fix(qqbot): sanitize outbound text to strip reasoning/thinking content

[openperf]

Summary

• Problem: After upgrading to OpenClaw 2026.5.28, QQBot users see raw model reasoning/thinking text (e.g. <thinking>…</thinking> blocks) in QQBot replies when using MiniMax-M3 with explicit thinking enabled via the anthropic-messages API.
• Root Cause: extensions/qqbot/src/channel.ts outbound descriptor has no sanitizeText hook. The shared delivery layer (src/infra/outbound/deliver.ts:791) only invokes the reasoning/scaffolding sanitizer when the channel provides one. Without it, any reasoning content that surfaces as tagged text in the reply passes through raw to senderSendText. The MiniMax thinking-disabled wrapper (stream-wrappers/minimax.ts:67) skips its override when thinking is already explicitly set by the user — so MiniMax can still emit reasoning content when thinking is explicitly configured.
• Fix: Wire sanitizeAssistantVisibleText (the canonical "delivery"-profile sanitizer) as QQBot's sanitizeText hook. This strips <thinking>, <think>, <thought>, <antthinking> tags, tool-call scaffolding, and internal trace lines before native platform send — the same pattern already used by Discord, iMessage, SMS, WhatsApp, IRC, and GoogleChat.
• What changed: extensions/qqbot/src/channel.ts — one import from openclaw/plugin-sdk/text-chunking and one sanitizeText field in the outbound descriptor. extensions/qqbot/src/channel.message-adapter.test.ts — regression test verifying <thinking> and <think> tag stripping end-to-end through the hook.
• What did NOT change (scope boundary): No config surface (no schema, defaults, doctor migrations, or docs/reference/config). No plugin surface (no plugin SDK, manifest, extensions/* api/runtime-api, registry/loader). Delivery mode, chunking, textChunkLimit, and all other outbound fields are unchanged.

Reproduction

1. Configure MiniMax-M3 (minimax/MiniMax-M3) via anthropic-messages API with explicit thinking enabled.
2. Send a message via QQBot DM or group.
3. Observe the reply in the QQBot client.
4. Before this PR: Reply contains raw <thinking>…</thinking> reasoning content alongside the final answer — internal model narration is visible to users.
5. After this PR: Only the final answer text is delivered; sanitizeAssistantVisibleText strips the reasoning block before platform send.

Real behavior proof

Behavior addressed (#89913): QQBot users receiving raw <thinking> reasoning/thinking content in channel replies after upgrading to 2026.5.28, regression of prior reasoning-stripping behavior (#6470).

Real environment tested (Linux, Node 22, Vitest against production delivery-layer and sanitizer functions): extensions/qqbot/src/channel.ts outbound descriptor verified at channel.ts:252 — no sanitizeText field pre-patch. src/infra/outbound/deliver.ts:791 confirmed: sanitizer is only invoked when handler.sanitizeText is set. src/plugin-sdk/text-chunking.ts exports sanitizeAssistantVisibleText from src/shared/text/assistant-visible-text.ts "delivery" profile, which calls stripReasoningTagsFromText with reasoningMode: "strict". Sibling channel pattern confirmed in extensions/discord/src/outbound-adapter.ts:114, extensions/imessage/src/channel.ts:333, extensions/sms/src/channel.ts:326.

Exact steps or command run after this patch: node scripts/run-vitest.mjs extensions/qqbot/src/channel.message-adapter.test.ts; node scripts/run-oxlint.mjs extensions/qqbot/src/channel.ts extensions/qqbot/src/channel.message-adapter.test.ts; pnpm format:check.

Evidence after fix:

 Test Files  1 passed (1)
      Tests  2 passed (2)

New strips reasoning/thinking tags before delivery test covers <thinking> and <think> stripping end-to-end through the outbound sanitizeText hook.

Observed result after fix: sanitizeText({ text: "<thinking>internal reasoning</thinking>final answer", payload: { text: ... } }) returns "final answer"; plain text without tags passes through unchanged.

What was not tested: Live QQBot + MiniMax-M3 end-to-end delivery on a real Tencent QQBot account (no test credentials available in this read-only source review). The delivery hook, sanitizer pipeline, and reasoning-tag stripping are covered deterministically against the production functions.

