reason":"transport-stale"},"type":"BoomLikeError","message":"send timed out","stack":"BoomLikeError: send timed out\n    at file:///private/tmp/ve514-proof.mjs:45:42\n    ..."}}

All Boom diagnostic fields preserved AND type/message/stack now present.

Case 3 — non-Error structured rejection (pass-through, no regression)

BEFORE === AFTER:

{..."err":{"error":{"code":"BAILEYS_NACK","message":"stanza rejected"},"attempt":2}}

Confirmed pass-through preserves object rejection payloads unchanged.

Probe script

The probe at /tmp/ve514-proof.mjs mirrors src/logging/logger.ts:568 (JSON.stringify(record)) exactly. Source available on request; not committed because it's a one-off ad-hoc probe.

Test plan

• pnpm test extensions/whatsapp/src/auto-reply/monitor/inbound-dispatch.test.ts — 40 passed (4 new cases: Error, Boom-style subclass, string rejection, object rejection)
• pnpm exec oxfmt --check
• pnpm lint:extensions
• pnpm check:changed (full lane: typecheck, lint, import cycles, deps guards)
• codex review --base upstream/main (8 iterations addressed; settled on this middle ground after the AI reviewer oscillated between "preserve more" and "preserve less" — current shape addresses preservation concerns without serialization risk)
• Real-behavior proof above (Node probe reproducing the logger's JSON.stringify transport, three cases redacted)

Note on CI failure

checks-node-core-fast failure is unrelated to this PR: src/plugin-activation-boundary.test.ts:147 expects grok-4-fast but the resolver returns grok-4-fast-reasoning (xAI model normalization). The same job is failing on the latest main CI run (26339120224), so the breakage predates this branch and is in a path this PR does not touch (extensions/whatsapp/** only).

AI disclosure

Authored with Claude Code (Opus 4.7) assistance. Fully tested. Author confirms understanding of the change.

[clawsweeper]

Codex review: needs maintainer review before merge.

Latest ClawSweeper review: 2026-05-23 20:39 UTC / May 23, 2026, 4:39 PM ET.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

PR Surface
Source +8, Tests +119. Total +127 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	1	9	1	+8
Tests	1	120	1	+119
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	129	2	+127

Summary
The branch adds normalizeErrForLog to WhatsApp inbound dispatch and expands tests for Error, Error-subclass, string, and object auto-reply delivery failures.

Reproducibility: yes. Current main passes a raw Error to the structured log field, and the file transport serializes that record with JSON.stringify; a focused Node probe confirms that produces err: {} for plain Errors.

PR rating
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🦞 diamond lobster
Summary: The PR is small, targeted, and well covered, with adequate proof for this log-serialization bug and only normal CI completion remaining.

Rank-up moves:

• Wait for the remaining required check runs on head d5403464 to complete successfully or be explicitly waived as unrelated before merge.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Override: A maintainer applied proof: override for this PR.

Risk before merge

• A few check runs for head d5403464 were still in progress when inspected; maintainers should wait for required CI to finish or explicitly waive unrelated pending checks before merge.

Maintainer options:

1. Decide the mitigation before merge
   Land the narrow WhatsApp log normalization after the required CI gate is green or intentionally waived, keeping the fix local to the plugin log site.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No ClawSweeper repair lane is needed because the diff has no blocking findings; the remaining action is normal maintainer merge review and CI gating.

Security
Cleared: The diff only changes local WhatsApp log serialization and tests; it adds no dependencies, workflows, credentials, permissions, or new code execution paths.

Review details

Best possible solution:

Land the narrow WhatsApp log normalization after the required CI gate is green or intentionally waived, keeping the fix local to the plugin log site.

Do we have a high-confidence way to reproduce the issue?

Yes. Current main passes a raw Error to the structured log field, and the file transport serializes that record with JSON.stringify; a focused Node probe confirms that produces err: {} for plain Errors.

Is this the best way to solve the issue?

Yes. Normalizing only this WhatsApp delivery-failure log field fixes the operator-visible diagnostic loss without changing the central logger contract or plugin SDK surface.

