fix: block leaked history summaries in replies

core/pydantic_ai_agent_v2.py

@@ -26,6 +26,7 @@ _INTERNAL_TOOL_MARKERS = (
     "【订单摘要】",
     "【订单详情】",
 )
+_TRANSFER_COMMAND_RE = re.compile(r"^\s*正在为您转接\|\[转移会话\],[^,\r\n]+,[^\r\n]*\s*$")
 
 # 历史记录格式检测模式（AI 转述历史时容易泄露）
 _HISTORY_LEAK_PATTERNS = [
@@ -109,6 +110,13 @@ def _sanitize_reply_text(reply_text: str) -> str:
     text = re.sub(r'[\[\]]{2,}', '', text)
     text = text.strip()
 
+    if _TRANSFER_COMMAND_RE.fullmatch(text):
+        return text
+
+    if "[转移会话]" in text:
+        logger.warning("[Brain] 拦截到混入正文的转接指令，降级为安全兜底回复")
+        return "我在帮你看记录，稍等哈"
+
     # 检查固定标记
     if any(marker in text for marker in _INTERNAL_TOOL_MARKERS):
         logger.warning("[Brain] 拦截到工具原文泄露，降级为安全兜底回复")