#15395: Auto-reply: strip leaked protocol transcript lines from inbound context

## Summary Fixes accidental leakage of internal protocol/status transcript lines into agent input (e.g. `user to=functions.session_status ...`, `assistant to=final code NO_REPLY`). ## Live examples observed - `user to=functions.session_status commentary accidental againjson {}` - `assistant to=final code NO_REPLY` - `user to=functions.session_status commentary stop sending no_replyjson {}` When these lines leaked into inbound body text, they were treated as user content and reached command/model processing. ## Why this happened Inbound context normalization only normalized newlines; it did not strip tool/protocol transcript artifacts. So accidental transcript noise could be interpreted as real user input. ## Fix - Added a shared protocol-noise sanitizer: - `src/shared/text/protocol-noise.ts` - Applied it at inbound normalization boundaries so leaked lines are removed before command/model handling: - `src/auto-reply/reply/inbound-context.ts` - Added regression tests: - `src/shared/text/protocol-noise.test.ts` - `src/auto-reply/reply/inbound-context.test.ts` ## Behavior notes - Only strips protocol-like lines matching `user/assistant to=...` (and `assistant final ...`), outside fenced code blocks. - Leaves normal user text intact. ## Validation - `pnpm exec vitest run src/shared/text/protocol-noise.test.ts src/auto-reply/reply/inbound-context.test.ts` - `pnpm exec oxlint --type-aware src/auto-reply/reply/inbound-context.ts src/auto-reply/reply/inbound-context.test.ts src/shared/text/protocol-noise.ts src/shared/text/protocol-noise.test.ts` <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds a shared sanitizer (`src/shared/text/protocol-noise.ts`) that removes leaked internal tool/protocol transcript lines (e.g. `user to=functions.…`, `assistant to=final …`) from inbound message text, while preserving such text inside fenced code blocks. It then applies this sanitization at the inbound normalization boundary in `finalizeInboundContext` so `Body`, `RawBody`, `CommandBody`, `BodyForAgent`, and `BodyForCommands` are cleaned before any downstream command parsing or model input shaping. Regression tests were added for both the sanitizer and the inbound context finalizer. <h3>Confidence Score: 3/5</h3> - Mostly safe to merge, but the new sanitizer may remove legitimate user content due to an over-broad match rule. - Changes are localized and covered by basic tests, but the regex currently treats any line starting with `assistant final` as protocol noise, which can drop real user text outside code fences. This is a user-visible behavioral change in inbound normalization and should be tightened + tested before merging. - src/shared/text/protocol-noise.ts _{Last reviewed commit: 84b7fad} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->