Integrate embedded WhatsApp and text channels

Author: bglusman

Cargo.lock

@@ -23,7 +23,7 @@ being treated as daily-driver infrastructure.
 | Per-secret destination allowlists | Working | [Outbound traffic gating](https://calciforge.org/#outbound-traffic-gating) |
 | Local paste UI for one-shot and bulk `.env` secret input | Working | [Secret management](https://calciforge.org/#secret-management) |
 | MCP and CLI tools for agent-facing secret-name discovery, with no value readback | Working | [Agent-facing tools](https://calciforge.org/#agent-facing-tools-mcp) |
-| Telegram, Matrix, WhatsApp, and Signal routing | Working | [Multi-channel chat](https://calciforge.org/#multi-channel-chat) |
+| Telegram, Matrix, WhatsApp, Signal, and text/iMessage routing | Working | [Multi-channel chat](https://calciforge.org/#multi-channel-chat) |
 | OpenAI-compatible model gateway, provider routing, model aliases, alloys, cascades, dispatchers, exec models, and local model switching | Working | [Model gateway](docs/model-gateway.md) |
 | Codex CLI and OpenClaw Codex subscription/OAuth integration paths | Working | [Codex integration](docs/codex-openclaw-integration.md) |
 | `calciforge doctor` config/state/endpoint diagnostics | Working | [Quick Start](#quick-start) |
@@ -75,10 +75,12 @@ Channel-based secret input is intentionally being de-emphasized because
 chat transports can retain plaintext values. Prefer the local paste UI
 or direct `fnox` input for new secrets.
 
-Route Claude Code or another HTTP-speaking agent process through the gateway.
-The installer and examples bias toward setting this on managed subprocess
-agents directly; for external daemons, set it on the agent process or its
-service manager, not on the Calciforge daemon:
+Calciforge-managed subprocess agents should get proxy environment from their
+agent config or installer-generated config. Do not put proxy variables on the
+Calciforge daemon itself; that can route Calciforge's own provider and
+control-plane traffic through its security proxy. For externally managed agent
+daemons that Calciforge does not launch, set plain HTTP proxying on the agent
+process or its service manager and validate it against `security-proxy` logs:
 
 ```bash
 export HTTP_PROXY=http://127.0.0.1:8888

README.md

@@ -35,7 +35,7 @@ axum = "0.7"
 # Embedded Signal channel implementation. The crate brings its own
 # SignalChannel that talks to signal-cli-rest-api, so we no longer host a
 # webhook receiver inside calciforge for Signal.
-zeroclawlabs = { workspace = true }
+zeroclawlabs = { workspace = true, features = ["whatsapp-web"] }
 
 # Secret resolution helpers
 secrets-client = { path = "../secrets-client" }

crates/calciforge/Cargo.toml

@@ -17,7 +17,7 @@ COPY --from=builder /app/target/release/security-proxy /usr/local/bin/security-p
 # Create config directory
 RUN mkdir -p /root/.calciforge
 
-EXPOSE 8888 18792 18793 18794 18795 18796 18797
+EXPOSE 8888 18792 18793 18794 18795 18796 18797 18798
 
 ENTRYPOINT ["/usr/local/bin/calciforge"]
 CMD ["--config", "/root/.calciforge/config.toml"]

crates/calciforge/Dockerfile

@@ -83,7 +83,7 @@ args = [
     "--skip-git-repo-check",
     "-"
 ]
-env = { HTTP_PROXY = "http://127.0.0.1:8888", HTTPS_PROXY = "http://127.0.0.1:8888", NO_PROXY = "localhost,127.0.0.1,::1" }
+env = { HTTP_PROXY = "http://127.0.0.1:8888", NO_PROXY = "localhost,127.0.0.1,::1" }
 timeout_ms = 600000
 
 [agents.registry]
@@ -99,7 +99,7 @@ id = "dirac"
 kind = "dirac-cli"
 command = "dirac"
 args = ["--yolo", "--json"]
-env = { HTTP_PROXY = "http://127.0.0.1:8888", HTTPS_PROXY = "http://127.0.0.1:8888", NO_PROXY = "localhost,127.0.0.1,::1" }
+env = { HTTP_PROXY = "http://127.0.0.1:8888", NO_PROXY = "localhost,127.0.0.1,::1" }
 timeout_ms = 600000
 
 [agents.registry]

crates/calciforge/examples/config.toml

@@ -401,7 +401,9 @@ mod tests {
         let mut file = std::fs::File::create(&path).expect("create script");
