fix(media): restore compact WhatsApp terminal QR

[liorb-mountapps]

Summary

• Add an OpenClaw compact terminal QR renderer backed by the qrcode.create() matrix.
• Keep the default full terminal QR renderer unchanged.
• Use compact QR output for WhatsApp login/session QR prompts again.
• Add tests that decode the compact terminal output back to the QR matrix and compare every cell.

Linked context

Related: #77820
Related: #77844

#77844 fixed a real bug in the upstream qrcode terminal small: true renderer, but it also made WhatsApp use the full-size terminal QR. That made the WhatsApp login QR much larger than before. This PR keeps the safety goal from #77844 by not using upstream small: true; OpenClaw now compacts the QR from the raw matrix itself.

Real behavior proof

Behavior addressed: WhatsApp terminal login QR is compact enough for normal terminals again, without using the broken upstream qrcode terminal small renderer.

Real environment tested: Windows Terminal and PowerShell against this branch. The renderer uses ANSI SGR color and standard block characters, so the QR value does not depend on Windows-only behavior.

Exact steps or command run after this patch: Ran corepack pnpm openclaw channels login --channel whatsapp, then scanned the printed QR from WhatsApp Linked Devices.

Evidence after fix: Terminal output from the real login showed the compact QR and then printed Linked after restart; web session ready. Screenshots were reviewed locally on dark and white terminal backgrounds. The scannable QR payload is not attached here because WhatsApp login QR contents are sensitive. A local size probe with a WhatsApp-style sample showed full render 70x35 and compact render 35x18.

Observed result after fix: WhatsApp linked successfully after scanning the compact terminal QR.

What was not tested: Live WhatsApp pairing on macOS/Linux terminals was not run for this PR. Feishu and other QR call sites were not live-tested.

Tests and validation

• corepack pnpm test src/media/qr-terminal.test.ts src/media/qr-terminal.render.test.ts extensions/whatsapp/src/login.coverage.test.ts extensions/whatsapp/src/session.test.ts passed: 3 shards, 29 passed, 6 skipped.
• corepack pnpm exec oxfmt --check --threads=1 src/media/qr-terminal.ts src/media/qr-terminal.test.ts src/media/qr-terminal.render.test.ts src/types/qrcode.d.ts extensions/whatsapp/src/login.ts extensions/whatsapp/src/session.ts extensions/whatsapp/src/login.coverage.test.ts extensions/whatsapp/src/session.test.ts passed on 8 files.
• git diff --check passed.
• src/media/qr-terminal.render.test.ts decodes compact block output back to QR cells and compares it to QRCode.create(sample).modules.data.

Risk checklist

• User-visible behavior change: WhatsApp terminal QR is compact again.
• No config, migration, or credential format change.
• No auth/session behavior change beyond terminal QR display.
• QR value protected by matrix-equivalence test.

Current review state

Ready for maintainer review.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 28, 2026, 4:37 AM ET / 08:37 UTC.

Summary
The branch adds a matrix-backed compact terminal QR renderer, routes WhatsApp login/session QR prompts through it, updates the local qrcode type shim, and adds QR/WhatsApp regression tests.

PR surface: Source +57, Tests +98. Total +155 across 8 files.

Reproducibility: yes. by source inspection: current main and v2026.5.26 route WhatsApp QR prompts through renderQrTerminal(qr) without compact mode, so the larger full-size renderer is used. I did not run a live WhatsApp pairing reproduction in this read-only review.

Review metrics: 1 noteworthy metric.

• WhatsApp QR output scope: 2 WhatsApp call sites changed to compact, 0 shared defaults changed. This shows the restore is limited to WhatsApp login/session prompts and does not reopen compact mode for Feishu, CLI, or the shared default path fixed earlier.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] Live proof covers Windows Terminal/PowerShell only; macOS/Linux QR behavior is supported by the ANSI/block-character contract and matrix-equivalence tests rather than separate live scans.

Maintainer options:

1. Decide the mitigation before merge
   Land the narrow WhatsApp-only compact renderer after normal maintainer review and CI, while keeping the shared terminal QR default on the safer full-size path.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• No automated repair is needed; this implementation PR has no blocking findings and is ready for normal maintainer review and CI gating.

Security
Cleared: The diff does not touch credentials, auth storage, network policy, CI, lockfiles, or dependency sources; it only changes terminal QR formatting plus tests/types.

