@chrysb/alphaclaw 0.9.5 → 0.9.7

package/lib/server/agents/shared.js

@@ -14,6 +14,7 @@ const kChannelEnvKeys = {
   telegram: "TELEGRAM_BOT_TOKEN",
   discord: "DISCORD_BOT_TOKEN",
   slack: "SLACK_BOT_TOKEN",
+  whatsapp: "WHATSAPP_OWNER_NUMBER",
 };
 const kChannelExtraEnvKeys = {
   slack: ["SLACK_APP_TOKEN"],
@@ -22,6 +23,7 @@ const kChannelTokenFields = {
   telegram: "botToken",
   discord: "token",
   slack: "botToken",
+  // WhatsApp uses owner number, not a bot token field
 };
 const kChannelExtraTokenFields = {
   slack: ["appToken"],
@@ -30,6 +32,13 @@ const kChannelLabels = {
   telegram: "Telegram",
   discord: "Discord",
   slack: "Slack",
+  whatsapp: "WhatsApp",
+};
+const kChannelProviderAliases = {
+  wa: "whatsapp",
+  "whats-app": "whatsapp",
+  whats_app: "whatsapp",
+  "whats app": "whatsapp",
 };
 const kMaskedChannelToken = "********";
 
@@ -39,6 +48,44 @@ const shellEscapeArg = (value) =>
 const resolveCredentialsDirPath = ({ OPENCLAW_DIR }) =>
   path.join(OPENCLAW_DIR, "credentials");
 
+const resolveWhatsAppCredentialCandidatePaths = ({
+  OPENCLAW_DIR,
+  accountId,
+}) => {
+  const credentialsDir = resolveCredentialsDirPath({ OPENCLAW_DIR });
+  const normalizedAccountId = normalizeChannelAccountId(accountId);
+  return [
+    path.join(credentialsDir, "whatsapp", normalizedAccountId, "creds.json"),
+    ...(normalizedAccountId === "default"
+      ? [path.join(credentialsDir, "creds.json")]
+      : []),
+  ];
+};
+
+const hasSavedWhatsAppCredentials = ({
+  fsImpl,
+  OPENCLAW_DIR,
+  accountId,
+}) => {
+  const candidatePaths = resolveWhatsAppCredentialCandidatePaths({
+    OPENCLAW_DIR,
+    accountId,
+  });
+  const matches = candidatePaths.map((targetPath) => {
+    try {
+      const exists = !!String(fsImpl.readFileSync(targetPath, "utf8") || "").trim();
+      return { path: targetPath, exists };
+    } catch (error) {
+      return {
+        path: targetPath,
+        exists: false,
+        error: String(error?.message || error || "read failed"),
+      };
+    }
+  });
+  return matches.some((entry) => entry.exists);
+};
+
 const resolveAgentWorkspacePath = ({ OPENCLAW_DIR, agentId }) =>
   path.join(
     OPENCLAW_DIR,
@@ -149,7 +196,7 @@ const normalizeChannelProvider = (value) => {
     .trim()
     .toLowerCase();
   if (!provider || !kChannelEnvKeys[provider]) {
-    throw new Error("Unsupported channel provider");
+    throw new Error(`Unsupported channel provider "${provider}"`);
   }
   return provider;
 };
@@ -397,6 +444,26 @@ const resolveCredentialPairingAccountId = ({ channelId, fileName }) => {
   return normalizeChannelAccountId(rawAccountId);
 };
 
