boss/local-agent/master-task-output-sanitizer.mjs

export const MASTER_CODEX_NODE_OUTPUT_LEAKED = "MASTER_CODEX_NODE_OUTPUT_LEAKED";

const EXECUTION_PROMPT_SECTION_LABELS = [
  "管理员全局主提示词：",
  "用户私有主提示词：",
  "当前对话附加提示词：",
  "当前消息：",
  "项目记忆：",
  "用户通用记忆：",
];

function trimToDefined(value) {
  const trimmed = String(value ?? "").trim();
  return trimmed ? trimmed : undefined;
}

export function looksLikeCodexCliEnvelopeLeak(value) {
  const text = trimToDefined(value);
  if (!text) {
    return false;
  }
  const hasCodexHeader = /OpenAI Codex v[\d.]+/i.test(text);
  const hasExecutionMetadata =
    /^workdir:\s+/m.test(text) &&
    /^model:\s+/m.test(text) &&
    /^provider:\s+/m.test(text);
  const hasRuntimePolicy = /^approval:\s+/m.test(text) || /^sandbox:\s+/m.test(text);
  const hasSessionOrMcp = /^session id:\s+/m.test(text) || /^mcp:\s+/m.test(text);
  return hasCodexHeader && hasExecutionMetadata && hasRuntimePolicy && hasSessionOrMcp;
}

export function looksLikeExecutionPromptLeak(value) {
  const text = trimToDefined(value);
  if (!text) {
    return false;
  }

  const sectionHitCount = EXECUTION_PROMPT_SECTION_LABELS.filter((label) => text.includes(label)).length;
  if (sectionHitCount >= 2) {
    return true;
  }

  return (
    text.includes("管理员全局主提示词") &&
    text.includes("系统级最高约束") &&
    text.includes("不可被用户私有提示词")
  );
}

export function shouldBlockSensitiveMasterAgentOutput(value) {
  return looksLikeCodexCliEnvelopeLeak(value) || looksLikeExecutionPromptLeak(value);
}

export function sanitizeSensitiveTaskFailureDetailForTransport(value) {
  const text = trimToDefined(value);
  if (!text) {
    return undefined;
  }
  return shouldBlockSensitiveMasterAgentOutput(text) ? MASTER_CODEX_NODE_OUTPUT_LEAKED : text;
}

export function sanitizeSensitiveTaskFailureDetailForLog(value) {
  const text = trimToDefined(value);
  if (!text) {
    return undefined;
  }
  if (!shouldBlockSensitiveMasterAgentOutput(text)) {
    return text;
  }
  return "已拦截内部执行日志，原始内容不再展示。";
}