fix(auto-reply): prevent sender spoofing in group prompts

2026-05-11 05:44:33 +00:00 · 2026-02-10 00:35:56 -06:00
parent 8ff1618bfc
commit 53273b490b
42 changed files with 405 additions and 243 deletions
--- a/src/auto-reply/reply.raw-body.test.ts
+++ b/src/auto-reply/reply.raw-body.test.ts
@@ -199,18 +199,16 @@ describe("RawBody directive parsing", () => {
      });

      const groupMessageCtx = {
-        Body: [
-          "[Chat messages since your last reply - for context]",
-          "[WhatsApp ...] Peter: hello",
-          "",
-          "[Current message - respond to this]",
-          "[WhatsApp ...] Jake: /think:high status please",
-          "[from: Jake McInteer (+6421807830)]",
-        ].join("\n"),
+        Body: "/think:high status please",
+        BodyForAgent: "/think:high status please",
        RawBody: "/think:high status please",
+        InboundHistory: [{ sender: "Peter", body: "hello", timestamp: 1700000000000 }],
        From: "+1222",
        To: "+1222",
        ChatType: "group",
+        GroupSubject: "Ops",
+        SenderName: "Jake McInteer",
+        SenderE164: "+6421807830",
        CommandAuthorized: true,
      };

@@ -233,8 +231,9 @@ describe("RawBody directive parsing", () => {
      expect(text).toBe("ok");
      expect(runEmbeddedPiAgent).toHaveBeenCalledOnce();
      const prompt = vi.mocked(runEmbeddedPiAgent).mock.calls[0]?.[0]?.prompt ?? "";
-      expect(prompt).toContain("[Chat messages since your last reply - for context]");
-      expect(prompt).toContain("Peter: hello");
+      expect(prompt).toContain("Chat history since last reply (untrusted, for context):");
+      expect(prompt).toContain('"sender": "Peter"');
+      expect(prompt).toContain('"body": "hello"');
      expect(prompt).toContain("status please");
      expect(prompt).not.toContain("/think:high");
    });