+const hasImplicitWhatsAppSelfPairing = ({
+  fsImpl,
+  OPENCLAW_DIR,
+  channelId,
+  accountId,
+  accountConfig,
+}) => {
+  if (String(channelId || "").trim() !== "whatsapp") return false;
+  if (!accountConfig || typeof accountConfig !== "object") return false;
+  if (accountConfig.selfChatMode === false) return false;
+  if (String(accountConfig.dmPolicy || "").trim().toLowerCase() === "disabled") {
+    return false;
+  }
+  return hasSavedWhatsAppCredentials({
+    fsImpl,
+    OPENCLAW_DIR,
+    accountId,
+  });
+};
+
 const readPairedCountsByAccount = ({
   fsImpl,
   OPENCLAW_DIR,
@@ -412,30 +479,33 @@ const readPairedCountsByAccount = ({
   );
   const credentialsDir = resolveCredentialsDirPath({ OPENCLAW_DIR });
   try {
-    const files = fsImpl
-      .readdirSync(credentialsDir)
-      .filter(
-        (fileName) =>
-          String(fileName || "").startsWith(
-            `${String(channelId || "").trim()}-`,
-          ) && String(fileName || "").endsWith("-allowFrom.json"),
-      );
-    for (const fileName of files) {
-      const accountId = resolveCredentialPairingAccountId({
-        channelId,
-        fileName,
-      });
-      if (!accountId || !counts.has(accountId)) continue;
-      const filePath = path.join(credentialsDir, fileName);
-      const parsed = JSON.parse(fsImpl.readFileSync(filePath, "utf8"));
-      const pairedCount = Array.isArray(parsed?.allowFrom)
-        ? parsed.allowFrom.length
-        : 0;
-      counts.set(accountId, Number(counts.get(accountId) || 0) + pairedCount);
+    if (String(channelId || "").trim() !== "whatsapp") {
+      const files = fsImpl
+        .readdirSync(credentialsDir)
+        .filter(
+          (fileName) =>
+            String(fileName || "").startsWith(
+              `${String(channelId || "").trim()}-`,
+            ) && String(fileName || "").endsWith("-allowFrom.json"),
+        );
+      for (const fileName of files) {
+        const accountId = resolveCredentialPairingAccountId({
+          channelId,
+          fileName,
+        });
+        if (!accountId || !counts.has(accountId)) continue;
+        const filePath = path.join(credentialsDir, fileName);
+        const parsed = JSON.parse(fsImpl.readFileSync(filePath, "utf8"));
+        const pairedCount = Array.isArray(parsed?.allowFrom)
+          ? parsed.allowFrom.length
+          : 0;
+        counts.set(accountId, Number(counts.get(accountId) || 0) + pairedCount);
+      }
     }
   } catch {}
 
   for (const accountId of counts.keys()) {
+    if (String(channelId || "").trim() === "whatsapp") continue;
     const accountConfig =
       accountId === "default" &&
       !(config.accounts && typeof config.accounts === "object")
@@ -449,6 +519,26 @@ const readPairedCountsByAccount = ({
     );
   }
 
+  for (const accountId of counts.keys()) {
+    if (Number(counts.get(accountId) || 0) > 0) continue;
+    const accountConfig =
+      accountId === "default" &&
+      !(config.accounts && typeof config.accounts === "object")
+        ? config
+        : config.accounts?.[accountId] || {};
+    if (
+      hasImplicitWhatsAppSelfPairing({
+        fsImpl,
+        OPENCLAW_DIR,
+        channelId,
+        accountId,
+        accountConfig,
+      })
+    ) {
+      counts.set(accountId, 1);
+    }
+  }
+
   return counts;
 };
 
