Skip to content

feat(moderation): add explainable reasoning for flagged messages #39943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sharanyamahajan wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

feat(moderation): add explainable reasoning for flagged messages #39943

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
17e8a2a
chore: update app.json configuration
sharanyamahajan Mar 9, 2026
b9de355
Merge pull request #5 from sharanyamahajan/fix/app-json-update
sharanyamahajan Mar 9, 2026
df853df
refactor: remove unnecessary line breaks in UserCard component
sharanyamahajan Mar 9, 2026
cad1521
fix(search): escape regex in from and mention filters
sharanyamahajan Mar 29, 2026
646c58a
feat(moderation): add explainable reasoning for flagged messages
sharanyamahajan Mar 29, 2026
f31c339
Merge branch 'develop' into feat/moderation-reasoning
sharanyamahajan Mar 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
**/.classpath
**/.dockerignore
**/.env
**/.git
**/.gitignore
**/.project
**/.settings
**/.toolstarget
**/.vs
**/.vscode
**/*.*proj.user
**/*.dbmdl
**/*.jfm
**/charts
**/docker-compose*
**/compose*
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai bot Mar 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Overly broad .dockerignore glob excludes real source paths (composer*/compose*) from Docker build context, risking incomplete or broken images.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At .dockerignore, line 16:

<comment>Overly broad `.dockerignore` glob excludes real source paths (`composer*`/`compose*`) from Docker build context, risking incomplete or broken images.</comment>

<file context>
@@ -0,0 +1,24 @@
+**/*.jfm
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
</file context>
Fix with Cubic

**/Dockerfile*
**/node_modules
**/npm-debug.log
**/obj
**/secrets.dev.yaml
**/values.dev.yaml
LICENSE
README.md
11 changes: 11 additions & 0 deletions .vscode/launch.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"configurations": [
{
"name": "Containers: Node.js Launch",
"type": "docker",
"request": "launch",
"preLaunchTask": "docker-run: debug",
"platform": "node"
}
]
}
39 changes: 39 additions & 0 deletions .vscode/tasks.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
{
"version": "2.0.0",
"tasks": [
{
"type": "docker-build",
"label": "docker-build",
"platform": "node",
"dockerBuild": {
"dockerfile": "${workspaceFolder}/Dockerfile",
"context": "${workspaceFolder}",
"pull": true
}
},
{
"type": "docker-run",
"label": "docker-run: release",
"dependsOn": [
"docker-build"
],
"platform": "node"
},
{
"type": "docker-run",
"label": "docker-run: debug",
"dependsOn": [
"docker-build"
],
"dockerRun": {
"env": {
"DEBUG": "*",
"NODE_ENV": "development"
}
},
"node": {
"enableDebugging": true
}
}
]
}
10 changes: 10 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
FROM node:lts-alpine
ENV NODE_ENV=production
WORKDIR /usr/src/app
COPY ["package.json", "package-lock.json*", "npm-shrinkwrap.json*", "./"]
RUN npm install --production --silent && mv node_modules ../
Comment on lines +4 to +5
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if yarn.lock exists and examine workspace configuration
echo "=== Checking for lock files ==="
ls -la yarn.lock package-lock.json 2>/dev/null || echo "Lock files not found at root"

echo -e "\n=== Workspace configuration in package.json ==="
jq '.workspaces' package.json 2>/dev/null || cat package.json | grep -A 10 '"workspaces"'

echo -e "\n=== Package manager field ==="
jq '.packageManager' package.json 2>/dev/null

Repository: RocketChat/Rocket.Chat

Length of output: 383

🏁 Script executed:

cat -n Dockerfile | head -20

Repository: RocketChat/Rocket.Chat

Length of output: 423

Critical: This monorepo uses yarn workspaces but the Dockerfile uses npm install.

The root package.json declares yarn workspaces and pins packageManager to yarn@4.12.0. Using npm install will not properly resolve these workspace dependencies since npm does not natively understand yarn's workspace feature.

