feat: add session_id to webhook payloads and jid to API responses

[occult]

Context

• Webhook payloads only contained the WhatsApp JID as device_id, while API responses (/app/status, /app/devices) only returned the user-assigned session ID. This made it impossible for multi-tenant integrations to correlate webhook events back to the session they registered with POST /devices.
• Adds session_id field to all webhook payloads (message, receipt, delete, group, call, newsletter) alongside the existing device_id (JID) for backward compatibility.
• Adds jid field to /app/status and /app/devices API responses.
• Closes ⚡️ Add session_id to webhook payloads and JID to API responses #578

Test Results

• go build ./... compiles cleanly with no errors
• go test ./... — all tests pass:

  ok  github.com/aldinokemal/go-whatsapp-web-multidevice/infrastructure/chatwoot    0.004s
  ok  github.com/aldinokemal/go-whatsapp-web-multidevice/infrastructure/whatsapp    0.005s
  ok  github.com/aldinokemal/go-whatsapp-web-multidevice/pkg/utils                  21.049s
  ok  github.com/aldinokemal/go-whatsapp-web-multidevice/ui/rest/middleware          0.055s
  ok  github.com/aldinokemal/go-whatsapp-web-multidevice/usecase                    0.012s
  ok  github.com/aldinokemal/go-whatsapp-web-multidevice/validations                0.007s
  

• go vet ./... — no issues
• Change is backward-compatible: existing device_id (JID) field is unchanged; session_id and jid are additive fields

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4578673c-7cdf-433d-8e53-0530aac8ca5a

📥 Commits

Reviewing files that changed from the base of the PR and between 1741d28 and 77148da.

📒 Files selected for processing (1)

• src/infrastructure/whatsapp/event_message.go

🚧 Files skipped from review as they are similar to previous changes (1)

• src/infrastructure/whatsapp/event_message.go

---

Walkthrough

Added optional session_id to webhook payloads and threaded sessionID through event handlers and payload constructors; exposed WhatsApp JID (jid) in API responses and device listings via a new JID field on DevicesResponse.

Changes

Cohort / File(s)	Summary
Domain & API src/domains/app/app.go, src/usecase/app.go, src/ui/rest/app.go	Added JID string \json:"jid,omitempty"`toDevicesResponse; populated and returned jid` in device listing and connection status responses.
Central Event Router src/infrastructure/whatsapp/event_handler.go	Read instance.ID() as sessionID and instance.JID() as device JID; threaded sessionID/deviceJID into downstream handlers and updated call sites/signatures.
Message Path src/infrastructure/whatsapp/event_message.go, src/infrastructure/whatsapp/event_message_handler.go	Added SessionID field to WebhookEvent; updated createWebhookEvent, forwardMessageToWebhook, handleWebhookForward, and handleMessage to accept/propagate sessionID; payloads include session_id when present.
Receipts & Delete src/infrastructure/whatsapp/event_receipt.go, src/infrastructure/whatsapp/event_delete.go	Extended create*Payload and forward*ToWebhook to accept sessionID and include session_id conditionally in webhook bodies; updated signatures and call sites.
Group & Joined src/infrastructure/whatsapp/event_group.go	Propagated sessionID into group payload constructors and forwarding functions; include session_id when non-empty for group info/joined events.
Calls src/infrastructure/whatsapp/event_call.go	Updated call-offer handlers and payload creation to accept and forward sessionID, adding session_id to webhook body when provided.
Newsletter src/infrastructure/whatsapp/event_newsletter.go	Updated newsletter handlers and forwarding functions to accept sessionID and include session_id in webhook payloads when present.

Sequence Diagram(s)

sequenceDiagram
    participant WhatsApp as "WhatsApp Client"
    participant Router as "Event Handler"
    participant Creator as "Payload Creator"
    participant Webhook as "External Webhook"

    WhatsApp->>Router: emit event (Message/Receipt/Delete/Group/Call/Newsletter)
    Router->>Router: read instance.ID() as sessionID\nand instance.JID() as deviceJID
    Router->>Creator: create payload (event, device_id=deviceJID, session_id=sessionID, payload...)
    Creator->>Webhook: POST webhook body (includes device_id and optional session_id)
    Webhook-->>Router: 200 / ack

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰
I hopped through code with tiny paws,
I stitched session threads without a pause.
Now webhooks carry both their names,
JID and session play the games—
🥕 tidy pairs, applause!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 57.58% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: adding session_id to webhook payloads and jid to API responses.
Description check	✅ Passed	The description follows the template with Context and Test Results sections, clearly explaining the problem and solutions implemented.
Linked Issues check	✅ Passed	All requirements from issue #578 are met: session_id added to all webhook payloads, jid added to API responses, backward compatibility maintained with existing device_id.
Out of Scope Changes check	✅ Passed	All changes are directly related to the stated objectives of adding session_id to webhooks and jid to API responses, with no unrelated modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @occult, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical need for multi-tenant integrations by enhancing data correlation capabilities. It introduces session_id into webhook payloads, enabling external systems to link incoming events directly to the session that initiated them. Concurrently, the jid (WhatsApp Jabber ID) is now exposed in API responses, providing a complete picture of device and session identifiers. These additions significantly improve the usability and integration potential for applications managing multiple WhatsApp sessions.