@@ -509,27 +599,26 @@ const listConfiguredChannelAccounts = ({ fsImpl, OPENCLAW_DIR, cfg }) => {
       });
       return {
         channel: String(channelId || "").trim(),
-        accounts: normalizedAccountIds
-          .map((accountId) => {
-            const accountConfig =
-              accountId === "default" && accountIds.length === 0
-                ? config
-                : accountsConfig?.[accountId] || {};
-            return {
-              id: accountId,
-              name: String(accountConfig?.name || "").trim(),
-              envKey: deriveChannelEnvKey({ provider: channelId, accountId }),
-              boundAgentId:
-                boundAccountMap.get(
-                  `${String(channelId || "").trim()}:${accountId}`,
-                ) || "",
-              paired: Number(pairedCounts.get(accountId) || 0),
-              status:
-                Number(pairedCounts.get(accountId) || 0) > 0
-                  ? "paired"
-                  : "configured",
-            };
-          }),
+        accounts: normalizedAccountIds.map((accountId) => {
+          const accountConfig =
+            accountId === "default" && accountIds.length === 0
+              ? config
+              : accountsConfig?.[accountId] || {};
+          return {
+            id: accountId,
+            name: String(accountConfig?.name || "").trim(),
+            envKey: deriveChannelEnvKey({ provider: channelId, accountId }),
+            boundAgentId:
+              boundAccountMap.get(
+                `${String(channelId || "").trim()}:${accountId}`,
+              ) || "",
+            paired: Number(pairedCounts.get(accountId) || 0),
+            status:
+              Number(pairedCounts.get(accountId) || 0) > 0
+                ? "paired"
+                : "configured",
+          };
+        }),
       };
     })
     .filter(Boolean);
@@ -673,6 +762,8 @@ module.exports = {
   kMaskedChannelToken,
   shellEscapeArg,
   resolveCredentialsDirPath,
+  resolveWhatsAppCredentialCandidatePaths,
+  hasSavedWhatsAppCredentials,
   resolveAgentWorkspacePath,
   loadConfig,
   saveConfig,

package/lib/server/alphaclaw-version.js

@@ -96,7 +96,7 @@ const extractTemplateVersions = (pkg) => ({
   latestOpenclawVersion: normalizeOpenclawVersion(pkg?.dependencies?.openclaw),
 });
 
-const fetchLatestVersionFromRegistry = async ({ fetchImpl }) => {
+const fetchLatestVersionFromRegistry = async ({ fetchImpl, version = null }) => {
   if (typeof fetchImpl !== "function") {
     throw new Error("Fetch is not available for AlphaClaw version checks");
   }
@@ -109,7 +109,8 @@ const fetchLatestVersionFromRegistry = async ({ fetchImpl }) => {
     response,
     "Failed to fetch latest AlphaClaw version",
   );
-  const latestVersion = normalizeVersion(data?.["dist-tags"]?.latest);
+  const latestVersion =
+    normalizeVersion(version) || normalizeVersion(data?.["dist-tags"]?.latest);
   const latestOpenclawVersion = latestVersion
     ? normalizeOpenclawVersion(
         data?.versions?.[latestVersion]?.dependencies?.openclaw,
@@ -143,7 +144,10 @@ const fetchTemplatePackageVersions = async ({
   const versions = extractTemplateVersions(data);
   if (!versions.latestOpenclawVersion && versions.latestVersion) {
     try {
-      const registry = await fetchLatestVersionFromRegistry({ fetchImpl });
+      const registry = await fetchLatestVersionFromRegistry({
+        fetchImpl,
+        version: versions.latestVersion,
+      });
       versions.latestOpenclawVersion = registry.latestOpenclawVersion || null;
     } catch {}
   }

package/lib/server/commands.js

@@ -32,7 +32,10 @@ const createCommands = ({ gatewayEnv }) => {
       });
     });
 
-  const clawCmd = (cmd, { quiet = false, timeoutMs = 15000 } = {}) =>
+  const clawCmd = (
+    cmd,
+    { quiet = false, timeoutMs = 15000, killSignal = "SIGTERM" } = {},
+  ) =>
     new Promise((resolve) => {
       if (!quiet) console.log(`[alphaclaw] Running: openclaw ${cmd}`);
       exec(
@@ -40,6 +43,7 @@ const createCommands = ({ gatewayEnv }) => {
         {
           env: gatewayEnv(),
           timeout: timeoutMs,
+          killSignal,
         },
         (err, stdout, stderr) => {
           const result = {

