github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-19 06:37:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(ui): strip injected inbound metadata from user messages in history (#22142)

Browse Source 
* fix(ui): strip injected inbound metadata from user messages in history

Fixes #21106
Fixes #21109
Fixes #22116

OpenClaw prepends structured metadata blocks ("Conversation info",
"Sender:", reply-context) to user messages before sending them to the
LLM. These blocks are intentionally AI-context-only and must never reach
the chat history that users see.

Root cause:
`buildInboundUserContextPrefix` in `inbound-meta.ts` prepends the
blocks directly to the stored user message content string, so they are
persisted verbatim and later shown in webchat, TUI, and every other
rendering surface.

Fix:
• `src/auto-reply/reply/strip-inbound-meta.ts` — new utility with a
  6-sentinel fast-path strip (zero-alloc on miss) + 9-test suite.
• `src/tui/tui-session-actions.ts` — wraps `chatLog.addUser(...)` with
  `stripInboundMetadata()` so the TUI never stores the prefix.
• `ui/src/ui/chat/message-normalizer.ts` — strips user-role text content
  items during normalisation so webchat renders clean messages.

* fix(ui): strip inbound metadata for user messages in display path

* test: fix discord component send test spread typing

* fix: strip inbound metadata from mac chat history decode

* fix: align Swift metadata stripping parser with TS implementation

* fix: normalize line endings in inbound metadata stripper

* chore: document Swift/TS metadata-sentinel ownership

* chore: update changelog for inbound metadata strip fix

* changelog: credit Mellowambience for 22142

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
This commit is contained in:
Mars
2026-02-20 20:35:13 -05:00
committed by GitHub
parent f555835b09
commit a4e7e952e1
11 changed files with 420 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
apps/shared/OpenClawKit/Sources/OpenClawChatUI/ChatMarkdownPreprocessor.swift
View File

@@ -1,6 +1,9 @@
import Foundation
enum ChatMarkdownPreprocessor {
// Keep in sync with `src/auto-reply/reply/strip-inbound-meta.ts`
// (`INBOUND_META_SENTINELS`), and extend parser expectations in
// `ChatMarkdownPreprocessorTests` when sentinels change.
private static let inboundContextHeaders = [
"Conversation info (untrusted metadata):",
"Sender (untrusted metadata):",
@@ -60,16 +63,49 @@ enum ChatMarkdownPreprocessor {
}
private static func stripInboundContextBlocks(_ raw: String) -> String {
var output = raw
for header in self.inboundContextHeaders {
let escaped = NSRegularExpression.escapedPattern(for: header)
let pattern = "(?ms)^" + escaped + "\\n```json\\n.*?\\n```\\n?"
output = output.replacingOccurrences(
of: pattern,
with: "",
options: .regularExpression)
guard self.inboundContextHeaders.contains(where: raw.contains) else {
return raw
}
return output
let normalized = raw.replacingOccurrences(of: "\r\n", with: "\n")
var outputLines: [String] = []
var inMetaBlock = false
var inFencedJson = false
for line in normalized.split(separator: "\n", omittingEmptySubsequences: false) {
let currentLine = String(line)
if !inMetaBlock && self.inboundContextHeaders.contains(where: currentLine.hasPrefix) {
inMetaBlock = true
inFencedJson = false
continue
}
if inMetaBlock {
if !inFencedJson && currentLine.trimmingCharacters(in: .whitespacesAndNewlines) == "```json" {
inFencedJson = true
continue
}
if inFencedJson {
if currentLine.trimmingCharacters(in: .whitespacesAndNewlines) == "```" {
inMetaBlock = false
inFencedJson = false
}
continue
}
if currentLine.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
continue
}
inMetaBlock = false
}
outputLines.append(currentLine)
}
return outputLines.joined(separator: "\n").replacingOccurrences(of: #"^\n+"#, with: "", options: .regularExpression)
}
private static func stripPrefixedTimestamps(_ raw: String) -> String {

33
apps/shared/OpenClawKit/Sources/OpenClawChatUI/ChatViewModel.swift
View File

@@ -189,10 +189,43 @@ public final class OpenClawChatViewModel {
private static func decodeMessages(_ raw: [AnyCodable]) -> [OpenClawChatMessage] {
let decoded = raw.compactMap { item in
(try? ChatPayloadDecoding.decode(item, as: OpenClawChatMessage.self))
.map { Self.stripInboundMetadata(from: $0) }
}
return Self.dedupeMessages(decoded)
}
private static func stripInboundMetadata(from message: OpenClawChatMessage) -> OpenClawChatMessage {
guard message.role.lowercased() == "user" else {
return message
}
let sanitizedContent = message.content.map { content -> OpenClawChatMessageContent in
guard let text = content.text else { return content }
let cleaned = ChatMarkdownPreprocessor.preprocess(markdown: text).cleaned
return OpenClawChatMessageContent(
type: content.type,
text: cleaned,
thinking: content.thinking,
thinkingSignature: content.thinkingSignature,
mimeType: content.mimeType,
fileName: content.fileName,
content: content.content,
id: content.id,
name: content.name,
arguments: content.arguments)
}
return OpenClawChatMessage(
id: message.id,
role: message.role,
content: sanitizedContent,
timestamp: message.timestamp,
toolCallId: message.toolCallId,
toolName: message.toolName,
usage: message.usage,
stopReason: message.stopReason)
}
private static func messageIdentityKey(for message: OpenClawChatMessage) -> String? {
let role = message.role.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
guard !role.isEmpty else { return nil }