agent-messenger 2.16.0 → 2.18.0

package/src/platforms/kakaotalk/index.ts

@@ -13,8 +13,11 @@ export type {
   KakaoEmoticonKind,
   KakaoEmoticonMessageType,
   KakaoFileExtra,
+  KakaoLoginResult,
+  KakaoMarkReadResult,
   KakaoMember,
   KakaoMessage,
+  KakaoMultiPhotoExtra,
   KakaoPhotoExtra,
   KakaoProfile,
   KakaoSendResult,
@@ -33,6 +36,7 @@ export {
   KakaoAccountCredentialsSchema,
   KakaoChatSchema,
   KakaoConfigSchema,
+  KakaoMarkReadResultSchema,
   KakaoMemberSchema,
   KakaoMessageSchema,
   KakaoProfileSchema,
@@ -42,6 +46,8 @@ export {
   KakaoTalkPushMessageEventSchema,
   KakaoTalkPushReadEventSchema,
 } from './types'
+export { attemptLogin, generateDeviceUuid, loginFlow, registerDevice, requestPasscode } from './auth/kakao-login'
+export type { LoginCredentials } from './auth/kakao-login'
 export { sha1Hex } from './media-upload'
 export { detectImageDimensions } from './image-meta'
 export type { AttachmentInput, AttachmentPlan, ResolvedAttachment, SingleAttachmentKind } from './attachment-router'

package/src/platforms/line/commands/auth.ts

@@ -1,6 +1,7 @@
 import { Command } from 'commander'
 
 import { handleError } from '@/shared/utils/error-handler'
+import { isInteractive } from '@/shared/utils/interactive'
 import { formatOutput } from '@/shared/utils/output'
 import { displayQR } from '@/shared/utils/qr'
 import { info } from '@/shared/utils/stderr'
@@ -9,10 +10,6 @@ import { LineClient } from '../client'
 import { LineCredentialManager } from '../credential-manager'
 import type { LineDevice } from '../types'
 
-function isInteractiveSession(): boolean {
-  return Boolean(process.stdin.isTTY && process.stdout.isTTY)
-}
-
 function getDefaultDevice(): LineDevice {
   return 'ANDROIDSECONDARY'
 }
@@ -28,7 +25,7 @@ async function loginAction(options: {
     const credManager = new LineCredentialManager()
     const client = new LineClient(credManager)
     const device: LineDevice = (options.device as LineDevice | undefined) ?? getDefaultDevice()
-    const interactive = isInteractiveSession()
+    const interactive = isInteractive()
 
     if (options.token) {
       const now = new Date().toISOString()

package/src/platforms/slackbot/types.ts

@@ -334,6 +334,18 @@ export interface SlackSocketModeMessageEvent {
   event_ts?: string
   edited?: { user: string; ts: string }
   hidden?: boolean
+  // Set on every reply within a thread; identifies the author of the message
+  // the thread is rooted at. Useful for deciding whether a reply targets the
+  // bot, another human, or an unknown parent.
+  parent_user_id?: string
+  // Client-generated UUID on user-authored messages, stable across Slack-side
+  // resends of the same gesture. Primary dedupe key for the "one user action
+  // surfaces as two events" case.
+  client_msg_id?: string
+  // Attachments delivered inline on the same message event. Slack does not
+  // fire a separate file_share envelope for messages we receive over Socket
+  // Mode, so consumers reading attachments off `message` events look here.
+  files?: SlackFile[]
   [key: string]: unknown
 }
 
@@ -345,6 +357,10 @@ export interface SlackSocketModeAppMentionEvent {
   ts: string
   thread_ts?: string
   event_ts?: string
+  // `app_mention` envelopes do not always carry `client_msg_id`, but typing
+  // it keeps the promotion to a message-shaped event lossless if Slack ever
+  // starts sending it on this event.
+  client_msg_id?: string
   [key: string]: unknown
 }
 

package/src/platforms/telegram/commands/auth.ts

@@ -2,6 +2,7 @@ import { Writable } from 'node:stream'
 
 import { Command } from 'commander'
 
+import { isInteractive } from '@/shared/utils/interactive'
 import { info, error as stderrError } from '@/shared/utils/stderr'
 
 import { handleError } from '../../../shared/utils/error-handler'
@@ -57,10 +58,6 @@ function parseApiId(apiId?: string): number | undefined {
   return parsed
 }
 
