chore: bump baileys to 7.0.0-rc10 + tsx 4.21 with whatsapp-rust-bridge patch

[DavidsonGomes]

Summary

• Bumps baileys from 7.0.0-rc.9 to 7.0.0-rc10 and tsx from ^4.20.5 to ^4.21.0.
• Adds a pnpm patch for whatsapp-rust-bridge@0.5.3 that adds main, require, and default to the exports field so the package can be resolved from CJS projects (this repo has no "type": "module").
• Migrates lockfile management to pnpm (deletes package-lock.json, adds pnpm-workspace.yaml so the patch is picked up).

Why

Running npm run dev:server on develop was failing with:

ERR_PACKAGE_PATH_NOT_EXPORTED: No "exports" main defined in node_modules/whatsapp-rust-bridge/package.json

The bridge (a transitive dependency pulled in by baileys rc10) only declares exports.import + exports.types, with no require/default. Because evolution-api is a CJS project, both Node and tsx resolve through the CJS loader and fail.

The patch adds the missing fields without changing runtime behavior — the same dist/index.js is served for every condition.

Test plan

• pnpm install applies the patch cleanly
• pnpm run dev:server boots the API on port 8080 and connects to WhatsApp
• CI green
• Verify other devs can install with pnpm and run dev:server

Notes for reviewers

• Lockfile switched from npm to pnpm. If the team prefers staying on npm, this PR would need to revert the lockfile change and find another resolution mechanism (npm doesn't have a built-in patch system).
• Upstream fix should be requested at https://github.com/jlucaso1/whatsapp-rust-bridge — the exports field is missing default.

Summary by Sourcery

Upgrade Baileys and tsx dependencies and introduce a pnpm-based patch to fix whatsapp-rust-bridge resolution in this CJS project.

Bug Fixes:

• Ensure whatsapp-rust-bridge can be resolved correctly from CommonJS by patching its package exports via pnpm.

Enhancements:

• Upgrade baileys to 7.0.0-rc10 and tsx to 4.21.0 for compatibility and tooling updates.
• Adopt pnpm workspace configuration to manage patches and lockfile instead of npm.

Build:

• Remove npm lockfile in favor of pnpm workspace and patch configuration for dependency management.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Bumps baileys and tsx, introduces a pnpm-based patch for whatsapp-rust-bridge to fix CJS resolution, and migrates lockfile management from npm to pnpm so the patch mechanism works.

Sequence diagram for dev:server startup with whatsapp-rust-bridge CJS export patch

sequenceDiagram
    actor Developer
    participant DevServer as dev_server_script
    participant tsxRunner as tsx
    participant NodeLoader as node_cjs_loader
    participant Baileys as baileys_module
    participant Bridge as whatsapp_rust_bridge

    Developer->>DevServer: run dev:server
    DevServer->>tsxRunner: start tsx with entrypoint
    tsxRunner->>NodeLoader: resolve baileys
    NodeLoader->>Baileys: load module
    Baileys->>NodeLoader: require whatsapp_rust_bridge

    alt Without_pnpm_patch
        NodeLoader->>Bridge: read package_json exports
        NodeLoader-->>Developer: ERR_PACKAGE_PATH_NOT_EXPORTED
    else With_pnpm_patch
        NodeLoader->>Bridge: read patched exports (main, require, default)
        NodeLoader->>Bridge: load dist/index_js
        Bridge-->>Baileys: module loaded
        Baileys-->>DevServer: WhatsApp connection established
        DevServer-->>Developer: API running on port 8080
    end

Loading

File-Level Changes

Change	Details	Files
Upgrade baileys and tsx versions to pick up newer WhatsApp bridge and tooling.	Update baileys from 7.0.0-rc.9 to 7.0.0-rc10 in dependencies. Update tsx from ^4.20.5 to ^4.21.0 in devDependencies. Minor reordering of fetch-socks in the dependency list with no functional impact.	package.json
Adopt pnpm patch mechanism to fix whatsapp-rust-bridge exports for CJS consumers.	Add pnpm-workspace.yaml to declare a patched dependency for whatsapp-rust-bridge@0.5.3 pointing to a local patch file. Add a patch file under patches/whatsapp-rust-bridge@0.5.3.patch that augments the package exports to include main, require, and default entries so CJS resolution works.	pnpm-workspace.yaml patches/whatsapp-rust-bridge@0.5.3.patch
Switch lockfile management from npm to pnpm.	Remove npm-generated package-lock.json to avoid conflicting lockfile management and rely on pnpm’s lockfile instead (expected to be pnpm-lock.yaml, not shown in snippet).	package-lock.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 2 issues, and left some high level feedback:

