fix: Match LibreChat's Unicode sanitization — add emoji, NFC, and two-pass approach

Align sanitize_filename with LibreChat#12977's sanitizeFilenameSegment:
- NFC-normalize before sanitizing (handles decomposed accents)
- Two-pass: strict ASCII [a-zA-Z0-9._-], permissive non-ASCII (only
  blocks C1 controls U+0080-U+009F)
- Preserves emoji (📊) and ZWJ sequences that \w alone would strip

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: usnavy13

src/services/execution/output.py

@@ -3,6 +3,7 @@
 import os
 import re
 import secrets
+import unicodedata
 from pathlib import Path
 from typing import Any, Dict
 
@@ -213,14 +214,27 @@ def format_error_message(cls, exit_code: int, stderr: str) -> str:
 
         return f"Execution failed (exit code {exit_code}):\n{stderr_clean}"
 
+    # ASCII chars safe in filenames — matches LibreChat's ASCII_FILENAME_SAFE_PATTERN.
+    _ASCII_SAFE = re.compile(r"[a-zA-Z0-9._\-]")
+    # C1 control characters (U+0080–U+009F) — unsafe in filenames.
+    _C1_CONTROLS = re.compile(r"[\x80-\x9f]")
+
+    @classmethod
+    def _sanitize_char(cls, char: str) -> str:
+        """Replace unsafe ASCII; preserve Unicode letters, marks, numbers, and emoji."""
+        if ord(char) <= 0x7F:
+            return char if cls._ASCII_SAFE.match(char) else "_"
+        return "_" if cls._C1_CONTROLS.match(char) else char
+
     @classmethod
     def sanitize_filename(cls, input_name: str) -> str:
-        """Sanitize filename while preserving Unicode letters and digits.
+        """Sanitize filename while preserving Unicode letters, digits, and emoji.
 
-        Keeps word characters (\\w — letters, digits, underscore in all
-        scripts), dots, and dashes.  Replaces everything else (path
-        separators, control chars, shell metacharacters, quotes, etc.)
-        with underscores.
+        NFC-normalizes, then applies a two-pass approach matching
+        LibreChat's ``sanitizeFilenameSegment``: strict for ASCII
+        (only ``[a-zA-Z0-9._-]``), permissive for non-ASCII (keeps
+        Unicode letters, combining marks, numbers, emoji — blocks
+        only C1 control characters).
 
         Args:
             input_name: Original filename (may include path components)
@@ -235,9 +249,12 @@ def sanitize_filename(cls, input_name: str) -> str:
             # Remove any directory components (path traversal prevention)
             name = os.path.basename(input_name)
 
-            # Replace dangerous characters while preserving Unicode letters/digits.
-            # \w matches [a-zA-Z0-9_] plus all Unicode letters and digits.
-            name = re.sub(r"[^\w.\-]", "_", name)
+            # NFC-normalize so decomposed sequences (e + U+0301) become
+            # precomposed (é) before the regex runs.
+            name = unicodedata.normalize("NFC", name)
+
+            # Two-pass sanitization: strict ASCII, permissive Unicode.
+            name = "".join(cls._sanitize_char(c) for c in name)
 
             # Ensure the name doesn't start with a dot (hidden file in Unix)
             if name.startswith(".") or name == "":

tests/unit/test_output_processor.py

@@ -107,6 +107,17 @@ def test_underscores_preserved(self):
         result = OutputProcessor.sanitize_filename("my_file_name.txt")
         assert result == "my_file_name.txt"
 
+    def test_emoji_preserved(self):
+        """Test that emoji are preserved (matches LibreChat's \\p{Emoji})."""
+        result = OutputProcessor.sanitize_filename("chart\U0001F4CA.csv")
+        assert result == "chart\U0001F4CA.csv"
+
+    def test_nfd_normalized_to_nfc(self):
+        """Test that decomposed Unicode is NFC-normalized before sanitizing."""
+        # e + combining acute (U+0301) -> precomposed e-acute
+        result = OutputProcessor.sanitize_filename("Café.txt")
+        assert result == "Café.txt"
+
     def test_brackets_replaced(self):
         """Test that brackets are replaced with underscores."""
         result = OutputProcessor.sanitize_filename("[brackets].txt")