Repro confirmation: The regression test fails before the patch (expect(sanitize).toBeDefined() fails because no sanitizeText field exists) and passes with the patch, confirming the production change is what makes the test pass.

Risk / Mitigation

• Risk: Sanitizer could accidentally strip non-reasoning content. Mitigation: sanitizeAssistantVisibleText "delivery" profile uses reasoningMode: "strict" — only strips content strictly enclosed in <thinking>, <think>, <thought>, <antthinking> tags; normal prose passes through unchanged.
• Risk: QQBot-specific content formatting could be altered. Mitigation: The sanitizer does not convert HTML or reformat markdown; it strips only model reasoning tags and internal scaffolding — QQBot's native markdown rendering is preserved.

Change Type (select all)

• Bug fix

Scope (select all touched areas)

• extensions/qqbot

Linked Issue/PR

Fixes #89913

[clawsweeper]

Codex review: passed. Reviewed June 5, 2026, 2:56 AM ET / 06:56 UTC.

Summary
Adds QQBot outbound sanitizeText wired to sanitizeAssistantVisibleText plus a regression test for stripping <thinking> and <think> blocks.

PR surface: Source +2, Tests +19. Total +21 across 2 files.

Reproducibility: yes. source-reproducible: current main QQBot outbound lacks sanitizeText, and shared delivery only invokes channel text sanitization when that hook exists. I did not run a live Tencent QQBot plus MiniMax reproduction.

Review metrics: none identified.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🌊 off-meta tidepool
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] Live Tencent QQBot plus MiniMax-M3 delivery was not exercised here; confidence comes from source tracing and deterministic production-function test proof.

Maintainer options:

1. Decide the mitigation before merge
   Land the bounded QQBot-owned sanitizer hook if exact-head checks stay green; keep any broader default-sanitizer policy discussion separate from this channel regression fix.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P2] No repair job is needed; this automerge-opted PR has no actionable review findings, so exact-head checks and maintainer merge policy should decide landing.

Security
Cleared: The diff adds no dependency, workflow, credential, or supply-chain surface and improves the privacy boundary by removing hidden reasoning text before QQBot delivery.

Review details

Best possible solution:

Land the bounded QQBot-owned sanitizer hook if exact-head checks stay green; keep any broader default-sanitizer policy discussion separate from this channel regression fix.

Do we have a high-confidence way to reproduce the issue?

Yes, source-reproducible: current main QQBot outbound lacks sanitizeText, and shared delivery only invokes channel text sanitization when that hook exists. I did not run a live Tencent QQBot plus MiniMax reproduction.

Is this the best way to solve the issue?

Yes, this is the best bounded fix for this PR: channel-owned sanitization matches the existing outbound contract and sibling-channel pattern without adding a new core fallback or config surface.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 560b77a4aff7.

Label changes

Label justifications:

• P1: The PR addresses a reported user-visible reasoning/thinking leak in QQBot replies, which is an urgent channel privacy and message-content regression.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🌊 off-meta tidepool and patch quality is 🦞 diamond lobster.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Not applicable: The PR author association is MEMBER, so the external-contributor real-behavior-proof gate does not apply; the PR body includes deterministic production-function proof but no live Tencent QQBot run.

Evidence reviewed

PR surface:

Source +2, Tests +19. Total +21 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	1	2	0	+2
Tests	1	19	0	+19
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	21	0	+21

What I checked:

