alvin-bot 4.8.2 → 4.8.4

package/CHANGELOG.md

@@ -2,6 +2,110 @@
 
 All notable changes to Alvin Bot are documented here.
 
+## [4.8.4] — 2026-04-11
+
+### 🐛 WhatsApp self-chat detection for the new `@lid` identity format
+
+Ali reported that the WhatsApp bot wasn't responding to "Hi" in his self-chat even after enabling both `Self-chat only` and `Reply to private messages` in the Web UI. Debug logging showed the bot receiving the message correctly and detecting `fromMe=true`, but then hitting the "skip: own message in group/DM" branch because `isSelfChat()` was returning `false`.
+
+**Root cause**: WhatsApp has rolled out a new privacy feature that replaces phone-number JIDs in self-chats (and some groups) with a **LID — Linked Identity**. Instead of `4917661236656@s.whatsapp.net`, messages in a self-chat now arrive with `jid = "162805718225143@lid"` — a completely opaque identifier that looks nothing like the phone number.
+
+Our `isSelfChat(jid)` compared the incoming JID against `sock.user.id` (the traditional phone-number format `4917661236656:22@s.whatsapp.net`), stripped the device suffix, and compared the bare numbers. But the LID has a completely different number (`162805718225143`), so the match failed and every self-chat message fell through to the "own message in DM" skip branch.
+
+**Fix**: `isSelfChat()` now checks **both** identity formats:
+
+- **Traditional phone JID** via `sock.user.id` (legacy path, still matches on older WhatsApp clients)
+- **LID** via `sock.user.lid` (baileys ≥ 6.7 exposes this) with `@lid` suffix matching
+
+Either match wins. The check short-circuits on groups (`@g.us`) so the new code never misclassifies a group as self-chat.
+
+Caught on the Mac mini production bot after midnight — WhatsApp connected, QR scanned, user sending "Hi", bot silent. Debug logging revealed the actual incoming JID (`162805718225143@lid`) which immediately pointed at the LID format as the culprit.
+
+### 🧹 Dual-bot session collision (root cause of WhatsApp reconnect flapping)
+
+While debugging the `@lid` issue above, the test revealed a deeper problem: two `node dist/index.js` processes were running simultaneously on the Mac mini (PID 47744 from an earlier `launchctl kickstart` that didn't cleanly kill the old instance, plus PID 49153 from a new `launchd install`). Both processes were trying to hold the same WhatsApp Multi-Device session at the same time, causing:
+
+- WhatsApp `Reconnecting in 3s` every few seconds (each process would claim the session, the other would be kicked)
+- Baileys `Closing session` dumps to the log
+- Signal session state corruption → "Warte auf diese Nachricht" (waiting-to-decrypt) messages appearing spontaneously in the self-chat
+
+**Short-term workaround**: explicit `pkill -9 -f 'node.*alvin-bot/dist/index'` before `launchctl kickstart` to ensure only one process is running.
+
+**Session wipe procedure** (when the corruption is already baked in):
+
+1. `launchctl unload -w ~/Library/LaunchAgents/com.alvinbot.app.plist`
+2. `pkill -9 -f "node.*alvin-bot/dist/index"`
+3. `rm -rf ~/.alvin-bot/data/whatsapp-auth`
+4. Remove the zombie linked-device from your phone (iPhone Settings → Linked Devices → remove all "Alvin Bot" entries)
+5. `launchctl load -w ~/Library/LaunchAgents/com.alvinbot.app.plist`
