Move provider to a plugin-architecture (#661)

* refactor: introduce provider plugin registry * refactor: move provider CLI to plugins * docs: add provider plugin implementation notes * refactor: shift provider runtime logic into plugins * refactor: add plugin defaults and summaries * docs: update provider plugin notes * feat(commands): add /commands slash list * Auto-reply: tidy help message * Auto-reply: fix status command lint * Tests: align google shared expectations * Auto-reply: tidy help message * Auto-reply: fix status command lint * refactor: move provider routing into plugins * test: align agent routing expectations * docs: update provider plugin notes * refactor: route replies via provider plugins * docs: note route-reply plugin hooks * refactor: extend provider plugin contract * refactor: derive provider status from plugins * refactor: unify gateway provider control * refactor: use plugin metadata in auto-reply * fix: parenthesize cron target selection * refactor: derive gateway methods from plugins * refactor: generalize provider logout * refactor: route provider logout through plugins * refactor: move WhatsApp web login methods into plugin * refactor: generalize provider log prefixes * refactor: centralize default chat provider * refactor: derive provider lists from registry * refactor: move provider reload noops into plugins * refactor: resolve web login provider via alias * refactor: derive CLI provider options from plugins * refactor: derive prompt provider list from plugins * style: apply biome lint fixes * fix: resolve provider routing edge cases * docs: update provider plugin refactor notes * fix(gateway): harden agent provider routing * refactor: move provider routing into plugins * refactor: move provider CLI to plugins * refactor: derive provider lists from registry * fix: restore slash command parsing * refactor: align provider ids for schema * refactor: unify outbound target resolution * fix: keep outbound labels stable * feat: add msteams to cron surfaces * fix: clean up lint build issues * refactor: localize chat provider alias normalization * refactor: drive gateway provider lists from plugins * docs: update provider plugin notes * style: format message-provider * fix: avoid provider registry init cycles * style: sort message-provider imports * fix: relax provider alias map typing * refactor: move provider routing into plugins * refactor: add plugin pairing/config adapters * refactor: route pairing and provider removal via plugins * refactor: align auto-reply provider typing * test: stabilize telegram media mocks * docs: update provider plugin refactor notes * refactor: pluginize outbound targets * refactor: pluginize provider selection * refactor: generalize text chunk limits * docs: update provider plugin notes * refactor: generalize group session/config * fix: normalize provider id for room detection * fix: avoid provider init in system prompt * style: formatting cleanup * refactor: normalize agent delivery targets * test: update outbound delivery labels * chore: fix lint regressions * refactor: extend provider plugin adapters * refactor: move elevated/block streaming defaults to plugins * refactor: defer outbound send deps to plugins * docs: note plugin-driven streaming/elevated defaults * refactor: centralize webchat provider constant * refactor: add provider setup adapters * refactor: delegate provider add config to plugins * docs: document plugin-driven provider add * refactor: add plugin state/binding metadata * refactor: build agent provider status from plugins * docs: note plugin-driven agent bindings * refactor: centralize internal provider constant usage * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * refactor: centralize default chat provider * refactor: centralize WhatsApp target normalization * refactor: move provider routing into plugins * refactor: normalize agent delivery targets * chore: fix lint regressions * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * feat: expand provider plugin adapters * refactor: route auto-reply via provider plugins * fix: align WhatsApp target normalization * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * refactor: centralize WhatsApp target normalization * feat: add /config chat config updates * docs: add /config get alias * feat(commands): add /commands slash list * refactor: centralize default chat provider * style: apply biome lint fixes * chore: fix lint regressions * fix: clean up whatsapp allowlist typing * style: format config command helpers * refactor: pluginize tool threading context * refactor: normalize session announce targets * docs: note new plugin threading and announce hooks * refactor: pluginize message actions * docs: update provider plugin actions notes * fix: align provider action adapters * refactor: centralize webchat checks * style: format message provider helpers * refactor: move provider onboarding into adapters * docs: note onboarding provider adapters * feat: add msteams onboarding adapter * style: organize onboarding imports * fix: normalize msteams allowFrom types * feat: add plugin text chunk limits * refactor: use plugin chunk limit fallbacks * feat: add provider mention stripping hooks * style: organize provider plugin type imports * refactor: generalize health snapshots * refactor: update macOS health snapshot handling * docs: refresh health snapshot notes * style: format health snapshot updates * refactor: drive security warnings via plugins * docs: note provider security adapter * style: format provider security adapters * refactor: centralize provider account defaults * refactor: type gateway client identity constants * chore: regen gateway protocol swift * fix: degrade health on failed provider probe * refactor: centralize pairing approve hint * docs: add plugin CLI command references * refactor: route auth and tool sends through plugins * docs: expand provider plugin hooks * refactor: document provider docking touchpoints * refactor: normalize internal provider defaults * refactor: streamline outbound delivery wiring * refactor: make provider onboarding plugin-owned * refactor: support provider-owned agent tools * refactor: move telegram draft chunking into telegram module * refactor: infer provider tool sends via extractToolSend * fix: repair plugin onboarding imports * refactor: de-dup outbound target normalization * style: tidy plugin and agent imports * refactor: data-drive provider selection line * fix: satisfy lint after provider plugin rebase * test: deflake gateway-cli coverage * style: format gateway-cli coverage test * refactor(provider-plugins): simplify provider ids * test(pairing-cli): avoid provider-specific ternary * style(macos): swiftformat HealthStore * refactor(sandbox): derive provider tool denylist * fix(sandbox): avoid plugin init in defaults * refactor(provider-plugins): centralize provider aliases * style(test): satisfy biome * refactor(protocol): v3 providers.status maps * refactor(ui): adapt to protocol v3 * refactor(macos): adapt to protocol v3 * test: update providers.status v3 fixtures * refactor(gateway): map provider runtime snapshot * test(gateway): update reload runtime snapshot * refactor(whatsapp): normalize heartbeat provider id * docs(refactor): update provider plugin notes * style: satisfy biome after rebase * fix: describe sandboxed elevated in prompt * feat(gateway): add agent image attachments + live probe * refactor: derive CLI provider options from plugins * fix(gateway): harden agent provider routing * fix(gateway): harden agent provider routing * refactor: align provider ids for schema * fix(protocol): keep agent provider string * fix(gateway): harden agent provider routing * fix(protocol): keep agent provider string * refactor: normalize agent delivery targets * refactor: support provider-owned agent tools * refactor(config): provider-keyed elevated allowFrom * style: satisfy biome * fix(gateway): appease provider narrowing * style: satisfy biome * refactor(reply): move group intro hints into plugin * fix(reply): avoid plugin registry init cycle * refactor(providers): add lightweight provider dock * refactor(gateway): use typed client id in connect * refactor(providers): document docks and avoid init cycles * refactor(providers): make media limit helper generic * fix(providers): break plugin registry import cycles * style: satisfy biome * refactor(status-all): build providers table from plugins * refactor(gateway): delegate web login to provider plugin * refactor(provider): drop web alias * refactor(provider): lazy-load monitors * style: satisfy lint/format * style: format status-all providers table * style: swiftformat gateway discovery model * test: make reload plan plugin-driven * fix: avoid token stringification in status-all * refactor: make provider IDs explicit in status * feat: warn on signal/imessage provider runtime errors * test: cover gateway provider runtime warnings in status * fix: add runtime kind to provider status issues * test: cover health degradation on probe failure * fix: keep routeReply lightweight * style: organize routeReply imports * refactor(web): extract auth-store helpers * refactor(whatsapp): lazy login imports * refactor(outbound): route replies via plugin outbound * docs: update provider plugin notes * style: format provider status issues * fix: make sandbox scope warning wrap-safe * refactor: load outbound adapters from provider plugins * docs: update provider plugin outbound notes * style(macos): fix swiftformat lint * docs: changelog for provider plugins * fix(macos): satisfy swiftformat * fix(macos): open settings via menu action * style: format after rebase * fix(macos): open Settings via menu action --------- Co-authored-by: LK <luke@kyohere.com> Co-authored-by: Luke K (pr-0f3t) <2609441+lc0rp@users.noreply.github.com> Co-authored-by: Xin <xin@imfing.com>
2026-01-11 11:45:25 +00:00
parent 23eec7d841
commit 7acd26a2fc
232 changed files with 13642 additions and 10809 deletions
--- a/src/web/auth-store.ts
+++ b/src/web/auth-store.ts
@@ -0,0 +1,188 @@
+import fsSync from "node:fs";
+import fs from "node:fs/promises";
+import path from "node:path";
+
+import { resolveOAuthDir } from "../config/paths.js";
+import { info, success } from "../globals.js";
+import { getChildLogger } from "../logging.js";
+import { DEFAULT_ACCOUNT_ID } from "../routing/session-key.js";
+import { defaultRuntime, type RuntimeEnv } from "../runtime.js";
+import type { Provider } from "../utils.js";
+import { jidToE164, resolveUserPath } from "../utils.js";
+
+export function resolveDefaultWebAuthDir(): string {
+  return path.join(resolveOAuthDir(), "whatsapp", DEFAULT_ACCOUNT_ID);
+}
+
+export const WA_WEB_AUTH_DIR = resolveDefaultWebAuthDir();
+
+export function resolveWebCredsPath(authDir: string): string {
+  return path.join(authDir, "creds.json");
+}
+
+export function resolveWebCredsBackupPath(authDir: string): string {
+  return path.join(authDir, "creds.json.bak");
+}
+
+function readCredsJsonRaw(filePath: string): string | null {
+  try {
+    if (!fsSync.existsSync(filePath)) return null;