-function isInteractiveSession(): boolean {
-  return Boolean(process.stdin.isTTY && process.stdout.isTTY)
-}
-
 async function promptLine(message: string): Promise<string | undefined> {
   const { createInterface } = await import('node:readline/promises')
   const rl = createInterface({
@@ -107,7 +104,7 @@ async function promptHidden(message: string): Promise<string | undefined> {
 }
 
 function shouldUseInteractivePrompts(): boolean {
-  return isInteractiveSession()
+  return isInteractive()
 }
 
 async function fillMissingBootstrappingInputs(
@@ -168,7 +165,7 @@ async function fillMissingBootstrappingInputs(
   }
 
   if (!resolved.apiHash && !existing?.api_hash) {
-    if (!isInteractiveSession()) {
+    if (!isInteractive()) {
       console.log(formatOutput({ error: 'missing_credentials', message: 'Provide --api-hash flag.' }, options.pretty))
       process.exit(1)
     }
@@ -176,7 +173,7 @@ async function fillMissingBootstrappingInputs(
   }
 
   if (!existing && !resolved.phone) {
-    if (!isInteractiveSession()) {
+    if (!isInteractive()) {
       console.log(formatOutput({ next_action: 'provide_phone', message: 'Provide --phone flag.' }, options.pretty))
       process.exit(0)
     }
@@ -288,7 +285,7 @@ export async function promptNextLoginInput(
   result: { next_action?: string },
   options: AuthOptions,
 ): Promise<AuthOptions | null> {
-  if (!isInteractiveSession() && result.next_action) {
+  if (!isInteractive() && result.next_action) {
     return null
   }
 

package/src/platforms/webex/commands/auth.test.ts

@@ -12,6 +12,8 @@ describe('auth commands', () => {
   let consoleErrorSpy: ReturnType<typeof spyOn>
   let execSpy: ReturnType<typeof spyOn>
   const protoSpies: ReturnType<typeof spyOn>[] = []
+  let originalStdinTTY: boolean | undefined
+  let originalStdoutTTY: boolean | undefined
   const mockPerson = {
     id: 'person-1',
     displayName: 'Test User',
@@ -27,10 +29,19 @@ describe('auth commands', () => {
     return s
   }
 
+  function setTTY(value: boolean | undefined): void {
+    Object.defineProperty(process.stdin, 'isTTY', { value, writable: true, configurable: true })
+    Object.defineProperty(process.stdout, 'isTTY', { value, writable: true, configurable: true })
+  }
+
   beforeEach(() => {
     consoleSpy = spyOn(console, 'log').mockImplementation(() => {})
     consoleErrorSpy = spyOn(console, 'error').mockImplementation(() => {})
     execSpy = spyOn(childProcess, 'exec').mockImplementation((() => {}) as any)
+    originalStdinTTY = process.stdin.isTTY
+    originalStdoutTTY = process.stdout.isTTY
+    // Default to interactive TTY for existing tests; non-interactive tests override.
+    setTTY(true)
   })
 
   afterEach(() => {
@@ -39,6 +50,12 @@ describe('auth commands', () => {
     execSpy.mockRestore()
     for (const s of protoSpies) s.mockRestore()
     protoSpies.length = 0
+    setTTY(originalStdinTTY)
+    Object.defineProperty(process.stdout, 'isTTY', {
+      value: originalStdoutTTY,
+      writable: true,
+      configurable: true,
+    })
   })
 
   describe('loginAction with --token', () => {
@@ -151,6 +168,143 @@ describe('auth commands', () => {
     })
   })
 
+  describe('loginAction non-interactive (no TTY)', () => {
+    const device = {
+      deviceCode: 'webex-device-code-abc123',
+      userCode: 'USER-CODE',
+      verificationUri: 'https://webex.com/verify',
+      verificationUriComplete: 'https://webex.com/verify?user_code=USER-CODE',
+      expiresIn: 300,
+      interval: 1,
+    }
+
+    it('first call (no --device-code): requests device code and returns it in JSON', async () => {
+      setTTY(false)
+      const requestSpy = protoSpy(WebexCredentialManager.prototype, 'requestDeviceCode').mockResolvedValue(device)
+      const exchangeSpy = protoSpy(WebexCredentialManager.prototype, 'exchangeDeviceCode')
+      const pollSpy = protoSpy(WebexCredentialManager.prototype, 'pollDeviceToken')
+      const exitSpy = protoSpy(process, 'exit').mockImplementation(() => undefined as never)
+
+      await loginAction({ pretty: false })
+
+      expect(requestSpy).toHaveBeenCalled()
+      expect(exchangeSpy).not.toHaveBeenCalled()
+      expect(pollSpy).not.toHaveBeenCalled()
+
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.next_action).toBe('authorize_in_browser')
+      expect(output.verification_uri).toBe(device.verificationUri)
+      expect(output.verification_uri_complete).toBe(device.verificationUriComplete)
+      expect(output.user_code).toBe(device.userCode)
+      expect(output.device_code).toBe(device.deviceCode)
+      expect(output.message).toContain('--device-code')
+      expect(exitSpy).toHaveBeenCalledWith(0)
+    })
+
+    it('does not open a browser on the first non-interactive call', async () => {
+      setTTY(false)
+      protoSpy(WebexCredentialManager.prototype, 'requestDeviceCode').mockResolvedValue(device)
+      protoSpy(process, 'exit').mockImplementation(() => undefined as never)
+
+      await loginAction({ pretty: false })
+
+      expect(execSpy).not.toHaveBeenCalled()
+    })
+
+    it('second call (--device-code, pending): returns still_pending and echoes back the device_code', async () => {
+      setTTY(false)
+      protoSpy(WebexCredentialManager.prototype, 'exchangeDeviceCode').mockResolvedValue({ status: 'pending' })
+      const requestSpy = protoSpy(WebexCredentialManager.prototype, 'requestDeviceCode')
+      const exitSpy = protoSpy(process, 'exit').mockImplementation(() => undefined as never)
+
+      await loginAction({ deviceCode: 'webex-device-code-abc123', pretty: false })
+
+      expect(requestSpy).not.toHaveBeenCalled()
+
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.next_action).toBe('still_pending')
+      expect(output.device_code).toBe('webex-device-code-abc123')
+      expect(exitSpy).toHaveBeenCalledWith(0)
+    })
+
+    it('second call (--device-code, success): saves token and returns authenticated=true', async () => {
+      setTTY(false)
+      const exchangeSpy = protoSpy(WebexCredentialManager.prototype, 'exchangeDeviceCode').mockResolvedValue({
+        status: 'success',
+        config: { accessToken: 'at', refreshToken: 'rt', expiresAt: Date.now() + 3_600_000 },
+      })
+      const saveConfigSpy = protoSpy(WebexCredentialManager.prototype, 'saveConfig').mockResolvedValue(undefined)
+      protoSpy(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      protoSpy(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+
+      await loginAction({
+        deviceCode: 'webex-device-code-abc123',
+        clientId: 'my-id',
+        clientSecret: 'my-secret',
+        pretty: false,
+      })
+
+      expect(exchangeSpy).toHaveBeenCalledWith('webex-device-code-abc123', 'my-id', 'my-secret')
+      const savedConfig = saveConfigSpy.mock.calls[0][0] as { tokenType: string; clientId: string }
+      expect(savedConfig.tokenType).toBe('oauth')
+      expect(savedConfig.clientId).toBe('my-id')
+
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.authenticated).toBe(true)
+      expect(output.user.displayName).toBe('Test User')
+    })
+
+    it('second call (--device-code, expired): returns next_action=restart, exits 1', async () => {
+      setTTY(false)
+      protoSpy(WebexCredentialManager.prototype, 'exchangeDeviceCode').mockResolvedValue({ status: 'expired' })
+      const exitSpy = protoSpy(process, 'exit').mockImplementation(() => undefined as never)
+
+      await loginAction({ deviceCode: 'webex-device-code-abc123', pretty: false })
+
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.next_action).toBe('restart')
+      expect(output.error).toContain('expired')
+      expect(exitSpy).toHaveBeenCalledWith(1)
+    })
+
+    it('--device-code works even with a TTY (interactive sessions can also resume)', async () => {
+      setTTY(true)
+      const exchangeSpy = protoSpy(WebexCredentialManager.prototype, 'exchangeDeviceCode').mockResolvedValue({
+        status: 'success',
+        config: { accessToken: 'at', refreshToken: 'rt', expiresAt: Date.now() + 3_600_000 },
+      })
+      const requestSpy = protoSpy(WebexCredentialManager.prototype, 'requestDeviceCode')
+      const pollSpy = protoSpy(WebexCredentialManager.prototype, 'pollDeviceToken')
+      protoSpy(WebexCredentialManager.prototype, 'saveConfig').mockResolvedValue(undefined)
+      protoSpy(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      protoSpy(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+
+      await loginAction({ deviceCode: 'webex-device-code-abc123', pretty: false })
+
+      expect(exchangeSpy).toHaveBeenCalled()
+      expect(requestSpy).not.toHaveBeenCalled()
+      expect(pollSpy).not.toHaveBeenCalled()
+    })
+
+    it('still allows --token login when non-interactive (bot/PAT path)', async () => {
+      setTTY(false)
+      protoSpy(WebexClient.prototype, 'login').mockResolvedValue(new WebexClient())
+      protoSpy(WebexClient.prototype, 'testAuth').mockResolvedValue(mockPerson)
+      protoSpy(WebexCredentialManager.prototype, 'saveConfig').mockResolvedValue(undefined)
+
+      await loginAction({ token: 'bot-token-123', pretty: false })
+
+      const lastCall = consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0] as string
+      const output = JSON.parse(lastCall)
+      expect(output.authenticated).toBe(true)
+      expect(output.user.displayName).toBe('Test User')
+    })
+  })
+
   describe('statusAction', () => {
     it('shows authenticated status when token is valid', async () => {
       protoSpy(WebexCredentialManager.prototype, 'loadConfig').mockResolvedValue(null)