• Since this repo is now effectively standardized on pnpm (lockfile + patchedDependencies), consider adding a packageManager field in package.json (and/or an .npmrc that errors on npm install) to prevent contributors from accidentally reintroducing npm/yarn lockfiles and bypassing the patch.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Since this repo is now effectively standardized on pnpm (lockfile + patchedDependencies), consider adding a `packageManager` field in package.json (and/or an `.npmrc` that errors on `npm install`) to prevent contributors from accidentally reintroducing npm/yarn lockfiles and bypassing the patch.

## Individual Comments

### Comment 1
<location path="pnpm-workspace.yaml" line_range="1-2" />
<code_context>
+patchedDependencies:
+  whatsapp-rust-bridge@0.5.3: patches/whatsapp-rust-bridge@0.5.3.patch
</code_context>
<issue_to_address>
**suggestion:** Consider moving `patchedDependencies` into `package.json`'s `pnpm` config instead of introducing a workspace file.

If you don’t need pnpm workspaces and only want this patch, you can put `patchedDependencies` under a `pnpm` key in `package.json`. This keeps package-manager config centralized and avoids implying the repo is a multi-package workspace.

Suggested implementation:

```

```

Move the patch configuration into `package.json` under the `pnpm` key. For example:

```jsonc
{
  // ...
  "pnpm": {
    "patchedDependencies": {
      "whatsapp-rust-bridge@0.5.3": "patches/whatsapp-rust-bridge@0.5.3.patch"
    }
  }
}
```

If the repo does not actually use pnpm workspaces, you can now delete `pnpm-workspace.yaml` entirely from version control.
</issue_to_address>

### Comment 2
<location path="package.json" line_range="157" />
<code_context>
     "prettier": "^3.4.2",
     "tsconfig-paths": "^4.2.0",
-    "tsx": "^4.20.5",
+    "tsx": "^4.21.0",
     "typescript": "^5.7.2"
   }
</code_context>
<issue_to_address>
**suggestion:** Declare the package manager in `package.json` now that you're moving away from `package-lock.json`.

With `package-lock.json` removed and `pnpm-workspace.yaml` added, please add a `"packageManager": "pnpm@<version>"` field in `package.json` so contributors consistently use pnpm instead of npm or yarn.

Suggested implementation:

```
    "tsx": "^4.21.0",
    "typescript": "^5.7.2"
  },
  "packageManager": "pnpm@9.15.0"
}

```

If your project standardizes on a different pnpm version, replace `9.15.0` with that exact version (e.g. the one used in CI or documented in CONTRIBUTING.md) to keep local development and automation in sync.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion: Consider moving patchedDependencies into package.json's pnpm config instead of introducing a workspace file.

If you don’t need pnpm workspaces and only want this patch, you can put patchedDependencies under a pnpm key in package.json. This keeps package-manager config centralized and avoids implying the repo is a multi-package workspace.

Suggested implementation:

Move the patch configuration into package.json under the pnpm key. For example:

{
  // ...
  "pnpm": {
    "patchedDependencies": {
      "whatsapp-rust-bridge@0.5.3": "patches/whatsapp-rust-bridge@0.5.3.patch"
    }
  }
}

If the repo does not actually use pnpm workspaces, you can now delete pnpm-workspace.yaml entirely from version control.

[sourcery-ai]

suggestion: Declare the package manager in package.json now that you're moving away from package-lock.json.

With package-lock.json removed and pnpm-workspace.yaml added, please add a "packageManager": "pnpm@<version>" field in package.json so contributors consistently use pnpm instead of npm or yarn.

Suggested implementation:

    "tsx": "^4.21.0",
    "typescript": "^5.7.2"
  },
  "packageManager": "pnpm@9.15.0"
}

If your project standardizes on a different pnpm version, replace 9.15.0 with that exact version (e.g. the one used in CI or documented in CONTRIBUTING.md) to keep local development and automation in sync.