fix(webhook+worker): restore gateway forwarding and fix token decryption

1. Gateway architecture restored (whatsapp.ts)
- When RAILWAY_INTERNAL_URL is set (HF Space), forward raw payload to
Railway worker bridge instead of adding directly to Redis.
- Original architecture: HF → Railway bridge → Redis → Worker.
- Root cause of INSCRIPTION silence: direct Redis queue from HF Space
was failing because Redis connection doesn't work from HF containers.

2. MessageHandler: decrypt systemUserToken before use
- Was reading org.systemUserToken raw (AES-encrypted) from prisma,
sending encrypted string to Meta → auth failure.
- Now uses getCachedOrganization() which calls decryptOrgSecrets().

3. AdminHandler: eliminate double DB query + empty enrollmentId
- Was calling prisma.enrollment.findFirst() twice for same record.
- Validates enrollment exists before proceeding; adds mediaUrl to Response.

4. CommandHandler: route MENU_HISTORIQUE through queue
- Direct sendInteractiveListMessage() call bypassed tenant config.
- Now uses whatsappQueue.add('send-interactive-list', ...) with organizationId.

5. ExerciseHandler: add missing organizationId + queue retention config
- Added organizationId to send-message queue calls.
- Added removeOnComplete/removeOnFail to generate-feedback job.

6. organization.ts (worker): include phoneNumbers in getCachedOrganization
- MessageHandler needs phoneNumbers[0].id for phoneNumberId lookup.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

apps/api/src/routes/whatsapp.ts

@@ -118,7 +118,32 @@ export async function whatsappRoutes(fastify: FastifyInstance) {
 
                 const org = await prisma.organization.findUnique({ where: { id: organizationId } });
 
-                // 🏢 WEBHOOK MODE — forward raw payload
+                // 🚀 GATEWAY MODE — forward raw payload to Railway worker bridge
+                // When RAILWAY_INTERNAL_URL is set (HF Space deployment), we never touch Redis
+                // directly — the worker bridge on Railway owns all queue operations.
+                const railwayUrl = process.env.RAILWAY_INTERNAL_URL;
+                if (railwayUrl) {
+                    reply.code(200).send('EVENT_RECEIVED');
+                    setImmediate(async () => {
+                        try {
+                            const res = await fetch(`${railwayUrl}/v1/internal/whatsapp/inbound`, {
+                                method: 'POST',
+                                headers: {
+                                    'Content-Type': 'application/json',
+                                    'Authorization': `Bearer ${process.env.ADMIN_API_KEY}`,
+                                    'x-organization-id': organizationId
+                                },
+                                body: JSON.stringify(request.body)
+                            });
+                            logger.info({ status: res.status, organizationId, phoneNumberId }, '[WHATSAPP-GATEWAY] Forwarded to Railway worker');
+                        } catch (err) {
+                            logger.error({ err, organizationId }, '[WHATSAPP-GATEWAY] Forward to Railway failed');
+                        }
+                    });
+                    return;
+                }
+
+                // 🏢 WEBHOOK MODE — forward raw payload (standalone/Railway mode)
                 if (org?.mode === 'WEBHOOK' && org.webhookUrl) {
                     logger.info({ orgId: organizationId }, '[WHATSAPP-WEBHOOK] WEBHOOK mode — forwarding');
                     await whatsappQueue.add('send-webhook', {
@@ -129,12 +154,11 @@ export async function whatsappRoutes(fastify: FastifyInstance) {
                     return reply.code(200).send('EVENT_RECEIVED');
                 }
 