+6. Re-scan the QR code
+
+A future release should add a proper `alvin-bot wa reset` command to automate this and a startup check that refuses to boot if another instance is already running.
+
+## [4.8.3] — 2026-04-11
+
+### 🐛 Critical: Claude SDK heartbeat false-positive "unavailable"
+
+Caught in production on the Mac mini: the heartbeat monitor was marking `claude-sdk` as unhealthy every 5 minutes, triggering failover to Ollama, even though `claude -p "ping"` from the same user's terminal worked perfectly. After 9 consecutive heartbeat failures, the main Telegram bot was stuck serving responses via Gemma 4 instead of Claude Max.
+
+**Root cause**: `isAvailable()` in the Claude SDK provider used `claude -p "ping" --output-format text` as an auth probe. That command spawns a full SDK query, takes **6-10 seconds warm** (longer on cold starts), and my timeout was only **10 seconds**. Under load or on cold starts it crossed the timeout threshold, was killed by Node, and execFileAsync rejected → caught by the outer try/catch → cached as "unavailable" for 60 seconds → next heartbeat re-probed and failed the same way.
+
+**Fix**: Replaced the `-p "ping"` probe with `claude auth status`. This is a purpose-built Claude CLI command that:
+
+- Completes in ~150 ms (vs 6-10 s)
+- Returns structured JSON with an explicit `loggedIn` boolean
+- Consumes zero tokens
+- Doesn't touch the SDK or model init path
+
+The new code parses the JSON and returns `true` only when `loggedIn === true`. A fallback path keeps the old `-p "ping"` sniff for older Claude CLI versions that don't support `auth status` as JSON.
+
+Before/after the fix:
+
+```
+Before: 6800ms warm probe, 10s timeout, consumed tokens,
+        failed under load → 9 consecutive false-positive "unavailable"
+After:  150ms probe, 5s timeout, no tokens, structured JSON check
+```
+
+### ✨ New CLI command: `alvin-bot status`
+
+Offline-friendly status command — no running bot required. Prints:
+
+- **Version**: `Alvin Bot vX.Y.Z` + Node version + platform/arch
+- **Data dir**: path + whether `.env` exists + configured `PRIMARY_PROVIDER`
+- **Runtime state**:
+  - On macOS: LaunchAgent plist installed? PID from `launchctl list`?
+  - On Linux/Windows: `pm2 jlist` check for the `alvin-bot` process
+- **Live info** (when the bot is running with the web UI on :3100): Uptime, active model
+
+Answers Ali's request: *"alvin-bot status im Terminal soll auch die Version anzeigen"*. The command prominently features the version at the top so it's the first thing you see.
+
+Example:
+
+```
+🤖 Alvin Bot v4.8.3
+   Node v25.9.0 · darwin/arm64
+
+📁 Data dir:  /Users/alvin_de/.alvin-bot
+   .env:      ✅ present
+   Provider:  claude-sdk
+
+🚀 LaunchAgent: installed
+   Running:    ✅ yes (PID 43589)
+   Uptime:     0h 55m
+   Model:      Gemma 4 E4B (Ollama)
+```
+
+### Tests
+
+2 new test cases in `test/claude-sdk-provider.test.ts` cover the new flow:
+
+- `claude auth status` returning `{loggedIn: true}` → `isAvailable()` returns `true`
+- `claude auth status` returning `{loggedIn: false}` → `isAvailable()` returns `false`
+- Older CLI where `auth status` throws → fall back to `-p "ping"` path (preserves old behavior)
+
+87 tests passing (up from 85).
+
 ## [4.8.2] — 2026-04-11
 
