Fix JSON-string File Store body preview redaction

[cursor]

Description

Fixes a File Store confirmation-preview data exposure bug where harness_create/harness_update redacted upload fields for object bodies but leaked content or content_base64 when the same body was supplied as a supported JSON string. formatBodyPreview now parses JSON-string bodies and applies the same redaction/truncation replacer before elicitation.

Bug and impact: File Store upload payloads could appear in confirmation prompts, exposing plaintext file content or encoded payloads to MCP client UI/log surfaces before multipart validation ran.

Root cause: JSON-string body inputs were coerced for dispatch, but confirmation preview used the original string and skipped key-based redaction.

Fix and validation: Added handler-level regressions for JSON-string File Store create/update payloads and updated preview formatting centrally.

Type of Change

• Bug fix
• New feature
• Refactor
• Documentation
• Other

Checklist

• Tests pass
• Typecheck passes

Validation performed:

• pnpm exec vitest run tests/tools/tool-handlers.test.ts -t "JSON-string .*confirmation prompts" (red before fix, green after)
• pnpm exec vitest run tests/tools/tool-handlers.test.ts tests/registry/file-store-multipart.test.ts
• pnpm typecheck
• pnpm build
• git diff --check origin/main...HEAD
• pnpm test

  

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}