Additionally, moving node_modules to the parent directory (mv node_modules ../) is unconventional and may cause module resolution issues.

🔧 Proposed fix using yarn with --immutable 
 FROM node:lts-alpine
 ENV NODE_ENV=production
 WORKDIR /usr/src/app
-COPY ["package.json", "package-lock.json*", "npm-shrinkwrap.json*", "./"]
-RUN npm install --production --silent && mv node_modules ../
+COPY ["package.json", "yarn.lock", "./"]
+RUN yarn install --production --immutable
 COPY . .
 EXPOSE 3000
 RUN chown -R node /usr/src/app
 USER node
 CMD ["node", "index.js"]
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
COPY ["package.json", "package-lock.json*", "npm-shrinkwrap.json*", "./"]
RUN npm install --production --silent && mv node_modules ../
COPY ["package.json", "yarn.lock", "./"]
RUN yarn install --production --immutable
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 4 - 5, The Dockerfile currently copies only
package.json and runs "npm install" then moves node_modules — replace that with
a Yarn v4-friendly flow: update the COPY step to include yarn-specific files
(.yarn, .yarnrc.yml, yarn.lock along with package.json and workspace manifests)
and change the RUN command (the line with RUN npm install --production --silent
&& mv node_modules ../) to run "yarn install --immutable" (or "yarn install
--immutable --inline-builds" if builds are needed) and remove the "mv
node_modules ../" move; ensure the Dockerfile uses the Dockerfile COPY and RUN
entries shown so the workspace-aware Yarn install produces correct workspace
deps without relocating node_modules.

COPY . .
EXPOSE 3000
RUN chown -R node /usr/src/app
USER node
CMD ["node", "index.js"]
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if index.js exists at root and find potential entrypoints
echo "=== Checking for index.js at root ==="
ls -la index.js 2>/dev/null || echo "index.js not found at root"

echo -e "\n=== Main field in package.json ==="
jq '.main' package.json

echo -e "\n=== Looking for potential entrypoints ==="
fd -t f -d 2 'index.js|main.js|server.js' . 2>/dev/null | head -10

Repository: RocketChat/Rocket.Chat

Length of output: 220

🏁 Script executed:

#!/bin/bash
# Verify Dockerfile exists and check its content
echo "=== Dockerfile content ==="
if [ -f "Dockerfile" ]; then
  cat -n Dockerfile
else
  echo "Dockerfile not found at root"
fi

echo -e "\n=== Repository structure (top-level directories) ==="
ls -la | grep "^d" | head -20

echo -e "\n=== Root package.json details ==="
cat -n package.json | head -40

echo -e "\n=== Looking for .dockerignore, docker-compose, etc ==="
ls -la | grep -i docker

echo -e "\n=== Check for monorepo indicators ==="
if [ -f "lerna.json" ]; then echo "=== lerna.json found ==="; cat -n lerna.json; fi
if [ -f "pnpm-workspace.yaml" ]; then echo "=== pnpm-workspace.yaml found ==="; cat -n pnpm-workspace.yaml; fi

Repository: RocketChat/Rocket.Chat

Length of output: 3578

🏁 Script executed:

#!/bin/bash
# Search for entrypoints with greater depth and different patterns
echo "=== Searching for index.js, main.js, server.js up to depth 5 ==="
fd -t f -d 5 'index\.js$' . 2>/dev/null | head -15

echo -e "\n=== Checking apps/ subdirectory if it exists ==="
if [ -d "apps" ]; then
  echo "apps/ directory found, listing structure:"
  ls -la apps/
fi

echo -e "\n=== Checking for TypeScript/compiled entry points ==="
fd -t f -d 5 'index\.ts$|server\.ts$|main\.ts$' . 2>/dev/null | head -15

echo -e "\n=== Check if packages/app-* subdirectories exist ==="
find . -maxdepth 2 -type d -name "app-*" | head -10