package/src/platforms/webex/commands/auth.ts

@@ -2,6 +2,7 @@ import { Command } from 'commander'
 
 import { collectBrowserProfileOption } from '@/shared/chromium'
 import { handleError } from '@/shared/utils/error-handler'
+import { isInteractive } from '@/shared/utils/interactive'
 import { formatOutput } from '@/shared/utils/output'
 import { info, debug } from '@/shared/utils/stderr'
 
@@ -43,12 +44,15 @@ async function resolveClientCredentials(options: {
   return getWebexAppCredentials()
 }
 
-export async function loginAction(options: {
+interface LoginOptions {
   token?: string
+  deviceCode?: string
   clientId?: string
   clientSecret?: string
   pretty?: boolean
-}): Promise<void> {
+}
+
+export async function loginAction(options: LoginOptions): Promise<void> {
   try {
     const credManager = new WebexCredentialManager()
 
@@ -73,6 +77,16 @@ export async function loginAction(options: {
       return
     }
 
+    if (options.deviceCode) {
+      await finishDeviceGrant(credManager, options)
+      return
+    }
+
+    if (!isInteractive()) {
+      await startNonInteractiveDeviceGrant(credManager, options)
+      return
+    }
+
     const { clientId, clientSecret } = await resolveClientCredentials(options)
 
     const device = await credManager.requestDeviceCode(clientId)
@@ -110,6 +124,81 @@ export async function loginAction(options: {
   }
 }
 