Highlights

• Enhanced Webhook Payloads: Added a session_id field to all webhook payloads (message, receipt, delete, group, call, newsletter events) to allow multi-tenant integrations to correlate events with specific user sessions.
• Improved API Responses: Included a jid field in the /app/status and /app/devices API responses, providing the WhatsApp JID alongside the existing user-assigned session ID.
• Backward Compatibility: Ensured that existing device_id (JID) fields remain unchanged in webhook payloads, and session_id and jid are additive fields, maintaining backward compatibility.

Changelog

• src/domains/app/app.go
  • Added JID field with json:"jid,omitempty" tag to the DevicesResponse struct.
• src/infrastructure/whatsapp/event_call.go
  • Updated handleCallOffer function signature to include sessionID parameter.
  • Modified forwardCallOfferToWebhook call within handleCallOffer to pass the new sessionID.
  • Updated createCallOfferPayload function signature to include sessionID parameter.
  • Added session_id to the webhook body map within createCallOfferPayload if sessionID is not empty.
  • Updated forwardCallOfferToWebhook function signature to include sessionID parameter.
  • Modified createCallOfferPayload call within forwardCallOfferToWebhook to pass the new sessionID.
• src/infrastructure/whatsapp/event_delete.go
  • Updated forwardDeleteToWebhook function signature to include sessionID parameter.
  • Modified createDeletePayload call within forwardDeleteToWebhook to pass the new sessionID.
  • Updated createDeletePayload function signature to include sessionID parameter.
  • Added session_id to the webhook body map within createDeletePayload if sessionID is not empty.
• src/infrastructure/whatsapp/event_group.go
  • Updated createGroupInfoPayload function signature to include sessionID parameter.
  • Added session_id to the webhook body map within createGroupInfoPayload if sessionID is not empty.
  • Updated forwardGroupInfoToWebhook function signature to include sessionID parameter.
  • Modified createGroupInfoPayload call within forwardGroupInfoToWebhook to pass the new sessionID.
  • Updated handleJoinedGroup function signature to include sessionID parameter.
  • Modified forwardJoinedGroupToWebhook call within handleJoinedGroup to pass the new sessionID.
  • Updated forwardJoinedGroupToWebhook function signature to include sessionID parameter.
  • Added session_id to the webhook body map within forwardJoinedGroupToWebhook if sessionID is not empty.
• src/infrastructure/whatsapp/event_handler.go
  • Introduced sessionID and deviceJID variables by calling instance.ID() and instance.JID() respectively.
  • Modified calls to handleDeleteForMe, handleMessage, handleReceipt, handleGroupInfo, handleJoinedGroup, handleNewsletterJoin, handleNewsletterLeave, handleNewsletterLiveUpdate, handleNewsletterMuteChange, and handleCallOffer to pass sessionID and/or deviceJID.
  • Updated handleDeleteForMe, handleReceipt, and handleGroupInfo function signatures to include sessionID parameter.
• src/infrastructure/whatsapp/event_message.go
  • Added SessionID field with json:"session_id,omitempty" tag to the WebhookEvent struct.
  • Updated forwardMessageToWebhook function signature to include sessionID parameter.
  • Modified createWebhookEvent call within forwardMessageToWebhook to pass the new sessionID.
  • Added session_id to the payload map within forwardMessageToWebhook if webhookEvent.SessionID is not empty.
  • Updated createWebhookEvent function signature to include sessionID parameter.
  • Assigned the sessionID parameter to webhookEvent.SessionID within createWebhookEvent.
• src/infrastructure/whatsapp/event_message_handler.go
  • Updated handleMessage function signature to include sessionID parameter.
  • Modified handleWebhookForward call within handleMessage to pass the new sessionID.
  • Updated handleWebhookForward function signature to include sessionID parameter.
  • Modified the goroutine function signature and call within handleWebhookForward to pass sessionID to forwardMessageToWebhook.
• src/infrastructure/whatsapp/event_newsletter.go
  • Updated handleNewsletterJoin, handleNewsletterLeave, handleNewsletterLiveUpdate, and handleNewsletterMuteChange function signatures to include sessionID parameter.
  • Modified calls to forwardNewsletterJoinToWebhook, forwardNewsletterLeaveToWebhook, forwardNewsletterLiveUpdateToWebhook, and forwardNewsletterMuteChangeToWebhook within their respective handleNewsletter* functions to pass the new sessionID.
  • Updated forwardNewsletterJoinToWebhook, forwardNewsletterLeaveToWebhook, forwardNewsletterLiveUpdateToWebhook, and forwardNewsletterMuteChangeToWebhook function signatures to include sessionID parameter.
  • Added session_id to the webhook body map within all forwardNewsletter*ToWebhook functions if sessionID is not empty.
• src/infrastructure/whatsapp/event_receipt.go
  • Updated createReceiptPayload function signature to include sessionID parameter.
  • Added session_id to the webhook body map within createReceiptPayload if sessionID is not empty.
  • Updated forwardReceiptToWebhook function signature to include sessionID parameter.
  • Modified createReceiptPayload call within forwardReceiptToWebhook to pass the new sessionID.
• src/ui/rest/app.go
  • Added jid field to the JSON response of the ConnectionStatus endpoint, retrieving it from device.JID().
• src/usecase/app.go
  • Added JID field to the domainApp.DevicesResponse struct within the FetchDevices function, populating it with inst.JID().