+    const stats = fsSync.statSync(filePath);
+    if (!stats.isFile() || stats.size <= 1) return null;
+    return fsSync.readFileSync(filePath, "utf-8");
+  } catch {
+    return null;
+  }
+}
+
+export function maybeRestoreCredsFromBackup(authDir: string): void {
+  const logger = getChildLogger({ module: "web-session" });
+  try {
+    const credsPath = resolveWebCredsPath(authDir);
+    const backupPath = resolveWebCredsBackupPath(authDir);
+    const raw = readCredsJsonRaw(credsPath);
+    if (raw) {
+      // Validate that creds.json is parseable.
+      JSON.parse(raw);
+      return;
+    }
+
+    const backupRaw = readCredsJsonRaw(backupPath);
+    if (!backupRaw) return;
+
+    // Ensure backup is parseable before restoring.
+    JSON.parse(backupRaw);
+    fsSync.copyFileSync(backupPath, credsPath);
+    logger.warn(
+      { credsPath },
+      "restored corrupted WhatsApp creds.json from backup",
+    );
+  } catch {
+    // ignore
+  }
+}
+
+export async function webAuthExists(
+  authDir: string = resolveDefaultWebAuthDir(),
+) {
+  const resolvedAuthDir = resolveUserPath(authDir);
+  maybeRestoreCredsFromBackup(resolvedAuthDir);
+  const credsPath = resolveWebCredsPath(resolvedAuthDir);
+  try {
+    await fs.access(resolvedAuthDir);
+  } catch {
+    return false;
+  }
+  try {
+    const stats = await fs.stat(credsPath);
+    if (!stats.isFile() || stats.size <= 1) return false;
+    const raw = await fs.readFile(credsPath, "utf-8");
+    JSON.parse(raw);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function clearLegacyBaileysAuthState(authDir: string) {
+  const entries = await fs.readdir(authDir, { withFileTypes: true });
+  const shouldDelete = (name: string) => {
+    if (name === "oauth.json") return false;
+    if (name === "creds.json" || name === "creds.json.bak") return true;
+    if (!name.endsWith(".json")) return false;
+    return /^(app-state-sync|session|sender-key|pre-key)-/.test(name);
+  };
+  await Promise.all(
+    entries.map(async (entry) => {
+      if (!entry.isFile()) return;
+      if (!shouldDelete(entry.name)) return;
+      await fs.rm(path.join(authDir, entry.name), { force: true });
+    }),
+  );
+}
+
+export async function logoutWeb(params: {
+  authDir?: string;
+  isLegacyAuthDir?: boolean;
+  runtime?: RuntimeEnv;
+}) {
+  const runtime = params.runtime ?? defaultRuntime;
+  const resolvedAuthDir = resolveUserPath(
+    params.authDir ?? resolveDefaultWebAuthDir(),
+  );
+  const exists = await webAuthExists(resolvedAuthDir);
+  if (!exists) {
+    runtime.log(info("No WhatsApp Web session found; nothing to delete."));
+    return false;
+  }
+  if (params.isLegacyAuthDir) {
+    await clearLegacyBaileysAuthState(resolvedAuthDir);
+  } else {
+    await fs.rm(resolvedAuthDir, { recursive: true, force: true });
+  }
+  runtime.log(success("Cleared WhatsApp Web credentials."));
+  return true;
+}
+
+export function readWebSelfId(authDir: string = resolveDefaultWebAuthDir()) {
+  // Read the cached WhatsApp Web identity (jid + E.164) from disk if present.
+  try {
+    const credsPath = resolveWebCredsPath(resolveUserPath(authDir));
+    if (!fsSync.existsSync(credsPath)) {
+      return { e164: null, jid: null } as const;
+    }
+    const raw = fsSync.readFileSync(credsPath, "utf-8");
+    const parsed = JSON.parse(raw) as { me?: { id?: string } } | undefined;
+    const jid = parsed?.me?.id ?? null;
+    const e164 = jid ? jidToE164(jid, { authDir }) : null;
+    return { e164, jid } as const;
+  } catch {
+    return { e164: null, jid: null } as const;
+  }
+}
+
+/**
+ * Return the age (in milliseconds) of the cached WhatsApp web auth state, or null when missing.
+ * Helpful for heartbeats/observability to spot stale credentials.
+ */
+export function getWebAuthAgeMs(
+  authDir: string = resolveDefaultWebAuthDir(),
+): number | null {
+  try {
+    const stats = fsSync.statSync(
+      resolveWebCredsPath(resolveUserPath(authDir)),
+    );
+    return Date.now() - stats.mtimeMs;
+  } catch {
+    return null;
+  }
+}
+
+export function logWebSelfId(
+  authDir: string = resolveDefaultWebAuthDir(),
+  runtime: RuntimeEnv = defaultRuntime,
+  includeProviderPrefix = false,
+) {
+  // Human-friendly log of the currently linked personal web session.
+  const { e164, jid } = readWebSelfId(authDir);
+  const details =
+    e164 || jid
+      ? `${e164 ?? "unknown"}${jid ? ` (jid ${jid})` : ""}`
+      : "unknown";
+  const prefix = includeProviderPrefix ? "Web Provider: " : "";
+  runtime.log(info(`${prefix}${details}`));
+}
+
+export async function pickProvider(
+  pref: Provider | "auto",
+  authDir: string = resolveDefaultWebAuthDir(),
+): Promise<Provider> {
+  const choice: Provider = pref === "auto" ? "web" : pref;
+  const hasWeb = await webAuthExists(authDir);
+  if (!hasWeb) {
+    throw new Error(
+      "No WhatsApp Web session found. Run `clawdbot providers login --verbose` to link.",
+    );
+  }
+  return choice;
+}
--- a/src/web/auto-reply.ts
+++ b/src/web/auto-reply.ts
@@ -51,6 +51,7 @@ import { enqueueSystemEvent } from "../infra/system-events.js";
 import { registerUnhandledRejectionHandler } from "../infra/unhandled-rejections.js";
 import { createSubsystemLogger, getChildLogger } from "../logging.js";
 import { toLocationContext } from "../providers/location.js";
+import { resolveWhatsAppHeartbeatRecipients } from "../providers/plugins/whatsapp-heartbeat.js";
 import {
  buildAgentSessionKey,
  resolveAgentRoute,
@@ -495,71 +496,11 @@ export async function runWebHeartbeatOnce(opts: {
  }
 }