         writeln!(file, "#!/bin/sh").expect("write shebang");
         writeln!(file, "{body}").expect("write body");
+        file.sync_all().expect("sync script");
         let mut perms = file.metadata().expect("script metadata").permissions();
+        drop(file);
         perms.set_mode(0o755);
         std::fs::set_permissions(&path, perms).expect("chmod script");
         path

crates/calciforge/src/adapters/artifact_cli.rs

@@ -25,7 +25,7 @@
 //! command = "/usr/local/bin/ironclaw"
 //! args = ["run", "-m", "{message}"]
 //! timeout_ms = 30000
-//! env = { LLM_BACKEND = "openai_compatible", LLM_BASE_URL = "...", LLM_MODEL = "kimi-k2.5", HTTP_PROXY = "http://127.0.0.1:8888", HTTPS_PROXY = "http://127.0.0.1:8888", NO_PROXY = "localhost,127.0.0.1,::1" }
+//! env = { LLM_BACKEND = "openai_compatible", LLM_BASE_URL = "...", LLM_MODEL = "kimi-k2.5", HTTP_PROXY = "http://127.0.0.1:8888", NO_PROXY = "localhost,127.0.0.1,::1" }
 //! ```
 
 use std::collections::HashMap;

crates/calciforge/src/adapters/cli.rs

@@ -310,18 +310,37 @@ async fn send_matrix_message(
         "msgtype": "m.text",
         "body": body,
     });
-    let resp = http
-        .put(&url)
-        .header("Authorization", auth_header)
-        .json(&payload)
-        .send()
-        .await?;
-    if !resp.status().is_success() {
+    const MAX_RETRIES: u32 = 4;
+    let mut attempt = 0u32;
+    loop {
+        let resp = http
+            .put(&url)
+            .header("Authorization", auth_header)
+            .json(&payload)
+            .send()
+            .await?;
         let status = resp.status();
+        if status.is_success() {
+            return Ok(());
+        }
+        if status.as_u16() == 429 && attempt < MAX_RETRIES {
+            let body_text = resp.text().await.unwrap_or_default();
+            let retry_ms = serde_json::from_str::<serde_json::Value>(&body_text)
+                .ok()
+                .and_then(|value| value["retry_after_ms"].as_u64())
+                .unwrap_or(1000);
+            tracing::debug!(
+                attempt,
+                retry_ms,
+                "Matrix send rate-limited (429); retrying"
+            );
+            tokio::time::sleep(tokio::time::Duration::from_millis(retry_ms + 50)).await;
+            attempt += 1;
+            continue;
+        }
         let err = resp.text().await.unwrap_or_default();
         anyhow::bail!("Matrix send failed ({status}): {err}");
     }
-    Ok(())
 }
 
 async fn send_matrix_outbound_message(

crates/calciforge/src/channels/matrix.rs

@@ -1,26 +1,16 @@
 //! Channel adapters for Calciforge.
 //!
-//! Currently active: Telegram.
-//! Scaffolded (needs bot account): Matrix.
-//! Scaffolded (needs ZeroClaw WA session): WhatsApp.
-//! Scaffolded (needs OpenClaw Signal session): Signal.
+//! Active: Telegram, Matrix, WhatsApp, Signal, text/iMessage, and mock.
 //!
-//! Matrix was removed in v0.4.x (Zig) due to a tight-loop bug. The Rust v2 doesn't
-//! have that problem — the adapter below is ready to wire up once the bot account exists.
-//! See MATRIX-SETUP-NEEDED.md in the repo root for what's required.
-//!
-//! WhatsApp runs as a webhook receiver sidecar to ZeroClaw's wa-rs session.
-//! Calciforge listens for incoming webhook POSTs (forwarded from ZeroClaw) and sends
-//! replies back via ZeroClaw's /tools/invoke API.  The QR pairing happens in ZeroClaw;
-//! Calciforge only handles identity routing and agent dispatch.
-//!
-//! Signal follows the same webhook receiver pattern as WhatsApp, but uses
-//! OpenClaw's native Signal support. Calciforge receives webhooks from OpenClaw
-//! and sends replies via the /tools/invoke API.
+//! Matrix and Telegram use their native HTTP APIs. WhatsApp and Signal embed
+//! zeroclawlabs transports directly. Text/iMessage uses the zeroclawlabs Linq
+//! transport for outbound sends plus a Calciforge-hosted Linq webhook receiver
+//! for inbound iMessage/RCS/SMS events.
