From 27f63781f4b5ac928efa17752e907118bd1068c3 Mon Sep 17 00:00:00 2001 From: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> Date: Wed, 6 May 2026 16:23:24 +1000 Subject: [PATCH] fix: sanitize before-agent block observability --- docs/plugins/hooks.md | 6 ++++-- src/agents/pi-embedded-runner/run/attempt.ts | 4 +--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/plugins/hooks.md b/docs/plugins/hooks.md index c007c5eaf0e..f72d21ea65c 100644 --- a/docs/plugins/hooks.md +++ b/docs/plugins/hooks.md @@ -244,8 +244,10 @@ to stop the run before the model can read the prompt. `reason` is internal; When a run is blocked, OpenClaw stores only the replacement text in `message.content` plus non-sensitive block metadata such as the blocking plugin id and timestamp. The original user text is not retained in transcript or future -context. The internal block reason remains logging/diagnostics-only and is not -stored in transcript or history metadata. +context. Internal block reasons are treated as sensitive and excluded from +transcript, history, broadcast, log, and diagnostics payloads. Observability +should use sanitized fields such as blocker id, outcome, timestamp, or a safe +category. `before_agent_start` and `agent_end` include `event.runId` when OpenClaw can identify the active run. The same value is also available on `ctx.runId`. diff --git a/src/agents/pi-embedded-runner/run/attempt.ts b/src/agents/pi-embedded-runner/run/attempt.ts index aa35f667067..a4962d14e6e 100644 --- a/src/agents/pi-embedded-runner/run/attempt.ts +++ b/src/agents/pi-embedded-runner/run/attempt.ts @@ -2882,9 +2882,7 @@ export async function runEmbeddedAttempt( const blockReplacementMsg = resolveBlockMessage(beforeRunDecision, { blockedBy: beforeRunPluginId, }); - log.warn( - `before_agent_run hook blocked by ${beforeRunPluginId}: ${beforeRunDecision.reason}`, - ); + log.warn(`before_agent_run hook blocked by ${beforeRunPluginId}`); await persistBlockedBeforeAgentRun({ message: blockReplacementMsg, pluginId: beforeRunPluginId,