fix(api): validate WhatsApp credentials at runtime instead of non-null assertions

ChmaraX · ChmaraX · commit 3c2889115c9d · 2026-04-16T16:52:41.000+03:00
The credential fields (appSecret, verifyToken) are intentionally optional
in the shared config since existing outbound-only integrations don't need
them. Add an explicit guard in buildAdapters() that throws a clear error
when the agent adapter is created without the required fields.

Made-with: Cursor
diff --git a/apps/api/src/app/agents/services/chat-sdk.service.ts b/apps/api/src/app/agents/services/chat-sdk.service.ts
@@ -245,14 +245,20 @@ export class ChatSdkService implements OnModuleDestroy {
         };
       }
       case AgentPlatformEnum.WHATSAPP: {
+        if (!credentials.apiToken || !credentials.secretKey || !credentials.token || !credentials.phoneNumberIdentification) {
+          throw new BadRequestException(
+            'WhatsApp agent integration requires accessToken, appSecret, verifyToken, and phoneNumberId credentials'
+          );
+        }
+
         const { createWhatsAppAdapter } = await esmImport('@chat-adapter/whatsapp');
 
         return {
           whatsapp: createWhatsAppAdapter({
-            accessToken: credentials.apiToken!,
-            appSecret: credentials.secretKey!,
-            verifyToken: credentials.token!,
-            phoneNumberId: credentials.phoneNumberIdentification!,
+            accessToken: credentials.apiToken,
+            appSecret: credentials.secretKey,
+            verifyToken: credentials.token,
+            phoneNumberId: credentials.phoneNumberIdentification,
           }),
         };
       }
