fix(gmail): sanitize HTML entities and tags in tool output

Gmail API returns snippets with HTML entities (&, ', <br>, etc.) that leaked into LLM responses as raw HTML. Added shared sanitizeHtml() utility in src/utils/html.ts and applied it to gmail tool snippets, HTML body fallback, and gmail watcher snippets.
2026-02-10 16:30:14 -08:00
parent 4317492e4b
commit 4ce8e81c01
6 changed files with 281 additions and 4 deletions
@@ -5,6 +5,7 @@ import { homedir } from 'os';
 import type { GmailConfig } from '../config/schema.js';
 import type { ChannelAdapter, ChannelStatus, InboundMessage, OutboundMessage } from '../channels/types.js';
 import { parseInterval } from './heartbeat.js';
+import { sanitizeHtml } from '../utils/html.js';

 /** Minimal interface for the parts of ChannelRegistry we need. */
 interface ChannelLookup {
@@ -368,7 +369,7 @@ export class GmailWatcher implements ChannelAdapter {
        from: getHeader('From'),
        to: getHeader('To'),
        subject: getHeader('Subject'),
-        snippet: msg.data.snippet ?? '',
+        snippet: sanitizeHtml(msg.data.snippet ?? ''),
        date: getHeader('Date'),
        labels: msg.data.labelIds ?? [],
      };