fix(agent): redact tool-call args in compaction transcript by ashishexee · Pull Request #4350 · esengine/DeepSeek-Reasonix

ashishexee · 2026-06-14T03:22:46Z

Problem

Sub-agent task arguments leak into the user-visible conversation after compaction. The summarizer reproduces raw tool-call arguments (like task prompts) in its output, which gets inserted as a role:user message. This corrupts the session and causes HTTP 400 errors on subsequent API calls.

Root Cause

renderTranscript (compact.go:577) dumps full tool-call JSON arguments into the text sent to the summarizer. The summarizer may reproduce these arguments verbatim in its summary.

Fix

Replace raw arguments with a short summary (key names + count) via summarizeToolArgs. The summarizer knows what tools were called but can't reproduce the full argument text.

Files Changed

internal/agent/compact.go — renderTranscript now calls summarizeToolArgs; new summarizeToolArgs helper
internal/agent/compact_test.go — 2 new tests

Verification

go build ./cmd/reasonix
go vet ./...
go test ./internal/agent/ -run TestRenderTranscriptRedacts -v -count=1
go test ./internal/agent/ -run TestSummarizeToolArgs -v -count=1
go test ./internal/agent/ ./internal/config/ ./internal/control/ -count=1

Fixes esengine#4317 renderTranscript dumps full tool-call arguments (including sub-agent task prompts) into the text sent to the summarizer. The summarizer may reproduce these arguments verbatim in its output, which then gets inserted as a role:user message in the session. This leaked text looks like user input and can corrupt the message structure sent to the API. Fix: replace raw arguments with a short summary (key names + count) so the summarizer knows what tools were called but can't reproduce the full argument text.

ashishexee · 2026-06-14T03:27:13Z

What this fix does

When the session grows too large, the app compacts old messages into a summary. During compaction, renderTranscript converts old messages to text and sends them to a summarizer AI.

The problem: it was dumping the full JSON arguments of every tool call into that text. For sub-agent calls (task, research, explore), this includes the entire task prompt — sometimes thousands of characters.

The summarizer AI would then reproduce that prompt text in its summary. The summary gets saved as a role:user message. So now there's a message in your conversation that looks like you typed a long English paragraph about searching for GitHub projects — but you didn't.

What's redacted: The prompt the AI sent to the sub-agent (tool-call arguments)
What's still included: The response the sub-agent returned (tool result content)

The summarizer still sees what the sub-agent found. It just can't reproduce the original task prompt.

ashishexee requested review from SivanCola and esengine as code owners June 14, 2026 03:22

github-actions Bot added v2 Go rewrite (1.x) — main-v2 branch, active development agent Core agent loop (internal/agent, internal/control) labels Jun 14, 2026

esengine merged commit 613ce9f into esengine:main-v2 Jun 15, 2026
14 checks passed

ashishexee deleted the fix/4317-subagent-args-leak branch June 15, 2026 01:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(agent): redact tool-call args in compaction transcript#4350

fix(agent): redact tool-call args in compaction transcript#4350
esengine merged 1 commit into
esengine:main-v2from
ashishexee:fix/4317-subagent-args-leak

ashishexee commented Jun 14, 2026

Uh oh!

ashishexee commented Jun 14, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

ashishexee commented Jun 14, 2026

Problem

Root Cause

Fix

Files Changed

Verification

Uh oh!

ashishexee commented Jun 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

ashishexee commented Jun 14, 2026 •

edited

Loading