package/lib/server/constants.js

@@ -256,6 +256,12 @@ const kKnownVars = [
     group: "channels",
     hint: "From Basic Information → App-Level Tokens (xapp-...)",
   },
+  {
+    key: "WHATSAPP_OWNER_NUMBER",
+    label: "WhatsApp Owner Number",
+    group: "channels",
+    hint: "E.164 number, e.g. +15551234567",
+  },
   {
     key: "MISTRAL_API_KEY",
     label: "Mistral API Key",
@@ -358,6 +364,7 @@ const kChannelDefs = {
   telegram: { envKey: "TELEGRAM_BOT_TOKEN" },
   discord: { envKey: "DISCORD_BOT_TOKEN" },
   slack: { envKey: "SLACK_BOT_TOKEN", extraEnvKeys: ["SLACK_APP_TOKEN"] },
+  whatsapp: { envKey: "WHATSAPP_OWNER_NUMBER", sync: false },
 };
 const kProtectedBrowsePaths = new Set(
   Array.isArray(kBrowseFilePolicies?.protectedPaths)

package/lib/server/gateway.js

@@ -371,6 +371,32 @@ const getChannelStatus = () => {
     );
     const credDir = `${OPENCLAW_DIR}/credentials`;
     const channels = {};
+    const hasImplicitWhatsAppSelfPairing = ({ accountId, accountConfig }) => {
+      if (!accountConfig || typeof accountConfig !== "object") return false;
+      if (accountConfig.selfChatMode === false) return false;
+      if (String(accountConfig.dmPolicy || "").trim().toLowerCase() === "disabled") {
+        return false;
+      }
+      const candidatePaths = [
+        `${credDir}/whatsapp/${accountId}/creds.json`,
+        ...(accountId === "default" ? [`${credDir}/creds.json`] : []),
+      ];
+      const matches = candidatePaths.map((targetPath) => {
+        try {
+          return {
+            path: targetPath,
+            exists: !!String(fs.readFileSync(targetPath, "utf8") || "").trim(),
+          };
+        } catch (error) {
+          return {
+            path: targetPath,
+            exists: false,
+            error: String(error?.message || error || "read failed"),
+          };
+        }
+      });
+      return matches.some((entry) => entry.exists);
+    };
 
     for (const ch of Object.keys(kChannelDefs)) {
       const channelConfig =
@@ -404,27 +430,30 @@ const getChannelStatus = () => {
         Array.from(configuredAccountIds).map((accountId) => [accountId, 0]),
       );
       try {
-        const files = fs
-          .readdirSync(credDir)
-          .filter(
-            (f) => f.startsWith(`${ch}-`) && f.endsWith("-allowFrom.json"),
-          );
-        for (const file of files) {
-          const accountId = resolveCredentialPairingAccountId({
-            channel: ch,
-            fileName: file,
-          });
-          if (!accountId || !configuredAccountIds.has(accountId)) continue;
-          const data = JSON.parse(
-            fs.readFileSync(`${credDir}/${file}`, "utf8"),
-          );
-          const nextCount =
-            Number(pairedByAccount.get(accountId) || 0)
-            + (Array.isArray(data.allowFrom) ? data.allowFrom.length : 0);
-          pairedByAccount.set(accountId, nextCount);
+        if (ch !== "whatsapp") {
+          const files = fs
+            .readdirSync(credDir)
+            .filter(
+              (f) => f.startsWith(`${ch}-`) && f.endsWith("-allowFrom.json"),
+            );
+          for (const file of files) {
+            const accountId = resolveCredentialPairingAccountId({
+              channel: ch,
+              fileName: file,
+            });
+            if (!accountId || !configuredAccountIds.has(accountId)) continue;
+            const data = JSON.parse(
+              fs.readFileSync(`${credDir}/${file}`, "utf8"),
+            );
+            const nextCount =
+              Number(pairedByAccount.get(accountId) || 0)
+              + (Array.isArray(data.allowFrom) ? data.allowFrom.length : 0);
+            pairedByAccount.set(accountId, nextCount);
+          }
         }
       } catch {}
       for (const [accountId, accountConfig] of accountEntries) {
+        if (ch === "whatsapp") continue;
         const inlineAllowFrom = accountConfig?.allowFrom;
         if (!Array.isArray(inlineAllowFrom)) continue;
         const normalizedAccountId = normalizeChannelAccountId(accountId);
@@ -432,6 +461,20 @@ const getChannelStatus = () => {
           Number(pairedByAccount.get(normalizedAccountId) || 0) + inlineAllowFrom.length;
         pairedByAccount.set(normalizedAccountId, nextCount);
       }
+      if (ch === "whatsapp") {
+        for (const [accountId, accountConfig] of accountEntries) {
+          const normalizedAccountId = normalizeChannelAccountId(accountId);
+          if (Number(pairedByAccount.get(normalizedAccountId) || 0) > 0) continue;
+          if (
+            hasImplicitWhatsAppSelfPairing({
+              accountId: normalizedAccountId,
+              accountConfig,
+            })
+          ) {
+            pairedByAccount.set(normalizedAccountId, 1);
+          }
+        }
+      }
       const accounts = Object.fromEntries(
         Array.from(pairedByAccount.entries()).map(([accountId, paired]) => [
           accountId,