 ### 🐛 Offline setup: wait long enough for Ollama's first-run init

package/bin/cli.js

@@ -1847,6 +1847,86 @@ switch (cmd) {
   case "-v":
     version();
     break;
+  case "status": {
+    // CLI `alvin-bot status` — quick, offline-friendly status without
+    // requiring a running bot. Prints version, node info, data dir,
+    // configured provider, and — on macOS — LaunchAgent state.
+    try {
+      const pkg = JSON.parse(
+        readFileSync(resolve(import.meta.dirname || ".", "../package.json"), "utf-8"),
+      );
+      console.log(`\n🤖 Alvin Bot v${pkg.version}`);
+    } catch {
+      console.log("\n🤖 Alvin Bot (version unknown)");
+    }
+    console.log(`   Node ${process.version} · ${process.platform}/${process.arch}`);
+    console.log("");
+
+    // Data dir + .env
+    const envPath = join(DATA_DIR, ".env");
+    console.log(`📁 Data dir:  ${DATA_DIR}`);
+    console.log(`   .env:      ${existsSync(envPath) ? "✅ present" : "❌ missing"}`);
+
+    // Primary provider from .env
+    if (existsSync(envPath)) {
+      try {
+        const env = readFileSync(envPath, "utf-8");
+        const match = env.match(/^PRIMARY_PROVIDER=(.+)$/m);
+        if (match) console.log(`   Provider:  ${match[1].trim()}`);
+      } catch { /* ignore */ }
+    }
+    console.log("");
+
+    // Runtime state: LaunchAgent (macOS) or pm2 (Linux/Windows)
+    if (process.platform === "darwin") {
+      const { plistPath, label } = launchdPaths();
+      const plistExists = existsSync(plistPath);
+      console.log(`🚀 LaunchAgent: ${plistExists ? "installed" : "not installed"}`);
+      if (plistExists) {
+        try {
+          const out = execSync(`launchctl list | grep ${label} || true`, { encoding: "utf-8" });
+          if (out.trim()) {
+            const parts = out.trim().split(/\s+/);
+            const pid = parts[0];
+            const isRunning = pid !== "-" && pid !== "0";
+            console.log(`   Running:    ${isRunning ? `✅ yes (PID ${pid})` : "❌ no"}`);
+          } else {
+            console.log(`   Running:    ❌ not loaded`);
+          }
+        } catch {
+          console.log(`   Running:    ❌ unknown`);
+        }
+      }
+    } else {
+      // Linux/Windows: check pm2
+      try {
+        const out = execSync("pm2 jlist 2>/dev/null || echo '[]'", { encoding: "utf-8" });
+        const procs = JSON.parse(out);
+        const alvin = procs.find?.((p) => p && p.name === "alvin-bot");
+        if (alvin) {
+          console.log(`🚀 pm2:         ${alvin.pm2_env?.status || "unknown"} (PID ${alvin.pid || "?"})`);
+        } else {
+          console.log(`🚀 pm2:         alvin-bot not managed`);
+        }
+      } catch {
+        console.log(`🚀 pm2:         not installed`);
+      }
+    }
+
+    // Try to reach the running web API for live info
+    try {
+      const apiRes = execSync("curl -fsS -m 2 http://localhost:3100/api/status 2>/dev/null", { encoding: "utf-8" });
+      const parsed = JSON.parse(apiRes);
+      const uptimeSec = Math.floor(parsed.bot?.uptime || 0);
+      const h = Math.floor(uptimeSec / 3600);
+      const m = Math.floor((uptimeSec % 3600) / 60);
+      console.log(`   Uptime:     ${h}h ${m}m`);
+      if (parsed.model?.name) console.log(`   Model:      ${parsed.model.name}`);
+    } catch { /* bot not running or web ui off — skip */ }
+
+    console.log("");
+    process.exit(0);
+  }
   default:
     console.log(`
 ${t("cli.title")}
@@ -1862,6 +1942,7 @@ ${t("cli.commands")}
   start     ${t("cli.startDesc")} (background via PM2)
   start -f  Start in foreground (for debugging)
   stop      Stop the bot
+  status    Show bot version + LaunchAgent/pm2 state (offline)
   launchd   macOS only: install/uninstall/status as launchd user agent
   version   ${t("cli.versionDesc")}
 

