Skip to content

v1.19.1 — Bash-heredoc fix for /whatsapp:access and configure writes

Choose a tag to compare

View all tags
@crisandrews crisandrews released this 19 May 16:55
· 5 commits to main since this release
v1.19.1
cd5edf7

Routes WhatsApp's pairing and configuration file writes through a hardened Bash heredoc pattern instead of MCP Write. ClawCode 1.6.0+ refuses file-tool writes to access.json, config.json, approved/<senderId>.json, and recent-groups.json when the channel state-dir resolves to the global fallback ~/.claude/channels/whatsapp/ (the entire ~/.claude/ tree is on its protected-paths list). Before this release, those writes silently failed with exec-gate: write to protected path refused (channel-access-json) or (claude-home)/whatsapp:access pair <code> and /whatsapp:configure audio both surfaced as "doesn't work" with no diagnostic. Now the skill instructions tell the agent to write via Bash, which is not subject to the file-tool classifier. Independent fix — no schema changes, no cross-plugin coordination needed. Pairs with ClawCode 1.7.1, which routes its own side identically.

Fixes

  • Skills/access: all "Save access.json" instructions (plus the approved/<senderId>.json save in the pair flow and the recent-groups.json rewrite in add-group) route through a hardened heredoc pattern: rm -f tmp.$$ && umask 077 && cat > tmp.$$ << "JSON_EOF" && JSON.parse validate && chmod 600 && atomic mv || cleanup. Tightening over plain heredoc: pre-clears any stale tmp file (defends against symlink-plant on shared systems); per-invocation $$ PID-suffix; umask 077 so the freshly-created tmp starts at 0o600 immediately; explicit chmod 600 belt-and-suspenders; JSON.parse rejection BEFORE atomic mv so a truncated write can never clobber the existing file. After every save, the skill re-Reads access.json to surface the rare clobber-by-concurrent-server-write race to the user instead of silently pretending it succeeded.
  • Skills/configure: same hardened heredoc pattern for every "write it back" instruction (audio language, audio model, audio quality, audio provider, audio off, chunk-mode, reply-to, ack, document, pair, pair off).
  • Skills/access + skills/configure: Write removed from allowed-tools front-matter. Even with the explicit "NOT Write" sections in the skill body, leaving Write authorized was a footgun if the agent ever forgot the rule.
  • Docs/search-export: minor wording cleanup.

Compatibility

  • No schema changes, no MCP tool signature changes, no inbound notification payload changes. Existing access.json / config.json formats unchanged; the only thing different is the agent's path for writing them.
  • Standalone claude-whatsapp users (no ClawCode installed): file-tool writes still work as before because there's no protected-paths defense to refuse them. The hardened heredoc pattern is a no-op safety improvement (atomicity + perms + JSON validation) in that case.

Full changelog: CHANGELOG.md.

Assets 2
Loading