fix(discord): close reply-reference double-fetch + injection vector

Shaw · claude · Shaw · commit 4a8a76bcb262 · 2026-05-19T19:48:01.000-07:00
Post-merge of #7821: - formatInboundEnvelope used `knownReplyContext ?? (await getDiscordReplyContext(message))`, which re-fetched whenever the caller passed an explicit `null` (already established no reply context). Switch to undefined-check so null is honored. - Raw Discord message text was concatenated into the envelope unsanitized, letting a user-crafted `[platform_reply_reference]...[/platform_reply_reference]` block be parsed by core as a trusted reply reference. Run rawContent through sanitizeReplyReferenceText so the markers cannot be smuggled in. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/packages/cloud-shared/src/lib/services/eliza-app/provisioning.test.ts b/packages/cloud-shared/src/lib/services/eliza-app/provisioning.test.ts
@@ -18,10 +18,31 @@ mock.module("../../../db/repositories/credit-transactions", () => ({
   },
 }));
 
+class InsufficientCreditsError extends Error {
+  constructor(
+    public readonly required: number,
+    public readonly available: number,
+    public readonly reason?: string,
+  ) {
+    super(
+      `Insufficient credits. Required: $${required.toFixed(4)}, Available: $${available.toFixed(4)}`,
+    );
+    this.name = "InsufficientCreditsError";
+  }
+}
+
+class CreditsService {}
+
 mock.module("../credits", () => ({
   creditsService: {
     addCredits,
   },
+  CreditsService,
+  InsufficientCreditsError,
+  COST_BUFFER: 1.5,
+  MIN_RESERVATION: 0.000001,
+  EPSILON: 0.0000001,
+  DEFAULT_OUTPUT_TOKENS: 500,
 }));
 
 mock.module("../eliza-sandbox", () => ({
diff --git a/packages/core/src/services/message.ts b/packages/core/src/services/message.ts
@@ -1713,13 +1713,9 @@ function parsePlatformReplyReferenceBlock(
 ): PlatformReplyReference | null {
 	if (!text) return null;
 	const lines = text.replace(/\r\n/g, "\n").split("\n");
-	let start = -1;
-	for (let index = lines.length - 1; index >= 0; index--) {
-		if (lines[index]?.trim() === PLATFORM_REPLY_REFERENCE_START) {
-			start = index;
-			break;
-		}
-	}
+	const start = lines.findLastIndex(
+		(line) => line.trim() === PLATFORM_REPLY_REFERENCE_START,
+	);
 	if (start === -1) return null;
 	const end = lines.findIndex(
 		(line, index) =>
diff --git a/packages/native/ios-deps/llama.cpp/build-ios.sh b/packages/native/ios-deps/llama.cpp/build-ios.sh
@@ -214,6 +214,7 @@ build_slice() {
   mkdir -p "$build_dir/ggml/src/ggml-metal/autogenerated"
 
   local xcode_jobs="${MILADY_LLAMA_XCODE_JOBS:-1}"
+  local xcode_timeout="${MILADY_LLAMA_XCODE_TIMEOUT_SECONDS:-300}"
   # `cmake --build` adds `-parallelizeTargets` for Xcode projects. llama.cpp's
   # generated iOS project can race inside Xcode's shared build database even
   # with `-jobs 1`, so invoke xcodebuild directly and serialize target builds.
@@ -223,7 +224,24 @@ build_slice() {
     -target llama-common \
     -configuration Release \
     -jobs "$xcode_jobs" \
-    -hideShellScriptEnvironment
+    -hideShellScriptEnvironment &
+  local xcode_pid=$!
+  local elapsed=0
+  while kill -0 "$xcode_pid" 2>/dev/null; do
+    if (( elapsed >= xcode_timeout )); then
+      err "xcodebuild timed out after ${xcode_timeout}s for slice $slice"
+      kill "$xcode_pid" 2>/dev/null || true
+      wait "$xcode_pid" 2>/dev/null || true
+      popd >/dev/null
+      return 1
+    fi
+    sleep 1
+    elapsed=$((elapsed + 1))
+  done
+  if ! wait "$xcode_pid"; then
+    popd >/dev/null
+    return 1
+  fi
   popd >/dev/null
 
   # Locate produced .a files and fold them into a single libllama.a so
@@ -236,7 +254,8 @@ build_slice() {
   done < <(find "$search_root" \( -name "libllama.a" -o -name "libggml*.a" -o -name "libcommon.a" \) -print0)
 
   if [[ ${#archives[@]} -eq 0 ]]; then
-    die "no .a files produced in $build_dir — build likely failed"
+    err "no .a files produced in $build_dir — build likely failed"
+    return 1
   fi
 
   # Compile the LlamaShim.c as well, into its own .a, and add to the bundle.
@@ -306,7 +325,8 @@ build_xcframework() {
     args+=(-library "$DIST_DIR/ios-arm64-simulator/libllama.a" -headers "$DIST_DIR/ios-arm64-simulator/Headers")
   fi
   if [[ ${#args[@]} -eq 0 ]]; then
-    die "no slices to assemble into xcframework"
+    err "no slices to assemble into xcframework"
+    return 1
   fi
 
   log "Assembling $out"
diff --git a/plugins/plugin-discord/inbound-envelope.ts b/plugins/plugin-discord/inbound-envelope.ts
@@ -170,7 +170,9 @@ export async function formatInboundEnvelope(
 
 	let replyContextText = "";
 	const refContext =
-		knownReplyContext ?? (await getDiscordReplyContext(message));
+		knownReplyContext === undefined
+			? await getDiscordReplyContext(message)
+			: knownReplyContext;
 	if (refContext) {
 		const truncated = truncateText(
 			refContext.content,
@@ -193,7 +195,7 @@ export async function formatInboundEnvelope(
 
 	const header = `[Discord ${channelLabel}] @${senderName} (${timestamp})`;
 	return {
-		formattedContent: `${header}: ${rawContent}${replyContextText}`,
+		formattedContent: `${header}: ${sanitizeReplyReferenceText(rawContent)}${replyContextText}`,
 		chatType,
 	};
 }