package/dist/platforms/whatsapp.js

@@ -536,10 +536,38 @@ export class WhatsAppAdapter {
         await this.handler(incoming);
     }
     isSelfChat(jid) {
-        const myJid = this.sock?.user?.id;
-        if (!myJid)
+        if (!this.sock?.user)
             return false;
-        return normalizeJid(jid) === normalizeJid(myJid);
+        // Groups are never self-chat regardless of which identity format
+        // the group uses.
+        if (jid.endsWith("@g.us"))
+            return false;
+        // WhatsApp has two identity formats that can appear in self-chat:
+        //   1. Traditional phone-number JID: 49176...:22@s.whatsapp.net
+        //   2. LID (linked identity): 162805718...@lid — privacy feature
+        //      added in 2024 that hides the real phone number in self-chats
+        //      and some groups. Baileys exposes this as sock.user.lid.
+        //
+        // Check both so self-chat detection works regardless of which
+        // format WhatsApp chose to tag the chat with today.
+        const user = this.sock.user;
+        const myId = user.id;
+        const myLid = user.lid;
+        // Match against phone-number JID (traditional path)
+        if (myId) {
+            const myNumber = jidToNumber(myId);
+            const jidNumber = jidToNumber(jid);
+            if (myNumber && jidNumber && myNumber === jidNumber)
+                return true;
+        }
+        // Match against LID (new privacy format)
+        if (myLid && jid.endsWith("@lid")) {
+            const myLidNum = jidToNumber(myLid);
+            const jidLidNum = jidToNumber(jid);
+            if (myLidNum && jidLidNum && myLidNum === jidLidNum)
+                return true;
+        }
+        return false;
     }
     // ── Public API: Groups ────────────────────────────────────────────────────
     async getGroups() {

package/dist/providers/claude-sdk-provider.js

@@ -237,19 +237,42 @@ export class ClaudeSDKProvider {
             if (!claudePath)
                 return cache(false);
             // Step 1: binary exists?
-            // Async execFile doesn't block the event loop. 5s timeout kills
-            // runaway probes without hanging the bot.
             await execFileAsync(claudePath, ["--version"], { timeout: 5000 });
-            // Step 2: actually authenticated? The Claude Agent SDK shares the
-            // same OAuth token as the CLI — if `claude -p` says "Not logged in",
-            // the SDK will fail too. Probe with a trivial -p call and surface
-            // the failure before the registry hands a request to a broken
-            // provider.
-            const { stdout } = await execFileAsync(claudePath, ["-p", "ping", "--output-format", "text"], { timeout: 10000 });
-            if (isAuthErrorOutput(stdout)) {
+            // Step 2: actually authenticated?
+            //
+            // We used to use `claude -p "ping" --output-format text` and sniff
+            // the stdout for "Not logged in". That spawned a full SDK query,
+            // consumed tokens, and took 5-10 seconds warm — occasionally
+            // crossing our timeout on cold starts or under load, leading to
+            // false-positive "unavailable" reports that cascaded into heartbeat
+            // failures and unnecessary fallback to Ollama.
+            //
+            // `claude auth status` is the purpose-built command: fast (~150ms),
+            // no token cost, no SDK init, returns structured JSON with an
+            // explicit `loggedIn` boolean. Much cleaner.
+            try {
+                const { stdout } = await execFileAsync(claudePath, ["auth", "status"], { timeout: 5000 });
+                const parsed = JSON.parse(stdout);
+                if (parsed.loggedIn === true) {
+                    return cache(true);
+                }
+                // loggedIn === false (or missing) — not authenticated
                 return cache(false);
             }
-            return cache(true);
+            catch (authErr) {
+                // Older claude CLI versions may not expose `auth status` as JSON,
+                // or may exit non-zero when not logged in. Fall back to the
+                // sniff-stdout approach for backward compat.
+                try {
+                    const { stdout: probeOut } = await execFileAsync(claudePath, ["-p", "ping", "--output-format", "text"], { timeout: 15000 });
+                    return cache(!isAuthErrorOutput(probeOut));
+                }
+                catch {
+                    // Both checks failed — treat as unavailable
+                    void authErr;
+                    return cache(false);
+                }
+            }
         }
         catch {
             return cache(false);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "alvin-bot",
-  "version": "4.8.2",
+  "version": "4.8.4",
   "description": "Alvin Bot — Your personal AI agent on Telegram, WhatsApp, Discord, Signal, and Web.",
   "type": "module",
   "main": "dist/index.js",

package/test/claude-sdk-provider.test.ts

@@ -25,15 +25,39 @@ describe("ClaudeSDKProvider.isAvailable", () => {
     vi.resetModules();
   });
 