Label justifications:

• P2: This is a normal-priority WhatsApp observability bug fix with limited blast radius and no direct message delivery, auth, session, or availability behavior change.
• rating: 🐚 platinum hermit: Current PR rating is 🐚 platinum hermit because proof is 🐚 platinum hermit, patch quality is 🦞 diamond lobster, and The PR is small, targeted, and well covered, with adequate proof for this log-serialization bug and only normal CI completion remaining.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Override: A maintainer applied proof: override for this PR.

What I checked:

• Current main logs the raw delivery error: logWhatsAppReplyDeliveryError on current main passes params.err directly into the structured err field for auto-reply delivery failed. (extensions/whatsapp/src/auto-reply/monitor/inbound-dispatch.ts:92, 00388134c4ed)
• File transport serializes records with JSON.stringify: The logger file transport builds the structured record and writes JSON.stringify(redactLogRecordForTransport(record)), so a plain Error object becomes an empty object unless normalized first. (src/logging/logger.ts:568, 00388134c4ed)
• Focused reproduction of the serialization loss: A read-only Node probe showed JSON.stringify({ err: new Error("send failed") }) outputs {"err":{}}, while the normalized shape preserves the message field.
• PR patch is narrow and covered: The PR adds a local normalizeErrForLog helper at the WhatsApp log site and tests plain Error, Boom-like Error subclass, string rejection, and structured object rejection behavior. (extensions/whatsapp/src/auto-reply/monitor/inbound-dispatch.ts:82, d540346420c4)
• Related search did not find a merged canonical replacement: Search found this open PR, a prior closed-unmerged WhatsApp delivery logging PR, and adjacent delivery issues, but no merged PR that already implements this exact Error serialization fix.
• Head check state: Most checks on head d5403464 were successful at inspection, with a few check runs still in progress, so the remaining gate is normal CI completion rather than a code repair. (d540346420c4)

Likely related people:

• steipete: Recent commit history for inbound-dispatch.ts shows repeated WhatsApp auto-reply and message-lifecycle work, including provider-accepted auto-reply tracking and bundled plugin message lifecycle migration. (role: recent area contributor; confidence: high; commits: eab402493429, 05eda57b3c72, 64d4f99d2641; files: extensions/whatsapp/src/auto-reply/monitor/inbound-dispatch.ts, extensions/whatsapp/src/auto-reply/monitor/inbound-dispatch.test.ts)
• mcaxtr: Recent history and squash metadata show repeated involvement in WhatsApp auto-reply/media/error-text changes around the same dispatch surface. (role: adjacent WhatsApp reviewer/coauthor; confidence: medium; commits: 4cba08df01ea, 652f34103a4d, 413e407fb859; files: extensions/whatsapp/src/auto-reply/monitor/inbound-dispatch.ts, extensions/whatsapp/src/auto-reply/monitor/inbound-dispatch.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 00388134c4ed.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🌱 uncommon Pearl Lint Imp

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🌱 uncommon.
Trait: polishes edge cases.
Image traits: location status garden; accessory little merge flag; palette amber, ink, and glacier blue; mood celebratory; pose nestled inside a glowing shell; shell soft speckled shell; lighting bright celebratory glints; background subtle branch markers.
Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Pearl Lint Imp in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[itsuzef]

Updated the PR body with the redacted before/after log output ClawSweeper asked for — three cases (plain Error, Boom-like subclass, non-Error rejection) using a Node probe that mirrors src/logging/logger.ts:568 (JSON.stringify(record)) exactly.

checks-node-core-fast failure is unrelated: src/plugin-activation-boundary.test.ts:147 (xAI grok-4-fast model normalization). The same job is failing on the latest main CI run, and this PR only touches extensions/whatsapp/auto-reply/monitor/inbound-dispatch.{ts,test.ts}.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26339355572
• Updated: 2026-05-23T17:51:55.236Z

[martingarramon]

The serializer correctly handles the three non-enumerable Error properties (message, stack, and name-as-type) that JSON.stringify silently drops. Spreading own enumerable props first, then explicitly setting those three, is the right order — it preserves Boom-style subclass fields without relying on them to surface the base properties.

Four cases covered: base Error, subclass with extra fields, string rejection, plain object. LGTM.