From 88716d8d2ad8f8651e0af12244fe8ca588ff080d Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Mon, 12 Jan 2026 07:11:59 +0000
Subject: [PATCH] fix: harden inline /status stripping (#766)

---
 src/auto-reply/reply.ts | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/auto-reply/reply.ts b/src/auto-reply/reply.ts
index 90aaf7e43..4e59b05e9 100644
--- a/src/auto-reply/reply.ts
+++ b/src/auto-reply/reply.ts
@@ -159,6 +159,8 @@ const INLINE_SIMPLE_COMMAND_ALIASES = new Map<string, string>([
 const INLINE_SIMPLE_COMMAND_RE =
   /(?:^|\s)\/(help|commands|whoami|id)(?=$|\s|:)/i;
 
+const INLINE_STATUS_RE = /(?:^|\s)\/(?:status|usage)(?=$|\s|:)(?:\s*:\s*)?/gi;
+
 function extractInlineSimpleCommand(body?: string): {
   command: string;
   cleaned: string;
@@ -173,6 +175,19 @@ function extractInlineSimpleCommand(body?: string): {
   return { command, cleaned };
 }
 
+function stripInlineStatus(body: string): {
+  cleaned: string;
+  didStrip: boolean;
+} {
+  const trimmed = body.trim();
+  if (!trimmed) return { cleaned: "", didStrip: false };
+  const cleaned = trimmed
+    .replace(INLINE_STATUS_RE, " ")
+    .replace(/\s+/g, " ")
+    .trim();
+  return { cleaned, didStrip: cleaned !== trimmed };
+}
+
 function resolveElevatedAllowList(
   allowFrom: AgentElevatedAllowFromConfig | undefined,
   provider: string,
@@ -591,6 +606,8 @@ export async function getReplyFromConfig(
     return `${head}${cleanedTail}`;
   })();
 
+  cleanedBody = stripInlineStatus(cleanedBody).cleaned;
+
   sessionCtx.Body = cleanedBody;
   sessionCtx.BodyStripped = cleanedBody;