feat(inbound-meta): expose sender_id in trusted system metadata#18303
Merged
steipete merged 1 commit intoopenclaw:mainfrom Feb 16, 2026
Merged
feat(inbound-meta): expose sender_id in trusted system metadata#18303steipete merged 1 commit intoopenclaw:mainfrom
steipete merged 1 commit intoopenclaw:mainfrom
Conversation
Add sender_id (ctx.SenderId) to the openclaw.inbound_meta.v1 payload so agents can reference it for moderation actions (delete, ban, etc.) without relying on user-controlled text fields. message_id and chat_id were already present; sender_id was the missing piece needed for complete group moderation workflows.
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 18, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 18, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 18, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 18, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 18, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 18, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 18, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
arosstale
added a commit
to arosstale/openclaw
that referenced
this pull request
Feb 19, 2026
…from chat history (openclaw#20221) Two features merged in 2026.2.17 now populate SenderId ("openclaw-control-ui") and MessageSid (clientRunId) for webchat inbound messages: - Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads (tyler6204) - Auto-reply: include sender_id in trusted inbound metadata (openclaw#18303) This causes buildInboundUserContextPrefix() to emit a "Conversation info (untrusted metadata):" fenced JSON block for every webchat user message. The block is intended for the model, not the UI. When chat.history reloads after an assistant turn, stripEnvelopeFromMessages() only strips the [Channel Timestamp] envelope header and silently passes through the metadata block — making it visible in the chat UI. Fix: export stripUntrustedMetadataBlocks() from shared/chat-envelope.ts that iteratively removes leading "(untrusted metadata):" + fenced JSON blocks using string operations (avoids multiline-regex parser issues). Wire it into stripEnvelopeFromContent() and stripEnvelopeFromMessage() so all three content shapes (string, array, text) are covered. Fixes openclaw#20221. lobster-biscuit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
sender_id(ctx.SenderId) to theopenclaw.inbound_meta.v1system prompt payload.Motivation
message_idandchat_idare already exposed in the trusted inbound metadata, butsender_idis missing. This makes it impossible for agents to perform moderation actions (ban, kick, timeout) that require a numeric user ID.Use case: A spam-detection agent monitoring Telegram group chats needs
sender_idto populate inline button callbacks for delete/ban actions. Without it, the agent only has the sender's display name and username (untrusted, user-controlled text) — insufficient for API actions.Changes
src/auto-reply/reply/inbound-meta.ts: Addsender_id: safeTrim(ctx.SenderId)to the trusted payload (1 line)src/auto-reply/reply/inbound-meta.test.ts: Add 2 tests — presence when provided, omission when absentExample output
{ "schema": "openclaw.inbound_meta.v1", "message_id": "16698", "sender_id": "289522496", "chat_id": "telegram:-1001249586642", "channel": "telegram", "provider": "telegram", "surface": "telegram", "chat_type": "group" }Greptile Summary
Adds
sender_id(fromctx.SenderId) to theopenclaw.inbound_meta.v1trusted system metadata payload, alongside the existingmessage_idandchat_idfields. This enables agents to perform moderation actions (ban, kick, timeout) that require a numeric user ID rather than untrusted display names.sender_idis added viasafeTrim(ctx.SenderId)inbuildInboundMetaSystemPrompt, following the same pattern as other platform-assigned IDs in the trusted payloadsender_idin trusted metadata (platform-assigned numeric ID) rather than the untrusted user context block (which holds user-controlled strings likeSenderName,SenderUsername)Confidence Score: 5/5
safeTrimpattern already used by every other field in the payload. TheSenderIdtype is correctly defined asstring | undefinedin TemplateContext. Tests cover both presence and absence. The trusted/untrusted boundary is respected (numeric platform ID in trusted metadata, display names in untrusted context). No logic changes, no new dependencies, no security concerns.Last reviewed commit: a8c35a4
(2/5) Greptile learns from your feedback when you react with thumbs up/down!