refactor: remove CYBER_RISK_MITIGATION_REMINDER from FileReadTool

Co-Authored-By: deepseek-v4-pro <deepseek-ai@claude-code-best.win>

packages/builtin-tools/src/tools/FileReadTool/FileReadTool.ts

@@ -52,7 +52,6 @@ import { lazySchema } from 'src/utils/lazySchema.js'
 import { logError } from 'src/utils/log.js'
 import { isAutoMemFile } from 'src/utils/memoryFileDetection.js'
 import { createUserMessage } from 'src/utils/messages.js'
-import { getCanonicalName, getMainLoopModel } from 'src/utils/model/model.js'
 import {
   mapNotebookCellsToToolResult,
   readNotebook,
@@ -409,9 +408,7 @@ export const FileReadTool = buildTool({
   renderToolResultMessage,
   // UI.tsx:140 — ALL types render summary chrome only: "Read N lines",
   // "Read image (42KB)". Never the content itself. The model-facing
-  // serialization (below) sends content + CYBER_RISK_MITIGATION_REMINDER
-  // + line prefixes; UI shows none of it. Nothing to index. Caught by
-  // the render-fidelity test when this initially claimed file.content.
+  // serialization (below) sends content + line prefixes; UI shows none of it.
   extractSearchText() {
     return ''
   },
@@ -694,12 +691,7 @@ export const FileReadTool = buildTool({
         let content: string
 
         if (data.file.content) {
-          content =
-            memoryFileFreshnessPrefix(data) +
-            formatFileLines(data.file) +
-            (shouldIncludeFileReadMitigation()
-              ? CYBER_RISK_MITIGATION_REMINDER
-              : '')
+          content = memoryFileFreshnessPrefix(data) + formatFileLines(data.file)
         } else {
           // Determine the appropriate warning message
           content =
@@ -727,17 +719,6 @@ function formatFileLines(file: { content: string; startLine: number }): string {
   return addLineNumbers(file)
 }
 
-export const CYBER_RISK_MITIGATION_REMINDER =
-  '\n\n<system-reminder>\nWhenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.\n</system-reminder>\n'
-
-// Models where cyber risk mitigation should be skipped
-const MITIGATION_EXEMPT_MODELS = new Set(['claude-opus-4-6'])
-
-function shouldIncludeFileReadMitigation(): boolean {
-  const shortName = getCanonicalName(getMainLoopModel())
-  return !MITIGATION_EXEMPT_MODELS.has(shortName)
-}
-
 /**
  * Side-channel from call() to mapToolResultToToolResultBlockParam: mtime
  * of auto-memory files, keyed by the `data` object identity. Avoids

src/workflow/__tests__/claudeCodeBackend.test.ts

@@ -33,9 +33,20 @@ mock.module(
 )
 mock.module('src/tools.js', () => ({ assembleToolPool: () => ({ tools: [] }) }))
 mock.module('src/utils/messages.js', () => ({
-  createUserMessage: (o: { content: string }) => ({
-    role: 'user',
-    content: o.content,
+  // Return a shape that satisfies UserMessage consumers process-wide.
+  // Bun's mock.module is process-global (last-write-wins), so an incomplete
+  // mock here corrupts every later test that imports the real createUserMessage
+  // (e.g. bridgeMessaging.test.ts's `type !== 'user'` early-exit, or
+  // processSlashCommand.test.ts's `message.content` access). Mirror the real
+  // shape from src/utils/messages.ts: type + message envelope + passthrough.
+  createUserMessage: (
+    o: {
+      content: string
+    } & Record<string, unknown>,
+  ) => ({
+    type: 'user' as const,
+    message: { role: 'user', content: o.content },
+    ...o,
   }),
   extractTextContent: () => 'agent-text',
 }))