package/lib/server/onboarding/import/secret-detector.js

@@ -311,6 +311,15 @@ const extractPreFillValues = ({ fs, baseDir, configFiles = [] }) => {
       if (channels.discord?.token && !isAlreadyEnvRef(channels.discord.token)) {
         preFill.DISCORD_BOT_TOKEN = channels.discord.token;
       }
+      const whatsAppAllowFrom = Array.isArray(channels.whatsapp?.allowFrom)
+        ? channels.whatsapp.allowFrom
+        : [];
+      const whatsAppOwner = whatsAppAllowFrom.find(
+        (v) => v && !isAlreadyEnvRef(String(v)),
+      );
+      if (whatsAppOwner) {
+        preFill.WHATSAPP_OWNER_NUMBER = String(whatsAppOwner);
+      }
 
       const braveKey = cfg.tools?.web?.search?.apiKey;
       if (braveKey && !isAlreadyEnvRef(braveKey)) {

package/lib/server/onboarding/openclaw.js

@@ -198,6 +198,19 @@ const applyFreshOnboardingChannels = ({ cfg, varMap }) => {
     ensurePluginAllowed({ cfg, pluginKey: "slack" });
     console.log("[onboard] Slack configured");
   }
+  if (varMap.WHATSAPP_OWNER_NUMBER) {
+    cfg.channels.whatsapp = {
+      enabled: true,
+      allowFrom: [varMap.WHATSAPP_OWNER_NUMBER],
+      groupAllowFrom: [varMap.WHATSAPP_OWNER_NUMBER],
+      dmPolicy: "allowlist",
+      groupPolicy: "allowlist",
+      selfChatMode: true,
+    };
+    cfg.plugins.entries.whatsapp = { enabled: true };
+    ensurePluginAllowed({ cfg, pluginKey: "whatsapp" });
+    console.log("[onboard] WhatsApp configured");
+  }
   ensureUsageTrackerPluginEntry(cfg);
 };
 
@@ -280,6 +293,32 @@ const writeManagedImportOpenclawConfig = ({ fs, openclawDir, varMap }) => {
     ensurePluginAllowed({ cfg, pluginKey: "slack" });
   }
 
+  if (varMap.WHATSAPP_OWNER_NUMBER) {
+    const existingWhatsApp = cfg.channels.whatsapp || {};
+    const existingAllowFrom = Array.isArray(existingWhatsApp.allowFrom)
+      ? existingWhatsApp.allowFrom
+      : [];
+    const ownerRef = "${WHATSAPP_OWNER_NUMBER}";
+    cfg.channels.whatsapp = {
+      ...existingWhatsApp,
+      enabled: true,
+      allowFrom: existingAllowFrom.includes(ownerRef)
+        ? existingAllowFrom
+        : [...existingAllowFrom, ownerRef],
+      groupAllowFrom: existingAllowFrom.includes(ownerRef)
+        ? existingAllowFrom
+        : [...existingAllowFrom, ownerRef],
+      dmPolicy: "allowlist",
+      groupPolicy: "allowlist",
+      selfChatMode: true,
+    };
+    cfg.plugins.entries.whatsapp = {
+      ...(cfg.plugins.entries.whatsapp || {}),
+      enabled: true,
+    };
+    ensurePluginAllowed({ cfg, pluginKey: "whatsapp" });
+  }
+
   fs.writeFileSync(configPath, JSON.stringify(cfg, null, 2));
 };
 