-function getSessionRecipients(cfg: ReturnType<typeof loadConfig>) {
-  const sessionCfg = cfg.session;
-  const scope = sessionCfg?.scope ?? "per-sender";
-  if (scope === "global") return [];
-  const storePath = resolveStorePath(cfg.session?.store);
-  const store = loadSessionStore(storePath);
-  const isGroupKey = (key: string) =>
-    key.startsWith("group:") ||
-    key.includes(":group:") ||
-    key.includes(":channel:") ||
-    key.includes("@g.us");
-  const isCronKey = (key: string) => key.startsWith("cron:");
-
-  const recipients = Object.entries(store)
-    .filter(([key]) => key !== "global" && key !== "unknown")
-    .filter(([key]) => !isGroupKey(key) && !isCronKey(key))
-    .map(([_, entry]) => ({
-      to:
-        entry?.lastProvider === "whatsapp" && entry?.lastTo
-          ? normalizeE164(entry.lastTo)
-          : "",
-      updatedAt: entry?.updatedAt ?? 0,
-    }))
-    .filter(({ to }) => to.length > 1)
-    .sort((a, b) => b.updatedAt - a.updatedAt);
-
-  // Dedupe while preserving recency ordering.
-  const seen = new Set<string>();
-  return recipients.filter((r) => {
-    if (seen.has(r.to)) return false;
-    seen.add(r.to);
-    return true;
-  });
-}
-
 export function resolveHeartbeatRecipients(
  cfg: ReturnType<typeof loadConfig>,
  opts: { to?: string; all?: boolean } = {},
 ) {
-  if (opts.to) return { recipients: [normalizeE164(opts.to)], source: "flag" };
-
-  const sessionRecipients = getSessionRecipients(cfg);
-  const allowFrom =
-    Array.isArray(cfg.whatsapp?.allowFrom) && cfg.whatsapp.allowFrom.length > 0
-      ? cfg.whatsapp.allowFrom.filter((v) => v !== "*").map(normalizeE164)
-      : [];
-
-  const unique = (list: string[]) => [...new Set(list.filter(Boolean))];
-
-  if (opts.all) {
-    const all = unique([...sessionRecipients.map((s) => s.to), ...allowFrom]);
-    return { recipients: all, source: "all" as const };
-  }
-
-  if (sessionRecipients.length === 1) {
-    return { recipients: [sessionRecipients[0].to], source: "session-single" };
-  }
-  if (sessionRecipients.length > 1) {
-    return {
-      recipients: sessionRecipients.map((s) => s.to),
-      source: "session-ambiguous" as const,
-    };
-  }
-
-  return { recipients: allowFrom, source: "allowFrom" as const };
+  return resolveWhatsAppHeartbeatRecipients(cfg, opts);
 }