-  it("returns false when `claude -p` returns 'Not logged in'", async () => {
-    // First call: --version succeeds
-    // Second call: -p 'ping' returns "Not logged in · Please run /login"
+  it("returns true when `claude auth status` reports loggedIn: true", async () => {
+    // Sequence: --version then auth status (JSON)
     execFileMock
       .mockImplementationOnce((_p, _a, _o, cb) =>
         cb(null, { stdout: "1.0.0\n", stderr: "" }),
       )
       .mockImplementationOnce((_p, _a, _o, cb) =>
-        cb(null, { stdout: "Not logged in · Please run /login", stderr: "" }),
+        cb(null, {
+          stdout: JSON.stringify({
+            loggedIn: true,
+            authMethod: "claude.ai",
+            subscriptionType: "max",
+          }),
+          stderr: "",
+        }),
+      );
+
+    const { ClaudeSDKProvider } = await import("../src/providers/claude-sdk-provider.js");
+    const p = new ClaudeSDKProvider();
+    const result = await p.isAvailable();
+    expect(result).toBe(true);
+  });
+
+  it("returns false when `claude auth status` reports loggedIn: false", async () => {
+    execFileMock
+      .mockImplementationOnce((_p, _a, _o, cb) =>
+        cb(null, { stdout: "1.0.0\n", stderr: "" }),
+      )
+      .mockImplementationOnce((_p, _a, _o, cb) =>
+        cb(null, {
+          stdout: JSON.stringify({ loggedIn: false }),
+          stderr: "",
+        }),
       );
 
     const { ClaudeSDKProvider } = await import("../src/providers/claude-sdk-provider.js");
@@ -42,11 +66,15 @@ describe("ClaudeSDKProvider.isAvailable", () => {
     expect(result).toBe(false);
   });
 
-  it("returns true when `claude -p` returns a normal response", async () => {
+  it("falls back to `claude -p` probe when `auth status` fails (older CLI)", async () => {
+    // Sequence: --version → auth status rejects → -p ping succeeds
     execFileMock
       .mockImplementationOnce((_p, _a, _o, cb) =>
         cb(null, { stdout: "1.0.0\n", stderr: "" }),
       )
+      .mockImplementationOnce((_p, _a, _o, cb) =>
+        cb(new Error("unknown command: auth status"), { stdout: "", stderr: "" }),
+      )
       .mockImplementationOnce((_p, _a, _o, cb) =>
         cb(null, { stdout: "pong", stderr: "" }),
       );
@@ -56,6 +84,24 @@ describe("ClaudeSDKProvider.isAvailable", () => {
     const result = await p.isAvailable();
     expect(result).toBe(true);
   });
+
+  it("falls back to `claude -p` probe and detects 'Not logged in' text", async () => {
+    execFileMock
+      .mockImplementationOnce((_p, _a, _o, cb) =>
+        cb(null, { stdout: "1.0.0\n", stderr: "" }),
+      )
+      .mockImplementationOnce((_p, _a, _o, cb) =>
+        cb(new Error("auth status not supported"), { stdout: "", stderr: "" }),
+      )
+      .mockImplementationOnce((_p, _a, _o, cb) =>
+        cb(null, { stdout: "Not logged in · Please run /login", stderr: "" }),
+      );
+
+    const { ClaudeSDKProvider } = await import("../src/providers/claude-sdk-provider.js");
+    const p = new ClaudeSDKProvider();
+    const result = await p.isAvailable();
+    expect(result).toBe(false);
+  });
 });
 
 describe("ClaudeSDKProvider — isAuthErrorOutput helper", () => {