Repository: RocketChat/Rocket.Chat

Length of output: 1241

🏁 Script executed:

#!/bin/bash
# Check full Dockerfile for build stages
echo "=== Full Dockerfile ==="
cat -n Dockerfile

echo -e "\n=== apps/meteor/package.json ==="
head -50 apps/meteor/package.json

echo -e "\n=== Check for build output or entry in root ==="
ls -la | grep -E '\.meteor|build|dist|server'

echo -e "\n=== Check apps/meteor structure ==="
ls -la apps/meteor/ | head -20

Repository: RocketChat/Rocket.Chat

Length of output: 3979

🏁 Script executed:

#!/bin/bash
# Check docker-compose to understand how container is run
echo "=== docker-compose-local.yml (first 50 lines) ==="
head -50 docker-compose-local.yml

echo -e "\n=== docker-compose-ci.yml (first 50 lines) ==="
head -50 docker-compose-ci.yml

echo -e "\n=== Look for any .meteorrc, .meteor.json, or meteor config ==="
find . -maxdepth 3 -name ".meteorrc" -o -name "meteor.json" -o -name ".meteor" -type d 2>/dev/null | head -10

Repository: RocketChat/Rocket.Chat

Length of output: 3487

🏁 Script executed:

#!/bin/bash
# Check if there are build instructions or scripts at root
echo "=== Build-related scripts at root ==="
ls -la | grep -i build

echo -e "\n=== Check .dockerignore content ==="
cat -n .dockerignore

echo -e "\n=== Look for any npm/yarn scripts that might build ==="
cd apps/meteor && grep -A 5 '"scripts"' package.json | head -20

Repository: RocketChat/Rocket.Chat

Length of output: 1104

🏁 Script executed:

#!/bin/bash
# Check the actual Dockerfile used in builds
echo "=== apps/meteor/.docker/Dockerfile.alpine ==="
if [ -f "apps/meteor/.docker/Dockerfile.alpine" ]; then
  cat -n apps/meteor/.docker/Dockerfile.alpine | head -50
else
  echo "File not found"
fi

echo -e "\n=== Check all Dockerfiles in the repository ==="
find . -name "Dockerfile*" -type f | head -20

echo -e "\n=== Check .github workflows to see how the image is built ==="
ls -la .github/workflows/ | grep -i docker

Repository: RocketChat/Rocket.Chat

Length of output: 2952

🏁 Script executed:

#!/bin/bash
# Understand the build process better
echo "=== Check if Meteor generates the index.js during build ==="
# Look for references to the build output
find . -maxdepth 3 -name "*.ts" -o -name "*.js" | xargs grep -l "index.js" 2>/dev/null | head -10

echo -e "\n=== Check apps/meteor/.docker directory ==="
ls -la apps/meteor/.docker/

echo -e "\n=== Look for entry point configuration in meteor settings ==="
cat apps/meteor/.meteorignore 2>/dev/null
ls -la apps/meteor/.meteor/

Repository: RocketChat/Rocket.Chat

Length of output: 1060

🏁 Script executed:

#!/bin/bash
# Check recent changes to root Dockerfile
echo "=== Recent git log for root Dockerfile ==="
git log --oneline -10 Dockerfile 2>/dev/null || echo "Could not get git log"

echo -e "\n=== Check if root Dockerfile is referenced in any CI/CD or build scripts ==="
grep -r "Dockerfile" .github/ .gitpod* .devcontainer/ 2>/dev/null | grep -v ".alpine" | grep -v ".debian" | head -10

echo -e "\n=== Check if root Dockerfile is used in docker-compose files ==="
grep -l "dockerfile" docker-compose*.yml 2>/dev/null | xargs grep -h "dockerfile" 2>/dev/null

echo -e "\n=== Look at the actual Meteor build output structure ==="
ls -la apps/meteor/bundle 2>/dev/null || echo "No bundle directory found (expected - it's created during build)"