Review details

Best possible solution:

Land the narrow WhatsApp-only compact renderer after normal maintainer review and CI, while keeping the shared terminal QR default on the safer full-size path.

Do we have a high-confidence way to reproduce the issue?

Yes, by source inspection: current main and v2026.5.26 route WhatsApp QR prompts through renderQrTerminal(qr) without compact mode, so the larger full-size renderer is used. I did not run a live WhatsApp pairing reproduction in this read-only review.

Is this the best way to solve the issue?

Yes. The proposed path keeps the shared full-size default from the previous safety fix and adds a separate matrix-backed compact renderer for WhatsApp, which is narrower than reverting to upstream qrcode small terminal mode.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against bd02977e294d.

Label changes

Label changes:

• add P2: This is a focused user-visible WhatsApp login UX regression fix with limited blast radius and clear tests/proof, not an urgent outage.
• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body gives after-fix terminal proof from a real WhatsApp login scan; the sensitive QR itself was not attached, which is reasonable for this flow.
• add rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🦞 diamond lobster, so this older rating label is no longer current.

Label justifications:

• P2: This is a focused user-visible WhatsApp login UX regression fix with limited blast radius and clear tests/proof, not an urgent outage.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body gives after-fix terminal proof from a real WhatsApp login scan; the sensitive QR itself was not attached, which is reasonable for this flow.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body gives after-fix terminal proof from a real WhatsApp login scan; the sensitive QR itself was not attached, which is reasonable for this flow.

Evidence reviewed

PR surface:

Source +57, Tests +98. Total +155 across 8 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	4	61	4	+57
Tests	4	102	4	+98
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	8	163	8	+155

What I checked:

• Current main keeps the shared QR default full-size: At current main, renderQrTerminal delegates to qrcode.toString(..., { small: opts.small ?? false, type: "terminal" }), so callers that omit small render full-size. (src/media/qr-terminal.ts:8, bd02977e294d)
• Current WhatsApp call sites omit compact mode: Current main's WhatsApp login and session QR paths call renderQrTerminal(qr) without { small: true }, matching the larger output behavior this PR is trying to change. (extensions/whatsapp/src/login.ts:25, bd02977e294d)
• Latest release has the same full-size WhatsApp behavior: Tag v2026.5.26 shows the same full-size shared renderer and WhatsApp call sites without compact mode, so the compact WhatsApp restore is not already shipped. (extensions/whatsapp/src/session.ts:127)
• PR implements compact rendering from the QR matrix: The head branch builds compact output from qrcode.create(text).modules, uses half-block characters, and keeps qrcode.toString(... small: false) for the default path. (src/media/qr-terminal.ts:35, ff700e582385)
• PR scopes compact mode to WhatsApp QR prompts: The head branch changes both WhatsApp login/session QR prompts to pass { small: true } while leaving Feishu, CLI, and shared defaults on the full-size path. (extensions/whatsapp/src/login.ts:25, ff700e582385)
• Matrix-equivalence regression test covers the new renderer: The added real-runtime test decodes compact block output back to QR cells and compares it to QRCode.create(sample).modules.data, while also asserting compact width is smaller than full output. (src/media/qr-terminal.render.test.ts:71, ff700e582385)

Likely related people:

• neeravmakwana: Authored the merged QR safety fix that moved the shared renderer and WhatsApp call sites to full-size terminal output for the related ANSI-rendering bug. (role: recent area contributor; confidence: high; commits: 0ac483787813; files: src/media/qr-terminal.ts, extensions/whatsapp/src/login.ts, extensions/whatsapp/src/session.ts)
• steipete: Committed the merged prior change that established the current full-size QR behavior across the same files, making them a useful routing candidate for the restore decision. (role: merger/committer for prior QR fix; confidence: medium; commits: 0ac483787813; files: src/media/qr-terminal.ts, extensions/whatsapp/src/login.ts, extensions/whatsapp/src/session.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg: ✨ hatched 🥚 common Gilded Merge Sprite. Rarity: 🥚 common. Trait: sleeps inside passing CI.

Details

Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Gilded Merge Sprite in ClawSweeper.
Hatchability:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

About:

• Eggs appear after real-behavior proof passes. They are collectible flavor only.
• Review momentum changes the shell state: follow-up work warms it, re-review makes it wobble, and a clean final review lets it hatch.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.