-                // 🤖 ASYNC PROCESSING — respond 200 first, enqueue after (Async-First rule)
+                // 🤖 STANDALONE MODE — respond 200 first, enqueue after (Railway-only, no gateway)
                 reply.code(200).send('EVENT_RECEIVED');
 
                 setImmediate(async () => {
                     try {
-                        // extractWhatsAppPayload handles text, interactive (button_reply, list_reply), audio, image
                         const extracted = extractWhatsAppPayload(request.body);
                         for (const msg of extracted) {
                             if (msg.text !== undefined) {

apps/whatsapp-worker/src/handlers/AdminHandler.ts

@@ -3,76 +3,57 @@ import Redis from 'ioredis';
 import { JobHandler, JobData } from './types';
 import { prisma } from '../services/prisma';
 import { logger } from '../logger';
+import { getCachedOrganization } from '../services/organization';
 import { sendTextMessage } from '../whatsapp-cloud';
 
-interface TenantConfig {
-    accessToken: string;
-    phoneNumberId: string;
-}
-
 export class AdminHandler implements JobHandler {
-    private async getTenantConfig(organizationId: string, connection: Redis): Promise<TenantConfig | undefined> {
-        const cacheKey = `org:config:${organizationId}`;
-        try {
-            const cached = await connection.get(cacheKey);
-            if (cached) return JSON.parse(cached);
-        } catch (err) {
-            logger.warn({ err, organizationId }, '[AdminHandler] Redis cache lookup failed');
-        }
-
-        const org = await prisma.organization.findUnique({
-            where: { id: organizationId },
-            include: { phoneNumbers: true }
-        });
-        
-        if (!org || !org.systemUserToken || !org.phoneNumbers?.[0]?.id) return undefined;
-
-        const config = {
-            accessToken: org.systemUserToken,
-            phoneNumberId: org.phoneNumbers[0].id
-        };
-        await connection.set(cacheKey, JSON.stringify(config), 'EX', 3600);
-        return config;
-    }
-
     async handle(job: Job<JobData>, connection: Redis): Promise<void> {
         const { userId, trackId, overrideAudioUrl, adminId, organizationId } = job.data;
-        if (!userId || !overrideAudioUrl) return;
-
-        const user = await prisma.user.findUnique({ where: { id: userId } });
-        const tenantConfig = await this.getTenantConfig(organizationId || '', connection);
+        if (!userId || !overrideAudioUrl || !organizationId) return;
 
-        if (user?.phone) {
-            const { sendAudioMessage } = await import('../whatsapp-cloud');
-            await sendAudioMessage(user.phone, overrideAudioUrl, tenantConfig);
+        const [user, enrollment] = await Promise.all([
+            prisma.user.findUnique({ where: { id: userId } }),
+            prisma.enrollment.findFirst({ where: { userId, trackId, status: 'ACTIVE' } })
+        ]);
 
-            await sendTextMessage(user.phone,
-                user.language === 'WOLOF'
-                    ? "Baax na ! Yónnee *SUITE* ngir dem ci kanam."
-                    : "Bravo ! Envoyez *SUITE* pour passer à la leçon suivante.",
-                tenantConfig
-            );
+        const org = await getCachedOrganization(organizationId);
+        const tenantConfig = (org?.systemUserToken && org.phoneNumbers?.[0]?.id)
+            ? { accessToken: org.systemUserToken, phoneNumberId: org.phoneNumbers[0].id }
+            : undefined;
 
-            await prisma.response.create({
-                data: {
-                    userId: userId,
-                    enrollmentId: (await prisma.enrollment.findFirst({ where: { userId, trackId, status: 'ACTIVE' } }))?.id || '',
-                    dayNumber: (await prisma.enrollment.findFirst({ where: { userId, trackId, status: 'ACTIVE' } }))?.currentDay || 0,
-                    content: `[AUDIO_OVERRIDE] ${overrideAudioUrl}`,
-                    aiSource: `ADMIN_OVERRIDE:${adminId || 'unknown'}`,
-                    organizationId: organizationId || user.organizationId
-                }
-            });
+        if (!user?.phone) {
+            logger.warn({ userId }, '[ADMIN] User has no phone — skipping');
+            return;
+        }
 