 
 pub mod matrix;
 pub mod mock;
 pub mod signal;
+pub mod sms;
 pub mod telegram;
 pub mod telemetry;
 pub mod whatsapp;

crates/calciforge/src/channels/mod.rs

@@ -45,6 +45,7 @@ use crate::{
     commands::CommandHandler,
     config::CalciforgeConfig,
     context::ContextStore,
+    messages::OutboundMessage,
     router::Router,
 };
 
@@ -124,6 +125,11 @@ impl<C: Channel + ?Sized + 'static> SignalChannel<C> {
         }
     }
 
+    async fn send_outbound(&self, recipient: &str, message: &OutboundMessage) {
+        self.send_reply(recipient, &message.render_text_fallback())
+            .await;
+    }
+
     /// Handle a single inbound `ChannelMessage` end-to-end.
     pub async fn handle_message(self: Arc<Self>, msg: ChannelMessage) {
         let received_at = std::time::Instant::now();
@@ -209,6 +215,7 @@ impl<C: Channel + ?Sized + 'static> SignalChannel<C> {
             && !CommandHandler::is_default_command(&text)
             && !CommandHandler::is_sessions_command(&text)
             && !CommandHandler::is_model_command(&text)
+            && !CommandHandler::is_secure_command(&text)
         {
             let reply = self.command_handler.unknown_command(&text);
             let channel = self.clone();
@@ -280,6 +287,33 @@ impl<C: Channel + ?Sized + 'static> SignalChannel<C> {
             return;
         }
 
+        // !secure
+        if CommandHandler::is_secure_command(&text) {
+            debug!(identity = %identity.id, "Signal: handling !secure command");
+            if CommandHandler::is_secure_set_command(&text)
+                && !crate::config::channel_allows_chat_secret_set(&self.config, "signal")
+            {
+                let reply = CommandHandler::secure_set_disabled_reply("Signal");
+                let channel = self.clone();
+                let target = reply_target.clone();
+                tokio::spawn(async move {
+                    channel.send_reply(&target, &reply).await;
+                });
+                return;
+            }
+
+            let reply = self
+                .command_handler
+                .handle_secure(&text, &identity.id)
+                .await;
+            let channel = self.clone();
+            let target = reply_target.clone();
+            tokio::spawn(async move {
+                channel.send_reply(&target, &reply).await;
+            });
+            return;
+        }
+
         // !context clear
         if text.trim().eq_ignore_ascii_case("!context clear") {
             self.context_store.clear(&chat_key);
@@ -345,7 +379,7 @@ impl<C: Channel + ?Sized + 'static> SignalChannel<C> {
             let dispatch_start = std::time::Instant::now();
             match self
                 .router
-                .dispatch_with_sender_and_model(
+                .dispatch_message_with_sender_and_model(
                     &augmented,
                     &agent,
                     &self.config,
@@ -356,21 +390,21 @@ impl<C: Channel + ?Sized + 'static> SignalChannel<C> {
             {
                 Ok(response) => {
                     let latency_ms = dispatch_start.elapsed().as_millis() as u64;
+                    let final_response = response.render_text_fallback();
                     self.command_handler.record_dispatch(latency_ms);
                     telemetry::agent_dispatch_succeeded(
                         "signal",
                         &identity_id,
                         &agent_id,
                         latency_ms,
-                        response.len(),
+                        response.response_len(),
                     );
 
-                    let final_response = response;
-
                     debug!(
                         identity = %identity_id,
                         agent_id = %agent_id,
                         response_len = %final_response.len(),
+                        attachments = response.attachments.len(),
                         "Signal: got agent response"
                     );
 
@@ -383,7 +417,7 @@ impl<C: Channel + ?Sized + 'static> SignalChannel<C> {
                         preserve_native_commands,
                     );
 
-                    self.send_reply(&reply_target, &final_response).await;
+                    self.send_outbound(&reply_target, &response).await;
                 }
                 Err(e) => {
                     warn!(identity = %identity_id, error = %e, "Signal: agent dispatch failed");
@@ -617,26 +651,11 @@ mod tests {
     fn make_test_config<F: FnOnce(&mut ChannelConfig)>(mutate: F) -> Arc<CalciforgeConfig> {
         let mut channel = ChannelConfig {
             kind: "signal".to_string(),
-            bot_token_file: None,
             enabled: true,
-            homeserver: None,
-            access_token_file: None,
-            room_id: None,
-            allowed_users: vec![],
-            zeroclaw_endpoint: None,
-            zeroclaw_auth_token: None,
-            webhook_listen: None,
-            webhook_path: None,
-            webhook_secret: None,
             allowed_numbers: vec!["+15555550100".to_string()],
             signal_cli_url: Some("http://127.0.0.1:8080".to_string()),
             signal_account: Some("+15555550001".to_string()),
-            signal_group_id: None,
-            signal_ignore_attachments: false,
-            signal_ignore_stories: false,
-            control_port: None,
-            scan_messages: false,
-            allow_chat_secret_set: false,
+            ..Default::default()
         };
         mutate(&mut channel);