github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 05:41:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix (auto-reply): expose inbound message identifiers in trusted metadata

Browse Source
This commit is contained in:
Vignesh Natarajan
2026-02-15 19:00:18 -08:00
parent 82333add95
commit bed8e7abe6
2 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/auto-reply/reply/inbound-meta.ts
View File

@@ -13,11 +13,19 @@ function safeTrim(value: unknown): string | undefined {
export function buildInboundMetaSystemPrompt(ctx: TemplateContext): string {
const chatType = normalizeChatType(ctx.ChatType);
const isDirect = !chatType || chatType === "direct";
const messageId = safeTrim(ctx.MessageSid);
const messageIdFull = safeTrim(ctx.MessageSidFull);
const replyToId = safeTrim(ctx.ReplyToId);
const chatId = safeTrim(ctx.OriginatingTo);
// Keep system metadata strictly free of attacker-controlled strings (sender names, group subjects, etc.).
// Those belong in the user-role "untrusted context" blocks.
const payload = {
schema: "openclaw.inbound_meta.v1",
message_id: messageId,
message_id_full: messageIdFull && messageIdFull !== messageId ? messageIdFull : undefined,
chat_id: chatId,
reply_to_id: replyToId,
channel: safeTrim(ctx.OriginatingChannel) ?? safeTrim(ctx.Surface) ?? safeTrim(ctx.Provider),
provider: safeTrim(ctx.Provider),
surface: safeTrim(ctx.Surface),