-            const enrollment = await prisma.enrollment.findFirst({
-                where: { userId, trackId, status: 'ACTIVE' }
-            });
+        if (!enrollment) {
+            logger.warn({ userId, trackId }, '[ADMIN] No active enrollment — skipping');
+            return;
+        }
 
-            if (enrollment) {
-                const nextDay = Math.floor(enrollment.currentDay) + 1;
-                const q = new Queue('whatsapp-queue', { connection });
-                await q.add('send-content', { userId, trackId, dayNumber: nextDay, organizationId }, { delay: 2000 });
+        const { sendAudioMessage } = await import('../whatsapp-cloud');
+        await sendAudioMessage(user.phone, overrideAudioUrl, tenantConfig);
+        await sendTextMessage(user.phone,
+            user.language === 'WOLOF'
+                ? "Baax na ! Yónnee *SUITE* ngir dem ci kanam."
+                : "Bravo ! Envoyez *SUITE* pour passer à la leçon suivante.",
+            tenantConfig
+        );
+
+        await prisma.response.create({
+            data: {
+                userId,
+                enrollmentId: enrollment.id,
+                dayNumber: Math.floor(enrollment.currentDay),
+                content: `[AUDIO_OVERRIDE] ${overrideAudioUrl}`,
+                mediaUrl: overrideAudioUrl,
+                aiSource: `ADMIN_OVERRIDE:${adminId || 'unknown'}`,
+                organizationId
             }
-        }
+        });
+
+        const nextDay = Math.floor(enrollment.currentDay) + 1;
+        const q = new Queue('whatsapp-queue', { connection });
+        await q.add('send-content', { userId, trackId, dayNumber: nextDay, organizationId }, { delay: 2000 });
     }
 }

apps/whatsapp-worker/src/handlers/CommandHandler.ts

@@ -70,17 +70,14 @@ export class CommandHandler implements MessageHandler {
 
             const limitedRows = rows.slice(-10);
 
-            const { sendInteractiveListMessage } = await import('../whatsapp-cloud');
-            await sendInteractiveListMessage(
-                user.phone || '',
-                t('history_menu_title'),
-                t('history_menu_body'),
-                t('history_menu_button'),
-                [{
-                    title: t('history_section_title'),
-                    rows: limitedRows
-                }]
-            );
+            await whatsappQueue.add('send-interactive-list', {
+                userId: user.id,
+                headerText: t('history_menu_title'),
+                bodyText: t('history_menu_body'),
+                buttonLabel: t('history_menu_button'),
+                sections: [{ title: t('history_section_title'), rows: limitedRows }],
+                organizationId: ctx.organizationId
+            });
             return true;
         }
 

apps/whatsapp-worker/src/handlers/ExerciseHandler.ts

@@ -67,14 +67,14 @@ export class ExerciseHandler implements MessageHandler {
                 const reminder = user.language === 'WOLOF'
                     ? "Mat nga bés bi ba pare ! ✨\nBindal *2* wala *SUITE* ngir dem ci bés bi ci kanam."
                     : "Tu as déjà validé cette étape ! ✨\nEnvoie *2* ou *SUITE* pour passer à la suite.";
-                await whatsappQueue.add('send-message', { userId: user.id, text: reminder });
+                await whatsappQueue.add('send-message', { userId: user.id, text: reminder, organizationId: ctx.organizationId });
                 return true;
             }
             return false;
         }
 