Activity

• The pull request introduces new functionality by adding session_id to webhook payloads and jid to API responses.
• The author has confirmed that the changes compile cleanly and all tests pass.
• Backward compatibility has been verified, as the new fields are additive.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces the session_id field to webhook payloads and adds the jid field to API responses, which is a valuable addition for multi-tenant integrations to correlate webhook events and registered sessions. Static analysis (SAST Recon) found no vulnerabilities within the audited scope. However, some areas for improvement were noted in goroutine closure handling and variable naming to enhance safety and maintainability.

[raulmatasp]

sgtm

[lucasmello-dev]

LGMT, go ahead

[aldinokemal]

Code Review Summary

Overall the PR is well-structured and backward-compatible. The session_id is additive with proper omitempty/conditional checks, and device_id (JID) remains unchanged. All webhook event types are covered consistently.

Key findings:

1. Message webhook derives device_id differently than all other events — The message path uses NormalizeJIDFromLID() on client.Store.ID inside createWebhookEvent, while all other events use instance.JID() directly. For LID-based accounts, this could produce different device_id values between message webhooks and other webhook types.

2. Goroutine closure capture inconsistency — The message handler correctly passes sessionID as a goroutine function argument, but other handlers (delete, group, receipt, newsletter) capture sessionID/deviceID from the outer scope. While safe for immutable strings, it's inconsistent.

3. MCP layer not updated — REST endpoints now include jid, but MCP equivalents do not. Clarify if intentional.

4. WebhookEvent struct JSON tags are decorative — The struct is manually converted to map[string]any before serialization, so JSON tags have no effect.

See inline comments for details.

[aldinokemal]

Inconsistency: handleMessage receives sessionID but not deviceJID, unlike every other event handler in this switch. The message webhook path re-derives device_id from client.Store.ID using NormalizeJIDFromLID() inside createWebhookEvent (event_message.go), while all other events use the pre-resolved deviceJID (from instance.JID()).

For LID-based WhatsApp accounts, NormalizeJIDFromLID() may resolve to a different value than instance.JID(), causing device_id to differ between message webhooks and all other webhook types.

Suggestion: Pass deviceJID to handleMessage as well, and have createWebhookEvent accept the pre-resolved JID instead of re-deriving it from the client store. This makes all event handlers use the same pattern.

[aldinokemal]

Inconsistency: sessionID, deviceID, evt, and message are captured from the outer scope rather than passed as goroutine function arguments. Compare with the message handler in event_message_handler.go which correctly passes all values as arguments:

go func(e *events.Message, c *whatsmeow.Client, sid string) {

While safe here (strings are immutable, pointers are not mutated after launch), the inconsistent pattern is fragile. Consider passing all referenced variables as goroutine arguments for uniformity.

[aldinokemal]

Note: These JSON struct tags are decorative — WebhookEvent is never marshaled directly to JSON. Instead, forwardMessageToWebhook manually constructs a map[string]any from the struct fields. If someone later marshals the struct directly (relying on these tags), the behavior would differ from the current map-based approach.

Consider either marshaling the struct directly, or removing the JSON tags to avoid the false impression that they control serialization.

[aldinokemal]

Suggestion: This if sessionID != "" { body["session_id"] = sessionID } pattern is repeated across 9+ webhook functions (call, delete, group, joined-group, newsletter join/leave/update/mute, receipt). Consider extracting a helper:

func buildWebhookEnvelope(sessionID, deviceID string) map[string]any {
    body := make(map[string]any)
    if deviceID != "" {
        body["device_id"] = deviceID
    }
    if sessionID != "" {
        body["session_id"] = sessionID
    }
    return body
}

This reduces duplication and ensures any future envelope changes are applied uniformly.

