Files
multica/server
Jiayuan Zhang fcb8997ecc fix(profile): sanitize requesting-user name in brief; route getMe through schema fallback
Two follow-ups from Emacs's review on MUL-2406:

- runtime_config.go injected `RequestingUserName` raw into `**%s**` in the
  brief. A name with embedded CR/LF (allowed by `PATCH /api/me`'s outer-trim
  only, and Google display names) could open a new `## ...` heading and
  bypass the blockquote guard on the profile description. Add
  `sanitizeNameForBriefMarkdown` to collapse whitespace, drop C0 controls,
  and escape inline-markdown structural chars before substitution. Cover
  the regression with a brief test (newline-laden name + Available
  Commands payload) and table tests for the sanitizer itself.

- `client.ts:getMe()` still bypassed `parseWithFallback`, so a server
  missing `profile_description` would surface `undefined` to the initial
  auth load while `updateMe`/PATCH was already guarded. Run GET /api/me
  through the same `UserSchema` + `EMPTY_USER` fallback to keep the
  GET/PATCH compatibility boundary symmetric.

Co-authored-by: multica-agent <github@multica.ai>
2026-05-19 13:20:34 +08:00
..