-        const trackDay = await prisma.trackDay.findFirst({ 
-            where: { trackId: activeEnrollment.trackId, dayNumber: effectiveDay } 
+        const trackDay = await prisma.trackDay.findFirst({
+            where: { trackId: activeEnrollment.trackId, dayNumber: effectiveDay }
         });
 
         if (!trackDay) {
@@ -84,7 +84,7 @@ export class ExerciseHandler implements MessageHandler {
 
         const isDeepDiveAction = pendingProgress.exerciseStatus === 'PENDING_DEEPDIVE';
         const wordCount = (text || '').trim().split(/\s+/).length;
-        
+
         // Bypasses (Button, Special, Vision)
         let isButtonChoice = false;
         const buttons = trackDay.buttonsJson as { id?: string; title?: string }[] | null;
@@ -102,11 +102,11 @@ export class ExerciseHandler implements MessageHandler {
 
         if (wordCount < minWordCount) {
              const msg = user.language === 'WOLOF' ? "Tontu bi gatt na..." : "Ta réponse est un peu courte.";
-             await whatsappQueue.add('send-message', { userId: user.id, text: msg });
+             await whatsappQueue.add('send-message', { userId: user.id, text: msg, organizationId: ctx.organizationId });
              return true;
         }
 
-        await whatsappQueue.add('send-message', { userId: user.id, text: user.language === 'WOLOF' ? "⏳ Defar ak sa tontu..." : "⏳ Analyse de votre réponse..." });
+        await whatsappQueue.add('send-message', { userId: user.id, text: user.language === 'WOLOF' ? "⏳ Defar ak sa tontu..." : "⏳ Analyse de votre réponse...", organizationId: ctx.organizationId });
 
         let currentIterationCount = pendingProgress.iterationCount || 0;
         if (isDeepDiveAction) {
@@ -134,7 +134,7 @@ export class ExerciseHandler implements MessageHandler {
             isTimeTravelMode,
             realCurrentDay: activeEnrollment.currentDay,
             organizationId: ctx.organizationId
-        }, { attempts: 3, backoff: { type: 'exponential', delay: 2000 } });
+        }, { attempts: 3, backoff: { type: 'exponential', delay: 2000 }, removeOnComplete: true, removeOnFail: false });
 
         return true;
     }

apps/whatsapp-worker/src/handlers/MessageHandler.ts

@@ -3,6 +3,7 @@ import Redis from 'ioredis';
 import { JobHandler, JobData } from './types';
 import { prisma } from '../services/prisma';
 import { logger } from '../logger';
+import { getCachedOrganization } from '../services/organization';
 import { sendTextMessage, sendImageMessage, sendInteractiveButtonMessage, sendInteractiveListMessage } from '../whatsapp-cloud';
 
 interface TenantConfig {
@@ -11,28 +12,15 @@ interface TenantConfig {
 }
 
 export class MessageHandler implements JobHandler {
-    private async getTenantConfig(organizationId: string, connection: Redis): Promise<TenantConfig | undefined> {
-        const cacheKey = `org:config:${organizationId}`;
-        try {
-            const cached = await connection.get(cacheKey);
-            if (cached) return JSON.parse(cached);
-        } catch (err) {
-            logger.warn({ err, organizationId }, '[MessageHandler] Redis cache lookup failed');
-        }
-
-        const org = await prisma.organization.findUnique({
-            where: { id: organizationId },
-            include: { phoneNumbers: true }
-        });
-        
+    private async getTenantConfig(organizationId: string, _connection: Redis): Promise<TenantConfig | undefined> {
+        // getCachedOrganization decrypts systemUserToken before returning
+        const org = await getCachedOrganization(organizationId);
         if (!org || !org.systemUserToken || !org.phoneNumbers?.[0]?.id) return undefined;
 
-        const config = {
+        return {
             accessToken: org.systemUserToken,
             phoneNumberId: org.phoneNumbers[0].id
         };
-        await connection.set(cacheKey, JSON.stringify(config), 'EX', 3600);
-        return config;
     }
 
     async handle(job: Job<JobData>, connection: Redis): Promise<void> {

apps/whatsapp-worker/src/services/organization.ts

@@ -62,7 +62,8 @@ export async function getCachedOrganization(id: string) {
 
     // 3. DB Lookup
     const org = await prisma.organization.findUnique({
-        where: { id }
+        where: { id },
+        include: { phoneNumbers: true }
     });
 
     if (org) {