fix(gateway): stop terminal progress from posting the full command to messaging chats

[GodsBoy]

What does this PR do?

Since #41215 (render terminal tool calls as native bash code blocks on markdown platforms), terminal progress on messaging gateways (WhatsApp, Telegram, Slack, and others) rendered the full command as an untruncated fenced bash block, before the final answer, in both all/new and verbose modes. That posted complete shell commands (internal paths, systemctl restarts, rm -rf, and similar) into the chat, visible to everyone in it.

This restores the prior behavior: terminal progress shows the short, truncated preview line that every other tool already uses (terminal: "set -e printf 'node: '..."), capped at tool_preview_length. The supports_code_blocks capability flag is retained for future markdown-aware features; its comment is updated to record that tool progress deliberately no longer renders commands as bash blocks. CLI and TUI rendering is a separate path and was unaffected.

To be clear about scope: the short previews are fine and stay. Lines like search_files: "manifest.yaml", read_file: "/path/...", and todo: "updating 2 task(s)" are useful context. The bug was specifically the full, untruncated terminal command reaching the chat as a bash block.

Related Issue

Fixes #41955

This reverts the rendering change from #41215 (which introduced the leak) while leaving the supports_code_blocks capability in place. Related: #7161 (quiet gateway progress by default), #23506 (hide memory tool progress).

Type of Change

• 🐛 Bug fix (non-breaking change that fixes a regression)
• 🔒 Security fix

Changes Made

• gateway/run.py: reverse-apply feat(gateway): render terminal tool calls as native bash code blocks on markdown platforms #41215's progress_callback hunk so terminal (and every tool) renders the short truncated preview again, not a ```bash block. Dedup, new-mode gating, `verbose` handling, and interrupt suppression are unchanged.
• gateway/platforms/base.py: update the supports_code_blocks comment so it no longer advertises rendering a terminal command as a bash block, and notes the deliberate removal.
• Tests: regression tests asserting terminal progress renders as a truncated preview, not a fenced bash block, on a markdown-capable (supports_code_blocks) gateway, in both all and verbose modes.

How to Test

1. Set display.tool_progress: all and message the gateway (Telegram or WhatsApp) with a task that runs a shell command.

   • Before: the full command appears as a fenced ```bash block.
   • After: a short line terminal: "<command>...", like every other tool.

2. Run the tests:

   pytest tests/gateway/test_run_progress_topics.py -q -k terminal_progress
   

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(gateway): ...)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix (no unrelated commits)
• I've run the affected test suites (tests/gateway/) and they pass
• I've added tests for my changes
• I've tested on my platform: Ubuntu 24.04

Documentation & Housekeeping

• N/A: behavior restored to the documented pre-feat(gateway): render terminal tool calls as native bash code blocks on markdown platforms #41215 preview; no new config keys
• N/A: no cli-config.yaml.example changes (no new keys)
• N/A: no architecture or workflow changes to CONTRIBUTING.md / AGENTS.md
• I've considered cross-platform impact (pure Python, no platform specific primitives)
• N/A: no tool descriptions/schemas changed

Screenshots / Logs

Live repro on a messaging gateway showing the full terminal command appearing in chat as a fenced bash block:

[liuhao1024]

Code Review: Clean — no issues found.

Reviewed the full diff across all 8 files. The security posture is sound:

1. Safe defaults — show_tool_args is False by default, so messaging gateways never expose raw tool inputs (shell commands, code, file contents, search queries) unless the operator explicitly opts in per-platform.
2. neutralize_code_fences — correctly collapses triple-plus backticks to single backtick, preventing markdown code-block injection in non-terminal tool previews. The _FENCE_RE = re.compile(r"{3,}")` regex handles arbitrarily long fence sequences.
3. Config surface — show_tool_args is in OVERRIDEABLE_KEYS and normalised via the existing boolean-string normaliser ("true"/"yes"/"on"/"1"). Per-platform override works correctly.
4. CLI/TUI unaffected — all changes are in gateway/ rendering paths; agent/display.py (CLI/TUI activity feed) is untouched.
5. build_gateway_progress_line cleanly separates the safe path (returns label only, ignores preview/args) from the opt-in path. The supports_code_blocks + terminal fenced-block logic only runs when show_tool_args=True.
6. Tests — 40 lines of config gate tests + 151-line module with curated labels for ~30 tools.

One minor note for the author: tools not in MESSAGING_TOOL_LABELS (e.g. MCP tools, custom plugins) fall back to "{tool_name}..." which is safe but slightly less polished. Consider a generic label like "Working on something..." or just the tool name — current fallback is fine, just a UX suggestion.

[GodsBoy]

Update: simplified to a minimal revert. After more live testing, the right fix is just to undo #41215's bash-block rendering and restore the short truncated terminal preview that every tool already used. The truncated previews themselves were never the problem, only the full untruncated command in a fenced block was.

The earlier label/opt-in approach was over-engineered for this. The current PR is ~28 lines reverted in gateway/run.py plus a comment fix and regression tests (covering both all and verbose modes). No new config keys; supports_code_blocks is retained for future markdown-aware features.

[donovan-yohan]

I wonder if there's a way we could make this a config option for the owner of the gateway, rather than a revert.

as someone who uses discord for ease of communicating with my personal bot for getting updates/tasks, I actually found this update incredibly valuable for being able to see exactly what my bot is going to do on my phone when I don't have terminal access, and would be sad to see it reverted.

[ganzercode]

I wonder if there's a way we could make this a config option for the owner of the gateway, rather than a revert.

as someone who uses discord for ease of communicating with my personal bot for getting updates/tasks, I actually found this update incredibly valuable for being able to see exactly what my bot is going to do on my phone when I don't have terminal access, and would be sad to see it reverted.

At least in Telegram, the merging of #41215 is causing a mess, as Telegram is not rendering the Markdown code boxes correctly, as you can also see in the screenshots above. So at the moment it is a bug that should be fixed asap, not (yet?) a feature that could be included as an opt-in...

[teknium1]

Merged via PR #42420 — your commit was cherry-picked onto current main with your authorship preserved in git log (commit 421226e). Thanks for catching the command-leak regression from #41215 and the clean fix. Closes #41955 and #41732.

#42420