Repository: RocketChat/Rocket.Chat

Length of output: 1863

🏁 Script executed:

#!/bin/bash
# Check what the proper entry point should be for Meteor
echo "=== Check apps/meteor/.docker/Dockerfile.alpine for actual CMD ==="
tail -20 apps/meteor/.docker/Dockerfile.alpine

echo -e "\n=== Check Dockerfile.debian for comparison ==="
tail -20 apps/meteor/.docker/Dockerfile.debian

Repository: RocketChat/Rocket.Chat

Length of output: 1039

The root Dockerfile is incomplete and not used in production builds.

Line 10 references index.js, which doesn't exist at the repository root. However, this Dockerfile is deprecated—the actual production Dockerfile is apps/meteor/.docker/Dockerfile.alpine, which correctly expects main.js in the Meteor bundle at /app/bundle.

The root Dockerfile lacks the build stage required to generate this bundle via meteor build. Either remove this outdated file, document it as deprecated, or replace it with the proper multi-stage Meteor build logic from apps/meteor/.docker/Dockerfile.alpine.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` at line 10, The root Dockerfile currently ends with CMD
["node","index.js"] which is incorrect and deprecated; either delete or mark
this Dockerfile as deprecated in its header, or replace it with the proper
multi-stage Meteor build logic used for production: add a build stage that runs
meteor build to produce the bundle and a final stage that copies the Meteor
bundle (with main.js) into the runtime image and sets the correct CMD/startup;
locate the erroneous CMD line in the root Dockerfile and align its behavior with
the multi-stage pattern used for production builds (generate bundle, copy
bundle/main.js into the image, and run node main.js).

25 changes: 25 additions & 0 deletions apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,31 @@ export async function sendMessageNotifications(message: IMessage, room: IRoom, u
}

const sender = await roomCoordinator.getRoomDirectives(room.t).getMsgSender(message);

const reasons: any[] = [];

if (message.msg && message.msg.length > 200) {
reasons.push({
type: 'long_message',
message: 'Message unusually long (possible spam)',
});
}

if (/(.)\1{5,}/.test(message.msg || '')) {
reasons.push({
type: 'repetition',
message: 'Repeated characters detected',
});
}

if (reasons.length > 0) {
(message as any).moderationReasons = reasons;

Comment on lines +282 to +300
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether moderationReasons is part of the formal message contract and where it is used.
rg -n "interface IMessage|moderationReasons" packages/core-typings/src/IMessage/IMessage.ts
rg -n "moderationReasons" apps/meteor --type ts --type js
rg -n "afterSaveMessage\\(|callbacks\\.run\\('afterSaveMessage'" apps/meteor/app/lib/server/lib/afterSaveMessage.ts apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts

Repository: RocketChat/Rocket.Chat

Length of output: 722

🏁 Script executed:

cat -n packages/core-typings/src/IMessage/IMessage.ts | head -200

Repository: RocketChat/Rocket.Chat

Length of output: 6380

🏁 Script executed:

rg -i "moderation|reason" packages/core-typings/src/IMessage/ --context 3

Repository: RocketChat/Rocket.Chat

Length of output: 48

🏁 Script executed:

rg -n "TODO|FIXME" apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts

Repository: RocketChat/Rocket.Chat

Length of output: 48

🏁 Script executed:

cat packages/core-typings/src/IMessage/IMessage.ts | wc -l

Repository: RocketChat/Rocket.Chat

Length of output: 69

🏁 Script executed:

tail -100 packages/core-typings/src/IMessage/IMessage.ts

Repository: RocketChat/Rocket.Chat

Length of output: 2621

🏁 Script executed:

rg "moderationReasons" apps/meteor --type ts --type js -B 5 -A 5

Repository: RocketChat/Rocket.Chat

Length of output: 965

🏁 Script executed:

cat -n apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts | sed -n '295,310p'

Repository: RocketChat/Rocket.Chat

Length of output: 505

🏁 Script executed:

rg "import.*logger|import.*Logger|from.*logger" apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts

Repository: RocketChat/Rocket.Chat

Length of output: 48

🏁 Script executed:

rg "console\.log" apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts

Repository: RocketChat/Rocket.Chat

Length of output: 106

Formalize moderation metadata typing instead of any mutation.

