fix: gate Telegram exec tool warnings behind verbose mode

[obviyus]

Summary

• Problem: Telegram users can see raw exec tool failure warnings (including command context) during normal runs.
• Why it matters: leaks internal tool details into end-user chats; noisy and unsafe by default.
• What changed: gate exec/bash tool-error warnings behind verbose mode (on|full) and ignore non-error status values like 0/ok/completed/running when extracting tool error text.
• What did NOT change (scope boundary): non-exec mutating warnings (e.g. write) still surface as before.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Fixes Telegram: Exec tool output leaks to chat during active agent turn (streamMode partial preview) #19912
• Related Sub-agent exec failures leak to parent session Telegram channel despite suppressToolErrors + notifyOnExit:false #19894

User-visible / Behavior Changes

• Default (verbose=off): exec/bash failure warnings are suppressed from user-visible payloads.
• Verbose (verbose=on|full): exec/bash failure warnings remain visible.
• Tool error extraction no longer treats success-like status values (0, ok, completed, running) as error text.

Security Impact (required)

• New permissions/capabilities? (No)
• Secrets/tokens handling changed? (No)
• New/changed network calls? (No)
• Command/tool execution surface changed? (No)
• Data access scope changed? (No)
• If any Yes, explain risk + mitigation:

Repro + Verification

Environment

• OS: macOS
• Runtime/container: local dev
• Model/provider: n/a (unit tests)
• Integration/channel (if any): Telegram dispatch path covered by tests
• Relevant config (redacted): verbose mode off vs on

Steps

1. Build payloads with lastToolError.toolName="exec", verbose off.
2. Build payloads with same error, verbose on.
3. Extract error message from { details: { status: "0" } } and from { details: { status: "failed" } }.

Expected

• Step 1: no user-facing warning payload.
• Step 2: warning payload exists.
• Step 3: "0" ignored, "failed" preserved.

Actual

• Matches expected in added tests.

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

• Verified scenarios: new unit tests + existing Telegram dispatch test.
• Edge cases checked: non-exec mutating warning (write) still visible; status-based false-positive error text removed.
• What you did not verify: live Telegram end-to-end against a real bot token.

Compatibility / Migration

• Backward compatible? (Yes)
• Config/env changes? (No)
• Migration needed? (No)
• If yes, exact upgrade steps:

Failure Recovery (if this breaks)

• How to disable/revert this change quickly: revert this PR commit.
• Files/config to restore: src/agents/pi-embedded-runner/run/payloads.ts, src/agents/pi-embedded-subscribe.tools.ts.
• Known bad symptoms reviewers should watch for: missing exec warnings in verbose mode (regression), or failed: 0 style warnings returning.

Risks and Mitigations

• Risk: users may miss exec failures in non-verbose mode if assistant text is empty.
  • Mitigation: behavior remains explicit in verbose mode; non-exec mutating tool warnings unchanged.

Greptile Summary

Gated exec/bash tool warnings behind verbose mode to prevent leaking internal command details to Telegram users, while filtering out false-positive error statuses like 0 or completed.

Key changes:

• exec and bash tool errors now suppressed in default mode, visible only when verbose=on|full
• Non-exec mutating tools (e.g. write) continue showing warnings regardless of verbose mode
• Status values like 0, ok, success, completed, running no longer treated as errors
• Comprehensive test coverage added for both gating logic and status filtering

Confidence Score: 5/5

• Safe to merge with no significant risks
• Well-scoped bug fix with thorough test coverage, clear behavioral boundaries, and no breaking changes. Logic correctly distinguishes between exec/bash tools (gated) and other mutating tools (always visible), with proper status filtering to avoid false positives.
• No files require special attention

_{Last reviewed commit: a68b696}

[obviyus]

Merged via squash.

• Prepared head SHA: 7ce9493
• Merge commit: 6b05916