+async function startNonInteractiveDeviceGrant(
+  credManager: WebexCredentialManager,
+  options: LoginOptions,
+): Promise<void> {
+  const { clientId } = await resolveClientCredentials(options)
+  const device = await credManager.requestDeviceCode(clientId)
+  const expiresAt = Date.now() + device.expiresIn * 1000
+
+  console.log(
+    formatOutput(
+      {
+        next_action: 'authorize_in_browser',
+        verification_uri: device.verificationUri,
+        verification_uri_complete: device.verificationUriComplete,
+        user_code: device.userCode,
+        device_code: device.deviceCode,
+        expires_at: expiresAt,
+        message:
+          'Show the user `verification_uri` and `user_code` (or just `verification_uri_complete`) and ask them to approve access in any browser. After they approve, run `agent-webex auth login --device-code <device_code>` to retrieve the token. The device code expires at `expires_at`. If you passed `--client-id`/`--client-secret`, pass them again on the second call.',
+      },
+      options.pretty,
+    ),
+  )
+  process.exit(0)
+}
+
+async function finishDeviceGrant(credManager: WebexCredentialManager, options: LoginOptions): Promise<void> {
+  const { clientId, clientSecret } = await resolveClientCredentials(options)
+  const result = await credManager.exchangeDeviceCode(options.deviceCode!, clientId, clientSecret)
+
+  if (result.status === 'success') {
+    await credManager.saveConfig({ ...result.config, clientId, clientSecret, tokenType: 'oauth' })
+    const client = await new WebexClient().login({ token: result.config.accessToken })
+    const person = await client.testAuth()
+    console.log(
+      formatOutput(
+        {
+          authenticated: true,
+          user: { id: person.id, displayName: person.displayName, emails: person.emails },
+        },
+        options.pretty,
+      ),
+    )
+    return
+  }
+
+  if (result.status === 'pending') {
+    console.log(
+      formatOutput(
+        {
+          next_action: 'still_pending',
+          device_code: options.deviceCode,
+          message:
+            'User has not approved access yet. Confirm with the user that they completed authorization in the browser, then run `agent-webex auth login --device-code <device_code>` again to retry.',
+        },
+        options.pretty,
+      ),
+    )
+    process.exit(0)
+    return
+  }
+
+  console.log(
+    formatOutput(
+      {
+        next_action: 'restart',
+        error: result.status === 'expired' ? 'Device code expired.' : `Device code exchange failed: ${result.message}`,
+        message: 'This device code is no longer valid. Run `agent-webex auth login` to start a new login.',
+      },
+      options.pretty,
+    ),
+  )
+  process.exit(1)
+}
+
 export async function statusAction(options: { pretty?: boolean }): Promise<void> {
   try {
     const credManager = new WebexCredentialManager()
@@ -276,8 +365,18 @@ export const authCommand = new Command('auth')
   .description('Authentication commands')
   .addCommand(
     new Command('login')
-      .description('Login to Webex')
+      .description(
+        'Log in to Webex. In a TTY this opens a browser and waits for approval. ' +
+          'When non-interactive (AI agents, CI/CD): first call starts the OAuth Device Grant flow ' +
+          'and returns a verification URL, user code, and device code. After the user approves in a ' +
+          'browser, call again with --device-code to exchange it for a token. Pass --token for ' +
+          'fully unattended auth.',
+      )
       .option('--token <token>', 'Use a bot token or personal access token directly')
+      .option(
+        '--device-code <code>',
+        'OAuth Device Grant code returned from a previous non-interactive `auth login` call',
+      )
       .option('--client-id <id>', 'Webex Integration client ID')
       .option('--client-secret <secret>', 'Webex Integration client secret')
       .option('--pretty', 'Pretty print JSON output')

package/src/platforms/webex/credential-manager.test.ts

@@ -373,4 +373,82 @@ describe('WebexCredentialManager', () => {
     expect(loaded?.clientId).toBeUndefined()
     expect(loaded?.clientSecret).toBeUndefined()
   })
+
+  describe('exchangeDeviceCode', () => {
+    let originalFetch: typeof globalThis.fetch
+
+    beforeEach(() => {
+      originalFetch = globalThis.fetch
+    })
+
+    afterEach(() => {
+      globalThis.fetch = originalFetch
+    })
+
+    it('returns success with config on 200', async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(
+          new Response(JSON.stringify({ access_token: 'at', refresh_token: 'rt', expires_in: 3600 }), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' },
+          }),
+        ),
+      ) as unknown as typeof globalThis.fetch
+
+      const result = await credManager.exchangeDeviceCode('dc', 'cid', 'csec')
+      expect(result.status).toBe('success')
+      if (result.status === 'success') {
+        expect(result.config.accessToken).toBe('at')
+        expect(result.config.refreshToken).toBe('rt')
+      }
+    })
+
+    it('returns pending on 428', async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(new Response('', { status: 428 })),
+      ) as unknown as typeof globalThis.fetch
+      const result = await credManager.exchangeDeviceCode('dc', 'cid', 'csec')
+      expect(result.status).toBe('pending')
+    })
+
+    it('returns pending when error description includes authorization_pending', async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(
+          new Response(JSON.stringify({ errors: [{ description: 'authorization_pending' }] }), {
+            status: 400,
+            headers: { 'Content-Type': 'application/json' },
+          }),
+        ),
+      ) as unknown as typeof globalThis.fetch
+      const result = await credManager.exchangeDeviceCode('dc', 'cid', 'csec')
+      expect(result.status).toBe('pending')
+    })
+
+    it('returns expired when error description signals expiry', async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(
+          new Response(JSON.stringify({ errors: [{ description: 'expired_token' }] }), {
+            status: 400,
+            headers: { 'Content-Type': 'application/json' },
+          }),
+        ),
+      ) as unknown as typeof globalThis.fetch
+      const result = await credManager.exchangeDeviceCode('dc', 'cid', 'csec')
+      expect(result.status).toBe('expired')
+    })
+
+    it('returns error on other failures', async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(
+          new Response(JSON.stringify({ errors: [{ description: 'access_denied' }] }), {
+            status: 403,
+            headers: { 'Content-Type': 'application/json' },
+          }),
+        ),
+      ) as unknown as typeof globalThis.fetch
+      const result = await credManager.exchangeDeviceCode('dc', 'cid', 'csec')
+      expect(result.status).toBe('error')
+      if (result.status === 'error') expect(result.message).toContain('access_denied')
+    })
+  })
 })

