From 5a5bde1ba5d6f844802c3e723d1417fb2d2825e1 Mon Sep 17 00:00:00 2001
From: jimi <1847930177@qq.com>
Date: Sun, 8 Mar 2026 12:36:57 +0800
Subject: [PATCH] fix: block leaked history content before outbound send

---
 core/adapters/qianniu_adapter.py | 41 ++++++++++++++++++++++++++++++++
 core/orchestrator.py             |  2 ++
 2 files changed, 43 insertions(+)

diff --git a/core/adapters/qianniu_adapter.py b/core/adapters/qianniu_adapter.py
index 47d4365..2cf5bc2 100644
--- a/core/adapters/qianniu_adapter.py
+++ b/core/adapters/qianniu_adapter.py
@@ -8,6 +8,28 @@ from core.schema import StandardMessage, StandardResponse
 
 logger = logging.getLogger("cs_agent")
 
+
+_OUTBOUND_BLOCK_MARKERS = (
+    "【历史记录摘要】",
+    "【详细记录】",
+    "【订单摘要】",
+    "【订单详情】",
+    "<think",
+    "think_never_used",
+    '[{"name":',
+)
+
+_HISTORY_LEAK_PATTERNS = [
+    r'\[\d{4}-\d{2}-\d{2}[^\]]*\]\s*(客户|客服)[：:]',
+    r'\[\d{2}:\d{2}:\d{2}\]\s*(客户|客服|我)[：:]',
+    r'(根据|查看|查询|翻看)(历史|聊天|对话)(记录|内容)',
+    r'历史(记录|对话|消息)(显示|表明|中)',
+    r'之前的(聊天|对话|记录)(中|里|显示)',
+    r'共\d+条(历史|对话)?消息',
+    r'订单号[:：]\s*\d{10,}',
+    r'(状态|金额|数量)[:：].*(状态|金额|数量)[:：]',
+]
+
 class QianniuAdapter(BaseAdapter):
     """
     千牛适配器：支持识别消息来源（客户 vs 商家人工）。
@@ -30,6 +52,22 @@ class QianniuAdapter(BaseAdapter):
             logger.warning(f"[QianniuAdapter] 读取转接分组配置失败: {e}")
         return self._default_group_id
 
+    @staticmethod
+    def _sanitize_outbound_text(content: str) -> str:
+        if not content:
+            return ""
+        cleaned = str(content).strip()
+        if "[转移会话]" in cleaned:
+            return cleaned
+        if any(marker in cleaned for marker in _OUTBOUND_BLOCK_MARKERS):
+            logger.warning("[QianniuAdapter] 拦截到内部内容外发，替换为安全兜底回复")
+            return "我在帮你看记录，稍等哈"
+        for pattern in _HISTORY_LEAK_PATTERNS:
+            if re.search(pattern, cleaned):
+                logger.warning(f"[QianniuAdapter] 检测到历史记录泄露模式: {pattern[:30]}...")
+                return "我在帮你看记录，稍等哈"
+        return cleaned
+
     async def translate_inbound(self, raw: dict) -> Tuple[StandardMessage, str]:
         """
         返回: (标准消息, 消息方向)
@@ -81,6 +119,9 @@ class QianniuAdapter(BaseAdapter):
         else:
             content = res.reply_content
 
+        if res.msg_type == 0:
+            content = self._sanitize_outbound_text(content)
+
         try:
             logger.info(
                 f"[REPLY->CUSTOMER] user={user_id} acc={acc_id} type={res.msg_type}\n{content}"
diff --git a/core/orchestrator.py b/core/orchestrator.py
index 59f955d..d1d4607 100644
--- a/core/orchestrator.py
+++ b/core/orchestrator.py
@@ -366,6 +366,8 @@ class SystemOrchestrator:
 
     async def handle_outbound_event(self, user_id: str, platform: str, response: StandardResponse):
         if platform == "qianniu":
+            if response and response.msg_type == 0:
+                response.reply_content = self._sanitize_outbound_text(response.reply_content)
             await self.qianniu_adapter.translate_outbound(response, user_id)
 
 # 全局单例