package/lib/server/onboarding/validation.js

@@ -94,7 +94,7 @@ const validateOnboardingInput = ({ vars, modelKey, resolveModelProvider, hasCode
     return hasAnyAi;
   })();
   const hasGithub = !!(githubToken && githubRepoInput);
-  const hasChannel = !!(varMap.TELEGRAM_BOT_TOKEN || varMap.DISCORD_BOT_TOKEN || (varMap.SLACK_BOT_TOKEN && varMap.SLACK_APP_TOKEN));
+  const hasChannel = !!(varMap.TELEGRAM_BOT_TOKEN || varMap.DISCORD_BOT_TOKEN || (varMap.SLACK_BOT_TOKEN && varMap.SLACK_APP_TOKEN) || varMap.WHATSAPP_OWNER_NUMBER);
 
   if (!hasAi) {
     if (selectedProvider === "openai-codex") {

package/lib/server/routes/agents.js

@@ -124,6 +124,45 @@ const registerAgentRoutes = ({
     }
   });
 
+  app.post("/api/channels/accounts/login", async (req, res) => {
+    try {
+      const body = req.body || {};
+      const result = await agentsService.runChannelAccountLogin({
+        provider: body.provider,
+        accountId: body.accountId,
+      });
+      return res.json({
+        ok: true,
+        completed: !!result?.ok,
+        stdout: String(result?.stdout || ""),
+        stderr: String(result?.stderr || ""),
+        code: result?.code ?? null,
+      });
+    } catch (error) {
+      const status = String(error.message || "").includes("only supported")
+        ? 400
+        : 500;
+      return res.status(status).json({ ok: false, error: error.message });
+    }
+  });
+
+  app.get("/api/channels/accounts/login-status", (req, res) => {
+    try {
+      const provider = String(req.query?.provider || "").trim();
+      const accountId = String(req.query?.accountId || "").trim() || "default";
+      const result = agentsService.getChannelAccountLoginStatus({
+        provider,
+        accountId,
+      });
+      return res.json({ ok: true, ...result });
+    } catch (error) {
+      const status = String(error.message || "").includes("only supported")
+        ? 400
+        : 500;
+      return res.status(status).json({ ok: false, error: error.message });
+    }
+  });
+
   app.delete("/api/channels/accounts", async (req, res) => {
     try {
       const body = req.body || {};

package/lib/server/routes/pairings.js

@@ -5,7 +5,7 @@ const { buildManagedPaths } = require("../internal-files-migration");
 const { parseJsonObjectFromNoisyOutput } = require("../utils/json");
 const { quoteShellArg } = require("../utils/shell");
 
-const kAllowedPairingChannels = new Set(["telegram", "discord", "slack"]);
+const kAllowedPairingChannels = new Set(["telegram", "discord", "slack", "whatsapp"]);
 const kSafePairingArgPattern = /^[\w\-:.]+$/;
 const kDevicesListCliTimeoutMs = 5000;
 const quoteCliArg = (value) => quoteShellArg(value, { strategy: "single" });
@@ -112,7 +112,7 @@ const registerPairingRoutes = ({ app, clawCmd, isOnboarded, fsModule = fs, openc
     }
 
     const pending = [];
-    const channels = ["telegram", "discord", "slack"];
+    const channels = ["telegram", "discord", "slack", "whatsapp"];
 
     for (const ch of channels) {
       try {

package/lib/server/watchdog-notify.js

@@ -2,8 +2,10 @@ const fs = require("fs");
 const path = require("path");
 const { OPENCLAW_DIR } = require("./constants");
 const { createSlackApi } = require("./slack-api");
+const { quoteShellArg } = require("./utils/shell");
 