package/src/platforms/webex/credential-manager.ts

@@ -212,6 +212,65 @@ export class WebexCredentialManager {
     throw new Error('Device authorization timed out')
   }
 
+  async exchangeDeviceCode(
+    deviceCode: string,
+    clientId: string,
+    clientSecret?: string,
+  ): Promise<
+    | { status: 'success'; config: Pick<WebexConfig, 'accessToken' | 'refreshToken' | 'expiresAt'> }
+    | { status: 'pending' }
+    | { status: 'expired' }
+    | { status: 'error'; message: string }
+  > {
+    const basicAuth = btoa(`${clientId}:${clientSecret ?? ''}`)
+
+    const response = await fetch(OAUTH_DEVICE_TOKEN_URL, {
+      method: 'POST',
+      headers: {
+        Authorization: `Basic ${basicAuth}`,
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: new URLSearchParams({
+        grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+        device_code: deviceCode,
+        client_id: clientId,
+      }),
+    })
+
+    if (response.ok) {
+      const data = (await response.json()) as {
+        access_token: string
+        refresh_token: string
+        expires_in: number
+      }
+      return {
+        status: 'success',
+        config: {
+          accessToken: data.access_token,
+          refreshToken: data.refresh_token,
+          expiresAt: Date.now() + data.expires_in * 1000,
+        },
+      }
+    }
+
+    if (response.status === 428) return { status: 'pending' }
+
+    const errorBody = (await response.json().catch(() => null)) as {
+      errors?: Array<{ description: string }>
+    } | null
+    const errorDesc = errorBody?.errors?.[0]?.description ?? ''
+
+    if (errorDesc.includes('authorization_pending') || errorDesc.includes('slow_down')) {
+      return { status: 'pending' }
+    }
+
+    if (errorDesc.includes('expired_token') || errorDesc.includes('expired')) {
+      return { status: 'expired' }
+    }
+
+    return { status: 'error', message: errorDesc || `http_${response.status}` }
+  }
+
   async clearCredentials(): Promise<void> {
     if (existsSync(this.credentialsPath)) {
       await rm(this.credentialsPath)

package/src/platforms/whatsapp/commands/auth.ts

@@ -3,6 +3,7 @@ import { rm } from 'node:fs/promises'
 import { Command } from 'commander'
 
 import { handleError } from '@/shared/utils/error-handler'
+import { isInteractive } from '@/shared/utils/interactive'
 import { formatOutput } from '@/shared/utils/output'
 import { displayQR } from '@/shared/utils/qr'
 import { info } from '@/shared/utils/stderr'
@@ -22,10 +23,6 @@ interface StatusOptions {
   pretty?: boolean
 }
 
-function isInteractiveSession(): boolean {
-  return Boolean(process.stdin.isTTY && process.stdout.isTTY)
-}
-
 async function loginWithPairingCode(options: LoginOptions & { phone: string }): Promise<void> {
   const manager = new WhatsAppCredentialManager()
   const accountId = createAccountId(options.phone)
@@ -95,7 +92,7 @@ async function loginWithQR(options: LoginOptions): Promise<void> {
   await rm(existingPaths.auth_dir, { recursive: true, force: true })
   const paths = await manager.ensureAccountPaths(accountId)
   const client = await new WhatsAppClient().login({ authDir: paths.auth_dir })
-  const interactive = isInteractiveSession()
+  const interactive = isInteractive()
 
   let waitForAuth: () => Promise<void>
   let browserOpened = false