From 95bbce355ab28047bbbe5ecee2c6d0d92bc003da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=9B=85=E8=AF=BA=E7=8B=90?=
 <212194964+foxcyber907@users.noreply.github.com>
Date: Wed, 20 Aug 2025 15:53:10 +0800
Subject: [PATCH] Improve anti-injection detection logging and text extraction

Added detailed debug logs for text extraction and LLM detection input in the anti-injector module. Refactored message processing to only use user-added content for detection, avoiding duplicate text. Fixed import paths for command_skip_list in plugin manager and anti_injector_manager to reflect new module structure.
---
 src/chat/antipromptinjector/anti_injector.py        |  7 ++++---
 src/chat/antipromptinjector/core/detector.py        |  3 +++
 .../processors/message_processor.py                 | 13 +++++--------
 src/plugin_system/core/plugin_manager.py            |  7 +++----
 .../built_in/core_actions/anti_injector_manager.py  |  2 +-
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/chat/antipromptinjector/anti_injector.py b/src/chat/antipromptinjector/anti_injector.py
index 7d0703154..5c511395e 100644
--- a/src/chat/antipromptinjector/anti_injector.py
+++ b/src/chat/antipromptinjector/anti_injector.py
@@ -81,9 +81,9 @@ class AntiPromptInjector:
             if whitelist_result is not None:
                 return ProcessResult.ALLOWED, None, whitelist_result[2]
             
-            # 4. 命令跳过列表检测
-            message_text = self.message_processor.extract_text_content(message)
-            should_skip, skip_reason = should_skip_injection_detection(message_text)
+            # 4. 命令跳过列表检测 & 内容提取
+            text_to_detect = self.message_processor.extract_text_content(message)
+            should_skip, skip_reason = should_skip_injection_detection(text_to_detect)
             if should_skip:
                 logger.debug(f"消息匹配跳过列表，跳过反注入检测: {skip_reason}")
                 return ProcessResult.ALLOWED, None, f"命令跳过检测 - {skip_reason}"
@@ -91,6 +91,7 @@ class AntiPromptInjector:
             # 5. 内容检测
             # 提取用户新增内容（去除引用部分）
             text_to_detect = self.message_processor.extract_text_content(message)
+            logger.debug(f"提取的检测文本: '{text_to_detect}' (长度: {len(text_to_detect)})")
             
             # 如果是纯引用消息，直接允许通过
             if text_to_detect == "[纯引用消息]":
diff --git a/src/chat/antipromptinjector/core/detector.py b/src/chat/antipromptinjector/core/detector.py
index bb893dfcd..94c9a6ddd 100644
--- a/src/chat/antipromptinjector/core/detector.py
+++ b/src/chat/antipromptinjector/core/detector.py
@@ -153,6 +153,9 @@ class PromptInjectionDetector:
         """基于LLM的检测"""
         start_time = time.time()
         
+        # 添加调试日志
+        logger.debug(f"LLM检测输入消息: '{message}' (长度: {len(message)})")
+        
         try:
             # 获取可用的模型配置
             models = llm_api.get_available_models()
diff --git a/src/chat/antipromptinjector/processors/message_processor.py b/src/chat/antipromptinjector/processors/message_processor.py
index f82cafa39..3d569b458 100644
--- a/src/chat/antipromptinjector/processors/message_processor.py
+++ b/src/chat/antipromptinjector/processors/message_processor.py
@@ -32,17 +32,14 @@ class MessageProcessor:
         """
         # 主要检测处理后的纯文本
         processed_text = message.processed_plain_text
+        logger.debug(f"原始processed_plain_text: '{processed_text}'")
         
-        # 检查是否包含引用消息
+        # 检查是否包含引用消息，提取用户新增内容
         new_content = self.extract_new_content_from_reply(processed_text)
-        text_parts = [new_content]
+        logger.debug(f"提取的新内容: '{new_content}'")
         
-        # 如果有原始消息，也加入检测
-        if hasattr(message, 'raw_message') and message.raw_message:
-            text_parts.append(str(message.raw_message))
-        
-        # 合并所有文本内容
-        return " ".join(filter(None, text_parts))
+        # 只返回用户新增的内容，避免重复
+        return new_content
     
     def extract_new_content_from_reply(self, full_text: str) -> str:
         """从包含引用的完整消息中提取用户新增的内容
diff --git a/src/plugin_system/core/plugin_manager.py b/src/plugin_system/core/plugin_manager.py
index 3aaacc10e..73c4ab34c 100644
--- a/src/plugin_system/core/plugin_manager.py
+++ b/src/plugin_system/core/plugin_manager.py
@@ -13,6 +13,9 @@ from src.plugin_system.base.plugin_base import PluginBase
 from src.plugin_system.base.component_types import ComponentType
 from src.plugin_system.utils.manifest_utils import VersionComparator
 from .component_registry import component_registry
+import asyncio
+from src.chat.antipromptinjector.processors.command_skip_list import skip_list_manager
+
 
 logger = get_logger("plugin_manager")
 
@@ -595,10 +598,6 @@ class PluginManager:
     def _refresh_anti_injection_skip_list(self):
         """插件加载完成后刷新反注入跳过列表"""
         try:
-            import asyncio
-            from src.chat.antipromptinjector.command_skip_list import skip_list_manager
-            
-            # 如果当前在事件循环中，直接调用
             try:
                 loop = asyncio.get_running_loop()
                 # 在后台任务中执行刷新
diff --git a/src/plugins/built_in/core_actions/anti_injector_manager.py b/src/plugins/built_in/core_actions/anti_injector_manager.py
index 0479850cd..a9571c854 100644
--- a/src/plugins/built_in/core_actions/anti_injector_manager.py
+++ b/src/plugins/built_in/core_actions/anti_injector_manager.py
@@ -11,7 +11,7 @@
 
 from src.plugin_system.base import BaseCommand
 from src.chat.antipromptinjector import get_anti_injector
-from src.chat.antipromptinjector.command_skip_list import (
+from src.chat.antipromptinjector.processors.command_skip_list import (
     get_skip_patterns_info, 
     skip_list_manager
 )