 const kSlackBotEnvKey = "SLACK_BOT_TOKEN";
+const kWhatsAppOwnerNumberEnvKey = "WHATSAPP_OWNER_NUMBER";
 
 const normalizeAccountId = (value) =>
   String(value || "").trim().toLowerCase() || "default";
@@ -106,6 +108,7 @@ const createWatchdogNotifier = ({
   telegramApi,
   discordApi,
   slackApi,
+  clawCmd = null,
   readEnvFile = () => [],
   createSlackApi: createSlackApiFactory = createSlackApi,
   fsImpl = fs,
@@ -116,7 +119,17 @@ const createWatchdogNotifier = ({
       telegram: { sent: 0, failed: 0, skipped: false, targets: 0 },
       discord: { sent: 0, failed: 0, skipped: false, targets: 0 },
       slack: { sent: 0, failed: 0, skipped: false, targets: 0 },
+      whatsapp: { sent: 0, failed: 0, skipped: false, targets: 0 },
     };
+    const envVars = typeof readEnvFile === "function" ? readEnvFile() : [];
+    const envMap = new Map(
+      (Array.isArray(envVars) ? envVars : [])
+        .map((entry) => [
+          String(entry?.key || "").trim(),
+          String(entry?.value || "").trim(),
+        ])
+        .filter(([key]) => key),
+    );
     const telegramTargets = getPairedIds({
       channel: "telegram",
       fsImpl,
@@ -174,17 +187,6 @@ const createWatchdogNotifier = ({
       summary.slack.skipped = true;
     } else {
       const eventType = opts.eventType || "info"; // crash, recovery, health, info
-      const envVars = typeof readEnvFile === "function" ? readEnvFile() : [];
-
-      const envMap = new Map(
-        (Array.isArray(envVars) ? envVars : [])
-          .map((entry) => [
-            String(entry?.key || "").trim(),
-            String(entry?.value || "").trim(),
-          ])
-          .filter(([key]) => key),
-      );
-
       for (const [accountId, slackTargets] of slackTargetsByAccount.entries()) {
         if (!slackTargets.length) continue;
         const envKey = deriveSlackBotEnvKey(accountId);
@@ -261,8 +263,47 @@ const createWatchdogNotifier = ({
       }
     }
 
-    const sent = summary.telegram.sent + summary.discord.sent + summary.slack.sent;
-    const failed = summary.telegram.failed + summary.discord.failed + summary.slack.failed;
+    const whatsAppOwnerNumber = String(
+      envMap.get(kWhatsAppOwnerNumberEnvKey) ||
+        process.env[kWhatsAppOwnerNumberEnvKey] ||
+        "",
+    ).trim();
+    const whatsappTargets = whatsAppOwnerNumber ? [whatsAppOwnerNumber] : [];
+    summary.whatsapp.targets = whatsappTargets.length;
+    if (!clawCmd || whatsappTargets.length === 0) {
+      summary.whatsapp.skipped = true;
+    } else {
+      for (const target of whatsappTargets) {
+        try {
+          const result = await clawCmd(
+            `message send --channel whatsapp --target ${quoteShellArg(
+              String(target || "").trim(),
+            )} --message ${quoteShellArg(String(message || ""))}`,
+            { quiet: true, timeoutMs: 30000 },
+          );
+          if (!result?.ok) {
+            throw new Error(
+              String(result?.stderr || result?.stdout || "WhatsApp send failed"),
+            );
+          }
+          summary.whatsapp.sent += 1;
+        } catch (err) {
+          summary.whatsapp.failed += 1;
+          console.error(`[watchdog] whatsapp notification failed for ${target}: ${err.message}`);
+        }
+      }
+    }
+
+    const sent =
+      summary.telegram.sent +
+      summary.discord.sent +
+      summary.slack.sent +
+      summary.whatsapp.sent;
+    const failed =
+      summary.telegram.failed +
+      summary.discord.failed +
+      summary.slack.failed +
+      summary.whatsapp.failed;
     return {
       ok: sent > 0,
       sent,