 function getSessionSnapshot(
--- a/src/web/login.coverage.test.ts
+++ b/src/web/login.coverage.test.ts
@@ -61,7 +61,7 @@ describe("loginWeb coverage", () => {
      .mockResolvedValueOnce(undefined);

    const runtime = { log: vi.fn(), error: vi.fn() } as never;
-    await loginWeb(false, "web", waitForWaConnection as never, runtime);
+    await loginWeb(false, waitForWaConnection as never, runtime);

    expect(createWaSocket).toHaveBeenCalledTimes(2);
    const firstSock = await createWaSocket.mock.results[0].value;
@@ -76,9 +76,9 @@ describe("loginWeb coverage", () => {
      output: { statusCode: DisconnectReason.loggedOut },
    });

-    await expect(
-      loginWeb(false, "web", waitForWaConnection as never),
-    ).rejects.toThrow(/cache cleared/i);
+    await expect(loginWeb(false, waitForWaConnection as never)).rejects.toThrow(
+      /cache cleared/i,
+    );
    expect(rmMock).toHaveBeenCalledWith(authDir, {
      recursive: true,
      force: true,
@@ -87,9 +87,9 @@ describe("loginWeb coverage", () => {

  it("formats and rethrows generic errors", async () => {
    waitForWaConnection.mockRejectedValueOnce(new Error("boom"));
-    await expect(
-      loginWeb(false, "web", waitForWaConnection as never),
-    ).rejects.toThrow("formatted:Error: boom");
+    await expect(loginWeb(false, waitForWaConnection as never)).rejects.toThrow(
+      "formatted:Error: boom",
+    );
    expect(formatError).toHaveBeenCalled();
  });
 });
--- a/src/web/login.test.ts
+++ b/src/web/login.test.ts
@@ -39,7 +39,7 @@ describe("web login", () => {
    const waiter: typeof waitForWaConnection = vi
      .fn()
      .mockResolvedValue(undefined);
-    await loginWeb(false, "web", waiter);
+    await loginWeb(false, waiter);
    await new Promise((resolve) => setTimeout(resolve, 550));
    expect(close).toHaveBeenCalled();
  });
--- a/src/web/login.ts
+++ b/src/web/login.ts
@@ -13,14 +13,10 @@ import {