• PR diff applies the hook at the QQBot outbound boundary: The PR head imports sanitizeAssistantVisibleText and sets qqbotPlugin.outbound.sanitizeText before sendText, so shared delivery can sanitize QQBot text before native send. (extensions/qqbot/src/channel.ts:257, 17cf140183e8)
• Regression test covers the new hook: The PR head test asserts the QQBot outbound sanitizer exists, strips <thinking> and <think> blocks, and preserves ordinary text. (extensions/qqbot/src/channel.message-adapter.test.ts:6, 17cf140183e8)
• Current delivery only uses channel sanitizer when provided: Current main calls handler.sanitizeText only when the outbound handler exposes it, which explains why QQBot needed its own hook. (src/infra/outbound/deliver.ts:795, 560b77a4aff7)
• Sanitizer contract strips reasoning tags in delivery profile: sanitizeAssistantVisibleText uses the delivery profile, which runs strict reasoning-tag stripping and internal scaffolding cleanup before final trim. (src/shared/text/assistant-visible-text.ts:824, 560b77a4aff7)
• QQBot media-tag contract remains source-preserved: QQBot sendText normalizes and parses private <qqimg>, <qqvoice>, <qqvideo>, <qqfile>, and <qqmedia> tags after delivery, while the sanitizer reasoning tag matcher only targets thinking/final tags and tool-call scaffolding. (extensions/qqbot/src/engine/messaging/outbound.ts:134, 560b77a4aff7)
• History/provenance check: Available blame/log history ties the central QQBot outbound and delivery files in this checkout to commit d23558e; the PR patch itself is commits 9160990 and 17cf140. (extensions/qqbot/src/channel.ts:252, d23558e69150)

Likely related people:

• Peter Steinberger: Available blame/log history in this checkout points the current QQBot outbound descriptor, shared delivery sanitizer call site, and assistant-visible sanitizer source to the same recent current-main commit; deeper authorship is ambiguous from the available grafted history. (role: recent area contributor; confidence: low; commits: d23558e69150; files: extensions/qqbot/src/channel.ts, extensions/qqbot/src/engine/messaging/outbound.ts, src/infra/outbound/deliver.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=17cf140183e84fbca47325746dea3afa2005b6d3)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-06-05T06:57:17Z
Merge commit: 1a3ce7c2a8da

What merged:

• Adds QQBot outbound sanitizeText wired to sanitizeAssistantVisibleText plus a regression test for stripping <thinking> and <think> blocks.
• PR surface: Source +2, Tests +19. Total +21 across 2 files.
• Reproducibility: yes. source-reproducible: current main QQBot outbound lacks sanitizeText, and shared deli ... nnel text sanitization when that hook exists. I did not run a live Tencent QQBot plus MiniMax reproduction.

Automerge notes:

• PR branch already contained follow-up commit before automerge: fix(qqbot): add curly braces for eslint(curly) compliance

The automerge loop is complete.

Automerge progress:

• 2026-06-05 03:42:33 UTC review queued 17cf140183e8 (queued)

• 2026-06-05 06:57:00 UTC review passed 17cf140183e8 (structured ClawSweeper verdict: pass (sha=17cf140183e84fbca47325746dea3afa2005b...)

• 2026-06-05 03:27:04 UTC repair queued 17cf140183e8 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26993498793

• 2026-06-05 03:28:45 UTC repair started (running) in 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26993498793 automerge-openclaw-openclaw-90132

• 2026-06-05 03:29:03 UTC validation plan (passed) in 19s Run: https://github.com/openclaw/clawsweeper/actions/runs/26993498793 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-06-05 03:29:12 UTC Codex write preflight (passed) in 27s Run: https://github.com/openclaw/clawsweeper/actions/runs/26993498793 danger-full-access

• 2026-06-05 03:33:14 UTC Codex edit 1 9b5e5c233f6d (complete) in 4m 29s Run: https://github.com/openclaw/clawsweeper/actions/runs/26993498793 exit 0

• 2026-06-05 03:33:15 UTC validation and review 1 4d557f179ad5 (running) in 4m 31s Run: https://github.com/openclaw/clawsweeper/actions/runs/26993498793 repair

• 2026-06-05 04:07:17 UTC repair completed (no branch change) in 38m 33s Run: https://github.com/openclaw/clawsweeper/actions/runs/26993498793 Codex /review timed out after 128679ms

• 2026-06-05 04:07:19 UTC repair finished (blocked) in 38m 35s Run: https://github.com/openclaw/clawsweeper/actions/runs/26993498793 Codex /review timed out after 128679ms

• 2026-06-05 06:49:58 UTC review queued 17cf140183e8 (queued)

• 2026-06-05 06:57:20 UTC merged 17cf140183e8 (merged by ClawSweeper automerge)