[kilo-code-bot]

Code Review Summary

Status: No New Issues Found | Recommendation: Merge

Review Notes

This PR adds sessionID and JID fields throughout the codebase to improve device tracking and identification. The changes are well-structured and maintain consistency across all event handlers.

Key Changes:

• Added JID field to DevicesResponse struct
• Updated all event handlers to pass both sessionID and deviceID parameters
• Added SessionID field to WebhookEvent struct
• Updated webhook payload creation to include session_id when available

Existing Comments:
There are 6 existing inline comments on this PR that address various observations about the changes. No additional issues were found during this review.

Files Reviewed (11 files)

• src/domains/app/app.go - No issues
• src/infrastructure/whatsapp/event_call.go - No new issues
• src/infrastructure/whatsapp/event_delete.go - No issues
• src/infrastructure/whatsapp/event_group.go - No issues
• src/infrastructure/whatsapp/event_handler.go - No new issues
• src/infrastructure/whatsapp/event_message.go - No new issues
• src/infrastructure/whatsapp/event_message_handler.go - No new issues
• src/infrastructure/whatsapp/event_newsletter.go - No issues
• src/infrastructure/whatsapp/event_receipt.go - No issues
• src/ui/rest/app.go - No issues
• src/usecase/app.go - No issues

[aldinokemal]

please update this PR and we can merge it

[coderabbitai]

🧹 Nitpick comments (1)

src/infrastructure/whatsapp/event_handler.go (1)

234-240: Same goroutine pattern inconsistency.

sessionID and deviceID are captured from outer scope rather than passed as arguments. For uniformity with handleWebhookForward in event_message_handler.go, consider:

♻️ Suggested refactor

-       go func(e *events.Receipt, c *whatsmeow.Client) {
+       go func(e *events.Receipt, c *whatsmeow.Client, sid, did string) {
            webhookCtx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
            defer cancel()
-           if err := forwardReceiptToWebhook(webhookCtx, e, sessionID, deviceID, c); err != nil {
+           if err := forwardReceiptToWebhook(webhookCtx, e, sid, did, c); err != nil {
                logrus.Errorf("Failed to forward ack event to webhook: %v", err)
            }
-       }(evt, client)
+       }(evt, client, sessionID, deviceID)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/infrastructure/whatsapp/event_handler.go` around lines 234 - 240, The
goroutine in event_handler.go captures sessionID and deviceID from the outer
scope; change it to accept them as explicit parameters like the pattern used in
handleWebhookForward to avoid closure capture. Update the anonymous function
signature for forwardReceiptToWebhook to include sessionID and deviceID (e.g.,
func(e *events.Receipt, c *whatsmeow.Client, sessionID string, deviceID string)
{...}) and pass sessionID and deviceID in the invocation (e.g., ...(evt, client,
sessionID, deviceID)). Keep the existing context.WithTimeout/ cancel and the
forwardReceiptToWebhook call unchanged except for using the passed-in sessionID
and deviceID.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/infrastructure/whatsapp/event_handler.go`:
- Around line 234-240: The goroutine in event_handler.go captures sessionID and
deviceID from the outer scope; change it to accept them as explicit parameters
like the pattern used in handleWebhookForward to avoid closure capture. Update
the anonymous function signature for forwardReceiptToWebhook to include
sessionID and deviceID (e.g., func(e *events.Receipt, c *whatsmeow.Client,
sessionID string, deviceID string) {...}) and pass sessionID and deviceID in the
invocation (e.g., ...(evt, client, sessionID, deviceID)). Keep the existing
context.WithTimeout/ cancel and the forwardReceiptToWebhook call unchanged
except for using the passed-in sessionID and deviceID.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 89eb8fc8-dfb0-4243-8e5c-45901584b086

📥 Commits

Reviewing files that changed from the base of the PR and between 366d02b and 1741d28.

📒 Files selected for processing (11)

• src/domains/app/app.go
• src/infrastructure/whatsapp/event_call.go
• src/infrastructure/whatsapp/event_delete.go
• src/infrastructure/whatsapp/event_group.go
• src/infrastructure/whatsapp/event_handler.go
• src/infrastructure/whatsapp/event_message.go
• src/infrastructure/whatsapp/event_message_handler.go
• src/infrastructure/whatsapp/event_newsletter.go
• src/infrastructure/whatsapp/event_receipt.go
• src/ui/rest/app.go
• src/usecase/app.go

✅ Files skipped from review due to trivial changes (3)

• src/domains/app/app.go
• src/ui/rest/app.go
• src/infrastructure/whatsapp/event_newsletter.go

🚧 Files skipped from review as they are similar to previous changes (5)

• src/infrastructure/whatsapp/event_receipt.go
• src/infrastructure/whatsapp/event_delete.go
• src/infrastructure/whatsapp/event_message.go
• src/infrastructure/whatsapp/event_call.go
• src/infrastructure/whatsapp/event_group.go