* Strip everything the model shouldn't trust from client-supplied history: * drop `system` messages (client-injected instructions) and every non-text part * (e.g. crafted tool results faking searchDocs output). Only user/assistant text * survives, so grounding comes from the server-run searchDocs
(messages: UIMessage[])
| 122 | * client's payload. |
| 123 | */ |
| 124 | function sanitizeMessages(messages: UIMessage[]): UIMessage[] { |
| 125 | return messages |
| 126 | .filter((message) => message.role === 'user' || message.role === 'assistant') |
| 127 | .map((message) => ({ |
| 128 | ...message, |
| 129 | parts: message.parts.filter((part) => part.type === 'text' && typeof part.text === 'string'), |
| 130 | })) |
| 131 | .filter((message) => message.parts.length > 0) |
| 132 | } |
| 133 | |
| 134 | /** |
| 135 | * Reject obvious cross-origin calls. Same-origin browser requests send an |