fix: 安全回复、群聊误插话与人设保护及 WebUI 配置下拉

[69gg]

Summary

• 安全模型故障或注入回复生成失败时静默跳过发送，不再输出默认「有病？」
• 重写注入回复提示词与生成参数，使回怼更自然、允许阴阳风格；temperature 提至 1.1
• 强化主提示词：无法判断是否在对你说话时默认不参与；禁止因「你/我」等人称误插别人对话；新增人设自我认可与不可随意更改规则
• WebUI 配置页为访问控制、彩蛋、模型池策略、生图等枚举项补全下拉选择（reasoning_effort 保持文本输入）

Test plan

• 安全模型不可用时触发注入检测，确认不再向用户发送默认嘲讽回复
• @bot 发送明显注入语句，确认回复语气自然且不生硬
• 群聊 A 对 B 说含「你/我」的话且未 @bot，确认 bot 不插话
• WebUI 配置页检查新增下拉项可正常保存（如 access.mode、easter_egg.agent_call_message_enabled、image_gen.xingzhige_size）
• uv run pytest tests/（本次改动以提示词与 WebUI 为主，可按需抽检）

Made with Cursor

Summary by CodeRabbit

• Bug Fixes

  • More natural, defensive handling of prompt-injection attempts; empty or whitespace-only defense replies are now suppressed.
  • Stronger identity and conversation-attribution rules to avoid joining unrelated dialogues; safer pronoun handling and clearer reply triggers.
  • Failures now log and return empty responses instead of default error messages.

• UI Improvements

  • Configuration form select fields now normalize options, preserve current values, and infer value types for better display and editing.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2cf0911f-801a-4651-a0fb-04215184bbfe

📥 Commits

Reviewing files that changed from the base of the PR and between 178cf68 and 41b565f.

📒 Files selected for processing (1)

• src/Undefined/webui/static/js/config-form.js

---

📝 Walkthrough

Walkthrough

This PR hardens the injection-response boundary behavior across prompts and services while independently refactoring config-form select-field option handling. Dialogue attribution rules are tightened to prevent pronoun misinterpretation. The injection-response service generates natural defensive replies at higher temperature and empty responses skip message sending. Config form now supports rule-based select options with dynamic type detection.

Changes

Injection Response Boundary Hardening

Layer / File(s)	Summary
Dialogue Attribution and Identity Protection Prompt Rules res/prompts/undefined.xml, res/prompts/undefined_nagaagent.xml	Both main prompts add persona_self_ownership constraints, default to "not addressed" when uncertain, introduce forbidden triggers for pronoun-based misattribution, and add P0 context-handling rules that require sender/mention/reply-thread evidence over pronouns alone. Golden rules restate persona acceptance and dialogue non-insertion.
Injection Response Prompt Rewrite res/prompts/injection_response_agent.txt	Prompt is restructured to produce a single natural, defensive sentence respecting boundaries in response to injection attempts, replacing previous taunting or verbose instruction styles.
Injection Response Service Implementation src/Undefined/injection_response_agent.py	Service generates more defensive, natural replies; temperature increases from 0.7 to 1.1; exceptions return empty string instead of fallback message; response returns model output directly without fallback substitution.
Coordinator Empty Response Validation src/Undefined/services/ai_coordinator.py, src/Undefined/services/coordinator/group.py	Both coordinators validate and skip message sending when injection-defense reply is empty or whitespace-only.

Config Form UI Enhancement

Layer / File(s)	Summary
Select Field Option Infrastructure src/Undefined/webui/static/js/config-form.js	Constants and rule-based mapping for select options are introduced; normalizeSelectOption and populateSelectInput helpers centralize rendering and auto-inject current values when missing; getFieldSelectOptions refactored to resolve via rules and fallback mapping; <select> construction now sets dataset.valueType dynamically and uses the new population helper.

🎯 3 (Moderate) | ⏱️ ~25 minutes

🐰 The rabbit hops through prompts with care,
Pronouns misread? "Not for me!" declare.
Injection attempts meet swift defense,
Config forms now list with better sense. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main changes: improved safety replies/injection responses, prevention of unwanted group chat insertions, persona protection, and WebUI configuration dropdown enhancements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bugfix/bugs-7

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/Undefined/webui/static/js/config-form.js (1)

399-401: 💤 Low value

Consider the implications of runtime type inference for select fields.

Setting valueType based on the current value's runtime type (line 400: typeof val === "number") may cause type confusion if the current value's type doesn't match the field's schema. For example:

• If the field schema expects a string enum like ["default", "round_robin"] but the current value is a number (due to a config error or migration), valueType will be set to "number".
• When the user selects a string option like "default", parseInputValue (line 1096) will attempt to parse it as a number, fail, and fall back to returning the raw string.
• While the backend validation (Config.load(strict=True)) will catch type mismatches, this approach may create unexpected UX issues where a user selects a valid option but receives a validation error.

In practice, this is mitigated by the fact that most entries in FIELD_SELECT_OPTIONS are string enums, and parseInputValue has fallback logic. However, the valueType attribute may not accurately represent the field's schema, which could be misleading.

If the field schema were accessible in the frontend, it would be more robust to determine valueType from the schema rather than the current value's runtime type. For now, this tradeoff seems acceptable given backend validation.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/Undefined/webui/static/js/config-form.js` around lines 399 - 401, The
code sets input.dataset.valueType based on the runtime type of val which can be
misleading for select fields; change the logic in the populateSelectInput call
site so valueType is derived from the known select options or schema rather than
typeof val — e.g., check FIELD_SELECT_OPTIONS for this field key and set
input.dataset.valueType = "number" only if the option list clearly contains
numeric values, otherwise default to "string"; ensure this ties into
parseInputValue so selected string options aren't mis-parsed and keep backend
validation (Config.load(strict=True)) as the final guard.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/Undefined/webui/static/js/config-form.js`:
- Around line 399-401: The code sets input.dataset.valueType based on the
runtime type of val which can be misleading for select fields; change the logic
in the populateSelectInput call site so valueType is derived from the known
select options or schema rather than typeof val — e.g., check
FIELD_SELECT_OPTIONS for this field key and set input.dataset.valueType =
"number" only if the option list clearly contains numeric values, otherwise
default to "string"; ensure this ties into parseInputValue so selected string
options aren't mis-parsed and keep backend validation (Config.load(strict=True))
as the final guard.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 1408e7d4-e069-488f-b69b-c7215e3d1dcf

📥 Commits

Reviewing files that changed from the base of the PR and between 8fe61c4 and 178cf68.

📒 Files selected for processing (7)

• res/prompts/injection_response_agent.txt
• res/prompts/undefined.xml
• res/prompts/undefined_nagaagent.xml
• src/Undefined/injection_response_agent.py
• src/Undefined/services/ai_coordinator.py
• src/Undefined/services/coordinator/group.py
• src/Undefined/webui/static/js/config-form.js