docs: refresh session recall sanitization mirrors

docs/concepts/delegate-architecture.md

@@ -284,9 +284,10 @@ The delegate's `AGENTS.md` defines its autonomous authority — what it may do w
 
 If you grant `sessions_history`, remember it is a bounded, safety-filtered
 recall view. OpenClaw redacts credential/token-like text, truncates long
-content, strips thinking tags / downgraded tool-call scaffolding / leaked model
-control tokens / malformed MiniMax tool-call XML from assistant recall, and can
-replace oversized rows with `[sessions_history omitted: message too large]`
+content, strips thinking tags / `<relevant-memories>` scaffolding / plain-text
+tool-call XML payloads / downgraded tool-call scaffolding / leaked model
+control tokens / malformed MiniMax tool-call XML from assistant recall, and
+can replace oversized rows with `[sessions_history omitted: message too large]`
 instead of returning a raw transcript dump.
 
 ## Scaling pattern

docs/concepts/multi-agent.md

@@ -25,8 +25,9 @@ Auth profiles are **per-agent**. Each agent reads from its own:
 
 `sessions_history` is the safer cross-session recall path here too: it returns
 a bounded, sanitized view, not a raw transcript dump. Assistant recall strips
-thinking tags, downgraded tool-call scaffolding, leaked model control tokens,
-and malformed MiniMax tool-call XML before redaction/truncation.
+thinking tags, `<relevant-memories>` scaffolding, plain-text tool-call XML
+payloads, downgraded tool-call scaffolding, leaked model control tokens, and
+malformed MiniMax tool-call XML before redaction/truncation.
 
 Main agent credentials are **not** shared automatically. Never reuse `agentDir`
 across agents (it causes auth/session collisions). If you want to share creds,

docs/concepts/session-tool.md

@@ -32,6 +32,8 @@ The returned view is intentionally bounded and safety-filtered:
 
 - assistant text is normalized before recall:
   - thinking tags are stripped
+  - `<relevant-memories>` / `<relevant_memories>` scaffolding blocks are stripped
+  - plain-text tool-call XML payload blocks such as `<tool_call>...</tool_call>` / `<function_calls>...</function_calls>` are stripped
   - downgraded tool-call/result scaffolding such as `[Tool Call: ...]`,
     `[Tool Result ...]`, and `[Historical context ...]` is stripped
   - leaked model control tokens such as `<|assistant|>` / `<｜...｜>` are stripped

docs/tools/index.md

@@ -130,8 +130,9 @@ Use `group:*` shorthands in allow/deny lists:
 | `group:openclaw`   | All built-in OpenClaw tools (excludes plugin tools)                                                       |
 
 `sessions_history` returns a bounded, safety-filtered recall view. It strips
-thinking tags, downgraded tool-call scaffolding, leaked model control tokens,
-and malformed MiniMax tool-call XML from assistant text, then applies
+thinking tags, `<relevant-memories>` scaffolding, plain-text tool-call XML
+payloads, downgraded tool-call scaffolding, leaked model control tokens, and
+malformed MiniMax tool-call XML from assistant text, then applies
 redaction/truncation and possible oversized-row placeholders instead of acting
 as a raw transcript dump.
 

docs/tools/subagents.md

@@ -265,6 +265,8 @@ Announce payloads include a stats line at the end (even when wrapped):
 
 - assistant recall is normalized first:
   - thinking tags are stripped
+  - `<relevant-memories>` / `<relevant_memories>` scaffolding blocks are stripped
+  - plain-text tool-call XML payload blocks such as `<tool_call>...</tool_call>` / `<function_calls>...</function_calls>` are stripped
   - downgraded tool-call/result scaffolding and historical-context markers are stripped
   - leaked model control tokens such as `<|assistant|>` are stripped
   - malformed MiniMax tool-call XML is stripped