Line 299 bypasses the type contract with (message as any), while IMessage does not declare moderationReasons. The field is injected without formal typing in a callback flow, creating an implicit, untyped payload surface. Additionally, the field will be lost when the callback result is re-cast to IMessage in afterSaveMessage.ts:10.

Additionally, lines 301–304 use console.log for moderation logging instead of the project's logging infrastructure. This should use the appropriate logger.

Suggested tightening in this file 
+type ModerationReason = {
+	type: 'long_message' | 'repetition';
+	message: string;
+};
+
+type MessageWithModerationReasons = IMessage & {
+	moderationReasons?: ModerationReason[];
+};
-
-	const reasons: any[] = [];
+	const reasons: ModerationReason[] = [];
...
 	if (reasons.length > 0) {
-		(message as any).moderationReasons = reasons;
+		(message as MessageWithModerationReasons).moderationReasons = reasons;
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
const reasons: any[] = [];
if (message.msg && message.msg.length > 200) {
reasons.push({
type: 'long_message',
message: 'Message unusually long (possible spam)',
});
}
if (/(.)\1{5,}/.test(message.msg || '')) {
reasons.push({
type: 'repetition',
message: 'Repeated characters detected',
});
}
if (reasons.length > 0) {
(message as any).moderationReasons = reasons;
type ModerationReason = {
type: 'long_message' | 'repetition';
message: string;
};
type MessageWithModerationReasons = IMessage & {
moderationReasons?: ModerationReason[];
};
const reasons: ModerationReason[] = [];
if (message.msg && message.msg.length > 200) {
reasons.push({
type: 'long_message',
message: 'Message unusually long (possible spam)',
});
}
if (/(.)\1{5,}/.test(message.msg || '')) {
reasons.push({
type: 'repetition',
message: 'Repeated characters detected',
});
}
if (reasons.length > 0) {
(message as MessageWithModerationReasons).moderationReasons = reasons;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts` around lines
282 - 300, Add a formally typed optional moderationReasons field to the IMessage
type (e.g., moderationReasons?: Array<{type: string; message: string;}>) instead
of casting to any, then assign the reasons directly (message.moderationReasons =
reasons) in sendNotificationsOnMessage.ts so the injected metadata survives
downstream re-casting (see afterSaveMessage.ts:10). Replace console.log calls
used for moderation logging with the project logger (import and call the
existing server logger used elsewhere, e.g., processLogger or the app's logger)
to keep logs consistent.

console.log('Moderation reasoning:', {
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai bot Mar 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Unbounded console logging in the message notification path can be abused to flood logs and degrade server performance.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts, line 301:

<comment>Unbounded console logging in the message notification path can be abused to flood logs and degrade server performance.</comment>

<file context>
@@ -278,6 +278,31 @@ export async function sendMessageNotifications(message: IMessage, room: IRoom, u
+	if (reasons.length > 0) {
+		(message as any).moderationReasons = reasons;
+
+		console.log('Moderation reasoning:', {
+			userId: message.u?._id ?? 'unknown',
+			reasons,
</file context>
Fix with Cubic

userId: message.u?._id ?? 'unknown',
reasons,
});
Comment on lines +301 to +304
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's check the current state of the file around lines 301-304
cat -n apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts | sed -n '290,320p'

Repository: RocketChat/Rocket.Chat

Length of output: 1002

🏁 Script executed:

# Check if SystemLogger is imported in this file
grep -n "SystemLogger\|import.*logger" apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts

Repository: RocketChat/Rocket.Chat

Length of output: 48

🏁 Script executed:

# Look at the broader context of this function to understand what it does
cat -n apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts | sed -n '270,330p'

Repository: RocketChat/Rocket.Chat

Length of output: 2177

🏁 Script executed:

# Check how SystemLogger is used elsewhere in the codebase for similar scenarios
rg "SystemLogger.debug" -A 3 -B 1 --max-count=5

Repository: RocketChat/Rocket.Chat

Length of output: 4540

🏁 Script executed:

# Check if there are other console.log statements in this file
grep -n "console\.log\|console\.error\|console\.warn" apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts

Repository: RocketChat/Rocket.Chat

Length of output: 110

🏁 Script executed:

# Check if there are other moderation-related logs in the codebase
rg "moderation|Moderation" -i --max-count=10 -B 2 -A 2

Repository: RocketChat/Rocket.Chat

Length of output: 50379

🏁 Script executed:

# Verify the correct import path for SystemLogger
rg "from.*logger.*system|import.*SystemLogger" -l | head -5

Repository: RocketChat/Rocket.Chat

Length of output: 302

🏁 Script executed:

# Check a similar file to see how imports are structured
cat -n apps/meteor/app/mail-messages/server/functions/sendMail.ts | head -20

Repository: RocketChat/Rocket.Chat

Length of output: 832

🏁 Script executed:

# Look for moderation context - check if this relates to spam detection
rg "long_message|repetition" -B 5 -A 5

Repository: RocketChat/Rocket.Chat

Length of output: 5537

Replace console.log with SystemLogger.debug for controlled logging in this message processing hot path.

Line 301 logs spam detection events with console.log, which outputs unconditionally. Use SystemLogger.debug to allow log verbosity to be controlled by log level configuration.

Suggested change 
+import { SystemLogger } from '../../../../server/lib/logger/system';
...
-		console.log('Moderation reasoning:', {
-			userId: message.u?._id ?? 'unknown',
-			reasons,
-		});
+		SystemLogger.debug({
+			msg: 'Moderation reasoning',
+			mid: message._id,
+			userId: message.u?._id ?? 'unknown',
+			reasonTypes: reasons.map((reason) => reason.type),
+		});
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.ts` around lines
301 - 304, Replace the unconditional console.log in the moderation path with a
controlled debug-level log: use SystemLogger.debug instead of console.log in
sendNotificationsOnMessage (the block that logs 'Moderation reasoning' and the
object containing message.u?._id and reasons) so that spam detection events are
only emitted at debug verbosity; preserve the same message text and object shape
(including userId: message.u?._id ?? 'unknown' and reasons) when calling
SystemLogger.debug.

}
if (!sender) {
return message;
}
Expand Down
3 changes: 3 additions & 0 deletions apps/meteor/app/utils/server/escapeRegExp.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
export function escapeRegExp(value: string): string {
return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
}
4 changes: 0 additions & 4 deletions apps/meteor/client/components/UserCard/UserCard.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ const clampStyle = css`
-webkit-box-orient: vertical;
word-break: break-word;
`;

type UserCardProps = {
user?: {
nickname?: string;
Expand All @@ -37,7 +36,6 @@ type UserCardProps = {
onOpenUserInfo?: () => void;
onClose?: () => void;
} & ComponentProps<typeof UserCardDialog>;

const UserCard = ({
user: { name, username, etag, customStatus, roles, bio, status = <Status.Offline />, localTime, nickname } = {},
actions,
Expand All @@ -47,7 +45,6 @@ const UserCard = ({
}: UserCardProps) => {
const { t } = useTranslation();
const isLayoutEmbedded = useEmbeddedLayout();

return (
<UserCardDialog title={t('User_card')} {...props}>
<div>
Expand Down Expand Up @@ -93,5 +90,4 @@ const UserCard = ({
</UserCardDialog>
);
};

export default UserCard;
Loading