 export async function loginWeb(
  verbose: boolean,
-  provider = "whatsapp",
  waitForConnection?: typeof waitForWaConnection,
  runtime: RuntimeEnv = defaultRuntime,
  accountId?: string,
 ) {
-  if (provider !== "whatsapp" && provider !== "web") {
-    throw new Error(`Unsupported provider: ${provider}`);
-  }
  const wait = waitForConnection ?? waitForWaConnection;
  const cfg = loadConfig();
  const account = resolveWhatsAppAccount({ cfg, accountId });
@@ -52,11 +48,7 @@ export async function loginWeb(
      });
      try {
        await wait(retry);
-        console.log(
-          success(
-            "✅ Linked after restart; web session ready. You can now send with provider=web.",
-          ),
-        );
+        console.log(success("✅ Linked after restart; web session ready."));
        return;
      } finally {
        setTimeout(() => retry.ws?.close(), 500);
--- a/src/web/session.ts
+++ b/src/web/session.ts
@@ -1,7 +1,5 @@
 import { randomUUID } from "node:crypto";
 import fsSync from "node:fs";
-import fs from "node:fs/promises";
-import path from "node:path";
 import {
  DisconnectReason,
  fetchLatestBaileysVersion,
@@ -10,28 +8,27 @@ import {
  useMultiFileAuthState,
 } from "@whiskeysockets/baileys";
 import qrcode from "qrcode-terminal";
-import { resolveOAuthDir } from "../config/paths.js";
-import { danger, info, success } from "../globals.js";
+import { danger, success } from "../globals.js";
 import { getChildLogger, toPinoLikeLogger } from "../logging.js";
-import { DEFAULT_ACCOUNT_ID } from "../routing/session-key.js";
-import { defaultRuntime, type RuntimeEnv } from "../runtime.js";
-import type { Provider } from "../utils.js";
-import { ensureDir, jidToE164, resolveUserPath } from "../utils.js";
+import { ensureDir, resolveUserPath } from "../utils.js";
 import { VERSION } from "../version.js";

-function resolveDefaultWebAuthDir(): string {
-  return path.join(resolveOAuthDir(), "whatsapp", DEFAULT_ACCOUNT_ID);
-}
+import {
+  maybeRestoreCredsFromBackup,
+  resolveDefaultWebAuthDir,
+  resolveWebCredsBackupPath,
+  resolveWebCredsPath,
+} from "./auth-store.js";

-export const WA_WEB_AUTH_DIR = resolveDefaultWebAuthDir();
-
-function resolveWebCredsPath(authDir: string) {
-  return path.join(authDir, "creds.json");
-}
-
-function resolveWebCredsBackupPath(authDir: string) {
-  return path.join(authDir, "creds.json.bak");
-}
+export {
+  getWebAuthAgeMs,
+  logoutWeb,
+  logWebSelfId,
+  pickProvider,
+  readWebSelfId,
+  WA_WEB_AUTH_DIR,
+  webAuthExists,
+} from "./auth-store.js";

 let credsSaveQueue: Promise<void> = Promise.resolve();
 function enqueueSaveCreds(
@@ -57,35 +54,6 @@ function readCredsJsonRaw(filePath: string): string | null {
  }
 }

-function maybeRestoreCredsFromBackup(
-  authDir: string,
-  logger: ReturnType<typeof getChildLogger>,
-): void {
-  try {
-    const credsPath = resolveWebCredsPath(authDir);
-    const backupPath = resolveWebCredsBackupPath(authDir);
-    const raw = readCredsJsonRaw(credsPath);
-    if (raw) {
-      // Validate that creds.json is parseable.
-      JSON.parse(raw);
-      return;
-    }
-
-    const backupRaw = readCredsJsonRaw(backupPath);
-    if (!backupRaw) return;
-
-    // Ensure backup is parseable before restoring.
-    JSON.parse(backupRaw);
-    fsSync.copyFileSync(backupPath, credsPath);
-    logger.warn(
-      { credsPath },
-      "restored corrupted WhatsApp creds.json from backup",
-    );
-  } catch {
-    // ignore
-  }
-}
-
 async function safeSaveCreds(
  authDir: string,
  saveCreds: () => Promise<void> | void,
@@ -134,7 +102,7 @@ export async function createWaSocket(
  const authDir = resolveUserPath(opts.authDir ?? resolveDefaultWebAuthDir());
  await ensureDir(authDir);
  const sessionLogger = getChildLogger({ module: "web-session" });
-  maybeRestoreCredsFromBackup(authDir, sessionLogger);
+  maybeRestoreCredsFromBackup(authDir);
  const { state, saveCreds } = await useMultiFileAuthState(authDir);
  const { version } = await fetchLatestBaileysVersion();
  const sock = makeWASocket({
@@ -332,132 +300,6 @@ export function formatError(err: unknown): string {
  return safeStringify(err);
 }

