fix: strip adjacent function response scaffolding (#82155)

steipete · web-flow · commit 29b5563ccda2 · 2026-05-15T16:48:33.000+01:00
Summary: - Strip adjacent function_response workflow output after stripped XML tool-call scaffolding. - Cover multiline, compact, dangling, chained, prose-like, and same-line-tail response forms. - Add regression coverage for the production sanitizeUserFacingText path and the shared assistant-visible-text sanitizer. Verification: - node scripts/run-vitest.mjs src/shared/text/assistant-visible-text.test.ts src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts -- --reporter=verbose - git diff --check origin/main...HEAD - /Users/steipete/Projects/agent-scripts/skills/codex-review/scripts/codex-review --mode branch --base origin/main --full-access --output /tmp/codex-review-82155-rerun.txt --parallel-tests "node scripts/run-vitest.mjs src/shared/text/assistant-visible-text.test.ts src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts -- --reporter=verbose" - GitHub Real behavior proof: https://github.com/openclaw/openclaw/actions/runs/25926897171
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -23,6 +23,7 @@ Docs: https://docs.openclaw.ai
 - Agents/auto-reply: honor `agents.defaults.silentReply` and per-surface group silent-reply policy when generic agent-run failure fallbacks decide whether to send visible fallback text. Fixes #82060. (#82086) Thanks @taozengabc.
 - Discord: render channel topic context as structured untrusted metadata in reply prompts and stop duplicating inbound message bodies or exposing raw `EXTERNAL_UNTRUSTED_CONTENT` envelopes. Fixes #82168. Thanks @ronan-dandelion-cult.
 - Codex app-server: arm the short idle watchdog as soon as Codex accepts a turn, so accepted turns with no current-turn progress release the OpenClaw session lane before the outer model timeout. Fixes #82129. Thanks @Francois3d.
+- Agents/replies: also strip `<function_response>` workflow output when it becomes visible after an adjacent stripped tool-call XML block, closing the remaining sanitizer leak from #47444.
 - Control UI/WebChat: focus the composer when users click the visible input chrome and restore larger, labeled desktop composer controls while preserving compact mobile taps. Fixes #45656. Thanks @BunsDev.
 - Discord: suppress generated link embeds on outbound messages by default so agent-sent URLs stay as plain links unless `channels.discord.suppressEmbeds` is disabled.
 - System events: keep owner downgrades in structured metadata while rendering queued prompt text as plain `System:` lines, preserving least-privilege wakeups without prompt-visible trust labels. (#82067)
diff --git a/src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts b/src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts
@@ -293,6 +293,100 @@ describe("sanitizeUserFacingText", () => {
     expect(sanitizeUserFacingText(input)).toBe("Before\n\nAfter");
   });
 
+  it("strips function response wrappers adjacent to stripped function calls", () => {
+    const input = [
+      '<function_calls><invoke name="exec">internal</invoke></function_calls><function_response>',
+      'Searching for: "what skills matter most in the age of AI"',
+      "</function_response>",
+      "After",
+    ].join("\n");
+
+    expect(sanitizeUserFacingText(input)).toBe("After");
+  });
+
+  it("strips function response wrappers adjacent to inline stripped function calls", () => {
+    const input = [
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>',
+      'Searching for: "what skills matter most in the age of AI"',
+      "</function_response>",
+      "After",
+    ].join("\n");
+
+    expect(sanitizeUserFacingText(input)).toBe("Checking. \nAfter");
+  });
+
+  it("strips compact function response wrappers after newline-separated function calls", () => {
+    const input = [
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls>',
+      "<function_response>ok</function_response>",
+      "After",
+    ].join("\n");
+
+    expect(sanitizeUserFacingText(input)).toBe("Checking. \n\nAfter");
+  });
+
+  it("strips compact dangling function response wrappers adjacent to function calls", () => {
+    const input =
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>raw output';
+
+    expect(sanitizeUserFacingText(input)).toBe("Checking. ");
+  });
+
+  it("strips same-line function response payloads with leading spaces", () => {
+    const input =
+      '<function_calls><invoke name="exec">internal</invoke></function_calls><function_response> raw output</function_response>\nAfter';
+
+    expect(sanitizeUserFacingText(input)).toBe("After");
+  });
+
+  it("strips same-line function response payloads that start like prose", () => {
+    const input =
+      '<function_calls><invoke name="exec">internal</invoke></function_calls><function_response> is enabled</function_response>\nAfter';
+
+    expect(sanitizeUserFacingText(input)).toBe("After");
+  });
+
+  it("strips adjacent function response payloads that match explanation wording", () => {
+    const input =
+      '<function_calls><invoke name="exec">internal</invoke></function_calls><function_response> response wrapper secret</function_response>\nAfter';
+
+    expect(sanitizeUserFacingText(input)).toBe("After");
+  });
+
+  it("strips dangling same-line function response payloads with leading spaces", () => {
+    const input =
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response> raw output';
+
+    expect(sanitizeUserFacingText(input)).toBe("Checking. ");
+  });
+
+  it("strips chained function response wrappers adjacent to stripped function calls", () => {
+    const input = [
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>',
+      "first result",
+      "</function_response><function_response>",
+      "second result",
+      "</function_response>",
+      "After",
+    ].join("\n");
+
+    expect(sanitizeUserFacingText(input)).toBe("Checking. \nAfter");
+  });
+
+  it("strips compact chained function response wrappers adjacent to stripped function calls", () => {
+    const input =
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>first</function_response><function_response>second</function_response>\nAfter';
+
+    expect(sanitizeUserFacingText(input)).toBe("Checking. \nAfter");
+  });
+
+  it("strips compact function response wrappers before same-line visible replies", () => {
+    const input =
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>raw</function_response> Done.';
+
+    expect(sanitizeUserFacingText(input)).toBe("Checking.  Done.");
+  });
+
   it("preserves literal tool-call tag examples in user-facing prose", () => {
     const input = "Use `<tool_call>` to describe the XML tag in docs.";
     expect(sanitizeUserFacingText(input)).toBe(input);
diff --git a/src/shared/text/assistant-visible-text.test.ts b/src/shared/text/assistant-visible-text.test.ts
@@ -151,6 +151,21 @@ describe("stripAssistantInternalScaffolding", () => {
       expectVisibleText("Before\n<function_response>\nraw command output\n", "Before\n");
     });
 
+    it("preserves inline multi-line function_response examples in prose", () => {
+      expectVisibleText(
+        [
+          "Before <function_response>",
+          'Searching for: "what skills matter most in the age of AI"',
+          "</function_response> After",
+        ].join("\n"),
+        [
+          "Before <function_response>",
+          'Searching for: "what skills matter most in the age of AI"',
+          "</function_response> After",
+        ].join("\n"),
+      );
+    });
+
     it("strips <tool_result> closed with mismatched </tool_call> and preserves trailing text", () => {
       expectVisibleText(
         'Prefix\n<tool_result> {"output": "data"} </tool_call>\nSuffix',
@@ -411,6 +426,13 @@ describe("stripAssistantInternalScaffolding", () => {
       );
     });
 
+    it("preserves inline closed function_response examples in prose", () => {
+      expectVisibleText(
+        "Use <function_response>ok</function_response> to describe the response wrapper.",
+        "Use <function_response>ok</function_response> to describe the response wrapper.",
+      );
+    });
+
     it("preserves line-leading function_response prose examples", () => {
       expectVisibleText(
         "<function_response> is the response wrapper.",
@@ -589,6 +611,142 @@ describe("stripToolCallXmlTags", () => {
       "prefix  suffix",
     );
   });
+
+  it("strips function_response adjacent to an opt-in stripped function_calls block", () => {
+    const input = [
+      '<function_calls><invoke name="exec">internal</invoke></function_calls><function_response>',
+      'Searching for: "what skills matter most in the age of AI"',
+      "</function_response>",
+      "After",
+    ].join("\n");
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe("\nAfter");
+  });
+
+  it("strips function_response adjacent to an inline stripped function_calls block", () => {
+    const input = [
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>',
+      'Searching for: "what skills matter most in the age of AI"',
+      "</function_response>",
+      "After",
+    ].join("\n");
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe(
+      "Checking. \nAfter",
+    );
+  });
+
+  it("strips compact function_response after a newline-separated stripped function_calls block", () => {
+    const input = [
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls>',
+      "<function_response>ok</function_response>",
+      "After",
+    ].join("\n");
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe(
+      "Checking. \n\nAfter",
+    );
+  });
+
+  it("strips dangling function_response adjacent to a stripped function_calls block", () => {
+    const input = [
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>',
+      'Searching for: "what skills matter most in the age of AI"',
+    ].join("\n");
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe("Checking. ");
+  });
+
+  it("strips compact dangling function_response adjacent to a stripped function_calls block", () => {
+    const input =
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>raw output';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe("Checking. ");
+  });
+
+  it("strips same-line function_response payloads with leading spaces", () => {
+    const input =
+      '<function_calls><invoke name="exec">internal</invoke></function_calls><function_response> raw output</function_response>\nAfter';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe("\nAfter");
+  });
+
+  it("strips same-line function_response payloads that start like prose", () => {
+    const input =
+      '<function_calls><invoke name="exec">internal</invoke></function_calls><function_response> is enabled</function_response>\nAfter';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe("\nAfter");
+  });
+
+  it("strips dangling same-line function_response payloads with leading spaces", () => {
+    const input =
+      '<function_calls><invoke name="exec">internal</invoke></function_calls><function_response> raw output';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe("");
+  });
+
+  it("strips function_response-looking prose adjacent to a stripped tool-call block", () => {
+    const input =
+      '<tool_call>{"name":"exec"}</tool_call>\n\n<function_response> is the response wrapper.';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe("\n\n");
+  });
+
+  it("strips closed function_response-looking prose adjacent to a stripped tool-call block", () => {
+    const input =
+      '<tool_call>{"name":"exec"}</tool_call>\n<function_response> is the response wrapper; close it with </function_response>.';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe("\n.");
+  });
+
+  it("strips adjacent function_response payloads that match explanation wording", () => {
+    const input =
+      '<function_calls><invoke name="exec">internal</invoke></function_calls><function_response> response wrapper secret</function_response>\nAfter';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe("\nAfter");
+  });
+
+  it("strips compact function_response wrappers while preserving same-line prose tails", () => {
+    const input =
+      '<tool_call>{"name":"exec"}</tool_call>\n\n<function_response>ok</function_response> is the response wrapper.';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe(
+      "\n\n is the response wrapper.",
+    );
+  });
+
+  it("strips chained function_response blocks adjacent to a stripped function_calls block", () => {
+    const input = [
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>',
+      "first result",
+      "</function_response><function_response>",
+      "second result",
+      "</function_response>",
+      "After",
+    ].join("\n");
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe(
+      "Checking. \nAfter",
+    );
+  });
+
+  it("strips compact chained function_response blocks adjacent to a stripped function_calls block", () => {
+    const input =
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>first</function_response><function_response>second</function_response>\nAfter';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe(
+      "Checking. \nAfter",
+    );
+  });
+
+  it("strips compact function_response before same-line visible replies", () => {
+    const input =
+      'Checking. <function_calls><invoke name="exec">internal</invoke></function_calls><function_response>raw</function_response> Done.';
+
+    expect(stripToolCallXmlTags(input, { stripFunctionCallsXmlPayloads: true })).toBe(
+      "Checking.  Done.",
+    );
+  });
 });
 
 describe("stripMinimaxToolCallXml", () => {
diff --git a/src/shared/text/assistant-visible-text.ts b/src/shared/text/assistant-visible-text.ts
