#10196: fix(whatsapp): sanitize raw mention IDs in outbound messages

## Summary WhatsApp group mentions appear as opaque internal IDs (e.g. `@69771945103584` or `@AC8E7CBD...`) in message metadata. When these IDs are exposed in the model-visible prompt context, the LLM may echo them back as fake @mentions in group chat replies. ## Problem In WhatsApp group chats, the assistant was outputting raw mention IDs like `@69771945103584` or `@AC8E7CBD...` in replies. These are internal WhatsApp IDs that get injected into the prompt via: 1. `[message_id: ...]` hints appended to user messages 2. Group history context showing message IDs ## Solution This PR: 1. **Removes message_id hints from the prompt for WhatsApp sessions** - Both single messages (`body.ts`, `get-reply-run.ts`) and group history context (`process-message.ts`) 2. **Adds a sanitizer function** (`extensions/whatsapp/src/sanitize.ts`) that replaces raw mention-ID patterns in outbound WhatsApp text with `[mention]` 3. **Applies the sanitizer to all WhatsApp outbound** - text, media captions, and poll questions/options ## Targeted patterns The sanitizer catches: - Numeric IDs with 8+ digits: `@69771945103584` - Hex IDs with 16+ chars: `@AC8E7CBDDC9C0A1B` - Hex IDs with dashes (20+ chars): `@AC8E7CBD-DC9C-0A1B-...` Normal `@usernames` (short alphanumeric) are preserved. ## Testing - Added unit tests for the sanitizer functions - Updated existing test to expect message_id NOT to be in group history context - All tests pass ## Files changed - `extensions/whatsapp/src/sanitize.ts` (new) - sanitizer functions - `extensions/whatsapp/src/sanitize.test.ts` (new) - unit tests - `extensions/whatsapp/src/channel.ts` - apply sanitizer to outbound - `src/auto-reply/reply/body.ts` - skip message_id hint for whatsapp - `src/auto-reply/reply/get-reply-run.ts` - pass channelId, skip queue message_id for whatsapp - `src/web/auto-reply/monitor/process-message.ts` - remove message_id from history context <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR removes `[message_id: ...]` hints from WhatsApp model-visible prompt construction (single-message prompt + queued prompt + group history context) and introduces an outbound WhatsApp sanitizer that strips standalone message_id lines and replaces opaque `@<id>` mention tokens in text/captions/polls. It integrates the sanitizer into the WhatsApp channel plugin and updates/extends tests to validate the new behavior. <h3>Confidence Score: 3/5</h3> - This PR is close to safe to merge, but has a couple of sanitizer edge cases that can undermine the fix or cause runtime errors. - Core changes (removing message_id prompt injections and applying sanitizer on outbound) are straightforward and covered by tests, but the mention-ID regex likely misses punctuation-adjacent IDs and the poll sanitizer assumes string inputs, which can still leak IDs or throw depending on real-world payloads. - extensions/whatsapp/src/sanitize.ts <!-- greptile_other_comments_section --> <!-- /greptile_comment -->