-export async function webAuthExists(
-  authDir: string = resolveDefaultWebAuthDir(),
-) {
-  const sessionLogger = getChildLogger({ module: "web-session" });
-  const resolvedAuthDir = resolveUserPath(authDir);
-  maybeRestoreCredsFromBackup(resolvedAuthDir, sessionLogger);
-  const credsPath = resolveWebCredsPath(resolvedAuthDir);
-  try {
-    await fs.access(resolvedAuthDir);
-  } catch {
-    return false;
-  }
-  try {
-    const stats = await fs.stat(credsPath);
-    if (!stats.isFile() || stats.size <= 1) return false;
-    const raw = await fs.readFile(credsPath, "utf-8");
-    JSON.parse(raw);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-async function clearLegacyBaileysAuthState(authDir: string) {
-  const entries = await fs.readdir(authDir, { withFileTypes: true });
-  const shouldDelete = (name: string) => {
-    if (name === "oauth.json") return false;
-    if (name === "creds.json" || name === "creds.json.bak") return true;
-    if (!name.endsWith(".json")) return false;
-    return /^(app-state-sync|session|sender-key|pre-key)-/.test(name);
-  };
-  await Promise.all(
-    entries.map(async (entry) => {
-      if (!entry.isFile()) return;
-      if (!shouldDelete(entry.name)) return;
-      await fs.rm(path.join(authDir, entry.name), { force: true });
-    }),
-  );
-}
-
-export async function logoutWeb(params: {
-  authDir?: string;
-  isLegacyAuthDir?: boolean;
-  runtime?: RuntimeEnv;
-}) {
-  const runtime = params.runtime ?? defaultRuntime;
-  const resolvedAuthDir = resolveUserPath(
-    params.authDir ?? resolveDefaultWebAuthDir(),
-  );
-  const exists = await webAuthExists(resolvedAuthDir);
-  if (!exists) {
-    runtime.log(info("No WhatsApp Web session found; nothing to delete."));
-    return false;
-  }
-  if (params.isLegacyAuthDir) {
-    await clearLegacyBaileysAuthState(resolvedAuthDir);
-  } else {
-    await fs.rm(resolvedAuthDir, { recursive: true, force: true });
-  }
-  runtime.log(success("Cleared WhatsApp Web credentials."));
-  return true;
-}
-
-export function readWebSelfId(authDir: string = resolveDefaultWebAuthDir()) {
-  // Read the cached WhatsApp Web identity (jid + E.164) from disk if present.
-  try {
-    const credsPath = resolveWebCredsPath(resolveUserPath(authDir));
-    if (!fsSync.existsSync(credsPath)) {
-      return { e164: null, jid: null } as const;
-    }
-    const raw = fsSync.readFileSync(credsPath, "utf-8");
-    const parsed = JSON.parse(raw) as { me?: { id?: string } } | undefined;
-    const jid = parsed?.me?.id ?? null;
-    const e164 = jid ? jidToE164(jid, { authDir }) : null;
-    return { e164, jid } as const;
-  } catch {
-    return { e164: null, jid: null } as const;
-  }
-}
-
-/**
- * Return the age (in milliseconds) of the cached WhatsApp web auth state, or null when missing.
- * Helpful for heartbeats/observability to spot stale credentials.
- */
-export function getWebAuthAgeMs(
-  authDir: string = resolveDefaultWebAuthDir(),
-): number | null {
-  try {
-    const stats = fsSync.statSync(
-      resolveWebCredsPath(resolveUserPath(authDir)),
-    );
-    return Date.now() - stats.mtimeMs;
-  } catch {
-    return null;
-  }
-}
-
 export function newConnectionId() {
  return randomUUID();
 }
-
-export function logWebSelfId(
-  authDir: string = resolveDefaultWebAuthDir(),
-  runtime: RuntimeEnv = defaultRuntime,
-  includeProviderPrefix = false,
-) {
-  // Human-friendly log of the currently linked personal web session.
-  const { e164, jid } = readWebSelfId(authDir);
-  const details =
-    e164 || jid
-      ? `${e164 ?? "unknown"}${jid ? ` (jid ${jid})` : ""}`
-      : "unknown";
-  const prefix = includeProviderPrefix ? "Web Provider: " : "";
-  runtime.log(info(`${prefix}${details}`));
-}
-
-export async function pickProvider(
-  pref: Provider | "auto",
-  authDir: string = resolveDefaultWebAuthDir(),
-): Promise<Provider> {
-  const choice: Provider = pref === "auto" ? "web" : pref;
-  const hasWeb = await webAuthExists(authDir);
-  if (!hasWeb) {
-    throw new Error(
-      "No WhatsApp Web session found. Run `clawdbot providers login --verbose` to link.",
-    );
-  }
-  return choice;
-}