Skip to content

[Improve] Frame provider comment follow-ups as untrusted content#574

Open
mrubens wants to merge 1 commit into
developfrom
harden-provider-comment-untrusted-framing
Open

[Improve] Frame provider comment follow-ups as untrusted content#574
mrubens wants to merge 1 commit into
developfrom
harden-provider-comment-untrusted-framing

Conversation

@mrubens

@mrubens mrubens commented Jul 19, 2026

Copy link
Copy Markdown
Contributor

Description

Follow-up to #570, which added shared prompt-hardening helpers (buildMentionRequestBlock, buildUntrustedContentPolicy) and applied them to the GitHub-facing prompts. The non-GitHub provider comment handlers still interpolated the triggering comment into follow-up task messages with plain > quoting and no untrusted-content policy.

The GitLab, Bitbucket, Azure DevOps, and Gitea comment handlers now compose their existing-task follow-up messages the same way as the GitHub issue-mention handler:

  • The triggering comment (authored by a commenter who passed the linked-account gate, so it is the request to act on) lands in an escaped <mention_request> block instead of > quoting.
  • The PR/MR title is escaped with escapeTaskContextText, matching the GitHub composition.
  • The shared untrusted-content policy is appended to each built follow-up message.
  • The now-unused local formatQuotedText helpers are removed.

Test plan

  • Handler tests now mock the @roomote/cloud-agents/server barrel with distinctive marker fakes and assert the follow-up message routes text through the right builders, mirroring the GitHub handler test update in [Improve] Frame third-party text in agent prompts as untrusted content #570.
  • The Bitbucket suite gains its first coverage of the reusable-task follow-up path (steer into an active owner task).
  • Ran the four affected apps/api handler test directories (21 files, 146 tests), pnpm lint, pnpm check-types, and pnpm knip.

GitLab, Bitbucket, Azure DevOps, and Gitea comment handlers previously
interpolated the triggering comment into follow-up task messages with
plain "> " quoting and no injection-resistance policy. They now compose
the message the same way as the GitHub issue-mention handler: the
gate-verified commenter's text lands in an escaped mention_request block,
the PR/MR title is escaped as task context, and the shared untrusted
content policy is appended.

Handler tests mock the @roomote/cloud-agents/server barrel with marker
fakes and assert the composition; the Bitbucket suite gains its first
coverage of the reusable-task follow-up path.
@roomote-roomote

roomote-roomote Bot commented Jul 19, 2026

Copy link
Copy Markdown
Contributor

No code issues found. See task

Reviewed 6ac7c0f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant