Leaked truncation sentinels (`...(truncated)...` / `[..., N more characters truncated]`) can appear in final assistant replies

[xiao398008]

Summary

OpenClaw can leak internal truncation sentinel text into the final user-facing assistant reply, especially strings like:

• ...(truncated)...
• [... N more characters truncated]

These appear to come from tool/transcript truncation or UI/log truncation, but they are not consistently removed before the final assistant text is shown to the user.

---

Observed behavior

In some conversations, final assistant replies include raw truncation markers such as:

• ...(truncated)...
• [... N more characters truncated]

These markers look like internal tool/runtime/UI placeholders rather than user-intended content.

This is especially confusing because the assistant reply chain can end up treating those placeholders as if they were part of the semantic conversation.

---

Relevant code facts

1. Tool transcript truncation explicitly injects ...(truncated)...

In dist/run-attempt-DValQTsj.js:

• TOOL_TRANSCRIPT_OUTPUT_MAX_CHARS = 12e3
• truncateToolTranscriptText(text) returns:
  • original text if short enough
  • otherwise:

    `${text.slice(0, TOOL_TRANSCRIPT_OUTPUT_MAX_CHARS)}

...(truncated)...`
```

Also in the same file, createToolResultMessage(params) writes that text into the transcript-facing tool result message:

const text = truncateToolTranscriptText(params.text?.trim() || toolResultStatusText(params));
...
content: text,
text

So the transcript/message layer can contain the literal sentinel ...(truncated)....

2. Final user-facing sanitization already strips some internal placeholders, but not truncation sentinels

In dist/sanitize-user-facing-text-BPNxpMKx.js, sanitizeUserFacingText() already strips several internal-only artifacts, including:

• final tags
• internal runtime context
• inbound metadata
• tool-call XML / legacy tool-call blocks
• [tool calls omitted] placeholder lines

However, there is no equivalent stripping rule for:

• ...(truncated)...
• [... N more characters truncated]
• similar truncation placeholder lines

This suggests the final sanitization layer is missing a guard for truncation sentinels.

---

Suspected root cause

There seems to be a mismatch between:

1. producer-side truncation behavior
   • tool transcript generation appends ...(truncated)...
   • some UI/log/tool outputs may produce [... N more characters truncated]

and

2. consumer-side final text sanitization
   • current sanitization removes several internal placeholders
   • but does not remove truncation sentinels before user-visible final text is emitted

As a result, truncation placeholders can travel through the transcript/reply chain and show up in the final assistant message.

---

Impact

• Degrades reply quality and professionalism
• Exposes internal implementation details to end users
• Can pollute downstream reasoning/context if later turns treat those markers as normal text
• May affect more than one source path:
  • Codex tool transcript truncation
  • UI/log truncation placeholders
  • possibly other text aggregation paths

---

Suggested fix direction

Recommended minimal hotfix

Add truncation-sentinel stripping to sanitizeUserFacingText() in dist/sanitize-user-facing-text-BPNxpMKx.js, similar to the existing [tool calls omitted] handling.

Recommended behavior:

• remove truncation placeholders only when they appear as:
  • a standalone line, or
  • a trailing standalone block at the end of the message

Target patterns:

• ...(truncated)...
• [... N more characters truncated]
• optionally ...<truncated>

This keeps the fix narrow and reduces false positives, because it will not remove normal prose ellipses.

Narrower alternative

Instead of (or in addition to) final sanitization, remove the sentinel at the producer side in run-attempt-DValQTsj.js, for example by:

• changing truncateToolTranscriptText() to truncate without appending ...(truncated)..., or
• stripping that sentinel inside createToolResultMessage() before storing transcript-visible tool result text

However, this would only fix one source path and would not catch other truncation placeholders like [... N more characters truncated].

---

Why this is likely the right minimal fix

The final sanitization layer is already the central place where internal-only artifacts are removed from user-visible text. Truncation sentinels are the same category of artifact, so adding them there is consistent with the existing architecture and provides a broader safety net.

---

Repro hints

A likely repro path is:

1. Trigger a tool result large enough to exceed tool transcript limits
2. Let the tool transcript contain ...(truncated)...
3. Continue the conversation or generate a final assistant reply that aggregates or reflects transcript text
4. Observe the truncation marker appear in the final user-facing reply

A second repro path may involve any UI/log/tool path that injects:

• [... N more characters truncated]

and then lets that text flow into assistant-visible content without final sanitization.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open. Current main still has producer paths that generate both truncation marker families, while the central user-facing sanitizer strips other internal placeholders but has no rule for truncation sentinels; targeted GitHub search did not find an exact merged fix or canonical duplicate.

Reproducibility: Do we have a high-confidence way to reproduce the issue? Yes at source level: call sanitizeUserFacingText with a standalone ...(truncated)... or [... 123 more characters truncated] line and current main has no rule that can remove it, while producer paths generate both marker families.

Next step
This is a narrow source-reproducible sanitizer gap with clear files, tests, and no product/config decision.

Review details

Best possible solution:

Add a narrow source-level sanitizer rule for standalone/trailing truncation sentinel lines, with regression tests that preserve inline mentions and code examples.

Do we have a high-confidence way to reproduce the issue?

Do we have a high-confidence way to reproduce the issue? Yes at source level: call sanitizeUserFacingText with a standalone ...(truncated)... or [... 123 more characters truncated] line and current main has no rule that can remove it, while producer paths generate both marker families.

Is this the best way to solve the issue?

Is this the best way to solve the issue? Yes: extending src/agents/pi-embedded-helpers/sanitize-user-facing-text.ts is the narrowest maintainable boundary because final reply extraction already routes through that sanitizer; editing generated dist output or removing transcript markers at the producer would be less complete.

Acceptance criteria:

• node scripts/run-vitest.mjs run src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts
• node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.core.test.agents.json --noEmit
• git diff --check

What I checked:

• Final assistant text uses the central sanitizer: Final assistant extraction calls sanitizeUserFacingText before returning visible assistant text, so this sanitizer is on the reported user-facing path. (src/agents/pi-embedded-utils.ts:37, b2dfa9887734)
• Sanitizer strips other internal placeholders but not truncation sentinels: The sanitizer removes final tags, internal runtime context, tool-call XML, legacy tool blocks, and standalone [tool calls omitted] lines; a focused rg found no truncated or more characters truncated handling in the sanitizer or its test file. (src/agents/pi-embedded-helpers/sanitize-user-facing-text.ts:402, b2dfa9887734)
• Codex transcript producer appends the literal marker: createToolResultMessage stores the output of truncateToolTranscriptText in tool result content/text, and truncateToolTranscriptText appends ...(truncated)... when over the limit. (extensions/codex/src/app-server/event-projector.ts:1253, b2dfa9887734)
• Count-based truncation marker is also an existing source path: The PI-style context truncation helper formats notices as [... N more characters truncated], and adjacent tests assert that exact marker family for oversized tool results. (src/agents/pi-embedded-runner/context-truncation-notice.ts:3, b2dfa9887734)
• Existing sanitizer tests cover only a different placeholder family: The current sanitizer regression coverage checks standalone [tool calls omitted] stripping and inline preservation, but not either truncation sentinel reported here. (src/agents/pi-embedded-helpers.sanitizeuserfacingtext.test.ts:211, b2dfa9887734)
• No exact duplicate or merged fix found by live search: GitHub API searches for truncation sentinels, more characters truncated sanitizeUserFacingText, and ...(truncated)... final returned this issue as the exact match; related open items like fix: remove truncated preview from inbound system events #67761 address different truncation-preview surfaces.

Likely related people:

• Peter Steinberger: Git blame and git show --stat tie the current sanitizer file, Codex event projector, and context truncation notice to bea597b2d600b88ad330a4c7b5b3a96b39b6a883. (role: recent area contributor; confidence: high; commits: bea597b2d600, b180b8ae4833; files: src/agents/pi-embedded-helpers/sanitize-user-facing-text.ts, extensions/codex/src/app-server/event-projector.ts, src/agents/pi-embedded-runner/context-truncation-notice.ts)

Remaining risk / open question:

• No end-to-end channel conversation was run, so the leak is source-reproducible rather than runtime-reproduced in a live setup.
• The fix should only remove standalone or trailing sentinel blocks so inline user-authored discussion of these strings is preserved.

Codex review notes: model gpt-5.5, reasoning high; reviewed against b2dfa9887734.