fix(auto-reply): prevent sender spoofing in group prompts

2026-05-08 13:01:25 +00:00 · 2026-02-10 00:35:56 -06:00
parent 8ff1618bfc
commit 53273b490b
42 changed files with 405 additions and 243 deletions
--- a/src/discord/monitor/message-handler.process.ts
+++ b/src/discord/monitor/message-handler.process.ts
@@ -4,11 +4,7 @@ import type { DiscordMessagePreflightContext } from "./message-handler.preflight
 import { resolveAckReaction, resolveHumanDelayConfig } from "../../agents/identity.js";
 import { resolveChunkMode } from "../../auto-reply/chunk.js";
 import { dispatchInboundMessage } from "../../auto-reply/dispatch.js";
-import {
-  formatInboundEnvelope,
-  formatThreadStarterEnvelope,
-  resolveEnvelopeFormatOptions,
-} from "../../auto-reply/envelope.js";
+import { formatInboundEnvelope, resolveEnvelopeFormatOptions } from "../../auto-reply/envelope.js";
 import {
  buildPendingHistoryContextFromMap,
  clearHistoryEntriesIfEnabled,
@@ -200,12 +196,7 @@ export async function processDiscordMessage(ctx: DiscordMessagePreflightContext)
        }),
    });
  }
-  const replyContext = resolveReplyContext(message, resolveDiscordMessageText, {
-    envelope: envelopeOptions,
-  });
-  if (replyContext) {
-    combinedBody = `[Replied message - for context]\n${replyContext}\n\n${combinedBody}`;
-  }
+  const replyContext = resolveReplyContext(message, resolveDiscordMessageText);
  if (forumContextLine) {
    combinedBody = `${combinedBody}\n${forumContextLine}`;
  }
@@ -224,14 +215,8 @@ export async function processDiscordMessage(ctx: DiscordMessagePreflightContext)
        resolveTimestampMs,
      });
      if (starter?.text) {
-        const starterEnvelope = formatThreadStarterEnvelope({
-          channel: "Discord",
-          author: starter.author,
-          timestamp: starter.timestamp,
-          body: starter.text,
-          envelope: envelopeOptions,
-        });
-        threadStarterBody = starterEnvelope;
+        // Keep thread starter as raw text; metadata is provided out-of-band in the system prompt.
+        threadStarterBody = starter.text;
      }
    }
    const parentName = threadParentName ?? "parent";
@@ -279,8 +264,19 @@ export async function processDiscordMessage(ctx: DiscordMessagePreflightContext)
    return;
  }

+  const inboundHistory =
+    shouldIncludeChannelHistory && historyLimit > 0
+      ? (guildHistories.get(message.channelId) ?? []).map((entry) => ({
+          sender: entry.sender,
+          body: entry.body,
+          timestamp: entry.timestamp,
+        }))
+      : undefined;
+
  const ctxPayload = finalizeInboundContext({
    Body: combinedBody,
+    BodyForAgent: baseText ?? text,
+    InboundHistory: inboundHistory,
    RawBody: baseText,
    CommandBody: baseText,
    From: effectiveFrom,
@@ -303,6 +299,9 @@ export async function processDiscordMessage(ctx: DiscordMessagePreflightContext)
    Surface: "discord" as const,
    WasMentioned: effectiveWasMentioned,
    MessageSid: message.id,
+    ReplyToId: replyContext?.id,
+    ReplyToBody: replyContext?.body,
+    ReplyToSender: replyContext?.sender,
    ParentSessionKey: autoThreadContext?.ParentSessionKey ?? threadKeys.parentSessionKey,
    ThreadStarterBody: threadStarterBody,
    ThreadLabel: threadLabel,
--- a/src/discord/monitor/native-command.ts
+++ b/src/discord/monitor/native-command.ts
@@ -749,6 +749,7 @@ async function dispatchDiscordCommandInteraction(params: {
  });
  const ctxPayload = finalizeInboundContext({
    Body: prompt,
+    BodyForAgent: prompt,
    RawBody: prompt,
    CommandBody: prompt,
    CommandArgs: commandArgs,
--- a/src/discord/monitor/reply-context.ts
+++ b/src/discord/monitor/reply-context.ts
@@ -1,13 +1,19 @@
 import type { Guild, Message, User } from "@buape/carbon";
-import { formatAgentEnvelope, type EnvelopeFormatOptions } from "../../auto-reply/envelope.js";
 import { resolveTimestampMs } from "./format.js";
 import { resolveDiscordSenderIdentity } from "./sender-identity.js";

+export type DiscordReplyContext = {
+  id: string;
+  channelId: string;
+  sender: string;
+  body: string;
+  timestamp?: number;
+};
+
 export function resolveReplyContext(
  message: Message,
  resolveDiscordMessageText: (message: Message, options?: { includeForwarded?: boolean }) => string,
-  options?: { envelope?: EnvelopeFormatOptions },
-): string | null {
+): DiscordReplyContext | null {
  const referenced = message.referencedMessage;
  if (!referenced?.author) {
    return null;
@@ -22,15 +28,13 @@ export function resolveReplyContext(
    author: referenced.author,
    pluralkitInfo: null,
  });
-  const fromLabel = referenced.author ? buildDirectLabel(referenced.author, sender.tag) : "Unknown";
-  const body = `${referencedText}\n[discord message id: ${referenced.id} channel: ${referenced.channelId} from: ${sender.tag ?? sender.label} user id:${sender.id}]`;
-  return formatAgentEnvelope({
-    channel: "Discord",
-    from: fromLabel,
+  return {
+    id: referenced.id,
+    channelId: referenced.channelId,
+    sender: sender.tag ?? sender.label ?? "unknown",
+    body: referencedText,
    timestamp: resolveTimestampMs(referenced.timestamp),
-    body,
-    envelope: options?.envelope,
-  });
+  };
 }

 export function buildDirectLabel(author: User, tagOverride?: string) {