Overview

Architecture

Two-component architecture: a Go WhatsApp bridge communicating with a Tauri desktop app written entirely in Rust.

High-Level Diagram

┌──────────────────────────────────────────────────────────┐ │ Whatszara │ ├──────────────────────────────────────────────────────────┤ │ │ │ ┌──────────────────┐ ┌──────────────────────────┐ │ │ │ WhatsApp Layer │ │ Tauri Desktop App │ │ │ │ (Go Bridge) │────▶│ │ │ │ │ - whatsmeow │ │ ┌──────────────────┐ │ │ │ │ - SQLite store │ │ │ LLM Providers │ │ │ │ │ - REST API :8080 │ │ │ - Ollama (local) │ │ │ │ └────────┬──────────┘ │ │ - Claude/Groq │ │ │ │ │ │ │ - Grok/Gemini │ │ │ │ │ │ └──────────────────┘ │ │ │ │ │ │ │ │ │ │ ┌──────────────────┐ │ │ │ ┌────────▼─────────┐ │ │ Policy Engine │ │ │ │ │ SQLite (msgs) │◀────│ │ - 3 risk tiers │ │ │ │ │ (Rust reads) │ │ │ - Per-tool perms │ │ │ │ └──────────────────┘ │ │ - Allowlist │ │ │ │ │ │ - Contact modes │ │ │ │ │ └──────────────────┘ │ │ │ │ │ │ │ │ ┌──────────────────┐ │ │ │ │ │ Action Engine │ │ │ │ │ │ - Shell/Apps │ │ │ │ │ │ - Volume/Media │ │ │ │ │ │ - File Scanner │ │ │ │ │ │ - Undo Journal │ │ │ │ │ └──────────────────┘ │ │ │ └──────────────────────────┘ │ └──────────────────────────────────────────────────────────┘

Go Bridge (WhatsApp Layer)

The Go bridge uses whatsmeow, a Go library for WhatsApp Web multidevice API.

  • • Maintains WebSocket connection to WhatsApp
  • • Handles QR code authentication
  • • Stores messages in SQLite database (messages.db)
  • • Stores session/auth data in whatsapp.db
  • • Exposes REST API on port 8080
  • • The original whatsapp-mcp bridge — used with minor modifications

Tauri Desktop App (Rust)

The desktop app is built with Tauri v2 and contains all core logic in Rust:

LLM Providers

6 providers with unified chat interface. Live model list fetching for Ollama.

Policy Engine

Propose → Evaluate → Execute. Per-tool permissions, allowlist, contact modes.

Action Engine

Structured action types with platform-specific executors. Shell disabled by default.

Undo Journal

Every action logged with reverse action. Undo with a single command.

Permanent Authentication (macOS Keychain)

WhatsApp session persistence uses the macOS/iCloud Keychain via the security CLI tool:

On Connect

When the bridge first reports connected status, the whatsapp.db session file is read, base64-encoded, and stored as a generic password in the Keychain via security add-generic-password.

On Startup

Before starting the Go bridge, the app checks the Keychain for a saved session. If found, it decodes and writes the session file to store/whatsapp.db, restoring the previous authenticated state without requiring a QR scan.

iCloud Sync

The security CLI automatically syncs generic passwords across devices via iCloud Keychain, enabling session portability.

Logout

The Dashboard shows a "Logout & Disconnect" button when connected. Clicking it kills the bridge process, deletes the Keychain entry via security delete-generic-password, removes the session file, and clears the QR state — requiring a fresh QR scan on next launch.

Data Flow

1
Message arrives — WhatsApp bridge receives message, stores in SQLite
2
Contact mode check — Policy engine checks if sender is allowed and what mode (Assistant/Chat/Summarize/Blocked)
3
LLM processes — Message sent to active LLM provider for interpretation
4
Action proposed — LLM proposes an action → Policy engine evaluates → If approved, action executes
5
Result recorded — Action and reverse action logged in undo journal. Result sent back via WhatsApp